From cf94ca97f47bb81160689fd8745258a83251a1fb Mon Sep 17 00:00:00 2001 From: Seth Grover Date: Tue, 5 Mar 2024 14:28:45 -0700 Subject: [PATCH 01/79] update SHA sums for ISOs --- arkime/etc/config.ini | 2 +- docs/download.md | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/arkime/etc/config.ini b/arkime/etc/config.ini index 4cb262d09..e64928886 100644 --- a/arkime/etc/config.ini +++ b/arkime/etc/config.ini @@ -14,7 +14,7 @@ cronQueries=true dropGroup=arkime dropUser=arkime elasticsearch=http://opensearch:9200 -footerTemplate=_version_ | arkime.com 🦉 | Malc⦿lm 📄 | Dashboards 📊 | NetBox 💻 | _responseTime_ms ⏱️ +footerTemplate=_version_ | arkime.com 🦉 | Malc⦿lm 📄 | Dashboards 📊 | NetBox 💻 | _responseTime_ ⏱️ freeSpaceG=10% geoLite2ASN=/opt/arkime/etc/GeoLite2-ASN.mmdb geoLite2Country=/opt/arkime/etc/GeoLite2-Country.mmdb diff --git a/docs/download.md b/docs/download.md index c52d6c540..0a0a01a42 100644 --- a/docs/download.md +++ b/docs/download.md @@ -16,7 +16,7 @@ While official downloads of the Malcolm installer ISO are not provided, an **uno | ISO | SHA256 | |---|---| -| [malcolm-24.03.0.iso](/iso/malcolm-24.03.0.iso) (5.1GiB) | [`xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx`](/iso/malcolm-24.03.0.iso.sha256.txt) | +| [malcolm-24.03.0.iso](/iso/malcolm-24.03.0.iso) (5.1GiB) | [`f2e15167a3bed28cc6ec5af727d2eecdc5e7b58ef5325f4e1db84b8d8a2da2b5`](/iso/malcolm-24.03.0.iso.sha256.txt) | ## Hedgehog Linux @@ -26,7 +26,7 @@ While official downloads of the Malcolm installer ISO are not provided, an **uno | ISO | SHA256 | |---|---| -| [hedgehog-24.03.0.iso](/iso/hedgehog-24.03.0.iso) (2.5GiB) | [`xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx`](/iso/hedgehog-24.03.0.iso.sha256.txt) | +| [hedgehog-24.03.0.iso](/iso/hedgehog-24.03.0.iso) (2.5GiB) | [`d849ab533ea1f3c37c87f6b4064ddff31e1ac40a060d36f120b9fefe229577ae`](/iso/hedgehog-24.03.0.iso.sha256.txt) | ### Raspberry Pi 4 Image From ff3b97ac2f3fcac91d044bbd401c9e1b7c0ecbf9 Mon Sep 17 00:00:00 2001 From: SG Date: Wed, 6 Mar 2024 12:00:37 -0700 Subject: [PATCH 02/79] minute tweaks to virter scrit --- .../virter/malcolm-setup-02-clone-install.toml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/scripts/third-party-environments/virter/malcolm-setup-02-clone-install.toml b/scripts/third-party-environments/virter/malcolm-setup-02-clone-install.toml index d3c881454..a634a96bb 100644 --- a/scripts/third-party-environments/virter/malcolm-setup-02-clone-install.toml +++ b/scripts/third-party-environments/virter/malcolm-setup-02-clone-install.toml @@ -50,16 +50,19 @@ if [[ $- == *i* ]] && [[ -d ~/Malcolm ]] && [[ ! -f ~/Malcolm/.configured ]]; t python3 ./scripts/configure \ --defaults \ --restart-malcolm \ + --auto-arkime \ --auto-suricata \ --auto-zeek \ --zeek-ics \ --zeek-ics-best-guess \ --auto-oui \ --auto-freq \ - --file-extraction interesting \ + --file-extraction notcommtxt \ --file-preservation quarantined \ --extracted-file-server \ --extracted-file-server-password infected \ + --extracted-file-server-zip \ + --extracted-file-capa \ --extracted-file-clamav \ --extracted-file-yara \ --netbox \ From d50767f9cd1eceb4d82098d74f01a7fbf8acd51a Mon Sep 17 00:00:00 2001 From: SG Date: Wed, 6 Mar 2024 12:16:20 -0700 Subject: [PATCH 03/79] version bump for v24.03.1 development --- docker-compose-dev.yml | 46 +++++----- docker-compose.yml | 46 +++++----- docs/api-version.md | 2 +- docs/contributing-pcap.md | 2 +- docs/download.md | 6 +- docs/hedgehog-iso-build.md | 2 +- docs/kubernetes.md | 88 +++++++++---------- docs/malcolm-iso.md | 2 +- docs/quickstart.md | 38 ++++---- docs/ubuntu-install-example.md | 38 ++++---- kubernetes/03-opensearch.yml | 4 +- kubernetes/04-dashboards.yml | 2 +- kubernetes/05-upload.yml | 4 +- kubernetes/06-pcap-monitor.yml | 4 +- kubernetes/07-arkime.yml | 4 +- kubernetes/08-api.yml | 2 +- kubernetes/09-dashboards-helper.yml | 2 +- kubernetes/10-zeek.yml | 4 +- kubernetes/11-suricata.yml | 4 +- kubernetes/12-file-monitor.yml | 4 +- kubernetes/13-filebeat.yml | 4 +- kubernetes/14-logstash.yml | 4 +- kubernetes/15-netbox-redis.yml | 4 +- kubernetes/16-netbox-redis-cache.yml | 2 +- kubernetes/17-netbox-postgres.yml | 4 +- kubernetes/18-netbox.yml | 4 +- kubernetes/19-htadmin.yml | 4 +- kubernetes/20-pcap-capture.yml | 4 +- kubernetes/21-zeek-live.yml | 4 +- kubernetes/22-suricata-live.yml | 4 +- kubernetes/23-arkime-live.yml | 4 +- kubernetes/24-freq.yml | 2 +- kubernetes/98-nginx-proxy.yml | 4 +- .../aws/ami/packer_vars.json.example | 2 +- 34 files changed, 177 insertions(+), 177 deletions(-) diff --git a/docker-compose-dev.yml b/docker-compose-dev.yml index f2fb41ff7..4640b8a3e 100644 --- a/docker-compose-dev.yml +++ b/docker-compose-dev.yml @@ -15,7 +15,7 @@ services: build: context: . dockerfile: Dockerfiles/opensearch.Dockerfile - image: ghcr.io/idaholab/malcolm/opensearch:24.03.0 + image: ghcr.io/idaholab/malcolm/opensearch:24.03.1 # Technically the "hedgehog" profile doesn't have OpenSearch, but in that case # OPENSEARCH_PRIMARY will be set to remote, which means the container will # start but not actually run OpenSearch. It's included in both profiles to @@ -60,7 +60,7 @@ services: build: context: . dockerfile: Dockerfiles/dashboards-helper.Dockerfile - image: ghcr.io/idaholab/malcolm/dashboards-helper:24.03.0 + image: ghcr.io/idaholab/malcolm/dashboards-helper:24.03.1 profiles: ["malcolm"] logging: *default-logging restart: "no" @@ -93,7 +93,7 @@ services: build: context: . dockerfile: Dockerfiles/dashboards.Dockerfile - image: ghcr.io/idaholab/malcolm/dashboards:24.03.0 + image: ghcr.io/idaholab/malcolm/dashboards:24.03.1 profiles: ["malcolm"] logging: *default-logging restart: "no" @@ -124,7 +124,7 @@ services: build: context: . dockerfile: Dockerfiles/logstash.Dockerfile - image: ghcr.io/idaholab/malcolm/logstash-oss:24.03.0 + image: ghcr.io/idaholab/malcolm/logstash-oss:24.03.1 profiles: ["malcolm"] logging: *default-logging restart: "no" @@ -178,7 +178,7 @@ services: build: context: . dockerfile: Dockerfiles/filebeat.Dockerfile - image: ghcr.io/idaholab/malcolm/filebeat-oss:24.03.0 + image: ghcr.io/idaholab/malcolm/filebeat-oss:24.03.1 profiles: ["malcolm", "hedgehog"] logging: *default-logging restart: "no" @@ -216,7 +216,7 @@ services: build: context: . dockerfile: Dockerfiles/arkime.Dockerfile - image: ghcr.io/idaholab/malcolm/arkime:24.03.0 + image: ghcr.io/idaholab/malcolm/arkime:24.03.1 profiles: ["malcolm", "hedgehog"] logging: *default-logging restart: "no" @@ -255,7 +255,7 @@ services: build: context: . dockerfile: Dockerfiles/arkime.Dockerfile - image: ghcr.io/idaholab/malcolm/arkime:24.03.0 + image: ghcr.io/idaholab/malcolm/arkime:24.03.1 profiles: ["malcolm", "hedgehog"] logging: *default-logging restart: "no" @@ -294,7 +294,7 @@ services: build: context: . dockerfile: Dockerfiles/zeek.Dockerfile - image: ghcr.io/idaholab/malcolm/zeek:24.03.0 + image: ghcr.io/idaholab/malcolm/zeek:24.03.1 profiles: ["malcolm", "hedgehog"] logging: *default-logging restart: "no" @@ -330,7 +330,7 @@ services: build: context: . dockerfile: Dockerfiles/zeek.Dockerfile - image: ghcr.io/idaholab/malcolm/zeek:24.03.0 + image: ghcr.io/idaholab/malcolm/zeek:24.03.1 profiles: ["malcolm", "hedgehog"] logging: *default-logging restart: "no" @@ -362,7 +362,7 @@ services: build: context: . dockerfile: Dockerfiles/suricata.Dockerfile - image: ghcr.io/idaholab/malcolm/suricata:24.03.0 + image: ghcr.io/idaholab/malcolm/suricata:24.03.1 profiles: ["malcolm", "hedgehog"] logging: *default-logging restart: "no" @@ -393,7 +393,7 @@ services: build: context: . dockerfile: Dockerfiles/suricata.Dockerfile - image: ghcr.io/idaholab/malcolm/suricata:24.03.0 + image: ghcr.io/idaholab/malcolm/suricata:24.03.1 profiles: ["malcolm", "hedgehog"] logging: *default-logging restart: "no" @@ -426,7 +426,7 @@ services: build: context: . dockerfile: Dockerfiles/file-monitor.Dockerfile - image: ghcr.io/idaholab/malcolm/file-monitor:24.03.0 + image: ghcr.io/idaholab/malcolm/file-monitor:24.03.1 profiles: ["malcolm", "hedgehog"] logging: *default-logging restart: "no" @@ -458,7 +458,7 @@ services: build: context: . dockerfile: Dockerfiles/pcap-capture.Dockerfile - image: ghcr.io/idaholab/malcolm/pcap-capture:24.03.0 + image: ghcr.io/idaholab/malcolm/pcap-capture:24.03.1 profiles: ["malcolm", "hedgehog"] logging: *default-logging restart: "no" @@ -490,7 +490,7 @@ services: build: context: . dockerfile: Dockerfiles/pcap-monitor.Dockerfile - image: ghcr.io/idaholab/malcolm/pcap-monitor:24.03.0 + image: ghcr.io/idaholab/malcolm/pcap-monitor:24.03.1 profiles: ["malcolm", "hedgehog"] logging: *default-logging restart: "no" @@ -521,7 +521,7 @@ services: build: context: . dockerfile: Dockerfiles/file-upload.Dockerfile - image: ghcr.io/idaholab/malcolm/file-upload:24.03.0 + image: ghcr.io/idaholab/malcolm/file-upload:24.03.1 profiles: ["malcolm"] logging: *default-logging restart: "no" @@ -548,7 +548,7 @@ services: retries: 3 start_period: 60s htadmin: - image: ghcr.io/idaholab/malcolm/htadmin:24.03.0 + image: ghcr.io/idaholab/malcolm/htadmin:24.03.1 profiles: ["malcolm"] logging: *default-logging build: @@ -578,7 +578,7 @@ services: retries: 3 start_period: 60s freq: - image: ghcr.io/idaholab/malcolm/freq:24.03.0 + image: ghcr.io/idaholab/malcolm/freq:24.03.1 profiles: ["malcolm"] logging: *default-logging build: @@ -605,7 +605,7 @@ services: retries: 3 start_period: 60s netbox: - image: ghcr.io/idaholab/malcolm/netbox:24.03.0 + image: ghcr.io/idaholab/malcolm/netbox:24.03.1 profiles: ["malcolm"] logging: *default-logging build: @@ -642,7 +642,7 @@ services: retries: 3 start_period: 120s netbox-postgres: - image: ghcr.io/idaholab/malcolm/postgresql:24.03.0 + image: ghcr.io/idaholab/malcolm/postgresql:24.03.1 profiles: ["malcolm"] logging: *default-logging build: @@ -671,7 +671,7 @@ services: retries: 3 start_period: 45s netbox-redis: - image: ghcr.io/idaholab/malcolm/redis:24.03.0 + image: ghcr.io/idaholab/malcolm/redis:24.03.1 profiles: ["malcolm"] logging: *default-logging build: @@ -704,7 +704,7 @@ services: retries: 3 start_period: 45s netbox-redis-cache: - image: ghcr.io/idaholab/malcolm/redis:24.03.0 + image: ghcr.io/idaholab/malcolm/redis:24.03.1 profiles: ["malcolm"] logging: *default-logging build: @@ -736,7 +736,7 @@ services: retries: 3 start_period: 45s api: - image: ghcr.io/idaholab/malcolm/api:24.03.0 + image: ghcr.io/idaholab/malcolm/api:24.03.1 profiles: ["malcolm"] logging: *default-logging build: @@ -769,7 +769,7 @@ services: build: context: . dockerfile: Dockerfiles/nginx.Dockerfile - image: ghcr.io/idaholab/malcolm/nginx-proxy:24.03.0 + image: ghcr.io/idaholab/malcolm/nginx-proxy:24.03.1 profiles: ["malcolm"] logging: *default-logging restart: "no" diff --git a/docker-compose.yml b/docker-compose.yml index 51077bea9..c90d9eff9 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -12,7 +12,7 @@ x-logging: services: opensearch: - image: ghcr.io/idaholab/malcolm/opensearch:24.03.0 + image: ghcr.io/idaholab/malcolm/opensearch:24.03.1 # Technically the "hedgehog" profile doesn't have OpenSearch, but in that case # OPENSEARCH_PRIMARY will be set to remote, which means the container will # start but not actually run OpenSearch. It's included in both profiles to @@ -54,7 +54,7 @@ services: retries: 3 start_period: 180s dashboards-helper: - image: ghcr.io/idaholab/malcolm/dashboards-helper:24.03.0 + image: ghcr.io/idaholab/malcolm/dashboards-helper:24.03.1 profiles: ["malcolm"] logging: *default-logging restart: "no" @@ -84,7 +84,7 @@ services: retries: 3 start_period: 30s dashboards: - image: ghcr.io/idaholab/malcolm/dashboards:24.03.0 + image: ghcr.io/idaholab/malcolm/dashboards:24.03.1 profiles: ["malcolm"] logging: *default-logging restart: "no" @@ -112,7 +112,7 @@ services: retries: 3 start_period: 210s logstash: - image: ghcr.io/idaholab/malcolm/logstash-oss:24.03.0 + image: ghcr.io/idaholab/malcolm/logstash-oss:24.03.1 profiles: ["malcolm"] logging: *default-logging restart: "no" @@ -159,7 +159,7 @@ services: retries: 3 start_period: 600s filebeat: - image: ghcr.io/idaholab/malcolm/filebeat-oss:24.03.0 + image: ghcr.io/idaholab/malcolm/filebeat-oss:24.03.1 profiles: ["malcolm", "hedgehog"] logging: *default-logging restart: "no" @@ -194,7 +194,7 @@ services: retries: 3 start_period: 60s arkime: - image: ghcr.io/idaholab/malcolm/arkime:24.03.0 + image: ghcr.io/idaholab/malcolm/arkime:24.03.1 profiles: ["malcolm", "hedgehog"] logging: *default-logging restart: "no" @@ -228,7 +228,7 @@ services: retries: 3 start_period: 210s arkime-live: - image: ghcr.io/idaholab/malcolm/arkime:24.03.0 + image: ghcr.io/idaholab/malcolm/arkime:24.03.1 profiles: ["malcolm", "hedgehog"] logging: *default-logging restart: "no" @@ -261,7 +261,7 @@ services: - ./arkime/rules:/opt/arkime/rules:ro - ./pcap:/data/pcap zeek: - image: ghcr.io/idaholab/malcolm/zeek:24.03.0 + image: ghcr.io/idaholab/malcolm/zeek:24.03.1 profiles: ["malcolm", "hedgehog"] logging: *default-logging restart: "no" @@ -293,7 +293,7 @@ services: retries: 3 start_period: 60s zeek-live: - image: ghcr.io/idaholab/malcolm/zeek:24.03.0 + image: ghcr.io/idaholab/malcolm/zeek:24.03.1 profiles: ["malcolm", "hedgehog"] logging: *default-logging restart: "no" @@ -321,7 +321,7 @@ services: - ./zeek/intel:/opt/zeek/share/zeek/site/intel - ./zeek/custom:/opt/zeek/share/zeek/site/custom:ro suricata: - image: ghcr.io/idaholab/malcolm/suricata:24.03.0 + image: ghcr.io/idaholab/malcolm/suricata:24.03.1 profiles: ["malcolm", "hedgehog"] logging: *default-logging restart: "no" @@ -349,7 +349,7 @@ services: retries: 3 start_period: 120s suricata-live: - image: ghcr.io/idaholab/malcolm/suricata:24.03.0 + image: ghcr.io/idaholab/malcolm/suricata:24.03.1 profiles: ["malcolm", "hedgehog"] logging: *default-logging restart: "no" @@ -379,7 +379,7 @@ services: - ./suricata/rules:/opt/suricata/rules:ro - ./suricata/include-configs:/opt/suricata/include-configs:ro file-monitor: - image: ghcr.io/idaholab/malcolm/file-monitor:24.03.0 + image: ghcr.io/idaholab/malcolm/file-monitor:24.03.1 profiles: ["malcolm", "hedgehog"] logging: *default-logging restart: "no" @@ -408,7 +408,7 @@ services: retries: 3 start_period: 60s pcap-capture: - image: ghcr.io/idaholab/malcolm/pcap-capture:24.03.0 + image: ghcr.io/idaholab/malcolm/pcap-capture:24.03.1 profiles: ["malcolm", "hedgehog"] logging: *default-logging restart: "no" @@ -437,7 +437,7 @@ services: - ./nginx/ca-trust:/var/local/ca-trust:ro - ./pcap/upload:/pcap pcap-monitor: - image: ghcr.io/idaholab/malcolm/pcap-monitor:24.03.0 + image: ghcr.io/idaholab/malcolm/pcap-monitor:24.03.1 profiles: ["malcolm", "hedgehog"] logging: *default-logging restart: "no" @@ -465,7 +465,7 @@ services: retries: 3 start_period: 90s upload: - image: ghcr.io/idaholab/malcolm/file-upload:24.03.0 + image: ghcr.io/idaholab/malcolm/file-upload:24.03.1 profiles: ["malcolm"] logging: *default-logging restart: "no" @@ -492,7 +492,7 @@ services: retries: 3 start_period: 60s htadmin: - image: ghcr.io/idaholab/malcolm/htadmin:24.03.0 + image: ghcr.io/idaholab/malcolm/htadmin:24.03.1 profiles: ["malcolm"] logging: *default-logging restart: "no" @@ -519,7 +519,7 @@ services: retries: 3 start_period: 60s freq: - image: ghcr.io/idaholab/malcolm/freq:24.03.0 + image: ghcr.io/idaholab/malcolm/freq:24.03.1 profiles: ["malcolm"] logging: *default-logging restart: "no" @@ -543,7 +543,7 @@ services: retries: 3 start_period: 60s netbox: - image: ghcr.io/idaholab/malcolm/netbox:24.03.0 + image: ghcr.io/idaholab/malcolm/netbox:24.03.1 profiles: ["malcolm"] logging: *default-logging restart: "no" @@ -577,7 +577,7 @@ services: retries: 3 start_period: 120s netbox-postgres: - image: ghcr.io/idaholab/malcolm/postgresql:24.03.0 + image: ghcr.io/idaholab/malcolm/postgresql:24.03.1 profiles: ["malcolm"] logging: *default-logging restart: "no" @@ -603,7 +603,7 @@ services: retries: 3 start_period: 45s netbox-redis: - image: ghcr.io/idaholab/malcolm/redis:24.03.0 + image: ghcr.io/idaholab/malcolm/redis:24.03.1 profiles: ["malcolm"] logging: *default-logging restart: "no" @@ -633,7 +633,7 @@ services: retries: 3 start_period: 45s netbox-redis-cache: - image: ghcr.io/idaholab/malcolm/redis:24.03.0 + image: ghcr.io/idaholab/malcolm/redis:24.03.1 profiles: ["malcolm"] logging: *default-logging restart: "no" @@ -662,7 +662,7 @@ services: retries: 3 start_period: 45s api: - image: ghcr.io/idaholab/malcolm/api:24.03.0 + image: ghcr.io/idaholab/malcolm/api:24.03.1 profiles: ["malcolm"] logging: *default-logging command: gunicorn --bind 0:5000 manage:app @@ -689,7 +689,7 @@ services: retries: 3 start_period: 60s nginx-proxy: - image: ghcr.io/idaholab/malcolm/nginx-proxy:24.03.0 + image: ghcr.io/idaholab/malcolm/nginx-proxy:24.03.1 profiles: ["malcolm"] logging: *default-logging restart: "no" diff --git a/docs/api-version.md b/docs/api-version.md index 7e4c08db5..ea8ed3153 100644 --- a/docs/api-version.md +++ b/docs/api-version.md @@ -47,6 +47,6 @@ Returns version information about Malcolm and version/[health](https://opensearc } }, "sha": "77574975", - "version": "24.03.0" + "version": "24.03.1" } ``` diff --git a/docs/contributing-pcap.md b/docs/contributing-pcap.md index adac63fb4..abb804904 100644 --- a/docs/contributing-pcap.md +++ b/docs/contributing-pcap.md @@ -1,6 +1,6 @@ # PCAP processors -When a PCAP is uploaded (either through Malcolm's [upload web interface](upload.md#Upload) or just copied manually into the `./pcap/upload` directory), the `pcap-monitor` container has a script that picks up those PCAP files and publishes to a [ZeroMQ](https://zeromq.org/) topic that can be subscribed to by any other process that wants to analyze that PCAP. In Malcolm (at the time of the [v24.03.0 release]({{ site.github.repository_url }}/releases/tag/v24.03.0)), there are three such ZeroMQ topics: the `zeek`, `suricata` and `arkime` containers. These actually share the [same script]({{ site.github.repository_url }}/blob/{{ site.github.build_revision }}/shared/bin/pcap_processor.py) to run the PCAP through Zeek, Suricata, and Arkime, respectively. For an example to follow, the `zeek` container is the less complicated of the two. To integrate a new PCAP processing tool into Malcolm (named `cooltool` for this example) the process would entail: +When a PCAP is uploaded (either through Malcolm's [upload web interface](upload.md#Upload) or just copied manually into the `./pcap/upload` directory), the `pcap-monitor` container has a script that picks up those PCAP files and publishes to a [ZeroMQ](https://zeromq.org/) topic that can be subscribed to by any other process that wants to analyze that PCAP. In Malcolm (at the time of the [v24.03.1 release]({{ site.github.repository_url }}/releases/tag/v24.03.1)), there are three such ZeroMQ topics: the `zeek`, `suricata` and `arkime` containers. These actually share the [same script]({{ site.github.repository_url }}/blob/{{ site.github.build_revision }}/shared/bin/pcap_processor.py) to run the PCAP through Zeek, Suricata, and Arkime, respectively. For an example to follow, the `zeek` container is the less complicated of the two. To integrate a new PCAP processing tool into Malcolm (named `cooltool` for this example) the process would entail: 1. Define the service as instructed in the [Adding a new service](contributing-new-image.md#NewImage) section * Note how the existing `zeek` and `arkime` services use [bind mounts](contributing-local-modifications.md#Bind) to access the local `./pcap` directory diff --git a/docs/download.md b/docs/download.md index 0a0a01a42..3eb34465a 100644 --- a/docs/download.md +++ b/docs/download.md @@ -16,7 +16,7 @@ While official downloads of the Malcolm installer ISO are not provided, an **uno | ISO | SHA256 | |---|---| -| [malcolm-24.03.0.iso](/iso/malcolm-24.03.0.iso) (5.1GiB) | [`f2e15167a3bed28cc6ec5af727d2eecdc5e7b58ef5325f4e1db84b8d8a2da2b5`](/iso/malcolm-24.03.0.iso.sha256.txt) | +| [malcolm-24.03.1.iso](/iso/malcolm-24.03.1.iso) (5.1GiB) | [`xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx`](/iso/malcolm-24.03.1.iso.sha256.txt) | ## Hedgehog Linux @@ -26,7 +26,7 @@ While official downloads of the Malcolm installer ISO are not provided, an **uno | ISO | SHA256 | |---|---| -| [hedgehog-24.03.0.iso](/iso/hedgehog-24.03.0.iso) (2.5GiB) | [`d849ab533ea1f3c37c87f6b4064ddff31e1ac40a060d36f120b9fefe229577ae`](/iso/hedgehog-24.03.0.iso.sha256.txt) | +| [hedgehog-24.03.1.iso](/iso/hedgehog-24.03.1.iso) (2.5GiB) | [`xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx`](/iso/hedgehog-24.03.1.iso.sha256.txt) | ### Raspberry Pi 4 Image @@ -34,7 +34,7 @@ While official downloads of the Malcolm installer ISO are not provided, an **uno | Image | SHA256 | |---|---| -| [hedgehog-24.03.0_raspi_4.img.xz](/iso/hedgehog-24.03.0_raspi_4.img.xz) (1.4GiB) | [`xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx`](/iso/hedgehog-24.03.0_raspi_4.img.xz.sha256.txt) | +| [hedgehog-24.03.1_raspi_4.img.xz](/iso/hedgehog-24.03.1_raspi_4.img.xz) (1.4GiB) | [`xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx`](/iso/hedgehog-24.03.1_raspi_4.img.xz.sha256.txt) | ## Warning diff --git a/docs/hedgehog-iso-build.md b/docs/hedgehog-iso-build.md index 4de1fe858..321bfa257 100644 --- a/docs/hedgehog-iso-build.md +++ b/docs/hedgehog-iso-build.md @@ -29,7 +29,7 @@ Building the ISO may take 90 minutes or more depending on your system. As the bu ``` … -Finished, created "/sensor-build/hedgehog-24.03.0.iso" +Finished, created "/sensor-build/hedgehog-24.03.1.iso" … ``` diff --git a/docs/kubernetes.md b/docs/kubernetes.md index c74fb5d94..eb7cae6c9 100644 --- a/docs/kubernetes.md +++ b/docs/kubernetes.md @@ -272,28 +272,28 @@ agent2 | agent2 | 192.168.56.12 | agent2 | k3s | 6000m | agent1 | agent1 | 192.168.56.11 | agent1 | k3s | 6000m | 861.34m | 14.36% | 19.55Gi | 9.29Gi | 61.28Gi | 11 | Pod Name | State | Pod IP | Pod Kind | Worker Node | CPU Usage | Memory Usage | Container Name:Restarts | Container Image | -api-deployment-6f4686cf59-bn286 | Running | 10.42.2.14 | ReplicaSet | agent1 | 0.11m | 59.62Mi | api-container:0 | api:24.03.0 | -file-monitor-deployment-855646bd75-vk7st | Running | 10.42.2.16 | ReplicaSet | agent1 | 8.47m | 1.46Gi | file-monitor-container:0 | file-monitor:24.03.0 | -zeek-live-deployment-64b69d4b6f-947vr | Running | 10.42.2.17 | ReplicaSet | agent1 | 0.02m | 12.44Mi | zeek-live-container:0 | zeek:24.03.0 | -dashboards-helper-deployment-69dc54f6b6-ln4sq | Running | 10.42.2.15 | ReplicaSet | agent1 | 10.77m | 38.43Mi | dashboards-helper-container:0 | dashboards-helper:24.03.0 | -upload-deployment-586568844b-4jnk9 | Running | 10.42.2.18 | ReplicaSet | agent1 | 0.15m | 29.78Mi | upload-container:0 | file-upload:24.03.0 | -filebeat-deployment-6ff8bc444f-t7h49 | Running | 10.42.2.20 | ReplicaSet | agent1 | 2.84m | 70.71Mi | filebeat-container:0 | filebeat-oss:24.03.0 | -zeek-offline-deployment-844f4865bd-g2sdm | Running | 10.42.2.21 | ReplicaSet | agent1 | 0.17m | 41.92Mi | zeek-offline-container:0 | zeek:24.03.0 | -logstash-deployment-6fbc9fdcd5-hwx8s | Running | 10.42.2.22 | ReplicaSet | agent1 | 85.55m | 2.91Gi | logstash-container:0 | logstash-oss:24.03.0 | -netbox-deployment-cdcff4977-hbbw5 | Running | 10.42.2.23 | ReplicaSet | agent1 | 807.64m | 702.86Mi | netbox-container:0 | netbox:24.03.0 | -suricata-offline-deployment-6ccdb89478-z5696 | Running | 10.42.2.19 | ReplicaSet | agent1 | 0.22m | 34.88Mi | suricata-offline-container:0 | suricata:24.03.0 | -dashboards-deployment-69b5465db-vz88g | Running | 10.42.1.14 | ReplicaSet | agent2 | 0.94m | 100.12Mi | dashboards-container:0 | dashboards:24.03.0 | -netbox-redis-cache-deployment-5f77d47b8b-z7t2z | Running | 10.42.1.15 | ReplicaSet | agent2 | 3.57m | 7.36Mi | netbox-redis-cache-container:0 | redis:24.03.0 | -suricata-live-deployment-6494c77759-9rlnt | Running | 10.42.1.16 | ReplicaSet | agent2 | 0.02m | 9.69Mi | suricata-live-container:0 | suricata:24.03.0 | -freq-deployment-cfd84fd97-dnngf | Running | 10.42.1.17 | ReplicaSet | agent2 | 0.2m | 26.36Mi | freq-container:0 | freq:24.03.0 | -arkime-deployment-56999cdd66-s98pp | Running | 10.42.1.18 | ReplicaSet | agent2 | 4.15m | 113.07Mi | arkime-container:0 | arkime:24.03.0 | -pcap-monitor-deployment-594ff674c4-fsm7m | Running | 10.42.1.19 | ReplicaSet | agent2 | 1.24m | 48.44Mi | pcap-monitor-container:0 | pcap-monitor:24.03.0 | -pcap-capture-deployment-7c8bf6957-jzpzn | Running | 10.42.1.20 | ReplicaSet | agent2 | 0.02m | 9.64Mi | pcap-capture-container:0 | pcap-capture:24.03.0 | -netbox-postgres-deployment-5879b8dffc-kkt56 | Running | 10.42.1.21 | ReplicaSet | agent2 | 70.91m | 33.02Mi | netbox-postgres-container:0 | postgresql:24.03.0 | -htadmin-deployment-6fc46888b9-sq6ln | Running | 10.42.1.23 | ReplicaSet | agent2 | 0.14m | 30.53Mi | htadmin-container:0 | htadmin:24.03.0 | -netbox-redis-deployment-5bcd8f6c96-j5xpf | Running | 10.42.1.24 | ReplicaSet | agent2 | 1.46m | 7.34Mi | netbox-redis-container:0 | redis:24.03.0 | -nginx-proxy-deployment-69fcc4968d-f68tq | Running | 10.42.1.22 | ReplicaSet | agent2 | 0.31m | 22.63Mi | nginx-proxy-container:0 | nginx-proxy:24.03.0 | -opensearch-deployment-75498799f6-4zmwd | Running | 10.42.1.25 | ReplicaSet | agent2 | 89.8m | 11.03Gi | opensearch-container:0 | opensearch:24.03.0 | +api-deployment-6f4686cf59-bn286 | Running | 10.42.2.14 | ReplicaSet | agent1 | 0.11m | 59.62Mi | api-container:0 | api:24.03.1 | +file-monitor-deployment-855646bd75-vk7st | Running | 10.42.2.16 | ReplicaSet | agent1 | 8.47m | 1.46Gi | file-monitor-container:0 | file-monitor:24.03.1 | +zeek-live-deployment-64b69d4b6f-947vr | Running | 10.42.2.17 | ReplicaSet | agent1 | 0.02m | 12.44Mi | zeek-live-container:0 | zeek:24.03.1 | +dashboards-helper-deployment-69dc54f6b6-ln4sq | Running | 10.42.2.15 | ReplicaSet | agent1 | 10.77m | 38.43Mi | dashboards-helper-container:0 | dashboards-helper:24.03.1 | +upload-deployment-586568844b-4jnk9 | Running | 10.42.2.18 | ReplicaSet | agent1 | 0.15m | 29.78Mi | upload-container:0 | file-upload:24.03.1 | +filebeat-deployment-6ff8bc444f-t7h49 | Running | 10.42.2.20 | ReplicaSet | agent1 | 2.84m | 70.71Mi | filebeat-container:0 | filebeat-oss:24.03.1 | +zeek-offline-deployment-844f4865bd-g2sdm | Running | 10.42.2.21 | ReplicaSet | agent1 | 0.17m | 41.92Mi | zeek-offline-container:0 | zeek:24.03.1 | +logstash-deployment-6fbc9fdcd5-hwx8s | Running | 10.42.2.22 | ReplicaSet | agent1 | 85.55m | 2.91Gi | logstash-container:0 | logstash-oss:24.03.1 | +netbox-deployment-cdcff4977-hbbw5 | Running | 10.42.2.23 | ReplicaSet | agent1 | 807.64m | 702.86Mi | netbox-container:0 | netbox:24.03.1 | +suricata-offline-deployment-6ccdb89478-z5696 | Running | 10.42.2.19 | ReplicaSet | agent1 | 0.22m | 34.88Mi | suricata-offline-container:0 | suricata:24.03.1 | +dashboards-deployment-69b5465db-vz88g | Running | 10.42.1.14 | ReplicaSet | agent2 | 0.94m | 100.12Mi | dashboards-container:0 | dashboards:24.03.1 | +netbox-redis-cache-deployment-5f77d47b8b-z7t2z | Running | 10.42.1.15 | ReplicaSet | agent2 | 3.57m | 7.36Mi | netbox-redis-cache-container:0 | redis:24.03.1 | +suricata-live-deployment-6494c77759-9rlnt | Running | 10.42.1.16 | ReplicaSet | agent2 | 0.02m | 9.69Mi | suricata-live-container:0 | suricata:24.03.1 | +freq-deployment-cfd84fd97-dnngf | Running | 10.42.1.17 | ReplicaSet | agent2 | 0.2m | 26.36Mi | freq-container:0 | freq:24.03.1 | +arkime-deployment-56999cdd66-s98pp | Running | 10.42.1.18 | ReplicaSet | agent2 | 4.15m | 113.07Mi | arkime-container:0 | arkime:24.03.1 | +pcap-monitor-deployment-594ff674c4-fsm7m | Running | 10.42.1.19 | ReplicaSet | agent2 | 1.24m | 48.44Mi | pcap-monitor-container:0 | pcap-monitor:24.03.1 | +pcap-capture-deployment-7c8bf6957-jzpzn | Running | 10.42.1.20 | ReplicaSet | agent2 | 0.02m | 9.64Mi | pcap-capture-container:0 | pcap-capture:24.03.1 | +netbox-postgres-deployment-5879b8dffc-kkt56 | Running | 10.42.1.21 | ReplicaSet | agent2 | 70.91m | 33.02Mi | netbox-postgres-container:0 | postgresql:24.03.1 | +htadmin-deployment-6fc46888b9-sq6ln | Running | 10.42.1.23 | ReplicaSet | agent2 | 0.14m | 30.53Mi | htadmin-container:0 | htadmin:24.03.1 | +netbox-redis-deployment-5bcd8f6c96-j5xpf | Running | 10.42.1.24 | ReplicaSet | agent2 | 1.46m | 7.34Mi | netbox-redis-container:0 | redis:24.03.1 | +nginx-proxy-deployment-69fcc4968d-f68tq | Running | 10.42.1.22 | ReplicaSet | agent2 | 0.31m | 22.63Mi | nginx-proxy-container:0 | nginx-proxy:24.03.1 | +opensearch-deployment-75498799f6-4zmwd | Running | 10.42.1.25 | ReplicaSet | agent2 | 89.8m | 11.03Gi | opensearch-container:0 | opensearch:24.03.1 | ``` The other control scripts (`stop`, `restart`, `logs`, etc.) work in a similar manner as in a Docker-based deployment. One notable difference is the `wipe` script: data on PersistentVolume storage cannot be deleted by `wipe`. It must be deleted manually on the storage media underlying the PersistentVolumes. @@ -553,28 +553,28 @@ agent1 | agent1 | 192.168.56.11 | agent1 | k3s | 6000m | agent2 | agent2 | 192.168.56.12 | agent2 | k3s | 6000m | 552.71m | 9.21% | 19.55Gi | 13.27Gi | 61.28Gi | 12 | Pod Name | State | Pod IP | Pod Kind | Worker Node | CPU Usage | Memory Usage | Container Name:Restarts | Container Image | -netbox-redis-cache-deployment-5f77d47b8b-jr9nt | Running | 10.42.2.6 | ReplicaSet | agent2 | 1.89m | 7.24Mi | netbox-redis-cache-container:0 | redis:24.03.0 | -netbox-redis-deployment-5bcd8f6c96-bkzmh | Running | 10.42.2.5 | ReplicaSet | agent2 | 1.62m | 7.52Mi | netbox-redis-container:0 | redis:24.03.0 | -dashboards-helper-deployment-69dc54f6b6-ks7ps | Running | 10.42.2.4 | ReplicaSet | agent2 | 12.95m | 40.75Mi | dashboards-helper-container:0 | dashboards-helper:24.03.0 | -freq-deployment-cfd84fd97-5bwp6 | Running | 10.42.2.8 | ReplicaSet | agent2 | 0.11m | 26.33Mi | freq-container:0 | freq:24.03.0 | -pcap-capture-deployment-7c8bf6957-hkvkn | Running | 10.42.2.12 | ReplicaSet | agent2 | 0.02m | 9.21Mi | pcap-capture-container:0 | pcap-capture:24.03.0 | -nginx-proxy-deployment-69fcc4968d-m57rz | Running | 10.42.2.10 | ReplicaSet | agent2 | 0.91m | 22.72Mi | nginx-proxy-container:0 | nginx-proxy:24.03.0 | -htadmin-deployment-6fc46888b9-vpt7l | Running | 10.42.2.7 | ReplicaSet | agent2 | 0.16m | 30.21Mi | htadmin-container:0 | htadmin:24.03.0 | -opensearch-deployment-75498799f6-5v92w | Running | 10.42.2.13 | ReplicaSet | agent2 | 139.2m | 10.86Gi | opensearch-container:0 | opensearch:24.03.0 | -zeek-live-deployment-64b69d4b6f-fcb6n | Running | 10.42.2.9 | ReplicaSet | agent2 | 0.02m | 109.55Mi | zeek-live-container:0 | zeek:24.03.0 | -dashboards-deployment-69b5465db-kgsqk | Running | 10.42.2.3 | ReplicaSet | agent2 | 14.98m | 108.85Mi | dashboards-container:0 | dashboards:24.03.0 | -arkime-deployment-56999cdd66-xxpw9 | Running | 10.42.2.11 | ReplicaSet | agent2 | 208.95m | 78.42Mi | arkime-container:0 | arkime:24.03.0 | -api-deployment-6f4686cf59-xt9md | Running | 10.42.1.3 | ReplicaSet | agent1 | 0.14m | 56.88Mi | api-container:0 | api:24.03.0 | -netbox-postgres-deployment-5879b8dffc-lb4qm | Running | 10.42.1.6 | ReplicaSet | agent1 | 141.2m | 48.02Mi | netbox-postgres-container:0 | postgresql:24.03.0 | -pcap-monitor-deployment-594ff674c4-fwq7g | Running | 10.42.1.12 | ReplicaSet | agent1 | 3.93m | 46.44Mi | pcap-monitor-container:0 | pcap-monitor:24.03.0 | -suricata-offline-deployment-6ccdb89478-j5fgj | Running | 10.42.1.10 | ReplicaSet | agent1 | 10.42m | 35.12Mi | suricata-offline-container:0 | suricata:24.03.0 | -suricata-live-deployment-6494c77759-rpt48 | Running | 10.42.1.8 | ReplicaSet | agent1 | 0.01m | 9.62Mi | suricata-live-container:0 | suricata:24.03.0 | -netbox-deployment-cdcff4977-7ns2q | Running | 10.42.1.7 | ReplicaSet | agent1 | 830.47m | 530.7Mi | netbox-container:0 | netbox:24.03.0 | -zeek-offline-deployment-844f4865bd-7x68b | Running | 10.42.1.9 | ReplicaSet | agent1 | 1.44m | 43.66Mi | zeek-offline-container:0 | zeek:24.03.0 | -filebeat-deployment-6ff8bc444f-pdgzj | Running | 10.42.1.11 | ReplicaSet | agent1 | 0.78m | 75.25Mi | filebeat-container:0 | filebeat-oss:24.03.0 | -file-monitor-deployment-855646bd75-nbngq | Running | 10.42.1.4 | ReplicaSet | agent1 | 1.69m | 1.46Gi | file-monitor-container:0 | file-monitor:24.03.0 | -upload-deployment-586568844b-9s7f5 | Running | 10.42.1.13 | ReplicaSet | agent1 | 0.14m | 29.62Mi | upload-container:0 | file-upload:24.03.0 | -logstash-deployment-6fbc9fdcd5-2hhx8 | Running | 10.42.1.5 | ReplicaSet | agent1 | 3236.29m | 357.36Mi | logstash-container:0 | logstash-oss:24.03.0 | +netbox-redis-cache-deployment-5f77d47b8b-jr9nt | Running | 10.42.2.6 | ReplicaSet | agent2 | 1.89m | 7.24Mi | netbox-redis-cache-container:0 | redis:24.03.1 | +netbox-redis-deployment-5bcd8f6c96-bkzmh | Running | 10.42.2.5 | ReplicaSet | agent2 | 1.62m | 7.52Mi | netbox-redis-container:0 | redis:24.03.1 | +dashboards-helper-deployment-69dc54f6b6-ks7ps | Running | 10.42.2.4 | ReplicaSet | agent2 | 12.95m | 40.75Mi | dashboards-helper-container:0 | dashboards-helper:24.03.1 | +freq-deployment-cfd84fd97-5bwp6 | Running | 10.42.2.8 | ReplicaSet | agent2 | 0.11m | 26.33Mi | freq-container:0 | freq:24.03.1 | +pcap-capture-deployment-7c8bf6957-hkvkn | Running | 10.42.2.12 | ReplicaSet | agent2 | 0.02m | 9.21Mi | pcap-capture-container:0 | pcap-capture:24.03.1 | +nginx-proxy-deployment-69fcc4968d-m57rz | Running | 10.42.2.10 | ReplicaSet | agent2 | 0.91m | 22.72Mi | nginx-proxy-container:0 | nginx-proxy:24.03.1 | +htadmin-deployment-6fc46888b9-vpt7l | Running | 10.42.2.7 | ReplicaSet | agent2 | 0.16m | 30.21Mi | htadmin-container:0 | htadmin:24.03.1 | +opensearch-deployment-75498799f6-5v92w | Running | 10.42.2.13 | ReplicaSet | agent2 | 139.2m | 10.86Gi | opensearch-container:0 | opensearch:24.03.1 | +zeek-live-deployment-64b69d4b6f-fcb6n | Running | 10.42.2.9 | ReplicaSet | agent2 | 0.02m | 109.55Mi | zeek-live-container:0 | zeek:24.03.1 | +dashboards-deployment-69b5465db-kgsqk | Running | 10.42.2.3 | ReplicaSet | agent2 | 14.98m | 108.85Mi | dashboards-container:0 | dashboards:24.03.1 | +arkime-deployment-56999cdd66-xxpw9 | Running | 10.42.2.11 | ReplicaSet | agent2 | 208.95m | 78.42Mi | arkime-container:0 | arkime:24.03.1 | +api-deployment-6f4686cf59-xt9md | Running | 10.42.1.3 | ReplicaSet | agent1 | 0.14m | 56.88Mi | api-container:0 | api:24.03.1 | +netbox-postgres-deployment-5879b8dffc-lb4qm | Running | 10.42.1.6 | ReplicaSet | agent1 | 141.2m | 48.02Mi | netbox-postgres-container:0 | postgresql:24.03.1 | +pcap-monitor-deployment-594ff674c4-fwq7g | Running | 10.42.1.12 | ReplicaSet | agent1 | 3.93m | 46.44Mi | pcap-monitor-container:0 | pcap-monitor:24.03.1 | +suricata-offline-deployment-6ccdb89478-j5fgj | Running | 10.42.1.10 | ReplicaSet | agent1 | 10.42m | 35.12Mi | suricata-offline-container:0 | suricata:24.03.1 | +suricata-live-deployment-6494c77759-rpt48 | Running | 10.42.1.8 | ReplicaSet | agent1 | 0.01m | 9.62Mi | suricata-live-container:0 | suricata:24.03.1 | +netbox-deployment-cdcff4977-7ns2q | Running | 10.42.1.7 | ReplicaSet | agent1 | 830.47m | 530.7Mi | netbox-container:0 | netbox:24.03.1 | +zeek-offline-deployment-844f4865bd-7x68b | Running | 10.42.1.9 | ReplicaSet | agent1 | 1.44m | 43.66Mi | zeek-offline-container:0 | zeek:24.03.1 | +filebeat-deployment-6ff8bc444f-pdgzj | Running | 10.42.1.11 | ReplicaSet | agent1 | 0.78m | 75.25Mi | filebeat-container:0 | filebeat-oss:24.03.1 | +file-monitor-deployment-855646bd75-nbngq | Running | 10.42.1.4 | ReplicaSet | agent1 | 1.69m | 1.46Gi | file-monitor-container:0 | file-monitor:24.03.1 | +upload-deployment-586568844b-9s7f5 | Running | 10.42.1.13 | ReplicaSet | agent1 | 0.14m | 29.62Mi | upload-container:0 | file-upload:24.03.1 | +logstash-deployment-6fbc9fdcd5-2hhx8 | Running | 10.42.1.5 | ReplicaSet | agent1 | 3236.29m | 357.36Mi | logstash-container:0 | logstash-oss:24.03.1 | ``` View container logs for the Malcolm deployment with `./scripts/logs` (if **[stern](https://github.com/stern/stern)** present in `$PATH`): diff --git a/docs/malcolm-iso.md b/docs/malcolm-iso.md index 21ec5f9eb..0d0d167a4 100644 --- a/docs/malcolm-iso.md +++ b/docs/malcolm-iso.md @@ -41,7 +41,7 @@ Building the ISO may take 30 minutes or more depending on the system. As the bui ``` … -Finished, created "/malcolm-build/malcolm-iso/malcolm-24.03.0.iso" +Finished, created "/malcolm-build/malcolm-iso/malcolm-24.03.1.iso" … ``` diff --git a/docs/quickstart.md b/docs/quickstart.md index 8d4e5a8a9..61990e4e2 100644 --- a/docs/quickstart.md +++ b/docs/quickstart.md @@ -54,25 +54,25 @@ You can then observe the images have been retrieved by running `docker images`: ``` $ docker images REPOSITORY TAG IMAGE ID CREATED SIZE -ghcr.io/idaholab/malcolm/api 24.03.0 xxxxxxxxxxxx 3 days ago 158MB -ghcr.io/idaholab/malcolm/arkime 24.03.0 xxxxxxxxxxxx 3 days ago 816MB -ghcr.io/idaholab/malcolm/dashboards 24.03.0 xxxxxxxxxxxx 3 days ago 1.02GB -ghcr.io/idaholab/malcolm/dashboards-helper 24.03.0 xxxxxxxxxxxx 3 days ago 184MB -ghcr.io/idaholab/malcolm/file-monitor 24.03.0 xxxxxxxxxxxx 3 days ago 588MB -ghcr.io/idaholab/malcolm/file-upload 24.03.0 xxxxxxxxxxxx 3 days ago 259MB -ghcr.io/idaholab/malcolm/filebeat-oss 24.03.0 xxxxxxxxxxxx 3 days ago 624MB -ghcr.io/idaholab/malcolm/freq 24.03.0 xxxxxxxxxxxx 3 days ago 132MB -ghcr.io/idaholab/malcolm/htadmin 24.03.0 xxxxxxxxxxxx 3 days ago 242MB -ghcr.io/idaholab/malcolm/logstash-oss 24.03.0 xxxxxxxxxxxx 3 days ago 1.35GB -ghcr.io/idaholab/malcolm/netbox 24.03.0 xxxxxxxxxxxx 3 days ago 1.01GB -ghcr.io/idaholab/malcolm/nginx-proxy 24.03.0 xxxxxxxxxxxx 3 days ago 121MB -ghcr.io/idaholab/malcolm/opensearch 24.03.0 xxxxxxxxxxxx 3 days ago 1.17GB -ghcr.io/idaholab/malcolm/pcap-capture 24.03.0 xxxxxxxxxxxx 3 days ago 121MB -ghcr.io/idaholab/malcolm/pcap-monitor 24.03.0 xxxxxxxxxxxx 3 days ago 213MB -ghcr.io/idaholab/malcolm/postgresql 24.03.0 xxxxxxxxxxxx 3 days ago 268MB -ghcr.io/idaholab/malcolm/redis 24.03.0 xxxxxxxxxxxx 3 days ago 34.2MB -ghcr.io/idaholab/malcolm/suricata 24.03.0 xxxxxxxxxxxx 3 days ago 278MB -ghcr.io/idaholab/malcolm/zeek 24.03.0 xxxxxxxxxxxx 3 days ago 1GB +ghcr.io/idaholab/malcolm/api 24.03.1 xxxxxxxxxxxx 3 days ago 158MB +ghcr.io/idaholab/malcolm/arkime 24.03.1 xxxxxxxxxxxx 3 days ago 816MB +ghcr.io/idaholab/malcolm/dashboards 24.03.1 xxxxxxxxxxxx 3 days ago 1.02GB +ghcr.io/idaholab/malcolm/dashboards-helper 24.03.1 xxxxxxxxxxxx 3 days ago 184MB +ghcr.io/idaholab/malcolm/file-monitor 24.03.1 xxxxxxxxxxxx 3 days ago 588MB +ghcr.io/idaholab/malcolm/file-upload 24.03.1 xxxxxxxxxxxx 3 days ago 259MB +ghcr.io/idaholab/malcolm/filebeat-oss 24.03.1 xxxxxxxxxxxx 3 days ago 624MB +ghcr.io/idaholab/malcolm/freq 24.03.1 xxxxxxxxxxxx 3 days ago 132MB +ghcr.io/idaholab/malcolm/htadmin 24.03.1 xxxxxxxxxxxx 3 days ago 242MB +ghcr.io/idaholab/malcolm/logstash-oss 24.03.1 xxxxxxxxxxxx 3 days ago 1.35GB +ghcr.io/idaholab/malcolm/netbox 24.03.1 xxxxxxxxxxxx 3 days ago 1.01GB +ghcr.io/idaholab/malcolm/nginx-proxy 24.03.1 xxxxxxxxxxxx 3 days ago 121MB +ghcr.io/idaholab/malcolm/opensearch 24.03.1 xxxxxxxxxxxx 3 days ago 1.17GB +ghcr.io/idaholab/malcolm/pcap-capture 24.03.1 xxxxxxxxxxxx 3 days ago 121MB +ghcr.io/idaholab/malcolm/pcap-monitor 24.03.1 xxxxxxxxxxxx 3 days ago 213MB +ghcr.io/idaholab/malcolm/postgresql 24.03.1 xxxxxxxxxxxx 3 days ago 268MB +ghcr.io/idaholab/malcolm/redis 24.03.1 xxxxxxxxxxxx 3 days ago 34.2MB +ghcr.io/idaholab/malcolm/suricata 24.03.1 xxxxxxxxxxxx 3 days ago 278MB +ghcr.io/idaholab/malcolm/zeek 24.03.1 xxxxxxxxxxxx 3 days ago 1GB ``` ### Import from pre-packaged tarballs diff --git a/docs/ubuntu-install-example.md b/docs/ubuntu-install-example.md index ff4f0d4b0..297020787 100644 --- a/docs/ubuntu-install-example.md +++ b/docs/ubuntu-install-example.md @@ -257,25 +257,25 @@ Pulling zeek ... done user@host:~/Malcolm$ docker images REPOSITORY TAG IMAGE ID CREATED SIZE -ghcr.io/idaholab/malcolm/api 24.03.0 xxxxxxxxxxxx 3 days ago 158MB -ghcr.io/idaholab/malcolm/arkime 24.03.0 xxxxxxxxxxxx 3 days ago 816MB -ghcr.io/idaholab/malcolm/dashboards 24.03.0 xxxxxxxxxxxx 3 days ago 1.02GB -ghcr.io/idaholab/malcolm/dashboards-helper 24.03.0 xxxxxxxxxxxx 3 days ago 184MB -ghcr.io/idaholab/malcolm/file-monitor 24.03.0 xxxxxxxxxxxx 3 days ago 588MB -ghcr.io/idaholab/malcolm/file-upload 24.03.0 xxxxxxxxxxxx 3 days ago 259MB -ghcr.io/idaholab/malcolm/filebeat-oss 24.03.0 xxxxxxxxxxxx 3 days ago 624MB -ghcr.io/idaholab/malcolm/freq 24.03.0 xxxxxxxxxxxx 3 days ago 132MB -ghcr.io/idaholab/malcolm/htadmin 24.03.0 xxxxxxxxxxxx 3 days ago 242MB -ghcr.io/idaholab/malcolm/logstash-oss 24.03.0 xxxxxxxxxxxx 3 days ago 1.35GB -ghcr.io/idaholab/malcolm/netbox 24.03.0 xxxxxxxxxxxx 3 days ago 1.01GB -ghcr.io/idaholab/malcolm/nginx-proxy 24.03.0 xxxxxxxxxxxx 3 days ago 121MB -ghcr.io/idaholab/malcolm/opensearch 24.03.0 xxxxxxxxxxxx 3 days ago 1.17GB -ghcr.io/idaholab/malcolm/pcap-capture 24.03.0 xxxxxxxxxxxx 3 days ago 121MB -ghcr.io/idaholab/malcolm/pcap-monitor 24.03.0 xxxxxxxxxxxx 3 days ago 213MB -ghcr.io/idaholab/malcolm/postgresql 24.03.0 xxxxxxxxxxxx 3 days ago 268MB -ghcr.io/idaholab/malcolm/redis 24.03.0 xxxxxxxxxxxx 3 days ago 34.2MB -ghcr.io/idaholab/malcolm/suricata 24.03.0 xxxxxxxxxxxx 3 days ago 278MB -ghcr.io/idaholab/malcolm/zeek 24.03.0 xxxxxxxxxxxx 3 days ago 1GB +ghcr.io/idaholab/malcolm/api 24.03.1 xxxxxxxxxxxx 3 days ago 158MB +ghcr.io/idaholab/malcolm/arkime 24.03.1 xxxxxxxxxxxx 3 days ago 816MB +ghcr.io/idaholab/malcolm/dashboards 24.03.1 xxxxxxxxxxxx 3 days ago 1.02GB +ghcr.io/idaholab/malcolm/dashboards-helper 24.03.1 xxxxxxxxxxxx 3 days ago 184MB +ghcr.io/idaholab/malcolm/file-monitor 24.03.1 xxxxxxxxxxxx 3 days ago 588MB +ghcr.io/idaholab/malcolm/file-upload 24.03.1 xxxxxxxxxxxx 3 days ago 259MB +ghcr.io/idaholab/malcolm/filebeat-oss 24.03.1 xxxxxxxxxxxx 3 days ago 624MB +ghcr.io/idaholab/malcolm/freq 24.03.1 xxxxxxxxxxxx 3 days ago 132MB +ghcr.io/idaholab/malcolm/htadmin 24.03.1 xxxxxxxxxxxx 3 days ago 242MB +ghcr.io/idaholab/malcolm/logstash-oss 24.03.1 xxxxxxxxxxxx 3 days ago 1.35GB +ghcr.io/idaholab/malcolm/netbox 24.03.1 xxxxxxxxxxxx 3 days ago 1.01GB +ghcr.io/idaholab/malcolm/nginx-proxy 24.03.1 xxxxxxxxxxxx 3 days ago 121MB +ghcr.io/idaholab/malcolm/opensearch 24.03.1 xxxxxxxxxxxx 3 days ago 1.17GB +ghcr.io/idaholab/malcolm/pcap-capture 24.03.1 xxxxxxxxxxxx 3 days ago 121MB +ghcr.io/idaholab/malcolm/pcap-monitor 24.03.1 xxxxxxxxxxxx 3 days ago 213MB +ghcr.io/idaholab/malcolm/postgresql 24.03.1 xxxxxxxxxxxx 3 days ago 268MB +ghcr.io/idaholab/malcolm/redis 24.03.1 xxxxxxxxxxxx 3 days ago 34.2MB +ghcr.io/idaholab/malcolm/suricata 24.03.1 xxxxxxxxxxxx 3 days ago 278MB +ghcr.io/idaholab/malcolm/zeek 24.03.1 xxxxxxxxxxxx 3 days ago 1GB ``` Finally, start Malcolm. When Malcolm starts it will stream informational and debug messages to the console until it has completed initializing. diff --git a/kubernetes/03-opensearch.yml b/kubernetes/03-opensearch.yml index ec9b8dd56..4a14aaeed 100644 --- a/kubernetes/03-opensearch.yml +++ b/kubernetes/03-opensearch.yml @@ -30,7 +30,7 @@ spec: spec: containers: - name: opensearch-container - image: ghcr.io/idaholab/malcolm/opensearch:24.03.0 + image: ghcr.io/mmguero-dev/malcolm/opensearch:development imagePullPolicy: Always stdin: false tty: true @@ -71,7 +71,7 @@ spec: subPath: "opensearch" initContainers: - name: opensearch-dirinit-container - image: ghcr.io/idaholab/malcolm/dirinit:24.03.0 + image: ghcr.io/mmguero-dev/malcolm/dirinit:development imagePullPolicy: Always stdin: false tty: true diff --git a/kubernetes/04-dashboards.yml b/kubernetes/04-dashboards.yml index f70cb83aa..cfbb8b422 100644 --- a/kubernetes/04-dashboards.yml +++ b/kubernetes/04-dashboards.yml @@ -30,7 +30,7 @@ spec: spec: containers: - name: dashboards-container - image: ghcr.io/idaholab/malcolm/dashboards:24.03.0 + image: ghcr.io/mmguero-dev/malcolm/dashboards:development imagePullPolicy: Always stdin: false tty: true diff --git a/kubernetes/05-upload.yml b/kubernetes/05-upload.yml index e0aeb3745..7631d405f 100644 --- a/kubernetes/05-upload.yml +++ b/kubernetes/05-upload.yml @@ -34,7 +34,7 @@ spec: spec: containers: - name: upload-container - image: ghcr.io/idaholab/malcolm/file-upload:24.03.0 + image: ghcr.io/mmguero-dev/malcolm/file-upload:development imagePullPolicy: Always stdin: false tty: true @@ -73,7 +73,7 @@ spec: subPath: "upload" initContainers: - name: upload-dirinit-container - image: ghcr.io/idaholab/malcolm/dirinit:24.03.0 + image: ghcr.io/mmguero-dev/malcolm/dirinit:development imagePullPolicy: Always stdin: false tty: true diff --git a/kubernetes/06-pcap-monitor.yml b/kubernetes/06-pcap-monitor.yml index 427bb4d7c..70da6fc02 100644 --- a/kubernetes/06-pcap-monitor.yml +++ b/kubernetes/06-pcap-monitor.yml @@ -30,7 +30,7 @@ spec: spec: containers: - name: pcap-monitor-container - image: ghcr.io/idaholab/malcolm/pcap-monitor:24.03.0 + image: ghcr.io/mmguero-dev/malcolm/pcap-monitor:development imagePullPolicy: Always stdin: false tty: true @@ -70,7 +70,7 @@ spec: name: pcap-monitor-zeek-volume initContainers: - name: pcap-monitor-dirinit-container - image: ghcr.io/idaholab/malcolm/dirinit:24.03.0 + image: ghcr.io/mmguero-dev/malcolm/dirinit:development imagePullPolicy: Always stdin: false tty: true diff --git a/kubernetes/07-arkime.yml b/kubernetes/07-arkime.yml index 9085b877d..e050e6036 100644 --- a/kubernetes/07-arkime.yml +++ b/kubernetes/07-arkime.yml @@ -30,7 +30,7 @@ spec: spec: containers: - name: arkime-container - image: ghcr.io/idaholab/malcolm/arkime:24.03.0 + image: ghcr.io/mmguero-dev/malcolm/arkime:development imagePullPolicy: Always stdin: false tty: true @@ -79,7 +79,7 @@ spec: name: arkime-pcap-volume initContainers: - name: arkime-dirinit-container - image: ghcr.io/idaholab/malcolm/dirinit:24.03.0 + image: ghcr.io/mmguero-dev/malcolm/dirinit:development imagePullPolicy: Always stdin: false tty: true diff --git a/kubernetes/08-api.yml b/kubernetes/08-api.yml index 584799bd5..dff8c4274 100644 --- a/kubernetes/08-api.yml +++ b/kubernetes/08-api.yml @@ -30,7 +30,7 @@ spec: spec: containers: - name: api-container - image: ghcr.io/idaholab/malcolm/api:24.03.0 + image: ghcr.io/mmguero-dev/malcolm/api:development imagePullPolicy: Always stdin: false tty: true diff --git a/kubernetes/09-dashboards-helper.yml b/kubernetes/09-dashboards-helper.yml index 3ea236ed1..3c1292517 100644 --- a/kubernetes/09-dashboards-helper.yml +++ b/kubernetes/09-dashboards-helper.yml @@ -30,7 +30,7 @@ spec: spec: containers: - name: dashboards-helper-container - image: ghcr.io/idaholab/malcolm/dashboards-helper:24.03.0 + image: ghcr.io/mmguero-dev/malcolm/dashboards-helper:development imagePullPolicy: Always stdin: false tty: true diff --git a/kubernetes/10-zeek.yml b/kubernetes/10-zeek.yml index 10827bb57..daa925943 100644 --- a/kubernetes/10-zeek.yml +++ b/kubernetes/10-zeek.yml @@ -16,7 +16,7 @@ spec: spec: containers: - name: zeek-offline-container - image: ghcr.io/idaholab/malcolm/zeek:24.03.0 + image: ghcr.io/mmguero-dev/malcolm/zeek:development imagePullPolicy: Always stdin: false tty: true @@ -64,7 +64,7 @@ spec: subPath: "zeek/intel" initContainers: - name: zeek-offline-dirinit-container - image: ghcr.io/idaholab/malcolm/dirinit:24.03.0 + image: ghcr.io/mmguero-dev/malcolm/dirinit:development imagePullPolicy: Always stdin: false tty: true diff --git a/kubernetes/11-suricata.yml b/kubernetes/11-suricata.yml index 80de0fed8..5bdf9472f 100644 --- a/kubernetes/11-suricata.yml +++ b/kubernetes/11-suricata.yml @@ -16,7 +16,7 @@ spec: spec: containers: - name: suricata-offline-container - image: ghcr.io/idaholab/malcolm/suricata:24.03.0 + image: ghcr.io/mmguero-dev/malcolm/suricata:development imagePullPolicy: Always stdin: false tty: true @@ -55,7 +55,7 @@ spec: name: suricata-offline-custom-configs-volume initContainers: - name: suricata-offline-dirinit-container - image: ghcr.io/idaholab/malcolm/dirinit:24.03.0 + image: ghcr.io/mmguero-dev/malcolm/dirinit:development imagePullPolicy: Always stdin: false tty: true diff --git a/kubernetes/12-file-monitor.yml b/kubernetes/12-file-monitor.yml index 647cddedd..4925d67ba 100644 --- a/kubernetes/12-file-monitor.yml +++ b/kubernetes/12-file-monitor.yml @@ -33,7 +33,7 @@ spec: spec: containers: - name: file-monitor-container - image: ghcr.io/idaholab/malcolm/file-monitor:24.03.0 + image: ghcr.io/mmguero-dev/malcolm/file-monitor:development imagePullPolicy: Always stdin: false tty: true @@ -83,7 +83,7 @@ spec: name: file-monitor-yara-rules-custom-volume initContainers: - name: file-monitor-live-dirinit-container - image: ghcr.io/idaholab/malcolm/dirinit:24.03.0 + image: ghcr.io/mmguero-dev/malcolm/dirinit:development imagePullPolicy: Always stdin: false tty: true diff --git a/kubernetes/13-filebeat.yml b/kubernetes/13-filebeat.yml index edb237b3f..da45a94d1 100644 --- a/kubernetes/13-filebeat.yml +++ b/kubernetes/13-filebeat.yml @@ -33,7 +33,7 @@ spec: spec: containers: - name: filebeat-container - image: ghcr.io/idaholab/malcolm/filebeat-oss:24.03.0 + image: ghcr.io/mmguero-dev/malcolm/filebeat-oss:development imagePullPolicy: Always stdin: false tty: true @@ -83,7 +83,7 @@ spec: subPath: "nginx" initContainers: - name: filebeat-dirinit-container - image: ghcr.io/idaholab/malcolm/dirinit:24.03.0 + image: ghcr.io/mmguero-dev/malcolm/dirinit:development imagePullPolicy: Always stdin: false tty: true diff --git a/kubernetes/14-logstash.yml b/kubernetes/14-logstash.yml index cfe42b9b2..0cb84994b 100644 --- a/kubernetes/14-logstash.yml +++ b/kubernetes/14-logstash.yml @@ -49,7 +49,7 @@ spec: # topologyKey: "kubernetes.io/hostname" containers: - name: logstash-container - image: ghcr.io/idaholab/malcolm/logstash-oss:24.03.0 + image: ghcr.io/mmguero-dev/malcolm/logstash-oss:development imagePullPolicy: Always stdin: false tty: true @@ -115,7 +115,7 @@ spec: subPath: "logstash" initContainers: - name: logstash-dirinit-container - image: ghcr.io/idaholab/malcolm/dirinit:24.03.0 + image: ghcr.io/mmguero-dev/malcolm/dirinit:development imagePullPolicy: Always stdin: false tty: true diff --git a/kubernetes/15-netbox-redis.yml b/kubernetes/15-netbox-redis.yml index 206a486a9..922f54f1d 100644 --- a/kubernetes/15-netbox-redis.yml +++ b/kubernetes/15-netbox-redis.yml @@ -30,7 +30,7 @@ spec: spec: containers: - name: netbox-redis-container - image: ghcr.io/idaholab/malcolm/redis:24.03.0 + image: ghcr.io/mmguero-dev/malcolm/redis:development imagePullPolicy: Always stdin: false tty: true @@ -83,7 +83,7 @@ spec: subPath: netbox/redis initContainers: - name: netbox-redis-dirinit-container - image: ghcr.io/idaholab/malcolm/dirinit:24.03.0 + image: ghcr.io/mmguero-dev/malcolm/dirinit:development imagePullPolicy: Always stdin: false tty: true diff --git a/kubernetes/16-netbox-redis-cache.yml b/kubernetes/16-netbox-redis-cache.yml index a7985dfb1..0fef1bbf0 100644 --- a/kubernetes/16-netbox-redis-cache.yml +++ b/kubernetes/16-netbox-redis-cache.yml @@ -30,7 +30,7 @@ spec: spec: containers: - name: netbox-redis-cache-container - image: ghcr.io/idaholab/malcolm/redis:24.03.0 + image: ghcr.io/mmguero-dev/malcolm/redis:development imagePullPolicy: Always stdin: false tty: true diff --git a/kubernetes/17-netbox-postgres.yml b/kubernetes/17-netbox-postgres.yml index a9e2cab83..55a066358 100644 --- a/kubernetes/17-netbox-postgres.yml +++ b/kubernetes/17-netbox-postgres.yml @@ -30,7 +30,7 @@ spec: spec: containers: - name: netbox-postgres-container - image: ghcr.io/idaholab/malcolm/postgresql:24.03.0 + image: ghcr.io/mmguero-dev/malcolm/postgresql:development imagePullPolicy: Always stdin: false tty: true @@ -74,7 +74,7 @@ spec: subPath: netbox/postgres initContainers: - name: netbox-postgres-dirinit-container - image: ghcr.io/idaholab/malcolm/dirinit:24.03.0 + image: ghcr.io/mmguero-dev/malcolm/dirinit:development imagePullPolicy: Always stdin: false tty: true diff --git a/kubernetes/18-netbox.yml b/kubernetes/18-netbox.yml index f2a3469c5..f81438018 100644 --- a/kubernetes/18-netbox.yml +++ b/kubernetes/18-netbox.yml @@ -36,7 +36,7 @@ spec: spec: containers: - name: netbox-container - image: ghcr.io/idaholab/malcolm/netbox:24.03.0 + image: ghcr.io/mmguero-dev/malcolm/netbox:development imagePullPolicy: Always stdin: false tty: true @@ -88,7 +88,7 @@ spec: subPath: netbox/media initContainers: - name: netbox-dirinit-container - image: ghcr.io/idaholab/malcolm/dirinit:24.03.0 + image: ghcr.io/mmguero-dev/malcolm/dirinit:development imagePullPolicy: Always stdin: false tty: true diff --git a/kubernetes/19-htadmin.yml b/kubernetes/19-htadmin.yml index 9bb3f0736..de5293761 100644 --- a/kubernetes/19-htadmin.yml +++ b/kubernetes/19-htadmin.yml @@ -30,7 +30,7 @@ spec: spec: containers: - name: htadmin-container - image: ghcr.io/idaholab/malcolm/htadmin:24.03.0 + image: ghcr.io/mmguero-dev/malcolm/htadmin:development imagePullPolicy: Always stdin: false tty: true @@ -63,7 +63,7 @@ spec: subPath: "htadmin" initContainers: - name: htadmin-dirinit-container - image: ghcr.io/idaholab/malcolm/dirinit:24.03.0 + image: ghcr.io/mmguero-dev/malcolm/dirinit:development imagePullPolicy: Always stdin: false tty: true diff --git a/kubernetes/20-pcap-capture.yml b/kubernetes/20-pcap-capture.yml index 7656623d9..2e0f46fca 100644 --- a/kubernetes/20-pcap-capture.yml +++ b/kubernetes/20-pcap-capture.yml @@ -16,7 +16,7 @@ spec: spec: containers: - name: pcap-capture-container - image: ghcr.io/idaholab/malcolm/pcap-capture:24.03.0 + image: ghcr.io/mmguero-dev/malcolm/pcap-capture:development imagePullPolicy: Always stdin: false tty: true @@ -50,7 +50,7 @@ spec: subPath: "upload" initContainers: - name: pcap-capture-dirinit-container - image: ghcr.io/idaholab/malcolm/dirinit:24.03.0 + image: ghcr.io/mmguero-dev/malcolm/dirinit:development imagePullPolicy: Always stdin: false tty: true diff --git a/kubernetes/21-zeek-live.yml b/kubernetes/21-zeek-live.yml index b4e220e20..2575cfdc3 100644 --- a/kubernetes/21-zeek-live.yml +++ b/kubernetes/21-zeek-live.yml @@ -16,7 +16,7 @@ spec: spec: containers: - name: zeek-live-container - image: ghcr.io/idaholab/malcolm/zeek:24.03.0 + image: ghcr.io/mmguero-dev/malcolm/zeek:development imagePullPolicy: Always stdin: false tty: true @@ -61,7 +61,7 @@ spec: subPath: "zeek/intel" initContainers: - name: zeek-live-dirinit-container - image: ghcr.io/idaholab/malcolm/dirinit:24.03.0 + image: ghcr.io/mmguero-dev/malcolm/dirinit:development imagePullPolicy: Always stdin: false tty: true diff --git a/kubernetes/22-suricata-live.yml b/kubernetes/22-suricata-live.yml index 3490b1dbe..3fbca4d03 100644 --- a/kubernetes/22-suricata-live.yml +++ b/kubernetes/22-suricata-live.yml @@ -16,7 +16,7 @@ spec: spec: containers: - name: suricata-live-container - image: ghcr.io/idaholab/malcolm/suricata:24.03.0 + image: ghcr.io/mmguero-dev/malcolm/suricata:development imagePullPolicy: Always stdin: false tty: true @@ -56,7 +56,7 @@ spec: name: suricata-live-custom-configs-volume initContainers: - name: suricata-live-dirinit-container - image: ghcr.io/idaholab/malcolm/dirinit:24.03.0 + image: ghcr.io/mmguero-dev/malcolm/dirinit:development imagePullPolicy: Always stdin: false tty: true diff --git a/kubernetes/23-arkime-live.yml b/kubernetes/23-arkime-live.yml index 0ce28c8a9..79b4bc4d3 100644 --- a/kubernetes/23-arkime-live.yml +++ b/kubernetes/23-arkime-live.yml @@ -16,7 +16,7 @@ spec: spec: containers: - name: arkime-live-container - image: ghcr.io/idaholab/malcolm/arkime:24.03.0 + image: ghcr.io/mmguero-dev/malcolm/arkime:development imagePullPolicy: Always stdin: false tty: true @@ -62,7 +62,7 @@ spec: name: arkime-live-pcap-volume initContainers: - name: arkime-live-dirinit-container - image: ghcr.io/idaholab/malcolm/dirinit:24.03.0 + image: ghcr.io/mmguero-dev/malcolm/dirinit:development imagePullPolicy: Always stdin: false tty: true diff --git a/kubernetes/24-freq.yml b/kubernetes/24-freq.yml index 930bfacb7..b9dc580df 100644 --- a/kubernetes/24-freq.yml +++ b/kubernetes/24-freq.yml @@ -30,7 +30,7 @@ spec: spec: containers: - name: freq-container - image: ghcr.io/idaholab/malcolm/freq:24.03.0 + image: ghcr.io/mmguero-dev/malcolm/freq:development imagePullPolicy: Always stdin: false tty: true diff --git a/kubernetes/98-nginx-proxy.yml b/kubernetes/98-nginx-proxy.yml index 7b3ec0ae0..212c3eca9 100644 --- a/kubernetes/98-nginx-proxy.yml +++ b/kubernetes/98-nginx-proxy.yml @@ -39,7 +39,7 @@ spec: spec: containers: - name: nginx-proxy-container - image: ghcr.io/idaholab/malcolm/nginx-proxy:24.03.0 + image: ghcr.io/mmguero-dev/malcolm/nginx-proxy:development imagePullPolicy: Always stdin: false tty: true @@ -99,7 +99,7 @@ spec: subPath: "nginx" initContainers: - name: nginx-dirinit-container - image: ghcr.io/idaholab/malcolm/dirinit:24.03.0 + image: ghcr.io/mmguero-dev/malcolm/dirinit:development imagePullPolicy: Always stdin: false tty: true diff --git a/scripts/third-party-environments/aws/ami/packer_vars.json.example b/scripts/third-party-environments/aws/ami/packer_vars.json.example index 6243c5796..0d3d6ce84 100644 --- a/scripts/third-party-environments/aws/ami/packer_vars.json.example +++ b/scripts/third-party-environments/aws/ami/packer_vars.json.example @@ -2,7 +2,7 @@ "aws_access_key": "XXXXXXXXXXXXXXXXXXXX", "aws_secret_key": "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", "instance_type": "t2.micro", - "malcolm_tag": "v24.03.0", + "malcolm_tag": "v24.03.1", "malcolm_repo": "idaholab/Malcolm", "malcolm_uid": "1000", "ssh_username": "ec2-user", From 7a8882c38c0dce2f6c395753b6760aeadcea63a9 Mon Sep 17 00:00:00 2001 From: Seth Grover Date: Wed, 6 Mar 2024 13:55:39 -0700 Subject: [PATCH 04/79] fix github_image_helper.sh --- scripts/github_image_helper.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/github_image_helper.sh b/scripts/github_image_helper.sh index a3f496eee..1780f37d2 100755 --- a/scripts/github_image_helper.sh +++ b/scripts/github_image_helper.sh @@ -182,7 +182,7 @@ function ExtractAndLoadImagesFromGithubWorkflowBuildISO() { else echo "Failed to extract ISO file" 2>&1 fi - popd "$WORKDIR" >/dev/null 2>&1 + popd >/dev/null 2>&1 fi } From 8c0e0f976dafcc828e078260e3066f90423dfb56 Mon Sep 17 00:00:00 2001 From: Seth Grover Date: Wed, 6 Mar 2024 16:46:52 -0700 Subject: [PATCH 05/79] use built-in community-id for zeek instead of external plugin --- Dockerfiles/zeek.Dockerfile | 4 ++-- .../config/includes.chroot/usr/local/etc/zeek/local.zeek | 1 + shared/bin/zeek_install_plugins.sh | 1 - zeek/config/local.zeek | 1 + 4 files changed, 4 insertions(+), 3 deletions(-) diff --git a/Dockerfiles/zeek.Dockerfile b/Dockerfiles/zeek.Dockerfile index 986454342..cdef784bc 100644 --- a/Dockerfiles/zeek.Dockerfile +++ b/Dockerfiles/zeek.Dockerfile @@ -160,8 +160,8 @@ ADD shared/bin/zeekdeploy.sh ${ZEEK_DIR}/bin/ # sanity checks to make sure the plugins installed and copied over correctly # these ENVs should match the number of third party scripts/plugins installed by zeek_install_plugins.sh -ENV ZEEK_THIRD_PARTY_PLUGINS_COUNT 23 -ENV ZEEK_THIRD_PARTY_PLUGINS_GREP "(Zeek::Spicy|ANALYZER_SPICY_DHCP|ANALYZER_SPICY_DNS|ANALYZER_SPICY_HTTP|ANALYZER_SPICY_OSPF|ANALYZER_SPICY_OPENVPN_UDP\b|ANALYZER_SPICY_IPSEC_UDP\b|ANALYZER_SPICY_TFTP|ANALYZER_SPICY_WIREGUARD|ANALYZER_SYNCHROPHASOR_TCP|ANALYZER_GENISYS_TCP|ANALYZER_SPICY_PROFINET_IO_CM|ANALYZER_S7COMM_TCP|Corelight::CommunityID|Corelight::PE_XOR|ICSNPP::BACnet|ICSNPP::BSAP|ICSNPP::ENIP|ICSNPP::ETHERCAT|ICSNPP::OPCUA_Binary|Salesforce::GQUIC|Zeek::PROFINET|Zeek::TDS)" +ENV ZEEK_THIRD_PARTY_PLUGINS_COUNT 22 +ENV ZEEK_THIRD_PARTY_PLUGINS_GREP "(Zeek::Spicy|ANALYZER_SPICY_DHCP|ANALYZER_SPICY_DNS|ANALYZER_SPICY_HTTP|ANALYZER_SPICY_OSPF|ANALYZER_SPICY_OPENVPN_UDP\b|ANALYZER_SPICY_IPSEC_UDP\b|ANALYZER_SPICY_TFTP|ANALYZER_SPICY_WIREGUARD|ANALYZER_SYNCHROPHASOR_TCP|ANALYZER_GENISYS_TCP|ANALYZER_SPICY_PROFINET_IO_CM|ANALYZER_S7COMM_TCP|Corelight::PE_XOR|ICSNPP::BACnet|ICSNPP::BSAP|ICSNPP::ENIP|ICSNPP::ETHERCAT|ICSNPP::OPCUA_Binary|Salesforce::GQUIC|Zeek::PROFINET|Zeek::TDS)" ENV ZEEK_THIRD_PARTY_SCRIPTS_COUNT 25 ENV ZEEK_THIRD_PARTY_SCRIPTS_GREP "(bro-is-darknet/main|bro-simple-scan/scan|bzar/main|callstranger-detector/callstranger|cve-2020-0601/cve-2020-0601|cve-2020-13777/cve-2020-13777|CVE-2020-16898/CVE-2020-16898|CVE-2021-38647/omigod|CVE-2021-31166/detect|CVE-2021-41773/CVE_2021_41773|CVE-2021-42292/main|cve-2021-44228/CVE_2021_44228|cve-2022-22954/main|cve-2022-26809/main|CVE-2022-3602/__load__|hassh/hassh|http-more-files-names/main|ja3/ja3|pingback/detect|ripple20/ripple20|SIGRed/CVE-2020-1350|zeek-EternalSafety/main|zeek-httpattacks/main|zeek-sniffpass/__load__|zerologon/main)\.(zeek|bro)" diff --git a/hedgehog-iso/config/includes.chroot/usr/local/etc/zeek/local.zeek b/hedgehog-iso/config/includes.chroot/usr/local/etc/zeek/local.zeek index c1c305f94..6f7956ebe 100644 --- a/hedgehog-iso/config/includes.chroot/usr/local/etc/zeek/local.zeek +++ b/hedgehog-iso/config/includes.chroot/usr/local/etc/zeek/local.zeek @@ -94,6 +94,7 @@ global json_format = (getenv("ZEEK_JSON") == true_regex) ? T : F; @load policy/protocols/conn/vlan-logging @load policy/protocols/conn/mac-logging @load policy/protocols/modbus/known-masters-slaves +@load policy/frameworks/notice/community-id @load ./login.zeek @if (!disable_best_guess_ics) diff --git a/shared/bin/zeek_install_plugins.sh b/shared/bin/zeek_install_plugins.sh index e521a08e5..209a2dd2e 100755 --- a/shared/bin/zeek_install_plugins.sh +++ b/shared/bin/zeek_install_plugins.sh @@ -93,7 +93,6 @@ ZKG_GITHUB_URLS=( "https://github.com/corelight/pingback" "https://github.com/corelight/ripple20" "https://github.com/corelight/SIGRed" - "https://github.com/corelight/zeek-community-id" "https://github.com/corelight/zeek-spicy-ipsec" "https://github.com/corelight/zeek-spicy-openvpn" "https://github.com/corelight/zeek-spicy-ospf" diff --git a/zeek/config/local.zeek b/zeek/config/local.zeek index 521c2c087..74cf86787 100644 --- a/zeek/config/local.zeek +++ b/zeek/config/local.zeek @@ -94,6 +94,7 @@ global json_format = (getenv("ZEEK_JSON") == true_regex) ? T : F; @load policy/protocols/conn/vlan-logging @load policy/protocols/conn/mac-logging @load policy/protocols/modbus/known-masters-slaves +@load policy/frameworks/notice/community-id @load ./login.zeek @if (!disable_best_guess_ics) From a89c8a3eef7d0afb6b56fba12821844cfaca3362 Mon Sep 17 00:00:00 2001 From: Seth Grover Date: Wed, 6 Mar 2024 16:47:16 -0700 Subject: [PATCH 06/79] documentation update --- docs/components.md | 1 - 1 file changed, 1 deletion(-) diff --git a/docs/components.md b/docs/components.md index 5a2b52538..ed12d9e0c 100644 --- a/docs/components.md +++ b/docs/components.md @@ -37,7 +37,6 @@ Malcolm leverages the following excellent open source tools, among others. * Corelight's [Apache HTTP server 2.4.49-2.4.50 path traversal/RCE vulnerability (CVE-2021-41773)](https://github.com/corelight/CVE-2021-41773) plugin * Corelight's [bro-xor-exe](https://github.com/corelight/bro-xor-exe-plugin) plugin * Corelight's [callstranger-detector](https://github.com/corelight/callstranger-detector) plugin - * Corelight's [community ID](https://github.com/corelight/zeek-community-id) flow hashing plugin * Corelight's [DCE/RPC remote code execution vulnerability (CVE-2022-26809)](https://github.com/corelight/cve-2022-26809) plugin * Corelight's [HTTP More Filenames](https://github.com/corelight/http-more-files-names) plugin * Corelight's [HTTP protocol stack vulnerability (CVE-2021-31166)](https://github.com/corelight/CVE-2021-31166) plugin From 02f00e7d1b98e56c6c41bd086e141b013a6ec782 Mon Sep 17 00:00:00 2001 From: SG Date: Thu, 7 Mar 2024 09:26:47 -0700 Subject: [PATCH 07/79] point to a testing branch for this feature (idaholab/Malcolm#423) and allow to enable debugging --- Dockerfiles/arkime.Dockerfile | 4 ++-- arkime/etc/config.ini | 1 + arkime/scripts/docker_entrypoint.sh | 2 ++ config/arkime.env.example | 2 ++ hedgehog-iso/interface/sensor_ctl/arkime/config.ini | 1 + hedgehog-iso/interface/sensor_ctl/control_vars.conf | 1 + .../sensor_ctl/supervisor.init/arkime_config_populate.sh | 5 +++++ 7 files changed, 14 insertions(+), 2 deletions(-) diff --git a/Dockerfiles/arkime.Dockerfile b/Dockerfiles/arkime.Dockerfile index ac8d1f776..1ae947cac 100644 --- a/Dockerfiles/arkime.Dockerfile +++ b/Dockerfiles/arkime.Dockerfile @@ -7,9 +7,9 @@ ENV TERM xterm ENV PYTHONDONTWRITEBYTECODE 1 ENV PYTHONUNBUFFERED 1 -ENV ARKIME_VERSION "v5.0.1" +ENV ARKIME_VERSION "v5.0.1_search_indices" ENV ARKIME_DIR "/opt/arkime" -ENV ARKIME_URL "https://github.com/arkime/arkime.git" +ENV ARKIME_URL "https://github.com/mmguero-dev/arkime.git" ENV ARKIME_LOCALELASTICSEARCH no ENV ARKIME_INET yes diff --git a/arkime/etc/config.ini b/arkime/etc/config.ini index e64928886..474bf7a1b 100644 --- a/arkime/etc/config.ini +++ b/arkime/etc/config.ini @@ -11,6 +11,7 @@ antiSynDrop=false certFile=/opt/arkime/etc/viewer.crt compressES=false cronQueries=true +debug=0 dropGroup=arkime dropUser=arkime elasticsearch=http://opensearch:9200 diff --git a/arkime/scripts/docker_entrypoint.sh b/arkime/scripts/docker_entrypoint.sh index 5494d65f8..f9d205675 100755 --- a/arkime/scripts/docker_entrypoint.sh +++ b/arkime/scripts/docker_entrypoint.sh @@ -14,6 +14,7 @@ ARKIME_CONFIG_FILE="${ARKIME_DIR}"/etc/config.ini ARKIME_PASSWORD_SECRET=${ARKIME_PASSWORD_SECRET:-"Malcolm"} ARKIME_FREESPACEG=${ARKIME_FREESPACEG:-"10%"} ARKIME_ROTATE_INDEX=${ARKIME_ROTATE_INDEX:-"daily"} +ARKIME_DEBUG_LEVEL=${ARKIME_DEBUG_LEVEL:-0} CAPTURE_INTERFACE=${PCAP_IFACE:-} LIVE_CAPTURE=${ARKIME_LIVE_CAPTURE:-false} VIEWER_PORT=${ARKIME_VIEWER_PORT:-8005} @@ -60,6 +61,7 @@ if [[ ! -f "${ARKIME_CONFIG_FILE}" ]] && [[ -r "${ARKIME_DIR}"/etc/config.orig.i sed -i "s/^\(passwordSecret=\).*/\1"${ARKIME_PASSWORD_SECRET}"/" "${ARKIME_CONFIG_FILE}" sed -i "s/^\(freeSpaceG=\).*/\1"${ARKIME_FREESPACEG}"/" "${ARKIME_CONFIG_FILE}" sed -i "s/^\(rotateIndex=\).*/\1"${ARKIME_ROTATE_INDEX}"/" "${ARKIME_CONFIG_FILE}" + sed -i "s/^\(debug=\).*/\1"${ARKIME_DEBUG_LEVEL}"/" "${ARKIME_CONFIG_FILE}" sed -i "s/^\(viewPort=\).*/\1"${VIEWER_PORT}"/" "${ARKIME_CONFIG_FILE}" sed -i "s/^\(pcapDir=\).*/\1\/data\/pcap\/arkime-live/" "${ARKIME_CONFIG_FILE}" # note: when setting the node name, the viewer_service.sh script needs to match diff --git a/config/arkime.env.example b/config/arkime.env.example index c80aa2402..04423e865 100644 --- a/config/arkime.env.example +++ b/config/arkime.env.example @@ -6,6 +6,8 @@ ARKIME_FREESPACEG=10% # How often to create a new index in OpenSearch/Elasticsearch # https://arkime.com/settings#rotateIndex ARKIME_ROTATE_INDEX=daily +# debug flag for config.ini (https://arkime.com/settings#debug) +ARKIME_DEBUG_LEVEL=0 # These variables manage setting for Arkime's ILM/ISM features (https://arkime.com/faq#ilm) # Whether or not Arkime should perform index management diff --git a/hedgehog-iso/interface/sensor_ctl/arkime/config.ini b/hedgehog-iso/interface/sensor_ctl/arkime/config.ini index 22defcd53..47936405e 100644 --- a/hedgehog-iso/interface/sensor_ctl/arkime/config.ini +++ b/hedgehog-iso/interface/sensor_ctl/arkime/config.ini @@ -4,6 +4,7 @@ [default] antiSynDrop=false compressES=false +debug=0 dropGroup=netdev dropUser=sensor elasticsearch=http://192.168.0.1:9200 diff --git a/hedgehog-iso/interface/sensor_ctl/control_vars.conf b/hedgehog-iso/interface/sensor_ctl/control_vars.conf index 56d4b8985..e1c49578e 100644 --- a/hedgehog-iso/interface/sensor_ctl/control_vars.conf +++ b/hedgehog-iso/interface/sensor_ctl/control_vars.conf @@ -24,6 +24,7 @@ export ARKIME_VIEWER_KEY=viewer.key export ARKIME_PASSWORD_SECRET=Malcolm export ARKIME_FREESPACEG=7% export ARKIME_ROTATE_INDEX=daily +export ARKIME_DEBUG_LEVEL=0 export DOCUMENTATION_PORT=8420 export MISCBEAT_PORT=9516 diff --git a/hedgehog-iso/interface/sensor_ctl/supervisor.init/arkime_config_populate.sh b/hedgehog-iso/interface/sensor_ctl/supervisor.init/arkime_config_populate.sh index 0992717e4..41273b6b9 100644 --- a/hedgehog-iso/interface/sensor_ctl/supervisor.init/arkime_config_populate.sh +++ b/hedgehog-iso/interface/sensor_ctl/supervisor.init/arkime_config_populate.sh @@ -83,6 +83,11 @@ if [[ -n $SUPERVISOR_PATH ]] && [[ -r "$SUPERVISOR_PATH"/arkime/config.ini ]]; t sed -r -i "s/(rotateIndex)\s*=\s*.*/\1=$ARKIME_ROTATE_INDEX/" "$ARKIME_CONFIG_FILE" fi + # debug setting (https://arkime.com/settings#debug) + if [[ -n $ARKIME_DEBUG_LEVEL ]]; then + sed -r -i "s/(debug)\s*=\s*.*/\1=$ARKIME_DEBUG_LEVEL/" "$ARKIME_CONFIG_FILE" + fi + # identify node in session metadata for PCAP reachback PRIMARY_IP=$(ip route get 255.255.255.255 | grep -Po '(?<=src )(\d{1,3}.){4}' | sed "s/ //g") export ARKIME_NODE_NAME="$(hostname --long)" From 73ac02d9a5553c599674863c3d3c079f02068f81 Mon Sep 17 00:00:00 2001 From: SG Date: Thu, 7 Mar 2024 13:32:48 -0700 Subject: [PATCH 08/79] point to a testing branch for this feature (idaholab/Malcolm#423) and allow to enable debugging --- arkime/etc/config.ini | 1 + arkime/scripts/docker_entrypoint.sh | 2 ++ 2 files changed, 3 insertions(+) diff --git a/arkime/etc/config.ini b/arkime/etc/config.ini index 474bf7a1b..bb09362af 100644 --- a/arkime/etc/config.ini +++ b/arkime/etc/config.ini @@ -46,6 +46,7 @@ passwordSecret=Malcolm pcapDir=/data/pcap/processed plugins=wise.so pluginsDir=/opt/arkime/plugins +queryExtraIndices= readTruncatedPackets=true reqBodyOnlyUtf8=true rirFile=/opt/arkime/etc/ipv4-address-space.csv diff --git a/arkime/scripts/docker_entrypoint.sh b/arkime/scripts/docker_entrypoint.sh index f9d205675..636447bb0 100755 --- a/arkime/scripts/docker_entrypoint.sh +++ b/arkime/scripts/docker_entrypoint.sh @@ -14,6 +14,7 @@ ARKIME_CONFIG_FILE="${ARKIME_DIR}"/etc/config.ini ARKIME_PASSWORD_SECRET=${ARKIME_PASSWORD_SECRET:-"Malcolm"} ARKIME_FREESPACEG=${ARKIME_FREESPACEG:-"10%"} ARKIME_ROTATE_INDEX=${ARKIME_ROTATE_INDEX:-"daily"} +MALCOLM_NETWORK_INDEX_PATTERN=${MALCOLM_NETWORK_INDEX_PATTERN:-} ARKIME_DEBUG_LEVEL=${ARKIME_DEBUG_LEVEL:-0} CAPTURE_INTERFACE=${PCAP_IFACE:-} LIVE_CAPTURE=${ARKIME_LIVE_CAPTURE:-false} @@ -61,6 +62,7 @@ if [[ ! -f "${ARKIME_CONFIG_FILE}" ]] && [[ -r "${ARKIME_DIR}"/etc/config.orig.i sed -i "s/^\(passwordSecret=\).*/\1"${ARKIME_PASSWORD_SECRET}"/" "${ARKIME_CONFIG_FILE}" sed -i "s/^\(freeSpaceG=\).*/\1"${ARKIME_FREESPACEG}"/" "${ARKIME_CONFIG_FILE}" sed -i "s/^\(rotateIndex=\).*/\1"${ARKIME_ROTATE_INDEX}"/" "${ARKIME_CONFIG_FILE}" + sed -i "s/^\(queryExtraIndices=\).*/\1"${MALCOLM_NETWORK_INDEX_PATTERN}"/" "${MALCOLM_NETWORK_INDEX_PATTERN}" "${ARKIME_CONFIG_FILE}" sed -i "s/^\(debug=\).*/\1"${ARKIME_DEBUG_LEVEL}"/" "${ARKIME_CONFIG_FILE}" sed -i "s/^\(viewPort=\).*/\1"${VIEWER_PORT}"/" "${ARKIME_CONFIG_FILE}" sed -i "s/^\(pcapDir=\).*/\1\/data\/pcap\/arkime-live/" "${ARKIME_CONFIG_FILE}" From 436069aad1addea64234b0cfa1bf77724ed06a42 Mon Sep 17 00:00:00 2001 From: SG Date: Mon, 11 Mar 2024 09:53:48 -0600 Subject: [PATCH 09/79] update documentation for MALCOLM_NETWORK_INDEX_SUFFIX --- config/opensearch.env.example | 4 +++- docs/malcolm-config.md | 2 +- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/config/opensearch.env.example b/config/opensearch.env.example index 820854a40..f2ef048ee 100644 --- a/config/opensearch.env.example +++ b/config/opensearch.env.example @@ -46,7 +46,9 @@ OPENSEARCH_JAVA_OPTS=-server -Xmx10g -Xms10g -Xss256k -XX:-HeapDumpOnOutOfMemory MALCOLM_NETWORK_INDEX_PATTERN=arkime_sessions3-* # Default time field to use for network traffic logs in Logstash and Dashboards MALCOLM_NETWORK_INDEX_TIME_FIELD=firstPacket -# Suffix used to create index to which network traffic logs are written (supports Ruby strftime strings in %{}) +# Suffix used to create index to which network traffic logs are written +# (supports Ruby strftime strings in %{}; e.g., +# hourly: %{%y%m%dh%H}, daily: %{%y%m%d}, weekly: %{%yw%U}, monthly: %{%ym%m}) MALCOLM_NETWORK_INDEX_SUFFIX=%{%y%m%d} # Index pattern for other logs written via Logstash (e.g., nginx, beats, fluent-bit, etc.) MALCOLM_OTHER_INDEX_PATTERN=malcolm_beats_* diff --git a/docs/malcolm-config.md b/docs/malcolm-config.md index a1d1bb6f7..30dd9a268 100644 --- a/docs/malcolm-config.md +++ b/docs/malcolm-config.md @@ -66,7 +66,7 @@ Although the configuration script automates many of the following configuration - The following variables control the OpenSearch indices to which network traffic metadata are written. Changing them from their defaults may cause logs from non-Arkime data sources (i.e., Zeek, Suricata) to not show up correctly in Arkime. + `MALCOLM_NETWORK_INDEX_PATTERN` - Index pattern for network traffic logs written via Logstash (default is `arkime_sessions3-*`) + `MALCOLM_NETWORK_INDEX_TIME_FIELD` - Default time field to use for network traffic logs in Logstash and Dashboards (default is `firstPacket`) - + `MALCOLM_NETWORK_INDEX_SUFFIX` - Suffix used to create index to which network traffic logs are written (supports [Ruby `strftime`](https://docs.ruby-lang.org/en/3.2/strftime_formatting_rdoc.html) strings in `%{}`) (default is `%{%y%m%d}`) + + `MALCOLM_NETWORK_INDEX_SUFFIX` - Suffix used to create index to which network traffic logs are written (supports [Ruby `strftime`](https://docs.ruby-lang.org/en/3.2/strftime_formatting_rdoc.html) strings in `%{}`) (e.g., hourly: `%{%y%m%dh%H}`, daily (default): `%{%y%m%d}`, weekly: `%{%yw%U}`, monthly: `%{%ym%m}`) - The following variables control the OpenSearch indices to which other logs ([third-party logs](third-party-logs.md#ThirdPartyLogs), resource utilization reports from network sensors, etc.) are written. + `MALCOLM_OTHER_INDEX_PATTERN` - Index pattern for other logs written via Logstash (default is `malcolm_beats_*`) + `MALCOLM_OTHER_INDEX_TIME_FIELD` - Default time field to use for other logs in Logstash and Dashboards (default is `@timestamp`) From e4cd3fedf87be15a38fd93247e527d15f9553018 Mon Sep 17 00:00:00 2001 From: Seth Grover Date: Mon, 11 Mar 2024 16:13:10 -0600 Subject: [PATCH 10/79] added ascii art for malcolm banner --- docs/images/logo/malcolm-ascii-text.txt | 9 +++++++++ 1 file changed, 9 insertions(+) create mode 100644 docs/images/logo/malcolm-ascii-text.txt diff --git a/docs/images/logo/malcolm-ascii-text.txt b/docs/images/logo/malcolm-ascii-text.txt new file mode 100644 index 000000000..0bedf188a --- /dev/null +++ b/docs/images/logo/malcolm-ascii-text.txt @@ -0,0 +1,9 @@ + +MMMM MMMMM lll x;+x;;;; lll +MMMMM MMMMM lll ; ;; ; lll +MMMMMM MMMMMM aaaaaaaaaa lll cccccccc ; xx;; ; lll mmmmmmmmm mmmmmmm +MMM MMM MMM MMM aaaa aaaa lll cccc ccc ;;x;;;+;x;;x ; lll mmmm mmmm mmmm +MMM MM MMM MMM aaaa aaa lll ccc ;+ ;X; x + lll mmm mmm mmm +MMM MMM MM MMM aaaa aaa lll cccc ;$ x; ; lll mmm mmm mmm +MMM MMMMM MMM aaaa aaaa lll cccc cccc x; ;;;;;x lll mmm mmm mmm +MMM MMM MMM aaaaaaaaaa lll cccccccc ^-;;x$x;;^` lll mmm mmm mmm From e99854eff80f74db6339abf56bfebaa942f68a96 Mon Sep 17 00:00:00 2001 From: Seth Grover Date: Tue, 12 Mar 2024 11:27:45 -0600 Subject: [PATCH 11/79] slides update --- .../Network Traffic Analysis with Malcolm.odp | Bin 19228455 -> 19660882 bytes .../Network Traffic Analysis with Malcolm.pdf | Bin 18525363 -> 18905955 bytes 2 files changed, 0 insertions(+), 0 deletions(-) diff --git a/docs/slides/Network Traffic Analysis with Malcolm.odp b/docs/slides/Network Traffic Analysis with Malcolm.odp index 2011f630fb481a0aab34f3669218ea5d80c16fb0..9bf8cc690e55c64a1de7b1ae65ad03e8e44d0bd8 100644 GIT binary patch delta 725236 zcmb69WmFtp7d47Pa1RpP-Q6{~JHcH71h?Q+aCdk25Zv9}-GjTkAMzycIrlsF{<)0a z-A(VRJ-Sw}HRqahSK(MZ%+!wx7(@kWFmN;w5NHq({ZLEwXhcQu|6V5vGe7f?fx^T8 zf6m69gEId&{r-k9b_o>a?>|34+5h*3Fq4p*3>5MIJPQVt>))cR|6U2B8`1ur^1e{! z3nv*UY;-vEf1gzAeu$+({PP_i^^X-5+(AGT+!K+ZG4QH!>0R9aJ0$VfC>2?3YcVun z`(^f1z&u%=_va{6Xrc}>ef-bx;0oD3ezqjh;z}ruj+%ZS@g==U*TCb7Yle!l287GP z>Xh+9mGJWqC9KL8%xk&*#|RleoBlu-ui3n(Oy@6vjq!3ni~aZ^RlMcS9&yk={YriB zxOINX;>Dt@b)0MZid>#*@NSTiNg(qYNaz#LizP0n{Z!m0X>1ub(4BU;ZmaAw^5U$s zS{&=-w6|L0EsIlkBD!?nGp?I6LJ2cMnfxVAi?KG(#n4(&f9}4+3PSm4+0&1wuhNPp z_W_5Yw>Cd}(khBG3>CGNx(pcle( z@z(*ReMRWOMe}@V*%Hl7F<-=i3&*I>flC%+c{VbSWF?bWwf6w2+@+LoDD}5e_zN=` zKBUUAos*-d8C-n!%9n~*2@N&mSLqCuLBm(NXsO~TO^txx{SGQbp~mz8jfr;=&1@~q zOs0fMvK?`KPv|yrD2P+OPQRHmfR5EA3Ui(`Cv0phAB`wUoT(&79(rtYj&zIs;41KC z*`(G@wCZ|M(&{)5lc%^W9nFHmvs*5tI(BJM@}w*;D?JXwhQg^LmU~GO=DQLF&jB}2 zadrAkuT%=Hs*)n#j#5$u?{iYt@xfM4K~fYRmkcF51G(S+0cIXQMk-zjP?GrYTpGnJ zMTLIQuM3x_ZcipXRJnpp`yK!L;ob`IFUnZ|<3vH4UVEDCV)vQ0rUGpOwQ7#UR_tG& zB=-nVa%=!A_d1ylw@t=a(~7`FGiQOBd$8-9dCFaA;}z8W15p7aZHFeBp1f7Iw1qBw!7e9fburRV&IWRCiP`IC@~La>asZ}z4CUMATeBEkgZ(a9xt1gBv+5~PQSMu=e6K}SISABnU<5PigjC* z9K0P{mUL}B$wT8Qj!d7Kmpe42csR*>{jOA!Zo)%l^CO*gLau2|4v?yL?w0#@J~nx+ zqZe|aQ%)-0@0{OV@u7eNWV`X2J$($f&{+Ts>kNFv(7S+`(M+!&{Y2R3)RuuB5fkpo zjYEIsH+Wd{h5_wf2&tctDi5r-)aBQ>ri80}?sOKa^vt+&*dde|b*c)z)42mZE_dlg z* zD~;L$XLX}1dBWu8&QDA>x<}oS3wTirJChMR!Z&`y_pt7f^$1A4M`pULyjE4yCt(}@ z1g>*NmU95>qX=B1blUQKly?ud%|k=hOyrK*U3DtvWGLfjQG(p~_6M^MaxU8#|zJI=6tV0Yo06q~kKFfmi$CYJoeKuqdNP2;Qd?co=h!fd^waz#U zrZo2rYa_r^xh~t5A)EhbGL}OjXchiUIBX!*7?$Rus2rqQ>zNn{tkm&Tx^Peb*HVc?KyTjC2SK3Ps70B))&xIVMJRB6L**fn>hZQ-LZ)2r`q#p@aI|m z=R3op_1>>Qm>qq`%$y^$37FIis>=0~ga^&xl?1T)AfMC`Q_Ng#T#*)q^2=34-@72uNCZX;p@d+hPsL~t5|%K*FhU?YHlWfxrLZcSL_(Z7WUW`q{1W`D3L`#lH~V3BFK_5mgwqHx zKYuToB8^Sf3V|C;8tkLZ#*zBjv?<4xWmCp&9jo3A_J}t{U-#Grc9EP%a6V7u>cisA zO4?@LEstQ|`VR-aECMUYk3W$e$qJKWQ1Pra!^+&bTkHol6QvD{c6SccOt4wj1&b~Y`OmKr~@d9=h*4Nv;Bz(1~IuD%ghv%nAG z4P1ytePj7lCdU+d4{C}GP)o!kD4G0b;?Aol{&G}fK)OMha>Oq<@2h@Aj??`#B(cyX z4-p2)+@8{qxG(UBSlW=qDGRHD>(B1jB7ynl=V`%SS2>2Lmc^D=(~uqFJI#v$_jt0) zNHuIME|H+vm7hDlTY3_Sopd7tft@GaRda^$N0X0(w(Iz{?l>=+-csP0PcIVo4k1)m zA8mm4ZyT^rGlrk%UN*9%&*$HtLnlvy0`-ElXdqV$P;aS52jiK;Q6a^@U31%+bWgt? zVmr-JoU6%bC07O)Uk;=r)hIAVc#*t znhAaj_;un##_3T6ND^NM5gnV&&wJ!;v$PK+s06@jSd$BT@GEa$36=oyG^dNTCYKqA z5}JF3ZC>B@3_;Qu2bw`R`;)&e3k-NL|{pxR&eMdLF#8FGt|lG2}!<4Z(mmEZc-9IQs0j`Sv46Y<>7e9M4% zeSVrWpE7~fQIE?j4c-}TQxpLVj!KjXy}+nD@7X}XHO&uQI|D9XQy!F*;TIiO^nE`2 zbdG`hwn9Ue!axE5k2Y@Fy=GcX65%*m-&qV2ljzkE4!vX_-;0XXl~0RpLu_)i22G=h zin8+*iT!Dwj>~GWTaa>Dyd_?~CQ4VCb~5DgSI}nBCMPG=)=v%5P5sK_o}cFoR@V^BwBm&dCFMixN^C2*|nY!9@9@=LD7C zK=gRbNP-_D6jYgX4^Cu`nN#4}a(?#gI5x_y8WflI7Fn_;?rB@%2ll(p^X`T+MFuxY z=^x?@D}P=WLR)5dD7sa7nR9I^D1OXv>X~DG#Y_HB3VGt03G(P5W#QM{b7QaP!+zkaMroG;DY9l9-IPEKcyR zhF2s7X(;GTe!;prcn}c4=3VyuAHr-9hvU$*2MXlRU;}xdH8*l}O0;lgL(Y&O1BK4a z<0S*d@Rh6!l&k}NA0OTa*!uu~9}w>YvR<+dDzN82U1hstcX%uf0&*;!I0^TNm%&E{ zieHcA4t*<)^hb7K@9^O(|Na2-J`xRF*>G^!xi}dA{IQ5~i3qc?3$d|?Fbc9WafpbB zB{DT(p#zYKARu4|(2(z6>-^9O9puArY)KJ86_>Q*7pOGSd8gfAuV}0T9alY_SwyqY z01m%gjw~oXQ4({~p|I$h>MPZ&uXm%%>FEzA-|~|=Sg`Gk#fZtGNhc>6o13?HMe6ErJHet zZNOi3jh)0&yO9-V!=tJ)Y%z@Wa7lR{Sx*_hnja{#aM^LID&^O6wJAH&@znmVu4x2k z&3ZBZ>-j{x-y%WEdU&;8dw9ONx!pn}bNGeszo?HqR5bMb3%{BqOK1~(w>G$VW2e6{ z;p0G^8gM$5v|Vc>Eo$CdI9NsZz(|LhVA9Q67DBnfJJYwSrA?>61N_pVug?NTg`oca zj?-rUMYvJS{Hw27wfhDuYDq>)YgI}U@E+(oj=fQd$e#|&5`E5Cy}Z$KmN7?RGxt?+cttHC&i(_$cpi%qVrt;OYFbpM13Fwp<@tz`Ep+oGtp z_S1z+%kGn55`rw*cDe`ATe&XxxTXnH0EtS{`4cZRM5_d;2lOHO2SJ33B7(^v#8Hwq zd1B`9`V! z_U;_!zb3qfXry<(E&U{om3%1LVN%k81Ou%Jeh3}k+v56LIV0GAQW$`DK*+J~+uPm6 z){eQ7ESwJNH4G9V{xnXFo;=rgk}q--D^q=MK#_wp_Nyo#6-G{C%*ITZSl&5wlt`n&(cT25}+XrzdYxV$sCyYu(# zTDpCgpX!%|rM!VEzj*;S8%yF~3`9Bo@BD!>1*Fy$sAj=9Nl8_c%c~(V`xs#{;UZ}* z$+#O7_&1v!YjP_d!jUVlvEvb&4~c~zpZ0@SODR_TW!`M%1>Ri3Aot_)_2y+n zav_CsWSrOee{ihw_{Ex{pP!tie`d@hNv6)qrSpSYuas~QL7msAn|3)6jlDo+i z)4QnznsDMR@H;l}SjAVzRkt*P9qfi1%^6eaAO7!p{119|Q+F)sLt_+6{Q8XO5qDUI zcI+v)ufpkvAT-jieEuMVuD~~K4Jq@8$LnZ-fU(R$&W-@@;*(0%cV(e3(D|7rvHKQ zAcS0Txxj?mDf`sK#EaV({{FL0;)~Lo5@vE#sEiD|`it{kSIsMusm0>zo>bN4`TR~- z3z4GbK49Cn>!F18<`75}WIgOZd)~F;yuSp`aQTV`Gy=zD*0Xf(f|0p~>^Ikq_Z@xvy8E7ML42@&?mS_YS<$(`Z3nzk6u8yjnb9 zy*)nc(FZ;VcxdS)Q#dpnTnBzMPy#?RMhfj*{6uzqFX7S$CKXiu%Nc}9zPY~6`-wiZ$*Y^Pn{iuaD*#wGjEBKVgIm#VyRGhcC6{a*_u ziNx;Q^Yrsvjg9#*1IYRoeV+M))oRMrS${|@FaYw!bF>%bNgTsOH)-cCe(QUpQpf9s z?&qC%+L1uNmlwL;%N&u%ai?dH$g^RFkyK@<&}J>UM^X~It#y|OvsG@jY+QG0tk8@p zzZXd4+a_(>^{m>(?o<87ZK_-J7<#nKE)##W2w_%kHHlC2*@92%Er#9ID?2V%U05bR zSMbGw&pj`6Ic1{xV(ForD{CdjzjSb5s{sCMV_3;ZlZ;t3YHI2_SY;8z_qy;eViWGYbK0-h~QRc8=f8EEmr#hVmYc05dx|%EnRugk~ofR z5rX1Mb#z``h7X|SE2@)>#zBqMTarvrR7CO2QKO;abLis*&$5+fzB%juB)Wj#2U6w( zGs*jjRpcHVYaGAza_LACik(;%JtD!-u0;()`m2a~%YI=2){C+;yl&sKReya6jI(9N zLDUjs5|qi0h~K7C%?$=cxP<{_Xg)X__bpXNXa9@Qv&_%b>HVJ02-(#vAv-%QXeoUZ zvHK?>Qj_}yFRcw;;>|AB{VV{($nVNR@}65(#WoPun69DO{V|Q+E1JKguq*Yq88(-q z^phq}734+U6B)wzp=zOQ9iScIK=-F&QX^|y;w8W?%;MCFe`LrZAn{kAHkaFUPJrx~ z*F?*p?>MjIOi6L_P(-5as9zrFrt$MczVn@t8++g)7Z@-NN0!F|83F<3kD|a#dx1l- zow4G~rJsQ+I_|R$1rDa`C&Z2a^6*|dVH;L9?|Q&p-P(8PbN}xPZle3C17dua;qM*? zM}ZeB!>A2M30@Ca2MVH<jox!7GqNV^yaY5b-+g{cwwKRn%=J_duIJHOqB zV7|$&0KlDU&lYIoTi(L$rjl-(Ts~~oNb|3w&wve@^U6|qCO=b1e@2?%B)o(?wX~aU zy59WX?g8GR@gJ1XEn2Du^ud9DXlbeo(=yI=%i@+Qi20j0$}}bYEf$@j^~98A8)e&* zyo?96@tsfWvw<9~1|V9GTjziquOTlh?uO*9vSur#e~a%xEG6cIowWyyJTG6sv?)tc z5>rJSEs-9hBIO5uoy2#R4d+eyp|4<~r#UFMjqSg~FHx>3rR26XKQZzqbqGAf<6K|>PcheVO-FN}RED*+;Q19|u1T7xf__3?m7~Nh zn@PXc7bAW}Fs|9UGql~VD!c61qBpH0SI|LXlK614IE5soxy46zYy;|n?|%$ z{1jn?>ksdCR;1AI&-~TMFQzHP7`Y7$4Hn~kVh|!10^~zjz1piYuZAj@ItzUYxCj)+ zNZZ#*FuLNT$i>LLZM*>FJ+Xv~gUD0oF=Y+vT!1-dVh73Pd=lxjGqK$XI`io|{BohM zKxU<4IMNU%g3yGgH&~3#66ukVS+Q%;4hM`+^!i5Z0%y}1cvNG^s^!f>`~YoG|`k@T}YkQMJ+IpL!d?2L5Fc z8!0^*3JhX+;A|f|Y_Pbl&Z2gmH`yOGdnkB=ss3`e`!QKH^1`|t8+HTz9R0lV?)JSL zmI4$M64wb0g4>E3MLue%C6K+*qapBKb%A@`FJKmYr8B-_&)1Auu?08d0d z5JQ(iAA8e%X{e3PE~v=`aOntKbVV%`m$|49e_g}$x|-(Ld}k-J=ThK1MHf*fd@Dxq zeb0rty81})i-tsx?`D$K17!+(4wC@B%aQ7emomp|f1++TO+R42nbd1zg|NqwYay(^ z$wmGjQIE`a{?V@R(=&N7l8!abgqX0ZypHUVL?=UbfgCEz})7MKLn~&XQYOY=r_C|!)Bn>>y zCMA0|x%n@C;~R@6^WtlHMYj0cKcMhGbb8*O>3Lw?tyg1kXcK(qwkor%`l%L;`RV*X z$>s3$nizA!b`w5WnamPL>i6o|g15kf&G_%Pr$FFt=-dshkm2|Iq| zndF5!15T6ugWwI|aaHSlD>J><86RJmd@pu=mbyP1aZvZ>^{Ws1p-8Ucy$Aou_&7%s z=U-sLLHx(@QQ-jTf^Kmm}4qd~{Om;{!WLk)|A z8XLJDk~M7=(__tZ!{g1mTTM0DJ=Rc8n@c~nUvBUP`FT>t|75Gr7Kw6f@|#B- z|4q>DfE`&_mU?l@~Nryk?v`rb1;I>Nw;Qm`KZk0*9SI{n6D z8MZawL||?|`nf+tyU)1i?pG#Ll&ACeUJ(k<%3y@fc!zzf^2Z2LK4TC6vlqeIT}1jq zdnqdL+N)-=z&Ct5kYW$cuL9l@zEDRG9xO#l>E!Gj>PBf`XkRrcYWUaxS&aHuhI|K( zngM;ev&*C<+M$C52QITij?5uwun>7H2at&&?=4a>o05K&OjuY1AxdyodAa;9sZ8M% zqm0q$g>7zF^eoW<8mUK3?Sjkss;|o#&o6O$wGwEOS)vigRg%M;AJcm=_fO>n-Ng=~ z`~2-`EM`DPyp`Iah?ZoIN+`GeZT29eV`o-CqbQC%KZ|ecd_4&+yo90xjXMJ!t)|O# zE7(Gt$vtnh0ux_sAIrG>JLJ0_FD!+mB3Cd`G>ersH$+#{ zMmbJ!$sf`$e7^(d@J{_)Ee~r%c4N49!IzBb_-wZNi6r*}yowfRKTBCcklOa#z&~(D z;AQqZ1NJC*Wr9@9C%AG0fR#1}ZpRb;f_MAFl;CsV+evuDcaa-#as6+>P?ZgFiB4jT z1uGv=mGT zJBZ9m14FSQIm;cNao@@TFDP9;=D@R;eN5}-N+diym@qk4riFQ*qq_P{t#zINc`suE zbPNY(`B*E^jS7MSb0Y(yz_nA#7XHX03+dw=TAW~^g`GSZ0+-+1j?MuWz2#{=BQX%| z^5t^DvvF33Li;&Y2bx4kE|=IiSXkzc(eL>Er~cUgnp2E8A1-x?yFsvER){v)L+rM0 z6g*pMg!rfqec#im@w+XFEoNWvJ4{A7ZF}KU(Q(7&jl+7;F7%3`a>C!WSczQq-ZP!>I72 z^nTm9JMBwscY`(+LucZg@Lf37U2%H)QItsH(l4Ysm#u87n-t(L!b{l=$N#zwZQWKW z9xyz-C#|$n0xh$RmCj*%maa7c%wc!zz3oDe$tFSH-&~DpvD6mVW>xiW*(GZQ^RD;z z_wQ`t{xfu6^#60F7e7WdsL-P43!Z4+=qmN6kMBee@8RhDIjUf+A^hQ*V<$5EW3jZf z^#18-LMY=vY%q913nqm`lo@%nxvW9(v*`%$+D!uDb6=qi@I$dCFEPBIj8@Tw>r!=S zH^k-EpUUGVTbUVGn-wK`-HsJ&luf`4f6{j-H`GW&4tro*2HdCPKp4`k*~!jJWO2A( zis*=U$H7R6p0qp0HPtwXFKaVC|40`zhhJ&%1OH8>r^{`=9q+?+Q4tOf$NGf-ku&M} z=)0D&@x1*CyaRalG}oQk00#W=!eoHJWBK^+`0h}bH?Z!_X1oCtX*uhXDk!XYwq$Dk zvtQQFuQm_odwMPi;^Sx=cMo&Cbzf1Fig-!MqwAG8aTDhIR#vogL;rT2)l`4g%OazK zE=;`hfo9L(x;}BT6nhipJB-PIDMETO1E4Vj)yXYzfAC|0k_YV&Pr z{vKk`hh!l<+3H|Ca961OYBDO)QF?_Ut}L=cQO@m^2xaKz;zd^b&3h^-U0!q%K;9W` zG6<=_AXkA^wIy}?mbZfK(r{?2z_T^T|K3Hb_7?)G-zTo7M{mKtsTYU=6xRqlh zuRG`2ch_4+1Pdq7(sd-X@oX-!w zMh(XG7%ZtcT{ciz68bkSv#*5QwK-6D-S3+pFLMOZy)ZrRPb%L>70que;cGr|XyR+Sd8WNyUp95_z%|hJSs0t^XhM6!UBMX9F)-e;?K;9gFOXnTuU}u14&{KfcNe zWjBxi5DC)!&UTe{RJM?x;(d!FH=Sq^Q0t|(HC3E0nctgxK>3N~e&Gq~U5p$HWt*wO zNRKf%W@41%W%OaRyP@>Uefk*e*Lz2)op#0c<@l?f*`^E5B4&D}ZC0xvfq)zKIG%P# zax^@8qV#5x2Q;{cTm;p{IOg~}t|jy~*1Y$ZJsIf^4O)o_ko|wgt z*OgI0^Z_q$EC|ZT;PiT`c0Vr!Zm4znG~==#4s`=9YLwmZ!o`qLBV!B(Ze?{(|8@>C zp8r5hA!_3XyvZnFEl~o2wq#~*S3KFP{~oE7s6z$UYd1SP#Sqy_b(sLTP!VDT=y=m| zw_7(yGQx3>x6}r~S&8xj91-nrOH?vrDM4bsRV$_Q@s@s#KOnm+ zCg!kv7ab&Vxw*qJ^fW%xpG6DFOA|v=Y(?c@3=&lldkf5{$PUIc%BVRng^&W1yXvx?_x`!x2NTewMMp*qWa8wcbeL8cSk&|zie3IOC28rxr)yk=)p8}9et#`~*Hwp` z-F-Bx>P`~ePT;jo+IHJ&cj1ZTBUnCCzD+;Yhx2BYRLA+67V!CVV!4{o)1YPvZtOBx zcn>xi+M{En3;6lc#fR7X_SPWaior&l7(dE2rs#v@J`sRyp2ZP?bLX^KC?EE_4$P{; zGI0;H7EUp-tc=L9CiF6FS!pCk2h!IIS3svH)ANGzU2L;kFU`{&wnLZeq9-{^R^X&vHCsi5sV5~_{%a~2y3o&WfpjHC(AYUY^5Nd~kl!2UijsgXSc7&m$ zB8;tnsuah_YW@vxJl&E$lE?a6Ck4R@8J{5~FAj`!ghlL55vrlyy4O8;+l?;_niTgl zei2fLem9*vNqN$^?)65EQm@i=z+o&mT!HaNED40itBr17`*XV1@2jW0c_mRH z6afA@pwfubd$O1}0iEUi&?~ugXfcl*BEL;eK#Ux=^cETV5Hp?iV!ho3t^LOQPjf*b zyvc_`VUw7g4_=psnb*-`wcq-T8`X z-Cm2K_jand0*GVWo}7rW8x2ycG+Ua(1hq?-3Lz*}3K8LLO_O#jF;JZ#gZ-L8Q4UH@yZ z(c1=H1$WSDCZ&vSkblWk(y?Fa zxLMY^INutcqLB>Nz2*-V*@z-A6@$AkZ5Iewe{o_6fYgj;z})drPvIpiFy9Jywn082 z3lGFk7G*?>Y9|97xtM5bG149eEP{8xv-TeyAIIgO@Zl;-HW#3y|H}lPzn&!y3hah( zwnxw?Ci=M5Om4fW=~oJJ<_HU5Mlg!9Y)&Q&=yKeOFjmxKr(p+@Ig4 zb<=oR!zA0`OT6|{VEw+MyWT}(DUO+0lq5Z0CZr0kJ$K~Q6hETX^9c7_4OI+3J=){)~~XET1aX&`%-k!A!jgI({`-2;;e==Jv)qX0MgTk3MI8+Wm4A;V85sNqLP-ddQB zhXbLex@n#6Yjvoi@y?PSsMh z=;Ly`gSOP}jNSftu?qd@$ryHd+mlOrJH3S6XY=yt^<4h;inT3eKxM5Xqh68$R8MLL zo+rBSUUb=VN&BXiNa|!E34J(4C!I%VFY@F zcSxwl(x6en7xY01uiO?y3GHL#;dn<11?qTeNZ{@a_t<`bo$5>0=SJYsPbcW&@!+CdoK@U0x+o4?>9=cUk?!J71F?z&V>~*wV?kD`aH(pM-EGw@H6Cxh_0~8 zTb&DDcmFe&LS<^fyXNsEtpa!_B_{c9w};?H z`wEhGNve&^Y0bwADQ$;_#_1FtF5SVLFe7N|tj!B@HQitZm`C3(yX4JBQAKXB11Q$q zGUt} z)vFe1FCRR5KUQM-k#(g%^TZBHkia`wZLoLEhRli?1T40w1bUT1r0%$t+)5B5put%VjGyRH)pG~OMdbhHl}Stp$1Y5%nLqH>nve!*Xu~3>wUd82%MX7WPHgIS@3~f z=TOfQd{#YI<7w+>s&G^oDcwcm)a{J}&pSe%R@FB+7&yLYCH$;+we_l= z0|MI1ZDCwGH(q}bwIJdD4lE?_&CU*4XLU7xzDKMrx&$$}zGdVgft|(z%Wx&Y25D#X z{3j+&yj_Hlltvxda-dr~%23HO&Lyd>O<wgtRY1&ej|t59ObjN zt4wr;(GaRR#IVZ7IXx~AQn5+)1u^&TaFVv|%2)XvA@4%2EL1N!6-j%AI=e=nxb4<; zbX=}6LWBB+2KF4F14)?0$!8I)BD?5NRODypsU7%l&OM5E?H_;E_Bi_UaHJmU#fua0 zQ9DH0uNOa>&d!(ctB&gIZ%_pqIF9Sklb_DV9yXO^Xnomr{KW;NVFN2yyr0;WVC1iH zz9gPL+RjH-3lE&A>dE7{KL63~?2!NZfRuM7`(@gAe+iyL?sWFLrX;a7fgNKOl9;=F z)({0o!uV&tIDKMlBjr9H8NFmK{L2ZmOoO5rrfKRX(JQ$x0~X7xw*0 z3y#@M6dmD9H%h+T8UbAUdx!rBUuZkAcwl7vlV&-Jb){3U9J>SUhIUf7!(e6CC>)CdI9b} z2~y%CAKpkRKmD>>DhPsUl#_|R^YgZlnI9wu$A&HbBPmwJs ztU?A_`o?iS*L=|~B9E;NyW^EPA1!Or@r$9;ypDxA{NCpEI*5MxLPj2&oa$UK?<^Ma zR3I}|yscvMU>6@O8Ey;z=#Yp}=bL4ju0+l*QAuXrD^VuuixodbIVfA8qNinTL%G5g z8XIttut$67xmrp>x zk!)^Sg20r}Vyh-m(k~Px5iL6pIwtTa^T4MU+4VAAj~Z3icWsFImG58cJ24Ty@chhM z2XF0dz$Mlh?$MoREo08ci-!>^jgtwtx_~+bO{W`E86LJ)tRnTxkpU||glSVsvDAP8 zQisGih>!$4o(Mmb1Q&+nHxlP^#mJZSR&67Z+KrZk`5Y~Y1^6yz2iJyWL!dT0{!zBS zLnlT^$=+2%TMNRKZ=zP@!*u*@@!`{9N{-b}2pwta77RYh!Z6r3(K8z1lIG(>7j~&- zCwHQW^-cwaUELfg{~w{fTbtcz{4ddbQ@Ns7Kd%V_%(K~$JB$Q)LMbwIK9l0+9ZQ$i zH7hC-!(cfU>yd#mrvt>u@&IAH+#q{pTh0$1_D$tiYOr}58;1HXvvob|y0T$3+p@cY zgxjL@?_P(_Dg#Dni42AS)R+w}Xvn+O$Kl8Dyv209Hj4YVo3w1`8$!yFab!N#@t(=Gd5NAOvH z`5Bm#%)>wtfQ+-TpWw^aTF*AfKPrD7?(fEnP8JSst)>lMHcqYzGnv|3@jKAAXxJyV zD$ow#OltyJs!Q|Vp2B>Wp|^Dx>D8)30Api9(C9EEV;4drnc8`9yKF`pHL08L1HZFX zXO-9BOnzoFs>PY5t3t;PY_rd3TLL@R2jDv)X|ocFB#$d}9KV;C~*b5X%d~!puQ~nb8#?#*3R! zFr@G7u&%xABEnmlBYP$v_*uqgFI!?Eo*g%mdE7-aZNuV=bVV@c@FKAfRjO@SCmQ$U zKN1?mJ}P`ent>e1m4&%Ia!oU#gIPV{781-{$ix&F+JML(AkCOI7mn*iDnGsMPC0UL z8`=iSMJ$~z8KPrE+T@fSu-hKfbMMQ>*TQ6)phrtvY^{QnLpj#xBezWDH}dEEe&0pU zXJSylO}WkYe(m=RpGfoWo703L-*y$}nvIjFQYH9;96xjg4jV6N#J^)uimou1JMLuT zyDNE3c-A3$;bvf<2)l|F5Q8tZ-xSk09A5z>6p^-Sit0?Pr2DCqgyvud(z8RB&EMzN zi9Xq%*_hi&(pzUS1@#edm)C&!o+i$vWM1CQwzGWiYiH+1M)v zL=1&H&M?ZAUHVgPq8j6IUkrPJB55K^0>JG4f!0#a6cPOW`3H z)%B;~&_R`|&DQIt$a>r*xd;Zs_4@UxEx-EMlYxYsjMJ+iE;UG_Sjpq{X)*|YgdGd- zA;P9h4zU~CVpko$-FH)yb{rU~{#*&BY7d-MxJ5*Vy-Gl*(t)-UDYcV0nhiiHl&iXrrr|;L~#dD%K8c+vKjp139y-i2w5`2F`-qGO7kSsOaljA9n+~F9LOgRv;OlkV_b{Kf zR;$6v#cKo7J9{jqi9L-u+Vu9r4Ju~5MeD=L7Tq+jV>^8JmmHCsZ?A7F6n*eu_y{Hp zh_V6w?!U{H?e^8N8QK!WSWze=iOS0nf0?X=@_zF_G@8FeCo_{1zVaO$lzh+*6*W== ztEHnxay6b_$*-?hqvv)A{Mo$Z4t{sG0*AYwl92+W2yw@^=?^r!MG9J+$h*!dy-WzT zCy2l`H8pQD60Z&Lct!iv}H)A@s+bVQzO@`yQ0m7I8Wg!>&zok^nn)_cINPB?>f<{kQ-3z zOPOElYrIY(&wor&3SdBqH}mJbd8oZS{mJ%Cl*_-Kcrv@R8ZJ1&@7a>Xf7n3;QA(sd zyLz;5wf-(~Jb6o0*vFqC%jhe+KZO?;Qf9kWODwu)Hr11OPIBa#QUjmz0k6`sqq~Gc zYQAl_*D}(({r(NUA;sv|Z3iWKhzsxrRUhQVMfeNCJziY7KL%#> zQ%0Of774{}&-WH3%BB^$WgW<2=3cv}XsWu+W&!TtyB5#FYxS6oiylNN`*p>Y295|L z3Q50?l1mmfIliN^r6*0n7Y4cns(1`4Hk@y#_NOacjYZ*Id(`sjrO5vmQ)l5-)%tz? ziwa0LNFBO6q(i#9>mc0?(rl%>Q@TsKXF|!qh%Bs>JN&3;6fEU zHq(+L%d=Rrc56tji=Ya3B|XqLeW^OuOT`Cot?{udORg%$+JWkZJ9EUG`=>s$E917E z)9xrf9s1qPO-0L_)Fq57uaeV*G9YRaThrdz`3)@MN6i4X0*qK5$$8w0`j}CPg0FHd zUZD+@RpuOzDrxO`EZT}@7YAr|VtR7uMOIqv$A6AZIx$|}_@`k8-0-SAh*nr*fD*jKs zQxtlBREVdrET3mB-yu<5rMX^2P8JGWo`*hex|tm(d^Kd-0dK z-@j9lPuej0y)OrI{emkybAenk-an9dKevi@adosrEo&cR{owCQ?{6H*q_Lqcg}8`U zxJUSckR3B7&|f!RD*eCb;1F&lG0y3G4CIzGbWQ{FU?gK%5K|V zw}p?sN&L_TxV0k`>E>fpFI@;lq%u!q<(Ku{m(24czRMt0iS6?zNNV=Pdb%(VY!51V zf?}AI)D4g!Mt%>5Bfbd z2Ceyrf%Z#pDnN8dFrShhl3y6Q_7ugBjsmaDm}VvtgL@X+yxrBS4ytPB3YhTo;pSWH zPBo;QIGwxU=g@O}En>B_3Dvj3pFhyq*`h$(x20xS{m8~=znQ)!=&$5^4aZ1xWo!sO zfS7*3)z$0%UB}_SWl=lrEfcQai1nsadg+x%uSsEB_$>cdeORUxZafklO!$DINN^isTaFu`ADa zOG|Udnua0=`%h2SskEmgegpT_R4Gb#f+ugSZm!LBZq{haP&NXQRVc>^J?ZDjfhuhd z5xeW(H73qf)%+QVJ^Cp2Z`+>)+50CZ#!RfetY^Yy=O&%vFXBPI5Xk=i@ehv{&KYZG zw~i89N=kwAU7`9WI2BHH9)Slcx|~SG0;mr;B2*mHSf6YAtR&|8>1BG7VdCn!-A8i+ zEqx{DfLV_bBu3wI>mQrsbxE2Hu>9Q1clsSjvq~1HKFY_!J za*A^@;=JlkV(3<)b?H^)B56X5fD)YpckepfVz#-El5#QLWR8w}&#(kgOf;I7g+j;W z@X#}dZ!sYEKFEjNm3$9ut$IA?LWpmCdaN^L&ZT(YWL;7bPiq?PSJYN4)uELsR@=Jf zG!NtJ?qyAopq7BbAFL}n;I5frqAMUCL8zXHfSdaFyo~%WSM;HXxg;G+H%h_C*t+I0 z#{O$UX@Ptq_(TPm`k|hZ5E5+?bQ9t~>8;)H|s)0=ZMFH&MYT{QB%IG@k+HPuk ze0Zp97Wz4LB=?a(wfl`=0v=k>(E?+6PgQW(kPKs(UtwpbVX%vC`I^=2&F=BiP(xzq zhvvOouy`JfDF>BQPL89a5b;Q%P)4IStoz=|>KT209? zrzh}+t9Rrj`F_;u%!?e`aMT8cSf$}TSE~8ZVUVpeY&52Ov9h;DVp*_nx`WwBE~PK5 zBrKi({E7>d?@0une5mbLh`SyB9HQ)7#^fox_B&q+)E3gf+5POkP@^N_V~;s6wKp0&VQ5-dYh4&8cTj}9zrfR3Bd+#hU)+MG-gF8xcj#<8$6mKl}oclZ~$gBpD+8gSUXM0*6(WXRO^iSUz~(eQZ}}^0)Xo6;C7<} zb~TXv94O$FEi6zSQ{8G~zTpjYVLU87JW^q)p}NFw?Z3K2DU!Vyx##4ptUkGuB(+qG z_%@14-P(J)T>nU(ks-4*AP+Ydql!-o)y4A%4q!+Ch8C7z-_xl&r4g8t4nOk_!l&!H?5u`&+Ulzuj9=hY=mn-?l&NwgiO$X#m;iXg_#IZ5A>E65-K;BHDLaWZ z>YRls7@p{!kn$zWxu%J|1Q*)x<#F5#2Q$Sxdz>+j^I~RgT&5s8>+}J|qVs($i}Q8w zyU$K+@Ku1hR(ne2(p2<@5HXTm-^ZRV$56HF9jFmqT@rd&<7gIpU!rhXCln~8Y^;UFpcQ9R1` z$o^(7Te775nox{)-jkixH3lCn{(|RZ&lx0qU+f-wf>W>;``9sY);BW|{rQVX(o(4u z=IH)?iCtW^xF{wQQI5-}RiwkaQ=r*)M~b2SV1snA7nfVpEUuEkq^ z`HLJLn4g#W)?#EU_+)sdj}x{pK0&QKIqNzqSbP@RiN^@ZcD&UG{1n1LHDnh98t7-P;AD0bO>xsB8 zW<)|tU1fz@`PxhYX)fJZ(Jcym{-Hq~2az!d3%h6n+jr!%Z6k@i--W|uE}UW3(BSxm zFG^+wK|eLwVMt^H)xnLJ8+J_4WPIr4YOfz7)R9_vz2!k)O8=!BRksK$xVnNW(87>t zfF+wm%0i02a%nYs&ya^4GNjvU;o@R-FPt=X~n`0Uma)ah~D1NDz-;?#G3=?G@kWC1>02}#^e4Wu954-@X0{|GQI zTI>-GvL_d7_J*aYd$W@T&Av|u3}s@cw>0X=X~z%E(NJ%H?9&&Ty_@Vt#%!WfisMgI ztAH&^^7-_M+ zkVxvFo)aMEg)IxbC&3ryMv08j5r&TL>UoOI25uC3&B&yVAh$!FkCTL)W zjm_?J$r^m-C0UY~OIolFF9GSpX!!ms7zOu*;ORzk#YzS#hXH+-zj`1(SM z1#nUI`arC$J1TPLkx8F--j-L9A;cY1w?(C#K$jG*iX7f&Jgrw6%OV}4Z>=V)uIhQs zOqInuaJa4dJ#%7f)DrG)ZR=iJ<4`)ENELj%h|zy6I*v~$Kp>@JMgTX~X7%lD7)@E` zOtbiEedJq&F_@{l+w0rm`G4&$bN}TZXNgY#(^wgR;wl=E1Mb#q{5 zBBO^P#KNq(1)3B^7y}3;e`gO&ppJiDJ5{_6dl{WbC{Cex#NWKjtRV9_AgnTSZY3R$ zViwHw5$eRQAN+ZW`pum;Z~DPaT?m-GIGmy!&(Qm%Wub51DUg?Es@weMR7Bum*(kLU zb?kPK7kxq@RZ;|c;d$gMXJ8}7;|cr-t~^Ow(0S)CQs2<1feV~q_^kY8G`#z_@LEv` z#%hf#*SP$GxFAN3Rbfy4{RFOrk1{LV&Jc-0Aj~5L(Wd7|&f$=qetLSkiO~V#2SQ>A zMo6*r*^%BPqp9Wkih@TnwQ=dONw zoyZPkJBBQ=c!I#j@><%^LVMm5gRL4V|*4!ZJ;A%^zCh634yyk<<@o9VUwo04=c8#)41J8e|un;A=P7Ts3CmrJ*i${DHo!nwf2l z?GPr&7iKMO)t5>NT9tS*zC`_1apn|B+RwR#eel^_0a=x_!6AI;C`}Z&7sJjTI|fWU zE>UML`@$yed*UbpA}tDY3)a=TBnq;e2;4_3|>xg9;Bj5ia+0fjjAK=RM@M zS*NMHK`3N z<^E;e~d3$3|kjNX!Wuw7l2SKkn%L8dV3PfM9qs}&XW-61io^8z*I3IJPI_M7IRfY$SB1{%VqD4`QB;P5at_Mo zcKeS75{^h$SL^~{LFebcrV~Q=e|53ee0xdD8^SQ*BVq!XAcNuETIqVq@64Q8OA(=w zyp)VBQB_9>RK8lP+{Yr$R%J_wndvnbY%SIaE$rHnZH+)FuJwUPH|Acgwqc2%6;yDP zI&wykKZ2C$dt#Wmz`F)%H^su>4Px>Z5W9Q~TVJ^|qgAtaD>w%$2he;+>>dkG&L!w-I;`D0h zJ9K1*oIoF!!ssZT<9P#b247obSgAmG5lNgQx?kqunEsAc;jrS1aL{AH{5FO{geWuj ze7w=`(1EW{r^lj7TJqr%i7ASRMvXzyn#6|BhgR6m(d%X2nS2x&RqC}+hgY?)9w9WJ z%Y4`txH9jS2e2}adx9o962*ZSG&?4c&jXbx*j;+HRN%}N&jeTF0l8f1unSp z{nb~4&08K+c5=2R_AZkqzc!!)gQWf4(>q&S%JCN`qiGzqC~U|sWB78PX#kkhGe`iFaM(f{eJ14LW_Bc7i~Nb9dW2|rW6?I-_G zt;}hQ9WU|wbkKSyS26hT$^%*nOIWn2p(2i%6X4qOPkt*jg-MGH!b2TjPs1yAG-pKX zG(4us>8Vv{L1|Ey@YG32VMCBhNys1KWoEeyA`&_uw_o-h_(#=>CS!FNNc|xbQ-(#; z?>Jz`U+o*A6da{S9wh;m@FUiP+qASp7@jvD>P@S&k{{Lnus=7oQn}TqRdn$@f_0Df zXE#b)e^_RMs?56#SxjBin>-YF-u)1rEgSZ7RBKCbdhX>-GU!6rD3fKBzlAS9ZtAo$ zuDE^GI2u!UxEt(iAl(}SkY{R;Q+SK8%GZgBK21-@kE#?t){I4WO4PZv zvdQdiot_p(Yb2%|(h1hXD>|Y>uiXVTu;jKACZg5;399rI5DGWr@aIF-P#l!u_0dyO^#!>j2!m7@2!>3*pOB)-E zDnaSqr2V39^!TR4pu!#h)DcT)I=`mc)JQG{ucBge@%zN)S;r&&>w5Mo8EmE~FEX)+ zDAZrxo6t$rwWTx$^=WQgRc5eg7#_(`ab}e)^}!+mP*ji8agl%$!=6L}Z_Z=u3(uGS zQ5wz&Du5zc3Am zs;H!M^OXlpO6DV!{5*ue*xHFOO11>J9;78sq>O->8wZYB);}Eh{b@gIM%4?N;6TQb z)N#t=l~!sp6v+GCN)_GLC(v>8lHjr12f%KJ`>7OFV@uW^*lLuBwAH?KU*XF=m#@k6 zY`==KySM1{j8Jpm6pV4FS_ZucHpO=Jnj-2wny}g-6-y!hZdjoaJK$ZCpc*9#dMDsl zL@7)Nn%p^pI)_O99B|w>81jD2eGNpW(OwAIfhMoiabuo+FtIp-c^t?NE_Q^9fuksw zlO^`qOqLHnM?!YbgO~Uw=aN2^S`J>3^+`+#J$jMzIMW;8rg&s^vl7A(EYY!xGvb<@ z{k1?#cK;hvXPrfn;l%7i{-vd_3RkpKNJR(MAY3FsA?6Olqp$I0>i$)#EOgZ3@5`Z@ zX&4Z>actJbsulgDn~i6?m`N6Z_8~WM19x}h9QfG9y`M*adOIhV}_&ym78Q=aL$Q)9a?dm`@00kA>7@sIJ;KYn-f z4!!Us(pw{Ie8Ks}vV*3PI7|riRg=~eR2D4XuW`eJIqrMm8#kElP=~U0iVVi<-qH0= z&G)DXzwUQFV`e|}!g%kaHR?5s#g*PlcVq7CFVNa1ABDbi9(I_Uo1-%9d}aG;iiL?J_nU7roOo%` z^p$kDMw}cIftnIEO3A!Hd+Xwmf$YLo>XGc?E67hU<_=P>CGdq5^GkPQJV%rcz4xrg zGPr#QKz9L4$&-bA$TuAp5KUH($S@duR@9Em(~nQ|k?6cTfU1kdn>u0->9b9<%U@UX ziEb$0+2KcSx%=H{wqGv__&qEm5D6KPYMl?aixf3%>J;4OE>P=k;-0p*5R<(8WX8`^ zByOU3{867R-5bK<_h7c{Vj=wKWgJ}`^R+z=*u|5BCcbwZfuGO*VN-Ni0T8I%6DIL*4gm{%lF|sxp|4-f zSNUJ@MwhmjO|~(K8`7LhjSUj@FlwNg@M6LV4K9lGLWc@iyz+GO3Osr(zNC0E?FGR5 zf3U^>1zWA&ADTlaGuX-0Q`7#-v+4@nJ*DR;*yR26d&-vY=+&`LvYj85TdZL#sMQC` zyVXA)DOgiD5pM0b%SS44Hlzf}!jZg(^7RIGI1GgSvJDBuS2kW|om2>OOvpDPK~SGo zu!(v$+o;$2sYyGCg_?$jJ_|@23vP|>-l*31WvU|UG~E58HXr-Mmv|7qPRI9tv&d=x8gxmP+lo`K!Ox-hd{V>8xYLnY9TMO`##E~`rA&;}; z9WmnheA(he#4kd2B%gK`CLZP}9io!g5(qc*rJzuBTpawI99SIv3;nd!izx4d12nCmIE&i`{L{xKh>a%b$>u*+Sdp*{sg~?lz@(L zZ#RCPDnf;|HCb&QOQ5{nY1S#oU+DS1W`;INe%VzlhOzvlSpzCn=QQaJ><4~h@)aT? zp_AFLTT>)%<>Atsb*I<)neFq6-~RGi(Y#kFLib_83`TB_0HPWtxCJ63iSPoPpqd+~mfx8O=1sTI>W z8WTCl^pC7>`FC$`ea}VHKlGI%hkB*Lg&l6tMBsQF_tLZYToi%(?6X1?{~^El%`y|q zp_xo%G3P7i2vO4T%;GQV7%@+li;vI%or~Rn7c}~;!h69ZF!6?R^X03T7(+8ZA0Iup zW7Ij=88}PO6xs{tO~Y=&ogA~KBq}}DS{dXhck52Ni;eR~-gfn!v|-<69i3b6NH)zXRL6A5Gx&(5&P?!jvF{@` z&O9c*@WD-zhkH1K5&_&0MP1=R&fL8vsUS&if! zfv)(H_V#Qv5*c{ltiReiLJfX>Uq*t|8KmRy1O^AR{8p z#a4Y!&Qk8);RX+yBx0f0DRxaYn_zTF;+{Pu5;YZ=r@PMl{VQQ2YV*8?*XKCEJ1!JX zA`Qj!nV}{At1ZZ5H;Md<-JHaOfb;k#z?;|47zEtKRBck6Ek)@$97-@7#&=eDc*iv< ze;QC_kErs!OT70JslUl#)DpZ>ENjhmAwZvBU)h6sc&Cv5vgBmk>+4(c?1>RC9rP_5@T>~O-Yw^?il?QKWIl!1-$_~2 zzmeY}vStUNK}*rx3(F)orgqQ$BK4sDgeRL%_i%R#Tswj}m$QdO)lgujP-m4h$0_b* zDvo9*)`b8Y+myPSI2;0i8Q0p@w$rdN>rYt})_EC9?PI?c9w^!+hK$u|aZkaw*w|F9L2E)sBtW@zTxjA0RyUhm7F>m6WCG63e!nr30+r zPFID;`UyW2dqIOEi71EDQ+C~0gC2cf06!Hr6T#lTDkdxt{2+nF6o&rA_AEYk+m>!U zmB+&paRS1L+G#lO83-X-k_!%lG9eb1L?g*s3KkhziO3%VQjiE)E*gFhYZ*7flHL1PxW{ z)LAzfiL>Y1n3qi=#jLD>0pWVIOgp1(Bq|-rMN4W6iu5{G4hz|s$_{1)M7eFM6F2m*go({Oblwr(YRV}!5DX_0D8Aar9<`T@7I0(or1A;#*%hD!NWnzvuB z!Y-92OykB?vzSn*+Asn3Cka8nVEK$kV!$pF{L>{9K%lN z7MiDKWCs3f87Mu(jS=>###5>7Dy2c_qLRYwZ(4htIEP)rB2Cn@bVaxy>t(ZVw@}Y| zf2`XZ&QcFLsxW>GVapgN&g{v`0(s6LZbl9Za!Q@_CPx5(O^OM!&D%Z#M%5``7B)DXkE@pb#85*giQH+*>DWaN=ir*i3cJ09Ex>pB>%at+)9b$E2#CY^ZEZLuS z88qGHs@GoxNGWa{t?`F5rHLTvg;Cc8uymOmj=x};rFm9D$ zD!19}dhd!RNfYn!j7PyLF8sQn1o|WZ9H$ulbT#NPo{qn1X*SI@{f9pU!u}4-zSFhr zPxZI~`+QzgmnVesym7V`_DlSIsk%(?w%QXlhTJ?P56tNEl8bf!3yr$qE)+BQ5ChSn zf-lz~{&%W;igH2gbxwS7xU<{CGw66}CCEWgASBijp1`BBc8Zi`{Poq3u71Q5ko8A8oMCm&}cYq^6XZf7VOBD8rzCDwF`!MPKi_IL8hza4!d~68) z&VtQ5?C#ipLEZO-<49{Re;u*j{|PL}cV&|7B?&Y^-Wm^HqTB@#2*f$a1=7Q<9-&j8 z*Qwbe?f)(3hm?O%A<`CbTThA+qzP~Zboq;ebdwf;Eo!m_8;+7XQSCK7wv{QAoe(6G zNvw8#6R{d4>xx3g9m8D9wh}56lZ)r!g>rExxx`L%JhvMtb+_HbgMBuwk+W><3EAPhk2#m}iVDU@zbdqn@WdGYFeD?p)=L02cFhXcY33Thy8@2j zYfEyrZvsuI#|T?4*$Yu!9hzxXgL^Ytkp-`sdyFNSau#?a-VJB+% zTF9dhrB~d#5!3@e)9X>XvEr~6jRv{%dfwi%_&Xq;a%24F!5EF!UI(9>Lz4D`Y~)jG z2zKM}1P-w{FNciEQ1YrcwtY-*l?%lPkF&9&z;4anBdWl8mvL((au@ra_ORMiCU@ebX7^_Q13_rl8Aky;zmgUg>i28Dqd0J! ztbo&9)#*cDlC7FxTae=-*9rwP3d#_#z?i~!qmD0RmLQ>KGiAi~?WwZf#>0zEXPt8J z`!YOCpr#S}<#BNs_?ykElP}0)xhuIB_Z?8;&hBEs|DYB{xy`Uej+BgA-{-AiK@~;C zb8cEDses@QL>SuWI^6QdIRyg&jH(}`+xL4mTOD0AVypL~9z9nmQ)Pyi9yv)Rt_dB< zY#G`UE(aaAi5Q`aC@1O2Jf@LF8l|R#xd3Z4vRafi$Dsqe{m0shNw)$~xTyvgG8HRG zW&UA@0YtN3`4TQ82I|FfMue*E?Wxl1(6~c|Gm=4y8k*uT)j@cGcy~my2YTHVugZLu zvpuntvP=<*3Owkb!fgo!!{?O4dujm#>m+yIV=nP11j?!;k`Z?kxLL;TczD4ALIYi& zAB%4{i(atv>L{Dez9q;>dv)%YLn@XT9_RoyuA{_@O1-CxBJbey*((!|!!)PJ$iiyC zf#&w?K-`&^;n5SVzX%z>qe|KJlE|$gxp$3f*?WL=)$5G)^-!+Z$=($6&(_%<)bYb# zxwaY(?dGw27$1}$k}@2>Q5FGlvEpb38CUX+v^}Rx%sbT?!y{Y3xgdW{VJC4&bisB_ zYA~&PSF-WQFF%$yB2~!VhZny;;2ZQKRmpD+*5I>|gm1k)TZ|#Rm0}aj{AM^yapKSy z&?U;VkM}gRX|u)~=J3by%|$c2CAXrsu1LbFY}${YL|c+dE-ib0p=>;$rUWn1YxtM# zEqIYsS-8C0PBVh$XsWX{2=RtnaF8(6QuA9_VBtnZk8^G;=JGE!SEq#Mwbm@c zrwZc@R+!xINY>|X&^GS>?HKit{)j*dRsAvvO98~YLgQ}kZkMoIIqvj^<_9%y7k0|5 z0X=ZTXqKD}kc+%IJmbHpN8!R0; zQx~d&zD5V$$%ypZ+w~OW7r$I; z>hKn@;;=&AKjrs7gz23jKjY&L>uCoBEv!T-_&h=!s;OZo<(@DWsKSo2n46&%h_1%k zDPftM_nN}!HGNq(a3JoTwS|L6quHs^fkmpJtv36~(wGb7c@FN$c^o7`_o~H(8e+B< z`#A&2YJ~UcqW@O$439T+#I2@5yMss=Ac0-P8uxzVdchM4eVT#(8(l*CzsqRHkISfj zs@+I(Q>Oi})9kUcYI%|JAR6mknOFKSW%x?m=)|_U(dnzvW{!JHCCpC(wbio zIYt~Wm5!-CRos!kk+}IS3e0~@im4>SOeIK)3GXLne-j^i!sP=-982zyVHZ}W-A>9~ zv;3ji4Hb4;d@!yepaY?Yi*)F}sq*$ixP(}61qD&=m?%^hfin94+^`sa;@h zNM?$eaoG(D=iz(SXJ^bY#_tnJ^DDZ~u`63$< zo)yjNJ0U-yxb(G<9dFjNe`+;*}TU<_)l2z_y*w`N!JFJ&O-kvTu3)Ri5|UttJ1)=Jluo-2PJeX$s978iXRJSFcMt$2^4N$~S#J4_RsF^U@G;pu zU@eDdb$Y5hsR&x0v%e2mG$8yd==G>@lTn7p)?`LfHt51+%TgD*D+xMP9m_|gSL@mu z2IF84^pRaKM?X<#Xm(61I8lg}Pd<=QysO}(njmc|)}fd%XdsjFT!QA})r*u36A}^_ zS=oRju1{I-$);e-Yw2erN-h_xv-MA10My^!eIcN*%y7Rg4&-T$zcHR%y9&LIoV*X71y=puyuDARa_!*LCxd$bBWB43xu&IDhrW~ccfnFj=qjpU9|uP<0?3)2kgRFzL~)$SxuZYva`7znx0H^<=Jj$ z0gvq8xmE6GYHDhV29ad0c!xD)W_z~uRfu=U(2;ZGW=8^3i|3FQh4&1g=KPk%|7g`b z^aXDP_jdy?A+zBNExfLwge>gw^H@oV9*uBD0+vgz0^2Wnnu&FL(~Cee%I0>ESeEIH z_=-mYnLqLveWxmu*hqVpvnCQ4J39FDw}Zw0%<9Z%U4oqkO2Opec@?Hhy>`$q%+$fU zvZ^XHC>Jwf^9!WZgQcN<*iXt+2Att+PgE7`IJx!VPj0`h^i){)g6}EElVeW@^LE5| zxMx$fIN3JTQ?l{r9ssf=_4Kg+TxPFEHvU4NPRqkqrqAOFf^D#6OIEQLC!AxM*_yVh+QJ!6k`Z3wSkaF6et(d?@FyLE)+CC zp;Yi$yY<5WUZ2B|-cWB#jX)NE^H;|~hVd#XFS?+&VCUlaJUl!86z;wn0#$wJn|bXtwXv*Di$-s_wCjV&~L2`%pr2evYZa*hac*X{y`12H7R zP{cof6h}T>d?~rJ=Ws)w3=1AUu9DCEQH=!QIVni*XAHpgtK*D^#PQ1#lGZ`?wTi@Y&_FCW?)6v<9YYqo8bODaGV! zm)|skxk8WMj(T4eH{hWqxW|&_!fr}D-32~=qMb^U!~&{9k0>oRwj1Wa_O}1Meu~*7 z1iZi5=K6FpBlqF>43?Mh=8iyHSG!;MVY`C8Q%z*I)LEccnsQ`M;eae@c=7%jSZnv+ zGtBDSj-=}uc@QVoHjArTSQH{#N*Tb24Bu>5_IC8vh}%mWZNV<$V-&6XNONqAMf|o- zRLWw&(^ofNGrP3*3AuOQ>27pvl`94|7hYoissPYAYBKu+&WYP*ho98T%WL~)p+wnIeoNWzlVE~$I?L?*+gO2*A;IZ- z+NwXOSlwJ*2VaXZ5Du(5P2W?p(7TWSK*}GEaaJT+Lg=6tG#3O?^#=2pFyiz631h@L z`Gj~N6dB2~!P0R~-{^4GubfTtbmvNzL?5kvIXPq+e$N6tyg|)o?Yn)G2Mmn} zao`FHPZBl=O~=yqE7sR)fMk~Tp~fX5HTr>^ILBF z0F_!+UK3J`D^g&8e*0GXADLdx8Wdu+I_l^wdZX%zh~(zzJK<`vdbhW0-ljxMb}N=t zFjm%xuCyY;2vS14a3MWp^$q>8iY(nUuvF4#Ecxp3o>ct&Pkl91Q!`mXW*+AocW2^& z0}*VET?IQ0S=X>AIp}A(RMEw}AzyTuj=^=CpVO&)A_XuGW9E=;Zuj)v7L!1>h`pVG zEwW={`xr6Ahdna)dDOaN>vM*S%)=r;jMElryqPnV8bmU>J?8isaT>T0Gex;y6#XK1_3b)v=Zv)Wwc+64Oj9c)1I0`T zLiAXR{g^ZY1e{a+-{~U0U5q57nm4XE3VD2k>2+v_O-1HtWF!Law5M3tb<<+QO+HF> zMZ4sp188FcM5h{h1K13< z7bH^nWkk#A+7&~D?G+8pJ*-tGsqg*eq>ces#SaCQ4}1z&dCIlt+erBG6M_-ID*@tGzZ3~&fT%8{r6elivMR<$UP0d@KJajxlLIs6 zMmYl^NL)Q@=+jv-^5_)FZ{if_xM~R04l_-d?mZ?S9&5TtBEnqJ%?+v`Io8@Kl z_S8PY({`9*C8hO#Ujy1?WF0qIpWL;66PV}A2dC!)Lz4dPcxo5*IBf~uam~dxwY{;$ zTe~p~>H`l`nUkbR_h}cI_MBziWB@s0Z>QQr0TDrtbN+{WWnqJ3$Tamu8Yl`gg?8G1 zcx#ciiYm{GEcSFp0+^x>YVyhMA#HM+T4v4ybO6sgkX?7qjA=pV7txPYFciitlkw=yioZr7HDTT3d2R`&= z+%GMVAfR5aw6t&nuQSjZUM-)>infvQEyoPU{>e!~ZsuSKlVDMqINx3SH)ml_h+l?) zUN3ayhV#79*^FS2iP3^~371!k7lCce>>qtwT@sM@Z0}wSefVrkH?_w3nKHS7+BHxN zS25;;@iDE@QVvPyOv=L^oGGpyXC~{eTZOfWu}k3Kr$!AcIFHt_+l=%Ua$9~2vV?RjTl75 zs69Q`epVYOxvZYftMdwz3shnMU$nAC^1mvMU^$pu7hxam-Uin`%)WWwJgsC-A=kUD zVN^yGnhW1ezT~yT7PEnms##KxA&v{{D?v+$ERjDRN?Hg#WG!9zI`s44!q(QAN zjt8k;>$p}jqng3jUeIQi=>bp0sSdF7!-W3G({n%e}WrI5?$5o1zKEJNZpXM-I%kq1^4#T?dS!**0Zb|S= zrk%}t?D##9{W8YD!>cRKitgC1-z#K!>~PU2jS(G~Xbodq5u3SvvxWBP^rijlAK)>i zY908~!%wWlFoKbK?VKij`zpx(4CdP#=r}U|K%yje7uGn3lQf}e);?JvrOC73cS;N* z5>n|cb%DBCFSqW5+>u^SNCX40paa$`mrEkmW@UEA1UxK}Tx<9y*?Mu`qqB%y3T z`;FuD>2cnJ6ROz&;yp0;Q0|2?L|lSA}-rw9+0LwYl{t4@X34n$G6Wt&PrNUPm(I z3k7al^!o1gzG?+o)MZY(czI ztF%d&001O6IQ3&lsR^KAG8B>!@iTp7nk|~sZ_!!&?j5ZVQBJVICU!@gC_K|5H2+6v zQ`U*)IhQ>ygu;_$j=_~_0tSj&sWkXE68$|`Bh0IB3?ryjTVMMVbLZ=-T)l7WM!eCm zyvvHi_Z3NT%vx(4%ozJJI!e&mtU>DGvQ`jaY&7@O5RCk7cATrVy1+3dd+{TF=HMsA zU=4GZE&HZzIvs`!fT<)it~lm0ql|e%vg@Qp8W@Rn=;%-05moQrOcI<6H-nK0mph$Q zA5YoA+97KYEJ(bF20};-x+w?Z75mA1aY=qFuy-LLqplDwU{J*Z@GZ zQQUqB_DNa%;K{1;M@BRO3*;~s-_682)hL?`4}~nmJ$+c5*2V3#6bXjM;-ETS1Pwsk zm*3aQ=oQ^p46JZRq?=*}QzzVaQ53TZ#X-F?*IWIBUVUfJJRgm>?$ZQL+aYKU0z5$^ z0v(jmA}*23pekg@;nkC=9#w8cI}j%eg~X5klv-^|$5jthl*?lmCk+~&88+G;4DD!dXT(dIB1m85pT;=hk1Zk%Fs6C(NRMY9(&nk6s}vyVK9F`y`790!yJQ6CDhlueL}jj0YZ z*R94dZBGO5UZ!Y@C$Jv(5Fxt{1hyS30UU|(^{=yC8jgFwkA+u~AhW^*CZ!oEn2*rxo zJv72Rf#cC!rkA|7#Noq}{>if6)w5W(uc&Guo})B^mI|S*d87f~^9P#+u`EYvdKxdm z*7ftfu(`mqe%`{pt5j@(Sj|Xjt0^ zqT*}*Y1GrT3arC3D^E+N8)kp=!KS3s9NODdD*Sg0qlXoK+!t%^{n{)FMcyza)o>b` zKiZx2#Zn9|@L{?_99APX}Oegn|x>V_9bB{*S4*V5_qGqP<0>OEx9l z-60_*ozk7sNO!}Q?(Xgq0Rc%j-QCjN&8D08_V07vbGY^=Sgd=lHRl>*{Ah_8a|%W% z8R-)HKgAj*h$L6vOz!m9WagW*-_Ihm$15S^n+@JUJsl!eMiiqXe2SAE6eDnoQ!bcB zMoiakA}&Bs*)al3{38FbDj{c-mlK24kTlpgI``hG?{8%7sP_|$_{g!g_0sjEHkT}j zgXhc?oqWLtM2-ogd{?uH6fx&`Q86*H#`{5|FZ9*J6obZ=Jbdci022q_?@17qA^}bW z1{InrxpNoS2~sEcUiQ;crwKyVVs+AF3^3U@)xEbfLe7fp2z!sYufk59zkHqV4Owl# zemPTAPLAnZi_goz!Fpc=0af`@M=f6cz7ldh-0kwJ~>#7u5U;oPsFKHxF$ zCuCFBxBRo&7>xKfi~r+@tL^ksG%-D=zCbsX{{h*j8?^1#{P}~RTrb*#kOSEN%`|73 z!T%K2pF_N^*zmsY7001)0f`ciDL5(Pv$ODBjv$z-l-+nHR143~8p@O3O_7@F>Ek>x zm)E$Eu>(RISJla&2i4&T*8q8>nSTDltjlJv}!;rHbFWS{u^j-O+*wBT^hrWTC zt@mG~EyBef-LD6fBIS1&jN%qK;5D;^0=tU1C*J03`4xkAW+9XPcC?u=i|QJ4`yt=DKLId zJp5_#LnNQwqJN0*rOI%sARF^x(#O1taeyQdgtv6o?uvp|Z)`H$xo*rcca?oyL)@<- zO+`pPmTff9dBjgtpn&91A9Zoi!vu*7X#ja<95=`A)*Z!dVY=)k>gizP#B>*Vk0!dv z=X{taV|`7f$f@(-h}@|v0Zz9{QY7&Uz(E^`O{s*%9Z?oKact}x(H6b%H$%qwn>023 ze`W@v%LoJG?tZzPqtha~`96$HOhDjo$+`CN%awJlV=dh?;Mo1MWfn2`KBi~O(g69W z$(c=cS#b}9U0*@W-TrIrI{JF>yW`c0S?95ju#vgBBn>sVgqlE?z8I&mCDx>aY3c z##gWVxysOEK2~3tcq~XDE-^HIz+{X68^23GUubtxMBSSib=qm|R>jT@WemZp;CWb; zVLHx0QA)6OT>n;r;nR|YB`EV;T;-P?%~1}8C(nvpB8{c1U<8pU)9tZA3#`HOLiuga zRNwl|aVL#XBmB!OSb(zikYP3kE+)m18RzHjJr02N!j;cq%Kd=xiGL$bA68j;GShs2 zox+kPfvY;RCRWNKe{`03cE)Q9`}38EPZj$S*A%#ptZ${}lSETtCPb$G&`BpdM74M? zuxCoK61!N76sG8_D08yXhO$70V9-&q57*{WCA+$e(yT@;tmn*}`le{h|2yrYb66#e z6An|~`9rStgREXUnBlxx6TK_);pW#uvpSq6J9V96V_l7;9LMq;7v>28_#+s%4oRsI z2XJHA9;it{M%<&9jOg)lX<-D4@pWm7sY|)!c7GEG)5Ch0$NME%aBbez`RQHr)QG?A zGn(Ww=zC0$^CH5zct5OfHay4|3(3*AJ;3a#H5$oLDRaNn_(jeEVgKq_T?+Br{|`i~C_FjG9V zgkNh5dZ{a-feL7GP5rny#Nir#U2`v8a!`(KkO z2jf~SDuvxDX_Xz6_d!VFs4dIFkGWp;K7Tvt3QmqrzmA>M7p{f9n0CAXufY%yK$a>;~bgoyncMJXZO5TlR+H z>f4EAdbQx+8R)`4KjTzlqg^yD_{SR$oU&N6LqwY#_2*{s+;VKoC4Iszr9_z`OUDB7 z;6K2h%x$V!E7XoN>3%lTq^s^7?X1W)sbfRfh-dcq3t|8dW@HpEx@kkb^qLFrSJ~JP z+^wc9VsurH)cf2(%E5+23UtgW$#D9uI3Px2?Zykb(LsmeERGR&KO_WpG>NmArfKos z^P%C+#k`N)@&zUvHawfD7xO{({K4MrW4Kr4VPdZV07jDcXI!K*$!t+#^zA38p)FTL zj-Uq$3(4Txk_CQHJbcHOPnTNHH9|?jkW?c^8kDTsv87ESe-mSz!_7`8y^*pm$W*nRXyC1kbIfL9YdbgzCw(_f z#8O=oE_P)*Nf_zK{1r=n+%n#g1Idn8L%lY?m$KRQKuaE!q6&T%R*Nl84%}xg_}Lj}L?_Fr?85D5yxsu z&&IQp+JdjG%JA}36v`Z>bO%kC=wM7~C8JaLv3(GNoV`y&`W*T``&d|^8re>KVm$CW zd84f(s;N7gS4;7F>d#=_7@;sV;d!{=B!z&MRA~p5BQ39K9)FlDI|^Z#9A&Yt1;kb4 zPAlIVCQ_mBY#02%jz**~NT`r!k7Y>HNOFW7BneI)`H4!o;d^^&R9%i@A4aGMrP0|?kC|YcUBob~zV>b11`Z$R^WS{$^K96Y@n;EQEohQ#f$%T~ z6@$wlS~wpU1K10{lxb>1jiw0wn6n%@slOBI%U$G(w0*E@J0!+Dh$HyEL8pdOoA_-i zQneGdxvBww)Mx+suXmw|>%V!G_7cO)fQ52-h7QONKr0q;$1a>6LUr?3N5{rwC%)sv zDn+4GX7Hwrd9HKG&{tOxm(xo>g3DX0SAR4frbaT-3!&9|*n6R*Nj!Bj_HBqf%zq09yEURZ1obt>nlke(}iPU;m#O4#MfY;Kc{9Z5OI1rzb6VXW3+ z;Iu*epEADFCauQ1OQWa5cN;sH)Z$?wd%X3B$t2=F%X!&AP|l&gEU-&dhlvJ+a{ksX3kN&dEWtS44&^ z8mxu8%B+;KOFz%qtqMBZJ}{iXid`YSNL;Nud3@$_dTJcfICS`}9|!ZdzU};{Tl?y; z`fdW18PA6nOP;BJ_u@RS^GLU>ed`%D=#-*BgNbz0N5=}h7~EK9gOi9+nVl^=A?2Jj zVO*O-a|4Zo;UPquWop9)&Y9f?lW7S~g9t?)RpwZ3`*G5prX!g6v&J+~FSI(gMg1!1e{b8QXC0$Ch9 zj^q(ig_+4#rG{dZuNmzR~lkjD@mIDK!Eeexk)!;K+LPC3P8)!l*4A5BWU+~TAo}CBVST_-|juy{^SNmU*Ad-w_c7<>614+Clx2x364J8 zM_L<)0^R|!qS<<+H&WZGecuO9aZ**~>9rYE^k}Y%H#}??EFun--G4Eu22v#o42@>% ziADS&VF~f}!%9#XrC-bjyvpxQ{pM(&IwY>ib*Xkp3%gykpRObz+M#z4_aZ*yT4PKTxwI>uPjb zDnC4bdr2Qe-{g88f&iKD5waO5GtmQ1W%{vxO9F7Z$g|3|O447dtolt*85wuj##hOE zrO)3Ytud_fN3K-HzUS+rO-sg7JObCaf6BX5P9ultD`+X$j~Y~4d?^+3vk?_0!b4I~Q*e>hR{Ma^`QgXY=TTJxBcCzb=%* zihyI|O-On`4&m?LMLk-a38Trz$8d@UZB)M+cGQH#H`Xuch`R3*gq(GDXvAK4#SX=P z!Ri6DRVav3==*HyXgzAjS+X$^9xgM;=8WI?i=#(#Q37bwL#EL9<(~+sFyUi{BbrfF zyCqwDGh#eFS|P;KdpMM;qru+UvxG>eUFF4Vi1F`6P=l56M3LyXOgEt(tX$dM87Fum zks>Whg5*iulG#G2Fm1TV5luDiCMlx(FinskKHH=2S{5c_KmLf2n^kaiU-8lvyh{oS-Y_vSrDkVKkQtOlmfLnY z^!%2NBmw(x6q@;-z&Kg-BLBf~)+jCIGZqHy?O*9vAJ_Sm5M^$T`l2IrfNk|3q* z2_ODsAr1OW&#*UI@p}?}%F_8_Oq`elRmjRmte$!%VY!hBO{2jkL?Q|gCcEWkweT;L z#6ZG>n>z%^)$e(dz-!T{)L?O(M?pK953d|W0Q?tIR3|XSx1(FmXw73ovu+6+bh|i? zEEbkBNB3L0;mEZ&PrA_?) zd28R_S*EB+G((FsJ}7E9`RLKWCTW~T367<+^4cwvDppY_;OFZzSUuH zc~;s`ACbrpefKLX*+LtM%)?m>vB|HXk0^Wkv`G@dd>0Qcbb?A~WHCDk@Zw!!0I$%l z)eQmt>5ND40ZQ<*F%j3N0GGJBLas8D&u-P9COfUOK!G{Ti4d!;R+qeMfmqJgF7qzP zqiM|_5bvrgWlLPjy+#fiR_ToJ!ax8ssqP;giE$m_{ltlCM_eUYw|oEtH*+D_;T90=m`8BqKfNG z2$1H&m2D>~^nV=5Vjg#OkAG6lL>Ed%H*DN$CrrGElj$P>$l;}78Gd*>~ z4PxuIiFtMVcGnpQZs5@(ZPDPNgIMudq?*s+;4QrpeU6L>&%hq15U!~~vf;`)t1_+e zL4DrD4+8*{J(G?!ZBUfvlz1xsE)+s6sVi;D)SWNC$E*D&51ug3!<+p$QcDxV))`8G z#BehZbJUquonn8li_wugc6UtG%SA;hZMRtuz?#JJOMWjaf=T53F$KzdNZ8E{bqHSj zeY2ddn_LU!i>U= zCJ_51Mg1{H(fZ9I+*jYsZoWKj()=`cqtVtGBv;c?VZh_EZO+3yZES-V^7fWLqM!v! zK9p=`VmalygZZOZTJ;N+=?Yc8rXg2=nkToL#KE(R0n#4LNdT#n?~Rn0i4wV&eZEgauBzXA+(HfN#&cmHHuH zkzGC-V6UpJ=}$7T(2qFDu=K`vxn+jWeO16L2k@}w9-y0FGrQ=f$&13T<&l^zC~yO zU`VmCn-4CkxrtZD@%gAtaXTzozd81N|K1EoCb~UvX4BGzPq9i`6`z2ltG)f(R*uj~E#HAUHg^pOd zR;rP;5E)k$6_x;e4?Tr9gHaR>s3%7HGbQZU>l0l;=&|-o74T}zM7$Ic??w9W$h?|zkpM2 z3>dPcnJScHk5PldKuSUj8y`Vz+6XFQJyZiOgh0q++cN|A#_IE`P~WJHO{l~p`;TnB zQSPLnl<}#A_FchRc<@tFf&23pZRG`s@XgSwOxytL7IgB1*gDKt z{rq#O8T=0`lWgycUZWk^B#4gq-JFUq%{a_7Kdx4vL;w?q!ZZAoHvB{8+{P z*a9w%@f`}>+5|J!_tAZGDNZtBQ+Ibw&!bqd{jbJGS|_x)HL)jX_g3IzWbef6VGq6N zxyN234X@Hr`jzwD%XGq5s9oJYZfI*j zoK+`{;7|BoneXI^M&(9jfqu_#eP0^T))s|$!uql^dmfFXi9@jV2la<9y@51rkKrxw zx*YM`R&`y88t+a17n!TG6 z7ahA>-b+qkpyd4DrMJxs>5Pt>2t6m5d5zR0nP)mJvx>Z|`x|p4Bbg5MV_p95-w)~7 zOn)Lg@m?1yJ>nNSM%BdGgH=?joUBqMikNId1J5(wyPyFRc%}1=C3pSEHV-!S^!&C9 zsTk^eeuG!Z@i;ZSLm0@po%074r`BBqPR8!{O}v*ky{3YcBOi*>%!rvPDsH0`mILjC zykD09)Lg+NoW;UN;b&w|W;(yGuCD6g3|n>6%QI1cpJx|=l2hpx%umJGqMzxlkiPVM zs|r&aL8S#>sG+ov1S>lo0k?dJ`@j`DGACu8nJK5r-IITQR`@P~+P1~xJ@~GHWxXlD z31A3lXR9c-@IjG@ieMZTX-I_0J4#&szn?w;%0bS4p=^Blpr!<-C^ zxtZu*On=Ri!4g%ng3 z;uN(qhrxLxPYDwWMnCe@h319U#-v zaaTapA577U8M+X=R16Ak>!eISKt?tu&3X%Fo<9OfX1~GaV@16i2yg0#!FL=28C}D= zFaZHdK%;D!42$VlIM22v%K8%&9Mv7KN&anCKcn}2lF@gY;vqIP?B@3qyEp#e%IC{t z#r_ByFmL#&(8uT$1D)WYSN>!z8)R~&uAiQGqh=^c>lzw{epYW~aR>>qw4@}CD@U}3 z2FHtZ1RGlJ9iNBZg`!I|fh&SvH`9g$fBFV!Ypr`heZoj-Q5}L%tqH_(4f%?|E=hAX zn!(5Um{mH_o{nn~2Cs`)MQk+KSov+}982%nlVq>`hP8U|@r=voVLoMC+8oJI>Haqv zkknE%T3zCx<05+x`qSxq&$kQb!cU?fMVpeftL@wf;?wf^SCV4g!T31Ij_eJ|hVDi7 za5$-{sBdG$|6V3*@&8-!03=b#V9cCVnjR7)kJ@ZnQB~@UBshAI%Th3tn--Qydzq;e z|M_IT@lM8kxo8k;SxO_NM!|3OI(>%S3Zus$VBM*EH!Gf83KwF|k4hz5-|uYj?6$)d zp=%E=@bH1tdn>aLJ))6dY0A(%&idckgJ{IkPcAm5%S`#9!*5R@Ht%dIlo*+}*DgNh zt?n6WMRSkOw)(tXeO#xF|H_ij-jJ_`2VTwxdF00boc{BN+KDwim`=1kE>|QU(SvoS z20hdbP(P79XUWGZ-=+aw)4>JUGxTt+E~+s57FKxG8uy_six zo3+~bd6+Cx4Ii1vn0Bvk*cu0Xk<{h>xDV@a3@i4el$CK_PCvY?y-SaUl2=qD{s(y^ z!Gc)W@J(53e{EPGbp!6yVN<>O%Zg~td$gl4o~op-UyI?(S*xY1k^YKc&y})5gSV=il>zP#edr&@!DiLi=EHNJ=Cv zmKX-T1A_7~Z8_H(gh#n!{abHqipa3Q(`;;MV(eP&1S_n8`%uc)FoP469PAyeO#7%; zJz$>5Q+|Fl1JZDJxvBZe|(_s<3Cp=ua0_4m0k|OVE6aMSBu8| zehDPS99UL;pux(fcxP7QanvLj?PYuF0!h}r`7P5_XC zjsO1|8#+koA_e<{Cuv0(QfIw{Ofm;eohIL@5aEy61d;_H;aOW^BSk@K0rvb{zvp)8 z$MTe25FTGr$a0QQPB95!~GID8c|vYAhbaqa?-l>A*N%DD^&!uGyS4|eVf737Jm9@0rFE+ zz0627m%3VX?YU45YNt>Ndn*r0lTxL}LP}zbFLlXbIQ(`l_m#^LR@PIm=|-|C#XsM- zlzB9oaq|zs?;$4~)#wmkOvHz?$BwU$7pskGI~43P(Kon3#Fux@g*6_JU2f69gOp0B zc$d*{YDO<`kv^f{zITizD1tVTS%6k7_a1E|X|HyEUW;y2>3s(3cM)+^7@l6W6znd3;0(4`%lLl6bf|=r#aM2>uQU(Ep8c z2#^}u#d_Z%J&5$i19@R=DG5UsR(1*HzRO^SyyY>Iv+t%-5a6Lljl8FhQuPO}Oym!9 zO@8(by`c?I1%yWP-5h_Z>(R{NCXAHgOS5__Q8AmU$YxljGu>tfbc&8Lg~Jp~NQwjf z;`m1-MGms#eztW%y@TU8S6@L?%kh=XmhXu*C@v!S(f!EW{A@W#F6=aTZGtoi_Z$pM zJ}rWNpg{LlpC3mONC3_Ug~?9$sk5|}NJEgPujMo27^^Zd38 z1RZbe7O6*-V44|bK{G01goi3)@`h&AG_6&m1e#y|+tuy=?P}V@*>}RhRP50|8X5~p z-=KJ~G+l5v3IMoFA)k=W(dpLMZ?EyWsB{{&t_1fG_h>H zp#jLHZu8A3Q-2|n(XjJdoO7dz?$ss{j8(8RVOnOey%YnothTr{sRP@46d7nh@4|lC ze)w8xCkL0&Iyk8Ii!hLWFi^I&Qn#5@SWr&kk6DuZCBj3dT|wU+A4yy?^c4L|9;%_5Az0GDM0wG4tBCMo*M1! zTdE#c8bSkweyg&NxUUH`st9M)6WMBr$?9oUG3!3py^Q#-ECnlo{#d33M3xEJ8ZK^v zD`MbDWG?WH$J>O;0HIzp4&YZ1w;Kyei1YD51xI z-#u>O%7LVELlXQuecWwsZvpc3SxO&oozM1Nlj#u7-OBVdR%ASxxD`kuk!P~Bb*A_% zcB49xQwg+9KE|}|PccLp%|Ut)BGL)|TFfNSyp!T5_eX-0JO;!R_R2fSN*XrVDX@;C z;48$FGpN2EXa1QEeX1u~ZH6ey;n!MlU?Vb2_B}3^hC(5VMg?L?<_m`Z<$~n z?hXE5>u%PiM1;>W5&y}znQH^I&6qm_F>xlNkaLmZXYVYn`N5rN7Z%BPRPB7#*s`?5 zuxy1|hm15|>d0barXE&lUm0N(Cy)XND_SKzBL9efD&!Kk8944}ny)G`lhi*gEO2K` zL=o~|f0gayK)4vZSoq~NxDLTTyQl2@PQWPB^&C?~C7Zr}Sj%}!6Msk=Gpx~o`A=*H z&dcH6UaZI8N42;S6VsE513^e$1XE$G7}=R~CQnOXc4g?0&j7Uj{GkPqo%fr{gi1hC zbvR=OwDzoTHpk<%E^qoU!fuPksb_F`b1+tQ`qyY;a!&q zEab>5>RDQLnx3dpP8Ha8{~H$rG33hvufyk*!IjWI9;W}QgdrEse_I%>fh{AFIPRw| zk}f7V28%s0!3~6Gy|ljHPbzvkOHWCRr*Dx%Jo2WCof!`lqLmTOCihst8hqs+nI8}k zaDF<%jP@Nu8$Ija(>Y1qy?isVnh0O4zw(umIW|>I53ZQ4|Kb~V%y@j+=3E&S9?r-i zV%!308;ua|rUpO8H$xuYa4E`aIfC_E5|&mle;7vr@9mS|yqzKo5yI^R5N_9EAt5QL zAu_J+LI2_T(Te>CLDEf7O0j+4$nvOzX7rj!-{K5*^2UO(LS_$89+9RP2l!R|en$7@ z@JHy_9*FZ3zjH#_o!b{e!b}+>;NeKdUPKE!E`w#l#Z4}Kp<*iocwQVF9J^t{R!`vI z`>*$Nn={+KGj7r*+S=Oj@&>&vFUnWex_|NoqN(FcTLdG=EHpAvB=JVjqC^Ao28 zb8d%;j5S%;Q$JAj>x8R=$)+rA{ZUz~(6v9DUOW_9NcPqO16dvriCSyr$dQc_(dc(| ze}*ZZrQKBG>B_^NrANXAzJ=|&p{FlSxsEJh*=WId-PJ0X?0sloNvnSbt0uq2MBeR9 zwtu?5uKD&lEg~$C^4ttRXYdQ1THqM&x7qT%+FIFY590#kB!`$Yusi=}N_t+4?MErB zdmC$dnk!BPEnS+PVnx>RRm?s`FoQlHdx%@xsizWw7Tu1;hI{OGW!u3ILrb7omJUxpf&_UAKHBQ3hnTj*cF@7Eh;JNC0)(~BqdnqX8kv5 zApJYx2yiU_Gw%bdY-aq=VpU6~B!OLLq!A`tccxEXAmirNz*$QF2G@g=iJ7V5(055u z#CEy7i*?>=|7s0~e1PZkdffr`XoMJ!CAVeIjTx99Jd;hCh#Lf{PaO$5k0$M(QwTot z6!u~AP>Q_)cwMTdjM@o4&gg3yAj$Qdzyebz?(f%5$_9iqIage=mL%TG)&Qm5@j zQP53=^g(Jvxndzaqp6Aa>zT>}4cB7RkI{~}q1m1EFZeM!rA4i=B6e~1+F*34pM|h* zPaLi5t-eyM3&KyseO&l`Hpe0XAfl`#Wyu5cm0t6bjEwERi-9+#<;R}?oK@#NA>ri} zf|V|x^O33t(e0M+rZqhZdyMJ)47$F*+Xo%xwqpoE`Bj9g(E7!w?~gj6H;``NyM?my zoJ_=XD+3xRq;gW^wUzrWm=Z#`^eLV1_R4~^bw&$G<)|q3AL|IsH zTYCXqq7jn5t{}h+9Rl44v1_S#65>(q{%+=B8ra6ex*$GkVfF`5aqd8F$~#0jMOyqy zZ9wUmuItS54AVo;2(g)Cfg&Eb=;mj195mBi5sdpPE4!v3 z152AQh8Qf{^12M!7n)I4=CCK2bCgjOGYW@)I_-XpetR~2q2fNPQ=fNKzZKX!MDQM8 z>PxOrG-e4dH2cO&iPI)gDgv5_%T0?Kb+2@vrh)0QzeS;q5&mbT4PPa3_jzZYJ@1w`EC2}N+7P=gGfG0s~Z`frU=Z9Aq7C^?5Z%Fjpt={-0+xG6a zTz%;4pi3vc2xU#sb`ifUu<*et=uDeW=tme=PTJGLaO;X+sJhn=%e?{j{2HKbL za9{RTl~!hK!c%K2B&&qPMjY=llub$*wF};Zgr+8aZbi?4c=3I=_X@Z@y29ptmehKG2OS`IFpOkwPr-zlTARXn)}2P0*oBF@=hePg*QmBMx)3 zC)w+7kYovg5a@;t1#-DWAM$+M~Wb@a&zY?We(|gqBgAIDI}&U2tv*)HZT; z#Q}7aNtsMwf_bk2rs$dS=RX@)!S9{DSb!{0h^I3Q1tuK|>aVq<)F`GWHaR)!YMWB* zV4F^;Mzv{Wv7%y#!cDFP%u3R&JwY%wIw`5jIJAGW1X>O6*2R_OExMH@wj#j2Iv!Ax zL)7=zNtok(FA*7uuPGnF8@}Vt{MC|TTaxiWlplOh7C4JZpzXA(x(n6RW%e8}VLyM8 z)x(T#NMve>8din@!u0)5ZUC}M$gF&#{e^zcTy~ILbK^O|k4$_}BB7FWoeq?7&@lW0 zFX~na)c4#%0t{eHkQVE&H&+&aL(x~gF(ehtdX}ge2dzKam<426{oArToqxZ4!2e=x zv6KguO3iy`A}cHVVSe^;DU;LoPp6eMo|Tj)`6gXRw~mmifO3{{z9T60fQmV8oL4{~ zszRqheXs^^wB#e&ca`nBUyZ+>XJMyw8)2yrN-Xihf8kqN0dauu@$t2{>zXGjODvU= z-@^1c6-5WpdUcl`-dyF1!Qlr8fIU&bH#4HQ1~1#oQr#|r-fWLYWf%~sK3gmH(V$4I z(L`@Olf$oHw`^>tpU~Zl+#(ql;6COgL1LQW6$H2gVtl?dl)kf3YZW`!Z+?h|dEA3? z@VK}V>)SEZqt=Ca$e^WJOFyb77!e@Ks>1t1o6Eam$~@Y2e8==?PBNvlzk3FzggzU_i=ZCqJm~A z&YY9di5=9hV+Y=Q-+xGtA0}f=@pqjQ5kwR#Q@@ZZ&OWJRXld)l^IFPCl+`qQQ{*gK z#)O20h5g;h@F&m7l~hP~nq!Kgz)c3oW>3ifBXRZihr4oeP?0xt4CK8Ir@~XTU!dP7 zRz+y3cgt0Y7&21W^<#%P#MK#YvB7n7Est|@|GXMJKkB{%oz&FsURhqAt2ZU2*o-iG z(>y#-Sg~F-HB4I_6zyY1?7opw03_WqMc>5lY^lqbM>Ik|q5D2x(q_9mV%dS6u>P`2 zOR{;x)|n~*VsJaX)?`6HD-$J1c*#Q+z4g2Tv3tYl2fLcojH5f?>4Q{`GB=HjdsrIC zgLxo>r{Z_lCy||}H!_ApwhbcQVadBE{`{Ae8Wtf zOIM#(DNWU8<>hUn2akG^i-I=>#@TR?We+3yPL&ILZ3^)%Gp0DE0J|Bs@vQ`BID~9kpSACI0o(qmcrj{r*I8r`yW7!RwanTQ?X2=uoeC`$E0-X3SNaUcFiBRe zpC8OTNo#hq(@VW3qx3{otrK_a{fNq~(6b9SPBID>G5}=!)^hM52+oPlYkk!TgIe6= zNE{Yr&x}a*oi|(OW9vggt^47VPTWW`fNgj0rfAY_4*&=a;Ab}$BQsaxWq|-5PfHBD zCbw}!Y)w}TcGUCs>%SwovkH<-Y=YeJ1cq$E6T$?}?AY1K?MRxFB~9WHfM?O+wNj7X zk;{CTo%^VfWkU?k{Aj*5szXk@Wurt)lgSvS(0mf4A#vh_)5iZC;l$%(D@_bGmsCw` zBG9RKUT;dlby&?hzP-ND?-c>M&{a{e~UBnEq? ze&euSnFI7HI2Xogc*SR7&y)R=I77*cJ3{$UENBG@VGqG+3);Ra5^(s0>)7o{<|)1g z-hbQ$@Z-x~uXwM%^SwJ~m(L!EsNYK2=##kAS3b6N#CP8^FL8KT?xMy1yx+71wWJOG zh`$%JQBU9nJu@zW=H1li0`EvYCK!5I>QvW+0@z5@^(fuI6&D_Qb*hk0h2dwIngmNj zDWz;7)x5K0vu|W$;3Mfd80JVchuH;g6(HKSkKFEIuMfUfC&5X+xSgDpCnbix_XHu_ zLQ=EFzSxpQY@5I|Wx|O5n#tmOemQ!A|HUZnxeEWx!7yZSntgM8EO)~b3CsG1;}ybd zO49f>n85 z^Qza=u+M4hq23*5hJl!bn(7Lpn_b!uueR00MYSX@a&~fdj%TRPYUWSX^qjGEAC^q$ zq6zHk%Xw9+Yr~ zPXG5lD=lssD9ju*A@(}?zE-IK@ID`RyTvZsrW4_!G<8$fw&LDgtd|fDo@@K17rvmt# z-uLW)zV+oC74i~fb$h^VySB8CXjmbpF6(kwWR0J5f9vtMR)@OOVjxPL^=)(Tz1Eg~ zlA!btC4VJ`L@;u*#1SPXof8RoN1=6(goCb9xJ!~qD^|_n<^;d~8in7JDuUqD7Ad1_ zV1Sc3D+e_Dx!0KeY^&fRHI1wx9Bl>Cdb&H-Q>(D0G{>-U`kX+rk!Mh+ki&L%w*K9s zd`slwV5YqDKEvozX%%CaYv|wY%K4uqeRvK$g>|&>!p-}E&IlusVH>0PJGTWjFKYWw zSx85&j?Ops6{wKL{NI48(4*T!E?T z%RaHxs;T4Vj4fa%2l}$qlYgfcFAlAn=%wU|Z$GUmBENS-&|JJxHJ&*Ayph zWeErKo6UPW{Bd26Msi&OHkuS_E5a8NL>!aP!j;Xz(qVz=iwzEO-3zhpg(Xf{ffZC` zV|jj8+uNoS@R9yNXau9AGxEIso!FJoU}yNfoa2xL^HV>*IFV$7ppxwd2=UE!O<0w$ z7x)c{??l(A{>Ydcc5qqKtZeEWgDUhw=%(~}zHUVX$MrI5p4w=pW9fBdIze9k~& zSl#EfS_Ajcw)>QlC&zOs9gqkbqEwGEYRc&6b%m!T0R6h^g{f}&+HQ5JGa-gWN*H0% zGwfWxb27$vi`}f4<5sfm4&U;Fq+F;XIoM$H5hFH77>s?)k;bq&`#e>07KUzslaCD{ zRmZg1&7s*QIoxT{d%JrS?T_L^WFW(5u~<=`89tt?m;O1&BZx^TBeY( zk?SDv`U0wgJimKMd3i2R&CmkfAchZN*@h&Vfr98p-(O*y1i5SvV*jYD4ClhY0rT~( z-*f!$o}TIaPgoNTd!PFj)jdwLR=oE65VS!*Uu(8EekU$!xQ8_(p~%7-V_%7vF%LGW5)yohq#pJv%+U|Jzes|cIW3# z*oopUo3B_#70f1>oOANYU=d2jD96dJ>C41M^+X)gyL`-<>-~glUYCQ!#@5r;2iq21 zHAs$q=BK8r5Y@rXCwNnchcU^RK;1X+1^nL+?-GTpL8j9u`&}vudi~~l)l=Wtrro34 zYR67J!w+OFW9PhWP?AMWH4WNAceWyoh8$M~BRen3-zbu;)DJ+&oZl?NEdK&bv*^)E=@4tv@`O04mA0I`w zSlO72IWFRT`b7B>CG^wa8iG#a=g;!dV!Gs|w&0aUhc~z^x>y0Nmg7uE@>ZHIWZwEg zsX_A0{U@vD8t!sgKfj6KF!BB7qrgnHU2YBn>SUPnp3T=(9KU2l_>NK$j9q zlo-{57#v7I|dDQnQ2)sje+g zm^8G}Dm}gCg5WnX`e|2Hvib-HzeY^ZM79=JT-f+*LY-F{^)N;LaKvc!7lJk(uH3lJ zR$q>*9u{}j+%cbB>)%!8pBUV;UuB&zxt%U!Col$+fOma*P6Mnpu2 zoaMvR8ICSR*L)nW0F_!>eDR)Rb4hhCn3W{k+pS3jQnao>!Z!N=5jnqA*-M5xLDWiC z37Vvuk$QCl#-Ai65LbZx=&xLf#22TL^G52`@W^s_}0g4W(d6>yHa9@G;c%Nph)275+LpR5f{8IPN{-8 zP49QBUZrwQIHiKu_L$w7^Ds4ewbbIpr>Vn&2;I9hA~qkBzui^8!9Xw!QzTEiJ@M=` z3LAZCVrh%8oaq^Rnl`3Qw%&gpU9GoNVJxCtX;tg7n$;s?&Js#!A5KJMi2Kx}+l9WW z+x2q4SY_y7h!3`dY~Ef4PvS8#?r&pJUB-W4(dvm?lmMmCX5-coVUNkqjGg)Z`?Q8F z{yF`4)u$^`bS2@K6^fK9yJtPa;Gq43G9%O^{~uFV85GCXZKDu^5AG7&HMjaLvRo7?yiGtfZ*;9!CmJ~?!8~ttK!G}q;_|ovzP3(3z8Q$Lj_Nzul&RYlwnMt z_pOqa(s<@=PtThe4V5V)eO%<0LO!~6ysi5x4D(mhI_f>ZxVE-7`s*9miZpv!j(4q< zjlrT-+$xAfp{t^=r>7F62(#RUn+J0DBn=7dKHb~Xp;`-3{6gU?*ToI3tF5i2xW^P| zyLXc@p-UE}itU7{Q$yc4apN;Wi^OU{@y=?5O9 z3DOG}xh9`np8P z!@}nL?_i6WX?S7o!h;c-w^-8&1IUDRl%Ufxf69&Vy>ePAwW7}F~Z zc!dleMuw)T7j5a9IugexQfk=%0v^ZuH@&r@ZU1(ko0}q~Whot+1fo{ow&12@_(n%? z9|UUVulq5JXxz0NzJK)u@>qAX4!!1r1T@%bL=ERZ`7V?pYHX6SARuYi$6{!EpB)km zSQvI1-i3{QK(JyJW7=1nj|%JfqG^5#y@ib(Ko3v637}(;C&ou==sMu#u>XgG5b)_` z<_ew0tiO*wdo56XVompR2jO+~5{(2#i0-`itCOXLF3omdO$KPmw@NXl(_rKI3J4{R zE*}#e*4j9|^cEZ1Rlz~QL)jt0?JV?IK9!F>fSOpp!~S_xpJH&lAf|+u#7-#4O0w(cs|lTi zg|T)3;?da5>-dH8ZOGIXNKxknXQ|j8*A=B2RdGgEHF;LrQ1E@PU1{6`IyQ+w(m<}` z?Lh;vu@#vgbWKr^Ru9q?K`&Tzx!n^*@mvCZe7d!N7FzA&JJERJ&#k-U((CCZR#ZSr z8rVL2$S}MD9?mpRNuHW4o_cf()d}oQ_9}G1VuH{`$Qk&t&%P}b0#!8Vk`!_#KJj{n z;op=lgQ~#yO+%_P=0DAFvr1Dg%_dX^#o5e^%;`cNP;btb6F;7|kqE+Wv|pPAf*$IG zlQQ^o3uj`4g>B!%RNivC(S2*O3Pp`Soy_Peu`dPIM;d0&mPzYkIH65EY?pdH?Ps3|Q*v*_ba#IQhy8RHJEjcw&}yq9Q(ng7O1w1jD&j z^?G&f?KgIg7$LS^x2w=;)Q#y`jnhcq3!*s#6!RyYH+X{9(Qjwt4rr$}s|zu}5Z4?3 z771&})Xv8lu7kykwooJB@3&{}{2yN9yX+JVB@^*O2V*2!{`NPIr8gFmaz#QII~R1? z`8Cj+#}X$f6Dxy*AkT3td)z;;{lTZ;RtkY$IZ_fm;$=>08sVbINO?%TQpt>%9OZp^ zOZ()FNs=9cuB=iUzsr5CgDqB2bMA!XE4C+?Klr;XTRad)4p6B!%!F7=(wSrU#JGzc z<*P7--NH6EM-#N4Hf?kimo+dVhka+ z-j9+@8~d==rtD;?vjWO&pQEMl;375c^7_eDvoK7qOFjK??fL0}T!K6#`wqb>S~8*D z`k}Fw?_UBX_TP2#zp8QtS=O7n=mM5FdVA&3Mc9X|qWtwY!cp3m_IaZ?Un2v}<>loO zyjCtu2Gi!YHwOTL}4Fwn6|QraL(F-Z^p++FVu z`XCoiVG|&R?WMb@du2w!Pz2F9l6s1sM%7mEUzAx|K+`^Ax_`pUIv1Yx_vaYGS;iQA zOB^EeRId>#p-njGNKUrh`H294oH4KV0cRPekL_-+ICWQY#PJ`8m1q~aYdFH8=d&we zkc&uzJ~xAvn~QjAYJcC18HZl%8*aI3yW82$DppQ`Z$h_S_^#L1w-=C0+;W5T?q>t> z;7@^8p+~eIRjRZwR-rwLf}xS#YlQ8O;a=`{)12N%i*8T8t6kG!7ma{3SjM}6jg-DH z1}d2#Pl4OyE5L;HtuCA#_8Ps+c&w5PsGAI5eE9bDeX6$H+T}h+l*}tm)ZrV~)7}dG zn@DkuvgfBR!|QQW!;ZWQ)n_(%=BLki(BYG%p8NU$=OLSBA>{f$TXp%(GO=WFB_?FX z8N31dp~>8$^wNJH6=0MU`=4A;B}TIKVK}c5fr}$06^?D$Gt<$0O35ed8(p>7?=p`K z;gXkMs=0;pS~}ZY{Z_zuXcm10ZNxCT%9s&B4jj6Ur9LZdlMTtK&Ec*i``PMnyu^by zOzrSZQiJ$1#h(=v|BjL_d_z!dhGSpuz5O!XItet43pmYq>a~c<80h#w#xNK7CegSl zbUvBE_ee9N-~M@q0LI2Qe5M?{WXiD`$%;`%kOJT zoX9*%3M7tvww~zdMXcFqFiS2}vsI&K%0HLZYm0%439M9DFkoIo6}n-vTVBRCLta;y z>%CNiQ*7HsN_Y2uIXv7lH(z4xV@m?L@;Wj02&kp0DQZV8`4eBl|Go6B75O`P;-8oa zau^>XFaCzAz=EMc|8?*)zcb;rU7`r$fsv6BWok)bKNb!@{?;FOg6m%|IB2}C|7f>9 zT`yMQGaUDD=f(3p?;VARp{z?VnU_oFa5EhR-?LPolYTq-wa;D|lYsk!dOfv=s+mb_ zj&twy_|wpKa*#7!xIOeUYW^AT^FoDSm>Lzr7{Uhp-M(~^aGmkP%`ZaVt1+SQ8lb>_ z{pR^p@H&jD8c!&4NK|#_T~)pDd!#a&k$D^ZiZ=DWp>Bdk4=+^UUXedE6=DNX3lL8b z&nH`6emg(ES`m6HN8)|PAo$qnbUPO`x_5-ZeFXy_SU% z!*aJ1jk?gP()U{H5rJe{V^$Ae;BL`(o^jMH`fS+8l{dVAIHP~+@y+$eu*T0?wo=XB0*Z*MD82O0GNp$7%QlFbWE_U9j zx;m1|qWqK-x#6$Y0wp8`_?$^=kWerLR7}!PaY=po0OB|OQEuN}`}*;I_?8~J&YqMc z)$Njd$WK;Dfkeh)Rzv$3lF=L}SuwJa0WE1byXT|aa>5&MS9oX4+B+6nRMh$!w$P|f zuCHq*JqUOL=CPKVRbi3&e>i;q=37gp=l z{U@U{=esVXa!5@ebQStYb-Y5&#(U{FO zWBymXWmo!-$`RnW6+UyeR0@Y9kr=t0s;$gd`8Jt64yrdGxBQy0qn@xo-o3e~@KJrRY-bdBh&DacuHWXIUi1_)!G15q;3 z9koH$M_7;XkXy_hiwg&vhIOh@ibDb%1om&c83tYRc?gd)Fl}PDy?JMK(Wy&5JykAy z6qA`gUqajK%6sy|SMlSMsJ};acNrgL>-jye@3~~f+L`2TKpiMViGqQ1A)Y_f#H%uZ zUXm75z|jQ-0gJiRm#V{6?`#CX)c9DXKZ4o-t3q5bLg`j)ndM&H}-%>TY7Y4B=o&2^!X_(Kk^?4v6I{R&q8jeKgzGa zP~i5EH9j&Rd%pQCES+kum7&(fepl2U1snH^S2>f$4cw2Q>2!4kTs7Xw-yAO!fDa<5 zO`k3vFUCwfJ#~UNI64$!Y5ftagthR)5nKKI1F%EFOxeOuAR0ZZ_wW^K%un^y){@0+!es}>VAe>;>9FE@+gSN###2dy!x*H_VxlPjV$X#|@J3sHSy>jTdPTIFzns z>jfv0*uY~?Tal4Ri%;%CZ}njVCQSip-viVRGFfOR1%`Mr+fwgwLz4@Q!}Z&}wYADF zd{Y0Zj5*7H4W6#^toxg{93*v(Vt(GR`0qaeh&g}HufkN{_4p4DtFSDX5LOwYX;k`e z84EZqsehQA?Y*w&EqXidhlYk;Doaxfk|U0z>Ez1tp-MwmeV!!V0*556frihqnx`ft zO~J-R`3Q1ss9X1piHhq_Cp_Vj<)a&JLKi54H}OFZtw^B!^nP=$@UsEPFSl+-Stfu| z)4AMY?YY>mj@f?GtD^NgHSyraq!3J7(NB@g+j+Asc9!H>`)gt(`SB#+d-zdW^{s$V z22T0;c~h<74Ax^G#G44l4F(lXGoWYC9)Kx{x99LdiF*|)<-zW9v*r5T%PnrbZ2z=H zxcR_;b?}P&EL$`*f_2=!*cdBmunGbl{S_%sC?{D0S+r*I{`!$i2Ud4{1X@js6G>IO& zS6d_EgC1_T4c%YW>1?JK^olhdw0A9MQE z5)nnVO4GO;cxP)u=CclO9fk3J<=e@1()EM|TptylgR?i&KH|(bx2qONMs>L{az&K% z>5iP=R_~u48f#i%ABaVI&yt*m&OHqd_!TM;@j5pKL9Ycif_4DCec5`y!~5I|@qizu zFE?aDs74o^m=L2nGbGg8p+(I10~g8}`B1)XIMT=QdP^{CztRu6`z4Sn6x)Xp`D@MZ zgfA@ME_F_0yZd*YI2~8?A!qgSKxIPejt*D4ruhBuIr|EMN&9{(*=(iYk zv>?(Z#Xl&`K~cKuj((B}xR|Oy-~vH!;D@f)&`qj0xIgpcJ{-|{Z|3blJm2 z`Nzj_u#+)E{An-#c+M@cSE*K>Erh!~9t!Do{>l9|kB4~SM9Y7+M@S5`@G{qHzM5Q; zgS)tp29vNO*VxfWVC!$4+gUXHSbgdyxc#$BlD(6A@W45t2AyFW9d8siQ=*F(%V6i? z3ZmC6|9rQ?R$NCHCim}~6y*OeDIk^!C#zC~d4BgOWxU70$P|j#eHQZ2;f#pPKc0CU z5QY=*7NaTC7(fwyz05(+Z$u@LhG~wJ`O?7go9oSrzL9oEZJ^#-bT7_w3o*Yt=^MR+ z*od&o+2DkyUn(rjQ1e*?PYa_$|r9 zskrxr*YIsuVj}n?%dhPTUk@@+Y6@G(15*6iJJP>!Fy#@uV+)WK7Ftz@ z&ka)gL4`{^ny#>MkcX#t2DRzuBYiWyX&?O}Q6^KZ{O-sO2Y_-J^zxm|JXQyzC6Koh z!SDIDS57_Hee|%&YqHP~@q{&~Lt< zKK#kzmwhWwC3u~Mc-s@iywM`0)d`RQws>yDYE|vZpR)GegJVmRyOuS&zwf;(zwks$ zic4~?EQ`wFv&t4U$dg#FqR5 zkF%`wWE0V_ISdBO1ma4pv^1*aiTj%b>jKYZ0cYldkKz~~q-_2hiUBdC& z!(44)fjf?y!Ni;WRemJ?4_Iz+CkPcl@_b)*+@EUiy+#f_Nj#BPINwJGwD z3$d|AuXEG@%gZYQODK1tZI2|=-BF)tp5CXrgWy|TBf>@CDv`jKK-So&EclSC{tOnHzt{*a z33R49tWdpEd2-o&kp8-W9U>@(Xa063gd7>ws(}r=bl5CfmMIJTAnhti!Q2X(FG!}4$#Fb zQ?Y9(%}4bfO-!iB8g06-sOD0t=8WP_u=Sr<$H3xOF8U8|k5Ok~s<;o{7(c6@WW}#e zS5m!pgl{xtw!V9SsQZ}^VjkTngZ%o~W7iL~jP{2KpH?3ecvNBym|+(^MHlN24k45u zA$O7%@&`Rwe&Q)rGjarzPz&7~z}mn3u86f*R4&7Lp2w7^-B2I%z|Evo*8FVvHo5lO zpf@OSY}Y^2dB+(ahI5dZ(o?WBWTuP5W#+N_g{6ME5#pIxIno6jm4OUAEr<*s7ks?8 z2@V~8)UJ+Bi1PCl+7k79PT^tK{tHe}{`38W_`w;{klwTO0+gZQS*W?hW8XS9rRljm zdM1igr7YOU4Z3Oc7$ZQ{D&)#mWM~R0Z(f(L$Pr{OV2WtGp~#HtsI9O6I3>ti{=3Zt z3|3yM$u5l#-t-o-(h~m2fq(DJPcZKcT6}=>eacwwh!4Yiyo}7~SB)Imh%RxW(Iku; z`Uu)WnYD?F1VG7j&z=Vb2JX*`p$LEcQLche9=bM(wZyvX4k2 zG3gMK)j$c9y{Z1R54>b0DJt)39t~?(WF`t|M>Q)BOp9=WrON5w=2?$Ol^-t|2dTQVV%V)NJ+^_hQoix3&3@fB$YVftM=iq_ZU;L-9FDL9FSGst?6g@)VGN z-bCo?>ZX|LAgh%?xquU5yT!(GumY}L(2c{w5aZ95`xwNBs`uCiy|d-N+M^J>{!nl_ zH%-fb)dLzb)6`;%PT{FGRe7NQB-`(*RJ-leF{zl^<&`e@`oqgVf8tKB!x>9$<0=g+ zt7_~Ye7xV@kYHD}7-Agn3~}P9!xr#u7au~YWGN?s{7U6A%14twpPg!g)rzSY{2zaY zt4&-21kYD;r157$stCWv%)p*T3h$&bFcJ)J7*mDVL%t+hi2tCNB@-DG&!QV6DwZm=iciOWWzu$vkQ#%1q5k-~b2;6Z*F| z-P!8;7rl_b>wh3^Fz0ZP1T(-Prv>?!R?^d$w+4seefpirjQkuUTTwJfYhzv6hN1}a?nb$*! z^O=oj9aeb;n^UvTEmo`{0^YCfTWcauT5Dl2kN_b}Z;dj*ECFMJS{;iw#O0s(BN%4+ zZ|090g;Une+S+<;1C$m7x32s4*t{>&m8s3#+#+hkEP%cQ#`lrDl-X9Ics2Hwv|*f`VyEsZkM2{Ur$`bOW-d!*T3Q5NV_ znLXxqOj=OI_FzOZ4RTAr>%q%8limQ(LNvF2MwIIholr|Bk>9vWR2t-~Qy4Z5e2^ut z{=TqUF=&g{{qXUJ)rUvSk34$Vn|miT|kK*Z5}EBHysqF;?=o$(xiI4B zO;ts=rl zvLWUabm(Pp(7Sf@aANiWRVoq7V7aZpQI?6h`J2$M!wxP;gI`JF$@=3yQo5HX zfIcSRBJ)m~0=7*OlQF!5yvS%icXZbD6r)G57!ZmQJPK>K^#R_@D2m+2Qzp<~grRkh_fQI?LQ^_eqf7OlUL_&>4k>7Twl z31f%`?%O8EX(=4tV6&;x1^`0t+jVU6jJl7NOD*?->~Eb%!G-TfzWHffMdMH92uo35 zQ_coW8!n$Sg${HM-I|Bvz2-$|m~vC~%D$K0K&qp!Hid;_e2}(h{%z_P5b#!Ri#lr1 z+&|C6{go&#_M3%C2Iny7C#P4`Lo;m1TFG(H<&L31zxXR6)5*8qXFv)cca1wD&X~Ew z-3Gpd)L;DUr>Ov$Qy$C{yq>2? zys`2GIu@ic@fnuL+RIb{KUp9-h9zD@TRXCA!5z(oZ?NN&a?p1z;(1M?dX!oIeBr`& z34n1T`+WbX&8fiWz%x+hXco|C6qR#~&zyo)(+AH=BVEOAxuzs?7x8H&Cu*{x$z-b935O_9wr^9+i$sdm+V#z zUZ7cOLe)qVUSUjYf|7@}t1UHkF;9L$iK*ij`I>is_W-X!18UD&S_i1g|;vD~MR z6KKxalbQCKh9r-QI7-tuZ303>Tpt~t(&S6+G|n8#LPv;ZD`uJK)T@hQx{8x4g#+zi zd)F>Q&H*g-@Q5!@cp6-|{m-sRR-q=(-AET6u1UN5IK+Xff}0vlu!~;~`i~)Z=glWS zaI?7l90?GIHf8lfV5mSS%@0m&m=KJLs*rBYh_ zJtR~I@m~IrVvMpOidM!fM4SF(yQQ9S$Ko#l2d={Ek&e8LYKeyO6(q8&4M(5kUbbMu zMbr1PMgK8H!6g}v-SS0Rsca9Dx6d-!fzA{!udmH%nBRG^A;i^3yg@8pr0a*IAumJr z{ci{TOkN4#;3jvqLED!o|C+PdRXi$5?ka8pW7(q6R(W-C_$ii$L1M3E_EPt~!t*fT z@cnoeVan$9c4$~y+WXMAuj7l6#{kzsQ;_?q18V)z{UR(+2_f0qlN{!>=f~c0O8Ql> zH7>xs@ReLkVMZxsQQXERzOr5!*3@HJWi_YB+>Md?YBn_)^tHi@^Ir-{>(RwwWTW6c z4~cbQfD`e{rL(qWca%e{``hj*RHcD4q)*NlHrbXprJyT;KjmyFG{f>{XLG~s+RRTf zdQ^TcVLw|x)p{ygxu9CrF+HZNSQL_wP^&f779WNxjGd>g09|9Ae|d>PG70zWW{AjkkyKXlu?m9lxcScj*rWOO+FZl%PWw@D{yWzKenkqDVt>-XkSWj&$%wt zmHjr_FhwXlUx-2Rk>FkdWQN;0vh4+q#isd)tV!Z!#HV!c)fR(!nHc!-k3ttPd}dxL zH)Om+4`GN=YneEycrF^?O;`}HE%48;JYA6`FyTeFvqUEBN2F@|eFbJsb^%|j;qQ(q zZuD9xnplxhXGDYY(VQ#+O>G2^b3gxl$ELtTu8+M1M>K~oaB|In8EcsELQ5B7atoz= z+T3=cmD^Hn^aRfc`ThGJ-y%QEt+4 zc2gyG|2wX~IWNJj^)Mo-P(;-07IZj9Usk<(&_v~(afUYh(uq?#@7ZR0f1aV3K_@=4 zzIDm_lSo!rZnSi(W#tvT z!0;i7dV|hXgM%*8E*Z*Ys^(G4N(P61q*8m%&^q^|U1sRQ%V|}Rt#g%Bd;EK2qe>hZ6DflGBWofZ4sB5ojoyqhlK=(vPbikG8;^n1#2|v|7fSecFGF6PE zFu^JGe#8e)pX*Au`A5mL4Owe0!)qs}j-p=7bRSRRF`>G>8*u)feC!4Cfib!25pAp0B0&!<^H~uxzDSsX|EpDjTwt zm-}(iTmHM-REz z-Yk{q(e{PE9hsln{n+ke5`6(o>Vfm@>kg z6LC1*=MR#eq)bwIWO#G#*TI8s0K{rmGm87uQOE%m!fmL=O_l35&wwkIiy+ZZ4yfNh zZ*3|L4ZIktCP!iPO)r9Vc(o26AvhwqrdGHrZbz>5^zm=gTf3T}{q1&+X0bT{q@y)7 zt%&daz61gJb+|?7nj+WxcPAAUvBrV-N5IV%wuUH^e(KozWJc@zP1QiyKV1Y1Wp54Q zT3P8m2n=)VMQ2S`DKd4?L2c%BSUOOe+6w5tOxx6=YW^%RaOoxS1;-lvsjfO_CP<-> z4G#zIDq_}7MS1D){ofh_{|IJ0ozArkdy64I8R;diHk5JHeNm}917N~BEoy@GH=^k6ZpciMlCzO$`jCD8($UL!)wkU=+r3NSh2XwwWs&EFt7i8uqht~}x zaaGL*7bkq_N$;Z2>~31~U0w7Jlw$)nUaE;^B*CO4N4BX>HJUo?(PH%< zGzFIuAaw&QzZ`;BrT)SNc8)GTh%$3TkWcc|P1qu05YvlVf=oeff_sN;VWx3Y;bZs4 zzOZT?6VIIKj#tQ_*i5M|(0Ey4Zp%8absE8&IF#zk#f1fs-y_Eh1()W@7qTV1Gm)P+ z!L$TvcK0A3*rMg~S)ZiZnimv^B-Jl+n+tB{+kgaBuB-CpkCH_d%KN_oj43xI5>eJ< zsUBOb*nNtbNK1Sd36$Gc(?8*7i;P|Sy6z@D_;03=e7Bw~KI3EC%!=e$2MrlC{Z`$G z3XL^=|AktIsfPkuqgHO@RkN`=sn5;StDo)ULH>*$&{y*mFfD_OMU5~!N@{jQx^CF* z{1Y(lyanL=*FL-{e&a8$!j#gpCH8(lm9mGLmpH^QV%cG=P`3zo!L4p&Gjen@nL44e zPPH!)0>HGfW6o<+)39MJHkPEJUop+A(@{eU=D$VpGm1*6BD2n-v`^= zC&7sez4dzfc($l(D4UgPkGqToh?_H`_pZj{*O(~`>jCVlv@mie;Ht)?rEp5`O!|&0 z3sE9gBp$7I$Q8NC<`v|0U-IcPUfd@Ckn6qsLjqt(=Q&_XQ;y>gyqhVEs3z=>J{4eV zO|^7eJ)AQ1ZwOa~mI$>3?dLQ9xqikM?B~AZX=`n8_OuAmSw%gw#&q@^ooWd4Ox({W z3fE2ke*&7s?}NA1)1+1fF3px0uqC5DzY_(m;P?^bjwY~)y{8iE76n_Gk=@6?s_N-& ziX%sf0ox^$nW7D|oG7yp68~ZOX=;$pWuuHTwm{hsDZel_c3$@N(X|d?zI+2;!@a^? z&UH;&TR_O*pcI!!S;XXVqw?#cqX?V^&uJN4>pF!oKi}n?(&dfRlbqkh^0YYa0mdTl z8e|$Lt<-}S$~2wnOs??S1(ml~M+B;u?{ueefPNSMDA^knYm+TH#a)W`a##FbY}W_~ zj1;AqGU~q+C{MF)er+UE=bt^Y7bt(|glrAmO6KF^24KPQz5 z0!qwbVvU)hMh_==0zP%j_a9}R*&tM1GFnnv&#VFf2|L-ur$h;T;%2)h8~i)(K8PJ2 zkQ-w~gGhf5OkXQiJ)JyE1gwlKdO1Ma-mv6bG;)^1$@LkmRCV013llOzyMY zNB9u(38VLY#}; zrm8Tq6>E~mr3%fXo3O$m@qjXvG;t~jJUscc(P@pq_kd#ku~&{f(UF3bGHL`r3O!mXiS?CVM#p(kG(UF) z;%w{&md_1?ra?iztm*AO5Z6yiPxT=Uy}yjNqmQcc+<|1(#|*xSfkhy>Ydg$Ck2j)}={wWNqjHk2!{P}=$x@GdW%?C@}g4%&;huILtl6Q~h)6z6s^gptRYSVy`hal<`ilxB~_9)nzQL|;zhH*8fU$mbwbq=b=GAH!uuWO z_!84apt(&#*-mlcXjTpS1en%|55sn}9%6s@ypNcOtX-T5j^?9|R>a+-lrGcD3Ew2O zuc&qOqh@#!CJvCjp!t%g!9KFs#9{3+>biJSZO_fPoLVp`sO+Hz*-x*lsreu%ZTjBc zDfLh;2dS4?nOUlFevx^jNRs-r%c;iw?2dB%x=hbi7!*V6lG(iW!JioV!fLpuM-BhW z;a|U@dTFVK!_y40#_Z4>eWR$DOdi9TB(abgfKAx#1f=MV4>}VuDF!AmgWPFG4zx_o z#E;MSIMYTOnl{%vVLrn&5*s5=wr?dk1rFpR;V z^ArnbbSJftD{-V=dKc>IQr|43Ep$X5^-iytHgZ!fvTKZ`jXzebj;pyqa=BuIhN|{w z4)PrMWjnIf}Il|evl>6(RL&Eu&NtCke z=<4o#+2P9kvuvh!-AoSPA*UzLCc&oCZ*#z7LwWtA>~N&um+6;JvK!vbNd%|d1wuXz zO`_SZ)>5#|YnK;GvFbM(Vzth&ORVDs(zANW_G>ekjthOHEI(+fs!poHzsXndu$+x_ zUT{qfaRPXxV6uxgtuhhs@BG^Ay?ldO`WA)7o8}Xvu}Q0p{B03}oO7xCnC#W8=OBN* z(0->!@xefK{SBxx$hGhj(dG29HqotDv z3K*9fo5HzP=KInf%$C|9kw>s6*=h zPWnVS^Ovh7Atq-TuL6s3*Tn{m;7BSnU#g($Qv6CX8zq#-oFP(}5*Kq3k+sRRREtG zeIrEYeE9cQAig$gu=v(p1`V~RXn@r^N1B?~nkOhg(&bqKkK+xMS)KUePPKHEjmdED zETjeInVP$}s1F+6Wplp|;YrmQ>Z}^HCGE|N5yjHB8_z1?)U=dT6c7wkz0l@=x@Gc( zUffjHdn6dR#?$`18>`@)gqICk}roLmZqW$&7;?%BOKfHBORmravyZy#-$!<}+#g?~jG5<pam}0C*$7ZXPSS9o0e}VmkE( zgJ5zLkZI`$b|dl>w$lY&g4<(R0xe&y-UajN)jl!0cu{h)O)AbeX@20K2y6MdLw3bm z?{G)UDU3U-cO`V7F`LCs-_E`xK6UhzVGe;Qn|-@2zL8NLtSsi1%bO0?yh7u=M z)vEPGKsG5u7G@j(zG|+{;kXnHo~sFYEGfn2@Ghlf&x|`s^QK`R1r5muNBfd+FvW`F z+nu36^%ks}&^f}C1zT>u|LC2$OTK2gL1_~rp7p9UFwBlw-N#e6o#bBWbR+!RcmF4` zeXzVKpW@eTXz{rOY&S0LiWw9Z#_0^(+7$yE+=wI_^|Lz5l=~R0Be=c}oTTlU>z-9F z^szCO*H)L48il-}+F&`#T=tc;H8~n}!fcigYcJQM3rSwvsxO&tPxE!FW6FQc-=+sK zxF9NMuf@rRqmi~L__*C9(u((KXk6HN#jA)t&C)F#WpT$7Sk6~%3D=Rhi3&9|pkPvd z$Q}g6JBl~{QvKoAEBys!CRS#?uZbPu@eg&y+D3qMt|~$tU3mtO(;nt*v>WwWBsYfY znCS$j1++!Bpcc=q)b*a5vSD$MGUL7zprLu0)51)TVjxtJzNIsL2AN{vitXtA;=zBl zMYv-z;hT;OpqC8FBuN!ukiyKpC73D2p(7(8en9)9t&uewW4#L@s6bDzoh4l8YM-MV zmRMi`abF$tZf0T_&~!qR}2*=>~>={Vq8~wlkC=9kj?vl?-XL-pG!r7WkNuw=h8}?9wXggY%~0rQa$6X zyj5X~AS+8FPFAp^s$V{Z-T06B=rK5C^UtmfeuY*MY3A(khvBTXI@UNQ(nz9jYlQd` zLIja7E3ZlueHLx`e$4NZu_NKv=5*Sl^X;;@lx8fV;#Md=nL1R~Uzsm0#(h74*9KPJ zH7i@gxs0GXEg8)~uw6@k;fwNb?NWx;BSoYKd+W8c)#)LS(37x4X zMvqa7vrbv3R}K`}|B;r(r1KN4`o8-7XbUqFcaNqsmd1h-JeSK-zGsmc<1O4gC#W{` zzwaNhHo$4DyRebl<>$Zq#gPt}ivaJ$a;bNmOash@2=}oK7mR4qqmHD8Kep_Ac4>Rp zFJ#FSdl?xkI&vK~R&W}Pn%Y;?i{yJ#<5pR9bYekyU}foibOvJb@{G8cOdsAoWIEkz z_swJsiZCNJxSQTTxH~G`#a*xQs^C}>n8hJH7ACsC0k^_qxG0xSKN#>ey90e8PP%_R zqHw7H$Yaz*pPJoIYjMI)Px|sDw${{d14K!F<2MC=m+-VCjaY(5_%Tz?sDnIE)EX$% zeW;_LdNUintrGW@)g~_NhlB4FuTRHg2k(nAxb7)I`3#d_Vv`~}Sdt0(Tz(M}dA{?3 z*>w32-I=`n?z&Y?hypw?ieop6-v4KZU)~CldG-di9Z^$1fBd?2-8(R()I!I1Lv-o| zxTHOMx?TRNP<)lo&bBzdS0zgcZB_T`L)m?5y=~_5Gvg3s8oW4tqhZVI{apCeeR$<) zJzL&&$0n!xnExlP~H8fHK6(TOVy)yHyqyxrhLkTq40m74=@dtifdnQYT|?jC&Zt;8a)ya~iWA1w-7@-nTo&C=t0X-bR=2VJ5q zzk4I|wRY-QmF8~q8zjtkPRKbK?T-f_CV&z0sYeG)G@pfM^wOdv37vgxg zE523YT}(E52usPAx8B!?H>bx>bT*4<3AC7AQVGgZYSz_S_@)uOs}Eh@V_3M~i?I(o zJDhpHCwW@)&}(KPo3KOR%1JlG4);OMF#?t;hCeZ0yo#32_Y zh%pvrv(>{38)l!wIdso~d8 zvY$~1Ove9CVcQG(?DK16#K_!S0;w=|FBi42#CB74XQWG|ZpYYnp@aGPkGLK`A8kU5 z9cgyf`my{wn&aj{drkFZV2Y7-)Ie~%i81;%QM<;xoFcz@HR%$fA24N!DYC|<^iKX=h3xH^IWZxDmfk?vW`#Xw zK=14yIXI!KoLyEJlq7jN`_w4)4XLv=|01%TSp2GGVq+L{Obe)uINmJ&lU;wJaT`wb zsd4wm!Tb{q(tTSWLCrbo58)8v%R0h_=Dg^pIViJizHw8q}5pkS~*o94fmZZn= z_M?cX0ZYoyS%^gtd!lhFY1kYzyTU{oE%jcR z(pxW^HIiJxN8G8c;Bk_@^H*&MPDXm4q>$rF2R(o%31xTNw z)<&&$66z&HZj&oIAsw+|f`BUcsudHX|&keh~qaRl$S1~_Ni*{MeB zlaUcu-bZ4vSZQnzVD@%-d#KA)Dpu|Hx_MllA|!v_c(7gos>AL6D1)EzJoWb1FVnRJ zrXOOY6io)pr$fj?9o2GV=a|E0>T;Dm7))D;sND`hJ@ePK`*kJ56)g4cH;t#`44!j$Oezc@?^jQusrq{{vG zMIx!{;a|&2&QTI0z~#tUhk;_V};VJl{5z0~&UV2CioL>X9SJadVh<^#*{ zwe-gNACl+A!+EBW?#V7KOerrYFD*nKPt<5Jgm${(>#f2#aSS{dA<^p-RLV1;B2iJ( zJtA9EDW<^{Rs+EKo=xHe@O|8e8~YNP7*{DrR_nd3dvjKIV$-Ap0Da0_Pa1gGg8E;(!|)TZu=EXd_R8hrw9eK#WmzHHE9z$d)WSur?YUY zVtv2<5m7oMr3LBk4(aZO4M<6M=ZJK7cXxM7NlAB?ba%r$p7Z^^f5E=4Ju}Z8&sv`~ z_Kuxh%Ju#l$#ZvGwVF0n@~as=1$2l1JtBQtI)<9e9R0}8C&hIK;0d)=bd2F~LW5B> zU3|s?Ew*TtrqNYI;J_tqvB^Ngpo_D68x83{xy`5l9CtYIxnT?{-o|PocOi4lOlvK$%j2Z*QWxIVYEevWF zGc8UqOo-80x?XP^typ4zj(HvY6`!q7i(+Cb4*5FI8}M)7e6mEkQ>G31{?tl>e#TW#6TH*a zmA>+&)*=-hkbZGKKckr!^XFy+JwfX5@ZJ0iMZ6(>>cw2X0zQwFkVDu5%FvAJl{xXGz&@>f@g1M|N(`^o{U zncsrjGeQx8oAogcb_-41*|5w&D!-Oaj_BAw;3c^^~M)tE6r##c4~c=a2Nwk{1vr#=>R8 zVu2qwHmZRT@hX(l zXPuPQr)}!xdJW$6l}D?g98^kvos7u7Q9TZPnHG6dU!j9{kdMz(pKASJg*GU;JiKjx z{p@n<-1ik+u6KtgrK2q=5biZDs;8HBQd*D(Z)B3k+Mj`aUATh@g`ZP6ay&~jK$Af5 zG=ZIX?mOoaJ(A~NM0%qR^ebjE*>Kc&D?rMqD|COan+P~zAvkd9E2=a$p`Dx>ttwL~ z!z$XW%y;9RS{k~v{*Yl0rXWlQp9eapgSk+zjyZ(EjW9&o_z|YLvnI0j_Ev#vMuA4% z4rnH!joATzd>dU;P?fqskHXwwZJ+9GD1zBjx4d3Kl)UTZ139pIG1l6m`*Yd|es@fE zeW4Ib;e6^b-o`5H8wC^MG4b*XNRH9)QhqKFNI}h6te_3-sZUh9T|4s&ZyJyLCA=!! z+Kdv3zM|n+@1f2`f4fPUGnB8RS(mHo!6mod_qS~Rj~%b@aYs6kzZ8N5g=UxRU;O@) z>Tes90_IA1xK2qL^2C1M)m`{&O*sj;|)Zgq&cK~kHw%7Jr*P}(t6{+A+@skbS57+}= zvW>P-_yLqkJqB2P$wo_a)Ug}X3i(Nc;*kD|Z)Xkyc5jr?sp3lMYubIf*&z$Xto%0{EKRN%BAjp8&;o`on#IyZS4Jc|bA{Sqgu*9>yz{U10ZN)$p5->~-B9KvyAQy7!glU(lZ=%9R2!R(2OggJ zrKRrjBjnY`qZoxWGQhQ6wZXljnvkHgfp46f-nn%%b2QDi4w?1}h|pwIf^axsmU=f||Y`S;{YF zKjq+L6=%th4+KlwoG#m^T8b|FtQf23uEHE1;n1}h_XtRW4jP;$2Q@>{a!3hef)6-QmPdvbE}lv!}!ujS(G?1ve205bsZ zH(B|R;teZv@e#?z)hJx0RQ2o#UD@^3Lk@1jAJPm*gAZMu^dw)icmF)L(uZf07&VgT zSA{XEy}T6qJF?D{CXw28Ga8`vzEQ@G8quOu=cA%^v*#Jo>xQ1BLSOSX!<@4@`fAS{ zjMDC^r9mApjeG;&pb#1M<%>|204~u*XeXF6^^)oNlAJua-Y?)S*DLRScueQHZ!z3t zua6eV#~f-t;fE|ju_)~D!CjYj?M9M+YfOlrb@FIWbuci=!YeM%V!!Vve zH)|Xht?liqQ!6{qHAC>RiXr@0_NqmLq@C#!d=*-*gY3mwWdgV;i5hEAK7YGYPhHsv zrzVh6$?>tpJp)v+q}=_t_r&3aochQN@A(SLeXkI7GUaUCme)_)H=qsEXu|0 zlg<}iZ!}=YT`I!0z9+HxbTBrU68yeP@++RxE5)KiKDFNgWwu6NUrwD#ttK%$C}N!x z{jgbeJ1(|jO6#zUOP?{eDa=5BzbkX+6^_socd|YmU<7ntK4wzr7tfQ@?n{1jYIg31 z#b84l3CV{iY)8?NYIui6&Gi;5it-POr3SvL9q1{uj8+O7ntn=vG%wM0?3k5f# zZ*DBBy>t|WK5gxF#}pj0s@vGd!W>~+{+2O5t0v-#oLgJ$z1HTLpQqpQWk?e&HaBz* zX<&N>^XDn!zL)D@FY)~BPTMc64Cp6H{snRrTrbnq8VP=Hu{6b0_I5%V&#QWQBs!;#;b9j~fV_LX-vX z zcs}%xeNL?U%p z1b#Qbp?uuc^EUk)%U;cD(_M!Mn#$hkD_(=Xij9V|a~hmBx6&VZ@jvy646nG0A0j|& z0&&sAbKuED9pw7Hf2KPRPbD>C>)B>{&zO0<2B+45NX={GVE}|N*n_Ph@OLSZFfKi+ z2tg;YTRq_-pcbzw9v1G4Y-$RP!m$=1&RXsqJ2MeuIkVxBt(=dm?XdET%@L_i-P;5VRx7KIZE{YQ*L`r zbjjhq{7ZD#r)V6rYQHaBA8v)@dkr2AIMmNB@I0Jc(sS}7)2m4Ps?0}vlF1MR9-@_# zQe@!t2Nib2eNc@w$xl|+`msAZNW5Rc(*Ntq5#B$CrnmT)pdt{-C3;>o(Ef>Td7fGy zSi6~PPRfwbH|O@Xoa{{KrX%zl=9yA~kEeLiqi#(~9oh6cr+?99mJkYqSbHEJwn{4>c-ib26=TKu=lv1L87gU zQ=n`X@*~+&8gq!gm@{D}C$Aw-z*2TSsOI`DBaOgB%|B(DB&aA;YWb@>bc|u+aLo<8 z&sgp?ocs1{DETIgc8Hx_C;HbV0!AmA#*!o8_q~qQ<||2N_oe(Of<+mF=RF~FF{ydO z_UWM{T&eK$c(%Lb*q7MY*ql|&8w6WO;UJqKMvr?yu=Xo~ao0?wp_msDM}ToQi=6Rv zs; zNx`VbEMiHu&3roA&gXfpjiN}~d^aWF00*{!((PMa+kGwj zT+kw#snST(8CWfAl}3Mw^+v~>p->dFf&wOeA2PX zt+Z%t*Ah5N1aNVKK%#EO(zowS24}UZy4{D@W0Wma*w;GPNpTi!iW(aGW>c3lvTpdC z72I+%df#R&P3xXdb28tFd8zA@75iQ033X=g)ZY9qqkL}W&H{$=bWK{n&p znED^I@mS!E@lG(;(+2kGIyS$TXplZnYlN*oz|9x`B_FG4>#~-S&+Jnyv#rNMSMfWP z`!t{aO4%(Feka1tOBfeMHa53UH%jx*=?}8E=q)gle4?_jP&qK&OU+y6*SxrpSP z1}AomK+Dl3^xi`MK^lOXF8f#@+kG0)85 zzx=hNuAaZnzu$1=Pb66=BJcFRx(0LzPMyA8YP=)##vz2(Pt@(s54l0ZaC(s&MlPGX zSUcE;*S*~)=?Ls4<70U1ay&u(D#)Kw;nGB3$0b&3B`(_(0V|C#hA9*&$Kh0O#V6=U z@cjc~&HZbRU%oRIbWdI^4HGVE-W?raG=o~fptyy#(jfS(ap0i>yoG+t&xH3USju6F zTO>{}wE<02muaY0*GBSpA-~Mi$@r`PezCV{ruk24?1Y1*h$gyvw7R0mv7H)9Olg?g ziIdg`uRJrIJ&$QVEl<K?;O6E;?KvG$KPXq|rgz|L9*t27 z5-BZ8;;6}Ui{^(PAN)yjJi>n``Y84N)n*c@)6;+TGVFg%D`_3d^;JkCB}r$uyIdjg z+^{H}Uvy^Vixp-zyT7dnh{6NNU`vn}Sow(0td5%QR>oF)3i+LJ<$0Mu`%#R=lf)iM z9u`hXyYaee^wQXrJ?c@K6KyGj2M*EGWE5|u1O1gYC!jYr<8Zr?9JXSjP}#e=}4 z+k2R#{4j$_;0gwMsx0FJv!rYkC(= zRt?NDt}gFrT;#BJI}K19(`|2S-5X=xcy!0l^vV+Phts0B={L)nK{GJ!qdGQ>y=lT#yti*=A zEXSC4v5Dt?UzV6U%OBJn=NT>(kPh>mZ&TFhUofUmZf}4azc1j&MFvfdX(8Qz^B8a` zEy?>lPpj)~g`RmAEs7!K{K*s==W>7`o0K0}NvdQ|MkXnw6Eh-J%G zqY2%$BY`(z>SX;a?Qh5c%A=k#;e~%g|QmRB(<(Z*1_YCjS>UY() zP_49u)0CJ}%Cji{6z8{v-wvS}`l3}T#o@#y(E0izeapxf{e?W;$M{6wJ;rkhr#l8# zkSjK+wpz1`qoXz=oezx^Z&sM}&%_^S>cb*9_zaivFclqvF^T(K;Je-(4gzpli?iV_ zuNgFBiBda7MGW75v4c#XF1tR%A)NzcrpY|sO9fkqxaDoh%4u{TSelJqS7!RQ4zodc z6T3Y!HGigWlQcM&4t$Hr;UDMP^A_A!%ZZUv$Kb19u|6SduOohr{>j66{~7D*fp>AF zK`|`*Znjr3V{7p$+b*PQ1|0}&pR40iYjyco7yjozR>+hys%26?Cv6J~ux(H=Z=PD3qt;9T)l= z!XD^2bc#Z4tgq^DE%e?*PIhzSQ2WJ1t|<`xQYP+^qw~Y*vAXT8;JcZWKouo;5^!O3 z-W0GRWOh>ukP(8~UdvgbVp?qXoHm_5wQy}thIrab#%-^BCU(y|$b=q7QW}VZ9s*YM z6ui?RUMc|m*lScW!75pB{=)?KN^2JAC&wYiH?VROsQ8?fq zkvN`wXU9WlD)WEp;~&Y%==V=T-Uo9wvR_u2xh3vLE*6@-CXIeW)NZ)uu3EHiEvm_8 z&b5&89aJ<1ak`~yb+}bIyo%|V=ZRW>ikB{q$q4N76Au?Hnu}hz=_^7g`AX>a4fHsS z$1B?F784Y#0!2o2M>))M{5;4Qi@gE8HTDA!j>Fdb^5v?SB2g&OM(}XNi6X%IV-PGz}v~;?};j;-cUB zp8vj@OvOs7%~OsOo0mSQ=YFnur^$5-6e2q~U@z1K(}4LLZQ2@X(pwL$#=Q1Ui=8_l z4k#b00E?o!wUy!kKfhfW$Q(DU7C-Tb>rh`KpFMZtmZ{pSPy76?Gl{>aUWjk*X6vDG z)$Qq_(0Z86z7x6bQybG3SXxK{Il+Gn+O$aPB;_dC2uJ%vSgr>Fui9r0`kZr7qt%rAjoDCa`orjx@#6 zdRBp|RU-fTPX4?jf}44y#Ja`x=)h>jXaHfBry;ah5<&0bm#|R{`8N}XB31LGROt|_ zLAG@4CZIL%N!(to+(xU!S=kEDM@uab{_;;!rsR6H#nk+w6O(|2fmJ%WH1N^K zse+f`I(V4IquYECb(R)JrzsqPdSxLl&?GbEg8^Ebh^;_kf)I+D^!!Tk=3sx}#zW;= zBj`TAGQdra+qYRmwH$#4xsg4or$_hK%V_k_J>4@HgByQ{UyC^|5SPAg;Am7Xmn@ zva`WTWX4P7Tg*|nr^z=bRdy?TBr`oeD z!$|DwXF6BOL8zIDqv58}z1s1aHVv04;n$%S_1;6eK&p@Et<`Jh;h<+sQo>M*>(&Fk z5*7OH=%4E5?Tr)Q*{khrxvZ1cCxy;3&FBP4xYuNHp|p#Yvf!hvAEyR=337B+=Ae-X zeu1@t30p70ccE=7%LIQ|5jCSF9{SNtcEt|?3MKrwBuHYT=*cFnwHY4U3P1R<^KSKK z4g0?%|9f@%FUO4hqAx4HPs&v@Nx$Q(pAPF_*1T@)W4v{lb<3cD;M=`ATH;ONI%mu| zYiH|ew<{~vtZPAS*!}HkYA?mPnw9Ht>e{C4vZb5@*a_L^V`n@zVLi!Xku(CA<*{qhz+m0f%f5<`lop&YX*bgH#zF*51&$YoESb9`ht+nBZ=Ug{ z7r5^lY2>iGT}=Se-U+NJgApKoHyt#alJD{Zz2Sn7Pw*74l*DpRY;sM(abI-WVFA$3 zINp-uv}xyU6|*WNvVjbfhB)6Y>8@U08P>aJeg%7AIpltz&KGMB6K$OvOKre z$KJPiY@xcr?;p54ByCz9r`DTOvgI?)84FXloNFO^VoWm2eoJ+ps0>ysd6mjq9-7!N zj)|@-kXtp!MX`3vsqc4owOUGk08Bx#Y*8CwK+g?_UG~ZsuSP5K(R-vqSr@@YtIP>2 z0IgmIPP$(|t8(tmrl9@w<3ONBUW$^4mz@_M)CwDm#ca_C#PAGZZ9>_bzeJXlTg*pUrS;WPTVn zb$NT+eXT_8RUkniZhZbuSN^#)A3`4p&WsV;1w)$f1_4!3C9{yDqgL0W7*Q0C`9=DT zopR<9QqmbC+~*1%SaAdgvox*W!Nz~(AyIw`10fJ8+zOO8jz17p@FZB4pj zCn<_PhlHYy zPLN>f4dZ^ec6?RuRs=>Oue39!ezP0fN-qPIrPBf+JTzK-9x7_jD0^BKKyyNTAaw4; z-fgi(GsV^LtE=PkAZK{Wh#vTo7)UO~>i4<1eEe3@(~j4uhKpDWBQ#$Eq3Q1P$~+hd z<1e0_@B^Seh-#G(cwTB%-Eg=5Moo8N^AW?NsF@a`UQck}uBQ4XQj5c}eI<(LtNROa zV)XQ_v$C@}Td=1^YKCp#?d%8vuLkJ9TEe17qS7M~OX#G-VZ`xnp|HnFz(Vl$mf>}? zdJi}JrTzf!T#{IX|4yM5a4Y zD!sxdv$6BKS4)sCKM>~FKVi2iiAak}wAO(fTtB!ht@YOHekgxv?78By8>RT*ELdXd zlJ2fkfY437N`TJbHxnayvQXms5Y3BLK&-R!&U&l{XIRhVbF3UR{c2t)o4Dq|JUd9< z14U4Z)bV}_IU>Dx2r|r(f5w3bNT;F_!5lhNOi`^G)NMkjH?X$>nn|l`zCAwY`p68S zV@XvMW*GjN*yC^uucfV}dDiG`jPhvnsDouj zLcJp~JIaLS5xz#$zV>Xvjn)|YWDr`0MBC#bzX6Z@&2E{G*GfJ#pz(|3x!A2mUP=;77rOjkeM<62!g3sA%Q_+5Oo9TAAvt?ivXVC6Nn~HyclID_5#p z_#!*PB1+42bAU3R_o9Us%b}rRoNeC&O|lvsUO!y7&M>ud71Gla>|)#SMGkoxRnB!R zy^te2m8c_6?bfZBh|EaXNGqO@U7xPp5F97$A9ioP*jY($!RjE)IoNGqU`(2!m*OE` za0w^%%gAVSyPJIDrV|PMQu^KS?I6ZA9=nwB>jSxr5euMM?F|5(-Vl-ql2~01is!Z+ zhpu+5VK6!-Kc-G7C0R<}Dwm{}ETqQ>!B|p@UNW@ct6mNA5XD=&3YL=7{2K`<^ydE0 z(G{(dXsB3Hm2K6*$9&ovTAD^bNXw#BcoN5m(b3(e%^P0TKUkw!_5TD%=Q67kP~0Ad z(%wWV0Vq}#^NXA>u z+aP-S;>$+##0V))d0$sM7BMyRld2@6!_r&^9XgPM+xI?0hMA5%2+tjUC#oC=b8^C}nhg_dMEQ!X^(A?d@$cJ*u zlIK-P5XG1H4#FXTo73txC0{dFpqpD-(=%L#$|QoIC(RQzlfOv%7i}|m%>Taozupob zB3mz%Y0M#E7aXw!I@7Uae7}r{6=?Rj>pnX1qx3JOkcWV%U_pBggp954lDUC5t~WH| z+nl?aV|Yj*D7mlWbfU?wCM@2c%nsOf`j4WB&TiD2a+%BiqJ_>(|LHP^3l{=o>=yh zyGTku;WcDli&x6!YFKJK#M2m>Ew$h~uzGSgoXejGCVm}4nfwYV_HMz;Oq^i#{D zgmJsbtX}%^7Mul8ypBtyD2Y|;C@jg8Rx(q9TAou@xXprk{f^vvwfK`+`9{yFwn#qp zmersYl`MUQZd&)nkg&|-bsnVnVQFAqdDBw7PB%oD@8i3kp~t59Q^p}<{KJ*1p}&+V zuH^sZ_K5z1ZI07An@B(1B?P-;aFQ61-Px}>$L=MW<%F0^*FVg zFL3|d2gPopMUKO8z|ggTNTSTL0-{q=9I}?2;M7(bB_8(XZq5QT4@L-SXt%9Ux=7_H~d96!Ix^8 zB*pd7d7@J{6@;p2QV~*h4ZW(DyS-fCc%A~=RvYH>H=lJ~!SqhY6Q;w*TF@X~YFeBpW=L$P77Ju|MFG|)}s9G%lT1p?f3oU$)SVe7Y`NA?GHziVM8rAgd-WdLuMqMdxr z5xnFJ(ULM{w?;4c6R_;BJ=k=*?fd$+)G4Z;vVN2kU>B=6SmL#;`Ww6fqm`Fyqcwzb z#FHkjYyaSmq9%w>uB6v2T=>09+ydjIlGp4-R{^D$8x;{Vfzn4&^52Q84~s$xd@JLrU$R$C-CG^E<^s7ESLMr62c$f9{QG`Eya1h%0hVBR(BCBAO^z!riUlO9&+y8DGlkA*B z3$rw*eDQ5nHe=|&?!RRpayLU|k&IVO!2KF-FY90$wxQ#K3HTad)TK1@?Kx!heq?gz zm+kQj?F#C!+iu!bZTts6Ub<~d_m`dcs;^O|*yco&K84)`Pm6)crs6UquF|L3HVdP*umnyvrxQslfSW`4CCyckE!VEXe$!Zzi6 z_X{kUES`5g8PqJR;EPL$1a>B9(M10gqVF9@ZzucTz#=+_ z&V|IztNmTRZ~Wg07`3T1{f|WF*ympCIj+g--1m8LPI2*7i@)csBHBfKnaxpmt3;4q zTu;9GCwuFn^F7<4sUBE+24I*-5#0qVb0NkPBVP25u#GET;#vzlFy+o7#TGf%nR2345-=ss$ENvu*F%I;k$*`$tiYNlYghd)fADSEW(6Q(%ST#SWP$Or!8NBCd zRb6h;7G+*Q#gFTg6Hbe&xL{5WLlqf_p`u>hta^Z)hefe|+Gejjp^j+dR7xYZhiPg` z5*!I&Zx>3TiZ5l)@G?gR!HMu#yEWYaW(G!Lo<{816mX(~ygM2PmIYyMLvE&v4Ev0gwLAZ>?HX^`^gQWw}vv@vBYtUYKKo14gI`VdjVP z{N8JETe@c;^pXlAq(bk#ILNn6ku&eKjk#P!tGsS6UU{ycYEaz9Z`_S+5CP(bKdt|N zH4tdggk~{aJKlH`?v2lIgeDK*@S1b?B*E2gS6^c*Y~xnyxlNB{|46=l&L6@1J#6P1 z!1e(~ovh>p(f!M(qn5+GHp@V|!-z%l{%G&U*R#{6-bK^+h@u8y`Z8>k+272+jlnHx zC{;qUB-1x2Tm*{?fGZ{Dggq=s2Gt3p8!(kto1cj|$wbI;#H8U>FiiH^$9`vPE%jbV zy&E*TIxKFvF$x#nL<^Q7Wt?c|I4ZFlcM{#fmPqko%Pd^pl(Z`nQ`7J!-!+M;vXJ{! z;cEN#Lr7U$6eDAFV^y>2uYE`Q`Cpi~!zG<4073WZs6 zpdM97nA*MaxZMHC)n6Ig8elwmXVP z6G#sr`ss`oZEyHEq9r|~XFSjv^?#@hldmKD{n1XTQl6$1tDrNi#PSg9yD+{8d@HoE zSfG6{1!Qps@|(86PZS9bp_^ndmVS*A`9t$yEL1Ga93$wB+$c*pJJW|_VW9%!e8NPY zf4)3V^@fg(bxT=po%n`y4q)`d<R#pZPV=9&5ChLS#V;i6^A9)z=Yqk)Nvk)$-_4}AD}l;5ED zQPNDipo8^{!31}bSgvsM5#&FK?rMj=?E!jfyJI_NJ3KtDr?n0M$!d(gs~|6N&4GQ@ zUgApN8pm$p3gHP~QHX||QQx!_qS6>CwYL&=`VYle>$AP&Vg<^eg4@KGdneTTNRO640sYQtVeds$O>EEzNx;(q1w@u)D>>oL zv7wq+_V?VgC?^e=*gjgnp-GJ|Xp+8m^ec0f&PM}c)X?^2w3aFMJ*km%J~Wja+HgVN zqQBlfilPjb;PuKtQCg}L%eb*W*Vu|2HK`M zEQqfB;zH%>&5s7hYj2Djd(W)KK|McT0*_EALh?Z>(SB+-#OXjjUa{2UYv*F(ho*jM zEjV64qx=CN<8?Nc(qIU7_{bdb2NVY`)KMG^X9q{F{%wOmp=8egJT%gfeu5y4ENwc` z=H5`DVCg!dK8XX96fo1}TdL-=j7b1F{W+Pz`vJUa@SUO;vqi=}!av3V>K3poAcjtmn(288BZJ096PGEcpLk&fa?D$mc+YRy zka7u!B|ea`!qFJIUc(V~6F|NWlAffCz0#(&x5S4Bs%XJ;VE9VW7CwbO)>91mK(-Y- z;`$-yE0Z^Y3!@Z-s_jMGU@AE6lyUhZ5JB3K*LxAfTGVJGl zQ06cn@hqtM>0N@d_X|g(Ib}w5eo}#f(tYNOaaS{o=FuwU%$9gxe3K@u9WbB5sZ+?= zwf!$g2KWDly~sp7Cq(_hEhO^Q7|uvH+kXlOt_AUMsSX`#aI0}2crV?P7*d~fJvP_7 z5DSQ^u9e!N5`O|cS1M9X)t^TKL@*w5c`$;7W6_P84QBhWzzxCtGIbZT6|cP;ZUX@< zlBq_khMEv8#px>D=1n_ENq2nef|Bd_>BLpB0fXduH&%jD9a6ANU7Mb@BRuJ2tOOW*{3+3gWK68iV@oc>C4%!<;oA~m)@WI^-27da*qE`%DKM- zkTFRa;q?8MeD<_vM7pD7XfD4H1>IPS1j6~UBN^71h5L-gSgYbl5&QhNkwT@Kzr~vy z>@rk&1_VE}(=&>jEDtN&z}Q)%x91qp6U1++kW;*2sA{nDA7&BOz>nUZP+9Gsbyn3N znedGC>ughsCqeI9Ie+peWi7W+t8P#Qx>zDdvXqpWEc5aayb7&O1SmJJ@!shl8$?SO zn9a%)Op5)0*QAUt66r<=rX{VQY_tV!B<@1?0*kUVjcMDq^@$tBVGrvIDz96cp*^CDk#6&UXRpjG0X7ou-? z^@SPr@P2A>r0EXs{L~@b2@I9-oBjx}X!Azj{#KOPABxZ;p$@s^hkw|RD_VK6!=tpA zi-^!}|9Dkzya@w`LmHz{MmBYID&7!ST#T{24R!RBECV$??H4rakL6`6D^)F4mu<^iBH7C|SJDqvO!eAuSvbIq|u?d-*5#?|5VN zQg_$g9k4o+B9!e&k}>ngQ_44Yav6CjoS~5ztzts$>vl%Ol<(M1A|uCG<__X zCi~qB_$RbB2pdX$R|g5%aK=4*M+S(uT_0>e0Dmit4En!K4P$j7e{LeA6uQ>-@j0fn zEWDfkyruqNQfF%)N<*M%ObJVH>hTaa66YTZ584nM#w}LE7NWGer(ft!olZ>AY|$g+ ziqz6fxjO?%-$`BbVt;y1^!OE?graUD;7mk~D^NF+yrAhQ&#f`UGM!&s)0NpM;se>= z^o#8*Lb2juw?ou|rCUTJQz%Iy$r5=o-Zqk-X8#e3xcSUsuh?(h(dd3HFC4_qPOq2t zh1}}>c`j+(n0a5%!8gnX!>=BNAzWyQe$t#~_oDX&$A5deZcq5)I4VOmvy5wrIPEp+ zjh&Sk)C3i!I8Mu}HLMT~7uH#iE8D{e8LbIkN z=10nJqEPG=M(VLQb|$7~VSwV_KkT={e-$~HZNv48Z(6WL)&}=x6+>|g=ggQRRdq-& zo4t#}^cISPEeWzOTFbD|H^x0D^YJ-e>$g#MMO!@varBDG8@Y2 zw0XI&E(RpF(G-11AAMuam0J5~uj)Z0pT-F=2wW(8WJ%{$=(hZzTb2&}dva>~}x z>NRE96klc~9{91O@LID`9Pbkb;7ew%=8!p62HD*ARp28MuGK}O zH-AX__3%&Pl7PCRlr7FjCb!J;M0JI^!06rB9V`Y2#bE;QmiCYn-oIy0T3j{L(PGr+ zmcXxzK6%quv9YLHMp%Oi?(p-HD7D#F&=qsP5QiEhGK^8}i%47-M@>&oF^H5-^Nw_` zGx6~dP?ki$Ri~y*SauI1wJV^fP4F8xAoKqua;w#DUF5Car6~_Gh0G47F3e^q~%d8^`tQXmB_Q z{x6#)%{K1mG^^YaeSuixVcn^?*M@>GDJv}Lt`uH4Ht%+Ufaj|7u+ZW3mn7VE;9!<4 zL&zmu9Cpq%LffStTT_>As6@2|iDA)wpOWDTrb7Bu9|hNMSe3^c@}BHqPN-2CFTUNHCMJY-^;z7ejbfi?(>qEvs# zLGs{V@xXuF2D6-=Ue$nsJpe@pm?cXTpj8pLWe?!)KP})}uh3^{)G$TM!=FoNTtd$& z$<2Si*@ctNX#Wwu;#E_j2tF4yr;cB6G;jJNuo4cSVlzM1Y!+){`%~w&m?%GyVfF-N zu*7}EEKqYe`%}-Gu)~srs8U8o{Lg)6eM;yfN~t#&nL_dXw(_~(&$x>kn6+(S;GX|kG##7zYrTQ((C)wLex!Y6g4)LpgyOw^?qd*zhoatCg zhkH*%LqqVKUNE;Cw)0jLNKobDKTKK)Y^fMNUW6l=EjHh)cYOgLroJ5Xf1{>tue6fu z&zcnvqsBvC(0;z`y5~#2*}CL7ezUej7pmc+QcA`*Lh_}_{oLHCNp2sdP#ry~H_Xzi z;8q`%{{1r`%aEqHJ%zC0v+=cy62`RqZ6wLq@qq{D>G6Rw(0fBY_S_`4B{uaFC~TQ7 z9%)!Ccws5<} zY@j)jB(3@_S9so_^JV1b$72QsWJ~dqw3;lDO>~*e?i9W^->AFyz+F?LOhJY?hbaPQ zrNYU@l@w|MC_El;mDE?SYuVfE{vhtGBOJt5lPMI7i7xm9?Kyg>S%&;GWQ9EJJD6mHAd}Aq~hjnvfuCYY9F|8zKDITTW#q;7^JB49G zMO@aT@*)A7Yrnh@KdXY(d|kRglBxKd{^FUpyb+xRV5ySl3jQj};oY~3?=3tGK4jua z$LPFv)m|auyLxg@>L`!}${w0IS1fR?apUW?t8x+_B{`Nh&&E!AL~Pz}Dp#Vn^P7OO zgz7a;&6$#EGea;9q`RKrr9cB>TYKn+*+VaXXg6)?c3w^E(xolvxy^x6n6f zoJBSNRIVZ=3ZopG(Md>&#cSk1*w8?elp*zSYom@H_=lo-@N=X6P`ob3^h(E@>y{4< z!&s6z=+A{{t?oe)YIqC+>(WnS7ePTdY(^c zsp4;pHlsVFUi?SjW$st9ascWqqC7n1c1-A>HmU&k^q)hjNdG8naxq3T=cjhqrXpxd zap+M7?M6hm_Dp4As94E2N#t3GHNsGlHVdtPw&2tR@rE!xq{zlaEJr2?&p0e6z!+Ok zhngM3Ux!%$4%YwP_<(J!(<0v(7~M@rY@}mInh0I!fX%#l@m$>j!>ai|W#vtd5-xP+ z-?D0=xQB+1C2d0s^%CD!40FeKzO?>7qTVtpuBL4oB?<0MaCdiicXuba1$WrNeQ*tu z00RVfw;;hGxVr@i?tUiE{eJ8GXRTp+c6ZmVs;kO4a0Uc!7oT0@oLeB4>WrtH{R!0B($Ux<$e9R|QDlu}*c|_y zpmip_vs#!-anU!-c!$_(4E&HPo6!A;mgzKN8JBGQZE<)2)Vmh1moNxl@sDrnQtm}igUqfAgsfjdL;@sN->aUpEu=B$N`9(wo&n~Hv3v+M4KqsCzxhb&s7cTr)L23dVAoKQRoz>g@^@=}NB zHQau;%lbA`-Z8A)L-Kr`6fp9M-D2+s<|)|KTV+zKpsm&@E~<2iTMvWQ4`0{D@1kD$ zKp`W+J`w+S6ivG90JCSP%giR3kdSV#*g*)k`M+FN6%KV)RNIRuwqpttopx#n6{{~v z7oijN|oj*Iw4sk1u~GiUmH| zevny91fl1TeqAnp}vDCq1$hn8f;_^SdgMY!;Y|%=oUpttV#G#vP#y^mlZJxAsT2# z#t|mvx1h-$8v>Vvx}eo;aHJxYM2r0%ln;g3m6x6KYeEI4oKPEb{XP5aEAl$0 zzl(IbTIrpB0Sx+xb;{Zf&Yj;%k(KLjpkajPHP%p^;+AFBw9`#}W26lY%BVvg&A3QV zu!2a858&<2ZeG`p{7YV$oEsFpStr>}nr>u(x99n27o{!%S>FlUMiVTJUjxi0x>!NI zM8(47CV^=Gpp(&mI+#Vghd8Gmui=*dg{)_6N!QGmgpbgLuJtMsnyk>F9)AhWT#&75 z`ct+wR^hBc3R?7Ep3jHzHJIkZ%?Ot(`V#n1oZ(r()-bKA?PleEok zMt76Y3O)TJ&;BQe#krnaHLi_nG#_U-ak@}V$wVoB*W?*5NZnGK8_IATAF-cDW@E`uM_YHh9`=VwV zlmjEy8Q?+Qk{esDbJMZLW8eB5azD<(Yk>CNd!>r;5hhJPPu(Rm(D@3e_z35#Gw#89z)bpv9@V`E`vlkb`C^{_P4=XFE({>-gb@56x z@2q~yJ*Avm@HFC47fBiJ)0I;%cj=USk{5&}Si$oKLO9FtkXWO6u@MeeYkJztBG0Aw z3m0mYE#k(qpTM*Oz#%@>v^&6CA3l%#TH9|;BOwf-_!d|@wuI4i<77oX+o;$ z;Y@v-n?VK;o8}+$1|4{36QP~eVIHOd>bgH}L(C?1Nj6FLx-p8K1x%Lht$_EHaG5BG zyA9`a!d;4UlXib66Y44u7y1yliprd4NC{f`VbXuHK6@Hih;_0Y9rX9Z9%ePgKWASA zaxC!A#Y#(z20tnG`3`gXq^OeiLdWVhQ97fBr;{p^OW%^;%ZvOJW%Dgl@b}NiV)okm%iB`@`g;) z#U8cVf0!!x+EOx=XJVrcSjq(|8@a2S3i&ciF&NXcsT=>U>}{Kn{PS?b7O32Q(5Htb zq}ikhlpJJ%?(~fH;@Oo`S{ej^slzp~w>3Ko^%6gf=BMf44)2vB)F($Gzrp`u(En~^ zw%Tx$Sz9(cv-)kW*s}A#9bH80Z2gW7EA?=fAu4vo?*cJCZzUd{-AcQyPQes^|F%l! z3m0C&hayIV69`r8+&KH`wvFV^G=3q)U+Hgui`U}IoQ^_2Z&&97RU#{SEmNRn1dp+A z@De}aBqCx|r3#|RrD!10jrWQflY5X6`*yv|Ns3(d&1G0bYJ8XBi=swMW5JjOE>0)% z=DeQuE^G3lc(tPw8grVX$q&Sp=^+O&BGK?6;WgWzN2U(i>p5<@|DT*C&^Ao-QC+m+~(pOM|%}U0aU#WFLqvsr|y>k z8|Bnd)W125m&`}Jxp^bAZ%PlJ|ER6z(f5Vcmh?gOGihPr$gorS!B!(b@+vE!=ii-6@;?q+h3#lB;5RF@ zEI!o7*>BN)__Gi-xe%@YwmnDKDRG}oN5+D*&*62=0`@?Cx)j8#fEpDkNx(J@$EYPt z=&665a!wY9nSn~_f?Dv3@>S>1DXm*)V`a}@&lS{Wp1DBJ#6k>*y5bGlq}AkWjPK=T zpYy{2Fcktf4xaX4S~~4(orgg1zytOv^V!ZN7-6;Z3?UZBHBL;8%(1&VGgFQtgT1!> z0E&5b`!P_!9MRinZF^2s*m9%-3h1%q0by|bbZrIb| z7^lK{C{x2m#b&b=q1Kb<(`F^16<<}bB?mpg-1`1!B&vhHyzBG$3B(D7Jf`whFK6_A zLy@8iOJCxL*U94`*(f-?75lV$Np5!Mg@_9Y{SJE^kr(77iT6Idp(u>nK<+Nitn-IH z%Z*ov&%Qq$@-aV+%v}!KR@W8X1JM5?F5@92rNMU~Fb z1D*SVELM~jozR~CA3r#aC}^@zoRk{sD!NKwH#hs9H<_g zzvwoHrKwCOyNTD@_9-Oqsk;C~%k!|-Hpz?2wd(cY#6p%56Bf%xsRfhn^~!4hK4~m4 z`$@ig5DWbT7^JAfvFi+KV88@1l?{sjrslsBGf+>mA^|_G&1sk&T0Z(JeDYeBXtj?D zm>j1$Kka;f8%tH8h(z}&+UlZpfqr}k1*~;G;V3CnB`N7IGSX%E1Ov5c;w*5&`Y25&Iu0HM?_~ z$K?6k1N`<)9-;>^A4M(4p({QMv@~nT2v|{AWl5X^rSn7>nlb%!F{7zU3hx~4d!=Zc z;1vtUnPv4%#+3*cm&>+)_SwJ0H8~-v4|7yLUcoRI`h7hIGRjHPNmE^JJ=Wh)v=}W< zs7FVFBV%+T`t6ILio8zNgQQPa{woWLTL%i5~)R)z*SzrKV!T-e{M2J0NfD$~Xv5BXe zT6-Nqdu2JxdwSc_cj&z>*A8?v`{(hG)vL_bKa?JS4RY#zKVrTi>KBL#Vhr^=`_o@~ z4E+y-3;Z8_dHpn?FRF9z-+X}3&4l@a9elm>hc)3Ph#s-Kg4Bi_jspr!&MZj1oQ372W00}7MRlufrEx-U(qM^V?#sjskSfdxVHMiZnJ1)8-+L0&RX#Pu}m|q_)@bV_vA>oubd~CDn-b z!eoAIMOva&$s-h8W_E+ig%K?8S^Bek=8XgG(QD=}K0w`5R@;+OPv#U;JI~J!;^=Am zh?9G{ek!s$Dl8zBMdcjmbkBcJcZSrtns9T~gn1UBJnJc9pGCCa@sEff{;xis#*41m zDijj7bb-p*;)Okn{3afw=o)a5K=`=%%vJ$&{qr*cb^<2suf6Q>7_k{i1o|wHSD>9)0w5bIYmZ*J(|KD_`4>Me(KMKrD)>3QMn$ieO%{Ay2AM@xZ;s zy*kQhy>}un7A)PGC&j?YX5&hv+E3mVu-?~xH&V*qn7K7A`zP-W+|$cqS}Y3VT_9otxuP!ak=~NH2q+~OoaNrSiG5pv}e$)oTltsQ3zw^te>xekcrD()qJM5%2Nz>Q}aben->)U1oRSo8# zNhY3=SefJH%<7cwYIkAM6`OXI%Sg*&HCIv*gK?v`vRa>4c`qAu`ggG204jGt*%FZqhKTdv+ICTq#HV zZq=;TcO8~bQk|z&n=`F~Yi8-&7|^|aP`vf3Lu?X6(y$prD6{!6Sw3idc?_Zrmst_X zQLIl{JYZPf>xAI{d$!5X;|0z_71D)FZV}AT5&6fxc7!zQI*NX65!?u2|9*u3Y{c#% zhs}%MNlSEHqv5-+Z#kX9vIlr8^dr>kpW%|K&&?c~Kfuc3XWDsJ?#O9%A|e5yBbxVq z4KeDRM?bT58tPhXb<<<`_HBOWgb9@&6H}+6GQI&L!X_<~v4(;%_M)?JVNb#0#r#5i ztH-Ugrwl53gx80B@`hnAKwaxevFw9)6XHQb>!D!ww zTM_diQ~xt8OI!2&EiP9WE~5POvl}60DoJ0WRc4)BP95a3lqvdo^-bbowz7f=3xc}8 z8v(Aa_UzR2bI($ioUpe@ukPYHt;Z=3jJm>!vRyyq?+33Jo@`1!%A@Hx0qtZUjq%C@ z?Oe?wWj)hY2`0q45~l+M^SmRLXx$%FF5azie;c7I`o%Hg!&qawQ?Hv%^{c;Wd4+4I z1ewexkm^E0z7=Olo7G8$B~2JH3FmH3ynqq0*_VB)Z=%&6*<#o?khnxhAYFNX3}0Ii zrA$)s`Gf4Cw3ukKb7TKM-7oaNp}=C+Yj-jJ5zG?PhI|-dzFD!qWNY5Y$5viB1EDqW znA&KMxh17L@v$(P<-r#x`s&!gjIdd^mDeWf>p3-}IXLR-~UNGM#%+r^C3^dM^-CNWa*XFRj$R5Zb z0C^F-x8KbtP5q&re9@GFENL`{uU3EYjLB~kp}xn&)9j?6OAV5V+uM;-2JsqI$!AHl zv~miO^QAG8=;%V&VtEUW3_wb|)#7T1A-bQ6Eag^8sZ>LM-@#rXM!};2&SBajx+2mM z5jFgm?;lQco@ttR7^90r*mMDf%qy)ih6U7#d~}u_=QZZ-qi`d1_cGUUvXS4a30B)l ziu{hw+UG8v5emv}za5M=Y;}VRi`W;}Fs( z9`KCR3s@{;seC{|7^Z;=tSENmpJ{!ve8pL5Vi*J^O-)=D)1mD(f9h3#wO`>gSz-Zp zdIG~QWX8u2$G8WadPZN=Y|6Ot8nc<&Ek~qcl#Ve3VlR{qt=B>Cn9~=a3CPRP|Ji_tW@;U?MOqutwjC) z&QAjB3QKn0kg6+f1eK0SlNo)uj9WHJripotGI^p2;z#E!nb}@#OO(M?@eolsel{Y2 zltQM>ad;t3$Nb=byQnkK_@MwTk!grW7b>s|YoVF=*8~R5x&?ysB9J13E)hFHi z7`~QzmjdRd8GKQoe^=?B|AY#Bf?N~6S>zt^PNrX5;gKdiu*ChjaK-{N!w~;?*d!P> z+Yn}$WUs>PMf1CnFZ&d-`!}cAK>ZdLG)=P@ds&8b~2Oj(NZqCMslq*Ox4s5aX^T-be!pet3O1m2OGo^PQCs4QLl00Wt z8yZ>)j-lhjEy1a_?2M2=^({SU)2Wky~QcM{G*#5R+@yna(d9(1PG2)qS{uf$lJhX^fn zeWlaNWC}TGt)+?`D^p0-NYFEI&PgiZ&ToXf~y+u5~I6W#YkgArDr#MMF5Z=={~2Zb}< z&tE6hzYsU8U;+$XQ|c5sU|yMSNq}NbPT3C@Luca-9#%*`w?I_Pege?S`RY?~w~?&$ zyNN7uxU!o6iEQN#+N*(Ty{k%yoHOZsAS`$dW=$Mzqr777ANP_!`FWe{7gwsuzbZo} z5~#zd(@5MxWpy-rU4}M3Q`menx}Di9nY!LcT;Oq7T&zGGEnLbfidvGof|ApNB#AMV zloH8(EYmiA<7@H=1P*As41Rpm<4U|9r8+ohKFV)4NJ&?rlE)9)vYJN7F;R%(O2L_# z_fpoQb2?iJT8`oKXV@uOxlSNWMbI~ZsjWiSGtSi?BTFf>@a&AR7`UnqJ|$sAm5ATK z6*_!n%jNlQL|=AXbd>DKNmIb;^0g3c3xA(#-9{i+cc2}K6(H5pZ>)PCUuQ``UAb+C z8l#hLbW*_wmlQ##9{=y^)&I}S6_={RaskV}DXMU%EHDC=6IFkhHg@kHhE&wygIln1 z2@0*DkB{N_U1k)<=GJ`Z7db%WkVq1lEZ7@-96YHvk-uKp&XR?WqHTiZCW*MTdFX%| zX^++&K%}a7Hq?c^xbFEpiI|S7ArUpjoC)t%Dcd^|UT;_Nc|}jZ96rOfekR?8S#|{} zNj|5gUTAynjW(QVnl45f&i{#rK^rdxOMYxzPvTF31*@)=NQc<&P|*iGADY%a&U2Sa z*gc_v-#JJ55 z)(~4}Ezv~6S5I#bC-CzAVKg#i#jLcOJhX>`fy5B7R?1{kT$+Qj)%F<>4SJs<;7?

3d>(n7{Ng%f$X)98@3@+iDGBvM(=pV4v7fN%Hs@2h``qeiHZsYdUO+QGd-b~lPHFjvZpzMQbYAKOa*TQ4fmD~RdB>lY(CLgc>HC_! zYimJ2aW5k1(tpoNN%T8i{zm^|!0l-@^+_$`@N<3l=R!5N&3jtfpL=6JxR~Dh2aq!?Vj2Aa*38S-`7nb;ue6u4crjDodGJl+$Nhsm zd{P`!Ms|N&&n0b!^7d*$G@Q)9WF!)!dB2R=Wr#wO+|Wn;ywEmANmiFDT4;s(yN0}e zai_rP-*hl9URV~7Q{7E|Jit`G;G|WsFOQt zDzd%$boAn}n!WfFbB52522e!tvR%@*bp_=p#VoD&KZ?kqOQce`QHx;B74W>;!xPcXxbN!3u`P;$&f?#(EZIknk>{o-O% zt*J*X-&b4;WPPULI;{^c=rigFwy3|2Dw=f5}grTm{ydvaS8c zysiXsbNE_q1x83sZp<8V+amA~-}m8#g-qIdO^LLf7j^-rIId2Fl7_JwrbXlyLT$-rN&Gf-k~oU~3Hp^tHlhjYQV13%F;u zWM!=AIndbgWY*Qr~XIvlk;OTp=mx5CtjKs<#fAd|7W~&ma*urri=Bz9Qg@#nLaC zVT|`67x#nKp~pcy;4p$r`hYX!UeOXpyYg|cR*MLykVPl@QVp;oeohd{eQb2DLZTX> zPJ!J&fXv-hZEYFgKnA#6Nd#*o3a+S_REuhjsP9}~MRx6fQ#jCkh;^rj^ftQ!V2ayu zwE%`r=P9xJH{mR<+Rf_b6GVo_(0PkKsb~{=QObf>A6o^^7aHEMI+I&xW1QwLm&`bh zvy-qJI)|zAAfQvIup##0}=ZH0El$4s4C>MdJq`aEZICZqH!Ha=z;w=FVd&o)ufxYcFHpy6m*M`UM za9u$>#;vP_6;C2+S6r<~`IZD?>sAj3Cv4E@tnyc2LHetg6CLU{!S^s~;YwL~B;sXH z0$f=WGT1~I1(vVqy>WOx-)AQ61bdc?J&<@szoz!8qYIUqpJ2hGZI=f}cTht|8_i?6 zX8vh6PLaT9oh;YVJ|}mJ#Jdj8j!!}_C#%dBdNVrokSI#xFsBBu2=}ELwp85;ZI5`Q zm}vh1lBLt*hNT|XSE>s%B-h+V#K@!`04j|=+GLGg@@5~J?5lkRSI3FTw<8%8!mrxo zJmhlCbi7!-Fl5w>xzt+&8_kGzKX+O4a}_AkJkDMEHoSjfvV0I$O>68B@!(My?N!2L zeD!jBDP7&cFUVEi#SF?)9ObpWHBEJ{!-VwD9Ae%bz(v>9O+87kxiuQHcdv0Olymjx z(m7BI)0mgkO^r&krg+_bRqt4dyIhNbK%!{4|JZ&?%I9saA$N3FS6U9_cZDhb@#g8$ zMy5Q4RiP%Nk<4t;C|Z%#nv6exq>{0qyqx6AWSb3RUu4jp{ zjSlhxo276M49m2||5lNa>>9;58Nl_N5$E%01ngWB33X6HwKhP%| zEyy=#SSbi&^Gp!<*6Syapw@?xSrlanjTc-oPB&h)Mu%n~JvZbUnM6_yYA5n+qe*wUe)f2sf6Hx z9hKS9Rsw8NtL)zHLhFj#Q3N3`(<>VQzCkqRW5UW=g==Og4gI?NE|7Sfb_NKoIn6QMs0+!d$%Zk>)XzIsSv zV!aS+&9k~h3ate^Sm{tg1)jzNJYw3XFyvrBgU0YT^ZnKk)}X{EfQt(6a9Z`3vB5?e z0waAJF?56uToFDRN-Rq|eCh}fA~hUm3N8(8iiM~q9?<<~#Zj1uIfU{h~bS?pAFvtUqgrz^XLBaB{;zGOhBT7 zpa}*mSK4Qsn>E+DVeO8u0?zzJBqim>^d;AW;Xxj|<0EIpnYXYqR>D942F<`~1OlZyeC zTW;ovC{$?D)#jt8)oN8drbDE9Lc95Ir&809GxhHrXoJ0c%YmwhEL2{z_9PI?Q51z` ze38*6#H(elMc1kZE2yxMG+++h3q+8IVYP3YTUADAjo?yf3OFfT{L++=B4hJK8KszF zg*&wKspAaUIkqBcRMPbRvp7{tvB=+*SR?)Pk65Zx?Wv?o zHL@&d`FktZpB)u;L#HXLqR5R0lBDOyQo|eL8B~~y2fDBwqWdYe15+Kkfv~q1wM5`K8>p0NejVsK>duQ?V6^Sh9X<2kBK!THf2ofQ*5<}+-&GQ& zLjW>st7ky0iwfMf%28oTdY|z)hYhswE#McwGcCNIn$WN&f`c7Q5=Xt9a+Uw+_P$T0 zZeCp?_LG0_z{)&`a&`W2d-SJ&JGR{)Jurt0&=^x>WoFGm&Xk2LsecFi)xXq`m{<;r z08?X)=a(%!mjHu8s)^9Fg7&Wu%d2IG;zOv;!wOOC$X0+8B}{hc-gJ!*CIu!!*(*D* zxBYf=RHam}w%GtxKRf2mbBBg+Qk1lgAVp9LMn7npqqriOgC3sOm&zpRSSW^)n{#Jt z%MZr}Z)W<&=!FQ~wUR@Arke#p%ihaf-xhZ^H00>#Y}j52_q+D_C?v3oeih&4^GGv! zAKNE!A|@aO9|AxALw{ok#iCVisKDv@msheGOj=iJd#I)jJI(p`Czry1vLbdKxAB__ zVih~hv!g$)AsWW!NENKU!w+tRZ7%tV(KI`EsGFt8NZr#UOwNQbKIo+9liVVHx-XYw zH>7wZf~S(8+w4s4K#nOrggD6Mv~?T5I+6w8Hqz?$yV)a}6s_*ToX&l#d`Hl$;ocPL zo{YZV60ElOUCl*}uB~*6quH~So5`RM6zG!Q^9y06y~)L$m#{z6?RZj{!Xfi((!3(p z19qL=hdF~GgON9d2VDwX26~uc3;ZEVp1 zrGw!Z?3aa7qdcvyNw2TtjBY3ooKn_SF2PnrenQ)N;GPJ?F^pj=BpXqPK8CCs^8doJ zkvX+eH^0Y{h68&dTwAmHVY4U#KuIp=YkzZSR0}WvwykIwc=68|`CatmOLgzR*YUTQ$~jyPov3X z4zu?*VXbTqmXa{(7PT02G<<(|Dv-tJGM%T7s`$3^@GmfW2lYP+RSiCt zXshQel@7= z`OCO$R><63ay$7HDxphNS$~n4&!B}eFgDaelQLI4C(n!>0gdW+>IiI%6=CsKkDQ!1 zeHL4y(pNI$Uv3Dil*9b&;`e zJ^X$|27L5*4E|PFCEWTvYQu~nTc#J{(k#H9&xTx)_=nA4vgsZoMls z^d{I`25tk$SnfN+f-H{`V>J2+ye~-Ig z%F`UZ5A!k=&ED$$@zDYS3Gv9#wK)H6$R%uIn8xEJBei`yo8|H*i9BE-Pl5ro-D_4QI`GT3*ttUr$;`?Fc!E!a!6Kgif2|kX;3nw@ zC<5JLJP2*(KZ*Zfwu98|WG7V92yq>NA66f2u7t(AGrUYq_gdw2f20n_=j!6M+iM@* zf)d%ILyid;cv#V+qKxLHAh9+kKQZP-dGtA`i+WP!345msD`7vx5p;%fFs|$jh=O9WyheBU4vNwae7o^7} z*rlB&Nrb88GVq7^A~)SntAEGSf05m6l$7=~F5U34`mX-(reR{m5zGrozC=4Lc^9Ph zVB^q6z>yRjGYRYm7UY{XW4EOV7aR_Bmr*&O0O(rS6oX zoH_|jSHYd(c_x^$jHB3z$c!RGjK#^KWb>OrIk_E;8C4N*-q3k`zd)wGG5!VHZK#qY zT60%G6}J%Y0oiR<9=ic;Ad2FcLBK}%VT3v_-@5s*uD^afzyH-Xu?llXs$5>GFvuB% z6?$3r&&Nh2`rl0-F+#>1(_0@sxJS+IXk3(jld>Zq#zrTg&lbLQ>BNTYZR6^+V1y=s z#X<@+!8@uNE;vZyrV|__Uc{Dh*Yzij_ERJGe{gF}S0SX+Rd1d?Oslb)7ss>84J#Z< zU6|R3{q}tWEtT7v*1@cLcp!f@!h)2ZvD$4e)QV?BgIGp1d!!0u!k$boiLrBu9?2hu z5FA5U5yoMM^`j^j0{UlW5PU$oya^PnA+11M^jct{Gd=a>4)M^8dDw=Z--~EnaT%jS zLqCd6lpkd?M_k_=iuHMz^x)1cZRD|6sx;_T#C7#@Bf8Xq^v1|LdE}o&YxiG$_L!O) zD{b4?3iFmhLO9s03H4ua1b29f4{Ds^k_) zdhZ;vh;T1Tm9IaPrLv$%r<=IyD-0ro)K z8A*7HBB3hF>FsT)9SaKoSQG&5Y;>;f(#43zAQF41C$rE~Qx9V#mt(iBra8+hWDpIf zeWkKdhx`FcQE91~z*@y8Z=1KPm+@M6q57w>JkItrUC3aT^?ufd(WKDTlTh~=tJ6B| zWFXry8vg!LYkt)&9t*aE!ZkRp%RRT`N{!gH%X%zFvx}GH`{JwAJYeJK1<(C{_U<`^ zh;50O+z_1v3F=E=m?G2{p`;Ykd5TV|JlV~p;D?LY04mW}uOd7)`f}8kkY8n*$#p*b zj0A#h5{b5Yd!hMd8{AR`WO`4Au3-KeL=EOb1|3s;K}Xx$$4RgrR# z(VEwNUcNJ<+l2@mEKsCF8OTAj^hx2Rm87{vPj}ISk6k}GSCl))y~yXZKAmKiKh{Vx z5EIh^Y`dk0HBr=Zz#4N=r8#yJiyO@iP?4ynQ-tq~J))7i$_;NNUV8?8xk#IQ~FgO^`w&Jc|FuM{3)FkyoIA;vy)LF{h{LTUUPST+;TTQ>xmdK^L(yqP zmJ4(oD76+EGc0(dq&oy^>D#_l63rV|9e)mtN)N_?t9BDxBEuY-^s- zXuaR2yz}2~naf)q-lq8Ar-TP5|D36)oYi$35LcIYcePxgDiqWuDr8y6bisIDmUm84 zqj=xcs0-`dUl=-3*K*LA6S|2H(=0|3a#^Y1HB4Hrl1ovS(@5M<4Sp}n zD6IkbQgohR4Qf(@ZOi%v-rQRh^L<4oF)@v1UNR|cf8?n#_+TrQstv0kbabGf4*hAE zlKVk(E-#Wy0U>Dmx1u1=ivPJq2fjorx>?d%gn`{>@|ni51uMM<^&$$Uaf~0@k&lrQMZj!B~8U zd1x9|G2-GAG^vv0(%|2Kg!BHAuXqC^Ni#u}%Iki2zlm$v)cgCo>{L*9ouc2CG(bfp zw$*l`g=J49y6>nsHT&g!2*)~=4wn@!fvR1G=YfhQom{%D83(_@q*(`U?4Cu{aGxPM z<2LK_tLLkdXTquL3(M)HFZ-#wl7MP5s_-=1;i79K6}4cI$FR>;X4}3kL^7e(LBxqk z!lIQ)9=mj~pVCE0)hv&y_?a=W_VfJrtB#xC;VQ zA}jR#>*O#7*3$UV(9mDh?DyS5n3h(`euXTTR{`vCT+zr6hwRN*1-l1#sgb$KE=kR6 zAoh3R5wMWXQLt^r!PTf|)oYX|3!@H~4l1cUH+c%J%J84oI7pohD{#)8HT4>C%(32` z(+%hKd+eVl(o) zzQ8Gbo|P^IZFl@3LzFdJkwBQk|8%3bJNpvbzo6qRl9A-|R^NNXZK<72Kf6cC8Q@y$ zH)+^un)>-|?M2ElWTjy$qtXXSxf)MTubnz>MyPvlqX$Wv@hp8lULVuv3V7};~Fe((3W!S&peW${Hz~%riUG7B!k7a{3 zfd9g3?ann}evoe3@;Y4T94TOP>a^?fvXRhdWy@n?ksob|Ry08j8CgdnO}$>wjl6n8 zbL1!xr-eA`_CS3lZ@UAHR<&3mskh3Cp1w+*;ZaleH-Jr#$tVjF2(au|~eoP#g9vF=L4V205Ir(I=YF*^y&DmC2@wdJRQo(X|0{0ph zc1HRA7GVDXL?C7tyl_Ika65bk6x4%8Lm++K6IfVd!SpxSo6Dhebl3B@zcG>l{m#!7y#(c(^H=_*pvIhl+^{Qwu|K63awN68qff8yuO)@H+dDhT(OhY_ zt5Mz}c`5R!qrQd|4`wp!pP4L72`74jB6@nlT)StXYr29*W`QAUdd85B%htq;de&a1(F z-@WaM%iZjsc~$FOQdwz@o9i2Q9B#^*bM!l}-ic#GHn-(KJ~BT-m)x z-sPh{0tW7g)dwMz=eEA(3wC~I{N?J(`hlw8g(Ta#SG6<7@+PUrWB%(;c$AQf7wi&} zso_&KTAce8os=>hX>jCXCy&GVLC{j}%rpDO(;wixA_5n~%1Q}j%k`03HS#7s6c=Tu ztY<)ghGf&(u6$&(P{G`(5+wWhwcgMqu*o1^2eG4L?Znv{rb@JMv%f69OO%tcFp#%g zjGq(kY!PQd#JKdyR1H<@9n>z*g%f;W<1t%4H|bL3Z7e`q zpeY_GLa`;BHg)qCT4u^eENsq;tj3*tZY!}L3zc45X#O*Htn3yf_*Py;A#FGHnR7$S zEYj8Nz)dFiNV69{B;U|6Qu=`k)bTL`NfQU$#+~`Ek-6Ydx5$t1v$X+YKfn z&$GDgv*A@m5f!_5;c>@U{E^u1@ECkv&hq;HURUheB)K3Q`rfUGvDsJOw|7u=G5j9@e6~jlfCC>)M$u;xbCI**(sg2sL76e9w{d*4IJB+2`aUDzfeULsR`) zx(Lmgn@|kPVas_3&q2|G;~0Ts#2R$#e%ML=-;!EOY1Q0-W)An}qd<}!s*~26vCh4= zA1S9$>Id)~Ru3WbNr8n1iS4}z_u4AXpRWY?Y6&W_j{*`p7E9{egwFV(#JtEM+exbP z?|m|E^yTpj!=Jy<%HLV?jhl1VAM{UBhhsrV0`iDeV;+{)3l6iVH-!&$u7Z@GpEFud z9kwqZ%?V7v1Tnz_ECNM1rUi9t%~0)5-ku$~Jl9oV-ltC%?yiP^5RZ&__a6ptGP8N) z%l0UVoa?7e`X~ls`m-Mz-pi`}Vesrvp7?;%@)~z*1D`dGXO~~;b!X-F$)6D6r##i! z3qP3KXZS->6^;ss4#W#64r-f9sY4ES>1QQ7GTDf@~vHq?+?t#`Pi72 z#UlkQ@4SZ^+W2?ys?&C-_g}$3YaBhS-3jfA^6U4G)~~xLltN9h&~9kr!%$2;=8gDR zYWy-vh#!hh`GHBAZ@;ha7EW@CX}^ug7lRGLk&Thm=-9g`5Y-wg4@|n}yFl=tmI*rq z^2F%pj7cW1?n{az2$`a>8L*E7L_T!_{=odsgYVz4KEeF-`&E$a<`WB>2V%#XEg%f} zPmOU|lchBDg`l9^5dW=U+1}l>>%+?{`KMNW37Dh=%IA8P=Fx5Ga(tVHLyH9%5{R3^l=LH*7 zMpd8PlU?uT8AB@8oj|0|=R3dMA}FL|`yUemE)fz`vfX^Xj~3{^5a0WRBk~sBaKCG6 z4qhzz0JY2e??tsVdA(@+K|QD&fZ~Wm)wL|S27N)x)*YnKQg~Ves1)5|hH6t#>D9UB z<4j`Wm6ef%xy)h`*uhsIl2L&4ouM z%o4HgAF|a;g8YJ0ZKyPpLAKF~X%ykcdlwetRAPB6GZ^gb$vK$74)4)`;3Mqe^dP?o zi&Gah+KXXmXKJbz)@Ih5#q`LE@B8m+lU1hlg03)%euA$Ha)zecwb-sj_Y)_UXTwOy z3?CFDVDjLgpuP98JMPOyy$3lsr57v=(wus(+BcYKkm+@`@Ta!u!b9;a=F4HT@flKqEz+hz@ zhs{m}{XY@6D$m?Ebo>M^m4(GK7`f}a5Se%jBgzkqyf=8R-{Nmj z$?a_HV`h@8gvZK-CQ_U)j= zxVx~eFC8s%J{1YQv4(R^R-290DFNXyKX9SPzByUw&n~?*l6fRf5%Tl=9a(Tbb+aL> zXN2NqJu^5bo$Y-+58l=dusx<~Q11Nlh;zt}&gZKh|DfMDI#Gx+LG$a|(xeVME1CGZA`A+sHl)z7x!i3KzCF@N>7n0z@}X>k3LU(|3*~&_fK?EexuwG;R};3b<=01 z?ruEqTDhUyQklT;POrwUG}*D&had4)%Qw)4ch?6HH^A*`r*N`eflICF z7td98wLY`YdF=^O1gyGijn4BzD^6~C-PbELbkv`i@)L~bA63o~U(V2qB|lNb(D5>H zy9?7udEXsJ+&2{qJ`d5c#_A`!GFJ^yQHAl`kXCHjzfL&_tXtmiLpQ&?on(aIud(K;`s zq@XF;By*uzVC!R^WfjqtG8h?n9pEl<^G0w058s|&U3ah+3=Nu_s z-}o_-T5;3iWSoH|a^q%C$z-&vv?nw>r<-X(HBy|Dkbu9y<$hc;uj{0d21<;vRw~8l z3tW|-5cjHbXX&XUURs)3Z*Ixmh=>-&aBvqup%IQW9NHuq>Tt2=1U{Zyi)Qh@D!y15 z^+6nq^n8pj2C|qg={7?OsC-$;RYNcx61|K4t~Tk61sFkPCh_Itmq8P$U9?2(b`*yUM4aa$l;Sn%qA` z$Ih*l|LNLO$XyNO3TY@k!Q03=RewnOcZOx}@qFY(M%l#Fz)YOmmB#SU$xA1e>|`%0 zCBA+DCNfI-K0k?gk+eA(!j0Zx?aou}NPK(BwgOBs_winW(RhqR{ z=oV9kitI)n7*ud%-0JaSW@gJ{Gkf%?ltC&{0--y-tU-R+necV&nmYWO&Rd!9^D@BX zSt7VZrlS90*8D4UhVk+gbb2AEV>h`gcWc>aCHID#JPwqKA21c^>g|hIeEa z;dVA>Ioi^4EZAUwSIws|mufK`_d)x;ID3}oa9pUG+8|nezrQxOKc_@NzqsUM#<62> zTYtvrHmiK>U79c;h7OBLb3=8ja)CCYl>M&*TgBZ+GRV+StX>wl^~f0)q@H_Dka#HV zzZd-+s&-RNLlY48xR1TZsZEmbP|GBRiD^WP#T414@le`Aae4cpcUvt}V3{~6SftkI zwa4Yw_AiXmnhw&=TdkPx9!7_2nuJBMjE?$1KC2_F9@Tz&AnG#~&N12OW!9a(+hUh( zXz+?tE+p;CYi={^(vl;yhcSseU$|L3RCOXs2ChH;7KZ>z`@7GA{rz)Q@D#;eeSIj! zvaJlw!*4epM9`koRn9y!vNQdMxq)_3OR0v#9E@4i)WSg;XW0@Gdu(kcFa9K4Xn}Xv zTcr1e^4@!ka4FFy-SRFCd(I7=yeHX)YVWV`KgL`NjpEAh>!qbpi}XsoD3;_NCcQ6% zd!P4q&oCVL;8SaXfsR(JTE*dlacYWeEv0f=H27^x4F(zJsoY6X_UzNF6uZ9!na4f1 z>>`X1yO)PtpY9kF-cNX+p`cKrJ&A>tayZOWp5$#_`n`CHPALJ#`?FM;`!U{*6KLJ- z6kX^NzY^b(5Wr{Cp7ZK?ui40e_#N&p@kjS0v@QXhxqacZ3vOUli8)@}!j9{7Wh^j+w?bz>-q|qW~*_%5@(0;~~&q-R8lBHg%Z582IJ`SaCxp z=ZCJmbGjRjjupB5Z#Z{9FLE>I(`9tLa1W+y%aA#+F!*S7V$HPvF5(0W2$JHC^f_-J zt}2M%@R3&>CTUW^4b#TwrlzKr$R2KQO=y1lVdydQ2EnCV_v7~)k@0kxs(5Z@n}q0w zLZ8`?>^MF1~Kwu)zlZUrkac_%<>!eznM4zX@GCy8V%f($ZsUyRmm2GZm%7`M-} zHGcbkLvRWp0G+hvcUDT^U20DM{BCgu==61E=i(9=egNZt9C0I(m@4_(s*2dSIS2O@ zDq%-#!8R-HJ+zp$G=y`Kwt_pq&^s{5QJ0D7MNogr>67suBt|g<+U}7K(Ar??W!z-q z*)R>z7Wc@UEa~r?)EcWw=P2l`LNbAKSmOOJ2bsH)qL;8%I#n0lJ(sjT`mXT9(lc)| z=9w9sNxFrxrWH%PW-#mtZpB9o+7vnc!S6|&o+usNpf3Kr#z*|=#3HvBlLu<{&fBKE z&T>WHEoo@EI)R4#mm)7>GH|M!SL!twn(2Hh=#uK-9V)v0UYf6#S*CJdBxlH2|B;b& zg-atm+Y=~%JQ3h>Zsk3ul-^1o2)mFB_P8qQ#Cwcf>VG=@;?m_=-;b|ezuWcy_K@<6 z*O!%xKuzxKQ`#T7(Ac}1`Fa^E;^jn{B%i}AGK#r%6*$nmxarPy3+hFAAJP_YF}xJ8 znDMZ;AR+By*-OiQ)#3-cjb{|gYKH7$7dK#@tvPVLQt5+Hf-fV7--V`UL6o2pTe&2Czk5pKsQ+$MHW}~}} zGirl>`mha;rPY3t@R=RZ8CaK^$*iv&r0Q(Ms1QDyLa9FydpmqM;s!l(6{628f{`=E zFSzTAs}RrlxFGch8BM8Je%OIhL^86-E!z-q{h1K=+n@hZXTfa7c`L@}$rb(cKKP*a zs;>?CU}yhnn4yJnzD&;?1@0SuetYN1{Xga^3M-7si-*XAlKH6fyed&#>Vc*o=>$Ks zhrjH<$J%z?D|nK4e0e)aodj?Cpyu`1$la!m2Ie>)az(yIDG9ZT>-o=9ZCPd!!)%#?+srpAq1Oii0{cn%CRRJcBV!8Fr#beXYeIY53&^KXCt zDs%j=Ims6mz}0w%!EF;>>2a91`06|DO-{##=0zIXC64c1fa;^ye7-z%cwWaO3IBWI zWlHI})}k3wk&oJD4-|ROIsuS4Rh6sut2qF@5F^g4P0%B;+9TY9Qa$4w&qka#4JOZv zPQSV7vUxEX(kPdn%G2vdS^FbnuwjXJhJG>q0^DNhR*2ew+O`?jMtF?rw~=rT10x9S!T0WzQO~}&lJ4anelNcaYA^m6 zJ*C?8sv(1zn-dwQovZ1Y>%oEL;h8eq859!~;E4F3Nre#e9DUg5VIg)_UG=>erB2b@ zeST6duJwI~=%nsPZe0yZ7dDsY$5PQ^)qvLu0 zD-fvnr_5I85tPRJXm?7JxuWFD)Crz7Iv<-f(7m~OYEbWY&;4&R2HM}r=OiO|9`!$ad8|lQ}dE@9P8Ih2u(CIowjD7^T z5uj>nMJq6x+13Z6E~woj>@Ch?0d0+t!eIJdG6I~=a~Ds#<`z4lhBY}K9p}qH3<|uv z3BG+>;*=Ddq&cn?rQB|O$5Njyp3f3Wl_JBQG76o~gGNZpz}`WN?6b8>18e~HS$X%Q znz0czW8)!@fQ&eA_YKe9vxYnn|K1m`Ia)M5ZqpbTFROaJGpO7c4d&T+(hCr{hY(l}?pUVj9yg^n%io>-#ol6A_iEEZ*P^h`ea3Uj}jK!nEtlog&kB)jVuEF!YA53%J zonCq1nfvZBjnDl&Zh<8F+jq}wetdN4*-wEk*|WUkRo~5~@9|Iopr;l(@zi%|I5XQ9 z$-csr;En9~`H1U?whhhewhRVEY=%dT4r=m^VNwviK3O{ZdFupVs_Em>cqpR|9r&$b*=w?FaJ98-%%fGJmKZEj*tNlBWf8hV0M)`~XZ$bWn|GzV0|M_12Gs@pH{}$vg{=b=* z|5=oitNnYB6a0TSFMsj>?TGz7^Kb9vRL+uKXnc^fWbJ7_vp@0$6e z(7k-iZ|!LjV1RHjm!zh+dm5z%(y6kOp7u~?1aJ6_@mwqa`O}a`zosyOHz?u&p~ETF zdCSmjdW1ep3(h~ zgO~eT$%OXd7jtbs;J3quuCUxi`K-khWCY4wF#+ISLHjiKza@A3n6xHEr8o7xPYOi} zNTL(M1U|^2U1m6t27!0c!Q`@oqi$B%pI>aWa&Q6NE>GoMJj!HHhS=Zi!u9HYWjaW4 z{w9H6o$jA^>xs=#8L%H>4Y2A66|(N?pSn&@&uw7p-cZxj6lof;J)X=cyE#MkrsW$D zhj2y(C-mYqV#$r(y-`gRO0|dND?La=tBv1WzftvaolSk;V=o7cOHNg9L1ysEX|$ldTW;spqVt zuh>(#|&zFZ&l5nLhYPG98d27I(^z*2^mS^p^ri)ev%ZOg2UG)TpO&kQHLO*JV> z?Dx;258(KeZQ+QY=y>(+b>O~tcBYJI6%`f1G29##RB<=tkDF(O3?FSl->V+dOC_wz%4{x;!^%GGW=Rri|nS)*PNlgqVN4>LL?q;a+Zv@)6{uuL8?~Ho1J_ zNMCQfT9qqWj)X_I5XL7hkSq9BDyeDJpzUqR(FR-)VK6sbr`dO(^HT=P*4rBUNrfXa zUcPNvQp|xvz@+ZNanx6Jm3TH_cz1+qNS^(Q{4}@STPVJpCAPXGGo5=K;<@?+9@S-F zd=siJ9(5a#|K{2NcfBp)S;4`zL<5W-RS=K*wAz^&T zvMwGBS5i*6dCZWRQCn+TKvWBj1GB8KWfy<))*zjl2Kf2C{#|*e#P0pA_{toWlu@5- zy<)wmHwQAgEzykJwYMvhbGmv2 zBqd|V_zaU~6bJVfcjcG<%mW>MvzM1VP<6rx19OP)YRod>((=^Y>DbrTYbhwQvi=4# zaL@L=7mDUF>(aro7Qq(<$*{Gb!VKazr839;V}8SpuW^)+!&s_18}~SWt4Q|o7Y#Ck zf)Yt4r|%@N{?s~6@d|ts1vm(A!6f!mKfk>v_9Iob%Oom#{B-v5|f)#rD+ z$@^H4CQMOFDlg$j>C>^Adc7hY>>MH?fsV9-imZYy^Ad^ZmgC;J;~l7}Xx zQRa`fg-Z=b(|}{HajgTkoR2*$nklx{akB5XcxIor{2@PiXWb`bM{U0SU7phv45r*U zw%oUG(Bm~}E?{eLCF8a_E3Gpo$|6`;0bOp^#P5n3pPakT%?H{R@%T_%4sr4E{^(lo zS;*9%Wdp(x`na$4ki4|Fxd=KAd)okHij)PTnB8+AgI*xV&cIuyUZ~}Pl5zd|9dPMw znfPSCJ&T>en)~f#XVjr`j*iHzSZ~0G7w5O7N{sWW#60C}C(S)-PmDko4rf^k zc$7IGci!M|EGhua{#mn)T%xyw*^}-nYHCJPo<%exZB4UviG)o?-9trl-@*Pin>_Lx z*#UBAP8w0JS!98;$Y56lU-gFaN(#C8Whaz0K+4#|WVWU6vX6gkZ2omX%-y7pTBlC&Y)bt<9DC1=r`UWogY%)YC29tU59VWC7};sf`ExBcnT+H$6K{eaVzXsLPu zPIY*UXo-Gea1i;6gN0FaaGxw?Lqwy>#A19wyOq*LB zS$(P+b4Ap4;S|R48G3ggNDkcOq*u$qmB%}lyV#NaYW(rk%m>Y4PQHogW&J=xc(bHy zh|^rN5e<{)>FmF0Be~ILCB`t!rJ%TgUMV?K6rQ@YY=~C@P6_d2`5CF zBpKx($b~2eO29{X^b_~tSottRj$n9!} zv3iSh0z>`Yu!Y=S!svU0762#L$$n)wE Af&^sNehp%8E;hC;O_HYPrQ%+mT18CZ}F-=QsY!hK+-O;V2h{VfonnO5AW6jFILRH zBSM@~;1sC;9GpDkK#^ObKai3i-(BC)t0*lfXWIC~^WO5?r6ntmCX@QZdzefEB)`f2 zh>D2auqbS4^=TUtbUOg-&sTpQ^Jd>hoN1#|ax-CCb!^0nQ&{+EF#52m)MWSFN8e@f zF@?h(McL)j>cLAT>(i~_wA`s$O4PQev6cnj;(_y=(?z7d5=83Y@m#d*8ofx+)=0NV z@Ir2di?r!<_WlTAS;XPTr>v|_Md_HWTxLD0n}QPQN@e&)^+vCC{(^LGhoAMy$(TAN zkf|PRNQn6U{1A-6SxR}&pkV8@2I}e4JJJPV)IcxcsLsX9p!}S=k@#-QuJuyk)0Kvc zfamHko5%ioJ-XkrEZSr&HB~j5vI&`Nn}Kaf^Dd{9%a2uhb8206d{_|$@!G%4AZt^~ zB%5-}(NOoiBcm)e~1NNWO@{GvH`D=`su9^Rh=Ff?XCX;nY`S z&-IFF>-!>s2yP+bP+Jed8FPMC-|?&PN|`&GdX@d3Vs6~jRipgNH?{hgUtvgsw5fDnyB+vrxiB0JccN}uKJ~U zO(e6a@Y;1xvbT`?8oe^ZyigEK0t=}`CBe})m)WHCSb=423irh!y}-Zd0;tGQYBey z@S&*fK;7)MqVy>~IU|M|(`bHIF9YPC4JDT0sJ-Ab=ldvG1*?OYgPiDrKiPrJ3$%VK zMG7{#N;P{gaQb5-z-;wohmB`C^YphsS4_Ex%@5VKr`r0S98iP`3-R`0%(dD4Qqx-A zB@*OifBD|qG_r9%sv<=DvdA~T2V!SeNy9lX#T?~)B?lX2`}OJNOPi8F{o@VbmxAac z&V=d`Tjzw;{q5Vi-HKOCLZkG>)_ztk2NVTN@KW126}8(O;|xAu>k@JE!R0_S|Zw|^@j3B|LG1H(fLl>S?B$4Aw>Mx}Vn&h7yh zUV}+!8JT%=$9Y9OX#JRg6B2RW=TDZ!n3+tD{Bi#JmD>tG*D^|)i>fQHUR#W|{e!qLW^E7e#FD&F|F#6J8@J{Yw z8W|$ut0Js|hpOkdaNK$7nQ`;$f`&CcA15w&A_X)bvDC7tdA`+r@GVYAw*3%f=}D=n zGj>oOY=D8fn#1s|BC$f}@qL#mA|~^Nnf95)xgavKeHSg7$6V$#-E73NMv7T}pHX_D zfCE5_PntTLFX|If*6*TfhOd1xstoMB)X;ROl`P}_sHgjWLR%W%mHFA^;WrlSd3EE~ zwFF&}V07r`Z*lOtu}SX-p5$t`%{UFTi%W9b^H>@30Tn#+oA;_?6Z#c*F31RU$n8|^ zjpcG-`wd&~i5>zuQlZ5LMArG#q;>PA4Zy=_v$wdy)kMXgCJ+{*aZ6HSwRub{^584> zXhXJRPOCUcrI{DBZVI63u)!8BBTp2&*(evA@>gK_$ zc}#QPC#$gOb=S*DfJy)_FrF4|-Qw@1SUv=`$w2M+)F<+c4aSR`1DH+M-Ix^J0^mU-Z5A&;=)7DXjJ6Zl%lqZ z;;k0D@LRoN%<;ypyfLAiLzn$W3EtZBEsyj!;sipN^Bc_|i(7zbu3hC_0vX>H##H$k zUtQnTB5-DZml~pt4v3Z~)mT^LhM>wcUE#zbY3+y`LR?`qOmVJ~&SGpf{%oP}z+(4} z1{iTb(+Mp(E68uO*P4u1L%z1Zx3z3wL20Iiwis|}=!7x9qasrtG%~9T8IEGi>H&yQ zU-)9T_2kAZz;@;i^SOxv0PqV~`&0onKEwtNo|hx#E;E_87F)mg5m(m$#?x3i?i)i7 z6nPDboHmFq7{|w~7`xA?+O0>|(^;QlzKnb|RgX0qA?{xZY;PWH_oETd8viw4f@o9Q zh3yBI>f}Mc*PwpamQr%BN+`-#dqe6Y8-eGKRUY5~GG-rFPBb~1sn!Nr7$Tl-cRPbs z<~t1KZZRpSLjt~KHo0%k51pbf|GJ*ry26(rBxIdNzHxj+cJ1jlVvW!42t_tGR4bO7 zyvcs@EiP)``DaCT8W1eNW7PbX>4E2Pzdgf)q~y_Mp;oa+8G(ThKkb4K_$e`-NFvYG z2LO+u+RI5lHfGx}c3*OdsfHs_TI#m(b_*bDd1M*C3|U4)*Qe?C1tz2LQ~1He-uMFW za|tdL!L256GO$XGhhGYO6#y zi(03EhKTdt)iI31o7y~9L5WjgX32goe20iQ?60vZ{ScdhWWMwbFmhG;+_>tcyVylIAP%YaUgtc3JFeCRc0w^8lAQ_MV}7qZ1%)jD$WW4P zIRal7=*lc8l^O45ZYlM+W0n%%rtQ*LS?R~hx6WZ+;~NgzmFLKq7jp;aY^nm7L$J8& zS{%QkZaTsqq`x*wkqG@VV`#l#`oR0PuUf`I1DeS)Bh8_wUAqN?oN@M@#n0fNXcSdV zWU@o;U-4}x$js(@Vm%QxfaBx@{sri26Nb3CoGJEH||)2VZhX&U0;H%@0h+5Lq~LpV?XkM8ixz zs;k@#qV{2BU?5P1rP0hUa99`aA&d>7GWPyayl#^!GVGrU8-GS^)k7RI8f+`X1@4W= zDG*H^7*IQd&cJZ;vy#w&NiaQn_M~KkqAo2?tEjSt+@5N3kFQw2i1&(&Tc%iZaR_#G zBqtP@+WdgM*SHn;;ZU%|9M^g$~X( zdc~T!H1?jggQ}!qzg+}9)Wv|H-=H9AH3GcEy)r%%Gz<4rUL}qGaob8oAaSnEJeJ)p z=|!kPO~&@itP)D+uP|^`x>v#is%=Kg9BoA#1&0|5G6jWXc0Z=cxVMWmTkOwQX@rR} zo}KlYOdl<_RxfhjkXi{U$nF@DKXfvJOCV5X>tiFr`y@uy`ozQi9XNZq%0LfTaUq zsBS%qa#bTr;|VA(`+HIw>la0q-fgKbfND?A-yFFUPx@fsEpP58L%hsJC-Zm+k*LjS z&hLEBDegRd8F}3cV$7olR4kQX-ppEW1P~AU_U*!YipL#ug9484yo~E)dRY82FM`nS zF=S&ns3Kjpu9ctuY^-3YCeXBoR$s;1`iE37PCydLh_QS=erj(}S~pL(JD@#7o$Z83 z)eOob;DN^-6In!%cRT^NzwiDZkj){za(_lf-hMZ}(o8^f0!v%dryOiwZ`sknJ--iD zYg0paMKoPq?joWC#|VW7n&=>UI>EzjjD^4j4Tn)pua)mP6je45SCUD;+OvtDT15St^$_~Au71mX zi32>7kai%a~QDu^Q^=mb=UR5G7T8lSpCBW80yUv zpop_Z-bH$qpPR+KJq=a*acLLzr|X<8ar=;O2YE^6cO54|zuCG&96D_0q~@19KA=K+ zd9Hi9Dt)y2v#s`C=ZU6k!<5XRw7FgzI^^=G6iFyx4YVMW#7;L+l{ zgVBIyF0-!J=@nV1c4A+mwe#01wD$&qOip!erG~VlJA7JmRkN5qQFVuQesk23<<+Jx zdCHLj5<$Jje(Ksjn3A#qkTk+zs%>>kUg>upC9dVl}w2Os43R$Q2EcIJXvt}cuPoCKd2>h zWsR2X{~rbk;~CSMIV6 zk3#3Z#O?Ly(NfbX$SMjulX>za+8zIYjot-j!E|Fm-|LvQ+`Q)YbjKIuonIHRi7ceR z;PnpzL)DJQM~A_HD`}n*iL~eWBw`J<#nx4!qS?TNOo_g4h*BA&I7oe1>&_L|%Gjy=vbk!eVQl`o!-ODyJ zifb%>&};O&Ut7)Dl)*@ynAI5t{kXXJH*oPn3v_}$)z-A5>!<6naGV-6?x|(hd4b7_ znx#4DB5=*t?K1* zYmiZ+9GJs2ImrWjg*(e1(h-_V`;%jJch==&EOBzMrT53q>!1;mlIHY-0jRmd3Fq0Stk?D=s4*1qI zvW9%%mTDJ0$Z4*9IFT5wRHXwXj6CysnPoqFa44m8guPLJ4p=9Nb zWx*KCVoTWr$%5&U1H~FiDv5p1mPW!@`>-q1Rr22hnw7#AUX-aI(|-qP*M4#n;_e7& zqIq{q)1=wgcUN?J)ow(}10Bz)p468izq91!;q+m`TXDAlRxb1W*AX32=z2deu1OL39XXi?hIDYmwIJ34 zfSy0yYr;rme!cRVu!Gt=e~VCmd>Hud6?3OO)Q2^A!gbSD_0G=ajUDcKJIdof*AP9; ze#9IHEA5)P+xF0edoPsFP>!Avg~E9gvD+EOb)_?&i;+h5jNlfq{F@3>)XmqV@-tuT ziiA~i?!1FA);%JPSsj>IR&Cco!+ZqiB$^jL zFj-V z1Q~&F`Uer*I%)dAkr;Bh2{=~N(b1{$f)Pa6PN$kRd0V5Lt&(8YrKn=-Mb9}Z=4+Od ztZdNRiPY}5rHU-WK*Bv5hJ-_t26y`kGRvqT2(J=&KEH7dpV8;HHO^zxX-E5HSEB}4 zB0t%;q12*{ZOO}~KZSF)$p;ya;k|xHnzSJFSOy)u2J%FQWOSK$Xh;||(4S@wCSnpm zN7VNYlgaIcn@Hr+bV;~=&G2=ZX+sqOHTY}rKz`?~LBv|LY_?*Z$hG@E2H|lN;HwY} z!1SFk{=>nquOV+>=tEh4MQs7sB4Q{OyYN9sgm^#-uA6mR9C#s*pW-w|MLsV`cW9BX z6+I2?x`Uz5#)*@mV6*2b1oNe#GRJkO)ZU`yzU7x6)=JFR`E^eV{kag_q77+WT=?+Y z3gtXr{Imns5Gp=Bg;23li2yT*@6uG3!<&8&wErLwCtp-LHdGR8fIc@JL)TcGVevhQU8OFoQx8*$FA0PkA`PE zon2jh%iF(CGR#*XuJfNerx*pzyr=T=X^mBm&+h-~$U9M8r@T#!o;7aqz|6~1Y?O?% zK=#w;1&)iOth_6LzDBp?3npVD_-lnlw@9Efi@eMLky<T^YDyoWJ}>OM3l>sh!cB zRJFr1hV2#HXbz?WergOjK0hR+cU3dk)?wJY{OCrK3Mf_mw(x7vNSBkfYiPyPR<|uM z*#0yg;vQTNNmLhV`JNz%bQE_?yA5k1gViD){HDCmMuA2qbZZN_>aZ>@E>5Et`4AGZ zQ6`+zKcq@mwjNshBohlkWJm4GEN+c?G&}|~>pDspN$>%~m>iG_TKLuYu%2X@*@VWx zDCQbEd-%&HHMlpL{qX8!Z|7Y9+BKn*r_$PbIx1y;G9FFv2$$``g)y%@zetae|i@=ubbgv_m#_yHw ztZxjK*(~z}wX8PV>CfvFhW}J->C$1MAsU849G(qV6^+^S9P=J(mpeSMfLgz3 z-*0yFn{CYJF#Sb-sF}7EB}3YKb$N0V1-Q2LMkG$m>*P2h1{`Rs-$iAOzOqN|%AZZI zfBx;R=;ymRgaU}R(HGvgx5D?qINr+FEa-S``mhOnFniQZg@2`^M7O|OiBb&oyKe8M zZ*nbHlRgj1Vw`ljw(4JngU?;H9(AcQNLabeiCw0kSduyszJ6_kd!hGZahVRsk8S&xVnQ_;I+CI6c6bwca4}N7YsA?vTuv>^SOX)}46mVz= zB=0a|=dM`z)Y}Wta%<821`ftB&BtH4HKZ!Gl(_=`%!?RRxK%FurAvGDS6^dg{8jrU zr=eNY%eXPABxwGej&$_tinY%wAMkE+7>I+G%C&r3pZ9}nyw7+|1cmf}_y-w7wN>`? zO7sPqyOh6t&*^>*$JSN&po3R@nAZ)8mw0pvpS&g>8Yo3PK)>nya07^kCh|hZi=Qo( z7Tfl9(p#iCpMvSz|16uweyZ;}moDkJ!(>0472L>97tNxXa1!HZisP6RsCsqY^#J;-XC@pc?bv*QKb?&A|@v*eK(w3B>r zK=eiuw+hFC$U7;1_FIKGQ0U8?-**@<xJqU9Z91I^g}<7CCB{BsY28?n;J47Dn5}-SRx02|L?oS2v+O|u^1R!>$G54zdn%z4 zipH!72|RG;VN%L;4fuYPkJIQ`{d|p77b)Z39J7RI3peOf@ET8RbUwMCPXTi5Nz*fJXRlI2be3BDOH@WRf(fE4Dun3(r=`b?{fGHEME6ZKq*XII6v^ z=EfV#8q#?a`BDdy+K%^4>hKpfzK@Tvy*V$-j%eA34g1ks=&0mtP_ZO0x;@CXI1X7^ zQdgeI_uW4|maXS=XMode)5c3ANF|te&}y z#M*)Rb#piZFnr;61X2yP_*9qvWqs?+cy8^!tbz>TZ*ikv@tdGMGcXV6IQv0-NY(&M zzib3LvnIHd7)+hWo}Cr(>(fILZ3k1pKQ87M6qK7K z+a|Tj*W?6k1mG#t3z)HI&dae4$&j1%?pY{Aaj{TKKOy9yN~#ATe0Ey*smB_Mypb+JO2g`HQ)z>@Ze8jhp?z z5Yrl1eEFI7q!zCt&#R=#>N#-SdQCVs;LAxd;{jMwf@LXc#YD@lB*a!(_q|19A=6Z>X;cPCLoO}stW2;g)TAYPe_xxmbtU);c>FxrLA_DdXlT!xAFcF|By}#R zTIHQGDU2CN3Z)y8lkM@WdHkAY9Z$m`XkTE%_Tie`$Rp{IvPW|3Ux5rc%ltC0G{9T{ z>#Ob7U4XbLkb?Y^r2Nx3^E~aFu;zO?=)l>DW%kHc$*yK8oyOhOBR@)sL|emvELKqmT<2PYrh z6AyNoM2+tWoow!rg(&HM+fuWRG<;`Cxzkl)PO%Oz@9pYzR0ut2H4YVB__kYaIxJb< zNvGG{EdmMT)?bE=g<#fxi)2~IHxT;x2#q|+`9R3ey?S&Uedy&xA9Rq=7;c0h&|$&k z5Y9h4%yDIMu01PDt-L`6Vq z=tv2O^xi>4r1#!}2qE-f0>lskcgDTXZR4IZ&U@}}+;{%7$94cSYh|rDpZPrB&-dwe zw?l@1^V_en%bF91#zGKD#^D~n`Bip|EA;cQfBTuvKy%ek8@nh_q9H`WEGOG1T zcs6~()IIr8d>8)Ic{Lmn-)8iQ86>u|FIF10y7MMQkKD$=(SLiLVC*?%Wg{O z%{qzS%#27VjZR1>-vYast(qrD&oBK+&%d;%)t;$ELaKF@&fPMc>791>8P_$Sjpdw$ zY*v>Kk(u8Od&4et)?kwb&1${kY&Bg=ychOI3?#(3n9SkZ-bT9vZIv#H>hz8wiE&Gv zOP_30j*@@eO-cKS`M{MWQ`od2#k^(hW+XE^#YS0V#Zz@uouuk<*`L)9)9(%L7S<)N zuP1Lnmu2C1m47X%R47Qy_y#Rs2)C7TTrargniy#WYABU6?s6v9;2!e5%*>A%$z-4oR}{H=+A?sUW==6$UU=vn9GAGVw3e7KB`scvk|2& zZ^G}n*jsVh`L@esd^A|X;@+B;y1jVMDsK)g_NLew@eI5>9@*e0V_A7Mvd{z5DdM@S z2Vb0E5;<*NVQq<1=7^Ox5kr1c@;?-Dai%wdL*jAjUt8sC=mzPTt`+|*;?oE}EYHw6 zU6${Y>A105ndq1o+AI0`~X|Z$bZ; z-ixTT1SwuitiSZ4PM1eG`(CLf+F!&0FD-&t6quqNwEr}`Hfpl)VuP6D{{a+_->_37 ztP7SbEDpRL34c7}mjT+g=3fvUa~mOu542J)mqCCxF%rs`ltm!$(u)nWx4Qj6$>WGq(9 zd=e5Oat%v1)o!J@?=Fkjjd~e@dT~JY7S}|rci!bYz7OAB5PEjFb+VVJ9F)hR!icS{ zm=~K|y8iu(rK&n);`ml3kDNKB&X$|Q%SNx)w13fqyk4c+_1O941H-kcDtYB8_QF#a zJCn5B)`x*u2>ZZ@SAKu5tSp7R@a52$r*XE1QLdXGTojMHfvrSoto@X4 z9~)&-Zv8fZu+Br8YA_rAxCu(($Rrm>fw025+iS#o*IA%90_HchFA0+r9tV`FfmDt% zsgJ}C0B$7y;tiE;N4t)&USiw!nE5;m}tF*rl;pYegzyk5AUx z=o*gIY`!G4G-}z76e7|kFz5nWyXzPAn;IK>_(Z*2&dYi)5A*4c^}UHZU!O@@UyNb) z#CD$|OFdO?O30nUFHy$1z*Y`QaK{Ae3XFz|Uy2~s@*d}MN*`9c>FAbxQ4*@q91A+` z(zO2Av(sfZfONmINK~|(%R;;6zJ)NzNV{nHEH@uzl{*kvo2vc!uB(UdGRvfZ#qNuO zF5B$}CN-@p>Aa$b3DInub z_Urc$)b#RBxoynP*$AvY!j#R)& zR5+!rBkS5kjVCgoWS=fUa@CBqJ!TO!I#o|{PDsq5r~dg2DtZt8liD)(;caxzQNc0E zAmgf9eg@-LDr33xvVUs&0l$l9@l==ypa=2MH_YqfF9_+4zke^C7$5JlT%RcJ)IJX# z*~Qw|QLp&Q`9B=@l@-L+ueMUpvEGjuiQ6vMK*G8&=+f0eeL!)T!P-M49A`5V06BAVT7MeFIe{S>}zjKT z0C5X^_=Zv_i+FEr!cb1_o&`i zsN&L}KYQfw8#WnhV1Cu4>RIQi?Uhb(dp8Ir2^s`69qiZb)g$Wmh&Xe}C|^CTCv%J67}KB>`nv@&rC(Z5=6>^9)!F(me0}Q>mq)sfv&PD;Fe3CI9g1e^(i) z6aFW8Jm|j)uKzv9e{z<8e-h|F#^e7*v;6y$K>yE3|Nrx)K>uPtf&cR?|NbPZ}aP zTbi>7v2nIhA{X26cp?bNirAS_tb{C{^J72%aX9p54GKiwP;_W$XB{&jciU(a7J zI022o^^?IrQGOLG@RFl1|V=Rh_W6gz|}ZsO=6hgaPQ*VJ-X zSe49hp0c?_TimXJnIOnj#b~kNA_IXwe(zYQ^$$jEwFuf;^*(ln1#e(=sBlTZtWqNt z?ovFQYi9BQYW($?%E_+sP}i@C8!Y7c=lNGmJFnK>0zhBPM@;Lxi_xHJ*&e$sjJ#cd zi=tA5v<3WsjTVqi8~0Y6_>4-kVuUTwco9Y(%_txiwhe45`9+W4&EpafuJYJ+gcr9d zE~C*CBY9mJ#|Y0V)|Up95^lOj2~d`vk|+>y7G*z>;jzq(RH-UV0a(wbXuIHZk9 zDr$=4FRYe{FiC};&6b#<{haCpN&57Y_9wPwEAY9>O5kJ;*ghri_S2GUz zpx!YsZMXMY&Dx-PH*O0>^X6zH?fBHMt&hA5fZBba2~C$gZCgmm9ZDvz+a>Hjyi#@o z>5<^Gcd)Yevml3A)J}a2>P=Y~P-c&ckB_f+F>Vy~+^Ji%>$(K+D9Z3BxqRu=KjtzGY&I*_x(v~fUD zlT7A+m2g-y*DU-DU8pw}$AFB3bw?CK7J^(ys8t1vM@ZmuAXJQPp)#)|K@ci1EM~nJ zBI9~)kvV}zE|Mw=J+qr@p5oCuVKY-JywGgU&;jtB`Yvki#R%W5f9ubCdkKkTFB_<$fY_#T)aV2;Cy zGsJG3nUr@Fcy=l~M@WK{2Su%@X~b`zYQUaQ$z$+KzipDT4AvL(5KII6<5rrzcJ z!z;&Jw8Oc1{8~`z!gb>$W*<#+F**fyll>0fMLP`C8H*_xa8(PaU(IVZgUvXc$>PH? za)QF98o<*rs?r30wv#(!vry73?U^NBm{`+{zxkL@iZwahVy`g>_{*mMxnW1XCZPwv zxlXK%p|Ap7K?o0FUKE67rE+lSoLD*x%G8ZUF?o$QHy>}>HM!R!QaNpY7A~?Vq zvS#Gfg`hNO6c@T^;u?VjB4mef7K&TPz2$+`b0mN~!9gk~tGrATguyY+y(#57-0Etp zk6|4_4AZVsM?{|FG_W5~h)|k_pWSDIk3mPOtUs{H&+zb!<{8A6D0iRLu>cCcXsW`z zU@A~d*}Aee4+R*0yYW<9)2w5lqy5wS5u1CU#=A%~N#?l3WZ_kE5?LwfY6lnvNuL-j zV6-%QMh^C8_=(=DD=>6|-Q(@LnnXnu%!JKxjJ_nbi>{;a7C9nc0BJj6imgup?15p0){)O)5fT z2FJSfjZwsR=_Y9$&b%IDROT4$5E@>ZDCZg1ZBhI%knEg8LVH-P)1k)lrfWiSTITG(KIfY^Ko7z%OL8)qx;1VsQw;l)*L;Z4x21^$a}G(J+b+`rfb6EG zB}AD%Z{#iSZ3U$ww08DN+Dv^0q8PeWmsJF{KV~1=&+5Rn`(cUxY=VA((M=|Yu2asm z6SvqLn`W|3&M&miaV><>vu0U$oF62-pzS_nr;Zeiu4>bcS%-jhjjtDXx+n2=YzW5& zX1%3XEfQqHU??Y0px&BrKUlx)<(^+eATyTuaOMH*;H6hfja6f z0^WYztKcoXN8BLEO;s9Q@hu74MZ~U-C3$~p92?(wkDo*h@dj1-x0=OVitOo{b?chT`L-Uu_&VyTh=-NkG2h4RL|C zA&-`segJ&2bbH*zyHI`k_;6<%zuYbEr7d+_L6ul6HBWWrDRE=Qc59IFh$oNf;ATE3 zki}ss_*K`%oXTYZSUcmHI&Ry?Qu6uK@Clk&4G8x}A3>OIx7?QwX6p9ui#f414!|)F zgVjnr;Gk1D^f2A_H!07-!eRxOuzI36v6X2ROjQ3Y*aW=!{nN z`ZUilR+Qk_y4q|Y1=E%m=o6;poiY2Dq?#Pb8dWdqaIgP``P}cFsh+|4^pKtx4?YKw zhBS&}qN1McFnU8nEoBEl-DA<7zpRS_)phVHj9>aJjG}4?XbQcyp1UZ5lrnGA+V9q) zB4BO$b@Lq80th)7k2=_J%`mMT{ATp9JUBFD@tG{C+KYi$w7lz@>IBGcZ;3RVb!1gP zh1%n$wSls~)fs*d%RQA%S*)LVbuaju+-QXJ=zA@!Odi0{q+#NDtLzYajecgiRG%X-Y;*<`YDg0UW7N^8Uezm^|5fpkTdGk zlSP}qRD2Ve{;%sC0o5AWeaU>X{$3Je46QDZzxWr)is{@**Xy9f9=kD9n|Q%k`to*Y zp^J?8`$5ucuhL$-R7CSpb^RL#kwDwAw09VhoqvE=XTG_qT1JRZg{Haheb&o;2Hz)d zMEP#7TDVN2T%1Pr9)z*;hav?c8xib;?4=jxe@S&G2P`XPq@L;T?ti{M1H&fFy4FK; z$IG5RYxR8fDMTx7rqYa-kUo&t7F6k?ZXs-7?jB62@tdp<^un4%+#3ly7-;ywmDTHS;WZOP;2F!8mn1gb31uB&VHltR6PLzMRtn8*AVCQ> zHX=?~Lb)LjBwQs72cHvi?`o@*KpCyp=sl9{wbWRklZ{VH{c=HJ!Ew4eQqoVY>KxD# z?$9CQsv}-I`m74-RJ&O&X%%o(psnp~wY%AVJtbTWrb&;6IdON0#b}M!erQQ|A5ZC#^N;r{nJB4ZM?F)+N zOsZKOtYc#qmIOrtrq;94lcTqSqi~j2rdbD+K{^}QaPEPw*9GX91S2`1eO00Q&BLDT zeWK6Zj_#nA=nY!C0N1{=iwy@ z3kgbkZQp3Evozzqo>W4iq_6tKjCP`wcj7YF@ID4Q>Dpwoi!E>32DIRg)~}MamivQi zJC_!(WIh-(;|Hb4l`$>)+^sL}Z24}msoNfExjNZ>E)#7WNp31wC5Fr5MMGirw|{c; zJ<51>+Hcng?usTamP*|-Q+8V>zC4#FGB*FNYZVS-QIuR0 z8q)b}?WU6Xw$^SQVNzy`#!S9VpNo3!#^NzET z)ur|lpoaw&imjSui68ES^mIn+*@>TLrkuBqs;kKlJ4!bVuRdzyHz+uB3JI|zvXEd= z2ks0}mwIp?PDb-23~28rnh}a43#gQ^T6 zrvuTK9n#A)=YS+^??E|y>H2ky$?h=)>%kO7#H@Cz$Vkl0bQRPDPji~kU`xo_B5?Po zz{)qnHHMwv#HrREG^ct%z{$p_$*Lh4LX%1X`0N>oLr283IiQpSX2uFammiu{IMSzt zD+moyj!-g)Yo2{c!e1wwb21-qi2*|c{AU7PcAR#Z)8>zK9>dRuxfwFQzA2PxC^DiC z(&_#1C$T=2`J|}ADUBK4q{TfmZR#l=@U^!xf7n(CaL zNV`czJ%LR=hk*^1VccY9RZi8aQ}5-m%ZOUn@i9Bf`i9FqB?Zf@P<@!JqZ1HbJa*)- zSoZSVl#euLPi}qTSP#-QRx>9%SGa1DC(DKPmK)1@>5E?y1!BP5ssXya#~%t8(z_`waA?;cUfm+ zhT7PwlDzHZf2GRrZ))|-MLs&nw4=Ncc%=?s+e|M%VGv&B}`LYDV z>)7*huHy*X7HhWmucpi~b?*57^aQ_}7G=|jHlm3sa_nldfz1<--g(~eq_p7Bqa3&L zD$v_q6)w{*_34qY8kc0@hJ`0srZrd1uth+By|%8ZRup5_j+dO05%Md4j#cF3YOx4xy+$(jSeVF3EA?h$psx!63capZ>P`DQCYv@# zQi})yQf~t(&N<8}+2soz7wPwuzrpv&v(O@zXcBl+eswr^ojy+FC;Uu>64&$gv6Vt; z5b`t=qZs6FiYG7$@AoI?NOuAsv=dORmT59{lJ{V}+ZB!fw9?GZV1(X~KM<)s*G@+@ z^F?GjtsQ^ilE;G8Z{okz}z}Cc!}6paa<3$D79+jSE7{2u;*T>Th9QCdThX|s{lq^4QVNtH{O}o3S4jzO853+NQ1}eKO zpp$Rv+&IkNn1n~q%F;qxAv)cN{+b)>WwS=pb|erl27N`n-{o+sQ?BDGrN$;bCZ?<> zD4dAJ1pO3?#=z}VgYOxH294!Go>!7yXV}!HK8`yStxAPhZ`2bZjILds&)WFhG-w_f$4$g z7c#@czl)mH&9L4i^c{=kKW)>KsNEx@@3=(Qmvo-SXb%3~TTIW}6SZ0irKqw|HyR_IJX=jqzs(n9O@{>% z-KB&hsa{@)2hp1=D!=VgS)T=tiL^9|kH8P6GBf42q3e%imm>?!YSDI`r+Y1mzr0cp zndbVUjy!{=8(AQ4bO65(pqnSIkrapknq*A|IY&ZM2?&g~|OeT8? zeHk-nyPI?E`KS5iG&(!^+@S`xo)=40vz*wZ@8SMa$)G%_PE}bgD*}IS^+ahRf&_H! zko8!hna4u=z(*gO;1utpJMx?&=Y%j<5oJzcmMEJQuXdkY9S7Do6f%+4%nrD&En@jl zrX5AEPce<;IxlAT?-p5)iF>vy)_@`V+dbt zmc>h_v6_cBVu~!oi>Gl~3;L0qgEunJRVgA{!>qv4#s%w_hAkH=+U26y^a@4~L=znd#kfQG9Hy_anL z$t|PKA~*`k)?BWjWLnH}*zS7jK=?|Gt{Umspz+r&eAlXtf6^gq23bo~kmrF?3peVJ zvfoxH2C&IC;bLQt9?G(>ZNTJk2b;_Dz7sac1d%=mRE8P(JMEdHxFU|t30nEq?~Rss z)Z$d8pegcf;|JtC{P%HEk|OfhOxc^*7fu1wEQza_2|>C+E^XLB8f>Om@_43KPpr>GKxDi z>B|j?WB+`g=je6(h-^PJ9dWqH);(YgR-Wk~cD?p%4m6yswX+C+YUVpfLSv-PtF~|p zVt2v_S*`)H9>d9F#px$+eQ%H*Ks3;Ge|t8;J-yR-)A!9uWiQ1$fFtS|xc?crlLgM{ zTqGX-B2}y61R6ieGNk+vxj?l{zs}}B>_84 zW5;6(l`8U@2W|vkT_o;PcH_BDtof}hW4p5u#(5(fdm76F9`9H*KGO-^kq=T2&G+mx zKykZ#)|XZn@)>g;VPKniJ602WFW0!H6fOsiuOuSxMu_O{%BiTj8=5OCSLGh)f3_ye z9cnkxba^JA7(y?R(#mBH@2Tr{30v?^gElCTnY>+Zp?S~guCeuQ50yPg!c5 z(Vj9ROgk9KprWN#8%uh_P+T4Aq=35zczy%gf;ig&g!C+zV#H-FX*F?CFAIyQY>2HH z7!Yc(15p_U0~Y)7i=TyC6|sL&W9vmR(7FU})&6iuA{{}OdR~v_tfoj=S{66fPww~g zg!#S7MOY`W4{K+T-}^z2lxaJEEd0tKy{30(CpxKqCg3K@!GO+Vs>Kq-4!$ z+IcKV!g(kBw4{&BqsD{4yl&`E79K0*SLB>DI`~Dl=)-YEU?pkI<2dvd-X}{m6&+jx z>0XiamxGy2NwYplFbeRm3#;GRRWSmBqKWIK>$-jmE3XX_+*Fm1*9ftitJZ^n0e!IV zsVM+kZe{WhLZwyVZn8>Rj7i~IfUq)t)&lOFRWB3p>Ez2TcZe{J+)9R-YYt^|KzkE) z8ZaItVk?qF0m=H4Mh6Gkz_`v$wdtsh z7d37m1ffcMw9Hbe)YUB`{k%?xoLGsuWcFiuKpWwh%9z5Kr-r#K^*|^EDLLc@D_q1D~^u)6O%j z|JGwZi^lpjw~aB)q`AqWT%bXPTZCkgpVx9^9N$`J)PtEhT<;;zPQDp4M*_j8He}nK zY{PyK>Npm6LHV74alH~Xx8uoNP*yZqUfX5*7^^?X^_zAFw>mv0;JoNUaZ7MIsJ02c zWIL;+on!FHvh$*lVRgUPy$itqZ;iIlxPfQQ2R%|6JW(_Tui3I2D@@@Qy8YNznz)LT zbS1C5KkYG1mg%E896W@~&^=ZUiT%7N>is-N`JAS=PDO^_ltLGoY7k; zz@Dvl&B6imFCwe_SJFuXiXDx(8MP=BAqGj=;-Q zPiFqKX!j#CEaMe3cepI0g72bO?c&NBJ@TuwYeUy+V%Xg8x6upO^{Eu;H*Hjh+`HU; z<%*A1-!#fYFHY*Nm=Ao(+Ny2&lo=m*@~_AXpL&Ct64O>Cp52V@TzypBC1>ms<>Ngc zCh@9%10duQneW7)@puU+@S$avvive%|35|2L1!ep;O@7NIrYlN1L^~UC67(kL21li zSJWjoT2iFD)FM=z(HW>&(&W{ruuliyRHJ)3kjLeL!-j6Zjkro3X>^Jb=TOrc;zAvXbLD+4 zESUL88M6|i0*oe}%}CHh&K1^eh|NWPHb#9;2;sYsff)D;$@Ki zYYv>YV@r{7b70rKmfRS_4HCnYLa1=+#*7PvLX=;ur`>20Hc<~etl&}xR#|eO@M&h- zMhmB=)n&V6p@V%w(Xx8MR+E}XQlHmlW4Icz#|PL+Yr1;&q!l7^08W55eaxV@G6a1z zHOGmNC`4IMQI(JX(6#bqb1mwh%!3gB&kdz93HPMY0*#v&RDz&*m|gD&cThpXq~*r| zFX67!vyBTGq1};z$m*^Sq(LrEs$k7015~FA#8S|yua9#e>ZkLGprTtwkqaI&m%Tyl zYEDHAP`AWx`a1l62%L|yyl?|Upyi;9Y&#t4Y=3!-4rBi$gQ{|`X)-Zz&&uu$lI2jV z(v*U5k>PuiZa+Q-tncaMD?XS_lb=n7ftb2WpZ;E-wD(GGP9iD7>lGlQ1!CLCL^}9{ zoAX3zYfMmA``h_u&-2U4$0jPyLGu*`3t^F&*4RQbo&EBmWDbR@4g}G=VtS7K&c~vB zV@fXka_B{VM|156S^OKx-L6b<_{47{LkS{2Yj=zQ5NNwEh}b9>tpU!}4a$P6XZEvx z&1=-;YmXI*H^+n*`Y)uX_G0bQ>t(GnW}S zs4e3?dD^JKFO2F8Zu@gSQQWcJ3|1i~PC__1M6+O%xuUZ*#8Gq=nR8Gqzx0@ACbQ;- zza9kY)++C~fX$Jg@(!qf;HFazKFCGLaboymkn9a#`MdIIPlmBdPm;{6UJ96&D(&yD zx>6;>i&v`2IGp3+TYa#84n{w+co&%CoppzLilXN0qrQE6y6FGe#jdb!F;T`*9Mt1M zI-3!A5WDww<(pM$?N1YOVgyYdxICM_=O@!|1{};b%%HTmE;6A{9y5--9rnJ&xX>6vA`;sb~?myF65MRN^`QUP8*qY-?|aclf?U4+jr$2mCAGpPI#gO+(^ zp6ivOo-ZVg;FOVbSBoSZ7n}e^$@!ze)9gGeorL++a)x<4{9*QF@TYOW_s`0mUK`4V9};1 zVYXh!D*BQtY~isiG49%3+AxjJFVo|M4$54lNOa3v{|IMeyu(#aG?9~3uQB$Z8AyMuUz*x zaQx`zla=XHXilfSy2AI+maJ3$x`dIb+xlPX?=Jy}mq3KdrPD2u=pq$I7P; z-higxuLAM_5spXuAl9$Ds5Lj^ZfV(fxiasJ2?m&l`Ck;R+ySg98-w5ZIU(sMDN1d z$_Q#s-vHz7`S+|JdQKoe6fMi#cPr6lnB~%gW`?I9H|{yWXO7Y&e2flW;p1X$G)$uV zXQD_Ron4Md_#Z{--+$m=s#4=Jh5nO$g8rWTKUCb|HLLYjUrJH0EC|r|9X~Va;B5Nr*2Jb z<4)ET0J*UX=mz}vQ255*KR5U~Ekdme3BlSU=g%+?7DjnB{VE4~k^lZfO8muhQM`s~ zZ$cw=?$0lDFhlW}qZ%|GY91b?roIEfNNWD)&n%4u5vt)`M-OmT&+d&DB6x#@GI00| z1!5_sY>m__n69#df3E$5#3}3Qg_ChEMFz$@3;= z+UK!6{6Y5=laN3IhyOKu(l6l4xbW$gi2I=R@-#*+LDZ=>M!;w=*A`E-T1dYa z+>K9iZ7|!}C#F67{iJ|I24&b9V1j^eZ)pH>2vDHA+5%BeKevz;H3111_#bzhx-@6B zig+$QBQ0aodQS9&3Vr4RHg*a^KKol0z_i1r+hl$LGzN%n@F!9oB2+<@=#NB@GdQ%} zS#To;+TU**`5wYSFn3+t%Jq1ZGPy|9Op@rDn&<5pn+@+clg!gh_)AVmFAe=$Sg7uAdBYVq6u4^`(s#tkF?XStgESZ zrx<|AL<5s5n^Abn_E?g_nlpC$a0`lRZ%(y2w@dYlvZTThV6<}`yJ33xx&5QuC-(`! zZhF6SvlKMk-~&(zPlKP_^^%ejG{yoV6r7Ap6mPf>dMOOo)lU>uwXX|qL|L_1Kyh$S zyCfT_6$e}+0>8*wqy|htiRO=$&%>!~L8<%v0|Hsn&VZOi<^#UssohSuOsMy{+BwQCsU1w&$Ub6;1!?mdJN3a-(Nd*xueYf*Lgx2qOOh-*Vfk7 zML%Z2JO5o92n2~qHY^L&aJtD-mHXPYaYtODwtVanTHr~mMf3~ejsUwQAF#mYQkVO! zz|PU%SCj%?Z?Wr!I%XT|_LEz^!w$f%58GV|0jrwGo}{K|+PYaF5c%&b6b6j)AFW z4SxM_7TXlKtv=NpgQxq3K_xgaoVvPULD@B+9_eg=4z#;oSL$F0DhDO?hxcBVJ5Nas ztpmd%>iFOdHr%sTUPt@Chb3jX&3(1qKy?p3RMte;Ma2j_;#}Gr|9wXiSaR6l(1^lg zxwl`dVlsMDaIuY)`i!b=?8#RpNCcN2%RNsRMro=(m;Pft)Q47(c{&_^{lx z8I>G?^17%3sutyNm7YZLd*+3X`UXa|>r*i6-OA4?-f<)n@H;x1f&_wIY1l^8AWEAG z29KNDMYFPY0V&tjGTXj$AuU%y2EfC$Z70En>+k8Ful@N#?;Sxs%53Z0VlK-9nVdmF z^M;WzKutAmfbE6#LQ6#3P=lcZK`hV>!-Xz#~%&J zaXo;Uv43zU_uk3iX=hD*T>-Ud2W)LS{BcdfDN^2BbdigV652Z(Q@pS$XJ?~E;R|f= zk#t3A=AEDFB36Ue4!$G$9)Qpl-8TID1JbmE-iqhlq1cbWtAT|x3>f9(W~EB8IA}jk zxN+Qa@tRc8V@>${wgDzaSF2-ieJS}q)nDR0+$ni_qO?NH*{>`{(Ck4a?)UvmP_YuV z{S2-*)j^27Fi*j3_^_dri$VZn{a7dSyCfd;>*!d6VH3CCvr2cGZcMXa6VqJ7Sa~6c zLdnS|c@@-et_|sc7#hBlaCa~VN8Uh5P2*?pTF{e6Q50YcDV)RtsltD_eG}fa4Xrit*L|k?C z9U$I*Z|XaDjA~oF0F9cs-0muEQEc#Q2P!2&-5gD%yQ}t13uQxc5QEku^FS92>d7`i6jrDaf5)h>de7sncU1)t z-KhoRFD6%snrHXK^C?HL#}4(~G23X!37Up1#x#NeZ`y7r?Pn2Sg(QP(cNy+MUF_GQ9_X5G()*^itay|1y=_6 z{frPTqptO@FJ+i5k&`w3YBcT1l|}nEa^l`aN1A;eZ|u#ChIL8v6FWa+9aYvp-*2gH zaI4A%NIS;u&H@T)5!nHRu+&%i2yxa9Uc>6zs1I^v&Tw?LYg5#{lj+195La7|=1bx? z>fuyZEmf%G$$iuY5VTP_4`XqsU9%l3I8ZW=-Z6>$VG08-l|W}J{Nb^nNjrewPZP|k z&!s~1-RcXkE2hHR=boN1s=yRmC@-ng?ML0WVE-U4{2Owh;2xF+kexC}2(kq)*h|}M zIU?E%6f3)gGlgRYTjxFYb`qPa6&>}V8=Q($25Ll)RY>l}fgMihOXi))JI@ayKfF52 zaO=uZb+?@IYDM+Xx;o?~{*C^hg@@ib@of|abFPP6Jb7N=+l=DZD$$N$QxD|yF+T1C zjy_q~+D5_jy0h(03LLw1@Y3BQs*84(_oDNd9w+B+{i_gV%WvA5Zo6v}UP#6lC^v%m_xKr>_hg1?n=9C962TaW_^~0BM&4R^QR}_3RFN_ZTaSE! zvh7Lyfz8$Zz^#5svcZ3>*M6vx>p>VZQ0)<$hllmn5&EA45^g;AnqP!8%UAoE)saHV zZ9D59WTo>ol>Q99lI$#6r=hha{XU+Ntq}7^?Wy_%|CQK9O)~^QSp)i$G0w+m$j3Ull)<&&Smb{bh*%rQBmkp=8e8@i;LY1 z4dYiE$M#9XV|qbTY;KP9WC>^xcx;-dMH@wZ*T+JU-W- z9aLgpsvt(Jni(%&);&7+$UPoE#Xs%O9DL)xrxj8AB$a*Waf$P8ElyR zOv^&W*O7q}l$cdbvg2cq{bYpsZxT%Sy}e_^fZ$p*nu(QoJS@AmrG=LTn{%;slU~?u zN9$8^6~4MC;KaO%v}JqM3g6Q06d%1|*2giKv}r!bt8N$aWDQwblp zr_bp+j5QB$S}KJ2TnLX?sJPKsgKlUlgHE-T#Gt?V}78- zwLf5#Yj69`VcC`OAL>lfzmGP2|H;*8e{+N_ho|mKZ}PnIx#i4&^khTvEArWEn=yy7 zpaR8HU%uUBjS?^XzVCE*sbpC3cnnXu$EzCE+sW0;FJI)P&eM)*(H< zu8%IPGl3gb!g%+}t?yI2xRg12n=3&o^lC{~OS{i#jcmTd3=dmHiH(9|b?E__U*!=3jX9M%%9ov7zxF4G^q0 z4Mrt|2%7RVqEgMJi}%8QW*g7)zgZn3=B2fCim@IKbfybUo+u{hT(RBQx%b`!alY+= zlF|Wvf${AzxY2+opMbz=8~%V7fXY*A%s12KVl$LYSZ)5^tF)}ivb_k)as)#sa*Z0D=s`p z_Faa@Y((`_LSf^-4>w*d`bBhBX)&zCgCsJ`xO~Ama%^Y6q;UR63{@SuhE6Q zHwet>i$k4@Snt4*i-ag@aCrPyJcNorvM8#w>JT|#fSEZ zt;5r&0~-T#vxSZ8_2i;FyXW5=BVaqXeE(jEvy8GCgj&DzW@VLiqtNFEzh0ZmeES|A zy&}uu@Bicrc>!;XeIDlEBeSLUSKa;hNRO4rpH54SXq}6{5!rXb0$KH?8Ct#j8+-r4 zJ1ioJz33@@p56=YxhnaWmX666**=@(YQieTm5gjy?OZ}u{Hm3*GUp`}t>5)abFJnEAe_!tLrapIQ*7xkLX@$7aeWkFWQt(s;g0mVQ1Kcl4Yd<5(fBd2N`azEsmA9ZS^;c~tWI zVxps1{o$upt{v!TC8e|^7c;4x#8H&4a=HD;r8*zn-Ks*fhgoh{3vhi=4@UJQ&kQ9E zW7d3}r#=SG)Z)DZ0xs7h0*ViQT=m+RWMh*qZ>zqQxg~%0&mxwgaRnNpMVelIzo6Og zowN5S?^Uh_8}X~~@uoGuVPPZm;?OFIYOcTShu-Br@~YN)+Yl(FDBVErO<;hhxA z&mZ1DUf5+ByLCM3>X~RmKRSD>`0EkZoJ1yewvcI!x5`^+S-jeBw!X>vFcKLtyx7Wp z9Cd`T4aTUXePw`7XUp(Bq~yvQec^8ImdwLKwkHDD2NYEe&UAV!z8_d*y_~f8+bJ-; zsAT=#bJM0e1F?IYKNqSsGqCy(Fzu;s0Z#;OaB_BD2I{pJz_hF5Ry61XnSHC;I&SL6)g*`_O97s_de-h)GHhWO~jO&4h0p%yB_Nm?8aX1dJFxDlim#5?EZ+d z{{|LxyWymt;YB$$yqZjcJ5>z)N1cX<cz%^2&aZ)RURG|nXtsWh>UE5*nK zeKS`Wn!>88!E$-j?^!C}e;>9p%xk=J{@wexZ8gxnMg3`)2oYv-#{HPveyHG>pF2>>sRdZ@2rF-)HN&^Dsx`U7W$g;vxM@5 z=Cycc!|5~<~Ql%w%;cfw(l}Vy4&}!*cFTPgcF8LZ8p_g6($~Lxg>!{Pt9Xh z>z?Z_XYeV=DH*r0@Cxj#?#p z4f1B;lzK<+G>y1={Li(Nho;r6uN_;_k3Y5cK-d5%RQ>F&G)qyVJ*dSY>5mpa(f54?diE0d!a6BK!8mTOr!e&uk*p2-&44kKNYgT z$+{7#+z5P{no*3}k`FDK)3R~=PQ2ippwPS@l#~otr&&}B3o0G$?F55~oRem{z|*I& zWo82^(0b9Zy`%NxzaIxdzIeu3c8`)8f{e^}X-V9IZE(YP2FJHqB$c_AK7tnx1Lq2B z0T9Jy9D0GhP*O-rMo%8LJr1T!Rnm8q+++@ zi-|x}fh)B7>FP*BJ^|(GD&R7T_$yMmfxcW0`*R-IViWDe%rY%&p$L&hh3ww!M(A9I zEp8lSo`fsAa@^BXB&zzgtSGlFAx`}vTt60bH^*oN9jX+FgmSb3>BptJpcjrVjs;c>embhe0fyssPk4sD zo8Kn{t>=DZrW#s6h!ieucMhn{*W$}QIDdL8{2I+zkgPUi&+U9Tx#1ML+7ZZYzaQtR zou=isF=XW@;Bjd%2QaZQdt7Qw;wA(6}2bb|IFw!P1YGU zBN_Xfv{;2kg>S&-h2-oO&$H*xGYkVSsa30g^<4iA5QBgR2UcxciG^Q-W^tI&h*ZyP zM2?b1dbw*aTx2I-3zbyC@Y1{b29~6cBVGR5kHTIq@eXjxxnE7_$5IpdtbnfvGk^l3HI|vcLs#?=?)O@lwOyjIzOO&4xWFfA4QHR z$%{K+c%TF*I>bb6X1TN>bvf7v=VUK4uggV^Yc zXjeyD|C1`IINBqJ7~vG3{;F<1YL)Cs_F-uC_K%$l*Nr2+UqUPXqMN@yHtWgas%ebP zBcRuK7_7qBL=B~)Ut;kXjfkC_Yb^{&K)gdB^*EDZT{%kE2= z-McwpyHLHtVD*ltyl3=q(W7+CswzpfS&QfVX!?1Uq&bnz?pl}7#`~^czmU2@vER>g z7LDWz`(54Jz4|N8dvX50dYRu|qelNc=AQKs&m0&q&P*xU1tA+$tE@EG(;AxPe@dNb zo=iqD*(bq>SL0&*Nxte4QXw#UE1`)Bf| zf|j`cl`!Rrcm$5&?p^$kylj)<6hhDgJtpG(j@k8_=ilE|zT2pNMM07bZlMgn%`_?Q zp>K5VNgA4s?WqcLwJuT=*Sk;%x5{WvtpHhi)D+4XQRCk`#_v~2IWSY4q%jWhGYrw| z)7SmAunyPqZJL<_7^3Vkngf$tX~hfOC8EDh>fbM;w^3le-;Vu3x->1Q&!jUc7_OhxpGU}K`+vOx0L;q&`1v0z*snlf#H3T-T3&)9>;K|d2;#~Z=V?YG!PvqCUO zTXcyr=rqogr;@+Vs9foI*@8o$YZ-JyKwpeqPiaz8QnfOB%vn znZ)ma*8t3;C<2O#b^D22Hq4gS;sgTT1X+?XZ%c?4H*Zl0_`g(`4D0W%`RA$>nFmZ2 z^)-TaMtTyuFg`vz6IpyI{BFKr&GDz(IOXZZlog-t&AGaz+9Ta5H!mdv05&Ea_vVnx z%1TCag}r9x=hrWV9`)|KWxy>M$N69ZhE7VV=~BNBDBo18xAd1CaOd|5d4O$>9X>Y$ zAItwd60A)$ia7%-!*d)3AM*_SGj|76>-9(1vRL1;ns2<|Ik?jHFw)CYub{kk+rt3; zbw0=*Emg72RUQR_gNIg++q@)T$i1eL$4=0xP9Sqmxrz;(vdMx)(=3BYJeu%70Phq| zxWPmYnS_VI=^SR$<5$vg>~IzfOYq*J5%^50zqRth|2R16k8eF z6dElR7N}Z@7y55C~HF@kLrHa5iIj7=Ql0dVLNJwiJ6584$6(5$GozP@#MnOJ{y zb!W07P(x3`bRstmiP6o?4bpfoEQHhsPVX5NgYvsy0f)ho(FLa3D$l;VUmT!5fBu|a zxBgXw^8r|UL+|-B92%QbQu5esj=>oXr`*K2?L*X{miqdnsa zr*i%ofvLyY*x4tz?|;RAakP%614vVe`5j}2KPa3Z%A*Fb$n@+o8N&VamS_R zY{N0iKp&W!i`}BL)AOT$+^XWR#KgMvx@E7!-3Ugjo#=QNxVc3H6BFXiy;Ae)aPK_t z&vk10w;1M2k6MML352kI&p#L(X?`B~jA}nLZ|k0&jYCR{QEB}y+Pa|3(XHK8nj>Ge z=WA+CAIYo8);}+X{L3_beVpriJrNPncB@TR9DMwOK{?I|1zLN8Y<7i)tSW1khp}I? z4kOozqNdZ;G6}ahn3!-jHWzl^z)&T8xWKu4WV&W#1<>qhRGJ2iWl640CG*WR8q;Z1 zn)_8*EUfJB({BrT-6&Z>E!8VXZJHa+4w<|J|FNY?Qi2#5v<7d@=#eY6hbmyu-Be$F zQ#Xjn8u`XtbcBk4;#22ew**0Xfz^(ec%%ds-BBGot3To`Q10I0CzBQ=1 zGnWxNcLSLy4$BI~ZvDlsf2*IC;6dq6d8t;;EGJ+cwX(B9Ld;>V6e|!rR|)ydbB1Nm zmkzb}&ghnzh{4XgE!JwzyCw?ivJ8}|oKUZtk&7I!C4}%c%-cdpM4X!`3Tb&Ya4JQ_HE)PvH>Iohco(+?Sa$e>FqvDn^ON#9 zZbs?MdZ9k}Lujl)Z-k$Gxhq0#EtXGJG$tO0>CY3jd?lzt_BLPfzTEUsvcjN{Grhi0 zfocJ07OdTX;;_xs86yLc&vrDcGS+SJ4qN&5N=-wZQf9nbyPx1+*YU6YKV5owco=oj z%he^*+@=U!`;v8%C zr)(TH^EaU9ZvbbJ=IWilP^rTdl^cs8i3(O4SN-ai{nLb8 zE%-a4;dp-IIkFv9KrUShzqhYnU_|Q_Cs(#yN>pWGffO1z-xgIWw&?9T<>1E#XNEYO z?aqsqhxS3un$^8MUt!qW-Nu97UhyOWK&Lr8JUnt3rr*SFV}=D<|JebiP9|Ej=4d5r zTM9bYv7YDI?0%4N3WfGfUw{*_j#5#L3I21J0wN+&d4&9qYVg1p5Hgx-7we`9_9oB6 zgBEOE?NEnOur>htY(J-4ROy(R!Py*$e*ft0wSn^iSNrPL$k5QwN|Vz7`jTr_ad%^v zjWt?lAZC!IR96UBPttni^MkFEUE7}Sw87(pA1k3wvnQ1KG-q{Zq&ZnzX zc(K$BvlS*{HH^ud>s}?AKjt_r)(#Kw-CMw}&Qn9t$2Y|Fxw<9Ao{a_kZf84HEiKZi zl*H%DU@*&qK+F!WfpG!;L1Q8&Iyl51l?`tMPs86;m0jsuSbt_y)Y8v0h7tnL3_i~* zPS9BeSiMJFyBZMQXVy^cW5M{5D0}@;=^tnM38aaoiKDa`r zTiM(62o(pS)rq2y$uWepzlg{a=W|*}yqxETfv5NtmTC**65Cfu>Q@91x!Zwd$KAVb zcPkr+|C6tC=TH6c=k?=GH7Uu`<%Zkdi!py%a0R^?Q7lv&vg#~tZJEJ2wgGgi#Rls) zRd~;-rZ(=N0HRujwZP#*b4FCv(oZ#cRmZ~xG-SxMswU%`H_xIAl*EX{#FDt3xhLJ% z*4J6=`jz(Qs-8EwJI4AEgt8N8H(V(#;Rhf?rruQbYt@<}fC;ODM~jaSOkp9te7T4O z$ToZm#?5K7$6)F+*VKy|D{S<=Ca`f}2>JF@BNiX1f8d!)KJAHe4#zpKD(XJHI!`Y7 zT`HJDbr$Vl-O`xOaz83^>x%5*4NS_;*UZVXxnH=>QcO`AhwWG&aXLZ&UCaYf-3p!R zk4(2SR9C}2o02iD63NN*x>CS#)nyLbYv!uaCvMutQNwvTw>?*dewxop4!b@{llDh6 z;IQhksU<$#1`*zA?1eojP}es*ns5T=^i1!Rt{^;kzxD}RTc9bpUjU=S*q1hnG4+Q0 zm{QKkg@aLQu_?!8-QJ-W@0%++zG~~l)sLf})o)2veWgwcpFe#a0I$wcAhqN;&12KT z1=c -iQm5D0gLHJ?sXhP4yBU7{rHQ}5V508IlFV94R6`dB8E`gLbE`oVUH*r z&=ECc~>6d5Sn3_MIMP+L9uvsaNs<`US)a`>7GG=X9#D zsr)S2B*2<}Nb*#QOmDKpXX_v@NKayUbJ$jrW*A#K<1kMKM)SR=qK<=Ynxy;>rE!t< zQD+B%jS9-F;5u^c)MDCs!*M|H1hIuq=_DqGu?JDH*kd)!y%QBGJ0byZbYCl?DYkoDAE?v z(+UD{V4*AOAAjxAHn~;#fgN~5b6XUo2Oj}Il9dsLW)^JzGvvI%3@!&?6*J^uoT`Z2p z14SzYqdPkcqMtyQW?YN&wieKg&{3=RgloRplL80DFfKX`rm&&%Iq!>%A2oMfmu39O z1|M_lfmkwrG6G#sd78;vaMx#5ezMy=m}okk#ume<9Ugu#-={<+BGT7Xax=eR?e@{> zm)F<%o7c$waip=M^P-9AR0DGOIwVq9dO9vtM#C`_ix2Ul1a*b%s$p2{z?zGOuM5@F<2D_JO_K_|&vuDjgDx3}tn;(AY z5*b|IU~?B^xK~idM1E)!-FFD~6zzBU=3GFJIqIcz?!D7^9K3I*pK^A8^$a0A=)E7! z;ft`4j)1ly=8xgRinhVx*oRA_#8#SQAL(dqc25wz!czo zNs^JdyZCwI_#$F6rpuM2>?}4=(JB|GJE^0I?@iVS5fBiRdhWghgRtuM%2>CI=H^PP z5HfKL2-uL2ky)I7nO0iQ6G5hIq`7L}xU1dQTMO(><@xQ7XM<<|0>5;!Ky};1PrWg9MS3og;p?cF5gq+YY{zSmw?&g(K5qjTOPf<$K@V@0naX z{XBa?V6p6 zjFTS{K|EclXDdPKp7BfJLG7po>kFr{LXN7(Eyp`YFBS-C^@Uxky(1w=i?l0mof1)BMh&x?tmlT57mG=fzTZ$PR_w>fNZ{Mi z0!X~DnO+MOtOut?7r8mJGuki;6)b#0$kF7;YMpPc$E;34Z4DTI*iq@x2sdW;>~Lt5 zPuX@F$WbhyPqTw_m`yZ?%IltMLXkAR=|9ugHz}Kt>2YLd3G`$21}n&RYmBdXnf@2G zrV2+W&n% zR!~9^WOv_E0@ul1gW}aZ@V+Y|T5iCh#nVjJ`O;ET?ErfSnuuZ{dvt7Jc&MowefCl@5qH^Vhv`>UQD0iRE9|o!E?g zIy4Mh$3xY+kPa92a1)iUN)e|C)=SHU4Y~ao>d|b4lxuO%$}7}5F z*K7hbv#8nj;#1iK^gE1BwLfXv(=Z&FcJ9sA4de#-g1?OSR>l@%<>RVuqZN8zhzj$) zr{CR-qOCojp~KUabBS$>fC;nD_*S0uLX<(}VdUZB%~QTWYy~=TEdax3lIq^*D5js0 z(zcTQBP9G`hDsF06?(P)BFd3fbcjHGH6act-)p@fanxP&S&)P&_pq|yrao#awtT;! zC2+3F93IY;j-@AQq3tWqL-Eqv;mSR&E$Vr$YClqj#>~KkDzWcg#cKfy-pNW)+?*uV z+Oi9SCkAUvxlT;jx6bEBuj1j4<|VhdT^VoynjX@pGSM#~OXHFlMqTyRf}v4dStc|< zPre1o2P7PZOCE|)ty#Tjsr#JKx~-hi1hHo23-jo5e6UD@2t&4_vfk@OcrkgJuHm|(bJ_QxJHX;SJ9aCOPZjS53 zV};a7!ez+wRAjO{r=QZm8)!c^RTR1cK_uUCEToX0+-ZM6JeRdxjS>2AgCO6g22egp zjtVJ^Y@1I;Yw778Cr-amjbZJ5qws!cVcoy_jL7gPx4m3Blk;!hlG0_uzVfnYHu5Y~ z?8)4)hpzxRVwPq+dW%Km;n;7&5-p~|--M-~mV>w%N*mn}`8G;2GT>gh_|AW5V2hdg zZHr*j#geG08VUElo?zmW%8(?tIW4GMbuR_~`LVe$TWhgd|ZB~)_uhdIb%axaMp691swQp4O= zJaJ@YG1VK8!TUsPME&fpw_@1c*H%o%i`K%ZR88d$LAS3U z@R)CtC9YW98gdA(az7y~KBYlpIl+VUphzyZgCxZP13)PHL}9#v>ig2&c~C$zS?!xW zu0B7h9P7Z|ebhBOZFQH^fJQ#1=j{r4J<3cmh$gS`Z;hjBftoRwO~s(=#gJyGF|*u< z*qf{n?pUJ6kna~Xb~+&^4Wd;ep356~a_sqG4NON;Rk@aV{3ad#4XbgD>zHKe%efr3 zU|YODs*PgwrH&)rk{87b|AVm7Mmg`SpL%&^aNW#Vwp86YJZzI3W((gbqd&j94A{xJ zixfI-(eurzGSYs)k-H z$#84jnHT9ty4a1C@XIsMDcgxxH z9fmG^g3rqibqY=#ORtI9DXQEJd}{7zgJO|Tzhahw0fdNr+_~i#W(HcgoV8KDHzjo< zJ9!0T=~~?I4Lq%+rVn11T;h9&FW;KaeQKS*yLO8|zqh{B7#t7Ysxsv7uDad(& zA+W=EuZ01(&yG5lu;h8;611GVQ22$Vp!?`2HmO_9h4tZ5mG%MB-9qkl-gA z_=w_b^7bo|DHWAFez1yH-?(|mXDG-B>styogNyCdD>aF>$llq_A^SHS%*mXFTERW! zZTucDt-Dlk$b3F}^Izx#{+;h@cfdC>!Tbo>;#11;6&bgP0AX284Jw}ZS+XaC!cG`5 zAAEN=E#rTtHbi{J-i3xim^i@-gkW7`AmBs-FZ1sJ1N+L&qzy9xsu z@G;&k1VOsITk@JU*-lw+VzAqYwE^2z&1A(dj^C*VQ z>Lk>WTJOkmCi=aweGToYSv7{zH#nv=N=}9PSr{p>Mv{E`%796cf7*Fa>%@&P+{m?w z%em$W5*1bb&!1j%ZJ47slIOkReO>ZbG15n&y&m+mXf)BkOu#+sjRIjNCby)GpjSdC zw+`7i25&hYK=Cg7!#CG;bwI10n6gA*NYdx=ztiXjGK>%Aig;H8K?r3;LB@kNA;F`Q zxFb&iKYhQh6UT4zq2Pl|rwyH(p2VwYqR6c?pMa@v2~k5fnOHxuOQd*k^^Yb^;}hDJ zSe<@?ndpOuLU=?bCo003LN@3>RbJV-A+c_Ewq;eQaYlE8Oz`DEle1$;_VHZqV6IyD zzTRmQa(&J1dV8(+*!F&Bp^A^!*)+n=P;|FRmh9#(OBLYDi#qrqpqWW1g*!8<0;G-! zqJ}TNh!)1Qi!hLlZNyy?8hvG%U*61;sN0{y7ua2A+H{mg#!7}{opb~6YVhlJ`(7Qb zmAO=Q4|CB{)@ayDh##c{FzP&2=CIm)?`m6QaP&0EruN zNde;>yTED4_u-05SHlNy;wm>X)tXm051cRP-Jb?K#^+1M?i^&=WJzR-zN)MLfJ&hq zY%$anD}Rg}{sBl~r^Q^;sQM?xFdrf-y78N0NTw@*hIU^QA5V3z_7WL+v|d_V{2ebT zqQk|KOnR(B6L@pH|5{erZiU(WxGH9;)uM7~G!|Il;LW3>X#Y>PA*T6sVcs-v@XlGR z&i$Z3nXq!1XFV67g)u8|!%-QzUJ$~5HdK8yrS~yY5Pf&Wy8$CeACfviBBimb!%$qGSwy;%6kqs*#c~j|)O+=5@_ZWj9|^_sibUO4Pr`q#;erZcGjCDEu?YSBYlJv9i!G1Y7O=CpzF&7%>wRDYR-(miY?LsK1Ryy?%4>Gsv1dZECbC4lhKqEYujZu0_or`;5P!BAxu|2)M^58tD`tuTTljuh6~uih zE+FqPLq=I@ql&fj?p}v=1>}T8E#%0P@WZv)4N1-6?kx2@bbFWBU=_1pl~M&wq7MGiV7oYE40(p>5o!Px2?DkGr<_l z;L&@NZIPH$;2Uf#I~*Ud947SG=v&gPa3tV(wIl%M!CLUnGaKZ zwlEX%=T9;?TcXVNC4gmRRv=cO|G}NWrvnJoTbV{s*AdBYgEt;5Ju)Zhr%o-x@lKN{ zU((I5|F(mWSs)LVAdt`(_ZkW1uDr@YmfOL5@ER$(d<7Z({sc&q-3|%0_gRgPj=%9= zKwtJzo-i|5X4O&CeAoWjKh%R)f2YQo`$|r2%yBeX-4P!vF9#5jx{E5hU5pmG_TLY4 z1osH6GV9Szw{ado{i6ht$ee38F(?)otw;&eVF>HTW^eP~<)khqom{%5?B>tc;g6N} zp*WSAmbp|9wliwaSR0d0yATYv)9bvJs-jxz$+}%7Hcm|aVG%*LLWtqljY+@p_`&w# zu8BDwsr^vkmf7RbGk$ES^G(`wYiVgD?+1#s=L(>&?wEGT&SItG=+ocwG0>)5 zII`XUV~uPw(vitqJrYiG2xpvj)hzR0V+W|O_v47K5G2bl8Jv|iIRM5~K|%Ak|HY2fH9Rs~Voya8%blG+7J-*2`{juq`ASxHnavC8y@t zh{PHEwttEgP63%Z9xc0Dou$P?@LXfdXAYhCry|(f=M0{?oI-@5HZu7#I(UKKS!Sg? z;IhQz1(GzMhh+anRcTXCir z$V=7h!h=+75Iwfun`~YwdMyYz78wJuCi4WYm^gIfs6jr8CBuxAu$-`}0*XT?1aa|k z7p#Ws*j{*Pbq{`OD zW2_uSkb@qM({M?Mt&>^eW2ZIN%WYD_v8PpmJ&I7zi#d*K=pOg_&4OBXIm&GgGRbthG=>0*lI>k)P?I$u$+6HuJ9rGa<;o0ejtWXv`1DO zI3CX}n<=*w(9#}f%1LUmMN11dAs(EhiF{l)F5< z6NL?;fb?*M7VM^v1Pl%<-QzE2T^$_}J?=(k4l@oSOz(KIv-}E~Ov!x-=k|JZ>o=4d zj!5^q)5Gccr3rNR+M7OJe|cks0r88U6VN%IK80>++_V88GYqJ6~j5%WQ zg>XR${Y3XEmf2tnP3nlA+nBRl{KK8`TlyHn6JgV+o3NL1#y8)phQX0bx{_bJ3S=O( zF%n@xRg+BPQiG~hri}5N@)Hd6Os>8e>)IP`nv)!{g}1?#Zs|QSIH8`Gf=v9t$SWjr zGBN{O8p8C+hdc?!xT-gcy%u;y(2db{cQ0tmcSwhb zzb1P4IiMP6u2a_fN|90lk{qWbf~DqihxWNt@uW9({uLjx~mC(`(nj#5 z_7KJM6M9t=Qh#6S(vbFwIN2M>GBcO8P-uJnJSnSJ1`gtZ(*nNwwav$FX{1>hDbbKU8;iu$Uw9e;?Jb-#d2jlRvwtmG_H!ZkH>@bCC;iX z7efR*u7CoD7Sofl%<12Kc0)r$3?>z%loI|(p~v|aAp`B9A!wQNfxG2Wy$rl-2&Pll zRfWlFVhR3U)iRkH2XJVKM8t{&+wurAUt<+e6}?4NPYb%MlM>T@`t*rfrx9na+RR@R z8E>b`i!6OZ#87Tj&vD7yCX4=%JO^{Y;teDh&{p{BaK;iO&2Xh7^1Hi^w;ifv3f{Ex zEOnE8|TPe0AL(TFopr1Z09 z5xohZe-&ok<&`ov#KY3`o(R|IwGUzRc+LAC-8GnP)Ff(<<{;iW+S(|UdscyTZz^Bl z3kVw0hEH=?sX5Z)3GX^|3_g;D(P5^|t= zu4AD-1@Vn!fp>i5`s;Ys&Y6w1$nVSbmD6AZjz|5?W{LkQ2&4BeuJqXAKgkbygY(s1 z&ne}SQx18z_C|j^KHNXYVK!xMY-|GTwzrn?Voy+Cw1Re_cHne&Ft~&An5W>Zyv|nd zdp(mJ&2AbYA)!KB%`lKLL|byNZ)g}6aDo35oX}EQS@}_ulaUc+zWSimronl&4;^&_ zoPz|KMWzESg48PP2i@@J%WZ#B=SKN7$}M?f7&X(JyyIDctkHa9heo#yw}0^+f zg+ZG+KXZ{YoYHlSma&180}ca|m7w*ND4MSnvlV{vVzvXy z|KdlF0@{v_m0&k{=U9FsUmezDC}q4hX{UGVz5nU0&=D#%sJRnOqn(jFtuHafUL zjuS8;dWk{(Ic^5WwfTIacA>pX%BUoJk}fvGe3DjT95PkpSA78R8LXxot2Nr{B+MtU zI@Ke+D$=fa2~y?66Pi7<5(#XSpG}B{N#kT({CA=)Gm6$#aq_6>>{2evy6yE!bEY1~ zy~{r+_EEzBvy=M$AyGlC+8_%_0U3{*WDzh{ErMd6ZBd;+N#HWUazEcM;;22p9yOdT z*exh&R!Y>VSCRn5|LddcJ!aN){QOU286Sf|B$x*m^F@V0qjzNt%vpbA2mg$Xj6@TC zWGAC3eX}tTi`o=DEcUGPa(_N>h>$PaBk8}u_u+EFInfVFUWs?P5eA=>xpZtd*27*gmrMgq>qw@y}saSIGW?x3# zE8)Dq(FI89`3Y2uwNw$iH~Q9tKxHbV@=y?T|0oL&K*9IXe-DVH`NDzsG~zGK(pPo% zo9$Py%hqR0O&<1NvxOM7RWt+BfV8x3r&OLF-yYE_}q4gaog@N?@brb^%zN7cLwR_s+EzMPZp-EUThDi5?cV;Vc;Z- zw8z#XkiQV+YCu4#sv4VVCewV21P_|CB;ZT*Y>?H8)=F2}G{&O@2(9Im)3;rBZ;DkG> zxU-Qro~vAtJ!A&?P6ygSNK4zV{h9?FTu<)cPPYaU*@r>Kx>z{TdlXn$kTfSN8yXs_ zm`xZMDusqYqqTET?(My^RDs&q*jQ@5`7(-5QxwA4;B@e%Pcg@EDyc4x*UVt-JeEmd zb*mZ=3u}v&g82UG9}9{SHn7b2O*5Y!9c4M?dHc*JobU%wg2;{i5npi^d`fDa@0mc# zD$7eO`dp``mS0K!Ah-Fa@V&blH&8s+=&(IRPDZQHjDmvP1u7=KSDWa63TJ95{0dIs zGq{^6!{PWuuTg0hIK`kz0-6W9Ui2fj9L+I!kcZ(5yyTpkIt5469rVncpc_Bg8S{6r zPk8ap=@6I#9a4yLb&Bwu_ZNbTG;8t>Li6Hjy1(KDTh5lJ$v{-NfmPJ~g*rskMdEb# z3-cE*k-D2YwwlM?9-a{N@fHC&QFbj z{wP@voBqnwld*9{s|0foiV*CMAwmS0pV>0aALLcB3)OZh{ltXZ+L$>8{Xs{ZG;o|E zDCQo>yuxPG!r9u|0wdmmnj|Pti27dzh6PBjBTD;AM4{K<12Z}P7749 z9Am3b*?b1a!gq{~y|bDHjrc6*t6_nbgE@aHIsR{KIV_-sU=TQj<)_+c`cdU! zRA+Vl)t+C0YDt?FR6(gkM`qjbB?3ZQNOXbiIhZEjT(@`6;em6)6{_dOnq_yp&al-E zt6!>?Xa`0_pb`)g%4cXOpYKh+Uq7wqcHMc={S`j~)D-C-nAfn!BBP*muaI`wg7cr1 z!LA7wCSBC<2?YzRPJEi>Eidvb5(YG=VndeW?R2zS>w*nDrroY3eCpOZJGuBh5Z8c+B0d? z)-O4a+1wXgp?C9_MYc2w+-5gx6a%G}U6OazXD;Uli&8mOVq#(gOOik!3h{@c1PExuHHnvauuCwzJ&&tmc7~MR8+m+U| z4rC;CswqwhCiV7;xOH+8&imov1tO|gNs7S4Q>k|uqR7U!eFFoU+XtvO`Y#x@ zYJ&v(w?`XXZ{^;i;G zhd$j<(08|-YaHr;U21#sS}E@oGl9z{`|Of~@CPRk64FSCoK13U4!Cs#f9~CQ*Voqu z(2!_b&}Ro+W1kraC{AZ5eknn2r3VLBwjnuJ^~#(!vjHGpG+4VXqt+=j4Y(BGe#5P= zE6s6~6Q8HPW}k+)UE-)2mNkIhZJ00L#0$1)WZ->*p8a_-f)rjLBX+bNJtqgqSYKPy z#kPSZR4ecDv>1iRb>^(dIff#q(399tLn(gU%k1wOs;$NrdUA8AT|EjS{G!-$5bU?B zB>*vWDhny$>GTh5QH;v3YYrFMwiq-=)0OcHwb$WIOiXwlcgJ(g2TTSMkloHUWgLLr zvwt9QdDb)#f9x!}Jo()O1T*Axwb7cUz+bOD==}q}n0W!>wl97${JPL_0b2?INQ9(4 zLU^pMrFSioYHF_S4z9IHDdRIZTsBMZriq#+rgU?htw4jmC!ewr=1~zR7uaan%X+^1 zyY1O!JOkavptHnH=>0jKnVx1i)D`hoK<08d#C*dbz2{u>K#{miQ&v^BIXl zFta?Z)0oV6FVU2qFFjQ4?C#7?a9N*{0jCOKy!R&f`n^l4wX5nyVNoIIVE`M}qmb1f z3$O|-+ZhA(&WBOv4`qf3x9UwA9MC&ZDI3QJkXBo2M6hN_6)@c1Tv$8{{L(ts&uW%X zeW0-Q4>h8(yZ8T0&dV3;o!h~jpT%NGOFEgI#q4GvHpSLK6B!ZFf!$_K2~@f1ee4I8 zq-jUXMo;VF3JQ=2vcxhgEhb7~P>6X#z=d*tK{0XW0C+_a57n|jgTd$ZHEF88QD(J|Edv~YJb?wc*M6r_ld*d5+ z=+8%Z_*iOfT{(xI)WcOX#xqxS8nrm14nI}-Yx@a-C@0SDyuM=Gr7gB)oL`GaVdz}% zSMX2qF0tT2&C65rgxQWxW{ZI7#2B_3;4k?Y_dMPj*#1tgX7k#nt4ke>_R?f)RWCUZ z_@^ArEWJ)@8)Vb4v>wpxMRRskr@=Ytv|KNx+;pw%)ROg@{CE$s*ZtZUIDKMsJiTvV zR(w=>3av~yd$EbQ)p>%z$b0ns-la12@fqi*+0xpa@s=iljTI!8#N!Eo=p$IC-7bGHZ4dZA7Q*45$i4;q0}KAtpC@oqX_&tbnYqEq|| zi&4WD)4E`!K+FZ~er4#)hlPf||Bw3stzu{{Xgd7UK6yy!uDgxnF}Wbs|YIRBD`2No7qOvaZHZB7(gQ6KC1F8RXXaPKJzGnH>@b% zpWdt_*0mq}B-maDyqg?S1v4ORupq>1p*s0`Dm$S;0B_S3fSbjaBOkTwelOD9IpAyW zo%PCNTO9+7@U(5oqK%usx|Ci7pe7O=Rr`tY1uTh+JJeAvjoPQO=6_2@3jjP#0&yD} znVoW|wwwlI&Es2-xxfBfJEqfAvxh zdyKuuyXObL=rE>p-dFt2<2Xe_uj|R)IY9oW!^k_?*(%J@SpMtrbp3FNj?+Kfvm+3b zqvwJ31CZ57nD4cb=xFU3@**v1F8lRb-*I#GZ6}1wJa?nC@yk2|UqZtA%x}UzBIT)U z-k_BVj5Pu^(qbbj14<48EU(#En5Evl57;JZh!XpO3q2XcL=Ln4>UEBJzYBLeOR#&h zekL*JE}BCjo4o%?>S%*rzqZ=<2_e>_=zL{3d#a!t@+YY%Pqq?y5P|CSu57#!6XIKe zj))HpuTk^k8*p={X7pcvk136z2USH5RZ~H23Lz~oQ!Z(1P z{DI0EI%xDDQDSN2ouwNJGkEg0pdcp6yu2cs?wz|!HvPOVKO`)&tKt#stC<-W8cd-? z;SM%A3K!GpQH1X&Kuc@VgGC0CL1<9^?6f|;;^Z}Qh0`vc9oRQL@rU71>r1$mnnpS! zjJmuF`&MndW~1IS-EOm^o(K#dHaW2SZ>{C512S*zE-oon6kBUS{KkKTyZ`j`567YcxkXg-uo{AtmanH-&+1=VnWc@r1%XfQ^GxTC^KT5l~$B|B=tTJ zz7z*v!Nw!sJG}y{5`*677!RMlIzYJ@qt7jYCh-({M%tu2OWCLhK zQMG0>jf4yuoN-ask8^k<*1!;loqB{LKw~18kvpK$sDYc(mDb=yU!6 z6bb7`8Bdf*|KxXj>Nkx8S@dN4OS5>r5;BZuFw{fL{U6_O`4KPHRg;dgKkUdN>(#J< zGXyifLWQBbj$d4nRi!gWwE$W}VQvq3bKulmPM}MpFT@sApY=iaU@4H#qS*jm)%%9P zKBdQ(GQU1*m4>RSGW;5$gTnDb)q6A9=+gqcT4i3D?_r0+sm;F?Qj5jODG zFA|u4|H#9ycNH-hfN{g#+CEZ$x#*{}(i?>qh|58NO()u4<|?^O}^fB zF!0BW0^YFYnt=e?-gAE|+s}!NvPo`W1xxgLbE`ZqSV1q)S({&v8Jgc_a5qA3k1`EX zX@YVJrv-UkqZ)y1MS29GMsin zr!9!0GAMQ}3&6F)@!yjgrKLN>XffwESaY8;Bd25!C8w_K3;S=%pQS}vTW1svF{_2U z>HL0x)P?gEDB+j|*CH>{Ri6$fqy5~RgiIzq+`H4aw-uvb^`6gY*Tvq=M3bXv(0^j% z<=e(9m^AZof+b^mUw{pv$A~stS}wKHWLQwD^7o{ou1D{CCOqOcH19U($E6A=&PTiBEd1t-Hv2`h8%3=A&!?E}hCeub6@(niev5t4G9pW}A zb#6KPA%u!Gyyxh~B_@(PGTN#qcE@r+nC^)+IC0S@^`^y?**h z52XB;SK14$Ap6qZ{YFD3ubt_-?Mbq-!7?s>EDVHW&{&1G0-M+B7L9SVw_{aF*43zs1go z7YYnM`%F|Ry-Lm8baPOeXkPo==0!29b*-g%(XXC2^q44tvkhdXdN<9S&##{hub#_D zWWYXh7cDLCQ4y_%-g*CPLydZ@nc;_j=O;kHSRP1ySm99Q7GW_n$oaPn2HL!wb0g+4 zTd%~eL>g)4;{==W4UXlBd7dCx2HCCF;|G7>Kkd)i7%SrAahjG|Cp2J+6wjtbauf$& zF;(1pTAA!Oa@iCvXSR+-W~;i9ovpA1bfHcq+rt_R0(pm}N6X763hmEivo9Go?!C!# z-VQFNLxJL^pP3!5;7_{HJcJ{k|GFr1bFjD+-t1Y_sWn9XlIL>Gp>w2nwgYqR4CjmY z*8tlv3YNaZio$-M2%ZQTNIreFN8xb!CtxPF-x)JOCTVgcD?(r~_~viK%EnL z|3b|ELzt}~R%(U??$2%Z@<=#}Rf}Qs3P5rAv_JHco;H+FG2--wHu$s*ne^TtWwLyy z%CZHIY>T%3HQ_#4iqncmdMK-Dg@-`y#A&dsikD#?(4H~?)ZjF@5tA?21>Mm_Ii=UJAcBkWWotgo+~Rp#fZ8?%p1uVK*X)pdV?=}mspkXNzo-t!QWh0S7ETM*G(lgNipHz z?4r~CVPr^K`e)G(HG={SlAks{zBG+BY*?Ao%c4$&y>GwQA3L;@KXiX?T-dLAZR z)|kaI?>&P8ea7to+YX=hGn>52V??e>N!BIiXPK9!?f#(#%dlvOo*GHbUA^?t%+161 z3F3Px*S$1Zv0ERd7)4dtuf3=5PrW)^RRWZ|cc3PnFS~tsz8ZxO)&1^9qZ7t8N27-r zf}e(#@ja?9d$E_~_H1FiN1Cfj=<(Q6I>I%a2b^9EYa1(VJ}`@Ul$1$hqWq)<(~p`j=JqDj>t`N)}h=lU*Ih{wh%h=G1;s zN*DgFXH)5HVFr1n@~+F<{g%t3OJgpQX8tN2wJ(Z-bp^JeCHVK2&nP<2x=h@lwgYm3e|G`vp|E%xrev<6A&A;^v;cc#}E_)w3MmI z8y~ssW#iCuNK zUW;(mwkf~`r*gLBlk^__?Cm(t-}R-@KMOhO$YoaumyxBnKm0s!pZ)iWTdoP6y;wdt zvk=#3|GK>T`0@j6p16q>>Fc;4)P(x9AVkYB`wO#P$o6?5CMveR^^t=~xKW>w1xn?M zgur;Q!t+(CkU`^WrH^@AO>1724z3G1CpOq5Siz;?>D{~LrqL0RW5C$lz@Rs;3zw_k zx`qC>X<^Tlq0=MK{lpXRHR?i}-bb1H)+&bgWf^bdcx6n2n?We3dxv3>Vu zQt7@9{L6S2LR{(gBGj_T%dDpwW+Y_Hm|!y;w<~8B-m}>2pf$4^uNKb6!hYCPC-g4eY{iFF1(WA+ieGy|E=u~6g`OBS8#O{?FnIkD!<+MIy(h)t33;SsaHRAVWF%HCamv;gp3>%j>jRy_`yd8 zB~`yD9S{f!ZRmZ1Do33upQ(GViRie^Dw{j5`;EqR&^h~x#pGm$J}eGJR7x2{piZ#S zynQ-w^+MpHhY(yaXe9c5EHa862`-?+xEM#D=dIKv?kX~%Fb53?4^k5NhkiNCC3g8R zx^ZC{==t<2v(!@)J-=BeW$imGir@~%@L3AuuoFG;m7R|p$}CRa!mV4&#K`mT)Mvx= z9_weh@4?6t?`_h*cVa=MdwUZv6Q=;qCMCYmE9Ls=f=S-W-!;X`{v`;)F?ljM3D`pZ zVYyZvtZJyC_FHDpJC*@mYp3g~sx-AB$T$2-1RnVV;D+!?`fMim-f^mIa&r5J*ZzE% zFxT&&YV8#_NVK<0P*%I}43T@Tf*sW97)`Qpl;W>cod_;3x6>>$|W%i(GHl##Q@ z(R&e#ZVYr(TP;LrY?jay1|N)2Cv%D22)Oj)k)+T$sU8Ooha0M=*09+5S^W9k_q*65 z=$FUAD`HjTYFSq$IOCG&w!?4i+*g~4k{$~QBi0KAzBGwIbq+Z+JzRJKBc!}PwRjTG z+0nrKrahaIL60%aCfZ8z*rltPpje}_{Yy)>w9>a~LA~+PpWyuMUtm0~z@nMb`-5RFMqBf~xn^qAx~~uiUr*-TNt83n<)Bq-)Lr==wfPl`qkFVAOta|Mm8_-T z;xwm9p-gV^7wdDD@cCfj0GcednAE~rCSj31eZC9j0#sJZ_@dyrFsmn1<*9_@^cndN zDZ^jK2v4*e;`G_1LL2;AV`CDa8;5a%UG>pm_k2u*5gBkb5eU4f-l93|%I(vsS)q*a}-dGbfJNu6HtzQ;PA?x+iZ0@p#8^`#??O~A(w_$nJ5|rRQmijcpWio9i~tP z1g`Ecnl%CaSVGy-($cT(rNApBj4YRloi%7OOQ!i;L1K%FNxmZK@dzUg%%m{FEkQ|bjODlXU^atPpO02n`z01c-o@>;75DUEL3he$y=bchYCTdKI=%8kW%g%zYZNigzf}xFci@XH zl-#p#$D=B1hI`Fh_i3xaPo>sZu-+rfe#(NZZYIJui`G_t#J2p5v*!RErO_X~2QJgR z#H^=dO?7OZtww;qloet`wRnJe7A$GQx<~lp?V3{hxVt2@n|;e$n&dIkd?sh z4XUrqh}+tJX5Ey(bl_Pg^+QY&=fgkdC&-rCkVaKwQ0%tiZYF=H=q5!N^l| zh`SStJ8s4wwYgNV>R><|+|HgOasK{fd%N**r}D^ZV-l7WpThd;IMiws-uypy0lBzQ{;Zi^Jn-T5pE2&-&WJ?F8~n zvsw!mWd7})M>dv2@?;=E5BF5;sj(d`r>CP>6TsWL_rYMBX9AW{(&QvBC1AUrdeZOL-ex?7G@H(ppbE` z!7C|gH;K!>QxZzgyvox@)6^L~cd3S_70g@nqkb!x5*g~UQ9AF@a5oZVfAsT8U|E*) z^(iZuz=kKo6`F$dr9ui@LK|)WpIz6J)eKb~1)?a2_`5`F&Hab;r5C@oMp!Q4evr zgJ(xj{wJiTm~;LcLldL?bEhjd!-@pC@q;hN#%S$P;ddt;JB?eVQ7JE16c-EXcAuWw zNxhYz)fla`?$tk!k_c;v-yA<_l$JPT2#JasC&($(&aXvf{aNqyczdR{1KyW}1su&g zE$3DSgCH=u{7I{yNT=1cV!9dBP%b5Ci!J4OM?$T`r`K6+Q0ySpI}AzCP{hs3d3q7> z+w&X;WD(oIO!eu@afP&KPL_YSd<-LXcsrlpJ_dD$sK|C&L)ym=?sDWFb`{YL&TZ0E zscNt!%A-$^-?PdNa9qmx$<4|(;-Wmc!f@X-ZidfnB9~kj1B;L%7CLc#9N8yfvQ}qW zNQ{ll7wKyA;gr83>ry(Pc-Cqz>&V_P{#x2eZoFuq*AYC9O5}ArA~f)uO-$l|C&=8?{gWs?5$3-5MxySq z^4<`t?O+f6HSt=i;fHT@z0*&(p2t%yehE?LEzJ&;SFay-ZfPLfDKaI))EP@WC`MvJ z6Roo?6V=1G%!%?R`Elc}I#fK(@j-IzFTz8k zf>cK$|AthF+5N|XP^b5(myjvyycZIjq&%{G^u*_0D4zWc8={HMW1q;Sw$OATD&E%j z)|j2O&d-~?qW6Bh!+#aH5H{*yjkQj#r&0SJBj&~7rZq;z@7HxCp9{+UzA5(kuzeaa z=(=zhsjxIRMY__f-4t_U?wLr7*))>!3xQEd#Gi$b3Yd}PQX!qRwM(=NzbW#7VzRPg zwj!(jHeWn=@E}i5+SQf|5tSsuq18Slv0wkoSBfLW!7$uj^R`A~EaJy0ujV54dEw7w z{xeSpMmdd2i=H=xBFcfQpS5qJR-j5S!r#x^#?VL`w5RZ5p`m*AQ)gp@A1!+vv~KiJ zKCQY1VO2p{!3vaAs3v{;%qbWQ{SsTiMpO3E3nBM3hKr-8P5CFF$F^XYL~? zI+`{{Zi)V8z`Tn({L^zA}FGjR!JkHjPfkc|*mj zT;_M(D+jESHVK>BTxnm`rW{?hJ_=PGBhRNg#lD$%&Jqb}~AKBo17#?li*72#blry9x&%O#1H z{Wl~F=djiTy+s8dLU6*&eoyW)BJ|khNgw9P z%{eQP=!g1t{zeIvbcbi_*2On8cZS)d7YNSiHwzgJQ}s#d8qIS-452QZe8V=f4`w?Y zR-3{cqQ5@fI|v(53I5@}Bdk7tm9RO3TrGnOWNS~6rwOwaDy!)mA)}M(H2m{ZOh_6) z@r6buAGazF`o8Oa;IO_|`9iT?SW-&L>}xj7zFXS#BOx!)p*L0^_51h3v#qsX1&Pi| z5f#gS@VcRyDnLKa)oT18|E*bRX`$M)M>b|j-Kp%pGJptEPmvQQBtLX&t< zE<&4zs36qIW}fCbpoMNzy0KVLg!;88UWwDSH-sHCI71B(akKK%GU(CySuLtFjXA(lUwTkiaoA5yNlH=`jHB@%VJ;GVxwET2~edx83mhwsWDib2UHE@#*9)FsW%x!_Nh z?yg0qEP*6RWN(*-j76P?%&=xLCz`<(b~X&ybX7~eC=o(FS)xPm)QI;1@4m+B$AbzYD=6zY0_n@4X^!tYa|VRSW9cVBq-D><$fRJQF+scam-!yN_#8quY#aEzB7_Lyq=ffLKjNAnN<=CBz z0pt3Rq4#f%Sbbnx=UmN)a75f)1Z`-z~#i}lZ7zV_wA3nR67g#+xWS^jPjl< zU3zm+py?T05+@_uNOcLW<>C|^t;dji&xUI0&MWx5UYl5FD^rAjYj8Y~#OcMAsTXCl zj|kt@RloJVW(Ko?isa!AJ%T$s-p7ZXA-&>(950^n&q-=A zPh{-HP253(*Qx2Bl^i;(F^hBse9rhPK#vDQW6HtXI$a>vKWj>czTB2mX8C?i-9Iq; zv-_vl)iw8E^=*qJ`qY7Jj)_jOY34LiS@u(1T_b~;bBMQG@gr-gh)d&&WL*a-LE|w3 z&rN~QZ!q7K_kpX|u2bpvg_5cvY&-vY>6AY1r>~25*HKj$OK7dVQmmqR(RU!6wMJe0 z{o#?hxj^!@!#=w5TdB^kpd_{Ld|A2)C%_|SPWfU@(Be%G4*S0bt-Hh@z_tl1(`4N&D!nm zL?MA&40lphBui;~nozH-qJkYPyoiI^>D?J3NAnpcw+Q<83<2W6U{sK>guWcxrI^|! z97j%sBj699f83)HIw>VuJ?TbMlMN zltc@51O|5=*R@C-Rh(ENZvrufqo*y_p@&c6ijU-PnFmSx3~mYMx$3;0ct`S1gK{~8 zGiTDTDD4X@uuTXF( zpiXaC5tCfWN4Wdt^M57w(KFo}Pf~PAR*&P(N0;3Rr=*?a=eio-_>-(v@=3plm$=JX zGALU8-fQu3WNyok)Rcy%Iipmtlgfv3#?#f0@f~H=8b{_NaI($ym4= zYrTJD2Fb}>5Z>>k=z2ES9to|;!*Jw1_;3|7^4ES+k}@u?xbIh6XY>C0DM{lx*SV^c zLpu3q_fe`mlVeqNQk-uN^*#RVd>uIk7{+b!5l2nH!{@ow{$M=9T{m)F`v&21JYlTS zp-0oHpN4E5OSHK9&7t*G`U5AwaUPLiQM}6$#^_?(yq5+{NN13Y>`cR^l{L9f>4sR+ zrjg!iQ0>wt(02)|c~8KoK9)vH#5XJhIpE;VPdF7-yN)7Ar>UeQ3i-H$pP{XUSqQ$b$Nn?3Wgv)uyoJCMcsmTDomkaVz^>qa~<6gT>>4G&apL{JW zuG0`U;PWStrn1szdT6b4N$*85T{ttMId}X;+~cnWnpbHF(v6?vTpL8FHmE;t(9|Rh z)*V-87v}8}>eBZgjj@?0?!1hp^1(yB7*G-(iS^aLkj7PV(FGy#WnhGjmOD%@uj6|D zxlFhv-cKUA1EigE^*?#EZT?ZRlp6$>q|6@dgZ>{#-GTHVunjKwalA7Ry}lcW*w!~g z>|uYMwzIFQs=D?AA}=+*K|xvR2WUWJZp-n(K^t=2*fXd7oc(Ds9-eV49T@1z*hZ6= z59gW}a2Y4zE42=G-+t;n`Y^3lIzt#SY3&mq%aecv6g)m zu2aY*2YvAjkydX|*2bTe_%Z?8qR3)csMjZh;5xnJf@wY(%7 zx0|G&=iSdY<+qEzCcb?O^GpeUHvWE$)e?TFwto9VM9wt6(a9~hLXXDGhK=P%n*HgM zr9-ZGaC9~}T|RR;PVIz;;j)Ak#?e`)p7eqqQX*c_exk93jadKlF;MVg0_t4oRWk3G znVJ7O8{zy3om?Kz>`qpBh=2%W#4W1Y)Z80i_`}k~di$eh0pRXN4&h8c%dPg*2vvx= zIozVDhd;|br~;v+KwVD%alSiJH)#K2Z!Cv0$=?0?78Jhr<1?N2$sheLYb{ZhOj^C< zW0?W>M-1J^J{q$-T#NCotTjV?RYRX%?z#rb-^{iITf@FTZ#zHQ`|(!`KO6=vVXXg*!(zVbnUYjm8&-Lm72pd}JAzAb#qB&H5_`+>hZl@8P=6zoTkRR75QI$vhvcKFP2;#BXUR5A;{Ikge17H%TOCy#wCpMdI zt}6;+=dk!LnB}HBiHH+6aDz$)D;dK1`}_Nc^EBmAfhrsj8lchGuko)4?_d2}=lJy^ zzHjdbqkr;mX>?Y|Tb7C-cozmJcCCIeYQ8D_kq_D>oCt>sRZ2-fR{No`v54(tHG+Ak z;+Hh&`YY&^g;)L$T$P8_?oa2sGkTZ3qRdH# zPby|$HyV;px{YUmCtUY$_Tl`0<)#7XOHd_~Q$zeL6Dsl=*V3{Yt2`4Zf#5~l-LW(% zw@6K;r5v52!}PKMm)#suN}a8EKKk|oXpT|e<_6s#jhi@23}~1BPbn#>7HXXdBO>SX zT4w64IkU5~pZZQluT8Z;J|nIba~V=mo!5cEf#_OrN^zg}qit~yWA^O8IW^DTurbHmA&E5&G#o|uK}m!L=cxaNjAK}Is&$STiJq0uBk4kpGUdK_ z=3LfhFKy^DfGWjR-`Me~_tAQAm$D#eo>J>TE=+u+mRM0$C0%Pf#brCFRkl6+e<7x$ z*FdY+=~A@3)ukd84r}~1fiz*v3~e3iJ_P=LI!l)qC%b*CmuG1shT4F2_&e(V1^ni4 zZq`+k-PcVgI~4rQBxGgbPK`=3|gW1%60>S>$FA#D}o0~;Ifp4z#e_ZopK3xA7v_Kz7Nk!#!eCc(@ z&(ALrqSu6x{Z3d^V@w zL#BkYACLM5WrZS+cV?mio%{_{ttPRi#{IaAUs{_jp%WAoT%J_?n*lh6I!3?am`g>* zx8(45MKSr9)5zPqNKxIcOaj_7n{1$>xU&p!jx?BE zTO}@&)AcL@377Y4pp+X*5`=e)N4Lj5fP5A_799Y>job4?LFGMOr1XE9^fYqkm`FF-By5A+=reEh2{ zO+w=TK*8caF`ECvctZcjD<1uLzUG?I^j*$0J(ozv{G*1k;=j}|x}4j-k@s+b=1=Q9 z0zxs`oC=e1A6qukr}m%?oVH@2i;cSKycblV3et_<#Rq|Cjgr zAN=wE|8Mqxd9VNR=l_5G?~V`kW#1?DePg~*k*zUO4FXr@yBVT7V6I;y_tF2*@0_=8 z7yq2-h*soF_lsjIpsZ?q3$FZ!BfNZt|vlT7LJjve}YsMF64Sh`~4$JzfV?A6V9x zY<>`pAUuHnSB>cK%W$yq$X3_^Z9)&;buB2L{KmkWJp<H;j=o9$b>2hS?jJ#l06UlX+;t12;d zuhTjGAr~%*BZ~c1>Iho>Wy&?vh3sD+lblDlU-jhKL^71c-ayCd!t;fD%%IQY`t!^L zH7ltOG)?y8Gonj7gHEuSJx%u`zFhMjf)5mTzx^+96Mqew_JTf|E zXV?5UYDB^yf}MH>FGfqY@bQjCH)JXDKmDs*w@b$wl{au~A_O-(?Z2RJzGrS~WBS_2 zt%QBeMu6}krbI7Wek(6~X~O-Dcn;9_Q|7oX`eDmjy`_L5&&~BYg#cAc(%6gc#??xs z!DNO~XIs*Q&lqj&f23&%-i54r;*|FXpmP@w!$j>t2a06=65ow7MDS^ARqL_!!jhkbTSLHem2P> zsS;OX%dPI5!s@!%lr_FQphR|vH)L1>z7NQu_B5}#A=UUl0do^DGXmPdKN>x@@<5}< z(Roz+S=F!C816TOZ&$B}yY1{>u11-jhfk#uAJd@o0+i&{fLhH1I1roG9nu z88}bg#HMsU`Ci@|v=0g-~=`yKx< zc*mKqJ%-+sT)$e#`}AD(zspD&SlciB|c5pUp(R+XVPaJoN`>Se@46O85FX{OYl=n zsAXdOAb>-KBh%FWurPyof-Km4N7%tvKnwm2K*X=(Xq!cOJLdcE>8c;~6{dXp|hJ zM3TR60AW+y=L^0@PUKyPLt<<1ztmeI%QO(Bx|K|_m(818-*sq+N^3*OQerr&NS!s7 zT-Zueu_e<}xrRyqoSk%Ky#uDZxs6%=DpU9|Z|uMYq3jQdrz@Z+$<*?rV$_*=48%!% z%K|9C4?;uz0{2Ru#3nweJZ@;-W9xhX^36u1H@ivq69%aa@^{5Z^g#u|aA702|C6-{ z;B2;x}+`DdiGk%FLQo-zq@5(TI}m_ zA~x)jj07M91^@YP<{1R8hS22$NF?gHES>rC_ZZw#uZY9zD8v%~cYfM|zs1c3;@x>V zIbj60>H`y$QBoX3d4uQIm$@G<)A7iTMIpE^egJ3I+e*kDw1r=g-36h4V_?*5SdKl= zxF`-iWeqOzLFa@EkPLO>HAGbX`ch+ZS!BBu>cItCLu6R#?&TpCuBt2T;OROnP3hgeMQlirn;H@4U5je< za5U}kPG8iiiH3_$O{TnsEs2t%b5M!bw_LpkGPVj;=9B06r$_N*?|3T)hbq?}MMrf- z!&;v!wH5dB8@^{_A0k(}YR{ zfvf)b`IHCCL)crmDoSUGz!P$j@Y=D_AAPv}Hg7>Dn#yL;LrYtC;;0Kt$L$+0L%r*s z5%d9-*$-5f{}jPZ6spBO9+N_3WSvEmKd4f{YLVfeP>`9Yi-PyIIWqHY1%d&S#TO~e zuKkHmj<(O1qJdmL<}0G2L^Kzc0;Z6~aTH_fXkXz=A>y;C&#lIy4=^R8Yf=v63lt|- z1+e?VjFbW3q=M4ucT;2cZhSRf010^tBJMrQ=2hPR6%6jX2c<9z@!ZfNmMeM#O2koU zkM^-z0wo-nhJVN%W`hoT3I7+A=De8ele&!30cCaOx^5bhu^`CvhUtvWZ@PaTvD{Bp3~y_CIRyZ2qQYfc>+kQ5;l z#F@CK*j^F31h6a`t>eB7u9nFCn^)$$=Ck8TmC|6S@W<=cS_|e25|qDU)Cw;+ ze|5f~Jk3PrC~z&bWPt)vvsa@ZW>RBxCb((M<5$=@sT<}zl2>}bQET|{OL?CAt6hAC zZNw7nbs*3#fBU7&9Nw~e{U~7u*LpXWDQ#Yc#f01_$(iHZ+~;8q$;^iwTj!iI1H_k+ zc4{WFHMYV+!o+)5v~>5dDP;~NO^-6)uC=%d+J0dQKzYV?4)s8jLL=Y*`^eSSe@eG3W~JJz+cc3U)RMv6N7* zSeAHRtbCt1V(t+8q731a$5mZRk^xD?Q=nj-y8ug^QO|w(HxE6-T+RcuH}?8kKUA(WaS0Wa?I#EKq-%ZLs>dPEkbKI>hsA7P+-!V!eSqS}0)sS(L=sYadA3+a zVNBqNbNlKQ{9~aAk!a+>a>V2XMQtH(pfww?!Rzq?tt{(c2rDlU9iMbvvFkRqJp0(e z2){4sSV!?&6KOQ)v`IDu=jMJ%BWX}?}&??s* zyYw&Ns zFp%L-E){p$eyYccb~h9X-`G^#z3|J>^Ro;f>Tod~%m|pg(SEwJ1D$kY!(HYs#lLDW zporj_HB(aPk7EpJGCrZRf0x;%hB5h(IMYRu3H5whE6RG@KLCmH)6$4>z@pnCep;op zmUEHGasa!eN$CO!?ry(1%e_}+74Gk=rUj9X_5S>{Q1*`gxv!wLheEsNhU*1C6(}U- zntfD1`O?+`B|Q?NLKYxsov@5!N`00dxp6h!9KAFwQN!vnIJyp7T%@RDxF#-93 zj<;0rUN{FO)qIT1%w)c({aO7r{XMjN;V+AA!W{L75C!ZYqH*`^_=IY)ijsSQYM1`4 zWJh1MOOKF@L2XDnj9XDc;Wpe>t`>C!5cyBT#us2_GC1ei5D$CDKlf-ecc$cuhCQPLyZ43RHXc)VPOgwnn#=FezJzmwL(#Q@%7!i*(TTM19vftiwf5$QDv{q*F zAh@gVwbTI{^WnToHrUqgUBJn0AsFWC$^nN!jjvcv&IU#C=mr>X0wvKk=ySYo=7RBh z&whX2=VRty3*@Kix7d)t#qwk-rQkM{JNK84Vc&Zt8e7@xVN&Q@`z~~K^Wt&jTQj1)cguUsAQzD=-HP*Y(hAKb6b34_ch;H$i=6fg&ClkuPau*nupMabX5B z8)q#VOo{S4UHhN>pUOE68s&&>R(6Z~(_$pX$KP$m$O_wUaRW=4&r9x)8?1vE=7Gh} zoR}mK$D*RxDAn)gNoMTILP{(7RU*FXS zI+E_P@4Fa|Qe~jN;0EBGy5tUlmI`9EMmx{Fwx!|nV!}%?^9r~@ChAax9sE5P>u6@# zwj+RHKQss|klggr;J=|XGVkgjpQ?J5x1ZuvJtCx;T6^VM%PkS~hRVdw#S=CIU42SD?Iwqk&Gq5 z<*U?Lszg~wTGIWP!OlCNbZNs^;je>!yw~mh^GbsNNDB~R`P60VW zn?|2D%d0Rz7MK5e&ntM}Y{A6xb;ieOXsK&=>%B7pfnVa7pXp)trv!7ilG? z#EFNT{40`4)8pP`$~W&CoGx^624>N}g8qq0-l5HUUOflja2$g_gA8Q#PfjGQG@3~+ zET4<(quQC#`6#U00F>$jk!8XXOKz^IuFI7EQV@jNI8ia~BhVA-l5bSM*q@O*rT5=YEzaDOIt+Qnc)hkZHCr zD=u=f$%%5%2pV(Y+W8Y)r>EZpEq!3=`)%pC%BJyDp9Pa@F<3&*Ex#Wc8G9Gu_6KG4 zdclnNYCD2`mvxlQW~uj*6Co#_L~d~tX})_jl(Ks|zctdR z>+h?+q3&bFqiWj)A;c+At&n|Ag9yz5;lgb7D6jt!Kpg32 zl}@v@4T&#jRWB4P!9llTDf*6qd-Q8%m2cn@#LN~E|M6|Q%E3F&^}w2XW$UQ3!zZgU zs7~hRkE$r{My44#rfntfi=!hhkIQw^QXa+GOSkIY0LEVb5O(9Rm0{r_PZLj)>-jmq z=a94}x6>UmITfTrhd7SlGgBTZYtcMp= zS|%1=zww41zs~N=ogAI#y>rJQ4oO(J`o%VXqxUvH4Gm39N(%AO&TyLd;c0wCgi$0e zM8s>S1Wdf%JD~-@v#k(A1A!jTQRT zv5w}*E|Jtd$s}KPGxF{d(X~L#fMv+A%|h>;{SN)csEfqSqlW#N*#qz!&aW@~-@*NgIDWyWQ1lIi!B$YSJRvT*@d+GYicEb@8+ z-wbVFsQ$%+dasNbb|Bk0*v|@eBF|!BJlc=ZgF7XDcgPani?%`g`LLX?_dhS#%W=Qb zQIQ&#w|*bTh{)!9R^7^7@?Cb9pto>#!Ner&B<`H zpeATEj7X^w(CIb`oNQ-qTu+ji8I%gmTSlVw3CG>u@Vq%PpoV6m5rXKf_ghH}@_NQP z#Y3J%i*%_~^9UH^&qmzkk&wmwb489+cZ7 zry@J!W6@YQ9xz;yQo-eV&)3Rdr!}-S?f2m2(2bI=q*nQN3i|UtKQy8 zT%GO}7>oJFc2>(->RTr^E_BAq>;Y zO(Ph1*ITCZEy)fU_uY!nR6DWX2|K%%hy&+Ve;6M?s9_Si5O_UTZ?;3Zbt5`EF z&U3(GVt`!Elz2hgTP-AJ=&d`0Y%0P^e<)SVA+4>Q0HZ3f6s`g>vA(;yB*f?S^2t2+ zB^w=7i8mAT4aomy{qq4cYf_5@ zV;oA&AAXFnDvK~$j1nCav9>!xdN|8f$a{8#==SCNn*N_bDS&Eh>v^OC%_$rqN(i*D zDHdZBDCMGNl^rQxbg;o0?H}Tq_%++jpqsO7LAJ&}s&*r6s1%cf9Ph&%oB z(2pB`R(Z62%`Hz{Ox2+&{$H&dla^}Fu{eqnW_RwrV}&!|px&|}k>j9!gMt_!tcquE zrXpf@&z#AMDVzeR)QX-_R$t{SzFn8rSoDzqXFgF}-o3w2*VGdB9e)5Gn##7`d>Av(`5! zm#>)Gq$Og&~i`zs6)Ekm@N?En>Ahv zj{S^VgmOV{oL|1<6=0EMdaI3x%GE>0GzY{5WX%rCS~s6w!1o@RQtRt(ki|P$?b6@% zgqS9>MKfbKN@b5*Eq@144)wlV@_3YXyp}%nc{|D~K4vmGromI+-mz)b>iW9`*E<~*gjSDV!hxLibF5+lr7`$dGjEk%#Uv14vRRzm6~!l?I%Nen6Po_ zQNYZ0n)+RJm;J$yu6b;`@oZ1>V|p^+ZGo=_OYa+Kd&nqF9RfSN>>$ z{eo-r`AP~EN2=2rR$oriPLhul5fSvFU8~P%o7DvHQBVLB=6_%Wbt+1 zbcc}^45tZ?fk36L@1-w7K`58xd&!f51(U7LeC49I5!=fiWMpI~b9X{5cYajRR|;iL zIX!gstKcQM8*uyCR@hvx4j~hGZffwyk5Bo^H_2jqV_~4Vr9@LltF>*uYO4Wl>#=5` zo99s}+b)p2m?lR$aeh>l-(E5iLK&l-E}2 zMjx-aPbTwW!qmIuGB2ywL#4Oy6uDCZq6la(>eP7xpGH8RPzRTqE z9^m`=_+XoiHD?M#t(iA^W76O)V{+cP?sou|jm<>Y)kb>aF-fkATaY>A!1mUTn^_e}I?Dbul~UJ7X}3*kHW97L%kaT9e&*>c>| z!?Isl(eB$@D2(B77|-h^Sq=e-|t6DZMH-?L@kesKIM zP3Pd76aP!sH-SA8(HJm8?>C-o7}HLf8#QPklXd5SO+HZolo=CDL$?LLbh2Y(rhhhU zN<@y2Tg7W62@h{NvF*s--rmwl7smq{2l>5G8NnH;9l4Ls^p`c@scE@o-ZjN^?Ji5p z(Eh7!$Q{TlDmZxZ^=j_KcbYIa6L=;-M-x7QvEiK+H<)c^Y8c;t8{@#^6t zW#f%Jo2Y@|R@LpzLO!rDn9h6M9P!qczf<83IDKs6|HuVd<9?S)_BF4A@rf>gEyW2r z*1&n=buocd)ME`({h0DNaY^T!%xKfc~n zq$|$$Omkl+e-p)wZ*eD1(?UxHr{XnQREuoNyLyUiKM5H&s^{=iymJk~v8YIm>eCbhnNyeB4oLa(S` zc>nQO_1b}a^5RH@HG*gI@-n@d7*c66L0Zh+iVevWa}!XBU)B^0>Ow7IXbVD~@~AJ@ zkGW&9&AKzj`o)Sho&Q+#TZ2=~j&`Z2gkJIT#85$I{5!Yn7kSSl%YiL>*1a|aQCjrV zmIK)Ku4MjR{gm9SkI{lfI4P>*7whj3h|H^Kr}7;k_*~avw%@!WXAkmOftbEOxD&zX}C;~b?FZqk$P#> zJ1rlB&3Gz~BJtE~2k?hk?01J{7@F#Nwa2aO<#v!hC?UWKBc?NCM{=Y#RZDYVq7!odv+(0?A5P#5Dwd(fXFGlmk& zbZ@+|xUBjo9Ffw833MFyw|MlYj5fEHy=fl^$dW|LNW(R9!3d`z7-Z-OZh#o6M>O6J(bo>FCXZJI~TcqN0!-|eW z5Kpl?50U2spix*kT6h-uJ0VSJ+Q{UjwJ*j7sgWqMbU({HwRpx;PomfiGa#S@m2%u28Fn~#M_M~eHp5Vkhb z)KYx|Y%{E4$IN*mjz?S)!sc(Nq!f{i=VcnYYfR1pIJZ z-c2{tA<%%QOra7O=9Md=dz?QAYdhFtPscE6wLFkGMRGY0352}e#UV&?fu|Ir7cF#o zS=o>9e5oEp5E10O2xHfp@o03!i@9QSnU)3ieY&m?BQ#E5q$1B?CHjfk0>p^;6KBo& zj8youOXo?i-%0IjEKIf!GgY_s$3_!pNJU)opVGYa4d1jjQ5zc4j8FC@Nz8Vpwi;vv zDq|KFDLq$BKlwCo2?t)Zbdt$u@P8qZEEYw&tUCK#pC1(qrS0gCXG>=-xBSxdj_d>s zUIdR2*fF3UTrh=YEFL^2$#4i4ht*4s)Xf_?Yu$1P9Jtl~R?6M%JMpsdA)g<9UnZuI z`w>I>n>bxsq)K_Fv(dhJ_dz#HT3VM^`}CER<+~H|7MM(&Fj-buK z_8jXQlf@An`z`OqBe!!ATnmRSp0hdt@6cP7B|BXY<=3ejP z{Op`5pW%#?*A*Jj{>?RE_E&rP@G1uR)CTHc^{xiyDG5VSkiMyu{W>D)cPzi}ewJ=a zdyS{XuGiDsp_aJ7y4twbA0ekEkt8hZ1qaBV95qMbOJR^@S#kni((n>OYn$ioT_OK0yhX_-^fx zce&h{QlEd(=HsyZ{oJG5-NY}R)<0-YSHrk?Ij&KLr*TJBNX(Z*_GDxEZPk%%C1rJJ z@IbB`vOQX-es%rg$j0|osDPUR@DtWT(#9&<*`Y{1M+|)!ZYr?Sbzj3MDo|Tc)kEX_D4j3DXwOGd+ zGrmVBC7rfw8!CN1x3Vv5GK~0`XX{HsL0WKhH9Gp-`gp8&dC^enAjRq>&^N*Buo3|t zRR{^=Ce1sW{jQ~3>gu`49lS1!~`^?3XilfTBSTcyjJvp@R*NPRY$qqh{&f$?c zB|XapMKRARg(q4{!i=1>44475k!*iQaOqH5PD71N8d&-(e zlJ*&<(UxDkN_W$edLs07qq0myCDUjld-JIC{@C%rC_H2KOjvxDkcXAIGXDJL>&Bx7 z-{m2TK2|cRbtJIk?P>i0Dlzx9`k9--ChQ^7Vr~ekMch`$Zj|Z`fy=%akqe=9a6R>_ zU@pD7dBd`YcrJ>nJRCmH1iwA<(P$|k`XieIM-HUQ<^AzE(HLIiemX`iWu}_W7}Nvh zozD9kcZR^XiUFPIiV;{qY-_#O144n{*ULFNY<`Ubz?b|bn~X5t*?A->k-(UyEh3U> zxP-bsy{vM4Q44tibyaP=RkM1dJ~sU+v6v5caKN2QrQysqTA5OVr*hNElH6`}J>n&` zeAE)BeFja9sFtezFS9TVZq@3~KjKzgU5#VT4yvBb(C!80^H3w-_Zh#LjI2r8-Rm@& zF=Uz%1%ec!3}xN>(Ajt<>oS@@pcSldpsVKpk)wY{x-7kC#NZbyY}hK7-+sPP!F-p= zCfbte7{%3ESh8Xs`jY?!rJZ6OG%w8ShcsgaFV}|)*yJzlT%L>M=JZCsOwleabY4>= z2TbZ-({t!G8k*t4krg@26}@%S4L-Q=nHEx@^va6Z%g1Y{889+^d04lLU*oMuM`2@= z{CiKp_3G3}zs-p-;t5~!>F%6lWMqR0>SC3ghxKIk$8!&DZAS1U*4UExZLS|0x_ZV! zi{<46OGB$Fiu9_v@g+A6Ut^bY0(BS~d8$!%nYG@$>6w2T!WszAP?ZafRdsHbGBE*! z*x<(+`vTojoyP)e$Wu{ry_Y#wxZT(Gx@<2Z`l%h3n_cZq1Y$&;x9$Bge;9ekOZYH( zhY$b`{mt=JDy@qY?A$8e{FP5Bw*2-*RAY>r9IbEn=x1JJ8NMIEUi{$2Ok)ryyfy5; z{B9s*)=BtoxTRQ7t-V7BC*BeL)k-l?OlHbqts4v-Xv#gqhbSgOJlD9xD0%l6l@dSp z9vsK)TyH^L$*D5b)$eD!WFPRz-!lCkNmmvBqTVO6%1$w?IpK~47=pGea;Y(fg_|uD zY$88~wHJzfna(X1GRiQ4-rvD7i6TbrUjqWi5?{tt`}lf68-RuKfr*73cna`Ct+Rg} z=>n)6`#sJY%HbQpu#THOYbk2HnGHPS;gl`q4!Zs9e% zBZgiS=t4Iu^g|Ufl{5f0K9CXq8Qi$vb1-sLSil<-&^&8brXbzXIDs(40G`FVUU7tN z&-L=7OCqe%WQ~<$QwVPafSXvWnKD}ImjfE)g(Wz;Ds!R4CWARM)+&$099C%24=r-v zli)5J*(#blAWk=iew%ps>Zv4aw&m_wWN-Z_)h(SeHDqcUxMo7W8VmNj>WAeWn%dXF zrkjlO`26)+awS>Ht;ys0 z&&5mLgU!p~7*IpBB#f~P`KwwFLW7o)%9)AU%p{-CFySV)p!zrp1kEpH0=5KCiS8(i z!rTe=3hu$KLP4s#eEzfXlQk*Ums7Oeufv z*U1UqO>(^39x_Qbobu11pX@;Fo$(;$l=W>fRIC_;7YhKqEANwVWnrKh$q1jaEMk>$$_J2d@Ix=}O1iSdXB&0n+PC_mk zci~1kF{gdMqW&(<+i^=d72#Y2Y5f)AStk4SCZ#qtG!wscZ!y?wE5bs7?#sj%MKWQ* zX@eMsGr);T&#NbKQ7jk2j~@I^PSTrjJxgR{T}-6$`mlW8g^f~a`JFtdeQ?53{Xy`I z+q-@-);Wqfk_YR0G_iI5*x&DtDY0>)D!cFlmar$d+^@$Ru;GX}tAV9R>$V7QUZse` zAiVHs_F=E$!8MI@qw$!l3b)#+C>@sZHraXs1SWWyVMqkzXjTn_qUAHp<;NJG8#Jjg zLV`-+oRx6bgacDi3jOg_J5<-h*V&S@?T?mQ?Bl66S1RK#;|E*Qy+;Ht_6T3Db{J3F z3^81}h9sPZm8JV!8(*(vJlQ&)=hk7khl+BvUHX`lub3S+wgx#r@NTrms&uo`s0r5v zB%Ng%)0!)?ImIOVvR~5_93aMH_8l-)EU2sdqbT#<-)%4Lld~yi=R$~Zysdn2QdtKH zUYeCe2ofh@h}NYu#Q`$OJ=To&e#{Q3p11G!A*QYHsf*U-u-#E2h`O+h z$!4?EMxse9<`EG;b(iJN!|swRLpyT-&0dIl@aUP<-P#jjR}TG&Ya=J#)JWxWT1Kat zU+`<*uK|}Ffb0RBfeqSGPAsr^T@m$G4_(M!vo9RhI>W!8*Nx55G+C$dke$nZa9V}j z(pe#3N0p!(1^W-{WPC<*J{mm|7?Y5|XE$H{o|5t;Bf81ym?TZeCvv97P8uL)vwTZq z)a1qUFMX^;@U~Vp?kD);f%EyGBULGTAqP!WN7-?^3m1L1BG z3?5c{LWW${Qq3Em79A2C?IpEijcjG(wz&6wlBl;Qhm?ifoM%n&-9Rs`#V%29_--`? zJj2IVB@o7QRMCwZ_vMExKG9SVY>a{IJpKEcTk}+cmQ%um57hUq4~mFDy@6QVB1?J8 z?yp^V$1)GO9t;Ig(_Co$Nl;J}%59+5=b7XOvv>f>U_$>Q^#8yN$9qIO~eNsP9Jm__}mY#+%(? zu@)lY(jt1D>=dDk@t9t?9nF)~GCB^!I7RFFWn>a-b;uVcrvXy4R$ zi;x~W*KX4KK--xstGr1tWI%E2wE3R>#)Z84nJxu2rf&m_#AhN(h!GP52dw$+X<{J{17k#~V1 zU3lY@7^=0uU5`7Iy(rz?CT^3^HW=v-PLWp3IKXqKk%He$omQUIwL_r7JSUI+$8Toc ztB3j*?pxb8xytIpFdt4o#k%X*t(j|9@@YBz!^*wq>IQfh!W(&8pmlZJYiu z#ym5FE;1>H%SJi{u&gb&J6)xCCFn--Gma<)SJ-lSo6Bo4Yp zF&xgS*WP>GNjuH&{bJ+#7B=vWV54e+ZM|@1!6CI&uPrudVTUZ6d2wgk^Sv-&>|D!q zmiZD`m@|p28AWF7EqC6>58t^&^)^A10LHx7EMQ@|kj>gf@oc@eW;{Js)7clrSpHsW zgC<8;knYj)xc)F=(bNZ(nSkD%e@BFfF8L?b&F6t2cqAN%ob8`hE=h#sfyR-? zD%aScJ(^+bLoUr}oZyv})$k3@!vjWT@{J2W6z5ow!8j8p|1qZ>&w1rJY^r~e6eK(C zj??PfI&3odv|f|S0*GAI0=KXTEZ3aGD(dlSDoMIy|AFM9jIK4iC$Nmyhs>qg1plPF>#Nq{C`Dg#8th!qw$upJ&-R zLENXTnl}pSKX1Mrj4dN0jYJ2fHDhB^#^ygpDqi{R6v=Pv_9`-X^42$`VRAb4jIaD8 zx-2UQQ)GNPQa-S~*vOrW_&bWem-fu~_^Vd7D!1Y;YdEiqD*zu4&3 ze;hKQxOfp%0F1T5#^{(0#hW~4+Y|iEAT5Xj4>xTgj84%7!K$z`qpe*r=mwmitD@w( zp|@8&Bg_;ndCeilL%nUPhHUbCI-@N%5$bYYfboMT7xhNYf||`y^}ZR6G=2%@9LksX z!6{zN^{=M-;U1YuI(m65-<1Iy_NN{1ln@B6aTee>FQ7hAvF_?ikth6}@b*k84FZ8AyUKqjq3Sw#~1@J1ZDd_*+ZL8X|$mx2Oai*8{D33)Y`I`Ms z`V_j@P?j*9x4s2fv%Y)Hf)f3>m{ zMs%3`>+rj3kq&V|)yRQ~_Jox^|1th=8*5nlXgRZVKsiwnha)!^K)qNkF&=(fk^Hxw`B=r2pREKF0bQG+nlNr zGfnB|GVV|JL3PXZ#l|89uWgsSqJl!!_GAeXy!r%6CTu=wqnQI9Q!l=@pAOZ^)|_YN zXh~dMC|r0CL)i+N;N#PpL#aKPf3GZO)R7ce{a?Bo{5d>!6#p znori6sCS}Qw|4k?4zarRhfY+$bgUO^OTTFdJMRi!TwIKO$&xPIzjDL!PEU=g@t%CN zJzggc=QAhYo2yM=)#`7k>uoqDWfp6yBW&aBc-rB*eWDi{5s@d>;xqQ52CyMJIY;q| z0ab;*R=y6J&7Z#6pF8$Qa|IRsw51zLF-Fo`4Gwh>^5>_a4ec&v|E}=z%d#=Pl* z8DxD~&l8yv5$rZdMiU_vH3KKe;x~+y5ujwGtJdg5fmX%Ys)*>iZ?E~JSB&%Iph{-D z;+(}TX8nlRNNLl{ll+Di82Tu*b6D`2T7O`8&D~i4iA#y((4I`6OuEZaGvXkiZY`G= zffb#OmZ6)7!1X0u&zoC8Y-FcC7`L2}-qv3Xwax2oqli{&%AIw_vxw0kQF-0!-Y@1o zC3PSF;)BS@ju31!(1gJ5noa72<9q(|VV=U2r&MQiitk4_3NZjLAhJ!#yR?!07l@vE zF#3^(m8DXr9(ZzwIRk)5n8hu-pV>x6f^okLws`yp*!ffUrHyv??;CyQXrGZ$2GH{dL&&-coG%)F_;!H?{?;;Pm;>C;d*e zJfox@(#i>m$4T4=f}*f*DSsa80E-c%VRjh4mausWU5aMA26#DX0%*x>tZ(-4=GI|l54^#tM03qSSXWAUAT74ilAl;-7py=Ye_`O+-y$hVCXTCNqy70WL96O zGsKqZ8Ewr3cj7CwRe_Tm*zBoynk>+Hy3$Eq-V4id!CeMe820jX%@4<#60<`xTNn6K zBZrv2*DSR^z{SKhj3AL@y>(tyVsZ1mmwv@`_-eVXZvoj3(Ilts9bJ~rdNbO?w1>cT z*U?L&??tO_A?y#+QfnH9BKa1dT^f*U9-;VWyby?34NNiG(PPsd`PI(N)nv~xl{UE^ z$a@%#yL=2(8inhue>?1F$Jm0U>vTBv5F;Yg>LinuiX3n)Nc%4CG+#QPy)<;n8qHXw+Jim%F}B_7a!hh(j%^96(LS`MHKa|~+R?%pcMdjv+6linRU4mL zZtAgwG8v7)A@ZH~?~3P-63}5HnQO6V50O9L+dKta)<-@>s*n@Ximlfde9sQ(sNRr@ zx7@YTYkbzihFvXNTLTvES#OE=y$S9K^wJYTaWBWKv(JhRe)FzH8%DBN!3%v0LCp}a z=$I4VVQ}_#N_cpXs%I1MkDIX&FxQIn(lofwn~RLAV*R9rdPf z92kFja07_%7+ikQdpT3-MqxL7#KTaK8{LvdRdZL!flYHt=H=}fypxoitTD-|wF&+8 z_~@6T&YWMgCl>AuyWK{lQ4{oCf#RAX@7oUF%R-|RLs10B?Eo9NJ7MqvJSDk493I_#&$Ymmimb+b}2pYh@k#W9Y`dg(z( zl=Q3&IalB#O)=IcCuBokcdWq)aZ^m5`UBGB#>X*?AV!Ufd}F-Ee9w7i6&&xt6Bjld zW5=IPdxwrQ?!tSA)kOHXv1-2AgnNXs)2d0B%FR zI3^hb&HemkBTwXDHQkV~4n2h1g;H(#Y_6lc*>Y(~4S!BU2SnYh)+2`)tpMjt%dfqW z`sJN2=N%loUBC19u(FAz<68lNl-aTRA=HVybhr0r{!Z>Wb#Yv!@uw6PCr%|naz{+y<&`X`|n z{^|xc6s|_bLPw>M#BaCH2lyZ(Ss;YRiK{CTGO)JY>e6In*z^LT4PWQv6uM|dgwKvZ<-mKI3F>_uz$|CpEW~;@G$MctC330AP>V04bfEziVwfvoN)90fm`ZmyX z_QDT{Y}n)W6x#A*4Y7*`U-{wVr{=!M%RhP%h1Z;iy`+DH%l#eE3<116Z>#%unkPm< zpuk4n^`#@EEcMc4=%|d%wb=tpbmY~hPskM` z%bCjMD9}F3v3tPCxsA?SMU0q3k`}JKa!#2MI;fkY?Cj6LunF|qY%wXz?IaTjG^29T zN}SuhD>-Jhx#p}paKmBTp0T*egO8b50h^7S7|S&`>5CRKej^)ra@7gp};yvfnMNWDh{0Y5h#yP5zjqqWj)+KX0a@m zk55l0Z>>1z{pvgXzVf!9&q`0o1VmJU&N%GuYcmn(SuhlYVxj13xsA`GJo%|0-@mf} zvP}QwJeBbb?*S;xQmK1Y%kocdyjcR%g9>6lT0OMZ8&A!5b7Rz*)gZ#pkc=o0&Hapk zYz>|z$ONc1NKd`71aWeg%k*-|(?;LhPZ}KvIE0B5b*P!tG^|OqK)D6J-ENT%Jw-&X z(XGXky*73qL;LI5FO@>@$?1?{1YcHM-AdtAc0pxe3y`KoaT=+A0I@DNNjFF`{0vj? z+!7v0gevzxb6_$}9_vh+nLsWuCzju> zICQwKSjFnTp02HZ0G}Gr;uRa}19$kBy1BE^UBnE zJ9#DH2*j<)Kxcfud%^<%)G%aqlw8Y5Sjh^IR`Rkv^_QWr(LLWadOGrMp4t@NpD-lL{%1cjZd$X zH_l=8l@zb2Z;WEEg=Q{6x0}PrNgBiwTzjprA{jU+UqSqxXGdf-f`n8p?|^3zYt6jy zj*&l-qJIu60Mu(q;OjX((= zn%RQL-WtFB&g*Xa?wi=9)dvi+1ZLU8K0RLdmndF8D8f*btW5Rp=evlqv9jF2mpatQ zM+YN!ITS;GKE_BC0~|~t`zH3TFEC>EG@Ern)geYinc`V*y>GTRN`bN+EXGZ%^G1vC zXREU9AKh#9wtT&;V^MweR>51XXS2KPc`7ZN-FFFdEdG~Ez>c!<+|)n$w8)>$SOEc8E}5b6_UhT+Y$h3iKe#TY%?I( zh*MN4GZNW$2C|#e;&H-7iA|>4bsU)ad7&lu6F(^@#jd^uk>ek8tqt3(v|RoG7v-b@ z8+=1yA8|OV&mNO87zLE!PmK2vaS6s$kKmPy)7gY4`4u1M>cC z7wP*CrVSD^jbS&;LVV+ySKq$jL~rfXJp-`)GW6fGEAydQ_!@xoQv>kdxj@Mz^@pLL zKyyP&9$wtfiw;P@PkOTD;0nrpW#j4|gdRDMHwwKR=~mq;$w0H}lvnMBSBwJnuFiE+ zG!lo->bcexsOOcF2DK#qL|H0jbn$0%5v*X-fA{KVW997#|jIV!aYIqI*0s#^?DBq^qxNiScG8QF#f+6NrYMnuKI!7V=(NND@1>jM-6bp4o6!YkJQWye>L< z&F7-1GyrbHWMEUUf|Ri0Py%n778{n@C?650BGKE~?VQ&{8L@eXhQ)6!9&v~f(NTxN zmN;k(wP(;xy~};AgyE3L;j3rSbvax{KwSFbF8paOo6Zih^L|XyWOJiXo_T9-3u(?) zB)}bEwIQK3?`pw0dGb6DoXjn=sUW>jAP1p<}Hf#?|2Zy4Ums%Hz=+r%?1pbACP^6w&6iD%$~@>W+_w`f>Js7iJ`# z3~Z_hsvX}^U>h#Utq5QsK_*gtN1w!XHzl1$EGh1F$NT?r<4 zg#JPKks-Mjz$v{V?jBDq5UYJnCi{m)A?P+=%E<`y83hH)(DuUIlNUIFr7`;{0jA(= zKjCS#EzO!+lHl5o5~UL{HAFQHV*RUp?6c|X0jkp z&UPz)LC6#_%iJVfUip2|qs)SV^S@J9JF5u7OfT#8U!xn-6(f{=C|IJ|q{y}>D zk9&dz0`&hk_x#D9^8Al`_52TO@jtHp)t{y2f84u{|IWeR^#3pB;J?xbb8utf57R21 z@}5rtk8M8nJw-v0Q1A2@Nx{C_XhXaDgLHX*K78Nv#h-Y%`wRc#kx`2*Re`K(C_$^w zg6$9SJE|XlN*>tZ!6>nCP3m8Hm-K&D9g*1oSvA1_L*4wVu>Wrx2Q2^pr5r5K{Q;Z< zy0*d>rKMTt^XH|guD=wq>?pSshKf^2FZf%Ad!vF!GC{S#*s5x3p$>ft9eh`P=f-O4 zg1J$oj$6x>pC!Jxo-|r2gYzUW8Qd!S_+ChPg-@+n$+N=iAfGtJ6*DJJ5X{VQEkkM|9IKS@ye`AVtkOwqDc5kPOx8*N3Y6hc_^CK}S+V#Ms#8*W4t?h}J= zFf-gRBt0SanNQKACGgDPILX^Q$0DB`e$U$Qk)LDI?F2nlw0g4#vAc`0okZ3`A3KCr%MGU=((Z687efl83{bwLC zfW%nmx6dU1^KTj~P9AoQ)+i{9)_>DL{2FGKB1C!UD6i*&f%N-a0RBzG=F@ z(Gv&DmQqMiP*O<#Mz4c=@pb;|8AE6IUHM!0P(b?EGpwWef~=$Y>#U;%Mz;Qbt4`Eg z&;$RUw?0g8oB8i2Z8i}J0uNA81RfwHgRV(3GH3Bn(Sru71?vW@gwuza50C?zM;TeVo4!f~-CYgY=@#>Z8b1RvdWC+@cL?7v#)ld)pZCu0~$N+2nNq*C|ESd|+6U(7}` z)g1P}-k{eps&%hp)a1keg_KgMCwKk}fi0;A!Im`YU`sD?!~TUD+iHqu{qtsFYi)D= z^G1nlo%j6p{;QY_2NecX=DJaIZOMm!^FPSY$#w$f|K#DnwiZ`qKz&pvi>FQS=-(F% z$+b)Vwa>pQd(N(Xi}!cjO9iMH_nF*70SQr2El8QM4Zceq_3IbU@87?(8yg!3`ivi=2Xwf~3HBMIpaTINubzW(q)BwKO#gVm|BW2~|M`Lc zmlIQBlE@kJT>5(6T2>ZWzIPU$Ar9O&>p-C&b*-(p#W*?3WbyH19=(3Oq$nxbVOuU{6}!?+FEb?=!f zTU}d{Nln%48X9_EziGh9i6fI`q6*kp%9fUva`^gwHTS>Q9P#GOS2t1bVC~V5E)9i+ z@=)9gV~6?%uWcEbu7%SW>T?+ljU((}YjyQ8XBL*C<;A8Tu+j2&-gQ4m57^>=S3fi` zK%r|G&vbXRHa-R_B)QGa51uU&A%YPJI*$_Leeqb~1|4#wRq+S&k(nq0PXP_+2e0Ta z&mjaPKV@!mWn!3bY^ayLjk^Y}?&@^x8{e(1U$%(_F1~NGkht)0aI0q2G+F#WPHwP? zc&n){Db0I%wwA!Fsje5*zqP1?Y~y4ve&(kV}+?rzc2&tj-kg}~c)5o$3#*<@fZ#rX21 z=hbr~bi5`#y{&$|q$2B&7m%R%gq8%~qmzcg6oCWiqeqL6;L5B1UlKMM-aYevob43a zvguz-b67)br1`a0;Km}h<^IDZHr6Bc-O78k$&!>CZN(B7ABi_7cNBq>QzPt~E9aBl zi>q4yq;~`fnX9>+~Ym>2{A&FSc%aQ*6o!cs0yrCAKvqI|U5{;S~ zQrWJfnNLSRBNU&|65e`wUD(z?KfVhGJ5U;`O>+r2pp;&qcBG{J)?I?`(@$Ec^2k|O zh?6CrRm#(Cc&SH0x&cni`CB+tP25V7*XdgRQv3dIk`1|=&8fZF{z;DD@E|8t2qKng(Qq(kdO2lR(yh!A@pHRO5z+|BSbE){iT)4#5`c)#k5!->m}*HvEC z>@7F?Zvs*Y`ZXW?d-z?Pno><{w26|to#wI0g9STebQga5`2D^|i9e7JxN9nl)AhBD zAK!b@!p)=J^&L`eY(0p6Y+$ng~^u&~YW0k09fPqv(wRIv%=DzV@E+^f1lYjc0Rf$S4qgwexlbX? z-=;DPpYN_cfp!NuJDU=$1x0;R)6h`-*dyk=kB@~uKHu@?NkGSQY`j)4NILH0=9Px! z*ZQIQGo6D^lcpbt3JMBFM@Qo=Z*0g_O6SIu4FfV#yU34(M)60q_V%2bTJut*CYTAD zwVAP4JsjVko6oz7%45EH`aX(IPwkx|riGvJ4`ka$!JSexCpon6WHF15Ys}-PbzL%FvuBsgM2fdOf6Em`6jyD>&U>ccAq^OZ0M@?KV^0$f8`b&^;q8%!eu|xd7?Bq<)q{r zB4HY@Id&hLtTAJS4 z);4>hv$p7A4S!vB;&+m+&Y|g<(^^k2L4*1RA$^JzeP+?_a|31~8RDNS>v#mqOGG;z zLEa&c>F}ST@_J@ISzcSa)zr%$(^sP^CDxj%B_Osa7%lCX9XD zaL=Eof$mMlQ%;rPb#?k&D;R0tV_TyF#kMvfObXdon>?<^?j$#U#gdQcpN;+C()i}v zvRyE1p_#)|sn}j7*^;6CjDU!;%nLYPWId7-ubeQLPZ9>tt`y1^mXt8P3VQ%9Cs=>y zUaEVVa2jz%9UPpandGD-q1O6b#n_;r3^dl(H*Y}Y58i{z2U&rE=$d+ZA^OQSV@=4f zi8|HW-?z8PHMO;&Ma5+~n%cC*EjY7*Coszo`StFCqLGtH<~S&nL{qlyof>Dk zEtJ@m3wPE(8(fMe&okOqmh$luR*glA3RN9cmUqNjgw!0IBJZv_r`!J*OJBi|Ro8S) zNOyNhH%NDf($d`_-3F$*7=BB>G^M3zeUwhA)S+mxfYhDm>j9LPI z!eAho;GJM6)Ory+MNGhaodK>7;h1MN+Ssb}jXA|3Bsq63jnvXRq3aMZ1U2%|z7jAh ztdgn~5V)fZoqvx@XKCrRpxE+UTWYy_#_5YQ~4?om< z{`t#_MTW;A((|@gr71;CNl2LRv&0Hbyygn&3q`H8fttR0tO1S%(AdRdYfDehT+l^d zS~xrFPa_|3RRSS$-z_|EAX}FTakM6fj(~JIIf%xSu*5j^WZFRx&KS-E?O((fn=q%V zB1MUb^JRS=y|pv`{At^q!27z1@JCl=-ZTus?eBWbHoB*`4brAqX(*`G%EZo)OfWth z?vikKa|9$%OJkD&n!3=uX~ydfWw`H6-yctX(8tJ=b;HlE5i_O=Xy5Qgvxv#ce@mFP z9K2aF9BqUp{rm7qP~&(kIRYtM_ifX1WM7fHjp!~bG3{A=Q)Q2_;n>KtzA8npKi|vQ zcd}==#t;Ji#hsQDF1tG`x{xY(vSh0>A!W~KoBgFb*NgWOXm@-%Os5Xk-*IxM_i(me zuSo)aO|v!;{rv3EaaFRvqfQ%Q>;zt_KhFE5%C}qD+U~|gMCcG>;MP34UAE_8Gc=Rq z;qjD}m5GxHCl_3yNztA5!?i6|NIPt(H@~Pxf-ooSWHZO=VDr^#75|&~E@uAzh9`%G z`Th6B{{XstfVlL|Jk~)+ntdQyZ$z;mgUfqtYRV7e|vQjQ?r|aklSM zDs>RxM&$%3<#L9zM8jcp54ZS*$J!8)4cBN&4(+LcX%VFeX(vyM*pw~J5azv3Un~5) zBElfG$}v=~80h`Y2=QZmuNd*>KQ{~pX1^!{oF92jKMcOn8@Da~pprcM2`L2M3+=Ds z4n*@leH!-ITHVU^hsD{u`OBj$6*}`s$JZE6NnZrPas!3G^3qc3PxquC;yQtNN9=o8 z>gwwG>jpfrRJ0;&B^CLf)zsCMZOXnVYcJ{E>>eH~_2CU6p%GAp(v$)fH{yT`c6;Qy zA>?Z=^5qb3_Jpi_c(flvj^>}8ldn}_agp(14m2<1Vuk4}CAxTj35H6A+#K8QAm_}` zhwWgl!me=DE(n92uo(O{qD>ON-HZ;0cD_z$S>3SN{}%{PyCpQqkCP`os6@yL$niVd=vVHh8skhF<=#ZZvke;0*}tKAsj~Y z7pVI;x?aeYwN-)*I=v-vr2B2bf z{o^q7B&9rc!;p_6P|v0dOUiFvO8rF5GSldI2syGcA4v1}a`t)hPqJWdII9uXP%Ejc z@G$c8G3xY!MM=5SGH1)!)%*#>amu>zs@7zLA(bXG6Pv4fC z!29dU^HA|K{GILZ|2Hz4`uIY0%t*&KfpqYFi{z3+dd_3*%4y&y63X1`1~y5W!*%1# z+axD0`c-sdqDJr@i<5*ORY+zdC!CY5w!mwcMr1YQM~_`VnPnR)xywd6oiFA<+ko=R zn5`&6>1}wBjs#wuo~$wc%l)pWEY6VfrI3p&Y~8vD313SgM(S#+IW|wVtG!I~Y)UJ~ zzf2FiuRA7cp)1oG`2BufqpV2(cKt-L)c&J9r4Q=%(b!J%gMN7hSXR=WyExypE2JVBP2a0zlk~2Bx?)dx%9cdv5~~Obk-vudjKsoZU6ySG?s1GZS!V z2Z7v`q;W&^cN7D<9<>5&SVM;Zx-0pfDExmPgtr_WKTE~hf3uo({B1GHjK#ZbQ}93- z&kvbOZ`~2R&)fVH!Q2d}Al#pXsZ(-fR$(R;NF)M&qilah9Q{;hcTGY(5Llhbez4>7WbYH-S3)?v#(3a# znAl%;{ibIyG&Z&*sOexa(D4`=OCDXD4Ha~_Y{VYj>#8COv9hv~6NikJX{h~}BC`L; zsP+}m`TUGLz*=xM8s5;yhKBB}0auKbvz#{I+lKEC@2`WJ7Tcw*BA% zF~JUR(888+IZX;+4>h07`(F{nk^Gi;BT@Vs%nq-LUgL-m^T&J@Ejf5MwSxn9FYohF z&^Mpv(o282%_f{C^5{I{^Ey?A%a<$y=TmRM03g7Ed$q_FSRzIifPpt9Ii*Jkl^#8< zVH+}Pqj@Jn^x@Hae!U8xIi4FtkB50sKbIbQmDJXzmt-g?pT^BIsY}*3m`yDxN|>gh zh4b;^2O{+=A^kdUK1Grav(48<*+c%7C0KF0^7L&bdKi5u-VQk>QrE)<-WXW}u>`;m z`UmBoyTo<|7cO7l6a%diy`5-qal|wt)uz*b>92rJPtb&rU(iQj1F@^Y0LC)KdL%uR70O4-wT*oSlcw%T^;y z6epZK=ag}dBu&do#g!{m)!!={_JCm|Q~Tt@O%eG9v}VZbH9HmkQHnCzBq}JOrYJ*U zp_Cc{t+@EE|No?x7c~6MO z;fFB2A%;!$TkQ@+RRR@X^G=op^HlGaxD&SfcX4k5SRyI9@jC{Mo!qSYcnu19zkA^# z4g~^`t8lt^A5;YWIHt<;onv7}g>=D4$WN97D50(EW)7%gUPQ`V!`M)g7$tk3^WLD~3qcy1*u~ocZEHVz6S8)w28CD{z);|G5{7(S^_u?g9wR$9$LgK~yhypAxDxzd zQ!q}>($MUeEaV-yF=YKgGz{06-Tla$ZV+>8cE@v*O(H=m;?5Lu!FWbUMJt(O8TsA zwYOybO*r8SPJhIWMwwYdW0Qg3?w~i?A|OR)f3&lVuY5HfY1kn+RWd zj6vk%0VZbcKVq45ylkSM=|iyp9j5BWoo0T~HZQxGX>Rsdp;7}03bhDEhGU@pD>B>A zXNgAq;yu1Lp@BIQ@-Qg4-bk-BS=T{owa?`)%^|AoYw!?lHE%ZEW^j17o zaiVw3F%30Pg*ue((ou)6bb`XILn`VBv0Dfp1rG&?AtEBnl74mrzZrlqyqoUPTHEYF8ziy6>z_7(av_iZ)_MssrCJT(^Cp zLY9QLn|#Z^BCl^BVtGao?*QXa!3@Z>keAk8R2{bx+9>Tu&&BaZ(!K}L7J?EO4yqRQGCHb0#r{U#IL)&Z-oQX+mQEhJ`r!O-Me zU;4=Y?QaLmW7eG3_&gbW>D4pNkp$p=m50~l5DOj^r_VTTyEhO*J}P1YFAJ{ghLtCM z+N7bmp2LC4g*>KKVcN9IRh^X~eMh#$!~YmjN2>(*!08LCz=rbhGMq^MG#}d zf*Ja+!v#4tV10MleV29JmdzWm1^1dxuZ54y0YQOt)QO#5aVfs%BLVg>gtOYJ#~^x9 zA;y%GxTNPyzO8_aAsGwe9QIhhK;`9CK-HHrUXe8sBJJOA2cU zKf2BxrUV3XAAFvicm?pZZF6KFBG-iMSuSomibMdfI_Zv(!LA_HUy3mY7uhCkYY^{U zfZ^u+m`&y>OI8zdoHrH1N6)e8+5vh6rtj<(f56b8>lynn#_le~y}uoCJc2y{5pJ?Z z?;A{q8dELt8|`>1DB8QQs5g!#c8A7)eX2oWZPA5_n2Vc>vPL1Tnn)>-;lJ}$7PVaC z7GUUGyCkP#o>EwmqAxyfFo7!!?>)gK^Ox2g^7Uw!aXl^UwM*Q++r&!Q}pl*Qk71nR0h^ z;aMg_7pQOH{Mgv~QD;Jh6xpA%7tG**zQ)`JHuK?EWd<|Mey!u(hHc#Y(f?*QE?@in zki~I^%pK}lqTFpy7Gc|2@7+eku};}@WjR-}YrAQY#@yl1P6YffCJj@xuua)cp+O>~ znB>DlYgJ=SO%14#VCMk=`7ZNqR=vcJsCH=}=7EGSSrlNLv^C|~#k)zymj{f&0)JwT z5kQy2@dGWpZ8^NmMkky`-~zW_G;X{`F~DzNLMp4yNz=$i+!+#__$pA$a_c;tZ-mL} zW;7z$sq>gV--!K7^Gax!aZ2|VTYNT*J_v_Ox&&?Lu{_S6#scw5HEh%+;cNSIDup?7 zLPT~H2O7ios)k!drO#-Q06k<%X;&A9Zy>i9#r0qbx`uJ6Djj5+Z#EQ>;_ou$)jY#e^T69M6gc!9G3b?B+h zQ_wwa5=?<`#5T2D$||p`;(mtRNv zLvvDD3I}D%N+DchBlzer^(xZa1WCC>?LRzXh3M`)<&v0HJ!}?I(gDUPIf%8%D&~i2p+pZHxqY-LDq9Enn>q}GpQhpcv$@-8 z`~7VLPZ7|_T;xz*;_!vhbM#NS*LpXrL$&ii$=vQ{KbI3i9v;o4ni>d&ulX|B@*&xe#zDa%Q6`x}F=VCmZYMU_Wi1rz#n^4+dlf*ngH=c%HH@nm@{gU^&5csekw4tH z1O(CI-8O?(Xm(QUizWy8T9A^pDf7u%Hpkt~n^`9E9=~k5M@`v8es-K>54c~e8=x*Y zC>ia3(6vurJY@{chJ;`L#rh|sE@!^WPhC&hN2MiI@m2uVa}!i4)FIMdFmxPn?{bzLBgDwX5x^R;LFEFJ)oKn|SGEQ<|d2 z!DgufvLA~Z^tnabqV(clKY6%{*rHG|v)KV}>T}F=pK4K2PKG0}ce}Gmr??|gItH61 zY*f76p>;UreoB-NkZZi?MVENf*jElZl<5lkemaCR=NifOCvzL<#h`TRTjGEYk?s_I zYWl|Z?`Qd`T00Ud{m3%6w1m3)zt=kR(JEb?vlk?#hJIH~uspiTi6ZNFd0tF+K{o+3 zKh!xHNK>Yq0`#{Gbl54pbNAI}EzNLTECm1ju(h%>Q?o4+o%|vzn>;c)YWX)qXal+{ zB_ZK=YI3r#L^lhOq=QU#dFNd9)s^$q?5tYR$%*Y_Ru=J6Lj&iajJ6jvbPy8E_%eV! zQWx~3rua4W8v%#7q@K^8O%{q+F$e=dKm?E3zzgZy5nui)TxNRH`J^XdnS+&-OYwE{ z@qI6Ut#bl-0%xyP&G7*Pdk0?ds*X7O+GZ4~u=flm$y*{nP-=NRm{d`>04DGKIsO z0v|aFq%VtCE+<+GXe;a#?HGJ-17$voA(Fhg5MuPiJ$m8y-EZwI_sJ;z0hs_sOuwx3 z8MH=>PDDh+Lq?6XHON{4NkS6Be%QF8?kI{u$3_nuS6|Y$T#Z@lhN1Go(?m!a83avU_*PeM z)G0lS>rb^8q_K7TTSINrm;g+@cP1oTyQBc)pv z)PCo9*xF$8@fbQPn7jep5)BDX9LgNTaTaiEko@h8&3RMrQY`i}OY^NCq?p#N-!zU_aUU@Zt}<@*&zq*o3c0!oInaZAh@%kR3Js90gau z(RvQYro7;(vO+0ihnHL4Bj9DdlszqXSLzHaM1Muo+h+|>#HXSf39A1NK%sY|k*cRi z4&ctODf!TADJwH6cI%{NW@h4jI8R~L6;xAGOBB2L{y^>1`S*kGpUD_Bkl^w1@`48a zGaf-~2Bv4MADRAc)T}znA0zHe37(jBLmFGW-P`_Yz*9Upic#bAn?=D zQKpdw&E-M>huM~}90p|p{`O+>Fuld1VOv`VBgvu(n<0qDi$|fL{#6GNbt-1H2`9ZW z!}#`wxhoxFzK)MW*`gWOIz$CgMy(H1nSFj`^arSW&e%+cqJO#_t0mDW1ZRM4>_`J9vrk}sjxRSHyirgCFbU2n>yDg^rnU0jt*al!Nih47{mVP`*xi@StsH< zHB%TPtM!nXN8Bx`s>*nURxPn@qE?u<%3l4uT0LU_+cl+m$VRtci_(eWxcEzv)MV@E zeF;GAV3Q%xCXO7S4s{h9mm489gp`)VJ(a?`vxu4-PFh*U{|aU>x$2e0tku|;fwU@k z-2OC{&jA}T3PjxYe2`t6^n}n;rIh?Fd}l<0qs%tQkxYI#xGzwH)Mm(%WSw0?pdgbp zU%7%EJa|4a)ntOK;0brw;`KQ0a{c936krk(T4^(US=;Y|5!^l(cxW|qCd#=of-<+2&-PD8rXuXcjKKSY z$w8)sbCsh&_fgJ(!*a>Pb1;%cFxSA(|A;VO>JIPL^0$-29(~_50JuMY{_NQ<)eX8& z7k*|Z-xZxr=+tnBD;p#wC5;lpCKK^ry=tqkFU?%&$CY?V81a7NWGMHERKSfEXODQS zG-$4;`Mw@*iS6an?4V;*naXIK>qm~^;3!%KF9Mw>ItiDU43^QlrAlsKFqv7?U2#( z@6;4{LB2B={5!afcCR1C7~ftP7|I`8TU)7n{;P2-x4^b-&)iQ<@9{g{1$G-|r>C!4 zLPA1*B(>)nJa=v{n?7+qXulYpp41W~w+ukN_l?upEK$;^=PxVG2zT(|Uo)#;Y!qBh zVHkQhiAX6%rR1BB=~g~Sp!c((hK4O#-7-hU&1|Di(7|DNi&TbllCcLh`EU2r=Ht}3 zLCyT=`2yL0XCybU00~J9pldwS&|Tf?z6o6R6A}_4JoR^YUHgK0>)8kj=M~+Qg*?(> zqf3Z~jZN93KNJNIuexK-(4p9OG;b|QVAf+fA>g9@;hu@pAwoc>Z3?bPy6UBJ#V2PY z{8J9+&(91UlD8=YqPJd+dFX8fS`v#ipIivzdyyfjs2+~hO+v$fmPVY$hc!R(F|W%! z^TFa3HS_@zKXg>_hUOM>_Qr9ODA;f34vYMOhh?CMVXS*)AV}8aJ@;MNHsT>Gy22x7 zzsd|RR7&VbUqyxbGhUC0wDeHb^71kTdQ$Ky+AcJAGObe1$mw$9C~TcRSs@%&E0o>39ae}x4D-5~4(Oo>$)zad=J#c+TSRK{^nIdP7t#9fuTRSv2M z;m7M^?wGjWMD-;&KW>>X?-6yAz8X;U&l!+#mx9VnsTMb5_6Y0fcNRi)K%hTNy{K^W5>oiGP&18OZ^g zmIvoZ2v%!XwcW`qko0H{>)coxAsZ22pVWJ}^NM=I{*!aTY>KeSnX?))6E4iVI{r)$ zO}x!Vb5;pNe|FQohs7|dEeP}z6Xs8kakEoVNtAX9vJR-bR9{!OZfRrw0xN*NCllWolwL@~Fi6{~+e< zZEb0>4g5pdBw7O(85tRJcXubezP?_mI6htsQ*8}c{d&t7AGK~mKsO0v=8X7Lc&X!n zy=n2R3MiF_l{qqF6v2K&Gn=00cA~9A?PRujtZYDNamZr*TW~N1a~bt~g^QLe&#*{{ zI(1$h8#<-sG02BQB0>_yG{(j6OD57zTB9gWyg{b@iZkA7x6-7F$C|ZqvgIX5#sfYF z3=;sp2PEf6wt(GM$9c~q%*D%8r|Oh9hk0G96rwWB-3_bP(RKp4`q%$7zDi3M`-2FA zcD~vWz{t%9*Z#J)W@cw)rM!#a_G@i(8WRHrmyxGTEE+^us8~e$_QKXNpM5_gM2x(Y z8WUq6xVeh0MyCA5I~c%eA`7+qNR<)_fT}g!n>v<`1^L71H!LHP3s)`KBBbqN53-|- zas94glsjhp!YP6Vl1Zn#hrfzT!xIov2&}_WlK+KNz6cSh&t3i=O=0eawG_EXr$;Ui z8e|Lo=M|61b!zn!vqB&Q?X#RS`9uJr>y|Xmr>yH^VG~coHeUQ6ieuhtaqvNkve@azVi}Yy4R_=5->l`pVJ?vTi|Kn=JoCxZ}a5JR}$;B`3$Zz?o!C)&W2VZ zt%CAU=-I|3ASmT?*^4Hhx$Tm8UFHZ`)}9+Qg#56+ti z{O&m^%_b_kE2kTAp)55Z9*9T1z_2O1!d%}rg!FAlo%p-0)p3Oj$I7boGJPw&I`zuP z&l%LhOx{54gOE=GCqC6>M@T|?ddJxFh9fxBrXzvz5+G`^C!ZZ}KAN(H&y73^R=QB? z2oPklefrd;@^A!Qy)MrOm_$2!l)>(IlvLF{(!Rt1Mppr$p`q+=-hpFI9D4TbemOkYn=+X+$YI`iz7x>RDE$GC8^1ye61*pXGN`MhF4cA#s6)N?9b^zTXv z&c}l`O`HU7m8&iSf^pmjYBF{;+qYGA0+1RQo0;yLYcOhsvrGdf>J*7!&~QUYh~}m& zM#;@UI>vmRasL2WYB?i_4wPmv*lkr3FlLOk;Hof9|7Y!Ff>8@n(z0{e01meGK>BId z_Lq{Gjys$%*T9QS$mZVO9{Z8&h(@b?Ra<=N<` zhG#Ux4+I0*Fz`mQ8EhMP!Kf#*W&~pLyX#OQ}c z;l!+wQ+JfM69XwKrRPZU(1euCnVJ)M zvUUI)(MCZ&wY?37OBvQnw_ij z_|c(x&r&3euCd0G@Ms|{>0-Bzh^-G;QZs~Tee|=f(Eak(2IS^GjRZd(l${bs-a#$Q z-nF1B9G zs!?V-!G=nL!S2_HnEi$NN-LB4*a0#_86gqN8lA82mUE4*l+?d8l>%uYXTYg;Jwla& zZR5LfdfF!`4sQ^CnuBKK>=fk-4pE8n?42MDpJD7jsV2Ns#VH{2;fQHX+T+I@p)@dM z3eM^*Pv}I_M<;^ETzEmAoOB=833Hi>)KybdJo|4>_u10~N<*1nweb5vuq%RWx>l=X zgw>HL^`?>0jU&PzP`={>;)waKEFC9FggoMOuP@WtkhMXaL4l&Ve+^V^v|N+RCj?nw zT`anpUm2=%<#eR|@R$)WHj%G zm+)rKzn-ekvz;=Oo*-Z(8spyBL%i2sE>*E|T!|M!miS6nu8v-AuF>z3njqJ)FZ*DX zX5g{aH|X}Rg}z758rq$IYF`a?L!0%Ko6XHm^#(i%YTk{1Rj4vGxsP`CkPOE2ZflfJ zu;9x|UKD`Kd?hF=V_+bhdD3XShy)Hbn83je7jamQ!y9x{23U=J6wq~_!<0IzovA(e zJ6Nb>f}cO@=|yL&k7JMY5W>TRAwJ&4b>MDA!ccAdczD27<3C7++Ymh5QD`CL7sYR5 z=Aw(glPQM&*8BZC{)2}%i3+vBdt>V1!LuWm3b0i7shc2kfC1C5wrvuG937*ehh*rt zX;AOVG$k*77v^QzTk@g3MF!>H-X3X(_wCVWN=nM`Wv1YsM}S!ZNN32$L`SctQIz<9 z=Hg z(0lo;R~DHff%On36uHEh^H<4VCEu=}+@QWuf&$^6f*7Vkkn zJwLw16qh=DC^g@=&Y5q&20yEY%U`#&LDVjrRmMU|UMw;4wX%>-1rZSvhMHhRA6g-! zpsZ1T>}w!z$AKkswUE&80YfoC9Isyzpj>mU^*Ab$5~s?S_C>Q=KEY3wfTlf=7&OGY z!q}?BqSwZ#gxA||v^^aN4TowB9vgW)N2r^fhTr09{DmS&R5{@>JM z6b3uf{}?SE{IF-z!O!_n?KPX~{x`0%n-Tw#+>s;s$FVzWv7=I#W*J~g>cZ*-VTcXd zs>H?RUaO?AFxlFP7rRy8K=jCao=G)tJ!VU6aB%Qoni{x}L3as+d1y^AbAY6xrU;h| z9)wpJlIiYAN%hCTcm%jw^0#-8VF_QjV5-Znz7YOX_=X~LxI!3fIU%P4tuNXf^5A2< zj$2C#H5LRHuA(;d*%=tmW=9rd6}N=?uBE%P(bN1YUIw^#Y-%od$3iFo9GLC7KrezIe=j5ufsM1 zoQ)s5$~fFV1K($8&jw6? zLOXQG!{fsd&q+%^)?Pg_`_82)@?HSORE6*%7O72*g6$g7fYaG(E4Z(P;7cm2A;(}7 z0w6E*&VWdKvxz#0T)q-7^y$+h3kwU4rxt9ed=HD$QNt+>G&FRz zDjueQ+v<693z52vWa*)GQ+Ikr0i+llo-_wVR%>gjPB7*fPX6QpUUFeF6w7}wBsG!t zB;0EGDpH>lpGL(fy1(d(A%DX<#TlSM0;KaMOYoQj^CtLQ4CnKp=MxV8P7#pQ6_Y`J z$G>YlHlpLVDH_GbcrEYIq2PjH*!PJIE@xz5F!S_z8VAoWFY}&N`W;*SuL_r}qfR#= zZ#s>`wT#6zWGw@jrZB^khf+^aEu`R^9*w*ek3bk8QPUF9KwaTlAQ z%99pjdX%1aa}uhgV%@=1_)Ao@*9Tp%Cl2YyPS2#}=3LPLEso=c+;5o$J+dZL5~}qM z|9@JFK}%QNjopSg15Lvg%1K{|35f_x)z1v#q%6Mu{+ed)5xD;wWWlZW1JPZ_t!YMw z^_prG;5Qqn>oVx|0Ex$R7|7k)TR(Ze)}er`c7tZeZ0~p z))zBd()}Z5DXab0`1$l1b9!7|n%BDFmP+!jE!{O1GGvzth8 zG(f-ji&^a0eX>}hI8deE&6Z35^h|=^gaGmkWHU6FSTqk$aDTsZP=P3`zY9!lkIV*m zoynOz9?P9iXa?a-Txv$k^uiXK2ai`px9RY`iHXhqjv8#CbAc9ZbLE=+dLFKNVtBsT z7V>V6}}?_fbcvI66}&df?Q`F&;0 z!>5_%H4XHqkohLYFnm~t7B7)dR|J+CIbs2lVNi2{|NEo(OR#z0-cQ__yQlJ=oqhi$ zh(P9pfyax|0-2Z*R8)k_$cR(o=$S0-$WOW6HMZNv*3cy1H{UrX zc`9Hq-BAtu4U&B=ZEdVW>zv2}M)qAVg<oY1fTly#5A3^Ww1xAO!UkX3 zrFpP`Lri{D1?))CqE6Gu_`n=NRa7f{Q7%G;y;3>SK~2X+c5Xi_3rwX{gt=7XeOQj}tVEy?9M1R;L7l{S^{#l%K9F+3mHJSc{{9qAl17V!a-*Fb-#7$k_F>bn;~( zq{7!NDU%FT z@kkA2R+UUcU4VNBa{az1MMXayX~49hjf16SUdRRXwj$SpTn<$%cIvbTpD5dr8qof;)kaX5J(qTWS*ORJd~ zLVIP1XJ+sUO=yrjoI-s&(TA(e>sM%vyzj(Us9&#WCs{oO^_#F@E-3w;Fh(w$uJ5?m z@Fm2mB9?h28fo=1z_ry4Z0a~!GTe^YCo6KeofoE5buR22D zR1w&#vQ1yWFrkCuk07tLe$D#*P8BxcYP|g2 zvJX8&`X1Hs0V@m5>1kC05z35%8)NY7re;=_P(d88i*C(_+KQy?;!ES>_9RsxUx^7? z=n*7BM>^c^y;grw4zfv>25Pn#k|`FJEh;2C68-#&TO^dPTF6I{3+}REtzG3$=pPfPS5X$N>6<#ugXg5>XctH7!wgM)_7Y5F z{uI74JtVV=brsI4*V1DD@6QiS@XkWrjB_n{Lb352J{kmdJ`9yL#3BnFlwxvF14StQBjGiY5_9n3Cc2f1C_Ftm^PM(9^4ng2afJ6 z86t9|r!S0I7g+62W=&bm^WeW?@k4HV3_^*$GhEIW72*IB)}w_vi7f`0)|KyHacKI$ zwII%`+_B3`hvbIP10rVV=fU)D!YtLvNv%tXPQ8FGcVkyX)MtN zdkriJJ`Ltqcj5Z1AMOB~U5YBzidh(;Sv0^|QzlwR0u2(fNh59(;@& z@uXI2N=mWk_1;*BrzqT>+O=cKLhQD%>3VtN`mLJKc(tFba}N4yeV(#o1RS|sn~$7{?75u}nEz;(} zz}}Xu9|0)e@5Yg=10Nq@s*^A9&E-AJUY`fYl}W}&7#=H`9K*kk{qF^ibRDi{#XuU$1GgJdjT8b8laRyX%|;vIsVy z3crUHkDn)?Isr%X$4gJYhnpbDP~0;}NkpOBlTQ>9l(E;+y{>N^0`X&&7#^6}Pl&$C zNtP<8ovj;ek%@6;Yg^?_3 zV+6Y?_Ozd`@BY>V?EAn|C^^&a9$^rS+$lNx_iWlf7@slPg9yP5pm_nEy=iBtYF+<* zxvv68vB|H>ExkTseLGkS!|gj>*3X~y$D^YP_D%=#QQDzYK%_+Y=}gbYdcgY23OskX z9!K%UuSwvh*+XJq zKU4v*ple7)jrf|4ox=XA`q@t14JooqMgscD=_AbJxsp=9FDey#%kpsnh`OgDt`V@k z8j%k68l_6?mOq3W2BkkAWLR=twWvOgg|@9_4qr--aiG2B@qmhN~&H)ie$Mf}0nfELvxOhwuedvfk^$nclrvx-j zo8+VE=Vg8hw%}=Px#d83Yg<1$f$>?loS%eE|Cj5QeIQT_p&tkPCq|#8 za1|H}Zy}d$bWCN>rQJbvTn40w8SDg_Ap%e}xq)$uw%2x`X%Tzulk4NG7ToKWRNM2& zd@Z6E?5wXFIb6R$R=nPbn7bRkWMS{gRwYaG^yArjr$GPobf0(qzcnZN!$Icxr(Y^d zzqxzE4USovzmMy?1Ki9kEGbv__qjp!;q7=Q*U^Kn@SKD(9(R8)TjMD@W|bkc`S^oQ zs9!iIshYi`3~l^-%eOMQ?fBsooXx5cf{fLF1~yc?R{z=eI)5YbenKG?v3a)&g7s`e zGqa7Y8#XKBzN-tL*}$!wi-sb1S_8fRr6Zmt+?YJfaB%^+4&$jNc$yMm>d|yKPwSJg zaPvI<1hZ~ab+6*;db4|QfFA>zymC8zAFqxce5x~8veJ4H=26`P6QKG=`vVoT&@!uv zxP(?glm@l}u4Fa%XVN`vF`o%dbA|sfp+C9|o0)YP{CNKXsd|yq%y%2gJqphF@=pW> zY|mcqfJW$7AOGgkQk=Dj5-B0c5?P7#mkQMiRCv}nMkKn?w+pFWj8?1vd}*=o&e>4# zNAju$f-t`xM}$f}bTP-Tvl%~cW(+H>b5T>_T@6s}C8Zod{5Y$Pgk}UyPEFgBc@l6e z`fUvs>m6QQMBKJ5yu*u~=ea9fB}AGpJf`VCfJXq=DZDH;*4+veDR6NI)}Wa}+Yy4% zbN&xt9%MDLBs7mG_E5FXt!!WQeN4o8_ra{Kt)X0IV#Ce|7yc)U7aTm)D2FV8rKv52 zq*JRL&+8X==qZXWkdr%%zZ0EYyjULAXjkquzxx7*_fSGcbs@GuTIs4 z#FslV^5Uze{S^_Xd8CD_nc1w_v-ZqwuSpBhg$jI}*CppZiiiN>7IzbT>&w$USt!GY zB^%K48UYDyR!>BjxewAgSigXyZkTs3gm3iMr#gm+LoNJYdwEWe1CJj#rOx>yZ*=db zLWr~h>e zbWAP#+W8k(Rtj7@g@+I_cxeV@t)Lu7 zjy`7wF;P^S^pBC41RzQ6Z}Azro%DtMEj+nuYhmGTm#|dXr8{4u+#A}%A_^5=zvlbr zs1hY@)?};dv~WRE|*k%$a@R%$w#X2 zDRAxrH^dyANUt8k~Ed`nRA)=Y1kRz``E+YgeT4yIBt;(JJlk{Y~FN zi~08Z+aNQ#`4G!Dtc&zRS0~cp>D#Wa*48^ohu=Lh<=v=!^wVO)gmMzna%mW^^ZrB= z%$Uf5{m9E25RES2cGrgEVi>AMP=XCg_CLhf|vgg*B0(AUdT1a4PBBQxlu41IdJiYMvwgYuPC#bK@(ySXN zMVOf}i8A3TsZpPCw+or|u@CANv;f$2yYHcv4WO$7?k9`2Lh=6uoaS$fbr*0Q>!RZD zPe?$uLT$#aS?ZU3I`Phqi*B4TLa!^y|D)p95m36j8ziK=8)>8@ z79G+80@97NNT+mnmvpzJRyOyZw-+gwX z+;5BME$%tpWCGu=&EopCeL_=KR_?0E8w=W=ksh(TewBA=)-hcUPjO{s=dpg4h;GlC z;Zs;%VqNC>{Y<-}DLWV{$lVAqlrZCf#KhJi!GOT0h?XeT6wks)I9TsJr@~MiRm_mX zPA(HRUcKfJg$Goi!>{ehv8*f$v*>!x@?r?4;-NAwv?lJOK=RKn`fZ<$wDupbT2b7s zSW&KNIjdA{h(Pblj*6onab{L-{{H6iiHYGphiD`y#z{x{MMcneQ}dd;8~0K=fws5- zMhiM4&B$L%x(Y8qQ|!(sj>b0%f$yu|5U+;g7#+Cc&t(ZOqRr343`7Uwq?Y9G056NE^jUvCL&J z!W^GE2nR%+uzqhH7PJJlP%Y2vYxJuWE{@Q_q-qZ~2>HwPwU9XI-m3sUT661#Cn$4e z(+s8Zu=RdwE;29^3LfNS= zdTnB(?PaIg**u1d$Jq4DBVm>lIB)^W`X2|y%e@aS@~A+XaM;~Y4%g00mDBJRn2@33 z1-GLs&ju}7TF zoHZpJ|M2e-ZlEWrTDNngXJTjT0t&54;*hR;frVQV{^iT~T{=EeW-pxJ8km{Jo5l?} zlV67(D(oq@&dm1F{)X$75;^$84?TDpB()&7SXRyi{evAz6uunBTWF;YFWP;|4k!bi z|L*-^T5>4Z+x?~MaT2ektxZDXDUUCwk=Iaj`s-LIzBcoJxnodpFI2@O%Rtjg^|+Wf zN&DD%WkyR&o431Gil8)9q++ z;iQ3TT@C|<_C>FQUw~zWs_)z2@aCM1^k$Qng#6N#pAW~C{86`~4EZuxuC0uecVgql zERSAleEL^H&g)tFaw)Rxmc58Tym0j{cIW&1B25z&wgwMA>{3?S8Jh$Qi_^O-Q9tr% z?l#)7bnAEgKF~>>$lW{`gnQWiQE%7tZw0PdU-sCb=8^sBuQWigX4}sxI=icGwKu&q6JH?&%wJxhVy+3ypk+2IH|IYjLlDF1aWiHMLBOl^Z$*x5f>R1d0Y0*cx`Q#)cHi|V_j z#l;9$Vl?9FV@=ZmC(6A13%dBaxvZOBLzoESxUF~^^bB6vKO#%(S-p`}uosr4d@ZE* zcPK*2*`Ogk;`7y>(&5pWW(++`39IDSQEUh1ziiWR+(`|dT+%(gy`$beexq2x)M2wq z2?cMD$s;2S2bt@8#jyIB%*+B``zNvRf6pGwXgEz2(5pI&q(;VL=-TFu_4q zZ=wgIqU4z*3ACtky>NZE-TaFdJ-Jb=_7SDlU2;<)MaNkyc>w1 z8z#)2MyG~S@H6ZC%;n-pLiyIxVdFDn*n~uFn0IUtYRxmtbP{I6-|u@Vr}Ylz_Z;jP zgQhUGS6T!uN;|5-k-QQA?)zA5EbL-37plNF7egU0VYz%}(#gta%JDLQ{Q>1&UvDpo zBdn&$ToiY}VZ^+I7)l$!fI=6ljQXWa?Ec1qLapl&Rb+W(d=U~;Cx`!sC{gs`nV|F5 z;B?s}{!{-y9UUetD8{I$sC0#|kb}0T4j0OXd-hEB$f=BbNU^mQ)1wROJ_lxsIK>Ht zYfofwLAXh~!+x*-kTsHxs5t zKDV!*IVvyN{&)vzzW7C@iS~=&!)g}lYC$wBs`#+hK7~4jjZ9)XiA%5P(=4S&T-utL znAjGb?FN8?J<6943G_Aq+ZgtiL))8fJo$W#2M)Q24}-e-d3YTSX8KCm10kXk+WJz~ z*udc6pb_ZrL=ulEk1rJ`OnE4DY}?1I!)u*?MU#4&#nhJJcR;jHN* zJ=G!A#m~X9VTKW4iGzzyLk@6dN1+9Xu8$cr2`yTODS|iCPRLg&tqx@~aPuYRa^&%PulcfkV|D z-4r|o$VHw_g9GG$=8%)Cvm1VzPbW#3+O2j3O2kMkXmV3K z1Ed+}sTHz;Qroedz8%7fS>0W1vS&IIJM+*$D*`XOu;w_Td23qANC2*Y}j=6rRulpGOTfsYnk&+qY_ z0rRIdW+gWkay8ZuIwuV#ZQ?Xi+}Pa0k`gb{1B9iYUl0p6+bZ*Z{2-`y*`H=hVStVm z8nC}lIBgYTyvOkK?cYBtC1j8SKEkanesKx`shoHa*4eRRvQCqVXj0u=CU|WV$1o^- zQxjFu6Fr!Z3?@~``G|Rv8VEFjX+*LyqyMZ3JmVa(#spR(|e z^y=en-GT?9F41KX>YrjW?);tynZzcCQOpheBM(tDvq=BfqiD6(8RmGs16=lriA-m= zks2fl;y=(y+b=|*f29p;YcI9yqVM-T**CI|* zxODRACG{jR1-lU|CqY0!057(g1TDYuY{RN$jQaw^B z9DJfX;mbu3o&Ih`r5qn^f8}tq38Q9CQ6FW^>-Z8*f2u}|%rGWs{htTDi?vUAJyO?& zIntL1Sz+U~`-dT7Tye^cTlJRP(b4$Z%7`jBqVL#HZeaP6<;nrd@<}4IB=-cSy4`+q zof6D$S3(=Q`p>u-BIIbT$nKh-?|(V2tzM?PpHXBhWPstvtb5o6 zDXWaFu(f#w@Q%r8sH*yAe?`Ko??7@6b|k8KwvX5vcb6IZie(UgXi=$UmC0|f8P<9& z{Ij3zUiDkkGzqEa%kMKpdSavjdu7mAfv|>qf8T&w>Xx(Sx?1GF2$&NTL<3Fo5SCIZ z)84PD7sDP(YNZxVzp_f2M8|u2APYgCSb*O^l+$l?SZxo!*qL!xuCL8@-{Rp z`KW!$^c6OCcy8Wp&RsTjs3tbIO~4CMCb#valWpB%xrC&avf&eS=$Y5_V)JYE4x6sZ z*Pp46n$r%q94q$TsJpl5R;P*ikyD&)k6a*@*UL0E>++ylMcN%P4*vzUXmnAa00GsOI zsjDYE@AdEUiKu(jDY{+YTZZ$T#dn%0;I$#Ae(e&iGx6m&c8?C;VtCOhs1V+#{}N8z zHvNv~X98o{+W;gC@rLhrmNmmC+5o55m!EHLOt=K_G;#)sO(ijqw3rxzl(zPFV+$X_ z-{Ni29X!-M-^9Q^VC4U(Sq;JyTFnP;dL0QvwI}MrZ$~Gxi$xFDkqUpDutlTCWEY)% zpXi;XrDY*5Y%#M8vI>8zD3%JPK$|k$+;zfawMNCIZ)NNr7|=i!#gFO-Cnf-SGox0> z0W*#E&EL&pa}%5!GFJY21Nf=coC0Gd$s4iw8+T@Hh})TrT>Mu0;^qa(nP@~rC`Wyp zKx}A*;Sxy0lm7ZiqO27rg{iP-i5~EwR3_o=pj&j8L4+^%BC?3M1Cls?8z&(;G&_#@ z$5IXUi*c+SYiu)WdFJ5hq0ATozMEkKoyAD{^7Z-dudLfBNjZGpTpGk8Z&UCq(CO4b zAO%GimJogVrH&fiiZ2zZhQR25*9 zVxsuaE{;m4+iRNHEKf&~w473+h!7EQc=W#-vTPtDxvH#4Z7`vnIKNheBj|*Qt(R(s z?$}jp90{>K3|ZtT%ER^hcZVm>vY@_kEb9+goLVj}%umzS`_y1)aivc@x{Z(>FYpMg zT=2njBM8Vz>tW{N>}6Q*efOZJALH2x`hGsRWHU5U)%MajfuPsZl?e#J0| zJXA6LJrP%C#@hrOy3UARjzh#U@s0V85KNpC0u3kdVculYc?4hP-frSlrvkq>{p+l6 zUqw7yOb;XfI5{~f{(J$jdQj3M!kE6g`g9|i)8Tp7o3%-=f)Ls!gfLg$WMjfF^ml@LoeYI^OM;ukf^As zi`GW8wm`lpgU^(Hxuc|>_2P|Gg>@idt|Yy#PibwTWi+cz`KRck+QN1c6Q_>x#o#B?ue;iQ~w`Ywrel`T}wWX4b)A|1=OnF=la;^B9v)$Rh;gU@O2jQxh^Yv;E}_Gq#m+7knkGtubA- z++zvV8t9eORtY}k=9V~XyXeFGBF%&PZlYZ3?0%A6BLBD!{p5NP{rNPI1UsSWy?B4y zNT8(Y_=)XR&rw0M9S^7@P^+m;z4@Q9W>OEVg|Mbx@9a!I&sZ@bE29mdFaRMREe}%> zRBYJEN>bh$c!T?fR%nSH@HB-{HM8DX(k3KQ7n-$G|I_JvQoy+^86P(sx&z)H| zp0qO3!A-y14nN~|!EN9iPAlF{O!YD#h_*TMg8d4*#F6@*espIDM=cUPTphW&kI9`Q zK4RDatO_Hy6>k+l5cbW{S)pgcmUylu`myON``Y@tXg$;O(I?3d7hZS#8ysWkSd^b6 z!QBDIDtv|~_-KiWVoaK`0EQS(plVvWf{QJ(u;km;(|sO`yrF9M%~EoAQ#NPtF`lJX z{c#zZqO@TzhBybOX1KEI^Wp4SNd#W+ZEl)n=I4Kt201xMDTsNTyIs#JGBcA44qx&x zrl-pH6J|DWL(?bbZpTtYfP+w&nHfs@eJ5Q2icVq}HM{xpa$$UY{Eytyshe*AuB7C- z|7Lpp6E4be8-`{0Xd83TjCNx^b!z9&=Ys2nEo9zFK)2Kg zbM%`eHLR09As7=BY;lIMF)VI#qmX(tPS()kgqD?+BUW$Nn&Ee4_-(7+-Xp1 z>e24bPDxx$%b$*dm2A1$$5aK2s3{m3k7(C*+<2VC!@o zC8gL4c^oYYz1FoC6wSemp$w+^(MRSZXa^uk$UyZ?ImUm*T^txM^9kYRD%Z~_JaUJ87+uB>_8BB4C6C-i^|ntQ?mayeSXh2q3=a>>fS9|f zEI;2>S6uu}^g)md&emYMQ+ef=?zSRyXBx&W^SaN$k(?YHE;UtE{0f(!VY3+Mo=mL< zpm4bpSsK8WqawT? zQQpG)eGqcm=*`%7drDSW!m#W=_JPZ)#$;fvD_r1fT%1~_R@{M$3*z4Xz62#DrS15{ zgoZQF$S=e*`bP%=BzHY%lE#H$(~uBx*)3XufW^z=5$TqG=5rT~`Fo-zz67e*Tl{we zN2Ed??+FI~fq$?8<#)oS6ySA?J1w`Ra5Y~r>dH%!h4%fHhMqphfP!=L@|094EiQg- zA9wX?N-?o8`T^FrUFG^zOBamb0O}IqqAm6SFEvh5ZZ9HN_$y6Jucpmn@;k>z#?_I7 z<(wZs!mh@0r0BA7j{9e}% zMAvtyzYQaE)DzFQ_b|j(2uwJ<0^U2%*f-~w0FiZsfht%56Q{y)-@3&&(SYhNr|+f4 zdcw^I0)w+NRCSzJxG@yLx0kEyA%`hk_HVS5&=5v5za?H7pM;&ceFAo>7+&tpkG{=j zKUR|iCj88h;9Aave02@$_3no@!ja37=law zuz?T(v8T`Zl4S7+6T*A(;n1EvTX|hpUJgl>mg*KZ8pVo|s*S1q1{f?letKPyb>5 ze7;kh*7)giGxtKF;H0|W`vnI8xp#X?uxHE`q%0)T(QSVvQHHhLH0dz4vWX?*>vBrl)y z;Qyr^$n7lOx&N+l7RCIN# z2>CnYmj5w5xkS*=xRPLwH@OGGuwt_p9VcZKJ59Kro{cVS=7T8yq1=@-owBchR1_Hr ziFY*PtO>MgYlt|kCxO>?;bMoi1lu9N(a|x)dk5<6@BcGBIk^~_Gb?x#2&_zcZJ&;f z?S;Wg?$9qDJg*3S69m{~wrrf7-SV-pqxX$rT|j8XlOaHUXCg4xv^#lJJacw*ta=5= zq^)QBX~Bh|h62S4Z|32nQ_|Az346)(VK@y}JI1;9H)xG<4U;m?sow_&)pg&?$wA6p z4@QBY>4PLHDz2a~%wKV(kj!d^hl#1^;rVb`fZ-ziY69`343an%2{pc*BX*VeO`{9U ztF_1I(*xMSDAnPK2=V0aXBQXm*yr}a3P?J7n(8_;olc0VugY5T^26A{JL*tvZS9zt zOkwZ71#7{4#uboaqjFWm;UmpM<}XNNa79As+57azX;vJYz07fIYaY-YPcVDByDQa6 zh_K-d9E^?E(m}iF@MyUenymF|TV7AxdoWB(;&VGPek&1>fiHfVD-(C=DkXIK?^no( zucG@*{1f%cNnbh% zQqq(k-TRwGH3J^B>0ffu$b$I`?dij&*cmbEBh2yoj=b!FSz&+Z7N)y7GQ}+ZY(1T88ChOk^0Bsa#)2N82Z} z_7ZnvBk0{H=H198!MM=CutpKKNmVuFX`740=PhQkMhSt>D&F4#_JVU$jhKoX{>)t- zQ_=%84IQDR*o9O}`M(W@BL;Mj0;4R$G<-hSlG5Pd?uRn&`G4hNDNAeE8R!1^9P0h# zPdT+0M}~WQmFt|hhv`#^V1e@nn@f>-d``~mcf`}rDXHF8l-gTv__w_VPb8-(6>~%> zZZpu||G6RsA8Ez6dv)Gr0>Y-|)_P|I@00^YA5pGNOS(+eahxCqP*H#)ZjoY!piJu; z>H`V!gS3Cf?C;-(N1*$7PDw$b;P?61Iwy@Zx6_K4=W|;Oj>#lr{i}kfNL^72z&~t6 zR13RmO4@eDXdTfbxzIpZIC2jECGff@bvZvj`qbK9_T!6RbSeD0rGXj*v>kFwkR$Rq zr_q|P+N(-l=ClJU?`*oBQZoyS*ZwHM<$%Hw5sX1RznW9XcUXah%V#;7Dco(j9UmXh zz{|_K|K`n`*#>19FmOwQp6wEhI}z8gz39~+w#YT-G}Ah8BP=K_C3e~w%|b9OM}~!z zq_L!e6bLoUa8bL)b+u$`8<`M@op~wxvo~xxCb}v@QMj_WGFb;FiQSlEm}8Uhg-*vo z?E=UVbEv{4m%_qsKJ}G_ao0fBS87IqP8Ns7Dj)9*qFlkB z0(^AH_wVzLt{2$HOSZVzK&`*?Tn~lKGk5dKS7`t#f96J{BNYk>=`sFayqomcVQKUE zVGZHkEgtRz6#BHZC2aQ=4{MF$9O+ejQp*{}*1_D_>xl_A$>Uj4R&@!P?`D#mVm8Y> zbhhb0Wf@}gr|BPkW4`p%%uG0lC+F`h1D&MWUv<1+7#q&~+op&{3oX_;7R>c2qN!{t zq`9PIbE!ZWyCdIdJb5ynJmN)Ymlfw+ghzCuJHyUdYu{~E>Co2If8ke)rU$JBNy7WL ztc0t?!A&OS9k=DJ-_mSfqGgH;$vgEnzDRu{H5{udJ<*Zy~;u*mL zrjSCPd%VCfhu`;lTyr-T+D?B1Dm3Vv-bEnj|xZCv*?Q2d$FYBb_1_>Rg> zQGA5my<1ij`9U3lyq1L~I3-t#In;lctbKPsSy^HB{Px42`*?%Jq~A1({_I)(69Z@; z1pgK_jBoOAoH|3X7(rn|A5Dk_IQlbM2s&8__N_2I-OAAd-#L?L;8je<^W45JAJi5gS>5!@;o3B6*VTwn1`9l?EHFNPG9?6) zG?L6@SwQ?>XzU;n5m8`u)ZEEm2WIb#!QbGb`Xnma6x_Ui=z*;U-70BHP`;&;%>h1b z4ugi_@2<}(#D$sW09})lWdQF^KpL|zz?%6wEFmF55fK@A;n%#S1@mo6spb*dB}(zV zwkgv#HnXNl-+T%`jFso!P6S>^gv3oI&$&XIxaQ1ToMovMeG|M&0OYsqXiDX{*KU&38S3?pzd^nTl)Ax;d?gZCO9)EBde{BR_# zDGMmEN^*F=8y|4GklT1g0D|`LdmdL%kozd&Yd!PBzajiS+8SOfNmnlputA*-|I$BE zu`r^`B=A{l#jtnwiup$4 z1n{B*XfuWOmbTX&6eV9Cs9GBv8_E9*k6IO-o!O8hCHG%Csw5qYL3rfizwIS(EU~t3 zWUU^lrG?Gvvi<*!S)=KoG%9A^l8~{crP(Ll?UQ~3bJ!J(5bvK@kUz}l^i_8+8o0tb zv$i%it}d5?1TFuIKrrUM&5*W@8z=cyRefq7&wHW1P4oGX$bsS29^)tt%cBR6&o=t7&2HdYjb&tH;O0KIePWcC zM^83AY%G;Zp7Yr}dU}4st=nkVZ~d1t~i zJ!vtlXmRcK;U%o`kf^%AMn*)`YXJ%0(lFs+(;zgt!g&Ao``_rHlBlM+i1-sf&4cLbd6sx$JU~^Kr7eR z*Pzm`C7C&dhK9CP`JL(7vmz2~v+O!HDZWPTIg+sVgI{lejJcEc^ev)9RZ%G}2?8v) zOm_T?0E+y`ii#r>Ah|w%`t+&w+S(efmZs*X9pqQRQz@UluX_o4hQg7YfYzVQo%7DxD zB-1w|=^?WuU~w&@xwHd$`Zl4Zc&+JEu*>HOSbWskofi=h8=ba!3XbT(o{5RGh?<(q zX8>Vv1l`*_4SaT(@aSKARuZ{RA3@5S@JsR#s2Q@7{4alIwgtO1Nv!34e;ng#}tox1wBXOv&$ zRa7R7LGWpCu_iL1>t$T?lzr%@C^ebG#`)Psgw!1E3U)UOWQ{L3L(a_XfO#)KOG?{j z@L;pi8|w$c5G6nfo2FAQx!#>f#Gl@p`_-PFvxP=!wrqyuq6(JIPNYbCJ1BnQB#3vi zdM~#p$Sw2qRYmIj;wJh6tJGe84LvZDWLpBRXAOVo`eSQiMurfKY>RPH4OSnL>m?!- z%?P~GM-orkh&OA%(zk>1IsqxH0-}f z`V$)P?7YS&A!#uKy#}_{3qIH@w>C3#!6ZEREi^cIVZBS?=Kafp$plNfyDCfyVmFuUitx zn&+GlQPl>ul4LL*mjI9|e}??{eQ*S_6FqehS0O8EY5hCT6bbNe;hayN`o0Cj?5Nwe zP{9=QPQYw$_P-xY1Zp0x=T{k-$6>l)3)ygRa7cmCRqGJ9b?JT#7?28A^TC}wp!T>Z zCMk*gl!KsPci=JY^Gq6c?EganQGInABbbKqeK+cGVq;p%A;1&FXPk+QdfEuzLT6`Z zJAgcv4`_u28oq*q^pgk6pfAh(KhRaT77-D-B>Q4^bJ2n!?|f#CZjzi|kBtZE^A9q) z=fSIN`Oy4*3IZqG54+ws=RdYUaT9V+Pkqp@UIq(~>i&t(Ca9b7dEfEppLv{+DZH*R z-5i>p;TrG4#N0@6j9Dcp10>~fW(zmmjuWVL%Y8{z#o1}_sKY2VYI{2tq%K3BX3F^( zH8eEJGsi4ZjRODrBchr^KW|VrqjDEQjgSm)%p+X&t3@A)*oTOhxgr6TJlAwI-Joux z*ci+%jwk?8xE`v8#tbSzQ&hdg!+SJJKqTDX8p*Kt0ADM|q$ld4UFqY2;_yU|?1_h1 zH*-Nm$xGvbp&>*)8={wM@Nx#A*PZvR1?%WYf`o&kx|2bN6UyLoT(frull zvT`t=^KAb1L)dC*X-Szi0~yTtVJGvG>9EDr5ZxcUOgx%-Rv7tbHuHxg=$D}|b0{^e zBA>tRTgNUPnG){Bf}Ar_r?0>IqT@=>%IEV{f2@P`xG;pKb)SPCND2Vr-Cc|Y3Pct zuP*{MHTAwvemn4PzW+wAg*sA?%4T;j_i!Y&U;rK3lur!kVb?9-Y43%`hwRb8p5s4{5j=pH|@4rW3k z0WY&whnJThM?u9L*QNW0IZbhT9U0rGxNJNz{@z0H-6kNKNir}DF*JL!EK|U}dZqTk zC_G$%6t1x|U;Z`I?802>Oa_DE4Kv25DBmOg$gl3j)@7l`yI+oARX}kKWYl6UFHKor z}|B#QMZW;lOi+{bnz4DE2$Lfz$3%-Tbtq(VJ zho|d34KZSivHKm&$e33jUmF!?i$~%6e7lW8U=1GV7d+`jH)^pUC@d_o-<>L+(NT6C z&YlIV*dw>w%R2!niZ@zD_&xB=tKu%#y|I+HJD9SX0F=JS6S77Ls=c@3TfN|DAcCZ zZem|rAvMw72=7iv5jJ~jv{TL%W4`-XSXh`ND=XVVZnjPTToa2?x5|Ly<8%ohatY;F zat>Rs{!88pXZYx0|JVEw09y(zrrjhqB;fn#ohu*RA!?*0PlQy6$7`?dce@n~BlpUK zi`g6;WlLqA*a5r!pe3@~`uRfE=wffGmDpGioQdl!EG%GTtXSA4vS@C}x|xq-^v`wbwO<(qtK)eCbSBw3>|l}^Za6ACr6U<8 z>Ac1$4AC^U?A#zxE?SG#aq77G%f2pzwnU2;7oAvin0v718mV<8D)K!6Tmc0V2GQ(h zL8Bq_QW#iUM}CJRfLMnDW~$eMiaE5YudmMu+m#bawc)$E{Psw4aN$o0{0w`T`ins}F+J4|cgh0Xlbw zlq^M~RND*-pO>SPBrh%B@1zQ<3b*B1xFHFYW#g7ASC_$qCKgT&17wrkEPXN zs#piY3BlGSeQ~uTNTt{XCJ;Yh;cqBlWb#QoCs@RhU$!zS>F#yg7AT)?iv#@1F5sE(KYskP5gwm38yPUS&% zm?Yds2;fY$drCW!!VytLAveE%#c>|_1QQdJ_VzkZH>rd~ z7rQ#tPl7aL>iI5jm5dk&?^B-$%~WHOY<>ADtLEO*7RUvL1f+su-hQt>D)>&Cpu!RL z(b7`)NDdVNY>*_Dj`@y`^@!9|U2!RG7G~m}AmmK3Dih__3Xq7z0lBKeX8EtL0S|-7>=OIQ(ubFpov#SCi zkvWPZ^vuC+%;#!@DJTl&=;2-+FLMRHt&V)nHGFvB4S=7ApqSHMSy91!2Ba@*EeN<9 z<2Z>Pquj_!YNl9m*Z#2;8w)LfplxOi?hAG+hU+Hb}-NOtHGHL4`} z?fx$N35E&FVE*FYrb+>}#t$1ie}3df>)9=^TiDtCF(TdqdH^p#x)28+VnjHekj;1` zlaSx@@}MIsDryEy$Rg&WXhENFOs$%8%R0BknF$k{kkJv7GZri=%g-|E$khR`__q#A zF@6HlTJL>UJxQ()D9xa48x%T@2|w5QCUg4Z{3X9i(7rP#8<)|MqZ!ZZIswJ}%U@qK z+>cLHwPkh}((9}+0(L(K1_#?AU=0q^mI9>iN6;N%wYRt5$DvcFH=FihSq_oRIZfyG zu-kN~*SCxs{xCj`g{${;`l*o-xu4`ulI$u>v(5G#N$Hr%Z%~0E>gV0p^r3Iewr!*r z%o~-c1`d z0d+%pa0U*5-o#%3y{~Y494bA3ls8frM(Q$+uAlSbar;;75{5(%*AgpwzrM@mn*#jjL5rctJk+ULA6aC zJqL^RXMtb8D!pS$JnfmbVUxpqI4w zS-#8%lP3OmAK%g2c}pyxcO|SI$EBs&qEO(sOoLiHA@8TRr`m!JCnqfcublQ5(?_!C zFj)HAY)OBkO#r46@t+p&+hy=Iuy?*1U!NForexBh>BX3uI1A>9ii<Q*3R|n;*B!YU;48nmkwHxuYdxHsT$Cetx117R&ENN< z$iEa^=bRv-bo>Kmp)rw?koe?hW(s3}F#$uYGcJfr3|b$uo0tBT0@m5p%rud>wIAlC z5HOk(>gX&mz&M-p2}K=x3TOcubthBE`i0Nqd-qJYCS99DKX z&k^}(VX>VXODUzVp`yYE5dJ{7Ee0)>mH$^D5D<)zMSi_WC8AYS0x){e+mLB=w`GlC{6Tf7dVbA?@c<0S=!~e2lqy|5LXd z0MflCcBnE!IWv33Pf;q|>}gyE?W)7}AXLFoIVtnJ2EIzirR?6+MXo@O=z~>-#Bw1r z<4J187>OCZqvt57r(C}HB;}B}!k^Ot|Ju8~y||;;N@v`sUTqHQNj}Wpx^i*{KfvGT z3_AX+9w|_z8TC2vEL>G6Oo7-#%bgAjdN_v_PnhM=_J){iQbkZ%cC! zmAnnr)&WmTQ8_cA_r$Xk@iyhVvr9;bRhx}SwN5@mlQ)pR4Oj9dku?P&5aJc(KU&$-1@58|#Jt7<>0)qzf>mlh2=q{n9{H0a4r(CK0#8j>bd! zDh;ezuL|qj|6j5f-_q=yneaBlc}(`9F@p@j66h^wUT$vXF7m2tMK{0{M1yQrFAec# zLKy~uy=*p;ZV-Uyb`ey5RT)I17$fo{I$b0`*+E4G)$B{Ru<~@=O<`qx3xPD${Apmz zp+a0-LSl~J{lswM%B$^gGvaVA67cIciE1O)>s-qw3R)oSQOyB#sgpwiLYDr81s$lB zF2d@F)%bb^E_|Y0ls{J^=>0N>+Jgz?nVO!SzC8Iu1={a;S=0tHZB8|HbwL~=BAe}< z9hBs3Pf%?3uFjeM?{QRh!7?rKxVt`uGcDiL5f(E5ern~LkP}JJ8DU)CHR0ea(|LhS zk}!sB<6(*+Zn%PTlAWDj1BsZfiQ@p{II3Rjsi=dmT!tIdnL#)m-Pd(IpSun3=D#zdLu+{qn?P?u18pHrF{bFO)L;gZ&7kEy_lF^l!sXF7UnSZF4 z`h?-z(Zc&f@qPLjZGP)*{`~y>(njaZZ5qyj)F#6B2$<5@il$}2J_w~8Z zg)i^VltWYg0Rc>4nMy09^Upbfr8>j=_mY9(>S1$t)y@m-oAL#-zxhO>088RTHB3p9 zEeTMPa`#JXq;sF1vDmoS9BbJzVpO%eqy5hT#Oh+7E5Tn@_KURD8`A#X&l+Gn&a1n2)QjFzRJQNia&q5X zo+<7|`(pJ2+rB!p9I8#EO1|8jgb??;PHp5U%-X9>b)27#|G-cpZ)h4$d>g+UK0$l{+XJL3NR6qx<=XZ_&Xx2?# zY-8jbl(=p@eyf6?bllt_mIZwn-5GmsdGOZm(@{U)$=(-#1NVa@!Q7H}G_5~ETVjJH zos@BZzxnLc{A#_&;7|f6S)fk59osm8soe z@g;u^>e`6iQN#gAeJ42&-rPzK*Xtzrw=ykEZ@ng*=ifL{2Nehu(P!D`HvZk$ ze6Rk%2&kG@jDB&nB2YUQ&!+ll9;SM5=jn=6j>eO}1xnhY7V*_c^9(IfUM zhUVM_S-Y5tUJ(u_Zh!iOIyO8o@Vd7wnoB2q6&fa~v;_l7N27t+K}ta%TDpC0*Cq>& z=xUnvu+eEnImk~R1jh{mKnTjkKTinyJ(?*eUFZ^Pd&7%?A)60E;-4e} zpL0P2YAt^uqx1G#M-7hoYlU&4^JnC8<}Le)i_aL|LRu#xs%mOjVHYb@ohNFwYX#?| zeK;+jX)=Z0Csb7nK>c20AG^_(_;MLCv4K+JjX2n<1bzaJKnluhI)|-Q%ImfJ`FT%Q zINrmm+J7ni1qvqz*_wS1MY00BUwsSzLc|?+e1!Ufl6HdcEd=+ zyf4fZU28SWG&IPBETYfk@dv~n(K1I7|EgdZ8MV##_gg=J4!5+{49uzZUiQzIXi}k; z_Yp=9PJyg!;NEE)cRI#eV6&*1PmSEBQ9RU{!K(jij59P0HvDGPTzjUw?yo zs0PMs)pVhwQ8E|e4>&EG#DeBv^5=GLZmuSU-Ltz+BqSu~Q%ef~m9et1*=Pox(|5$g z#2;NPzu)4jySXw|44R58FGm3`pn7pWw_rHdXj z(*BR0a^DLB$>e3^!xHg(QoSId_mZlCt+7(NzE#$%>jhKCyD8})5|GKI&qVk)h1Ea! zq?`TtkF8O)#c@lAsYb{QqsmI->+eI`AQEYhLSD3?3of-)unD;9M0DPe(d(%%Ry+g$ z1t{*&Z};3fRk2-%?UEkslhq~xzC3fu@KU4O)$eb_*^@2E?94bg5KfJQ)1=DwuKX%L zOnMy__6!>c(-JHC;rQv`D8Ct1{vWQsF)q)z?Z1|7yOx%1E@Q2>?3QiUnQg7LjAh%_ zvbDVImie6B&;Pk!{NMJX&vjn-{f^^HV&qvr;!Uue7nC2pepa4aY&xs#B7O4yW4?Iq zVE)IPv`>EFaLxZLi;I&J`T6sFpR8IwVVr$u6Y5jXv7kofD?9q8BG~L#P>iwF9j)qD0!1vUOTN}XE!eWP=YhJ4S>a0*{ zgSrAp)x6h}kZ3B&%~dh4evz4;$HRGSLTg1`DXOf*1NEVGvPw$&s~A*C0z~dUc3eEP zs{+Vc3cx&h4%itGwCEtg0YdYwNb^8<$}!J}RBq|@qT{vp6|lOe4oXa{dkc8(8{9O< zd+GxPIjgXMvUQnzU1WD00_T`m65(@KwLE7!3O?PJ)FgMMX@j-*R}~7V9y%xfuE%J} zQ?u#BwO)<=4%R$dTO{8xJ?E+nyn7-W14TriExsFVZvp#Ko?#v@XchabDthk|!VVWX~d z(}eu)KU^tJ?JRlADzM`?px>Sr%E2aAP?07*sqLl#VRj*WFYmyj7wuscip5o4%CTJw&DY^}9MvBvs7E z2TQA=yBscAPE20WG-nUywGuJ3zm3_>+#G$(OLG>B5z{z>tDWe2lh21E=%pD`^7lJm z|EH&?Vz;w3YMPzuG?peI(ca~06JUho_~e+|7>pgC>ZO*^9PIqa%R9bET?|qtCDk*U zv<+Cjuj#9Ha1NFuvZU?SKpuJI%Rrv!YnPzRp|~$b5&Vq)IWs!p>E7NRw?UU5Iuld* zSeZ9Je4rsLIKP_xQuyIm!Juf9m`wCTZk@5RxI#<|3nmWGU|MdL!uQ|}iNnQ9Bi2Rf+ovd`g4gxWnc06os4v-?0OIBy*qR{%) zA}@_&;Z9bFk-vF!WdBn@)=R%EZ$A37QOt0u{XqtS;@~B3D)MPSN!9R9!O;;xEh!1T zytJ|si}K%BzI;u50)lF16C6g2>gwvy#Kc6m7(%W?{?f;Q6{z$aZg$QqXbeyL?=%){ ze&_sYfQXkf6TDNEe)Whymv*?JRQmE8Zm0|QH5i1`LTjy5@8r+H(;qem)b}YDAx>n8 ztS4mT&33?ULls}ypu|fGm=TINUY5{=aEh8>2=nHo)%9p#*sS0&)>zJ!FsP|XqiSnB zH3MK&uI`o(gv7bXUX12S=Chg2W+|FrAOLqI3M%`^nZ~+}Sx!PlJ%cVj?CGTwe>Db{ z;qRsW(03od;&c#cW-d)mvTi93!+m0B!UQ`M*TBpWD{$iZ1l|)QbtE}$2HgRgql7u5 z$gbMQe2%LJAyZ&b_s}7P2fxLSO?%%gKV)Z+uSs5Mw0r$o7yJZmO&wxmW5WZ8rKdH} z@YT*ko?GiW#Uy7(_T#(q!%UKP5TAg;t2!bn0k;AkB(MewOg=k>#CSure#NStSmRsp z?BI|gwL1njO_CEZJM*-lGNnBQ5;z%nReLUE! z&_naU59A(Fh=-41^!T`brJ}B`L~etz4iO<_5Kis{>RzGPBEY>E-pLs$!`7lgEbW$L zTpTE~$tb(urO zz~H6*<%<(fYnD`xK}SD0*279kNLVk`S(8$&R>!oRv7=}@`mF`exf}>Z0np)CW2M2zit4md- zjA^$yV)6jsL}`rTMgO?Zw>1Brr^Cr@C{BWG`p&1QT8|A{Qu0P)kdTZi^OTE`D3@+kP`Y zuOtYfq+`d+27cY%NO*X7tr%2N&?rRQQ9J8(KrlFWCi!^iX04GCRRw%AHxHv<0A64v z*zUsLsvhI?5BG0A-}Md8{M=-B4ANO^x&HYQa`#^Cw+0If3!aO^i`iL!S)$>rB zJRQkAc}KOXYpJO`R1Cf~Cdz6{5dC*cx;k4IDPgz+fALpr7Uo3-O&$fYD-B}Nb%#}8 zykAW1&F#@Dm>^k=e+r1&dcZ0A@o=&KB<}gP-tL)xZ`}oUpEblcz|-`eV|~0*u(z+u z2n_rf0#0RIH(1|V5W!Hc9}iatU&cVMapFS2#QPE}B9TWuFHDh|7LAzG!UeEsv=T56 zpo7(C(z!%p2&;pTZmjeF%(T{EQ+o1w$-mNcJl)3&_POU64G^jlH8vAcJ8$tYX+1m1 zw)nAhZ)7j@)!&dVF}|BF#V+a*mj%hnYLBV;1Ela~P_`-^*jfj6v`{f~&?wQIjgOs?N zl?_a*)bH#7Mh6B=@k+JJ7R8a*LFR>oa4+WMr}!cNaR#ZnnDHnWO4XXaurCcV;}WSq zenf-2m4d>k@(^t%+qVHNR|IOX+#QB<49tt0k<-y>8&Qh}DVn+8J8bW+cvN| ztV=^d5umcS983bqkmOxEfoOyM_`fz^@qo55P;NOnNg*VwT?>3BoRa^z`y&9X(C!EJ z_stpbbC92zb*J$DkZxqx0k6UZc$EcLH1fz$BgoR{kI;ev9CkEi!nr?~`l?QTaO{HQ z)`f`i+d{3Y(I<4DA>fv2KrMpJVR#n~3ZGALadBPe=jON&V_gTTIIhsfuR%*%J1FQL zSDUHv#VyM2QHy)+bcL5ml94L~q`_K38Moi+T>k(+OE&mVO~i{_KZ@`NX?FAa9)pR8 zizlSdR$E_ZXsfaz?DF#S-TPUayJ1vReDp?;@$W!m<}njl)_EwYk&yi6bJ9g7;!*zG z9Q@q;*NDA65h6{MOR18(Yla_f--A^^7XDCERrU6O1F5gFJKazQ^eh3&^`;Am=L?hU z_BP(PIUz_vQQg)a&U3YCO}-u6uV$Tim|uP<0{UtdCBGaFXMkA7E=tHRd!Uc;9|XZ; zD8_GA&1=xzIARcV3Euy(U9+m}^F4@NM;5EgD0{cZt8S^I7-Ot34nf}QmZ>tK{pWTn zPc8PMASA}Q6z$~t3E+ddiUxZeJ-)w8TBA*RpYNFO{nx<>V%$|o=monV;?>3=RqPX4 z*&f!-Vn zdAiESZ~v55T_;GrivSU2PMZW|LTVO&so%Ha9{@QYO;@=;XElyTt7(Hv{qH^>2$^wV z6`1j4r?!(e+ONY3p`wNP63TS8HZ|Qy!pgE=1Nq1yO#$?xvD-K@mLF* z+4y+Jf|ZcdQk=by(J#jo-r&(YT=O8opMuv*YjcBH$TxH)E|%R~YIcQ=-##igMrquO z51gbYCz}vsVL35^+X+mVkt>l&_(7&-cLh`K~x%dHSzPmkV7`8Pxk7M!u=Z_>zHq40Y@klMtu|f$_ z_@!WlmM3I~=^)1M3>0_gy)mAqo!!G4XgxdQ_LQi%8q}2muG;^7MjjoXLa}Y)A9{4_ z8)yVLILUcTjErS6+R#W)cH$pHQLjU&uHL+*8?^INQ<}6C6x|Io_W-NzPjHjkb*7P??)AbN6XKwGi zSN0s`-{SAAB5WbIm6YE_@}B2}(`h55?lwBn%Vnq zyt0xKOBge{3xeTF;BB9(ek*0yv6rD>GDVTNW3;*VRLhbXoHn|P>0H1B|53ec^sGxd zKN$_1DEIAJPaAz-?+dbG-8!q%2}t^~u>(Tb`*FN}yGF-r@P z>O!#*{y%+YKC={UV#Iw4u=cyB4fu|+AT(hoQ5;JY*Md1=#y2Ty(Dz8(0+GD4y<jvw9QW8yu1I8Uh2mCqnkVJ3umr3H=Txgw4ahKW;#lk7Y~9>BYvv1 zS~Yd}H`mP_vKnD<@dv@Vod<#}-q)UCJDEPA;AcVvsfYxEWuX7eKMVhp;U*n7a_RZq z#kW=UNLHLeD0)e0OMXU)7BU}q9y=os@O9c8e>0)N zhJiZa+$K?uStYI1D(R-j1k3{-9R# z@_00YOroHF5Evvw$Hg7z0n7`BvdyLk*-|RDwa6-?256rkHWoW@p^NqiM>#!p? zv!DfSKk>XvM%f)oJPdYp_L_xvummNlO;XF0i*ek(Mpz(V)++~g*64wSoz=J)7zf-h zuO$&~J_e6@h?MCOp+)t6=UVw?U5~v*T%%_W_fmlA{V5b#@OgXOTo5{JTYzPl!lr6S zz^ezc%JhivA0UoPR3f#~qDhA(zl=_?=eNif&K(U{b!EA+TyJ$Euzh0~RFjoOrtFZ( z?{dg}jP&ARzc~dOGk&XKcZcoks-vcW#!}z1dQV| z1KR)E=u-6+cO$j84irD58f5rIus)-VQiD4Y8tF+C#m_frxu>C2y4XinYq@s{U1=$^ zrw8AI`Dz0L4l%q~(o^fTT+WC;r1m?h8gU&eZt#I4>(@YvAPS+asl>_^D!&mPN2L9; za!Q_0a(dJ5to%{C3>oRR_@H6_$L7JOMm@7B9>ffn*%e&~Wn??k zIHf<}JRRjVU}ukSD)#D^jEIW5W&1;2NBG}Z-7;|m#8I@D(!q7Y4^w;w><5=gID_$i(SK0zpD*U zJ(hanKBIq+6K9KXa+gt4hA7yn6+9gE1&TO5 z_d!etdGvwCg+dp405CV>y#|?DW3=2<-`CTAkeK8+zr7Wi1<43!P^0zBxxE&1!ci}r z;8o&G@>MupVm3|RokXj?$*cdT3-^H4^If*xGuNgfr_w*i3>2NyA7`Hoic(|N7IA{8hlQv z)csYFGn%=YV?%y|krM7YOCt%>ZcwQ>crzJ(yP;q(ZHXv05qRLFc7q{+vmnEwezwx6 z6nz;tD6hu=WUV!!>l;rxPFPU&k~_Rwcva6 zuZout_|0IQyME?fq;&SGw%y&ZcTC7%TS54Z%5obrn|*J?J}&J_RT@iBve7LhcLHlP1b7Gy~Ln{AabWW_(Ua6zX^CToK`6PEKa)JT&-wfxhH?Q?Af{5FbtIIC>TU`g0pV_Wo9jb{uc+T$lf?*}=pb>trWHT-UVHrHbf?Q{HXau)^ZIIzV9P1*A8egL`d zA#y%GF)YdtK*1~U?pLOeyG|_Tmm`PSWtIf{*XPG(8dM=|(6HT~5^lb*JCQd@E;TmX z8WN_g&3SZ`k~Hn6n5Wy#(~(Z)n>68jUIdu<+5rEa|BShJMQbbJ8L{2K<0C z|G}g^suaH}Qz)P-Wq+n`Nck4_d{Ct@E-(_l2>|1oB!T5G)|Z4(>1}e;7`Ex(K5Wo( zv$Cd+;8!Eey#r6wf32L{+?VXRv!GQ6jMhRUfQA{QdoGg<06U>wXf7z$&3(cSt_zQSEsPcy4c>>2 zE%kX8fnu>IlBcJSG$o~1R4%zOfnUA?e|V))H;7W=;|W4Q{((OrJDXe{y&IH^gW)7v zLl9~4`t8iynubqDg_2^>>s}hMr-0N#j%00zP&ev7U@d8$dtCp}KXW(fg_ggZX|21y zsHu*CX%gqIL<#@@k(;@c?@)Af!d6Bls%yW$>W=Gqyny`oJqP$bqI&DPx6Uam`%|8a zq8SWoM0dx2a8Mn$c>Q&*p_%R$F8q{I;NkAh2wMtW8f9im&qhoN5LThDH8oaHone30 z7(H?{9oHOu!UNy*84OV4_6+4dQleTK1zyIQtZDJUt-?zB!P6W15R`STos04>UcgZD zEXB?q$IjMPO#dGoM_8-UBd4v$AG%Y!wahV*r3r9=OCr<&H9uH;I(7r7Z)$7{rE2)t z&!$52^16t*r}yKLyqHWO!Iu zUJ=rCwWtP)V4in&vxmqowLG$w6{>huNL(Dc4P!`Wz}}cZnz8nK+j|=1NzhR84M?6A z+O3@$A7Ep9{dUIRl{VC}kK{jD`V|HP8&a|=mmJZxKfvg${q#($VbRsbN`Il{CIkjD zIhRre$AXf)ovQs76i5w;xGgsAQ>r8=_@$pkLgBN=8vpjV&G3p@4+p(E_3wnLA<8Mh z8{G)>k!*pe0hUw!9u((&{a`6zquERFj?1JB|KZ3LCqmJbJkbALY5lG{R-AgXWn{Yo zNiqdwgT(|HlZ`Siq@O`_tCHn;Nb_~1R+a`a??sM`Mk=GavL>zfeI0d9M~|OCtau;j zE#Y8dV(R4UHoo=gT6p6bXqrC#!xP_*sIH}LNU2v1-_?W{r>%-Vy6sglCMh=hmd*E(`a8NQ`qN$hI~XK zRuST*2h7%BHsIM3nVX&UJg)9ekr~Y>9*kcI+-)BI_Oomr*8I0`?NTXiPEA_3M$1$+ z8!zV<+>&mlW=T#s&QUSO6l`?~k!_oQr2)Z+7&c|`%`$oe9Fq7HW#;@nLP*dUOA((g>uGv<8-|c zq}JwU%?9pfa9|5T77%WBfM`hh0{iw%gTK;Ud=KrhH{`3Xfj)y_sOk*Rj~EFp#CC@j zSQfB%ONynQj9Ky^{W6B1vD-y>%8|Ib| zQvhL zJ1Gz(-(9ks`6dx3z%(FzrFs=8Q4U8P@fd808%IpQpq|?+0orpzBTx$MWt#{r)D?y-x%s!VbUHlm3N{c-UxjYPW;w^_T=g9FqA3B%&>r;#KV zVY}~pa(|D!3&?#S0|h|l{~oEz#$jM#NfYAY=(K8#hu?!NlNd!Y5`=KC%MrI8)X)0; zJ8@%xS0;Gx8-&NeBHOYHH#fJ{9fe;Y%Mh#i$`&R&P8jmC{cX8I_RPVWOaEPKdsM1c#MX#1(I8{jDK2j=+u3 z_lG1kO1K1gnTr;0OR1l}3p`DvZZY__qJY?!f$+wMKff(upU-9Sm(#61Q-Z;Lqvva1l2B2|_ z!MJcu3`RJ0j+X-GEjNYsuS-AFh%?-+7D7^6zvLH(2QkFETi60y_2hI`5O67xPVl-dKz zVY)OmImB@ZYF|zs_+`jEEo9y&08d~ps$CU$bt$Btmy(M&TZ!xIix|$z%z>;(Ug3>Ity95j2Ww}Kx5SAvTzcBGi)9N3FC1$ zHR+eUnuxr@Pot{e{H({w)?9_>ZI@jbWo^8qqZvQZ>5q2Hz za`cUpL;n<#6M=!7ncD_@<8YvD?~Q!Iw&w62#uS^Ba)a0pFE1;@?N!N4Oq{Wa!Uql) zD%XW*aDlC!o5bOYpm7x#aw*!=KRJWw28bzYkxNZ2S7&TlV!y9GurT zH5n&Im01TD6&WYDwW)NZHc5bg;|0I0^`d%u9mI_Hv$M0%(SWxgtVS{Dh|(kmF?Ei4 z1YK-SLdE0hb?$kr0SgD81E)iG1m{C77{urj>Aa|x(0XWh82$QircU=U^@@@fy)+5& zCez#5GY~D#zLC@l{C8YJc%;*tG2dMhnEHSrkZ7(uiN^( z(>|EtWr>IcAel|{lE-Dckd;%P_&gaxgFj z>^nGIMg=BwV`q~humA37^54I1_LcoQ+msrTQe|$q}*JiSmDrElBN6Xk~FEcY7fqZ zTbKrenX&%(P!SZADXf!eH7nVy-$cx-Pcl9?lqzZ62EQZ2I4uHV&$1>>`6QhF;;{W} z3)%?+CU;HPZ9MJ9brg}%P$GM@ANR&)rN1yfG`OIu=e8ToG z;JY-te9Y6A_GM@nf^sBesppxwD6^We{d9D6c5lqtpEhzT2W|h)4 z+>+xU;m;K}f_Rus&2_AYf|CB;Q6L};L(OmiHFGsik;Ww@MX!9WI5_X)LRuJA)Uc&s zAAI6|wGb!7<4R7eV0-hywy5_@1jiG*It4~Vrk827q73FZN|c)AM#yQ+EL_1p;Rj@? zs!n}YmL>VXT#WO9t^%X7tORf3_xR`Nh#0cF(W$X5k!{ta@|lIXamX4$>pOfA&|CHw z0M+WDP@1QAt@HmjPEOj9bl%e_WqN1sSED2F>ND#%+l|TJLWW_W#uQ0s`nr_U6kkvs z9xy&63n+5|>z=f+858zG@oH)b619Z~xgxO&2j@rcFgos=2(!LcrY*F5XC;c`bUVFt zf^u+>%L`+b-TzZ`CkZ(n}sFreYFx<|g`ltvhBtt{I6+REb zpWzuvkhem?U5SSzKITC#x7#Nmt(Sg~-Sl+QW2Em9-nf7Xx9xT0eE$q#F+N%hh)VX? zFGl|&?nsf59V58o(){%~i0IL>C>fQ6|Gn*1>VJy_My!Pm(&Wo&-qpCiL z;^5PuKe|N^HXLSnKIbOl-oM@|CyITGe$0;l_-K%?4oTbc8Q9qgC6bVa z{1yrqcbfvibC5r)lJr!J-A{{yL|vHj!Nc=GgOhgn&?kujoVo}o$cJ9H?*HvcgAP}4 zjVGMTqph_l4wnL6Td}{xU!fm^}8+s2H6b-Fpc=r_cDGkba zXS(Dh^KJtbGr;THtyJPyqpx*|Rsj^sD&gVVv((J1@S^AwU}#87t3;IlXZB+Q;0$hY zJWD7n?imUa5-(iH>n5GX7(xi*^EJvVKL74@>EKF0;72K6_{cMDKv%K%3=41t8=6_2+-S{H2t& zYhlEHfuk{V_1-Z(E35JqY#=*Xytk6O(g+*ajULghLOJ+r*Y`eoERD{edFg9TJ}2zy zM+I!r7VIastkb6t!2l`2Px)|px@^`T(e`5T!HDPfAGzv`;wiLho#~`+M^dC9xS6a3 zFk%#QcgX}z?cOtgGK_#v9NK#!*CU1Gb)_JLui6A*xfpaIT*#(a0*jD{78&zmYPPpmwB;E1Gp0R?p8;l;#>u<+6#kfH6nw)?#-fG9oztbBd?AC=+zTIVprcaEL}Q~;tF5tu$4Np6k43URL4((YMv zQ~z@WljRI8u%x8;ZWUtaOvMVy`v9#@=E*+i4AlVZFN{-~+SiR=4-|rU?bj3NJu;V_ ze^V((iG_aCS+o?))e>-+Haiz?3sO?{@YB)`nuGD&@?oS%@kMkj%9@>qdu$qp6w8Tf zog&R!1ptqt?F@@D9X~&z{=KqVg5_70B+KIk^$s!ZFaFdN%nAuf*tjX^R7kxjpB2hv z0klC@Z>2o8AG4mO-*jz0Qd!H(6_4g_5$0@7YpHme7TcTPC>9mvhagY9!nvpaL=O+j z&!;noccmf|%0&akan7wzegY9On1)>kr52l0Y(RLES5R^RX->|Uv5UdxNp>)bhW%}U>sd>-<2#O`zMy(;BdJ-swi-$YOjZT+o{lNfCdS0Ga%5$IEW4kIDdxC1a|&;9(V1BuwpsKYzj`yVa}Y(or%R@*%zme%9)uWK8cdn%w8GDO zDH6*9L8xDJ6%iRuE(zn1|BEtu)(aTPzW9}9KJ9LkiN0PrMLVD926YVa2VKKrm_0S=Ns#N!|C=A2<}KIXPm>GlGA?({xZ)P8{90MAM&aMlQ1dP`YqL5@4;JRqs2$^yG>c7HIk zO+*V&1m%{53&>0D9Ti0l#F*F3A>O9p0seL~h~GoC94EtVaJay-JvM$Kpq zLaTBo#|J(31e?ENGl>Mm6<(#BH zD?#}WsZ`lPc6D!$j-LA&H4e~C)wxahE(+@zL2~)9LzA{rSYN1#`dM=<+wSfnJUyt% z{3A)d-rd@|)7>vV_jNL1cr|%&;hf8xD9;RQ{#TZTL7!}1qcKzT{fF%@l9hnDJ*|RScjHmh2DQJW?!`I+tvM?RxR>b+p!*?gH0MTP!TBqv}01C78Pv zBINnus|)#=_i`WDfQE|mDUP*|VO1JbLCCdCbJ-p-@DLR62=e=_t|waJEx7k2*&o|{ z{#A-tpRO=R$PWz!cUZqeZsGR7X*_zDGHs?r6ecomxaYtAr~nx6Vawlm;8}0&JdX#7 zV;ELwHUII=yzUtkjS43{TW|-{k}#@NI9ORXTB|P*cT9rQz)Uc&C?DAtui=RO&5b7e z>+*m&bcB<^u;!>JR(3)OFSV;ooIEpIMT`-KJ=x9Zz>{vpl|OW6Jl#@8 zxjkiKo^ttLLID~li~JKPnbMea-&L!jI0`oHM%#Aq&4nh1{q<}6$=dp~GHBaBY%b#M zu8qy?{+ajv^}H8N-M!gPeCYg<-0lg{mOCWX#N`!D633Ze_Y-;i9p1*fi{s)kSG>Z( zBVygB>kTteKj1!#UaO(&v#4Jyg&%(H4)*m}*hL~O;5uTrUaeVCQK8l1Jgl-(4?+Wb zpll49FeStkQ$rAW%HuRN|%V4C{R3om;mHMFwVpWv}!2_@pF_K=g2G?>$OD z!5Dz}erg6K{<2|aw1Nc*!hlM-~T?H#=y;}!NXaAi2~RgEvl$WmAfx%qLPLdb?dM`bek4WmJf zEy$zr#IAGy1$}c{cXk^oM_7Ve)=^4HPccwboD(kCW;=$5MIdTzGi*Zp@dLFCjPhz72Fvo*esEd$Hq`+d2(Hj(dLJYYa~s7k2xbA=rDB#(F;jhk?{) zrR9G9aITchcJ-zcsjUn*Gz17?hGeKG^S$#2ep?6*Ja9Qd9cQ-9KxWX36tbe+kF)vlQ#~DZhJRFO#7iN46_elaPA*EN z9OyOT`l0X(-P?E4uA7C|e(PgAs3t!LCs#KN@L~&tvCjpAJ$&8C0BnO#v-nbk*9orw z!r~N^loqy39w;U>(X?5R*J>poQUaVDFOzT1UZ2q^pvcjy`W|kB*KKt>j5tIX3cnJU zblDrOwb){>f2D`sU=a;`FW68{G@POwrvLJI_=||gu7Zb$46n{)> z)zjfbTD&efMNlsl0Q`L1Qh#c&+y2*jn-!}oXveyRmqBkZxQ3^ajnm=kIuE>{m2{JT z_cN`H|41jJRpRrYl`B>%y+5#RnWWz*QA-m+RjW)wbtOUq=J?0R5+mrN@u+NRziE+8 z^oE*VYVnLZu`AT+Ee?tV7U$%|kBwXkDBt1l3LF7{tD*2nvfwOgq1ebVV)Vq8fw?!2Tgs=q+(SouPw{@I(>)69PBx`ohp zx%u$AITEc<>E|NZ(v#5l{Y`KGEC8UVSHKllf3?@%03upL zz;HV%+Jhe}%9t=otD_~DOC<~ z-S|nRGDU9`MzC%SJU3lN$fZ5~nxpC<3WL<^%?pj7L=zz-tV-w{K1ZtL$HvxMH$39x zR$<5YKvG*(#v2T?CrSPk5+dzuDH8(SHi)_w0*a428O_tMHmn%68y?0%=phEcG^v&f zvP~^CPBm|@YSg#IX#k5G&Bl?$VY^HOz3orFgB=8Xm$39Tdds&xM`1T9j3h)ca;MaSX(W2JfsAiRo*5IQT$n)F(Ti??`!b!uYZ%}{X zN*ja=zZAP*I`ap5KXplTShz!req4X`b%_TNyiq|go?R?=kP70p`;SooTE@l7RN=(- zWJq$GTaEEi$a;s5K#q2TVeWNL{6#&?qSUWe&64I0_qO}<%|KdVDIouYpDS7qn;$fi z4)_UiWk0}(p=UD)yU_c2AKk3Z-I57vRD*8k$HyBI-uX-0}8UksBVnw#C6yk2#S)=3!kS(ao~BxkG>s?YIKgY9a%6%}PN>4bIaFKmQd z>b}1d$_IL@~L`tE(#6D(+xppa~ej%k7TPS@TC6nl+H~L;eapf z?cNksC*k9*!bV~CL7Rsd6VvD|r!zAs?;?o_qa5$%Jmyp_#nS)9RvwMykJtDhj}(r~ z`BL7O3&bGs*+e--)t_MKJ6z0GpC8d!Ked%8=HG!=#}eM^a)~O&DeM17UnesfJV8$@ZwS) zYPAM@xh`F>bG?9i{hH7F7atk(CV zrt~_<5P%=U7&%0{^j3%n@@g3(+OgkTpO7b!_Wt7jX3?+S6{3LJAm1_yEIht9dCX8h zH6&!8&JB>Og7A*Ci`!BKr^IGA(4niZU83NhOlTgwH}cIK( zr=!57yL)r*s*GMMEX3d_*qgK9^i!7IQY-ea7lB8zUz71h)>hF_uMrB6|S`p$t{X&F&m?r(Y~UT7d@&mP%+T z0H_U!=^5bzk|&#=&r|{|R1Gxlx7=7Aho5mp{Zh_x=y5y1qQ(Kdi40s)5r>DpossV= z-1_AXPEIRefI^zFt*vkL5Zk|ZRV}p^y_e;D9yrG4&M={XI% z@9F7Av9A05wJGjHoHYETsX~_FLCb5Gopk$p0S4xnpo}`HQWI#%8U7p>ER!y#LarZG zY=)Q`MHkvLHAGQo? z9PHOnmUNL;vzTO;6EJp+q@^^OP{G=6o%ep>hX{+^?{Ox)knoduAuQmoBI1rK#nw5S zl}K}cynnpVkb!|)v%LA?^VGOY8%3|E@9LV0!wRP)3`O0j9ATsP5hJl)N~rCs$4rtq zhH1FUP(EJl_sis9LWn<1+)w6}@TVB$ijkensk?RBgd??_e__(YwEIY}jcLN_Fzu`bTqy0$BXy|(mC@M3T2j)k7^bQ@j6iCf1odrf&Gi| zh1PMGkkcg{A2BvB?-rkri(q^;9HL2bvAwMSTXHlTrmz{1z+0hz%J|2J0gIJVP!5}_ z2VZ8w8uyX}1J-&SFF{39lk4u<>ek|&M-apb_2c)4(S^9#NFlpTy4r*2LX42m8-$CSB-C75 zMP={Ngxnl}pO;Vfkx6rE5a?+kAH{1Ja)Yjy~p4g9}7W% znEGgi6(E8;m)`!QCiO|JZ00g-7lNICRfo8_GcVULP_o&y9+y}-cBQ%dg?AIT8#YLd z5kxrk6%_KT=CdSc)?=Yg_mEUi$VB#lEdAg^*&P~u}= zBdZp_cEYz)oYRgS`jPqdS^qa6y>mh%_kt#k*u&-%C3kolupd;LQeEu;e)*+QF@#7V zTS&9fDVUhV&|=36(ZxarV@{)$61)9?9PPMG(7~n{$fPVU!-in;wTb+^R1aT=lG|3} z@8&=5+)7bQ3Q?txE{as1xBel!iiuqe?#DE(ASUd5VoSHQ#%KO#vHBZGIGky-PI%_5 z&XrKTpczeKI=!<#Gk^^YRtSxBOfqkEPkLXz;wp_t+rx-^fG8Doe^DD8 zK01(5fee_TPADDDo7~|qH05|~r7@T*y&deGn&5 zZ|&K)^SYR``+oXUA1xYFflvax+%Hss;=>nnV_rI!kezh1nL_Or%;qN~oQ-TzAabG7 zx>3aA;rF|eE^@mx5p6QfR0|gZzP<%sSLV7WAM=nl|4jCW>%nTB6+mfyt!EKM3A+6} zCl@7BpinkQb`GnNzm2erjwL8%Y)2uHnCNEW-8iV6vWi=$4 zl#!VcYuG7sjdG3Kszuebkc&UaUzSTVc2ZV`g^N=jO~qPu>H;1?x7d_6oADs$vLqZy z@puOUfu2{3zV1c0$`!0^1SFQWY$tp&^i9p_12mmyP(pZjMu|^oISyKLb6*X~y8^G1 zr&v~)rpk(;?$=0ixfc0qUl)g-J=_z=km`FYw|NZP2?Z>3jJNZo=?C<9d}cR(36GW9rkx^o|wL)0$cC z(hTgS_v--F1NjQAVap%X^^J!N0TB^>CfZ6JXFu+BWtnoC_*AN6sYBnpt_lgNRm!i@}mR!Ei23F8#!W~hyaQIS1nz-^9^8|)9Ur|KJGH)7We zle6lwZ5w@!lGc(7_?4UcxwM4wqqV1kZbemB^^pmsbI>*N<;^$8;oJwW0K>SWIXXcv#6-5#^R$y-#M|?tY(+JS6`^C zq;%PU=$CqiRJr7THtCOo1xj6!*yl+5XgKU!OXvP|W>(gr*q>H046xF_b3ESu9%6(Q zLHC1?8cIlT8&258`Ps+=<>xskrF9Aw6_eQa#N^!Yh;YuX2?hqMYMv}=a4e?(WXAba zI3uSl_KtQ-dp@d<$luVTtu>=Hc@B9XO7ga!u$q3O)+@3(7wZL=5f})|jjg^O5(x?! zAZTQQ4_uiu=z6^g9uV@qGzDd-1@wap%1axxZH|#x?=q?a1AC3$&e~f)uqmMKT+W+5g-}rjFd38I>YGdu4;(8t|2#|y$Uy-gzBSq zv$u6Im%Bh*phN-{j0myx;DNwm92`P@b02youG-j1DdnDwy>sYUI?O32|HYiI+2n2& zYskh|42O?QHJ+N9E>~0y7Bx<~L@q%_Qx;KdKe7(HKz5!S%Jox^%qJ=2%Gm%HY$9?W z19dwwqbXvXWX^PV)vr@kuXz+&LRhMXE4c~$Uv*UEKhOac6o#EtNy)nYzke4Owd{_p zn{ja`SXmwQC8{_|VkNLko~F$C(CC2#a0w^Z-yh$iRjC!Cy&_%B0+1=-E7xWz{!JMX zSI-4ZAj!x%<-W`MBBsprd$hPKrdTT}Q5_~L9^Kn^_5qgd__cpA%Wi$m@y;qNvSf2G zA~%4yLsc0_kyyQVGJslx+oo?ETD%U2MsfNza45Jc!Z`zm`^M-99!=8a&Br2yeQ~|{ zYs-Znlac(26!p&+D+nDS3K^ur7#lU%bX{X0{ zH07D<@9RU}-1P-N8xd%@ADDB3p`kW^u|F{Cf6@UKVeeq=Rs=;h);>;jPip$^U1E0V z8c`t*7w<$hitT8Ezatb`dKgg3K~K0Ci^G;%Qk1h6xm?(2O_exoFh4uL?benst;H@S zS^#IxkWKM`Xg-f^lONsQXdl&`ADO5URB7jX(oRrw{abV>+wn(=@~55-T*wnEOQ|`$ ziE?oN#hMs0&aOJ=jOX}%9zZP>hhrs$awea}t0oCq691%?Y{}vs_)})TN%;>Io;~u$ zpaf6ph9jZq(oKD^R_31MsTDG8RLdCmS7~ zx?lqapxlV)z8`JX)_qmpB^x;$A{LaM${r2|N0`Y*)I~*m~OJT%<8hhCWKD0S#R( z#_}Sus2JE+R-NLbP?&nO;eQj6jjxhJ)pN}?ucQ+imdr`iE|`Jx%!9PxZuX3)kxTvo zbHcwvklS*r;19lxGGOdZmf2$P;_>6z>PG@VtD%$WMc9#GIZ=ilFBK^ZCbw%P%qV!p zsXugfnh(>#&nGW%ZYUzXY_XB#&s@K{VSQm0_`T}VLByh8zq4Lz(lvwq-{U1YopR=R z{9J#?{B>9;4!&%{Ts3ftwUv;Mc43xFPGV|$vP)X}#K@zRCQ144vW97K%}gmT`z2~CGRdrPpvaN4DTr~Ht{3h} zam>42&`i%-Fytt0686*EtAKX01=T+ePVz9BBP95Mv9}ih7S=}d66%!5%x|O!j?VJ_ ztV-KSz(C1!@1eKo#r|a*%k)Xzof+U!Ee%4PbJwr?QsN&wffqt2P8G#YY~Eta9U1%# z^Ios{gsc$SU5z29b)AuO1|Xh{Mi zQgb5xE2rTy2bg;d90mF9#-Bg8;Be2oD?ttEaFURbiITKJHy?C#T|&08PD4%# zOFTGt5VRlQuW?yVUBVP^!6%y@XXz3+x3VTODV$V`-%TN>*lZLW>&^zX3Y2lFPIFA#3X$O1BMAr&OhW53kqMT%JY>%)a6lo)pSskd6y0Zh!l6Rh=uhp3Ey=cEUvk*9l zvh$DwkD+(q7#Ggv0X%$aN=`z`Xm;;lBnx^@#HeTr8d}5^c^Vp)u-910y$Md{Hi%1X z>Bq+Xuj>c=J5uR$#C_kLq;x*B4EGCY9?TT`N>e3eYJIqMsU`P&yhjX^~3IVpX>VlU(9nV)l-E= zgl?$wbdv`4Jf zVPzb$?Z}N+aDnbXU0LDuawJ+{Aghc+-AyH#-!&Bk!AIXet-xuox$8$Uf9I)NRflYC zpsI^7KAD`T$mW(oQMgq(ATNt&3{vt)-zF0DT&kWM<*q3zLlCf@v`a4{q`W80q=c(0lWF8^k)_R?k@}C!vlb zPfi|yevqF0x5I&tHW0$u-tk_Im9a`nntQ%qu>yR$QL(l@Podf-lwxeE*<3Px8OiUUmBpx*Mw{%XHt&%zF8JGk9CL=s`o|&e=j9C?aG>@eT4ca-AVMdC_U!f7B3&t*4{(^+&BNTc)y=5&>bI78(wBk^T1O zh!+34vx$hJR9$Z%zMCIpDC1d5yj0Y)XVFrsI?(KrHCV=hza$@Ie2`>JOtOX5tMC^_ z9hQ?Q(9~`)kZ6-wT zX%Re>c>U2v><&W9J_3inU9_RNu`ygMR`Cu*?WwHRCcyo2}F zCPp>zta8Qf7QdsLrVQ@i!t;792%MuFi@3-NO<*|@U3x^lmYdU$b)|JKynJM>(UAJDELoiepN?W zck#|G`2!tO=%#uDed`_|hZI^NozPtyN6F{w2iK{XNH z{zi|Q;Fl|YclG+v!*!GW`KQ9-y=27(Cod`aqDHUwcv76h^j3_w}oD~qHy#9LtJezGni0USkm^naxK{H-=dMrLL-DLiZE0`uzAz3yV)f6gCn zQfMIgBo+qAvcv&Qi~6$|l#3^tji2mtnkp+56$rB)PhKMk9&o!SVaHf8=C9w|rNnn& zrxS_fOry-#FlQE}6k_LO)jqQG6M?05w&P3%h&bnv1W*A{izHs#$`qcX*q zui#DU1+g5^6pX@WQU57;bk6n#;{e}ne}>tSYP>!-CmGnf>PSZ6yXo~0O$yIu*VM$2 z%wAi4DT?~28rwfGedJCv{)>%NXLT-2G_+I+4z8?7stnp5`3ME))nZc~i?90UP7g9l zabZhLXCA7tS73&j#Pz}*dMbqn2^3G{4W=#hOj+Bd!x&$?Lo%ZK243;7VX9Q%^3Swq z9s733(nTOeHBqMeeLgJp+qW|0ZFDZ}3r%JpG`2}8He(+S$K8Q2H4q=)5%u3wMbliW zG`$f%Ue@Ge`6#crnVey~>apnuuGKL&uxP%O$R0?MuzR33Y+awTJL1&U>)q_XeuIiH zLH+^`K9_Vp)ck~|$o;~a<)e2Qir}v}y`Vli1{|!-3-WY?p)e{`m?mfYk25fL5roM} zTcS%t?K!c_6GE<&1b++)be}{fU>bEE4NJd=w1Uq<(Ut*2keKak5E3I~C-;MHG_W&H@4tR3*e zz0C`3(xX;VdpRtGVW#(Do0Vz${&x#63RT|+5utRKY_Z_jHO7oxSy|4?dVMe<9IpC& z?HYRY`PFXN!Vg`PKmiYHAP1q-Fr+C4@Uu8w`Nms3H8lm5C+ssICg}?4ivzwsk>O*$ zB_&Rf3#Aj5V3|atlzo@Z9851a@X}U}ep)Ck-g1BX+%M++JcE4}c<}d=s=plMWF#NC z4ef^igKAHGeS2G0lxj<6rfNuVcZnNxu`ClGAF++K^^T62TNr_WCjk+Mc3d4D03)6r zL^EjBpG$X-q~NCE4m)QJhpQP2V;cn%VN51o{5%NBmk&XYu%(`Ul-MkJnyd$1$X zkH880PKa@U5{qMZ%%R~S2puLpuc7WOLWR5>P)kC561`(uDGjxij~jz>4X;e#oIjk% zZW()e>KJBhIt+p{qr?SY)Aaj*7gv<1*SF6&;NFG-)$gUb!AX0&6FCrq_18<|pBlh} z4G|IZcFSKXC*h+iv^@KmwfX13^+-1?;bGEr&TYpj!{79<=Zodj9J7FS)wd#f`q zU;F@+1Y*Sho?((_NOM+ftT6+B%w;dJbdfoUyZ^UCYl28boR9? zd6Kr_7Ql=8v53A_XeHtya>U7^EY__osY}Pjq5NKJS9|yr2*H+Fli&vxa{WbbL2l4) z*o6~1uzBFwgy`m4O%8BhCHXQOJ)E6?%G&+mB?~O#M;$&KKJ!%=gI`d=3Nbz8V^s!;8<*;GARGtp4|@ zBkoQ-#G7cl#sG9W@WZEno+k(gD^IG`&>{i=adAX?EW9|U&ik0!a{VfhWapLco=~K; zrF=W?O&AhN+#D`%rsuEoDBn790#o(|_Ly$ZFxfm$Eiq)HRotUwoB}Hgo`smQc@%=# zZWlI5&2xDDcd1iTHEH0{5YfEw3gcDx1d-e~u!L=@`Q@?|EG!YHJ<_5XMZ6WYaxUJzh5X#{v7o) z{=j155BULoz= zc&zBIjA}Pcl*^DN=EOb6+rN}*o==+WXFF`RC9dm@60m9&_=I&Qh(Am=0&vWLfSt@7 z;gEi5x?=7*=4Tt>O~6{1G+`|~4b4p#61C^iex?j%?^x-b?!V2wnPE+-HTzA#!*Ubv zxzz_ztF+XDg1@6>pY^w-Xe_a-lQ zPzWkfH!)#>bg{|Jqwokrks<_gX6z|`V;s;VrD{@CmX&3!WvxcWpc0E&jc~Kot9JPW ze97o8=Y^MtWZj%bdOutEOUb!_1zn~}GJukxi0$)-D4c?_R_G-z7cNmEap;Gi*D5cR zNgE<{5OG+K)`v-NZ}NprrB8{m%Ez=2(=8+Kv?DD99JMmC1pPaqJ=$`>j{tHo9@VeV zfGr!1jKnPeE5Ii#{`GKH(9e^z;t`8m8$p7&$0F*7VqDJHSgj-2U`|Q{?=3d4pb-Bj zKTxpf^CiL#KPs5C^&+<~?{37T@Bcn1LDy&hc+BcLW@bnHR18Gc5fE(>e^P@ z2kRIK<@W-ZgGah>VXyCG*?d}kMh-#X8vvSkDFJtjxq__~IiTRXpC6AhRoh^zwo3c$ z=&pcyscpF&iu)yE;P`r2&it?)t1qKP31SwJ6NR48mUf5)I?AYpo3%(~ z#mAw9Q83(R50v*J1e|*ii#LzP<4D!{S1?e0XLx-u+tTdlfPFv_*O5VTO+0h_Y0kU0 zfDkGl*W2q#j}Tc8@q+O2<2Pxwy1-pG(!G{YO)ZnBrk?DI3I_~&vm9nX;j8nS_ZnCs zAB)Ry#l3<&JiuXKHQQ<^Elr>lUBRZC{t8Dnz(&SK3rN$o!#oqu1}pzZ(B9{2g16(8Ji8X{8< zAXM&kwZ=+3e~H_F)aMUtx3=Y!4b@pEvVg?I3p6V%7UB<{F=q|=!E9lVFw66OObrn)%7qqyvdg#gmCFLX%dH0kuHKCvD`9-I_1Q+d=JL2ksqEezyIJ zWmZ}ikF`J~BBPKBJp2ugcxu_c0CG~{zEm~5c<#{7D%UG5)bkZFK_@kUpe53sgaqhc zp1&-Ov)@K*LMuZ-x}pu1jA3qlIiLYk6_oIhph*)=E;sM1KPvxB5y#ClN9$V?4%EWl zlx!qcay`N;8epOp1t#ciO3KP&Mq)W6h#XNoo%4M%{FSy2ACA^TLbW5&-ijh$vV-cvE1}{!#<_5WExpX_m*NFm2w^qr%fLG3+fBm-d z)cB^&>Td*jZ5Nb&m74G>L(^c&sdg|%#~`AU*p~MrA*s?xS>=jjPx;g{56?-%k@eu$ z!tYEfh!NZdhr$o$nC)?xCFi zm!|-UBCmw_qa=;X>pT*3dBd_pMO10GFqN-i$ur@v%=_**uGg%-M*! z-Z3V!cpqlOGL~RAz2P?srM4k$%nB=(R5p_>!Ui8k73Qn^J!$7xW}F&hZW#LEU`6*| z7-U)oH-9hLN~x_pt_>c+_MGSCWrwj+l2skA_#&Ns5LlU*^S0v1tK;RC(~9*_IO*s! zbHK+H0$;!Jqm=R3)$$ zieJ^nn&#wMVK`JD*1?g1+q+jq^YHe}BaG6<7I$JgPcV>}?bT$64u@}IVnVldxj=aC z^3d_@k-4slL1_d2Ja+Z{0csW7uUo-Jq+Kv!=%WdJV$h+krgw-Ij%*~f*b4P?M$4E`U^E{ID)E%b zwq>0-k){?Mb+LryniWd6fXs1I9zp#4WSeLp52>N>Y+#H3AcLl!iO(+Gj=%3Mcg5+0 zfa`B?6|@DoS%4jTRnqJMToZN-bA25MBkood%QgR8y*9~P@|gvm)q!C`TV@FSsghzdJ#@YOdR3u?X8Rru4k_m|E*a#02W2q#DTfeFPS<6O>96Vjk7F>@pRH~{6Y zp*6SVgsc{`x2t>-b9b)1GWf!8gP60a5!FtW{O8VZY-(_b6gxxqEgG8>G7@qOPO^t@ z?~60|7@d4n+bmUuhdwNd|Hn}nQhhjt!QL$g;*6O>Xtw8cu8L3F+F5!x`c4NN{UZTU z)pBCBuWgRwE7&1M9Zb#63o4N;H^65ac;*AKw)B3T7jQPJwFs_%iLrw=Jp#Y`=hTcYoqz}2F_y*2?{L@qEuh5fBwH{D#aDVSN z3%wc{m0~A?jZ3=^-gep&Hclt1uXmmg>QXFEi4u+{X?`X31w>O~=D!*wfY`g>7BzND zlK7VpuB6o_T;oMQ@M()-&B03?hk}TYp_^CXtuZ-MwPd`S&bVEX8BmR+iVe?1i_sG`-+;Rus>{`(+ zoil<$L)TbnR5uL+>gecqAOiw9MM1u*j-5zIGSv+VB`|zDC!x`*Zo`vYUq?qoTScXG zWvqZLI(iyBuobBygphmJZ;`F|h#A98eOC+L&a4sUx!Z7eqPhcCpJDjCfMQUQF8cLq zr=O{4lqL{@G^q7H@W4)$?7Q?@)!hYkydKMA9?J3Y;Z8dKj`X?5Vr#%chnoo7a!0;6|1TA6CQ;V5d~4+HE) zdYJ|i7?>Q&4V(LG_yy_uPyTHK@B1h7#qd#NDG*SeI7Hddd*(`^J=q|ip!d)dn{;&C z&CzkneytIHN{PmwslP2dJ3DLJSJlw5DCrPIi4O}AG05Lgk80pwKA!Bkz=L;vUVKq_ z*!s>0ejOmmIH$gUV~^D8E6@UYcyr_LGT{`B`+#h(|b% z)be#HI&Q+&#~3og18PcBVtK!K-(vWCjRpVb%8Xb74oUEy(JAWg&ehb_4WD@VBf@s{=D=_nwC9HeW+62;KMp1bSZbQ4UTi-#LZKD>I_!gMPMF^2SF$mke4Y5!Cvn zvnOxDpZ77$!AG5$?UD!o99d>Z=dl>kfP}*0U4kTgbjEws+EE2Jze;y@jzC9p?zPvi zb5*Nnt1fZiS%lUK3O;ZD{c|m^txX3tC^UMyx>R3=3D`a5FJ-l?P*;`^4Xum&E5G_p zK|i9tWsZ6V+(kW!a+`dhZGow6@P;MOowQY1mJ#Aj_>;;EBb3FC>W7oTA!bwnKtAf6 z%E&HG)6R*1+{LqDmWC7#&i6~D+wwoC%T7xxi%v2R18t)}iHL~qRU%Qj^-k142fovYv2(I>LChIUpk)i?)Q3PN=OH>K8++wFY#Y|Ndy4ys|1I2H@>)nn5{` zNY&;(imYp3&`^6F85A2FY+0e^K)dbC00!?NQ>4qDW5g!u;9|R{Jbdait=Z+Xj;$PO zG@TtN=N((xI=^GWhR)9|2#`{fiGPvo=9W-W{^I6AB;;LhdirOx50JLAww{`pnL$HG zLRvUkuEI~G)7H`oS!hBEqp}h$sPYn}s9!rRrkl)WSFN(BcVWXUSH_S?lt@o|s7NKm zGL=_RWVG?=Q%e58R2!59Q?JfA2jS!}vD?RGuO=uI9*p4TgxDBCX+`uE&rA3r)K!MKA1_4}X1S$Hv7-WBUbBg+te2Bq1O> z1=mQbN}A&nUzr)lmk*DRKQ#v>?8mkg)R*J8b+h+HEO@|y{u!2}T>~!JvXLR1aTC#x z>o!_dmv+V2_$>if!{pM*x2wNPkrhJ2Cz&lEVLr-3K)f&75Qf9dr{Ao zlU#S7(}>~h84FBra5VHaLl7gQi>$jgEO&&f%1a8TauuD8W|b$)t&a{?7n(jXk6kOk zQmyG`s*Wl!s(xJuW--pWNWmh0?XK(PXN*X;L=(W?19}gcm9!pqnyr_b(w+=+F#Zw)NX;bCoPB~DX0l-eccQHfG;L#7q2W)m4QO*EbOeA z%Toy{(6LG>cMd6mk}}=-^(O7LwO-A5JAgCxIktZ~I~(LuDWIY%4>?;Gj>xX8_DQ}S2lWAn;=YI0 z!&f7GJh+V39ID7FgmueD6KvYc$Vyq|5Y(NxIv-w~>hr29o;{}2@0RDWWPcJ-$!mS< zvqm?AMyT&{wb`SN_@|h!+4KWr+x&E?B9C4*ufz4@$BR&Z(LvL0?_H?bv}AK(F^}6i z+)ikm&_D#K;*Fk3T@u34)CNo7zi^2+CpFE{HBkY&X~!_44VYsS_4>2%$E54ax8p|& z7>q!8b=~B;@u>=J3d`+mB9A!o0nNuQ&fIS%R2(kNkY#4ADhy1uv=x<=c--&n>x+HD z-p-dC9^kC|qstft7NY~tGBe<9l9ZoOB~;(XX`-#HI5EnHMR>woTn2dIe-U7_hBSn) z*5uzZ3r%?cy)z_aGe>8iCPZR^`w4% zN<**JXYN3feI_pIaXjRxxZFo&PtGcDNF zTRT4@qmU?!WLJ?r(*aoWs+i}ER5Y3^(_^tGyCsP#tEvVO!3|l(lHmEXW2nAz>;tDd zbV$$%3S3msM}ulv8p?P~dOTzWMP3uELPx6{9<+cSx}{0i3KIH^TVM54jdvYinG^ob1zp zbon*Wm**Wezu8(6F3oSn_{J`U73%{U9SPYb$zV2u$6TB|I!6vhHPlShbfis13d$2r z{kK<(QM@giU+j!A(hwlaO$p~P#6YcKOb5A33Ty>&-~MQTt6)fSFXEfm&fR~0QRKDY z_qmb2?DG1kTLa#O46>2v+nt}8=YRazd3$?(1~x%B@;Jy=)w**0?B$jJHX|lWMm>T$ zLJgOi9j}>gB%r6HEmO+I^ue}h!GoeuIk!Cc4R0?zYnzpXIvU~k-}Kn)*HhonA~DKa zfCH0hL1x#LofQd@zWc_*ddW-+W_%oBHx!=;_p#&WGmp3+7Lks|IkC3p z!vKrqbw1J+1;r0@{8rE3nnJCYcA!<0;695K5kyT3x$TG_gKq&uHAW({0-SVOuH`{g zH}@*iRp|t~)2X>|-cImxE5(88`pY}OTMxokh8Sx}U!U*dI1JXIc_ZB%Jo4OT;rA8# z(M4uA2F&L_#dJYz&w(zPTE|3kY{b+ISAKPifl<*We1f23&%@(7RTU@rv|3Js|!B&32 z6Jq569l>=EWQjLu1BItk&Gm-&>kd-zmX;o3rx>0q_dHqiH`Vi0zF{ zUt&p{Ld-xQG`v>S*D~-Zau2kjl#>UEkT? zTO-yE?MQxJ`@4>`@I=Zs4z{QN8r07R$(HC;=@O0(4ON3J%O??je(%{5g_JM%m)qN* z2J}EgIG#kn1A*>P{o7wK5$NXoXmQ&kmv(Y2wT0@xjC%%rD7&RkVAo8BG5fPMvG%zT zS;y7~lA@2?suFqo;dm)Lyo|}(<`D96xk#Pi7BqHt>Khn{L>#`S6AhR*?p<8?gS=to z)s2m>+w~TMwXksBQ*C)|>@u>t3i@q*{J#4ckwUv}LKFz`3J8QgyHYZfHSJa{M^{Dc z0hbnbpU(j$nV=7nfq8H?Xj+B-u{A$abuW*GcO(xekniMS|kEtmBF@|F`tB2@LB8Q zd65+&R3D3S+FU+@NQSfb+uu!(;*H@bgdVfo+wbLEaQ^=O@LXI?QlO>OI}CyemZCTi zUU^PJb@%sgfjdxROqb#E5EpSASR!elkZvn%oFZsjQWU&PLF=Iw9Reo~N%^6&nMt^{ zlL4UXO~fTiU+QYCB+4unOx*sxSk~pb&PhkmTJyLc%u0~soeO2cKBkYyW-6?rt=+u$ zzmD?LAe-Ei!yWaVZj$&P)7^I2Ouh8PCi>`NX7sA-a5a8g0oZnzx{ae0QVbj(d5Rc} zg0kST9aNoCx|?YQImGzn-Nr^^(lxAk;9$5GC12S6WU6e5WJ40QQt1ULQpdErzoogT zsNIa5XFa?+SFyo>OIbgjwYTKIQQ?yrm>wvCfPqA~R*JvBv0lPqrw zJLoHjhuGBv&BlJtA{^ZI2KxFhOdmeH_+$~KS4${DqCb$0U4!&kx~Ip-IC!v^fp2qg zdqZtX7H-?!dm7CX9^$tcf%=6-TSDle*F)Bn5J_u45P`pTnwGEdW@DFmVH^$gJM)&-WK+UGDp`BKM&Omoe~voVR@}zm40A zBv#eu3Bo4wZ+`eEA|68T&F=RB2j4R(LdxjtG>m_$$9*i}pxQuY?R;?t3P<9PQ!!k%>#C~g z7k{IcJpTPa^pUI+F=%8Rq)eD83Bl}$1_nxKZBEg)o@9iWt|{viseF@<730-jS*RaX zBknV{fn0DBkRVyb?)xe=%sfnP)lU6wt>rTc=bWA-a~r>tYNq+0%k!77ycn&Z4xSeL z0<);9sI=UIme*_`J)L)RYU=!|KqAC2wj0(1Wpe$T_9Mlp+a{DH3XA|HrNldV@Jq*E z#s3wWKFD!#tJf{gr{kt1S&pO4B~wcs2v-YZVzS@zm{(viamx(fEvXSMMd!WwfBFEGdgv% zCSUnUpUAYe{hH46y_4u-7pY33eExq5=_s+J5K^W(iAX-q=Zo~Jr0?Htzk|4cntK=} z2uNS5H6OH{(HW<}7TSWw#$+p{caolHe0*LRjwbjCrGo>V-NSN=aL2C~B$yy*tJ4zr zD^=Qix{w+>h1D1u%HWWG2y>KT_s9Aw_X4pN6Js|sSyy3tqB!IDXmwd{nVX%nNm0iB z4uz5kmCVz^P{c%9IduR77uNv?A6u4_vxr8==C^Fz7S>)eR-6a)^JGew)N(Bk#JulU zC(-Pd0}jKEX~IYT8cAuIWhxnw*7X5BT3uE2kYIf-8V-N*rLz@LBV4#sK_$60US{|@Aa6mH9 zm6g^{9l(OmAmwNPs(+RA`NzTR$rM|m6W#ylt*x}xWUeAWi{_&FH8vY;Nd3qAJVp!)@JEaByB$sD)hhX zu!KYqQ<-T>v2}Yvy?7XvBwdMSa+=A9QVO8q4gX24^ctYAg6qpv;OUPYHA}Y? z{Z4z^{WRiuYb@DA%IM}UObh!lL=+ZA^n?nAxagTgrMJ|Y+u1mymwfo-TZ2!RXjSCc;6N5zy7oH4hh(LtdMsAfGAL4nhy9G>n ziQ&Y%)7D0I<)C5s`;bs!K(gati9UJFT}C0HEF?g0+28d`0SJ= zAn6o%k19BReX}V&6(Ag+(pWJx)%`B6jq}Ognzi$@1=@D9!t?PXhkRsCf#AzcAAdlqJhdXCF$zwY8NC8`WFI@@MdORXYU61Ax4f_PDv`V712^WNoEOA ztx#{_V6>zdT>H#bmwp+$TsF)*$Cqb+K%UK6xkqA?r^lO39^x5R*Eo_*BbZ6SZ&kV; z>IC&D{3OEOCs&|-A-?IIJjeKOHdo-&GDtgCmBhuq9isR~AmDNEc;vem58(oF1w4?g zhwkIhdDNF`R_xWo4j_n8C&{;)5r0Mfm70oE1v)C+&v`C(jm`7X)qN}gbhE*L^^}pB z7t{;LliCdP6+YqgTvRq|EKf_@ zqCQUl(g`Y*o6`h0A(mD(q)+W4(RwyqLV?RYr)?1i4fzHQDjC+ddHk zRGjl5eZ_rXQ3n!c4XnjnshDdd6*sXZYU;$kFo{#6NjHLHdN`n^l(LNF0guq43-0T~ zl?AuHqd+HILdQRTZIYZ0PWr5~g(Cw;CDu%?NNgzzn1UemxG@>@^WwSAi`jV-wBglO zIKFK`kT)$W`*gwPA<6SlhRQiM9wMY;xe-3|8P(w}yX*i|N|Mxq_GA!bd(wY23n}uS zE%^KJ=qTG?;O}1{Oj6RGRvr-!`hHQ>UpL0F^-ki4%L@xPY^>;2Cgx}LyH4lATPq9C zx*&*yGhicfD6{=Tw*z66eKCZZYihD??2cbRRD6WCj6KBN0G(G2$eh(0x-7H8B3t*_ z{b?@2qYnn>QFU~NC%{K3$+7zAMwERMb0nZsVeS-gD4OW;Rtq=tr76B+4!{1|_b~`u z{W8QN5ECZMRr=s((jZHFU;Ys|=~Th-JtL1XLX{X3*OOK>{5+k-JpahHDGDxD2$|NV zLt6jC^neyppMKNMBi!sRxO$cr(5U;ttlOIdKA6DNZy2QUg*evOokoAi5sO^FEd>uI zKvkBpqV(kPjOO;=H;mi9yAk7GdK!q>^bNmszq|;-<95h!(YkY@>g+|Rw%9*lAdOZI zQH(;Jwa^lO3w?XoPuSkIGsCuoNNfjhc)^CdAq=D-l_g$CgFi0}o#fg7=SpBYXVF=5 zr*h^Mrlk`#B8seQb_Q;L3SmCN0=%V@*GAZXtD~?^{@)_9nV+%ACppReX@D5aqFM&= zf>-Y+gn&WEL};k+XR3Qt5dw9X-K8`4R1|!?bfvqC>1Q}{zB=pLA>S`}@7kep%5wke z(4G>RKH5}7#GmIxy|s>8clf~U;W@r+oUdZ7aYp9+D|V6+8@Vr2X8^Lnf!`-MuD2sp zd1>e|4h#=(h^w$#C<EY;@sj?-JXXo4)7g{x_@3(*e;D2dPF76CZ2mk5;CIT!4tA(H_`tN6vv1iQuiZj7&2$E7{-}~D$`G1hckyia(JqQj{FswrA z9mxFSKe(L;Xl9zk=3lSO&J76`Ml z*c*xxBLoruzi-7m*$WKObRDp;uw<0dKV*e|+um+QwZh)bd@zp6Ikux- z)vfX1RkV3`X9>|USH0D6yN%Y-lEO|u6^Dsi$?ZJ?K6_7^&6 ziifi0XGgiLEf+MWs)HbFg3Vt3h^vw0)`2%4m!}G3R~iniYIHmma0MsySb?+wkOi&~ zSo#-I9)UhLBR13S_D^@b$Gz0yj!WcX=Bz()HOC6Fd;It9Js(%#Z_g~)Jddt$;(NYG zK_mD0YDG-R#ZWph&hQ~NRSoU%?_x_!W%(#ui>MSW{{E~I>MiG7WL?t=+4w|je7B8k%Cv3z}Mr?41-+Z1eU5x=T}W(DeqmuZK?u1F=ZN$F=y z;*%`QkL%M88%EuH@h*!Yj0Vs6!a64Te%=y`Xm&kG>1T5bef}M$M+zuDrbe0i$?OVR zoEbbxqu+JOkDDL7URA-PrlZ575M2ERVZdD(Y-TP>x9$9pnF@b?wwwuT2mjgZYQys! z`IIh{2m&0M_eel8Xk4P`yL&L*g4atu=0R!VFxx(wAvZV3Nq;9Xg!Qe?IyHo!kOjk2o3l^F*dpv=6d2HmgjQmE z{hz-`c!z@q_Fz19aM0(p`k&!ffqh4B7_WHqSj$p-~r_?(ws@%vR=I1^E26h z8P>Mfa~dlb-ufpK@y6R+!cKn7c*TO^z&WCW^SwAHVKveNW7-7bz|xsTJuw-xhvyDT zzekKN4Hxi{8s~Der2~axSUeJhNBLc@ngJr8K!EE-oxdnY`~?@jLBm+$$*w=P_>1#f zUd)v3mJFc8Cn}YtAtdygz04EGKoJ|BK9h7{Uvkq1!K?R^Xy9b4iKtsM*W`!vC%Pyv z$8GSezdCrmXxol&xfc?T?u-B8!Ypy_2w}o*|Gi;!tByL=2>K7Tu$8ByvT^!{9E1?~ z&x(T3u&@se)+I6u(y&g=xO^Y~4&IY}WycbtgChaJ3AU!H>I|Oqjh5rOBcB{j*BKBeLeRn}I}gRR7|)!w!_a+7FH6{M_{ z6@&jr@7{n-<2IKh&oXOlGpxPhha0|=;l6)<=k|7qXrQlc8$we!;N<~&Q$`J?a|fMV z^xT0_^3hMf&(}6H!PV2XJ_v>?S8r$tAfBIyvC6Cd+{}yoG8_K_n`SOJW20H zbMN!CzP45!!LQ_QPW2?JXa4pEmG8 z1iW&Q^&?x@d4>{56yjcipag}?S%R+LX-ttX$)Yz+;i@ub?Go^(Gs95Ah-ce6$)Z-Q zSdCO-z=JdTulf7%ymOx(4T9E^657Z$HB+U*%qz8TJ4;b{s78d`F^h*6-hfpyqeLAA!-v7gU-*r}ctz)S$m}c_1nUde^fV^?k9_m*?Qg@} zvD>M7iV2bN>P}PC%gJPQZ3VvQzfo=%l)goCK<$qXi1OR+z2kWoe2~-7;2_O8$Q=>= zrM33FPe(a?oL%1fKg4vW+9=;XDr@yy@1yM%KF zTpJPPAAi<6!kpcQB$RMvK+V^Q#eZDA4EatvHhuaS3WMkmnW$22MiZ8@TX5y8t-Z3w z*oLSt;OpTP#4a02%r5yN%>NK_{jUf}&4HHZfbona;yD$@P)by7#*^+x2amH~OezKj z0+ltLJ9XC&^DRBUyz=zzL|eD*#BSBH{y(PPGODWX{r)~kmz1=0qjYz-bV`TP-F@h8 zq)SRVrMp8wN*X~*S{jsm7Weo68{>Jyd(PNv?`zF#&d)@UJ~Xz{_4r?PN&P- z7(sNhUs=YiA5dar2CCJoG3s1y^fm}VH<|DgSXs?2hFIWppB*>7F$8B9UG$xxZAG~! zltBZkYOMx;YVa{#zM}u6sH0xX=0hD4U785VO9f=)*qLH*MYd`{$d_5jL}EeDqF(AO zmD>E&HndyQCnYK(=o0lZ-^>nqQs_-T&q<371kv@G+1DgVn*}76L3`$2i7>Rf{qnJ) zV;GG{ib}J-5M+mD+a+hS?@@G@V!+*~I-`eVD(;*bD(pBsP z77~X$yx=A)uZGmh3m?^Mjo;lW^JDhCYsFmd5=A~66Z!C`Kvf`di5JWX)%}U{w zO@hzV6fqdy1zN4=%BNRJ>AE4Sw6)y=&TAm$A3ZOu-tFepged~=7C`;0=Z}-+9Vt)4 zPKoy3S=B$gTOmg{2)1Bv$PL@UdhilGThWi`m~dD9R-@40P^FZ;+Bkym6X6TLlQzEg z$E_e58XBteoBnvYjh!jGH2wWq=@V5(+m#AO7^2{eS3yWxBLvv4_xWFTV)(utIf_C@lqa%FtbcE0!hyM)Su3Sh}qOAn=eNC`2gd2^%aLswjQjwt?M>e^@f!+Sy50Nz5dZeX!>Z_L zwfsbyD|mKvS}C)T|=g(amb29u@NR*?_Xpi)p+NGVr{@2Q}o#aaQ4aby@vIgaCvWk-|Y^U z1z;561_lS6+UGL)5lqZ}39!GTOw_5xEp+T=e^<e8kRZMvK$EmqI`LcZ4wX`CJmDETMjKPE!nH>9uD#E&#*-yFqu7K z8ItgZ;=kORg%X*uYhTquZ=r_p*56D!*(l%Ta@RfKXYwgSiMnD+8I5#EaI@&pCur`C zABKjM!>Kj_AhU%-G9A4%MoL=R{v|s4Pk55+Y$7vlh{lYNpkN7v;_<=(%7KMK_;4T0 zFx}q=GpFn_>;LxY*SJ0P-Gs}k72$hRh>?*jG*4YE@ z>?;zZAE2W$G>0G&9bD1={5U|^i=rb!5B5rbjHO|d;bUnQo-!Z) zJpq~nJ!?#uYlCFM#Dg)i6@zM*H8Y<#v+(1ZgmN6F2}Gj{tm0dUDQ)vJsw);1oltDW z1%0k7wLwGV*S!)7x(4I#5AUGY#-iLd$=&GQf{%7d`28m0vJwHYk8=F9!D| z21my44yh0^j?2@GM3#Q}j)$}O<~?$3-c>*=usrzKs#*LX4Ucqyk!8R%E?w;MJnK^e z`#X$mdR{mC08OI5@PG@ayxUMH^<0uc)6RL=A z@TJq9W_1ALj;dccWGLq7EfzvVbhP$(Cf8vE;GMxI$oJg5Ci(&{QVO-idzNsVQ+22{ zzW8l{Dpbm7IyQ%UA+pr=g5$EzzJGXH(mEumq{Bipc~T)g#F~;JA(o9+ZcdS**xgUI z-+3lzFmiE2jatr~d8xlS1tEQffg)>R?xSegXlZGY%ow?Ugi!eZn{oRcf{b_acyoBD zx;QGg8UBS|hcAOaUu5jU&N^D`HPE(8zr=;|l)6a;#Cgv7GWhO4*65|Q{BG@3!&nXe zo0&551HK7eOUuPDBqSv6HuXWvr)M6g-wUR0I6J}}K@QG6F6SRO9_~te(4cNW-4!2?X;Y=o44#WFE0Mh_9n;qbJd}MLdX&;4^Q{+ z-Q8xw%6aln!8kPx0g#_0z>(lY^qQ`A_1$OK$bmhq1AU(d2a5lrk;XMqQZd(w4s3jX z@nh8n&sTT$EAbSx;cRnnU`fYh3gtq<1^F-1$*K#6M{IyOpHlbZvyot}-Gc?BxLiz? zYjy94L?ev4-SfE38=Mx0NLU&k^cRx;=9@S_{c)m>K`YEbTup4g=)NGU9R_fHR~M(Q zI<-Tj0L&T#^3Xp*6=Fc(`CJTAB$hHhki6L{RE|)5XbqIx_?fcMYZ9cs1-lQo7a2(4 zLA%`Q6~fM)k+YPGw9{nzT(q;q_wiLrHCJ9w@F!Z@#K0lq==|<#xRkUM^&OrX!qNSo z9!QfyV*t_W%oQ|g2e9X_FAxzb8l|G~j=Q|C$~ib^#aIzb4D}%3-EHI;gSPPFhx1Rx zO{m!i;riU-$>X2CFtS=pEwd>myt0IVVih4e*xYIeNGUxfnyO+*W!I*kpfTgAMxYkU zNF!8z#=0E8+N-pnq9SX1W1}}EoxWv1{x#n@B`0Q;UUQrXM|3M%DLsF?V4hHK-zs#Y ztpp`^QY#^1K1$+Zmipo`7UbSTGHt@4>u{=0?e%Q^5hB6@s7QOp0*Z@5HDY*X1CE4J zK9Jq>lWrZ>r@ym4=fF_p-{TmXY-Y=_Oh}usPSuzbt78A=d+y^-;N(g~myyu|guFQL zOKaqp&Aq8QNj~1Nza~4dQ8)rO{FfZ;>``riR86bYEnGBhvhdERR(GYrN!-d(h}3o0QPCKvAMZBD>t{hrl;rM=SAQy zea0RmWMbb;;7;nUS;(4{36EO|yN$jC;IzL&PVf6LYxS8*9>!{b+S? z^mb7RhdZtjyoU;58dtpSR+h20dwv~-0e*YlaNN2hsQprEXXpICYSYhO7pAAZo`sxU zn^ssl%1VOJz6}}_&4UI&2J1p+>;x6gx z_Ue#uwXK>-x509k40?~1k)F=0YTQU009i+n(rBrxkCN88KqgBv`C}c18f~4xn$djH z94%uNR5+Gp@)-wU!d}&Po_$P!;Y@=I;o?eTwcHtb@{9TrGYb2+Pwa)Pud8cc?ekn@ zt5C0R0fq4Rlo|$3%>L>Pw)07v({%wD*|UkOLmqDM9R2xIh6-bOqQoIS47>cj*ZW)S zWAFRFkr(IaxP%9)f7j%zIw2*ITo*LcsAP;v*U|FCQKT~!P&yr?@G2R%(qNqWr-jkR91f=}*dsp&TXK9zez-NHK=s5b#;*}R*LP|07Gt- z^k;VqQL6alHAm zCI<)J8ZtJgA|y5SMCrEW z&d1qonO6arlNr=;MKrRWp?|x~(Cs_twR+&Lj}jvbK9dba>@nHz9WFtv5>ryT!m)hGT7|GqKzWomYQ>ws$ueYF7^l6+F|j`Y^X zfG7Fa#1w_9rN&8BLMYL1W`ni?4mA`_mWblUuU~yo75W_ecjvnPp##-QSNO*W`9{gQ zphjnoHcmNNxb@n!$a?+^qtt-)h^bCZoXuON8Z72F6;#?LaDU$Sqv)pm5Uj zWsccWZMET!3CF+dLl;bQ_#C6?b)!w5I?EoE_qiRz@CYY!zqWN$81UPY!7i`~SEmY@ zyay^~{GI^HmJ$0p8Pzea5he1Me_De#t@a3O?012~xU8mD)kM`g>BY3S0De{LF4i4QR3wM8JOOz8*Q&ZcUn{SE-qw!rT zIl3!gQWwGPv(^`!65(*AZYlgYWjfopj?DHtW|7dSH}rdF>MU4%geV6U6yae+rR0ik zd~jpi@}1PDyD()RaXcJD13BgXdVO?DPO$^rrMx38jd?15cVWDgANjyU53t3-Le``2 zmvFa}>iJ(`t~Q($0s@nq9EyUjZl$W8I;mpQp3HA}vBw}xf%#4Bs3z>q2Z7-vzkBw> zW~kkYJ9B=ji0nSf_LGlpy=;?h>l9NE=Z!1^HU*mH>PWuXyHsX(8<2iqQ+OPq#%D0!c^SL5W zf7j6@8X@=RcS9FEcI2IjO^0aOUsPz1TC6ty*5bgyOz?2-9>&pnG(b_yZXaYk4aEiR zsQ9A5VlXA7Vv9S#&YTG_)#NaDg@Lx@?SP($z+dg7v00vatX}8aIbg9C8}jL`;oF<@ zH=-gP&O1@V*Vpa}3ru9vlu_>js&jhPq<;@_y1L$6ztk#QS!+P~z{k+|iUta0lyZt3 zq~~i4c}1cvd5tPBa|#K1%fhl&Dj?cwVhr{A7B^AYDjp{wAF)y3e>G`Upk755S*hE2 z5ZK)cm_4jQ`$ZZh4Al(kerGrt#BvY*6n zU+ZFCQYZ%P4e?pBuKFxWp>JblU;eaZ`J4%yH>IeH=ufZyzH~Wy?(_S&np$tHh<}Q_BUH$P(npA5V2ych~bQ%(V-id8n_FVhgrVLtg~V zGAzRWY>t;a==?}LE?t4@U?`MSNVFY?ZAx&LZ#0Zb!uvQBqwa2F2Zj|exX7~6QKpHJ zo_!ONL>;kHaE4abRP>QLsGafHJldKj<391;!4y%IcYN~W3U6w<_JM_k^*}@nR}k>{ zb5!>%o=suz#US)$Q+VN1~8 z1q&7w^L{Kvk?09ql4TQY_%+#0rBH4I@Jvkar~%Rg8dF|b$<7ZRAz^XEAeeH!y1KfG zUTbu!T_~XT7eIdgp;OLz{J7F&rwvy07psL_Z)#vdCFcvt7S5HL@0bE;CqJ^94((u*#G_I^WYL}UKLl} z@Co?u4kU_s-n8~Axk>g{l}xMMlOg^uk#QqXq3e*2+RTxK2P9)9o+sUxywYKE)D#FM zh829Doy0XG?{Kvp<9VTjoq1txf)DD}P_`Wq{l?2f)HGpJ#m=;ycTK+X$%|QeiM3Az zG3$0&SBG95%-wi(#w=q0G8X}w4lK~8v}0mo{#)k`*ilzj)=!@+4XDZzU$T1l{2^}gHSPUV_hNEH(RJF z*oUNnW1r&>Y$J{`R|AOGl^$;xtMQz?8j1$ZSl`}`m9xrH1CLNr@{mol1<&i@GStVu zMYzw7U^%uM`5KXWI&cn}2};%(03n-)JdfO25QwwN2|Hl5aRXtf&GsbeT0oP~^gK%M z(qEsP3>W!OMz4Cgg@YPG9$QxIh*8=grb*DycSOIE5T8+iYK}pvA?kmv>r0fQ#Pci| zV)Y@M;nos|QAxvb!%(CP`|%H}7qp@Lk`(gXi}xE#V`=t-{-q|e)8WgeyNgvc|9nqL zt1Hxf?B6a4^PMF9UEkJJ&2RETQJz1c`G5wwy@Ju7Z#q8nr)0_#6hYOOISp?vG7WL& z)QU!s7|!MIXeF&bkR-?+FPRJlxwe5LQ#pM46M#+Kdf#YQbB4ZZdx?Ha2HqY!5)Cdc zLT4gss4LJWjSRnzT$Xl_KKL+)UFe{+>?iVrDt7HjE3}^y^)y8oaQeRbIGNh&C#}s@ zXg50@ge?#nFVrQUtalrsYuTuOdAI-H!R$e(iOt9*M!)@ypt#CU+t(Ys;fSVlp%UBKmz>&k;h~@xNubUv7gN zO@R5$w>*w%z9Un_b8LYUof*9+*ZMgW0nXZPwf^5+5~12mq|1L6;KgHdYM?D2`V^&0 z73JI#ly?8Jmpzu``Sz!!@Ymqs@94+M8FMYKsj z7fXW9ko;@`?yAAvz#3Lw*%(sB+YI9lUy|6Td`a%~Ro_pkVRnDZ8OISc1}?9zNI*KM zx<TJ z^%BP_BsX&Igr@S+=I+c(WbG8=Bs*9}ok-nVaU@e@w`A8x&rGT3*9 zQ;TrAPo6fM~CopLeLPnHABs|qE*D5>o5~x#Md6Br0SeTAHF{q z&((@GKx|D6bHvis!p*y79_{$$hA{3=0iu zA+~qkS8|VtaO`yQbY%kt#Fsowt1m>jv0_Hep5}%mp~E{75?3Lm2sn-jo|d~Dmfy4a zSXu}bmkFO;s;yv$FYfGIe|5vC^ONvmchW=9?L1zDc@1fPla|n2CWIwt*4^P}H6-C} zfYHT%aPqXl3X6cCd;{V3FCDIY9EX4XB@dbkes>;>hl&@@!WK?~!f07HvS9;BOPK~)Zg&hbJ_zcnff1(owA1ib)W z)NOHj*_&m>T2VrxaJbqN)T_iwQ@wlpu8<3=s?xwOJJjlkc8bqUJR#KSD9_(` zdA}Yvlu2|BQ0a2#f9zJJrNm;FPYsB zzW(#mC#qJ=7xA;lYXSEotSNqL8=Lkk@S)%pnXg*+C0s>r*?)UB6CU;B)2OGnjt3l6 z!@73|ewDN*@I{t>f~dCbF2R^?vnj#;2x;_57XqfKWkLHz5kl+jkBwcjQ4+}Ka_`cUv zq{_J~1hrhEqB=rrn1VB>>pr^fN_MEP6fAt#w@t=zEG;6;wJJxh7rA55bgL&wU z1T_g8v6#!>6U4_2Gtx&n%q3&zll;7c1PTdLa)xN|D8qavjEjj`g`$nMsZ4;nDoL1z z_;8E||IIMPbON3cR!&c8x|!)eR|9%wPT+qD#FSX&OxQ$S2$oB8@E64(DbRtE=E!G0 z3&r?ce&6}2(anz1q+rZ->F$ouy(Op^eQp7x9`G;vr~Gq zBY}}k(yG$^h&BQB`Ap}(>3H{-V;6#}b8J2Oh6Iv)|LKyY*a&hRg|DjE%R_2TZ9)u7 z-XDVY86CWQ*Id8}hqG1tfIfo^swe^=lH$@~Hy_e-Vi;LiCKHi-;{4PU4f%|ZA}vWM6N zmiFL8wuv78*1@1)1CE)iw3-h7U{ORo0r#4cP7-% z?(S+rPSDMe=Q)d(=kZHiklkPy)|HP0f{jM+)xKVZK|u3KmOZVR%>7u17>hpWtI*|! zA}tKxF)a$AA8`2Jdy4p5BRvv<5YRsWDd6Ay^~({)HymEe=EbGtr?j*&oJNNxl)w}0 zy~U%B@+g-DIQ!JK_{V?Jw&|)4(vFs?BmcIb>xR;B(TsZyxkCG6(plTeQmYt`a0D5%b8+@VJd2xcx*zV2l)q$ry1VT8PXMx9ui3C{wlx0RD%P2^IqKE z-Xd>}OG^o~(h@jFp-FhBKLZ-=nb&Ble()l<&>KD3;7Lb?e|~y6fJ%G+!VF#Q5U#VW z9;flEpgU~<;{<{HyX&@9UE0bn4wB{1Q-HCgiWKi(*JpOAd6 znmVw?=ltGF-R&j8O3unl^3=PBx0&e$gR#D8YfH6&OZ!g+-LS!O`VUCm@@HjcE{iq- z>IQfLvxrqxXaq1pu`)NlStBGUnsim5ef@}i_1g3>9}Dny@fmB#w|L$DXs&l1I9~$c z>RaSGt^Y;q=d$1gbRBQ|wT!1lK6t^DkF9K7O+9qAj2TKL7z4}$%1DHwh@cNM{ zVadl?UY?Ni!O3X(a>?79WV&}ON4Na%{GRjZ1|O3!u#o}Yz=)2nWY%V(dZ)q+RQa~V z)}OOWK^LP`J)xbSXXV@$rNd4*`;T5FWb%LKtpsHd!w*t?u~|)gsxxXM^t8+v59cDY zT5egkia!^qsf6pm)fiJ#C^CkrBK4Vh9lp17ZMxdxgji$Hp89O*Cgop?B*nnesdrtX zia{fD^G%$xV%OK2j;JxLG#GdoIj=@&a)rLYe(OPU+C!DwUwGbKMiZtIS1^OH8r;&1 zLWoWxX|2mL$sd=rtZsvo00UKd+?+W+N|7;>`6gI+stsFN~A&K7A9VLYI0n z>rOLLp|R!jf;5LOQ@#*>l@csz3PwI=@ahbPR5YrWD8Xl?r!Rsn^4VY=c>tsX0*#d( zEEJ4PkkinZcEW+}iZ(N!+ zDWnNHM9G3JrwhLNgjA6$=ypAu!)+HvEF$@-3IA6hioxH&z`$_w`i$eqhU-Hdak7diq2ptC>H`#O46u@Ln4=Im3Wi&?Ag_cz6L% z^s1=7Ue|v-ovjyiM#Bc!dz@NjJ*oa_cN>#wFuQzNN!lain z_1^Il+SsW4y!s(AzhW3)ak1@7OaAto)7aFYY)5rX&z~b&c~5L%YXx6kmeXl42G<_Q zdD)@WErTLGqdzDHq{5uT zJZT?J%|K%(r|za+a~f~cym~aB#TU*v_5Yqn5%@=_OibBuZWG;&sra9rfj|-{QP1wh znARY}2X2#<($dnT{0L059l64~Q|LBdS0!3>q#6y@=1mnaM3C zS;WPw3XAkKRcIt4taX}^u$Bj#N&7A4r-xa_qOzp-fd!J9${l_<&xKnk|Ei)pJ0TTZ zM-GmN6poU!nj0rr z@6)$oV=kX6!oN?{gxO@Jm)BGCge@`N2VWfQxwZ|oIBnf~b-BFk{qf@xY*0^{Oo#g( zfkFOB{?haLHyD|mJp7rNCcpz#eJ@4j#27``qsspF4V}8W>U)NTrG-dkMrqV4-UUHK zxQ9Qmd5=*juLRv&xyC3Udg?smzq)y120j6N9gda|a`3?@yPmlFcM}~Qouf{V6T=VI z*5x#+PEC?9mus+Y4bIQUez}6!T(4{*i*|ae>IZ++@A^nwz3i!u6nE&}jnPE+6jpz^ ziYX(BhatqkT>)!hWj>DFsN*ajro3M=apSAS_0JH^uoKNt7)Lu;2NU;7Uzbmx<`eEp zM=@tmu}IYoBJ3Ji#R&&4a$Jy%8-arc{2?6x!o5M8F$LJ0Nr;)0Wxs`KvJUvh$d3~P z$9v`dy7ORkY*h0Lv;?=w_V?1uA3vt~yv4fCScS^c1mE*86<)S$nuuz=Ai2S_FJmZc zX~64_##9x8`G*8xX`~>?gP41gjS6^0+I0>giREY^bv$W+Dk~4#HkWVr=COh-%w`k_y>ig| zeVcb7?kxoc;(x9UhDULRto)i8(TFZmJ3^OAtMd~h<$sKi)(qN3^n_<6z&L{cH%w^t z*_vw$oM0574OtXoUrwQ?QQH^uRsZwqrXlUqJoir5JcCcj4>D5opP@gu>F$b}o=Evn)N#o)nh5*gXv@Q7t(+UotL`waG zpBvflHNAflrEMISM==1-v)B4I)AP7bP{qG`&9?OaHe)gQv6eT!mOxuEbT>K$hWu|@ z*&-F2(k5U-GGTp4C_d7dZX3xlNPV!(rTVb@dI%(_+(`vJS=qR`=dnlF{`ZgPe=gPU zv*l!~*oF_q-NaUl8qD?<`p!Ky`sUO856}$<6KmhO{Zuh|NPm=vPdl~GbqgIW(^wVT z^r6PnrxvATldRbxmj3vW{+iY^> zd>A?z)(arLwc644|407C(kXKy_{H<*){{ZEV}o#vhc%efCGyy!1i4l_OX&TJR^t;P z&v<3lfA#e!njoE%nN0&->xMc6Z3wXpp;@`4)d*%HclE8iBtWRY`0G)^l$KY^WF9!b zCjGdQkf=#-X3hUdMIo@uDoV;`HB%I=q@+{=_dzG%PfR9JW^E-J8+)X9OhgtMEB&wk z@<|ot*P|g!n9K8hZ*?WqtQlTl7%6RhBY`fhmDi)uepTJ}(S(|ax(nl^$zC4Lp6jU_ zs4LGCmyXn(H6rF?c~M*D9y0E~vkL{APXoZfB7#Dn3W1~a5p-Ogq8!lxf>JrRkO+51 z;5kah-frx`yP-A#g@Eit0a9CSF!o>sjRmughTvlW9~ zQf1Eu?V^P7zuwhn#Y5$kyx!M&TfHaA zlV$t+`??+E?h6j92JktnRmBr^iP`f34v5x`9R&&5xd(Rrx^NKIyfd zSXsH70nvmKOmO1G6uv4uX(>sqp9sa1pxbk+O>qv}K`4a%9NDo8kqWaggel!a31}(4 z(#rYH+S@IpvWa6HQ856)d&T?rIAOJ}O{e#MEjKfT3<^=uO3>d|P=4mbzo~R?s!mK@ zDakaHT8;aQ00A_<{qK8ggleJm68P7uydLlWP17i(UZw-R%^P7c#f0(&5Bt}w-xI!v zw7us0N2oS3Jq&b_pIoiWZn7|LDJeg|J!aXJX$+Tea;2k@{5TIM&RWzEQq{0jr-s;rzbMM`qJNj@yU?BXXPkuIB{YsNd+N^xEmpu~P1nL;!4G}BG||b`Z~Ao?3d`#+ z|BZNBw%m(?=>H78mV7bs)cu~k7 zDCGOap@oI`CUrGMZu2)%J`tUuN?HZbbf`Hp+WGQW|7Hh!(x;h;s&F_A#@i<)=h|7GasxJW!cB_!?Lv$I;J+L5fG zW72XEhZB|~Hx|!k9{2L;?5^+x-xpZ>zG0Sz5HeepH;s*qG*qpWN1K8{oX*V5OglV0 z{AmiOa=tdXwVn$RFJcn?KgjJ)H8U!$UIt&vVoZBoetFciXd&txbbf*7*GEfLtfYui z0tNjT@jij@jZK+PWK1=^^O(V7Ay5^({cxk7j%21y`kOW$k)UJSa$w4T?iu7Y&cyC} zA8%CC?>_vyN%=gVp`~%ro+w3ZF-bzmAVU5}mlsT}F3=%$LVBzf1O9|;7WiiCU?sMy zXa&9Ad zD!!GL{Fsh@9a7l-qP!P~BkL#o`(AESpT**fi;CI|8cX>GXo?&sW}Aa}4DZwu&s3(L zTJT-rrd%;`jmDAUs~JZ}YYJ&gQrU2lzv4POqhz7phdx2Q8gwa(R3wQ$rEJ^WUL9+S z)OMQ|Y8g5GqX>RA5Q9*GT|lu#yU2{gktS@uBruqC>4rOj)z_wnX(woCYW|zmMSt$h)l-$atKsk?hHSvXHsJCL zA!H3>QCnHDeZekF?C|YP;C@h2BO)=1vaeDX>8>qfe>V`WT*zhhp(ii^Of75ya5BKF zdwq2!BxEyRsR;)2tR7jKExjkiu@&RuCU2;JxDs9Vz4smdr;uR{4bM)+PZ6;S$FUCt z=04U5`!BsKHu_}{zvtDYygVn?aWh`&>~*4LW`1lnl_^#m>|Maiqy=;4Ck_q{u8qTx z5V!{mmI6+IQ5<;u=fj%xR$XLGBg>v$T-Cq6)jd4t<6mUQ?<m5?09SID{2?5H&`c5y?^y8bp$7+RYiOF zg%z$$bnt5nw{k}LkE40={L*1xp>G82Di9I}^U1dEdKW&I*`PWV&ryBK8J469J9Q`# zuIh?JgJq!bq!;Xcc4GkPg*w43H)t3V1bS8X0>Ix?f_fHr~}DiFBOUipYf)Qw8t1JeTUH8i(gjvY=3;5Lc- zu2U>NO>dRt^YYE_*XRmZWrw9-9R(KHq2q7JK+3wW7v41(PvA7TZgITY>V}UcrU?V} zt}QsR)$TYOAvWK~8Tj80r*+|Brj3tA?OqWtH1!@V0bjqJx4*CRtp1@71rs`Y%y$+c z*H>?)o4db=J+H%{t#=@YR|8CTizDB@xgUZLOq&Qh`vva!kmC?SbEoXBMwEb@V?FPP z6Z>k7(Yn6T`n!p^dwY9-w-TI$BLn9d#C=AqK|0(*uCcJDeGg|8g3`cI@!;jf&(yT? ztA2%Ejnx7Gs23R6>xY36e^{Yab?aX)iVq)3IUaPpFbw_V;3%XN#5Clahb#fVI498E z)89;gmyvu!eLun5yBdeg7ru z3+U3Z*+pi)se4@F9!So#lYhy;xeG%MpIni>YEn8sTW2ueOtoImQn^Y>qpoCsOZP@; zvC9h?&?SdeNZg&B`8(Z@m+d<@X+&>i9K+9;mx0_L{&8{3lyHc z>u<=SVN*-QMHgeTe0b6Gme!RNKjs-#Ka5L_MspZ<`=u@8U+P0o+hUavU!l*S_9Rp zLXG}a=!IBVCQ3Q&JzO^;~Q4nUFw_m^0-7N_=gpLaqtD5 z@yfiM@N1dT(Dy;n-8ECmU^KUYwx6@w zXtVI|nQQ2%*Wz&VAu-2Hqkq8Zf!M>IP>zjMX*@|!#&LhZRZUGE`S9PNfN89*K6?iu4+}Scey-SQgMofcR{5?7RZr>C(+v(#hS)hQ zoVjUvHZm`dnI&G-r=M4t_#5nhwrXu}3I%`)?MczA^uHmZTi}fh`Vef|+G%Bzf+|Qxu4}=l^x}405 z2$hv{m_fZcym&aYHlxC^I6Yc}GZfc+kG+t(xUwRmsj9lP_!HK{d@|P$NkUvwGK9ia|HH875SFC`ho z#S?fJv|6PMRaYwL)YKGfKVG8QEwhsO#Z*IO%&8>L zCNb<^U6>QjErPW1zAfd?Eg2q1jL1<5A%gU6A zn;U}v=d(r>_w*DdAcbV^nonf9!Bx&*US6&}XE?w~fPu3FWNGKS-c+OsRsk27TT|YD zZP^~le}`|XN{gzY2HlAGCSFT%HA$W442ts_X`}$T71l1>fO~}WyGcX&Ls2GUzbnGY zozSl#l$?LYR)ZHgIB2D>u8vn0ngw*LG&Qv3zaCo!Q5~o%lAtPbKHLb_LUXhHZ#MKu~b-jY)jxsh4SyVZ5T}_iQNN#T&~UH^P?-4GN0@QH|?4 zW8Xybb22*3(EQ5~k)5GkFmBDa18GiIl@+b82-aMhTfNia3&z@MwLZhdM+AS_$jN`5 z0)IDlJ~YrBgfhF`WxQSuaNPa-XLo&mzAR+%Jv;b6d3ZT^WaM-M6H!?b$JL#*5N?Iu zdB%*O$B7-S_%II6fx0-=T|VacoKY!+TGE`6K|U#etG#Mu+|JVFs;I_$cE(N9%`bd- ziBNPz40v$_DFo;U7AMS3o~Kun)QVhL1d==+J|C&*URObGR5M*f52F*gfKm#corvSzs~Ut8fphUh`QodmoiwAz zkaC9Uts{CARMc=W*bl0ziCFHl>xe|BC!j$n!4!-oR=)-y1D^M`#QSD47;Yo~W?{UtRzBoZTS+rnh;xzmE$CCc|`LsNb#m zUp@-h?HA;kULZ%_1$;bd+~7u?02)upMfDQXvwzxL|9}ZOYA>pUq3idpAw;-5EJ;ku zOT*Q2Noj`9NMt}N7Q~+sCs`SsR}{k55#iIpa`SN6b2|{5Dc|r2|0d)0X86a@tHOWPqzgV`QQjDd+IJ ztpGqK@1_qLF65N%zx_kZyJaTbyLS&qs*g6+!K3$o?7qYfKY7!Ax@LI6Mj)XI+I@tV zaz9i{T%6fK1;55O&+0BV4NC?66kN!~WeMo0<(1#M;3`;k1^_4M?bEqM^U zH$i4iF*-ipC`>Uz8C=Y2;MK;t+vN7mX~Fr@GvZUS?GU1ww^L&WRO-{J zsX;B*eHa;NzA-YD6vR;$1ph|FUIMQ;IW0#>8Y#<9@^{E-t=RsT=$D4fK1Nk29410{LnSYipv*>tj9C1VvF7 z65iq0z@f7L(-r0EPQ=Fo27j(8^h`*C2TB=)jK`=`8W0db5D*#~2*ZeX0Q&2GIvw{x z(BNQIB#YYN0M7*huDJa$$E{^cqMDxL`#2x$?o)1eFe`_}Sk98qabx#YRk8IYv4{N@nfwmLgk$KczWH% zXfj>6Obo$>vvd zIr8aaQ;`3*t~Wd6@JG4RzbzLXhssi?HD!XaJitsqAk^bCp1t5ss_LC_W| z-@8Os@X%qYNCtNf3j(0^wQ?4>-OK4Mla!+Ecd^2LDJl{Y5|nsIhmVmMOjtm-ku&Sv zj|8#nozJND)+s{_1oe@2D@{2qjvIZ;&1B~X$IMEFE~-*CXEFQ>iQ3j=rNIud3M(nk`XU^c2F#$pGTn($Bpnmir4=v&IU;|kew7%cL0Io`n{uAgCh^)0MrU@(v80N`k z1}utpW2lkMS8eQ6@H7MlbDkcZ7O`zw4%Du}$CHWVuIYMU-dMzs|Kc|hbkSTPpGY|F z0l&*<;et2ojVp^m!4r0p4MXz;YbleDVgbUOc-D4KXsGNXAD7ZCVTrcAv1zzK=`r8K&J1It)w*3hEKBOP}PmSPdNBaDBhqH{g{5^4N5Y!J&-h*GP4oG&t`>rKFvF zvUs|c7pETm*pdT7sY!1vp)boiLvI`uY@GimCiM-H@YF)`x0*JCxOWOEP9~V{C8^vt zD(@5(^@BvA{POhIH_)4pK^egLYsC-d6D&#|+k{AP6GZbm%tOFUfEKeaF$Rx+od&t1 z-+guwC){2j2Y9a4or8zt9%QmZ_0P&3V}(}|j(n2rUgvSFW+dw2^%ME}k7&m0X!^72oIInq2)4^Wn4)8>quSFt&gn3M6pK{X=Yg@i_r_rZ+CE{?z8sHveKv#p!>*g|PsynsKSt*^ zvbFj7`$V>}kr()wxMQakwvr&WGw*j3!m$DgCHTs-I+Mf$(&Nof@rbQrD%Y8i&X&g zb~>+Cc*%j}fuMHG0VFC0h35@4aG18>h@@7Au0NFdl#%G)tWMqk6(=vQ z#fR4DNZFq|p&PjUl)om^e|SaY=&Gu^5G|43{)kljsDL+ z7gZ;ZgmQ1+?4rP2^;12}zAgubagS@bLIZDyfVI`DCgb}N9T6RIsRm}viLvJ&%V~3? z)s@=V?K*BIYHHq0P%b|Ewio)=6pqH$q>2E95%P-VR|$x4PE@)T!N{Dcr(c1~Hw@sL z-o7AsaiE}}K>ipHvkP9H`ts`P@ke7g7jaOKfS{n=rl7+_bm;qCI~jkz^g5>s!ZrSL zc*UrA>6)q!?GDe-V$x6lVa$ZaI9aF1?(WV}i#h6BXg~KsJ1vi3fLihg!=)9{>#p;s zRQLz1EDQ-YHa6~O9*Fg1eFOJlGz~R%V>~IpGrS)EM>QqzY=YfS9KF3KX^sR@&--fM zDcelC1;_oYAStA@rN#I4iO0z2M1@a?J^w{hgv`&Yy&uhZI#<2!ruqz1P^fFjL5IC5 z{E?UJ?SLip)hmo1I8=>jVCG=8KLhVyEIHX0G6F(Iitxuu*r^>mRIs0Ay7m!nbIZi< z*#xmc9?2=d=C=kilKKO`$y$nQJEP(M2EhEF%!k8--o0ZZKjdcC+?(T-&y$>8Zh2|; zKmOeJE?g%Z=Gy+=rSRU#*!UG8Dk2@pz?n*b1ig$sQePM^S3Opfp{E{=XB81->FCdf z(TJ|`{W~nl1S{m~mFdsxbc#_duUmbZS5R<`up;k5pMHX@rla$*bDbvkUziUIxKa?O zc5-uIsPi?2(jm+*&%tD!^bDBTtN8f%>mJ)T;FXY$7(&}ZTWgMM72KZ}J zBi7u9y<(_M;dhA1zNA+!A8Qj#%i`U%1#3PmR>{rSspLt6|c9y%z_FxE}!Q zEe7oyA`sJz`~w0O*bN#T#ViBC>8U9}M23r7gZEempKc2`_#NGu6$htPB+$IPP>{>M zOOc+F^4nX(Z(O`K$NH>7_gEbPk5F7K(h~C>+^YMp&XA|@4$FP?D*e3S>o%^sqsg4W z@^^u`QI&oRSPflUC1FeM<%T>m_>Te6QvCgh=!A=PR}HTjkWM*xPV7qQk)jER(WHnw z$v8m>E;&Y70~pg2ZhK?%0yd9N`C40wJ{46=g(f@}7k%5*Hv=xsoeb{)=qF|GYK9w4 zjVHnfrcgmlY37S-pE(-lvXt?1V@MF+Xtxy4o7dyMEGrGM@0~oAil}fi4};zo4R1Hz zvQL8BjPLhGNA@Wn%}*o*7x1babUM6OSD%VkLMJ`H{x$O#SpDK@4Ahl0jm|MJxSZdl zAR1~rI-ZV#BE$?YvU57<&m1fjcV9-&@9}YQh4gKd|9RFU?>;N?pFEEuE+k@GPLI^p zqUDwzA+6FLs2^yrXB~||iB!@CDl4Ee29!8s8VR%Hu#VLy{ z=?jO>rM0yD2^hq3S*#AOr#A+(*Et6}Uel2+7yX(!5$;s>TTUEk>>M1z zH(KvH!`7jn0hJfW*of+6z9zX(S%0{zW6gV#B;wjqT4LlVX*Gvg)f3^BQ zXrv!6xacc!K@a7kGNNG}lMf~+La<)&qTr;(^S7k;`m%gvMkJ6RDwApAVz*l7Z<@G{ z*`M|dEJ*h$j9wh|Da(pGvAe22cFNVejwguwvT6ryER@prJg8(~Pg}^nUaJZkqjb!Y zR6RL3_?YHckr@{kcL$h${B3@;|6j92M5V@<0fT|Q{_UHQv*@)9 zaj2UzRLyiVrK7R=E@Xn?vwL)S9nw^MCZ=q*cri73-0S-S#NhP_u^%-x7w}yJiA#9J z-OxRga>5Btjsdv4{Nm6lkByIE2tA!YQ$z2^jpM%8H8dD?51B&1qX1(4$o#?Nl33Ef z4G`w82e*hhlBGA=_@|LX>I!RmB^IX02{2GrCN}Awh?|k^Sy2HJ3~UGo2VrG}TM`3v zne)wYyCMTa5GU{{HNx-j2=55gzG z*TQ6=cFTV_iE&>ho}P(m7{7cLn47rc2HkjEa(@Csb<1)n& z?-dn)3Ws*dxbQiviTV)AlOHZFZkqVxs;q3ssiV0_&@aE;r{ga)19|VT;3qNfelr@7 z-!LWeo+hVQmKm<>2Oc1#6#>@n{(4-; zg(wo_w~vK2pMsmlJ=8fjss}Nls5ggGJKV*;yQWN2)LH)u38q&JB%u!ZoX3_d%pXeH z@cDiDy0W;M?@=tCr~uOw=~d=-7f2%$w!s1Oa{Dzl5|vDZI0u=}0U}a$XNl~3g1tm8 z@Q0pjv+Vo#gh0>&t5>Z-Gfjc&`FVYP{o9s9o&kdgDJW;-NO-qeTW7!pov`GH`>sjW zx$4QW!F`60|GkeGDAgUc)3Dy&*y2mGHNA{ zTakNpBOKa1*2RcLF6!%f00gGZ`>(Nlw*@`+A+)r#V*q&_e&l zK{<`XCra`5Otc8nU>Jx#lAo`yF)u$qrNXR0HD(L}LYIt{M;i1fgqN2$Ua~*dF+6;A zvo~5Z-6&fm%kIOZj!^GfNVS`U8Y4AJ(3dY8R6TAzcE7V;So8dd$)k?L^*%%Qh~{Z< zac?23EE%E@?1<>3U`eB1Ajftnuc*+e1Qva?A1f2m=POkv;x+>67ohJ1qpxVu#s?8$ zWR(m#CpXs(8(P~lK0ZG1jYUuDKAPz5BQ+C~5_aWiR&QNw)Zu$GM^;4oXw8fkwt3@IVbKKST zh^1d)-1g^EbK*xB!3?iHb?NMyhvMcA9!~Q3(9l-s&OlMT&m$e|f?9R$VNx=0jxpK^ zYJ?;b-Gai;^|ePTQT%9Vh(iQ>sGz%n z12$CKVe#xWTx}0L62|$?ejDR5KSkDS=`M{plmiwjUe<5ek3YAj`Bm0JcV24O+mL&G zd=N`sR1_zdi%36LaU~Rl!9a}zS>G)sc5llXtz|Eka>6)ex{E)gO-Av+<`ul^lpXo( z?}c?S2lh4rS;U^Wpl25#V0a|fc35?$*n)0vyW<=1h&Hv^O5QT@@OV~z|8CounwrYT z^JZ)R@6hlU+INl$m?xq&X-bT@i4Ne{op{*yl2u-Ot~WytH{W7>dH;E{@d zSDnCOiL0vrNwKn9r@D`xs+Zk~&A>zl??NGkkV9@PqDrtND3Hcx{BzM6SmnbIf^net zTp;&uJM4n^johl^DVUvoeSPP_sxKBZb`zHAtzOR_HIFXsr0b?2NU~a|ic5dib3tHs zIJq@7$NOPKqXYlBw#~*N-TCLE;niCy!|#5^fr#MS_)_a@s58K3O>&19r93F%oW*F{ zRd^dKh5>izp!*}+}c<92|*6UQPJa)V{O z)1Lr8Rswy`W+H0|ltiOSqgx%;_f_~^!6m3K*4=HYoL98D9T4c(DTOAub!H%HM9$ zzvH4S0M#`@6PI!~x+d}P=9Yby>+Sr!ey={H*6QbP5>6PNRfaRG`1VgC&I* zA}Bzw;|%^X%0VosNB*C*lTO@&#TpBK$zv@Rf%=`~_b@U0bV@0%WR9N&0;={|lX6=L z*&EdM={8q$Dl5~x=YH=|<%O7~)X@=NmwEUkkMe`Yy)dWw_cf-FmvSloA@ z5do%Bl0B1Y4X80>6a>!!FknGYfcD%;zvAuU5Yg&g!W`5#n1D1JD}qj1mqY%0KHTSu z%v>ZhaD6=je>;>=B{Pa;w9uCFr#Eg9yiVSAH@mU*c5qg5vNp`W2f-8)LjgeVvP2E{ zK%c+`{nXx-JD>0M-@m~<5@IAMe#bsjC%WC{7XPop#ALrt=mdsv zi3S=ECFD!{pyLfrhJonGh0nNyixRPB=ku9j0e>7-HrP2hT(uMwqBDSe#ZG0tm=$~p zgbC`a)n>=)gIFu#|Iweku{r7u^jA?e34I5nsG_3X-yV+KqoAPRtx0$eu_ly__3^Tf z2wnoOjEV`C+&U~J4)dDW65{Ggmtf8M@G$fUM#V)wSJdPGE}F`~ zue8=v@~EZ;Ly;9sB6AcDFSQ;UWW3nj9YW)jLhSlvf{dOZ74K|9V`BAG`=+^}lqRMwEoXC;_Lz^s&+F}hgaM>xC+4kk3Twc5%>*%3Sfj8JP(3t53aK0qcZgP?h@srmWFy?#{uw~t}AZ5#>DwBOc& z%Mu9{HCjq#J(4*WC@P&3GS^tSz3@}p6duBKOzsZphORw`TZGJB-&(8I^S0zW8xQ zim^0`iHX@jvplp?n62DgB3MVhf&qP2h7&>K7RQTa| zK9hds7ZH9LG%Y>d!BtunW9{(I-5KTP?yjf#-tbp4@ryj$>?YBgC9DMnqyW_B4ikB6 zw}5~)O8_vr3kI-PBJ{}O(TTTvt@WRLeCyc(zbu4)K67txuY0v+d3YrB!7^JZq^tUM zrk$FMT)_uC81&O{3t6}sBB9|5-J0!XfFs4Bl43+dfp2GUu@_Xa?8)>atw=Ka`S>`k z0sD-ASBIB}(K$%0B`nsa|vKK@QI zBkhJt)Docc&*6o(<(8F|S%5AJ3TasORx2g2LoT_3`AwH$v9NreL7?k&_~Q~1;-9(Y zaGq_M{6%B@@CZggWp?g;`5h|sNrHa*TVj_zI`1y&b;(v|@LxYOZmE96&=m$|X5pYQ zlJ`OXfOn@;Bd}xA1EuXDrKoQ`eXB9Ipx_dIi0QpA@R(jj*^*5s>($$q@LGyS9Z?Jo z%7;1&(98j>!rU0M*dErha-Gn|XNXNdjQx zzgDl;zKveSv_M;s5Q?tL)wE{339RxP^fjLaZRIKLT*-|Zqh%Y3qA(-2?rdE|6N~uw z2%Ug}KiH$dWD+@+|jsCX2Av!ram(36Ks_i_TE z>5I2@aEQD)ouL`&5>(HMGKGj`$B0^zvFLC2t5G2O1dLtP5@L_*E)8V|h z>JBI?GpTG+K&HTFai7f6QYO1?DQZVZs|r?r+DUoEug^M(eVlYh-Q!s zhu`JYAJkBze21N!o)-E;pZx*+AUle!+yjUhzNo0kQ5c-78zOF3l(5P6GJTxS(AU2b z+VR0}^y!IvbYq23VOQVlt}3Ffc)kRWOfbEL39TztbSi@8GVrsQd*d%y2?m>bJ`f=X{OKc40b14^ofW z(Kaj!IUwIlolRTcsd(^JP0Rcs-ys>->&O|);!AKnNQX+>wLX+y>I$jR&so#2li5&iCgbqr?w2c;oayrM{O4~-Afd)pnuDN#+ zxO_<8Y@(@ii2C_r4QsIW%&nVhqS#u(O?8b`PJYDkb9E3zfjs}oU7?yr&62VmL+un; z{PgQXIwO~3oOeIKB3eyHrW}m8vmajK$^FhIOOHbU)eiV+`86bPSV1 zZD4nWIkSnaXQfb3T=^goEm2zUW^D(?!>LFgAqeiMTpS)TTp@`~Mv(#i++4jsIXXD? zh3WtQo4A%JCtrLxHVMz*4(J6qfP%66eBd8AM=DNPY~`A1DUm@e;XceCyx#WMITT66 z|9hYTjG2c>CD+es_jIiz6M<~u%Jq|7r#hB_V?8=C&PH!^N#I)zIDhnh)lB>~L%1$2 zSM#>#wwveEMip<+?}PKon)?tlKypQ!^`fIA6$h0oIXa#U4-O8Fk&r-1UN|0~zzJ)Q zh>Xns@_5#fD#q?yir(MvhSA?$iRKYA4}S&~6+JyXuU3;{>i%k9_(^Elt7N8t@k~DxKzmV9Nz`87Y3mthtc{l zdJ7G)eRQ5DXl@w@9--zrIYje>bd^mH^dGaQbK z)l|-_iDgG z^45Jpx%j2FHT{bT2iy$?M*kxykg_rJo5PVlN7Z(i>@`1}gy!<6Ht2hJd5IO3mHD*+ zoU(!~2v$J`h%BPPFj!gW*|jV2&Y^xmli!7$TCA7@dDs(28qlTR>kHHn+6RVLwO3Lg zveexf*b%{*q;gaIx<1slGfJL`xkVC1`nsUG{QPS9seckr+Tnw3owI`j>4>9)&7lk+ zF*x{d&Y&9`@mjwK-##L>jJN&wm!&3<){R~~D=@pXCKht*BY!Y2+Dw8$s+{8WvV61R zVY+4KEK0{p`=9$2v%WtY!Xygs=4TdWxo8P1f&;5p7;I#joi?WKq^F{UL59u~d*jLm zuq+U&HQknZt(n2e&V`u~Ke8$o$O%&UJgChgl!k7Rc!xCJ`uwA~I{Y8FJOQs&q4LPB z&w!4GMmUki>%cW9l}e_RA}};&zp#N!ZDNg6Yp3;_-sB%Qko7e))FDD|sGiI6)hb%V z*gLyj>Bk4@e?TU z(0pB*A72#l;t>(?$JMO>Y$r#+_FG9a=;Kph(|8J3P&KE>mEsrBDG{m?Yqr`#uM=tp z_)`A!8EA-^E&^JNK2}8Tqam`LSyHBE|Fk-_nz~+mK`)}7FIydk#%JlHo>qQ@h`=IA zZmh}EFNg_B5(JH@h3^1N16~8@=t@2|r=`XiZwvtaK)7HjH=bN=9VH7a9c%^Tn&Z9v#mwRuzuK}L0f!i zUY^LWSc2}4-vJk((SNbA#DULGeY`*GO{+se=a@?esDkG5jQ*ol%wMemy3;{y+EVQU z>#qw5B8)WglL@TJ7xfm?%lz`Z%jI#lPYI??nsT`QksE69huwMQ$^#7_;&jX;eGQ;pXvaNiOle#nhK8Pj!08eArvOanwRYibH>n|JForL0 z{Zp7mgoT~J|LU!}?&aVg11+M+J@#>_El4r9W51xc*+I+#^*G@_pfMboDv>e-It$8` z$UPm?n6YT+_4gti{Z(ZZFCeCYuwR{8{NVT?aI<<2vis{UckBK^jl@zl%DH!nOc%-~P_w~-j7=h1 zQ0^WPL%=e^58;xbDQMZRL~UAfT|raN^~+yxY=@mH&`pANl@Q@}TEFCc6~m1ACBf#l zH;XUTf5A+(<$jaRXj^M0etl;q4t*Q&cS;g)K>{8?eJc91@fWh_1?cFFVf zIjL`Gz%r_*&d zs+C9J-B8U2PsQD@C0MJy4k`v=LBO-*NqPvu;r$O z97joO%AM2ZI`NkOfxt*1Z>c|v8ddVPRRAtK;lYwKNW z_px|-dYVmAQc~`96jB)v$Yi$z&&Qoa#Ulq#>MkP&IXuG_H_s8iWT8KpB$oeuuaR0+*2~{64cadnOu+4bSUu3M)U0%7&B42Yb z!8(9kYX9}04cuOTV-WHGFHTp-P{tc$vUNS_OJo?GB)_;G+gS$>Vj{jD6d6OPsJ>0s zI_tuwm%lQ8Sv{*OZE0_8DZ)~yNg;+>cTP;KjdFy_@zvSF%Ng0}){SKno-~Gex}zd- zu%%zkO#U}C>{`BP0X#$#N=ijy;y#xrB*q3DDTt$I|7cHel2IW0(e&T-bayB3?(H#F znshv)Jhl0tTLF%F9efENe@*5}!y0;A4L1k6q`b(4A$Aq+iu2-E6n^T2#)(blr@vXY zEs4(ICfD10r3~AgR--Py9AQMk!=jeq@zN!o_%?RbrBPwPclyk3BktxZI z(dVgl@8Ib8^V{KtMgkH2x1cV-f71!_T5a&M#XdlP*iPjc0GXfAY;vf%XZdLMmXNM76ZEDqbHuI6I3?udS`2g_yDkV1ctTm>zs~C+Y=- zmh$SRFAZX6P$l?!%jX@PEp6%Cc34OzA&$HIQE%uMvGB%x%s@CaYY|NDwa}Mm*#AphnLj`3pxr#EyaU3S*~bD_F5aa;qdpxdXdPCm>)X7LHOpb1z>82`Yo1 z%CmPlq#*ARqTG{Ow#9S$Su`OldHXC|hT}z#gUwJM$UWMoR~>Wn`=$xLd5@JIemp!n z`rQl)iw?ejXLwhw(eoUz4)7uQJbi{AMg;}E%&{?LD5w#AGT~}Iw8vc0!;0Jde_%2K z&8`r}9KUkwS5Kopw4}UT_>ZwtLA@gdod<--J;#MYCdNjfPcy|7JCC>O_k0!+L!mxb zVhTsWV;H+rktsJW(WJDi}kB=C`?5PtQeaC zutXDLOhlsF(O_2P?~!KZT&u*rOv##mEBR z`LFIfBAZ{&dV+CzX4L)AXOrEjFMW0D_P(!|-LAPw_zJkE;LTsX=FxEAx!sV#F0{hW z9d#+p+`;=Y-*>j!3<~k;^WJ@{BwlOzFw)7_3$l*t8%(?0Y=Jb}Sz0@;*O4SBeJH5 z?mpfLd*QqlM^8YH9e!|FGDW>$sv!w@*0>v}y0SsZ>tHF)4@#J@J(#lOfzF$T4D_&= z+ddo8@c4AwUjMeBh>3og_W@B1{MuEG<&;8}n=8cJ2kTiJW+BK`mKte^X=y@yLPEae zx4GpMKiV+LC*UMj1QK5vR~IzlC_`ol#HV)NwhRvCgz@`_Pt_Fq`}l;vYHpU_9r^a3F^I1C z03Tm{2H2vZ+FSZ$3+s3l9?ti+QsU6Oi-6JbLub&wC94OKm(ma5joZoLeI5 zLm3`HqRn40^CL`Rf_w*e(yx+slo`Svrh(S|2Ut6Dc5Z*y2c93^XC@>ue$VH76-U|U zzePOwW}3^P=AhQ*)05_PoXbUr&o}tf^%_L&q{A(au~tw{Xy z4)fImOT$7OE?OdRnN81lB z;bIxn75(26e#$kWeSBn_*{ig=P}u0jIwN^!TNF*;AL7AXwH9c!xkJRM27b&zJky=2*v=eG z6C8?{1e)k8==sMrz^vQj%dzZ*<%Sw=s-YslH5N8#y>YFR+jf?sz}kKd7ni)ZYbvQh{j=(4m9 zsy3v=8>NbO6h6y{{~hH*;&d38N=n4eRkwv7A7TGiQ+cCUDs_HL(W#@WMhSXDEiT?6 z4)6oGseAjVmWG5J3HS_st=g1SLLA#`mB{9}@6fpCZ==&kYmr&QJwK5u)_h#A+p-DFDHfpnF&%3l6tucW#}NpfNuT*zHfUrr)gn=bvwr=qk4c4N_`dF#{2YrvX#n1cC8 zZbcslLn4vtT=qwO{mIg_MOvd56sb7{Jp$ZpcmV-_Pm>JGoxY@AGfHBd22d)w|OJ*$htF8-X_r?2CKnv`aI9ctHFAdt;r8KL)fb7S12 z0fBErw`INVUdu4z&EYRdsw>wHk@l0<6`Rh`Y(0iD5W5f7*-SWZYN6!~t0JlU#zwCEK= z{;F&NV?&L%q3f_R?$9|t1nkSCuU~O*DKP2WS;CNeFk%~uDHv_HGGuk4gNNN2#2AnN zjcm9zFZp@q^J0nr<;wu_e`9mhoPPpAp_=1$YZjJgS8F`|o7QGz?BE?~5N_fFu=YY6Ttc+o*D&>lu_b*?AzUl-)v4uajmRVhEU>Z<{?U z%F9WrLE-~Ci0)eKFB^zd6M*v-6rdvms}9zO4>v%g937G&|L)^pRmp2Q2qEEqzOjO~lg=5*?%^RLSu1J%N4*?5IAt_2o8q-i%EHab=Ng)(6Sc@h24T4h70xXbI;Q z_y@5l#mKCzthB(8h=e0Z0knfC^+gjY&%IMy&twtr;dodG#y+uZJtl~mH4KJ9UrbVE zFkx$d5~Pd7Zu}hS+QU_@TeF1YqId9;`T6k+;|Q#w796Fj!ZAP6|_ly3fKb;RwaH++qX#4a& zq-W#Zk~fP(RGO;eE}B4OLnAa+yZ80$*N=O@8%IvGjW#R%n zeSLj7##CY#_uJLILbXF70PyGTH2Kgg$w~xK0`VX`&?DUAWqQ(xK#=ywja-j!PyIZ8 z!i(hq;OqR17u&b6FihRa2z~^(%A7~u7|QP*Qoq5`aYp(86F;q77R`I| zLR?+4S~!l)xKpt-)@6J!x?BM}o5FDIbr{`BTt@fXe={1=3=Pt_bW z!#9a{e0X@GsR`8-mi`s(6B&s`gw+;!rIm7+n6cO!vYoN2F=SRMO#<4$Y#04*D5a3Y zzp|H9}7tzR(lUtj8<2@HTuvVM^8;T1UaTW?%CetimF#>-@a76Zm2Z z=e=$8$9%7aw8vDZe?&;=dm8W;_g9!>U}EY3h2$y?)K>}rXJ}HAC#+%gB<9Bi=TVG0 z5)5>7ex#m0s~dThWZ|NoM^)LqKqb}$0PQ*c#AsD({{7-|KTC^>7>3?F zBY|7O-3-h)vOxQC1(3r}|1<@`IVou_KB0e+Rm|amg(sn3+lIx;JV^Qj$rdo?1EyNE^;nsGY6RSsFuxP+QgcI}$2ZXt zRiDRPqI)EEz1rU7Lr%9uu!M|{0<6j2+`L;I&krT=@#gpdgWe7Fv3z@(!(%T}*&d8d zKVEC7O6-UVH3aw)X;7=q7jGLMy;TEUNy%W>XatEEQwRqyZ=KKm`NeL|`TL(x*KxHD zej#_dT|Zp%r-2?izr%h>o4$BF&kv@O@AdlHOz)GWlbQ;`aF(0147KLZA0Hh65tbMm z|L0_>juH?mD;XFrveqyP2)2um7Smy-xNX%#D%M2!1t~av>URog(3iBYaqZvbEk3v^ z{F+E7s7Y7$gNwaFV|v4$O|1jv_SwC5QdXm9hwlF&{$#4L}KRs>{TK(Sd*1V2!uhx1tt<7@Ez zrdH;_7`USPiV`P}7Xbqa*{IT^6&I2Hw?5_7>a*OudwsOmm1PTMXwH`foyYc>B_33Fp# zOdfeyIglEj;(amAaw(S;lSB~ z{<(yAJA7$5v~)i{Dr&Mfq~7bm8;63z8Bu5Q!u_fp=btXov@ha|rb=>b}r6_uEnhTYt$%*d?%!OJAZr-W5HdLuIA2LUQ5BQVYBf= zz5ujN`%9KyVk}}e4@%hIzkdhn2P7as(pAdw;b_)JW~dh&t)&gz4~rcygW6oZG+R^6 z;ZVJ$!s!;FBiAqL8~JkB;`@$Y=T}#}v-9&)IkqW!)y3NjTu`h9={JS=-&%a=6eZAgQnH6&Y{L#%0yOm1 zbY~mdtixcxrzd>-7Edd5UZ5|Wh<#1~o)GDi?hA!5oA5h|E5ZmQ`+z@KGSSh|p6KZ4 z8uD*oG!T0*;=TckfPbyix_`c(4yXT5Vv~1)7fh`1Z#{`O1Sm00>d=!BDaC7bOQ6BB zizii+A9blj628Him4*7{9CiF|z6}Z+uxW^zBcTXt|muf~AXf zq-vO_uwLmcH6TuL+L0q&pG6}eBC10*G+w0vv7v<&@*D#A%M&s=IVQ0`xWRkj2S=!p8aN>3lJ&UXQ4=neRyh4m1dN3WzlpQF%39{#kR7wqMMVoxJ z|gOdBSR%E7C&6dVouHko_>O7qVtt0CnrvtD|88 z1el5UKiLM#ppcM#;A-qMqR&FdqfdL z0Fd1oQd*99|BE3G(TE&o|N6s?Y1J*%Ma2v5Q~^v?pI=M&(VZ`HKlZHmVD)s0#hvtD zjeY0>%M283GcycL3KLmqso7#ho>bfGNXH&5%On-$x zOEHs?7-iMoO_H-7vJAvJ3!K0$k4uNffuzvWgYf3sk}QZLXHC#yAh-*SI%DF#bkt;z zkrK8hCuvW8I(^-~wUAn-uC@3S!81FDYyX{X0y;eWiZ(VD0e+jN(K@KC_x~x|g8y^X zT&p(!X!qVoGxDRod0&RH((Zx!zt&#RAy%fguvXI5~3ka9XK2?EOIq6i7qz(JyhgZ0` zQbsLIre`Z0e*jEqG_+0K6$JI{;;6Qr(l`c;(wN(ok|bymlia8!McYc z`Mt$@-T|`u21ccxH7;g|`9I&UY;E3IOpIi2l3gxe6!WL{j0_E}6Hb)}03Z54Q5*?N za85ohxR`7^JbzFB#jE$57-rjR;rE`P(70D=D{6d>G{S z41UQCXRda%kg#@hQ-ES)t4i07JFLQ}Om`|efh`sy2!TjC%KrH9PY%@nwPq7!kP;kZ$m^8;H>m zLbkA=8ZURGzt<})^vu*#O@|{zz@16_tKYP#I_fWR5|k|xt@DF0>JvY9hR-7tlTe_5 zfLuaNpZg5qFvml%o-p`?Icg^*VMJ7b+j0|y{N6Zt@z9$ApY5&wih&fRa?WYp1p1 zz|cUQ@wqy2a&k;E=8BIA4Y9SUY zS;#x((tddV#l?ob1p`@>d?|xQVrT#C3>pHiFG*S78x6$}W=rel(-fF1zzOSGfv7JI z%c9h9(5`Fp{w`o<0_!&WdSH)KCjBNf`~0>o9v?iJ`O9@G5Ey1&`8S8>^3$y}4G_JyX8S*dh>$QtFYHU1IS+=gmRC77(({ z#2hmjSgc*F?~f|@^&SujE`j!M@lQ+n`GQwGiKATRTRKtlL*PGH!0w~q;^Ja_k8Xv= z)h+PWj22>rjJ9Sq@?|{D!X(pYi;`*dvVJESb(kItgG@ULNA zON&ZMe9BpoqJf5>rvnd|IebxAix@>O&X#@#2D^AUqrU9478NjTZ+w_k{*;}K&3Ho^ z^QO1-3ZxKN60$<|J!8RWfUylVV1+?C3PrkobUeUW@fhR6MEFCLV?c!K#)%7y587$K zr(z|yJyslEY&C82>wDL8A2mOl+4RKr3jn%IAQtCpFt6C+uxr!dP)GGw7sDW$w=o*p zIQseUp=@aRZrMWcb;*qJ%2lwx=0MNj%~V42Sam{!gzIRi7OEe`XM^ta?$lcl#qS z8k(&BoW26vqUE)xEET7E;4USO7D(tek)EI6unRRaefIYtEi-~r!eAP8h>@%BmSLBKAZpEFJcZ@VrI|i(ZW`w0fUp+`Khoq^in3I6FK0xjOji zou(0oC8uez>gfsNAO_hQqvtnf#lITzQEh1&?CQUkTZI1D5T49IijA8QPtsR@K7DzE zhXPzu z{6^iDC#FFfFXvfWUjYGw+a|@Ui;LHV&!zHOsh`G8qI7hDT3ax0VD41`R)q4wSOpaBy%cKm8xvSqssNHhGaS)c)Y(;Yovwe!3%+!SD*5ImIigA=wV~-8*S%)NUtKpNrMpJ8 z%biKHJMAySH;@D&2oh#Cz>n)gH8axYWXa#Fy$^>`^$i^`+Gp6-rk%3(@ox}?bgsk$MoSc|{2QG_v@22hAhQ!~i#PAoDZI-4hS@g9D z1lq*kBO??Ri`(rvUO{x5>R76+57@|@f z%b0#weVM0SlQVuBd;O-9(mW&&jY60$Y?3EpB2>lmPMV5NmjaVLDIsBPu5d*5eKn?-bKXC+d26~3?r4fpQK{{zmf6TX;{+dDTdOy~Q zuC&lA!G(L_)T?}LI~_0Qa~98^?7$839z;o8>Z{&o;kOzAu(z25L;b@5D#JUoNRrnR zpzoRZZWDCbI@!j;PV{y+TmKVktuNQL4~QpxmPSBTQ6k7HtZjKD_R+!mH5Gaw6@>@p z(#!7=nPS#Kjh3?{3!2{_{9&Mom=WWf^MXRs47)#n9-9#+dW&;T_J5xJ{QmM+P}=|p zGD_qg+)BnTj&xwbQm^Opx;zYBDwFi*Xbd!w_!{f|PT#Z?hQINJ=u6kG&2N*ZAHLOR zKm;kzQ8{p>73gEKd{;o}A6-IJcEPVd0Lsc!S63IRoFy~^Ko)VqMHNt1U|=9tlkpkA zDY}Bg&eCEcn?rKAiMi8jhE*xOj{|h2rDUa8IfPO5$}ke^L>I5kUXs(g*l@5#=4TM>P08 zY#1yO?(h8c^yXALHIk-?9domIJjF2%jVI@^YJQuf=GIU%y6xhDwwj(Er{Jeeox3Bc z+qryAnws_+iPWT(9wizd5Lq*{b=v6im(se3#U1zSps0Z%NpC;V+}cb*aRoZSmv&sd&e5YTJa}a$++aWPJ%wtw=h4+@ z538!CAgTFTv4mvpE^i!){623>tz{~N-m3Ll$BI5d(RF%Ut4jEAeZ79v(VUs=t!YzjNlp71=I3nf|P%F&O`$nJ$fmR9q6246R-l zzCn8bf}UoX>^&CID|<1cL=bfO{8L}B-;XiiH&hht5^FyqiIvkPYtTBF1PyWE!Y>5X zsC8;}65@}%_HWl!Tc(N*M_)*Eo=cpn9-_9N{|qo=7;wwFU@wBk5qfb5ijQ7PO2Vg; zmO3OPu7~0|Ibh6;u5OuIMs5?6-3N%s_@m2wz=#UeUhLZH%L8=G zeoA6uWWMrhYW~;k`KhUYi@l*(IgOuZN7oodbX7zWJV2JU0wckd21!!LG3@X*IHUrxOP!J5fY8ZD0~WzK@aiL9e< zQs@fai6dt=KjkMT`lr*yNmWcgh7jwN;(Qi$^348M)YN1SQyfE;-l$px4m$_Id8KrL zr8f4%D)(>0LP`dl?;ju`-Fs9KpY^{1J?d#3U-o9N$M|mq4u2R^-FrRYlo~*f#+Xh= zlEzfvEXx^Jj?Ir8;J@+k#1{kQxX=FtePM@@bkegqXmgqPvmG?IlK{%?Y0d3Fgujfm zYnil0R?6YWIYFC@uWZ3ytmnMVFDNiy_58Q_5?i!mwu`5m3ks{!F0XI`rf4G7T&`V@K zS6AHR0EP=VcN~@T#m<-UrLb zFiaj8u%dH_LgV$ww%@}j(W<7jbcJ(-I?gZJk$mCumboX~DwS$nJu*IDSLhgO>yc>A zhUM;<1*sYOl6bBC5hq67YC8DX#{xbZIK^bPcHh%K;$*<{x@M5>br#3^GyFbCVAZ%N zJ;9_ZIc+4pJv~v6n}xLsbO@-_)+(yWTiY59pw`tvuM(eTe1GhL7IxjZ6aB%nqV@5@VrwPc+-&}=P2rH*WQ_kQ~ED2|C|Mo5}DJZh+?_fLyp)5$= z=a2QTNj2wGY$0d^%}~$^pw%q*~|YvBqaXS z2vmbQkQ8-cTnEVq7vM*;c>f-1R&{yvJUY!dwWe9+R=58xS7!V>CN6Vor~WGY!}tj5 zch3L`|WAXoS0&R44b!|MYGt{lwS1Ze`!pVAv^FrR%MCR^J;7oq) z&;IF-rADc>Yp^f`ByuT7vZqT-IzIA9P@--DOKC4MrD@skuf`DZe23Yb@3uVSb6UUM z4}04b!eO~3I-7SP41Mpzu=IF3{#F-ND9R7whm5j-&klq-^UzcXFJLhr6X)JnqVeVcZ*I82+;O_{cCj87ZXRuh5CAOVpn_nZ^rmfkjGzrptz~<)4uUyfiG|!1pa;Le99}Gdo#E-!#P9Ip>#}ol z>G`aU%y}G9 zSK2M#se{!WdBqx@X-mSYgSzb=tEy?ncP4rU5 zAF?vnNLUBuZ4dHCNx-sm0l*Uc$9!NW&b`8+%V!>)t6a_QEq~*0z`Gk_b1ml0(Y5TX zOO~q;HsvH2K5V_!O6x#r)Fnw?+E54!h~6%gvV);=d91Cq1@uj%|sS##7&NNMoby! zvu^<95H1r>N_TJp0+g|zy<7e{inTKhBm zxOfvNn#te4?GpGT_+nN{t;REWW(Jy>oJYEXWgSB*;{_+bx*Rc|^xV?Y579oyjq&dp z-$+U#*4MiRtld1AiP2nIZHK^GqFr~X(Xt0#t5;nW1mNz|!bWo9cp%X$Vv=yvXA=c5 zDX#(KOc6+Ha(XN)C@Cv*d>SUcmw+DqCfZI{ak+cIN$p}>V-RFW@~p<7Y(s$a+6zli z78I{tsQ37}tA6^?bUSZ^d=jBYD^v=t&RL-_`Uhs$GZPeEb3bZd76J8~W-0*=te*zF3e7PrOc%>9-8Sae|P2yB(T9-SJxU(We{k zx>;e{^X;BkPzBF*ko@ml?=_r$DCYj~o!NDKD<8w~!R5$o(6pjV#K!(*&eUm8*Xw{VHVwz` zbG5s>A8O+13VDoHgm9 z0k8npfzej=r&R=X8Qfzxz47%fE$4Go1_61F=%s;ckVu=QT9D|0=%`L{3*nwMl%Z+7P7lCLG}{0BhW-}uk00l(EDcQsT zS`z_~P#?_4vfFQgBf&Lw+v$ZAkeJ3v$#jLCY181d{w8zq`#K$UjA7^3_>9j$QLjmm zk8ZR0TJ8So0$y|&L}!~^6Dsq zV??fTGzuPLv)y9bUwE|<0p1Y4n^ZIu)ae!x#Z3o0F7$V#3lQdTqebP{ulYmnw9*6t zVnu`-crU7~-z*@^>jq?C(X%d2l2??L;+!7(6nTwh-;cxhdUbR@KHRF>+LrHT3A+z_ zyjENUkh%eM1FoBkgFVzq6t|z~;=Ud{E;kyzYe5ArDApyCVF6|`}dHl0?9n2xg1 z;a`-ZvS*$=UPC<>%Bog^4G-!mtY6j^jEUy~+hL+uMf3-jR($c_%@jJKO9ATo$wNNl1`-}W z(BuTAP3+gAjibg;RJ_F|J&{Cjn@)>YI8(!ys9NQQ=01usRz*Eu4JY<79c;A~W6Gxc zvk8w&NN9=hE!pm1TKS!Y{Mqeg@%VmPi@c6}+PCv6M3>X`{C7?@RnwKaMn;3-qhB-O z15ADIX#fo*|8mo4#YoxXbR&=LOB(ktp%LCBks z5?N{j(l_e+k;s^`^^U5x*7-J5)crSlx0D4*HfBgSnugu?@jnGgje~$=<%;rp!F!mE zShVFhkEjOOVr#BZS3v*m+n>b}ah=DZV}*r|6ad0kwkd8?ik9s!xf8(5^gu4vThsmE z+kq&(3?+qR78n`hioJZXkqTFASort6g5wJ-#8LSjEijyA_Bu0}p|GOjG9fMl4?c6P z9f&~p;KI#_D@y1FNA|O&MTnjzGqU#IpK3lug5^%;*l+tMTA6}Q0b8I6(QYh9yfY@H z_B#wvu@GXjv$M7BY;D)`BvI?U)`3!R-KjNp-spa&ju<&V#P~el*C(8L&;dhn?h};s zmmn#!LWlR6&q!hqzo4u2X3(Qm@Kb`W9johYY?sLcjtB*MFVg$-^m9gbHa6P=`rzvi zA9lxk8LQN6>I4mhd5omBH8rJDj-;c`ReSc(X+Vm~U5PQSyu925lmPeV26JzxE$W8& z2L#C1*UNqq_dc8UV_N?EFayO;f>7|Zpl?O*XFvsv3Z?kTSjbt_ zGhgl@TH;?mXB?}`w+&Hmb7HJpYB;?1HDijR2)gw+;l#QZ7StxfeUx*=+QaALA4tG& z2M%03o#&g)mc%`;uPLNu;K$7_1u8H@NMu~7rflM7k7q3s>zu=d74DJ^*v8AWkKB*> ztVeR6k=$}Y907!b$;rv0d1aV1aQV5``EPPw{KMG}$sT zjL9`FO&y^sxkK-sM^?tXUbY^CA=y8~aP zQ~l!q1Gue%kpCJ8d>DbVQn^v<`ZouOS6gDD!nytKO7Yprv^Y`@d^uA?g93*x@i>H= zau>7Cxej8DhxP$S8(TJQ-7 z)SG>s1C9ZQtNcIFe$Hh8a@|#pxNrOnpEg>8^J+k#9JkQByj$;LG`lFENO@bX4odR7 z$Uz2XVL*_ap#Aq>=H$B#BfRR>d|N{u$ViGkMa!|dpqne-u37dWD#2!WbVB?!sn*6Q zSu*YSxT5=7FHF8=IU4xDwRm~sMnFTcEM=u}@hgvTCf2nO4ld~uQMzqhJHqAB+O;vU zPQ!u#N6B(hf}}G88f1Pg>O<26lDCis2Py9NjCol<3JE0D7dMU-u$nY zUm`pNyoHds^Zh0~HUU8cj`BrrH{68TZ+h^p!Ztd}+}nQB<-0et_u*{1nEbpZ?z@1^ ztNBkOrrlh;3lb;?!Z=;-_cuzB09={@jN|L1I>o2Ds>A>9P7oH`SZrbYMuMFX{xXDm z{+A0ANEyk5;SsQ=RynbbjWQD$aD9T1Nrjp?TYl?A)Q6(^aHhkJ8mZhw*ll0&+y5H) zcl4JZ2YqAV_knPXWTd4|d1m(W1|ecg>pk6kvdT*PdJ{Za<8FB+2NB7A5IGpGwHSJ? z%AUl`)YPj#h2S<x=8R4L^^3vYc zv2G`(MrIDlzIhp0Y3YK1J%KH5Z1~WSkV8Ih?pj+#tq0Y6R7GMI;-0?kOq_kP(LWtz zD)pNu)931XBr=dg{58ww^aXwI=0|H!KgNGqe}+$x=sz9mdVBDXxaGHd4%BJ F?f$+pGI?As}4B%#m70?*pnp7=Uo-@VfgY85x^FZ^jpCO)NLRl|q3g zv|Rz8+TzvpbX1{G;B-WJ`LbD%t!rbU^mdk(jZH_DN8^Tm798( zQa1?9&BalHxRm>S$O!FKepx<_P4kEQ*W0FYvzN%cBTXLmW1q|B4u@}!Pcj5KEdxk` zWdB;dqi{?l!XtnrOb!VLSWCzW@MrQZiq=;nH~r8A61#UBHozx(iN~+QKWQ0Yaurv; zTK#+2A1<_f?Z`g+NSEL#b^M;BLZF0^mS@;+uH2f5$%Eo*IC^#}1{Dja) zSv9V6)TQ#LdOnIeRRRrH2+aIL<$2N8SmtmhCDKN4oGNkSIj5cegQSMtM9%Tc_BQXE zJBaM`&f5ilvj*LQ=s2%ho8U2C&U|Z@P}~t!!?50Zg5A)z{f=kx&Ht*vzZQ5hKG@g< zQDoxA&B$hHAyih(U_kec>*-Ki@*9U8Hm?b%+5PBXs(Ht!tuQwz2Ctmj-8!~N)sCS^8o6vrJ5(s(F0bi$Blj51(1e_ zIB9vMdJ>&Jk%Zuz{>9~cMQ$~ZFi`bFsWY5t*g)JWO6aG;g9asRW^4Q@^cC=ux51b7 z7!I%gw<+-7$Nn{zX5)nwbY<~(X8Y^bl9r|+Pd*u9P;i)@#^Ox?NO;Qrw-KXet%cP} z={D;SEdA-H6%+Fc1jn}uzHY8MXEGYz>5V;XcrrUz-%kK-HVp1TdB6nC2d+f=`FYtK z?B_a2qs~#)ZgOE1^c6z6S|O_{A5Su4kzN4!D}Vbf$=H%F26P z9_Z$Na~xFRF1(-CHa?)e$=p*_SJmNwDOP^2o)lkpIrbOAS(|k|l2ql~Z{HuZar5Z> zqJ+>3qf;lr#l|!cx=(JZ2cGo&3OJTBUCyt@0>_dJ`*#|7KA0H-_*3D!E;HCG_K0^4Y_jbH*DawVvmEFVuv@ssq5_BTePw9I&{k zYx18{9{O4?>e)?1`1zqe5Y0Nc-wd`U!w5maTQATiTn`QY$G8XLL*|cX8x9K=O!Tw_ z!7@evWIAqs9eptO?%Yimsw*1XVWNAtkQZp4mXzet92VyIxjxC9dBbYni)Fg0X!aj; zo6MN@S)EDi?b{P6efYFhV5uMYSVJ0M?*zIYL?CAWD}t#JO3e<>3~ zEqezigwV#1U(9?#e7gL%aCa4k#9SKq%9t1%(S3%P2|&gfcXV)cPe(0ed@gGG2!&nn zZ}6PIxM&Lso$HL4d|oK8eGaMt12C{x4|i-)YVu zUF}Df50$@;_d&*a8zHz49wUve{^x7!qZOY|pddh?s;DR#OW@pI=6SJutgM}Zt|j~1 z?VEo_kwMZMjNh74Zy7z&hw>vLP)%TL-6LQux!Cpj5D==(kpsx%2ilIY#mD{ef zZWCWBmp-lWQG;HrvThyGi{j0C{z-cY?RdbLb)FDPlcdIyXP>;rq!M zHsB2_e5yDcXAv1=ge_I_m$(uIUc*q)m)Va<18slTB=8wI`u+$BwkIHZ~fM_>~_6W2YM!oAhHQK@Uo*DiNol%O22V2ph@GCW>ZsJ4KbrOWEc%p>I{ru~`=h2h{8VxKdghtC5P8vhg+Iz#pM?b=qJR zxRkDyDw%;E0y~bmTG!c_+f?wXgwOK&STZPk>Ge_RM8OMjm5zu=0mNx(HsZ;*(JvgG zoScU0&_Fs+F6{+mcDTG2$Icj*q)={@$FaSJAL?EpY;_;-=)Pe*(6zogo%CqMwwA|#6SS~zaH4g!UEM`Jl+E)av58x2;;B(V~@m61-W4w8)iUAStTxQ&JDcuPC z0M$9dSgU{UeFl^W+k)Wqi8fXPl|PSC{w;|lUsW;7MT3Cd5GaA9w_Huax`*SIfhGf( zV|-bAS8EULGFDZx^`*{93adW`_mXYH==;ccdcn7bE!EMHUsN3Rw=2M)!>xO!uBw{L zK&V&+h?SSQb$Yef;1AH6L@s(?osi;IhMJeQLemw8tI;1Fy#RNFM@%ATh5L$6xHyW= z?12D^iuQGL`$j(JFe(Ym4>8fiFV+Lv+PpJ{zT9KZ&uh$0PZk#V`oy8^v6<5teb>tS z9S9HItP~h?#{Lr9s$BiehBm2qjC(jy@uG9{xE_6GmOt0?hv^k!3-cPQckie{Lxp9q zKR+2d9Q4?3)d|9>3!!5OXS3!X5n1k+I?f=e5tTrb;KOK#^!0?&$Ga%90k9D)&ek&G zk03?)v)`G{qGQNOAu@G&61w>8fnuI00j!ccMG$Rar7c9we~ zkr3DSASkVk#YmXskBzCw?U2Z1lDkDRogcgnK!_U*`jt8IRQz)bN+1zf`DkeJUVZ78 zg3l47FYVRLBM7!tE#Nb$M}FF&zpR(W-Kd)Kr`l!l%sP1@sdzvxwv@;`w$q4M*wP;Y zAN7d(22iCMo4=(KATGLap#ufPVXROwsk!je4iyGbY}aS{X80HsVTfMwAYl zgtl`z8r+XMw^hEkGcz%fk_fw%=Oh*A{AKUgF#$=flJrJ>ZVlUmiytlJL;Mq+t|R`< z7!FgSvf^<(XF`UTLkstxaz z=A=(YnsqyBxiQmpJFaG%;?8Hh#jfqO8wm&lcOE~E_eDkj$ZhTHQX~YPfAN;LB4N!B zEPhow$O?qvF8zJ?%9q%V5?psTb|ZjM1hcwbOoTI8r2I9dz*sMJ3Ak^(WI*OFRrJ#Z zB>koT6@5+31Sz&hgO)5j=?wFR^f*TU+dl*vF-4?d4-c>LI}uP#m9#~^BBOh9F2B~o zFKpAf?HxPFN&1qWj#zKn@m)oLdMAyq*`1;-^p#d>ig-#z-Uw1}*F=7QBS-_8H5(mU z;pZfs4?X*4q3?d4)pUW;=1$cja*OkV^FJd0RL(UwFsspm;n6GEQHYSd+OcLY3@9r@+undsTQ zqxL_8JTc)2|AoH7iyW+5jrwnzGq`h@%lVmL z3`NN#4*<*+Dp~J=4UFWNe5KxV2<6BRYXAgIXw0qzgx`pJaKnt1_gF&xh*^YGSR{>p zVW_{Hn>@MR{P_hTKF0VDMqE=;QsNm`g5T8wJpRagYwOG>Pu0ROzpw`Z1wZB!A)fnQ zpX9v|Y2ouIMFMq1G+%egJZn*b13a6?BWEH9YikMN*}Yu5J=yzXXZh3RYi-6hW8ER# zszf5Aza~c(CakPwbeWVqB-R2Ts(1JFl&x=1^g>WhGwH+7zT=qvoxFZjjNx;wM@Hh= zxr5hr5PmFxjXC;s!|;Z<|E+`8Uij|`6y@e#{kMY8cS1-0Wp13o;iw`0Gm5gu@0QvD zS5tOI```-$z|J+ME(9lX6dK-bTX++s7jWM6{+!!Zi#Th=T1U=YYB^pI_nx8Rj% zF$O2rc8k_7`tZ^77ke=-X#9v}BYgc$r)2w3I~AY&=IvilaH!>2JGu~`80ZEZ05<`eGMuq#a@A)`)v&JUE}qoc$^i zFO38}K76N_msC7}uk|SiJpci?*6Vu!!+2%Euwpv>^eX(4$u63bP0`Ny9zrNMZv$%|1$1C!`d@|$;MFtC5{bo~vVYtX7K41`Qz|67?&7dm=(*D99Ww{YIcBk2INz^FlFDRWgxm6#KahV4)9 z8N$GS$;utZ_K6Af_VzqLT39w}domI@domMaqM_9##K*tx-rQgX8-q1<*`v@)P0OW4 zwNB`mQ&p3&Yu3>B51Cf@bSSF2mQCl{uZH;^I7X4e-_TwItL&HirE};;kSP;E+{AJC z!)r$L%+3>5HH+0 z4np?mr8XnC(w`kogx}C^pJw6yp;V2rBvsS08M)3h)E9PW##8W2VP}8N;s<=C|J2{X z!yq_6jhtu~?{fHR{^FH?Nl4%2NojA{+u4B-(!hcL-kw?%&Pj z{OFvzy1rrTzPqV?k~6p$!%bVS^3^j)Pyy!o54fwCER0|RAdw)@+~77p`l5#ApWeF)#eDpz*-1+(a%XDd7$1XZgx<&1eb9a-%M5|`s}Ei{ z9VeUoQ_nAwK3+y_UHfm1DK&QP|?MeCWD|ijL$1pwYA7ns({}(rCHZCTVFsr(%g1BR3n6iHcw?$f7R1ki=r{QVpjgyp@F0={+l5b#vZ%epgg6Ne1%&UVV8R?J^%$m{5o zSRU2Dz@{uYLpM4lfqoamRk+X@Ie(gvL|5-6dw_kGG<+{`oL)nPz*h$35yC`KVno)4 z`g&d;K#j@<4>7u*^t#3Htun+CZ$0>Zg0_jMvK2zmwLMB3 zM*_FR47vt{D^c@$M%)8)j9*KVsIpyR;zb%LlmY%6X#hH$0lW(Jug0kX0Xh=ejb1a0 zb;fmwWagsmGCe=IZAwwIDSQc1!k;R8jO;GX`GQZP!0_~e*OvOQG=ym4w{_+-4#tCuh}AdU|?4^u4dobMQJqom{B;Ct>BkH;8oyd?r&x z`Ol-~jtacX-!~rOj!T%$ByTlPiv8r~C4I$H%#=^IRrGNBvY`QE;NdmNO}as-r4sI~ zou$uI_Sz|UafUy^4U9L&Jwx2c(9w{Q&$8ch3$IR0sBQkp(zZ@pIL;BXPio;Zw8kZe z-klf-i^$7hx+W)hFGk&o~)2 zYf{`qd8_=ZS8cyQEd^5)(q`1=nVL0QL1a|f4JEo1PSzWwcrUgR#)7{h#zIoBfAz6r zz7!T7tFNxErujhLNel25j7{>!-N%p`n3V`AUy70m%Qg}%soi??m3{MHRJd(@UOo&kVe){TAhxJyz*D* zwdSjkh^THyz$+(WBZgM&0W|vO*x0Il=>gQ2k0iivwUvatzcTqz*ip;>@++`Kd<0@Y z=yN@GZK{BiJho{49+0@@Ev%t6Gw4UZe!OZHf2}{GB}(jneWI_q%&?pyeTat*v}1dDB}Q~3ulg6yw@fU3&(KB$kKO2}o~l?|H`CM#extMkkj zw3Fn0ioMOR3x!sOo(Zl0a%JxOi;K=mYfwSyUA5jp{olgIdq~Cj0sSaM7JX0CWpB1Z z=BbZRQY1OKj5AyKljYRT(C;41IV&8YWYF?}gB<;)DsQSUGA0KtKEP}y$6}w_4FBp2 zE*8X1_{K&b^T#&JDZ_J!uKfA4+IdzYEIdIEZeuPIw4JBQ*P)+3`3JmF_(N$HI(uU=X-vnu_9W5BWH}WJw4j5aN9~S=9r&9FgOA(wmq3^8Bq4rgf z#+QM47GCeTHLP@h9BXr~!st_|Ju>f~ta(i1qmZ8U!tA;@_PRA`oAS{VLx(Z$jxStrk{RC#*}d z_AvfOop$Mkz{9;;JtDR`<~>7GVmvJadb8J{)iwpZ<)(YwYb1!4o*0pBv+OjhE~Zon zVESdb5qke4G3M2Rda0bf-9?(QY$5h2-*dwYz&;lLyitu-tt;%H7x+KdgFZnwDq5I~ zdbByC&#RCRHv2nu^*J>OzZgXUm3C0BcGvZpp*NrNaYiNp5pQ z53f$}^z?H?vOE6eR+YroT|>SrXM*u2br)6kP}3+d2vVt8-u|<~{L@P)+y;w8fUd5J zJvN%viV3#2sh%HVMSY3S?P2ZGDY6nvJ1n#{TE$f2t-q$ms1g09G7JY>;(E((&^TeU zEV6oU#(Wm64z21KEL*PxAMHKc%9R*=vA^32(csEkIlc`h%$mz;>)!$8auoL zJ%+Q_+*M0EG1@cl^z^E1AL?Q#grAS4@$@r^iTS?Q(V0I4yv*~Pn;T(pTG$#sTl0Wf zfduY@0Flt}so+A~=Z05ON$DUH0vFtDqXTQ|eCME?*VP^iB0BE1#p-p<@>3e=O1FCAc5}c-Gae3KHhfw;Ix@5#5UTS36 zw75g{G`5RlOcmVN6cQHYFpW93(o-|bFo3~p;sKx~_*Q1S@)A#@!hL8VoB!%0Wn|B# zK-_00xvIX3TL0rsz{ceUd>lf@`^T2)2gw2r6E%j)83gDkABvR=F@p~8PKBvoZ>{Nu z2+Zh+C_X!Bq^*T+ZRCu#JUt5ma=6!s9av|z6k`LUs)0t}^XAPki?+6QC@}i{*8yu| zGa1egT2Sa|{}+ih3!wk2rrQB}|9&wjCeIsoc$@UD%H7?NsBAyxVDYnIlS&1vTDvgV zn_?t$Mk<}#L@n;yD?F{^@ApnpgnBb z+E+ZJY4J->&bJyGiZ);QpV`g=-yd~nHLAWi+T0<@5wL)UFMpJAx_ja*z6crCe zqq+hK1q2#bmEXp_(a_cwpK5h?h>eSj^P$dy5j{zLVfL-z^O#fyN{Gqa>3Uz}fs0VP z7igkOygl357#;qXM|!u|kP!(xrQ4XKf z@q3eDdu-OKFZdC0j(h+!c80K<$m-?06EF9p#-MpQ?)hfP(6R1oR|;F`EF3+gTLGgI zfa*ICOu2)FG?`dt1gAx?GG z_=E7T#am7Tg-1aTNPf z*GoM!-!3C(eBgG8IXRiYa2taVwil&w6{~Ohi^;?V>aD?F-H)Bak(ELmq#MA*TabtU z(bWBsep+_h|A-55?mPmxqrH9tBHXCM5Q6kD%)^DS`@!l8fTpe>W@boW#GVMMwV9xA zv@0Oy279{b8=l}@(m$*nW6{d=ea1FAkwR<||3<@4zLdhi?x@HGe6%M&B$^s9$rw5N zEVn?1+z=R&nYRF<6{`E_z(vC)ATS5x{0t=7X4Zg}O#m2GGrrQ(r#+eTT)JUlVf(>h zT!3Qo{0RkSD%V08v6C(0D`GZ8$r(@G$nbdGe1S}JC-`FDf`PP*J?eS%Uf{t^2dzL= zqjfjih3kq5qSXD0d}X3J-#ed|%n;KenTMMPfT^yr!O9It3n{{I3A}7&n7c)S5}4Se zt@~k*9_0md2|*JQ&BSMUIRoMpg{x5SSBHj2$OomD4m8FL(=HNjsY?wwAdh1OJn|_- zUT)5gM<2G%I1!#*I*hKD1WGGPFbWkKJ{u5kd)9~@C`};X|7R}a($lpAlHB>6$0_zt zYRo@jlEwNJHHtXkPW3Zj|EnI$`iXzBG}7*i};_AM*HUV#|%~9z`&hD{^ z8S>A5@CI565FuD9Z+S|P5ftFHl`w9C8)3bkqj~WC0+70~yP`On_`2e|Yc?49d%u6$ zk);P^WgDS6y#W*Xtk8y_8u2?0O8-%Pl+fUiYGdN(`RA;BS8f!iB>RVlVkm*>^~_Aj zh?xwB!a}1+tG{y=(w#DZhi*cSbaDC=4LRkPyXP`&TWChBqMy&qUtxyF521fmIc3s> zag_f;5#4!XgTh!IG(0vLYX4&3$+&CudEW{QYK*4 zm2=#QdCX3sRq|u9T$b(q$#oB|#$E@#hH`SH$MvaWR9gc!>0?1Jk z#1VgW%Wy2Ypieb{#s&s(>Eh6XC_uo$xJ4m7c_~BDNlb@^yi7p~BLg7J0N5x{UD%bW z$l0Y@K-_~x-Z?_;@iBGA21L3pmj_if^aih~hvmxOc` z3Sh|`+6xLCMWZjwShqkij28pp)$H6%K6oI#G+o&%>g&_B4Ake&OjZL8kv{^Q)GX#EpXsH73&Qi);vMl-UErl^L(~KFaBxS^psH< z#_Q%H&U&gr3?v-f_z?{)9W%D9&BDl7Ygbh1m6T#euT~EQuKvCFMdd5j)Cq&?-3|WO zSZj=RklA_21{=Ev@kG5(NpUpgL#;x!OHdAk_61UzfY5``7fUYaXgznJ*GNbuNOGl) zMZC*E*<6#(%sEAPh zD98@;KYuR!Ijx6EOI}%-e`IKg3sFBtc78OJ<0bsThpwk6V1(E>}`=uL7Eu zIo7v|K}#6}q}q@9MP5r5-}Qht+>1pa&$nHuws7r0#V>?(jc!OAJc`R0le(if4)j#RDnZ` z=SQ~}hoZ&}dq;4w`ibM^UmwL8;9$jda3IO5v+XOEHlwTV#O`x&2zLP&BN$W?p#D{^ zgi0dxg7FUSW)@hH4with9bTO6fU>ten^YGXyvIn&ODEJ~ymn0qmfldICAJPBB@w}w86iNs|BpWyP zONsG%8U6&%N~y?l*%~Ddv;6piY!SDA^h#l7S|cCDi*|sn1W|KZKCd(R!`(x;$UqK! z5B0T9-L+b1%MGGAaO4g|s}qD|>wr9YH=xF}fn2Tlf}U_9H?jQ+pw;P0ldIePs=xjt zigX(cDD%uaA6V`jGa=-MkSyU7nxi;{Hkp4QyLmilLrW9|)%6BwxB=Zoq+GXsGoa!8 zZ)Z8?4U0q#D-MF3l7G}nr=&$ci1GfV6epT=3i^;jWlp{!7rqwUbNE1Dy@hD7SRZ^D zcb^acD$oSxN7MiGjg4J_gA=)*rBr5W*YwGW3DS14F3UUS&)RafA|wWOnyw>th(2NnLQ=kdP)gMP}=_`J6oZzTJluu5M;5 za*_wF(AdluXr!8%B!9>J$5cTW004AvyS~KPjmwSSBCq#K^NGDr!(xyA&G5SlmQ<-TZ>b9Vs3g}`Ckjfxrv z&YgG(deY||YJ+;WTj!tPTX*$fHdn|IQ)w3kB#MM#Z4`WLiW%c4K44IC> z5^-SKQ`Xd+(Q$LQ>HfO?cPM2KbZSDP@mWz-i6vJ7pbG8Q!BR(_#uik0RT;e;c4!=tq%iN?heDV+tG)A=w!9<-K5N`is^Ov5?3D@8lmcZ&AmJ(`vfjX>!2 zDpXl@{kVxp#?E)GZ4Z5vNwNEa6R#u)le)3bp`5>`)T}A)up-hwKR=&GZDTgKCv~Dy zW!NqPDrzg|{#a~|@rA)<9ajwTAU7hzgD7LXigAQ>BM0uPaHHgJ#(X3g-oJk9LWV`( zzQHa-S~0jQ8XF0PFBAJxeWM3bzwDb8=WO^NKY!}kl$^F5p8JAT_CPLvusldU< zWOkOX((CK%g+OO88uibsg_lw(FDN(@1eew;U=pSs$Yp%aMr>b+_9SOB)oPLTys|X= zWb+%;CwgZzey}tTg`;Je*wjqlzBx$Q-k(7RZ-cdg!xwiqKim>NT^=rvDM3cc;Ni)E z`^YM2@vN-D^LZdjqb?k^l+W)boX1~2k2y zx^#FGe6Nx?TYR?|7HefQ*5c`Yot`c({PYGjal1m6QNFpIP}jCNM%Zr`T;=CKljCRt zM#zS9R-L`Ya8WmNozO|Hk|6`be}CS!30~dsH}cxB9K62P2^82|<5N)BJCV4uaid7* zdyW1TgV21(6|5N*N(w)J4C$7kQynKXS@99)V*XUykn}e$gf&5%!zfv! zQOz&&@Afj@?a(|=SeOxv z(S=#+cg?W!9aE7vk#lrALnE@-*%XMzG40N-LLqC(oelY(wlbCF4Dbg*SMjC(mg0gq`__?H6CY11~yV zZEbff&V^b1PTyWyK_ET-zLts z#HdKw*x9Q(JWfpM^8&&A-c>O>nkm{yxLEX9-pioo*P!eDmj4P%5s<*OICOT{{%n{k zhrYx-OEIgLK8{+-Ow&C>n_aoO`(_r1Inn#W-w83Q*Y&xov`*dN%O(I&#NGr7^jmUfyIoN)$F8zsFfzBr@TigeozW8~R z{TpQjIW1ZPj7;JkE1Xw6 z6hRNtgo9n}ja5_YORn=Oa6+TT$I^_%s1e_WK{l3r-_}8gQiPxY_9F{7{uHdXic(MH z1L!;KtPc0?oMebX{5WmyPx6vdtd$lu50FV=A5(lUh7`^=N{WLe+WB# zNZu71(40}PR>`%AGbNYLWT~JXA@>-luak9KaP&Gh!!t_!Nyy9WI9SdtYa@DnoG#U5 zp3lzRrNO{?gTAV3Xt-^;*;+=!_bk}}*~84>^Sd7IaL_8h)HmNqJl^8plvga$Kx}FPV84?1^-x*Jk>YxLAy08*D_!N#8ZZo-MABR0KFVme|ef* z{lCri^^KD39IgtYr$tdwQ#XPa_UO&NkAnzx+6FCFPFHWXd{Jrz8f%!hY&g8kU-Sj} zE6=T9ZQJRM+d|jvJuR3;GQvq!I8B5zwCuznnK^0ec*q%#Xu<@4vY-6(&!L;ZUShgh z$g3}iGDFYqf+G(7s}2x=UinXl>+8m-qSYB0D=bO};kO@kgN_nj)rOmH?7x7hea z7z}*3-|+5!Q+|r{jLm%(PR~(Dk@NlaH!I6wG)@`|OjZR(TTU-@{Kg@8^+q9Y)V+wh z>F8>(4^|W#))$VGIOps*>i(EPK$*;X7l3JoNfqGncLoBABDPPJdb6w?I=?}pFO>dV zm>s^#kP6A&z%nS5uV5t?EkQ*KyyjmHvgQn`crjfn>F@Ere$~eb)=DJ(8Uc=Fw!kK2 zg#5uo0#HrmF$SgKkLH}1N*0;dHugtt2t=M~+vi)ggBIrXot+&bqlQjvLAJ%f^@0{7 znJ?mow+#hd0mIROo6qwpDb&F3>AQN|~f4(K4>6gB#FNzLja^ zX}BNHka9TGo92P)4X*F02mKsXimu8o=tkpi)$|}I1o^tL^OiYZ--XdLv z)DvM3W&<~Lb#=jmMC^?s@KlDe8J(kVG}mPXsW!0^FkpoV>M{}5)b+pG`VWtSYTHII zgnFOT<)@AXH_5AzS?Ji}48=ip3VTf}6G@9s+44w2lRTS-BI8-Qk)5k|zQn)XJ% zm?143<{ONl{9wuPiSwTo+P`HIzU}`B33SHH4w|!mlL~$!@Pt#(>TTp=YUQXx9)}Nv zcQUiXUD28M2_cBXuv8=;HX8I={o+7&o_>G7hg$D?T?e*X46I5AS^hr_URS0mzy&Ib z0LLU;R8t6px7;^rxhsUZ+yat&y4T-NLJs&f) zEh=RB-TIPn=8a?JNot6g>#XV{CmZY+mFj+);vgXzz;Twx(<*x%AMNl~d4|g8_@lWN z8%7*_;qP;cjf-Q*sNKqj>2X5kexBy)v6ck}Pl;ZHHl#VmPZd+dMBrF=yWpUe`oLl< znt(Oyb+MoZk?tUb@h%OE|I-On4MJ^jUswB!<8nQhSC%|2&1Nb*dyUW3oBn_ApxTzDG8vK zgHb;8Z&b9Nko7pCaqLu(;t{AuIydb1bms`gufzYU%DPk+e6cr?>t0k^nt2~TyU9gS z>wJAsZ?2OH7OOO30Fidn_oZ z?M>kV?xm%ruU~8*o!1Kzze@nnU0Y!Lx)T?E$+0&mSaQfh_akEK!r1mK2~GGXp=m1L zXGc!_B-$`0{cAtCy%bj|hH;Ho#?-T`t6z0rR$s8QggHTrmYK9hxMq{bOXoaDnA6wQ z))o(~a5A$lIOp&QY~KkD0ul&?@{rjxOTmmpku&7O>dh&391`{5KETRx)dtlJlguCY zZdTqRvi8sG-9ftY7ZUPd^gTN2fZq3cmuhMqLv>u9y{CJiV!Rd1XMk|4ce9`;*a-$x zYsIv+d6Uaa(ew5CQ9r84tFUHlqHzTPDFUR{m;-GZ}WZoXm zRIU=(frxq;?q(POrq>O>a6%DJ*e)z$5a(V;HN4Xv3TlHl{@wWO5sTG;k-5w2HW!ty zMJs*mh~Ext3>=zp|5)>|2Y875qn3_d@DIkGFx`ZE<1dxzwO`Hr)naNQS%6Ik=Wue` zFo8K63})>M+0f}q;tjx_YZ*AQHK5^kQw@rC02mal0OmD39-xKaZ#5k2jv%VpJHltIZs<}e-3pU%@lqmo7mh0wa4w`Rjz;K;A!!N)nySW zT@JocX3*2}Ta@ZEGBVf%xtGlvmsnN2C#VMm#-JI$Mv5r)e2t`|E3r&vf@-?G)16c& z{(@^Yn$6dwtL`#PEBlsMaYGSvhYM0319c#;dfyrgAdzsi?q;iSx{Fmj6VmWf4%yt{ z;%uEd9`gC8P}%ZJTjVY^$C88n6P^)6ttAsO!{E-kv2Vq|od?(tfK1sRPA)E-=6_KaAQW}@$Iy|G_^`;y zJM!wiHdf(!6kWT(H7Zb%pYNI{XkDfwpS!#esQvJe8(0PFPmTxk5r~8Qtzzv-{*IP- zUV9OK|uPvIT0vGcnF>;OIAR zH{JBP#@BH)gAp8BTHt*N8E@P3P+({Vb*b%v)ujbmHeYcO*9AhE1dv=SOb|lFi(l!ahd0q!2%+;)Kh1vm^hr#9g-qx^Zz^#vRK?t20m%M5AVV`xfrq3@?R-BIpPL9JYf1(1R{gwKVChgAyW&wZ6IO zoG}U8NM@IdFFmnC0n=YPHMK99u9BgBM7=8)Y5BaT@U!xDB#D zX@txbMJGnBZRQb3R|dYu{lh^h(K}YW2P0O|ki%?EvDz17sVoAelM2xIpS(QF%&&{L4-5^*yXqZ3 zxwq7a5JnB@`tXsH)1|Vg$cnqJ$gVQoQw#EF=IP0&KlAqio2s`N`ce{hwE0FHUp6Il zE6+zk#lG4eqg!!K6_N8XO7Vq-;}brk#*pgodu-rn(A@~_{LDjWKdpYX31qt8k%$2_ zDX_h+m=pUx$eO&<+L_$zjLf8g4y(RFiRJE+D@qo5A7O1#F>nHF#Y`U`U}EcB8)|C! zYQC&y1m<2#Nse-HwOX5)Y)BLYm<~WKE`4;pd+90Moa)#@zDOa-;f;Lp(n!3?S3ya! zRY>kkj*c4tj%MT8X;WUA^N-xpA=Ls1%$9Mukx+d{3pRAzvoM9c&x?^@x-TtIrS$p! z;^|i-o+JRz6`f>f;sV=#iUG>euDOuQ=qL0h2qGduVKTwQiu%qCZR6a3km z@a~}_kDaQ!V2cL72#xf~>rY6bK2#=4fg0OISOm4O)DR8~3Ro@6Wd+`9l zB4N+3G=hSrOkOWfygD^Eh)~7wFez1#-50iOHCs7=0$9;7!GHOC|!ZM@!p z6k+o)Dfov*7^P3z33=yY_*D6fcOd`PgFLAihvIsUmqEZ9Y>v11)YXGWIZO>acSGZF zR&By|qUBuxE9@f#2+tJp%7vrs==9hkJ@e<}mH^A_99x39H8|k~t|Its< z(InLYx!iPg+O0nCyplU(VD7k7tURz5s#o#dT`78$+Es-Gl2<)4a+&r*K`$061;8(P z)kH_Pz%jCm!H$>D1=o9NRm)5^sWugP5GiNFm{{4$cyW6(?*oFxn_kbtvh_O}OLrxW z{DOL6pNhMoHWSc22YAk~RRNVH~#F`p9>3KTVH!%mOU|IQ2MOf4QdCK@LjqA`#i)6&@5I>)!4?AT{Gbm#G75$3N2xA? zfvaMO6bXdYuUB3(8Oyy;dO<8$*mKTI@qq$zI0_25MXuWEn0?1^Z7R+bt9iUqek}gR z(E|MsOcJeV_v$A@TK@J>Dn6g^yk6PJALD6bAM%UjJ?lPV(eZdw#2L|1zAYJ4=FX>{$ z+^hk)gp2B(#v99#`mVGAxE?9n!>%N9^45^+U<>M)qa7nQG2o+4tCQYLn|ZWg2pTDo z^z?NV{y4UBDz`n0Owhe%nN}BJKHs0$dO!!PH0-_}Zroc@lHT&=l~UX*A>I*_ws8N* z-@w1>QDsZM{!bw1J33pY?HvB!c5j)o7n++5=f7^O#0@s7piHK=N9#JrmE+!~w2v_# zWta^Cc356PG*M(`{c-Wd`LL+2r%b3|BM~vOG z*&@}8eqC14gz+YOtnHfX%ksMB?&#h%sQwKYtDTKoptX2#V3lhZXxG|Y)_NULqO!2C za1>$dj*f%1>)FlaJ~hI4Y%>TjgF78p*In9+=Gn=)OCaL(U3lj*bs|(zOdT&PSZC|^ z%GLpDm%m$P$-o?KfLU6wlHPDTu?1v1X3TPdY`g}UvW8!_{mBIUnBOxprrJ6`HUmeT zo96?wA5caNE--GR-v`E{@qAl_x5M)IqZ+6yLLuM~;;YyO z=GDM&l;DmMF`XV@xSi*iYPJ+!I7KjA@Hing9*kgV^(##MDl(wkEIQ-_CW{c03SmbL z@1Tg%e&_&FQ*O*DwrPjK&o;L~6v#TbJ5WEw1?_O$i?`lcxbi3yzKvd-pY&maLuhlP zD`fMmJCLyN6wk;rTw}PutSp7Ty!f~L3ypm{pwxzbi4W){z+Lt?Q)9=PxYN5_nEbK> zXIbrno(EH&M+Evfg!fp?TI*5#`?1@cQ2~#`dRw296D|}z4uW2SV7pO(&p%;RWN^qY zP)j9x;E>iK*=49Q;1hF$c({rJaY&PiA}Q5zMWdHq&Bdl4%Ue%xBNXq33X5k*KP3D% z!4A&Mf@v!XzdDZ`{|M%F(hO~fU#fJmCTZ2cq!D%3gGtQoBuH{_*QcRGL{d3Hz38Z5 z(6)6}A$24R3OgZwH1RnwrhQRV+T1*^|K&@jWePXH_DY-fL+$O_GGaq^i{kg81861kfA8^E?NbB{n zX?kH8G3P&j259B84JUN721S-uaqV=AEdyM;A}FqqM-s@dz-sZE*`U5ZR?S>y6kfDA0&_!UD>Z_ zbpMKXE&V6DF~b0Z_>e-H5zI76Nl(Z8O@LqZi+Zhkyrxo@Oovek@K+KiE2lEsf+!-Q zq&^>&4cbg+z`NDhTYp6S>et&r#Tp7W+-%BtKT$6XPv-M*Zc#XkAYKxBV2(9-%$+f} zmc1O#R{jAW=I8KTT(nE!TmvJjqc?0o$Kd6O=I@9{Dgmo+BuHKjL3@}nP zgb03K0ux;klljORTtVaT-zVFGFWinBFk|t%OLw~?=@CRkec5Bh?r*g--H;`$^%hnq zXsrhm4O?IC&Q1Bj=xD$c)b{Kv{O{4KL|O#=Ov>^>)KQn5r7BZa-j8M(&pXAu&TT?Q{V zL5rkli~OLP9m1$!j4ot9pCF=z&MJElyFXWY^aRwSeffmj|LtY$WP`KCe~@&c&9fkS zEYn-z+c`FvS{HGH;=Za%EUXUf+zq^Hv?!HQfwRLBj_1CQ!IL zQHs|a9c1w}=FVya!LBwvEmR!x_{AY`I{LdT`V0})F6ZA{1srAZp3(wt!xfq6GB{^7 za%yTqr1C&D1VTWzcbc-*dj{sx{zbMiR-A1QjI@XRJd3H5*e`=$gwS3R^&=X}Nw0rT z-~lk*pr}D?H%3V!M$lQ!?WkcY4Ge>&E?LKA1HXFz&eRvM>E%0Wa6wROe+iW`L+5*S zeu-b_RmzX#*%0*kC4n`OU$ap3uf+tL=@sIRJbNQgTCw{3!msKH*20kcsjwI?F)Lib>>^j_0` zh1M_~HAV#J}K=V-ze}omkZJLjl02UpiNd;~O9=_hU#E7{ZC6UEpiLG9DLBMq5 zS4!vDT1HJAHoAV{Ir5mpMcSd@?K}5ZeZsNnqr{*K@qGAaUsG~0e&>u&4&3Os+fmx5 zRAWN9habcH$ZWGfiXcyd2A}Z}CUSQk?u-pGEUXeq#3ztE@n>l0V4(3!@-mBFhc#sS zhzDgWlFpzd+NBli*s@#H;k(&lQ-9Ey2tTf5qg*9A+PM2^##UeeTyn65AMRZ-Kseg} z^KAx2<$7W;E&A62eqD;iB@RU^o_pJc<6(0z6p;kndB`o6f|uS-$WZI@JVemObVaH4 zbD|+qxzpmIyf%XG(HID52oSPAjax3vS4tH10^L7Xp#wnp=4=;J{Fp=ilB#bS+ zcMn_^z!^H65#%|?P~e-3YV8s}(H3OPo_LP(sTdY3O9On`DR)mu1219|;~#&oSRImm z*dHFwX#wdXv-##`NC!#{qC8{D?|kKa1j3gMyzr$Dcd5nH+hTGlk#Jv*w>ZWDW-evNl;93EuP3KS=^na!`0@-BO*G6W!!?(3BYMj}&CH2+;C8 zA+-Jdw5avf)zw*P)M241#xhVJIhR^o7wy)&gV8P(_^HHu5C;Ya5k-xoUgIV6bWvVT zMUVJr=H~9`L)hMefvm5RMdiW<=TqX#af`||9HBDQG!wIoNEc?49=eW$*>+7{073w@Nr_5lBtsi(g)^;C z-Pe$hME_zgQ;gtL9sjIypZd|nrT;99OV z&>udkre5{7EeY)y0Us@f_b9+YAXu~SOnBrM!-7v^n?5Q7yHHX-w#RmEXbtK;i-t#w zF=hw=(&PD(&>1G`3WCUuR}eqSkO?khx=q_3pJzw0_U;3N^?m}9BDE+3Q2jLOxh-Bn z@Lf}=&BQQ)!^V$Yny0yjeZ}wcx3ZLKOoVX;*+4~LRZ_iZMggnsjj*7ET15!$p( zvH-Z02EU<8J2_2e?UD&y(klG=_Hg_7ZL!?HB07ps#A--YTRoITuc->}MG3a|?MZ4F zLEVfXLfH3RfY*iEJE>)-Q)`)YcgpU_bo>R|U+fyS$UsXgsNu0l_&D2^oe!{sG8mTc z@)be*dLkuua?W8;gNllvNK_egqBFL&@XS$r_%+5zsul&8>26vbzfYIJ8M_reQ+RO& z^)xm;y)f?Q<)s}f1TE>8)m>loAaO&DHtqWLl$MYXK{U4i^w!hc}!kcLM?`gh)JpnOidHBJ$04HrW zRY;dtV27llN%9*G6?ZcntdZzf2T?&Xm^W1~-$B}!#ECR_a(Vd%a+I;rhr}7$dwZ4) z)K_h8f^Q;CO-&cA%amG0%zA#MwqV+tnt-6-_a?rt5vyV&@7}>cZO|&~eFx23RQy{5 zbc!ivQF?l5<8k%Mv8$%elgtoN-##+uBKWTY^gc02Vc^~h3uOY1dHOgk6r9sr*8D8b z5O;A0VFC+uHlAsrU=P?NBqchdzmpN9gpBdm7XCQxEo1g?B`fp$ba2{f6jqR9}tU0HK|tDLp|L!ouG-Z@(a!^`aYkq^=zj3w;#K)yipUK?BC% z8tW)QRR+|cD^?GWOXnMOFMfByEq`LqH6fUYms0byeGm4Nq-1E={=-q{aou5IbV zeG2kbk;#KlV=*hcM%mIrC=(W=);PZVFjJ1o$G^1V-4=z`R(T0XrqIS{l0;fX=zVWYC0ZIGrlVx z1q6DZzHNN^Y}fvvjfjVE33Bjb{51}iUffll$iTCMEq31XYQQt9cz+4NPf5|i3T*f7 zx$b#>7_sspm{rT^+GRN)R&Azjj@&JMwp3PP;Qiv?t5fvCv!4H~bk5{OetlFS9+M9k|t|x^zhpz zJ{=|(|$e9hqmF zWX~~6(4EP{x#R%uJ4zqrwXTc_@UYKH*clmZ*FjyaAZT8Yt1$R2w)5eZR#Qm{ry16D zja-ceE%R4me0({uDW$S0&_Wf|jsUX({Q5;u3Zm2v3~IMEV%naNw7m?PKIRlEMG>wL zJ%pP-RkSDkNQy64Q&%s(?)dTU(EA$JdO|Pq>EItJ{(>(BS8l@YI-$Df!-i@7!2ywC z5e$z8LILzyZIWIID%8IZVb~711n+*cFupn~>)FhtZn;%{ib%o5(THmo92wwC0#-7Q z#X||Zc^ukvR#0($$X@I>FQp5|3~C>rZ&#PWmX=3WH2`<@Eb&1yTlozrL+MAs{XHhe z{dna!e6#m0OLFzzr{#I-&7fPEiw|pEkbOf{IA-CGD{GL@@Ms9Z%%;XVAys3jl-973 z&c=1vMRsNU*t~7QwySnBHOsnF+(vs{1N^p972Gg<~9~xy$yZvR08Tprrpe4PNHG z!WwCzz++P`Xt4u#T6O4xej16t|6Xc43>^lcHQ(bNQ^4rz?#Dl$hzkRJ49DW|ZDgwC z`^P`6z1t>pe@7c0^MRJA_{9c$XX}J`X;ieHs$U=~f8@=KC`c2}%P1_I39}rLq`iwr zGpTIxx>(Fox7z9d{KeBdGYtiofie?M>=Uv^v_WM$sy854G|zv^lk zu{;VvC-=MV4ac4$I`xD?b9_;U%_n6F1aIk2QeE$;C zL62QKslbx4H9>3Fw$ZApnfl(|`X8KL!m!9HZ2yRA6gc2U=wxO-fd0yeOk*70X^VR2 zOVS#Py}6HTl2f8rddpt??X%{ris_`A1KE=w%EE4*c>)lto+>sFk$>|#D+Vd*u|5gy z1}3!MvLZy1qx6^{Wb`(GSq`ofIg&e1npx>A`WKt8(5U$-Pm-R&cL|Qi;n9g$$vbla|0W#$cf;s+J@DK5hQg;DTwkSFaZZIF!W?I4E9jHR z15&uB=>Sb|AiDu_-_E27qZV)Di;b2lei|%Si6-V1mj9SzZVL>D6K&-9J9gJQARIpU zc`a1X!%s8V2I$DJFl&xqc0VQ1)G(08`sDF$oh#|xxv*2oLD6FNYhw~>Bmwcj4~-os zv13TQt0PIj>vgq3dVe0W)I*zEzJh{nwZ<5t86biwZ93RzWcWB#^~*pzHTt06?fUDj zLw7Udy)r)Et3CW8Qx88&Q*p>$7b{c2nylSwyRREE-f#>VyO~uf$o`8fj&9#NnVzR= zG_R#VINXhiPSS4M2&pKyZw&SGOOooYLov?87n?-UXgxeQ*!jrIEHGz#$42m*hI;5j z8PI_zKy$Jn@aup+L>3!9Mo?q)FJt1wl&ub!YpGodGTaT+)Wj!O69?^998(`Sm|#7% zd^Gv1Vm$T7PNZry?5`zC@~O_%ArTRjj6;`|jeBW#2EY(o5p*c^g^Egu#&=V+T0h+E zUE22##TUgLjF~;tH54aTE@U*6Q0qzAfvi%{bN?6H+0--p_7y3Bq3X0gDs4(A{LkQE zrOt)nRvjG^1MT*pjmlXQ0x=%%$O)D6`USGnkzEvn z-3sN054yHyR^d z9UCMS?V!r}U%x>lyia#&K*}6&C#Iz56K!`@t8ia-^l9FP3|9en9r*Vdx9H%*=h_Ze zXOyCcg5TxY3#5~jPdhVhl~0quJM{Ug!m@<|Id={5xWWe|r@h;-)GFX5iT4ia_jb0` z54N^`sxb$#M0&?+$MgHS5~KY70oPV~UyUC++atHJPeFo*Hv=D7b=S=bFztZszR26t z)m3A#u9XdhL!D`HJ0?p0y~Tbm_);sQ&L#v?IULBM^fS5kpCM>LZk7fqpbB3b`GSIw z7ZO3w_q@}1mM9PRt83wGX+rmceky$Ub9W1R*BFPZ82rIE-s)B~Db@XzJ9*2~Y^TH-O(XDRT88Bb+uV zRtz%@_W8PndGC}txweuckepEP)86v;rijjPwP3ITV<&;xtdqH=G)s*@B&3e1N@k*++H`nk1iAh))Q zo&~oX7Cj_t&a}UhSb103jJyl+s_7LmjOLueTzOgrpds%jzdz+6`^BVaXyEK~+vk{R zt7uWFsmO$-fB!KoHQT-_@Cki^>c(4;ide(PN3-Y9SW-5Am&E3~s201-40T#UfQZjp zC*)trNWAyAr@(55?ANcX$<+guCrdvZ*>j%W!BtNBMt@JzZg}9U*VXs93ncsKg-W>| z003uhr-{tE8eJWK``PB(BBlEW!!KGDSE2F5L=D;6Q2ib@IOgV+m_f8=2_A=;hvYiu zM8uO(nVDUl+RKy?qxRpO5u8YQ!gnX;EcA?~@k>j3-9Sg?XN}LS8wNWZAZK^5el5xH zqTGCy^tChg2PFf8Ldh>Pz0jgk5TyAMkT;b%B!R~B0`LK zFDXQkeGAwkV6W088P0gg=%^gWgT%cz^_KR%dU=c)ipOUWE{qh_atd?!BxVQ;bq+#+ znf&g}RplBTmN`!Z!V;1{j)mTNzA_!DJ!)diWGA7!l?G1O>hrmK?Eu#c6lt9Pv1jAR zhoI~H(gZBZR(?y9?2@kVDk#N0gbBl}V~gRC04mHk0uR41ooMsvVe|>cXg*YGdF@$! z<+#&hX8w*8+Rj|^h;CD0>@X9Okib?n17*eatzE~e8no`^pmlDlV-kK+w6XP+P-=*# zt09n(RgI>jAN)Z>BqyP*n!!1xNwc8%^SlA*jcXhZ`#dn@N2i-=nc2bez>lPnKRn=A+BDjK9Lu#_sD!?EwQ{(@*v{fB<@G} zoh}AzTtrY>T=H2DDNK#mcb(FhecR@!wULf=ax8%>$B;wPd5Y#UvY53bvwC?p`bvh&dDRFt(^R;NF4hbz}RshkbJ@Z1cuEs46#e7i6<7F3zyJcRx(Z- zYHk~T$r;56zi&5$_B*9?uf3$sz}ePEjG7!A9JRFp!wY+9><_D5psAK#3%xS z*SPO&XKtD~{+H_G;KugZskGEqmaDS;xBqQL5xA{&K!|E$MAD0I-H$CqFcJPBG@QX$ zb5D)c(<8mfqPR3LqdC1ZXAPwLylY z{kEXvB+jCRA=54rqDl*J*b)1H>@kZKShWRSF#PvKj`sHMTEI&pHuv_oKg1g<6aEnj z;C{~N1d_+*udeph7{7cu-Jg?=iaqP>=s?D2i4yj@+AA~vo9Gqw%PXU{f5aa)-Z&2y z#&j+X60OAqg?}k{Np^yXu{29ay0n-tHNR*;=n%Wy>FQl-iz2{E(sPB_Rc$by)A{L6 zYg&U7zl;m#?padG@|-Fop)EY}LrI&r@XW8lGF1&t^JMkU8nYUjnjAIGrLxADx&^=& z4t5(W+l}$Yb$4VRoad0E$45-<`m)`QXx%^x0nbrU8?YlJWrUF^KoIgC2WBG>9z8{z zV#ldD<;0sD!xJcAy0`z4UZs3odw@TqNC6z9)1G*Lh>8jKo5Xc56PIbC!1$oobS45e z&AYSgO}dXF;W%h@2D@98a@tfH*$_0MM4yLO-(h*})|(tf>Pd39wrgtX%75=MVe?Fa zGWi*u!IbL|=(m|Ta?Q}{Hko8QB_@fD1d$^^{NgQo<_kPfRq`EZTl+Z?(F$LjGmhlt z;fM?Bt2fi6M9|y^A1%a9vLE1z8u-1hW}P-;%9#Bwg5XewulrT$>;bYUh=|iG2acHoXRpd67NLIQ(sq+2>VGBD-hQZR3m6TxG9r`~xN(ZS*)S|64q8jA_v)fnxh6wBc6nV%9g-E;2$L z9Tj!d0J;j_&vAqMerJcUmEi%1%4h=Jc)C2H)C{Q_*XG0N7R*O#*nA$8=-Fs!d?d8M zJN(#3%>5wpDD!(`1!k`Dz31J(fB(){+ZLZWT_SP%Jahb-=QTg|e)mhkGow1&Ejc_~ zDLA76tEXE*UsSSKqo)_dJFbXMO@Deh`2MaP7Cb}@6BD%+L)K1Hb8HelFzx zl4|DDfd2E|iqWqn$DOmLF~67Q(tPwi=0rzJ-oa2~Eu=Q$)|rJrf8MjNl>m|Dt$!FX z#9gLYo#qEeOh`dTvcAP+!G~$&_9j@ z36I*nJ+(W(<>|u$W0qVujAi~JEv6X@8MH-{G9;kQOE_Ow$27A0fkC@)G|9IvSxa3q zJh!6aQ+`E7@APNQosv?<83xwvFe-U8?uR1kyqkE%fwYpA12D)?TS;9}(UD%aBI5PO zNO2-FJ-y}6gwL#(7m@#9gbl@k?;zN=APX)M9{1Npy*aKP0jad_bB+nOE9#rer~^SJi!fqTPzy9!P8uCe4#|LYqrbFG;}?>F zZ_CT${avOX^aTqEh!IhKGFAx&vmQeifZjzL&HpFDP*03i^bL ziZaOt9uq55SjM3L@$?EHq{)o49+BP#c%kugA zIkwcCp4Ik_XZGTiNjwoy9f?hi%$j5uN}WN*MFIdA6$r8jYJTbi2hJ8k+P!5VQ%{e_v@dE?UJrn7eSmvs{PT{n6WQ-h zzw3Oxn+;*;&wCO-6&A|^weo3L~%)m=M!sB%61P> zYG)cnd+f>Ai&8y_VMP~q3sn}N%-s~UB*x?u`J)hv9*n|ZZIFg6gI4qUWwd&~;y#6Zb>Ciwl zC{nyj$&&Ng9ZfelE$u~acasI-A495Q0E`i$^{rI<}s89&-qtxFWNp-&i`8$`y_nbe% zz*8{4;mfMfI5;2kElpkglKR>rzQ)Yy_)A=&rvWiYBHrldFY++=@)eS;HP;8i)6?ai zZHet;XKRS{n^)+HJq_m${ADaipugSBpQJpmEQR0EZ|`s*RJqjwB)$ABEj`Tq?vWxR zVN8%{(g8eO{5?g13v2{KiGQ+&5`?Kyz_~2;Uc4^F1~z~kNhM`Lm%9PGGA!zMdMfYR zeeN%0im<*cx47o_%*DfD_t(Wcy49J7UFaUkw28>~u29FwC>ii-pHA+U7T9j>T*}c7 zw`PDra*-MaV2jgoB*nE3QyDj$6@1mBpx8nk0K?hc|3u*O-}!67t$e}`El-6NU4*fl z6g_6_ICeW#A}u#@f2wz;*9gbNVrh{Ru=!Uc5317^+mtiXyk=<8@aM8mrEX!xb$e&8 zV5j0fm98rNa?LO^-%ZKjbF~=)S#`=hlf_hQ-;4<`UjjRoK%;bTv-9r5DK80q{0IO9 zA2*veRVg2qiY&rhy}vm%M~gg60DtF4H?0oP+)>fR0QR$B7iTj*I+`q$sFya3BOeK% z32u}dPRKjViO3sgl3{UR1XQlb+?BK&i7K0v8hlS(&sWowMzAY@ysRN!=lns?#TrHT z+v^(XqubH1o~34Is1JHxEb!1XW268ft=nSRWaQyNqmvNt{pfL3`y;x?C^!?{<1)@9 z7MoQ1>Q7pyq~LtTMaES|YPo!R^U)Q`SL3S|JFgQ}N)-A0PU%ActUfxUoRf=CX(0%C zB_tsDmHkkOv{V;&K&g$yOrg*>kgB@ zgz_9pmoD=rJouV&YiV^AFQ6-1O*=-j;`#(?k@4~V{(GN0Dkf?V>jON&@0+zQXhC@R z(4ep|g!GB2F-+mp%s(s`(7>-OFlpy}7<7h3@hQw>9#P=~2a%-_>T^+(I0LpI(f7 zIp2~qf+FO}K|OyuEIfTlA^cK$Nju!Eml6AG$>MDcF`h96Q5f+KBgFWs@(!J1Q$bOY z=egQ(^Pm{{X<&!zx!2~=LR7`rNtY+f5B4ICvF2kE0p$b-U@=T!sCCAG5y4D}Q>kT_ z`!tn>r$wL0iVUo9N9`Go_^<9=dP}lJs8SL&fO#hjm_bhxH1bkjqM*01W z5oHW_G*b@fY7V>KG}f`sG8(e}{ylW}!~VU+qmlK`yOM8uO&4hiKOKvqB*h)(ec$I% znd}7oZlIx|v93}#XR{xgL&5vw>JqQPz-=Y1eBSyL1s5&hc!5XwX@V8tiE2 zjRp_!dXNF1_^lP-SGu)l6dd)|7@7Ap!m_Gn&4!w8R)5o-m>Oj-JsDDO1d5YueJAEQ zp|ZPx0=^JE5mSZ-858*8{^C5}_=Eg?zSh$4`bJ2|Zf~q`(4SPin9X7%q5|uZJa09| znBQ;7n~$YRT;@vTl$K;-Vj_KMX-NYV{QCjjgsWN^zsm{T`+6JX#xYs|vg2V-2_X=~rK2w=Lp zxykUmRHCY8oh{e;I3-7jXKIZ6CnhOTRm`WdPYrovkKwCn!<0T6L%2@WztZ%a94dZJ z&N|_S=Ik&2;0vgIv*4XBHDBucS+$*I3V#`-p}~){KZFmnCuc)laX|gZk!+Jb*Yemd z3r1$1h#mHZpaNwRv$JDZH}{l4&?jEc3Ysjc;ffDi347Da~rjB1SZCxzLV>t;DM zNtt9?kCc0(i#wtc8j=973l`@6g`v;D4>In)f18^zS6kZV4@>!ePTKR$%vHh!TsSB_ zMId3xcOl!fKl&dW>A3XK(HtnzxW&1#=0fl~fU(1T=m$W;o)I`}%S@eZv3E6$?peab zQdD6Ms)CUQLvL+=Y5F`rTz6fjKTjtsG^ZG&*_TM6)^|#}zXnu5gf96h!Ww~h%3f3X z%^OHyC|m7IMundDq@1QE&+c1eWgT`5T^RA*4_1_1I9OsAFp_KMEt4B$4)~6r8@p&6 zR{$e{1RE>dqJj2e>*1HnbPaetA*jd%{B9Cit&bIwbCn^ndjTsO;1i4l*_@B0@;s6X z`}x2PXJ5BIL=~0LIl*7q50XueAu#sk`H7=g0UoJpN=V3zva1;uTWitex{!Di@P;ie);JZbBB+QxtTtaqfK(pkChuDZcMor;?IB!UX$4-*R?9;QURkSD zh=AO=hNCuVff!hn^V^QZpiA%$_Q25a=&P7_(hZ0HP}19DLx{22$)j!tF1fAd;?JLRoV%d>K?sNRNDE-j zT+a$T2NUe2M7Ga$zLMPA>&qx=+Fow_A7f`36-N`TYn;I?!5xBx;K5yjyL)hV_rVG7 z?(P;Gf(3V%;1b-OptqB6-L>xhbi?z(Nsk||cL1GtOfDcp_c9N_*+6A>m!GAjxYe^A65}(Nun3ge9Q4LrE z`Zl4f_j_?99i?F z!GI0zOsCV^gVMGl5+5tXVD4a32w7|cP;iz zz8^(ReAW8uSRPz(7PCs)pUOLP;$K6Q+3o&RRf@;tC}x-wayy&zW1~#P06pT1{e>}< z4HkN23cdE;^!S#<=^Y9*o-(yF`dt|tqWe`KUO!sFIy%}Uh|BGs2s}Yd+@3O)%70pT zT+T*dpGPFTecYRj7@L$-L_$ow{sNdW*#CBz#9s!R?>ep|(mHd76KgD{e`q=&AyqBA zR%NiD+`OBsT0T-z)zL_m4qd+)!@PPnA)Y@{P#6DJ&Z12EfC!!u5#jVDqxO8s@x``g zUwOAe9t%i)iU~u5>7jv8eFP_GXWo`Rw%U~Qd6@Nyaa6~6jSp~B%Ah2})GbN+2A*xU zotEbNxx?AwY~9z2QPb4Gk0(x|ARhtu#ZbLS@eMdgJoeXIx}m91LeKrOq?)&cdo*|C z5M*E$EDCqSOii?MsQBJkGRrG7VX#{7$Hyzxq46O(CLUa{D?;B-2uwinMWU1x;^(H9 zCzZo_PV_Z<)e!}CnX2K%)(wK)IhOJd`OM7EhJCfiz)T{;LH$DzB^rz|=K+1LQ@%p;Ct~>psLY2fLx+e*>`J(gg6Wi zIlLZM76v&K!lhe+;7dTDS?&3->9qOx;;)Y~9-1sZ`R^TEPZ-pY);ixu$~+mFDJ3pC zfVDL!-Hwwt%ylS3MIl2BC|Po)kRy(Dbaa|de}U`GE~~r_RlQaT-%;AYtb}e#+Ar?) z^tqJrah+m`qY`_qI*cUJmMm1ctksSEGQrXr=%)mQF`~BX7}X3u^0nU+5#_{bmg*bl zioITI+gVaeOZxUO9!P$o_Bg{NDQdWp(O#0Y1&l%r3LuO-4>A}gWQsT_wCLJ3DwVJ- zKz|igCiT>a$w5XNPqGFRT9@ek_K&G#&hay0Io-%z_#KUouYk|#{AzcU*Hk9QcgEw7 zopxOfF4-l<8+kQg)ultt?6NN)Xl@f5_^FaWxcmnTm?cC3_TSTwTF^YCTEauJ}kksV!7;$D47cc4H1WtHM+T*2sz6`56PnX>{4~OY5NVch1J#@C=Y zB!~q2Hnq~?F#8eE&VC-v;Oh38*CVoEzRGLKPZb2;tReW>Jb!e@S&?`XFsej{d2(C_6Appc;fm`Rt7nA!rO4=-Fo6p zcKmKzBi)f>XOqxXZ?bK4W%#l@u`kbUP7@&^k84z#Ie z;7;ws*ZmL@_MdCwxi8GZ%sYGDR%*Vg?Q8#Ptbfu1w&K_|-YsMBX3 zlXJPTQAT_3$2OYAR@5vFI(cCW&DZyoIa*BKFJO5D6wR^){lN>03+Toxq z1bUeUDj;F#Fk(_>Zz9VpXgIOr5XiCdXG}AiSR@1)p-(@u5a9&bZN}@qt=sC=2o{>D zN$6R?Kl$6j6lNVT-85P945owyUVe)F)>#i86JK@^3b<9;8Nl@k>A(8k;Idb@{Ibr7 zzjToe$_);Mta?lv0Gi9-MfjcQO9A;z5A=Zs117O}5cbb3?!#7Irp;}c9O?T{TkLGA zuq+lbJTrsqk&z@}Hs}GhAD|?mf$n4*)Fjt!Z74q(7@Y#8H&?B(90;jRByDxv7ux2^ zk{ezAk+^Yo4UCt=`Kx_v__UNhH!J0|>1gVs$~A#NtCqAuM9%+Q_ruyDelX^CYxD)MmqIRb&5Z~ zFug%Dq8{iYuQw_&c|U*Euzog*Kq4Hck8~7^!ry`30^_m^VO-Ht+-N$~-G^rJ`B=Xe zjdFMj#7yR{V+UY^kh^nm968=j?W~}8XJ$8=&XyaGDbUbjik2|_De-{od71074dej} z1jK0BOm2_nGxm9&GOX8#qF?%QNSCC9?s31ONX@Nv_Vyy6nwQw)F7Y_tqz;3Pa+opS zPrcfMZ%2l|q`XXw|L{4Nl*SE&Yo3kR4B^<FEGomzJvXZTGwm%#Y2$urVMoaUaY4 zum8gljsomz@%Xin{Y!O5J}^&V;wV;wn)mG;DyN3`Y%qZiT4D(EX5PoP;nso|eC-vG zd9E@Zt;^W-G8?FPR|)5vWW9_=^SCb(;2TiG@nYc98sJ$&Y3?Be(yopVjfD{nrEXO@ zAok%%jDD(EZ@Birw5A<5W@%ig)@{eYrr2R0k-Rd+ZszSYKWYS2fauu<9!J*;$wJ zw(CjfYBso$>ju_tsn&p~b0x44h2N004455Y2mW89VNgB4L!&g#60kKHMZ<0mOeG$dGce3uejc4K=HU#sp0?#>B_x=gZf>GGUu+7A zukxWv(s>VvE1^7wP5x(4)G*%fsa}ui7IcGOs%^?s4`FI+Jq7L4SEdTEHiER(dL)z0oDStcHMolCzt zwGfl#>KQq|=W(LtbE+7$p%Q?}(9+VPx+FQybZ`I@3f}^Q5=uWk!p+N$+twV~1Zql3@1jg6<6vt`PQ7iv{JydgMr z8ba9e3YSry&$(}-59aNusih3l%ntMiie`S69<|J*y4?7&u2qd;QH^AZ>dNSQw9<*J zzO-O2ZMO}h3z1r~5d9#2)LtfG5sO51&k>h2k5Ry*pXbBysB-Be%Deik`7iHkROO66Cr5#Kl7f=X~7rP`@;S-}pe^!SuXQ&p5iH z4~J71e*B)tj}p1H--UU_ltOpSBzI=5F=e;}~!-~`(31fsC6 z-iv-G;R~zpMvt6I0j#i7W}s-J0<(9F8fSJtqTYh)4JA3gRKDXN#&v-Y)rZB?`UF!k z^vh${vTjm&9!R&e5TNa2%K74fo(PVLx((NA{5;9TYL{(pZT(oD=HKt6tURlt!4|Vq zz+c_cqOsE-fnyVn_jJfW>zk6q{K=?O?frhl0VAfwI06J}6xsb4ouucec2 z)T8Qi85{OAQc_7Qxo6o*0!zBO`g?kcWq)i=r@r3G3GUQ;@DcF}^zZ!W@~ck)x`Z2) z*6j@1y}4;t;ei3}(N1E1CyJXS7!l^1cfA8dfYp8Fod2CFmz5(=5#VCof+8jJinlu*SCHb_N&OK=prEeNVdcAy+5;v$Yr6%>i!mVA))Eo@_T^%G1W=BR?#-CRSec0QT(#FeFh9^d*hbM-oP3yTT z8*X$Op95y(UxQV^il&%GA})r;xxy#yjXPi!YHls5zHi`+>?TAwJq*!tgifUg<#FD`_?+mlC0RRSg-kXx$YH4yG%r{89RvcOq1d! z3KSJKgdZsaUhP;yU;U6#*e}*fN4H3RsFQWpGpN8h7K`CC^1jR@L8A2oC&qVv~V^!shhxcX>I}pXU09W;$gd zoU=h3+wB6t*Lv(jMrZpLhrW}U`D5Z-_@V|k0OOG#Hw5ER4n5q!obR9UU7vC#Z%18> zkOxZ{%xWPMnjTzVnWmwO<%5pcMTINu60NK%5-!d89Q%`u5H*IRlxxnW=sCvv)#V}c zYUJo1970kF+Z9CU-MQ%kD*p_+__XjwoUfXAGZs4SBkvuGY8{O4fSz6*S5R`&LWXgGvYcsl#eq3EYP_IBnCc;MsG*ei^Uvk$nsoV8 zrY+u+Lz$G|t0_3f* zGJxs_+;myG3-H?2zZ@%E_b9E10YmwTYLJ4KsphT6+YgNzECVVoE|2kClBLm6tNFi% z-%Vps5IzpjmM=sP!n@j~GcaH>XGJ9v5ZGEuJHYqSRz3^BQwxWF(f~bu#t;_JP_n#T zvGK}&_oUN?;sjOYb$jHpU(@C4v7OHup!kj!j=Y3gNV2sDhzx^NOMIn4g zACN^z56Y(>hzU=-3H8!gtRlX*e7v_EPUCC~W?^U%k#JN%+U6}7eW?l7c5GdZoENBl+l0NGFG4u2}dVn3WjoRY6sF6mUeIM_tk37j!gH`zt1#v8L(s) zHl(4B(e*hL18-eJgG2F)OUx9Jwy9*(ojo6K4%Y#jdpqsPwFt-nS4^T%u<-#HWwIJ9 zGHckwr`!{U*Ix486%MQ~Wb#>lYaRJFU`Pk$O@ctfBW>?e)o!YBT6WrD9T)(C>$|`; zgnu5lH=vt{1?A(c_K<1NcY09!TdzFT8ZLnarPG*uGw57SjY&_GzkoWRGmJ9tCnYah zpEc;{U!wREhON2(hKc}+9!udJ-JmcA;G&0d_E^@%#7t^v*zbFsjDRMMFy>ab4WP$% z0Zs7&zxGwKn;jvDPGYsItKY5mr$7(j`JA!bBl>MzyXlqP^+bb&Faj{_1HAw^Hr0=M zo>sXyGl1g5hkoRb{eY1otL145n&4H4+l_@W{g0FMIAq5-!W|C9oV&gea@R2zZ71aL zE?M4IEsu_uC-W-cft=jl!v%%m{5>=>_wVm@oZ)+LJtJ{ykmrn9cCAj@wG(5A4U74` z6{J@WQS;y+AUR1X>3A;oGQdCGe7a51{lIT8Zf>b0(KhISap`X}T<(}5&;bt4&d$_; z;2JC-fluOneJ6eUbur{3u+HSLw1+Ak`bobZH?IZ~a_L@6Y-0SWwe=MeP0OKG2Uw-_ z3+B;JJQCNzWGt1r^C!P}(9}I}y0Jli?BT%L`p{m;mwq&2-dgZAFzM7IiTsLQitEwuhs%|W{wqTW-}K+($yO5)Q!i&|~nK-oJ9PsNB$+xH!apl~yOPfYly z{ANGwZ?H(%?qFev0YoO@cwjmsj48*2+w0Oci0k^pX~U_cHnV zK-~@NgjEa^WtoJSkA4ElD>lbzSF2&6off_7ka$xvfhy~8u1vY1b`p#1#^~?CjZEM}$SJqLBRdrx6VrpWv8&A~ z>b;^OlVuqy`C0#5lG80z%h z6oKTu_-lcs_lX?iq>%z!^8PPpTRr`?yfP^>IvW$@K?xOwEg<#x!$RPXXYpyfp^hi! z@jo0^z0*KM`VtVFK}^JEIrpLRl{|!0@BNwcsXMD7DJvA1z&oG}upJ9=b&=EFKQ?VBMa#58c;5C@A;&ed-_uya;jXM6ac}o2vNj2Nu>LBkldR z7th9JMMXgV%XaxLbZzaGZ-4{;i zSlA$w25!bDTwY%Gs1?KtV3hIl3ulz`6a*na1J^EALGX5IZ0r*(YR?K8sR)zr<4qa( zJs}WMX9_7KUnTdIMzK%;{^RgK$g&C1GF}P+yHOeL5nX9x?Np+T#dPAqQR(voi5Oy1 zqFP+g@1I9wm2D^c2*IjhHCMP6c(9dyh0a6_&G^~cn^R^iX|e`J5ki5XFwQ4S%maXM zNm*9b8nm^GASetGxVmIU6+ z)n;EbJ3gXeM!wM);g&UFi$s|Zt8PMMW>$K;6iCDkII`6;MHr^rOfoffiU5L7t{tzI zR_AVbchzgwKYOU}2H(LQ-OHtbgo^FK*w|e1}DPg^0nY_8OE6c zA%&15=1BLz*v#Z)Q>aCfFD0oa#>Tkb4~@CymBqz6^CL648sgfTAtdo84e2yP6%`8> zrDZI;q@OA(zJJS(W&zavDnlhSD%Es;<_X)rR}ab3?yeg1)*fb{-%;JiR&kh_xz_x} z)gKOwZ*E~;QoLum1NzH<(BJT zLz%Rd2DaX;c|i?HMJDq3z$-p&18fQ+3;G)-6ND}dBBN{sdX9gkvS8rl__riUkK79e z>YxitSpIG1Z%GLWcmw|}#cTaNW}p;12N9Cw;9voPWj8Tz4%1 z?dDu}omioN4Y8VB2jb8|K;Y1(2t{ZTw2^O$?@^AwDcSfW>yZbv!xRRF6Ea$dLvjR7r#`p`Zo4HR^(O| zy7wz3fZd_axt+hcm6_h%Vaw8udX-9=Y%wmm=PFmJQV1@OoD}XXD#KLGRXe703|+0qczi$k{O$fNm2mL#=ZD|5402`D<4K-S z_*gY6*s8?yN@dS#QZ90_CCA=8RSBgl!wqtG4dBX=5yI?uJ6Z3Jv*!AE%F5i7SkDVN z&kOg~B`>oj`OhgWWNQkO*CnfdBw+qX(DI^^y*o?P0ZY-~J>;?=d*hoN4&2vS(vCF< z)~lqaLwF(dR?S!^7dy7LCDKXHdzS{$;qfy2AHO8=GTL#n0wh=Ffq;ch;)ouN4z{zQYXSSf@FP+J9emSO3LBTT$hv#B*MFw=PKp9CJqkwbtKtj%DKUZxO#&xh< znp?N->{ik|Q@>i9JG@V8m|TV|jt*3;+e!7@yn-oOky%dsycT;XK1mJb2d%}4_7p0@t?){ftTg-Ls?KY*4}R4v z$k}{|_E|{6YY6XdVVxEr7=Vnyt=;`0AKPp(9KHD1Jc%86{B&-`q|!-I!N++|TQ4lB z&+Hma5bHk><#^DN+X&XVB%O6>mUE}gdA|lt2pyGNdSh_IJAAGB6Hs+|RI-3C=N7DF z(Wg~(`Ngp`QA}W7DQvSQ*cibIr4VPI{FVy-MeD>@f* zCGWmWlkV}nd5XYU4cV{(wGGGQk6FVu+d&JpqA6IMt;mJxbDZm>2-xSuk6%>%GxVPf zh)WzHqu4)&eos>9o^ZKZ$ewzrKt^)qqYviN@)p$lTEnWEE~2Ez9OYMB0-KJ;D!W$R z(A5gj<0=+9u=&nZf?qEH`86AF~yGxvx+Le2`rOQ`+mUsKxTh}=VbRsZykE# z0=bf5dh_Rd^053t{0VM`q+JQ%yv;u?AtN>Wd3G+0w0X*$HNO3mobygo!^ti@ExZf% z!xVq7ehBN~ZA-t$uO_3$^>Qf^*#Bt+0y7D{dGH zJm6>)Jy}{AAbcbIS3h_Al!dsy`RZdV;#lHVx0z{V><(~dkADYS4MN|v?`vdW{UTYD zAS({E;@KIa6qhMuhnDWDw;C{X`c7bpfQ~G_ZGvKJ<0X$4s;p)0H25v^vktX}r|lFECVFvBiE z*HWH{zjahsb4d#>5-ar}OxuUi4V|-7p2InLnW;oRFMM6^zmRjZNpWeIkCLD9pK;fl z%`96cH%)4?(b1_O=3GAtC@UnYVKZ#=-GN%~g!c@adCt5Vr+jkDTi864P;e%ho507l z3k~tt#?m6FdXOgFm#y7Z6Z{Q1Wk^HM4*%yoI#*sKUz>uqtsrjN7qnw7dhBCP?C1;$ zbxrTgF*6OP_a>RHbl=;-sA-c*Jm$%cpVE1xLr>+fz*MgxPhWgAERna4pThR^7BR@}37?nncUOl- z>k~etoa=rcQi3|mI1?}Ty$HS*)+O32s*dt9qlNzBgZng!RF84=<#9|dc|_%pRQ1TM z+Uhmp&HM9{KBV=KbTXnqjKCB3*5g`g3M9m%ShvN;8)u%BxWmN@OCL+ITM<<-s*&rj zkW0IjPjwYqT+7eJ`Ho@=3gZpMO>8xvUKkW5`Bc!*_~RP84AbpM8;{{2_(2^g%UO`F zfE2o(|6MctUA`AY{8x&noT=!n*il&paF9I}c_VS7Gl}IP%YcS5u8fPZc>|tjqC+gQ zdq`+;aa2eR5f>7M^ZR`#y{A^bnr*@~BBJ4UG>KCyi^Atc&?4|17UhAMYULJmQ#mtW zxFV(H=E|tFPb@{+AmW9YZhJyuXXqPV!@7Lgf)xD|9bB;3$3Ohp29DLq;g^ps#bcG% zw_--Ln5xDx6N`!Dc-BQnKm?T(`9@r#F~R4UG3+I1?g)dSTYEj3A9d($&B2;#uMnsn znXlQhgADZq)o8-)=Fd^5NjF-?6J4aE=W0&FZ((wcapElr8RIy?A$>pg~7W zGpNTRoY5)wCpwtmk6g5DLIjA|$Gs%G+-|LHLkzC``m&@vT8va*`-h3xvK?IP6}vEk ztUN2{q8+`^I7%X@{H~Z=1Gc*yN5QdS58WJDaDHygste}B za{j}t;h>aX7i<%g8Y7xrLfTRlJ0+bbjxp#K+wMMh!nB8rl`4}t1wEc>dXS!NTJaFF zJ_AKo3N~hLcsf2hBY5{kzFf@;We}UlQqr+^q0|wcEfJAo;$x&Hb&!<7jcQe*gqzKv z;ujC(;>wI|@E94QBH`CT4o6b7W0M%}Xu1}5*Q*+IJ;!_{@@_1=T83HV57sWxre){Z zib&eBzdOC#|IA2tSuvdRC9vp-mf4ce*3*8W9{ugOrzMv%QS9$zUQHz-4*&VraA~Ee z^X$tM5>39e0^Q|7j1WzDOm36lo72?30e;yyYpZ87)MzJ(N2ZckT2#Yey^7pQX7;j#Jiq}q;I3|9eBLa+;qlP zY`0zr`ik?9e5#>xtzS_&{FI$*pa*Q zhZ>_q0B(ZE#QA_-tnb_Y6w4LQWO-UW&6ogKifkU4rH5mcI5Z+e6&oOPS(IdB3;0c=?U&ILH^>FUgC^rltZZmP_OXm`prU&K;%600+aP6K{wreDUi>FAC zZhmPTPICI3vf}e5amfGfL0osvU~3Am@CCc!-sM>Z?gln-P!@}DtP#xKDmmt@7ii{} zOq!D7YUt?|!-twe(cg~-IFjN|Jbk_)9Jw^b+VORO_n2&mmJDTLA2CLE26<*1jMqng zHO_T}qKN04>S+>NFv4R)miWwo%k#^^hxp?&!2wa?6{X6Fu=8Q7`M~-b<$eK;TQArt zZqg(6o9zn^XLgm*)DhCw^Lkufwbc;q@nk^e_OiTfI@I!S|Bp&?^{<~K9vJLAyTUGy zbFipsRnMGM!L18(^2^28b}Qrz%8+ND@oNQh;!^VkkmiKjkJIvIshxBamEwK#gBG-< z<=~CR)1qqJea<;qYaeKr+!`C#ee1wUTnzU@N$5y5!qkBvWsH{utSIGJocQ148wG?> zV#7g=hiMejlhLW!^A79dY(WntEFiLE%zSstw#8xf{)KvB8@g0wx>Me^qmmbM=5)s& zGVD)7_lggX2DlF}1hKnc4p>r8*jvh|trO^F1ntbG+}iUvJ&n-jg2jGdNI`;`v;9Nz z83yvLBf7u4(#9L{jUJU>eFK7*e)lfqGWLeBq-zjGU+eVpz6pmvEMfPg7gM)g-@+_) z#VYx4qBTlTZ52@_Zaa-rHZHFjeEU#MZ^eggQ5-V{3QsZj3M7xZkXG4@ zv5q*L#wFK+>dBjL80UNwkX(k?Wid>7xp-^>!S-LBHk9-pI59<+=R zhV?`c)%?0|Rq1i&GbN12Yox4pvnpva*>x!gfB%1_Va z_#^6~|E8aUJ03siH5SQI$kB9F++!~lK`WAzWp!Xqzhg;U&@LPHDNF(rT2iQgAgvq^ z3FHUGs7zuS*dXCu@}%UcP-s`-$MxFTmc=>0+-yea3yoKCmHRF~WNGM2qx@z7-@^B~WZs zv{K^CK|wBZ>7XzTj5`7^tu|U15>zPm;gu(H`(=BOt}A&34T%~L&AYdLv)gH;)o)#+ z&l>1x)j@j5O98qRRne+BEfvN6}u*wzt9t{il3hjU3%iibohjyaM$?Fj)oz|vG#7`@`hi~df)Z>P0$m?9uPiD)U!~=HX zA*%f&P=`EIkfga#{_D}def_?zn+o0V71E*lb2e6y)$QX#%`zP6n^ROhTHzj3avoS} z6k+kk$?b1|VaFTV^=%GvNAq4t|5za#3YbcGx}jP4qb~}4&uzs>PY%9aNP6186y`GF zqax-P4!bp?Ux>(Wn^#0gSy;{HHitGDx{>kTHV_65`XJD>peWzVvfoXRad@~fTZDDk9`Cw$ke-QYE_ICDB)(|;{YBdx z+42;N2KI}p|8ncPmXr%mirk$J1z3qK&gn-JaxxakajdO$CZkZaB(11frJuK0&`9yN z9?4%Znz>iAcu>lap?+$6!JRGner%g-=lz&Q@j`HW#rC*TDoYNN!v>0ZL=UeC8y3^7hC6{>QfY2xe3J9MbDHRytU~5xC#{_1mA!NZEs{zS zqr&`xpw6VzR+J)`-zkkjyDr%ykrT=8an$ zew@3RI>%j8@nMJ!%pBCK+MtZSxv~s0ePcL@gYA;mfBD+IQ_>5rqyCwWCZet1w6ayM zt)C-aI)8*}O73lyp9b2nmE{r73v3cmcZ*9W+3^&gp2WLxBH0!`M4XDt`$|&<;l1Ic zNA!-cvuC^ZK~~_7b9Fp@VKLJHEGK)GZyTfKGx)n z^XY>Ibp@s%?_xT5d9pCs>I7MPm8v@Q>w*jW7IXicFOQEWPF8bL^^knjc0EUp*#1Tw z%Ukq=$%ww}_ds9!AIyWlPHb9or34fW!szrtRL6LD54dJZ;uXOi! zn7e(i`7Xu$eSqAnk%Xx+PrqRMaKoN=rKvCeg^`ZIB|7w zbpsD_L3}|Qbz8csbW&E%3Cvna3`Ig#X=tAjzYW)PIbzr`B{l4|vvr{fb~oj=R-IlX z!l$(-u)OhHr#@@ZOvrL3Z(`VB@RYk$Q$tx;1exm`&LAF+)pqx@ws{tcRvQjRCxO2= z@~{^gh8MEt)vw_}2cog7S-JM-8&IW|p*)Em1l=0sqa~oe!^@6s#{OalSw|wX$;SGLi%KDApb$<@4?cO=Xr~M(i zh)WLVakOORV&hG|^&6Ik@*-t5v81@{6I+-(n9~DKzH(bu+x?!EJ=(0k{J!<0LN%L9 zT)%PHH&#Iom(Fwq20ZU_TNK0MHB-JO@G7@!YT2o>;8s~ zM)u5`TLt7tTVos%`6b;6CuL;a;m@WB*GXW(6jo@D)Vy;p8NyfSakG!L*lO+JV2tPC zHX{7O_c|uSxklcF(G0!I`Ye?`i@}aQXq2Zp=RtzCU_W-(Jg& zT*w`r>mr|1E_&xke8W=Az^syJk!eDcc3B!@IjwNU2+v#n=!cwC@cp*NT83EuFr;+n zfk<%&q;7RZBq{kAr%24@1|>%A2Ts{dbY}%U&?vYOrQY#$A0y_LM(L6a!|Lw^QquWH zO810dhnX6=AR2a*CMZUfeOm+lreo|+^(tQI>Z>lVlgNq@E$=NVbpSVh43#HLxE#^X z>23riGiRY2MFz*`*Z9DmiafmGS_P2j3?eaDQkBi0p^AKRsN!&4S&!A%2LDX_v)S^n zLpN=Z)*srGdWK_;mGb^kP{W_iVVIh}W(5Bwv}sa_wzs8tfO(AJsv{fq)bKX;1QM+t zj$dB53$mG^*6Q|;8rrSUUbA3=MON##W7pqTVR8cxpIiBNkwh56<|ts#2sSzM9S9LV zo#Ja%HIK@^;%fX^ZVlTYln2Y)kCgwxrLWn0EtGlN=t|~+MmiO%e|KDj??HY6?w;AT zn*!4gd$__Xq8_MyX0@%=6LX{{3#CVI$(C5~!c1oAAzk~bf2nzKWqL2H<#imt&t(^mJ}{A#71)tWf3sG@w~i5aAmopuU87wO#S zrD?C0HS?mj_So}+q7A0L#Xe4iw_@*Td9VPtnK9W~UehMX-mg)MO#`OuALSI) zmJi%i(bBw|*S<$8&fXG$v4+WL7u+v$gclfBm@P3*ev$D17!>OufkKM1wAj8IuH;Ry z^r@>(3ke;5_W|`NGaW{n(<1Wa<5O)4@c}3h9!xf>*|rUBZ;wZfOy#0t-&Q z?DjMYnrlitY+ZH~99#ZM-k{}A5*J2=Dz={Pupx&%&o8cr^>&Zk`PYUw$~Vvu_-FgIaTUKPvPIM;y|v)?Ukqj3lhd zXji1xGz~*k@=ziv+oBx`8J68NQBbt2U7Yjqe{%YK!|wxQHSDo(n3h_1s=C~(m1-J7 zPL2?z9eqxMHaU9h12<0U^DUE9c8#*7X^-uXvlt%Myp3eLD<9oL-H2Ff%bC~~x>jt< z!0>b-6__5BlF<~Lz|^PEQzV%z_)H_K2>##`NERlEgpJ4vw1sv5Ks6XK)!uCZ+tP~a zXAO_J4l44q+1Hw_Hq^HeXn;a~l*T`Y=57nXaJx%(b#8i30FDB+b&X;yxOSe!SpR(d z6bgggC>7H38Zwt83%n!2ch1s23U=EAL!{`9GU z7Z-a$32ods)>&61*Mt|{d%ccki_a2GD^$TtH1(|1l(Sf9sLP*-lM@cW!DLFGHo((0 z-7N`wv=H?Dt%Xcjs1l!^m60aE%m^N6ko@IzjrhF;{(DZb=#k@1iaxY1Hr*z?5#@&q zT~)@P!FMDt^+8a3^XZbTM1nkGAIf^cALoITXEiUO$ItaF*5SX+d^Q z^u*?t68+%fzDdW((#G=N5Kd*l2D|}^3xUj9x*HKQ$583`(zp3?=L_r!J zK@02Tn2 z09MUIFxK)a|LsYjY3)k*FVaBpbDV5a8w5mBTgo)jBT-6hFgJXToZ1ISoaSX0>zua# z>iaO+P^kYa{ujqE9BQM7_}@3v#oL6^#oGed0oVgL05}3T0XPG=0Js9U0k{Kr0C)m; z0eA!W0Qdrc0sH{`0RjL50fGR60YU&m0loo*0fYlY07L>r0Yn4D0K@{s0mK6&03-q= z0VD&Y0Hgw>0i*+D0AvDW0b~Q@0OSJX0ptS|02Bfg0Tct20F(lh0h9w&08|200aOFj z0Mr810elCj2WS9j1ZVEd#VCL8c`85a zesvlM2=$bn2u`9Lejv65so9zH!G-3(o9$HpVN3Ym&AEw+e3yX(0g-|8|HR*X)A$>I zgH!lW^k4W)b9ej0PtN8xuvwfjt&8_j{aY?jg8g^NaAJ-@jnOX|F$y)?wOF(LqL$!|2vGFNnkrk zbGpVK+WLP@<%~s9KvIRCB0T~;HJ>6qi+TOq5Xuqy+{_XB;?(!wS5`~EuIT=^C93Q- zG^*?^BB~5B2H@`p6l7Oa88oC+!@n9`Kut)r|90#;BZGzX();iKHh!>>wx|DhX6r> zy9Nl>1c%`64ktk4!94_r0Kp+h^QK`pub6m9&d<=c-TeR|NOk+mXdhQEBadW&1+8f*PNoFoJs8UgaiQc zvuAL2i15#zJu5}DvVR7PeJLv;s^c2Fx*6wOEL^6 z&0Io-MJ_(8exl?cJw>m{)N}BQ$LYeC54-0(Q)Poct!l=pM? z*{1Bi^R)W}ju2_QQd***exEX>{vz}zFt^BpgC#-%9d;bz^ujFT{;^G`dFj*N2C#p< zRF)vxIzRv0@%8VQ>dm{rQ}#Ka!F6Ayi~$GhZ!6hvo#ezpaqE$Y#rt+ z%l!LtXagG1tMMv9u4&m0Iq*-9+Mk}Z|9G($r~ltqe3|vXEz!#j7Nh+4g@2Zq#rQv4 z5UBkBdd2_Vg1~>#`}f`dJEEhP1TO{4M@=aH#m2wOjz=#nkey>RUv;%~U0uPF{wK2m zM2JA-YAgF^p1XHXjGt~)rlw9r2Ulm*5ub_4d1 zZ|>MC+c+=$TBYzqpFTUG`6YF$p3u#e~^wi9rXWb#sA)d!2iKL{`Xe=?=1-YFN*U&LiE3G@gM#}1@^xP=KoKk z|3x$KN8JC@L_g8?muBGq_B8$v5&bWk|BL^B)b?M3f&OJr0-fqsU?wcJ4n%qu43loY z94NU`^bkBzc+xKmoqrkVS@1-sNKP@V<-1|72_~hrxM0;p#Q8(mpU?c;DEuieF;U&g z2R3PYbiaWsg9;utONJQiKz8B43#un+M8N)4OYPWd(@q{L68Z*#)MaGRiW8Ox6qz>q~SyT5rG;i-T${e9f)S;js!EnZn0S5n@}214e}=LD22J*n;bn$?{fK^sTOH2~R4Mfvr%KTK%W5w;rAh zQB#TvtK%tr3d6Y$n=EO+tEynk*q9Bh8N(qE0aH^JO+}1R8Cbth`n}E?(-{$mr@MeG zU7To^a=~^}`UI5-i{n5GaPPBR2UY+m9R710C0c1{TZe z_li(ymXg|$k!Z)fOvYm=qTEpkPfklqv&@X>iM4*S_BHXj@j%mtl(e*A(%u(4JA3R z9lxbAR!>ax4~iW|1$fmnplJM=B*ET3qG5RplG|K8@vUnu1rC>b?}$B3h&ywxUfEUy z>bOJV7`#{A+b;c>a27YuU5R_c>_Zxhf3MJ&V@P zuesrFu5iQP*6FQ{YgP|hz=UW8ZE{=H%lyso3TvpZ}CyACgo z2p5)!YB9|1Ma?pPOMS@W9Y|?4;7~9m?Ot{*oZA)MT^2#Q$L4b+?#QTZb^|pcr$KfR zb(q%yLFXt8>D7ah(yH*oy6RQhB}u2BAZhYfo%TH)JTJHECGy9%^YXCP)nU}tnQnCb4Dz|;U+FH8JW2Nhk;f8sT%W<~>W~A?T2E-7 z2@&MyxzxJcFPPi|;X=0AQXAhNJmNWFzn~hyO+H{K<#Q+s+khoUOB_=kI>e1|xiB5z z)?&j$HTvwu0lvUy8a}65!^^1!nQM;{?I?L~Jx0+`U&FChz-s}5{%YvwiuR(QpVt9N zXIkw`iqxw3PqjJ11JPHxZLmNpYJ&`M+P2qRCyiV228^dW9bSl9oSJQqb1kF!F71H zc@aDrIpF1AD`y;lQK38sUi;O%l;CKt|H)>6_-W1_b}Q z+Y7SBQ$IoWwG2u$ey0f+wMPqhR9KjASd*w#%oqtIn(MbQvAhT`3ry6Km8xwJYP1oH zG@H$ickP1Wi@-2mGb0ZbAFpo2dlE+67UzM6cun(o{KEs(?4pjgE==MaY`C*acxZcI zYq@;g^^M-%!f4pA&$*<+JCdTX9uO|636L{2%O{%rnXB5lHr=yi zC2>AW`6C9s%*8*gZA{t}Kr~C-Fd2aGMPRA-nlJmw8yj z`hrb2188?_?MJSb*b#~VN+bdIgN$ottY(Eag|~RG$rDLn1D<=YP){un=nF?44Dq_6 za(l5#;v(ZFr?5eGIm_M55I@Fo2T3v0#KG6k_|w0|6FS{aJ$6HH3TnCEaPVFcmmZx; z6@i{w^K1LXH`B_kZ4L}Hxc9yIqcd3D8NNGojllU&F5ipak^+y8$Q`S2;10uD5-sMl zb@#P<+^4{>=qZPr7O9+OW*&fMqB!juqC2!117q)?V1lu{%03lpGJJ7tz?lkK0|Is3 z>NjrhrP_vHF!^$SGaT@~?<*XR(K!++#Kz18aMcczPK zd%(N9CZG4;)FbJlj*3{B2I0;7xM4&EPCRVY=V?CSDZM*SsVaB0^V^cn_KgkG-!)C6 zT^5LU{)MPpc}c(e-~Zv&?t7L6Yqr;BdEx8^Uo`vIFr)YY_oY(q#>07j2V(&L!~I5~U_2s8TUqBa#vWs^fjs@A?8H((F=lJxBf-9 zmR)zaPgQb|vu`x$M)c-XSaM4%brCHOGaikuMwl(9vjMz6TCnA(sr*I9w135iAmNn? zPX>Y%6_%#}CG^#Fe)xn7-nWK^(!euG`3vVDY!CAecj3ZK?-Io4!b$fXXz_;ds?2R7s7a7pYe;A{$@qT->_$4Tj`pyv^azvp z6y@V#hH^20HXOlj8!S)2MlR7`e4!U!g&x3(*H#3J`7KKeItzxlGm0_(QM>RT*S{7J z0^0g_OXkoubinIV-*}HnU<#e_q|v*Nhi-4}he_{4dZ_y)>0e|cb0Qx;h`@?97#Df_ zP+>vO(~U~f&*+jb`?(yrS|wxhNrZjRcM@#y+i9GS{`%yCaGgU(*6{u01ZslP2Y@8R zaoEw5_cL$_G<^cDQ-~d)R-ajx4<=oc-rtl_y;XVohmzj0jZNCR>}Q)lu_e?7*5z$U*NzTq zU6;fU=fmguXQE@~{BVzLKFn1yYp*jXa0fbU+>xYv_+kNUP4%BZia&EG4%*C7E0U8o zL32S1H9vSYbiag|9AT01>qiP-LTIS+_9;ej+WN-eAAk%1?r}atH<&uOL5)n5G)T?) z-2mfq)8X&n3;{>vo>G4BY-v=z$tAZr!2og1ypLR7n0ci9gD5t(D(zQd$8tL}%#5qF zoGZ2rFGT=?BK*KF&E66XI_SEn;l;yqO8(N9S=51zB40DdPoUY4r=~f+_^4T=orH9^ z6oc7#WjVv*6u0MhsAuI>hqCS&>;1bigX&L8O=rD`~s>RZD2N#6z{-7Ea#l0&rRYY?9O%^p@*O{gYwq-O7Nd#IdCVv!X@ z{+z_So~*1+=zie(p=J+jWfZDL*51ddua1WwdHoMcVUgj8gRoGVRy}VAVXlOMhkMRC z-V4U`L$p>dff!}T|GPka*e?z&-&28v zTE2uUOF*Lg)vw$ZeP0ff>$iq-GTM&VIo_ zBwA>0n0-A52v_o-UIVj}5hra8b*qF+Jdt6DEC2Fosq2WhK zN;;iNz-xbyl1X&mix_i)QTqNDh6%q-cyV*S);4c*yo!V*=)T zO~Wk#TGXwg{P4Q-AXDd>YLM91n?uJn7sj|h;V?fua&pG-vhe*>zQdIPzwhq;tv#^e zjaHV?x0*;?@37HM@~~m2->!c*U6PzOs5TTjX^dLsB%ho*To9cbR4T5XffgpI4cS?6 zcw{|u?m2Q>1mEW3c~OyJbvcl;!U%N=mFF=JiV|oJxM2`)?2F~4nO<|~dln!F!sdn(0g24YTo>G3%j0U<@%CZ^61zA7S*^pNF3i=yaMLGz zJ+hvMru}l{yh{2ldOv$h&%Sw6QKX`T7jgxv?hxF(gEIcP2t~K)GVfg)-|J51l~8xS zv;B>?Wg0mxWlDiXX=y;3x>y$C-e2Cedg+idk}ioPx-%)sjMv%bv%j_f&S1Edruq1??4x}qVKDl> zl(szfg6|^hT?e|-DsZ21&~xTYB+8tDGN1O2*U4Aoetwcjo$4EFKKPX+-?)Vt=mqc~ zJ(ZKQ55P8`uD%9Szbim{IUBM$t|hZ|6B&v2^XJb3Su-lECokyu<|(`)f=zk8u&~g~ zq8s=iYUJ=aBsJPl8i~@_OL>0yS~q~oGbD#SL6PCL#GHOyT$~C1Z;ps@{hM3+h!Aj} z1li+;{=&Bt%zo*ej~%Zt5|h~YXuS`B0k-8=QHqptJeY{E^TB#kCvTJ9IT1q^gS7P! zVw5rPrGF)-4H#{TV3noyQBPZEGMHv!IgM{R>%1W{VQWoPPX?>XAH}?ThqlA4h zg>SE!+^6_$TT69q+;;*o1x^N>>NYP#nN5&)nnj!G>z9@T(ylTd^;=rK$mfEAh64g+ zMKS3i+z$N9aUW90fm?(O-XM2@5Ib+X-#(o1W8)^XB$oz`Exf$!A%R_RpFe+Arg#dY zrcnRpuDPPo&&g7d$U-F;VS*wAM5-6I?i0)~kyBKIp-&CI6$E8J_9c^@p^?#x3QdJT zYTPM^0zGEi$Rfzrc@cnUEz&AN78Fq)S6k{x`4P0^i)^M}YCc5XW`uk!OHXeHH9H`e zWeheP24kQmPDrSEEht|v(QBhzx`~){S`2Q-Qj+F?-eb#DJcDI zxxfYX1syyBHZ(R6_EX)&Kk8fL0~^q1f@kFX2F`7?TMvD==#4P3_3ww+PXf!e7nydQ zbB6OLqEDbB9}A;PsB_XqdcElWnw=BV%)hltE{xbD+4iVXZq0hqqu^BNRF2B~qi~Lg zX5|OG_kglkOuupL(2yc6L0Ch%CNnp^5}8fb+D6ueQTG~!UlH#DdJhU zMMjQb#`bfybDQweMQ@#9@4&J>Mx1nO_j3m-K?oovE_b9#^&NfoVlL3G$t($r2)H=~ zIh@I`QDr#@T;3HpVr)1iYDtUqM^_)sLIHq9fk%Od2We~qBE3%G`#9p!*w5;nGHf^u z@tX9D_pM%NOu@^bW*^K#Ym8-h3=~iUTzqsxsDxN3nCeToW;5v_?%zUN@6BIV4fVT&c843tK{J+H6&3>Ihv;Z3j4=COV`Djb@{bJI?h7DFT3n`DtDSRTM2IxSVdp zH}!A(3C;O675KKy-IObl-Pe);?5lOVZhHs%@Vu}1V(MSPD{RcuDC}Ru&8^@r4sE*w z(Dypq?)O8a{F&x~qa6wy&s$-U|M2z?@^gs4>0zCoM|A@k0 zwnMQrSAxjMNUG6z5ombnNX%OA6T*wSe!8=6HBcGCu*~N40fqn854bkt$!_5Z6*W{BUN07J`((d1 zm{Su#N2llLAx?xHS=71E++uZ$&9siOtsm_T^f-)FzzSVy-`bxkzY5c^2$ZqZj$M5n zhHyaG8bwYhRe>WR@ZzTu8zlid2<%ur&p6ir6d}DDW(%VVsbE+VzFT*=dyu|dYUX!q zbxx|CKM&WW@7=X74M8CP9jvp^okUI~wtx)TEoq^yb{t9^&e!A$GnNnkB0}eZXydk7 zGuHIf2T+Lqk01N!YKu46w-MxwI!;9REHyQCcFPFL&}kYO{S-a9j|^2{Ao2nY7kc&+ zhiTP^wNnq+fB|6-t5*aX;b6%#H~uSpz!lr|WewG^~F_1czGab9{_j#0-K}y3= zP`*fL1RD-?knsq49U~A++euB?cymMGdnbdI(&%STqk?w1ttRGUIqLLb%4xjHLhAVE z09>Qzilq0=>h00Rt!oxNFw}nHU#Y-q2RWY(nzid&S` zEfd+$Hpza|=HC6P0*8thnSO>Cn;!ZX7>8c8%cc1r}}Rp;Xe!$KRLxk zkpxp4o_iJrlb;WN9$t6st^W(nv1km;zEV(7q`->IENVa*HCN+1lN5=M&RrSDzvDxn zf-{?D$d_pU8dw^M^>A%g+Vdc|-(QHwp5%n}mKLF+fcJ3YsH=rP)J#u~5-*%FMj7S3 z=OZ_uy2y6W0O|UAOJDCo?xa5}N7FdYYF?pyp$hI+eny|Ta>b_48>;sG6MEC(Gvq*% ziV<*tPFwqdE=%2M&2xdXG*yDF2nI@J8ZM>q^Y$n*p^;GIs(=&^Ooo>UkLBipM}q)? zB%N;OD6krO|u+yQ!J=p!ijm&BCv>$L>1! zESLTr9UVA`e~p#Q;1h7kMZkDx`Zh39rso?GjW_4kJx$GBXE=;6vK{% zv~&g`^gbvmTfGV;F|xh>A+yCcWV-v9$C^F*%~7vQg|97p@=A@Rsf~1-R5<5kF9n?i zOpWAyOuRYzi>Q0{U_JthU4{f=`TuC54NALrs1;(l+^0D4kPii$3}i!Vi!1ujJ;>0@d=y{v`;EQ}U};qiC~w zM-N=3%;nc|Jwv!hV%{}GDw~0g(`(GK=djqY8~I$|evaUvu@Jk-M-~U!6++f@?)oEe zernS3dK|c%|44?oD&3MCWYHL@bbs(3H)y=lns%fQ^wLec%Nq$;^5y2deUa|_Izp5A zbL^z>VyA~Hsj1q5kCwI;W_V8{d;K<-N@4tW=`ir$C^}c~pI{NgK^O-aPJ$}t96fF_ zvsVZ|yeong9ttnL3u*zz6~$?9>STNYp1w;uBSUSg)EjHdnSslT4OsD>%Ovp7PiWD` zb*b&vt+kRA*H$e-lEmqt#=q?u-8Yr1c94F@u9-m0$iQMS3nf;mvpXwOAV{TbAWLIi zbL%j%JRWH|3*Zd}?uQRW-dp>xuNu$NUTR9&n*&U~7vWWP?6K|8@UVB2nE-g6L#2jx z#?zqRSGVau47cTOWJrP0rsT^Pp?O9lbkQc>e_be+chlY(R(`v!MAAKXC(p~XLV=@` zB79*=p{da z`m(Gf$+%1LiEMpYi3-8u?KCgeJIcn*G_Sd+cZYQZ0|V#hbjO8JWUVcadk#2XlW)Hb z(R!>?%G?i$kedD|t5pi*Pw)D9c=&4*4tBuPd}*)Cmz@UD@?#WKg$eyi1`W=dRnVpy1w%xs~y4vMp`O}rkGY`42~%z7;t!w zaN(9|oQYM#sb5}hW`^Q=VBICwfAaMcE-;m;ih1pCid6HF9+b8ClHM~D98_J5(R@5l z`J-C$IFTRzeWecyL?0t~@#U1;Y8?4=z_9N!4pwL`GJgG@f8$Sx3a;r7+G+m{W6t92 zJh9LHkXK^Wb=oF`e}iB#?iWvBML_KEraG@8;m^7LWoeTP0&sscQK0!dfjGE>TA%aCG;fr`8cI%S{7o$cY<63e77+ldT@W+rA{y=CE8;#6dx?)QWEu0rs{=nn3#>;K#P8nJF z?wSkh*qpC+ZAWbrFTPJ1OU~E8;8~#e^V8GQ9Wo`b_~Z4{IK5t}Cj`*KfTs3WBq@K* zj}ST-x3RG?VqH`yJG7%G+6}`D%%{_HuUDnV4{X#Y)`|oG=L`)37SuHu&)-Bdgk2P<@OwDrpWp|&bTY$$`jiY zh0U_qtDY$+=8Z0piSzYkURuM1e*07}&A72wsZk(|f14HH-YG&?+h6~F2)spx=HNXv zh;TGL47B(^UITTwx@qs|@vP0&YmKKvq{OcF5!_Zg3ng_(m?%jmuaQAP6uJx&iQ^ZZ zUS0_lb?hyfVxPlg3OYXDbjj}vJ!ONr3;)AFSzXZu$|=9zC_ZWCP82A%MU&p5k{p1AyVRe?I@vEdN?^{TWxtfO~s4~od2lvy|`eh6c~=w@Ls!bIL>&OwK|wZqQ%+8sG3-|UH{|c zjh(PgQBHU6u-?xcYUx7Cs`t_RZd3-i-8gHi8}t8+U*v|m0H_O$hL>tr$y2qU(T>$V z>8YrDi>Df{J@Z;tKm#C__%vMlQ^#yIyR4%7loGi)fU7&+=$&47os@v@s1-7BkOva3$gsi^~qxop(l5$1`?8H z5P&ulgwIN9G4x)~%W()eL$tXfB;{w|hSv$I`-%CC(yfDxwQ>Os$En2Yx7QJ#n~aVn-)DaG|RB6$#SnA;A857u{v4{FZ*v)5GNbPzT0A z6V$aevj;3Y%=*|cN@p)9fOTyU=2}p?PMn^5zANmL9q1$3ZK) zT;qgjoNZ3b>g-Rqpi)M3PUrwiHy?Dx6Z6P!zWka>5{P#-a-W zHrOnFmNOH=_nBP4n@IR>x=uSPh6PjQ7ht_EAj?Io_L!!nKp8hUzQzmOb~F){kIwUH zx*qZ+Jcw{>|B&mKAwW$z;48zD_7s&GIJcF*Qcf-yqOJS<{`w~a`EWLA8*tt3a7X^Q zVaxR3_xO(Q3?pv~JRc%vx&Qrz- zHTP>fzu!_vLajhAo}{m4cxqNoP7VjB4-l|PEJ+zrJXFarA$8W)RQc#?=9ARcU5dc<9%#x z6(@?ou{f{Ijhz7kDE!Y#6NmX`izR1%EA*0GK8pZDWAURsOWyq z_HnT(*fVYAV&^tlIo0=p1CCR)1RAuoG>6dWI5D1 z<<`3|Uo2~2gzw5W-Apot3T2M=D3eh+$~L4p&CbNna?1#fRZmvT+_1VmQrVjJC4E28 zr&_oV7s}VberYw)tyjtl3%OYLRV4d$DP!w`iO5zRX;p}g`92Rl_HE2fwCAxB!59N7 zx10j)pZKHZ#gmS?WNW~Po~(jQ^9LyM%2UkxZ+4|Gp&9(M7#W~- z|06P@nvUi|_ViprAioY_Ge-aNSt>rB{UXyU)P4%l$`DoBUJ5%XR9AP}FOtp^5N34$ z?&K;q>J~(Jk>vb6w)$A#u6j?~gnz{#P8NM)>N;;mNsv&Sj^|yH_=dh!su$!IA9Hq1 zPqv@dB*DAz<{|Gbw8c!%vT0}65gYj7tlR4|*?uQ*a&Y`>v1mdt4Gn1@ooQ}ip;SU0 z^QELradTOb@5Y-yjSf2h)a~C=3Tqab{VK)hFsBlZUGF(E#cw$?2nvx}pxC*ghJojB zrwG_GzW-ol@UG?6)TggyC&?KZWxQW^d=74Ex5?eHLD2#$6?KkMy5WEU0Xt0cyFnv& z_d3({B+)Wz>BwTlbD0{lB;t77(Rb*vat(!W4W9a{69J{$m2pzx0lyH!LTF%)JV$EM z50cIe-o*5Hu`kGd+&iVM=hJi0{r+Ugpc#>Eb zol33OgMO?OBIc~+_(gU7|85LLK@H;o+YlY`yPJCyVbQ&6E zm9}D`Uek?e>Ym#i>in`34<+QzGg z**m4h2H}wSTx7DyNNGg-wLHW&$x`~9k9G56ZOvHs(1h_o((P6iP*s)t8gKP3JDjU4 zRV^2+Rku0mc-seIIj69BkeZ)Tw^Q0NHZ_&HXQ9m2j%5ky`iP6Lks3iF3KfSn&r?#f z3;ubL@cf4sVjzbX2prkGAcQ+07D^A$Hui#Podwn$V&oJYV`yGFSArQ~%txZ_=>DPtSrn&nJFY zmW&EbZt+*aRJ;y?C%d*IQGce5YPRf4>sxVk4Zw}_>r{R7DI9U_LUQZNp89^R1pJ#y zV}4t0tj^zR$ig?*<+Et;m=PW;S$O%}9lm;KDI}CVfXa*_CKztteu8gm62?W(9q=&J zO`}@yctlG;S83wT+|eKbZwBExIJggCV@)(t1GlK3m2&63=e);5ajuF>2CR} zn_B%YD9US^J0_X@{7^iGqsztpFwMvPT7pQGGtujSZBuLxxu-F`c(QiVT06=9y8k*~ zcQhP82~SQ>(TJn6{E$A7HT!`fIK<^c@SscwFDK046S)IDglV9G#d#$Ml+VE9gOz55+4JPqfz9P}%SCyb4Ql{jn7O5wUoCmbFJ~E)N`Wj^7;3^QXokIJg zHbir!6$Q>JvBhrbTy=#z);<&Dg(@Jb;z%VIqvtu_o^tB6wQCck!aQ#yL)HOprE0Jx zZN(n`yxJ2r)QTw0bAD`#V+kyf5fs^pN2cl2Lc43@RO95lXJq{B-{cBFrO??>bHPnZ zpn+lpa(Y=xi?!k8QH%biWBkn7BwH?L1z$DKH`^8%J6M>Koevpk8jYleq8`6Op7Nkc zq-#t@G4YZ)NzWrqF-uGQF;j8$_TJ(}v4}bF3QhcTc|wC%yFiEKW)&)Y(MYz_X|jGY z$hKXIOhOCgk=ch(`Imnd9@iv^^Q?CgxdjF*Ek@XH)_@k2@QBUcCL-tQ>H+amhQ6x2 zt}Dy7a?CC=_uQT z)%lc~EH#f}!~h`hix#Io;TX|Qv4ngM0jk&-nMvYz`xyaCOn$OAaTb~!#p-R-b zOhJGXB1UDFBmLeW7w(O&paMB(Dt zK(9l*kZ7kw-?e2Db6yk+`79ICHRQybhvv+dJ3{zo-sg8!1MW^@KGsh4+N1+)S$cBY zN2SQ6+J$C({#)(n!4HgX6p8pSeTA%TQg9XAV%1BQlHcm8I5#pb@tX9yt zp3ye)^xKNP&&ghX79^#5b)dvrcl+zJQAK8ZX}>S+7c9$mQSLZ(wD$ntf)>d5{V|l&Rf4!sRfB zzO#Dq-@jIywsy`L!Ha+7kd>SSiE!bytJG}y>MLP6#xv5lr>!P`*C|3u^u^CYWOejj zYs4`G!S+E2Lw%#Axrl)7GwbKVSKE?v&OU5&x{}Xk)ajR9<=tAB zwiXoF@$GMeXd~u-2w>W24Z*xb#~N$ly>Dwcb;lz>?Z!!Qj)@98@vP!bvkVT4iWw`y z`uh2$R@IjR%FWrMqjI9PvWa6WoF6c9I&c920XvN|#ml~Z-BnOQz*L5#p!BYvYFjE_ zsF)*s*3pMp3Fe4tH&`-ruz@Vv#_2({{z zZp8tRM*2v_5n4`%ZA8=lsc!5`++cqmwNKrmZr$;1-P;@Qc;#%WpX;30>I1vNwr~Sd zR2uCu_eftMqkF6zn@R$Ws+>q z%A%zGVYA_?8T>xUC+0SBhYM~Z?)6=-M>BiN(uHgeqw%JO#D#Y0u2ELVP^sdZ(46BN z=z*kAgZ1&Lyi|;RgHVV1qTfK3#c{3AAn|S_p^@*4)T6`ha20JpU^q(n8|)JrbXn@D zE>nYQWi<{1#;X1Gx!IpE7N7t!=LY)+0eH7PA)RS1$^q2DOm?dYgjU7VTc4Cb6#GrpmEhR+xk*sS_CEuu^u04A^^$A=xtz6 z28r8YfYu1k@G?v7OUAazv(QhXm%jy$p>tJhuHj!LJXR}s#?AQ(>i_J4xNYf^H&(-1!GPYyg+Pv{9dAbr~!TxwX#GgDbK2>CB=jt zoBD-H=-KYXV{0sn;(!4!2#UPz?c~_(tg;Up)PGlwKKXCUPly`T7|^yl*l6;4 zDjC~vaULceI0hT5+j0l z%lzf?f%c5Ulnv1IyO#gYZYO5>9%glI<%33%5$D;}7tOb;PUeT!exX!SJyqt1mhES1 zM56jK7xwI*u+8x1EBO=l+d#h4uL`~R@Kk(LV5upMB)7&Xjgsa;3*u`cW2h_Vobv7) z*Y9NWAoz3^1P+j4uj#ONG~;Nt_nA z=2(nt38Nhb2Mm1A9 zedyjTQYm&4U5B4Vx4tY`^8DH4j!_hm7#jB%pa;7nvo{3}7)rnU+Q1tegESD%trf{{Sr-`R z6B8`qV{T(1$(W{csk-w!@ieIU_{zgG!x2|XjDS$Ly^8JKa-=qb+Jl_*D?_lhSq%Hd zArQJccVtAHKx?63{3{3yv+(^MqSJu2phd?gdt0eR_IsZm%QBaYCZo9SOV{Yo(Fv64 zPg|Ca=Z_v+;h_8D}$l}Z8xf6fMzafq{{5@J^R_!DWZ*MZ< zZ0rsTMa#8aF`$W_^hh8IemS&<5WuC1iMIS+_KMVBrGYpZG%Flh z-^`!9PZJWNf*s0tbng))-8!@pYmS9cs@XT0^IAV=K#d5?gpVf~cKCLjRB`h)`c!o0 zw>@w1iLtEAacF3$Iw{Nf-r_x#VI^N-WI%kCC%MLB>8+q!jJukwE5X+5W8kDufNB}T z)AP${j>Zd;g~c!^v+YF6V(%-RA`#_yM#i;Q=7)iwkG$x?ac&UBIFcCV@BMLZX-j7 z=R^Kg>$4w`@`ytv)Xa5-9rfhLv60@_r@boeJ;ra-oEtkKZqK-F8U?ifoZwXb>F+d* z%Au_`!;}g=lq_Woke*PIG%r>u7|E)W{D&uo6nf&OBPe!vYX$=d4jKtLFaHo-pHoo5 z&0)@JwA|cu8$a7k-W_gjr@@c!EY!Z7MTy&q&5lNxUH$>e?tErzts-Tf>B(P}Db-nKzmr5w=wucFlszm&NQUNI;UJ~K<&ie% z^he1{>(>HPIk(rPej0mZsH;~DD0@Uiar-opp;jsfAZHvbzS=x}BFEdjeKmBetoG>0 zh(cLdEWHJ`zndmzUp^H)BQU07cu}k{e@VmR(0(>^D{iQKkitd*p(Yc5Bf2Y@Fo67o z)f)tS#3s8B$wp!FIP6&hq#b=@CSuC{Hit4gmOFx>MeOU$LaE^s62u5)%fbc0lpVWfwqNq(36X{-A!Ef=r{Ga zRa=+Z=zi2n#tbAu_d~a)oN{Z$iuCG0(&RpXL{IKRMUvTm6Qt_3FZ%4N&q2W_t~a$G zhlddLe0-2obdW9=8?aBSKCH{d8_j4Sg}M`9YBl?T?~=-g0x{K#&OZElf`ZSd<1I>~Lgag^DK-~6 zufSiTDX@3egp{B_$@x2h-1`ZmEZ(MjK2nc)XeoVK@t+i&@P1WAqP?_~b)BF9ZiR6U zl~X^@Te7GC{*`4Q>WdxGDJh^VN-A^ap2mf4GY*`UE#vO-BlEj%F|-o*B}c8jzR!S} zlz1vqftm3CV(Kp&s`~yeURXrw+H@n`jdZtwG}0j5-MIudQqnCA(%sz+Qc6g7NQbg% z?&be?o%@_Ozys!*dwye#&uHU^g6pNR-)eTS4lh!&x3#qON&Ox$PqT$deDfus8$lE}VrKg*489jiWWYpY}q|8~2&NmN-4F4cXLjzpEHyj|Sg z@oD{W8nRQDg3Zu*ch%QB)|TyWiA@9pJPTR{iX__={)EQQ#A{XmJj`^kJ1a1n?3{8| z03A-=zvl!<0gso>>s+7Q+f>=2w#m6koVuO(x*kK+%r7lzy{ITjLZM4|R(TI>n>)#K zkkmpbC7xGvcXi&s-osqzzm0e)oZxISn&Z3zgHrJiTl@+ruB~Q}5^52Ut|TjB8+7c| z!8myyt1a&#GU~&$ACJMOQ1zv?RUop=JoKO{s}=PM6&HB{nP`KYh_nN@QT0kZjZjB5W4WyCC&Fwy7(t-#-Ec-Seb#+=jEo54lP`wiB&NY zGc$tt@L`VWRQKh*26<<|R;<88g^&eT!L~l1at|fOwNf_)`h%r4N1#S=>l~GekOegy zkM*an8hN*n1`bAOa`+p}-|d~3Rh@vZNNY#5VF>5(;v96$=B$dB{9>Rx--02p+V%L) znqs&{^Kn#^0Ez4j||*s8tp1|2p#Af zx7KB3P!k?wZte)E($Js>t<;;Z-k)dsb<2H_a}|uN*C%fbNBG}1QSiS_2QgLsRY80S z@v(uEc@{u*EFZ41sfXBU8!x0d3)}HWyFqfRwTmp+PwH`)CrFsGc_aK_IywzP zvgS_JZ(V0v+e!UNf-#=Ed6#V)Rn0mKEifbmQ()#zLIhUZGW>ykY|A~Nw2C&G&|RXV zz;$lp+s_|IG^+#}vt1d+3*8|a+(gYRQG`T_W-|dILfQj6?hv;qUM_)ghXR_goCtaT zZ_@p)qaTvg;smu|*q;e1#rJ7DaK}q=-s7SudT*Q>@_Uw$C@KzKHVy2aeO&m6#om!5 z>j#uq_PKsNY)KwF;#k?%SKXx`Q#9dB?)O`(rJ(SKNzjU7#Ntt^>BN$UZ{64>dT-vm zdTM^Ys66#Z(Z-P0+PG|!W(aur&G@R{VI+#g!%=~Zx|{h@;S#HA5CxW3R{zFGsPWTi zDGz9#a}CX>l6<*9X4@Z8&waWMr`b1xT?a^vw2m9JrpnUEhhM4pH7F3OxBXKL{6Dkx zw>=br4V?vK;Og-0Vob{)8tF8&!?*bb%7=NXEVJL=GlY*r#Wt$RAjlR)0+c&T(-^Ml zSd^4D>Gw8|5H+KLJ}@P@RKlPet35EJWw)kaQP{D)7Tpil@FvHYXiZ-dFc-Zmr^G#Z z!Pfb17`DT(sbt`^Sol)%l>K~u9t*)2oA3bD4EB-Ru{DoGWOZUJx|nXM2epuOoxQcX z(sY!-WmZv=F#2_^n;fd=nSH224$|mrLh&)yXT{-Rm&;>e+2JcfV%CqAys?^PP-mJi z^8Bi7Y3#8zeotcsstlTwfR&Se`Pny&pG+}bnsl*8AgrLP`A;8PRQ|Y$dfuzfGm!@r z?An_4b<17qMG=VUa)QZrzbt?dj<}QmU^U-9k9^c; zy-F)oXMB5aY=9q4NGFGxttem@^!+AT!fcPegR9KV|GlzO$>Psw1}>Z*Bbs5Pc$9YD z*7C@#-*`u$iM2p2XR?$+`^W++prh7b{7GOQIM9uso4gVmKJ|4@aoNJmqQrSeK|l+ckyt+nAueW{RvWOxD(|# za6RuQbMF#Xghm1)Tb_3VP2YxfdCK|T?ZPJDGtbH%|VD0a$bTgM6-rBAEq7P$uZC{hz z)g-Zcn*hd}4%9n=HokPAke)N5^f!xXZMdIU&85-D&NK9H7@%W#)d<4v=JP6eC=#ha zU54yL?TiYuPpkr@PI{zV=7|qE zkvgQfF0k{x2{rKju0Lk1KB@Wxm8F#&eK64bCbWt5C%kp_x290-|@?9gxf#!l26J%@9KnDe-W}C*^&z^Dr?G0nq*$M>rezYN5*Is z#8orrEIUKZAeo84iYX);g9LaATiD(^x?2gDV7{m@Fd35|ibw;=9Lih9k03Aqnk-W| zW3VerqVXBKZub1dmBqI0uYTW61F$=v9(0QFv$Gj_8*~j89x&JkGl*9m(8Za zr4F_vG5n}lmO}9~(TRWmE1`cQF6RH7ou!n54A63g8}OWwy|Jfm>UusYgVtIi_}v)mPfleR-vT(HBXrW|THon>vm+ zhv?Mqg-PDh4Ba;(9Ij`d*od$yjvrlAc;Vh$Mw&=#mHd~)$WcPqc;2up&Uk>V8G5nS zY#gTVbS!6Uqf3*NfFH%Xw7h+@#235WlyRTb@(Y&-3z_8f31|=ST44#(3dNQWfkWKZ z0FB&>2e#bt_6SSMrZ+=gM#CcqR8NaJYo86)F0a+XNE_{Ga3G{W05&*69Sfj82;9M( z(aQ)5Ak#BCR9uOoSDrGn7mj}PYg^&MXO8HE5f><{P9k4* zD|_eg54i%&V*l5!pwF}hZn>yTmkq|gA1$Wb?At+fpr(X3-J+{V7AKAxoc&lU-g`7Q z4WA6k;@!m{mvqyK;xz7O$H&LA1XlW#9_*Czv<8++0weR3JemFrCk1Y|FA?tbYXK*c zIv+b-%%ts;E`A?hjBFbvAa^xjoUJc(kOu=ei`sr_M%&01x|>Qxbl^kZC_3_UK0bd%4)|hJXJ__&SAz7azM7GrM)lEKlPlF8ca3A;S#4%LUL*qg z;ZM6(eH8gTF`B5dAn_ckj7b*D*2>Z#;-!EvN3X9~%%uPuBJ*%;{g#u(U2w zGx+7iy=MEeRI}=Ee2m(1kI~RLbUy8+vN4CFar3>{QGHmJ_ASeT?&vCr)f(DyCpLbb zBtlccoxzRjV_Ga*Y3!n%KAlmW?g73VOjg1xh7weg&R=phug``}0gsvYUL|`LRL}~F z%X=B}xo&QTYmf)DIQD;oNockQ+sK#M6m!(Qz5V$BAu7?aSlujCmw!KQt7Pg`2E6** zkm|}ttzCxM^Wpo$8^jrlI6cdEQ&Uq;_IXuU5V*e08f^0cPUc;0z~p)i{$Q&^?U|H) zD#b$gka7Xu>Qmz1qB}kHO~2tGV&DAWhA8Z>dd5yN`({}=IcKt*Q--AddBe4E1<5gvm7qaeUTO1dF-)x2Lct^d_ zYY2kB_pSA_A{iRib8)1J+OGa?>h6l{<7HguqhBdRjGD_x3=EtG@fvtlkhLRh^ZVB5 zI|wB*-dxJ~I(m!-@C&B&O_7U)VRr0e1)n~>W6)&O<~Pq3F!|^@HYD!!LTa0Lk3hjX zlH}l+H~D;ig>*2r+lRED+UB8mxZ2BDj%j@Xks6C0f~P@z?|XeU$UU^8`hcjqtgvf3!zWej;=Iy_1a-r51V z3~V^v-)S1-UaNf2P66XE)@1ee|3I=Nj5aG;FTu;(ZUdeBqU{E3O1DNPvSh* z3J`tB6P?P;0=JzQ1s{{KT#Xgq4x6fh7WcMc_7}r!ZwP~zs*t>}pXztI7DdG*Gx@n=mmLqq#djH5lEq-q_|r*-J@qY} zN}qUnGEldwc49Xxa@H5`EQ7>79^A3)~xyK@cP>GZLcDo z+?dpQ`|rSE!0?V9@6b2?iSFzg;45`En~nP8hrOkDH!Iue^lz#@kMn;ctcx%TJW6Q< zV^A%^k=$!QL}--CVZR{mK`u;$R618-14(??{KPK>csvYCPfCmy(!p~^e@0^){Y#12 z&41ukg7W0nPP{1A+O>1|erVuMflXD1zd*5gcQYj*z$XLb+Cqbrq8oz9$jEG8 z=uZMCVBw*0g>3V+v5LC&v-^Ens8p+LVJsvpRG2vQ_ivjyijlzX)~+7ac-8_4{HQdR z=cw+a%E1#E#_RL%SKCZVMK)C{vUC~!WPG&epkYPASfw6&NLn8C)dwc2CX4br2Rmdl zPOYBQ?h6z)gYN*i>5g8!rIpT?knW??(>DbM?&s@EQMnl_IOJ zR?4ttJ4IsZy@lU+XdhKgKMpd1Lb!|)>FSvP?Vy@~a922czzILXUE<9R2!g^!E(`eE z9`{X{ilNKf|E2N$wJvCoc_k@0Q6NTV=Wt=HJtI$OH96IOpX7GL{zXzEbpZ#utS5CU zy0`AU76(j(Dh(z2Z`>IfwSRwbI4T^V(KRBc%6;cYyQQO_hpw1Ti?=HwT{@wlq7v(h z1&aQm8r->b+?p^UyT1Zu0nSI7haV0L8yhDa?6{a-4#{5EtK;7W(B9K>JTQQrQYFTJ z<}lftRpQIIUO1xZB#N%aH}y$sJ}A|5TD1WA!O0=TLZjrh1_E{2;JeA20P4H6@bap7 zgqzptrL4p12ooJEhCvD=)8*)7dM9kS?))49C!^vyXo3+fs;UL8P=oBlxPl)|6H^o5 z>oz9u)7IWDLhrcPyGhZ|mC4b9|8%5MMaeoeS|5J;BlfMNA63A_$OsY!xv-AUnI3Q_ z25*$zkg9WCP{{gOa_s}vQeE6$ zgiZ{0e_vYq_?Fo7`jnZgAmY!O>GkC=n4MnizJ3`=s>Ro(J0+z4mz{qSLKl?Lw&`QP z#VhY#Y=D@kBD2*r{hITwBcJ9>Y+w@S-|VK1I_ppf#Jr_1qS0A#jjh7IE8^VD$0~2G z2_c+MHlIpNvTm<*RQ44Q<VWDAb!f*q{3llrz(Nt;AqV_&+4@#u^&b9s>nb@}S?cjIs6|O8rlWlDFAn zX5jsnFAfr=6p$E``D<`r8&AwcuNMB`!--*UYsg5tfSEEhUE11>Rw<8g37i1n*(}?N_ zZX-7rsuOWhcy~|}dh7EgI@WC?%phTIGIn(I-41X`l4Di|IvHA#8pUoRiT<)EVy3} z1#lTQC<46c*F4u92l9KtyOOF6zrO37QTXEg?5Wy{ld}^lb+326jCm@-1(DSdE^$2v zUTX^J;M0vi6YLxH*46rHbJwNkk0E<+{Xu&g-=Ex?)JJd`o)C(gz)PlfcJBz+utJp| zKu5cNJ+p@Ivb-3MUG9lNQyVwAUAixO@qE)9yJ_gO9_!d#b>}A%Kh0cIg|F|}riate5E zX?FsrPY=F-{?cfY%PzaFsUnT;GE8-!;N3xXQ4xvN|}IcBJ1Xs3^s3CZn|(jDLFG zoi>%z_Ts~ym{9l=PqYmM3{V7`rN1PeH)(m3>|C`~E_A??#W`J%{|J}! z)EVG?loi6Hl7pl#D}eZMaP)WhG*(}8H$V)^P#7FLs&FU*p99^21{ti_F(~;II=x^y zl-5whv?%C0h44#Li=J`uy?=kLqcCiXU-X`@yI1V)mxr}OR9irP>5A=bW=K5&YqFfG zD;?d}mj?&odF9M8*^_kNC-=`W#mGIUHm`2vC`6zl?fNNMertO*dfbQAL#_&Pv_2wF zvsmPQmsF=+0a#~1y9XdZk-q6T+;=05Y}!V8{5H9S0G(uvvE&qTi63}A+*eAArkS1N}^n*p-PuK!gHtKz}`Nr}YT_DyM4HJ`3 z)B4EvZuP!pvWji)`CybN@ZsK@*2AsTHy$?F+5)bOGe!J7r7mA8js$+D044l&WdC6{ zX0d=9HRQnp*F>7HwtKSis{cNZzp_rvDe$C%v8%G}I=rZ^!ULKLov-E4g+!@#mc z%M)t<@cZnnztiiOVF8j7S{WI#sG27UJYN}$#m9vQwR!9xnv;sntYn0QJ)lTH zGi_g1N&tDBYIFB4jCt2JAf|&JW8bNC?lPKewMdOqNTnfU zc-k;S{Kr>I(g&1;)-(^s>u}ickvFtK7$Wn!a8UEgTCCXpACK^1NrfW~(_gl>GkEw~ zqfty&`4MCx?;d8(R-s`)AO`T*%)Su|JkvElvr5|gQ%#6@2H#(=Wl4Nd z*5PkqhKiTKKlh7uqOU*B5czK&(St_5>_KrAG;o#*z;uSDm*=39F?2g_ynFa{X=#%! zkG}Jj+nLx@!2K$s%XqY3O%gckkbit9Z-W?i9h%HxNt~_7XN<|sce9hQ4B(m|46qtA4NLtUm@6uY7^GF%w) zvHYVbQseOyXkOZc&S@b3*bKjLb{`HH@Os=T^F?W~CX!B2=+o3gK|#x7 zis)_^_sXLZFG*S!Gi9fyB+KDk=<)u8DLHVpn|hu>@Zobq>Ibv@3H zbcik`ZUUUXL382Bz1fs<8S%@Yxz%1e-mV_ugmjZ9bEn)3_brtkIc!zd5q)o3QS9Dc zoZ80MMe5Kwj_WN%ixEf3hW&7Ia?%cP5xL)%%*&-hvCfNI;P}^xp#0Z~4Ba5U+|gaZ z;L>mTKp6_q@T|#(j>MnLaRI5}&|dKxE+nOSSp-emeP}ir??@lf^71!yiXT2%5 z`}xmz)AcvBD{0}O(Q!ZH?Mah`-Oj6MUCJGx8LCZ{)djX*ij|oysr?j74NF871K$(s zO(y#WLuJf`>XQvRwRgIb41%2hMQ_4rg{`$y^g6$2($b^E zMtDgVe9C^r{s_`eA2BDla{TWQIfG}d(DUbSe3SA02%0h zz93nFb!LWUmrtlUj;2_`J5B-4S%j%NCxwJQFvI40745{<`$@z`8Ms6Xp`}-JhEhQ#k}p_uurmWCx!jkQ7j6_YVTs#DYGY3 zt#r9YRCO&euiw}4LA(<~gai#?ww8G$FrDhp!9$7#oNi`W%t@@g0x^~dqf~+0$AwFy zLOtA{%ZYXJ?K#SYBvd~nj6oREpSiJjEyQyH(NzQyFV)T>gt#CwR4V^EQ~>-i{?D2m z<4xHgtPqE_FU1^LV(LEGC_8~EeHbjGZlf_xMKKOcy`pJ#Y{SzE zv98trJ$-bAOjq3S3UEw%cXywZco%smo-B^3FdZfPvLuF=;Y_jnDvY8VGBFxXkDa1M zWiqX~wU*lT#6%wGPWXIaCg*&%3h#JtQr-b1KZJG(hiLq?F(7@vsohP~e^k83DWdP5 z%D1VR`2}OE76cSa@;6k!hOLT(lfl0~I8|yHAC*q8L$da61@O2Rsn)J0A8(eLW47*iVp zu5=c*FFJ%6Nvf`OjsZn0ZM9m4(lQ{yNmoY)H$p4aB-s~9{?|kTKP9|;6Hn`S#=)WU zQAJC5^Samua5}7vi|Q$J%(L=x&lTgYU5YTL?&7OHLHEsHfrmc?8a2`3C}Mh5F8vh zVwHnLcu~Z^w7gWC#QFvo4Q`iFI7Le{G0(IXx*Wqx`O$J_(K2t)@afTUF-g9}42bGO z9VL!gCF2)seVA;0ZUu|0jD9EHG5O zEYb3oa$&Bbot;G?5-&+sR0psK==x)fh~T($2cn~$2i_TxLHIwoUGi*gSbGp^o{S~= zr)}*C0#6S^_;L0~zT%oob~eRFA`%jp=A*X@BUE`szRvn%ELEA=YeslO3-id!htQUi zIrH>uj5%Y2vM#3G&oGuvak63-96=-bnbJ{Q?29<;2GYm8?FeYzN8rW!U9X+@Zll0T zpqp3>nNn_jCo;HJzdJ>toMQyhkZ9ZE>w+gK%t1lDo%~*>742Q(KG^Zbcy3HSH&mOS z?!Azvy3%?hG}!;4S)#n;v!#>!YgUH7QvFzD%GrpP^IP4u{5P38og_38$&yo%>mjK7 zY1qW@5(?ErXQ~A_>dpIXrxmAhOStB2-B$I zd*YQ^Qf@8Uf%VBEhxUHNir5<<0qbrLR@?oyKb)M+Mu%^SWK^I@4%~nKH(~tmT{nl1 zlc06M8?*nVhbBJ$U7Lu-&;jAxH(v%%x7oh>Ltil(lDs?v@M}hvgk#0}!9?yPp)y9M z6F}tN@jp5_(W=Tkbl|(Y(0hN3HKXBL^CH-SG@cjIzFr5 zky|z%$z^gR$k}>&HdR@~_jyMj6{*OXZ&fiOxWtSAZ z6?y676^gYz#6B3<*ouH7YPg+BEKykUPsh%^i+C8Brm22zM@e5C>8bP7s3#5f>s|XFl!kAaytHW|=VLxJ=Fm1jsbmXB!#XO-Mx|f2J4WZR66wb0 zRBPfRyWLWWKJRLu|1_Rxy-yXVOqKa%m}-MCE3h-CxE)5K-O5y{eruqQAzB9VM#2&> zf3z>4<_CG1=~GiClBmV;uF5jb0JEB~On>6^1}e!y%YuHxBR@k3$DmdkS-Fa+0kQ;} zL(ZS6|5ft;3%$Wor+*N0l^L0-huYyyS_V3jcLsEN;6&LHeN{oAq@Iyq&0@@eusZG> zl3uDbF`HmN-Ujdr3ePoedEqM{$+XH6dD{A^X6qBW?Cni9J_vt?;54|-pzZ?0h~TO{jbAE@$>VnBPgBUh~?RPx#P(c*_`0d{_p ztZpz)_-4jB#Rp}eKQ`bz?ml3uvt&ThYjsf*SZ%q z;2Rn?&QCTyM-e=ZX}gcM_=Lo6&A)e?m*02Z{29Ii(@3)VM$Su!<5HaqehfwRFk+rP z@J#>wS^15#w0W%% zkNfBrZ?x4rHY(hhl3wrM{VCOhd;tox7#?Y8xT`-awumcqP&=;_F4dQq07@IpooxSt zRp{LE{BM*5R@Suitkt;8pROwO`342E(Xy>5+ZSz)iT@Up|Nmvcq&0*JJEnwUqY)c; zGf??!^{1ha;kfRPy3@tLG%c2b}8 zSK_HwG6mc$Llor>BS--v+=^y#mQ!?y1@E>;!`E_E$=i2bDmID4E)+@P2aDH9zY1S9 zUwXGZh;S!L@DOXp;=%8pZi7lBJc>KugnDGp)X`4}S|H~%aQp{57*2%&cfo*)d`M#| zW&=DU$vj+H{ssfNEma7o#?nMY1Txm#4PVQq>)7rRF(T~NnOOxSG4|yY z4sWwyX9J6Fs5hJJMYU;q(x8Q7zo^R#Vj^RtNWwVG*VwY*`OCz;>Fdq;J;p{d2+&@B zziMrZ!X8zzI}m_f_xCoH?z}Th4idu?@$E2Ws-!}3r3BknP1=a;uo^N&fvNH$i6^Nf zlI^fnvJ|4B#Dr3dg_w&waA)EMw*-!wmrR1dz%SofjM*JLv$S%^kkW6+i#y$_nKDJb8b zDy19l1POo^&dv4ZZWf|d?-l-v9{7i1e|GPhq+}Q!%7gahYXLAbwtRPwoA!y>HLa-7 z;BZmb$5|5A4@MW4r``FD!dMlPK?xy99W@0@5c)H*KaUGD^Z5O1BC9u})CA7Mm5(E= zcpK@+BAiMiyOH3=gzcjzT)2$3vUHpTh#&^1GD+ujFu3x+bIHQqyK{mH*4%Ll8Q}e# z+Px*JBF|cc6-#6t8D_GGk;3&FHwpvg^>{$j>isK{^}Dqr zkVF12tHSxGp%6rT%pD%1j-<8!*p#KO|F8Vnq7c^Fl*{O(*aTf|7N6WLE%zd&ssTf0 zt`_xiir-YYL;0Mzm8Sh@YdpkH5~M^ml?%tV(cv$iuI#x{NCV3TF?>?6f^boqMFZn? zBq_%JYO>Q5XNR+A7}_t`y9+tfE^9CFk1ZLEO3biny~%Z5(D9D-x{NS4wtewwY|i>dTFEEHYtl%5Gd&eQN!)DwQAPLD zv@&Ju^^PyY4r+~kIi=e$>von@UJr@XH(yFKGIK8c5AUSj5x){hC5b+Kr$`cC%z=y1 zNqKBdox2Rjm>~w3R>rS`{pbIyS*(LQfO~Np&m7aO7uu{?{L?m9KkW3!a$x-pBD(o> z&4&;It`NNyhMmh1m*j00sywJ;Ie{yN;#%1RA=8DrCgzXPk4b0-3wC>grDAg?R@{qs zpUIMs0fZi*C=89%nz z)vC6m!0X8GUi6h;-E8=&E$+=4yo*quaDiX!sC=c`KkLZbO)YyW@v`N~xfz>ZjvoJ? zU^wumz8?6sxc()>X(>9#X{&T9bY@A1RgaKRi7=2sY<@i8je?df-74A@<4l*Q)1ifFg{9IW}E*0G%jmcs4+3 zI}-XSMhJ{KO!oCe3;2dk`$M5h(SxF?mX_9TIvg;O3svYchvn>SC;Dyqe(p}PGsqmE zn&%^K1Cj8H28uLeFaDWAlmBz*&ZZv*DWa2D@={Ee>ZQw@d16WQ2i}q z`bAnaUgg6pE4Pn#H zMBVg+1hhOB8KJ2Vdq0$-wmhF2 zdFAAf8J4a>sd|dIWjX?VA@SC_!f)3YvYEU(w4`Svm?(4C*lw8z$BBLeM0D_$iz2@h z;lTv2M~>9`PJ=XOV*NiWMI!=5SLf;I){mMv@RE6LD4}ycBqX~}%Q@_7G07OCda+%y z>Vn`89HlRKn3WFdcu6Vw| z?0;vr?$`{l-bp4iHRnX+MKOM72Z4^SKcIai(dtV>b03Fh03ce8j#^1YMZ52@GNsyC zhJuufGlywwWtz&dwUmN>lCAWrq;jw#JliR}u+3M7VLykTUTDeGdn4QM;OO0kpO`NM zw(5o}huO4oeS~xKG)184gT5|EHVj6S_SP1>AK8%%4-K*xjg{wt*63prjaRWaF`3Nv zuJ}V{bd(|hYop#Z9sWg37kz~c=6J|FH&dVQRuV;gc*LhxF7ad6gPHuPxp&0K0qDG3 zuBX*4r-z@EW}~3gV-vru7cym`x4tMPm-@vs^j-hX!U^I3&O!}Yj2MY(@kg*dn|9(! zxCUkFRHeYVH|qh#7*~7KhmhZw{oR$Fm2|+-n!*jDippe9`uZd%`eHr@Q@*t>8((2Ci6sUgSvjf$(Y|OY z)&s8_i6l|02k z{I9oI5OKOU;dZ*Gh;#rwef3AzSd5w90+a;mROdvF-8OF;%}uPW;ifwHV}38PxZWm! zCHrT1Yp1Ascj!U6 z70pjBw2X6lfm(?qRX(7szl38q_eet$Yv2~`>xldmpq0|f zNg}reuB4|&+aBNdsBYzEVh9r33!3GbCr>YAs0OQ)vN*qk5g0VCUKs#~)nh)5W9p)? zOr>iuU6Sr&_&8&hvNpmY`z~8jY)T60E?q+_QDf{DlUc1o9pbF;%-h=TSdY?byhxA5Gyb>MfHHMS?pEng@=*Fv?hq(d zd*v~#k*>y~LwMjI%Yv=BAG2mGamcZqtz87!d%O1O6^Zb1$;NIU&ynvWGh%^FRa(V@ z^?~ZC^aep-B%+i+p$U`iyAspU)e{J`xx&Cz}D`W>18)4c3bw$q3PLp*x^NaUZzFxW) zhD_gQ6p6!#cd1KFYDDKB9&KyEAl<6VE5lQvtygHR%kkX%GhjLE6$rS$ME#8w+#4S0 zqwDh5M7JX8r&3oABhNO0%I^6e)G1KTb20=5wHyUbX=3oJ>|9>*jqy72&qw1FTU}g6 zye9ocGJIgJdm{x2yQZ!2Ge$J>WsH^|IU&FRUI*8gCF)1 z+v*m(K!pkN>C_14l>ryhsHlcnU;+-@j@$TS4Z#|o&Y1OZ>GAsfm`vLu@+%TQ`3kOx zfs$$+`h~J*J_TwuvZ8h)$-D{CuVCehUtD_@39jDbSid}nRiOnpHZ_>~`*+ZV3{v4L zq)mhN_uXl~`jHpGQ0@r=+r(jJQj~J6SbYK5sxNiEZDn5%Q1zLVf++KXqM$N{{ClcD zzq#EeL9mQ-DsMe`_%HH5=$cNccBS!gs(E_Tx=PCodo0PtD$-r5Z%Q&fL1}+)*qYl5 z)(HscZjtf|TgGS!t88vZE=XiNUYdEi+DNQm;1=tk>1vhkm~$l1RsG6FW3Y66c{$3Q ztMu*!thNq;%&?f{Q@K7!hqpgM?4(NWD}fvZ5Hs9l)vC06j}AJ$f#{+9F`_K?9S(u? zVS;YXFZCb^SFYO&jdir7ot<{-J>z;J?;6i}9*ledxT&536%)z^gy~`J;qCTFApx9( z9|YV>e@Dd}bSEE01Rlna&j_V-C7 zd(N9MwT5SqrsuIG#aqc7w2T>|gs9#Wr`o6W&KVY(n<4YIs4^T}br=Pw)ezm$W+mhr z?V25^{ksiWL*2~(^5~l2#saXSOAHv(m5S(&QsWF)S67+W+P_jP1ZpS03GryWt6f2UQ~N-^}DS`Hr$aeQVG%R*;i5j;5KghZq%yzxK2pj`3VSKhh&P&k#~ zANCk9AziRb;IBU;kE_^AJ6DylM`CE5-LHI^@|r`0J&$#q zO;V0t(ZJ}#q>aE-!o<6QElxa1AA5f#*DWT&bY>h!rHs3mEEq>3gyPfu#bP+ou))O{AhF!%J`KbT$WJE#V&0N+ zt;&)A{8@i+eC(V$$_P;nyPvynTY3yl(w1x-zbv17*BLLxh@b>f>W9>`yduVvQN1>? zoUaTE4v|J0AO6gPmMXYT9Q{d`B2Tr->@DTkBI%=A=U5BT06DhUS#6QmF(+7_4PO<)dp?z3 zj)9?z^S$fj^H+k{y+x2$u_rMG3tOZHIxME%G@&8)Lh+OO;e+trm!*&fp0Ic&*^Zjb zA_8@FNqL3ruGZU36pgZs{!jPKNamoVxi==r zzIL9m{GaCbt-JWRtyY7z)$_}{zqc#_otaZViWT^OigV=V!;K73-d63ax_(SGH!kqr zE9B|AoJRKF(^zOdN}kTm)+y`zjDU8${PXa1{m9xW!pw4JXk!xT`qa_us4|x{d=qQs zK7K z+}sI+WT&pVxQ?s-94dsLCt4JweQNf_$`S^;m#eE3mmpEOt2nX9F8-!7HRiRVY}{$x zu!l`JvwWe?ChLudCp)l@DzIKop8hImU?Xeb_OxwTvQePGFW4p)v|U~JaWTeq#m7L8 z0~h!ffVa?vWX;7Xx8(WU)9Dx{O_PKyK2#S`dD-eOCn-HHXdZC6c5qO_R33Q3%)>G+ z+h_P>)%|toNu=K!w(MESkZ6Fv^~FE+{%PIc;#F-Cf13~$(~70w_Ipu|DgH$hSsM8(4!#T(i2u!>5F`*7X=Y=g?n#SJjp7KTj{>|^f8?qGvEvfM zI&jTl$6N9Pj8@C{e=rI3Da$JTD~?LKOe?n;sr$Gq!Bh9P)Cy_6@v<)7ms&DA!oCVR zn6xvlKgpRo<=2Whg{qFpR0mHUCEd+PTXP>-_mfz)5Qqm zM@wQWHhf6*=gyTNL7rV&$v6doB+>JJaZlQ9P^(1Yx81gkH1lG%*)$FoTB8D(@BmB?HLVjqPS>`@tW5*1=5mEsY<^Fg=5GZ<@EIpS{a!o>!7qAM<%|4 z+K>XD06y|I_H{JJDc@w3foItf_P zxYtAd=Cbj_@G#IM_A^sL;}#lb4i5W3;`l6ScU!C7)d`)Y(_Dt|E52H&N=N!nS_sH4 z$g}#W7x=dsA=&AyG1^}95K{XE=Ka}lF$FBh2?8`E#Q(5NLvjR$ogEe3c*((EGeQ{JX#+`~3b?O1DB4dcl3UC6{?kH-B6IUz-0q*8d(k1gV)`L#Mopy4b(l zRSp&A?bDTrnGmuGL87!FaMwUWGJh2VS)Wl?&VEH1T{(dI4agV|1e*@Ywu*Zs-mcAt z(veW6n$RjbuPcOxS1nL<@iQw2`HmsI5Ge&{;Of^#lu$({9E95L)psI2fo+;Kc(c~rn>7q8K9vV5Ov#f{CMl<#5z*g!){yF-26#3160}gVD7Oz* zw$Fq;z89(FJ{;}Gq=Skg8{tL($*w}@y^_RHLdlN)XkP_I`BhKw<C?LQ++2YUd2dNM0ryv*Exax zXYxxKLFmL_*-)jx_*_70Dg%Rk=&%wqK1C1haDSOfRdsIr^V`es8^|C;4V$Rms6BJxZD7fJ6}{W1MNYb5zad5sVzfn50)~QtS$1-?Zhpo0Q zXP%X}Op6p|s`e!T*TNN~i~IA~(*wQHUri2`bmq+Mz4z8vHZ*w6a$v;~-wP;8dwg(w zwVO1e8^y@F@lCS}WXSDAfwIujRC=6R6zyM|P78by1tCxfKjlAVmJFf_h2Qtu+FA=p zHU>u+E2ywr>hyK+bN-LhCw%7*8>CL9BPH>SMIE3)4 zLrIR4@Um6N-Lh`x!4xN}*Mo{uih4c|lJL3>yU+$UmT>9r?5uXNU}|b=CC6Kgz2TfW z)EWTY)j%+2$z? zkf|?Pj!6p4MSgvuWG%lf2lEl*noMx=#B=GyL`+X|= zhxI!>o28P#^sUpPclL0j)@PW2VeKEmuX*CmvE{O&OsvGOI2MrNy*Gree*Ln|Q%l0V zvG`Skf}|iJ{&X8H{y46>Xt!z56N_k9l!usLO6oZ6 zAuOD8brlRRt;)!HT(n`q0t?@>x|SiK9gjKrEcSJ2hQ-ez7L%*t-4!~_EI6vc8`JTE zTKnh~=PgOw2rNvd*xj2imo@g@QdLFEu!1ZXPrDf6Nv$a#h;#Pj39Y0A(yNyBXu*MmG)BHm$D{N<+B+e^Rgp}Rw@v7bBbAQuPMnE&tjL~eFA z4(j+3W@8ofJnn23(#Vov%uvJOeVMuJ2DW5pN%DpC4ovv`&e`@&#d$cU6w_3S(ewlk zIRjf95;Pe07o(KuoDc+m<@t{X2G9a2p+0Ysp4j+fyaw5wC30ei!{nP3xKWtwVY)Pk zUmsLHk@L1YyZR-0&n&o$@;}_KR=8DB6wOuFvdE6e(0z3k3vndqvSCth_|xZ=a8UD` zfLGHfh4o3{C=ty|ba|GnOt?WeGi~OYz*Qm9QOyP+MF&5MSp+mPc zuw$X$(C|4+)EnvSWiu^t1+#MF(F~1DVL`#PufNDvZNsf3c?6VBj#;nX8#`O2k*1qC zqsr+LqAJ8LZw@!3-}>OKb=ioz!!h9N4?FoNt@+hhw+hX^am2jeoSD4uqThWpeT|~8 z)dQ=GBUpYW@vviQ>@9T=GL;|@L2++zbs4Qhm+=%_iXq@?#f8kAK#JrACm$aCE*`+8 zTJNzVma>c|oaU$vx2c`%b8zFa3U{~;zVGeUpT{xE)+fW52Hu)bUS^C^CD1Y3iv8!9 z1J*>T>Ej2}P+=^0RB(S!7I2=wlk;QFYdB8|cbabienoQtC+pt608 zxBi1UcoQQSAw_S1#>%3~L0kCp0EIdOvt&GtK;k&wG54@3NSf$)8J#G06oP8#cjsIE z*b?J|fI241Cj`Jg(HMOLDO)K=w&j?AC6CY8QtIMAnKD}Q7m2++J*~hNu z=13fefBCMpR}dMsfkV#g>{haJnULH)L&PD`hK7{x?&vRln`5Jm`{!@Q*vz%sDP2?= z$rx@R9v%XqY!VkYw;F1zZmZb7i=xf?1p2$BC6cbT6+m&@_rjUbdaHG_a-``3ml;qZ zdc7cWtpB%Gsbl&ttq{ku4h+5A&A3lh?NAj;}Vhg~qnBx{OwzRZlIQV_@ zV$Y7sHDd-rS5_8)r3@s->B-RuJN z!184U)TDEtwc8ku?Aq~`{vcFruS$q}g5fh$R=Qf_#j5w%6SZQ54X5_z5xj1Toti5L zBX87x<*g431xpr{nT2ZMNvEkOp&PUb%umFLf|rlp^NA^oz`q85>I`sYrSSk1hnEVr zm@pbwYV{dAW7b6jGIa>i62%kJKy*v|?tKFkCV*SLKvXZnWz#)4sN>0ezdNbIq_l_4QfX5y3n!!k*vn zKk)MnkYHn``qCNC`<8Cwc(_vOgMF-TkHu%Z!$n72^uNBg^5a zw+v;iZtjwIJEEs>=wW1p=QDXF?84Ck$Kh&zK2^r#`ou&wa(sdJs1rqZ5tobpU>-#T z?wZOUZgReHAxoNkuFS&%1TzwF3F7lQU3MWnoPiIk`s0*AvPaa%os32M#3F`xOM3cx z6xiQ&d;Q}5>velp&f7n1!S$Cz$OLKAu50qmx1=b0V|NH&naUIu@{JooMa9^Pnj#is zp)<>T<9-qzngFxvopp@%bJhtjq?Am z#fOZ_(qDV2&}FOiw7b48heBEvJE;N`+mpTo)#8HjGp_T^0;agGq3{JhS~7PnUL+X_ z@K~FT{B>})lXHC9R4?GW7wc(d?2A4Z0x3FUj7SdSH<}uFbYa_ryxG_)3Gzl!iR&<2 z#lrBE)RCVZZJ<{2Q~Xngi#8c~hNX9cxE-);uRCy}4WX}4)qSm;914d6oo~ng+~Qf; z*=er#Z_~gLXRdv0_+lzY#S=N_-*FfLY8TZTE>4(8h_9A?zqrGFssz?umc2sgs%!be z9*>Q(xx1f5L{`g>+r*_SGiGp5pqlCqw-!W%lHrx z(vH$fWz(ZW`k_UW=cw&MuVbYwEy>vjf1e@;5ykNmqJmvcK&0)ooF_#YS(90N$?zqA z5}nsg*p>mApTPR~_&6EVm%z`}g4F-|i8naPGpuq-685#|mi_UD!{CL|0>xgDW6=iX z!5=hmPufQVMNQgSBsn9xE+lsl+&vvSr;BoFHwnS*Tu|W@{8j6Oa5XRr2749IEI;**Tq9fyjCH{~u#%&N<zBM$dRauQnA%qRz7zknGxh|<)&A?Rd{d4#op*JbDjc`t&4wSjKri{r8OrYMO3 zr>Z69^&C&5h~G&M$ec3V?1t~MU-DgzUcZ~KxT_)Q`OGv6oZ(^Hd?7X#$K!s4r9T%~ z9{&9s#V`2Rwll9VvyFcVE?djRAtkshNKL5rJh4(Oyz8k)Mz?8r%9olI7YY3+ zRelK4**ajpzna9sOtPH3A7Bem+}Rn5K6gY-Eb7fsTkx0S$E*}RlPD-cBWZ%hWoWMR ztB#H^BeIhF&~R?E`4hjk47OJ`ruc+x)WqI$Ag~K{Aiw0RTdRS_X?kTViKgbJbJ+f_eE4Z zWbaX%b)-79e9FmN91<~TM*MW@?H~&~*iCra;%<#8cDGyA{5Vo2&&u@DK<+zUUWJ+3 z4-l3sY2JJ2Z!cRG&!2pmmpu7Yqy;fKI6UefR<6$Y%~z zwq;|$_1-JUJ$+SI+j9)`R<=X0duekfQhWe&BbE``zi$*;6@p{Wlf}_PYjav#6<;h~Bku~S_+4133SpOJb4komK+^z;@a{V6f|z53$EAsot4`dUb4=xoQQOw>%`5864^)vO&c+f95>N}{-IRkWu zik$QZdxsFO_sk8qGrxXrQZ0tp)d`+9=Ac!w;Fg4Rh3Y&575D;j2s#h$zW78){+@}& z^<)RRlR!YMFZdsFoXL&>>UfL@J^_I_1?K5Sz{hO7Mi)eUd2w)UBwNTqjONK;?K%-5 z2*+rQrXL<2+N}pndJXeFv^bmD{1gk$SBx7Z;o;$NTd1=K_LG1peVicG0MiCLYif`i zEUg2ipJM6!G0_!$i;wzzJOPEZTBaR&#vz@ULUDb$m)y2L{Rv$_Rfse$k~)-SsRl^= znGa)G8J*_&@jKs1qhT8SA3duE?5`w<&rC{Ll8s$l=6%OHcc;G13&nH{cv3dD{JGrc z`gGK9S#3)F9#dGigq|FqY2&~QN%@UvRDq7Igp)UqCC(ES)4=! zX8cnyxO=Qcvv#ULM#BUd?wj1t1ft#+$*B-7Ks@iyMNTEjPCh(g&{U$P z5CaZqAGVb3UB!Um(xYcxpoN>D9f1=JyuFZtZFXgKR=B!keFdW>`YS}^`pgT7c=>QB zi{-c7ZQD1%!zW34eO85HBAib5dIzvCtbSonTsM@>d`r)vg!8eNfGWCo<_tvL_U3v% zGMDm2K2b|0UyNtCn_$A+c&I;sypGqVts+E4w{LZI1A0zs9jK(GZFn+$yb!|UnqT2d z2sIlclFR=awK%Z;^#f0fF~wK{XEz*EGcw8tFU?y2{P{zWEsIWD>xu`GBOtnKZ!lBa zs0(Q?1Kb@iy{KHS7q=41q`K+`otBk2m>W4PEO+>uh(X3mK888fR%{P@w=2~;SR@cY z9*)9+sr?xwJEJzTNlF6Q3ig*`9YK6_2So_RiJ*f3I;gyQ`g&vX0YV@me6EDH!meYHZ0 z2>V?kp+TUBFOwg3*eW^LT6pqojum(}J2kr+l)B66ah+!I1Z-kYOq*>aD@Qc4hSCtC zd*9;nYB~`T5yhZeYKk$^n(674TCXus8PgUkV9QauVCPr;@0#nyfuS%!oh=cc~$k+8p;m zk-O~BHx$mTkz8^j|If*1C76(GTV)8((9b=sH$k9`t+PQ$cby@Gt(eN$){WS}3re@% zWN$=nv1qL5pRLMFg$~CFum3q=gth)Vo8x;u>}0VRK{vi*dK$MvcsepJe+h+woyFhI zsW@b|4wIKbciEk;^afDJfnGq#+rz7>pFyw;DpKDg?{IK5-L5unoIzB3CW*hqMaEYu zn0yuXpBO}NmS=z>^wmg@GY9{Eme3){lMXZB9$tFo$k5C&C&f$Jdv$fiumXL6Z#OnB zbY|55>7)>-U+)*A>MUg) zzk?OEViPLs;bKHEWS1$NWCc0+Q7Uv%-)=-jXdz9hkbGg9iyH0351r*SGhsBUIdIsF}3#=~#DwMkn(n2h?D!+&@dan(?%N1?GyYt~j z%F|#!xCi{v44!khMfY97f$LIstQyEhC~h4u77Ml9?O`|zk;#+DC(4(3z`aXy@c9S5HX#Xen;N0A?TL_3f&jTT_P5`QqT830WG zR#2cvwf^rE@j(^~uMl;GF4NHPQbGkqX_%^)Hg3!dsnS(gsr8KGat6ZY~1l8T+8w3KZg0GE`@V`&_cCFPk={^IaV_ zIIGhXg4GUxVxo%J_$3f9qm59g3-MI9N<12Zrt?D92WrNj+2+U+7+yoNpBQ@CDZ#M# zlITK8_{Aurb1DV=L7sfttkF^|x$UEh-+n_#!s_~ds80KaZSCV1^u`nBkT89^*U>xM zdrA&^r>O28#GV(fl=Vhy0sd`-Q|c66-`%?qsljLrdw;?RH*&kSu z^VY@O5BERF^oWyTiFuQH2}d;B?{}~HZ9b1s28WMn9p$2oSpSuqHdFtvum0?+TW%I@ zu%500*{OEm^OuHRYkw5zP$Npvyq-gzQg87~P;N)};)A`rR-h4d6RNa|FU&bz{&)~~q)3eR2jPBdDTB5*v z<1d2o;@XzvE@$A%yg+B&moQ(YUy2glxZG2&?KVwE!mJ6oBhLD6D~h8}I9pzardJ-F zyirko0_v`@{RGK;95<%f{5EDs3_K1b`S+gvS~+Z`K|QM!E1SeOa_#$N-kWq;f_r4=?&W#THRV<*8@aoOBq3Qen zmA0i!B0GIMjR@9vfw4stU8QVsmp7mtO91K|qMk>z0@A#lGJv?rHUOd2{m# z6+;;1qIyQy0LL=eLI3hH`3h9;i?y~bGr1b(esS>)ES-Xqq;LIKH)}=4h#$M%_tN8$ zs+t2_1d*uVHXk&HW=p0f;eZq)6ys0UsQzCuRjrvLU&eoPJgc_9%kx0s%o?D^!OHzU zxYw}+-)@fv=LODPk?hL3DwUSu3f-M1C7+Sk+K{vEf%Ki@;eO7If%R6;VG7|_+)3az z)1#QrBL%%|(wawrkp~t7yc~lDxhtd|Bcrx| z9-6)_ef!qhydCSa+#4r|_JrQwKkcanQs9Jc?U$q(5U1cStx>c5?dbFXYGH1`3WJ9* z)?=@40S#&Cyx{P{l})&B`x+}@TgwwDo$UogUJG0~%# z4@NABX_M1vwUG-^L5aP@7M51*W+SZv9|dd6HuqlOMT-$j*Dgvio!9%Un^34C&6I>z z`khg?h}oPgTRkaW|hjoD~#?} zrU)e2CQ=xnJV6<{K#|RIqmShWh#5<&HClOp-}eXcAWdt!Zs_9h;v%V1*6Wq6Ypx0e z>F%HV`R!^IAKcvBdWubgP!)fCZIhrJ@5V>_$j-kf&&tY5`=Z2C2-ElFya&oD%J9)P zkWF@@GR4KiLnpF@wYggsq>_KJSEPu~Ds;E7Q~A^3ZZX$$H<5IxH|+RBJU7AiR9UKy zVP;R`lx&N0xUE7{X!+D$%KG1;>%AwK5G)bA)eOfNiaCHApO zQr=eTa|n#{<08SR^6O+F$AW0&xHCW58e6@aS1nR=qxU3}WG$gY-}h#Ct-uBTHzM|b zPhEz0VRey^_O?oNpm=nE?ho)aGs61)uuDw;caO)B_5HQhAgopZoo5R5cQyT?9e#{+ zd-6Kpu8!{hVXXYr)nT+pReC*6v=60qr%L)n|4DbHwdZ;wg{?i|3bzajS0p5cv?*w1 z17C5F#&&M4hzRWb=$yfJYx%*`4ppZ zjEI*kZ{ZlXh?judt^uT5qOWTVI7NsnCbrhB{L{O9nw84!Xgbp+F{_xq8{+m{w!OgD zI*A>sASXZb{rCXA)N^N%UnwIE9Ef8&67MY^)ALZMwrTiWQAO-T}>44W~0IA z`Ino#@Q99@D_?%8R8YsiRjWEuAsx==KCD=w81z&I;H0F8J_O8x=8FAH8>o4cnF1{W zqbtze%*(Zhe(mG6`ziS5>>h60U2XkII`D_<;4leRND*oYGa;bz`z6wL+1h+Hf&Lu6 znqh0Lr&`ueZ4FRIHjY5-C1lR22!JjRV&;#rI z(HYJc11`(5wtJ&}n|fJo@wLZ&-_}~K|3dHiUHV$Pzxq$ETY$+# zzzg*D(_Q2f`7H0ZWw|;P^9@e@2>Dyt@+5b_1650e*zIt-j!<;~nSi~CpWnOhSh_o@ zeQ3L}%QB|t`)U6UzBjv*iy21|IcsBR@!O`TSF-CdRr3s2x_9f7XZ1oziwYt# zTIfwIO&9dF*7e*_Edn%I@NPa`p7XxB%svD8&MSZ7QTZYOC%wtX75zzELb2x(!fT~5 zEpSS}mNM(=7`N?e=0$ykI)sf)yF}3Il>YR(h1sU|@Ny=%hLJjv?_%atb_5gE&`)(L z;cy9BMv-URe4D6<`($1s@JV)&vxjejF5E$S_4TUd3!Yb#2!K{nO;`80Kl`bEY0Q9a zu8M0_lSLqH`J2+yGPu{dTVNn9v`;QPH>MyQZpO@IM)LJx4uG8$F=|m-!#oXqXK=w2m-%Biw|o zmUCb4*BzC3#lV?f2Y*s+tz6N=gCsEB2zJ?2=}sNzSFUxf-IC!)xgv44Ig=%GaD3Ix z=fi1@`I7JaLhKAY;Z7I$vUX={(#;uI0*Ncz0B1c7kre2U>pTuWAJ3K7Hdk#1Qpbmp zQS+O9%u_>r7gIFNK6hia_`DRSZouMtzWd$9KVl z-_$3wai@zYiPu#y2=|8CfFO4!2f)rg)0YTcy?+nJ%DGkszJI&4{LAMC$~F zdf>JN2~GGfZrND#DOi@g`Zj1L>EbH_d1!&iF(4jaY&$~hV=4YxKB>?uBEAU`b9==NN) z<>43l{D|qig2Hm`Obm#|_+ zdrn4~Q`clIlfxUXl&KjT5CYj&i@zo9fE3Ig4kKO54Tm76({b?cn{!1RE zIw{eObFL!MD##n67EkIAb>;_`Qc|a@YVe6{@E_9Ge4mPaawjWPs%(HGf8&rCs*_kP zOHWVlDvfz2-h>rjC>k1qFO}G)4Y&N)TvCcUAT)oYeFTmhAkNjo_X%Xr=6Ln+Lo1e{y) z>)shItH-O)FH%+{lN;!rGZ5jf<}wlv@nTN{G79;}-MOdag@ZV}hl95!^R0~Ya9L`4 z8b@Q}PP}J;o$^V!zW37&4SO&VT{jq5}$HVDd2eNmoRBO&-vGYu?BuO}ZBR|E*SiI-@1Yh7D%`ohSxu7#AmE=5xrli;! zZyY^DG99-+-tIWUGXpt+O;W$JIZCN)6+Bv+j4%k0q$U(w1vh#a33fWvKoavb#!7aW zOsjf5`EjK=$8p2e%tS)1$Ssywr#!J*gsR^sE3Los(+w@*j!RL(;4sz;EUCv$xZfxA zvon%qz!)>%`T0~lQXSm(hr+eL$x1vUE~y;B&tDYi`Eh|$Om1dVNEnL!j}Ja#eMD`a zD43LijCc9gHy3N8z(iHif_uHtzBB4>hbQCRC;<}n5-qpL42`fk(Kdl^I7>GtW` zF|)MbRK|;pNl2y!c$J=H&l3Q&Yi3wl)v3yG*kv|1gK_NaID>zc1{*3@iU^wK5$6Tz z-kOuR_-gC(_G|a|(DqN4`J|Lhz*BzME|iVz1(-IpAAf_dpC%gI{k*2d1)Op#d?SN( zrm@i}`XPPnm48}!AG)d9{2w3MQ}HJdppyl=4;7d-se*p{0#yA+e!mFruC*)Hr*~yP z{q`-aYSxw%DG2`-J4an^monUUvfqA3ec0@XJl2}fp=`L+IWmKAiB^X)M;g9w5|Hq* zY0lBw-ZwVc2q{{m3JQNC1O)d}8A`C>oJl}(8`(DP-?v{48MJtrBR-x}wP{18`Ih;) z#Y$15J7?U`ca$gYQFRQyReiIh`<1!*;KFsHWOCI0u(ETKUuo2zv-DVEAr7rbR+70_ zy`@oxc&q+4K{HKP%8%vTg7wqXat(TZfBH|rBL2nP{jUiE5hRl;vQkB=W$)%#&A#Wq zzgQ#=dQaw2RQ^L@4CSfq{00(@I8&U8?5YaAeY}&O2Bqpd_h2QV|j{Vb5U(2d*dY4_6YDJ3c z1cmDk_cw?Q?)O5=OGuEUwQv#Va>xx)bpP?P^6AxGa^;4$m~Zs-ET(W#g9zI!$$T;z@;Qcubf z3nkK3kCh<4^fcG#ig@_u@{JiEoense%;!a!Xx9S8u@HX!`V};r+$G`O#J}P*5FT?g zR@4=Vo3Pdk>-AlQS{G?~t9tL=_k`k^7^PW>bC!&K5FF6zvf2E?U6W5Ivg^J~b2&7F zV8K}D_^`}dz%&IZD`5>d94%B*Sf_fJ6~6-RhKY=A-skJ*wp$ph3kha+SOUUacMC?V zT|;VwV)yEW)tf%(VcgChJU0AVgiOZ*z`e2Al+)eWnjax(5N{&kZ8p#M$r$KyrRdBG zvm4>4-boY39rxj$=QIZTmI6l3w_kQ=O9S;8qeAu7pzI8)m3x`(I%TNFYV2>OzAyXY zH8|U$12@+K$2?-bPj{5YfRLDM4JUdNTy!2J`{fc7yY9Y0hI)Xr=fiJIMkY1S-Ro(k#V4VGczw4Fw4f9U$n=r&^%e#=l%<+@N8X=E9*>U_j>jG^_7Cr4Cv71w z{*busZEvUySbSCCJ$}4ZPUaF#?J$jIYy1;1>wZ40?xIrqJ|#nG9lSM~`aAV2qlb%c zI**CSC%aj|6EZkj&Ox4bwg?|;ge!ThOi!#F<4=_aKxbI05kjN1D?FmdG;T!*Q}oDM zD8_GlJYfH{6D)8NYdIP=p7&f=dcv;0YjElbh&fc%%G=;ur~DupFmDx69I-f|di*K5 z++xtNtdHhk#JPFcls@O_Lg8jlbt`^8?D&5Fh3np8HBz(V4; zq9%6oE<@8F>6Pq9n&)iU6-qA0wy-Fxe5}rZ4uwDoo zC2J!k_>hf=Q5(O?LVnng*LLzYM~D_{VutdZeva3$CVX?=$-|svdv|%%7OD^=aya6< zVVZXmFXN9enMyn>Kyf#`=JovXfQqESbxq_HW-WTaa!sgP5NNjC!3pg7m9bfz0EI>k z5v2l`#~yy0H1sAxOUXZO9uWE~ktZ&fZ;9`t4b$4guSS)_*6P@&0&u3l8}Dg<9ODe- z{j|}&KUsP_^LQni*fXWf zu_15N9$H^HgB{+V#A6g0mL?cW$s+)8T^nJ;xbF3S1Ldm6ukLvoo*9TD5`mUH*r zI~x4K7|uB)byRP&^DtWnvzV2ImCj#%NY(`;A360Iy^9QC(-uU)%7g3KuaQ_d)1EZ% zrMlp>1`C6P0xpK^6ZQU;?sK|S4_t=9Gg%b!LpSL^lFaW7bqT$+yZK83UWSIyw~Q~w z(c=#t=Qh=7833mnk$g#b-L33+S=Y$Z8>udL& zd}cMSS>GYuT2h3-OTxt{oiT@t%+SZ{dZRAjHafHCe#f%6$-hgz>d;{4&+UUp7U**E zK++=npO1IIEx+H1i^ z`ru-TRef$;NI>yXYBp@s4fG-F_>mX%jmgwL&0j(vj}^dF+QPlMA8QF1*5+S6&*(~x z$Gh6(Yza*^WNq|)sfxw3SD_dp#Z;9-y6koF1r3Q~Sj9G@{F9QvNbOFvR$@ zh2AWNh{HEZmnz4}&d=B{YbOr_PyRvz?_-gEUJ>haNMhh>R=_^N_=y6HBa9o3=VGzi}B)JX{!<)0bkOws|J03!DHyw|@Q!KU4ku~^^^*!Dj zi9|m>P>Dq$A7)86n#|1cxPCh7Nc*@sJw*So$SLwUm@=h%uHA*g=x#`}o{i(DuW}Z) zNsg_FqGCDBf>;^sd`0?P-5D9+*oZ$|82Mo{DJz7kWD987%rBqLmg&Erj+Fy`%k-?6 zE)%g+r7HA+q_=I6?aq~t{_w0m&c{23A4-KM!CAf(VxAmF1$vhmzuY*nAf=lakJphm zBwkHw_(9(+$IvQ${=bkT-p9lpl%%CCosqyea3#6^ec&@Q33A|$Dh;!J%=+KbnRp}@ zn?nT#OiFRClV~zexB3or$3TxgML2pe7qx(oO;&oRI^MF?P!aCm`p!NH&=(dhs<$(t z@k~%`g9-_z^Ka(~3{Lt%qy>Yd3;J3iLDPj@H#nhIIhFHK16UU{LweJ<qzImi8eQQ07jL=zgox30&I)8FBf2O?{@04Uh=1>VEmOhY*7 z?SpTBmMrF$bv$sJ@pw*XQeB2(yr{p7gDG7y^N1|RR4&j^ZTAznBjVg>fAGOtAM8&S zT_1zr#Ov6vZaN`Gzi9}$9Ua+79EKm)IvDj+`5l7A*_V#yEd8$TLyrXo@>M#hHWHxG zuCY3k1{0{X-+(30Ex%svq&sW_Hs>f|>vb0p+5UZPYg+x?$uj@jF{Zb}#H3uD`AOSf z)m)Av9ohpO{NPBLe%2(9Giv}*x##b?4B|Jpu;Hs&Eca!b3A4ms$2Ipw$h9NSkEW&p z0e%7OrAXB5^g4Aii~lO&cffyncm$1^NSu_ax1#dchd-;WGB9=e&GVifiIu8;jI6IX zanI^O6Iw5?U$sV)CuT5f8fZ{9p+Y6Z;IR%cCB9(7tsMIz8d$&PC#+`5Ni%DECi?rg zsGNyKJ9TUfBkllKU{`qDTNyXE+si)%RaKMWj*gVxlS^eZr+}BuZvM$Fa0g~PCRe|C zEZ@C*m2bt^XCCYRqW!e^mWwB`qy477GFL;f5w6_YR#&-c_28AeYw(*v7CyP-7e+#Q ziH3R?{kUO%H_~1gtn7OyGFc48hPT|eio|@DiK*Xi&Jy&8i+CYuSK5KhgI;8h4_Joc z)yHUr$u$rOK(UXn2QLkqR&mPr&}n$9Q-0WU4lj9`2zK(!9Svzx_J#b}YwkkH^>F^T zbLAQ0fa<=hgE^(93+Fh-0t!3|d04LYNJkX>`XKwlb#{a)5z{CI0)i9PPvB=Lu->PzJ zDUT`4Js)8v6^KSJ;fjlh_)bV&z91Ro8f5G(9@T6OZCucOu3HN(kWp(_krX%6&KLY~lsAD}EC*Vg=yh>1H#9zVB82SY*eOweAaeHX zb|84v*!?x^@nWq#XusYjr16%FmMp4`wxAsAt&%@Cn_jl&BW4m4lBAk;tS+U8j z0u`%MVbXQYmq?)>-=Vn~^VA10)RlR1H;QGy-Zw%~FY@AxC|@XWT%Xx-{f!6m_Qy_X zgHPq>ZBU-#9Nl3(y4`WEJU&71&^i^%Fi*2GH>i)n|8Xdhm6jf!%3~=ZsCIfzaj{tR zZ(#T_5%?copstZi0E^1K*vT;|V-!#3-6*k<=E{9nj#z>RShF@aHy@PuzY@)JRh$~`bYe3?W|<( z+Z9p!SyQ?p#ZkW7)mNWYV`uKjY}ARp*x;mNvAg<@AX?Mve)y)0dCfP)E=&=0`@>k)K^Xp7BcKKSg@R)KaZhge z6*91cny2n`;?`(lVp$*2+Cmg?`(qdN?)LGV`wbk(_X%N|ge+^G(Tic#lc!fo({vB! z#>{f$9WSPnk=egtiS=AH{nuMWA^lfT5YxTLeg?bNc%hd|pDGh_QDrti!A!y%O{bVs zW5i^sl+~H;(E1Ycg$rX!)Yw=CW9wn<4H{n-xo znEH0wJV}7_>vWy9?=cFD67z~oU8}I$vp?Ici6JybVe5}KkKQ;`pT^ky&MFPMHa;OW z>f`3ey_~hq<3@o5WQWB4%rpi3IKtZ>hOwH>rS|8%z2;WV<`l^C!(Pt%m|=K8wzs{XVaqoeVs?#g zOYTJc>>mT@OmZ|fBo_KA-C|S1<&Uz)2!qWrBpAsY23@=Ag*eJRuwa6fBN^(vxuWM? zj(K0DO|oCmC3QcZI&kLd@SmJmDm8C9k|)+MbXkT~#Rm~3@fsDa&-v{de-Yvf6?+Kx zINq@Fnl9l2@}`_<2p65%;2PaHJ6sV`?O(sgc_t4k{cIj1Jf5@>>lp(Mcr(2oxwVp< zQ&MDTjLJ~4#Ay($M<5yaYA;1t*QXzM%ni;~h)Xq>*oWl|-sF$e=%d3}*vRHrU!roI zOdu0E9vMD;oNB-0YP;^X+v0vNkijStJu(prU3t3>$b2-I_JRwA=OC(3ef|AJWH$fxK{;4eVGI_A(_F1nqF-*FqQdZV{#Qm~B7kM&-w^VvD1h7xfAU7*yZvm@fEjmJ zb8L5%RQy+eH+Od}Vq%B2Hqng)t{+z*>gip`cQ%?O#@Pb_Fi|}{nZN&@-om%ov4A1- zhSK40Btmf@N{%59zETEy<5D82eN=!Sfq+){Rk=|+^!6~ldsOLp&>)-sVtV=h z#a%}GgCM2fPeO2+V(DrWOQ7l-vVv0H*V0v3NX|gM_s&NXig!1HLaDu4t9|YFfi^lR z%~4r?M>Xj{`^PVDQbEX?XG5q!ty+a6y^6fK?SKX~*xC>kZJ}g82dY}GJHO1{Jm&=Z z_o*5f=T2y%Z1pT1#dUsVYoyrS*?vQ#wXrpAVA{uo?;iU}zS7a3mV!YPw-4cuv) z8PdAC`X0C{s`S`Dp|)Fs>OT|wp&Drcn9&m zg6Vi3t+uK%*c^Oy%i&(Y@Ns;lX!@#Erib=O;B-1a=Cf_t5oK-JZ$l|_Sp*c{HXnFJ zL;r+C!fzj(ploP~n^+;wM-b%|Eh}$@uH8i5o@6p=TDyQ%jAzT67ArEpT+jp)f$LkwwCMVc4o& zfiY?@G;dyP*O1MKc~kk}j{Oek)jn*Pi=auDZQ8a(GuBF))8S*HVo^^^cpE^Ycqdz^ z9@0xxRo~3imGB=Ns37oPsv`Yl23tBPM->gWH8Wr=og0aF{FVlBKNOFt=N6nw2`8nX zc1Y&29P21cg)p1Zgs6(T4Gu?&d>TNEihzSbH&3TGx2s{3LZ?1^{ z8mP-N6-hL-ds#!G)imL5b8qh^`yUj5viRW%wUr2Cw{R#F%r?3@n!I-~(T&)tCjw?= z>9Ck~{Rho^pWWhnDZ~y)+QE9dRFzhVnUoq#u~pgdVU`*k>EbMjxZ7U5hcEY<{*SA# z3X5ue-`*-B4FZC6H%NC$cS=c0Ntbl4EzHo}-Hmh%jdXX%&>cgEl>c$>{re8S^EsGn z#k-z6pTta^1i60I()V`({V+uE6joCWN`HXg<+a=y~A#VEaM#@Tcwh?qzf>x|CrSLf5BOmezR&A=l4 zK5w7a=;I279{O2mpZ)CR61fh!W-MQ6>E%K#3^3phOM>k9;yrB|Lg*(qpWBn+G1`2DBQEp`2?4iLZ4 zpyCbzaiyhq)u9tze5KA$BE&K1>Jh(ht!rg&W!BQxJ~{%}Ni{^MAEU{YSD9*#7xJPh zy6$l!`r#rD4*h^$5^@lNN3+8_1saVZa|%ah<_~l8D+!dw8m(Ix5>#ZsCTn%3AtlT{ zjOKiW>Gco0R)5UjGlYJ>_FxhplHf&O?{N6IekaNs%gLcFL+e*K(tgs3aD?=eWp>kv ze#3@uv?6T3e$qUC=d!^sb9BKU**4zY!Md}ML{Z64(ghh;s;u~R#6`=jFBI2FC-V5$ zSk|bqIXl(dS8571ffwqQfSPVv^mCz8N_%R?;Cg{JY<;}L1%1uijfk5wa8O^@gN>&W zpMTY^goFk{Hp!GU9D-~HPk#s*fB*M0Y4wLhgrEM-lB(d)l9G}fR4_GKEPE&)BO)|U zxhivp8&z(dT!o%vinE<=gFuBEo?5>!P9{HTb!8xC0KWk8*-{lbHIxMf1&cKp#dT;V zRqaLPDRU&RFD_dTg*MpIDESt`bH#2 z>duPSZ#HhJ<0*vk>kIKlsQ4bE8Ty&NT6>$&_di8l%Wy!r?3{EiEl! z7lR-c2MZF;`T^%P12(GM-*j8T(;ou|TU`!f&;E{G9r3;XJB)fXM^ z3YW(3(S^bVMhnecxPN!;_gEof{C6%1y3`sf^E*Zet)~$o#Mu8V+T81 z;ovJ5oL5`G;H2c3F(p3!(c3BZozeqX$69Utm~mJ=BKIEvP=4ATAo|eds_$2{nTV`p zDDU+^Z^fT_QY;+rz-S7;Fuu_v|C0B{D zUSPF3Zulcfc6d1B-gsWJ6e~cnU(A20$bs)Zr`Erl8||KL9TCTh-au` zEs7dAA{5F6gJxbxuY&Vm(SC9|-e&PR3i51q`xWGI+ENI|dccVqwL1HZH3zdxcX?DR z`e0dwP8~S9kuR(JA~!IO>9fWV&qXg``?&!&IWLuBxzkmmG1d^e-~AYKzoS1>~Bxm$Yl zLE!mU4Gef@?WpFAYrX#Ua>b`@@@65-APC&BTcBXECZwXx&8)fZu^*}*x@$>({PuVWNB7G4-H*OaaX|Z>*x#Yw+i(CL3FH!fS zEefWQZqGxe$i~fg5SG-Z!S^PC6d%k}<1wa1Rj3rLoxL5SU80)&Y>0q6hs^Fv);%?P z0@y7gwwz~pQuJ08>HiOJ;P0DPMRaEZND$jS@a?9(pI#B zWJDlQiJ73@Dw}L|ejGfg>J~$M5eRyXaUcNjb5iyw}S7bFO%( zStSVA7aeaSdQHWJywB8M-WsKYsg^PVM+(WOxkWgMJ=)0#mxn83DrU6L@q7i1)b9(1!X>|x!TA*T z`)9APNLId58%!Qaw|>@FYs-^sx4Va=BA1Kv=NC4ww}<1ilD$PnZzDCNdbjHTxoH3J zKg78IPNcg?IbP-O11Y+`V@S|b2e`xY#{@>YU?u8+=fzqJ@b|2_&t+O=RLWMrbLxdv z(uF95()|sadz>zc&F*E&Tv4sk3q$a>4P+@F$HvBD@X#2>8Qh6K^KV?UQ~roL7nW?m zKjlOYx>5_9{O$U~fe1b%lmi>JfF}vr(>jXZ!KYh_G@fYXUNDv=3cRIIFm^+<_w$o? zJt=3;T1s+c(1+2joHx5UeOg*a0j;mBG9`68ab>zY)^>I<}yyjPLEZCPw^lB)qREd-w_0| z1hHJgseuUo**hL2SsjW~DTY#6OlF>m2;NS&yk{juKkT6SQ)qYFwQF)A|IJH6WS;oS zI64)S(}gbs15V>)oL>IE@+6gVprU%z+nbxJhK4|Rl4Q7MDc!C$+edvs^J0qTbi1nR z$8pp02=F|Je9?Z0Y}{=B)8*UUBb?exaPTFH5@8F0Lpfqt3){|W68d(H+!78qHhKYl z5%(ArYp1J%bcOy%T81Y{5>K_u+sn!pDeessQ*UYjjDJufw)K@9+ZwbCE>oVjkyXMs zv9yI8L98cC33|e*W!K`x8EJaNYRSh>g8w^zjhlo1J7dI)1KF*7XwL)0m(fEPn-*z} z!BSm$5>>(_q-E4dtSqdi_I{*9M@I`QE8+#Z1cG8pD2KS#@vY4>k8e9~gzSHr=1Mu* zYCODaD@LCR6Y88lEvGUX$b(B(^z}hO_iB`xKaY>mcJc9g+WZkz`Aa~+y0^6VO;oo@ z*~8)`mm;++`|!r1w&LS{fi_!4?Rn=d>sAqPi2Icmu69wgai?6g-ZA&vso>cT+o$uA zlQvlAT{ue+uVjtcN8XCuean^DP<8D=hx!I#aq&Vz2k>ngA)h;w+HWun9|sZL6p-E1 zl__JwPnnXM+1{%gqICoR&B$;5x&0$C=D3JY^ub7_7Kom5F?;yP;HMkr_&ur^Fj~9W zqwrYmU7qS~0QG)JPGF;f;pfh-O-dNFg>H!unMe(vmma!}tgxztE1&S3XxCWgiX7$U z$|*tl!)P+B&kh?ctT%UGyI1_h&d?pwd5EOAqDD?TP;kTQRq~R;N&l4KjTj44QzXR( zA5SdueY$w>)OizYIh-XcCsbckw z$)KNYBOU3CH{e;{fndp-QP)GV3&qH$f~k&dxXq@=`xc-_uO8Wyn+DMVYz*ZdyM!2skZ;S!>Jjjp+#ySNrIdVyr%41U9%C znq3G{`y2CVQe^hcJ6nt+I~ZVZxVyVc0lDq(>g& zmtgm}eT@#+-Fxm6Bk~2Mi()^!`?!IYb5C@z)a2^dncYD( z(~kAJ>Tz5fDUSdQEeJN-a=Q;r~k zjevyWu3(p^!D#Gkij$_7W%_jC-Jnjw5sYFL4Q1J9Qo`S zXi0hc!>Ttd*em#OslS8HDek^SzlDq0LGib$@RQjuuW?~46X>za&`GG0qXj{-?7YN@BfcJJ5aZw=E1Jc@_H=6Z_iX;|T+Te< z>Gi4JY#3#9gC>3E>}@JmiSy85)OPxHL7Vw7NLaDU)FB;9czlddW)Dfib~iZG}*VAI0Z@I)#9%O1SzK9u~Mm~((V zVN7NtxBvC85%R3weaK*TAF?mn63U-(j2Q8s4`nhH>QnOY?l%(Q$E9+DcaM664gsrg z>sF(1M{>WoM3cH+ZGA3GX#Fiv9`$Zlt-vqQP~~Ic~uuqsvLT=Zk3S+*8hlzF)ChOWISUjlFi3eogp^{`63iD_669M`uw< zPYp7xI-oY>{eH^kL#FIZ*3N7-H*l9O4}yAkFUg#FGsbCfaGwcXqw-V4E-92Dr**D5 zbe>%pn^Q)`0mG^fY7R{QK;8HMW^^K%OJC&Jt7cE=d$H*!wVm>Dw*XiXfnmVdb+ZG9jd3GR<%%sknTKPnp%a z1L2y9VP?>;;HKzHhx&uY87alse6Ep|U$D%mN)+yE^ELHl&jS6oI0%-41oj6~zG0FQ z46$z{9!uxHdi5R&8UEs@+%DP^tISb#={G70Op$wqsXwv-bfU&3rzw4Lqy3I*VG%t_ zt%^e-MKQ;C6=-#z_30M($DA$XL^Fm}qdKW_7Ay{#Q{!}vXA+>T_0v%`z**}x75D~g zvMAgd$hW}aT!+4XG$lDzXERwP1Yh;{dA&GYS?L|KM~9ropD*bN!l&$>IZ`DKIjR)$ zC|-vM@p3<)L$eJ%>VpYXw#`Y!vRNg%xXescFA=TcqQY&kAr>!pO zL3Tmsy_6*3q)!x5;paJLRiTyJl|vk!=lLv~exz$p4Li(EHyj^W?Aq%rNLOUij)@Ji z*B_pof9YS&lGw^WlRp!QR<<#2t? zqrorcu%o}B$c>Kzh%x&(cs2Zg7?H)3qt(M6#O zVj>e;TaMDc4Vde;uH6kU*0Z9RRmErVul+gee(k-eW!@~uoWHnFZ3zk?IJx&L;{oPM z>`st3TfLXX|`kuF1X@ULl7gDLJc>(zfp-iHe*3%|)h@vt^hrTaTL zb2b;l|4E)iCg4e<&A!TE5Sft@)Bav=Al_HefE7~2Ek+<#TdcSP3;CM*weh4!dbW+M z2pccc$85=W6uuStdqM%4GP9D$W)>jlYMM)rU|?i{5~+Ds_i`$a;{c@RAO~69=C*2q zbL!cuk;b&z-**OZJm2Ux;G2K1_=J%;FJ^Fz6NQ?JKXo@5ln8=QkT^f>V$AUlHA2*S zql|R>1?O*7Yd1}xQu1+mB$%ucla*Jy&+}Jp)xSw`coyYg_&jdzsl?ojTtJ5t;w7mM z&*{!*;c&G|hEK}Sz(Ak19WYR&sb))WyYe~ep#~Y$^W)4PhjlNz!;A5@3>g~ zWnC0Td9|$eB&LA)nPaBZkn#!CL(cJ4MNx4EBDE1zr;GR`uL21S%#&5!j>)}*!79$& zux*}F3L#pbg&M~1fQ5sV!}d+{E3Hhi4N8v_t+*Fv1Nw0Pm1+@NE>0ZIgE**x1M9U^ zydNbvr`U19r=cv2T#a1|Gd3IIkGonzqQ0+ufc#-uEEx&whTp?ayh035n$C&*hl6W# z!?7O1PDCHlMR>mV+Ym4{;n1nTHG3b`{-~0a`NUav)9rdJu&jKHJ(e!JA*_<|GvyOM z^H@<;Ycfu$e!X?bL@sDIj5RR)$KSjC_}H;5{SRG;$o>tFxiCw~pj2FwW)mvond}cS z2Y2(99`yI~8VHsSWa!Ns2FrCUGxB)pl%S-IgShEN4`m$Es3;*mus6{=xHk*W?_vpY z4r04eK*-w)z$5ElCy$Eja}4{ThIGXq4<4s#MDA}~9ncL;SN3-dy(TWB^s2e~Qacku z?*F;?GVlKT2rDJ?f~?=4Bz@;#eaPCV{AiBG`gU*e-)?((Pg@D2Y$G3BR_iCa+{6V;CvimF0<#(%k@HB;N z!6&7o^ZF}Ww7TjqBC}W5v1`WlP(!PP!tTiOCwm+<8Xb|E->MJGi;HhfQqfo$m%p-R z4nwbM*-qE}phVq5l?9gcuO+;)29$!m19cH)+F+PN&mn}F*xHQq>pHK6p7+s2E`ZL< zaD&r6{w`max$Ukmi~ zQ)C}g^t#_%!|!9MsO8|Dy!4*(Ds|`9Qi599H!9X-dN3LKuIU6~6hJ@Y+o84$;o6Q1 zV)R^#$uX*UgS&fz8;JYT|4G^$*S|#(^BRYt!ok)aiFHx`!+c%T;}23I>XAEYQFo$e z-cnhWVe*;|aERmyEfvCe4yiLP@(sgh`YB_RmAU#GKG^Wpv| zXq$DMd&CbD25kBHk0>^BHYlM5FVP{#EJS5C-X51jcykcOVof{TVVJXIigtrN(i()z6GhR^FE_aDmvP=VPZnEdDG35|H)zM8S&(;YhslIR#3$ zx>vCqjzsnmqjrfG^3<_T>B4b6gE;*9&3s@Y$i-b*<=W5sG#cI$xt^`7HzqSlOa?hO4t6(v~^UBM5r@}rLal_Ej-FTDB2o0Q=lNi^sexml#4#(%^P#* zKnldS^{CnxA6ZzYVb9w*nPDV0eh;1NEq?u#Ay7?6^Wr!)HTBRk9$mqiE>9D35Q37? zH>JGn&E6-?uohHckVQGZ()MT=X8|(?3ta2A0mt(Wrk-V&a_rF;Y2$lP4ti5-FWn!Q zOJhX0jjF7#WI`=UZ`&i14SP9NRJJTcybx0q(c%^n6qm)S&AR6ML4VPYNtLEss%-X{ zwAfp+S*AO?H`N;UD2O%%E!#-hp3YS1RY5QLinZt;>B~7~4ZmZt_Q#g>#m;AgLqe#z zfLqeDu~EiYWP!GH@@-F{!)Aydr6+A)xB>MRBzkl|Ig^V`n4}-f8RzjB^E&?%JH?rr zdYgMork~LP4w=&Qw=65>4HACQIH&Qrp5Dt(jee&1Mt4K#t-g8w9zqO4WJH0_=QkRO zoBibAbTJVsvOwbkCPl1Jj+36PfXqrLz}*MF-=Bf!#HK3y%Ju(f1%=xG&6ix=Ts+}~ z@&Shl6jEKr`4MPAF2Wo)*m*odC7k|ws=QktCuCXCudkF>mBA)rK3cuuPI&E06jG`O z{QSbg21eu2s_3q54b}FNHS}Zpr_zlF+E0-Rf(MdiB2vNE!l+X0Zc~7Wb@HUzHjsRx zd~L`9eTMg1)3l<(_ju|R9u(Jw+<-jSmbyM+xxJ2B$?B{0ImG^2s2)s*PO<%NI1#I- zhtPl{pPq%I*d}uV0jV>xhqu;xOHfq5cZV0^`LN6IEV?_d9Og9jS=?Vk`CE;@+du!2f07KLKaKpZ z5n=X|!il9%I9c>_M4W)He})k%?zrD>n#?H z(ciSyMbXdvHb$!06Q5Z72IVT%vsP%{4T94N5mv@8#dI>RY7pZXmt3e8Cc_XMu{mU! z^IhKqnw=I{CN6Pw%(>GQW?6?ca&JgX`v*TRhPwHNN{SzTGCr};Fdbw=+wK%8-_4Np zyzs}osWrSmZk)1Y%2fFBB%+Lx`E_GP9j)Ug40E$bUF*jy**?a?c&I3J7>P|O6nm^3^B1tQqh zN=O}A|6bTFFQErJo_eF0>Xs}mu;?^a>-IUb8g-k&2(=Qi?1f5tF(bt^L}t^ZBLc9?eSloS*n);|PBOQAE10V%=OjCer19?rIqq z<1yW|5UugQ6{+{vQN-y=x4QRFr^f>fM6hSjlt9oQS|khHZyXGvKo2~;_(r=jLA9i} zRrb}@w2^avh5}H1S>xFlh$rxt@)9tH3k2iDz`cIi8_k?Rq3M zP|r=w!Qjmn$3*chkYu>zXP|%e`>i^gEn#>4{;G2qtUO4`hDptqIJ-ub&dT+&r7#Uy z&3HMNo)nUoxhr;aG$%pw4;w=8-$5lj#W#O)Q{|h_hxcwMp@t1*keWLj$hgFnUT`|( zxv(auqD5v@mpw@0-4f$dG$;;o`vI&ua#nzl2>}fUu(;R{8Ch5BVAY0)sD$e^g)|h{ zvI5zs`Tk+T z?H$GWF?k(4jU?PI-cH_!+D%5Zd=2)iJ6CpvZ!z=ZcP-tsb|=fZbzuyUuU9uB<4PM1 z1$-lObruGKQt4zse<}5`2syGx7(H&&jEtMBmM?X^QW?@qC7YY3J%~c!&5*RjDToar z>u8KTeLll*LrKN=|D@8zHp3Bjx{>=O?!!V(x}fJXqHx@ecd*w%j=S#gghIl@;$$?d z_1&tor_e)OlGC#Wq3C7Iv`(^8(>Ok&3E*Vl>H>0f`4JWrxv&R$?vwC%?&bFRl~&f+ zrWLT8`1$~Bn3^`v8qWMZ-*uTa4VG}FGT$Q{20OvE%Ke2sN$e1`p=mfD-jDDH0S3Dg zIxnkb>6b)k?@#W!%C*_G2?e+~SDHEe39jz){l_uZ<&Z^EP)bZ&j3xozxG%(EIFEYR z4de8H#+!)g1bLb-XEx8ok4`Im<9;t>M~j-HbnQ32Z^=AIB#kq~)$lQ}xO@9y~s%cMBPacp7`D8Fv~FZ+AG z92>)d4tRSX?YKBgemHPrP&w>VYEIPL9Xt^)KCi2zrAGrX$J33Mo4)P~XTxN?SEQsU zm)R#Myxl9;BswUxbF-zT*gNs4z`I^iB0HVgyDbotGiuTo=Sd1c%TU@$8Z-m_e5+69 zlD@d6Oz%?sYPgP#6a8_sUu6@j!V-4+gya=?FgI{&=OgkMSY zsfX-d;d4_WpMx~r&x6OYt^tlml;wG8VSAKD1rjvG{b4_8sc9G08 z$5L+u5s=aD%l**6zx}zfEg~f)B`}7)$D8Meu3d#K%ROEdS<$qZ+XI2!H*6K23~HvZI; z+<{%;b~tn$H{ucv#KC-)3Ne464yO_CEjaqE0Ylm_M)F^Ue9?ZX~5im8ayJS#^^K2v}}c&@Y~~Z4AUYBx&W{4H#wv*eP2UN z$7m;d>v34y1Q$bzM4F{HX&ul$@u+v!h*T^od`y3B_3L z5#?=P(U@SpNJBT~PPVa!MzIb5r0#e0tun3OhJ{WOqR(>7)ZMV+c|QLA`W9=>h>V@9 zr)o+?YHC1592=SYt#w@(TK%UuL4Ef%{$_q@8&LP5wjiuNDy*Z#$5sy{Lv8w_Fu!b6 z&Pz$>X-RFJd`rgh7* zCxi+qb1Cu3v75-osEM99-TFWc0h%F=Kp9#}G6CQlStfab7j_~O?Ki78WKTaSMef>h zOtw}HH9?y{Dtq_Z)nunMhOoZPC6q0DoLpeEpFeSH*sz;T5jfBYz}K}YSAZCZKN65o zZ#OVv4Nc@xFMMu@R9_seg?(`o_@2;9jJLPR=SmsyhIQ1GGU;zSe({C88uASd;?w8a zmD>y;1Ery1XaWu039^EXtnwwI-<3L!UBjAZ_34gdEHkywqT>!@)uROgmA%LGOlrY0 z6b!urT+<6~uvL1b$SA8bTED?{y&62TfnU;(>2skQAW}QSO9$fOqIzggiNuQF_V$ny zBTg>q5MTC1JyTfWY4f0inJR*j4av&|*x!}Oc{CPg+-hKi&sOzX z(A$89*}Ydd-!M|(8&~rko${{eH7pF>Tm1%Zp`=@N>~oUu7L_&gSO{?B=w}WMRfLQHIONJ;CSZ99&jQDcxhI86R7`+g=lEd9=fPFdkq&bY9*T7En-%# z8>oCRwJ18=O_;l#P3^N1u&2cDKN0lyI2kqYIT3_Z*B4PF$x-1@y--2{mENv@8O}>` zTsDSBM1FFy5J}y7QY8FE+L{dX9wbnI$Q<7I{;(&-H!0uy&8UGMKg2z3>hYL=)9xEb z$U#Z|f?-LcFRRhJy~y5y%PH*nVRM}1ETt`o-xjH1HwT#jHp|#0yau@)ZW-P|s%%>Yx zntgUd@-x>SOfJUdXA!=?S@Br)7Q;PDlIOqX$@@EHJ=Esb!ojInHdt4$y&L~=QW?m zP%=%^(c(LAq+focFv2pehDCkPSkgZeI`r!tkF_6LgteaBoACM;FJD5IRqP#H4My=d z2B%Z{7%tW`l9RD+-(w$GWu2dY(3o$h6e|mrAstw^5P|Ps-5XOhwrL6X2)}Q|w~oJI zw?i#4)A!I3dDt|7JEd;Vc9&_)IOG(~$PvVst=jw1%g~x{>1`|Ab@gJV^y#%?lmtBv zH{|q%vO1}fzE)R7OEqoZWaS>f98er2N)3mwM+Gk=Nq(odQ+0TJ#@PNAK12G|LOq`c zm4e5pI0W#uuCL+q`ziod`91QQd1S3qyWJC?NRM{P3KIT=dUb)uXKCgec+D%m+CNRe z%EcPu@4`wK73tGHnC2SD&+{Ev%YdYZ5SuDdIj$v}sgH)@1L+n8P)(SzI>SJB+l7z)XJ z*pJGTZ76ytqL%*Bky=&`G|C`fdvlP(wE-@2VNzEQO1H_IoWitks7ytM!&l_}4FWPP zS1xh$_WfbXdk5FG&30H%ciAp+LCXE4ZXSzG_=*V z*gv>H9_p4V)9SDSPv5y(xV~eeQ%0(e7H5jpk-a5MjmM_>ZXud^wpZS}2Zj3~pq%i9 z^jd7}DP0)lGM4-8ANT8-uq$Yto%B2EgUCcXBFWkt4|cf&L-dD!8-@y9taOjM^HPde z0numL6*@3)^e9oT?{uV@eNO;>5j$r}pJ7gDxe{dU{i+|OwqK%bxAS9kUc+V&D_C0% zLwT#+i1Pqd!Q*mlB)_-e#O`!)AEw)BC&=D@PPXAd`4sh~td-j*M2Px+r)n88;Q&uXx#6T2V7n(DK$1EP`M7K%niqjTyB}?{=1FN>qS4nc!WV=Ie0lA}3m-U?JQhRT@?+kA z4XG=dW^X;a5cb(wc6aiv4|U-P(O9~qyh7km;=esR&~HbNnZSAGI^G@Tb7u^(SanCi zA6GQ-`w-zX*)yjshXe}TKnB&}QDkJyk-0FR>f@FITyW>N;%zH-n{3&ilASs7{G%Qh z-L%T{M~NLtf9rZ{Q!fD;Aud#J?wJ*f0{4p3#`$r0r%s>mT@>)`wS!SvX= ze#S0Z!5DWdc==|Kd(ocAAtu6g)VfofAsvcj(J84)U-e_&T;M-ha{d1fwJDbi!0cep zRhni*Za^o$&@^83X7F#RjSaYP%}L+YC5aL1#P$QBn<0ib63u`X!l}pV_~C$a18oJ=Zi_El-{eI@+y;CE z#b?Trd3NwR&N#z7&e|E$Mc6}37JJ6*HGlLM6Rb+UlaVl3&-+cYiHOZ00V0DgFmE*_ z&G!hF3+j}4tpbTG;7<;{;u4o#39)C%!AAq;n|$tpU1`b`TMY?=wl7-%Frk|pBdke& zpn2{0Zl&Q*vfsZnTW_=o4qT=#nZy6qq3_2|^&p@38QcA4LR9ZQ%>h<@pPoEnpEoT0o!7LB$Uq9J2o%Dg4EMkIn0bvT+T|5T%2L>Tx z_RuQJZd{^V)!h>y`b69dGf|#q;}`C=3mL8N7CBD@&av78`47<;+4q_%T>*&}xDQwf z>`LM}7qn{8ebw-U{v2z1S{jaFhRbP=9An-)FO8T9EXs}ktaEtoyv}wQ$8Wu|QfAdY zMT6KK_U;T^xzdwhV;?5B78aE99c50=aXJR;I64FmVJdtP@~alzaZXS_4PfD8t+s|pK>Wa zHcu|>7w%W2BaJa@zkExa>t-vNnL|430|MZ+*!jnsqGH7^O+EASs0^`o z<;l8AyCcbwUSzVF#1ZDwbFPot6{W_qG?iWG8}kzXqO9~T&eP95o8lM=p$C3@U@gGa zwuqE__JWuR>`vzS%Xg~}C9-1Apyr)1a9?R>CL=M4rYSGu4uxVC5yv~QV$ z2S+I-ph)m%lEHj@Se?!fc!3G>E#LI5BJ&2Oi1%x!+vI+-l-_9-=8)^RgWYFTWcqH? z?nJCcA1J=|q+W3Us7b=<*tW3lH~?I9>l~~vuYSlBPZ9=q=d;M$g}&dt)YG7IuM=m9 z`|kCQ(re34(0}tjJ6QKW%<*qz+c}?qC`V?tb&%WIe=P!q5taWa11+-~4>ibKQLPeR za|SC!vU&oEpRm_u*ky<-wlfi}(`+IxXJFgb{f+Xc=YdOqAy-*|OB?LMou$Uv0HLxz z5Q62%Xik27R-*7JfeyOyl-|5+wXY(JStl2cPDMMXKE8XBja6wB4L+@!yv_;z{aY_Df&uosX9*%oOQoC9C*D9hS;M)!hf>aEMzFl=j>;|7< zumX1HhmLx%==~$$%8SW<>%f33wH&6Zq|$csDwFSUu9r@G#IOr0@cy+>Zz$FG~^^7ptyM{rS= z{!g5!kv!G9vrc%J%c^51GjBI+WbEg1%e@bEclgwv8OP__)PyJXcMbOmg~gsx_08^_ z-Kf?4_Ky2%f5w{w%zyb&#UzA?o>*fPb!*)jF1gb-t=hZ*D@;PAZnPESeis|IxPxq$ zm}&)pa4HC_=*(N&yS!7o%n@9APR=Yz8Dc4>wpDeK{pleVlp*t^XhlsW+LmAS_SmSi z2E$N-@N>y%%z_x}qUaJqtU&!MZp=eh!JQH)yRj!hZ+?K7(*!$p>62WcQNyfw4*8Nc z-Ij0JH>6Am)IDPxp7w=m+eDDH0E8&8sNRCn~Ef2&WV zIyq8%b)mI5k8fr}ky%kATBrSh z`1!Ur!uGRS8;?CNQk5onD*25vc}y@x#tfGG+6Gr^T7GtcRc5e&Xi}dqexYRY}Vmu7tGiyo`gZ`qJ}D+h3ax{gQQ(3-~RjQVfZtE zQV_Nz5^_9+QvwCHW9+Bsgt2f2CEG9)6n4ClkF*X1_OEBgp_xg2+)c_k=~!Y`1t-*$ zu@*#Ns!=lzlPB?|J@PoCrAb?jn=$kE7__xKe)mPnCT=_d@{3oM$P|gl?DHgp2&ka67^3!iz^{m|0C{^gG#8*#KgK_EsJuXb^-Ms$$;IY+L>>RTjk!YAOsmWH0hksL$1=sG4PO1Ca2$9QVE5qBjIA&j`8N@;~`vF3-s!gyo)- z(~rgS=2)fVP#Oz%77@LYgXE^_(#_x%8$^Gkmx}O1sS=ZjYE8t&qt~yzTDPQ0C!Kr0 zr~sh0tnv|ZXf~gSise#AVwYM}_#|!o)j}}s#qQ&NuM90*eIrYscSADghOrz)4Y>GW zb82*+k#Bhw!C(E+VGeTk=qZ|R9(ffrhWGXk4q+GYjW6#uj)>F1Asy{W#* z)L9)XL5VqgTx7siXqVk@SJZ19ps?p_ydTTNLgp4mzL0dGB(>%W-YrSl%xJyk;vMfe z8^rOr+Tf2LdQKfY1Bomm%BAbA0gPL$&xg%=%81W5m1{vIA^Epg+s~D{uC18YVO%1m zqYLN4=-k6M@?oI)#>g=IuZ|m!T+bKqKGUTmc6dD>(}39uk6yjww~(bbRZS=B7n(Si zoXy^L*sjp~V5_?xm8`C|QS9dn8{V_^0tTP$BE0hghm}q@(qMx7oHn6u0N!;)id}mk z(g{`XrHvGAH~GASY~jLFrc`(QwxTH_98;uyKi#k*A25Bm;Rm}3uDB|9 zcF?39wA6grUepx;u3M>>CKZHvEQN%N=T&ry8Lo8*LSrgeUw2ozNWWm|G7*E=?T|~d zj9U}s<0F6Ksz8VTIR#YXeZ*J>mA@Qjle#V@LcWlpkkSeNT|&G+J0xNKe&B(;AfOd7 zz?CMaUHRpPr2R{HX0WS8)gb6R+pa>6+C^v*SsDG**BS%3HA=>#%-L$0<46n+d(Q)n{d--wWOy#LOnJ|7n(#9HFXvy>P|Y|?t%$d z>A8I#0f{1b$uitT-}`#k0v>7VscN^{Iys_E+;xSV>{ALItk@F%?sX6e9``$Ev|szM zULsR;o`>(QO3$BbkI95RG)|cSTf4HAG?unv8U5n1k`oc|_L4Mi{KM0BF_KwO#)4zC zO~k7pJJtZ7%zu!9)4zGHU0Kc_pL4o_N3rrhiG>MH0Yk%n~!$Z{*GUKC>f$?}mY_I(cNkoEJ zHtW7>`hpVe)5rkqf@fSbe)&}wE?DHy*2lsip?ynq5dv#oW|t+g2el#*>Pj(SzUW!P z(2J|@_FIIX#I-mpp=mxOJC)R{sAdTNf<7@cIW-mgLCr(mOIw(#<s=jK?yX;%xvbEPdlgaY#hl(N-Ox0937<1iw(dFOf>8ab3mff8_ z;KNI;@m1;P9&0XN3oWBUtx^DtOu+M%(bJ8c&)q9J_|U`LKXAiRDj9O;v_ zy1|37>fW9U^N5wlQRxAx`R0r~F#|+?h#M8&e!6#daYW>CKC6^2@)qb{o`>F;A53s} z_^MJ|kv9*EQ1`zj_!{3AdmZ6gUD=G7<9@#()QzSYe;jKp(h-4kxWF|~6S9kSt27`BwIa@z%mb{Ra5z_%%D{yxZZ1Ob~Ml|}QS!2PC+)D~iQMG0b)=akzWlV*MY`ooBv6I;F25LO{ z(=OvAH73xxkhq-<{SG$!Dc(Uf?Q-d{%JwKPTK?aZ5_$@()L!6gnx?3GzxQ4D(T`~r zO1>5*CgQ>1Yi^>T1z`J5{8lU#OY8tSlF53h05Y%(z{T!&aJxsZ)3+z}*@YFD-|SuF zkP*JgoS9bl4CuRaQ7xb6x0l}DniR1mCMMPT-B~^xgrNz^I{gzk@B911R4KtqjJ58f zA^}BN$@r^r%~(=xUO6<#uDri@LcwIhkib(>cg%kRUWW%#$2&HeG8HGN=YO;2d%fHk zQwDljn25fP_Cc?)-JmtpYK~r%k&7v~H7W07k>IPcmI^}@r-Usc@xtoP)}Ly1bOzQHjM~2I_jS2t zj-8Zi?@w@Q2iz@wwx=Yb4|iRh;t_qTQ+I16eMEePd{a%Okvj(lI04*f7<8U% z09+{*_zt-K-j5%*e^4!RqrY(#NV=^;@@kHiwVWG~ez44-5!^^_?wF)jjH5r5myV>a_ADTZA!+H$`TvoEU2_vPi`fwx^8Kxu?=%#*)z zSC)^N>+*cFBH{cbu)FsOE_5;+pUh<+#M827TxH6>zdM9zJGnzEP=nQ)-Cc4AKfRkF zQ)FiCIcqQ41HZ|(;_nhw4?t5unJMLIzwFj*y*tEM{ax`I&L0BQ*jm0Z6L>7EHxhAE z0^ig0Xnw3R{pka6d{9R2jn#9D+(o^N!~z`%XZ(c+t?}Fb&X6vg;W{irGbZJlqi`xt zkuS*SZH*%6&Fyn3$a{X7B^1@>ACjEL$0F@tO>=lKQ$qn7nDtJ4;9yUf?zsnZ;>bPL zs~G(x^M%>PGyooyTd+OSGEf})Tu!r+7i8#K_`skdPR<+)7rDFjsNmyUw{fg~x5m@r z2aw1sbn=-!W6RX|?D{baUwHJh_K^MBCj70np3SZ8^5HMa<5fZ}=`F1f)?O{1?V7ho z4e9@UrT-_q=a>9mh;xWMHQwiHD9bu}C|(2V7dxJxqQmb?gAfQfr5d?X7b^7Rw>vYt{lzY~_Rtud*s@9_=gfFKhG!n)#jS zL&-y}Fq#1A_OvNdHu`%2)NomNL~r+z1^*X`UEY16YxlNSf*5O;8o^+^a=cIC{b?F@Wk)?W4uSpCr6mtU?z_^mb3;>Kli z42N!>WJ|-RA>-Qw3=-JWo}j(r2T!15ua@ka#$}fgVQN6{ulI>~-;y)tqUHNk=~LK< zPamnZ3Stor0UK1-4mHP0^O-y?X@)vSy4G)JS)$BDDY$2MPjCb6XtruG<=1`jtGpG} zOcIH1-ga+PZHIWrwMAlhbr4FZl!_((gW9jAy^wyPsFAXH_wyBnmd0;w>zM%4?i`gT zhP;CUH&@v_q1L>eeoI?m0+=t;%a#yRlr0S8U11#o12T2~kE*xei)#J9zmI~_-JQ}U z-N+!FLw8CHFd*HGQqtWi4Bbe#gmiZ!-3$#<{zt#({9gC{6!x|EzCN+mdlmmOZiFNI zyXM?qNqG6;VXaD_mBB}ySYIjIxeB1_Zl=u-9Gv@1$>b|WjVtcxBhA+&s{41>CT*X7 zKf*~BV^J>|7+oB^+2i81X>+e`qWU-G=*8k7v2!R4s@g*ku19xWGMft~bn%SAymuMr zg7!JF4{9?@CPvi9H_Zhp59RMk1p316-;>rWVjGE@1X(s(l0=cP=crb9wug>W_|Kn+ zK#0Zz{y0>4PXBEN!Mr

TMlu7ar0j=(bzkA0E~fd-}ejgix%eG*at-$Hs;HdB=K& z-h5n3-U-+}p=HYiM_j#*vIy)&lOV)xVeS1+JKa)+j$o-N5z{HA@G|#3y8$!9{IKvs z-(FIEdPOeU<;Z(Z_0->EXkbXw?m>G{cczs z-`*mQHq}c0Yg8S%OLsJieFP+&(K1!QtU}+8f2x5*1aR~=zbYtO>U8fbN0VaA{Lgf2 z=&@o~2VGCz5Ozg6RR}k4)!}*<3~(>G>|EwJ6_lztpKM1EqO5?Tf*)&aw7k4b%SMlq zO@F3or=@yz)w9I6x7d1{e(DDX(L}>JZu|n5cl$`=50oz6Vu%dw4G@o^yCskLl_xhG zN}tHsfPa zr7;o<@^Nw13V9p=QNCTGs&JH>_qwR@^4-Z0aPodbcjznN*!*BC*SAsFMQ9vHPt35= zIiAV&(Pg%86@yFzuK`*1o>c;Z`TLjZ8X;v29v<^;+h`o_ht9;@4r!4Ku>-g<lXt4$37%K7i|GP)){_iErugOiy#(Nwk zdi=bgz=Uj1WbB797kN{my#J-Hw5U0uY2Ni4A*Ae=qqW+;Yj$kieDEkuFjWQFqBo8( z!~iAKtX~QTo6h_LT0@+-%@Tjew^J2zXQc>doFk%gE;f5CcGKhFb z(6$fCN7>M)$XQV$xAqB7@8`-Oy26f;M<%yvm^Hg>5Y=eQFTa}tH+x5&>L#v}WQYL) z9^P6i%N+fTXp9sMuC}u8k&nlDcbU(rzmu-}EIZxBVdU(qM$=io?zQmFl`STF5bAj6 zw=aOj-XaNig>q@RfC4tl3+@qmi|(Vdhw;@PNNX;nJKGf5C zuAr*ctiGSc!Ia>1&-tUL`q_s44=}akj5|UGLZo4~a<)J);{-?E3}s7hiG~4vp?EriSrc+na?wNHr z7P))$NlUEhS2p)#Mtr9?5!PqH3Au z)g&Y4=hm56J|@~ha7#~IbnV*Q6?ONen>m=hcIJL`e}8+@m!|@jF)W%DLywZjrJr-f zJJcsY-{}Yj=nM>iffEwyC#`afkqg_vX-!@ybJWe;EFo_uT#UO{+)Ys15fg9Pd z(Zn8=rJZczzu%q654+q9hhoLTkG$Wqv>C==0LFAd{+<5+PD2cE+n^xsF|X6NWB zmv3skt51B8Z8XdV50LUcDIt-@-OmTY^B+}}sJUu|!AoRb&?)^CbuRiUIp%i}>c{7l z3(V@$t$Q`v>#!qL|NY70NXGY19rIH0dA^(nBKmty)u3BU3;Qz|Qwa3reObrskxSKz zY9`NilM^e^-`VuP&K)S$qP}YdXwH=t0pcst)5bd$a-u<$`a1MpN^nHPaovCE8QgW% zD9peA26shb1fF9w+;X5hs#uGU`o-*+a9-`uSlN+F)$9O^HPEkLc7%ffzcqiORjb`Y zWB$;i%P(O0AS<$|+xuGCMuwi3bEbx1h zXmU(lSU7yp-YFsVD5=~xrfY9$p@7VIC)}3!igPkx$l-)81t2RP^M?$QpPe%9onMf> zQQ9_-^1%o$a9=rw^hNeJEa$&oB5^=#(;K zaNUchm~wBJD9?C)apa?Gyn=s(Yn#U+$~g`nNN&F;--BBz;H0gMM-&8zRsy2e&oO<; z8G{Ndw2jz{i>m~e)C~DnH`V!KbH8C+%A^g(>;At4*lDH5ASP{^`{OgNp1`YZ;Z;o zC#TC>pN?6(Zl)^9_3M)$@S?EM`R`!F_`j|6l@Ei>unYQvBRfphPfBbgF#3uU(s z8VsT0Vxgq7Zi!);0^Ut`EDB!1bEtAt&h~5VHz$UF2`Fibz!Gl{tpFqW{1Sz`9tq*`Q_()?J87;vx+~wwbQ-D~HX>xM z;k!J@oQ2?&;;JM!itm{i8f`BNxYqAHW{xp4P41`SdQ&joFiCm&$j_tomOr_CUF-r< zp@rF;1&p+gC)#IQMEt;tgU!tRok8w6H`z`5g`k&7ef;aK6E!~&W2jp8IzGDN9`Jf4 zdE22JnqvT{PvE&p z=Hzk`bPR4Z%F^Xh8Q5F$pMe|&La&b}`HIb<0h#cfi zFn}2j#h6>jBQ?{isW70kZ71E!@Iqq87^Ie}cIS5q?g7)BA1 z`(gQ=m`Ph#_FrRAyPWfVk;jYGOP-&c@|T}yaw0IEaZl8wfm-yGcYg12ii$bi(!XQ# z1^9jW>Kp3`RWT%forqZ~fD5t5WO^ejluX7Q95^s~OP zp}Jn9>tU^aKPkt+US^2y#PDYBwdQcfVI-stl^K!QYtPL? zBKKLo-{-nE1IgGQjHfCl4r^3Iu5lJnH7nrD6pACr4&*jjRC;-D4_zx6b+Av2<4jvv zVcUYQdkKiftj^C0UbT7Ehw>Du!;MOymFK1O3~jh*)mV2agqcnC~RX)(c%M6%7;pMjqViIY5&ru428Ha|S6BRcO!;TK)* z&!#-@dJJ3=eXwRREloR`BY+Q#(7|t%0x&8CTnk=9;2&0z2kz1VpOWTh7?)+y?w2_R z{O%gP?uT_hm7ulEtjU^s%kKGs>iVB<>fL{pMFH4I*`+1Wv|{t!XVApn^#he z@KFO{&@Dw8jy(=X;zhyd?a6sgn5pI4ljtOQdq<*=&deyz-)jaH$ETwtwcKO_z&$;kTaL?ln~XGhGY9RSDMQkTOA^EO4tT!Rk?`8(Hn%oR+sW1v7v|p@QFUJ zi+?PSUO|^GDmXA*NU?T93-|$h9yx@H;zKiroy>i46w;I&0Q_NLEr`3|qqSFtQa1^6dIOrVrZY=yyJ zIF(Il$@(i=`M-gX;1;`NiwLevVHENPI?-cz`;ByDz=so1H(A_Y#ZmB)hX-ux^cG?H z1aD0^G8$PnU7qZ2@W{Y?{R>rUpYaR0OqYaRc}tJO%y=0Cb+F`>N5!GF5+ z{AO8U>$ToI>fyy4wU~xjxz6%)dA&1CgRwA9MfGRb1B26%%A((FtioX)##LD-r4H7Q}{E>|8a_F%VcyA?+bx<;y-im*wl z-T|F-YwDfYb|k-4>UrLuzp5!TE-;5S>2zNJNUcV1e5dS{%T?uUHTZYHl6bfd#; zDOyw^luf@k69)vq1)}<=!yirfru$A>Un!~dN*i08_BsD}&u!MURTyF$wSw|A0X_Xp zzeJ#b$)sLiA*4*3)t2qMzPkEjdpq9~))&}W6N4~3=d^W0NeP#y6#9(n&q}%*e*t;v zKGe66iGHA{W43ZD0T_I22+AjYB)*&|9)&+B?+dxzPxN=BlOr<$l9b1cCal1 zT}3Z>PAIJGYr-n_t*E>la8deK5lRWVgp-Yfkq%(1(E>n@R^z_+%~{Atj!?qbZZ&wZ zwn{54`77E+OZB90NP9V8N9u%i!4bMbxr9@2e$F+Ya{bi~F6YO)%~GVpnXhgJTX?_p zJUSsg%@{_miA1Em?}Y!eA@(yXyB3R><}K(|Bo!ZLvtqr9=oz>8IkIwaDT9I#U|#e| zd}sF=tz4@k;x}h6wP9(g8R0YuQ}5Sy?t{4Nm?~sbInz&DVRANh52C1_Wgr)Tc70k` z_Tcw0O$Xz2nzq*mBwIIGxThkHtq0#edM{$nzrmSMBnsMOmP*FWhhQAKV%|C~e|yRY z`7f=$&9yc2q6u{E{(i|>we>4y?tDLxr^&4`plp6vu4oI+W0yE=oV{BF9Y=01ETP#F z4?0}n+!)TC)IJFYFWO)AkBt|tX3DacnWjbZoSZhcKaOdP^PT#I|EaKA{5hUi?v>C2rLY&HE02L#IcIEBE-ITWhE{pX zTEYxgD?8n_XxDiA)jHFJ0{M}5ExxMF{6KcgB7EimV?NrE1W1K{dF) zf-{N?qem!cFU>;dys}^Q`^Td~HQu)p2-^{SaBaRx<^?Zj|Bd)`8>NxJp#=}$al?tY z`2eqea@4P1L7eGc-MJ^8c6dw4ffZS(xPyX)j0sJCMf+C54Bc+tmedakdu_62auE(` zUS*`h*AQ;BJknjX9|319<(e$Y2e#5sh@>ayZUp8xkm@JS6#Es!(XGR4Q5G!&Pv0r6 zc&9^%unJp|)9+u*w>-)L=ZFB9x4#Is9mP_r^X2^jLapcN4o3N!vZ>|gHqDE>i1~}d$2%_q<=JSR<_pC$^2pVG-Om9C_CzS)-3E<1-flcSr@SgoO^m| zFfy>YJ)Tm|`2T8PcXhu$zdNSCL2Rt&MlM?}05;}Ge1qQ&q~1ZuGhJL$^7Qr|a3G9qs zD(rYKfa|lNM*VAI!9no6pD|Umnvn)E*t;R5q#uW?wEXad;mTIMT|JUe6;#`RYT*hu=_t=ZQ1u*4Wo&g0~7i_4t6DJNiZpT)o06 zXsdxEsnwaBDtBpwb3usW?I>N^1dvTAG@&sKbDP@<|AOxW&s)xI`rvX`a-7Zhxjj|_ zv{SFC0V|$j%~CEq23xC&K@GlebLFkI@@9ya`$yY1tPR7lx!qD~^VRJd(kr1G9cXw> z-q7&WT)M0o(lr0~iuUJj-O*NKCAebr%h`f}Pvh;;*`Fp!h z>)pLa!|Dk>gUILiYFDnwRTOKQ~FbpH#al4OoYX=W+=gYNh#kOP5Wl8EbWowsZ6 zqUIf$uMbJt#b2K`!ha?xlETnQ$3UqGsG9fNYZ1f#Vfv3Hw?77{ zt*WibW;GP}{W9}%DJV)4&@%Btev-4?=@pI#DrzRa6eTLZ-I0Cu$4;34ZHrXC&wGt&Z|=HchJjm}tx zPB*%x&G5I9V*S^GooRt*j0qDHgOD;GL0Zqr`S_jr0o`mFgGgdH-qWom;O zt{bQl<1NPQ5D5jA5NW>E_Fi|tuoVhNSL`K)NH@QJ7^_~YzhXdd<>yflbriVp=HbP2 znSP7o9pCmEv?^kBiwF%f#MP-H>cz>&yJv;v${gK~7Q_zXS2u43AF$!0=KYRckdC$H zR!#*fd%i@XV^5DT>}fLm#=ikm?4^!dmzKiQY;tF5?U zLAnuXqM{z|?uWO$e81%dvVO$}c0S%4`CjzE@v^G9>h4Fw6QVJ4jTngvgp?4Q*Xt06 z=?ZJ=9piC3x-UMJp!zZA&M<%v+E%dyM29@cEUdq)-mCxf){4%bZDHa6N%>xrcxw_^ z-Geo?gL!5ze^Ps)h`{wzA;cJ{FQ%r0BVC@TnXG^v`H}zv^ZPDp0Pm}5li#AH(zDeP zhMQldWCmRnIW;#0iB$t$-s^_!9U^=gbWBa9I97$;FeD;M#WWl~JVBZY$q^QzT%>Yw z$lO;@D+@1X#yL7yN4@Ny(wiyDd8ttf1x}C#X>?JH`cigLZ0kaE_=9ZT`|4A|5e;>_ z88FB}~|o%EHS_u@u25YD*0F#l>=1L7N(8q?r$!t^pjXF> zvP!i`y~JBDWvHO#V{x{sx8~Gae3g3r>GLQ!igjGHHq?-Vc@CVIQsA8S@zT?o`Exx6 z*>dZf-@gJY9p_&SAI#rlptTwD?EX8Xz~`^6E#k_gXV=U|cCUn;h=pBRr}W_Y_lD(0M8>!^0q zZ4HDWm`^t3XG{NtDF~Z~u)nXw8`gv0k~G+ZEqV3GgTt|H!>B*fv4?p3v1$*V%jU>4 z4OJ|z9Wav8_sj~rN>n>&Y9iiq;$r;Zhdcq?PUeC2D5F@p3fT#D;#A;|OxeX$2D5ky zSuJ~pCFW?b@1Buu&!REiS?#2yr+etzV)4BY8M46-=tN_?aGTew{V;mA{t`55GcOF4 z%=jIdfU^5XYLxId>Q{_d0KJA%!R4V04bMd3wSY+aPp8}9$FpC`k5@>9Vybc*8v99F z9UnHk9;`n;oKnQ@61&KKxE?A@`e!N3OiU-z`xt{ens#>LEJOWFAmE{|1wOIBISl*#+6^|^(V{(LhhfFilh(s zw)nI6CNRk@rFOq4_%GkkB)nLF*%|IWJ@n?XZs2w@R*W4YC7}+89GEfpD5-hpxonZ+QHZtkwq#W zL2i(fIv9{?Z)-sZ^7oIk{_iRe^cv(#F@x1-iYyMQ6W_mH8lBLQe#f_M#KndaM*AUF z#6G(xl92m2<%-ZIX*b*HzOztYjkt1rj51d?_dWQihs%nbk4}T}#%sm4-*L`Q;sKIs z21!I@lt(;jFj{(WTHV^tBC{kn8NBRvNY~Xn=#yYtINqr7=z*{gxkZC zq~NC>qO@GS6tWwUUXlpY-}eO2wA+CDY-e#T-|~?V(dH=U3SP_n&YdWW5#@@?D0}tc z8{{oLUN*5@td5m1MGpcIjE}s%9+_sYK(s#dN15Ysi`#+mw9p6q5SmqsJpQ$6 zwS|yaew-VTBCY1@Z?GmO@_!A$WRSmaKJo4+^dXxf(yD>t0`ErhUEeNnses~y9EC3< zCsM7mC#-~vbHtP>za!}YTNITng|z+r-ONEO;_%k-3%(Iws`@j#Rd4)gmi3cL5hkq2 z5ae8}9M~RbD=BP>O>^DyKznMHbOATJL4wF3I{lLhS$dIC~oR2BW*Rdnq z-Bb6x`z$Z|dx`^hun8G*yEKrYBW~s<6}vC%7b5y<5J7`r1&p)C%Pfjna?Cc33o9iu zJM*oG1;y<#n0fj%hBU4XZWZlLJBYJ4zP0f$*Z!(oh@FqO;Ny?nY$kY!iZz}}}Mee@~vgSt|QV@nO>m3kJIKa+xO&Kp zCuY`lvg1Q2*?YbCx2mM?u#P14tW$Go=u9Put(rJ69@BxhJlx#sWI|b;*&251dC!|)^ z@c^|tirePb#)3LS{T5iNXfZu0oUmp~dul7s@Jym?z7=?lQ{15qF{7oKqZqNO&E_&- zo@dl6$(!C7s(2elO*viDs?(EIkE)V0fI6-)Ix66$-||~(ls%@Fk!N9%HPl&TL@95J z*k9v1M8v@h);p1X9zs8J6JeJ8*CR)6`Ck*d#eg3YOhFN(#uPav)ANatu#ky3*(Mf{ zYpBXZ40(CYg+Bc8r;+_x%6_sLD*54q6ZL+W&kA~4&(IMQM&jnu*vE%Su3-5>J`7cF zjKQD~rMY*_3Y4I9Y}8;+YvE9`7MKOYe346RD2ZTmCOq`VackF>QV|WLS=N9Z-L};p zo2eK9@;y$I-mvtzmcc26!q7y>@SE~Y!y~toN!m;471h1|OKl<=trvY=e$U7k6h@*7AC&Phz9sfq_dPZ4?*(bh$MzyK;w``o!0(&dLb};1YaX^rCsBwt#|q_NNCW1-jCh%AOyGLh z&q%#lxgrO<#ICNHRuPNY@3P<$5ExZKlBP+{TzO#5O6B+4_?aU+UiH-3lFZNQ zvo~UNSRb1SH>O3z%0f=oZOh|#hzpz;?O!fSN_@!@I40c!lFJ# zRK}0Y9$dYRXy@7xP;33Y~%gBwvugtYh(WK0` zq}!xOuc;I$iGe}7QZ#$rJx1h?P7@56O?4vv(4kL~6>xBT)#$wj*BQCPzCe`Y3*RlyOHn>v>qXVhno}fr0tUzQwLCSSZo$TOU%z(mg3H3PC6_ z-0{gj!Kv@evDY-oE6v3(y) z3mO5Fy)h=MfDU?J+|{?Oi=Lc7Sg`B*n;5`-t9oT9ETJSHyFdTkT%-C|_cFUvFYxv^ zCnccxfXfssElvEaZ8SVwjKOU~hNgiT`|HiC>(FUh$2--6G>C#@mTv-R+7#`poNP2-2N zvI%YqIM4EPeFYdNT&qk(^(K}9+_~p3Fkbqgz5*%-T#4RxBd)9Dh$KlDSp??vLxLSn zTMzf#Ps|L1YaFJQhIxJq?qvP##r~HpHBv*v^sXeQ$11*I8G>Cbp)|-u%#S9R8m)4G zHk@*(Tuh4DeL*Oi9i0%8>b|oObw+IU4_Y|%i3L_|*N`p*x3?MWn9aD-2?xzew!%$i zw}ROG2<;j|jSuD7JjbFCAdhx%6zAcdsd)FrDrmVF$MW=8K+_{3hT805@I_i+$;G8mGc2yi@mG5?XP@>5+_v&T;dq};$r{xV*)!4ppSkp#fBg+cqwrT*Ru|+3FBkj-Hctq0le~gr=P&az$qRE8<6|2)AjQ43A<6ny)0tKwcEhj@IN!1MPIQwvI%klhD zd78 zLW39*G3e&@g09jG&g=9Y>`RDIF{^@K^bdm@-RJFx#$JA8Iu40);hJ+5ba4!ZY?|#T zAPRBZ{(M=9RmQ=D*ts1jJV=?P4TCkQ&?0c}ut1b4YS9pY>{PfTh7dcSS-E(+?jWQ| zQS+K+FhP?)(P;VGhO}~{G%OdU_y$QaWeP%j(!j~#{p-j{RVhB+$*_^rh&Cl|`}rw0FGs zxZBro{?U2ZDJAaBYRA)K4F}6OSA5Hv%cs3{hwR{^oci-iCiI4|zu%lnXJD@%L_T87 z1uRf}Qm`t%`n-Cv=rM!E^k>M&WBPCX@aoy{?!L7}dG!nOpUZCF4b$v{n)QQ%h3P_l z>#r5pwRat&j-S@rJZGM?Hn{$rC389D%w>Ykr^6FZ;=s|4Y5>Kd$T7_Qx`Ol<)KvFE zRQ$2p0E|wWbq_e>f#8Uy9B#bD45{~@RJ19D-+KG}MeRRDP+Jc0viinVmSvO`CmSMs zgC;8_2K_bHZ;7u9iZ||F5_(~(s1VB)xu()yF?f}Ox_vP9EvQI7X9QKW`zm|(W{Jef zG@J9IaMqEV&=zh)v9@|XSQT*KmKuk-jna8zWzwK#Qq5XHn0?7v2h1@JBs#r-C_eJ7aiFZGKCOBPkg zpl{O`S0lj*l3K|2DkkX%{hR=r+eURt8uqub09S8qjOEVhC&ruN>C|fRy0QFwvHf3Zf>EM*`>gJd{Dnj=U|INtvw?~`KhyS( zM@&(}=PhL()E0d3{hX*(`_7l2YF!W`n|wyG~!ispDK5=_XRGOUb)v|kYN zvgm{!bNAA##-FNPvr8@9;UaT`l4o0H`$W-8!jJn6pgO(K=r)?ZtIW{pqjd%P@LYAR zk+l1pEiY7n2bN=~!H@W0PeUmd3dp5Yns>hsZ7u`i+&sq~u(E3v>)LLhZBVB|AJ0r? zHcVktsE^&(+nDr65P=?qmg?1T1(kl)+l>?{XmkqEwCA<+3nXRzR-X~c?A9B`$<% zEX9AWBCf0be>mv{i*qHjgx0oSP4v5#0nGdiQVz7DlGSYz`-1#wE)4`;vV@ExiV0)bO>#wqC212m_FVuu;IKE*;3;UNF6tG-aVY5 ztEYhSHmZ%wGHt?=+5X_#K-%6uL$1I)Z{)o{x>SB#8=d?%oSTcnXV}6*T)G?*Hg7^P zX*^^pTZb~#Dg~AnHwQ)A$c6=l*eVxRJ=9@7QqoO@#>F&ChB!l#Y`)~|3n)b|yMQ^- zp@w-^N_~IlkAeRRpKPQgj(r2y-f?b``^tQ?&BuO?yIg{n`J`gOg{a4wD{HBLWE`Bl zI?p@AowyZ}A#S(C`Z=e&wm2||EoQxbPex?4>KnH@s zOkk)wQq)nMo#A173?dKia{$ginpJ>N2SV%}fBaG&$_Tpb(D`7#gU^kfqj6v28$+Dn zV}#9SUhV_pk@UkT#0{fno#O7gmAW5pnl>jg{j80pt&a7ti93ocOFp#jg|g;l!}X_h zg%&PV0jx0mU^yGTY)=IKdu$DE0b;9eZjuLXxiXZo>(0qAxvdyPLt>Ss6w{RlPxF-;VwaQ)o zKbhyhWSo)7zH_mIOi0&rOIek*(>q512)pbH1%+BV7OuOd@?OXIQ(cJ-hLb9v_v@jS2o(@x2`_VQa`)tmWk%MEn#@zPK}hray4Z>ke1l(V1vM1yHJw!Gfe1xksGRY(bmEWhlK+JGvqy$@3Zp3jq zyXXL7G-D|koCcs*pm)WY!=pGQ_{KgFlm@5n^m361^Ny6Mg$E~F4z0{|5-o$#tOoIq z9^*XnL>mvAIja=Cs^-{6l=?qzxDq<`Tp}iJwO4wr1?j9UN(qC$!UIHE+TDm($F;ud zzu;y@e(^Tz2101zYTu8=dWcfOciVa$RjSkHAS{QTgcm!K9+s|G_PZiEj1<79%K-h} zx*mU95DmXY$C`FTh2n~?H(yZN^ zkK{qorUSql@Fz=(dTs(YF;f_!xhCA0&Zw<{Tx%RZ1^!hWZD~U(k*5voe{le0YJ>c< zMLGqN3iXZN4NesGqYWf7S(GeM+7QJ9u;B^ka{B)OQAnX`9R61RZSG*u(g*~3;=N|* zsslvtTs$+*A!siZuE;)(;UV#<=FdD<7uyha46*{fnTA}-Hss{#>76(erq1>YQ1XMY zZP0KuD@QGxN%GxZDO#>RDcPn*n?ol1P8~1~A~#Ndem&gv<97JDH2RWzkr?;X%SOjw zg?Htsb&nNa8OJ?Qlw#|xRDMo2BU2Qjm`U-0jzom>$F>0k=mkTfCn$gkra${~^fJCD zA3HlYj4A)pMc%Mg%juE;FW0)2LUYNxqLIwb+t)p6$&&{?=Be7c$zlt*APsp4^%e@6 z)Z{?$)HaLx|519kOU7Sb=h+QLjY0&dCVsVk-wX5(Dee!QFpR#i&>?u+Q@QM5@KeN0 zA9Nku%v9XfgOJu@ZDt8a4|FJa72N1?rc^h~R6-h-krqq@aB?eT&0@BIPsGQ+$4G#M zfi!75>6OZ$`%nPV^_A8AKeHlUi2BCGBPD}^;nKsm#4bTZxgcSHXufbH z89j9inEnM#rm{+3kS7yN(3N$5#bnW-mA-Tlz?4`AX-z2U^Ac)kxX84-;c$hev;?MS zJQD}+%pAVOOh@FuSK6drH8_wq4p~EdgSS%}JXjtr%b`r25)t9jb(?v`fMNsS^}V#E z#1lfWBP%?MXG>*wjEwJ5Bd5otU774J+usXw}-3?J%UYd8hdae1Kp>bFUbIvGBC|A z@I|uFPb`1FtPeK4;M%x8Kanr_RkPMRM%TI`u6IDt2h_p?>P0N(`4(Maz>HhT%_u)i z^Z9W7WGTa$Bh6ZCJGup@gsRx9f^0(HvN_>y$(HJCb0$j01C*i!-U#*(uop#%^-UJM^ z`Zc1DwiESQxJuY~5)D~w^FiQY_E-YK4cfIe-?01rh@1!V&HbBzcl~G-1lvKLCo*g8 zGUx@)qY^2MvGB+N-Gm8)h6NlPZHgiqe$Vc-9PL%fdUNQmv6O%^jp5XNkYt>iaxIH{ zh?j0O?nWHrdn*AGErZbDXm3c64(3}al+L9HU1DEsv_E79mpU5Ex1)^b=-)+yua zF>BRl8#J@7hwctJl6FyR-YjDFVFi^$k`(OAhtox{hs=?GKrAf(W`Ocf_G%#{BQpO3mza%yJ3`O2>({m~iFONoA^*~q#olj+1S^TU9Z@#*zm30 zz;}%sQsGG>XJ4_QA4OFKacrj%ah)iVSWxt$u}2`MA~`+q(WyD83zyP-`;D~$=@2}9 zL6yY8;JghskjmClK}YN44ajYhuQSO}Yv)v~vOKVySLiLSvbOOyj@TRj@K%DXKdV0c z>;lS4W?s>0W!HrLcGaRZ33t~DSI`H7sey-*uilbl;wS;gUtg_mHzL?;|LE{?yi@)C zh#cg8GbbcVY#2=SsKp1Uj?bP%Oj)gYFuv@!tyqi z7vyq&OWwAz4qnb^M2P)n;DkjRNUXJ_h)HnSz%yP}eI0%s6W2T_eWV?e{Bx>h#+)oC z%#nU}Otue~%={kbnYmL9<(XEF#?27TILP>i)rrcSP?vh9aiCbn-+2btf2)d6D({Bc z-~BFR(07gNe0~i+SYo7C1E}Fx6>Uo0ZA}5o0U$c4hlqt?zu0C>e91sop2?5DXg&$eJnL2 zg3U^9v7~-$z(04X|)b_!j-o2Eci~_mk9hZYsTAKhag7H|2?zAkAC+XuN$Z z(d%x=kRNlKW$t$28%t9wmS{tUklA}yPc@Hk3xULKHmv8_+QHTSwqfk`^T<*e7qwqIka%l*W^n5Wcpm49AMBwVa!TtCs z!hbz9-e%((1S2U^YXH`h6Q9du7w8l?G(Bi#wDYyLzVo<+If#D|r;^cooLEw2z-z5* z%5kl&Qb=6V#OCANbcsNLu&s((*9kl7w#JUT13Rfo#@j3WTVLHe&Z>q^G~~Z0`m6B! zzn+1y7p-tLX7JAeR>>|mh&CLEnJU`5Rs5`}7-NL2#N){ERZ`4R=RK!ti=hVY%rQSz zOr03zo8=4Iq+6yb(CLcg))%?(gWo-6Lf`Z44tPU!mVJlaBW_MgW}i#HPBV+HHA#7? zUoH%0s7-;$Q5rg{8wmIi90Xp=(w4Iq_cws;=w?s?pX55e6o_~lmUXrsD!TWG=&X*R zqp6ZZ`H)KPgU5F6);?xW(Y2ux?P|akcrRH9&<=WNv3p`!t!=LEV>}gtyNe$)L82AQs%6I!_Ce-w6Xc6}Gt?{P%#o zyUr~yLiG-g&aD1p&DRl^^6&`SPav=EB7Dh%%xy^zM`%c^9l?hw6dH~x;V&2IYiI-*-vUKX$_Kvsi6SdHY;ygh37E5w$)IWqUbVmy(({kha8*m?Hr?1|^ zynSq)II*5rFI|!c-tGA;4#WcdGOj$lvq3&F(p!%}TMaYbFkOX={j247Pp#AW)jyp| z|0z19BIx!PxNg)1Gq)$F5g$g}H(jV^i6!MMe@}TM`jelKgw|xhEh1txm z(3jtX%Uh0;Tix$YITs?5lz{$3@J7F&S?gKf@04L3Y9sq_KZzYV;GCJfRYGoX1Tqcz zB%^rf72;GAoxO*`2(Vg$thK|%4C;4d)2z&GZtO8%U^%#EqC5wJ4pqt3f-o3X6~;8F zZ&(mV_h;`s68xHvow?#xy}g3^71~E9U*Gs=#0B7^#2+M{QXWxf%&D;@AkkOUBGXiN z-KcBLBlx*?`YpSOv^FB`9Np-XlzAu$*2hbWZWOXRSh!V$x7-y$RvzSv^WBgHJlIzR zpk|Hlay4j%-X#{~rBC9KR4fw5l)SVhi&MiHZ|9EG&MA(;qCabq2LBpo|HdAxNK>B$ z50`n#R(DFLTD)d~pbEh!iAPEy_2(_!p?T;r^Jl%fAjc*2=2gfJ<~FizM&A;r_|eey z=aPF0`X3bzLh|Ae%k6@4|2D?(UXn9-z~38BVdgT9M)gtc%QQa2)&Jw^Dg&bInl_3- zBPk*wh|&$xC?V3hyL2nHbi)ESN~@Hx(#;YJO9)GclqfB*AT1zWBC*1<@a^-w@B96} z|D5~GIcKhG=9-zBq!+|FX#+9JpIAYgu8*=$>e`BI^msfIaD4PQNw&{_bj^% zjvGJHfs+aL6NsXP4LX86LKDLj>OGv^FHJ2fg67e( zMj(8p!kGBZN(B#(?-k3F_ZMol+A#@?ZX9ME?Edn5Yci@iy*znag+Fe`gnGo80hj;i zQcC_`fK}+^3kH5yd|3{I(GB=eDStMIpF?7M9=sP+BGwSDJH(k*8K?;Y85_3u{EE9w z+N&~4ywrvhU6|6AC^LD2>8Vsm*ub5X3F6z4?`%C&&ka)LeOqW>ZD0B?;-lAZ6dQ`} zGC<29Zd|m{zr!C^*8=Yx>jIDV2t}&C%n0O$0?$+pr-y3i;@5|wY~o2eJ3nTVPi9Q2 z^-PH^YB!-f3>NZfJ-fcw1EvLsv|Y-kv@6{v_3I>xKLDf$&3*32$*SFR5CO0k zHaA+Fn?hUXvDZm3gSa?|D&GIu^h3QtIxXI|OMe;-(eGt5Q1gyKQe}LY8uJY?=Y&0i z^0ong&RLK&8-0hWb(d~6=|D+rsEz$t#%HW-i&SxrI^yR6ye##dZ1P4EmX5I7(OcaA z~8S=;~v;75-UOQx6c51gD>$}&xeMJ^@X;6{HU~Z;S*{je}%?q z-`9Gl;kuvBL+|$VqL`cSW;?0Q#ID`^@pHAmZ0{c@X*iph>J~s!7DF?CQ)u@}f{+b) zxzW@4tAD-AgkQo38KIpUMHZVK?ZiqS?i0Ft7?ZnONqFUIA~?r^ z4DH8JpEaBjp5>`&FS|eQwK8by^(GA`|8~~eV)#TJWI!VE%UiTKCG#M@9CO5Yyv^G8 zD=p$@P(iR=eq#e-HLdwCqi96;T(Gx9%TSNV!K%Sa6Ktnd|65zykOWFyu6tk5MG!@$ z(E(e?yC;jJbN+chYR5Tj5&nrZybE#KInE&)gMe)G)Fy@{o3}tkEfLO5%G3D z33GZ3Ll~$5EmGa>#fKG1&N)w{pNk=ls@k2xeZij4zF~-S&Xp>7D8H@#gVSJyjz*z2 z2Dy5y$?O3T%BzMn8Cx5omA}#E+BbAM6#Q<_UiD&}K?tIoZT# zG-Fgwy)@hc(lgZ%hdDu#G&1|p2}Oc>Dkca%yc(Dbl&5O!JBK#O@-%Om&hgmW3PnJr zPDLc|`Cz|C#Xg?!Xx+%jc^fxkc zTupL=NyX@4A1m#J`e(j0oz3X@$j88eSMEMto5EUSZwqM$;&v`g zC23b!vK2GD`}=91G-xweEQB&RVlQnnap4xdSV z%|A`%es1^GffA&1f2*Fuzp&nN22|UV?caa2Q(TtLv zm+B8dgJ};6jNayQ-f*_)*){`LK2IO$t!dpT2{1cS72{}W#d=9mek*=`ajcpB-IdsuiZGIo)C#;{BQ+Pa7sC&sgS?9++xr4-B z8Nd_I%^z&OlG)s$8iXbjTmfLK_FtVz^5dbb?R;M{$4S(NsmS}W{IC!zvE4GRO8Hw} z?fEqM{5{nTPcIyVr*|Itg8wOc4+g(}D8L>e68Vh)mw26u6W=bQ=#)Hown(2x2JuqJ zS{n$|t=b5XzwMjMMFdJ!?o6C)w){Ep;yL;$Eg02pTa*yG5DZMdlO$V?VP%;4z4*Ld zo91n*a#HXd=>TKS>CiWcDl1`5>oQLGds|p(wCk5}=NV<`4;)gI!=Ft9tb2G?_tkVJ z-G)Npc*(1uuq?@qA}@t=?aV?qbCc}E)k$x%XrY^~dg{fV#as<;dsDra-&83wxN2&3 zx^v^xJ0Z3`a^C?te<=_0>MoF`%40;4$tTYfJg@5~WJko-J;EaraiYp|!Pj4||yAt^C7Z*T<#b-%~x#zh59sZQmB({fmMDoDR6avHqjtw?n54s^zvtrKDw? z$2#xM7U*UsJ2NqKX~^}EkqcETP+@KVaojQ#|EoL-yR6xxA1O1ZZp=5fcnSm}zrd~D z7sqgHhCXaOIlAaF9bSlxmVHkc?O7F}+Ba76F~G|CG1N6>-~Qo?8@#Hc5pAx|IrUF)Q?7 zEu=iV4$5>;YUMiHzpKdo+{8BQW~HNUklpfrE-%%C!=yV)(0GYnyUgF$wIBKY19kX} zcizo88>*81L=)4Jew)+lA*BBY$u)!l=MJV<{8kCSZU*hR-!qaidpLH7>w{9dEB}#-0nMmmkKjOkt8CY{CoR^mJh5_Jbiyu$4i0c(_~D-bm+3d#LHHMeAe%_ zN0hy*q^{qYqr75IXh(Af^39H>TR;BQr4l!+cMF850d(N- zlXE2Z#Rq@&0@rUx6Qq^mGYdhtmw>`2C1s=TsPU4soN4L^d4Y*om8u2>? z&nQ#;-C`Ye|C%q8Up4U7+u(u8#`srpf$zN9layM;34af_M7aGJpJ2 zII94bxYzYU%QF+sZ6~@kS#poXGME`1XuDIiD@wa)tYE)h1=`5~QQEW578N$8s^Sc1 z-n??wF-*U3Wuh9_AQm^$_$4M(ko@JN@mcw<<*udgM7UR_dm*{Fh^ zb5eO3=%`tdk@()2+?IP6@gm%WYBK z)9KQ$m$ali^K-4nt6xk1U{TjSO}_6tV*9?)fLV)V#xX|0{RX$=d!&UKsoi!!50~^k zPY`tDR-aK2z%u0_f6DVuDRBbv|1OX%>`lFjWFbK1{diZTt^dt5d2kiwK=_!JQ&~?S zeFDE&^>{k1MgOa@R|Qk?6h?RHr3xL=Dd>pTS|W>FpBm5%fudz#z~qg&3X11)6vWQ@ zp5)9U1k<$8%*4QT{pOA02XYJs=MI(QKRhT2y3P``n=Bo$qkE4#Z9I1)SFry!$@072 z?stHr7@-eiB(zae{fnRWnw?$fGg{0xTYzsBVFG}~d}v=t_0t!wgbpEC_1h1(*mlV4`Av4$Cq0&Qqrl#;lJ`M%ApxhHjpNjt7rOwH+v2U5&k_hZFZU!$^#U zEu86R+cb-EpoML{vdIZ)kTOfE+DHA!#lwJ zh7AiQF;=nAqNb}G)iRY&3aw(e6GRF3>A#W?CI^zTr^gufd4ik^br}f0S!8>WZmjU4 zSjkeS-04!|vNBrN+wJ#;s9&TTCvPt^KdRN2yez|ulHC#w+B2v;m`W&{To567 zyC0EzgQl&aE#Wvj2_KNYxRL`nJ))(8xl%D7N37~^_y)eoyK}>BQYA?CQZCMvt9PNv zk})@6@ZGm_?6`SSuQKg~P_7Q4KlUR+ubH1=BR1Zgx88N@x^&#lr}ZWj^x36<4YoFE z;O0rrRb9!ryEQ>B$cHtq<7~&P*FQ9H^J$It;TDhWZ$G&z`=$?0GUogSfDmsZyeYpH zhrhIl#!l9xH4;i%-`LG4&yT6L4S|&JD(5a==4d;qmr`)i-m>%3AqnucBIC_`4|}ys z8u5fjv;0vnBwznYZ9BBkqIUkEZ44m=8I&&KUXbq(8CBMELcE9$9Flt>hIl77@`{p> zl0EE!2d`C5nbO~J(+=?lRGVQdsA>0J$cwj8?bzv6KF#-bZxYO;B*OaaYLf#;(0?AY ztOW{J^S4LFC|uJiQNriYFfxYemyOzOhn`8x-~Pu`{nY;{<0(n3Kj&bV_)B5;xbosq z^Xab`1v)cHJBnb&3z7Cm{WPYJd;a`!^$W$+=}T^wZ84#j0sbG{h_9mW{pa17i+V*U zUmAP`(v1tY1*O#A;MFC~Vi0chs!Cj`(_~~V?K%m+6+V9@s1CU!h3}jTMIFn)3nj4> z^UcO8V&(QOV*63N@T$;EZhzFqPKO2kgdo{Z$GliMb?;pDpp6!P|Mqz+JC>BCMuA2n`F zZZCtUr}$0gD&x=;8h73&Z{*{0wO#B4pOYapI9_ORo$qCI(eoI)Jet(IIkol5_C`pspfG}X?QqYaZFw^=*#|sAaVc)>L@2z zD;*r#zOO@)Fg)^5M!QaK6xouNcWp?5i&<_F$YW9169Rm&P5&?T@hQGHMLnR~oqZ0d zNJ**bl9rI%ct61^(obikoj9fmZ$zp={TaCTb-%C+? z_@ivcfAUM02uNiiznbQzibc9Hhv?e|j^_cI5wnSE94!H>8q&y1pF68z_5k1}(@(vp zVNZ;Ah7r6DM(z6IFb4Sp;Jh2*CIjfV@Wbg6}8x|&c=WEEzecmA2pNO*pk1#mU66ZiS0qm{@QbbDVLH**)Gfr6qx{iB5=u? z&2=;cZQxhkUb`1p6_*~NZAL(Y?|h0Eu$8UVraqpI?QeIa-toXcm}Kgay@so5{;;}y z8Ivs|Ube2L6pr?>l>ZUM{5PAnG zn@+7e?xFDXUJ7fxj}9{nq8V^=>1074O1yQ0rn~X*-P#2pR#8RTSrpf}Ctgr|Vn=V6 z{t-uTn>_9jU=Mn_8S17?4R&S74Qa@hA7jxpeCtTBcJyVBOjig7r5txtAFgT=Yz9)2 z(lz@%q3HKgiv#wyPZG{%ivJ1)4qa+X%CMbp9kJ3bOfSF~cK0&U^Yk8My(OnHtc=>o z4XEBkVbcKJU|SW+g>vh6Z=>Xo1tz}if+$i_NWFCb(7Lwd1EI1)`(YbaUBUu-(vJ>g z=GuQ$Wf2PCM(pFJ7=1^<<$+M152e4Ras^-3TBy+#faszVR4Jr=IOAO&CBV!jEjrBT z?Kqa~1$v4NCQ2ax9^6JLPLsJEYFuQU5?t_wTIcD`D88@4Jj zRdPJVv#W5i=>>~6=>KS-Pd5&xfCz9TOh_ z?lhzQpmsl^=>{_8eDeogcl70lXA!_C5MWK;;Unc?#|iy;Tu!mla(C9d(T3bBK{>I6 zHdmz7*|6r1GIDXDGWLYzTZ9N)+fLSTauk};4iDg5&z%qvk+Qe3<4k~I=Y1Ij1V&3E znKTNSNZ;2hE?K=Ew|ST~B|oYyr9(&nY3(1Trk$Y3{yb;pCohkdD&_oa&;e{_i%)1c zwFnIuRGDt>$;lol(|m#yIm&h}C?!~TKb@c>)iIAWijP~_7tD#+H#WHE2v!rMM{eoo z8PCQ?wdXcsUh;AZ+z3w9S2+Jw_v*)wIp~aPvxVBp+`m14qACAd^5S5!{LbuNLWEt^ z1#HZj8S{QF-&mvb2;i;$K2Z0_bxDb?&vZ$ZU$4wI+Lf&Et&r`Pk0K9^Ol0Rm*&V(b zB|{(InxL1gl|oWLci(>C5c)BtwvaZ7iwi-EIRs4TwQSjMhmD7`No*#5qDHsg_4Sfa z|IBe1r|iY3^|*wawp&i`XW$O`2c}d(VKw<>IZHh1D@n2rk=A2XX`sRH5tr|^~ijfw=8jOOg)<0 zSEGxeMAF_LvFre#W;q-Ds`@N*FlVnW)SXZc+)SOw7rImV1j{Kbl1G2f zTCyYve{BX3d6d-*sixB?Hb|NButs7B9;R)*@;cin(j@*^rBMqqOnHt^u z`7@B@A+=_k0cT0m9k-?f55yCnk+7-_MW?m8j)iOKKAuI#;aYV~{mbvs#}xQ-wjLve zFIpcCJe76SFPscNahlSYun=CsVQsSjkC^b5c&Kf=rGeaUBOfm04)HZ;Mw#A0 zPZY6joSM%ksD~lr5c#+4j{FWq58dn#;8)w?=}9yfbO9{sSWqp!=m4Uh#aSNSU5qH} z*Iqmez00O&e`v9cl{pf9veI0`VC|Ud&_M+XW?v>uD;vEF*PY~PbPtd=scKcK=n(cw zl`}>7K84RoA*@^Bxi=v{&*De!E&hL9qt%dD*8z*Wrj7TYO?c}!NbA0gH(~k7B zzDUg{umojpp89FHBqk&hxF#c(Di~?K{lp)gzbz~)k(uKAxS(RI+cwW?y4T%LnUnW& zhx+f!zVR}v#7yY#-<}XM(*pO=dvSlcSpK}zLvIVX4w{ypo5kyl-YzrqG1K!{J*?z1 zl2NEGY@rt2IYr9q-Fz+EHV#iZTiFAXk9vNtcTY>JGT{)Q_nW&=1;*AgFZE(#6MOYR?tsAb3H>NHgihT3AkwJa({dLUepKiu zn6;r;M%z#h-T2(l+ORT{6FndKb7R{Q)Eqn8hzV}c`hxYz6Onp$_T~_)m}b7o;pR8W z+%I(heSqQmFr_Bo z@vQNSFJK05X@Fb|>{mIf8yo8f2Va-<^)`!7_~IibmdU^!D^9lK-Obzj!NV>=5o{~n zDEtz||MQ}riFr1{?~MhYCtB5h zos$-@*Wthl)}XSouJLYMSu^=_DppM`&j-alfM!f^Ib=^iGz{#unNr)tTV!A2p0!P# z8GKb`!U(s78GX94F}t-MbsQ#fVnc?q2Aepc4ABB$+j5sKq;gB#5>V8wj1w(9wG0^I zzQ!=H9flt9_&i4V{8aX^#&uzuMH?cN&!=FDvN*BWI@V+#NX!gAGo}X@1#!R@%*sAlFpDcOH@hMy@JU(l`hbuik zKx7h6V=Al1m-OqxuGVtfb6eBlngsb-4iz`~PP&woz)^3NkN|6u4~(0Pf5f>g zLP;)leCh56C{?)z5*R8$4i81%89&$KOM`bUXZNnke0zD+GOmy2$syqa_D+$_l^oxe zD_NKa)F)f?h>zaTQXxHua$`m_?tX6;URb!M@ya_`=*!I`m8zuiRFD~%*$nr6cJzBJ z85Je#>CMWy=gR)D3BM$(Uy{Lz{v|#qbT_P zLv0>~^i_Ew^X0>p^lhT=wetR%rY9hB6w_DCsz>ueDr5t$*e~S+EKSP(fTBA&ut#l2 z@{p?YL#FAfsY3I($0xVK-r>`?R0La8J@LsCm2uTy+9?|wDX*-( zyKlNkMTcRUOf&+v+TL^TKG0+6Du19gd}8wB=dWvw${;^;3<-Dv0@gh}x$){UJO74C z)Z3?C+nW>`j(@~Fbkz?ck`F6=`*(Y&GAcK>Uz948l1bqeF`qzOxuCQ*RS>_SwN-*S z%O`$v>X$FOo|QETABTRrEb5*&;j)S65XMoz>J1{dVcKs1%1#Ue-Ng1nx9cMW6&3qB z675&-$*Bt|LXbVUj49CIgNl^yQcZBQc)JHmA8Z=@N24O7;W|-14GGybBGzHcIMBf! z$j}UI0!28sJ;B-dA-pD6JMK~^w3xYk#09n2Pjt1FBfZQF1ixUASQPV#bgfOp_L)4S zB_0APrv-{Je9z!B`=gMHP-zZZH|n3W%jtXL1cJY)k&YV znK(GT%EMAghh-TE`k{hYHoPFY()~Ge{NLk8Ke1b=a=$WRZ@b2E0>RYO>L$jB23` zII1NEPkr>Ro0f_>3aKb30P3W{jQcKMB)KlZQ}>;o8NWnMAr}l_>^QPzmk!Un_B6Fq zj>dP9LFC|;=D-I6typfT6j3DQyLBl+2_T?jaH*YvTztaTyIdkGkg?6L?m%t ziGwJ=Nb+b1gngYGoGW8dDdChXZnbcGcmb1e(sVEp#hc^Z;4j$3p19vhP8C*P1(C5? zcRJ0uL>13>shsMC!l5}9gHuHLFn&C5SW$Y2~EV>^wIG*JDJXDsRlAgI#Hb5iF)f5`C9KN6|0sjb0Xw(`hp-_3;u)loS^;QVOAAc&-sM{bJUXx(H+I8%FyzI)}vUF z-2oj*_M-O2kUl&l9#U56@&s7yEVx(p_y$qnz5i^g9FK2afpua-5#qLn`J-d6+bk!t zKfzUar{-7N%}>pmIjghF*|<@^o4O()p{`z^hagoq%g0BKbkLtPeQYqnPqU&hh>4P_ zHlNwh?JY7Lxn~r&-YXM<_D}r18FKN7<#TSxgBSguruwX27!Oqg)y60(dxK8DoKXfw z%>vFbs;OMU(RdnlI zGo-^K%AL|~^MOPTjf|(rL*gT1T73+@Y7xmdxwA*Q$ym5rP#>vMCHKG|2J*XVZMjZM zh4Uq!2uEtxf7AjHyU0PO-Z4R4EUWrXI2a9puNANk-23p&bWoLeoOO6GdFcBA>Gn~_ zSDyFnzkl4R`$08T?hnGrr3JV=b5snld$`!yu)XtMSwGgn8LcZwIG$wx*~w2QWw?CM z*1hu+X{J?{Y#}%98L|P^{E8Rmir6qe_Mg5I=K)Iq)jY0p-o61$&D_8#ye}-=*v${# zdS=(2d(=L_`sHJEBs#S1M?pd+QaE`?OFntRHdh?TH!YI}?Y*EYe_yfV6s7qTpE%Jl zQT5e_j{=NYNlvb$ItRVVbulQvE)SQg`1y@p#P@N}QX$`ENXv)u4gR+Mzs36H&bM=>7Lt~~SEd*FiriyX(wtLv2CD3LiC%HfIgqSfWCZQAXnqv5g>H( zH(w^SwPu}9sw((`E!!8l$?DH8Ix4At&7-6Tv*sHnNGU>F$i_O{ z6g|}C3sw-79ah?M`XCIT*j{P%y6FIkPZ#%%vah;Bk{Km)v}-d!MM5Bae@a><6FgY>nTkqp<=HzJrb>j1Dtps`kcRMvD0gO04~TuJ1~@~^(Zcc zO}1cz*=23bQF(PImNj8lwXxRSN_kY2IZM^1>VDv_&K@r7n8J5zC`Y)^BOgNZ8mYLMbNtL>DRQ&+&QJK zYj-we`^qC%eyRtpo!-ZhuH{CME+$$wPou{_rk}WQ^NM|sdN!Pr7C$Q}1eVijUr7Ufbe zzUGCUCf7^UgJ1l+*zA{;uVVVWKa9S5X=9~NtC6fdo3tp@$s(Qo-3MSrHlSK=Ixh$0 zBl*E-NBNAjdPzpKUJf1HyLsN=+Gp2IT&3B-`Cg#`12f|^icL7k$olc=(olD|8aNES z3S%02kMk$+?-Rb!-V8sVoz2}cJ z@QaHi@6=Lw)*gH8hvUi^+VUJ}wnXm;<7Y#cc16UhRUYS*GMK?3RxfxzVtK*f)jXEWN9yXyn-%Ra+emmozfv-nj_Xn;OIHwu0F@$Gu_UY@8Mqbd; zOI8<^Z}83sh&)sf?WE!WSLk8BfY5H1BEkY^uDaTiYVEYp-D`P~Z=$RCKpuUQiu&M~ zu+B~s%gz0BPl3dTrF%{iyJ<<1x!N5fX~lRI{6Q?4jLrlmxL)#VKS+1mb&YRr{vazT zFThtW48UIgIq$ee6i7{YG>Ie)%i;Ed5w+vgb^Fxys50M>lQKTv>c;Qvn}a#8=YM9VlQTqpi5EL=}ZETGs(-%?MwO#L3h3WReK$aJ$uGHAXI* zkxUeSiD@a;k6EIxp?fGhBUPf`_vzfzd+GP6&~n)EASxR@+`-oA9)RS#w}(p=R{RLi zgDp1|yBr@^dzBa|xh&jeP)CZ+u7Zivo%WE|9UR%dLN1M}PhgY&`sc9y-i=@58$;fh zdMhe&Eo*41eUKs%QU1igMC~D>E60bZ<|F$P{+z8@B)iifnjPg=V>$~dPoBkp2DZA+ zG;b$srk#Ay!MO* zrKo13ISHt*K0=Ox9vMWM<7XVU&$DYZ0mhb{1}suBt8jDeHKcQBs|GaN>zPb?!Whkp#T{cW*2m-^w1Z9n!?=T&I_7Fzh`$fsJKO4HhB9`lh( zc=t9D(ZIh1>dUq%5C!IKa>h`j5lRm2-4hOMKb_X_*72Hf`L{lvnD)x)CKZsM$hXk3 zwp=iP3LL9S2B4_Gt5TyX&H{_TO@TRgY&F{eo)x~I1;m&r3m8BuDK>}e{) zQ`Y|IBJ#_7kD>#S>4nt>*k2J=eGe@Iak<5%h|;3uXd-Py@M zK_4wDgZlEz0Y_(r{?*>>SY3269a+;HaVz$9o$Fa>bwgH~(~z(M^!_&VJG`WY4TRAf zh&@Ty2aNA~?jPGC0 zgF1eouh3|;k2CXVo$u;_T#4*l>RXvv8bRS^ni#E87VR=$ktT_sPQSVaA*)oRgE_U< zP}KPkm&qj%|031}PQH}0q1d+rXeEr_0XoLJW*sgBnWCn0_$CeEUR~j)Wo$mop|dD; zaCq6Q#Ye~>yyAgxhkx#id4`^03X%oQyrUetkol)se;O1gsJ?-oIqnsK#H=YsCS9~A z%BSipNWihB9madAt#)Cge+RNj5U1dgNkMB^E2WHBCI_zF#&F@&0gh=K#*5S$m{F+%dd-9s?VigZ~)#rK-s3q`4;u&^xH$b>E zrW^~cXdS4c;l7ek**Y@Z!r5bCnYyh96TDb?Ep-Aok^L8(@Kee&HxG|9K1Ew}5@OSa zS~U>E*^$cJ&Xg@aBYo3mfcOaEnA!LzB>iM1Z2qI%QAciKEd;jvCU3gLXg|CN zcGX;w)i!d5LmsnCR`$Q1Z6J#RVQfTrX#e1Lx25w8((jHYoVMz9hMIK|R1!LzSn}N%+BwZbCX7~@_{PYWP(8x8Y}fqBw%_+u z9j3`hyC~k7Pt@Q(HnJxnptpDDzJA3mRtk*SV~=vbZn=$~2AJ+gvI_H{_A56+t9{=n zw`Ofec6*QNOc;L${6D&2sfmcJR0)`4(`i_G%y7T**sQAc7zer1H{TN2GfQYC^r$yJ zoHQ!Ud98?f9lVjB37gS{oHOy=&6k~?wzqDgo@{(O-v6w<5u=I4o20@jQ!f=Hen98AkXnvirb+d27Up3mlGm@&9|jS7MAo$nkTW~&w{F8rMkAwTH)6MfnKQj9Nkct^w=*$;V=rhs$_ zF-)?XjRzp$ll-d360huFc6aZX-G>MAS*KTc`g40p^6|JLup%Qqg+|N9)zg{Yqdg;W z_ffP{>=l|EKYn#i{IPCLI{;yJ*@=kS-sj&T8vD+S(d`c%>sru6P0b0RTAb3T(MCDL z7K3i75Eyp?^xM59<_n@0MMNWY8M@Id(CdLa5k0w-+gBpbs?pA z9U0B5h7vNvoP#W#+uDlBUf{0vqdB+7;2(}<)7ZAZD4?|!|3Ti)_zQzO;%bMj^9UwH zNvf3wW!RtI+M+7d3)^LuH33`WvbP76Nu<4eHp28St+Zi6%4@&XA?K~c{zU1*&RAC< zlrZo!vL|feRFdg;oGo)yy}R9fat+67T=&74C!b=Xdj+cB%uq6D5-)s#Lb^SF=>N_j zw9_}-Ii?f2R+ho}aZ>PYeyy-HtmV9ySTt=g}i+Y7r!q_6icYSnKRABPrLh)lS%dumY+@t|3NE!jD@ zt9qoSW1ie}Gce_j>lj}$LWqydEh`qFbr`f$AvEaKrBtzn*H~|#Mf4xM4|3&8O3+r^ zS>JD+`elhDe+CPI6+&voxNT`|mb>9ks6eR&+MxLm(3`JT)|xWCVKJfux+v-XOo;0Z z9p3C^|1E=80QcxEOo4_Ym<+&C&PLrz&>(>0^8`4~UsYPPsvH~Iym4kBWbE|9g?=`U z*+0sD`S52w3)s3M=w4lOTr=(57IvObQ;*B(m^5r;8gZ~{eu$O9XlRL-r&jp>d3)q1 z*HH}!Vb6;|!2kghJpLC(sqAaUnN=C_;yvdGzh5f%%&OwV_?)fIXg|MJJTIwe-o6e) z^(FPz8^kq#=h*KqtJn{aa^Lcpt?Pd^8Jtk(fdcqezIOMP@EV4L6qUr$bE%vGEur0% zX9WXeVS&izVX^}7*CddcrE$lw6aNy>uQ?C4f?u*N90a+5Z#p#cqbqLo(*|wr_;)&r z_}(lS^-$;8obX{NQBjQhtK;}A%F`HcML~#QM-h3SkM+((p9ilTx{S6n#r@r_`V{=< zxg6KjpxLUvpuV__+`Ma#wU1VrFQ;K$!@^q*Q|IvVR9L5EO6^COAYXe2W@(Nv|M%QT zh{Y9NOH4GT`Hz1udp%BlfW9EwQ`FzMY+;2bbWULr$3vcz5X7^dvv%3(<}?pDu@-zp z%$P5}7ETozq~UyL;ag|K_}DBS@5|AKJ9j7potd;~x890$FR|p~K747_(z^Ru{kD3Q zOP%`HDn4K2_UxV_L=2p?2V4dr$0CFiX! z8{uO*@iOplT0CyXpUU;W62f`8X`=_mD3MTFyZQ1+x+YGV^6<39 z@am@OJz($N3Uw@cDZbl}5C^G}RR0VdLk&*m0(4!)iuu=5LPjnv60tX=y^v9|{o zY|=0J%Y?OOSvbY1Bd>K#f1TU|=*C8C22a3G;|ydb!U`}l60|P&wnuhWXkv?4Ss232 zuC%yxNN?^nq^AIPqa!0YGv4conYIqp&`D#zQ&oTEKYsqk`Zr2Nk@VKC$T*cyPB;jiIjr?Ws+JYk0o&n_gm zLJ?R2@lau-cN=pV(KaV%tyvv!n=-Mw@xgisg(~*dzT2Ht@4h-g`Q9J${E_5Z6>`%`jt?J7xEH{BN0pFv>t1Ol z`8W?`HzUeFFFN;$h_HWD-omBP$jBbHHt+-Yjiy$gB@R9{ z@RF?EI|VwYoKU}KWx?uC!09H5gujclK|}Un2$z0^Ik&XS5F~zlzxpY`m689;m-Y9F z+yz;{!(-Rj11n@m5>AbVyO^=w?nXCh#aVkmjvK}VO2~{R{9_wqI$Uuh2rPLUu`t+- zSrL`R9ORF`29CxFZ$H*}Kk|Ct0d}X_?`GRcHIfhHrWW63x$JOvc1Dm_MM>q;)N^#P zfSdD=s)3s&x+0K+4V88)=+R6i?=@)N+!5XE+@~uv7S=p{AAHS;NjK^zMT6tCfTnS; zH3bVo1e@Ptg_hGPYbF(^!+hMfcC^BHA1sKpLxS7@)MKtJA%TiM6Elt*SuPZaLFvrH z+^Sh@7J=A`{gYibOZ6eDGMY_jfiLEnHLyQF0>kc<&bzswEgQ|)ZJ=M2crKr`RT%OZ zA9R*y+(^#x6w`A4QQk!SX~mmQbs$UZNp8x%2}jeoATRlzF>0>2kWYkG_y-QC;uv(O#w#lgwdvj&WE&3J99m2r!!V1u!{ zC91)ih-j1kpCeh%gT04ajWma3Q02{r>2kjoN7csj|-Ua-{OM zSAN^~f%wk(9fPx-KOaV7J0joE3G!kJ`Cb|>=esCnPJm;@Jv`>$YN{Abhzu$|anad> z;yo5iv9+^pb@vzi!u*{!-eV-)dDlZGTpd@i^dzyW%2CZ!mtK- zy|x$pl==h4vJF`Ku6HHDi>T=%H~x-*jO|_qtXNwqF;PDLALlssX8tz2Y=L1Bs5#=* zjp&@}%(@=O*2`dsz;#qfF5$|s?z&BPmX8y_>g@up>b#3gMD_P&BhHL8eSLJPgyrjG zR;q2rVpB|^ccER!0&(H^M<6qvl#HC=eMj7Ocig64+Ml@5BxRhj913%-&`8JRxuNvg zL0@W>lMN?}L^flIOMwm-;@3!77caAaD6+?6+5*8j^EY`eoK6@r=$?T80x=|9B*=6&& zv`047tzfvUfY=;PyG=85@My9zI#jOx;=QtRa+S%m>tP$%UpEp?r!y*f4_{XO4MRvg z$lix342W?9=p(@Xy8P0|6$MrzqP@6(9%)9S^30kEDz5JdOR}Z$5?x1!70T0BMNQT2?_4b+gc?@9|nPM#YvvyPW&Kane4gd>VVE^ zVj?1<%&32tvKr;0+_z9T*bE@{T8IMm1UEvj^MO5@D`w!{Za4VBL(M?d8$Qfiu{*!t zjd~gvmb*yp06`3l=P!LNxUziK$9_qR5`;4vX+xM>bP%>T8@3^3RzJ>q@`h2NP4vm@8%-5cl-T$M{Fd7 z#W_j*`z&a0u{_HOsR{WrbCDxS{g5cXnQu74{Jdq=s$sSvXhaqyU3UHRVW3rTOK6ny z5!sGl{a29B=JSV&_w;^Qa`$dt5i~*p*MSK%J0>I%aWeop43#bFmNL42ZArD*Q96ar z?CD^I_3N$7O3ydq)x|B5m2)qY)x1bcUB1h_&_c7YCOV>)?9Vj24dF<`g=OF7&tsu) zmh;7~nwEoJHI9Wp5oV64An%phHWIEevB*zjio9h;Y^w-CMapTv{+cJoNp~sFcF_#oa%lFPAkHHh7(4PE{RUk& z$^568Hg^r=YP)hl!MQFOL&UXC4og0+`Y=Jh)|3Au?#siW{NF|gNeD$KLS&spA+n2< zvd7q&lr7o9*m;yKm3_-PWFK2u(%7a*vXd=4F}5+5VKByW9{s-W`(Ecd?{)q<=ly;D z(L>Mmx$pbAx6i$O&{F`3u1s?dXm4Po$J6ycZPMJa5*hgQ`Pb9W7H%h>dGN1=yIxdH zbP)1@3J-lV7oUJb401o5lZ1&l=}&CULi53d`DfP)YNEGdGNu2C{yN-foh+wZ~=+g>h*UbP}spuuxE@h;RAuZuiI z*@Msc^ggUlSDWqG*saX4hiZqJjI`=?Pl68pJFs~d$Jo?#a7de9iHS7~7))JqE(~8R zL1FzY8-Fn23k)8`fSwkl`XufHG1GWvo5{||i1=~m5u`>{o!9Qeqmm!)u&_1kbJ7=g z=!D_#yk?alR3#w4FybtU@2+2*yI%e40`j{-CNrDP1P$xQOHVE=LQ0R6WO*|!@r4Tl zhC@LG%P!P%`r1XW?$!j=#AL20+q>NH_tP*iriHRldz;!fR!~Wx_)hI>>FWBxvP?vbeWpqm_Ba zi=xL5y3=LYdLMYFzz$>&t2pw;zKAgj@HvI2<1@ z(Wxy;>!=hZ8<3$FK+pBh08ZlVY_`6IQMY0d^pLVOl3IJDA@-4pV1?^*_~NzjYB`V- z#8&`#VSFE#=Su92>k?UA!wPz0g;M-tnQ8;Ry7K|9>$N+986eo%x6YrKAJvCU0e-V8 zdT8jwF$T&hb)3Fd+u?o@x6sP-#rd>{u&}7J;7y~mK01E&2d&UAkvHGh#b3W%y*O>) ztRX2|Z~M%@X-A$s+UG1sHH>tYOBl&10vP|iBN&inbFx095Z`_;4g8>LXm6$Jk8TbU z5l!hRy3%d$d`%oYc}lKl@$@tD3_Q!ctV1_$2)RU0#>>)fC8){OSYa4xwJ*giu0F23 zgNZ2~i>pg1mcoE^hTJg!s|wC|Yb@l4%n#H|Q_ftk=2jQLzPf;!h6fxv-38M7mlMOo zu5M;*dy(-UYM;1ayU_NvzqiQ;AUz%k8k`x?vP0KxbKN z(Va$^pyZRrc4ayAx8(Lc^TGOQz1^+gz>+-25vb!KimxwLPh~sE%h(BJl!u~Ty&Eht zydTI+OZskqJL#Ry7n3uzz@Y$d4o8LLC+m{+D;I`yUGjP6nV-6~VW`TC@y-&=I20Z$D_n%B@GkFn}BU!gM| znYSNXGG8(7IBVW1)>>N`Q=>>{VA(}RADXoayGvL!#&~m< z&;oCHbF5>kP5q}2t%@uVIaTjQro<^hwoy7c@;RKx_MF@8xPy#@(lh!|Km-lb-uB6U z%X=jM!wv%kU1(8lVWhv`hL@!e6tK>@%^OR!H69dF!W5gwp-LuS8sRXP*(lBRlV0*I zms(mDQOY4Kg&)_NU+>Xy(CshE{nA_=CCBf%_WYSf5#^wvoOu6hIDlmH&uVM1Om^tC zGx=@bZm8ovOmt*yDKCOkzErI@_HfUyJUT3jyIvK?$24V@Ul|0p zD8`8XI}PFG2ZMDl8v2rNeOO?x9%j{D5IDE7j2+@;YY`T8ofb~-#!2U*CYSF1c8rJz z!@=weQik=?`e$e}oky=*n+v@!6NHow7F4tH2!X8Qp#7KcA>y@Mh{SNJHz{k%ko0=9 zE=?h=>;SS}{sba_q;>@tHrW9DYJ#IJtnRgK{bJo(M#)<;2(eh_R9Sp=UGZgr1?NMT zw{@c;H&8=UJQo1nCRI=Sz!E6!z@_^9BJ10`H419FGY%1`d%W8Q)7Y}(=xFSA@741d z7XuWOdT6JPuPGA2_PHWU?AIlO5BfungKmwr?mI{p$}wvjJ`o8Q{8PX_sKuy!s`Ns5 z3O%iPKD9Uq{TR&&<7*p@JuG7_;p4DINt;`Zvj?YWBlH1eYnj5}&(Z3y$C*Y58;^{RkBp`gj~g>zVk3~TuTG+^0Zq8$;O8jOQ^hifu6X_E8tiwk^2>p?_|Kk?Gu~;5(ZI!+yYfgOdsYz#g ze9yel`qh>uOUVIMdj(W$;q-d7Zf%7DETQ-v*HSTw5~i})kS9M|RK>VxzoLYar5Yjx zDh9Qij+AKLcF^Fn#TY*#iyAvkI?{YhEp60B$g7v>#^mc|7S$F|X&V@yM`6cB_&w9t zzN6fQ%&UQcL(t(=nft5X!5VqmaeOwcEV2IBYLY$J_{Fc#+C-(rloCEs_H&=daj#g8 zmeB`v9vcGj1@rE*%h9q4yXf7praLc=J=+Y&wK4Ca7Cqg(Jd04A-qKPM)z^6Nj;b*1 zVzmLnnCUcCfsMrQh`>n6OE$Ual?|Pmv#?r#VK4C4xHC;O>WxHt)uOZEH!En;h=;<; zmCBEdMBOPJs@C<$JG)-yk8bTg6%$Wb2y&`zi_abV`qA?e$S&Cz{<6!w(#4*a zn~@<_YlqoQUdLxu>~o1lwT1(NpDbd3M+;6Xll@t(qTXToIX;C*@AhW;(hp(0UITW< zqs8O=2ELPy2DQ_orS%`ZUN|nTpbIl@qJW`^mpR$GGzfIVmmp&=&r~h!_LsBpS*27^ zME09qC-rJgiMrKR+V*&;T47Q#-Ja?lwSb^Pvpy?~BO3* zJ)a(qkcxAIpY3NX7|X^%kMM>$a3ZKu`sfbX3Z9GNGSks1yEHSmSjx@@wtntfa!P8B z(xLO1*gm|8=TNbXOOYXF_@eUdZs(c#pl&$v@h3LBLq!eiHNxDXQkwbNxcHII1p>=# zuEwWg`%lc^|Merw zaX3hSy}w3QD$<`(2}LWUg~+B?S-j@l`mV>wh5MFnC}$nSg)pa()rC{J#<8P$d)Mv9#52Q4dx8<+t;7opw4$|b^yswTv)PS|h|IBaM+y}5U=?~te%k}ZKGX}l zg>;PJ0M72Ox>bCUt5X6&(KCi z9#r@o8>$qIW!gzND((ak|B$ck9umg_LB;d6>u-pFe~s#cmBMW~*0C7Msn*M3Q>yQ8 zqA9x=iFaviMoV*An%y+MuY;y)0RPZ3$)g9ryASui3Q|+GRFZe<8r#}k2DIg+JSlH2 zdhPtU)@yrv6Zf&U@Y+`C`YVd(TGnbbi7ZLsEbtN)183vO2r&P4SnG7C3wwZCQ9&T- zHVYX=h7iy_gX_jahoC+vP_I3USP-jD^)s#ED*WTl*L6YBJGX9K&l*^O zTBu^93&j&{5n&&=2*n?7RYIPkdh{sY zUguPJ7@hJE!Jr#mRDnS8(z8YYjtWpG!(H7PGuU&zZ^$~=CRL61CteN8#1J=>W8dQ< z$syce`DlET9d!fN`O8zTFywCi8@)Gke|$kl0rH;XukukD?_cf@x&WEEl`zG!cb4lz z@k6wyG#FCXeFYw)@w?|(w#clm24~k+Z4K%5V8x5q42k)Y&?{2FYEW)i;*AufkMfg< z*c~|p(b_t2#r|8iz7yw)sB-`L96eg6LrLb|2Ulhi-1>yIG;{$?Km2rqY;7nPiO+i5mpj(a0icK8@i zPxMfndLj?AFTa~51Hv2Z_}4l;uI4J!$=}IcLsBd$^hB~K$TV-!*?Q^xUbv>!k<#(n zWi+*8fjY~*5@{f}5em!ha)zm-F#gF>h>&6iyH*3AQ7k+ z;{tw+9*@CZIVx=W=)Agv{LUASBbw3S@2MM$jU`3e%^v+eE*L0yC*&dbcr|*zmHlId z$AY!tNC~;z?495**>=TollqK)<_l9tt_tO1JgGVl}SOj$# zFGl?_8AN!c>l!dWFnCnl5ZZ#8EK=OfF_bf z8~nD1Kq~qw!dB?Hn$hDa<4Jy~W}UF`7cGe@Ut>+a7lt$h1pPq_x`@c>`!0nB?I=Wq zx%Fk7+1y@uQx=T>+Q&$NcT{2Bh!Ubp3bqW|Bn!HvbeO>x@s4V&`?BJrJtmKyvEEqV zcZjNySzw1XyzlvqS68DzAnyYA5`5biwGL~zT;+DhN3VtTRfYVz3`>4ryv zg<&T@v#ce>DC-suTjd+4@|976<(WZ52=Mc4`yMJ0RdIGc{!L$)5O z52NsEJCK_(U=4TdxqIt0rbYte`r%g51+!?BC={#{Gb&zrtoP+s@=@@qRx7ge%)KJ&rqob_gF}I_{i8ycsxpGDONRpu- z+tCm)G>kg%i5A&g?z~o7{z!7yt);Tz57>>2lT(G=i4=hAYii;rS<$nT3=qKF!;|t-jl=miU0F= zG4cIt0|?AuC=`V{`R^*^tN;9Nz`d3;pZNE!OO)P|FU+gj{&@}jksX~Cup;8?I3RdP zY%ekH6cIvdse>x;pEaX?V%z^&!8HGX`}djqt{(80&VQeL&YdXEf7Z;M|Jz&t?_L7& z|DW3GzuoCS=?~K4{~cEU?N^|AOyd`2Qbl@jpfi;NL>^|04Pc{{Kz} z{7?Ra{BLaWUjY7ph7W-Jk8Sne?(`4-|275${yk#B zDR8pV4*SA=r9;4dY_qL>xlKHw+~G@PF6c9yEVGbjY5VcLi*HlFLOrmA8U5s9c+*~h z(qYB)`UqT}eGyoMxQT*}fMH^f4fgZ>tVHl`-|uw_g7T-CbkPSnaW?~B9IWLqv{nq6 zv$Aqnd5%HRHh3s{X&dH#@aLr;1DH2ISq`!~kRsJPh<3ZG{rGm9ZA=f*j#t$1&7GWS z@s}zp@K@g+Z$4+ejM9Aec!`m-llSqdY|#G{#t8wnidO(q>w3r0)vLEmk$#$$*5llP zq+a;Z9k};Ch>^UNSAN5SFT1|;zia|Hl*Eux?%QK%(ytUPx$Bp3a`IoQQZ)IQ?^B2E z14>9n8ntiPq0QE`>|)T{o|J0&)n@%%7v+W`^I?&Y2GAe-%3sfPInF!q$ee&9j{rk~ z=DG@1=2IX=k};$h&iR_&dXuTGj*|Jje0p4y<-hRD*3anEfzcHVJmX?SUAd8}wSpTG z*@4c`N2oGaipkxr4iXd?dg&`EPI9^@v7E>ssI=KeCCC5nUhe(}mlD;x;3+66($TVK zpEPn{3cR%>L zp5nkS8mEzGLR(a1tBGC|@f=R?&J#%KULgu5&_=e_d72azq10J{hbT?4l*|hk_7U_0 z*`Y1Gk@udqI-g^soB|b-3YqMBXsC3EN8Uo5^~EvtFa-g~riRtg#g4YA0}0bA!k2<* zT8NvI%jD*33vU9poBQ5maqNaBCO}V#fYMA?ya3s#HZ-zPxEkM`8sGjl^pGznnAei` zymFg-%!j&OJO^-I_5!=?ZLwc0Y>}p9$18%BMTMieRKYtpCl3G}jiP2bnBr||>4Ff| zq}Jl#kM;HStIl|6OK~x=#8E|^I($x+^rv z*DRKj8;tI$OdTv&v>zX>P1!L$jYm#x#x^zJTYKYl8vtUAjTH~lh$7q4NvYCcn8Ag3 zS8q?bwk)9ydC6(#2IOnik6(P8yIAbw=GfU#5z~>)F%7*uWj^;m76!?^o98dGO*CoG zhYJM|mbeYP-f68~xV1jCLMkY|bOTGYf0I#LP59;two0;A%6`jcnNR9DEW8kM8~3N{ zevxW(e?OpaNn}5JDzC86{t-1eG~$)23@do8WnL*UCMwDdp3Z#sG(R)rTU}~^^>b2t zo&YyHEt^@E+_$I8hhmKYL=H^S&%A)|eXB4RI6Wp zA#y#8{@GYR(izs4IlP)PIF#b*r;*&f?hK*_d`*z%lCo{d7I`W{ob1mrl6czD^zLVq zew_1tE#KisFxkb)ko4T)p#AY_4#N2L@baeW+&eM@V}*_w4)+npIAyb^9n)6Q&-_Fo z8~laPzCe9vg-l?Q;=`ZvE)Nv#+}vEehM?!${-&w@fFQl`!7Wa^DhUNCevgIix1lWq zz?4qRHP)e*1!*OHie8IN^1HpHOGyzb_TceFVYM8QKCcEpw62P{S(fwZOT+QC=@i%F zeKGWG!g@SQvZ%vOECgb3JL6*i@znNqBZ7hMKFfpA>SL8nNWs1_@a#9-+mz>xE=SSy z^B>9w8#<#wk4^SJ3;=tlA%nwe^@K_+5bG#uHhHIG@@m0ZXExs>N3}XN1h)nKLp$}U zji*S3>cToK)4R6;L<*!rpvnAm@$R?N#?zY=D%ad;LZNp(77jd`dh8_PJ4<|z-#xgK zvoHEbGT=!O`cxUt0Mr9zy<(_0AFX(E%#B407DWwn;I{@ZN1!V8CWRJ{R&X9@;7=fI zM7zuRVjug0AHr-@+f8gFdrd#5Ub3Q{!V z_KT5@N#Nf6IL;+mCS&uJX$3g4G?84pmPjred8JK0ZCi!7)SLHx(b&@S?Bs*{fsDIk zyym7Kt`0`erlBh(`aH%Q%3gXKco2=0CvR+QI+L+HL7pi``=6Y_&`R({ zotN7qSpQ_DthjL*VHr)|$d|<8+ZiNtzGUBZ)4!mS6y$h^2P~sjL3Je4Sqi}a6yn8ZG zDKKkf+PL1NE&^cPZFutx7gVBR7>0cLSkG8Jyu~_@SM-z|)d_iy-CHW=`+k~$O!4$- zWMaeY06b}0x#7;y+@Y(>jvE9r@Wp=jG=jOT;RU{{r8$!(0(*Z~iMO_NTvT^W@y2;b z9pyJig+K?rX_uB6K!-Ftx2q9D{I>J1wR4`pGV&AMmMJy&qHMegZgo(6oVkgIK&oUC z&zWM5f9rZ()_psHk#uc5y=Qk(@^b}%8Htsz+L1YuGoxlNTk45RdEJNL}z?C3DmdGdh z*>q=FhIdz*N*vXQIX!*XVTW?JSJ#&NYX$xxz#TFZQzv_nn+HgMYt#EfT$R2fN~BTc zqa@FM0t3XX4@Y(#}6?WABQSoOzf@{o$jH;i#vWY5$4X#ZoC-ooeYh%3!1U&`?yR4s{5W z-ykJGOenlJ)0?|{$^h2DO9@9MsUD`15S4}C+oA0BbvbE$9*lLp+#{G|4X_5D7b z2Xh*#qi;+m)zj}+Ls)3o-*AM&67pzqF}}klUGbf1{qspX^dE7htC;=8-S!D9rhpEb zVCnM=mjfx=a><`NrY|4pqP>RH-P_u}Ce3k@OiJXc5n;-{Sg zO@em2S_rGGh3z#Z;)%Ytlr8mH6THaAO)+#}iw=&8F#qNaE7btaJ4o;-r*`D!i|K(d zb7}F)Lp>`tZ||e;{PyXt?JMTH%*iN_e{=I3%yeP`gD*J zxqh&)X2+Ck$30%DmUURJ+kX9c|Bk5yX8#BW3EnroWp6r)g9-0qbSDIrCw*cpDp#e@ zHmw|{{TP+cOpKlKM{|N`aywTm>2&%Xn37V^;}V7S&?@W-i+KF3&!ZsVaEXm{l!=?~ zVUQPqTl*E%v>E81fke6aOeB8tbRI_VKhxlQ`cUfkD2>$mm=YOG1a8h`j%%ZxY#EGB zL$3eeVn%tTLr-abpJP6AIQkp^$Hc{+EumsFvnWHyd3C zTMNhI_s`J1lvdX}A?f!{K1tj=FAi@bPz1w#gS;`6D>CVMC#4Nvf2BMHA} zhAWi~Ue0!#b0@={{Y(~G{cPKIN}ZGxper^*53Mb7SLHJj#a+2r!KRAuD3xoEMP^cemq7;9UPy+-O_&(=V2k7hw+Be(bB)%Q3K)c(%w}V zTjd>W-8qby@7N6p|9B2!_I->xDMYoFYVIoYr>xINMAP)X%1TQA`GI{mmyV5Ck@ipx z2~!N4{c@s4vl##=xHzxB{+XlZ8+c$!9YQ*Ii5mVCkZs(f5M(|1;|%2eW1};)#0w9? zO?STLH9bg0a7B6t>0Ru7y~=|O$lOBtiS8=QNFv6ERTjOSsAqUrYSg=13df?NV`6Zz zH<+U}TwQgmB8H^~!a}1}u3SNvHm(~|KM}t00d>y7;8Yk8+;*_v)RwLoS|<`7cD%!D z3U4ytgOvqr6DLX_?j7*f?JLX5KG zwo1z{N^P}SwePK!AQ7unl#s61fis&+EE;DQF_O1y^OPMm`ld%|B%a=h3$qM&l5+so zrxe>B*}n(6&ofgliRx&)f0(}=5b9{vtZ{pFIo7S3b(zwHxS-NDCPy-4$N(z^1oevxWtrsr)m7tbk+yk{(GY88 zi)wy#d|zT}M3_)_#b_TSTcGH%W=(H(32j^H$Z2KX*|Wt)Q$26bCWWey!N94)eBTBL zN8h>LRYl>7qrDVt3i1$#8W(^-9M_xYbQ0>lU1JLw*HEKiAnzAY zFzH^N_>3mBI1e0GhPZ9=93HrMs|GFt$^JmHR9a@l+KMWY5#5pRnQ6U_?87vTUmrMD zO@0~*+#4?LE|nHF?6jP5jJH0v&41-wwAZHyzRW?mX+nRk=e{Oed}5S{1{cl%(o~yoZ!LS~Gf>Xp^vq zzO==k-E4K+8>6eJB(Q2p94*9YusAa;#UH8P&uSd~P96Y4(b0oO|{CwXY$C7AY zO8=TZw-duC94!&0;4-&2I>(5vkV@dlkE(i%^@kDzIa^In;E^}U?T zqPn8&k4{O}Q4Kqzg`G%C?M{7&L--ICUwybb^XOA}+XojlHoxqu3Ca6+kCt}`yg6!I zJwwjuGI6MS;mR$5h_Fxl#Z%TMOp(1gF%$|FHiYkPd&>BmIIH93TNV>cLz&C~ zJmEkI2`eO3b=fKdav!B|G<|&K?IKaeUl=lD+UdvslPp%JqvXHKWZS@)6y`!adnU=d zVa9^g#RE5;jsnxJX)L$qx7GP#R&N%b{R&-v`#J+t3MAMIRx2V@=EYqI?cr1g;)PZ+ zn&a`we%)pUR(^EO_bEK1+wWMb*3~@;wUEqSKxpwNNZ9vSa50Cg<~+ga|E*fzh|Q*1 zm=V6kq1z#UOfn}7^fuIvs!>36&4+7Mj+T90lYqLdh{~r9X}QVQS2SILxQ2yMdnx~m zkQu;Ni0Pt47W1g*??k8a{c!}fdim{kp-+zwe+<)Q$vOOlPuLi;GIvPv&ejN}6Jm`2 zitAeTjiiU26S5v@ig}+u>>`PjtGl|@9Iz2tc2(oQy$alw*_et^HHSCw>D?~@yE5LL zxbnI$e}MvvL6tWrMmlw6rmo5WE?){qTZ+e8g~SsuKsT%V4|hR(&~tdv^GMC_1D`HK znndFJAd-M$xW&hbK5J_s1KwHxAd$)!$-J{FTJx-hi&$6j65<((Y_wr)Qtu)HW+9!> zZ=He)S0iRf=Pr8|ocmm`tpxK>K+Wjkb%`F7YT1Ec=z-gPBG|h(b|2^z4>HaIrj{!o z>$p}$P(reHD-FcsHIpmiDiqzSoGwlbtH`T>aYtAugXx&PMs`b#u})~HL2ZzH&%TD|Sn$vA5I*^cvTJlXIqt)%aV!gI zgmQWOYr@p0GZCus z4`MVGl*G_ZMh6s_QwJ2Z_xYHk?h)0y;h+cnN;R8!A~_!ImxMYi*8EGs(8Zf$G}guU z7+0P=)CsVi$WQRATlC58Y1fk5KVJdJbQWSKY-x`bIN8-ayJAh@5shF!~)LapfzlG05iEvvv+s%lu;KS=Pcs zVQbz#(B+_r@$FZCuE==-CG!f{T9^5$dofSSbBC4+WtwyL}_E}`8>-p;%Q6mBvk1LDbsNszW2B)f&!AY z_09EI=V+P1m>Y4pL)Aja9M6i?opdW~Ah-6$d&9Rxm)GC?Ea^p?WYw=ok@hERI~04J z%0_P|cP%F=*Atk1Nxp^b72tKCBkkTt8=;JJNlciP_*|FW?@g0H5c~vxo;U>%hE$OOwfo+2#-$NH>^eSKeN$?HD@Iv>vy|KfMn+FQug{O2Z`SDLZ{4;b&8$>`!+>{3 zpU*=jM2jUMAAl>EoIT6Fv)z8*YD2;|pjU@9uYD|(TRd8GHE>zBu$=}T5Vm~}FM9@d zW3QNJ3U>AkmpwOTrf7VPQ(kl$jkpRXEwhVPWBY{6nRFX7=x8zIhXxDxI3>j(4(wn6 z%j}7rhb--BPJj<6tXd4NR#QbuzZ?c*Qc}O0W1=k~r$W6ZONpD|lb z^uNRp_t;1sa7^)N3k1@;*BX-UiJf7@Ra(%5u!zY!qsxUozfiUGHj;e7dWS5r=P9BI zu8l{|gvj(GUGDLk=Rd~RBSWz)z&0QHNt7bf?9QPYVW;9?r6^brz0*MOV0BTdzW;eu z5qPu%j(#^p%BHyW$*@wlKh>`3RL3#n$J!8&kgd@VW@%jp_a zlhN?IocZ97ICre>@r+pGk-L?95GmWOC95&M9a}a&Espfx+A5h+g7^&W@W$QWH9H39 zzPP6Sk-TfPo$5aP1UG$T7gJ7rXCkgyAI{+WxR&=m^Uj@Ny|1xvQ_?HD#$3t3Jz83d z$DcvV4~D6KJ#)=cfxGqu8L>mkz?NNyY+`*I)_->`A%VRWbd&JEYD%!)pp)!Nia3IK z@mzM?apQnyws!!>D~zNqT)87C&0kr#r==YNFS3)SxO6Xr<98q%z3>1qMNZ?L+*pR% zm&axv^U45!YU%`*$VlK=RbQy!$nTKFHpLsXZ6i}Yjf}JrKN1K>$NQN9i^CnY=JoC> zRzT~e`84IP8&lzm5QCxdUN ztgozXw(p!1t1s>r-k!5;Gqyoj0q9|_+X zPGq9@F|HOX1o(U$ZFyF-e!OM{hPNGp$47LlcP(lI`|4IxB#lHfs=Mx&W4@cY)FVbs zy|_@o{yH^y2kaA*y_Y3c!ny5v6Q6856UUFn(#um4*hhJ1>6Lacgx{aPz3JR(Z6*-C zF<(}DT_%rS=dpO{eQ|ZL;GX^rA1=2r@iK*MRJtnJM1<08zc7Y9aNCxU4`&$tq%&Wu zOP*I`f77tM8ju??DglOb*AMe~F{5(6_b-(L0L)}>FeefR{iN31(DgiO>k&n^0J?-W zBq#R$)2H#BSWmatW3;EK{E+`43$YQkQ5~+s?+ZXlY~YLSrWaqSvWs; z?3+7*b}^`m7(B9y*!ZR#U!t_5 z=o>KpvJxl4K(FjGL~pw_Q)|24r!k5>UZL(C;>{uKh)+p5YwV@#j^VD?EQ68E0GpI| zF=N)xXZ-0-AQHAPLdtfy4V?9B_ zuj1l~Qq|N^w-&w-52)O@vgu>t=jWHESQ?!@W><2^$ry&XSfXnBFA<0Zj)*&dMp{rQ zTJ&|E_;$iLK;}dPb4H|9Z-5umK)$)W9fMP@pR*l^un8$9N8(9h=> z(es1YgmUBS8tcag=JN(J6ZwnhMKi1P^sQ%0l*lXqdL22PmvWrW-k@>xC!90dY)w`O z$zOrqus9@=n@I8`5>@)O==HHJqjqHsiO%%XN6cz3fW}${=ItzJdSPT(FB}~-70x54 z+^~teoREfj`4|pDBSNx*L(h72gj>qSI^`#>XLVbbhebj*uJ*Y44QRY8VW}=BDo+y7 z(Ytu|v;cGTPag#_OH0d8Gs!&YP1ud1-(~m8-V$AfFUC8F7VK8kQ;P%-gCPs4uLCs9 zgoFq|)WzuURoa)kw|kU{cS-$)N2<~;<5%J6&00cc`g*)g-L01H(fv_NP)zk)ui8># zVglB8-Eq^H;#C5QVYwb2P|kP}ynbLI*yX_(``e$XZQ_ZnRE_R<>Jm?lqKq1+)P{}f zf%yUiPN-~7yu#0A69)u!CK2MdjF&$bjMGHekY8F`GJJV*r=nrL0me$Die0nB*$&KF zy3faow9K(ogvm2Snc+A-5BJN2C{jQ&pS8vE9&ZNow)rX9C|oC$-9PKwvk4T4;>+;A z&4#>rcH1-Mp~o4q=O8O>&y-QGO5OPRHt(v&x95F-qL6B&85Zh@Bn5cQtawmY#5ox9 z4F?GbpE~K)=z~l*J@3^Y!Sg)mY@X6%xo6O5U@R6VeuU+m9{>msNyFOSKiPo;&QV#P zFQYA};%UX|J3szBSdLat15V_^1ckLH* z&1tj46-0y^?C{Sj^8oi?@6qK>qOBm~j|gl8=TSCB=km(uBmcZTNyML3E>5qXZ>a6N z95Nw&kxl!-KYM12Q}nCO=^);3w1@EVpj(A16vI)fL(QIQq;g;g%sg$9&2bQ{+oO35 zck-J_bGp_`f70!KhZ8X|3PSh6SyF9ZY3X3utZ(nxdU|RB+AwPbb7bCp8GC8gl*{s) zR{jg0!GgO$l-SC1vlvP|SYPQ7ygpI0TZH4DlI9aPlgH5JrlP0Hiy9V_jN6g$-2l^C zMBxPCs~@fs&{+$5Qk7R#c5C|2C!fc21B3~Wk&}~IU!38Pr2vwQsh{7*($A|emZl9! zv+WYwuk|Y4ck!9AK0NeC9#1@T(a)?<*prO3H;|j3*!SEoLQXeXM;vToLB?yqyQ$89 z3LKz$5&rwzuwl^gyShQ%LI3QXlF~5u-9gds5d%P2D9B(x%w!DcUd z4T{EW1mkHhadM_iSuH>_bd-=OT7p*t4-frZ+Sb-w8hK#CMLWg&BgOoAY5(%bGAA2t zO}v=60^K%qoO7L7F31hOC66T}<2vD(1$AcKg87s5GJKN!{$QSosUs)ulO5CMdq81h zUh+gngbb*|I{c4uf~L~PL+<;8u&S}1w>rv}G-16~i1_Whc5s2C?g-c9%&Rn|Okct; zkFv*E(%cg~w1D{^5WaP6aZ?5xuX5e8(Y&R7-!R$soP&1jGZ{H&4U^v~sC!Sz=i>}@ z_*W~A_rP&|UrOle>-}wPY)n*n0kXeg0odGWZGGcnA4QIbK5q`oS>|(;c(4PzsESAV zW5p_wNl8-MHB0*3+feMv+nz!8p%2?l4CeFf-pWu+-QrE(KdF=5+*U(tmc1{nAP&j1 zJ`b%(r1j1iaMqfv^XR9Duo5=0SoOfhI{cE;;i8%h4ow@ll3fBGVl7Dk)wtT6i0^9Z zq2JnF$OdY&T4XMD*^&AtSK;K6XB!M3>-K@;#g?@i^YHqW%Vmp8kZehG3Ej{^=&05` za3O+=%GG=wG1RXp+U-32%2gNTpl4q0fSPJ>G=@i1+4RS{G{DNYV!{jl!PJ_Hh6@B&4b+h0@;8dh+^zZ?{3R8$NNV=W3Co*WWL^)!o* z3@!iaxp0*qR4oRJ{1;T{%`pBJJ5iS>y$svuwMbKqmbv2X zp7+))F|akC)d!X@_I@XGb#qVgqik2ozqM3)ew(mkqJ}7FQo8_$czFAdNt*emBbG0; za9{S{4a5Mxr+rmNQeJ=OWXPq&=^^m@`g}dF$ zoijJCvobGex9ryju=-CWf~BbWGEN$zcQuV6w~bcNHBzFNxw!hRbLd){XK&0JUqUe( z)Le;bn`4f?D_FyA3sB%AK)%X_SIA3YdohTSEFhYJZjvu2+ahR3WS`J4)2Ow>#gWW2 z<%bMduigE5HT|=Uzt7mPVhAWBeUwLA!!+2YGWq%3iZ7~S3dKhh87RI3qCw10UFnHj zs^%ve4!(OY8{P?aAUEbN7iYRK-h(W89_p)|e!@pH*UkNaEcw0q$bJc!G_2QG>tJ^l z1D08r3udSxcCE&H=dzo{s`MHarRAVcpMq_THUgI!^({@pQG8w4%6Kh7Pn=OrOcC_d z7&yjD@4mMJ!lnbM{Q0R?P}N$j1>#4;>8PSxqG=;SK+q&?pYVO4e*XEfcge&C+27Vj zp}+d3VwJaEmdCJ&_P7${adWt32%%0Kn7mTaFyraFOD~q3??GOv%pCt*p2AaBf1gp{ zo*;E-hXLnSg$%x;`(n6(4JZ=>zy$Sv z{KI^HW?FW0rzfvKTx}%cyX_FS1cP_JOLBsEx?W22N{u^iPl^V)F!4v1u#tVhUdcuJL*aEn>Nu~QUib>JBQKvjU1?in;@oC}rB9G@P z4_ET|=hBq%EGu!Ex!n7(^8mEoYr%G_U`1)Zd|diA?k0tbJUvO>%Gb|oZEQB(9sLW6 zc0bxA`T8ywOY*do^BTDL7aZ&_w%)b!Bn&=%9xikEJ9b*xK#3XAtXhxCf1)ES)XR?c zqy~?rgKt>awpza4A`JsOGlj36UY zn|D-uFSqO!aasRtid;v_oX0BVz*N|N<%@A{(qQeeE=`1Q)lHrN53wn$~Q_! zHphwS*j-K;O+ZxCIIHPlk9<&S#&gT$ZC&`Y+sO|*1|k@LviN&-1j>Kz0HZstZhedL z`&9U&z=Bf$fPElVkLwGpLQidu^`QymtD4o9j@Zr^b~HW}4BdJdy(hdHMKb-8o_f(F zvb!e1pH*BPDq?F@An4ng)*!lCPW%b^I-W6{+A|TR!`ba5Eu^NVb}CF@@I}4K4U-Jy zITe2}I=?di&Hf(BYDf2&{6O|NRLOMkKE?w(n4~#h&ja`uI*p-qk2d9%M?5YKkFQY~ z)J9T6E~iVzz)h+UQTzr3fJvEG8Q7*hX){_+Y^BeWVH>6~VBg*Cm|1$wxET=CPhqW) z;7%QK-@@rqQeLJ5H zkiAIhBk*g;qn+b+CIA2?p=a;U)ue*s@Uwc_*!i&T(ZjlCZSEb!+;bL}n&YE_}|^_h^xO7;iJ_ z60j5;fGaC(FA*=bgaHhY>V%qW?8DcEGs+BqC3dH8Nyu3oQaBR(N3IB;3eGKEmBF@E zu#z^e4=<)?Dn;5umGyt9@}-EfkhZr7V71cA5T~22vTcKSHDw^>=R!ylQ#ncz-Jm;v z%YGg^$u8{@0GUDPa6ZZ%lRP&*_+i34+p(3y0)VUca}o49RL>Ckrmns| zzaFduQs)ic0jsYD+dr#G($gi0A9zA<%WG@#SyNV)+861<0PyaEvCE)65vq^o6*fHDC#T!I zfNLBrnQBE_w2zlJT3ES#Gdn4V5sq=1vPwXlrmFIn3z$hgj|S3wMKA>N$q7qgdGvX* zjQ^Pg8%aKS?*&`WyPoMwsS>yK*&qdZ(JV^-VRi4_-6j%W;CyACS$^P+E6*0$deY5p zjRR6ySWTY>o+`a?Axlcv#*`<26%ssV!1}7+M60g!E#0wU32f+%)CEROzVj)D5&}w? zUNP5NtGTD2%Aa)VvogzV$x=GN!GL7uyTX`8ReTI)Cp6&6#$Dgzp=*w}KlD^OeX~F> zmH0 z3kjkQ)sw%O9jvDs-k&v)w zxwjbPq+Uo*sOAh^5`+H_?1Ao-kaEzj8QSJVwT(uWH!W$QfmxRI-hkw0Y z&0*a9Hihl&6JMj=NOUPdQ`b_^TN!3e$mh@$P-ot3U_7&R%aH}8bebF(UegrGT7Ge< zq`Tv!vo1UAHki7h$;^&*JGZ2D!V^U)-DcWwsSCXwFr>eUl27+T(nd`iE+p~x*jq7+ zYw)8IK&GSq2#c`~7-yxom+=7eN_Ti!L55ya8?l6r1nmR3ItJFWcE5%(vQ>htp)TQm z9OAw&jVXjrsy;m>C{?qo!1M~@QAuoHT$Rxt6Xv&It-=eFrme!l&JI!>hii^x0}-rr zEUVw`#7u19E={^%|BO$9P5f0v*&d&b?Mu7Ck0SD#Pn?dIQ9j)gHghE}K;n z&2!itlMbF6(R4iG^3J}2(x*>0h4eu#*PLF-llhYp2VE#jFQ)k%^>dV`-gqjA^n!52 zUY7VW>v4B&|C$nU2REN3^!cYEuGTOxJ*lcpSWEl3K5L}gKnxPFKs4^qRN4X#)4&^d zf78(EmXSD&nUV?QA=B#n$TQVm*jM{5C*zzzx<=o2WEgw^m(okg)_Y(>ARN1lioolg zYa8a!ZS7>MYSjhrh?UARuROm(;Fx7SzG~{=ysU(r)sVB1I9#E`Ihwz~RZ*_??euww zMV%emBCzKH0e8PdIW^Z1_$tmE{d*Q1#Zl^^QM7mXLqF+F;HQt<-ukmA(}cib6yOvV zJt577P}{{gL(AH@u6Zmy2Hd_8QQJWJ)k=8zJUT@^FjT*z868L%^|lgsJzkY5wDbb` zS=91|x6!z~RC1PAD%w&3OBqbSDx=MMf~JjaMP;i-+8qXCf%k|_k~Y`akRN07L(icn zsqGQ)fGO0Ezg4{;>N+Q=xBrs0MpxV!f5aLNM^>692sT3SFFhVDkX zyW{`xd(XMfd%m3GH6NsA_TJB0Yp=c6ecy}Mz2j%t`IKRvZnV!yX?Zk{*G{n-i|a!Q zwpmTO!tJUCbKPgs{cXq}`}6wZwHrCbB(lZR51pnSp6JN}L(!tc7&}B7V!)PiX2Q40 z#&!MezX3?<|8d#Ul>#l`Kh@kMmf1M(*dO?q`A|3TF%|G*Mlu~pzMy} zM(JOOMV2Ov^madp^5!J+(MOdJP__t#r4i z_00w+C2EnG6WrWdZ*efH;ZGy!R1!Y2tUt(XEeEOi(;mRR;3DmUkfa*J%LQ>zoJ*K? z({UYmXxK~}89sipKMO(HcW1Zv4UQU=b#py7e3#{M&r~1@PfqV}(f5RhDVgIT8NsK< zI_ssTJ@2hCXN^wE5PBDOE8vLH%wurB7b>QZlas~>sk8OwB~RH5XRq?6 zvl4{*n}KVGS^IQs%Tj&8ceJc}R7(5vfa^F|9CEu5Tgh)8)56IR2d~>qUr~3hpSnKi zQ#k(noHB@s@(q;L5O(ade}Z_7x!{1Sa`aMw3SIm0#ahpBbRN;`<)5nbGqpB)3w2{t zQ?$=OgzI}8OScIs-%0Rde0=1Z_Nj0jh^#o)%Ru2fd6@sHnG%#tswL1%n<7sTWFQI2jdB^4_vG#Pjsf->3NO@zR{0bg*a@ zadP8XS@HFnq>=v_6QYJuK|2R7&WqCim5yLji>>eDjR!17-jcHo&Q|Gl6qQah>^jwM zA-pH-tm??FMF{w;v(O2bZm$E=o+*JYIWj*UqTn)$q4){z`_yS-uUlw z#Dh46+KHTaUJoWpr3#@B7Kpe1BF{f}7UsD>A@jPXb|%9HKiPM3tZ2ezhsAmI9#L5c zG@8f^Phf|5I||8!E&~KGSX$m^*k4!KiO`c>A8We*`x&-opv5xf$X;6+=tzU?Ov`LQ zho9MEIl0^H{O?RG+oRlhBm~U>s%u}8 zPorF!2$1cyypvGrp#s7d7_1DTLwSdf8_rYk8|$KDb;Sd~%w%>QZn#Lf@Fv3+VRXS9MhY8B67Jmmh|M)nRmI^>uY#u=$mKq zO(A-MCN#5VxBxdv44D4s_9vC?WS-YTvKAJquYKyB=fFFkperwmnD6I-Dh9&FlZg2T<0Rs&>^}rV^SA=O5BSRdq&dAHAJt9G;{L}WO$z)0s#F)z>{qx6%G#+ zQOW;Qoov-f7Ab$22nZe8jB`KT;4;y>5#D*n36{*=K&78yNO}FI?7ME8Mi4a`bhB#b z+Iz1Q)fe@6hn~Dd0v2SeW874S6t05s^>yRU7p{($tNWkd2kG1I%%@mmLS|LiQxnTY z?&R2t_YZZDVStq)r{$JrZarZ&k#nJCyOtW**b3x?1&!HqrYp(`l1?Rkpcon6=fQHs zL0kkIGjaa$EYm%x&r+^G+%~E|Q^V|ICgasg9DD_qNpA+>BF+CMR<)!;&9^g{J3xT2 z!|ZyQpmSLOV$~8Uq`LTRW|JBQO@8K3jiJ9-jPmqr;N0Dnrc`p_VV_xR$_2!NfSj$^ z#)&7yD%x;N%o{$Zt?2Mb^!`!mu>EyeTXUR8#}ah!pxmlZ>+E*Blj%MicRW4yxhfWz zD!X0R&$>GBe({J7^eqHMg71BfO6in!wt}O3*_`vW5;E>9A|gzfUUyz0fjdij&9Nl6 zm_YA!LB_i&eJ?YG$;;NugJR42;-NHX+&*{@HOu87YCHF!tya5VC2SOI9CUS;GZ#*} zySWgi$r=}?WN0|o_FqKdQ!G}&ea)W`&=HK;bD*%h{%1_-`_e!!DIs>|IXPvLt4IFy zNQMeJig^Ye>=zvWrR;CJ?11s)$V4}Q0>u19ZhgT{t0)?Fu(mESGs>{E+c~|ZPM6)@ zPj_1lahUy5(C?3gMx{-F46y^xW zyH=HD^4zRE^R2BgQ>X`ARG}6HvcKiI3rxlD2T4$fX?*;VL^$+Odk4DofeUy_cZRp; z$+IolV2Je{0^GfDsl)gfbJ92#s4m{crQA;TLTp81|AxF!vv?`$5&Md}!+bq!%t4Fr zeKS#qUz=Dn^T!CAxmuf(KhH47O*|F3vN7nrg;Aa(o~%`_J8UhJ*B|ACt^NKN8K+#x zm5+s}3~D}!e$)4y^wQyD1#%eonzlSI_v5CZmD*aG+#TDrOmP|7c{IB>>;I5Vd1KOD z>iab>``Zl{)e(;J&4Vub#wLHplnm8jsc8gwu(Zz%gbAq}7Mt9$LOy`)3A4dE4)k!bSvUKPY+?^a*oV)>!M_+9}9yp zN4R`y)e+Rcu5Uh>WQ3>RhdzzHnzJAU#1{5mUHvAWzR26VTW~eC7~*g^3F+=%y>>if z7an_^X*5ksHTjjLwdpF)bGw(lu3QP(Pqyzy85<>-dUH0?5{2I!PE1HjS~gRQYn)>T zql!bR|93HG+8ayl(21)h>+0&NP>1xNs3q{q>HZpR9cs5o9(6zfZbB)mG5fhEh0c6d zA3@x-!vIFO+1h3lNulM8RvH+B{-kz|p}1Qtq>nEZ>{SfZbGH)j-KV73)osREkh|zKV^&93S0X-O^s6Wj%f-A9TYN%$9t4gj_yZNz`Iv6w9{H zYP{jk0J>yO{5iBHY(c3Kph4D@k&J0@^5{G}E<9g;Mu5SAiafSw8o9}{WNN})CFa_I zVqs;L1cL0Vxlu+FUToR!>?-Tk|1GxGP*2gI^4Fe??6;bk9;DA$dOo#hm*)zoYoU%W z8xl1fU%;}yULGts94)t{L}aJk-(L2|z2(`dM@?stf~1FmWzzRtfYj3I)If|LH!+wu zrmU6?N(_>=v%QrwTVJwU(3q&SYjUzrmwE;%-5t44-EHtWuWu^oj}{dj{7A=DOrh?P zV{|>uSXQzCN?ADPD&ov|Nt=w}a6Ch&{b;+8lEj7fN@rT(iYoG3BTcqtVD=K59dAEDqzXu?jPi+tHToLe_7QuUzK|HZnmmyrDURY}Z8 zMx`km$%0%4^xK=8wX-p$Bq>t&ybWe)IU8?}V*NyScwW|U5!mQX8#U|Ntsj}QEoteO zB>ZkmD7MG#@N5#ifB;h~s8hu#wF^I!!)X9iACQ?S|pGP!v6zC^HkZ8rCA@2!<06g7QUrg zyX=JnLbqU*CuHbIPD@Murop&o&h{ORpI@Bmr-|#)u?Y?5qkP?17QI^eI%I=ZA8&;Y zaa=@@jipm<5i^i1pru)+UsOzd8hF9H19ep{WZBsa2>Oqwlk(}h3DkxLL&N2g@=|D+ zX0;tJbCJAZd)vj1U551Lx?F4N!JkV#fK~5vv&yOh7Q}9ri=QsptCnRKBk;p#153r| z*;*p!Gyp^wovshT?n4nETtDG;P0q#i-#B=YRh((Po$8z=#-ihpn=TCvkbYWbnhx$9 z-nRXwuhXe>KL`=treu0P?3Y%X%ituJugczZ3|}2;N66e;Xp|a-1=p~?GY}F2Dy@4z z>u}adc~!mal4qkLOJ{BKi!*7H!IuW?%AX@nkmYD)r@@ZYn58GCQn_tn!7Xn0mhCOW zbM;-lU!VN+FVZ%9b|z^1!Cc7sb)mmHs0wu~_+ z)rr7MYo7HJ>@O0iS*N^W*{JQS!N}A?SMtZ^KAGeynNV>b3Dub*$S1 zDO2*E+}mfPdL7>YW@=5hurSkYecebz(c(EDUe?BZw<7z>U$Vgr9FtbPH)3jdy5-D9 zQN(X_>ZZmWu}K+mIc=v|9pLuFkQc*zY1b$k%0C88Oq`|wHPa-pztbODtcnL?qWr&< zawZR=4Z@l_@AagJVy64&LbeW`9Ta7^bz2mzm(t#l?aP z-`30w#LHaoIzMU;UT?H&WxRGX{QTB<^j5vx>2N!7SzDRn`1?5m?BrgnErUoxD|>%C zTO!!$ikF`qpg_hX9nUu6PQuMxiEBzuq707e86J*q0j*REkJXTA6Z%!mo@vK{DVx@J zayh21Q`AaT!};;JOKm-3NqY&*?8fKIK%DM-%FKsr?in7{1=`)qmQNr53z{~ZB;_*= zUX#ct8Kk=s1+BuRk|YI8q|qWE{`STOly1ZZw$pkxB*s|He>8LydM{TF3}I4#IGAQ( zFX&83+aoK!t6ItHk?=HYfrB*ep&u&l7*b;;1h9sE0(R30FA0x!4zg#EY6e`aoypwf zYATGwbO#+0f*WrzpNfB1ZONP)Xat0md_IGM!fg-JA+CY74 z*lX*h?_Ugd*awVVv@@;LT1@9H`r;#QQ>T(Y*1Qwq1x1~IJo^Kgg;vDAPn}@qQ7fum zQ=RaRM0tJ(E;XY;#YAjx#;2hrtsjl7sfvALdYQ4TV1=4Ju@9GVe|+5rxKSj@Yd%ds zj2Cg=)$4x|2rAxv5MMn8eiI9R6|EJ%uRhbBBO)Leo&XL)o98x`Xi!>(%t+vY9~bM7 z(j5*$Hv6u@`-n0F*WT$dV~5_vUfK^Z7??{JcIC8-b3KfVsN6RjZ$^@^n;GCobUGD} zP)bD-b0O!<+F=SF`3_`?D5I06|9LHX3lh6^|CpCUsWAmPC@uk!vCo<6yPxaP+;;r6mfLroISv|!yC$3yo$B+<~G` z@&;7=_U*rQFM-1YKslE0cGI?Q$){1@=X%{?&Ze$+v8^q4vZyPrx(l0(EGg^U`LFKO zfskjOtF=5>r3({FGuB$$^8fZobkE9X^YEpTyj6@eQjm$3MMOo@gvPZ+)z~%I{~DF- zH^@Ozn`yR6!oZ!lQil|ENo$Y~XMoiZyet~&hvUplfIi7<$7jZ#7o?etPqepO6w%y0 zc;BvHC`f29-!`D(_Z~k}$42yBqJyHaVKY#jA@2y#W>@C5YCY_^<4^s!0y5?dY2m8% zRWwFMuV!eKD`^p`c?wdL0|Q_Vc2~n$#D=cLd6$BGyUxYFCFKPL*2)(xm(6y4b1+Ns z3BZ!mD#9wOQ4d3BSGr)#BOJEMiWjzxm!}r^wKe2Xa`Hf1;EUjS$&uQv{Q~yx+7)(W zl6=0Nme7u+4|vMl2dOm7pR;J`cv=rZ8Uh(<^fTjRGt2^8xbEWE9=WU{I8;& zb&(rY7z%BwYz-j^`OQUx<1)R;(uo18WI8gb$06t5~F zeP^Icchy;Kr8lTTQ z3ZB+SVt2SXY5a&udOuyt8f&|4)OBrk zH2KI6l}ndg@Q}?XQ>I-7dw7co84ut2OHqb5#b2F5Qv)+2RHt30rFuTRs6L$UUk7HF z|BQ{CP1Nm095kQ<0uNa(fpVQs#{wB2lZu@*n>Bg{*q^2vru8X^%@wPBC z0%UU5KVJ}=pSUegyuCSOgsW*Yq=fYaO0lH5G{H11sIW#((Mi#q8|7)_`c<+9!Gwd^ zY%rGP`r30S7T@RLjf`0ekB+y{Rp})fD{t;OZOzqnF7lel;k4QWP${<=u>OoyS7!+U zLG-Q8>r_YiIGIyvn4}fNXpOZ zl%wHD1&6B#=p-kVlh?yHvUri}>28zLS{teRy@@G($|UI5wmf^&N*$rH=pov+Sj}w3 zRCN#)U#@YhLY)`|^v=098ML(A?Mej(f~=Jxj>D0Dc_|G#c%}$clN4w|Cn2o77<8Ms zR2x+IeX|y4y55)IA;dsO#q=KzY1p4dutEuB6Y)8Kh3|xHw_1=*mK>(IlcZhf(>!8j zbeo;mbp7@%%QgfZ-MBabx|giPVlnKV%UhmN^1U zqxf$K6%|{p*{Djs{;8BIFRsBba|vby%D%q2=#QW@uQ5-kYj; z4p1OKOhMeZRB*7#(IQmZ%ndN8ofunSe!OLUq!4+$KU}Z9Jxm%ow%4ir|5n|uHYx4DlfJgqV4zah2ow?$irawb3$^G9|6c#*Fn2d+qGgiQqF6)Ke7C&L zF2d0YtANS=SzI*aI~}N6J6e&bwErhb_?9I7!UcSTIzHol-4MxKP&wqh0rJEn&-$3| z>Qz2}J94^C4R!m#z0bNNnYGY#(;hfT3be;p);H;2{_Hko(lD5t65)6C(|0u6)sjXO zr7Ybtpc2c3s$TEtS!8nB#e_eVA6c zG11utnbF7Qq-D1*<;|<8-pQe;tYby-1lLV}8LA(hW}{%h!YK{|!|Nv7L+5TmNnHLH zrTdZ;VE3rQDb^fJp|j=q(^s%-EUj{39XS6j)AsIeCJv6O%6~-qtiaMVvKWDf3qkkm zM^E{KMgIA{m4UuK_c!jq=}$TE>`d={)veUuU|_7lJook-Y#iL!0H;Lsz4%urOia4e z`XNK`ch$~Z)6PKH`rBQ*l7EFXcfITQa!T=(Aj;S_l1jebv$2SAEniikaU^a-wm&f7 z9P20~jsH`Rk=3JVRD~r}1DY{0OSTS59Us)@hM0(B2%n@jR1*V2iS|XcxykCX4gPJR z<@^aU9d&CT97w_kZn^m3kN z$O=B<&ht*hlhn&hO0s7AFt3%3bk(`KXA!5zNtqVSD;5h?p+3zA(RXvq0-z&64IL|) zw$6J-kRU&RY_*NDLVh}ZAs{5J-tA}4%}u0?%0$3ahO@^#&vQs2JuQ_WyFzY)rFc88 zBRZcqcvsC*6l^-_ZJ3JZ?lv?aqVVD_=TZx7j&Tc0uG{;Ib4@L6E!)cM&w<4FFEIZ1 z>AhR9_KdQ!(0+}Sf?t~GnM&f>(PirD%pW(0GPM9UI{gNxA|_~s_~!~10~u)$zVHH^ z&#UKmL0%gT8V>6z*C$=&Lgc|+9D}5z;c4|vdWPO&yR{?>zdYq1u8Nh^o9|912NFbD zEL2FOoq`6lz0|&CMsD4_Wk*z%-ZKN9PK-5ksyT;mJ;Hov$E~(LHfVvQ~jn= z0)Zggj+?8j6o>4FxewncHc8EU`uG;-%_02393n5172n6kne*<_C2wp|J*f2dQA z40EnPf4ZYuwJASVO&0iz<6aeU=OjFxhLOMRtTHJzs$|`RA=qXOEZ+2dBWo31JgT8x zi+sA-P}JCPMP5e+YQZQ~2%Z7+ntf({oW4%f?u*Bn&z9fz5P`I3?r~X>l|9G5FU4MWDfTYNvUd zXt8SA_VWu0mPlwhtJJB~l{$Y#$vS>gYN+}xLRIIrOnkjT;<;uARDTRw9g`m&`7n~D z)uyZDyNH^ zLUrVz_WgJeD$1c-7Z5)(KHh(>L&lZioJM}z^+7T=KYVLl0p<2pNFch-Fmq+~&`pDb zeLw+Irg6__D`1ZV-oL0K0p4&NR~PlOHJ02@kW}j>uvA~@p$!ouKsZ*P8_ifNR{nch z?ilQwPT0%)9X=(a#ev=Hw;C3FAhUNJrv=tAK>3hjZmP7m*zN}?K_9*a zF&*Fny~#ng#mPJ$5rtzu?T0e+%MKSHN@O~}>D?#|t64%H%ZM5tIyQii^q`=gQycmm zG)p>06{YYY?{X<+6G?H$O_1lIUT3&(5E2rSmJwVPWeT12blhwfYnHRHY*w>8Q8Ylf z?r_%&5C4;9*ECQDM}!G1ui?2{Z-R;ic|g%cnh0>H#p=for>RH)MB%y zzh75%_cLEb`xSeuwfw=${>2KQL+al8%b_3%4PNUZX`!6*Gzmukgn63g={cAS*m0AC z^#L_|L?)nG${_@-!%C?kq!Ou>^=an7V!v8j%MW2{7iTGJaALfA)qg=U_jHK#SeTH< zWaH;&xLoior^1%0KO2>!w)Q?y)rhP~6L=%~56qcKo`QpR5?Jbo4@#Vfxb7#A3Gvby z7wLD@KJrYJM7R2^$Zm&JZ>0J^%l%Tn0VPZ5Hdl6^A-U*heLP{(8SZZi0CoEo9VXG% z$qw$IDyJXoNu~tsPA-MczwF=bY0&DF%a!tJu|Pf{f-}f6RL?TgYSu|wL}Gq}!(YmO z@8?TZspIXRn+g!weIY3H2bJT>Is|c#CO)^g*1*3ZV{XZc<6a=1E;W^GTi&iY!beS!-2~68| z3-9;0+kR)neeGWP5-Io_EXCPoH@N6n!K+?E_CJ{dj}-N06G$gj1qbO)_oFS>aV=0T z^DhRq^cVn zrn`QBOC~)R`wZRhsl(Q9PVr@-B{i9{q;qTxPZ#U!M^^)jS6+|lR_i%&H#?jRkfX?? z46h17w%-c1#IssWw)R75GW`Q#7rmny2s3P6S!Qz@=Ig?qxTpPyqKpE>JnQiNiNFA@ z3=?T8Q4rnmgRsDZ6$f2rD8yXOs~>naNE(~pg;OD1Rk(a8N9{{Uv^cWLVu7?i!^b{#|RZ6X7+A)d(uCsN<7X z!%rAwV*Tu=0T`eROdRsPmV*>d4(kpwj%^-KnXT4vH<=4N3L$?QZzvZ|GSCbeG9NlF zsaY)-LvukO>PpDTw+Ij=FpScrO3^4KKf_}t%S{{GLxlC}`|~@%U1$7X+(8yS<~})< zlK`*bwR!L=#c{ZFi4c71xo=|5oYxCP{!hCZJnsx>GZ-nA<|p@zz9|05-*_Q!&hD|; z3d&mTSS*C%GE$kRbk=4lE)${#?hy4A-E+Af=x-lv$9xbh+x$pOCUW!9a^_^+;SQx6 z6ssKh=L(i^s>%ETaR|xg_A?as!PfG)ZkNcxt6HefJ^e{T7~X`DI>Z-ylO?e(%`w4i z-!HY(ocO*?vxZE_u`T4Jr)744&|$LDluHK_lI7v9W^ymAmLY82XEA$^trmm|-6!tb z#g@!Zh4(O$ujG1uX!%-B4!Gr?ut#b4-yKJJom`kFpX2}<1J95k97Z_0?y&caL=nAr zRhhKMHc>Jzd(u_G`9&2)M@oUdBhnx0-VW+OFE1~5vwk`0Y(9*C)4hzPmNS`vO;k?b zXld}03Oh+(U>?*x2r(HO=Qe0qKBnquwQU3j_PRpYNvjpPX)tgLFXTw#x zd0q64sp=}TuL%olv1TC}bCIIbxM#R+TRo5f^8jz=y+u!L*oQ@TVIy*gx|M@6K>}aD zVr=#pOB^NUo%n#4?F}yHckJq-#5~Iq2El<1u>X{o75C?gA8GEBIu7&pazFcTJdSfd z#tIxiCnSsNj|5}-*RRUp^))zEjY_X;)aEAG_!H;N4zwx$_Lbvs&>RP!Fd72+bHKSm z0O%HU<%0LBGG=3@K&{6jyN-}+k)Zq6&5~OCQ3!J$LRJjOLtU~P?DwOeH3t|N7E=!1 zug?GI!KHQak#<{Blvs4gB@eMauT$BVdR)N_s=-un@4h~N`xfFvL`$bWVFyFCU8!e{ z9&aXMI)C*38ofplTgOHA~iAZB(;|8vx*(8Slh7LVl{Tj_mkOA^Xox)GKGt;2)2Gs6=Sa4kKmncZ{ zw#tFhc>E$%^TKO!tq(N=bW~1-{t-Z9H*NpTsl(vTY}6|V{|MM79xX}w;$*6?Z2ULX zrF9t#lhYu+c7!zxEoI1uidlHk@8bLumYCkHx%z)~0X1dq%|Jz$krokbSuuh>lZQH~ zUlx9|XkOY{UViway>T&v)avmA6;ar>rPu_9MyZIZMF@<=abtiUo>b`n0fypt0hVO5 zY=kPk)fcb#BTlv=lZQSQo^>Oh{Btc&kkdS$a`^=D)!}nrWaqOQ2{}1BFt!u(m{bJ? zk$fd*1U~m203bQEh=yt}?7QIQbBT5mQY;2&%TPQ?N4JkiHwVR%SI?84-Ot98dax4- zKJC1NIIH9Kacun>uESAws;Sr9zt5Um9;@7OqD&dGy*KFs)aDCaUq-eAtPYlc%{OFL z*j}F7dCLL&0dZ#Jh3fbTAVn&7z^=S{T=Q|U?$=xP+8*krG#7Eqb{nZ}+!C7U_ zp>`#_6UDH90pwqRcn;Ay6&p#BvkvByCD(nS4d;?H{21uN#EiqLzr`!57m&gPtxT7C zYvOt8f0MyhV8;yAV6-}7c50469N94varNEpS7Ef`?FE=&cP_=SlOGF$-!2c?*Cx%u z1Q$rYMn%ZdJ%EYtkDJTy!C6ba*_48TYvueJ}+hCPwlF3?`##{W++OLyxG1sL`Zxow-N)CdB;1 z=d@=i5RIyiwvda=9V^_}PL>wUAgxSRiPVFn<8&oik2POsKB{_^38-hv=r!t`NeKoPynaT`s_3Hy70t%jgyRVv#_V0+B%cHHWyq(TbRPl45T=%jsfpL9+ zV<^5e44+I5H+$BQ4kxjt#Yd;fq+%dlpl;eFUitOWQ!@@`tEI2H!nghAYmDITd)|;E zmg#lC`*Vy(fTf8E-c*ntP zlPsQ?SnIM;KA}s!R2pF1OY}C*r(zHK>knr5f8==+0vT`|H(1o6!KFiQ?w^I3c%AXF zS9*qpAI>oRLw1$>WUYVVu7)_0L1;&7QtJ3=hJ8C#1e%!c5Q>h8(dS1ZU}AD;C{x@g zM$4q0)NV75gFa*JqB@a9WDWqWY4%-&l}_8LgxbHr#?X)9vp{y@iQc8>!<~Brg?(oq z?&!qC&rMaQ*&M_p@EQWbOl{u0eRJN>0lMBnBD7S1DtUfSjz=yT})G^ZZ9y~uoUl}T#(O`m$rcJm$B`s*E9n`VozN1_98HbgB>=8 zQP4P&!+{URY}=^=H;j0)r91gMg& zHKT@5o}XUNDDPRj=H$myu>a`&a7XN~bv9Usq@kT^aLkE!sq5CVzul?FbT(D8u^dSQIo zTIRul=1kRSwB~w+*%#xLhB0)2lnW$_2JG_(V^McRfT2o&jr$Dn&vZokhrG(#>FbL8 z8`xKjWovMRytDzKIau3vZF&39!2ydw#g@7j;t}4WBBI5Q^k6mcI2ybLl6lrJl}KZ} zDYsMXjBT})g-`q9)*_Oa%B~v_AcN;=*n7W@`dyXC@FIU&sG&k4UIS>MXHu^SW#JF+ z%vghLZ(&8`0{2LQ;Iv4(* zfAsg+@c<(80T$(7lB-SqhW-ZAxYrJg!l&_jaQI?+db;O9%;9s%e?@k@86nJwN?z^9 zm#MD>FF7PqDll#|dcRkkSGA1<+1a3Xycc1_t=h!L#gQw|7_ZNCeeVwCpzirW5M&f9 zP(QEwhjxvT;3l?Ezvs6M~=+B|2?s z1OZreZc88zFFFRA#0Tk@`eS*1YWhE=Yu*gqBhbIIuseiE(bDqr^7c?m)w7a!P$^BP z!rzCBSwAl5J%7kCZlz$q;h^~3@{U4x_Omdh>fJ2|V!QG2mc;KX0rH~6AwrJSO>rNk zx#!*hG{}g6#=bCKsCC#{&r8SCG~4y-SH#Hg;CJ2Q6xlnf@)i65F9l3pQ^#w~PP$s5wh%NUiH5g~r55wAw` z*jrPDgc(q`tMY2AaoWT@Jw4wrQEjW}aFGMZsDw1`?SA4xMoz2vSl@OWZT~G{u7n8T zaM6kK){1e*4{ZFHmM{WW66=R7AL^gM$v0zgVsYubhJh_Lk);m=xZnq${46v_eJlAzo+DPDVf2sJN_p?7OKK-d>0-8zMYCBjf8BQII#1N z_Lc_;?HdK<8$2x3?(w1zf1*7IQ%=2&x;~Ld%uG&V)VjD(NLyIlma>u~qYwtIh>~}_ z*F`~%`WQ&~80OlmZ2U!2kmN>l@Gk;5i61742vPFd(}g7Y8NvbPK0dNT3*NUhF_N9{ z(c=Wkr#=T-)7zg8Y6;$3{8rP{noS#l!c0qgn>6* zwcNG8s_MQ)oB=wx(%2Q4*lK+;_{XY!Erpuqh1i5KI$t+D_<}C&fl)Fs4xXy#j~NH9 z{57VIa>RoY0xxQ{${&EaogGmnCgvz4Qe4#OtnMN3QG+Z+R-Xa2HDUx&b5iqHRn09P z-CenV^vxU9tT^tO%_qz3cruu3hrRN@NjA64!Pp)e@bCGZW7HSQprQOA!)fHyB!E_t z!|y!F`dOjzaxo9*8?Qi91FZ<5yqbP_B^nXo%{a#e8sJaSiu9&;YWowjkU4T*jY0?~ zUWm{r*)vqc$l@#9{ZL5V5<(L6XEc09D=!{SSf2!(%KEV<4+*V<>L%=y32;eJF zS{>rC`+B~uHqM~@t|Iu!te9ltP>+5U?CVi?;(MWau+1Jj}x2Lp}Mj z9E8m|SrRbF*3SGdRi{b_`kTb0=&yU{)L$Y z&hbkYofN~af%HiR8{6bb*2?BI!ShZZ$xk16nc7<@UY)3oQhv@f%z)4Ohf_T|G69P&6r*JCCNYdy2>3-t!*kSLE&{~DQ zoP%LQAq=%X-N>%9K?1!4cprXkaU;hz-jf79V_19gZE(!s>o`O{QoW`j8qtO784))2 zx9Mr^H@x8q45E0dw2}vBl}#o zydo;t-(v!<`iKUaD*+9LvTyXafd3g3=*2jdS;R*g-q|HQ{^?)@k-)lQvZ8^63e0h zIAMN5ohdXVjv3>JUaj93oXY#|yW{jL7U`&w+(pZu841}iief0!UkRp{Mt3Yo-qdkb z%Dw%+m+8N8QQ@1k@uTAOA$sBn=Cy7=!czC_6?*)mLj9yC6fTI7kqLv?@Gx-L(Q}jd z0}cLm{a;J`^tTKh@55Jm5M57NzJXtg5d60XK1KWg{rX|@67=09u`>y5dBXqpivRu7 z|Nbu%^fe1K$^ZA?fnUaw|Np%s@c;Rau?UQc*G2;ut|zS=^}4GEO698Sr;Lv4i-OihWm%k5rTsl_P_!fIxx;5lU2Hv?8stzL{ap=+hdHG}w z|Gi>KL#;|j>uo9=m0hOw3OIKN&dmfnYl5>+S~s10zAGje4D!Q&=k)5pPy~wOe^u4` zCZ$rNN?Y}&d?fx^^HYc^T!8v%v5{2Rp!WBG3LVQlX4@dG(Gf~$TlccI*TV^}ZDi5P zMl`Ca!(6t95psO5ad136mgip)e4zRJpL!5udSgeo=pF6{NTat?wEpQ7#?{|vR_^JS zOuOwvBKdol5YOk$L*QA4ybKJrue>FA);Dq~Zx!;>fFoC(W$rI2X~&)N(*rwuO#ocz zSSvMC+HZ@!q&a->g;vddGNHu$GFq*)x5DVY(R#2p3qp%UBGy*d<koMNJ+MfZ*7;%r_3<~ZlluP2kltVd zUXZGG3Qw3x)%C+4EtvIHxcQ>W)$Y%e3i=q+tu7wAq;3`&zE7Y(gs+T4#kQLEa4B+H zEf#_q;LNJ|qI;X=M43z8_t*@$Uq!=~(*9Zf5TR!E${DtRb2MG3U4CKsoXmifW6YK5 z2@_3o1bW_vHJU_5k*AQr=JER=sL|~DNes3!T|A}w=t?fS4$x*B?d7%aIa?eO#J$zpR~${-Yp-zOb3y_6a$;U+RX z{^xLG8$D~>{fNH$w8h9%h>5ZF9f^pr;a36;1u}ap7HgS2Z>~xfqHJDkpz(c@SHp}L z5;_g}P(aNZSdxm4s%YCvb?P; z4a2OwntQ3#21N2-){}=jc#=6>6BtpdWdDh9vLkEdvWJsC?es5V`#Vt8^vp$fPri(J zEpjwrUa>@6bjQ7yUpzIG&U^AzdDQ?IarJrew9~P1EE=;YK z5XL*Jou!K4S@8VB%ZEeWBwv}xItgHrlsv{ zo^{6h?_^!=ThNQ!&b!IAr|GM%3}aF4G;mfdaqO4hk#`V4z&)i)`UEhoZueW6QTftt zY;@L>6?7&9Yb56oAP3Fs2USl#+Rj7(`^CalKvAink$Hj>p0>Bu&yJBfu^eO^F^rHm zul{F(733cieXO9y-ejN<2%lok6)#*LW}N%UKSh%EpPl& zu6U1*{)ld_hc;52`-RY)lX;&h53gFR`<=~YGmr4fByjrm3aRVe$55QFad;`z4%1n- zY_#L|6Ed4@IN1+jR`8pZ=X|R7IX`>P!V3Sqt50jGnGc`b%Ri3c{JZ!T;c8PM&%$eO z2iz=9r?Wk|cyPv|ne$O)u+rm&DSJB>yog!S3kcX)@Nd;uo3t1{1#6lbpdX;fIJkG` z4Y{r_DFaP0=;Kjs6~Ag^L-w}EvJ}~*oQn2dcv=lgKI`4rAbym-6R7!!%Cw!L!#PY- zCWPLZliPB&Ys%|SDcm8!Z+9DHB2jzR$1dxnc=1R|2k&j3dUKStn8{ud>Nb-F_CFgX zNJGCN{-8aMzt=$Iiwz+CYvHW*9oCM)O(3_ij0Xm-Xd{?QyTS!Q$MPP&H(ff+j3@11 zGYjE)>>cmPI8+{?W(zXM;#AU4PkD<^79j1|uN6PEnRV_n1ctD`tcs&4w92}kJz0i_ zA1iNifPE)3PfVC5mEQH*!Y4r=GWtE+$^?%3Jjr^mi`e~r3iZ$Gd{^DH*3HE4nrUQ9 z0o14T;q?)iZ5xobni1#Ox-lE_GS_9+*zabzEpcE0k6ve!rHj*1NJ@mTt-Ifmht}bl?eq0*looYzlq&c<7u2pkw@v57)LV=Xj@&|0h z%q(q{Jh4*)Bi0j7{u~`b^Oan+fW@l0&?KTLp2P1^(>V3Kd_1V872Mm7>;prnPtN;+ zU)`xQ?VIrD_C$Me-QQnOaYp@ZPYy71hO!x|Ed)GSwXLm&ZjAbUOTN0Q^Q3rD8Rv|R zCgsqVvqJ+Hd2KxHo`-(i1^O~{l>f?I2DqxTtG+1lr1TFA6}${-xBO!C`}{=8dT*E7 zKPX645;a0eqc##fQHY1CW9L$dV1`a8XuEJDE6Z?+tNdeP1%nguEQ?%FyY+SxW=SfB z#BPCBoNV;*(42Jm+%X3JL2#jvR9D}=`O0TK=RRnfqc;LK>T@*?695$lF0>c1eH$N9 zrZu|hs-g2kZ9~7nl+}JW*};sRdD?Wzy&0OGRc}zu{^&^*1n-9ynf~jPo`N1V4#idw z)5CPFa9sYz+9oes4%NAW2aI5b7ZQ}MTD@^2@4-c#pY-&Gr6<(kba6TBveXsglAe^=9G8mN%6yiyMoVTBw`crq$!1XhlRc zJgLm5Y0(d0YgcmLIQ&$z*)r%V*3Qba`3sZ#>_R-IWa&O52u~i|&Pgt)IKo4s?}$wE zRW+m0Q+^ksDzGt{j!)VVCI^Wk{NzT1E?@mf%Zd4g-q-hq@34MyQ6*IQy~EA_A@41l z@`$!>(HIasxVyW%yTgM#xC9Fxf(Pvc4ek!X-GVy=cXtU8+}-tb_P+0_Q|DIQKXAYB zfoi(x)pJc5W6Zf$Q0Ij>Q)j(b;3OHCu(`zW1k5m1xnQ}NXJPR4xbg*62Q{ETKv)W1 zjIp%X_%%M^2cV)%t$@AZ4NZi>40KPe`?zI%NqC;c)#y?U3lIvF)w`- zC30(h0HbVwCb54A=;P6leOv%F1kC5Fbv@Ls&NTM{&^&PAp{*k)N$}pYEeRsh@%RQ> zEuDA4jhBmmn@E?^(C;qA4x+IN9woU}QVb2x`z}6(>A7UGjW>PXOsHS49+EwY!#60g zbk$BZ4VNtD*c7Gdt3y)jw9;La<6Sn7>T(~?=aKItTqJGXg@WjXDZrTGE5rmS*d&;$ zFOl@*p5DA>n|xx2l$cCaiulE$%gH|1L`0a0JKZ+)^GrDe8{eELpo&A>?$y(hqtpi~ zauLFV&{viiJ-+X1Uu|rUp4tghNX3uQA5-YA_7uFM2@l@pH5le!V+vr#)G?m~|szs1HR4&`u@h-3GD_9BiT(t6|184=dn4o43IPxphjDHx6($2sa5 zS@0qPT@9AfL2e|-qV{5%?{jj8=p?6E;nt8@IH?u+AK(H5_$+*9SScIY1JmbK`78D~ ze?r4f1{QIkur4Y>OZ5H`n@(-*vGrpf44qhV+f|4_u(!G3RfObCd_^1*ZA__o@9C|vj*8#3m4u;Z--X{a6WX~mK zbKT5QcoUM>7Kou|_F;g%WbFR$H_i&RJR!L`tPyL!=go@2ICxh&dmx~cl?9;jHpnAj>ioN!>r zAOlcjbhTHdPUbvjvD=kD3deY_v{>_xA4n_GXxys?VcvFseeZZ$N1v!!8XbcCAVUcZ zCQY-yZGyU}^ZTS|G!0>|!1dCOfJcZT#m#!(7)Fl})6NRB%lg>Qt=XEiW{2?2$#N{2 zcVk(hTtA;wPb~A9P3aL5#j6{7^MXZDBe2OU_PUeoiuVr0FQy=6j1+@gT#<+7wc;q9 z_1D8Y51zISr>ZuYQOB_%&c%n>+a>Ch<-+ASllNH<2wM;J4F$7qIAuYWe;gj%aeI#* zNlyx%C3TylE-%!qj&eimbbb9fg9c+BxzZob-8T$dD-ct(`bicVa;ppR^Uw_M02;|7 zFQwHTKiHo1`00*aK^N_NH9A?@3koPnLSi|d9s^<}b*fXp9x-YD$Ipr8EN2g4g6qw> zxv58Qt3!4QS=S4FE9%4?WJ-7c=5eBUJMnc<%KWPr97xk)gCRhC7)6XT8AX=}uk^0v z9Bp=5tz_QIAFVb_=oj`ngS$cileXoH3Ll0I#K0}jhj>%86grK@v1o?bN^j{q4aa9^ zQ9o7~S2mqj%z!`QL$9=*b>3Ilp3x>sCZ@YFZKkWrUE5S{^MCM|s?& z`Sg=Zz`edcW|QdZRDhqK=G;Q|P-tePdzLBnjz# zOs=I?hZHU&JO9+zJO|{(Qz6rY`&`D|ODT;IYYFO9v7J(*bmzjjRbmuwI;t*ae8asq z3o-SnT?{whI70=~%!@)xq-czdsG6vPK_!Dic`~Mx1f5IDII-`0v*uF>@Dwsj8uBxR zpi$mK%BY7Atf*AJT9JW={)CJwHvuYEdsbh#i|MLH0>|BsY#j9QD1+-tHni)q@$3P!hCYj#xhjj!VnVfxaZYH;rZ`MYZ-*PD$>F%m zq;y9C=G7n%QM>4EA%r-!s(ou1EJ8{r2M5KyzXU`7FVUrE%9#=7aYGLX){nFz;Q%b&Hn#b$&4qbc+?iS`GDTwO23> zuAer``>Wq2f5{=8YP7J(T~eX$au*$!@Vj2pyvxke7=3jrN~+R6noGQ*l=K)S^BSfM zP0AzMYlU1&+?dJH0?0@^G$r&|lQx31eK~l7FK&7S*j-!@;B1c4kEe4|J&lS1H0Jb* znL^Z3SQ9xE9sd8Xw}GgB5c-2zC=Tj*gCimLq5N~*S7iub8(&xwIP=eoTC%r)L*$8PMWV zG6x%5=i;jc^=NsO3E~}l3++z2(tBcxIlV$wIng*db9e z@4+s7ATpk?I%M2^xAmIq8hMDh${p*$w@_TC_Gz{i8(lQyiNmZLN*@W<_;ljek4?fl z5c73YGAtU?dQKdy0c#3$3Z$*m7vH!Du?|-G;_-J2$5%cs-B~Z*3hY__D8-#aK;pNm zoDl6i<>09Pv21(;^-NabS=kvxfy{7DKs_cTOs;t~#{&%xtq`goshBXDvyUHSjN6Or z+ZlgkChy8hqX92$w+fdh{DXkS3v-_|#8wLuOOBuDI7#p;EHpB7JFlxg4x?|!wLh0F zD>X(Mc3PPRRdCWfsd(+`N=1Je;Hz%P7=l18;1SeOG5M439!sjq>m8#Y(iJJ6<-tur ze~7iS3Rdm$KMN@Fm6)RX3%H9bo7E6AHUQW?#bGnt-Y@@kciIwTyfS(lR8H*8^l)Ek zEu~)b>zIF}j<+SJuP=}y1ucSM52;67CecXg-2Sz3#@{05M&>?%9V%ZIVVKfig6#+y zgghyTtt;2+Mpzn3H@{8s{R~Cmr)5ejimomX>`%#5UrU}<`<9=Vz5zA;X`GZnf^bjAT)wv=n_R@+zo*;! zBPV8+j3HohWDs;e7 z6%8L_SHibdDJUx&e=xn_zpd$rp4RqY0Q1c^pgNCFkJ^u-i}1fe7pr)5ewwFbmnD}r zgZp!z0A{~!c$GU+Y`y@XvVf+S7uBkKHz{t&eJ)A{h{^c|W6|bXqaw^tNW+IYEm~+e zlK0Kw2h;Pj2)&Qjs(_FbNLT-)FXN)eslk!w0Ik`fV>HA|ay6C@bB=JE&qp4OF~^@D zZ>jvI zGuZeba)|;KpwuY0?|KV`wzo3{zQ}|cPa+l|&CWfmz7M^9^8&eg1+DQ-;Jd0_a_%r% z(Tl1ID}4PliP1(&!IXROy#6DQDt&}}<6}G^@9j`lK~^bTs8dN^Lz+jAjqsE1dWy7= zUOB^Azk^Y8lKl2zwYU!w5XL$A132Y=qtcr50sR>!OEp7^RTFKWDK8RViqKhDCF3Yv z{$h*Va4}q5Vpn4Ti=w_Y_C*PcCGJYV^+8}jv^Ft})?)g(rz5wG8Dx^|X?F|W%UJ^+ zg_M~!k0W4(`1L`jA*!1(Gpkq(BXE%W!0(Li8_?u`F?-* z%zjA%j&q=BnCmKX*P;^J)<<^_~09`~mGKc?WAGU;ufDbDap_W;tK zb%Ei8mm7C>+Io)v4O91eh%^o^+0^vowqIK1@IVIMQ5R6cD*lcX0XjTRotKx7eAQB#gV! zTz!{$VVrV`1#x)d40RPDjz(B5Cd>K+Y9J;cF|oDbk;~4by1G>!xK8(--F(K;ox3YZ!1{H+m)`;Ii1%2Ei* zMNrgZ7b$|c%%!HJLw#bLGoRy^bHJQYf)sAO%wq6DJ9Ks052B%(G|L>XM$$Sm>6K47 zKN(I|HPVzRsux7X5{E9hs||`=CTI@`aXe;Z3$PjU9=-x2*(lk?Drm**T6uaiSbLF&SlmOEw#+fcMTez zkp!W9`T2+Vah>HUcgv}v-=cCk5;=y){_V$JNm^N_EhBR|+?dzUqv%Z%^iabRqtFoF z22u7Lsp`d#`zxrO4Qc`GU)&5HC|gzDk17x60n`>LN!^x(vWizmtO_p5JT4(xoG82c zkoNE`8gG~D=TKA=u6bT;2gb{s$hyi39FPh6?Mu;SU4`@xdibxfWZy;!A0|7o2aD$% zadoVw3{Ltje;14PllGl^8nk8hnwW(T3!m)9pTdg^Up($wJA|O)_C!Dw zmvYr;Z_I#{dxz2!R=V8`QN0eQh8!$CFH%gE1~Ir)jmb0I6wmG$!7oBj$BNW=m078) zzo~1F*OJNxTdSQv>yhEvy-(n*kN?8%(X#!`tnFb&xd4-van8V+H@G@O!x_OZGq z0&1j!KD}B3g0wjgaG)P8R1?m43)C5ECOqX1+B?CO^lRng(&nyFQq8JPf*AKINkO-W z)1Mm`aN*}@Fo!9rXeBbWW;wddcbB%((K$-L8~pN36)uW3o$R zcmx`^{f7ucD@H+5o4759PODm}%IKtB<%_7sIAy_(jtugK1`BAxG61=5Rgz!6G9sWn z%ba*73|oa#^8=;t_1THl*b-CWdP(PHqGhIKZLgL?KI&IoM99?gi6r@$|+lzks z)h<6njEAj>(5w7%RZ+Py=;jyq#>FL+FIyK)2CaW&*M!bc-F28k@M@Mx&zdm>d*-`w zFEq+J$EC5xghFPJZ4Y=5ab}R+ZDbIaK6~sE&bGh-SDd?0+3-Frp6=q=O@(!p(}$9^@?}0K@tZC_kRlLJ zPU`+f=$m@)k#*kPcdBW5Ad2Oh62pe+KsJLCK$mTXA`oT|lpF3nQN+kes1=MAoXAm~ zRZ7Q*T@-V}^A~^3_;nzJ?L3@&^91fgXVuDY>9V{UHGXnOdna0G)HENgv-O1qq9qGx z>sz+gWmKUB^KkXvFgVpP1J3si8oAIvhfJ(}@2RkzM5U0NBlh%%GKCKam~TUW???LY z-({bKy-7&{wpjv=*Kt64J`5frH5cZ+A|Dx@HvDaIFOFExrB?+k1)tKcBm2oxMi|hs z&6nRL%?KgiE1XCzb-AJ8Hti9Wi`@UjlE(^~?i-aGTj$TZRmf}n;xq6g7P^218F@kIWP-2s{v`%G?-)sTRKEDC;R6)B*-Y3DY2Xhbb0QV zeMzf|WOQ;{AQeUVZgX6JwGZ*iLKwOq{!FKM^K_nA$}Qje>;q&s${)*Y)*96;nnobl z06b0=(PmMDBd!6p=+GKeyR`^9PvL$N3c7h}s&rNE3J)m+&?2&;RzuO#c?>k7U-X|5 zET}gzWuEFMfsw8%B@D8$>TC@o`)}3Yl9?3QtOw;Zue&P^wgW%5s~XIH}O_ zO3j3ch-XHn4Hi7Bxe6u@-FSCaX#6%bGorgTT=q`)aHfSbFo*PPHhK>B0VVpU4`&)< z?tbga@F0#z`%y9Udfr@=ICC{g^VUTr6e_AD0%{;&r5J{NQ?Bt38pxI8myo3o@2sD`RQsMOd*#zyYR{Z$a|3?B!j9&yXoi z@n7;wS(Sl)GM|A@e!)!ag{{<# z@_dNgW^d( zwwBRSSpKTPg(4T%X^j&UFtQ+Q6FpKup68b(gbR~a#jGk7A%SOW$o5jwu}JK{F(V7^ z4gcbg@;RJFs&uXeqssbfvO#3gai<~8>gHN`PeA{vb^UH$%v({6OFZT$3~~>Rd^h>B zYcJW{bC-mfr@lRv0oLKjzMPxr&SYy8ZiDx~!|Hy1;!B{0opq6^!2g^*S$Ws8bKWQC z>bZhuk7OTpSzHkNpTMQ)H3_0N$1O-&#b2jjpe?EpNM#TcRm>qlic-!+a$4_@^6g(B z*o_j~bud@8Qx__H-{?CmvT*3Yv`Gcc1Eq3N?;oAa8v3CQv8DnpC(L z|1!oj)3JR&t`-(!BX=+!>Uovc^iT%$k;1%69rg*4$Z@oe%ggs9CbD@(BMINw)trHD zY%Kl&Ysg23bcSZ*yP^{x;o`;7En_NleT^*BGNFSYryFrr?Is#6#*aT=;r&^fyB-bM zk0oIkL7f)Q-dnclw4cfM(p5F46)1>;eTFsZi;q12NK@8@5;1K2g(@4=pA_xo zW76h2i5z6|NONi!9ZU#HZREUi?s;_8#jpeuPGZnG4+9`6B|UUEHbYz>cWEFRrp6sZ z&Nr!NtngBbe^p&ACp}@r(#E2XlYS~Sama1rNR@tlFe%CV5XA!yKt1|J_15(8`euC< zS%Ei80ZR*wGn?+AG(tOp4W2w6c4_4qEJu7c2ymF*w zrww3~oU@?|HT~&g?hXRwMM3ZVV^qb*`6{^g&=xhmi0$dGR#jS7Ha$6hW2MEyn1;*97kg$?RP!*FS4LM*GnSa8nEd1-C-%Q7?0Tv@5&PfO`sjun@`L>FJv(-K zxrDa3S)}%GcYwA`Ax)LNfatJPy_1C&d*>u*ZTJsqV~q}h)sZ6z6W6Y^816BGYQf%5 zR-=lh(Q21!%RW~W9&?Yg&tf<RolBm>6tqCn02^8J+e`u|{_jqo3K01MOkI_u%=YAQOZT@&5DU(FL!mprkLo{L5#R7BjW7OhEu!!HdXi8Aa@+7Gy{+ftA zdF9JCO%}IARGKTlRk;oI$Q?+66aB|R$KM=Y8XUDIbBe_-3=${*{aCgDvC{0-N$GyG z1+>RtJI42lpvV3)`Sv4sYB^mkbo;D$+!t_c5*Lviq=ybOLIbK)Wq9P~2jA)V?YHv0 z>B$cl{Hd8VtJ`|+&+emjGw6$=VAx;6MduVu*m2Y7mD4HS;8S=)VP+@%X@uEqU1Lh%qijk-<^AiQ2rE05Jc~ z#P^qh+iqOE&4us6>VyO7!b$9A{?D8UosjfoVxRO5=kArp)&vO3-mOlH>_>5e1B95K zaV#)WEuygf$U5N_$Ddkuisu@5`LtqUq!kALQ}~`C!whj>U5LjANA~c`l2GdK*LzDN zE#68W>*u??qk`F&N6NipG_&l>5Mr;on5HoOH^efLulk?|= zMiGnP9iht|QM)Y0LILkJhgQHSe61*Xdy+}JyOcB4uPJ_;a88_==N{Dq;q8ymF~&lk zjo`^gIUjbrHg>#4VT>-;-haw$w(sIPrED$69<3PW;p7p!+6yoQV+>mMw91_|{kgBVii7OonLzeBK_%Ei1eH?Vq5=L9Qq_aRuW zS>)pe2a#ETDu)X!$)x^ z)bN3ylwEZvz&1_ZpuLnOk=v1R(x_-w7Nq2d9Fw5SXx6qih0^?$;pI)dm?_DOw!vul zXkVP>&)vH9yhk>VvAZB|R<*8YFy8fw3dfw^9kS_E{ZVd$vP0##Lt8p@dpJH{VgDf9Axwbi9Dx0vr?d?om=Q3I`NfL`>9*wU&6ye(5Sd zc%7ZHefA)GtI#J;A++CgSw3i)#W?e^Js}g`u|@3k3$h5Fwb+D>r_r=b072cqemQ2 zz1>Okns<7_P?kT)Yc~oA<$4vZsq48lVi`W!XghIUUz5ErNif}JJQj7R?J6+rvdjR<53J(|`QJ4JzQ`2yHP`!KKA0^)k$~tJ*FTZm1d8jwf}hFJ7q$5Xm6UP>?kvzBeNE z0SHktGA$imTTLmZEkGB?VG82ts zv?Ffuc`nehY?M!OA#AXq4=&d#9_}%6!B^vV|I9nfRRh(E#B>>nLsm zNaoFg&J?-Ve7bzLOw#+uv24q95!x^nALoofXm>vy+Hi^;l#^X8_vE8G zmEs_EOmm?_TW|%0_YGu0fxe8j4}vHHxl55rlB2xWeZzY-AbSLJ z_^6q36;RXPkvH9GYrZ(gbMZo;RrzdnzZgR~3~KiO<(;5=0jue^;H#jD)^d~G`4`_; zH5PP$a_2i!feM%(E2Z$NGs=_JL(S&W;dGH(Gbof?JYGWtrN?_%CnxsI!*u^x$p5qp z4B+i|9Y5_gD;cy#9s5*)zx?m|gV+Y>GY7JemJH_F;1G%u=?3&;a_i`ZKPRGrL~+cG zK<*1kBNipm)Bs`E45Hk(G3!(`^=lu|FWo!~+hCrcT5U;+pQxC`mh{%?Kh^)g2P!%S zVDcvr-atJ{ZJ=Ebzy9$C|I-U_w@1cT*QbD(bo7-H=(uoB-rneu3OwrQe1tt&$}29J zuMrc%K*kHoaulY(&%;R-mK~f)8nb8q2kHFhzmI@1Ke>rUURIdF{=bPG~~^+K+I%{?kA9zb`=Q(f~Qy+=gdbOh6DGgzK3Q7UL}z zRKY7v|L-gRT}T_dG`d*_2mbxA+dtOn|G3frtnvr&t0i_+NMO8U2ieO+)3PNe_$ zz5erECI0_;58(f6Jtz^S!|@P31>nMnxdbbN&ecC)W1}bxP0Ob9yO^L->HOWRdL4Tkgy!L;FZ6wP$s*Ot>VeGm{8_AalNXFKp->#yE{Xmg z1(RB0rPVW1*X6);DM5)=o3#CJh35;g%K=YkFK}f8X@HOkdS7D_@w-ZO!CtZ1?yh|$ zba?zggh3I8Xv4tZz^s<9m|VC4kAl)0Uoxj!;5zaSI4LZoEnRJZmx&+_s;}o+{`1G- zv0p4#Hd?$bGBT0{o5dgy5r?I-cM&$hYVzam+Ur97A~oMgp0@c)Cmh{c+vxeOkN@@$ z5O_z&`{nclwMu%#lcy`W&1|W3yU*B9Z(I>8#}*nnHbpf`wzzjL1^NlvB&*0DjNh#@0u5^OIIOc#+qD2D1M5Q!A=&f>{-Qth1WcJ>RAIT&m z?THY|T6fX86LPXAhn>+3neUG4oBsQ0j zj*6xFlUG${1B|}@{_U$W@4W8)X;dR+>m6=>$d{&SMUXW3MIGlcyX6Syn+cNHy%Wtw*8Y-h=j1ElZ(Qt*!4lbkht{0} zXIEkohkWZc4PkFYQUI1LS?h~$b*ob14;#L3Mu3%=rpPqo_jR9R=&%M8gA^8Pc)f0E z7whcG++INY4kmE>)8rCIJeDq?<%P^9mbpJj5|H_O4P20V`_&F`6tqoL6eZzkdi%E{ zJsz6Ve)NRjnZLV<-*i#(PPbpJWl;e58P(Ob0eVf&w1zFX`?KZY>+RSI;F>XRC%}2! zo}zV9ko)_ksZ#S_GZZU(y*uE<=4IoiQOh5HNy&)5+IgI447tn2gtPbXi*@sLFmXmP zlf!98iP>Z>bCRvfC{W7yZlz9>qYG7b9+$CJP(UJ_C*iOd>*;v%^mhyprUjzyc8-PS z8|^qiY*`vHxYkGU*b5_mx2Re2)}M8x`xhzZq;D8RYN3{-@ck!D|cu{*vGu zc>tp6Y?##-S6BI6GV1r>x-@;gV`o$^*cQ!#B{ywbYqYP4I?B$>g6?nP(WTX$`02b2 zh+L8Cd{9U7@-y8Kf+Q{Hxfr&3P?@nAwfdybOUSWDDK5?0Emhjw0ERW6!J5~4BAd!` zu>nm`NC@MjGuY`QR|;-A8rI=oA?(z9XU|Wb%CAgfFhzz0qsE^b)-rRkKAI=_gWb9V zNz~!^#&;pm2A2mFvYgEDdi$02`zwO^dW*zGr$w_3%NMK?&Crk#OgeRPg>6O4>0e~J zb(Ylj^oscFQX%oc@5(N?C?-Ab@RL@bE@}N1XS`INaxKr}&OC+rI&YfeRp8r?(=TRY zKZ(F45gXZ`K^BJ7P%^dO`8JUgI7C9gXN{zsCYX1{rC}^1q)8vga`RNVYx(z)*W>V= zmzUQm^qwV%^XK)^;%@x3UhSu{!d-ZzN6PeA%jx1J(Pw?241Z>#-H7Dur2Y6ge8Fiu zWU!6Le&yrwW5DeO@FHPm7PrgS=(R_FcR(!S9&&ZSv(`J3dV5Lt;dt-QM4_1X zXOGg3{bEh>y5}wK2huhLyxcATJn!Y~q;Qw^3{X%|Xx&kd2d&Pyul!Fo{8uwGO2Nqj znJa7PL?fUMr`l5(36KbP^Y1x5p0(?}kD+#yk%3d4nJzMw!R*gav3vO}Wb)Dm!;Vz{@9Kyj@eY?g0I~d`lEtF!DiZkb;~%ZWIVaBG#_=$a_3lry5$D z45+?6zhX#W()&JTG1|GhYP87m*41|D4NZZ4MldjXr)#ymGivZV2=&C+!XgNqU-q$o z?Yr)SK<}0Q#LaxO5rEmBNa6>3J=fe0MmEiILqCPdlhCwQ&T?>EOjZW571#YRXz(3= za4#V@&Q4AeJ?C2!wF)%33Om%R_V-~6lkV?-r!8=B5nF(9O}otzYc!p&sB+@=?Vg}B zuse;X#bWR+J|0W6!XT*shwPbW1I^R+oGh@~c#&v^8$@amak&0uGh3K-b8kBPJ6w)-R6a-oT+&VGrKeiGmwWb8@H>~V{*$r#*MumgRy+0W7^w4R`P}Y>Jl{tz)WU1BX zw~%^eru3>xv$y(f9#}MyR^?x{y0!J9NgvF+@<(_*E_qj40aP0s1}i2Fq^JAqi9171 zW{(PylV!BJ_S$e{dT8M{L!stAcSFuz*RW6}v*M?M;G8~{kKlTLz1*$5^>G5W27{T? z1>~JFQfKGJ-IwZ2X(EUOA`&YMgZrw?M#K1PZL*XOGolz8qzj^hlzcFjlO!8lbT47y`2DP8ak z@n0zJ=bH&4pLg-U{TOmXBgSSHJ{d^`eh}xq$gc`56#r>*m9A$_uO$X57Fu?8^`?-q z&X+dUNHTuihlvok1b-NdA2tqR8xe%?hHl@TRV1QmJ1)b4xHks8BDW@;YW1(Tf!wmF zJV7VS)penUYiAF%El;=sAo2E(%(!y`F_}z|JjKMle1${3HOY$uMCU(=`;mN1a$ZKk z;#&G~Neq+c5Mh}F7(OSdK#;IWE_#aEee>LfrRSAls^>FJ^J*-$#l7ts*9uWPDFsYz z)lv2DXfUThks#PrC2JS`=Iwrd*Kht~-Laf7F!Hc|?t?odj=|FT6B`+p6I#Mx*yd%P zV5;hwsH9hi;3^PpC8Wpg5NQdllosi3weoFeY_g77o}Uby zzTBeO%$4`ug(j{Y958IBiU%NMn>N?sn@@x{2HA8?I~o6|n3{M0t?^=&lRq-iB!$Rn zGb_1qArTZQim)eQ=aVs_SHJ!kpfKO?Is8`d%FQ@TL>YEOjDW{J8k}Tydi_U$OhB*F z#NA5yn5GS&u^WG!ty1#zx;vM8^c-Ky62B7fO$a~8wNVfXz5sLS$rBeiVi6zm=UGmc zq48}B;O?9Xo5?VQU~*adBx9D3sTf+u=%cXs=xs5U-c_?#U2{MDQv`^B4Nv_${w##= zy+2)2trowp%?gyq@W&P1#L7(W7*QFFy)?TJbO0S4onxytR;D#pGlQhHAE>Qu6j9dokCUd~3q0FBGc8TT*1SB~ z9!c%BT6V4`;4#kDX1zXGBB07kCH}KKssKB-%eK)Y-1`m@n#^aKGS4aYeaJMXQcap{ z4HLk`^e_M8DUV^tJ)ABiv7FiN^AsWg{K2Zyh_hQQk#Q?Kk?9avOkmdg{(wsSgEW_0 z7zP$TNczUmn~EZjShwDmOxW{_Y@t_%-DIaD81E-L8yNyo@ZQWv_#y3PsyR(CK5^hN#ca=5;P&$}TvwFPebRVO`RL)uGb$CrPl(tk-{GN6pe>(8Z| z`m(jig@niZY709dpf((Ut0V+B!aS(%XGDCP2dFu1y9#| z6o%u373Mw*Roe7va&@tn?}T{#K*1M83P8ZbL_zc(w=Yni`&_75Mn79__?l&}+F!1B z{q6#1qS+qkw%%(NZEx1Ae~!b(cnjpNidv!l&dKD$8%Iv%?AecJ*i>$`o+-|hsSxh` zF|~Qg=du3oP2TEg#-y*r)Dw78X7z2EBHkG>`=ju^X;2NM!TBzvMs%05cu8168v959 zjQf(((xIy`rat{-^(K2J&ij)}%Q&-ThVk;ho=lzou;Hehk!(Aw*K02u2o7}u^Q znVRSoUtAZFrKR9gI2bo+`1t)XSSXAV4yv7aTg$6isvnNl6=eM<^0580LG$}Q_yx2@ z)*ektkP<2X6Y#|C(8>Fk^4-Ewj1ar~pa!pv+%9?FEEs)RC9BE`l#(eI=4MThe;HIM z=+=A=ElcGlZEg11X{J`J1c;O>gB5FEG{`(XAG_rm95(X5uqLu-DOb%+t}R^PXjgwK z`?75J%Ugmf-a_PxjM+q4~YnY zhezx7?hdi>^tkoGq;GbFpU5w84dnBRrYt%qI$o#FR-nPh6ey>60N=j*ReJVuM>ojV z-A@n1Mo}qzijLzm-{-tcm_;F&tAIML4UCS((u}cw9e;)SkXP7X5jE0cIiOa#qTOne z9HSm?xWV9^uWH&Scks$aF=}=qcN_h~DST?Ztwb|Q`Y+EN@U)-=gG2k_dsWy4UM`!N z-?K*o&Y)(TORla|2Z;Ce?=5}3K3I?`s-IAPknFUb<^)3ieWTtb^m!j9 zl~G$^Y?q9F!T(8o^wMgLgfJA;Aw%32G1AhL5F0tP=~^T1Z`DZcOq^60_hRt4t<=`l z=PgPFc7m*9Nj7eG)B2;Xmrm>tzS)cId2sy924&QjCGpC303jx$pd*8b zzc+*ixsC1CGxXY(w$aYONC-G_ak)YTwc_NL<+Ff2se(gFsF2F)y@c_CQ8Tu0;^RKL8;C=90v zkq`;E^t1^H)KU{o2+9V~ORl^Lkb0$*D5UZvD-%YDtS2Ba@QJX($#Ax(dS`6BSP5?L z@h0XlS&qEp2jw-LyU%C~4E{{|kE-^kK+=KFGus>j4*NB-xqMVl)LeIIFE{Oa>o3m8 zL#)7+kK_5J)!`EG;ZLsT>(=9;#EJ%wC;U$%DWMNH#2>Fq@jS-f{+qmD%wAxAk#7=% z&*kVZ&BvFbu`6vN8-OnMI&_c2!uW3spZtuT`^Dx&im?eJ<(1^qCACTlt=XS

  • ;M zcyHc_7%x=CJ0M_M`%%wAZDxZF=|ZG2uWEs8(!axdtA3$o4N)9sNBhu1gNnBI*>ucx zid4EOUUDH;S)5s0qw(q+!eV3{lfJIa@81n&emi>Ps~&H%gBwWNrN*AWCxs)0VyPv_ zr{9Nv*}qi{$N1cc5I;k_RR8j7)TrTGYqKkTYhvPM>qM<29%oZ#&rL3!dQWHb4>Mk1 zDDyCZyG$?pW5=7_@uJY%_I>vT&l~$ae0WU+vn2I<`>Fi0LahSs6wc@4uk;|!b=SVy z;?BVCg4L(A4RhHTZCf!;oz5!ZQe|pXV$Z9KK)2!A@_JlpKkhnr21dDyaxbqs1f;(oy zVdEyXP&=z-vXVA6!bfEq>G^QM2|t{8KXjqhQ!B5p-)ik}mlE$rAr2cZ9H0Bc>*at@ zoE)E4e*EgPqy~u_q2l2(oqFMN!`8qmb71Nv+f0#l2#JsxZbi3W|2MW8;_dep;QXcVGp{NGK8_C;x7Naq81B zW`u@R&<7ay0X7Mgsy&WR#%G;((iy0o+Dp-_v()S}&r|RCLi!zAEOt=xuB6M;__{sp z_nk*Zvq4m(V`K(dA(2s|YK9ijZZ=skVG~}ocwSyO-|27U_UWW7)vZ(5()VfaDmWme<)7o_cz@r=ItXlxkwKu|hYe4l=1)6YP4t7_L`; zvi5t$Kzydo)V|Hsk^jl^4C(9+uX( zl!B5m>HhVruZOTqbRV~RPE<;Ob3%H{U#}z3vD?mr6Cm5_5aS6Rea*d;ES6jR0})&TW2q6){k) zA_>D)|ADp`7Mk_Sq`nv^*LIpEd7V`$Yg2F-A>hV>i)X+X&9YHnDJcnv1?90!)VuQM zWm3X$>~Z{4qz+<`m~OxT&c&rIZKwzjVdgYXUp|{K&+82MP~0!|LtM7{nd~dwEN8za zvb~@c8P%gayPu+ZTplwNR~33FQpP2rr34kG*w38jt?rOnr2|k9eMM`4=)a`eJj*d( zgi+Jda(@~BP?KQmw<6@(PeNn<_Iyg!yk>oeJrAuKvc3AsuYUzqN8C=w zjg3i?-qLp_2?ADLX**l)7ufL4bq1;2=Y8y7zwRoX7aUZinHlLfd{MP=^e#X-%6rL} z0`Cd~C4pY<=b1h^`Q+}Q2+>KosBj2iONOXp zA~rl6DhW0ZE_5_qB$C$3q|BfsU#u_37A{2;q1!Zp3t)oOKzE~UM|=Z9r9Or7Vbil) zW|Q!HQNp4gvLx1%Svod+IYVbQ;w?FI!Su3QEoZtW;{CyvBi-#z*yiKYpTbl!OG=hy z`A91sSRez7YUTL#Jx_g=192!f?U!1|5#7s!KYBKzYOB6Jf10ieq18<>WF_yJM&;_P zy8^?lXMl`8m9*aj7&1x(Ew7^#W2os6@fPV9X`RxkN8xT>q6tj4d9|i;gVXMBAg)Pd zgdz^|>)SL{E(PusE=y2b*f!kqjaaJ(-+H?Yz~(j^)!~%KE(GbNe{RWe1srl zs$J{453FUKd^!DvhRbJ?GtDb8%ivlD)>PT#i;G8GHy?5 z{pYSM2^qs>vY#tEsQf1D!@{Hv~AdWok7WGQ~uyDZy^AlI4UxZEJ;$q!x{>#RIYVgVW8 zkkdkz{=*b}P$nU}Bh%_ADy=cBRVsWC@LAHv-cYvE4;NB7PyP! zi}75r;HqV ze-7vTQwYRp41-2x1|^9iT#gIIs416vxH$+dn#wQXOWqUEbg3G& zTrMP|R!p%Slu`FRCaY0iZFXz#t$hn+y1l)Zvw5+7n$+Qxc#;^`(4xQ$0;QSYz5Jbwn{ zMTiI=INrm_n039i`Yhs3gIhL4x715{BX^w|)*7QEc3D((S13G+CH*dEgUvjYQ7N!(13 zDfY8joUvsorKo-u{0}4sYw@zOlPrL4IGKkenZrUe^$W8>lP`#H?H*REHGCvv)T``d z+#v0uVvaQoyxa?Lw(=5JD=~XDSExF&X$mn)*_+DWT`tg#r^gkx4r8Uns;Ewx^flD0 z_~4XDZ)}bf$94JGgLt>75LSlDkAH=|WeIT}Ay$L8P&Z!i5 zIxf~IXC!(FS(bws+(-0=WqhmHh;PqPw-^H*2{rjwB~@euu)(?DhZ7ESw#GmV`G=ez ztr4quPq1?GopXIbZv)Pd!VDG=Yk7I)^Ifvo~kJAa~wJw;g4oTH+-_HN(gine6R28r%h5 zA#AsSH=YOoi?_cFsw3>WcF`CR2ol^waCdhP?k>UI-JyfKI|O%kx8N4sJxG9s6Wn+6 zJny^rw@;nF=TuQCsz^btwYq2DbIviYk>K{ghyyyG`T{ae^9PwmZ%E1Kej(VNovwV0 zu+4m1;J6g3HzTz{v1w$%`NHXfG+c@HW7+)}weZM28np7}D*C|W*NPLq3zCw%4FOz> zFL}ke?0Nx9o~O@&a~-wWdM1`rdwU068-5W9Q}m-T3;ow+Z?T%5GWN%q8yd)0@s)b% zIWU5sKZ?Y2%89B7w84!yd@me{H1`BX@{2k}9G3x4z~S1uU{H$*G8^-^zHGIN4ec;_o zd=#f0xPD$TX<}Z}5EUHZns%qmoWUp>{EJd+A-I{<@BXFw1OX8=9W$C)eJm7L!6t?^ zw)ssOPuiO>A?H0cZ?*WtewwIV8KNjunsuKooyCgl`qCP{>}=89zXatzmMwcuEFc?+ z12i0lb+UxPk<@>wscBSn6fy5X(~5of!-yD*2$j_T9qFvCbs(a-SgR{I`4Il#?kvHT z=2v=5(W{<5g!UkZ>aa356b60YNg-Y^IxL%&xXZKLv$e z=_k-2o?zvCU!|uXJj~(E{=pfrSB862D&#v1y4GN|@&pP`U1VjWStv4A&R7|jqWsxA z`-3`lhIPJVW;cAazVs}VOno1W82;>ozubUc%3nxE8Dkwo?n)Qwi>QKP@qDMTi)}sG zTq<$HAUyA9-x6HbS;RRWNOZml9I{-dknnpvKSGf{MDX!TI7H)d;_1hYt(P0)#-0^m zz2PTcnx1p|O;DI!kwp+o84s?cx@-q-m?qk_tL5KXEw`hSN+!r(*hBmuVGReOFePon zHl`qTdm;_wr1L7EaLW7SXPjJCrEwf5-PJ||Uh+d|WMsv-Ws6a$E~7VKvWkY3LI49Q zRftdxhNu7L>T?XA3}wRyZU9}Oj9jHf$~mI9(}ABR+g{#icevn>rL!Za?izWKd|{C*ME#7D1+1SA1{3#Aql6RU4OaiZNHH4=+E7?7Q{S&mcWY+WX(`HZ12y zOU&oq>C1=VRB%Haqlvsg@c5I1I4TwtVX;`K!CYhxI!9p~UB-17inn@U4O(QOao=BU z1tqhdl&_mjH(oX|tHDI|c4xn11gjK;zd@-Gj(*JxprSrmYokxL$_X=MT2G?8$B-uM zjolFgKh-^YZILG~=Lj5PeM4d2P^>)NK`b#oNL%g!zXRSdM$0Y`*Ka;mUQ!S8SUjXb z&oPM@lX2rHLoiPSADK+1p9XVLy2@6cwxZ5#Rw3xgyez(cS{JKTF-$9+Xu}Qlye^jpUidPQ(s@GMXX(>5+1PO9+bZR{)c^Ltq<+#v21)IDiBEy&H_ zBOd_kjh|noKYM%k3E`4F-^R^^lq^4-HYnN4-lxuoGu}{&v2(vUU4Z%fErw)qU4Kcz zVMlm2VL-H7$?z5=tVQ($<2^Odf-U%#T@)5^;c@I@nglAHmW5LuVOWKc_eKcvqa{?6*sw#|l7 z?B^{w*pnBxK)jOT2n7~EwRLUPdT3@qZCDp>w6J~#SwXe45l`$zK3aV6>3&C7QFfk^s5|?3=xG&kXOn4xiB(L>mKP*bxzp(LV6Q&u?Ik}eF_ao z1ALO)zv0Ri*kh+znN)fkSzz-k;!O0nem zz-gCZUv+mYqP413xm6z)>N~?-<2bg{8QV7&^QF`%7RAlJaYgXHySkFOB zS@XOJx9Y_EMmIh*Y`--`IHi8IGpv-t4#dX1Ko*MFB@-xY8tq4G+lm=44i~Bd{e45& zw)+Ie4;Z(}4ek>pa5CnnVikzWf_}F0qc|ag6Pd7dcH7ORaA5D2g0>#ERGAWU!n?mm zs8>2J?C$yAb|Wt`vs6H1PEQ@{n4qg$Q0Xfq6I@GeZ{~p;r01`tQjh%id3wI5yol1g zY8A`%sDfz@#-pXi)(~Q4F5T;>0Vp!_pY@+7gDWZ;82F506odv~p`ML=d%#g;j#Vnt zKk2^*b7lIgK!AjUw~NER!d2fp=7UA%-F`?H4WGph?WdoqQW(LzNN_j=JWe0KbCu9f zil@<2P{O;Yg*|ETNH03Ta{lX# z))u6X|ZjO)HQx5P8S7tq%$bE;SE39Y?axo27{=WG=`?an#d=uv$7rD!% zN${JRl){p^MfO>sEeo6}qj%+eV2z^6fVfa9uH&!~rNPl&(N1bTojEx1W*VBO{9a1( z?0N{y%b`<{6pL*(X0%niZur>0XxEwG|J$3OpYWOwENL__6aR?kWE5;kL`9|e2=v}J zoR_K#Vi|C!g;8E-4QvMlbaw}QV80)S=ez-F_tW>Iy3aW0DX~j8p%Mx8Y`>G{KD9O4 z${gjG1zOp~nXk8aRw-tmO~w*aXg9|wrXv7K3vVQRhxTo~{~$&VQO;t49(T&0H5*!# zpWSv`K3~J%x!4S|Wrsa8yZV#14NCC1Y)yQfP1Gsk_!}tV!zRu(%O?XD@GWKjAtkQe zEYBxo!aJ8kzW9CVk1SqK==&=Il6kgP<$`+s{f?NB=(|1BOt6z+`%#ghzc-WqcxzF@|CGog)#4q55Eswuw4~M`klI?xHXIocWn)> zmlvvDqVfi#^BfmW>>Qkgl4bEH^CgHo&`0LVRJ))3VWt``*k3;0y?c7%A6bAl1|ATI z#UjzWxiqAR6~EN@Z&X!TLQMnd=HER0O!Qj2DJX>O|-X&}u~)3KaO#N^pn{txA{N0jxZ znjz4Bn>ghk&(6ZiGrM`9RJhFdw@`6VsHdi=U9z}_cQ>2D5!l>+KGW}t-a5bHKNd~BSYNH>7)xjEEuFKR zYB3aRc=Pt^pXF?I4v*yo*ht(nH1&mY7PR{e+l2omf0Adb%GkdviUhUy+e&8T^Ix&f zEfH}Q=Ez4IT^r;AX&}>j*Mhdv)_+Tw+p6VFaFJQK9jN6?x}pHapHJK$Kor9?C@6>A zXkSTku%QhaMy#f=iT|_o5!>G3k=sD{77ALd-skrhoSG#$A&yCqVM?{1v-9Sq_*E+1 zczvF(2@mly>`&RGnhQ>R3 zx0EK-R=hC61Nv!SKD$%4BS>gnjtr*Fbb^mitW;ck{tZ8utjmVBz7g({RysRJ60J9m zk*l2l#f_grS2OBKXV~ZNc05SeL=ysu7G(cez&$$#@W7xu$hCUEq@fX_m&YfR*V!}Q zr)Me*c`~gZ4jCWS$$g5$?tkqf#@%n%s4aw`O8*l1UMCU}`SIc>t+p}kX_1W||nXRoYqKFgIiL5f#ZIzw7 zy1lLCFxwIZ!)%KZx-}2I`&r7|I9URFPPK%oW~+0dDgMy=qRV4z_0Jp~o?N%Lx4`~} z!rPHj&zH^jJv}|nsshulalCD{jox>)#-c8$Pf62-&aoJTu8BTMMyoNg!Z?S#ZKl0} z7nq{9!n=c{3>4yzy1VtvO%b9MX>);i_`~|ts!1{WUe~Koczo4r&+1+hUfBMWDCD~d z|I(%gP^~dKepU58zp@0)wQ;2J_C10j`ULJ)nH&_rQ`#M+^E{7=}-`((Tqi_$^2vt4YObKV48dD7{M->`` zJr%(sL9}my`@7Psj|*arRyrImM*-_k;z?N~Eg!-AjdvH4DtKyHGNC7u4;c>I{ZXk8 z_f;MRRRZI=SiXUU5>|nUUV=g~5cYd`LUw*giRBN1&9=$lx{AOUjIJ9lywtVdx}std zO8FcDzCC$xwRubyQrENjyr+R-mV5+ye52F2)kU_~> zN^z6SqYjLVtYJ?~=7UKOzZ0O5Om)l%ya)!P54$i?cGG~kQJ%cWavhzXb>z4R9Y>?;j{6Rgn4OYLa0E2L|BIIL!0nNWX2UBTXwJzXG_CfUiIMm3$TQ(ciO zk+3N9UR)N}58?4zxV1yW>bAT2LWL)V0RQY#MRLiCr(>A7i#7Y@_kvV^+sX0z{3AJ- zFNrr36!P=vnj~@EU3FJbu%KaSNuYm7|A?2kunF>fl;-l6$cUNog3~xnFE3dZ-$Wm_ z+{>grV$!9AKfezS5%`FWa8IGw%<$aq4YOa)TaAKT(*AWUk-CV1YCLm+PnKzC0?6q4 ziqlRl)HSm)l7O6cP)Sz_${h2TZNrR6D2HZSl*F{#eDI0CJ*q2qMldO(i-WUSC*<9v zn(PBmtAC(>v+fO&$>NAF?(6lu(jce$r9Si?rAwEX6`M*BQV@ zzgRK6xq1WI-h$sA>U^S{0H>=lbKf7dC5K4rtgghZ6kK=(9ke0(eB`R)w@o*$EQ(x- z%+J2w=|aXZ%ye7|`YzL&yg z*jUX9uq`QwenTV(ip?7g!GH=fD6LS>wXCA0-;$j0M&-=9Q!v zyqFVJ)tls9h@n3%&jYrxI8nl(hIJ+rsEF#RPuXFh#`9zi_<=oB7}5ptq<+vc@7Sn= zuMMQkE|A*gVPR3;-rn`IO2AvH+g_~MHk&C_Y41$_ia45_G?uRaFTs3&p$h5xXek`j znU|@krME)gB6ofg&VKH0tAdei42!p?XZh2X~K&-4V(tsLg}vv&=>5Lyf}2z z%s1bD#X?#a$(^TOdH4dWm(8a8 zkKoglBu^UfpC=~6@IuL+j}hGqq^b)8751xghR4AX_H4PTj5UD;wWDfU9fVyZ@n=f` zXP;i2e$4RbsMPIhZ?AbrRok0fi@A|$ZBK=vh)&RjU~Mh0Q|meyl|`X>C;!*f|Nd$= zN})vYaj|YtE>q}l82XrpG}$>w)Fm#;aU#~J2J9FSzi>rpHNEsDNT5n{A+Dvc4A(2v zt>}iKfqpIV96t`XGX@K@6eIDGlgUkD3uxsumXgiW)2j211?$BhDI6or3dTd#$aw*o zb%j2RVe;|Dn#wY%TnL~)U>ZyP>gp;U<73ultd3(9A+{`H)GZnoR&q}Go8Mxzd%HIq zfbG_48!+e@EyUE>>T(c3DwPCV^rNtUvo|<8hFs33VsM`bTe)Jn5tG*v4r8e5ng=^F zI2y0NkrsE1&8F1^6dd=Nlp-gRMUwLQz)#-d8E=2#bbtp3>Ph@2QI0ASX)$}hGkuYX z2Y>N?=R)S074?U9o@zFi;_-ZzHso&s-cO&#z7y;ZM_2k{nmnFM)NF9)fCFr-xE`TE zd#<%M%w-ZwwD<=jNi8(Lw^*nwxb~{i4eME$Knl*k8Bd}uTi<|-Z`ST~fFcdYOy-W? z5*`3Y_+)0Q`B3lpyirm^>&-SgJo%v!4vOk^6=QD|N%`{IsW7TBwZL!;p%Dw<^7`iX zLFL1)^DPr_Z_T!c{};~f|V;|oTGJsaDknW$<0ebRR7vj($ZyrDIIO=?e?l29<1!pk<6oKe#F z7!lrV!1wKd523v3p!%z-ctBQ}Y?>==yo(c5BS*rHnP2<@^Jh{(+7aD2{J_){=iEKx z0OtQTk^Sf+RAlL{594boY!_N{-uIV~$xiEZH`gOlwjB|!YS*TzD&~IG{2kQNcR3AW zGlh|JIv4xrs7EWVZ?ILED!5(EqM>EdHn$2!HM@{XmGd)!qXC2RV>7D4MIbF(^7de^ zRBxtmEQQxHX!&CH!fbfj*djWfIl|*8#@}o6vBe_FEp1OiCfnlgh=DHlcP>|qju!I{ zQC}UE;)%HM@UmhT;y?t=bbJn{j~U!9@++>8T6DLo16Ikz*$o(Gx)`s$1oIh%8bzo` zL4||O3q>3tSOHO)w$J!Uy+u(}I-L;}1_=+PdyyFCrtBD;6#Wsqqr04{D#RU$@(xgP z_0M-#b-bDcvuZ^B5{SmxNnb;eSia!9p4JvZmE)yXf{)h!LuP!Bu|w$Oztzozg@gWv8t7#gCT9qI_tv&Y}xU zfG%vL@!9*K_*kjVgY|NMMvlZ#g;~*M7VnwEaD)DArpOH-5Yh@fsL*N><(CykL854G zvYS#=z!QqAEWP>q4=S1RyX2+M%VAZUI)`o4GNW`yR=ekotPW-ANN9Y~*(v{v!AW_l z2mgOWRD{IAHVGtmY_99?YGT+5AT)r=mhegFtC`c!DJt`_o=K{))k(~#W2 zz(BOCIUw8lFsb=zFUyQLBYsmDCa>O!SK)KwPCuI@^hR$mQjPHpbcI7Y8Wt|M2TAJ< zm{CM&Os3Gn3x!bp+h;1S0Knq3qWHHvY}m-?X*^7`ZV368xW85x90N__@9?~;0j)N# z_!m!cd@#3PYD%iLQDQd+UT$Q$#pAfuPBK>7p9oyreTI4sc;F_hTFgpm#7RGQGdcQdun-&t|Tc^Mv2+$NVuDV6Y$KOQDh*Q2gj| zbDhyVaD&hBBXKm@oaKN@g(e!5wnr~%VH_bxC@9_W3|sRENH)a^%* zK5<#-ekgDhr@env$P)gJq6e-BLmBg3nW{)sxgc&%C+jeMzj_5El!$b{QG=LN)A^du zubPCTC|3?XE|~UdNaX+vCTL*X`V)dj!F!)mEI)Y#tfiqElH@q))8?PRPcV>!D>QVq zA&rfE3B&kVs5t7v#ju^`G%j}{Xn34=;mR1rYE4mY5mcBI+s{4y;XTkiUYEtwo(f3p zr4G1kUL;&jX2C&M2i?T}FnkiH&T_SpLq54XsVbw%78S~~L6nVolqnW3<_3!~ghX!a zme<=Y{kh#NRt2)Co*g}_J+vn{f6q{p$imaMX=d-Nd5NOJcwTU%JQ?jxD5DDTTpi9&!| zk_EoKYIZJF2L*31$^w6!dy9BSn0iNTA}%)|L&m!{_paU4?S>ILBY!(aM&Lo$8!Ifd zZ9UHo5!b0?%c9ZIfVyK3bo-02l28iMoZ7U@QIt&QYA`=OKM)jabrFJI!APb8DX9fp z&48eQt>s8ub^0fl(ZmOY46gd<8Q>v;fc;ymn2Tr?-_ul;t*v?H2<^LoCfk=#V`^0* z%f|8)9{u*k1w2rMkY>svcvINoXp&=E#do{^f?T1=f@!IGfbM>>3Ptn1MyTFCw!(1C z9*O-*J7w!|mK`Z&29V@S2g_i{5B4SPQlrr%1l1(-0Q?5CZXW+=sgzyv8&hidkP*?iNS`&;v>_lO64bjq z@~ssa;~OwMlzYSPvz0%bmF3YbPlj!5igs7fJpc6E?yTg)T=WJJptW#4UJoZ7O$vX5 z6sw?VrJ!+plCc6`8k3uTS{&QUV7O})i!3s&wEZob#p2N^LiA!U%wGB@i;8kZ%=^mk z>8cc3*X+Z^OM0{C(t#Mk7rWyasDojNWejfnc8r^oJGy16GE?Ph8%7)X_QX5m8Mue} zjP$xKnpi4E+2{{{0nBpkMr9@^xHRYA3BJOpc$|lgHfv;b(}wt!DF2luBzKeC}e*%3yD%o8aA{&*#M15v`masB;IBC(Q*zv&I9$~BZ|v>FvZ zz`33-g@ZQ8QV9dn=DuXc{UMg9@SjyV^1ECr!-3xv20SgMgc+iX(684%iZof+v+rCO z)eD*B>!XLc15BFRn_6q=hEA=e7`213TE4k{vbbU|`FqD>m9oOv7ozRu=MVAnXrq;! zZc=kWSzQ!rc+=_u|#HO3?2h=a{*(LoaE{;^3Ye5BWdG`bWrJ^v4~*{K9%a_ zM5tMVw_P!>30-P=Gm%Fm{1L(F=|!D>ScN!m=7NL^@KF1gI-q0w&;Hk=CU9`0-`&o6 zyB+;v-VVe|b6qWIwYj`scG{;PL8lZf5a@jDfvDGgbB?Eymaf5<>3>xqC{s2%KB&@Y zbmB$gu%pVV$IZ|wv~%qKPNO?gmErY;fTG1#Y^_G?Im7@9I*h7UDGrcK06`^;UM%zx6OukKrV%3+;&qaaI!#(JV#G| z-!y`{Hwf{Yg!xmO@dM)TOl|_?X`C4uF54ZNLPw)YXKC$)Xqhw?lyQXv^LzwwzrjD^ znuByeD&Fx16aPZA0wQk~e4xC6Cy=>Sz&6ybd3vpK{t% z6{>FY1U75qJIzRVt6&vjhamcaPEi<|o)nnF7LlV$4u;(d1T3i!cJL0KugY^R#a3B_QCmI-#LX+ zVSV>tu4K>mw(Ag1WmNQ$#NI`FRQd0N-XjSQq3P-A9~)=9)=OnP-5%V+A0%NR>_S~i z8gJ6>IKfso?}J3^E7zg>A&a+SJtP$au0DkUEo~9Bh$MB?BVX$x-8pcMV2tEHJi}1w9OU@BSG)h#@HJ7J#$BKGJ+_xQT#+8GuJZfwc7!|FQOIYv6TmTDCYcO4;dq*8yX zp_lNngMI=4m+ojX?ffmCcd$`JnZbTbE)D+oE>Q6{W%AM4asefsjG|5fH$h)4y~gYz z5>z{AEtnpzH-s-b*`Kds=MDB_ff6hvTt*x|KA*)->-go1bHY(oVI~99-#X9==`;;SIinP<5g`SB+Uv6k08wDnz$gQh)0InXsxL+NWVn!Epo? z%tQ&x)tK{lcGVTtyJ?UE*9JbFqilb*tM{AfL4_geTV~NtAEQ_u37fB2cw~9u8oaA6IaCy+ zt&P{oZdw^sQ6zCi;m}cJlXLuGN}zDpJKe(rrIJcP$sm)4J*lNCJ)!V?lboEU4NfDRi+^}Pkqe)9NQU%?xKx8$g|8(|LJ0rR~osInxY0e{;7 zHPzy!M2NSsNP2d?P$+#&dV{<|jHN=tNpPHE89v9Q0>@w`pm3u2(CeV>88kf?UvVCk znTgwq3T@y7q2$#^3NPF%5YT6Kp*1SG(^`s&N^87NxoDdlT+eC6PfTDyuPy;X2KK~* zJOhyv9a+Ta4}MBmwSMJ>Y=0X&rQH7W@d;5?F(_q@j+kX3rkJ_7vTgA)M+)L=6>xz% zcFH0LC;yJxIw<$pr^@n~nEc_#vvHx zihi-s6M=YZ%6)%az48>1Xtm=5Mq~%ews2A;22msq%dg){js>E^5Ur#!vS%b5W%X1XkywK;8wgP9XMeFNWX&qz0$B4#8}vOAXR)QLHb3l0Rl7H)0AF z4C|4y(HZbnc?}`YTb(#Y*!=tgW!UR8fpIO8U=A^e)_JG`w8{{NUB)LnaKit4%;MS&4-_J z`N}yRchRycbnw?C-h<4efm-W9Sp^lWWDA@B5}9`Qe*71{6d%Fqc>QxxIp>3~6J+)L zu&PUMDNfV@rj>0AybAm*NMLwveghO452OiTZK}6fdN+~DD;zw&QTx1q(PVSialrHX z;e*%mWx%Ss(=1Hn9*>y%tf@%9m*}(fJQySj=E};S$_NNnIJh5I-T9 zq&rZ(-ek}P0<7g<)X4Gh<5B06f;b6RlH|hQP2XY?+;rnX)O|N=a+zwC>9~*Z5@gC~ ziaEt8zh`noo1mVqIh}kuPw9|>+Zomi%t4qYPIlr;%2GZR6MynTgrA^$=f{lbwhcN^ z6%#e`FBDp`-;c`lIXSFwS;H9dXA>ODr;_^rgCEJ!8h`HLP(;@=7~?oEzv2L43a z>RTH7{sc2QJz3S1DR+K|4sOk>+4=-aFMI3ypD z7%=_8_|Rsx8sh?kMkL(@ANdRNTO=f;*$SmkmTFaKQFbbKfI$yfEDMF^=Htoay0=6> zCFBPb1EF0n|Ji%YnEno^szPdYVyc7-*T?#XJG*^%&|sOu;bUch6!>2N*WKIKd^V7^ zM4}{~DVi)2UV}v)o+ptej7*QOs8#wOmjrxR2@1I~GNszVvz2Ai5@4uzZWvAn})un-WeTAWKooD@rDn<*?({rMm9>+AS3UeVh zxR@nW!lXG)5?qQK1m6d5wMI{u)XgaXYeR;=7tvps5w{1UR1evOI;u;=zk|lT4?`=F&6((I+f$g`(XI~?LoQ8d<9{nv)^CuDT4w6{*25Wf;~P0 z$YP4TcRnP!mVYIk{pTws3+;a)a<9Md9XM$RU1CbyHSVKqmq#;5ot>T4;>K^wSX6KS zCKF*Xd!U8AXwuXKzXlQh_v^9m|44Qxi#-ErO$x-pq}L4p{R7~?DMqhpp#MLLhyVX~ z;5^oV$aCuhJD1Z@M4PKk|AXh%(HbVyzdf-HzK*S@j{o~b|L2=f?wb>Sf&Ve1gz};V zO@Z%3DnaIc3YI-{Lt|}EBW-#Nld)vMp6k(Spen5v$@G2-kUu_SDmRs5sK#O?PXIO* zsvdM499U|VI${~itf=Nr(n12zE8wvFY{DP-OuS|rgoN)`D1%FWUH#v`juN@QSXIn* zj$A&Y{-l(0~1Z`tDj|mqVq8=!9fxP zJ@s_}3&5K3r z8ZbA&km=cn0Qn4pn#to`cnz%1m`;%T-%-H80R}qYMi?=pHCuOMJ%!s68V?`;{OWL_ z?+Zr!Z){c*nxkVp29H@g|1WZIc-%fHQpr`nLi2)AJSimn2%g%W3*0EdM*aiHWRW|{ zVSq=K6B+R8cHA%nnO%f_L8>L&CoJpstZ%kmI|t+FQsoJ|I-Gtd0JpJTQ{WWQVB+cr z2`UATH@mtQ|Ld(ipiCx{8dM~gWpMo)G8E5^Nkc=!A%5%cc>d2=y->D-RUX__PzMAA zZOt7nz;ZJTnEfBG-O$!F7~CK95+w#M%P`Z>;7v_Ug|aa1nr17P#Bns+A~Bi#F22^5 zx045mB0?m@=dBk5EL5oSl!CAS4Z7*~VSR$?X0uriNT%2A9$Cf#djzgKuKjy&Wh>C@gz9`HP_G@xNe6Nr0HS%ry zDH!P$@h1C)JAy`|mgL$F>pd(YTu@mV5I(>6aCs6cnMjo@@azT4MmE6W^!gz(>XpSw zptyOMOy0Wb$?NqX2Ha6j?M@=W!OQ-MWq=(!WVe;?fE%@ED0BpeM_>z#Ia4St1W_yq z@SW)1?ekZG2CvWGVkT-*b@<^QaCPoPHKn$7~{=_LZ=L3y|7b1yH4RYz?c>nVrU2Olm8&yN5d5j&a%s$HpBds#Sz#>+Nf{RMM z77zSMXUdD!yY^=S!0Y5JBBrm!=LuT1T$46!sZcx>MT5yy2<#N5YDJkF$clG(R$8sO zqrPyzB_JRWmtx%+%EUijX%JMQMQ5E=cYcV<;BeTX(CPG`^$-U^0|*GXvtkz}GNOfW zQ@PGsEOB2fmvUPMwpZI;1X#?TZl1pv42CDu_)B4qZ-oQ(7TS$gP@uQ>69539aQ-cK zqqT4R47&!-oDMI$&12N?jLBCjCKP03FmtWR_b~;V$xUzVAkl25^1Wmt4W&mkBv*K^ zvRJW&Xt~L{%#ojK&~l+_kl>{)Fgsh1u@M}6=6Ej94W+S`{d12WzhZ;5gHB*=F59X; zL-1t+-!hgPCJUXZ8{+=G;-^|Jb`1}ABd1-r!&wjKH+ur5wzQjzGXkjoW7J(xDPHivkxG*}Zm)u2P>>)5#(Y=ft#_f{J`ks7U5d_f%7 zui+(F<{}yN=+Wy#5a)CIuv4Nm?cDf2`U}8|F@a92iS{1mQn<6-eRkma-(M*j&2}_) zn`d8o-OjHSj+)A4n%LjloKRA&(_X1p=w-^iAQvG2kUe<$!s#c~oJFqd#Fy7rVZiY6 znE#{u#qKxI=+wWVQnt`Dge?5G%O7;xhf(GH`Xv_<7N*+TX)#wE_55^Sj6b6V+{;wx z)FEQh>+}pp6I}V&re&Y{{5@c8c7oLIr>D#>VJA|n33c&xICY+EfV&)qAIwef3W z0%;<%>({a~?#{&3!4kd<4*N9l-~%uGM6=Q99qtG934B;%Rgb)RO&NmJ?KZ@G&6t{3 zf}GRvz6^AQ!~G&MhAZbe4*$Nuw^?9|hG#`1pBF+5YK#TA25qmaY~^Vzq`irjTsAxe z*neKZm(X^qt)JrjLbL|uCSZ-$V;##_L7Mqdx#_0CfE2|a+-6a+K6bM)kP zidQxDWP6;Lf!T$}%<>G@>-q$Ex7(;f#GSv$WF(b`Y{{=Dz~qJNRG<%ryUIsMz^r_K zO#RjId5D{2*RxLs>F+|oH*6S=o@%wy1g8R}=k4q6$Wc_N1jKqu$PIh@UbI}h{-~~i z-{un~j%pI60!) zw=AJpWAUvpfSVtj{=O|eWe4U8dxf+j9SNV)Z;xIF?nOG5NR+{8QebB|Udw!A&T@f} zheo?R`lbB>b6y;HalWA=BF>AUHbtyYny*GUm{akL)|E;cNDSW#3>yxTNw>cpVg#X( zI=62}lBt7zygho?cr)f1b()=E!Sy!U(-a@{hmQad0uRC?@wlqxo|`B;D?s|2!NdHR z+r=)z?znCU|MLz1d8)X#@!hnj$ArGn?U#?j-d^{Q2AB6Mz;oyr?!w`t_NZ!k9|&XV zneP9zGkCmMN$c}a5#iK~UK!S8R#d5IMolvi=lZG+7pp3Bj4B=CHv z)=Eaa8Oz68s#X>@p21ao_j8Cq$|pA*NUr=fxFDu|=w4u10{RS#HS&VyCmb(tVZkM@ zly>kXE-2O_Z*@BPsHS%1C}nmiV|%cd|C|6qN_%VK$qOE&u#S$76-td@Av%h3&z{cq z65;S)zG#BGW-t9wT3E;ZGX)y;`j4oC(ZZ=r1+kK??mQlkSm4P7?Zsxjy#(;u$j<)i zbi9rV!a93bmzZBcfSZ5XFBZN_r}Mp+%j6TT`m&Z7MSz0hSIO%UiaQK$I~2e*r`O%1 zM*HAEWcvB_nrDNaU(IB|870GK!vPrqRj`x8<;G!SV{@ZflOG06Ze` zK3t-{s1_KHVx(|7vUywr`(!vz7F#teup5c+sidFw4)OMohbhvSjBz|92XXkEidkY? zdnP6b!11&Qs5Gk)X7V#)H(P3P`TtadOx0(uJwnT;cost7FoP6^ZJ)26UV|&+DV!pYER+od1bLZUokW z;!ku+MfJ2l6PEC3>(3WaF$NrT*r93f0+sC@{*ItWcJpELwmPG)OdC_%y>!1X*X~q4 z?Chh3aHp{YzDCWB{cj-6_nquAF|o@fmh8&$5eW@tYQLoJc>@B2w;%7q_t%>E4frj` zvH0xH7)&IB+%|N0869pJhHvfA2cCz4_@aJi4yUuPEY|;c_vb(gSdF<~#C_)U)oQ6b z^POR#4m+$f?-0YaYm?wTyC5u714uecXRC1flBLgbu5tf;`YMwvG4MGf)h+lxM;?@* z;*=`4E&RY5?)4lGeV8NsH2f3UlJi+^lQQ!6p=f?RiZ5&^5FD)EK8 z%0+hFZ)3h?(K$6B!AG6z#1k~+2jM{~{-B~ExDMK)6f;gULYI5e`Z?y|cxG!8c#8D< zbf2#X5*15OK!57Z>&zanC#U$YKU4^8q($fc3G~wLxF+1tlaUcs6|E!Y6lN>LUo+eG4h<0+C5%_F1L`24(DI&FfJX~ zata+G@9*cPzkFs0{1G$ZwoMSZd!dtUtYPX@u|+lRD1VDt@C0V@eeRwP9pkOZmoh;P zctX3zJ{-Rb)q|W*arSeXrtJ7tRS|exK|Ucx!()+GNKi8D9|GIq6)UbGtY^L*ZLy3> z-wGDI9?^b)N|Wtqt)|I5Pxc)Ud~^F2tX0wGGbSNB^PNIjf|T_8(yf2wh(Dyh0zI zsnBZt+}ZU9h>_3OqtEd|3Si{p^Y*EsnSM~1ydi+Jn|+cT7#Ilqvj-2g@fm+%;)VEI z1Rm`p2Y8I}Eh-{!@93zpoZzcJox}z`a2UQKLKu2h8#T;Ssuc7n?UBZ-0in&#hjQ@P zJa3F8lY!#xkR$ zGFlBbGBe1o7Mc6itPkACBsOjmEf*M!{=7-hQde!&DHr*3{L5E(f5!F)#cGV;@aQ3A(B_?q3G2J|I!s{tt zriu`$!Nx@KgYlJ%69>4#q&5js&|cJI(i6dB{14Dm3V??Z;v; zD_(r%=}4Y#AMS-mrn5<%)@d8r4^ya=lI)JBhMLf7=4d6$N&=}e172d_VRit#3`w?~ zk{O_ljN-`JTk1?<4GjmQzMHKyHcU5D#NeRdL^w}76Zu!-s$kG-1u+r_=Q$KeO759~ z>X|J(x@7oacgId(7v#9)SRbmsZi*fm(~6-lPs?1aREDtl+-|GWx&-w!@)GtQUGqR+0N zKfGi?Mo0%KprngCh!N@~nqaEb+SBXl@%W1rdMQw%!BtPz{~*unj9&+xLMDV51iY;%)QduEkXqdzLUR z77vg`g7QJ!$OolAUN@N?i>=<|UInM4LbXzGXhZZ&)y9Zmo~+Lo5FFvJ!pltD_Tc)! z;0jG`b#NL;B>dbxPW=|lQ)!0t&#sZimsdj1(rNy!Xyy1VSG42OL!_Oq*yGb~!SixR z=Ak6KFNo;{hrar8pAz<$RW&ErEYx+Mu_`LWqOgLBCbA5BcgKi+6c5c&FZ@ZHhXTUU z;}$9^DgvuQ;~?CwhrT$hrNpL)e+3p2N@f^c=iv()xS`yVXf;UUhWCDF5bQNnl~^9_ z7gNw^)_?f4H!*h@EKdTKuYvp9k6`(N`#Wm5ce3^>SQ(gbIq88?*U&0i>XT9{|J6K| zm%or4&!5EUXcBv7OMA@k@+k5X;B%L*h?_<$#)du6DG04aGC(^B(tHA`qV4yS0iPPT6UpG*D;z^7dzPr#}c93(KyC_jtfY><98>_U5j0&%1$drI~hUA8ZRfHug<_jEatFWo2IAijeX z$!6(a-Z5S~R;st)a2DL)Qh!%s8mbZxJ!i}^wEugcB8|m9uy4;W4BFMn6#V@Bk!h@< z;LYTv;{SkCRJ*$#jmQb5K-C8q>zdPFf)UuPLOj>kV_LELjz>d+6}6$Is6{0)UcMHg z4V>9jJp+*djzN>t#XOk!md-E1QvSU`XwQDWa)Y9lwjPQeeWI5dQumX?9j7RoV9w2F zzXlw3=4eJP8|d~IPVIcoU^9+Wtd@Yr_A=7@o=oPf@oPBcG~}o2&f`xed%xuX`aGbk zGlk2#HEqiIu@CkqkG=A?C0dC_M{AsZ;YV*IR5D6HZLY)T0u;ou%zA3eD3@qr&zOv( zC}xDAG8mu9@2=fDm!0nq8^$8c7wf+-SkP&=lNi!S`@}Uk;ANY};j@)+`6QMjc2kLy zMV^;!7TaSHU8U9ZrNKf~?G+kctoQbH(hovb`hH{2u$&MZE=Qz-=>u6GrAILs6L|?zkD|6H9w8Dc(1LV|rwB{D)LpGC% z4EoHxJ2}RfChHZ%a-Al`wKkVTjQM(whFFY#S4P?U4#hvx_T7Rh!tOtqsyweD^gCIU z%&I|*O9es2@Fepsxg#!0Oc4$Gk}hSGz|ygD1)uc*JYheN4~;Qr8`uq~(bNVf;p;W3_#Oxy3^Hgz4$R%{csCGucur zeIe1R3BS#ygg29|qE59T4}~-=541+upZy_($K_Iow4AJQl`YwRSSp(}C{Rka=`k&) zrqsc-*D!pzzazA4EdK@t3!qNl=tV@!1@U#Mmtl-C*nty%0xpqa;u4`@Cy@QFQbtuq z6{*E2Ui^`iT9L6E6r?81|6jblWmuDO|2J%-C?EnNZP5~v(xHNMj!x;8Zcb4FMN+y! zx*H_Ml!gH#HvwVN&4e)qjKO_!UH|`cAIEb%uOD6w*p4&yJAdE$gi?`gXpOKFDqjPW zeQ|m-jSkUS6242n_oy5z4FXh9i77W^NQ3no9jB--zp=U+R&-RRMn_R;tf!39gUv(1 zyB5h2vX)q&>;-I(nk{wcMvcPUSe}`+>ptxrciNEBt2E^{dgzcqbkT%KH@Too_rzQt z1kRuP5|X`mnnwL99Fw@Mes%UN8u6#d1bK%jz+bh~h^x)``S|A`G(wW0l z6ZV4i8eQi~xqjFa&4gcUAIl0j-oGL=>AZm5ACI1ypEuju0=uWz%+1l5C4ohW$0V!} zRMInu_Lg*5Ay#&ZQkUsF$COdMEm?GU3|DKxTTmE?ql||-*7Uzp84!UGmCtu*t=?dE zdCQhLfV(BBzp!{{;Jdh9xwQg?Mn{k^n5mr`7lrsb?*F8P)YEbsU-ac`3U6MdbqRe2 zs{(5Dz(L1rSEo{$<_?Rn!UNu!U8>2ee^-ZP-dUhs3;UKl=AJI&?xvubx=t&OjtQ2t zO*`KgGwWDvMjt2a=8(~g{K|$B5_j`JF~{Ffz^ZM0F}z@S4UraxbdktaY<5-tTKJX$l)l=P;j9m)PSn~|KHe1VUveSQavl}oak`KN5h`BXBR6|~(-9B~1R zyv@QJlHYKqwYo_wzytS*--d61gjU%IWnQDJMz_QiOfy@lq5^s{3mU_wDO`kdU_r0@ zl+&|HuQg^!5`6i6$Oo&uSxAwq!}ei;)sHo6-yb&K>v~En;8)N`@Wo6q`>JQ?70XmN zSbsHb@qp~?H8?b~zm0>cUVgdRrKb$^8U5#pNI>`e&ef7XVUF6{8yH=qeG({Isba(^ z6`-o77Cx!-X4msj6&EQG5G}&-;1%h^f_+Mq>?54?Q(R&hWGe7%Aos6U(qK}U;}^$V z%|;;Sahibt;u(>k5IaC^-pIL>cTI<@p+qY`-Eyfl==HTJuj>!@_&(+IW4?Ro9lai`A5Kxc)Fx^2a%0EogtwH- zbAQ>Pv$WbVw`ZkwEUcwE;^=e^G=B*z8!AzZc>7l+JdWLULRmM0bN(ggRc$KjBP^)W zA3?#Q+$3+fXJC><(%IGZdh~1Eb9fSW`GJW^or>C{4n$HZU2j?Hw>jkp8FT7}$i(*V z!?mvrXY(tQK4!bk1MLc{LuslbMs^QY*E)LzSl_;lcGHQUpZ0PPCaoz1=ezyu7#c(+ zyr>77LRliY@SHx`OFrS-2uBV=ecO)9oi3l38Tyr)NCI3damz1{;gZey`QX#5pkJv> zZiUz?qDjb|+x2~sc}R?FDm^}aC8#_!%?wct!7u0wID0|13e_T(EVM^h5j z(8n#! zhLFN*+JI3p8+H0f;J`iBZhUbGHQQ2W*jG?%^o2f^fcQnh74E9Q4$7Z=(J6KZtyhLJ zU~k@#9d1n+zoG8`920eKJVV#tp2IRP@4LX3T`mM}`v4r=-JsayOX2rBIQo+MY;&@- z65Hs-eAD;g z6Y!rU7Fu@;64=0{-Kxu(r~L5#OmcESY|5kHfcP-3C%l7K6UQW+yY0O&GJzUF^3CAjwCowkOnw1s)m>QDdgj=JYXcq^ z8v{vsojr!60+_f8d#ap5AG97<{%$t)r@d2=LQal6A*{1eKZ?(>bjuRT^o<`wfA|SH zq^k;8*`|K_^uf%!nMlN={RoFlAO(bynb~r@wxR-brTue+(y|a3FTg*&7Z9DL*+F6z z9Mmf-P`sS~oq4_PsTAol;|sr=7owmWsd~wJH_2`RpujySd17IepG{pFSy?G8-_^Nz z8WL_1Sv^C&Uhm{cQ{a7Gqxt(m4XiRc`ZR!)?AFJRp`rap1)gg$_Nb00AXDlBoAq;Q z3i5QFSt@{$LByq3S+K19xePn#D6|;YRVD{*eVcD42O4C&{(s~nOm((F!0qRsK(1_l zjLNTwns-YpZ$n`?G+anX*ds zr`2d6-4Rnf^-E37cbW5i9Uwe2@pp;h#Q$>mvH$YsZ?qMJ=73_}CeRSI{-|%d*VQJ? z%*^(K9d#?iK`RnaRD+fmFzZbmpjyN(rG6^3p?{^wkP^xY6DizMLp5@?DL6Y%RyRjy zG(UX7aT7GRKpxF>|8P}pVZOKT+s7|+J5ft{{7J~!*&_PnuHop|*gi}R!kpW)|HGYX zwAIG5QafWW$<&bxJyobz_)S|5RCG{9ratPhHF zfd>L7sgE96%5S3AQDNcA)q+y*;zymfKkZ9B*jf_2QTF|5Sh;DNFZ^oQ^?XQU(I;}#7yYp$eG_k7VpjDj=rLKb7uq)G3 zD+`d%x-V-w+Z>v?tdF$CfNrL0ehBokM-2^P??;AS26R@ms9kOpbZ8I zp9A^CeGb)0pto5GtiDHnU z1jWzqd6a-uRFM-uaQs|0B>gv9COdp#Kk*M6$&vDE1JLt}QcN@8;AQ3yswlR?%pr+4 zx9E-i8rBftCp{Rxa?OxE`H~zWBsKuj~ zFu#SMdL}H$&3|j^dPkR1A(GPFfj#m6uAt=mJn8u=&CCzPf>LkZ-JP%3aDzWF9mNCa znvh_k#AaxjaH(6%_s1!0{lKf>MXD=0K~qI>!cO;t{LbaBMR1mCvrO07CRN4KisSR< z_Zpgp_s}i-?|dVwbE-9WlvS_SgII;PJFR5DTmAD*v|=rzKrKv}N0SNL8AE?XOYjI# z$K%z6`Af2>eH)-_TMS#kfDZh~rU6jI9xSqzl6fW$I(7eKcvsIBT^rQHB^h*d6Ev1n ze4rX`4WA(E*mf&)KiL)o4b9XsXDjgJo{DMgr_lV$&G!MFbD%7pV3FE$`|TMt{2%7C z0MXML!Alp=_qw`}g|6&of%5dfcY|gVv>X*5)J@yID97s9jl4bn7N!h#3IK)qcK>%f zy=0Ohr`NzyFSQz!j4gB(4?12gA!dEwkIdkXAXoRiT*ifSF*A~$yOLaQ@Rwd&g_S9W zle2vJb(Nr^prcn=O{A=1c=^9;Oa32#t$SOvw?|dX4~#u_N0bA-IN_K>`O~5EWP3q~>Bk)lE<92N@T6Q^K4&P57$@ z`PT){!BKlI=uPl8Upo1M@K~ShQe(Bn29k>S)k(lUnc3l=qo)P0mW;03Cy8ILE2@9B z4ty*07_uhVdDV7v%k1FC{{BNa#zMH4-xsn6Kkx7dZmioAilbtP>ksG(+(Fc+JSE?- zhv%b(B7J`3v(3+QsHYn*Ln&47 zx!Ui#AIN?{FY(`QR8-i#iGdMmujS7MPyQr1?|`J8bgv3jwfWL7kPbSZX*j5ndiV1n z07@}59D4K_Zkp?BKmjH>xhhbEH}|E)P8siN_eJgw4ggd@vn)5&Sv&ntNZ&0H=gzoa zR~v2+L0S82c(0A_+Ar;q(ei^q51yfr>Frif4@aVP5qQn zwaf$-aur5>Y$p7g43Z(@5XCu82KddTL+A-xnm*@id>}_%8hVuRfds;(f3LMyg_ciq zD+0R$ryZ*?xbMuZU2-@1nQ6=g(tIwiU#sEW!1xQmOl@?nm{e}2q)dyU0B+K#Yy(1< zDbC+exs>bi+zE*Vot5$-89s}QgPDPmqsu#si(GXc93@&%M;gkX#vB0M)v^RqwRSKb z%1sR>B|Q~T`}G@B;#3 zIvj;Vp;r%gXDQ&5r9#;g^iySv+tXOT!)>tu{I=`lgDghIJx>175>%@E|7E@3nXWHo zz><(N_rid0zqHy@>jYa=*3|8%nxu?`+`>Ox-!F&8L{XP*|8BC$A7AoZ<+;1o9CkU) z<(Btc_e#KcYQ%=2Wr&{;^b>FV*eR zJu3Du*Y6LIaevbU`#<+ko~%!*=z5E+oA32nH|yjAv0SaCgIU{sKjOgY4@irm15Jc} z7FEvj5A=6LTx^+|?-8PJ>KjmtOC6t&D@>&DoZIy#$-1~bnAs;QM{XMkxgEpppgYlR zUIu&4O&8MiY>oYwoK#kXXSmTEs&ja`9pPcXv$s88+8|_{HrS~Y4SejBdGdz7`R(-_ zpk9sZ+NTl{CRl9O4T-8CdE%nFBO;3^@c{JGefaeYO(@Z^HE;X3;tOxlo5G|{RcFUo z{}-S+v!6LfxYA(%sq@*{nd9LjRtuMz2E(PT3l+*B<@8BfWQ8%`DQKNFr5m^lsBI;BjqOXolHhem;Tji$`Vk?R+U4E0_nU}psX%h3*=8N=gm#?Y z=7HhkF-_deyKhL!#GCeamie}43hOm<$_+X)70mY!ncBLIzPrxNC@>jQv9v?ujf`~S z`1Bb5lLQ1Es%L#_y?y$4k~B z2H#FA%qk;~vJlyY^MTm~?^B*dpP#)qGpw_i+7#wE+p3n|=($^}wg1xgUw`gI@yJsa z(6IBB|K8&DRv%1Q4AX3$dzZr7EBOrKN(MWB8X5k>-v)li$*qHytTRm*j;FaH$Au*& z6#;}@9`(!@JOK6V`P`uwxC2_FQHEck<6u|M?gk}{FO+VC+@@!?*M4!U*lGzkc^xYs>`uQt zz!)|L@T?-T3PlDQzOij}T)puK!gYJHOl$5hzCT5jBAkpF_ymratVZ95$dkvrHVIko zNW8mrF`_O@g0D;)QT4{YOmUsN@C-Wm*88fO9VFmBE2BpPez7Z8QZ9x8B{$4+gK~|J?_jPPAYlS=Vk+fBR$9$7|ZNJOxrX-RI&T9S|_0&n?HP z@32Tu{sjhMAn?zsr)X;Nasvx&-*q2_eZC3 z{}bY>S`>reOv%#v#}6O>m*b6Ip!WB^Mfb3PM}4xy46@^G-5WU1A=zi@+<%aD`9-LUl%d&=&|4%9s%0c>_Dy$M4qCWxe{AGR0q z%F)?JLP={4kwVdo`6HJne_eR@<+pOLSdm0VF^|6+6U8?$AfP!vnw-Xzf2{@(jkIZ& zGefuyl=_|_=7WDKYIz4Uo@2t9mDi!Z1)SQ{G}ox_YIa|FD;HVvITDJWmo4N3+19n1 zudZKf`~G=6uv+Q8=2dHanuPzoy6L&68QI$yLdapTb)AHuM4N;lK09z^&PTh8mT?lI z7Fp)FamtJURwke`{_9cM&^+Knx?b$gC1coHB6C)QB1)J-=c97=RTJY$&Whq9%ovJ0 zro=S=yHTsSG91Z_l4#Z^wU-GrHIrund^L#*+oRl2c)4E76`%K>yDSm79*p8aQ)9;= zpX-5N^uRa9KsN|3$gQ0C=WIv0ED{$IljGxXhE~KOX$d%Mya#hA(5dHr+o8MjW$VJX z#WI7()ojGORf~E4+e_Axwo^WH{D%PCb}4t&k0IVi zFi#Y(T9(L5b3{gUt(EkC8WS}gU1@Q4u=>@Lxl&NGW0n|dOT={GJ3wpAU12^SM{6Gj ziTaa@D?3ZKb(>vHal51Voe(|jF>9f2>3A!AhGIg*al8Pi&Ejyay9w&Klz#qqQ|*B$ za!a^K#<#OuNiT4j9!$uP>Yw>P{&8#F2!Gn_tx}!Q7%)ta>maI2o%G*rbR6qEbKRMS z_RZ^K=Vj=H1%@v_p`zXzuWTbV+%jxEGKT5QJt*BMSC0nWmqB5jb7UpbhZ#7qG#xK1 zoU?29hXZu3UMULHzS$lxSS14d2U2q`!Mp@KlO`g=tzkBJRrIhghr0s(n_t*v z{0)?fHCOVm|H+{*zOorTl`DtuMohWRye(o}|4X=0s)0Up2w)j_?%AE8-N@H*P{*iV z{Jk<*au_xiRrh9dG0w=gjg9QQQFMNCvUFnmXKKq|0{xfqPH~Z*uE<&J z%F#)nwrg8ub5@y~tLpsuyHCMg`c2M;flp(^d~PWYq*i>~&|!BPY}h~!9MkOlZkaGM zYw=(We42XeZIM2`-@}~vy;N^GA<<}^A^6v(q5~$f#?!d#qBoO-|A!MAxxp}mwSV> ze|<+2@Az#F^d0nOxXq@84QH5FtYwD?jBl-*gGi(7qH0|u zjhmb)&oNPF^96nQM}mN_tg;QH32OO4>}v;MB)d!a`GkStk9YC52=SaoyQ*T!g#~Gp z4gKBosuPseJXE%RCfNTdkEHSjpx>~|?3H7ynsE zmN4tJ83i9fIziZVHEk z)Vu`zSK@jQ5g8faIK%v!c{UG;`?|g}dy2Te8#@qmx<4=z;4orliruu$`s_2k^2Y7Q zQ`HMcyFFAp6< z(Q7khv}MAdo>-j81p-gLk4*pSXPY7|MJE+bLSGvwL@!*f1IMHON?p=BA#-On@zNJ#a6*k-o zlPFj-_nXeP?Xk&XaGEMB4czU3+c}(1_D72N*y0SYkN44*bmrwD_crY9N{`D<6E!b1 zj#eYNw?&rF+~-Zjclm=$O)HjWVdyOBS)o4c1T)ic+pH> zr`vspabUSLV87IE=h^VMjq>bAS($UMCev)8N>xH$=9GfqEnZtqKkeXO7ke1lgh&A5 zgem0gn3kS6))#Oz*0)0x7+}w;v?6wTBK#Vx=*>odo)Cw}Qfrrl{_e`@&0=$jzJdnl z*=;0caN&8wjv_J%&l6p;<`6gv|6|~6o0JCNDghm)X3?hD6IsI3tClkk2(lwd)8{VW|wOGC8s=m)@ zqpUPH)0RSf!|53s_%HO=;S(|N9@pia9{aA4R@;;ZJ;Sa|cq zs*jqIt|}ve&Sok0mQcE)a_a4+_aVVM;0q6u0jAsL8(RwCj$yf3Q`~T$@H-qi z9($MT`#%%xv;P;2pNVbwQR6^WNyOwl%@KT*rsawTwqQZo8&SBaM@|JRp4h@I;jEnq zJ~pdK7Eda{ZK$tyLo^6hD)0kawMJAA)veeo#MOMkr|Tnu96 zXYxsh+wa)U-oDQ}`I#~wH>9HxaBUB?zcp>fZs7C+CG(74)Uj|N2zC3A^BjZt9$8~lxI_lEWr1Oh(Fa$E;GM#Ag`!ukQ$yJe>I3jX6dINy06A4?Nq6QH}BM+=_J?OhOiKO zD3DXw%a8+Cvl!Lo zA#L!8Z=r~8qg5l*IXg$?B(oo9My<~(t1IB8x|JMQ%#{f}_kfvJ?+owi?79l|i4p#* zd^&>-PG9dP1>@%DY%07ZU7ev`o1R*p1^8Itq=D`~W$-Hlxq9 ze%Af`mplMqdm3)#knwB%Y+p^HHUCHOH7D#=!z4!WE$g#xjZR?xlKo?VB?9(cW}GkRspyB8{(~V zL41m_531a$*k%gjwu!uqW$D6B>+^v($`qpM4>^`UwR*QGBymH=*JFFvlTh|%!**E)9LAHzxqJ@$HNZE&vFlEAxA?*0TLCK}9Xauh^x zJIn+$yeG&?RZ8S`U*_JG`&D3p$P_cCAoG7%?tA@GoJ#6gtWq>mNISs=e zw`3JB0$JNF>G?psEMehmb$prawd1~gK(H#4_tK?HadT=J&tIaIIq}WoMV~y z8Yv}p5hAs4)^*3l?hbea>o5xz%ZnGwdbWf4w!^&ImFbOj0s3{+6Xe#?RHqDLi&uw@ zYesjk0=q4=G)s~3@D)8^iYsZVBUmC>+AcYgnwRlBeYt2|_TMAN54rq~%Mpgq+u$X9 z{_iEY-ymOileyA3*f)8-pZVmlr7NVM8{81>{>?x9oysXS^k;ANa>0#IdGH(_e*Eue zz|&H^Mtb?uC69Pe4O4LZMVJ8A;JUznZVC9Vdf+a{HSq2K{rPbBKcD^YFAr~0{{QeV z;Qt=%RivbldkPWOwOf&CL#V-y(g_E9RW`*q7SxQ!-9ejG=NWrj;^YGsPdw;4c$N^u z?2|ju!!t5fO0v~(@*Fh<zMUjKl61(ao z1w7daloZ)$u=@pUl-gxO;yYjC4s>Gez)$Vnq<%b`c8s-@60>Pm_yaLC%?K-87ruQa z?MQ+fq(x-ZN{~F9Kk8Z7M0M!uVQ&2AFgM?thX`v_L(js^0&zB`U_!5lA=kFp`^M_% zC-*Xm$CwRV#i-eKoBESKVzP79ZF-=L!8`ChbpYp;uzsH=rq6nlr4L-DS+W*UQKpPl zYp%~Ua_{!Pst#_7m3{P|WAtlF_-v2XF7-89t&LR7(-e#zq}2;8ht^#q6_h*5yZM?~ zx zYgN=Yo7N-avyYo<`#>!ouxzh~ksr06Dl6H z4|SNt2HeR1b2*nnzltm8-Ua&AZ&KUFbNQZ^<5)xzyBuMxwHe95bW4;hA1}Fc_^?KLn<+<6~#8#o(Dia+*{eFo8uXw?fg!+a_l(AYl?KlwyB#up~MFvP>2tdA& z-?lm-_+-LqT~8wL-A|vu#xWq)3!hm2dGK61CO}EOp zhYrC*ZHLqHK~OoTxVTZFiZQH>yJ{2^B!LvEI#jQry%7&_&?O&J4<+v5bSXuhqT$h9 z(>8!wPg2#bpc8iO2j`_JGSCz=;CL#XVIf&F6`bj;`di2CdW>gB!3r14YGf$kTvyG4vCb|o zG7l&(-HSdxA@AJ)QCJ8f@5Q8F+SH%UKodS-3e#Gy# z6Ga+bgG*7^t24lhwt)KJMaX&Sc8Zre-ni_Vjg;Olu&!(eykB06{QCyABPs>{MxA`Wa_&Wz_J=8Qbg|X6SuWrK(3#i!D zOJsjtX>EXTleL$_K#{qHy+1p%&08NS6xUJc^Emj5_LoIgFGz&XVJ){_g~2KIaC<(V zJgaI913NAG{#uIgb0kwNA8ao7iyfHvPsqN_-bYy*8Zt@^AJl*SUTY-PUN*%6CMZ@%NP=q;fJ{N+p zfhSGjP^RT=7VzHI*J%i)JLoBP(ZfDOt$t z&zbt&O1q}AaLZJ&WiJVb%y69(hL^jFx%^)<#nzC$!D9g-tIXa`_lx*)DoPi_u=d2= zi2%=CX;a+30#86w6IZe%Q0LV)7b(e{kCL7(hBaq3NK|kq_B+9f^jfgAja}?-y}AI2 z3`n*7<>;2?GA907voaZxoY4dwpV?pU`>Ir0m*#TT>~3M za|ysUDYxdk3<$AgB!ZlmS1>4Dpa<{R8jBjE2~X~~LN*I;qOtMh&f?pX?OJ*yfirih z*s9?#h6Bgk1X(kg$5v-WyKnt+2PAe-=@z>ycp9w(v6TC#-n#hUdlHr&ofdhw3cUPX z64FuRQ_YB}S{Xj7$BuNmu%bP6izW4JsI5VWo)k@{5d)dhuKI1_Hb6Nt6SUCS!c0@)@(A82ACB^rd8MJtTqZid&IayS?=7fZ8PNE& zx!D%wfb$EiZ#6)7(NRG3UAFM_HqcnKC=-g?^Uw(0wZ9iSA0XQf0u2!<;*=E`)s*d?*@$r9{`->G+~>FF*Rrb+3Okr58Q z!&cMiu_8k+>i&JVV~ZDTU^~sUI5nI3Lp&yTGey$ra2A1S!lRx>-& zMa@6%0-E`XK_x1D&~B^X_;|&J#cCLC;dA^Z;7O?zxB(bZTP^2bg zbwZs~k94@A0JaY7n95Ux+)oWwh8ZM&_`;Dqtt&`ra8rQ>^cZO@jB4)8HEVdT0ztMc z5&GsK&!-Vv>tp%!{QsC~Zr`4$M@UxQrk`w1sjfc^TwaeAb~}@gW|2^^w9LL7|L@-$ zqD%0Nml4qF`Q|_02^fX~koL5}2g<%2?K{mt17pnq+=_McISS2<`a ziO<|@w#fyR0mg{SzH|A8f~6aurV;!tbrb>n85v;) zPH!YXGb=03@t+S-_xRPB;o2$(8X(pK8fRDH*G97H5e#mp=Yh2SZUZ?7N70Y)4>duw zTu!@6&L15J1fGfc3y5Z+Cc-C2$uQ1i*!n}qKe>*~)z6t0*&ZDDf2hbxZhR?~jqUF? z^?7eG`Lk>fuDbf&f4&&GWhC8Vmc{$5NC9$XizBCbu_PN-+OGJo#KgdC4pkb3gB>6I z{E_8jYv^GZG#xs?-|BhfGdGo&s2CnM5VJMa`Xe31RZ?y?0~C-)OPbqV(VBvTUC;d!5SSwb;&q01OO=04(DG+K5r>ec;p>uRgZ(^ zwLX+XqMAOA0qH_N()*lL^?o-znwnZ(X!N#Axa@wBz zPz{!N{#-~{YdE@&SaSQ|w^V^KE!G#=TyVA7!RRWd$?h_BHE*ObuXu0Kur8*oA+|Fc6{d&xsCcB^yFi%CNd^!$_835hlA$v#LOJ7tTZ@;fU=4Bmv zSEamunk`ebvi zE#=0Xr|+pp!Y?123=yB?+$VBRqwfThou@G_FVu$f$}{jMn`1VU2Kkrm00fnqGL)d(Le%Q$t3l zI$Jcbowp@~oT}sp(El>v-`THC_h9_diqD}{aSRvp{i42{03$S?kv*TFtx;dMH79g` z@%A1<^jAKE+qR|5y#Nf9!pj(Ae9?^R><28k<$u>-TX-2^O_qG!}1h=WA ze{ZJIsag7gh^|_OP>i{4-803IqmCK#IVF%Tfg^pKraESq9b~do)h-Z{HXs>%5dX-> z!ftXs7B?@khDTXnO2@kcTRhG7?>=n*0s&WBtxj!aN(l;^{&1JpcCdDgMLAW&N*^Qf z#|g0t{?@8Z&eQTB&an2X%@8fJXL_`=#)j4sLlX zDaCph*)oMPpIi0C&cZfQ%mcKJ7q56CG032tC$Wsk{&*Hv27p5dy(NM?wp!hu4mb{5 z3zqH+(pT-ZFhRb12xA4tmqf$=e3Z4kFR(&Mb>r4j>OFuBzSY_+GFwPPm5e?;#djI) z`CP3=bw8&wC^}u9p$JMDx2ej{h`}~Va*H!aR z&Yx(_VU*6TQ;g$}x%D_hw!2Qa4|*jmG(?1DL?(C3_&)yT5v%o;Fi|sYlPC9?N7t|Y zDl+EfUcesb9cOKNS!xmMcM|n;-<_E&;(DkWgF4u|tbtatEZZKo1MF*==n2y4yj!!ZNKHSh8|3}5i&x`fyUQy{v3 zY>#JmJSD$JPv=eU_XmMLSxgVpE!CB-ocHI-m0hUFc>*c2XO4YnDbIFfS}cD#7?08N z#_5m(Q`eTK3!B*aqwaDf6-Y|*2?!!zVW|FMM{SUR=9Lu2fwU}W?Nd}iE7wc zkzIB`r&BOEKb%@Fo$vy=c(JH-*>3|;%D{uCQ95<6Zp{U3@tka9Tg*Z`mrukxPB)z- zKJr_}@js%{6V8Qq}iv?+vNCb=dt}&N6{4jsMMqKI`|$N*!a^=}BN+sJu?mByB>iuMIHU zWKyc-Lx!-_bg8Q$|*T^%4t=-TLSjtod-rI75O=-8-a
    3JC2u z+ZW8Sfv9~!sxwt1!ERO{k;n3{WFA{ILwQixz7Z@0s+`jCY&!T2=D&{sfF*R`cSEIf z+y-aK1J7S(Ne9o^y%)|i4gls09>q!)^|1tZZ#BCOWn)VN=Dn;={n_Hs-((z!(T{u| zfg$tM+nT|aoKJ9W9wwna!?fw%+I&+d{=-?l#gIuLk0Y(RhbwGV_~iwx;p#lPrc((p z<#p0D09?c@iTZ~W)VxM?g}k&hDi8-{U`X-<+h{ZQqU!0XAKPExa5FP_)6+&NFyzPb zCj)MNL-#XXo-A~>{_|Q{nGDRiR8hPyM15b_G=pYBiUm`1)xYD4-WLdOng#(I!o zEhxlP8|5oIZqU5e;KLY&Y?NO0RaMUI6A{Z0acOd@_FW&H$AGia0=im!R~-w~by325 za~&(6O^uZjDg+{4UU}mTkMw+h?5yTLESq{POdO8(50N2tm}=4qxf<4+<)X6Qb)97U zlKmoL`Wmb}d8F7@*vjpXT2aL`qKcMKo#z^oZ<t^>g0l-FAT*E%%G1`95b=!Y7jdlsoA*5=qzuB&C6+8fxfyP|3lM3+T7_r^$MNM- z$Fc8WSxmGgD>6ju6!!|t^p0W5wJ) z8O|cclH)8)V^f0P$j@%xwu(mO#AkV+>QdnK9krIXI-N&5qUg`&_b-yJhO^$dw!0id zMXGi_h2M@F*~bMrbVoFLA(=dc{6GXJk^$w%Z_(w-r%UGphPqrj|2>D+CGDX2}VR5O}} z4D6YykR`O(tv27$?L@5p9rKKo3{l5%vzZ1og%n;nH1Q>g$y7TGv|EO69nUX41@J~# z!&KGIZ%Wrjf|W2udCz#Op2sWCXUG<1RCSMoB6w^(r^n z3(X2Yq@Smp6G=bOImb=rQe4zOmt=QqK-z!oF-gKVr1TBo0w&V#AKWZ=`+gLYN#N>s z3w1SupFl@NmH%>K;SlIks>-n<9A?ebS`{Pi)W2Yl$8Z)q0y zZZ$HM@NI${oeWw8o(!;ip@|e_I%`!v52vp25{J>NaInv?vy_nufH}Ow#3~P`S+!Qb zIFhYRh-ZHVQM|tX^M*}daIYOAlS0>}wj+g;lRG_=2kG17nkDXFrt$W;0^@v;_H*9O zwn9*N>!0^&!rL1(%eBm$(=l|HECg<-DUEf9c8cYMRF#W2)C;~}y0&k;&t3_8zRY{z zYHM{JD^@|JWRZmhiV;7&UY0K&nwW432g%ZGv30IAO16v~c9X7p&lFzr{7|A(^;EFx zo7EK;bVby-8$+zqR;Zx350{U&g}Iz0)t_}wn_I&t$Dct=!)(azj(*}~oU6?h>E6<$ zfAwN#=fPxPlo3*2xKc~-+4hPW9KbH(2}M*!C+O$IW^5t=c8cTuQEZp|Epb0pLKU(a zq`zLeGJdOYtyWmHI*gQ6#?8*&Ual=lF@V2Mq;&h|KbC`X$AZqn zu(=H~j`j#H0pvjCholT3)J=;3-^+wLZY(m?oJ%D?jkaUbrM-fR(iLiV7f z=B?!>x;fVM$3j5P$}1{y_tPJdZ1GI@*&8%V9zX5^5`xW)PNDlO#8WJv5zI3G5QDbU z$B@R})Xxu(9&g`WLgMS*JU^d~XYBRw#3t3p+C_1&PTsp0vF#GKH!R6AN96n>mp4UWAjwm2pql zkv8xW9oV;Z%t_=qPC%j`c+g%6oBlnf^PKCR#U<8fLb2pIH=UO?H@=2`UHPEDCe(L^8)YRxtw#@KQz251$T%QL~|2W7L?62cGhgY@c$?Kr} zPSqiPg38$Js!Dmzo6ZH0P6XS*d1xtBF<{D-)*ama<(x!&@k)3v7~VEQ-6bF`x*=`X zY^&js<=O*5KKIcz{v-`=u>&K3Co3p(VVm)5)h*O~(1s-93*X($4)b;c zw{~0%vdX-gHan1Qz$F#&_Z2Ddp@v-}t05{9;)XndD|0tcp73m(g}jXW)023 za(bc+a$e}qaJ;{QN)vQ|yEdQ_!kjq`O`N6I+e%Y!Y4VX_Cuu z*B&p}=@i+Uf&I^MYbyw676RiWvK`%|f=Isob(k&cg^#*ud;RMtyJZzIYUA0g_xpnG z6Jj&f_Dnu2DZy(iwV>%BuE=igRrZ0Hp?4;zCRAoST(A{ctXt`E+~^*QZ;x?^Pxt%@ zrsxOTQBp?#ym%no2{KuS`MGDamco(RdP%HGMbub;$wkG!bNrozru_)FXNYvgF=F!2 zFFTFG)3=)roYn2$e8|@Hd@Lwp`qOv(_AZAYe(Qr6EGI0CT#hKeRBpH0kRf~cu`*a$C6YgTa&f<&^ca|S#=?nv&k!l+lr~kT`xc?? zu{~C_qFh1 z#>arORZ<`RXQs$BFoPUmYcGZD{rvE0VB2l&Yvks}Mj%eRnshLQeaCJ0P=pnCNK3Nq z(Olk?Q%9m@qB)HvnrZ?qxm=0;#m4{>1cB^WlNP$XaUJPP$c|ZC;}{-UcUKj$R!|UWP|Xhfki^j(w*_KvOl_d|Y;h@)cQvIbLHMSy{oMQkizkH&b3A zv8ghMPDjwO*M7mk{R5WnAB%PH1LQ2m0UQo7d-Ab)fx{Mn*c=c&@3)gQx!Yz2~yvXDdvESom>^z`;mTd;u>kra*-1z{!dOQpK}&q z01P|%7dK_J%+IH`X;Ap`FuV(g954FskmLH;Fym{nQ`%?k^W49Iql&jCu8?ONG8scD ztmU!CJ8wi+nAO5ZXvjuVIQg?Mwt(#^b?L7xxF2*CY@9XXWE*CL-UKqa=&X)z8!O}5 zD}KyK!+wpFsiYcG+qE_#*ci&ZO%VaW2-{8Xe*7w@ZjH7(1nb|sz5F}9^>5J)|HiWUtynA9eUbwJQ%sq! zU`)FRUsAdDR4BOjSyq#4WUCL9tDKWvWz7pTb3c~U@VogGYrNum}H;92xAzG-#xwG zpYQSf@jTD(_#Mypdp!Q=I67wTxvuNHujO^V&ewUJVC*>;yQ?L(AyqN-fuYBn_1+HD zs3LgfIx6q!Z+YhE$oUF}y7_5wo)T#aTFq>VUY`&|TKYOIis;okHQOUeUM{C@w z9;a`rN6;oi4fk%ue?o{%~#zWB0k@i?}k6Gu9L^r@^%rD$1bmv#=FE7=96@Ld4>1mq)&qXqP;Dh|iVR{k5C}a~K{}(9c~h{-kpta7xMR;=M}< z^7#>2wv9mR>{=mmpXn|bsL$DcicZGqyKcXD=_hPDjL8bGG*y`_$&Bn<9ODuD>_Q$5 zG5=4Ng*nlnyc7-k_xFH@%mf5Ze5t@6IgU?&VVhIy#d`g{rm{82$0q8j&O;qOJRq<3)SiSW&LX+jF!b-^l8rfticczW^9Lcu9_IKN z5rjRT=EweHo4ozI>+cCvs<5xS-yQ4pS7Y6Nud@e0UTx(m8p;`TpsyE(4tCN#)f+4z zyP}8yD9s8VpS>&|3)k4N%)VBaUIqk3TU+?uU%0X5^!RWzPbq1B*5NeOq4jvk&KpBs4Hx0|zvGvt&nCHDM@X5}4dlw9i;2O@@ zRvD!i8EFA!hv}!utZsqiuSx$Yj51}a@C~qbY!b8KsCec1?^!Jg@B*Mq_u{a>Zc)a& z-}S88uZeg}HCj|JDz1!H7)_QpVWC3j`A_E@Vc~TB@n#@!zDVRDQh#OEH0e#Jg4Ch9 zP=-}3m>uc6kQri(GSO4qt_L04-knV;#5U0b%5(cbUgka+dioeds<%8zXx}=Hz<+s=dk-jW+TC*98@+z0g_7hPvXuYc`!k;= zm^_49Db-=ur3FqM-rwAi^t-kS#HpI(1t<#Nd`|g#s3E9-KM=&DzZWW_qoOboZxdGz zR-gMuJ{hrBL4!fM2W%>vZ*H$ge6}2cZrw<0ubxug*2KOe>|yF=<1zq81|eqSC&sw6HhN^#3mFHMF5mL4cPw1%h~ zx6eG(D>wD|fk51YnYNe}Qj1-sal1k4XIWFL9PoDbBaMBq$p*q?4hgsLmY#vL^C5`_ z?k(k@)5Lc8mHA>;i4O7CKo$3mP&jr~MF_4_Y+4k?Utd-lXlrtDn0T_6G&IrfHvTP4 zZhjT1I2Ti#zfokJ3w)x|UX34OIv&&Zka;|FiSALc#o!UGB7H@=W;VV}pHowstTcp} zgMds}#gqoEQ9tD7LD*~E(V~k-ZV!R_9R6j)dk8`Vp%>jG_0w>s7bixzMZ9UVxu~F6 zvYHi}zx>F|kiVtugKLuLM^H>Kd?7K0llw8#@zq)txL*tqwLO6h$Kw0yCmUAw-TfYo zFbekUJ}=ggR~%KOATRNw1;z_29cjU4ar#sFA(3c8k33TBEV@K-JgJ(2dr3$pyVu<` z>3(b15%Tm4hQNhx1_iJ656U8TB?_-(HgdTAu1V)yJd#P>OyI`;885uYhInv`7-RyH z(d5SJhyp*s8G zr+Po5$h0D?L0Y^3=}~_6J{P{5z**bUJzvv&L+B*?DS_)BqvmO$cXH41VVdmy2-Rdu zK*CZf+uF;2tlRftPK3W!QjfyF=RH)4DU~bY>0t)sR=tr%+`XdbW~mm^EoK5ILL^mA zIXt;5@KUmXytkE6?zWy(M38&*(K>4IiKX>u_1k-K+;(sUT?Apc#BJ5dTN<{ih7(oOpi1r}d=YBbnIa zu)cJahuQD=%4uN0+DODejH+8rz#>ZEw!t=Vn?S9oE%Xx|J+PXhQGwn_v}DsKP}V)( zEpA$t=ceF~>G#K1Qsge3Wj#4O8h39g(?7Dvdbi}^$NRUE#U5b#bopq&xBH5z)sKJT zmntRLze_|^}Z6{DbMrOfaMBgT%U)d7xFeiPdRYEEj|dOSsx1ri9lb9$Y-k%GF8B=o!4Cb zIZ6APY^|$G*{*wb2VXJ2gQ`zd2{bE><$f5sk*Lf8$QQXp!Eu0iGMe=rBcV;_`?7{M zrT6?$#k>7AhppTx_WKl9>xt0I?MXS4pw#v~`p?63DT(Zu&L2F0ZOvI#JY%S%lJVpM zzK3QI@U<#wRo%LKJTB>qsZ#kAiKv=CIZ~mu1afKfuS$6;1IdH}XIothU;!dr$-nz& z@hqS^!YL*9tK(27;Kvofy4YX$d4Fy08?;%qwVUTG7G1u}*2pdVh4Q_3Zbic)?F3f+ zfs?Nj?tP~UC6M^RyD57kRy91U#Be?1uXj8Pb-Y&DIiX#owtLG*C)y)BJqpO-mj znrrpT+wSkV4uOnic3z&ScByKx8WaWP`?n(0E`(X3b<32uvw|uE<>HURkkX;gBC=Y> z{0k)MPyh^`0fYb1-M21C9yxRI{xQK3dg>0Bi8p_meJAih;WS@vALqGlg7sfF00O~G z4&-Xk^(eh*G7|J=UelWaBYS;ve$OIS8;X;ZDHs3!bzCs*C)^dgd~vwgT>PK!+MOE% zr;!QiFl6?;6n`<0HH`ZEWwlsLwU#}?qW)ruKZ6=GdBr<&A991|e_D_Z{Qs(c|I7b_ z1mFKgYX55xOhX1)qGO10Kf^+F!$aAtfZA+KjmJ~W>*5Ovzl{0m{AJim=)$FfIL^<`N{*ktWy?YMk2>hD+_6N1uO=S$aw822x z626v}bL^kF41pNZC;D?JQu-9Rrg0n<-x~TjIR@o`ASSQ@Ut_v> zJqCW(^k4u-wjf3E1NhKu7M5EYCH8}#_`AhH6te($KuO-aNb3iNX!JzM$shw zKe8*zh_3wgfFrACN=%DB&L41a9FSx=&kl4t!)a52hP|%mD&c(cr*o6BErm+=Cu#o3 z=x7&O)FuA#@2|vjeT+(eA0j#B?CEF9B%b?sM}mYIUjlcOsS1$L|A0?h2Gw1jV8A1F z8(28`Y;;bYvkXw;7PumPFj@A%j-!Jo$Q1{)9lx&-h;z5J;8;iz5_XJJ}A#6jEz$!!eK~I279TY(4H%9&T$I(3a*BV1-`3BSIft( zJe!xDKe%OZ4pt3P7HNGB)jqySHmLmDubVjkzAf;dcxmv>{g&s${9h=Whf2~vi1IV% zB8jtHNLa%U#rRS3?`yq#qL{!;Bf0JEAP@`J9CXO{e#tUI1s{5NHBC}|>ThV_@Ax(O zL3{F3Yb5iNaR$X3;u&;5vY|2bG)K?EP@noh`nGyr0W^+&hrlRT#9Loi3u6NVoVzLj zD&lMax$q7sC+8rYHLx~K?s|v(t97S$cTe#Cv9B-FbUc5AiP0r5F%~`@S^jIAT=1@Q z=t9<*Xy>tR0EC@)Y_iKwvYZ@vHOx|EoS@|Qr5{eTjBuHtOcVUBZ?ONzpz+Da&K_P{ zqNdnwUAhm7`lUKsY%P#qE{e#IcPWt#DK!FG<{Pvlhe-crtF=2HPyNSkkYl(1=0W}Q z|1iOSKl=Or{~td4`_=#Z$Nt+s0{+vH|F&QJKl{Od#t+6G|IZ%#$BO?APl4_K4_o;E zePF=H`HZMlC_DFX_O#R73gsT-Yv0vkD!*MF7B@-aP`?@aUiT|v^QVDp)!#4 zPYYoiTYSk=)V?Av;O25DBH|NTD?xXbeSd|1@5s-#fu>-MePNuLBu zfr(|qsrYx3s*rjCFvScmA8bgtapO(~t0Otzh;-uYq!oI>e?q*rQQgfx;0`JIRV5V*>%ns5iA z2_~8f!nc15M8;B6H|y?vmOf}c|4=+_XE$lM>s<2G%CuqbI;%3Z-v5;ECtr5**JPK^ z;Oyw|@&JfKiug>AtEdUgGSI@S;Mr4DKd=ZnMC0o zg;6Oss6No5!IWouyRA73Wu2d!j>O~WCVzX^EhO%CATiMN{?X&?1n;+&z>1e!TXt5v zvuR%SbeJ*n>A98j5JA1yP`~Gl$Js4v2Xa&rGt(#9^Y_p=TMhGnFEwO9UNBAyt3fLQvneO<)qleH#)u+Zl!p59xq#Qt zB@Tk%>b~7x?;wJOT(p<1S<#n7b+C#<9+gJy)Vd_}?isKZ2qdj+Xxqtp8Yv!AjsB=lm z$C~u`kT7S0$4?UrN+L>1=@Nh~OyzxlMnXhb$v%Zsmo?N8)M){v(0 zoEAULpxB$sUmfJ#vNIk&E77@xEGr|`E`&0jQlj_sYf+WqySSaG=(8PrA)S3u9BZs+ z`Bm&zgU`Dkfyn<%&E^f9CMJPO%;2iFobbU9)LB{hI^&ih1hOpqgM{O=K%s%0NsYWj zr_1nRnwW*AnC+cnBP`+Xl;I#|NXM0Vi?yl8g~A8({bT3REty}+SaxF-He2sS z+E@ybU01P#eAZiG(YtY0il{^SW`xL6Iu2kw!!HIfyP(Kybl_T0BzibH8Le@W4bk%Do=yBHjTIwLR z&vqqEGD4ob;85gi@P2Q^^yxjYDo>TX1|rm3tOx7$Nya0UX!T7pc>#w1FI{ z>r>_8sixeX=3R?&CXMJl1sghI1w(Gt;qgTkL;VB)Eaq%I+IP^3$${U?9E6 zEZMK_eG!SVhJ+O^dSj|=zxPVGK=5Oy!u)E0S-UYI_~3=K_%{xSv}(#=g7Y zy~lLiEja}(FS{op=eR!?Ke#l+Bv-$DR2Bl!FwjC8_z*@AOa6AF{1<$=mWFn*gz$cpQvrs9X1g~pEjxWDZ$pIy(iTjM}5t}6yN(X7}#7cOdcYb8Qg%$ zVRBU5?_(LRjkPrJ^(vW(oI()%1A#he8fRoP4ecLEdZ)_QWpAy9C*JyU3i2Ye^GDqh zd!fmy_Slge&Cnv}TVt8+oxUfsV-i*~mWC<@p=1v|CUMB@Sx1}i9$0EKbV!mD$6AkZ zjXT>Rj%s?GbwGO@*=!A8Z~J*Sc`|)`Bp-9vuqB(1fRb5&!m0XxVtdcK02})k?-?Y$ zOGx?9hr0kir@o-KV%)aCs+dbDag-R%n?9UPJRfgK-)Rp?k$zIx97B(X)$Hmrm8qBb zwNEi})N=PwYJ8V+{9uaDk3-a4Ln^v*b{)6b&eVdp#{E!%x<{`~o5rd!D8 z2}YxXoV((iLzEqSAcBBd8nGu#REz1jPK0(-dcCi22r~U)%*xqV`}vPlcgv^kYlVRP za%FC_(#|WRpX%0xfh2tsNXK!NodJq(&O=|MBYsYv3BmPzbfQ5;m$*>7P#;1Hilj|U zA2fi)Xg9Zqp_9Q0iq=OZ(nF{-o#$irz7@qG_P0!diZa(18- zBpBJ3lMeSj$>4SA@34Q|K!d`4N0lN=%bUxm^&k+&$J5-AtLcPlp6X_+!G1&qvVJ*0 z+VH#deDB14VY8cmO!0_62BEPM>QpZ|u+OJ-bw$cVE9P~aRb1ZrHeEmTHR(qFjBZLG z5#Yw`SKV&xdY=xc-o)j+qM%lY?BKpT&LNsTCnt$mij^Er<7M|OG4HZczX2-LpEPB7 zvSmQ?X<2-zELf(h%?h(`FSvG*ko8&(R%|VVDl5t>fgE{HFy=s$28cI7)nwwXU z@(vRpW)LWMd;H=xbn<4~(r_o00*wT>mwpM(!2xE-*uz;Zy!&gGE{FBlC#Msyo98B3 z@~}SVXOfD$5H|4^q>POJ$T^*bK#J_<*B2E#QR*_WX@f395-u4Glwl%Z)s;O`#0ICr zw%HCY$X2Z_>C<;4q|{gh3wFDizi~jBeCzv7IM$Om$zv7hSxW(vzlHS4uICb09Tp&v zrQEP=%%|(OhB(j7tT$`UiM)r*TI@B3TRkD$MAF7DB(o)skLX!Cxq79WCekKn4oL8k zt~z%Hh!-3v8GD*oNEqOD{x3`Ds9g@pv z`o847X5USKO$KODHyJ6gRV-)8ghje@R!MJUo@%Y)vil)$ok+nya`hx^D^$4pW0wsa z6}_~_`KOy21B-g_oRGAa;6ACNOY6ny^NBeEDo*l>8>VfBCrMQ%V`=B-qF)kb_Xo9Id6l1YmwL{n+ID~O4}@C4=(GJ$QnU{FJw|A0;<&3qB9DnD zZrJt=)z`8Cb`%od7ihJ}cSSmj_B|(nGB+jr{hK`|2p@n<(0;9LI@H%h;yLEW$Q*9< zYnDrNua2^=$JBdLug&_0JL%nD_sNE<#>3)rx4tWiD3B+qqdeCJodJ@3 zpB)pk?JB`=vT~_$1`_tv4oLFZOd_?A-Bz#}BM!QtqoWMB96_9d^Jfzk&78GcYd)tu z!!bdg#KbTK+gd4D$6t3ZEFomLTvUSZFdH9+RK{6a){&?DD;#dJQ$tYd_%iQB0<~Vs zdF$Jm!dQ(UNrC6}IsrwHqq7zOz1Lso7N&kAYYmD&6t$xP1f7_zOdl1^)c!MWV{AOP zeKf?8Q_HJe{qmfLAZg`>W=~&J%UZL#NzFY7)AH^Q(Pns^UO`Uy>tI4!num6#Y;#Q7A2lcDb~WH3VV64JWbbpi9WP54yigT&C@ zZMB>wqN10fUq949^QrvM<0Dc&iGKO;H1WpW1+mvZSt}XigXm!xhu<$E951J+&bK*# z@@3e%4Ijl6K*A{B(c|#3-FcEz@dY%6Or~dkuTGq;s&jZX)Jan*L9-jJ}y9 zn)MO-W+7S`u7`24a> zntgh{L|2ySv5ef@OsrXL@l&Y2bg>qH^#Xfi>BBZe%5Yw-?}V$p@_OFPM=E_a?rSc0 z#zMiH?Lu*f;`ix({KtR;`OO{e$cr?55%-MKeKcDJFVFz}6L{}EZdid8nvD^qd~ zl#)~2e}DW8hz3=?-KqO;&+pf_<{0K+UL{vK<`H5z8+;$+pLbVU>_5UW;a6}8BIqCW zM~Yua`sGn!D$$BO5(|1LYz39W2nnk|-yA3Dz9&=eET#>*$yG}qH>V8?=V>$dH|z7V zgRWX^0gZ3zB*MOPO*V7JqXHcU3)I8L`{NV`vI@yT_+~)sE2}SI6HuNA76{{a#^byC z`eU9Kq&)1l|7?WUkwz4&WhM}8F#Q(YlY=zj1aT$%-W{I z-PE?i`jp`-ndIF=kPfp~dyI^6J85!q2-Y1S)nMvMs+@f-6GT(hw|mEiKeQ*O!NCac zcP%Z*BY0+L+m<)9@T_+15+!KYvM`gptt$do_BF7We=bK7y*{Y&7u(J-wXi*h;;xV+~maf^;x!MXe)8}P~w z%Dv$jqB(2Ee_7i7_8ta!wF(j2z=AVZCO{p#8 zIjBPUL)moe$Z!jj!d4DQC2B5%S7o6d^0Beh*GG1PUEtxc zo2*{NRJS6}a|oE#2X`Re`So#FFV`>905W*fXha zg$FAjWWewA<=l0%uVNu4d$*_X2x-#e5`r1drXz?naV4BcWa(C4ge_mg!ulr5@21^M zQfWf1FK8GwzpZ_R$knV>#T$NltzXg8s!x3un*lBm`s%$ZLqWZ98^~R8fd(Nfi!b9j z1KpWhzTKQvdj;1oQ0Hl>VO>^oMT;i+zd=GGt6T4@&oAl7sg^Os#nAbkBk@&qc>Yn= zB)3veSnjG`TDWDqVhz!A9W4VM`S-z_Yy&G3bpV*Z^M!wA-q?>A&Oj#S7`td7lYqT) zkE0dS9Mj@2Fa5`qCO5^yw z^1HK0*DA_szJvt{%!-6PP{`|Q@)NQC)3DYCG6oWOkj@+4t`joDMfL;XO{==^d~>C; z8~z4qE8*g zDz4Fl%5Q%{pwCL~Eq$&1^NY9eq5+j=ITHobYaZlSgCu|7$p_lY{g&PnSjpLhAv*!$ zfkU)9$gM1YeXKo+#UQS$*4O;`=>G$gG#CoJHDCSGotxg%6;$q7a#!YP3q+m|?5`Hp zD_PppVx2rlkJ||rUNdJ0{X1gp+bO=B0tIb!g}&bMjG>llKK^~>(nlX$#3{Zv>om)O z!frXGplV<ySco{0Ed(gZqoYzIX#5s(vfR z%2B&kL8d0V8`{e(xNreH0O@}(FuQW7A(+{lEq*c$SEgCie!fsyHMm7*!mr-Yh#+y@ zC~9Sw%o@@-k#n#`&9>@d6yB|IJSz-&Qgf0iPbJat+~uqBBTqh}e9&_+)P$p83e3}a z;{s_;xFlqc51Oob7u%o;NR*(+Ju=XywHp6C*th_z@}#-g?-}lS18_f)2)cO>9lSJD z+VY-Wrh*RCA*3P z9733nqjt1DaRK9-yYF-eS~YGqpCEUq*b0-WYkS$`GN^)9;SC7<@Vy0V+4t3#QWvng*Q|Ec^(Vy z2n4BtBKOlvNE<1p-=C+-!n&FcL2mRtRW%Q-(bn-My?s#sX{jnxV!9%~h~3Qu_=(W| zIq1aG?9=!aajNia;*~d)-K}a0@uwqJ2krl?NIfJnFxD5W!hl}bYaFvfyO~|T+MB@; z|CZjpFwqO1YpIm=7^WUQwegov!B_;is`FP)$NHFAc5(EH%M{P*dz)OQ+wyW@s64V+ z;7sm9v!5$fz=e2UX6&USpf7H86e__b3JKes@zTMUZK#MYJkw5G)ol^Xso42QN^IeZ z&rZ-j`yN_Gz>;uE$d=tNKI`v{uVfaSZ>WB4S?=S#RDo`);^ag;yCxzT-%3Y%;XiUC z-dkpI`*x)=aR$&^uZMHxZGY2)P7YvlD9zrBD02AS9p?FD0Omf8WiV|pZZG&uN(eOuKGFLc6wQgw*lwh6tc5W?`h;D^gbF-*d0Ccuh~R}ZNN>9|Zk zuG@59?@c|9bS(FzmilJ(bC&Q@{jA^Y;|r?Qi0QDVK!i>{v(xujI=8RJYMLM610GBJ z*JAJLXy|J@J$_up)cb+3vt)iKj2HN3`{t^d*d3=kqEBs!K8d==W^YdPfhZ;k&ll*H z;J@!-+gG3Wd9dQZokpojW(8BShK53y%o0J59^9fLI?r9UKLznBSic*h@g)?OMe`=S znkP2}1I7)ownB#XU`fd&$q;;Q+WI1zZz|!tm)%kW7bGnV^n+U&6*TSvk9Fh}mOC>t zzumB6rvD@aa;yC5gQ7bZMA!2c*2@okod+KpuK0W?{Bk>$G^coR(1VAzjk~ww0}WCD zfgbD5F>S1*j`oH4LHdhN?GJVd3JGsyJWgK|5XdPjU0`(h$8l zU#YQr58j2LBAknD@$aH#{x$%4f&K?d=rQGsG^qQatvpW zqvwDXA7{$+=vV7|X4P$Wa7MjShni{%Q&tR+Q2Sb^%H*a@V0|m=7hyk_lm4%pibz6w;rJxfY6{R84erX8W7N5N>SMS zDTe>{Eh1}4_r>9O_P_WG2VOv`;TQnA3HPAhi?eCExF?Nm9FyFWxO{~rGZB7z56|3i z&m=SPTC^C9Kkv`6jszyhLq>D&R^-?u<2#CeV~sO?=}pxH(9aW^U5p~q5JyC)8@9lJgj-F*1f;DM*}*L+r) zQjlW}vIqP|xq!E6;oH_cN173z2QgB%3L%bGT%=vTx$ zO!kigl$)DhuNF4ftL|%9(C5)HeW%BH*|PH0J%M`-619`l=EV|UWaGQ}6eW`ao~oRs zjBgOHja@+$*AF)oSeg#|muSD0ZaD%`6B`y^!2VFQBFOZmJ$*f~RE6=jl_yUsAce`# ziacpa9$@~hGSW3!cH{_pPFTDN|7384!=CM$7F&yl_u}x8=Bnc!?$ag-kS&}U3Y~)! zz6qk*F0gDU5v9C{V(=0J>B;w-l(N$D>?$wQr@6{MDEoh}7ror=(*woN_P^r*9UyFu zz1EZWd2&X5t6&6ZYo=53iBrO6T|XkLcLESgjC$_}39G)If3t;q784@%Vfngpc#-cq*CpyL-+5P z$P!=fy|}uhe>Zb0IE(Ao_24w4R+#S2M?Wda6^$lqza>N4Tgu+O=Wq5FC3H_T5GzOP zpX!`lZ-N?~^PzD^s#s+CU~NICQ3QF!gmvh|mz_sNBu*=k1*dqh2A8QrZX5aR*~L1K8f56G4YFo{R}dRjgm)(`~<&*$R^4u^Kx2g$lmg2SQJKK4Vl8 zd8yOW=Z|{kVFqn)%6R|WVI?jB3dT)It^D6kfMiN5;JH}yiY9gSjMS}f*qVuk>ITb` zT{<=0bqu^erbGDU%r6nQbdm#`c!z;s}eqLKl?{SDF$dHSo^IxO>DD8_&<6n{}{pbVwapX6>y4PzXbfU2e(hKFIJI50%{j$|f z+1LiQan`QZi9|*S@Z<=)pwz}%NLAa$2fk;w$4}>kF?mn;Byhd?jcFRpRA8Su2q>Vw zInG@+&bO^%3O&tpxzt>2ZG=|UO<6ZB2kD2|f0^I3(Tt=YvSTtoT|f%ZthoghgmAtD6g;-uY5-usdEv}iz_*g)0{LRy#r=smypOVxZnuW+HIIFGJ2dFfrr zNb9yfxMoR=|IGQq*A%a%HWrtWLuw{Im)~fmKtBOzHHF1<(RrYDK~KD% z49t^ZG9~Yo6%_RfiA-`R^5R2GP;_Sc7K#)ick9PDsZ24O{+~+UAn`|{BB?f6DJsZl zgxdfn^6}=loW9=P@HFzQ3s?c?it^-ugVPtq!`bO_Q}P1lv35u5w;I7>Y(;|==( zns9ST1l1}n7I&Z;^sT2NLGH3UP8tX3EcHf@nLOGEr1wqjk?!tnGnYO}x>jG*<)F8g3{dZ)J2}-WaStlL)VDpiF#wSKUZdWZ z3u+8bgW)SVmH5`w*I&{mLcdG0@@+i$elfGi| zXwR?y(8NsYpMmono!LhK#bc0L9VdoTX@!(4>{8d7?=hP%?%@EiRVh6EiQog zy=E|nFQJmb=Qu}g-+^QE_POCaabn$YZ5eKrq$7E<8=PPvaoGr;&m%v_4lI}j$$yE! z!26iS+$$9dlge3oTIn*7Sk4vFV#JNVs? z^(4)?gY3{d^5&BpCp_v$-BnMp=P7xK`DJ+*`f6RV`kHh|5AQDQI8TzW5cHeEM@(7G z4%Nii1IAZu+h77}SkQZ!z1A#zpY_M58dk-{1>I@aW@{qA`XgyHSaaN`|CY%Gh@kp5 z>O=mD>v1st{JQ5EVaOaL6Mo6g>6^wfpAmkdoxl3V$F&bXWm?tQB0tnrp$;D@2sr}b z>U@G}+DDMST?v79ZhL(SmqS;cGgkLs%xh}t} zur?I~Mc_$8Ku{BYrpi{adh>!mD6#|h1GyEp$jkwFs;EyzFG(5Lte zq$dYNROJyZ53Zl+K>U4m?h+HB3%@j%hQ8rXyw)UlqlOPKUk@jO zG3u_K1(45-#4h`O_8S{@V}l4%Zg}S$G*6-u?2g7M;p8bjcqb5lu)2`e<=JM|@qi*+EZ8gzgDFIUG8lV6JP@7H#cq z@RA1-kD6skIBMfq7Ajmy9KZEJI?n#9n^uecC9dgQjYtfVB1X-^p=I+}bcQm1w_%?(Gv;lk06!!?R16*; zbuRvseh`$-q~b0;?)DOHPg>d=3#6r}v);X{b7Wofp?1S?W%^LHVViYT5Ag9!RrbMh z%GTYVDfcBf#ALvLrGw0*DDzebr~`C*+z8L`1#5TwwZm6SXm3}C-_1VAsrZh>X1FOd z3#BMoauy!CRiU(32T~XXBv#0*t3HvxDMT3whM5AYU@u@4w3q9aHI$==xLX5?@}xnm z)8aw#%@shE-V+6u{*+h~5@N^J+H>>i;>~T1!psno8!q4jrY2@GuxH#4foUG860!;m z2=}jdn<=K&?^>`hO3}}?N3MmGjOCEi9@gE6-Eq&;Oc2I0P{7e0mw7|Nyi6ke2A6;c z`ne?AhWCdqC(!OPRYYJ z>&aQoRJl8JEe{^l^6UeCPiBuV4JNbFNn(v)M(*AqGN%<|{07}uJp?WUSQ8~i6L=~j znOP4B`gdc`Bv~4$_N<$?D6)@yURx?X%&Zp_K&+mPXF}U7dK$ zuxs;Dti|dV{tIFcG`li16iy{?0&cpG&Z@0~sS@BUwb6xiOPlx$Y*{rwO>E8b$PFwi z9V`Ffy6({o)`~YN_;wN!?ri*RWrKS5U4yI-E^`PH_U;eW7m64?{TsPllh*D*8mM+} zO``H%8!if<)GuQ`hL4`UFexMPMbPdsZOZcY%Q8==#l|Q|B|YZ>0@((JD#9&iLbpzM zrVSLnbdo3UOhQpTtncMWs-QX$)H9~Wu?z_Ve7m)qEbC;*{-mS% zE>CMiMeZQn8iwm$7}r5eGjGmo@+z$MgIa0#xV3#=BQemOdDn9!Y{(UKYViPn+`t6D zD=Lq87knmgfwo81su1vHrNY@&oTh@+*CJ zm88vvUf;GJt_VBB9E&WJ;!DY>O=~N@J^$1Gk@0^KEh?=3z>O3YJ zmpShF6?K8zzQzvj;bq3QQU3K_;Zc;ohv!)SJ5brh1veMi=)fmKsmUpWjlfg>Qi$2`T^0!ycZ!?N(LrWyMtz_@B@X-JMFWS zpFPpeM`6MysCS#wy;-0bxk1LOM5pz9klIY64Cre@R}=|fcGS;lqKNi5CxNmV_^q2CWTRX z3M(fdMPOa34k3kMf48xFB%W7=Ek4EO$>)Q97=1~9JgL@8>)strwSPR1KMc7H@}^6~ zT`TT`X!X`}iXkc9uK_+nJ$XU~7W4?bY7r9l3tRWXQYu&%zqWq3(8Ab%>98uW@*2cy z)sJc@L{LhT{GyJ;rZ!IJJKqu|eTZa_Jo~r8>aug1Q9PrH+_DXU(AO@Kb9y)xLt zfL@iziO|)=p3A)qk_*Dj5JQlU8LCOZh0?7LIc)SP-Un#C3)9=3R9xfqwFq1^Dzvc? z9F`=wc+gk?3)kN#U1QG}&K!Q6-2=49{+}$k%_uxTy1QKMB z1b26Lhv4oqI7x7q0R|i9?!5Os_uNzURo#2*)c0qqVD|3r+1-2fvsSP5Ji$8>U>*^* z7$c&Z_BybYUbtC1Pg>}h;$!9;a8hNI6&gbU@5UJ`%Md>5p}n@j_EqrJ*{mD<{6CwK zm}7X(6mhVtd3*|%YACD-foDr|2)(KPM=zZI+8{{NV4}EyEFxdv0%l!}fzK4JM>feV z3*{Z$6aBY^N(Zg}vIXy^1I91PgOd{HVBW-uDVyN#JzBKv-^`-{U`7x*(>zE5i;+5J z_gc)u`fPIB3?_4p<~3W@_^SQ$pin;QgZ8ZM?mJ0a(?AjEdTprENmkk`?Cz?vnXL7& zVo1J0+5PKjDkX(NFid{Wm5o~P0CiHJ+h6OPA%zj8KtE=Av1-M_{i9ghyyy*Q16u_x zXu9TP;uwMMf4ev+c$di2TA&o=5xrIBwF4e(9)`T1hY^3>iWwsEEb-wjf<1CJG3YOA zeQD6vkK%^^7l7!MX3n%U{X3sv9YcC?Tr7Hn>k=-?0L%YZwc9^^{g-+x;J;CO^gl-q ze*Tvh|KA$?r~c`0L;r8L{YTgT?YsW=|KAw?e|sFj-#m+?h+EbDNrje+@%k8h{k+W8 z*0LXDdaQ}FEstK1hYJzr6yzUGcE!o*6w8~6&gP_+yO74uwgf*_KmIf;^x@q2u48Rq zOCew>Zm3Iih-77LF?-V?su$TZ9!JZ2Fg9e+D2G!0<*gvbUtb~#40crq+r#f{yxr*N zSpc4%Ba||IF0lAiUH_1rP$!4!p?b7mqyX*JH8}>@n18s~+W*K8iQ1GHwu$Q{04#(wF?Vsvio#9Kj_oDD@b zT?YxZR}WewVNQs7nKXGU$)R*^u2B}uTwY^S4O8vv>W(k#i-lh@G%6e8WqqSRJkz&E z-$$Idt*|W8ph&3J*{#{t`Mb6CSGT^zDZBoK8prhG?C2`N`uMNV)a&ci3E)nZ@Cmj? zoaXgRscfMTA8Rp4nF7*HPXmydUsb}Q@ex$|I-*9zYNzcF224P0I62O=jIAmkq#dh~ zyE3~G@kqD>(NqjHL9aztrrH-CtJ?g>V7j15jQVitTTA``+hc4Y?q`au45iMA}}AOT@~J_s@R zl8y!ylJ5%+5yE}OCG%uf4Q@BzissfLnsD4O#_#uPJm0CGd%l>m;CxhZpS${U#rRf> zY#t5e1*7$e@;kZ@4oBVWrKSu|E+2pTL-jzyi_^{yWSpqsboK+@ZzIx%bNB02rCSdA zO-m?k&{LxBwlep02P(X8wCAkOX&%VG1U2eTbsYtZ$k$e~k662SK%!p1*Vxg~yDY%F zJ?GnwaH6M!=Mv^Gme{p;D&C}4b@m1^#hp;U06jwG?n98V2kM5ugS78`zT%;<1*zm& zYO%Pwypk~84hO<$Nf}DtrqSTVzvE^~7}|z4f$TIh6BURkMOOUyHWyrKk`^uGp@>$qpsOKT|J__Z9FvsDbLB|Ksj~Y~(7FXXH{@OO#d>Jw7 zyAR3~?K3HQpvjwF9$~(j;OdOk^=x(7!_5epG>tiY2DtX^yZoh)CBICaTc)=!Qs!)5 z6mS7G+61j{^IMN#{CX2lxZ!>5e&>sB#fEf%>;c(F>3kO0N+vfQ^4WL0PhCJm#@W!N z(q9g;Vt8elP@s@kZ09C6*6lJ>%f{Gia5RW1ex#r?O{pZX7uD-$mFxnl-69-fIh0er zatO505TksYNv@p{PT?4{>7be`Y0%dGjrvr6bPRlLqfPuTwl!KbBiM~_Qs>n6Bk7IE zco^w4x?;&9+^6i(oEHJZ693wlqnQ_mo3Q<%uiEBl(LC9V1M&8;qXkL0(34v@Xk3(2US$E0&dLYr}}*eDW)iEd6A2(NhygUzYy+WiTDG^zt` zXT-(qh0E9@3dZ8!opFtK(qmRIx&mrSnJ1I`Lq(Fb$CpcyUna@8TpL7nwBE3fEaxzr zl_l&QK6s4t5bHb5-@^XCBoM25u@j@mPF4Hw`>!pgG5>P#n(mu$K7l`5P*8nBKt@;7 zFM?u86~mbro%ArU!85?%4sg-_ye+-AX-dfDZ+5>z^?}X zk-KvA1V>UlNR&Vy!%33x-DQTwNTQ*hu{^=%INZ#7i~Y5FVw>yVRXE=)zBopryi;ey zv=fQj(2rcQq-b~D7mQ>1(Y|t)k2gE=&At#3PG0K;zkX0z;+-}J+=v!vSG@W%@!$%K z)d(h&N^-+blbg?iBZNo;+FkiCZ{M#3c-rZla*N}C?gxbrJb&#hY-A)VHQ>ImQnqv8 z#xQ>alFv`Kcc*{qN)ngZTOc21HcN+$8X~>>cQ-O(u_kRq9VQ8e%wad>i%E5PxuCx~ zo-2(O+-z#B3^f5Lww^QG*%%#Ad{rr)8ca6%=Xc2atJvw*L^m4~f-lSfDCM$POJX3*T=C zRIRjMNQTaVBqVk>QQvR;_7x}v+;nBIz7|SuqBdvgxL&lk2AzF@(v!~ zM^w9feihZvP^uncuQyO}8419K=906smXotH9_g&Imn|KO+qZ!1 zUauDr;THB20Bl@?_3E~;E`z=dA>wc-bpRi~6DxPr*KaV^RF73SfK&``zfB3U4WL|Epnk;sV!H*OzWn^k ztEsBL;2;udbXDb^42No5R0bv}D0~p(+lIKLmpCD*R1{dI87Mjgmc=rXV9MQ0k1j@Q z>i$YZ)Panp`^(Rr5=2xOfTLxS{=0N2Fwb$nh94ia|6QRa;C|()zU|2`vW(knFn%HL zugXPw4fkR>tYWF#mNFYNfbKK_6qEdOg4@SV1q9A%HSbEXW7*=NrcmCw3wWQd`P?;~ zmzA0R_I=SD@7wiN+X{%hJ7hi5J#}rh)JBhLfUS51mJx8o-`@uqdz;+=vU}+Ju#Cpn zZN)HX*yT#y5!dw^oFz`$Mbf4qAJ2@v1!2Q6?j7cN@~)C$1saIJ3i~pV zBJlzD`YH~{fN}3xL>cQPLOE4TFMg&{STxG0%VGW37+`h&ZhYQh{Z)wy_j*CMm)}gS z9TxFpjhx~~p8K1$hsBtY(k+S8$InqV*z(!kw#L)lS5y3q+>f|m{kSRKF9MsAR2ji4 zF;GF>N`dqz&I>`%ATyua87Ut7yZ&@`>@m24Yh-+SGd=HnF&%KTV>Et^jXnLC3zr)s z8#B^aA83n~#V-9}X;5$S+lJ@EvTDm@YT|AxZxm<+pc551^P79lE-`{&l$u(s`wnxQSDxLjqaO;t1}J}ptmO%I_>PU53l*yjK7=LyMWV(4HsCIG zK2;h(21C5`3&2c@yg0$$K4_}?8W13Htd9*Gn3jdpHzD&Sh1dJLi}hb++(a#A9b$;0 zId35XKqB|s)1HgXb7{ESDIgrsXNAE$-Su!~gyB!bZEKA$jzPr!F*3ZG+M*0DyxFCB%mgR8Oa8aC63BT2bX^-Pd2-l1$Y>sM_jN_0WVlVSmZo>JJsePkAm5^gfU3q}lCFT8 zZ|#WOX=BH=-7twe{Pe;arRN7S61dhk8hiKIk&ff?%{bOy=5$aG=;yxgH8eiv(xUjH zRWNE+`Ak2*XCwo6$^A#-IAaya=sF)&aW9e$6<;f8a4soi8|}I)XKri9*jn8ODGU!j zDPYQEL^OYbtbF){HxLfahqDT$w(T+6d8hNLGjuZtMzwq%IZ{~&=_ zN|IGcQx9gOqF#DwA2m@=XjC(_Ed~`jnPXFyF zz_|&8Rl*|;V}qFE4c5SkXB1Km+Z=tL{wYDSL;9{C=NGT3l!|@Fc9ExN=zrOE1_-f; z-|wBF%N&HeQQ*JeB(;ygkNw6;`jWq`p|`}eQJn6v`>YZKiRb5)g7O3?+2x;_2-5Lpiw2+Zuz37R;TjaGod!Z(W6l!oDxV3%6$*ToP_AjL$dYLNjUvs?V z-UEKg3AcT=Xm=ERZwPIxGXUCFer|`%rw)0HzQwo>Q(=5;F| z>}JZ_`HTs=)$;ORG0H}M_Nd`wAMN`rT<;?<%EI=G?EL-+8%L$NE$E1YU?S+pyE(sZ zVI$z66tR)0h-Pu{$;Y|P^Y&V@yr|7um%%kKTGrPTgX_ojSgnt_5UO+gD0D9Th7Rr%(yYWRnNq-`%e<1l;VKw{$uWK@&$}NAQSWx0VK)ue?3f zT5ZKa)LtfvR`Wz+(k07Qm~+{n*Rtm=&S67Hn}oKOq`c^qDct=7Mn_LaAfi-&+5qit}?B$ z(B*AF@4b?K(zUy(Y`R!$`udS1XJvS?z&J?T>`(5_`k)*sdiL;{C;Yc;goojS;92qmB4U7nLbS3NR9Ea3 zLZ;8?GK(f zDHe7^K#FDqTY?etP{0Y7NU>2R2Jvp})`{(eg+9S_4Gk8Ehk?nQFjmk~!IXzi_ykN& zNQkcxbWVUPIY&Q3L4qc@AjmV4e>+SdzwG^}Oz%v!Y9ZDp;BG&BZ>wTV_FIE;3w%dr ztL&;?E7|AAVcyU#=fjYBzyBmUOwZ1Vy>_%nhH1HddgFeF4^}MsOoBL~@|aV3SDjlg zw#fSJ5$lN8QODL@lNc*>L|`|7a=_LVE}wtrNWY&*T(_9#;GI^z6opxVfnSE8oXUfk z!5;%CZfx%283N4BP^)xkczT)APKML=(z|^2%?l%DT7zm~^{r;Ut(Nx{n+dbb zsm@EF?S9T6U9Qn57g}=iFs+#`hRM~AR10q#(H z1||3)z$$@*NvK?FN)sVfV_%Kbar2h>%= zh?;3a9USRCKZw{o{NDW=WH+78>pfHr3mT!&LK9zf=Kr~_e9PIDBgMnIq!tQ#obUl6 zUddG-HR#-oz-#iF$VN-u+Kfvv_A)z5AU5C-lRCo(7qnb*Gue7Gf~ojn`8 zpn?^Q8o9UW>2Bx>-k7d#dXkZK~Z@$2>cnB)%ap5x5| zIol;RKRgp*!L2m*7*q18yZM&{wJf;Ybjx_V{?^9~1%XVkq z@)SVB5`p#c;{&?8YUDVVsT+gbUS{*9ajc;2YOjhgd`8aZmf>;B_ z4`ZdbM0XE}v+YoR->FT}2*!KFlr|s88+tjy5>aNs{d9lbrTftD;(=b=8I#)baPy_< z>2lxIuf#zy9?J4hBN-%xfI=ubR?;t`TZpYY0S%fdbm)=ZWyjMj`zSWSxt1 zq}e;JY2tgzyq5BzG&oq~T|O9EjX8Q<50goUkL0UdFGJc+p+bOrdpbfXS1!ZEFwyTL zM*s17v9lGrd9=pke~`2T0rSR6mG5gwzUBTks`IOq!R!y~b75lS60Bu?i$8Jlc>RB0 zLlYtRF`{_<^j%l9>9mc8Q1*k_w~<<9%7HETtTiBI{P;F@zmt<<4+hqHf{DhIL%AUL zpNpXAQ&g1M`Ia%e(xVW()ckcz)9ixwtO(L}mhGTB>UY=Fz>d0Yyt#O;IV*!#w&c}4L%D;roWrI0O%?P8$ zehUDXZP6Fkmt@Vnfl0e4NS|)ksBwC5d70h$^sKj!tX8zg1so+Xj%s&kN>VCHD!8Mh zS39I^hkuwC~(*;=u%?Y~%bTtOiav+J+6*QIOYuaKO(H!wb5R1>L`Nb-!NH5=n z8MKe3mZ$)C;Mr3GFBj4+Uj5Fe*)D5^g>u1Qn3Dz-hoJp(S1gJzk5szd^_bCVeqXep zY~fpiFI@mNE(%D`wLzv)(7OGHnaEe{L!)J#jg1yGyjzC8kdnX&>&rS1L))j9XAO z&YXyCTJT|5WR^&};%!g-T5dO=Ja!}SP0iADOA-vHi`+X^v(c2owb)qJH~vazL6i6CO-z!o+gqI|bQ9?Z^0wpe{8)bB{Ml&75U0bsnPmd>ezFBWei5*_ z!Kd~IHt?x%V_RCeOhHMs0%<*V%SP9434v?V`(l$Wp!-7@+VuZ6TH!NYLf5C%@$MwscH4GHsLEDS)==F9{BTh8k5pz zn|OH{y}?zPw-VQ6y3>ag=W{J^0j9{?`1BF)pARuc2G-MlPYSsLLwWD1JFB>pcrrA* z1TnDjXE@&#rVp$V#T0WRxH}eg#d{j6bgKv2v@Khd#a>uX zNZ;7ktAL#C)<9BE7pKozq1(dzXu#bgZ511rE{WfhF`UV_{m)y@ZQkVD_s659!wE6B zMN~u28?CMTJYR4V%FkR1$St8s@WnK4G}uv_f|{Yf#z(pV`}{~w=#MKXd-!7pb+C$d z>8?$fc?mX#Dxvrc#2Kfc3=!Vze2=*2t|P)B`qlDNG{U14Z+fL*A0Sv^S4d;Q@AR#5 zoPCdIzbI@})!O{9+FB<5bYr*T>UZ=53@Y}HZzfW{z86biNxfs(oRSgg$jHZEjD2;% zi%0gDD3l!V*z&jBazKEHK4YBSVE(q=Zs<(j@4kMSjdiIdmOsD(Ay(1SOI zNTx9B&(iO#?P$mjegp1S{i^6*tu&E7t2wbJr)?^w+Sz{D@5Q0;T7TSEcvc@{nehDK zDiX58M^02)fgeDfv4GRt?<}k);&6DkX)tF|{7hKHGI2 z9T@-<#(z$aop4{GOa+nYuqAHr=9$lazVTVPe(K?F;@{>iBm6OuEFa7k;gRMY+R_U* z%-Wk18DU#`it=fIN|aZEENP^k8tP-3IJz_3cz|uzSvb>EK%pRAw=5}8ISDOXq5?I$ zfmZn;RaV+JutE*KRv%96b-(_D+F^HVxzLWUMGPd8tJ);)AhFNE9s-uh!H5Sz9nQUmI)(dQr3S9BOS4OKs`uyPq)IbKh? zPvUajho@F=>nbZ6R`?Y82A~^*414V=CPcfQ<$TlaBT77Lj+!Gcj?}=g@O|i3*~NAN zbkFLx>FB|R$lo|v;^ZOb^koFdpC0b=E0*P8g_I)N$PxNDOQbg4r&+8DO?(Yp7aP3pBU24_b&3!J1Y*>|E>Y)b%}?2-KS@{lkQO zR3oTNQ)q7!uWl*QKl=!EMfpW?@Y9Upsg+_s#Gihqlvo#MnD3FCWRa~@Q(1eg%@`eZ(hYFJsJcHb~) zH+wHwJI_PRALC>4BWS06Ht94HD%Sm9ps5*GY%DxIZ1gqE zcXuMfX<--sGgtTSFojtr;`xwtk$UL1;}{^p%cJm}oHmo`udbfl}?wsLbl$W{4^Z&^aY6OL1TzET&f3-J7` zcVAv@moy|5#FD00)PCL%R;BBEAKZ25uN3|v@b=bUURhy0Iyx$sF=9|>sBLT+t`288 zI?BTVbQoF%6B43pPxDz>w&CsmE(-K9gO*&}@N~a%yEs#^t4Mp%W}&2CMaU@Fl6X}2 zWKq~r#w-a`*}@D%d(<)N{tOmt^%hdK@#gSTL+2uf#m?ukB|R#+%nz4A*dmq?PAS*S zXvEZ!BKDFlEF)wlC#+f5^BIj6p$_ZYJnbmJer@xavQwI=Qv{!Q(eHwgDaZIhC&qi> zfW?`CxG@6U)qC5I8fjsCgfskII-y4Fe@^`_(yXfnGxFr}$bw7bP=i-(P&q5xV-l+_ znT1@ne7?%B35}f!NyQiu?&{|+REO=d7UpETIMK%qYYjE7^T$p1>aZ3X*^Bnwhwr2U zp6g9+-{wzb*+^DqWD1~g6Bw%4cAzm$PF-a2Bd5wu z|H`{Hf{kf{yIhZKR|gFp)+>vjQB{$^m+bN_0r&0xW;SsgV&2JAr$6I{S#OJq4ILny zhk^BcxSqaD)`3~>4sMSybHss|qogl!>C7ohsJHzaGrJeAHnLMsPga0$nL0kg*Y0t7 z2;_NB6yJ)e9a7Cc&U71=&sm<-*N&s!68SkZ?17ca;anq{DT&2F2h-6n{N_1e)kssq ziuJrP{Z=k#=cHw5UzqUYp9OAmPjXTVWj%4dV}1*vY*it9jxw=JNuDbL!eMJRG7Hy> z(%l!<(E~!4cTyd1W8n@gdp{UWvA-(ecK1H^l}Te3X2`QY&>ek1(`LrlW_`a3Ct3U{ zxaybD0mp=0w#uz*)+=JKe@+?&;)H%hn&J|6j<>qX{?L?i8To|FkH9f%%prR)=M*fv!?s}q^ zkC!aAk}xfgYZ&JyM^lXXt|(tB7F}G~F7D-Oh~f0i(Ct=eS1GpCr4oEE@Bfq5h zXU!Sg3W0ku-?{hFD}VTafivVMx$!%T%40W%Ie9phD+Yr`bfY`r3Tm)lo+l5p1-%JI z9RKC=irT3Vd2(Fcm%O4tG#9e?+D^+3o_F<4Bfsj{D;=~WKkTA1s`LBCoGDZ9$>&G9 zlUh(>c!n8ToZeHzxnhg$mbak#E6gQRa3VY^=Fg`MX0k>4Pb`#yl#H@be5xD-#hb#_ zwch}KgV+_-t`Nbwg5Zm}`p-x3o>->1Jr*WYw8GV_cbU=XrRBoUUm)TA0~I^;Y14d9 z-xGH7$?y!={x~L|H_Yv7jU?@bTRnF6{54s#&&{9=7W<9npm zU0T9JNI=w25{qO&UH6BDE4n5BkFk#ChnNaP^!VBX4vdQ^T*7R@Z+({_LKR;)`yioc z!3PEB8v#!Z*+1YN`;bN42<_BpCUeNdqTA%mJl4|ji@+N7jw5SM?+@fzE;RRs$pp6?1us92-EwPNMZerZ>+roUK()G|945wgJl+MTo4<)03#nK-Q^l4SVv% zzz*{TnSg>G%MsY`L~FKp91xaXzEMS6A^7t}y;|a$+@iph@Q);%TAPbVtz1w2GlG8l z%{M|V)Y~Pcs&=uO%}xTOk7HujY=j)eh(pBc(l|29_ZDW0CqBksAdEF!`lRxb@H|r0 z8ehsNzzUs_&g@Dg~Oe4KUD?D>dPlxh!aiTqOj!v|h z#g7h%)Xa+~cUOCgm-T?wtRqm(eUJ9=SR&Zqb*!epeacfX0cy@wov9#r$3NeIm1_x! z)wvFb%M>&QdyI(tQb(91y!kWgXnx==`zaHl2T0Yi>9vGl)72`&r|W#Gdy~>sJ{6HJ ztqpQVPe@=VtF);Lt&!z;Rnn2GGUE1S!dM<5J!F=a^lwIZ1mwSde#f)^V{AKUtcqt{ z(^X>f`@VT0&plPMwyQ)WG6UZG>zSROCDd20MEmT49A=v}*{zTSnc|^tuf*?ZByO=C z46reDeX4G6C%$_x&3Wjg$$cq`Y5}o(1O41cD!X`JwD!@_(3DeM9x7?SKl#zWk3`9y zg27Up7AsKwiz0Ph_~Kiu@sUbCE$a74Y`nfyZ4rIDOXAk28r#qgHM5cc?1&A6HFk&A z8<&}vJG0`8v3lw6nL5P?``Y`znkHA+U1!#t*2|JT+v&01A=%DL^9jr6z0X%tjIFZlaELS{G1bTV_W>>{%GObSJyc z1rxHG+IMHj{v;o(>V0%X-T(Aa5@FO!9qYPr2Gs2^h!4etO)>Xj*43(I``S0g0@QrZ z>Bswxc50-zlp4Q`6Mp$f2H#AJYo*ZJ2u*+Z@^I_Whn~uHoJL#dPw%%LOddegmzdUC zgem()R(nmo9eOrsV;u!ZgY29D%i5%AP8#P9h_<4;>aMt)lV%61sSU>#PFtd)P;!6?{|GI?iPFWQQz&@2&_lEk@Q^`Q^<6D+UAu z1{SHs;3v?SCdd`d%kp?h0xRzpg>8yB_xO2Ie+3IVQ3jr0_EVSnsiWCEb=m2%^PYE!ATtfK z^+NH?-wn5ZGO~EBx|`a1ZyBwD8f>XKd@ca68yiz=XN`&Nd9Xw)TwDy2Kmx>aXB_9Y z7&#_jd2^~RLLH;~v4Fzb3NHsceqdp1AC{*cTZa7kq4srIb|Yj!zTk`~|J)L~_fCp=_o zwWv9PYs*#Qi_IK-JnV=$z5mJl@Pv1JtDLoTzyGGhOAGXyg+)N*NK-hg6C!sy6*x3T zqfaT1+n>l;cYqY z*&W+Y%Af@H#1VGMY^DX3fAL;3&NHmnez@;t!hND-gp71{8gmT3KjKQt+Pu43_=IQl zZiR-UPv4kF;vDcyRkoQCn`x*Bwyx)Av!b`YAD(#no@`kPY7H72MbOxE5bTM#SE>d- zy)2ShuQ7bE|KTFMHtQ$$EQd$Q(MJ`VFYmX;zip-{)5@{L;htf67Xf^wJ=7jct*Mg_MOe6nG)o5p zkJeX97`{jL8Q7P`joQ7`9GNKeol2gXPmNd`Kp0GnyirW6+;z;{S@yf4Bm4BOg;(3EyygEJx2?@JI0tXq^omhoM zRi#pK!XRLO3a+r5RQNoDK8KNvs6oc4=(!@cxn2R!i2zwh|1qz3;?C{;O=e2J`!wt= zGVU2gD_K|vwL-tyyp43P|ChFNqb!2@IG9mrvb{DesA?_A)`M}xHWM~sx$B!*oLw?Owppvo0b2&pO$1p`fftLyU-9M4I363Uqcr;w;hVx3_2RI z>(iffaqc!Na~l(gt7Wll6>1D%vF7bZ=XWyoiQq6K1_sJfH7aEwcOs%b;1kf;TTfQ0 z6df)qz@PJUe?tvDH|bN!7$un=9iQ3CS_94&?3$|1KXwd|NhR^^q<$Y`!)8+4K2n|H zRpC1cwr62mJ$9Ml$@NHE^}UxP53`owXLl%okKiT=QgUVY4{e`)q(g|uh1;6W>9#+8 zG`ExdhS87_oAFVFS9oN%Dyob&uRQ9Ao%>e_GN6D}Zd z?!u4`ggjs4byAxBJhww<@})+>30DZ%jw#3WHl;nh7Un#DPGX__doU>Y_HM6U3u9vz{#j7uVMwruBs- zf_yjw#jrD;;&7_uiGd|xYlHLV*6(tVNz}toJ99lsbAGB@Jq5jKua)Hy< zNpsP0&P8>EfG6+9xgd3k)OO-^8rNQ}V?r^`pDYzP8Tg57k%3zTs|B56;FRMbcIiaz zF@D&d-=u|px3oc<1ZB}perkMEL+(e@VJ(bWHqdz^feB<9B-RL9_Bdh>tD|I~hCvXj z=WWDuz2j3`S+R-Si&oEYRTxa@L}w=96!HuV*Kd>VE3^viC7DIspiTkWY635LgYkVw zU;i~uicKnY9J^UKX&r#wiyXR}TI5QL4H2%%>wnPC_fg;T3|pz)WcE=_U@Vm(&4u1x zV4E!L)|14-6^tfu_K{dX{_~@1?b+XL?SK0Z_}wk`|J{Ya|LIDl*WyLlCMSK-dANVh$;_RDu3Hd)?2>fl}|LV&Be=Y?6OW*TqEDjYZkHaBx$faI3 z-pI)D(5IJnc(tbE77s`|HhHtffEaQ9>Z&KQe69);zW+Y-4jdc;uK$>mj%W}uays1_ zmF|4+{pIQZ`1bQ)piAuMAP55M(hRe+j9BAOhps})#ba8=?3v^ z%|PZhQ#m`Ojvlw#V1%!8Ysi00{q6Yg|Gkss+6!z|<*^9y`w6FO2Q`{Xn5KNTGrmRW zW?xOn#wrNIz@LSr_%9D8mhs~}GJ&}DUIY*HN+e;`^+Iic7w9g`k1?)INuJddhd5;IL*$vsN;9y8YvFqyT0SP!xS z+!@|Agqzq?kfq=!QBMB~*s=ML_P8g@A?pLxvo8aQ6$8COL}o|B}{?~tV+Ms zH!NuLWQrZO`b5P`p}|xj)9N|8dVyne{Z`$O)E&*AjP zIaN117#}h)gY-H|U)dI7J&Me~Y6~7;c;TG~C( z^Ki!c?)Mk|o?c_aDhvfc(35LIH4(I1ta%%LrtM z78k#{I86KHS$28SvxYSO+Fwj4J6~-E-PfzoX!9~LZhlWRH&-loN*ABj;$?x5bval( zO2|DP{$X16!>V#BfDx35Pg+jt`av@Kk%8*~C!K};vC)%R%9KI7T}goAn*XVv+_wCY ziaFK~*kTVJh8YIQG+N|Q7(~UhLc8uvSNiA^NMhg>>VI4qfn%`PgEnhYfQwU z7K0kKCeyudnW>5L{yd+*P^U+hQD+A<=ZeD{tF2I@D-3 zha2bfi9Q)53np==72RD|O}T|h@-5~|UZiSt4E&{`W6!zzbbay4Brf#o)xJ0 zXD1$f*YzZn^Pfhg{ANuXk%P zgre2*YXR0G7g2ATIERX4qf`fIQA4?sV~)A{0x^)Y_dx3&@BZ7F0rNuBGQ%J3>VP6(0@Ul%xm}AZF7ij zdX5y@<_CZNoHX>EO!#YfexWo!N}f_e*LhLQMWB<12M-yK^Ve!CC5yA5)6hy!NH2Wn zl*VK40QlM$LH6#d^5tNgpfWCRzKF!d=ebw2F>KAO0Q!>{0{tmg_g5~YN=$dRh`ONQ z;NJ&LPYU%Kyxd$AtJS?b_6{~6*)mVEbcW*@G#jJmE?WJs@mjo&dz)a}r#BbmK>>G< z$;rtrM}HVBAJ^N1m2ZbU1=BR=0otXSl(Qu|oj|K#O&uE&zJ|=y(&NwD*36ZE;NZZ# zG4dTvr&wEdcx%+$JWJ4t#)4pnY_022T7qbdc*9+^c(abXda;h&9L4PmR4J|`im9Jv z$u~TCt{QKhRKG!99Wu;z@2d}*KJ>S2R*cdVWa0R*615NtI-#9iY-VxROGQ)FsgzqD zBS0Y!ezlP&22T=9z9{|GtPF&lA(tnG9Ha5w?01xnVOy*QGMxAI8utff%=1})t}xCB zl6hc}dnCHI0FxG$Gu4e=lk9rFE7Q&-RGeV4&VWxb2;Zk;%4*dcSi4BzgW_BZvd z$rgqx*7LNX2^-ZIuKTK3p;_weIl5a>Y*Ic{IyyTJ_Zyy^GT2opK0|Z|N@`kKEx?}o z_zofd_H@eXYQIA1F%G8Wp&>7)#bT`GLi|Rp-?*4^1}FY>-neN_v)fx1##m>u zb24UMWI5;n@iR+$d77}f1hO4C1LUNo|7@1%3Ap}weS=NGBJ`XdLLLJ#vZW{(OMOm! zox!Uv?{&CJBUFS%I8#9)Jld5r#*Rh66|apd_V5*h00}O&=--|oyP-fwN4#8A#@ple zfDWh3=)z_*keljJB!ys@YFbNInUUW4F;s5TL0k!Y_0bbziz^(4QICEVJ!jQ3II$tV7`&tvq|!u4N7Til@*d+1-N6{%P%-2#L``DV(AuRCd z`NCe36Z-hwbHz1jaN80gdgNkypG*9SptW} zP=Dx?tC<;HmHP(zOA;+LhE`qvOM6T6g~X@3>&i|C)~SLhaj84+)4OYT|GRUA<+a|p z8HCSxy6Be%I33_|IAu@)HMxZgT~Z2!uo(O?+a|dsoDkgY4Ns6~MXVNLTfNH`b4R(o z03EtssT?!{;OczM%d7sCzD|y;XRQo8&h1A^Icp!{!Tx^stXrTvm$VJXNIJ)*!Su2mW0)6O|Jit3j3pM}cwHc)CTJ zq$|yE=`mx$KPweeh4blcw|{zJ#Pf}TtXRZh;;`r=pA;VF*Ve4f75brzbq-xqU2hKS zuWp>>62>TdQ7TMYy!Mwvr6u1i*kmGeNP|eZtfT9j(9vI!c+35SG>Bs9z`4cD#&NQ^o#?12d5%|#t*mXka{ifw(a(PN55Vb5AyZ0O6U$mX90E-&J)P=41O5QjWNZed z?&SHU45qxj;}q){%^QP7I9KQIc>tZGVS7UT4{M& zV}hqV_h`I?X5~rwrGB_<1X-6@*%5TS3AUA^8?o02|CMzaOnQrHU|{&}xSUcx31Fhd zzy#31{mpkUgPnbEt}Fs^i;Fn>)D=B3ks+o&-|EAyoFqhfi%T)(GxzcKEUr+e1ih5C z?AfJ)-vi%12&4Cr@josT+UYSI`kV|eKOk#Oe-N*CGTTS%gO3x$yFXewAY(A*z?E$JU0k+ASIgdP_swQ*b=s3)D z1wSFy$a>@R1=<^k8|z!`r9n>7eA(uHyU+hNY)#maY9p)x1nheu9aCrchWX#VUZtwq zZp}}_CmRt=cu}h|>lQtF{$Y`XHTMKEz`gy6Ut)e3^=m!l+ajDt<$!ZXNKYHT#^Y-O zW=&U9-)H5u$|E+L7c;EZ5l+NX8^@F5>yL=MM_*TDC_kwCO>R2m@E{O~aC;W9$DnDb zB@-K_!%11f_kh~s`~M*At)rrf-f({v1tmoq1O${0=?3Ypp&RK&U;v5X2uQayh~&`S zjYuhyL$`v&&<)NI_xSzZd)K=E-1UopS+j;Y=j^lhexLVwKD+;ek}6|q%4JGM8_H0DP8@+FHlP$b*);IHm2M=AQ$ zSP1JfxuBKe|(RQ2nEp2p<6q;Mj;>DPEHrYiejlEDI@vI^!tbBJ>MY_ ztCp#*(&HB!BS}f5>o3S&5-L}>9a!J!) zk%{WR$~1tL`}gk~blO&aC%Z*XDio?_VE0Fp${m`CPmSsb`J(s)TvmdOn_U@r=pW42 z+bP7;EKiLZ1l+CAvgud%ASdnqcv+O`RR-U}{C68}ZZL5N)|oVpF7}O0+P(1t7k!5A z1T5z)bV^NxSDdO=TY~s$c8?Cb@1mX~g*~mqjhg|^64Ub3iHi`C6xQ3wiYmjJ87FbS z%e_4J`PNgiJS(*KJE)Gi=*Ndx;a{!xMV?CrLKX(yZYM~I%udrmPwVIH za4rs(!|le*Bf{QZIM2&ctCU^JFnlFm?)1@^LjOhQ{Cu3^+U4S0(QkjlnJrqb%9N*m zX$Awv8?_aPSs>&;m-H>}dO{)|$G?eu_Ug6k9&@2an);v73zMzTY|+bK%k9mIIdm8c z4X$+iITuE=z{Q?$429r*JB=L8cGYT$n?je-_(1nKQOdvFmeY<}CTId=*lU$dReMAW zw^6erA(t2VO=^dr%K$hi;p-^zE~UGlbkx8dwP=HOhDeh&(nAP#Lf#dK#`HmY(hB>j zK6gS+7Ke`&#nv?H=1^|$&Q{OWT9I`Kx(zJ)9KK~-{s0a|g@vkAMfBYig{>_k0=@NA z_c+)ti#w5%*zE72X|{-%7(g1+ zp*@S=i9XIy4WCw=Rm7iGJmBM8b?v*FX0ky8EToqh;$#b9c}t|FQ38soU=55LzfSw^ zQa4%gr!H&wqcA~lLa*dADQd4>b<8!?8#)bx&HazbP{fZLM>Gq8%E^QL>u^*|!}%*w{o&=Sf^mff5ra=JB~ z%>&dyUg>zpQ6I3Z#9y@?@c{x3KzA9$Vr*gu!_Q=H@<6g+OM42qkIWx)-5YUTtJa? z_if-~P1CakRDyqhP5(@*X{_(BKu-3Z@`NqzlKWA=erUS5O^!NaF$q+ySgp}os1DVt zGNIt8o>5a&EP=*~ge{9+_jMyPr}7Q8k$Mc*cv zBM98@5PTmgQ3&vV`6A?d($E69d%GttB;obJKC?4l9j#s0~i=nDpRcHErq0K&@+9ve71wKR!w=uQnIXGZxllZ?ys*=6=9 z=cqk>W4yn&PxLGnLzC`UAeGGG>R=r0;2A}IKdh;&0YGYe5tAw?;^>1Vl?7t%^p-*@ z8A&A3$r?hs2`JdYwaxbjrYUwXg-Shdh9mB6ymAF$MnpXT0P0Mw6qkNsJHl? zbjTK;1I^TOgI~g-8iC*uFCCWv*FuT!>84aU>B!jvSGl+t;j86IZK}RmAF3IDw`Z$r zaeMQxEw5fDGn=WhE7Y@z&-z7*?CR;Imgv?qV&ZQXCoklnuv{wE39R#1`-XI#-W`p< z{TLn|ZDHBU0}-w87i_%I<$2;jq?N-T3n^ac_Qq3q8_ZxVxkk`;az^+2MDC*&B|Z3UGCM z&eFKcOjrAG#ZYpaELm%b_sfLGeXUgB!lmLNAAv^~b9O0_^`>!|zg z(d3MdycfHYk3stK+rIA;-xKH77n#Cv) z4MZObr9f*7Z))}0=<@Ge=j&Pnfcf!p&EwX36+z9@&0%6ep|jSKx$`p$-s7W*_4h$< zMdE^Gq+feq%eE*F-d?#|S-85!VIlBvmUSF>Jf_G49^>}yW$-5O+TnBeu2pw)zCAgk zpqJEbJ+VoYbTcDlR>eKL(Z~_jhQ829Xv#u-?6|xfyr354HbGTw*AL2#0cz=d6a=&q z0|`AC{l4L@Z;mK8fN~o zY*MI=M!yvbs|23-t1O2oNlDSs&)|V z{i<=NnsAZ$95MMU@9aYV;FWY%7>%P)S0ZI*VBjLR&#km-7LU@t)6Y~6j-Al)t(~RX zkcABaw|Q0($k~%;2g|^lg)hkM>H78-nn{b#1hfy{olLQuC0umIUt;=VD6TrO-`Gk# zd>G})XG&(Lmcwe=&I5oO8=pB=*g;%&o8{lSSM&*rB^VJje2SYh`-=vx0U4t?GGqopUwB27L~tV z`SDEj=ciZE*TQWxvsH`t?j!j1b$bnHZxMFPCM_1yf=M^>@&Lbg&}yiKuir3rnsoB* zO76$X6%21{%nI23oO-DfVDf7gs^3MkAOa8DRzOA`&4=I@e8d{l8Lx1dk9&)Y%J+*& zX4KKjFd?^-*Q-9Fias=bIc1nNJt4a^tH}yc zKz0=+oC!O00$^Wjpj?gFUmOnA#Vu?qO(31drjQ8XW%;+wHZZw=U#i7#-<;i`<+00R zgVbFYtgrKg1o;nnj=5SXcK9!$xW4L8x4fvgyLlKKq~A;~#0D1Q&mh z+U#Z}BD$~6H7YO8WC;WXaj8VeZEZJO0&heHG``RSn9OlhyhaYbFqF%)h1)94E-~re zZ+#MJk0OYv#R6oPvL;@z>4yBe`@2u}T`v`d}QP3-8_K?a|6!2!3{(#g>4%^>Cr_&D9Tx@y6cY(|j;a zmXG}!D7aWC*Pm%CA&l6oRYE+AnUhY zTkQ~MPi_N`uRb{N+D5)uMKwCf;vMvc$6Nl&r8_#Ge~Fns*`$`mW7uXl%Kl(kyI4(u z7Ww|fXqS$Fb@JxyPb5+D3^fHsBsd8ayi5EB9L;wSazffa#yJ?>ffIZGE|Jxd&<*J| z{9eH{*S2#X{dQ0ZP|N4T+*Qwg{}Ta7;?b+aBzHAQ-bHTZn0bE}bywxw@TaS`?k zQr}@K^u8Uw%c0`W+kcPR6Sf`6h#n%j>&u*G`^DVokRuL+&3lsOdXfn`UoPhJ8HfO4 zVh=cs8&ejVZEAgc{Yop5FCT>admoaZ>GVgRf6tMWbkr#y3i@XK6)gDD#L*Yg6D+*N z8oGX8)K_k>@CLr#-i$XWS^YhQ29;>HlkPdYa9f^{KNk(q6jRuieM1(^lEiegT~lB4 z=5$kykoXy{&t-~okaXKSyys%L`-N11SU<&MK1iNcFDjn_uA6mnRo`)p;9c(U#qssr z8W`G80gnq-qZE9`v>~UGn)^1y?*u1{4lPBNJd^9apJ~9{xjO8iy?&F;Nza!QDsslo z&L?=w^0n#x?+3&z*H&QmE-#&I}wUF?p3q3Y)eO<{CaLPvt@xT}IPoYogD^pbtfSc3#jX+Ok8rv$>rFNJnzY`PPGN_eZjM z*;Y=Hid2aNAJp5brb#L+>Q~qk0`Du#Lfh~tqbBU!6%s4W4`VUUck&GOE2-qzQt^qBB#M`Po3YyM z&`b#WCxV=sbT+lJt0iC~6B^Q?`;gI^M@g^_T;oV%F=%rt?N_^8@|^{Ff#E&VL)q8r z+?5&S^-ma^)d@T&iSrAN7dir1Mdyfp!CrLfBCUG>gj0w)#(HeiGT6aok|6}<2=xY{ zqIpju?&Yh#>mz%fla7NVwxt3!)<F0jiA~?3vBd8W#hBLdaZ^ z;$s>x?vif}|hW8ZiB~jKw1D&Q?D6X4a$asB89MGn_{w@yF z`NBpGu56fAb9cbNJCiO5MsqcEWIW6^#kAx7lP+UHwvn)c-OKNUy}v$<$_@WnY<3Dq z98Ntw-Qto*H@S@GEyqu!P6_3z6S-_(&zI@qIQTc0;t@mMfd@5|PST4vS8ZSOOF4c- z{8c#?&65(XG-`Siy*ZLBuS(?+YuaS_Xds?~gXi&g>(S4K(1r26Lw6#^-{13YlmtRh zV3P$QZj`P##v(JzNFj6Jh1-e$vM-TgP!ob0wazv?^UtMt6pBsBbtKstnGUPXO+=tamF&=sc#djS`ZD7r%KmGtWy1In z`y=o8VG6ezbx6U7?YWWalrP3}uZTo+XCxIhdcK0$o?ioZc2DEn67fTJgm)Y9vFk|O z`3I+&2v4>+#bd5)9=LR)E_g}F@LGY?x{yEnEF${eQmAW4vgn_miU3x_Sx@_k*pnqtZ{#22!^rrX;UW7AO zqkkr!D>DGZJqRg~#~&ie5QxMG@6cCF{OiyiTx7sTqwCw(_NtJ-2D0Qh1 z=w}_yL0c8&=j~?~isfi7wn6%%5P|3Y$wE?w6ewy$h1&cZT^B};jHvl~+lY0wum>e7 zq$6a!1*K4m#w?rdOQ|F>;zgmU>eVV!s(`qg;QFo6w`*6mBAtS~5}+%kk~wz16RbOc z{&0EA$!)L9Z&mh}Upg(P8Z5&T=|z+v$`g}zqxtgZhm%F6y;`QMYMFSo?RRg;j~>Si!6*`aY`Mg*G*>~fhQd=`Qj8t_h=`!eIN(7@N(21UOW86 zL5LP!LFNxs6eO{mBMs)v)3NFKF9>6Sh&I@6+{~Nb`J#AiQ>HMB;LpE!UQ#C4&+j^6_XV+v9Z*qK^` zo!k@Og_R>U-;9*V$U!mOPo^9`3;U{WtnTkQPt?lzJFm8?Jd`BS8hpEiyj{2kJpW=V zr*Xo0o~BEhn{hjB-G+qA-`#wFUvVzo=%_ng^tNE#B_`uUP1)JG;xXnVUS8X;-g`(v zZWk0TKJl&f4oSV1G1~r(DN_sW*Fmvq6<#~bGE8UZ@`cbB$WSi%0fa0B#9dcUF}kCBT3$26LlQIx_|9qVO%_NMZl^2N zpWxZ&O@u{BNmFpYmTvnCcXC*gPitCj?3yLTR-JJ3pFLRKo`I`$Y~0ZGN%$+S1k)%BBs^0|&8ecAL57vQ=FvuSsk+Wq@+DI+#gCa z1X?Hm*s-?MOh|a%LCQ+-?9+43OsC#*?Sh0xNbU$)^#$gP&$D_C;L*PsrYOR;T{9I! zH>9*wBNUUxyyd-8^_#bl=8g58$@1c%EtaD+PMFA2yAMHJ97!MGi8@;(FTXK0ZM!t? z3V0PpK$U-X?TM_{Mg+%lgHz{;)78dg62{GrrdVo}1}reQ8}yl$aj;@-r*tWY(v~{4 zE~iRR+x;7qwh_;8{?fV{e9%c!;{c)I3&z9g&Z&NZ%8dmPD z;LS{wXE3~8?M_=YAorJKe)e~~-Fsk9*t6FCMg&BYajTIX*ILOl3O!$FThQDx z{{k$v>X_l`2zwqpw^faoB!XzgI!?c~JTq`FDERqE$uw~t%8BgrDKL4&*5+FT z#UGH*-k$oq$GJ>A$xfw~^ZN{0&ur8XF<=-QibEQVjv_h!GRrSsPA|gA=Q7qT*)7%znE(!|kkC5vXOGcM<)e{nwv@>S`m_p;;JOmq zlXjoG#9aD@hi|9T%-!kvt)ME4W{DCbn$NP6=WL;aLN!se(>&`pr8(0yrYQD?7PlYY1ADAZ-X$%<(p=6Thu2=ZEvT6G}zfHF%@ z=2sM@fll#9N7I+Oxiw8wCHm9$$=rY5^ZgOAcw7csZ*~b+bLMrngIR(3iiu@Q3 zP(qp;UF0gE`z=TP?xBSk`l-tidYes5zI9KwFmu1{QUqdh%I|xo?%R&82n;HKOVZnk z5P@#{V0eT12>eE|@snw`YG0rp+*8+|UHBK5#vO|D5AV`aPH%x5X-ZEM@H3vF=A=ea z6;k{)zbd1_)qkp~hCQVD+lKX&eFqdDEg- zNhwmPkNYQS!8J4Z^>n#jPsxOpoUx|qvb$UnE9Q?+;6a3|KGxbq5gIvkoh9)lN<9xA z$@=D`a%2stoMz1N!H*g51e65|Er5rb$0dFl# z$!|I5BC#1tzTfP+4DpK_{ppBif^S)QF|!OjBf!Eo6f+g|`4r#gd$C8+1`1oYN)xJ& zy}pS12W^3Umr(|DM#NFJq1sw*4w{BL4;VssG z$4k?zD!v|}Vu6+KFH9|_W1$lYlu3LMad8uE&*4(JrE6`ul;Y6d3>B6A_U8x`v!Eb6 zOj|!(i>!!|ky5l9$r!d{MM-74oyuVpA%TIpw)7VV5v$6p1vSuB-!C4^Sxq3QM@<>qFK@Sqp=QfgFiI9%UG}F7q_i@*89(L@!KU zVL}4FbeK7QOCm)EuCY8k!i7D%FGjX9!rk)wJZ5Y&u_XWeun)V@hi2_7s6y_7O2#C2 z9xMS=q1PFoT;(5<@Dx+665PMP)@{>pQ-#;sG|ui?M)Ib9mzZklEKAJ$`sKymQjwQG zONrbfP|9JiFdMSYq;7ATBfv)<>1aPyrEUI@n#BTMw-kL)09mRRydc3hvU zR3P@a$|#f?x!3YBiKcDxyvF~s6(>42@A$>WMpqplt~j~MQYAGx)pQLOxnj1Wy#gh;Fk+AnTb@b71IfXGrANW-xgr@83;2_-pak*joA} zRjTP!skJJVC$DxV8uL>dM|C{F$H=G*v;XfRthOJ<16Nt^E1d)@eg*}(SXpT)j?|6X}AayjHi_( zU5zaI&_eIHs#^(BTIYdEs@03rD(}v`(kzK{wsqW@Dw845Q8)&A?M5(WSU7e;eSN&c z##k$^G%#Dl@=Zw_MV(Ur-W?IycC&i-Bbi0fAMO%_uSAXb$Q(@9F|i%K+QjbYPN#BB zq_vj%c6d4?A#mB%pfbafC$>#0}mkT-~RdG>pf!j+)i(emb0!IO8MD7)6{gQ^z1j*^<>|A z9ejH+LVrZM=HnkMb3{RDMWE!TWbC94x~2AhrI1$}KY@N(xq`rD5zEcDkX-d42%^8~ z@Pkx7gM`9`vnA$l$vcytDJ1V}?_uVY(r2;1CkGEp%PK0T<9Q&jj20B;P3kRoZ4dkA z*hv+Z@X1{0^SgR}EYwg8+m>qovii7*IY0Q_z+fj~ZD{C>ARsDAa*ciSr{ME$im-Yg ziQk}SIRJQkvvMzwaBCX-R>%hy6A>CK_s!OFw|DBypUFA~KUP96%*1%xPl~|=tjP4S zi6J70wf^Wx%8&)knsCbT1p|Y0rP=Lw+0AOyI|g$#qeNt!*P$>h{M>S5g1LpceB(5A zaKjs^ju$2!iXElZBkFx14YmwVwwh5cWM1sVfZfXEU*F5B{o@(BZkn4rl+D|(djlU$ ztk!wdtXL(}ZgJ1VY4AGn?PXYiwsu(ceMLMo98b^K?3Yu&;LaG$hf8{8t@aVwh{K3r zKizT%_32w()EdTv2RgRGFQBn1H+L2mJ36I>{%lk`}xkmsnwYbvYlOoTrnMNaFyxp*z5WE>|tc zIm>c%tqVe_K7fgMKHI~9@S8N5cNQj`pmVteq$zL3psNf1L!4;+XC=4q-jt%v`)w|Z zIw$@i#&BS_5~xgK-kjd3D9*JCG$o9!wI@)loj)rs-c-Ms&)Dl`DP25aZT@{~_gT~j zKaJCLV7*x5Dftyl6JrDurA-%GAaNrw;0(-GnBj?f?>}RidotpI`}lG4Dxl@ktyM4> zDYaGy&0tdhEPZHJrb2X65r#+cF-$G9Ky6nq|AyOVCE#p(Mb|2fLYG+)P~p9CU1|x^ zuQpo;<&ubqh^brY0JrMWAykp~-y@CJvu}Ods#6<7KT*MF3n@a|eGYs7IPe~UUI}ie zdjCsTOq)C<+^{B}PrCuq`z3Id<>SM1s*|&3;_(8?U7XD^wW-S@RbOfm?}4+7`U!0m zerdLB66M9d=m#&*z_S5hU&_LOA_}k#rpHI`zjo!mCVkLulk}KoKu)`kyoh|i z+l_t+xxCZp%oNn%WH+sQV^gVMm6!PLC8K;dJ_CwF3lAfe544cQ+WA3u#L-VfJ$&)d zm0@xN--b*)fp?<__E!=P6n`}&Wd>WSr-xpg2fliCz8usOvObot9Xfj6 z#s}$z+px#HKLAhfJIlR~2R47xMvXn)723R!MpK^wN1BSWqc@kXrgHawtlot%M@a*)WUtF%ctv<0&84Dbt7#Y3#-AcI=pl%!VIC&qU_2uua#A<^1!lMIAV z;2N<=gHu}WWzimfIb6P?D3jItdktZJk>c1v*{+kQsAz9rUyX=;%&S*zah%(qpTP7a z$%0-06#e(;;A@|kcrc>2UMs+lFO!@Xm;9}z{^bGAlzjDq_fYDyK;~QFRvSNJN)M(L z51wS66inV9<1w<>5svK|E$2Mgb=~NjI zx-PeU?ddUFIt6!nl?@gDedqK`jVO|e)yV2A>~m)(?uw~X;8cbFM^Pkf5r%Sn1<3t& zA9@45ya3^X4gm5anI)-2Mcn^DtigUo=d6C)GhT^zykvA)6nQG>I`vq*%|`)99nR?c zpn?7CEaDVaM&GrrxEvg1>03HNN?3K1o-2^s)N`v8iK<{er53k;v)S<%=iTo$IjvNd zTFlPf-th}{k8F(+w_Lpu%DJ6gHUeTANngm>U>duYnAU1maJx=9G3P^?TAnG=)P;}zW^3gni?<_bX%6~z8_LMZKvHq$kyty*#|Dg6NR-0yM-cZvsLDU zqx;5QBDL*8qDo{dg({skk7X`Gy1*?g79I_&e89gx!l@HdzR>vcOFFlUW3VH2YnyF< z5C)c)(ag$<*`LM0>pw~zmeWyR!~*GUAH00IUs9{-hxpFC?AA1u2aL%SY=d^f8t1>* zzPYcPp`YKQuU@{tY0DqI2tpj!Sx-F3wk6bRBgph3qDVQSM74!cy`<>RVy`($!s*9CH0KXZKXa7>nbNg@R{_W3zwklkjF z1|k~FQ;T+*w|cUe0XQnS*bV3t%9#~<&4^Ve;&2!+21c%`#AYgwopE)xg5vDFLN}+u z_e|RBIkt-6ZM*lr{48g-TxUbX_s2Su+`9a+tbwN&m5Rs`heFou?s~hsM5FHpTbd$1 znwc)B>vKv0slzYg&^CF^p`XI1o9j!hr&p(A*mGT;OsvYlUG?F)T;Pr0wL#(C)PTY4 zTnmjvK*RtZ)y_F3uP3jpoIHgK6*1CZjM9%<5qE!~iLew_64Enn7@9nq7N}tJ)3I87 zuH`L;Y6iFVuGkjg{8U~B%gM{2q z8EBL*HG*=w6fcc{uPdzlQEi!d`A|tY7S$2J>w96sRN&11m_-gI6XV9WCGkV|J^A#< zxR9Ig&%w?2pyk$(WSrbU3Msb>5w|rYFwZ}q! zXXIhHG=&YSm6`mt{j>THu^j~H9z6lVKE!u1|I#XVg-y`p@0p_tV`+unKgK2lSYM(X za5r``AGxh|=o;F}la!HNUAbRpBBS#2^N&#HPKl8_cCwd8yJEAsf$K#=?k5c$Ich0= z&O|Ic4V_7!x03V_Zt)9M1@gFL_odCd_wASK&|X)owl5|>SeA6z{{s}a^{y=6QB>r;~70I485I{Wyx=C{4vKjq<;d?l3_Q!uS@(zg>w~PfVS) zt@O|_#|S&b*HzC)nrB2l>`4WO-Uc3LC9*r==AU3`?EXiW^o+s8+qFW#!uve9y}6Kyh;M|#gi1-SEL;2@wObs(PxHH zjX;@xc^Cz=z(^Rt7>Pjs!C~PR`s6(rk)eJgw zGgn z?S7-GiK(epr6WnAw%`1x(BmC>Eu;DHc$%L$f4z4X9=R;|$d;#aXx6;BeZSkz0CV%d zIOr{kHS+_C`Vu&^qsbr1@<+6J9}piNf+pKve^1Hs6`SeXex$%hb)mrTZ*rjXT<6x! z$mi5nja#>k?#QHGd833^IfV?(uXotsSk}@av|f33Q)SRd33kGRlL`uEjLhWrCz_7LZGnp>kf%RojL0g5!n7C6@O*GFRQq~I|~3QRdM?)k>|N+1VMdT{92PIx7d;?W_m6o8PJaIt1yzNVG%)7dx- zqYTC(pb0zFyHUVp{IdWlm-j*n3K&0RDWy3I>TLH4G#Alm@!DmzmDR7hDjqsrw9Tos zoN~B9d2NhQ_~Gjc2LG*VIIO6wIHM$=1T$)Ut_%O-a8hN&rJ7C74*Oh?Jmc9a`^l;h zA-kW5I_7-f&6m#3kaTy4ZT^e7+V$(;|ivg=Lm%&-lx zbqxiK;_a)wkn}qvx)qvI8!txuFAo?rzAUYEmyXE4q6FR6dKrxT?Ch$^5&05graQe% z0$woZv+GJ@pVuB&?_#Sph6S`t{`En?*VtbEuxP~i=@H#iuyu$qI9xWUv;7eax^r@^ zBcH83|5_>!aQ;i0othJI3!oj$k!8i<*7ZdH$o*@##t?i7Rx0=azbYI+quX zgx~eUz{RHZla%uO0y*#Ai8^0TcJoHcP;8QCKR;zPyINI3Eh}|u>3M8*Xy_EFg~k0_ z^6YYM(}i8i#N2pHzcV*;m+IEHjpo1&YV#4hGX;U2ZS)CiY%UC59gX%A!@q6-tM7q| z${RnGR`sJE<$G2)Lx~i5@0Y}_tiZ6|9b7-+b6X(>?qG(+UTWl$q}gpPc|NQ6w^yqP zPLu^{pas5isDJ}Dy>I+kY(=V{U!=mbKDk@T=P6XLkdIe$InGqjA+*MsVahVK?~yz) zloG1YZ#THxVfN!6?yoUsK*qEHZr3*77SAnCz3OAxNN{K0nCY?8RjiTotx~}aDSG%~ z`2`OxnE@ARf&R6v(T0acoGxBL_(Wxz_kN+;gX^#f0gtr`d|y zP36U|3>zh1#vAPjOL))eK&J{5BpYHhMMj(d+l%!v2qCTYQWSv4i7ChH0s}HrTr|NT z=&#?C>w)DjclLXrOjmX0Up`>?} zIFy>6S4Uce4-0e>p(D7U!80fXtJZlQJBC_(D0iKoZkE*1na^SBasB473=#q7FZ!Sd zSKCd6^zH~OcyGtNmBGqW1^Y;6t6*-t-!}^3S7mZgl}!CL!IK$|I9M7{<0A)a@0X)6 zV&(#MAU-mw*s?F;t;oo)PkADwd>+0ROMmkf+w$tCOVv-0=tAJT`n0$-bLNH8@Bv)@ zx$S!G$~IlLwCKa$ai@xq5Qa9D-NV`9WIKcuU}}Q%*59^i%Os)>D>PK zaf-8=%F|FY5vE%&;_ojG9b$c|&CG4r=YxD4}fuSwVzm~GbO)GpV<8_pEh z-;;!45Jyhrq$QWc7llp9XNtf`ZAXC5jJIm9tVTbJN2^H~PgJR~xdYYFO)kdkL(}D! zPnROz%4jyJI!s^|qCG(K^1(7u<25rsOXEB#SHgk}uJy4F0(K2T0|vkf zUG80F<=L%dNN9ALa(DUc+WX{3C>rs=k1X1D5$g(z;=Yzmk!$~o2a_!#0Ff&N8#b;{ z>r}%wvn+9 zpbQGQgArO*HD2}2*MAh4eq}G-{A%^44#TI76m(mO7?s`8EY+)I1)q84RN|aj+XU)_ zpY#Sr@JW4&@HH=gnmP~>3MaCnt*rvpkAD9{iB7*Lt#h3gffvk=y#)j;Ujhmaro;_} zN!3;M$yn3WJ5$qY*X`bwnF!BHq86XCRRX0Sh;I*Q*wU;HIzmf~Dj8KrMt&vC(BQ$N zdlCIOvbh&08|5OE(H`&I&X2>2w?uGhxs{1?n-W~bPL#;pumO?jioE9yE;9{JJhnzT zE`EY@z1)X1SCMEkwy>0gpHu2%8k{<5Nv>65VzZXt`hHlhYQ3m5ZsxR%3S6>^?YdN3 z+3nvhm*36$t+GefHxMY70eSVib3!F1Q%hFR!AV@ts{BxZ-OHTQbxm;q7b)k5zsivn zz%XeFxmby4WWb+~eUxBhSnA^NHG3nrRF;sHt8>kr9Dhifhd3MuQrAZpZ1; zaAKhFO_THdxIAhZj1rkZS9UWGLV_{bQaM7mM7Sm>)Y&;WWYy|dI{hNft5$zio;3Et zsg@B4iKUi#EYD4jH`cNbpTnszMF>W+#n+2PT?4&{fzRbSU!SqzV_6JbH2=eOJ+RXO zA|Sdhlz*_X*hZT1UwNh%*uJG2UOFZP!}l`pb=Y|pvT_Y6jL)if3qA3uL^@JiZ3aeF z=nMj{F#M_m>Ey3O7vWOp(t1MTuLKdry6XOlNXmj^DD1+%}2!XOo%&kZsLbl zA@4%%h<+hctjek<^CLs#7fa9|1KnLwxt;+Etn&N4LMXj9hEk^e7eQM?7}zq6QcwAq zizZR-RnBIJPGu*GeQ$^4on%)L(H9j8s1^n{YpIw{OG(lY~lGop;@jhvGJ=b2uEIZrEA!k}HpS=dgwP_=#!3nNN zBb)ufTd?Gj9U^Awch`k`ykh?>sBqm})uY`u_Jym{b}-J=pw@#V3>ToHThL2hE{L1@ zk}ecjfl%egZkd3I*+hBn&MUNGU629A_isB3{dLv&?>;RQK3OmHKZjWkP~#aC&!cK#@>oksGbT})<^wex#riyV`Nma29cTURt?Wn+69fAa!w(%_= zm+i(-Ox6<7cs2xdIgfDQY&^VcOB1{7Vt3J4tYHG`^2rzVr*xa|wY*3Y1g;zvE`Tz# zvaz=ofPX|_!EqodJc?m)a+z>N0$rVKAAZ2pd>wK5UiF`i?5CsjYGhe*U76Up^sgGvz$f|Rz0Ldqb09wL{gGaC<|W@f2iI_1ky$z0m{<5i@8Q^{tBuQc z+PQB?SZiy&M_6O4)he1gnz~4K4s*jMgG0S3&xH2Xm|@Yg5n0}uoLekb(`?fRzpXos7`O-WS);N3 z(Xi%#c}7}VKIgd?KZdMq#u81ZNU4Q#s}N{5_oi#wKP7x690!on*+!nVWH0s zSg;u`_kIImnfy)>pZ7rE5yr*-YCJe;SS-zH<=--aKZndYb<}AAQu6vgzy9Ap%>vU> zdyBx+Kx4sI^ZpQuS`et63oGUXLpP$zY3wXJ!~+8ZYkyC-j^=m5we3bN;OJ+Csz1(i zk}&=e=Jq7x97%}TjEIe!oI}I6L;|jXGo>jbPDvouubu2MRkCjH)_%6 zAZh^%Z2GDEql^4c-e4dr*z%M=Uh7X_@Q-`xuYrBr%4Hk_Hk>W%$Mj-oC7;xqTOFV8 z3R?g8{A9XJw;#W|vZk&50>61Uvzi0OE(r@J3pgYVoO0kR_d?ot&Vsm4lVefzaqW}G&|4#@) z;D27%|A7Jg|M!*uuf7rZH+cS^fD->R%KmR3thFYgp$X!1fG~i@VAi`^)U=aMwJBK| z=jYJIMz3dX)W-Y2BfIZfasP8~wPT75e()F|fi7YY9|Dp@+U@ zDqJ!BYUMr-%bleTFXPYJ2TNTcV~Arx%Q;O@1K?{FjQ-Dkb@)|p!v==n!BIkYS>9lU z@J0!)c%~MyB=mFR4Q)1k1X)IZlal&=-5sMxyP1R$kg#PfSd_KVE~UzXFt{sECM?z(0n3mT)It?Q$?b znAtbpmVEaZq!46WQT4C+g4t>jFJ##54a#C=FQcZmHnB^Px=ZLklR|0*2x7h~eGu9W z5w$&ip|8VvB)*Qnj1H6UTLUq|&cd`Gqt*|sl$wX_4b{Dj+tszGh7Uh$t)uR)7;Zg@ zEr9182d_l*n!+#N=nE|tNskvB{3HBU9gK~e_;t5Z^L!f+d*#acz1X93WJ_Fr*|KTd zXj)=rby)QbXL!Z$f3WtKQB`)`8#inLN+S)DN_R_3x6<7posv?gG?F3>(%sV1(n@zX z(y{4|XW@0-_x~Q_eZM?oJYUqI?#+(#Tx-oakK=dX`y<$9=$j@WN|Xj>R3FzmV%RSD zcS&ytw+AQ*Q46jSk01AE9M$1nmHzh=0qS`9vgK4f77w!zp#G3~r5YPMS#OD;m?M3m z#8pydZ)Z1HCo3xY#AHC@K~0H{e1>b;t4Ug%xb?b|JcVM~`=tQdLsQ`={JR3|rJ5SuK}8ML9D5Fx465tIr7zYpuh>FFc{EW9dD)3+qPLi{~7LDl&V0`a3l%;}u-e zG4$TVHgjLE8@Wp8*K*`%~#D4j^e{7oFuVb^V8 z`i4f^5cT%#iObW&_pB;Fe4p`C@2Fe~R~=OUh|NeslLCAQ!!y~Pt)8$0R#M8AmPY8I zQ}U9#0N(c7Cx*g3j^fjronBu5xv4Mq=k-DfocaRvcPZT}F9hu$!5!j$s;E!`-?>q< z|6?@~h0(DWn>)~Xiq8$P0LU-jlRF>C!1ughOa)xd^eKCGB4TI zCJ|xSqbkVfcK#IXOiTK<5rFrWA#&w>;KNl`R<;kF%)rC?v=;Af`N0L~4_;-aOcyG( zUemX?FqgA={(BAPzijZDqJnWi|8yY|x=K z3=_7qKM5k7K!X`NI2fSC!nxoix> z)_JsR-QXf46@GmY;0I?FpYUOO1LR7%6)M?I(41M^+A477_6&a~?Cl7XODY3X)P}h5 zA=}}*55@!G;Y8Evbtx5VI1IYMNj0`Dp1%#_6A8xiatAiacDs~v2bQ76JNHN*8ryk3 zv$2eXZdmeQS=m3H{Z~X+OW*&;vyVvSepM-%x_9+dM+Az~nRQ!S4T(G7UwRBA7qrz% z0pVdLa!J4LieWI-)P?6VZuet{`>{}-{=-Jy8m~+)UFn6FaEJ-cNi|j-X%G9sMNa?O z6?zf3$B>x2@`mh+rU8OQ#1u{}9&fTeMMTBf4KGkBOoJBY3G`eJkIk*V?rnmPIP6!@ zQ{%WjBlqKtfN2iP?zmdl118x70n8xI!=zjHYTEoSEdunjcJ^}0Z?b|}#?wRMne@b@ z<&5krrThV8H?+FRFGD$VuHY`7VN-RExKXwF=e~G9d6k*)YxP{={amJJbE2JIH2>be z8THWJL-A08u*EOv2e7TGtvv01aLk;IV-Sy#j;Sn(3J!k<{h$3^p+Q|?=zGT7#SWRc zbhU+B^~P46{4x%MVJtrPQ)J*=6iu0}74yDqzPm-BQ!Nh2jKch|+M9mB@3J@TJLRyR zt_Rb_<1qY@XMl@`<@dh~fh3O4XLXB%=-;>EEx6T$^uo@~OInwnx{b#EoA zG|hHJkcf4^Mw|vMp+^8!)jBb$J`3$X(A6c}-#Q^gCgD*x*8*+$mIQ}&F@3we9sHo1 zOKf16Ym2wX#K4BIeZhiYc1_=x#MyC(UATY#+vwihyUL2yFuS!LD0Z~|JGI{7jM(jL zH;}Vf%b?=S4Z|!`pCJ1?m;t25t0_iMz^Isrh!wzb zmOG2J)SE{4Ny*?Q>drR8+?=)zvmLMB_eV?h{;E5l(2K9pXL*~-ABeA%OFi~DOOp+F zh{Y}r|9Xfq^wWMWrOdf^m}V}h-(Fvc$q8ws4Gu1>@TMe5AD%5}SUMGj}j|;ekiwG>ZMu%?#M-+AXinwta_@);_zRVs^bV?45jOh_9g^ z0k2IoTcb4#8{%iVsiD0rQi>U8NHSW3c52DRs_P!if?2=)JBz{+O%1heuk_PFi+AtL zJ#FwPt73Y4d+ou1F*KDAPH5P(^9M_2lrd4=Io1g_ASXzi5lmZ_Y!`sRDgEqr#8myf zf$@r8-?U8L_Q1=7Q9**f?#b@d!uSD1)f^i8^9A`)I-A1NsybKPYy8vk7o3nmGp@k$ zJ;*zD!)$zFFL~zR&u`38%gHB!Xgf+8FK!2rV9yu7Zq3h?)@?N2=bhz9irJ8v*GYI6KP_w))!c&T2q zcSLIIV(n#DZzCX`QZul5cG9!3*^eE*H#Euo!oz`xOY7&a`1l&&nxuOc{>R4cBYbb; zZdv%(#w{5sd=sQX1yM-=I2L|W6E8Dp*~Rp{;C4gi#bNgb~_VShw%7Rtc_y&*%rBJ=I37c78 zuK|*{OG41oRk+|C5mQ#if=4C}F45tUis(OF@9XWA2hLOTq~P?A+nk2gI@_uYtB_vV z2aXSGz3HRB4Je2#vD&X*T)~+RB)7F67_CAw8!*KrziS((3x={kL;pw96K<@la&ilU z{+FotSt)sw{1rWYEthxMg0#Hr^&*myR2aPfU$6XhrI4Wil&_=UM4o{s7Na(L@pNTZ z>S_#Z#7tiuv^kmIAHK?pL@}=X{-tE?I&wbv{%JFW*hTg=pF+|Omas_^U^K5<-zaLZ<>yy}a8c$f9?(<+rr@dK$y3^$l#_9oZ7$@0pAl(P~CLA2US zaf4rr4{0B(H#K>gQ82u$a39cR@s($h%nN$t9qqOO#LIaKH&^sz5mmZ*s>KDsCyKFK z%3^}aZj(!iwUbh#PlnT*#9)$>Z}{s#>S2FW?%S2#-$t}?H5CS$zxv}+xLecy6^#g_nW12`v~Gg3_+cA|X2hf*yYCqT3}SC1gkh4{G% zRRus`k2gc&#WuV)9%l$b9XZ}5lIfHIHD@2F%TMd_ojpfpOy2Nfd$T60sPiRp-hbxRb0S9cs++a4^7AhYrksO}jTENJ=3 zz=o;{4or;xuf7G>P&n(WS6JC&PkbepgyA}@$fZrCUILWQZ(pj2)F2H@K$)7j;ve|N z8;C!WYoVPZUS)yD;#MT7mG}CnpTiOdx+h7&&PM%)IRyaiZ~myta$@*3d907c#}Dhz z!#s2}%%3jHf9mS)mL82A!J*C?Dpws>1%L%=0*<`WW3H`V&0Z^%vGkgtCIm)}Jnj69 zPA8m5f-#r9*%$=G{P1qjGq3V|<{ z_kvK%4u;4JEpduYG)p-sV6zt?qMnM@FON_1pUIqhj#VfRxJHu9;UeodQ7PV)5FUu+RMfMtk<1Wz|q z>J;GBdDaEpUZW6q3Ems0_}tDKIX^(orkLyumVtX?L%a{qprS z(hj{+y0jM^askZm+h#Ox`eQ+_$k>znQqvV1@3Cb?be_s60j5??pl^)996d;5NKfrT zn$^l^IyKpbdnXS{yq8JTxgNY9w_gIPLZH^LsU%r)mv-_7#D zf)z{b8ZqJ`K*qd-G(3|ll!WLEayG^4OxpG41&@(%WER?5EDc<7UpyXRr;+EYhjW{7 z6dm(9Sg>4(L3braYY&4=F@i!bf|1ST2ES*aT#h;UB>Nx2Ham|b%NPz}ljPXltJQCs zdHSiBEpjTYqAOE}>vg*HDh^52c*cZ+vJr0V|12=?5Z$~K<8&H+H+u<>(7DzQ++ONG zVEm|3sU3pHY#=AVcYN5CMDb4Irf4uoeKhe9U9Z{m4%Xk3(gM92iy*3Sk#&AOJ z^93gNdn%n~X~_wHE5-wa;Hmgr(F#`QNmm|pqomxCkIC#I`>7Hb>K}gUee2>v`yi%? za`ma~j{KkV)oIVi)9c!eLD*n^Narebyg1Ppte|wLl0zx?ZD+jwidb+0IEjBI#mXKU zq9kROf8zDw{e*TKvqb-kjQ-g`w1?zlImlxgY}M?P=IBI3n6Qr>XDX{hQB>p{Su6=j zNn~q1ro}x&F5+P))-%;zNLV%}bN3ZmP=W>PKuY6J;I0wQxWsoXf@*A4Yryisq`PZxnvo zO|_i;P0Wd?fey2{I=1FDL?49m#NT;gg)0#1eNLO-7w;C5BoM_orokDhY3>-y#UPhV z5U{qGjf(9{&xleTO3Zwy{sT1VLgg%Ch;b-s#1MA=0j`nrKnd7$Uikh1xR$Q_jPM-U z8T;Y%_aJp`w{t0vPA0vPbdx2L#})z73sVP42Jw^R`~_z&{Q^&M~gnOQTmTu&FDu-DkM1Y&@M z3_*VDuehP_iS3~@ZrA5h4V4+s#2#yGTw)VpHt&9&-0qF1$^6A$?s@f=<%a}DmEd%> zxpnlel#$`r#erNH4|Tjs8y2wU>;&7__*>v~QHoHsP(4nm8D}BPkZ1;3miu znmB^*ur8CYOR1YAV3O~jEcN+kLUXk$Dk1hV$x_v7u1F8DHsEACU3-dkvciSr9z}cp z42lw+=8;a1=XNluDn+_Gmbz}PjhzxJpORQws%$v$K~^ih2?4k6A~;C8p6wNHj3PZn zegpjFC%U+vIF?E6Qb&16(svcTp8k?cG=w)YRr1ceQ%GmoAu+LG;o+@*2S)7u^Ge5? zD`#~^dv2a_$vol2e(cBzv_WgDaRYkH zBA1?w8kKKWZU?d91af6lNG;;JIPU=WZ&tn~%nv zcKe#tAWtxRG+lH^J}OBzzMhvhHf$+{!*f zt8PTPfRN98Nfvq8>z|@`EBBhhp>0;EB|DNl-tI`vFZc}t8_Tv8pV~0?GMzqSk-9-B zz%Iu@>kM6uauhUvZ*-2VQb)!AaVr|{)6sGVl7i_Md7Q96np81@@tj6Dm(pjC%cst` zZ05g~+%P$nIMIv1KJLwOYu7pAN2Ce>m3x|N3N(I_8-7w1R)#9(7*?P#NuZ>e8#oiZ zzT6N$NSf9Ja(ncTu9}g;>AVD^DwT^fuwzS2 zT*D@Ov4&Bzgb3LuK@=k}b>25NPJ2M3TRhLZDk^VH2ejVWeYZ{&cxrHpXIi@4f&aad z1LqFym8f4}h^GA(AeIK*adC0It!u46+cVht@fnakA6rZm(3s>5(&H8|NSeb+^wjj! zgozLne^s+_58jrlRv~)aR2z-{T3W6Z35;m{J@gRJR8=%%n@qRx22~R8CTK!fmd)M^ zZ=Q)q;0LDg*JsL;?Y3x$guk-{`hP#a0K7`imw{*!k>vh^*;;7FJ0rOBgbmNXu||b2 z1=;O(Nr{SPDUybpJUab)I>J+mvcaqWCH^3R^*thhSmMlh)a2dV;2qYFQr3Fa(3_*| zET946l4w1rwLB>#klnmHRYMY~Fl07gls|rgr-&JA(uji3C%?KqI%W%v<#G-IJ=>RY zfnrco26(N!?}_ddjANpML)@Hx<0QP&zZ|s*8v4NMfGH#?*NmjYVKFLC1L{)v0NHPR zVw<(?vrSa6jItvbx^{Au+WR^VHye}sV`|o8)K1Q@*j#!LU2qaILk;(ArRl9g5@LZ; zre=KBo864@3{19s=#f9W2(zdgmIB*jISe>aG##Xl!H%oSyNYD zC!>X_CpE~PQ>>OU=glTfCr8BMWU{0(F(}zcceikM%Hy0=glc4^0e45*Ub^MiNR8ko zHnqnZiN94p?4q2hWk(l(fnec62{1MosdmagAC< z3JhvK&$ZCƝE2C8G+ifJdY6GB{i-B4*r_04K9wpgM)0)jh>`mbVB*ek6-9-RW7 z#qOx5j@p+H7DCsmpGIO9ipP-bZmUM${+~ws8N=X)w{ZF(5mMGHpSyUY4)ftY4}Kn} zyqRr`VlSz2=nbGD{uKs%03B$uEiQR;IS4f zP*@WY(J~{+p*H@pL_D{Dj@fP>y~t57Hf@@9N?Ydu*xCr<|6^5S$Z_wt&@!#vz zrMU$if21kis^r8^+qC2Uz>l2$LDK@6J*L;jduq6D*+RP;N7bZr*DlBNgmqEE^l-`2 zfP6Knpw8cZ&XdT0{dUOgm316r_}ux^v%SP-BSf4t%@ge>WE{H^K!0|9w}a(W{yH(} z(*Ke=dP@6=`)qDP7c3EQ*>&h|c*2PYYsK zOkNT5IpPTh`M}A=U?JX_?3#gScbCDjbrn zcmm>H*fi}Ca>0VoC)$$E>|JK(BTK%h5^N2QSzP8$uYZTtUfjwP^b)5#84o<`ovoiY zG`-;dusD<{VR84Cs0y1dx+~JCO99NXE#i3HuKnqDCc9fRn`ZMUeqF9&xSV0Vn!>KkhA*Z?{tEGr{ z8F2kAbyrzhnBFP`a*T}*V~1Vx0|%J1&CwY5B(S?&$o$Ff=T&KAt6{n&GChMiB?3q2z&v5%DZoTD5g|YfBH`{%e=OFHL$4Ve=dUMz`9w+ z8v458((_dU@LZQb>opLSL>#dF+8wsJ+(I0_)lJ!4%Bx|j66$Q%+`5viPK(|nIpy`y z_ZA>@TUD~`kkV`rPue{=bL~` zAd)NdH2hBkzMPmRzi`!`M}l5L^T<$V{%$Pg2}w}!MUJP?%k-N{`%iS!3|{1ljZOv2 zq>ps*ReHa=UNaJ$=}Dw_Mk82EoL%&AvAlf6h|9Y&VUbapppXjf&`oo8T>2&smLKDD zz^xc>@Sa_oq=}a2b7J1rg3Luu62N-~on^ZM_yuzW% zcAw-Mc2Y^LTSGu4625Ued5*Qn*2z=J64PI-d!wUZJ^Z*x;P4^81%WN;w`y-J_6N&r zN0QOQWE@pw)jG(+CC53xl69dgj+uUP3JaXF7ND5WG$mo}Yy!hbux)pGNdebbJ7{Xj z*Gf}hkbVv^iQ;p=6`p?(8XAh_O`O<*GvOZsr2_*R!9r=$sJhKa(@V`ND{mjT!>%h{ zxca=#Y2bnj@JxFxD?3ce%q+ROkmn8f5njGqHMMnh!K10lA~p~()Ja!WJncJoJ>MwP zMKKkrG#f&msfN8t(XIupUj~*V$`a7wGywES^#)`705qba5BvZkE;>%1kbQIFnPoQ8 z8Mau~k7TV?^Hq>az`Fc792876mGIPT1%$iy*70Ji$^v`qrYSuo5FL;xlz@j&O@yej+HQE^QCxz{pj+1PEcl_nCpEQ-av*zJ zr|1dBT}lEj2wKD7*rB{?!pLWr;F1bN{0L%A0A@}vD zcKZcJe zDf2PV(bGO8r)-ZeRkR|z;!8th(q}%$^4Q4i#>rdq&YuuLctlsf&THpu0MgybJF;xH z4SDux%&JEZ(rFFb=BgaWW$)y1jGQ7v89(m!;S5PhdxOIk-BZj{RV`4$ANB_K%+%0M zdX}f!um413yixeXhm!~H5V`DDnRNQby!7Z0L~9xh*2Uq?$?_ED{(&BPhnoMJV|(+J z`iJB8xOJuZ#6w^BV+kNh*SCJ}e+Ij;2QJNfB4t~^$sg}{BdWKCs|6f*ta;6ON>Dri5VY1h79c%NvpLMp2(es7n~gb_PfuU1#t0C? zJuTI)MLff%TT1N1R-$~%+`TTJE0rlu{zWXGHjY6z>jVB4x?ZI|ab4X>I|2kb?#)VN z?Po^EMGy;mFI4aTptokro{ffEF>8Jy;EV-%UZVZ{bFd;tAae*xhyyRs|BeoiXs)y& zfdf-&q6m+RLur&#L_^9@PORCgTZmTJGvb|a%b>33Wx8iq|1ut(YEjtOlV?8Xnkw$~QfZOSouZ!(Mrb^EmM6ND< zbqj+SjpncYsTF^af|fz{F;C*dnI8rsvWa|fP?n^(8L+(ZadEJCgOPuCERFx(T-|S_ zHp*kr-BP@>(Ks~!Kk&=B%z6k2AlXz_Ql@0FXf4RFwI)v_s|C{>tNG=S%{!8f#pPwc z@ZFh?BzwlfDJ+QK#i0^BBBuKleXk-Z-&W!HYHOy^s<%+c9YRiPW^=2+tt)m6h`?=s zFo65(k3PBLhw2i2DwCRQ=?es$J@<&7h_6kk%zgcqD)VpogkKsiIk7$fO0@v@GkP=C zPE~p%%SgnQr8<`a!nSZ3viRjQcn(CZ%-CZ*`2ne3^(+XVrqVN*TK$hpdQ-PC=MU7FyAhkIy@z_JLNJK3LN!>uy2-ndG3c!r|@X}Lr^&vX@)s0Tj zS`mU{No*f$t`IXr_hkBbG=iDhZ(@{?8S)Ad3lAuAS~iYEto3HmJ<|E(jNROD@%DE2 z%2Pn>@Xxtx&e_axBeP^#w7iQ!-*mH%qn_!Qgr5DUt|Sn!dMX`9`#CJh^FDn*R9y7u z(3BLr*?NCU`l!@wny!ul(`S=Bxnu#%vNAmbLkl0xvBHo#)w(R{tWPp~v$adLkTX%N z%yv3F8ypmjOGjzZx;a8qjN+8xR-_$XdxVo=QI*Kd!R0HWnXfROCJ@W0OG@w?L{WhF zTIC+w!U!%t{t1KgAO*vBZpE%Y(JPBp6502V)72%@YWK>QxE6Wh-V>>9r6CoOCzlx38>tWMq(x2U1WP-B0cv zN8i1CYsPmo6&m9hZy0Xt4Pz{LJSh`@|7miJyk59`k=m|(i3-9mI#m~}@1bl@M5KVz zNg>_iU# z>CR0{_bAyp&H71^&n<37b+xZYrbjM=Q=Z?%WtiDmH4z~9G5QpAp6ggdMK^23dQcB? zf;bjr0zRx%L8#NYnSrO7v&^Ek^Sz{X#wMF-x<*Bg*{kHMs`NMCLMqty=9_cN7)?Kb z2*XU$-_;>4nowN*9i`@z^Pngv3x$dZMU7!(WNT_U^NQMtvLbiNQCch4Fk_WoIYm<8 zt~Uvk(cupI{HBwMxvjvh^vAo^17B{*en-S-qO=fHkA~j{EMMS7iR50&b8E})FIL%{ z5SdS@J!B#ODPzvZ5eaqKX2B*EZd_!$;C6X&XJE<8&^^{`i$YwKN{3d%Q^B+Qy-mW9 zX9ru+>+6R|yi~e8BB$=@X+-by<3VK4BOf1qs^sR~U82DvI9lykhC6EKzx-?asT$L+FcAxMwr=;V?wWRzDo6E1E`f#eGQAx7 zIHj~h7^U=W!WdN-2^&q$?7}6*fAx-dhL30qtHOKz;K8xh)gzd%V90xFBC{mH-J$FP zUrEnIJW$l889dv3T{+AjE%exRT6$&`a$>!gif(@Tr(G(;I+|ARv6(R)Fcm3swUSMm z)!$xUQ&OlyHAXz549O}070GuCv1?7&%e2MctrreXx=n#vTnEfgc1u_HWR!2i1d!m6 zu|F1RrXSVOpmW>35j+?ajoTG;x;ATAzqfce5w7*79(&7dW|VxLQQuj#9Zo365EAg+7;!?tF+S;4eDA*!pYBvWcdd^tThDk?KR zGB>16B0OmHbHOPSoC6Xr?JF*WcEf=RS0&uyBYF9pc#IWFU_1GO##^uz&aqvIXr_@|l)Y$L}5f66M83}D;} zVxGb}XUVi@u~^LKRiQUKe?1kUWv@io1nB8UC-zvx)7?7N4}qbb7!jL3Yot6jmS^qU zNcLS6Rp`VO$7dBx&fBXEy`*1b9EEu_Go`i=lW}*nMppWGmSt|Z*=P|QKpJOq?tffa zW7w=IXv_>Tc@Xf#GBrIH&B#Vi8{E}HX?`dmdD_?)(1O0QlYd^DRo#t*c0{Y=#65agI`--vV@ zI$65#rA7B@N7~x#=GLHKWIDO_NFmEirAT42yn$#9<{q&cc&*~)C7n+|>#3TEEh*IC z?Uc-H)TM>-L>XH>dpfe5NAqTT7;?Fm?{!vC5jng(k~~jA>+~+`K1q-%EoP`~3Tl}2RPawsxW0w~c*C1~(sM8t z0K{j7>`xrGk_Yf3HH|UjFmlBbg$I^1{`xPPPZXXk_s`uJ4>qMQPQ2c{k+5=wlh__5 z-;gpNDG?0$+3I;qoirny<)L)EZ;h4M=jqer^kQi59psMD8yb3n2*P&M-N_%gcTq#* zG{qyCCq7hpyf>`p=nv$5po$JZk4Ahyzb;`bY%elm`JLzeAcD7Zqlg^PyKqH#!0 z3QyeiXdko&M(NV8HK3W031^leMi9s5%SET`lrzI|U6uS-@m-00P z;Xlry#i(NqVguP0++peFT!xh8kiNi{8kC+RHCiHyds`4jHIh#5Juv}_>5OLH;HWI zGMTBd6c1JV-d|eHB=^p-zqX|3p~Ff<0*+61d7XqxQ|1)vjHMKEnK?Oe22uqy3fCLY zjRZmxhl+b59N#OOa%xo;CL!rwBF$E)Tc2)KNW;Dx4dX zGzCm~lwJ_TDfJf7K^w$P?OtsYrT5v=02PXA?4tUXMOvr=N`6@$@@cUbc(1L+g)5c| zaISAP!Z2RFiY|#Vaqf?<{unetr!JXFksI<12qfQB0j~!=5TQ!1SN_bWsbzKP6z-x7(-b6xA?6y_>RDZ$oVJ>`-C)0 z4hdOX(7_jP4O;zSQZ?|&+fpxM@_Riw^;BW3uZOB}NV)SbTF-Y!S=J;?OEKpua>Li& z0TfnZZFxl6)Xgf8ZD`c>7N7RA8@ky%XMwL#5KE4ZyUA^wR^6~c#jbh6n?eZV4mfC@ z%D*gWh^OW4`c1zVb~h_*4Tn9B9*MJ;Vbwg}j5 zQ-S&Z%@4;QdJKd3kSw*=K|Z~*z`GMBnlFW@#qQgKR+`oEf0uOVze_qkT;HP%_MqT= zbbO;rkY3vYa%Sc8p~C z9@pm>rUN=Zw>T{2ORO~5i}aXkxnlnLv8PD?b`9^J?=*@=rw*&ydd>%hkn3K`zkhZn z0k$6l3&UW;j$r+r_#tYI4A&2~lt%adL-0CryZ-k@gMec<5ZudG%k_8l0Z&NM`G5cZ z_YvS1FOmO#IRCzN@I+kg|L^|eKR^Hf)2F>^uK2$+Sz-1A%)E4mSZ0)~3+faPJf6n7Zp_?>|BBVY(zV~^A|NB%dz5oI8&-><& zp;02Juf8HP>J0teNb{dJgJ%T)-|qzeS2C~K2ir&Y7s%glT;0d+@57;g{zkT?Ppf9A z+)3-+D!*Osw8bUdEYPS>YP0)lvOIO9U#GszE3+ovI(1Y$f(U_5#xfM2pZxbi(%&zy z`QPHfNR|myimlUC+ja-T6!(e6Qyutn1RSCRdp42@tl7imbM7ZX6K{zWfa&N3j|bj- zk_Ti5;DHA86S?A<$r2H&Xc`@Yo2!$dAKJMkHhHR5 ztUT4WOt(ZhH~}$*RtpKIEq-7iqNV@h1ToGVz9ID#|a(sEvFcZ%0w=ttnP6|XLG>mp4{;!KH zN@1MKyqo+8fxo9X$wFNNJ!uYK;rO&s9aKN>ZdE6p{km4(c(CcoQbf?mucppyEP!cc$BabJ4_?}HtXXkcv6HR=-sL!#aC zxl|}VuMmAEgZgBh6J2j22Livlvqa)(z6zrVQ5F~r{Tvp9klLGHzI-{$IVbDD?Cb}Crt@wYG>YOr*$T;B+izNvGzOJg>`q1W^y7%OaP zZH2T;C;Ae&^tAQaTL9RggudS^}cLh+H;Ww`9?$tz7N9(^*nQX~zAfmrF;1%{iwFm4#s^;$1?XhA&8j2;QrA5ri z$+4)3dK6k|qo*er<1OrVlhSy#RA%9ST?=|vWP0-+78Cg)xJ-H(8Wo+-GyypP9})p= zu+X}uFW;FnOCsP62Yo4!vwsltxS}UkoB78A8L&tvGEbukK%wFB=|A9fb*E}k{d*KF zOZ`{h(HXCh!e9Do)YJ%m2Y9s)uCXp*+WIvXRB!`=qgkjd0=xY~i zvIFBk6N{w+OBGEz0py3zX8a~y7;bd{n_m6_5-yW?PpsSuLusLpKcfB(ylphC3Lwyydz%IjuU}+pr7;6Oha?5R<42OM*ToPBoUFE)3unocpuVvNsGv%lDdEjp$}qy^ zy*YQY`Emw}iIUHkPFrb?n~LPcNhO`31fM~Id4_ZHrP+Ap=gJh#`$elCTnsl{MW_3s z%Enmm$1o(lO^=Fscg*=F&k#UJHE7>ApjK#zSKk|4YTMV|_6JO|9CGCSM%RmZaWioAhTb>T0{cKoD$g&n{AH|{e0UZ97mL|oOY+3K-%|L zyeG>$%b}EE1W<;l3zz+^YNf-3P0_*zgJKr#)_fsao%2>u`TL%ro0Z1j2xl-sbcjx~ zk{TXmr}VVJ?W$kL94cuWvz!p!Wm>N1zR=FAFHkY&G#pc7u-Kcs;fCI zCY&~h7w|Ygu!ocIXN{bcsiAR=f(X^PQtcQLy#i5DQT_aS-nITj8i7*EOOMpVLH)G8 zVXvur7m^fyh%9_=XZY5PzPRvx$lAfUn0Z^xKLO|k_;1ie z_q?8(wPwxFJQiq$#d!b0$AaN2G~(rhl`fEPY}2qxlP1ZA=mMJ${5@i_IFcJ-HeX3o z=K{+aK^D?9Y2$e}gwX)|`Owj6`yrU-J8lm@>r3Ros35~PY6d!G5@zd8`bl*yqnl|C z@;CN?WrzHN{YjHRlHJxZ{x^Pz7_8RfvGfUI@+Mm#|9b;8P8-JEsFRt%0-ffv;3XNy z$bS!sd*piyyIE?SLI6n1mVWCdLp#5>GuU_!QW>=DFMBl{0s6GU^sU6sMCm-DdO+y-dE)8ElH?meb}v!P#&Y-@vMe8uJ*L;Hu6(MwH(h~{%Rc>2zl%Lf{6$u%nzJ z1D@@EFPVh>_c&&XfJ)ry(-ESuIe>ULbc2d|nj!L)=TVrqNr}8E4EP0y(jXxn1xsdk zPPNHNkJOI}Kg^ybPpC*uizg**WxfF zE{$zZ>>q1J023??1os39oBk8_o{U1Hs*W}=z+hv+>ox#^!|qHKCR^%zYUbA#f9&|& z4xemuTA@D_)fw!i;U&~M&<$>R#UlY9=%+vQmBMT?EoJ^Op|D^;%Y-Q#s09BED5Smr z$Ice@bo4b3kC}QK8he{1NO_b#u{Nii`kwA9%Cosj2dNs|&T=0%gA`~I5V+W?O0xQZ zT!$-fZTDW>YP4oW55%pvHM_jdpY`(>a7ePP`(xM;*7_6tLHzI5$%WcSSAZ+Nkgg!A z0F*8oOsb$8KKo%~tD`yc+j^Bk97B`(x;JEfA9$U%*iT_o*%O?V7C>Tz=dwFr=veei z9{TyQP2ARMzEXF)F7(9nZ7K^=Y;3H0mB&;B{$;*W$aE)`YmQ}8ud1FP#*dS^I*n1f z*xz3%ki^6B;Nu(_4LR4Eba>gvX;dq_+c5WJaC=NQhkK_eLU1zP-oP){ZwxgO7N``{ z>NQ!eza@X#Y&`YhpZa^J=ASYV)IT{Hri=P%T(D&ZqK-(S+%h zeB)LqHNYG)D1JB1-Z@zs^5{8;*Gu53vP_pcidAQ}ecPb_BKv?|4az}gymgYIkyp>M zBRi1K_L{5PpQ=+?-_6i)5`jlkzNlG~yPKGAe50W#VkJTqyd93*+!l}wov{JEwp&e^!Sm#l< z2rRh~h4Hm%02>c;CvT7}L)p7pub@@69J{GW9^u`TX zP1>b;a2nv8mb2IrwN{U>RE{j?vYFs;%=i9u=+AeQ8Vw0Rg~CvY-gWz$a1yd7(SYcK zXBUSVQ_m+zP6oemug*j;y2WmoOj*9=UXV?zB(OgU1hcEc}EYJP2lWnQs8( z$r;ozzl2o5ThXQ`8&qL_Ny$L&aj_G%gEEa9NB>y_^+LE(;P^|1Z7M_D>BVEs_Gxfd zzO*;4kS>3ZFj1_fb<35GuJ~PzqPZ=Rb58K?C{48(5z<{K`dHy=*`XyS__pHk%H8OK zPzmneSzDd5KlXQFip4geWv(nX-p1lgC-0+yaD6tN!(}jxWL_J69A}vMNlTSPA-^*7u zlDI5mNdjYRn;EbkJ&;02eE5J`8mAY8No(xaEkHMWXA0GMMdJMmKh{&64Bt~kIGk0Q zm)VcxSj_2hisUMFVXk;jp>=$vU=mws@)bT&e30Y0sf$7XzIc!N69B#dnlh$W*bd5SVxLhvj*)n>4rq4|( zkX&NHBHoo`djmb#o2mbQh@OxtJ2Gskt4G5QZ%ahmHX<4^4Gi&`Mn$QYIkH*Wwicpuhy6@z(6 z?OXsk!E)Aky2O?*gp@=*4ryN9XPGI9A$7pwxXf^NUy{zRP-H<0X0&q_>^_w=|9qW4=SaYBA7{*IF_#lipsiWD10!q8&hJ^>k8>0 zu1LN+BA|y*v|ZJ_VYB^hW-?|*=^d!%Mz~{Qay{3RvQE@SY z4&d$n)a1I@=xXVyrfF35fXkqU(f0i4c)DjPWeD+3c6((E`Tk<+H-ZF`dfQXW!>IYS zG^5AWOp@#L7U|M#;?=xknYF)7lZ)7Ofj1a?n{Ox8H_4P16=?@Na%F0UqwR5{VRK%hyY3=EKO zCec!@%y&{(KuS7+joYUFbn9J#DzgT$n_kS-esa2$1cx_$g)soM z?q0eC>QWiwQ&mq(3zXKIJHDQ6oA-p)89w>L*&nj20&9Iu7i+6yHTMOlL4r@Ty-Pey zf!c0Dkg9aUANgdl=4SGoT3-85Q$Fh*7P4eHcwL}sz%38*O`?Phb@}S`2wsl1*YAz~ zv?GCYWgDsn?k(pkjhn086uup9rzs`rBHaRG+R=1YgzRTqbfnv2)xGN*fFcGgC+LDK26Ey7`qqU~?FIY$`gsybp|;1vV}py?3f9LZ zb6)R|O@`M;%h?jm7u)e!?qORZi@D~vPxMPVKhuLsE6*pVs@onmW4&DNryHI3lb8X- zM!k;ChnmX_$cdl#Z901epV@lveeW;7?cUhsTbowp9rcz%pGUBU4DqN+3EKAtNBUM3 zTnG8vR@;Zi;|iChUUXm|k;W;w&qu&@uyPhWk!zhiTWzky;J&-*RqOTk zxaC?WJe--=2jcD{Br8(DBl!^0Kf)(udD(SsE)on|F{?<^uqjI0T6;-c|1`jyy>efL z+wLRreEobS2T}N{j|AJWcPWWkX{p)0itd{K;?L)^mHR={v=EX!+^2R~T)-vWXG_rF zqxrKO8xsgrO9g4Ta;d>3wG{4izxsztDGSecps8B-hK*QyRh3tqb6EY?OPK0wVTX*OJH)KzD14UzZ5X1K&H{-m!JPSLSrABB z_8lxpFTU1p)z;v!vBrK4k@zq3uNneT*Ry4b4ZDAn_M(d|rabc}qh9adp0DR!kB0hq z-*sRf3varYZ2~={fB=t;MN( z&oNZuUyptV!U;J=`pyn{6~iDqhWwutXT}@|DDT44^3n)olG($jid6fMnOomX_&DhL zkj&9W)7T`cyKdsB3NQQQuzCzJvRcjlVZ>xke&oD7GG~3r)Mtf!TbtSUgE5u+A!=~F zGh@3?zXW}lV%BjKa-6&9<2h;j=hrw@L7UwP-atAS0K&!$ZNrgA2%9J3K9xwykc{q^ zw&Xsz6Jg=$I7w*nd8yrAOYJ{2xIf(rZY+N;L9@W&)CRO$ZCwObdN%v^55^tW!Kzxg z&pwk1?gv^=cV`KgD+gZY(@oTJ1EvO$X~6Mi59MM$hZ6AgI8r)YX$eZFrVv|r16g!1 zOo59%;-=$T&zP8)ZbagUNU#llG@#w)^GGZZ2-%a-mA0(*a_w%|xI@mt4)KC&Y*KaO z8JD?z78qIe$2aO%dy})Wbz01vSNs&_%WR1}4_H|*)699jyi(=%ULz1Y=}D*ZFy5hZ zajKL(i5*mpny!agqmPcFx;ey;fQ9R+0hz0?#1FZB0sYbI7av9j)|DhA7PXHc3PX*6$Ab5DHQ&b5<1lBI&h51oxC<<5{_JyW4`%Qr0qlTtnbYoO zn)Rjo+&;oi=vq zsD3?SnE4wDK3h4Y$S>pgNFa%4bA+xhKGm|ea+^6h^}0)eqNw?C`U+fT|Ghrr%n_RD zZrxF2ade@NWbW)ThL;BS@g}*Y_M(Q*h{LL0uEu7jS>)WU;vjO$r@3S}iM3_rDv2j8 zv1NZMOo|ylO*eGxa)aqMM=eWqNz2ajOJCWa(K!?FJw6<0cIwqP5C8&!YV^8#!%tTZ zf(#xG*Ix!4h*Axe(9k; z2=s#mvZRARdNiK){Zf#t3M#oSCv9r@UxPqc)R6fM1UfJZsLGSp09AnI8%2o$=qaW+oC8 zBF^8mSsfCT6~W*1>=+W1pzz-`Aucjh!`)wWA7gp(1UuuwDT63wZqka9#lJ3&48;Z(acY3m|v_ zgfD>T1rWagk{3Yw0?44+Y_Z-#d7=F+_?YZ1lm*w{w6^+NC?Cqd>1FS?P`jW0qSJ@k z-$D@s`%ziFIDKu~w7DA&ba-Du65`T)EV9u)y!^ccm*pi{wm-PP;22D)H?1xa(lVybbgx0On-kA;?}y!gASt}1Mk|+ zsx{$&i~d#6=Q)Rk(Ce;WPQYc`aggjf*V0M_=thL?a)!P;CYCw8f%p$8A%Q1^e4XvQ ze0EIiE%I>RUhg{79Wt?CyS@j-c$kKVD{!G2r_Bz78z0xEF`-3b9W`Qdh?y?BF{e7r zluDf%zj~jwqF;{UfB9&4^YFkR5Gg#PiPHA$^1Cy@w;8sJ>#FmEOw+qsa*3=}1G7Cp zfQe6iM7-YRqX2~ zp$d*WZ`C?cGaDaEduqOpH8TIbmTh5hP!f^>7LB^)*z;JQt7t=kV_FeJ-kdwiCJvV^~j)iJ-Q^1YzP-bmWkehAr_y!M4%P&zgNWb4DN} zRFWL;vS9x`_Ii?|#Yw($(>~VJbvkbB{gt^wrbe&gHQn|5$dp5qE3BY9dP{7#<1caa z-g&L`SUX>^tLk^FYd!q~MIK`Y-U6vPRqFg$WtAWW(XB}<8%%I9HC}1?nd>+I9JH!1 z#oR!itPYyfdg|;5L1~hq-5b$_eRxc1gV`q<(jXiulI3r0RUUjOJ`E1AU(X^26o|e? zDCk7{>c?(4xZgD?@73VEd2KG&Xll=2_Jeaws&Wg8y^5)bWBC5#o$iFefj=<0dQKM- zHW1;+e_P`QFPW3lg`qD*L>CxilGZey%3}oz@= zy|3sLGtGBS&{jx~iPvD<&g83;`BJwe;;kLyX>Uu)&{b8^&d5NHR&WZ<7q+(5zrEyJ zfA%SqkVUuErZKIn&jtOfZ9iaOxUWNhNyx4&_&j%JiNBqXwT^v%thFh36{E|DP!k8M zLT~6{fKNX|sWbJ-gk3mC193hv;B>asg)>d0xykmoV}svPFRgE9$YJBKBRak;?G0bJ zf>G0mWRYi}fZP;c0pvl~A*`J$xo?eT4*MqW&n--8eaxW#B z2((h>8EX8}n4(O$%al2BPn(B39g3-$sEj%328)L*&J-(LE}Mq6H98h;8TuHK?nEx< zd(C_9fOYsIpXiuwvn&86y7Nfj`SAFt_5Q)GBs2JsLq&OK(WP6ZB+lOd&O0dkHN`TTefIh}bd6MWjYg=1epEY*zGpWD;9&{~FN0;jOSrpZ+v^gWMEg0%)E z^cA$THXZd#n17SWCi=W9=6988ZYO`zHkmn9;9O$ns~w@^QwLgm@O)uxKf~vYE%do| zzj|mHlNroM2&BmHg!^Y-`)b<01!oYBU=OF&d zx4g3WI7~sEeSqX#dA048e&+J|wO5h2ZF-4b|C6)U)%8N9^;OwX0ywC4)5?>2fOnC$ zxXP@D@0x#j&feT;r0gW*#42&<^5gq=F>cZ-qC}8?YDn&^4s9%V;@?Mzw>Cg*v}Q~R z@)IIz)lUz&VG(7MaHwZ-nNl0_oHUIUQY41 z``ZdgmOTLMwDvyyOksI;`MPS{c7x8Oy_mQunoEV#(a(Hw8~#E)cx%w|-D*C$qZfBE zhD1>H+wH#Jwr0MWC@^%*(3auCkZY;cJmSvN;KsSk6Y~sWHz-BU`qOggJr$j*jME(pUvSEIQ8mUq)i2@CHQU(y<;WnMMWk(9E+b68bpfrh1 z3!8>wxCKOPjv8~SzE0xcHsaBY<9AnP@@yy3Xt zpey@YAu;02Au~8i@x8Q__hFyz9yPBf!6C9q8q$&1QS?W*)l_z3TV8tX2MsJD`rK~7 zC5rlvJNFJhjV{bTpX%~vKVmcgCtG0N_!o`nDLcb_ zg8f2!r4ko|wa24`WqzJJNCT!WXUdGYM#bjNhB8GziFrgiU2I6}95+R;>c|-Ro${gy z=ZF-If+dfIMY#2K;W8bPGZjtc;4>YRAei^xFh!P@a!jBwl@{vipc-NNt5)ko;n_6V z!I6XgVwKb$urax0RVF)=dJIid^sSHN3}O?!w*7*j%;XBNvi#ZgP0ol8==+8bML}?q z*2XD6u9yW)iXH)H6b(ajmw2bR3QN@5cWZucr@V2fzL-Z-O39?&rw_O^d->{F?u-a} zlEhG`PZOynxfSmuzG>zrDOXNV%2i{{#Z%eS9m4l^rpv{NKXbg&lo8wclsf#iRHjji zO90nYWaN@Q@J?S_SwXRKG!Qh|pxIZ#+O=sBefxLIO^Go|3e*6sM|h2vfc& z51P2omUC*~Amuew!YvyDFdQw1N|L9)@eodZ?6^vUc2-QQJJBC6~6{%|vt z&$B>;jZaE;0UTc9XHK3n!r91PF2qKRJ?N_})iU zOJxJl=QjeZje>Wr!)WgtPgNw1Yv5@4^{W6pMGvrI5_@jww114w1+qU*+$SWlh8jEx zjm9qy3vRUU-VVJPn&pQ0hbQz;h+JISmhH1rtT}ef(@th5VD$0V8(#uY zJGrT5S-YdSwkjt(r*5LJMp#HZEV=J=?2&CtYF$hAR$J3fKkQjIJA0bOptW5ZQPy2d zb0v;nv@2kK!J%<0vs=lptrPZ`y(@aKT(VXRpno!%W<-r|`hYH>c)p#SlgjZwoUJHZCq}@)qKoC_FhmB7eA8|I5)%wVaAkg7jjZ z%P#UA=jz(IN@9!mcuQUARor9YYYo<)j%>tOa$mM113AJxJ###dLul-R1yGPkY(6MY zcE2|v4|pF(JS&X(>Rw*uXsne%{X{mfKy`L^*NKAF+GATox%B3`q42h07&V#?5a`9n zq#LXz)ctnAw3;H_Pl>r`rnQ4$M2v2j?KCaL&k_gC%nGIyao(o=^p+`G?seR4j3png z1~$K5Xy?-~&FOC~wTZ1)cpOLrU{N=I4E>o9?>ughDXS4_GsX2S3<$^tuj+0 zQQOa1D#agqWoZn0hZo%vPwSqdfahu^ZI8WpZ>fCwUQITt zM9P^6v+;72Die!JSYr2641?P@@{z_X9oKxWo+-oM0|GeGVRIfNBRafzB zOc6~27*x}Ew7O6R`_%)$kJfj;7o7BSNW28NryAEwiB|&7FGa}gzxgT|l{JI`5Q?IQgkN8R|WFCGgSJ|?w zy!q@m+_G?7Pr-N;_I@=G!Moj%s+Q* z6`HDy5YC7k*4k)i*d zpgkM%IBtbMtLENxhdBZ9fzaC>G5DN`=3a6uk^Df|fO3zZk^6vG>d(h1LL%+{Hy3z5 zXEX^dIKVB}@oGD+UCHIaywJ?i&$2NBRbD+u4(NCbf>KRDw@ID^j_+lr1 zM5d+&$<=jC+!ulDNd`bZg?`}Ly4sC~Q3Si)M!`a*ZtiOS! zn}s1o_=N!BI4=^(aJjKUH#>oI)n0M$bxEq5`=dxNC7h*IDIoLw5_1=CaGERg#W zuE5vtlGu0vOE~d&D~bRqLy_|vjx)E>9D#;%SdIzBS!t-`h)#G@El;jGziTKpXa3?& z>1~zOua2d@=qoTcAOT;w{gd5C1=V(hR$D#vS(q!Q2>uqqcgR=m*Qf_jp6zKP6$rYn zaGvEm@c+zhj6nAc<#oc2P>uk}!qZKnp}qjDiAkEv0e#NjzB2z7r*LZ5-r_7 zpRZQ#ph2)8sE_lYS4@=c-(VrO`XM8Nl6&>PA|rZmX?8H7$~&{?cM5N-%zeFo)lPCS z?#mD1Fu~zzM+`Ol)sXuyjjPepmzKpqcu@7PKxCj-pmCIsjrIi}N4F_x!GKQV*Rs>} zxI=}Gz{66kyemuBuUI{!)*CkLf{2azd!#v7ErNSq-bjV98-f(EU z%?42P>%qQ(67|K@6Go(XO+*Y&(H@*^-2DuBNBsPJkSYBHjQGSEfX4qNvpAEKborQ(5)Q&x6`%E< zvGpHP0@x@_+QRU@gDBcxu|R+SVG@9!Y-?(BiI8l|uwK9X9u2`0Iz0KKUGfS?hqXW0 z=sP%|#q*zqgE6a?4G>Jhq#t<)$j;Hke)cLmcBFOCD#MDwpZt8BBa1k4kVa7_030 zv!{YH519vsX&NK|%^SXLgVY`h<*|6MB#T8NGI0mgt6N7OzCY~#$xu8H^?9k`;-?iy zzr;myj_u+VgG^oOGTy%7r7!_3<4h4hvP=B!aemWNA6|NW?WoVI;68FH$h+EI^tLhq z?cQ=zOexyQ;m|?}m41ugvq6SvY6RTb4Dj04;QAO?9sF80fSWeW>wQ~j?(rO*=}%*B zm;D2PT^Hqk8Vjw(BK)}DZBY-&m7M-JFp}ZNZsbWo?4%49HlN|R`nRFL2oL#VOPY(2rLIz^oT1R{^ z86deFz25ldG2N_fr`S-?$I$iRpzWED%Y7M0j&Oa{JUi85@~onp{B_PfT`QfRkJra1 zIL4qK2filnyUeR_(0?Yh7tBw41qJWVCLb4eq?PS7KyL4m2RJ4Im6{!XPxAq|g5 zO0GaO_1)ngl&3^RiJTK|nTv;fIc$ExqnU1&@^4AM>!u(-w!&GC(?&IPPMl@?Dt_Sg zR^?4aDcPJZ&x}A+$K#Qg&ExrirF{soBs;L7C16t zgo$tT)kqNt@fc7_98!l)yeTb09l+`dpK61Yt`U&<30r;o_YiTlt( zBt<@q{3Ts$N;?u(Xcud~yOQ`4=~zv4g9EiApLvWOn0TfPJggxwsCkS$)6u!C!}vG80Xa<{`xfd# z)omv%<8W2S+b`Ct!dtaTe2Ale)50(32#RP}Jw@lP58*#_Zt-?Ue674Xa@UX+h%$0b zztD%dZlsg#64O1cPmX?9<-OMAmn)qZE5v z-XfTG8<}S7h#!3;Hg=v<)Xeb+g8x}% zRI5L~qsexxf+%=6z&sItw7SGyBZOIeyl3IDZx1zuzrGe-mcYIL9@cxU?(xe(E`hP- z7sIp8=6(!qXPy5C?)yt7(~el!hThD*3<`9SYKo2y+gfZL5ZGN4nL|#RLoS$OvuNuI zAMYL*Fz;EdmoI&TwQVNr||IZ`4(_8t)f|S{^NpHjJg;Cov_k{C_8%C{iUPXSF zz7#l~I#PAp3);R%n^2KXwG+Cih5`h<*OAHq`UGb7XfI!M)nJJtL4nALN4k(@y|L_v zI(|C<=N)ESA|~31^P?L%deHJwKAddJRfcI2Pep`wn=(okc0!(kUYU?kF;`W=dmi(- zEDCH{JQt?2Jo85Bm?(Nvac9rbuts^Zq~Q(x)L?pc_@}<13xhorEpz#A)IAN4i@+-& zg;Y5wcVu2DCru}3GW+D0qFk|}()M+EriIE~hpj770jZkiCFLfyPgl0ZpaZp4x|)WL zWyOO1GMgOk{@U-S)(v9{@SBca+vs9lIa`J=b{};cP}bSJ zFJqkIq@2T#i$x4HWlS54CfQP*W1ZrF!LQO8@P3>0y9{_Kkw;b^iB!XJ?G%=GS_8YC zt*N{>J3|of2yQK$e9x6=b}ZlYNZt*^^NP7n)1;9T4#qEux^j?Pe8<%#N&Z#jmuKQ| z>YRjFtn!9l(SLUp2NSH64L{LEPcD0k#s-&~N}}`nRUA3Hyb!ZgIK?1Mm*_P+K+WV? z;uktn*dAYG=5xyW?6&=f#w9zy4k?p)S`(*Kh#Co}YVo=%tr8Y?X4pohGvg?%9qFV$ z42u6Xi%Mn?YltC~rr4!CNF{_sg$7o3=`)m!vBwSuFUo5tg?9NwraQ_?Os6s&&W9?QIoOvAzvC%9DxBc=6;zn^Rh-Fz zrP`4IK&w;nG|sU3Lq+{=V{^{aZh)1aH@UD`jijVTz-G1)1Sm`#J+|3_lPLZ2g=NiV^5@!pP4jxAr0m$DCsM#TxIt9`%;4cW;I=>ubV?TcgQ2YgB_Y zDsUHX%d9(Ifx*O=heZp+!MXX`%mS9ZTN>hm$Wez5l`1YdJEbRZ>v7uSQ90dArn+FW z6FN+@I~_}RHo)ziuZw;FwiT3xtcbyD(YM0dkYb~yr;GH{lTcG|E{#kWxAa$l zs6c@z4-n5*SywS7Zi*D1LN`jYpp+*K6-+Phm)o&|a^Bu8drK6Db}xHhfB&T6)ha4ild+;43${C6HZ^@ow z8X|mcw)~}8MIOF1N%mM>3NWI$n42dt*s>b;sb<53jYNYtd(!JUlrtz_?S#GIQhxS8 z1h_uY@>+WCY%Cq3Z{zI+)tNtyt3Uj_Ux+kVEg189YUjcqCSAo$Grq@Qysa`Mbfeuhcs+jtA5fbv1!Pf`8#N1Ki(A(^&FNR$c`5Ux+~#W|C%&FyM& z-!;=C`3+Km2Rz0v`TEDJv+2`q)uci~Nd*5t)GYe8Dnt=tfzNs2yUpo)_ z;zSpGtnnoF!%Xyv+m7ipLK}tmEI+ehD@&4`1$-p{nQGN+j#-lxz2S)a2A)o}tAWH5 zDvHHR**rhdh`>!z#Ea?ijse0(5l}7XgwSA+1%B*dNdRl!g;=_OC_^bRC3xYiwPt*{ zLE)gwJcT_TlpNCIjljKVu8Sme)+oVk`6&&tOE@QSaG0OYO#_hGW zk?uX8n_d-paHVm2HXU~A(&$$4+&h7>un*aq!Y`?81L`BSVO?>{I=nWI-|qNT_VJ!^ z0ORNpT`wKxDw;>BpC$Cq?K4T}DZ?EG(l-vVx&G6Dyv%@+VBU-p*>rid>#_R0u%V2Nb#oOX64@853%-;#eldbFt7@U{(78mfya*pNOrIaf4$UrgjI$Mf@z92`Qs zC6dTVEug@6b z;oA=t4MUAk`V%I>{NUp{7n?&VY>5&Uf6F*FlBH4pNvB^d%j5+vSNikLTd4Anh8ud> z+DTfQPH%?J1?6Rf;)}Eg)Ul))64Y2K^b9(>{X^i44g7esU$G_GQ{oa0>*;hf`@6%P zBW>Xf(FdO)r62FUg`xuvRmc?6*yf+>-K%G=$jz_c&ORi3a8=H@Lj0BSJch%a)~WJG z+-=bVjUa@Pvvy(D!E!O9Cyr3l#;T#grop^!zX9xEIiD`S2w!yY`r{5aYWM;5&>KF2 zc7aMxX{}Ah{lJ7m_Mn@sFk#V zcdqw!ei+I_Cpzm5pR=5PNZ-YXhu7NE$ju|J=@H3$s2*O~jk~4}i3xq&)2=}k+ijAK zHX;g)S;DdHzJ9l?0!ZEySP*LcP!dBE3nbnoMH*<+W&hH8u{P&8tGa+NOdc9#Z2K_9 z^3@b20*kxV5~DlXh_0J;pbH0;9G@;MH`Rx{ZpGyM-76czANChorXd;ps&rCcB%HtO zSaK31I8u?1sW!#sQAeZJBo_DOiTsf%96|2iJP%Ru`Uv^Frva!{XezHzHs;m)lRNXR zNmO~;gSJ!n(5b)(-0gBjy<2+9OMs*kObE40Tq#LF@#bu4G9>$ZG~IStV11WTk`HKQ zD`cqK(aDIZ^5bQA%J>WzU$tNFwkH~;xA48$TlB@ws4M8N7N|pdc7ms%uzBI>M83cZ z6H#(yN0zY(QYr@4uuz7+O3L1_<9d2+Olq03`VQg(2f7v4KX#QFdQ3t%D!b3)VWy9y zpUUaeSq|PpkpPU@1RB2@6k>nJ=<M>6H8uN9>+Q4QTqva$9EiqMn>*g05v&!Z;S_2Q`m=3<5AYa>@vz-QCwsJL{pL9j0 z_63bJU3A&7F9n=cfg05Ar>JEHi+V=4!%1W3=R^Da0hkem$C1z=9CUgTmL8?uSR0$I zot${}3WR0kT&X9c(G}&EATcI1!2!2;vV0q4)A;541(@1^LPEo0w1j;C)xu z=667S*Z;`sy?G2L6{+C9I%NkHn;8a&8yj_>m8r<`{V*#^avR%RNAWwXT67HaeQLkk z-Fc8zEFdsEQq2u+`Hpjd@Jd{K)mFgA<7dR?>vA<>KBNT5QDi7clBAs-dR8j{4m(<8 z)*UmgSoH%Z+|5}(W61F)g*={4hcpbX&gUpqTqak)@sJ8nHA$KVLAo4lMTdiQ1j-nn zvTY=~Fq)pvIU7&;`LClQ=0gUA_h6|bCEd1};(+a1Zn|&PbfU(7lBQ0^0mbxG*J2_$ zKi>A{8>wbEt7gouK%>WXkv*@!V)$&PMw0ZCJb^d1y!mOqX(*LIZJ3j}BJ^Sbu+9 z8l%^-PSV-rUucZ9lpahjhVQpsw#IXKBMU@TjM5_GD&cmk#9rz5Z&fc#6eh}b;uq)rMUzAu9@}wd%w(7MYaT6<)eIleTy)}jL;NwLczmN}b@`+D^rn7?>P-v<>0>+HmJ>O0 z2FDYW&c{LmD5xTq7A=oXR*VX5!NKzL_f{YL3urp#F{Qn4ooW4PWdqBZTZ|5_Ij&{u zM`4UJTKu`3U@$u*1k(a1F{BIj`zAbqniL6vGh=QrQ>!<}lJ!iKT#W08iI5rfE3H9V zeN9AT_R{WfEbz3(fDA zGM>)T`-XyiEJ(py7%c9>`|nMGHE5*zt(EfC5U4Ht!%<%}I4x`x!Vjfy@qAJk_^Ty}_Y~gJ&Gq z-Ekq}*tIq8LId4tPL#vIO~9@L1{7kj`e1q$mBIwd9RT`L~^cF| zN;sh%rS$l2n5<2pyw;5ahAgzMhY(ld+@`+b=T9u%qKiM<$2jMKvAO`gi*Q!! zA-##uPN^Nak)~h1hJSXr8Y^CYONuxO;=i!O2p{__xcVbyFhO+cPfhUj z_;vA(q6v<}7)kdZo>?<^=W60@(vzJIGHi2G92`JYt42yrgDgMK$Of4uMjuv}Jd$nh zR)p=7i9&yJY<}yOj^P|L!0CcSYV)g{|1bL8_@U>euJ^KtGW_%OXp?w~>+goaGF#baw~yIUnQ>>w~iq z#G2J@XHxqP98-fxeGd2poR)G(U5ZXcnbc;L7Im!0*??b#6fi@sfPDjT0C?rx9g9i=DmzNK)Ve7-+xcJ{J;{4Fds|U5R##M)pkw%>r0L-&BE4<= z8|F5&VVW{f^BXN)27~It=3P60~Fln9KMhA zG}m87U~ZzEoh9P=1Ntf>QgJuhia)3C^ikUDQnj23x8>oYKM33Elx~N{I7Y>IH@NJ< zmJPEDZ*5*S1eO?XreJJVq6n6#4km6;=*CqYu7OS07hM={fq+*;DhQ0K2r2qKCfwDp zvj|r&9Tq-er|9+KAliqEt8Qs+T9dhgq8CWnZ4G~WCsLJf@Q8*vfB&3qg1*+I%#>Y^ zhE(<|jy~fCsqxKNkM9$j<0jCsw#)sYu{LO7^NRzZ)zjtt7mW4 zy5;Ei0%0gg+Bw@_DHguyR5ZPt~Y&V({zuFzpi5&m)`4405&hC2CC-SYE1wS8@Db_}|R)hbdpewUBRXjgMp1%1Iq} zF?-}i;Z-BwH{94ErrR`2i}4e~WuD-<;T|Xl{rc#XzwVVCkSE_Xl74pZyf!BzF)B24 z*5jI@`VE}9|0@r<4&2&Peqxt=%pcq{?~IrZbkTX!eH>Lfl3w5wr8^l<%bB#KvicCe z6oOu3qaBE?JEGynA*y}^owvPQX4A>YEA2A0J zD51)1Je<0nTjr2ErDJZnTH`(3k9(}D7{+@b3(}$2S88E1-_2=LeMl%U=O)?lwzn06 zu*;^2>Fr>?h3nl|U~X@a`aSk82%$|+azV(VHc0Qyt_R{A;wH;-RRK3nThNNlmS^aA zjI8&qOk7JnEpyF<<@PQxS+u-VL2F9)WhADrLRYIbJHA{_*P~Bh(uE^_ zZx&%mnI_T@uQp?3j_bs`qoELQe#0JMSxIP^saYTwDj$Go}fj$u}x(ay5T<%zj3Dqp_Mxr1Clq zY4wcK2$%Y;_6H`#PnXbClda;2>`2i+GNzanKMi+M8tG(vY4r4Oe_D5HVnLi@W|MVA ziuq&QYkqL@nliK39d2)El}`;!1{BMvC6{yPAD&4BLy&dnd_WDNWxVF6fEq^wYe(DS zN8tIYtw~Qht45{Rx}_pq4{&)9LVrp;gk1$ukO07C4FPQdv$`)~7kSi8G==?4W1OKh_r@eql#Da8+BE6;X;k}{XGv}u zwq;8VPJSa|D$pR7u=#V(_nyz`;J7T)lqTt$76nc1YF+pGgSPAK`dt+P#^?aHVd|TG zswfQB>5vK?l1bU`&IZMQ#dWI*l9||InlKZZEQ_T1ifdBJeYy!aL0rY|qzTZqLBxb0 zxmVBPui9h+lB(WLPR?7xJmmy`&p+-?r$v_)tO8B|=oHxp{IyXGAn@ix9{e8ONct{@ zqM(4{a>arT$4nfU7d6Xk(`DWwP@XU2=0nxnPp1KEh&|Y$G_L{bcO;a~frO>l*Wc=y zyS?8YN$KM+s(-t|{$;<`it&%g!M7DRPs{|171^zROFpYq&htM~3pYI1915e9fY_A6 z4P)UgWvV8hpQ1;Mk zu-%Ymd_jo8q{zYP2b+19TN({<4m6+0`!TGTHH#@AQeOmKL74t6x6l8O#`BrB!v&H< zBJf3?W7S(|h$zGj?B6s$046fvS@jndcG^e4M`ELaXyce%?z82jL|P1%yyQn(s2te5 zIE)@=cakpmE% z^oKpe^3%*_97e`|^Nz=JUEJ0N48u?DqH}1EC)gpx1Z)->y_c$oAldd5Uv8-LbI_KU zr}=JcCH)~U2ckRn8TE$D@B2wCatKQP!THwq)6%wIGqM}P?kOTo9!Hrs31oyIv{am5 z1yQ+6M#-~fn0*=xfZSsa#EX1-!Pub!xS{_K0GvQ$zou7$66vJGj!dAPKs$kU0__Ca z%Pk=S?F8Bhv>yw!7x0Qt0_~?Lq0{b#1n~*t6T~NoUpDy=#3zVP5T77^Ss;D^FApVl z3qf;&<^;_NnwMKb1kDMW6Er7iPSE^3p!vyO5W1oIUT-yy4oSCG2~lW>e?n6>2@!}V z5KkbUKs~QN&zSZpcLR( zDZuI%eilrznU!j_G=*lW#ZxW5Y!V_MPC%T1I0112;^meQ0dWH2`GNR#(C<4oe`6(a z;90R_%LCEd@6>^A&>K(we;9>4;(iS01^(ObdZG3FW@HUG6Q3k{$G-uRi*MwQ%kO)m z^jpu0VjfoUM0M=JiCz8=qxO$`*XhC3vOhEPoAM&p8V5f zGE?dYb`pJm)wkS82o4X9M(()UD)t6tFK>EUZNuYL%(&rVDXf0F5QqsvZl6sA)Y zs?HwzVyGi9b`C0(Qvf|b4c;hgF&diL!A%>*mqYFhhOvm_H6#77J}2y7~>#-Zg$CpV2Hp+6DsLJoo6pW<^1>_d1b^}P104U% zXmtzI;TOk_f0K~2`jUt-SmREOjjGd| zno&3BRae(cL(izLt+jPMqq?S6YhxQqjo0xox_xyW|MAT*z{cY!+dDplzwUIx#Qn!f5BN%+-cq3H5{4N>>&);8hugiPsR~Gz)6~mc< z|1q$7Y1ni;e_oY$5W~908>jYgol09AniKtuo%ulwYtNGKY+Pj`dNm#%;~`rX?+4-LkOz)pm<#UJ)*7vB$kVk>tuY(&M5~ZZN9)62@i*q9 zvvN5+XLVrzEF_Yh&-#F3uC&Vbjx*M4Yo@Cknqkyee?=3a&Z0v}b3-UGry)L8A>K+u zJp9jcU1oJ*>TJN{*zpG}4p=8cO+ErVwXKnegRj2a-h6q@`VK&_H|%F8;@dcI-SM zqM8l>j2A*9{9c@z7Y;c}JaHko2MQvpp!otg0~bd%tyBb#vm3%GLYX+g`Gw0&jMJ@fFpA)II6D%M_6^) zfR5Ul(WozGTShCJZRz;l<1A)3>Y8peR{^99J}eq0bvEc=vKd%r3~#@2<8S51ZwB$V zsfvFxC+v`0T`wa1^o)^62bNZ9KKL--2(Ez88)KM)Pxs>}=3caG{RZ3u|8*Nc^z-9w z3pvJvu9u~f(^zfCIZ8Pl&8RIa<+Sw~pl=%Oj2(kr>nm~oVM;lhYB>O^*H}qmRRCo# zTjXHP)#}+?8ZdONy;vI1K|kiKeriT1qo04eR_m+`Gw>U*JnW?*EXywH;N$GubO3L8 z>omHl3IyxMPaodhzX5;+zqY+{=SMRAV*M=Yt7b8G>Bb4xH%zb%83$lCKv7}hvjErp z9ssaj0vK)xbB+)x0#Jnz6X9ViMOHgZc;R57dipH%lqP;#tLjkF{S^3494H7Ra=U-U zEJ5bE5VKte^VlefMvmb`lM}eYSt6Op=2SzWQ~FV2d;q~CaAxO; zU*obA^s8N%aR6!5H04|v@!vUr%sa^3Cb$0JMwBtgB8(p);~la3 z)uuj#QG6ewrkO2$9&EIfz1^7C zK}~D6>RBCtQW`UTJQI}C5lUF?Nt^1VO9j z$-{9f@-Pg->M#hM-vBFH?j(N&${v0~Vu77Gi1T=I_%lcqrpv^CvtqPDZbkCQpZX^J zGwGEI?FPYD&#i{w>gwys=tdSw^^>^cM{(`s4&sx+{?0z9w#$D_!~&nybw3>k;^M@$ zKx@H3DC^poByLMD)R$Z+HM;3aW960WuQOK-^=e}43u;RbWNkhDZm@rK$)&M27i#TO za%pKzeMy76re{kohN*S*Y^timWsTMeN-lbPle_81D!RO!uIhX$evqzed!-c{`h~Pr z^-Tps9jxUC!7O9Xoc)q`BPOcPK>{hO6G1Q$8HcQJr?qX&!(<0UH4j2qd12weMJMn@ zCj82E9=QN%710Cu%ZPvb_uLBYp}6`ce1s+ab%nWH<~K2RNi60$eiF+@NT#yxOfsJ- z42)zV3gf_m+ZMJ>VoZ|~A2c7ua0@KQ!wA*F3sx>)#g@F;v_C*pUBKMrMF}iB-_ZIDsn&^fcwDB7TRyJ!71;-K7Y7nf^S)2UC@q zAK^wlr?0w1*ff7-HsC;!1WKQgt^Ug72QkPnD}j6avAT?j`U0E-hwZ@cJA)*Y2W&tc z1H2li6>`y1m3}2J!QZo(4Ii0)>q>o=pjlurfnn7BH*MM`${>En? z-rb{o790k`Gq?N+zXGHf4THq(iRHm^C5>Z=Yao9s1TC}5`+acC6roK;mAa|qhKSlY zcQNM=M%kkI!i_`Jjq8GD*3_X_v6J>J0`I~`$P2V`+$Tf7i(taIuptkOqc3C)3*ro@ zQ!b4hzG6dR|7dA}D&qIhjqvk2V7XhgUl}!anzgyExV_ct3MK|9-SHgP3f-~52ar#| zysCds4%kt;6jYchSt$p$WrG&c(Sk9;J-~T;ybnI<~RxmwJ+FY7Qh)r{1SPGSduC# z@}a*L`dDaSsF>6HCC+C9xtIqD6d#{1)SO;R{J#MQ-eyY_ESw z^Z^L?1D^H4^e1NB4e^mmID`P}Dh+x0LZOG)Zvy9oQQ!uHyz70Tqd~ln zD9=TELOdrQo0tF?taxDkHaBX@h|-6o0s!yh+~YJGuEr{rc<4yfJY?;7wlI~JW7SBH zH#AJJypb&KMjQ|}WN(1iK73(TuLmv^Nnm^p!^5&}AxyABz33hHaljA_?|FYH%IE9c z=};c<0Uyu_lTi#pl%wd5SsyU8=v0L$SVb1?yVkSN{shnq-i(*Vs=N{|++_e-g6{iH z`m7pz3fx3C0w+XF;Xa{k1mI&u_`IAYEgHXf{3poDdl^Hkigu;d5`#$g;wx-6r=!$Hf|#e7>)miVuJCUhY3RVc?4= z4&`H};1n<}xDB2=bC;-icH{P7?{J$XbhK7`0oFCOhSA8PI$dkkJ2Qa0-7&W3D4MtO z-$uLkzSA-FR?YaqXf@xp-rbytqloi?1jv5-6FveAMlFLvg?+Lj_ZOI49G2UF&RKv(I@f#MUNwl1( zY~{dmj1V=Ft*IEB1SoyEf=l*?mEt6%e%k;ZOhyAPqHYOce51crqBfS+Q9rZ|JCa3q3;&#%! z{v*G4K8F{f3*U8$td=3+hUy@AJ8P1^L%c4p<78 zjLn`ETMG%j=R}!Abh@r(Qhm(qQ)=oo;-!HUH=jb9_+$&DtbV|L(W+sBzSxs$I)|a4 zB=v(JMzAIye^$RfvjRG}fszf53NR!A$tWA>OS+iYPeo!8_{#~UEy{Mh2N@GKdn7OKA@S9-|-MD~EJ_lBU9fsgEGMg0|J zNlCfEF)yj4sH(MK@O+Ik4gNhhpxM@`sd-M#^QD^wFRNx=|h@4v=K{(=}>5qVoxkpWZg`!vZ@q^!xdZH3p-^9=VBuHs@3xLw;z6IC8_u0o!r!*#k!PY`<~F(%kX2o!__bh_HE^WjcRR>4zI3l@$H(MU zrU}c(h@`OBg>yu64RTqcv3!(b^*zxjKL!JVR6>!^$?<*W@f`pfS!ozY0Ip7>=6gGI zWOZn|UE>M~Hn*_F0^2_8wnw-ZUoL;||E%75&)B?bG_?A%{(#xaqMn9k=-E9g00y<& z#`^scj7`nN=>`gG_B^G%5iWjjg!L`Y$sQlY^*rlZ%QWUq9$?bU>lXB;rZW-@bY`+F z0I{uleS6v0Zj|iJ=H2bxZT+@YdwA=BCaGfG3B6cu8JbJ^v|Ffw8 zNl3z9Aix1gspOS6z3h(Y=uLkwen)#X58_Ah6Z9iYW}b6!ApioPNKsWjc9cYs1aK~S zGQYgHqkD_5y=fbUrVlRr7shGdIy*bnp8wkKBF>^5)tpn;Dx;e94H{Btn!*0GPA@M9 zXU>^vnWk-Co}Txg?XuUJdvqBXAp;}!7#Ly7z=)>_j2L|J0*llr2lRgcbO@Zr(IHy! zbA?Z+i$s>;?qT73kH-*<9||SkDc5a*eMf!;Pu8RQ;#{ya)4zVp%g?*GhiGG)rE%4=R!hZpdnGCcIg#GNyLlF!nW z#~x+LXC-r3DGVQt_Sb*#R^|yHFOHZf4VD?Xw%s!YHl&qbu1&hm~B(K62+C!fi9L1A$J!oo7kXnCBHb}kAgo_I=*cK;iD$9ovdeAkXP5r zE9KUusFyTq#p8b*aFKYyHLpw;W*ijs5iiI8SRv|Mow9ny`U<%DH2)mp)S_irn}m82 zB<^f}l8M*V(7CxACn!a|k8UyXtys}3*VRSIdcCj`SqXhZ)IXqz3>IyN0T0ViT*f0K zFk&tZw-KQnKs-rhsN6JSa>Wmirrw-2y&_jWl>955yUmc zVu5uf5TrL=dgE8U@pQW1#u1C;Ig7&2Jda%_Vth*WhSfdH4};VtH=Z^wzwW3`Me7$` z9TZD}tEQRfD5h!-c_DCA{!SK51!S+i*&IXG#rg2A-DLnzWuIaT?`t3QxuZC`=e@Pl zUC7-GdwYK`XCc2TKetJwAqltquD<$Rcx=TNW4I}Qn-BPC;srs0oF|^PI!5@)I)u`Q zEHH?*@+O}J4y~Sed z^^0AjJn411Q{}2OR(*9uuTIQBZPo8iAfc^e_BMZG6@gXoVeIZkgK0C2Q@#dn221xc zjw_E9hXyq&_E<-q{cH=y8&9WMi%$wmMSvV-8T3hNK4W@Uay$=~H-76>`l2?~mRW38 z%5VFpOl(zZYNQIo2N;43Y7Xc*?n4l{)2#={v>e=GITytd^R_f&&$|*z-)iEIiCJB;Y9(hdUDIsij`~kE~3P{Vj1by zB{{I#ay?e;Q2G*Pn_Ac~`zG;%JIwZUgT*a@2bdFili!TKvVohYTk-p*<`!6w3^Bvzx)TG0<;FtF;{@! z2z~>Qpn~>O4k_qFq1QS2{WrSidKuICVwU9HKIrWl)heglKk}QDj=Ufux{#l879s&Oe|;~z4c(4a&e6e#%3yX>Pw zvDBc7!BX7$!o$TVglSs}1~Xt+x(?pZr*&1eO88CP*cto7&3b*ipy>C18i}So3UkUic&18?25&Y039K z$nL{lMFMN7VFXr5xySU|F($oFSVBLqfI)fC*KAS;6gZPM#=`gcrX7;7WC9Mz2*_Pb zay9e;2BdmeZj2W{r*I@DC~jQJC!XeVpQINe0U#>YLJXcuHS0e?s!Yv%C6K6mWFg>C6Wdo;An zXJGKA*LCU3-vj--;SI>x>i+I)IC*n_cU`s1unP%jWK%QLx#c$9HG%*LP<$Q}L(ayK9Pl(*dZBxJ}&^VOFIaH1yJc z@vJp8Rb@pm)hxsTEn%)73cnn0_3VpghF)z8TxsHwCZ1Ijk7y#DDrVBkBdt8#%2T3^ zXKCm$w9m}YqiNf<^qAx=Z|?%uE$#vq`!D>-!qvN}tFUgqwGo!vu0w}2dnKACQMS04 znt8NXVj=1SP{MA=rw`Kg)!P&FzV<|a3FzE=PhY$Y$Nnbt(h(m}=U%GXE1c>?(aw~<%5-9vP{Sj@W} zqF(#2W7q{qu<PK@MC~bL=UGzoe;u+6lE4 z*vlb0V_3f;xF!uAFIKbQZJYhpcJ8$YsGCVvCfG@v$0uR)7|3|#ZGqM8Ms^}kMA(AX zj`qQFK$6I$dAWcwfYfmmvMzww{3A2DBz~eQ7w&{o+q^WC2suAy__MV^yUUVcm#_$c zdl{G^@aT33=!1y~jM-^ouo^IbYJ#IM+&nrxz&Iqe$4mblQvVtZ?ZbFMR)JzyG%NqRg$J@{#MGT?Kf&t;em+#)aO?4>|P3$W7 z-dGvO(S0IvUg@30$M|K|EClu}OUdEZ8mZQfWFC+#F$@Cxi43!G@ znTLd2xSN|x>!9)SmP+t{{2&Thv!f`t;3=CD8^?x(jfc|nA+~&@L%*wNV7+BbW1GEy zm$r1Fg`Tg$`b5V>?1F?<gpvm*TSMeS<5-^<2*{R-w;1I__iNTDdm+nfm>;) zgay;6Hcxs->Z^u00#u?$291V>O3_wR6VeO8Ndvpg+SUu)JdZryjL# z?5*^lqM}WF=S98=#+Jt(9Kr;Zc93lY~f2%t5 zQ`y!>nc!wECo>}g4Cw&dI%6S6rUKB=@0nLX%x5p7CNjaldkRMCQg6^68(!l7?D6i* z93V{@5_0ccKfpR8&&;U?hh^?{KPe+|NI*e*8^x>`+r>w3vScq0-d-FkLV|5id2_{ghuJ2?e|QTtrMQzgN|L;;@ccIIqt$mFw{8Ed!Y!2favXq0 z{=s`tCK%p)O>lc-rnlLAhI`6`lwL0B<=Uy2Yq)1GS94s}^Ye0TQk@0smXRrub=Pjq z7>z!|iW%r*y(~IZ+JPrClhgvMkg^`pyj?XlJP-}R2?fxzgs1^7Jee$GYE`+)is9sX z+H-R>18h}ZlO6xAcSvOZz%xjYo=6S*IO>!x{VICGu5XDj)CJX@eBL zLj`v6T&q>#fZyFmpM4%80UCci_c}!k(30{r3go)%JR&Ne3w0uc=X}&yJA{>T5gx#6 zHbXaHRZY+_$L!8zJZ3$8vIqiTw*KOQZ=RPNGIByB&3vw`ZlxGgp1Cjv^3U+iBlae0 ztToX2*`7n(B{A7f`vmKR&Q7MHCrOYwQdby03O;~n)Dw!O#E^ueb3=cu9yojaFvrE4 z+`7QL0#-r|%k^ZEl7ERB_)Km++(xYL9X-^h)og2NrDs5T21=fRv~Ga(4oL3+_YO4G zl6VRaf!6;Mxd=MNIJPpN!SRO!)!l?fun9oI#G6y~vOj+Ly9>(OETJBE?5@n7!RlF( zVi@vngw*G)Lm9-@PKAGM#rribouN@ge0XxgDfaz0?!2d*e|L3qa`6#ZAb_j)-w}ep zeE0U`Fbl&vjLb!W?fyqgl_}A z0w|om|7MBW8V(JH19Qr7-201Ok=Ee`HhKm9}wKVWviaw@NCe$dm zy}`s30Hl*Lj>Bro)Z2N22o7R|u!l_mQIDT*shmM03M5?gLrI8*tIn2dm?B zzT>Ek8?{%Xi;GeBtcWuPm-@8n^EjF?5Rq1M-^(NzFkOGf7^@yUC?wQpESZL^S5`ko zr{f2Ocfn$298oseolY^)^3KD0=4fH>p|63W+-W7o2<2_%iZdMFUw+tAp(|Md}Q8%jS`7 zg|w`vug1HnEkiUa9J`5koHm3{jv1^urWv#A&@%Bq{HeB?p`-hAwrU00?kPz-F>MeJ zeO2t@gtIJ2%-$c=r zx5-*WJbRd8P=YA>AUg20e=3aC4M95yczD`MdD2e9SCw~Uor-RRWoE(ZlqSlZ8~fh$ zg!g|J6Y+qoWfH-MG++qZg5lz!ohNM|ScxM#2fj4#+@M|LOPd?Lcyo<0f^p*YSd%hX z1)7*bxxsg^;w*+S%rb;|m=QK50>BtN01d=5mnXZDNk~;jiIOZQx4kT7*jrHP0B$G3 zm1Zdhpm5w#Zz5JP&c*EG1liOfcPhHPnIM1b`O6{-K>}l>W3F%nYsQGJ)@bx1bjrV` z^mS^Tl{R&oQqx98m#R?lSrG9V)gi-;a}*MXadBdIAez2XRw z+*HK&Qdn-nLOtmgA&26w}oXE)2h3`I539TJ6AVk{(8C8B*HyCG|KMNz8M1q*)& zj&{7R!KE~0Nkdj`W#D`#4{6Jiwk)q$9JocJm!~ji$&}?y^>hs@VtTP3P5p^7UC!nR zybzPIUddP&iGUdfuEW$8%GCXItyEZ~^g|fkhwsr3)UnnoStV9nNKbCR%4Wbzm~@{5 zRW1>AO7=Jb0+Zc`|B^5$sYUP3-U5H<45!Jh`(dwB*`#zYZ3SJYFwx1oHwS>C_c<3{ z!Dy4i!LL*faAQDuk=ecMC9Y?x5OqwzMF3cnI`7sTEK)pW$h{Mss&^ zi`m_CFTA>X$x^)APPbb`S{?fwZoocwVgEl9X>hb$XnV-lV7f~KB9%K95J`VJzStvF z39tQlR@$#Ete&*%O1ti#!mhijyvQKEUDNFtW;AmxxmPw{G_zTK~FX|4={>f5c z-38h;LFL%G)vs+u!&V#oj`Dv!*`lC1miZsOk`mA>LTWbgtbkyeftW)NJ#I>+wII7G z?>-NLvxsVY-L|qL5+$0Vp|EH?e6|39+qbE2Z+D!664A}MGF)-4bXwoe<;mIO(B>N| zNFJ;JEZWrZEG#K@lg=(0%9nmH&DAQM`tA*I>*sw+Xz*$M0ujI3kpX{k5ZHNTvy^N2 zN>%BL6kZn3W4X){(SMKKFDn*63^iB(HN~zeBTI+A_tl3Cru{4kOQ9CkOJwsG4zrcqjd;LlcJ160%0bL(%arbB0f z0&Y)#Sdkz88f(1(tqRV>RP8VLr?3G>AhnfPp6;yoG3s!NEP2s0Gj)1>1(`tp@p)4QaIkA}jW^oKrI^^dnHP zA8H_gQD42=UHU+)LI329St9N=243RusAUjUa$pNeFVjikLi2_s@tugu#6BbOqJ1}i z-7T*>4rlH@1R#(T$xC1k42NoLn_*K=X>|WEHld4xTthnrjQ*M zj3D*HrI0$Xa-8=*$!Yp7Qr={ACunmodpDX=3PkALXX63&HbF%XJ4E>a8k95q3~fiV z%^EhhVwd@Mnjz*p{My^tLo(9UxC!K#eK>CM2doBq zK#xG{(YH|$O>PfG%So1d=M330RvmC%shVCmxW`3ly`qnD-#vmjSO{z(?eBcMU58x-tzmI;KlR*yNm= ze`Srocjzh+qC0>cS#Yvr z*D@h4J5fm^T{k10@mU$^;0n0>D7kg##im=a=g}RMEBdI~W>;??GVEp{sHwJ95`uko zXyuJ|mTKx|LGTX;HZxGv;zX;7RqISUcV_`*;!HiPVLPiW{znt>!dn-spC8?Sc)%kU z@q@6`#c>oL-2w;u8S4`V=?3IKzC(ZbB=;fC2BF?*1as^w^gp{KilUQbIX=QqkFc~h z+Qc-+wg!r(n}+Tf`9%k|>L%NFaEzjlv*0L1s)~^Z`gdYz>4fGkZpXJY zh}VjESYKIrEWVSz>MQ?8`A(dFe1O%=L6Re&Yr(vbia^Z67{3HDMSFkD@0?O$}>M)c03W_KgiU;bjZ{!$%@qjbt$1>tq z;S^>bKO70mHrd;1Y*&&KOHM2~vE;FBb|GYcV&GV<z9q5E?yK|rT6ikyPy9!JHQli!!C}djulh${U-y-ck{k9x`AXMp z;tfarjshEok2mP?AEweU@Uo<)QCkh8F3IOqs_GpDGScIhi60)!{Vxx2xekF#4r%fY zLobQuOfWYLqAZf}M0`1klJ27@i|LgaX&vrWBFvR>b-7o61xdoV4)A8~!VPt}-4ICx zF#TcUL9C!s7}x>Mvir?SL|Y!2rqSK>7I!OAaCvAQ?zS;uYZa8O4V16or=c_*V{LO< z)+=aPbLhEd<8$>2;^l+3nlG-PR{mtW`Qj3J&S1mDV)xSNH*xX`!qg4rOZcg9wAFBf zN@64)sGALcOi-^Ry_VOO2#o~qW_&}hpgj=an=uZ(M2o8<>%bk23hFG5tjoQrKI=vW{o>dPtfRy2Dj05gbPkE;7F^P(qU_S>+TX5%&e=&fw8q0~R1i8l z>4x5XaRsIGCpR-jql&AtCpU99qeRI9R<%QB6|`%AvEywxP1lx4b>@CNAROK!wB4{> zW{Ec0^*Tv1W6*egnZ45WCS7mpjn|i`kAS5K;63Hh@TbvupAy+wW``Xp(Vaf%ceuPn zd2A9EtpWRKH_o7f0y!0!gQfwL2$1h$pLVhF*;a`H`Sm(oKWx0dh6+t$8&<#Z`YJ^U zE*~m?nSjO{X^l53k)vSwtv1psQKO-EAS0_-+$X^8bFBv`Tn)!19piI_W1QJ`G8$Re>U+zyZQN_oGu~(Ab;`_ z^|7<_6+3&4mzSuIE&W$)>l!bwz=eGz94-kPuC5?E7&*VT2>}gCga<<(7&!ES*<$D= zy5oSIP?XyA@DkM_&uD#hiRQQ()9&gjg0m~G##%T5H+ZwxN34)|6w*>NyXm^G$L`c$ zCP&y$&O3s0< zzM)!n$^BD!lkzgmVKE+6v!9V29~T^V9F5;;Btp)H?*)NBPuBRi(Ri@l7SFzec6NNF zD`b}=zx<>ZB@uF3l*_rCvFxm?14^!5gjhI!WmN~4~Tv+AlZsQ>@ z3+9vx+KGv>k^F#5*0wh&(bIuIwr%fF7SSDtP!`gyFD*;xj?XR&>5exj%jv2cY+3x( zlu$8h#h=-nOVmpInW~l*^?v~IXRD4rkm65@KPmpC_>0VZdzvi6$ zw&JgE7bCBYLOP<9e^UNQ`6uO{lz&qG?N0txXC7(w?bpoaIy@U$KQ&VwYL=9LQvON# zC*_}%e^UN!LH@D#ZW;vPYBsJ_EfecoU$#ldHB_TtuA!^;&EcfJM1PHDskX6=eB5)7 zbymR2R$+q8y|EZQE}=}ql}WhGf>tKsZfPJg2{%(rYRmf9gk;q6-xg*44OPoBZF4$F zu{3C3HSBz95ispFfwv{&m9e9b6AAx^55Z>$Ig| z(rb&ATIF3>E#&X0T7O{^bk(%<^)k?G>Y9mP7-i)qqq!FzCDAgTc%?d;X*p>u9;75o ze^FN`^ht$eh44c?u`0VZ_9lz<5)ZFU@1QU}^69k4_W4{JY7r&zm1l6nmxQtpKC0m9oM6+)18tEHtAy#UL_j)v)fcGy+ERix;g!`BB#x zLi?ga0eQ2rhBF+pE07&jsQ8*Xk$J%s3sx%!x65#W&B^?5LQTXJzz_2%OuR#U_v+1A zu8gRve7_76_cJ!R%j-ds_&V$p04d#d36CaUu4>J8R3hC>#> zML2*l)=kD5(1G}Xhy=cS7DUVG5ql<$m)b)7({k*^ARMtj<=Z&AgP|r0oV16dMRbJo zxcA0KSO%JA6=$6qT6dw#*TI*3L-Gyc8+Ik%(EE?#8-J$i3`(-pP|bozVyNm)-uN<9 zjeIS%r{fzxV0m|53muO)HU7jSyb4u$hnb%8I=X=qo!rv5us*!#E$D@@Ke{>X??*itx!VKAWvO<_zpG`EO|m#@yaUS(R2X$ z&OR8=i1pP-lvxB=A#MJ|+H3#>;k`{GY_9;P`+qi!U{fBHgE#LE1#hC(4Iw|mc{Q6D zlRs6GC|Gjb@g}^9kO57Bj|9=2+QRyH)+hA92%Aq#@UXBx44wjXg00UV=-B^XM-kOP@&LhwrZJsK_)M~ z>3@xP8{G&M#8qwqGkDnffZkE2KAyudop2J`45F|;TB~-pDSqP~Zh#;AizMsNvxr0| zA9-Zuk*zqgTj)X7xx1LHIz~x}a8xVv*iu+i-zqerg^OyMi>)^Esc$Z}rsvO^l9Oh0 zo@!0^Fikaer!c8f2eCdg(YNg&HqV+ERe!hoIbQKmJff{mmF4O4Ypav`X=)Va`UEbk zIf7lshC1bF1xq!IyuYjua%i;@>7ZFIb?O>v^_%39{lyEtuMO3|=*l0z{0AtW8JZk> zH-4BPk_0gOH(g-gXRoeC3V+Eg z_a^qd`mR2kH=^t?I|HR6ymZ7w`Ovv#5e^83ceo20y8;R^7FqYbt+#G%JLGhnuR<6H zHe_3l1CaZ%7l5p6+s$+r!!l`DMJywRHQm#=;Kcn!qj6~;lw|S8fBs8Mbo-6Jc)1+! zYfw6p9S-Ue+i?qu<5u6qMX!|glFj@jUOyI4*zg@=jz{94Mq;*8fco|MafsGRs#jXsM9MKIOuKnk=3*Y&Iye34Yd?bNI-t;BR7n~T3o&I z;1-*aMm_ecHM#m+=mO~- zx@=@kJlHNaGWTZHMh;Zl9BiJMLZol2udhpAFAJ5E{02 zVH>02nRPnc^WKe=IbUV;jdQgwz~$KKj#ekpJ!(e{z%3@;#t3coM)(~E&Qx)==y7y8h!Kb6zS>N&Pqw#bM*0k;XakNy;SYfdCCJc6HoC{oY z20C`%)U2VY4}UH!?Q_R9#vXBv?G)Qn>YHT44R~b+_zfDwseLiHFfSd)G0yib8+V0k zzKPxWtv^wWnxLVrZ=I$ZmQiGxx-l$l9c%R5aqFBjrU_bxWop9Nbgs(5Z|7n#y1YQ6iedMS{*IfXK7YZv`5XdxOc}tllK`G7)#1|( z;A!Opsg@Jc2eNY?$WZz~TKPbJx^)-I8GQO`p`1s`WfUvldS7qq18E9st1%wbZ%5ix zYt44RLfhry1ET9j7Sm>!Ma*j&=C)(n^o9k;VC-+a1x9>*2%~!iCX+^NoTR}jh1Fks zyWtlvCV#gs#&meG|MQCPs%ao;#P;|BQ#E`Hzd%? z+-?@v0JNcm8d6PvH^M5SAyJdhl4I@+X8=G$GCc*cQTFc|y zQ&x@}8ZZ5DDd3kM-f%wmG^g&4bq1rdgIZ--D@4STrG@oHXr!m!mv4Kta^px582j_j~a&&5)o}Z2`^vmJU zd=AjHotkVsYc<)DYVuChVo6v((hBcqhjb4=MJ%2p6x=^f?x5Z0&531k-qN(pQ%mCzx*gH

    AO?nktbhSkd{lD9qh&Q2|`13gG%m1#ofK!e_h|cdyiYuqdA zhs*lmJE|W}Uuo!ctfzt`ZCQ-Hia)MtY0N(_b~D~mA&M0sR9{xI1rE~l*5+Cu)K|^n zU=0r1Yi|yz`|r0d$_hEwS9IJOE`JAdbW91$yTI}@RvJ$EpYCk_zm(D1EKZ5dB{rAX zTw-&H%_TOM*!(eI$fz$?|z@Smcq~eK${|i=9ODf%26U4|fSB9*V9 z2rd1VSm6FYQ^phRr3Z(whca~Q+Qq(=0N z2ZvLkEih_Y_WV)u=qu&KFx-xIqLL;154=4OwYQhx9WTG%SSeMQac%s?v9pMMC3AS( zw?-bmj-jl^M){U{CEbe)5&REm1buBR@jMM%hLgnSa!3Ax3-?C&f>RrHD&iOY|G#Q$ zuCKsYYyNH%iM#{KZVTEb z-JZG>=jPP-_xF;z4Ebpx#wd}}R22UOcJPta)LxQ0Kx* zh(QcEVCrZ*c4u(~6oq6lfwpussUOcNbKdc@!65`>k3{*9(EL(uV(|dS_x%(Pr1pZ7`F;4Fq5=aVi5KMVV4jhTD) z#{mM!C$6$lVSa>jC#ASxZ#-8BJT+y(CsVF54m%njJXbh`42avWC_>+JU?s!=Z=glc zJOZF6pfX6IQP4cfVktlpf9HdFrrj=1=Xdd)k~naSHd~0Czvf1hq$ouxSNrZb8C{Bg zP(fRQf6L20U+0LTti#jUhWM_)l@9KR^K_)(rPC+%EZUA^U_xk7Tf+T_Zf#C)1R=83 z(X5Xa}ShojdEC4D!G>#)X~HZ-*F zRxn}&{{h7y7ahZXFyv&xe!(G&)gzEtm9|tTxL(_unkH_PG}2G7-V?{{T}RB%j62HL z?+`sBr?!Q*fyA#Hz{clvukMY3&*E$&D;$4*yH&V+6re~#Uz3ggj*CZTU!3rf;$6I& zx-fZbKLU%?UU9bC?X593H}J7R>aQw|YE!9ZiK-Zty|53N$v9_NI%T}sWCDLjyBXGw zzQENHH(8FMSA?WpLaL{R%z{f&A_j{CS`tBEUt!uTwJ}^AWsn>Lgt^}Kw-l7CpyD-o zHz%vNM=rVu2{01i2=An3fV{*dC_n-!?esL$%)tO zNvFQI7}AWN>Oxoxal%_^IkW>?P= zm#IqMpDM2p^KL}L$EP1GF!_5Vfl%Lp#Z7+qc^_n!#ew8z7mX(-7v!_z;&Ak+q40kL zV8*LDYkw0)L%$@7GwPPm?x^e%<^m0zOQN6hW|&=s6K;uXCq~jE>|^zDoUwZ7( zYgn|yD}AoMOjT*t^Xp*~WWoq+VrqyPpwx;{rPH6-o@6SPQXt9-QD&23io%qwqdNgr zY!nmKvNNEH+&Fz`0>j(1`)c){!|MMlcm_3*tKdOhgq6Tx3P>d^UniF|^PO@N|DJEnMQwI7YbK@tdmTMBfmbvzV4z{?&r*8J&vtM<&K1P2QQ0 zn6`&%f0I#%jm`hkk~{HE0ByqjU0mJnJ|sByaW*8;vb%tL0kPJ4PbhSnCAzKS4t$3S zd9b7rRD_k=9M5ejwIK#&0DGA?zij)|*K zMqLmv_kB$!mA$7P`x`^IS_0bf%W{gkv9yK1ySsfi z!_)-O?DPv4aA1EnwHex*)hRqa5u0V{D4VrX{QIuwfpIqCy+Q~(04$Ur}Ao!apD~CJ*bDyZvR&Ru5 zt7dH;I?#fnVlG{EV-`Lvvrj8DQtcYA2BzgY7T$G%@GF;w0$+qZ34!9sQ}9n@>73iK z88|pF;2tzV8TLq>R=QhG}y*87XIr$2?BPD2P z`k{hVfdRfts^n_>RwQ@AxZ?=^h$;j2M$_LuKxSde&pw?&OhhNJe9gnopA8F#r>I>u zxBy%WnEVM0YT}=$P$^bK7;Yl;Nr=*~f>;IeW!iuD$&^k03AHQ>BbU zfN@SKxV>wR%#<(%%D*L2N}=iY@EWEsaju%ZBVTPbMAnLxdc647*A7Qb-0v>cO3APu zP?|Usu;66P&B9rZVEm}1(Q$OuaVYCP$8S0Mc+W_yIE zi;)IGW#=HBIOQ1xx>_Mr|AgBSlPcp-o3qhTaDEG4O9i$*B&w2i9Alb614m9zB_>Z0 z9_byh0GdUx`v_DD$;IDy2CP6D-~z1xPzL{}7^889(k$csF77R^^KrAFuYAeMdha{cmxt%I|IZTMZ&lh0Des2eHNVkuGCjP6y0RNqwM_A|~t22QIru+vC-S!p<~76mq0 z+Hw7CuUoY(21)8e0Y|6iA%W)@*gFFOW0|sax1QPvj0FuT#|~nw7nF8u=3iv7f1Fo` za$@VqDO8y(BG}uE?uOPdzud7!QFQus7OEm#|EO&29;VO)=LWG~X?U#GIzZ z9gdm9$uXMCPycA=Moj%QyZ`i0)%qq-ngu+G=XirwarSwG0{$od3ku4I2f0m)> z-2pXh0Jci~c(bJ@TSiIyOOiIC%00XV{)W&3e34+ zTy6{ACjG_7W&&QVRI9{OW69jmVOdK^qEVqK3y7gnk;i?M7SDX(3zdsh9S1J4D;{Ft zsFu>kbQ409JYIZP>M8Ifesbd=$tB#|LbsVl_^6epF7>|w7RtbMclCA}h{1&`%>OOY zZT<9;TmNLClz&dj(4KH5yf5kMA@=u`xX|NOxc2oqH>WGT(hXo)*1K~J{(3tO$==C{ z3n)ywc)E9kGT!vjhwtBZ@hGjGB=b@hk2kj1`m2geHjY(6GFIC}B;|zNQ3Eba*Gc6< zX@EpVeWxyr^vQ|=rUm&u5}xbFAKybDCC!iIJK{~WY1%-PX9Am$Lsrg)#U61xoC4au zQ?n#sf4$kZFE8(PHnk<5uv@FhAqA z`aAQTIV9HJAb{dsslkdhmrB6alm5!tZWln^#&jEKJh#{WacKJ|b8kwIK~WsNia zWq@4V!Obc~38P4XYVgWI_zjZQ!{pS6hb5w64%hxuNI3FFINaY!|0T;(cgq*>0ysWo z1e@Qo?LOMn;m0k+qM|PJC~k4owFCLupTqL@&GCRF7^^FGBK!+%g4R=G9@S^?w&A$* za@?8TXrGxscqQR0?&=M(0Lk@qe(diGu|H_3nD-O-(zbQV&uXx&lY(l!StH;h1e)?- zsmtjgaJB5CJ^w+tiP`sK%_am(4WJxZ)nX7mux9D${@%0qCFtlHKy)zw>__B`M9u9w zu|v8$HjG3d(D1fgoyE{yHJ?7N`k2efJG5>_wc8!}Iv7le5KT3X$BDx*8%Xi zD_EoVr|@o2(z?35mDZso0ia>|*{1Tw_)uF@ zBiV1eS03pC4fChlc}0 zU!{v-Qkh;y{r2%vo42P&*O;|LEYo8XVc&+Qmcfi4EN>TfFhp*?$Iadr4UTtXNPj?U zcdu8Yhn(+I{wl8Nx)t5h?6s$Tzb8m%cwQo4(^EFhqGl$DNg#SAU?iC$dh_Wb6m>wS zX8YfPV?v^)SN9Nq$FBQ6icxF%cnEpo)aeRhvTuub;15~_?s9A7oI?$D+>&v#B7u}& z!8D&M+~(OR__|~Pjgg&Ixgeo?D5PD zo%^H)>}TE(e3?NrV(czn$nAc1N+h^$6D7{TlANvO`Jd(cHYQ4*C(XM?4(aVyRFN2m zS+Ib<9Oyfiwt>r zhk~ncab4U0Ho45{4N06UwQB#W+KW1?6DUrtk_=y1O0oQI(2+ znOjC4U0YCf8*;?qyb{#1P4~&kjX69KPNFHBAccgG$1Nav4(w zXusHlt5NzwFcjk)q2a(WWKs{R-J1dt40*fwSqhE)Pz;kf+~Nj(A@KtG=N8$@(@E|M zjKwSM#<#G%bC0gjey%q%8ouQtvf$Ypnh*dvdIfAfaIuRm3#fiz;d^qSyj{ZTFZ;+v zEv&godpoZtqTH1Z=L9vFi5dNMaP_JW;9tmWw;)W$ptea!`^Yn!KsL_z&95(GWTlhO zVyp<2qf?=7O{Kn6o1kY`R?DxFJ0C8%TfEPAM|y^~2A1yYHEj->Zk z5mCqWoOXH~)Iqi~gX7E=W)+(OlB%gq^>%JfM??EKz@47T%sjy#){f6k1)OpQ~_tO10^iLS`MOeaL82iSnA5@+eDS;6v9 zI&7JFWr5m!^B8Z00$`>$iz4Ys#l5~Upxs#&9O-49=sSUG#3@>?;8x}pbfXfch35w} zgR-Fp4)5DrlG4aaQW*Jj(Hn)#X*+%BjGxciHNZ&;^-ATZ-<)fTscVW2a&79(SaJ@v zjn?hbmU%wkB{wzzg_UJTRffGGO=aLTl)8e*3&ze6Ts{NU2a{*&`sOn8+TL@A1Gi$x z*^6W+^&~ROSEd$3D^#ywa&AQj-OuBj@BjG|(pWe|Ltsiw#4ge>|E=JrZbW4om`O^` z)|W>_-AfMIw_M;&KhWCwH==D=%Gu}v*V#vwL1O7D^wk+qNi!H2;g1F9owg&?RD^_& z!t|l;yWg?zuHnxMAwOnge{$5SV+b^#u_1nTRduY;-ix{(k)#4Y8qjcV|KZ5V?&X|_ zxWvF(bnIS?B)gqM+EGEO!X-TMHPFz*6ldnFQpZaraYnL^vStNrUjGG7Ef{~lYN&1@ znjJ{c^Q#A-Y(pXKivaz^YQ%S!u=X z7D>bN_l3AcBs9X81lKgSdq)rn=j3N06fV?(Tq`m_6qKuC2BCe$`1wtK0v?e4ZGn@X~IWH~C&A z!Lwt8KHHrJY)&DEu4M5`J8M^$9bC%e^S0=+ZR|XM`RKyj%8sRr#$G95z^e zj|I!CXLPIv2Jjc@7}@X7evBl^ce`CS;h%u~^FX`&OX>=*SRzi3Z2DWhSatd=s zwQFL*Hk|==T;3eBl2DG>F_(+V66rM0&O#J`pgSHm$0!Rho(#hcNi`nZ5928Tz(cDG zhDn8X?V>Wk?R^tBJc5Q5NLc()sldC~cp{e1Lt}{F(vqo%BYoI^i>jw8MU6QXyTs2H zkte}OvMiArLYoc{Qvn#uhKa%))(Jp#mA}aBtAl#>0}Kk_?kt>of?F&_;ksF0ECW)})M^+3E&%o|87t zUXftJk+6F-Yp%KNF>1RCWWg$hlHA^^<-rW9 z5(;@@V9wZ_I%6WxHBHRb#KC4#U4^C`IQsDX29s0O0I3O#I=T38s#_oDW``ha*#%U` zX62*gOY1U`8Mdu(lWV?xt)h8jWq3IUd^zjmV;AnkK%_?wcfACbX2@JWmK|@g80+9?OEymlG_vTfE(KX~P zQo}(ebksKDj@2+BX6`zU!`uUgQP5M+-2$*!8Vf`8K!(VJ{dL@z6(DS8V;hEdgMdSC z&Q%Rox5b(!<;6OoNs!;NL8?sO-hVS!H6_KT@IZ&c*M-FE{w+u9IC1nBYM;$L??Aw> zWkSs)o(+lx)vdyPK-tNSNe)i3;HiPYilqtG%qBR!Se*4Z^9-F^8-oRmz(gzLT(_Zs zlkx9Ev$8EYg~8`sw6gD(>kkqxS1%l46=L7c#Boe;@x|fWCBJx4NNNHq#_^|}!7~um z&O{=dS?6m0S~Vp~Lx=CRs*L9|eGXxq?O_&h@un#i5~<=z`V*zV)ck0a1pmTA8T^Fo+>~4}WHOvMVRcWCR-J*#SsMxi zPUacZjLzO|6m_JGAo$lrqu)2=%z^Wye(6=?<7R{NMVw&(MQ%Lgs^ zxQy{cof=LDa;LJyrMQKkNB0M_Lvkpq+yqjOUv_kgdo83W2cHjIK)WCWX2@fUPfxce zlQLU(h`E{D4rGDu4knJJX8bN1+ZH1H)drT?$4myhtH~o3N8VSTtcXN@HP&QC;e=MK zXl2S(fkBJ?+xZFrlCntTn^$uIBu3-wAP?lJY%j8Y9iJY8*eq3Snu5_BAL!x^iHA=_ z10Pg;&LZ(F)cO7*hGd#INEpdCL1JbbfU8MPF2U2lBVhy0a2shN%qnKImf}0?B(2ImaqrLZ9%R{k- z)MI1=)ddP^Do1B}nwDPBh(I9Smhp#|hlQ&(wFup5k7AohdlznikK7pyDZYq$0+B;F zqku+fWFZ0|Y{=Pft0Xs;cLK#FTMVphewsFf)X$7g-?&%`L$8Wo9Qc#!9J%Fv|(+E;3<$-L9^=Dm?)=|k7NPTZ%BNU1$&(@pl-8L z&Mplq0+p0BcrjG(T_2b;6KdNyw$+LpB@8QgVL!buId4iUOD>c=r51Kg znS%^t{oB&eHPx(!L@kh)mMug^Pd)KRDP5YfmSzrc%Cfw&D^}{XXoEexJhAX=GE)b+ z*m`y|q><15+9+~lTHe%lWE#DVVWXv~y$x@j-I76?YeXr?d1*T3cayz6H-!yAT+fM# zSvH;6IL&>!S}M|4dO&1PuN9vRx5P1|LC?ba22>Q4jsxQhXI%>;9N^wZU03G zLsd4t%M0Xf9+T$wfMTfYL$J(x_a+l9(CgOq8`A7KFi9!L6(`d zNy4W{gqMTpS~&YglQV%f+~qRnKqaxj&4t&JjmX}>+ zOyP&(7v(OU%V-n&RWU$>GL!;wQrV*kT`M8;Qh8H%Ui)xf0Y-kETZ2o}*U2SGFH%dG zF~D+V^WVk$s__g|Sdv12b?MY)m1y^QiwL6enr1EVgd#x&ESxLt4e4BR8~&l{VXb|N zGeX>|X4%8Z%#Cr8#;Pm_DRWBg23aQ;tB;7~aj{0r*beR}7Qi?om(fVGjXh;dDkNvb zI%4rI#KZISzvsO7Bz7n~x)XsUjd54C;_iy)oWJ+X4^EKaJ!|TMn9Jk5`=BvhNC{X*i1=KCp zOsg=Z(HFiGGbiV*GKF{JRhSs@7A8w6(Y&6p-spAw3sA5kss&l2w%IQixKLFU>0KJ) z=*8S z4qG01k3{n(GSQYH#BN+cu`6YH}${NwO^{ZJKE}LRxZSGM=Q0w#fVt z4HE9UB@x1vHjyp#r`H&r6}mFo3<{_MMo|!f^gIljmZ(a4Rn%)FLgwE~Y8v^38D1q| z;m+usw&a|MVo8*3D=E*vC&Z)ABEAIYW9qRY^8h4qSkhQB1#t6f;#dV6DXs9SLpn3> z;8^M9lhJTHa+o&CdJ6cy7#v^Eb&E_8XxndWWot|%;ne}EZOtnw9<_kIbuUZ@pElA# zee%ok`0b~B1)F3S>AfnGr=Y1Y3>=Ow=RmstDDzBmLv42oV{oxr6AEjRD0Nll?gLqT zbikUE+9C9Hp|zX77z2eka{KNk^q9I4>0*Lx28Vdc;l$;-k|cvaj&iOc4_SVMPtD-4 zuB3v{2+Tn-$zSbE(4oVwj0-gT5iHROcE$}4n4k%iAnhZtV#`*0B7mYIIrRBi`bHDywklV%!40r%ahaaX#k)A# z1n{3)bUBvxexNs%_Wp`xR-QCJdDz)_&mTV1nBUXIem*X|1%|$c0`18lY>jqpcLpT- zQn4e5Od2!iUS~LEj&L+h8ebydv)^wl`)l2aZgXWrScXaaMX0S~%O!3t9CDAt=72_o z-tL~~V+6?Fg2=C}t*(y&AK!|MlSV+I&AI(f7mE$J zX)W&&H;>&Pl&21>uZjnQvDsU_wt%Oa`SClzdb8*iW49g;Q|xymL61!rY?OF~15f8)u|X5H1WO3=?FSa#@;Qo*eJ0GMX=6AZi7g5AmG)>lRKnMS>$Yhi)?7=z)CX;9!c{nCt@XMB;k zI;S`47fGRxjjL#R9rPa+VN_>ondYn+bX=7OiVvr#AT#-S1!eB>t_%;WthQ~}M9zE7 z9S6`^Q{0nHh6{umjJhM+3_$j|)dkmywQxnM8FfudT;_$DLRd&X2%ViOIapD1pBj@{ zc^wHg5GA)JO;zAR36V2O5?zL37@e3aI>Lnn?{HyI113u|knY=8qHI#Rm63B7kPsEk zg{4!}rb0r9v>9pNMe9B7l}t6{0=&hJ6E)Q*A_kAsEvi3C)&|jGI)EtXp7J&P6|Pga zPZ?%~C3f%6^im3kB#28$?(Pd-4JzJskOAvA*iLR8Eggaf&M(b|pD%~Z-nTy&UpAHG zO5T^q3DRch!g5E3bJ@V)ex7=w%l*^;AuKpr2qm<>7z-xP4kbDIs1iQX&z{(JmS%NcVhA5)8O+0llwEm|>=Co)>hRWn?}OvPmc652Rq2wnHLwmVqj*T9~T4zQ&7dEpqbbQF0Pq;h0Jn zO@uPFT#(mQ@N!;{6!IQOqgVPp2c~6;?>gjSN}T$;gIZXH;CkTWd{5kRIy?bv+h~Q#U_Atwx|TM-pmUC^j>E1+%PNt1<78L(8i4HW5aXYnvUY_d(FAM0 z@R=bbF0)v2w$NSm@0O!FosK8g!}fsI+eRj~eD8u4A)@CNk~mpGI0*z#yINVY!1!D9 z3+4)YwXlB9I&#_U^goLQb>I$Sq8T&U<_H70@Bt<^K3n=Fm#nL=rnGOZP@HrR)s_Uro4(l~Huad|;di2+zR_&jO zcYvy?&c7BiA}3VdkHBVjR$IwkUBDZTLHYLmDGsr3 z&F((!u-3I=?EDKTKg{g!rIC+Ia2?O88vx@@S;2<)$OXwx#+jROI^_IZa5_S^GbmR< zEdpaEZy-v7DTqH*AQn#&|4wwCRm6+-M-e{|3N9q1!)x8~QK<>6dMK#oF!8G6TFcn0_YfZQ|7j3)?SjPffoeqcg$AQbCKc%ui%~Vw}5I;s0nW)Jq_tA!0zu%X({IP8tu3w-rCueeRY_$ROUqPEI{cIT~vn}ME`&wdY{s@~NEbS0%k-_ zcx!2vQJUF-06BNMS5okKl!oWw6?41`_}V`eB8o0A;E$&(R*zgH_X;Z)5hyr}GnMza ze}y<{2K=A#h6DbJS{^$Ryj}#W-dr^C9EtDHcvO&_j4ai+GZnPJoW2=ogqho1dAdf= z$(1{p?1S@coGrC+Y|Be{!1FqBDY@Jm@5T<-+5IUE26%+=(y;ozG=OGB7~rZC#`bC% z0Q(i8`O8Hf1W59R8pQBrupR1-k@~;YPmc@7nS@is@vO5SK9(JvQt0ySdIFKkPg?2+ zu}!RO;XT_{J}(_R4?jZ|Lf-6y|GdLnnv$p1hNV)Ik+z6sA?YYt_eKn)$@<~2q7w7? zFgqse0Dg{DvO3mPBdf>sV0I!+k0>Z!ud}~5eeQ+esTqF#sC)S$b9`fQ+mR}FJscZ% zJ?!tVPV3xYheh?o;df0yMn4fQKfaagq>N%k9U{wzV-T3!oK4_-6Ha1jg1+K-wLUsL zF}k}iwduK_Qhv(TwGYr|jl^U%4-1$aId@Bp0zSes+jU{_hhnz1c8Ms?6()bPg2bUs z(ZtSuK7;&XcDOlVbR}$kUjFBMuzo5o{0fpcFIf4iP)*wDS4VQAw2Z3ivwem0*C&wC zYsEb6(ZSjv+k;H@{i{dsXcZ*17!VQqoUIUY8 zixG%hQKUA@GxN_Oeabo^rPIj*x4DKqw*J%X0wPDJJl)&D^9KH=d#{`GlTfbm641R@ zAeN~{ez4+z=ZE3I)gWIJsq?gbyN$c;GwAcbx$S4O|2y#TXWqU|Y!GPZTHh$|+LKCy z+H>(7+~I8uU6(h9PID~A_~eR724GIEBRn0v z+3D$JPySqvLUJuG)ay^FZK@-hnG<}ZNy@4HXaE)9nbnk1^9{tqQR24Rp0F^|9p~R3fQ(dW=QhC!c>Dyv16H{%+NumCHrO z2LmglpBah_xisdJ}UqpP9}*LLWq%%InTB`Vfw0L zeo-SQ%JBH#ty5ggoX0M=d@Ed!7ELce;7!L>M>2qqth1~K=J_LTPwuMZ z_Ri?n?#D&br+c{a^9J9BerCga}kw1^z&T$J+P z88KTI18gl^LB<++qCz|5NyjCZ+?Aw|{``GRnvna9l+y38C@$+UA!*a~^nV9jy~$(a z{?4X*R_ef$3t|dwR^yF}kn4~NBEQ}wQfsX!#V*}XgDL!Gix4x^Kz9W!0r#{B8JGEr z8tiIIvAokVzpJd<#?r>QU;ttt7hxlX|72?_?7}dw{ZWIKe0!(s-=S&F_O`xe^`?VX zo<_c8I*~UeV-^&=9oTj3pD-!{am59quSPbml$n?YR*>5447nWVBpmK|0!n+TmPY#W zvd6=9q&}nA_f0GY8XcrIXbaJe~(<_=xtp77J|Ji;@iQW8#GEr=*yF zVnCl0VAafVHP9iOY=HZ;L@Kdn zfs?9;q|AIHxH@ z*}1%;9?&DuR4^fGuEKtLw>*T!eAeHRwZY1z6?SWG zBc$&KytVu)xE@L);MUZ#ZT&LilkMGIT=^c#=O(f9Tk@8Es+B@DQ+(&mfd+n^;42Q@}!hoP( z3-{S*FFG!uK_onyIQh3XJAGn6rJyk7Z7H~xLyep4bZVahF20#K$ln4%Ja4sRKcBI zy;GQW%tL>Lan+;CK<%PRHDj=-G_~f2RP^(!0~%9vQK&_IkxpXo&Y`2AqI}UrVh+vq zjml6=N_ey45v;+KU9d9uR(yEC)nhIerTJzp#D}X^9+M}odk}zq)v#TIouP8U0bGfp z4k8L&zrjuadcSHau8vO%B$1Jj{w%a4@ zb~=E7dh_x*dbXIOE`O{;TFT=jkMZT(;SH*yVJ}3RXuLAnyPmqFt)RiClXJh!+! z=OAc9W)=ls-qur5lU0BoK^%&<0w_tY; z#WlxGC??z?4Ox&Rf-&OfeQy^Ti@gdfF>NTnnt_^6_(mIe+pXJ$wp59P1CWSDCvgAf ze`8%mqXaQDMlJH@PGWmPbog8RH~R&>{0Y)(S0(G-q4ztO+nx*O=lKGFLh)ON^*K9$ zUe_4w)#vwj09;6tlq2^jZrl(-UrnUvkq+&vz-6v<=!sSwJrt?gPBkYE2967OH2fUf z!89?%E#+Vj{0Mf9$l81^5xw+p z#b#1-siNv~N*6nCg}hjkz{raY#ieLmrm-GN zy+3Uxs7$6nhtN_gQpbu`g$)KTIf}P>QR5LSnoC{JT9R=<7eD|IXjxgCgQtrdL#Lcw zn6<%Q?gT;?@&l) zYowdg8}fLstjE2z6ujLv$|pHw%NM@Su8S(oHyUQ4LaA`9mEXb)ze$~@Nb%rs$7r9c z)KT;kNrDLh0w@n4CO<$j!7MOUVRFYtWd`9|HfAv`cY&N-KHZ?hd4bMs+lE`eNE6V9 zR}DqXFqDPV=cOhDUy;LDVdEr{?(tTM&LL+uoGpyIyO<*73JClPZZK zJrVhHu%=&-;lm%vJ;*LbTN;W0pR{fOlQYQUKPSqN=I>_UTrW4#ULF%~&Cl4bay#7#^Y_Yc;*lxM zw>0GN0PtwPXi>*?=4@rRUAeYbm#?MU2Gi>(p6N78tlJ4o^pSwGUKp><*tHgHTYYYf z;1rRpEInJ(H~6*~wcQAF--)~0?idCBsBqTI16u2UYT~>2elg}il#T_# zeRtH9rnY3P*PT0mfpgs{O<%pXS&|XBih?7K0Zb!EcD<}q>ylr^L|f_ppg9wy2navi zBh@6v+L1oRlo1gXJkAB>c|)n^#>}exmVs8nEU;g@mQo`bkbU0v)GM7|AR;^E3?+BF zW*B$bh#D&`1G%ZetX;U>7-`RwiWt`y- z090A>9~Jm%t)%3vFEBifFs}k#jCgq!=aL+3ChELVHDP2~QltO-h&E@NHL2^Ki$bl8 z=P~~WV?dn0OSN{Xw$58>r`|k*f&Pk+`m74IXQW=;+RS=xK)u#N7?hEQOiD+jGG7aY zNK_Py`GMtdJ&})9a-gK4#cb1;PJV$F$gXFNzKkmpeSn{* z@dtnU#a6%IZ9K(seog!}eqsY292fZ(CQ}1F3&zO6#tNJo{s5Krw_pE(bBXa>^J$CW zYw4#kb0jQ76<|*V){U+lhu!mLyw#JA`ZfuSTf35?DC zmEo6EWERzRdd{{`HF^3`u)$L8+DjF_F69D5vBM7J7O^oWBk4 zb3Ic8j^f1w*Got+Ef~HN^Fb$H-o!B3agRG3KR&jTju@ZZ#ZjiSNoFS>G5BC(YA#R7 zhC#z`2bSqo;Z`|#2;ws){=(uJ=c#{ccab;Gv@q|<^=8YeB$i&X(o43`OSUNH?nQvj zS;K8Pq+HB!Yvv7PU9P2^5DoZTPuT?REy4(&mwlYX^s{+hC8oa+)9-+e6-ZZTeZcJC z_8moEKmF$2EU~@g$M({Zx%DOW6WYstF9m{g>tMa-CaW&j)pUxd@U_f0w5@-<{w?w0 zvU%Q6n~n3v`T51g<@x1#`v`Zm>@Y816vYk>y_Fm29O4HjM`rh za0tjRt0Zp;`K{KqOUSQ;{7T5Lg#1d#uY~+c$ghO_p3G`&m5|@dfc&l~Vhk5sl=$7{ ze4AYB>BKqcFB22oQvj-hbq9ZQG4)xnN|E(v09F;0nCBXTs?_D0mQR1s!1PN~AT}B= zk4Xl`=gkj9zsuuEIaM%Kn1loU4i2i=I@mTua#=^}%Q~_t5A`~d!{#?{rUPS&>V+F; zWJ1qotZ3|MVanh=&)hZXRWqTOVfHAQW`&tSl*YVCTaW4?JTgm9KI?7tYUQP0svd(Y9W8{!t#GLn7X#E>RP>~G};YaO%(vd%r~StlvG(m z@axs45NuuJXt&z#YCWxXsr5Qquh;I@+MQwp%Ekb3J~&Utykfw- zD!?4T#p(clg(vg7Lr^Zs8b{E}=g@9K_aOvnY}_$;I9v$LxU<~Qw`cP%@aBo$rP_DA zAVpMnfp=0+Sj2@Fl29-8NT9%|^uw6K7>f_5{FbQp1(mrb{L+6KjOQSQA61h&@&Sob zsr?^oU{qy^S0C>)5J!ukUYoUZ(HqEGtiJ5swmQkTlg9MH}#;yc$LV5HsKaJqZ0;sOn!;78D#PvJ-U zBen=Ax}q=$)p`_!1$Xn%1gblGkb(HjkO7TJ7ay)SoR6KrlB&MP6@h*HIb_}}c68!z z`r4>5e{)vjgbbioO+?##fD0m}&^)fD<7RE+iVHfCTId5;-VJwt=A zr!K6uv~w9yL7oDLJtLnfZ>L8gQG^2wcswjqDw7DP2q3E>lvV!x7%Aj5-&|7_R{ zi7z>mBigkwWCD^eU8=`%n0G74c9Hf!ew?EmnlRD9L(4hRdDg=Xz^D?H8U;!mrbXYB<3RlW_UDKli9 zui}3OFZ+bJCcCf8{@vt}4v8!++D>tz(s6ebjyuu9C?93#O!19mZNoVaSmMhE0`Qvk z<^m*SL;svouSNgr%4M^u=<3DgWld|ew9-GfPybw&W~%hhJ)wW@9P8Gji{X}+&qgo; z1`kcnh`0H|@W*}EKz%Hs$o+5yDxS@P-+q7nzZe5--(q0A%fq*+V7mwdkD(p(KVWsJ zz!fMDAv)wD>GMWd0lF*hJu5(GT*NL77ohFG7pKt@wR)*Bys*5gUSQbMAQ1748`CLw z1jTsJ#Bjo)L3@?wV>SRLVu0Rdp@ZmzT%_EqSs?{nux?l4ya7W{1xojZpL`g3M6Z7b zV~1Hd*F75yPneJjes|BT;1~ST8G+J8RvQL>eRc=8_n>G<9Ra4hPEi|kw*yB=RfS+G z6vh*Gifu7$Oz-gWm;WKwk$^)F^35{cf%gJu*AlbSBbm0 z|2y=#Y)lLr1@JI~5&;_32(QlqB5?;qj>&XtTjYUd(We2;FXoPrD^_@*X{Vz7hI?Ci zCI?a3Gpu^cjZ!|If$Q2^0dA$Mv~-m&j0cnpI+1p{-Y50t_h>%@m>@r8$RMy7l3a9nf@ z(qFYf`$2bERN+RX*9|0mA)bHmJfe>I+r+m&rn!fy%2Gl^hl7YlYh%2Z@BKwWyfs;A z<>NEtMiOzT$?Z%%3q>zZx};oa1P9f-T~3_Q>s)A;7y3oF*SlHLI7<}M zQk?C!pava-@H9QjJ6blOA{2{7(eGBsvT#v~ABMe+(uSb>DJ?vtJPIgckC$ z@SYpQ(E|4*CyA8S7$oMEGjV62GKN`qHnF~*U@$BT-J7@p_e^A}-c0k4Q+fXNi) ze}J~^1pe7P%AYi8BdJScaYS^7(i3^WegrK299n~0=-qF>{=eHe!{qthG;BO9ty4$#JUmtV=!;=zAGfu|AeHeeoJrNxrPZ=6Ii;Dko!asnJQe~Ebo#watNBFATFFXI>4*%*~rYKf)hu+%?UeZw)NOG+*ma2I7wy=-{3 zOgf28!6Hc~@!pr0lc!EQc``y080%)PC?3M#sau^{Ub@XZC&2p#gAO>S#F?Pa z68Vx+KtJL990H8}GexfV4QLjIE-(sZw>aJ7yKum;oiiBQ2UPnm{`^ilNysO^`JLg6 zLfBn)?ou!0NuV+19T4L>6sv|Op&HT;S38bV-XG0N>zg;9EGO=f!I?cLpgl?kIe<5Z z@>fQR?sR`@t})>}5~n$*3O5lw1`D->@=GZHFf=V{ZFyv80sK*|!9kVx-!^1LOX zxYbHQTkUOX3)VGN@L;!F7mZ%Gp|{Vw^^2}ruO9*YNPlx@W7QuU({!S>>x6;SSPUT6 zme+V!6m7jy(UzOJ>J>1=jno{da(iyfkQ1G|RuX@GqxUdpjMTqob;Q7k4!l`3E}rLl z)iD_EzaWdK9V^4hpTV3D5G9Cz#FwFwe(s_-N232tcGdtR71rW+L!~Cce>D7$g8zvt zG164H?!yG(87GYL(m~-y+ELHPSkqbzqsOhE8aOoXC3>tX{Z)Dof8gUA@b?FPwd=Y| zZ+L$jUk)Fe_@7qtn>PGMttGxuvDK=Y{09F}>*Cew{IPZTe;vP~tMueI_#(BH{03j7 z)e_%m_##cEUPM#&b0}Ct=K?p3Mg+I8&^ADvhbOh_f2~QCS_S^ZG2;Cvt4V*T zRdH%o-`QC3O5W9V@6_|}Y!rKEb5Uzw4_yCbYP~*Dn>13dV8pmbX3dzl7PaFw=!IK7 zt-b9OC^?z@ZrJAI(OfegN>2FbR=lygMq-ql#1)=DB`0mPh^fV`buC^XaCk4?xwe1F z%SCR@jX8;n=4Q=(Ie9yYh2d1kf8=#d&dJzGqrTAta$?0OZjhBtQ1Y1=IuKF9iCZ`pM1_ADJPf22 zH37ou6u$Lvc&oUcu$F>@%yGO3L>y3qGkBFaB5;4F~&_?IBym^i}>0|>-ZuQ^EE zrTR3M@A7a03OFFg^bq~kHaT)f)*bV?^I9Z*`O*9esF{K#B0fi6wugR>M|IQbUpH-_ zv+i{IhcPNmC3PI0mUC~+u%ki-a9S3Lfnf(@Hyn*Ip)huS3z|`WNcLV-F+5-uWI3~9m)DLmGE%x&C1&lS6Pt&|9wcpW&M1bbH_vF~icBhN@DOc#>$;}&_i%#6 z+^VoiftG@*Bf5X$E$0qPT8?P)59pFVw&#=~0$+KEfVOm6iliv%vZmx~k+PE1X%2_9y8L7AcS%&^RCQOPnx>4~sRl|wBFU?6l%VS>LU!WbJAgE&bgnYWa% zOdaD+oO}|zhuIP2vLu%V9+U-1dFIXhm={nMo&JKjhQogjm?uK8nV)JkvA{^9-1+QU zqEbxid`6-e7!GeHYG#aB0C)fP>pzB!*@(GCMQEdDqDq9H1+@(CY0O^`appvYPke#B zfhq1;m{d|4056jnA_JUqHzM zL^`g5F_nJ=r=tQtyQYaS_SD5`vB=HPH;S@@@3g5`=^F0Xa!#DaNs9eS%-G`@7Wzn{ zZtp%cC?b>yI%k z)taoUc^t4UD|)K7vnFfFc|q!n)*}o{{amSa)p~!eQLk&4x~5;$O2cxmhGqM(hNV*E zpnMsYCFQ82ZydBmw2zqK*%tFeO^EbC$cSu{&KTj|$Ag7@`xM}SV0091fi%HGV!q?V z3Y;yKa}XN=ot;=A@dgPRToHJYcqLB~M5B%$X`swb;!)XgJWR8oZ+Pu<8bW>W$JSJ^ zE*O83ZJ;NZOE$4DxL}&jBp*)RDVEouYLtRM7B0WXrFmy~77J#4=y2Sak8v@6FlRuB z?w`0$Oa?&I99Uq6KXgI?Fa1=oQfxA#WXaO^?maT`R$$Z}mVY?X(|QwP1)+!}LCrCs zODP_~LiT8+v9ki7*+Y!V0FwvHZ&HYhc#ePTAftqBfS_1G7?Jb&DJ3duA&3*QRU3Ci z2@=bb?V^@4aGjww3I#td5$IAHB=0b9|AeF!<11i1XiQuOV{=5DmdOTgIJGGxVkiiB z@nNX&cnmwpnQJMMiKY|X_ndv0(_F`K8V+NoAF-X_-h*XlW$6OjWW}^7_Z(z^ae;rn z2b|nNXjT{w0gDEvoj?e8f-nSsKJu0X2$uA%AP!ey&YcBoifZ0gxQZ4{xycyP4^Iq` zF06Npl;Ak0*s!@I3_}Ww84TEz$19;y%OiH=;$=l}(>NIi!PGxHJ%y#|%fBGp<9ef0 z=9~^f4@c)TUcvq;U(@n9nAl4aXP+u&CNWs3O1;_YQKAFJo8mozx!!evQM0u>IYg)z%uWyU z)x3a%sTgSmqB2J@V~K;!4rhHHIT-!&x!1XP-@`eM#&rZoQrMSavpKa)1C%7Ae=4s2 zFWo32$tTuhUc1w?*di6v?d{DNGsI-Hl4!fI|}#1|RB0h}Km z{v=I7wc-V;_)gD93I6Z^>GJNNvvi5)J9HNMsr?6r+ z)|U57;XR#Cv|Raes4^s-**2rS2GXM{2xKh!=su<%yxh5@x43)#Z<&fgl_DZ z+d*wDTX-9CI~1BL!<0UtmDC40K7r0w)tXwXDtfEkI*2rPLC3oeD4ajlAXRTSUP*^& z(e>5a&mgslwrGvoLB@aPugr5nH30=A(U^KuJb3Wgg5W5r4Y{1fj67tE-B)*BseQ?Sui&^4$)fN0(-n#?`trRCK!nh%Hs9= z^E*ZQ2~;Yyc|gy!T_meJ5tp9ZA!q^O!}SdIrqL|^{MntLL0Es0F5D2y(uKA!5;XX( z#-ANM^C0r`*_wiOsn&Ku8dE41Y*)IXvX(O^(iTnh+`CiE1em-3vE~5S(P;3yNS+CX zA691M27Rvn493VNDA_Q3aKuj;PGf~T;iFd5*h zmed9Ag;>xGGOT}Rq+}uzg%JoMdtuhcIzeEQp^b~k7)H;-S4XS9e;v;$BO=O(h=s*- z;_T=b9T1Ua<~~S3L^~4@(Kxz*h`72!`j7(T{94#kgthcv~JW%Ai+Fl)fP}7$x35%i+rt@8A z@j;ZW8?>F?cpcey1j6~Ry;!6rjT+Z)a zEZa@V^WiFTqn&~k;G*P-UWeVccvZV+lIyl^oR@!#zrOyQQ)|f~oS)sQno*sajb>t? z;eyr{yu;0AhyK;N?RHP;o$Ht9N>6Q{s~zPC2KwuX{nWBY;ND|D*Kf?vBldG0rmHu& z^B{L>5<0*1OikwVVcMWg!DXC@fCs}N84(XV#P}6!5ZZ>9h(P4kyJA$IipNt1V8YX# z3O|3XB<=CQvqmHG572`s2*Dq~C{-j1`>0|^d04{4;;uJph=>EJNHCcu#V=60AvJ?Z z&^JE{*jt!ASeX|Jg9cd8nmDElD`i<84=xE@X&Uz7cIoO<6g7w)NXJUdL$-G8#(*i^ z3EVG4V`=gxCsg2WB`@GEBHML|Xo{zCnmB)gF84-% z3@0#5JjM?PSojna0MNrj3aV$*j;}U7kP%6ZTczho_P-2oE`_$+>&&~oCCKHglnRtqVRbWFbMPRh-W^u&Bz27M9Xl63v&SLOS(5;9{Yg-3L7QE7$O-)+|4f+ zuf|kG6R{Bk>9JjDYTda3=g}7-5r_#5STyTG7>=90nGg&ypE0ex#gjW1X!>&q1o0`6 zYHEnz!;vH`kZ{Np|AOJtAY?;-(+necN) zuk=Z=gpZL{89gDTQi?C>fw6W;4-=_>mP2tlgjS6hO{2#~&_5fWLIvXao^Y(wn0Zc# z=ahI(4$p~V)=IAI!^RJQDR6{<&I0KuBLzxBc!43jV#`+wg=)1Hl!AY6$jubkw!p?p z+Q9{(vW<{3Wo^bso70eU_g+HlukxBM$Og&{iv+#M&SQKFHS;YP5mS*c#7&;7n}lJL z^kzOCFL|MsLNnGiA&chi=H;#0H*d~6UC__>-*I~Pb?4Jz-hA=llXjRl_fWO&c5V*% z_75yLy*kjqzwLdvy8eI5^|2{^qSmDDf5`ox| z+s(Yb2MW5L)WwxnGR=Sk>`HB$*tn7x@i+kXtO-#9>`xOK*Jyv`=yeIj&WFIwf%mw6 zq3Qm@cqCaOcq#x{b3Gm*7Aw$8BF*MeaC0S=E4KD5t`TWDW{8FLI4d3&7M1*&51UjB z$uCQiFY&SxFU#R&7lL=81j))I8v&9v=~^NPIORFl?A zEioscv9-5JahqpeU3PV?U9agq{jytcb8?Ptl_^Hn#0Q>h=?mbTRdQ^j|Jtih1`?H^)jNV7pjDeJ@Z*`hIGy_@q(%zuDyXN zCf#F>9Pk%i77 zXPJNd(egt~LE~sfiM&1zd9BIqMlRGUi@bt0py`dHhh7&7$g{;^sb1fD9G2!L4a7F} zrMt^>0%8Tgi5%H?sVU{Al|S$hjYR_tj5=hd0FD2_qFPweU~C|vCX!67i&fo9Cn!P1 z5>(s-R8$`WD#8+1@@fXMVJ4Xi<1m$Z5P5&Cwoy4x{y$ose^fhKPibG)_1eWnuY1{5 z>YWl;+$XTuD1pVjg{>e2mN{fd{S*}qlkg(35E%~sn!1Asdw4Cd2sq?b#%>uRS|iVx zj;Uxg7MCNmsc*Z3TS`xZXZKkgq%uFUJQ5erc{=9;;x8_1cpL%4#D=e$tSe8OHInG69B1Yw7ZMHl{8N z-J8rh;ubDw4XBqSetU0?Ja^<-rqsQ;1jV5uU0hvv;llqdU3WfQW5Sm7qvd}E=!Aq> zBn1J>jQLaYiDAvP9p+D|>oyA|KGPN#zrDY|mwlKDDp(7XVHu~`pDH=-sv`JGo|?ne zg>MT#M)cQMc4{u{`T>UGp7jTCmcmw|)YVpFgWhNE+_b|hvp9A<8rK8nU@1@ZZ+M`C z%(w`n(t6<;BX{?KYK5Bh11f*vRE2(uRouzfyv^vXI`fJdvDzby*e}haF=MkehPE|h z*Bn6F((|YFLhRTA-op8D2omLe;h2Ff#q|P=*zkjJI7E}w z@TH$aYjA7N@Xv@bY1dIK+HSZ_cn}MQlEVL!dF*0|A|5G0TgudP;S7I-qkt%RD8cy- z783=$pm|Iq^$U&)%m�RCaV=Oi2qp!87?45!Has`;+CdYcREMD^fJx??KVaCf zn5wW~6b-7yS+bD5I;el3;J8CjB}Ji14EXg?#5}CWE#iIy37(17HACd69tXq_g`zoz zpW&kPRQSAYM7V@eSVML%jYG#ozxafWjQ$K3-mV#VVg)WR`lm~d(npD|YZ@~iWd?&k za-+3r*tcTEQW{l4qOu&`peVjG`g}tD zaEjXipLD$NhimDAAsab{y5UrR?@kyNI*s|wW$7<&7*Ur~ZCuOn#M9tfqCSItC*m_p zbb-qY$H^wfEtW=&ntaChDqPMs5_ioKYn8`qiOOjIAg$En_TK$%CKR+XaXlK6RdO8q_+2zr@Y~3sq&%NieyV?~ zURnR<4a}q~^<9uNRE?{2w(|`o!MVY|E&N#M$rE#`YfpdY75t*ChFVv^S0&VXgiz}u z1-=l}`m7>bzHDC}yVi@o#OU4#M0rQ!M zFM(veRY!JO&=Uk1)5+D%t3)RIJz6(zpXf%-@3_jt&s4b>E4Xi}siy$>@*QA%=D5Sr%`rK2R!vX2S! zh*!HR#4c94rOO;e9`#fNKuA}gzzoB52ii@dyRjX9g!S-^u;{E725vW3%CnVk%V@nL zh}M7G1ODDP8vH#An{SQ3XXDYzK(efLkGQHY;cf))Lv4rWkrLxSFWp9b@PWnhS*Lwt zaEm`$6t+yo@@xTq;*n+fR8>GgQ5>e?SSoWy!5AaO1Xo2=NlxUVir4t3L|`G(IN1aA zz!c=4wl%nok{_pb=u5x-zyBjy11tf^F))9d4GH~Y2IvZ&dk-5lyo2{G(+!F`iy5Hc z^@YKg78vE9sJnjQdvL(9BqALw_m*vA-{81Gv`m5{6Ha^>r!jS60>eYblDK~7D6yjM z2v5_fOa&kM1OdrhVj}i^RJKWdh^8|VI6f8#o$^VIrHE<@T7ER!(E}6lffBk=Wa)oL z^vs5SM3NN?4uvRUzOzXL9-zr5-oVj+dJJ53Lb=%ll421`1KCstE(Jc~Aszp^k%V01 z8)?7wMHTByG&DAo7}O;|M=--dq@39B1?Z17FrsR}D{iZBrOcg*!UgkGVQzi9_m1sS zu`9#7!>=vgHoTQgpb7z!6m}VRpC^AQivUeV);!Uc88dtqB^*=CM|aGIuQ(1K;onaz zv^!RQRwpi%!Jp3tk-X-4rq?sL@j>dsE&}_5?>c4nUCDdKc=Fvc5jk{-d1+!DMM9Kl z009DvqR6S9wc(k?)=VomC#u|Kpzk?sDWUa#8*}mJcg0(Bnwj=ua?may2TE;$AS@C;7HcpI z`5kKOx*riM@)X^rv7Jvm2_S#=DN-QmkAIYU|8{kKbN#!+wde~Uk}qeerX9%$oxMH= zDOHO~Y2tv}!Wx=Osp*0dhjrj+Zgy;RwKB=!dzbp(9f8z;_;@27o8)7gj!^pdzDE2Wdut#e;v7V79YdlxBlwG?_<$O6fFTF4;rY1e6@t@dun&T-%T^W* z&veT>F-nq8ez2vvh$Y2R>18kMWtUDc3`c%ddfQ8H`x?wW6MP40u~>TbHi)m+yMV(`Y;Fai?GkdpJ%or3jXCTu{pY zoI@%9>u6dvAIoJ($|Hf4-HG}lJaMO@KCvDc2A6Pww}RP`iF_ga@VI3DZ$~ThtKq|a z2)%Zw{rx?6b=r1R`v;6ZFvw0iA1)3k@h2Plj9w*I!byL265%=ZnsRgwn`MqA3C2Dv zh-c7&V{891htr~kv{C!FTtoFk9UNi}IkU_f`uO>fONh#t4Ph3dwDd%9;w$Mt{zE#M z7dl&c303C9Uw;2{=my^!j_b@OZs_xm2kc@T?v?K2AW$anH^ccI$Ax%5~=K zH7>P$FXn&W@1h^ObbINg+v_oIul7FNUW&c~`z%mRY9EfT>AW`rMcW2y%Suw|4k_Is zr8}f_hm`J+(j9W#?hsY3)t)X1aWi*FeUpnDn_QerhAa~iOK-?ZOTTd_wCt_z_K^dJ z0(l~9{{$@mdt!^X1j!1V*GSrPs2PEVBA^!&>QH|x*#mCNMBPIaAVWmEt5oUqaJKHm z!cZu8c)%R3&6}{L(CUYRr+%_*bFivl?H)jP*AHaV@#iSgYZ~|OVBBBxFN*W_w4u`{ zg|Eiff49-IiM|M_doZGJY%cUm3m>EDW)?c^<&A&n+98huQV9NNlf~EzV|*S~IB00u!nRos*g`D7twst^3M?A@Ncz*Y8M`C}M z9`$DFQGbL-y`E*we;SYa3a?D*Q7=8}rANK=s3*6C(xYB_)Ju>0z7q_Um9^jY=~3T= z*jL$v*;gs4eM^t}?jgA+ai}x*>XT$SxRddEUU6xP!(kQ!H*^ATc3fn>N!xV9+*E|S zuzKO^1A3Oy?c>4e^M)M<^XXHd%I|;N5fQx{Zs>Cq)S$nE>U$&&I(ycwd1m`5Y^L3- zi_g+^*mts(ulDTbh+to(smh8@5Sp?*XXs)WvA!BcTt}R}$cvC_?jv0s&!W*!>H2<( z{Z?3#0minG<#0F`>kmGQqU@+SeXOgBk%4iUGvYQAwb7{AeZxC!dy^$!vCV%x-#u=y z2w@DTQ%=SQduvR_4OjWy_2g|I=LR> zI@NmIkbo$VTJkx;c4`VS;Ku43YOpgudcT(D)cNca{lMmH~Yk#NB^FqhrCC%BiDn^R~Cd*@2H(6S# zAIq46uQ8@TSe()#O>X2VOQ))UO{2=KW+NY_)2^-3Woq!dN|6TZOk|}-|HJ>$E-v^d zwcBVnFV$|lRl5X5ztg;wr_Sh+*0WG&;XtVJCs4Ca@xjsL#b$pI{q*%(+gbIvtWC1z z#<9*k)bN}iTXqVRwR~yhF@tMupfngk)u@ha!x^9kKzfW%CmjAhz$*!s=jz~{<%foC z{X#teRa>ZsC)5Mao=NXr+Z~Kwp?Y@*a)?iIQ6mEF56;dZ%pTX4b=a$2Qdl$42 z7zi}gr2h{90RNveu_6H>6?=BENKg_bv62#1BxR=)b5V0K7jvI!u_6H*e<|CN(`KVl zY5kGG6DK0h`OZ1tiN_9h5xmEyC_OhuODvkhQ8YkP(wl;BHjBrieTv5em6w1EyVJ<) z=k9s3QIJeh{sedI@f_l)8Kr6`f-rDxH>%aM?2Rga^4`9xcL6KxKKA*Dte`R!o#H}>`d8=bv zEYK*1)iZ*%mB<;^7tVlm0zlNU=cd#`>0J*jPx`_b*-gEX2Mbgf?-5MDG~luMk?#j& z+QY6ZXRjnLvmjoMcXUzv zJ+9syxG+xYuXM|;f0e?KxW^C`ID+BB-~zbZ7{^REPFyFD*?cteUGj4W!BbCk(W>y2mNffS`04=&YMxfUPI7ccOXf3F`;SsF6>kS(-KPv9EL z;VoiDO|y|ihmu{cVcVG{*3u@h3cKLS`TLqeMmLo2Mr-m77<@w*x1yWhmhR56|JqJd27sBa8v|eid!F$trC+0aV8h_kD)#FUhkdN;mYX2)3XAJRB#Z(3y?BKI6O8w2N47)J_S9&eRDh zeU?z37}1~!HfdqjR>r#?yQefWByYaX#{7Pe(B%{p6g-@gk`7QZu6^W92N=I+{1Tth zy?1*^fBE_!|MpLRZ+Lxb!h;BvJX!F$9ZtN%y+8H9R)1fz-W8|5iBFUtXUl!15x}1q7xafLaKuOz^Qn0$dROF~Y zG;$*v*XvVT9?AKA!hA_Q`xmX}npvr})=b9Be@T}lu5up^2CypK7>rAb3Ce@%ltNnS zfEUNqA^f>(Z{qn*h!#i^Da6Q8*Nggi7C*JmR^V%2Kfadr30H69JNw-Yvr(~D`Q2cd zw04LKdQSCbtQ|RLxq=UQqsqS!wC*TPjVn*|IcIm%%-2JxJ1>mQ`-r?eck} ze_OBE<@Pg>^eX}lss(7UAJCvCqf+DrU#pB2r6k&5Sib_XRRa&ARFy6<4B zT4-**RQj-r=ZVsq}&o1peMQprfSz$XfPVgaAH;_`+okxN#<6a`EnV2X@pe6?tW zT{g?L#v)qLSWCTFeJN-K7!ETO4kw>yEd)x_ObXPFJkvExlme;@gq3W6PYGRIe|U64 zhqq`W2_$~#-ydQq-QaGDD?r&qD5*mX}s^y0rYTXXQ4h_qy)Y@>@PPN&x&Mm8L#@_I0U{KDGM^o?yTU0e#==f8;t3IJ*3KWPJHw z|DCb|cUUrOrY7M<;I3le27v0z?setxG8h2J&%l85V0`9G7KoPnXo@?Z=3z*o1^hu zFC%A~0|%@cZ@Mi)f2m_%4|&SNm^1~3_AD^8ELyf2n0P=Pl3i)6hRd4ehvh>xTeVu* zYTD;#-EzIzEV6X=ik8(2v}`YESsmP-j*dN{Gi~tk^yPp2KSrQL(#y~hy!lCzj%<%0 zM~%h{*-HqOFv6qNjBKCUfq_*#!`Q6d`giy=nFN&Q11aI)e+W`a0*T5J!Bbj+HYF17 zUW8=~U5BC^RCyFhW*p9lT5gCEj3-UKOrTV!T20l1-Hkm^l+@$$HxZ&jYtlg5BT8&a z@iJ>#(%Z-62g|H3_zDJMiKC0HQ`~#WP#z%&9GM0wcs_xy@~1Wmv^S4qUNVxfN|6VZ z3}+a-QWzlWf8RP__Whm#Q?YEQbXFznyOVZK6>BpIT*n-w6j8c^3TVWCDp~Z8#{ALUJKP4S%e1 z(GCZ^sd{wq2)tW1%T(q+ya@~9TOAhszd0fEI+5}b=h+%;kYKY-# z!*`qFzBPaYd+3v2xBaLynuL-{vObbk^D zCot{>zIHUhw6G$k&|w}~h;-`)ma_>f+aP}ok0DHyirrB_lyP_whGJA2p8UCSSFMI{zBKXXW`{pqQ^zN{guoEf!4NM!!l!R-T ze{3B|i%v;$Q5*ysx4E+D=ouqdf23^wprlOCXQMXr*r+(&(n`~SN{7%GLaZn+k-i}n zLNjAaBnO6gq#Y|QJ+8|{xX|&Y&zG?rCBQ%;iFzSTQ-I_OAa~@9-HT{0&XO0i$_h!M zPz2W1my$_A!3(LOY%YW1^+S)+;bhq+e}6!pQ6}e74Fey9Z!aNw{t>>fluG3pAWPN# zj8o#mI6>&-FXWALDV*p7tqlL|a|THP69`l$O41;_NRu`E65gH7g`{&04^La8?fdyg zg%g|WHt!kG&3z-rmKV}M;{ci9l}J$cc*D`wThGOnN?H^!5-TNU8t<^jfxf8ue@Ai| z(_|ysoMb)=^%c!BNI`ihVskf!^N_%K83W=8N6jMWS0%bCW_#8vOqy1ghk*@A_q_fb ztG(5JA#R&n`Q9O1{$J@%`0jtB6N}u@eAB>rsN6+EElzB#yeK!+K`-J=U_$FTq=Gf@ zv}wkCeDNsY44KV+N5uft^vNsYfBr6H^Q^bY1n%#-eFx9ED7CXP4dOdbUN2hKeu1&cJ{JI;XT&z?X|-w=}@B^5_}>cJcCr=$T2 z7YV?q%yqAzjDmc&| zhru)e``_!6$$(~eLM)7L9V8`sfHuq!9FNeQ4mc1qbFh0Hr9Nd_pB44z1rnYU3AY~9 zXJ~ouY^7qvozrt=VYl^nY`bIIPP&tH$F^-79q%36wr$(#*y-4|?XTbWe1E~YITy2P zUaYETU9774)L3(jpIUl_#5;b6D=%Rra?_$dNnDsuK<=V{8?b^+8`ps{6%khv0a~tAa@TcPT zI%FH-k$`$>#6W}ru0T&GZBhiy-=MJ!LzNE$wlw)4mv9M)yHQp-W1lvsE$BdX^HK_@ z8^LSG{oRwO&kGtbx9tI@~lo?zh4fIyO9lY{-aZ*Fv! zOwlt-YCyCJz|bGb^Lg}FHWN?=Ns0-I%Ua=wIn|w*unuImG;K31$2~S%DyI@S1J$Nd$O$OW&zI1H-tEoVh27*hz5Hg({JTfk+Jr#l=4U!TXEXABm#;}Rl zWH8HsZD6L+hQ$Rxt(-E>F>rsllwcTYN^zSYW~`y4bM(*XDtK8{DguL7DrD*ySmT5g zc4pEV%|F&NH_b)vHFWDt}Y^nq~2dUV%q{AC6NQ%9<4^f@O79 z2RQGNfBQPYM+W&KfDqu?XfMJ}%VjUgOg^OVyExNrp|_9=o&8ewUL4=Z!Q`J zB)%D`#bPj8!D7G7or$vCG z`+W+c)r%%{XXX&Ls?qaoz&McgWHuZrp=60nl(nvm|m_ zLN2`_`bY&qQV3jp_Ue~s!8u*@Nsz?LH^*#?8;6OLeF6_b*^{j#rp4w5H$SGnUV>z( zU!#yjp!y#Ay?AhNU0@kjj9e0e2R2|u2G$ZBMOIzWGSiQFgyBs@o&ur9FpbI@zd?bu zD8>9v#ld_?Bk%0^&J%u~6QMW|juaQh$a`x1A;wt5Aq@!ObUg9lUer!Cnz3Y(p&qO^aX1bvJ0q`eN7jFM)wyUxV`c{sCKqpc# zRQMu23=wGIB6xeNd3)0r@>Ycpg5}p}OvSUj9sLO%hWFh14~#HYS()l|#@dl2aInx+ z?tH;_<@!Ww*P(CwP-$BTpfW`}@5#JE(2g{DUqhSz%WmI_F2(vFa zh>*<`?s0eub451}ppNHDM?z`M$1<5*`Lq0=E#{ktfiCravQnlrZM6eKzNwOo1V5OW zGCDJcW@=*gD21&Bcvh|-Y1;3%smM&>$=ZR+zYaoP{F&Gi&G@8-$bwxvk=xj{#PuE& zd00R^#e|cE$j-{sl6Q-6brFeh*wOMK@qD{I*yPK#7mi?4FC9pka8Ovrsb8arWcTXx z=&xmMweC_@R;V(gRB=*iuh_QK?z+`RCYJRpDH(>Atma$0vxg?z z&?PkwC(L@kqFGvNj>4tRXPApo2wcH;JVBr>nxw~{xI~W2ZnL8`Uc*LHwbP0bHEkB* z2i;rI4gwBZ?)0Oqdef9OoUA*!2Cq%VThS+6_Ohgi)KNVns%?AIThUpWF(n71qwKQ1 zEpgTyD3?~!ONLBifh1+rnnhGmx2^&yVR9FdJ>yoIs$4I}KAS7Nm6Q;Tm_0t)IiIjyhVtMB@37E388_F*yN5o?9_7 z@IZ11^diw}Pq_L$Jj56pcA0~c=SSy1WjCXkL06AS69@I@JVKHk?PW0RwI8nK8fcTd zWUf>w@w-BWGx17l{epppFwbGR*dX9Iswpm-DT@txs~03y5IvT*8~zpg7aS9E6Sm4}89(ig6H*^hw(!h%42s80wh z*5Xqu_olCHfI##qaZR%^8YFr?b5WSVeg;|RgG}(hi}zKx!>8ZQeg_2aTn!N8T&;uX zf@Y+@ett2l~Qf0aY76pT`xvFW81l~5-tLYBs#Gl1L&iEUy9C61p zZ9Q^R>T6yI;x`8=YD9$J*TheYNLUYKy0pBNS0)(zA2wK|Z+^=qqtsX}O8OWCVm;G^ z?-ghj^`Zi};W&bv&LmY_7Cys?6$WKB$b;g*9aSxs)$O zzV=VIoAW9iUr1a1j_uZhaLK+c`b|-__zf#9sZ_yVLpofTj+ookVZZYaW_rb9WqV-6wKbaWhSxKe{!%h&P=Mw|P>_~jrTVICpW54lh;{~7{alCP zR>V5@P@BVZ8xV=@aX}5QR36`BgGCc1qHEQ(K}WlEtuzg(qMhsU72Rs-R5eRUtk@)i zqQuV&L3&mro5zyCPxRyRgAyEt+?>uSepCyG$*=VBY5f}aK}2ENHsidx#5|C;FC=hS zQBwQW0!c3D_YZ$=mp9dlSL!N{Ww}BcPYF zb5NOC9+)<(R>6Lc?SQArH>uRWL=h|Bdh-zfxs5M(c-2d8`g%+vPBh=epZi6u)N$?* zbyIKAWblg$1Jq!&l4%8isfEc@R^%Bzex~0U!zg~nwPi8o3>uc+!b~XzvP-jR)9i+j z=Y>@~69Kb5{UqEaBZLx{iOEzY;~`bNnhI+&Bf(GP{47JO8!W1<>v0S)Fa0CANjO8U z{8bG(qGGa%?=OvuD-Hp1$B~B?K06{|aI(|&V!hLn{)He*xZC7gaeKbr=QUM_qu?du z!YctbbH#&YgKAU1%1Lt?&6HLvQ){l@2IU1jeZbtm44`Ak-%RHC75HafLOC%j7B_3& zPr6R=#0y2w3XE(&v-PP)+$`ZAA?7dzG^VK(Ni(9`tn>Rr)N{&f%Qo_mzRgD?epf0p zs-)-)XYTp5E~I`KChA|bWQa$AtR<$V+?t%f!s66ATde1RVNz}(Ftsvbij2gQ)y324pfm&3@06<*?!dClb=kN z3ELoQ_~kbMSoTet>97e--?5J${dW5=mPYSs;T3~eigXt}t!NQe>95O}$2xjI_|d*g zvJx2QOq`!veLgm6DUqilSDb08!#KWsWd?9aKL1QiP&kTmoHna(8n!VefdAwCv5^aB zD31Tn7!n6J8a$*fE+`zakhff5vWRraU3}G^e6MB7D3=E2pn?8G zAFNq6iA$KO6;qsr?^KQM=9*N?-UHm=L0Le$6EfwKR3edw!fEzITRpTuOH^_lHj;z> z2~0t3q8?0k=x(>;2sq1C48wI9QGC+ozR$v|`yOaAb*UUws7CH~X~{!{b{Q) zC!JKD-QYavG5_J9dis2K0Rn;GNBgACHqj5Q*}Nw#!-(-ChadV|!ppC<(Gz1+DjPP* z8Lu*$X5?U~SEHP(MaDIzYwzWj+*V0W9dotilfk;x>Qe|~-Cg*pdiRUkj`Ie;~KPcuGMB!(8zM7eT zDVt^`^@0k5!KYb-~Q%7Uus zt0+C@^8vT#P(Qr~^HMETf&OQIYphhtslgs?o}JeoK?r6nSCZA-eZY*hO{>BIm~b!3 zH8Gd)WsRbSDPb3$s1h`JP5)`2AM6B)^xb?M7*knh}i*o5Prx+;iLbAPTmUM zG#KQR&L4VYiNS*YnYkDC&#OLv(SyX@d$>_|a)A9!eaERSfo6c>>pV;YjLZ1Y6yd_K z9A2dzq*`(13#l!~)wva5F|t8YofOnWc9MXjt|k@O!Of$|C}2%~tlq2~0lPuR6kpv5 zhkw(um7R_J<)R8~qx-r%m$$!|2J-cs3?AX608uH9fKR`JG1YI!r?&0`SZW29vifK~ z7r!)`o~1L;hIbJRq4PO-qLL)aV>%Kk*s#ohn*2NAq!O=I^pFLQflqF zaPg#%RGU)^^*bt}xq4H)9jU)bBFs%>(qvL-NlwbdRp3`2rb{yQyq$19KF9a0j+wZ_ zp*vF%m^MIhH?=DwN7?dM^b506HNlr(={9K~)rYa{Ho9+1?hMNU2e7u8xv%?ec$X(@?;(v)Kp`u7M>be%FBV_cL9 zHzZ#)zJ>}Ng@HIC)bSoK7RnvBHJ3Lw?KClbcwJxdwVnrD6-vl8jxI+p$6Jc&Uy!Db z6>;Bp!KWczmZvtwBm&G)9!0i!_Y_q3-2!0J+%(CnvwQguoM<1S(J2fkh+=SQSaD(k(R5D?GKSXyd}S^wDoqWvuX5`B@|`KKUg|D#}Cb8rmGv zf0v-;3ShAtEg%#8Jfh1E&Bw%BpTo<=<&$!iuNCDGvwT*Z<(>3y(tb(T7A_YFD3K6$ zV>qIzr(@H{O)3SE4N;_AmFHAfDo6nf@KT+OE?TCwMXv*AvA!(?!q>$!nUPSR2Bhf5 zIIdPa6%iewFZb6t0=9 z2iB5*w?*y^mZV?qb3-cNg6)$47PnCFc3qmLH8(Qvi3;z~h(8)J{+4BiSp96y6lLfYbB`c(g6-FY zxWgN8ZGS0^`^+V46*Z;v0ee?73t<-}yX?%d8Vwhfnn=}FY?3R|{gWrln}oS6x)ySQ z7k6qc$`v^a=XPznH5~055$3T4?z!#dI040rv^+@+y%5+k3&ex(P#yLa&9#8 zASwPVQ-=)R01Q zL>jIlZ*!B#u8j;~qD;riunW>G$v5iM58$DhSw4ON`=6;nQrxxe(Y|@XR|*@}#va?R zK33&8U27@jUdDd_C?cao z!5xB4NLC&`jz7vez-Y=QO=rfwJYwf^&y5 ze~kc))8IpY&5!nL+lIElpKFz>N|39vK7xDT%Vw@HW@A!Klgt^a=)P5Jr+?{i+$vT* zKKpB~q@UHglF+(Ur!792TsM=XQuG(c%_pNbZ1ghyfR8O_<`-kun7#v*P00$BoaIgT z&BmNs?bnpoiOSCl_3o~-Rvc4n4{}YudR?G2n%~)dj@RF$dm4P?A9Y{5ctf5{P1r)m z?2|@G?(juz=ThmRA2Nd(ifMCYhFe{KO$S{W#AW9HfE1)SHWZd_ZLIu(D#9h1)g0rR zh$&lS0c<&Eh~Y%JBU1b8h-C`TFgVlLcbboy0{iY*tc9|@d4{X24xmvp#sbw>*l^Os zN?EHH_}#a{(&Q$LtIqU$u(Onkl6knSyJd(k6R}}Zb|WWeD?fxWoJQ-o!`vSQdJICZ zVi;aBRaV8i>%ZO6KDZ^w!G&g@P7 zi5scK<8#*k`^ziWZMnr09kFw#Yi1R*hCWPQ#dkbvEJKX-aD^)LFT)_c;%L@@=#2)Sk$*+t>62rTefd3sue^bzB-Dqqtj;gXv)Rn-3X@?;VVB@Ovnm6n zOWaQ{cU7QaCgD)Yum~D0Wx@cN}eUp<2*<2Geydx&sQ%YUu>bds=B<4+NfS?>1Ld~`U{x5qjg2YO7dJK-~wT+kIDEB>Fhc!!bpuj54N1! z*Wbv&f5B}?(Df%VSeCbodjTbgVS&GRd_8%-9@6LsIT|049)AoJjH$;mV<1CYX_8leSlPdV0cdlAwMhB)~N+XM;M>aBzH zzB8iU82(^sL=Laj;+GqxKT+T6#m@RY^@G6Z-#@E3VW&8qYZh(};Sd`9ms{Xj&fUK1 zR|-il57H1qw8g$3>yO|^u zC0PuRR%egQlC82yP^J$>ej%B=Z#elm?|Vl8q6)_r*cu%SK|W17MTr#=7OG8D+wI9L zO92%IC#}B@SU+J-nKEtCErMn+*6`3wCWQog;^Q~k{)75Fx z=XbFL&%|ISOb&^g7=KFLh38&L#f?7j5u0V>r$KuOOpHKc4w84GY1(qymPMED7d)WQ zR*O-eggFkV&&JmEclKjXjygP-=cJ&k_2`bOQ(la;tobS!${BcvTfEwV$OGqa019;gNf& zB6dw8pgCGSeOEm0Yyg;xYj2WpcneQk`isL5M`Dq2jPf%00bMTjn98IOTzrAB1 z;ue6JH{ymcs-TxaFKP~BHKYK@ArY{**T8t zMt)M4WX}v`ebmV6cey(@vLxz|lM1va5MLxucK{TJ=^Wj{hY+x~tHQT&J(WV#MLs_k z&*~d#MSV5O9mkdN^pn7yp1)X;jUmgzZ&s6BDTxX**cs=9P_VDyY;0#?n0+RLy@<~f zhI_lZn84;}0|Fn7*87Zo^wSWYU{*T(mT=s>{<1^OPQQ)f`%tYvm942(JOL;joIA&A zL$_jmYUT143^l+O7Wj#`ioVXUo9;HuOJB#xr!@Jl@v^<~w~4P3!c^8Bc%NwQV& zCy;MVPLAtwOP7bX$HMV%sKBSmB9q3F){C(3Yqw1szU8crdBJ-*gMDz`NuSu2@uM)e z(jkO*yx^xMDlXMcQY`gs0kQO;V|Gn&A#AGR*8<0{w0ht>?L8qO**NP1x3COo@!pm+bvMX-C3S=t+w;UsGN=YWA6r4sb{ zb3ZNU<_qWmv3J#d(Fjm}*b_49Td7H8-gjztA*1W0AZ}f&)jtwBp`jTxeHvqaq39@CiJ)$J`e;^+GMu?bzJd)G`q&?*Z}a<2E)l12l=AYL zs{;Sh-SF`v2 z*d}#$Ykz;2)b-4`bHjhoxOzIi$n<*B5Sb)+92JSeb(Skn+mdouXdhkLjThVw|I{-G zDj(x5%X=(_c)~zC=C4yWS{4XnG@X&pbOV07fng0CZYH`Ll`BFuKBn$=W<{siU@Zdm zyGo2*{>&eRpiH0)G)(+O%Q#lnC>H4MXjPPl6I!&_jEmUsdsyrkgv1dKB8(Qk z|Be#Lai8r<1I*ZV~QXT zYd}L`oFQ@O!g99Jmncabb2h- zl(S$-&?8BzCpzGv%{XuhuR(hcwIY|-CI6~fHL90c6X37O&Em!`aLyj^od?Ku!J#K$%(3hK`wO^Gm5%xqw(&s50?vJ}smG@u79)h)F zt-AJa2U3sYq-HM+-t345hl6iMBGf)hPs*>Wzv-LKd3N~u!NJDkHYY*c-US#kRClym z3Fgkz!-(19gX^}|d#Ky^SJ%M(hhFUq9laKLmRD%5lctzSx;JAA;vIMLS16MeL0=2I z3PZghrbm*%BoQt{N{SQ;(q32F+^pyNt*>;?EA^J-}XM?i290o z|I*xcJYu8bwSu`(N9Yz=Qg-4)xW zw`>QWlA%uB2;srrWByvI9aCH28Bkt;am*ZOgYnf|d-`D>-n72uv$T^7_HMVm+3w4N z5wwzb)}a!4A@Vo#R0KCvktMS1LFGGgz>5V#s3gP*m=qfjH1*@0eoU5Z!UO&e)9=$E zJ&12()q&s%E3Eg;I*_lAgv5(z(;LAqwT3vPVygVzDxXb2O=0DGDSx>wR{~F&N_4xW zdPcg_-wCIcxkLzdp;P`w+Q#X#UDXa#{pE|P7mt#KCT1&~=@RP;s?%#u({gQ=5bg=j ze%S2FKW3u9>GN9I4#T3yf%YW*WzL9>JgutR7mqHF*~-MKhHBg2d`Huw%ht~;XDD%O znf#nyd3fwxTusW_dTrGac)qGF&PA*@g2@x+R+<}Xd-=L{f4@CwOigxYANAXi zTKrv?T}3pi(z0~5JI|du5L5qLv;19YwqeD2VK#XRROy%&8Y_|JigAT`J^j&PWIyX_ zW;h&7sI^sF_w%QyxQVveWckHHVLewfQiVz#g2Da)$#CJ;HFsv>6iJWK{o(yze4g!S z-XG5UfA&14@BNhxoimvhP)*}NlGjx@Jy}nK8kyhgUMYH=Uy;DTkq5K`a*2~7!|u=! z<6kTWfi4f%$O+Q{oEVd$RnC}4t%N-C`kx2Hw^1>8d9eziw7+>KS|b?WU=w}X$eCSP z#Bd&+|DKdr-YITKHWUQpC2dX+W*c1_2kv8@hFD>RJ zY5FTN=nt;ou8XDcGGcIx(KXTd%u53BM@Fl}zt3V$V*S9ftNJ|H-_T=emDlS#O)K#5 znKKuE&GgT4u z<3J<(g$qxl@Ep6dqh2rXl_sho;S_NfkpfHhth+!4}!wyg}7U+0n0o-I_z;t99Mx*y@k`d;S1eAGEuPpio@ zuB_-*pg*-`5K@_AiyORibWPT*uQ=cM>-~}C-p4pa56|mqt1KLN@ta@G=IbRWLTBF& z`P0E6Ambmj^!#(5FnWDNT;PIOyuaG{*THQ;K)?CbDCOjv4g6+4 zCb^IkHv-5f5o*gIv9tMxcSidY1hAJNr$yiKG6>@XF%s@dC!&AY@k5R#I-36=$-tNS zp2$=r{)d&X9e2wAuaYOvbp}W%(wi{EfPNN8zJ*0>g~$Me`Inls*OB1+)AhU+8I0h8 zW^+i*Is!%~W{?u9c(*9OP-Yl%{nveBy<#rHTflJ9};x z1~vjV&;SzXtG1m?{Prv47w>Gb7=+;=o!j{Xs;xUApZJ|wGVC{m(rSPvS;A%O^UEK^ zT8OwU;fX@STdKlB`#4o}HxlG%+NTF#ZxS=5vnl5f;Yy`mZxhx$Y(?Vf<10xv2T zVV35CaDClEj#sdk*2T13@_#b+kBjitBrv&^7sflFu7qsjGV7THcEa2hFqZX=8JjJk zAvT#U7yr@F^aG1$Po zJ!^R|E#guM|M*NE?Ne%pA}^5aYwir2Pk$u^VmmLUoNKe>lZTyJc(N$ zOPt^%^^$+9245oUjYC~~9OEX0Rm?0mxp&Y(_!%%}S#pk}U`!JE+EtHe!lR=^26Q8i zq>x-5p152aI?R*Y6d}dt<=%pL{Kn$Gb-vLe%3->N+QUpc)dS1@yX7a^hrw*61yVbWM2*enZ-ece`-a zqHta5RhgB-_%Tnnvjn(SsJJt(N<{g=^rzxtOgYmd=aL`$aUd|WGrj|vwlxaD@Vd|7 z^XH5${BVV97p=2clZP*7v3JCr{0jl;utIdvZIB461ef6Q>Bbr>Ju^lMW`BxQR3)Ie zV(i2ke7lN}M%W};E7odoicE%8zlq$&c^_iR}8GZugpH2t5@5OIjrz2iqF|Y_?`yNCN@Iq(CMRZV2t|Fhvrf(?6 zUh);9!w2((KFSb23T)r{Gp-D=qkWX04)y;tV=Y|XyV+p?fHQi)|DUk{Sipa0EOKE3 zT_70%@Sno{2N71WaJ4nEGqkjEW_J0XHs@cg5g08H>`g&NMfBej2nYxm7#QEaeIq9) zr>Cc9XJ_Z<=NA?hmX?-QR#w*0(J?YIvbMH%c6Rpm_AX4*EzQ#Ftk&wP)vYRWZYVKm zDl=}YGH$Q2X{q+^sx#}Vv*@gMYp?SjXw>a%H0f`$9BMNgYO@;aG#>A=>TP!IYw;TH za2No#d5(7bO!ZpN51Pyk+ANOPt&EzkjoZu*I?fM!E{(b@jC!w6IIT{4ZO*uE&3J83 zTkg-9?9EvpFPI!JTA#0&ovqmH%{%Y?bw67EeZ1&$w(4}T?s2_gbG_kszhif|?Gz9Y z5E&Vn@GqGmGcz|gr>QEizB0V0*}tnPtfd~9Tu@L@Sy|cETv%UU-_g<0+u}FW6*AD7 zIM9{W-%~p|5I)kMIWrXgcQkNeEPQn`aAhidW;k(vEOCB3ePudfYc6nOHfnVyX>~Sz zq(66hv~YT?YUEGd^mzUJM8V&w^0}#o*{RmWnc~Hn^0oQGwZ9cx%he0BO$)Q_D}Nh+ ztBdU$%gviBUEA}1+beZDYh42a15=a3=eM`k_jjiDcNTVc){YN1_xAP<4$h8_FHTPO&(6-yFK#Zc z@2;;e?(XjHA6}oH-=CizpP!#TKR*G$e|Gb)uV5x6R{(%SL{j9Ziu>w?Zdk&)T9#Uc zYh$4r0?ncxIv3n1gJ=*Ogh}V%g=0&KpVk=-w%RYcSrs56F_Z*9yY^Q~+=Q2mk<*0RHpI z{U z3ZGvTLaeckmAjA*ivqEmJA`?k0}rb75^jreR_lcp8ULWhLTo4$LR3B^;0$FT6(aPJ zcn)B0P5>w2w}pF)f4gE8T5m$)-y~jdBmw8+uW0-=a*Eved^?b_?*Xu=k^`r{7tOI! zAkkNq(qH$M*e?;EZOk^3W0F=PoI-A`)aCK@@|>5`(5)yH$}V1OHvWL)Ky-uH3vqxV z#uEvzhX~dTjsMNhvdMNN>O{DZdc3ewg+kycEBdy;38;37V{Nn<%tTUH8nSekMdEZU zT2wZ?vRW)|(M>J;hNwKAB=ju8RP2*ZSnzD*l5Kp<2R8PA;%yK`Q%?2Uv*8Cpft|29 z6xc0IXfl)5TDhsL1sZ=H_wJAIwaa@uygkJO84FwVV z>=`6P1!}xkU;!BWS{tMg524HCBoP>VdI%|NG0E={L}9)_de@O08KHXO@^|^9-!fcA z+^0V9iT`W~bp-jVo^iKhCZZKsx~0H+mwshqNQt6$J{{v79rLGU%B5eGb8)|zNA;Ha zu=K^^brxfsMZ=3%5;G-1Y-U*V5g629GFF!2Kfo~yt54l4S*)9FDj ANE}TWiAXx z(xeM5iWi1E4Z-D77QQxWdPM9hS#nOIgF!3t9B%5#d5SMu%*W-#QdL1(+oS_~j4T46 zMp0*U$_;H-;)xtpEKBK|$^vNcIkK+9B7RhZ-w*ZU&MIohhDS1FVS_I~k`#VROSQ?R`2tI=C!@%h5I!6HtL(q&z;FE#^lNdnxrI-WqZ1{Gvls{rQ zaM~oXhtvm6VBHI6DZXC^KPLvnFOScF3{wCLMZN}H$pd7+i8?C8nGwyD%IDpx)rifJ zFpd_`|B9`hi0GtHrvV!yovvk>2zo7*c^=Emp-nPorG{3f8k8iSZ`bli%>)=;Xdgmo z5og4NPK;^63B8M^n=aq{M3k(yuznuAsvVqfq7vP(;XsvI8>iFsiQWe0`&yub7Pl-Y z09B~A1cR96V`r2cb$_&pM+4C0e-1%e>h&m+5!p*-z}Rb%JCHH1nd)NAJm)*=jg!H! zZz7JZLQ4c`j#SI2wU}^`O#kGt&S6cG0OYX_RTc)KTUOC6U#q4;l206}1&qJS*>e1v z&w^r{@dx{tW^E}!et8Xyi`#ExE3oB~0<<729aGDL*GjclLC)ag)0Hv9YG=}_uXbz6 ztV{><Pds_?DM}P>!vvyr2*ch>iL9-m%>Sn>0n%8WB)3p$|<0y zsO~6r5XG&>=3Iwk|1DC?$}a#fg(NkaxO&JQUbaJPBL*tap)Rhr)_`ME0CvR=M-u=t zIcbbwF4K+#DIfHnV+^^j(kDxy&6(rrj29v<1Y%(VV8LT!ms+x*Z7vYfCiM_B|y5Ad}_dIAMOp8>D zxkz=y0vLqe`3roz8&Zf`5u9a(u(&emuISRLOor|>ehQbJnx=0Z^L%Vi6`jO}a54Z^ zXmUUAKrAj6a40}$&;&_yP<=DuAl zih4Z_f#jQ+22n78oOMtFPi+-Y+5{GvWN1F0#e@7}KL0&M1&~02jLtg51a=G|)nT45 z4xx6@&LjcLQ(*2qMzIqZxa1q{OhPKJ=YLevw!+?$;|+tb z1Y#nb>6he4K#Hq$(tv>%Ggb+s3W=nnQi5i0z>{qNM#0y_3O#HW?Fd;LDV&$oDF8D4 zK@O{edfLnmAs0$c_+=h#6)*-BASRIr;4mb(Qa)_tSPDdm4?^!Z{h@TIn`FZg z9|6Oz#T|?9$ALW9R`nPq^jMm1>;LYi4xZcIgU;#oNvL`~ zxno7af6OJ8t;!kj>BeK(sP_8fOQ`;!heqIiq5!bp1u^ogS)Q<`NiyoCNU@J&IcJDS zgo?P}`TKd%<=QsK1Vb8-IxMDRU6`ukFUtPX<#p|q)tMVJQi$KI-n*u>oc1f8#mngA zhql584KGgw*aCk2m?WZ)H?39!f<-|ZRD=h&YY8eMp33cgTQ@9I1=WH{um&4zCp3=w z!yDAaHZsL<)K7w;eBQR#mVs_8SaXvknmjVNAcPAIRB!tFci!|qPGTw6GD8DN1)as8owE4+!+qj8^wE;WY$ns%H*g0*M= z6zMUO)&or*y_7gn zeL9D(*0~Jf@sB0nBdzY}>@QD>L@hCkR1@SIun7*@SV$r|i6yOlNj2TFMe6e`UyADG zlow(c*K}@MeaJeBdH`9#?|f5yn4IJ*2sZYjZ$f%pwW1GWiHX0 z^vu=OrAak6Ait(F7z$T3neFiKK^~ANR$zZoczAt%_}{b}>Kx>NLEZN2M+7IqQzP&Sz^}W@ihgb{}oI|ye7Hbi2TWxa@tY@i%XChgM-4Xg(xLWzRSEIRa@KTqSCa@p0c=I^z?b3CY|zS`1@>6|6}gSY|S1%Z0Ac;wGXX%8CxF}d1ZNxZCz|sRO@)(-)wN}Z>;!s7()=qLXnX4`k{lEHZJYK zxYI@3k9{eG+%({3l(u8m8d6f;Y_Ec{lpB_AB93ypqWBkyOF_nJU_4j$K1}V_m1<~! zgSe}9z0|ydG7ufYkKu>C&Kek0->Vnk9Wzq~4D6TZ(dbHr`_cw&K!DptTs zmp5q8R=rN%5xVR=ds@9(epy_-x){GA{0d>8Kl3Uj2eSf?JZ?~x4Rb1(@*D(0q!g{u znjk|itAop=!fZcyYMQ^%$oh)?&4)C2v&S00@%~*YIY$zD>TcAg1}<`MHtFUw&3d9H zTOjPGeRuTQH`3A1)yn5(@ITebR4KcBeqc;pqsZVFu4mbsCgvew5kff?Gp0b@P>cIWZvm4Z)Az8wahp)JB%`63YtdO3@n+KVmvs`Z~%o zg=sm+tRwhDZg#g-M%M@&9)R$&x1B6*s1hg2(lxC&yqdeeFl7dPZ!`(Xpm1G0|6WJR zf0akCB=xXAL7YVcUVBkF_^E4MQJG zgW%q@?9cK<4qKyY_=2<{MqySqCC3myi7LxAAU00}O^ zB?NbO2~Kc#w>O0Rb~n4}~qY{ak+W&p7d@ zS7b|St~}UhgjUkHyx?)$_{?E4>CKksN1t?~<>6SZiZs9FM(<9{lMm6NqF`B7-Px}OUe86h{nnKEH6cMBPp1Hcj2r^eUwWIAI>EXR?Rmw?rD~4jIA4Q$ z5V55lI=%=Yq@bBd3)@rDytn40CEm!jM0)_0a$>NpJNjO9AV8_Gg0-qW2tIE^75KfA z*~sMxsgj@j;AJaS>V6&0`*0UBpWrdpp`OE;pawHhR54war`v*A6Vaq#+OoX(=BP9u zz=}^svW%*Y(E8wl^#g#4LXGLNGWAOGCf_IaV1D;9DeSV%`Q&ITi5Gj30`%_obUO(Y z27c(QU%cWwLz-31ykL}H)JuL*5H8f9>tl6%w9i=$zvJ#wa)}LBD)Q`;M)1hKdL zNPq+p+}hjKqgnxL%}VcDF5bMOidwZoK>Oq?=8m#=^!xJKcq!WKlk%`$4u}VFg16VN z78krd&inR5qb?Y2-+vNnVgmBOrgt!a1|@GA$rOFz;7TKrP$s^_3<4b(nLV3z51}Z} zk`xhRj(+r9r~(OHo2Mj}wzqOOQYx%Tox}E*c@x&bsqgl6zB_$G+L%uk(0(5-G|mF0 z4N1?pFdOB_v=s+bqKv{qIYX}I#x`R!S}K7jaC41VrCF9c&5EVOKo4KysPGyPCCW)% z_|=&9EK}4VQ(P%5 zZuxq``9N3TMnA15!6@cr_J_bc4j}p z?gv$&=19*lEKcmqbshQJo30J^^;z269bP<@XNTI;Cd1YhRQJyh=zy!DQjn{HLKUI* znLhLL@^&MUTkS=}jKDLPl{H&(6ZH5U6`|GxrYZcjstZ?b?b$UwUIH&`P~%m{K-x|} zoET_scGh#H^%Q(`Y@%Qb-3?u70R0Jz8~_Vn`V9-E!ceY@&jGmUUWO6*?5qJ`g;Snh zgjpTs|0_6sg4U-o&Y!K#pvdY)(`Pa`i??^XWgCp|w|octiQGLlV6gz;hTGn?Z~ONH zDQ@r1oDZeo4HzTgvuc%HDozTa(BbR|gUU_lFSk%%P;dRB*KGrXmKnf3o8E z?A#cP-I4q?*n3g_nF9DDKh)MJ^U?vO{kEkxxDo$j#K}95p?8J$_XO8!K^KRc4bH_{ zzS+5C(B2VjWV`aFRDMHCf8xh zb7e+E&nc$ZZawb^Y7;;yuCEkyl*mlYZrM>_@S~K4JPJf1OFxgbwHdas7EqCHr^mzD z;Cu(#0W2@RZV834WWwQXm{e1i+Vap!ct`gQtd4um%|1fikeeHE30LfnJ)p zj!@Ko?>(WNdSm238!NtF8Et=xPJ#F+@N2KPs}jC7c$|$oZR8}pb5?&=SD5Rk9{8~Z zmg_Shv;b6)Jof@4P1hpLE1{$!8|(Vy0a&)I$}4kBkF=XfE-NCLbMgKhcGPQJ_#u{g zwZ~bWS{h4kQ$W}}PDuRV$MMS6&x#GWK{?P#FL?jV`~6mykt%`9C!ygGP%`TfrE|K z&LexSdJi3RO&{*kW_dIZ?`*7M8~HDFwJQA9rQ~Noq1J^zUxRYc{C?YjjQiNR#Nk;3R8vD z!ce!M_YSc~t`{w~uv?is{Wn0AC6ed(n0KF{Bf_4;17O?|fgAt{05Jdsa+gG$7zIEM z!TtdN3;+NG2mv6Z|7#R-|L6a&ivRB#{^Lf^|LgldUc?y%C)s?L_Xq@@sK^Oxy(tCT zOEyz#R&TD4nRFMMIDo%CtB$P|Z)>N4D}S6&;Lh5WjU%f0OmRvkML(=o^W)s?@Q%OM zUAQ%~PrO%WO=VwXojsQT{jz62{+S>-Q)npjU@dm5)^MXN#RPj>_a;=?G@o_%p1c6^ zqY08247Vf^yE5sco`wb}Cih{H!>`i7_q=&6;iSx!Ngqrp6M(#xTjM%xxJ z;&oItj%)ZeE-t(@m%1fhuUJ9eiPke@@s49B(B@sqdxZ~ztuXeg zDGEAxnWLj!v4AK;@;FNkjLBXTRt{sQ*idf=+0;ZcjZZA;CP|jpiMJ<6WbGx^;f{O` zr_Ezj*xWg)7}Z~HB-C|g{EmWk>B|I1W7Y*`4hiutN$?WYeEo*2JIM?E*Z04B2(a+o zQ*gc&79ahjxVl}Y43abHde4IU>i(LNk=-AO@)h5xc7AVXP1~Mqm z>P=n_ym+}5`_^iW#yvZ}Ov{uuA|D^Fa*oj0M;7#^tCfsLOC$#|}bW&-bSNPkR%S15*KnJDTEv0s(3MkdzyX#j9ws zy`jWPT2fLU4TrDcA;E@qc;jA(r?K9dx^3(sp%UuwQ0?DCYS*#?5;dsvO)8dgkI8 z1SdrQ{;P4{U zQ>#t?%83b9712y6G)ETd*w{ISed8t*oSG76aCf4;P`bfzk;Q(n#(oG^#AQMVYHi%F zI@UM<=<5wa2VGg~3qI13F+beMyCS85XhC?GiECu?qM`OQS?# z^*@Ee#DFjeg7Y^5Oe!;*DZ*2-PnoD%BqO9fKuz37WXXUo3OR&SZtpkB9T?}eDUyw! z!&cu0eWgga`at0S$`LUWT~3)3ZHUBGrBORH2-Z&SSVB40oPML53>Lql+fgZ%t1I)> zGCPge&;j>>WuP?Gpp+P0uv|Do+z8KM@(TOA{jPuwcMLlB_*zsk zD3H3(*2zm`GHxT3Hh+nwAT08^DJCj)DgP0cRek4lA2nELg##naVp>uju~QU+5a6iETRt*#8cfzQMH5rf+gl!>EKyDs+^;p_Qtuqlx}0{0 z@;1OQK&E+w;;D=Xy$ooEGiWSWE zf})b#Pg3mA=L2KF?FU*mR`8I+20_LHp|K0QIEbgl-#h3#>Gi|NFHkl$QFT%AYkhn1 z;!=uLx+>@fC6O6}*V}hc2dH5sydns62%J_(0jfMr7&3HUI5;k6wqP${Poco=9?zBr zX=_M44Ji_D9h1)v$%5Xx>Lf^PQX;yeQIUU=l;}>D*<6dwIZ5{lw%);o)5Ojtk(~4& zZg+^LPB*dSqxe}wHwapJiMABJUwN#0Z7DlCMBYHLx=-E5-|bXGEbOYf5d0RY5yuVJ zbc9`s(azr{oyfbN@?{J?HjvP&*c({E6~-jMk+o_#8st84a((l*rP7Z@tu&*euq*z+ zPLFI4O;-7%{gA~Ru?R9AiLa+kJ*V_(W=YdkxDa=eSlP{WqOo=-NUV_>5!M}&V9S9r zlQ8p>GnQMh1J{NDak4l zC^&DS0DzHa|D;R(Dd ztwdPnlNN;}E!I^UH^_^6w!J;?LZ79~o}JnAct5~Wx=F;)*ocYPjDT>vG0M=nv*7h7 zK?^THd@uAl+aBDiZai*!ofdu}(a4#LslelBUP9qyc8>P-*rl7zCQ2w#GX`6?n2Zg; z?Buv}jJzq6XmmWPCaEuDQ zN~u)EdgnEU4_DfoG+2;z^hDk#e@cz5b=ZLb9A9cF#TXf@H&R7Pkq3cW_Iz)kjWFq0 z#4IQ}ca={X%syK5%FxSLi3c|0AjGO{637JaHuwfd7s9ig(*d2dNP!w)ql{mqet@qL zN0+;StBAtI76^1=qMZIPY`GNT>_VAIJ|xflmJ?g-HQ+zwN@0UOUM}T@ezpW8Chw@h zJN)9ybS%v$H0#u(P&dfw+T zjV+snXQq<*$H#4fxU9$Hn~w;75LY`oNjVESGkS5_aP}}6%Zi`+TYXe$H?Be3NWeK- zSl6&&#t>fSgqcNh6^bv5_L)!`BC$3y+BEwp(>}KTnc9$=f%c~)N4DMV4d4U!OutY` zKCX?(aO9b+mCTkLo$#APc(mlvlIZ$uv9u`RklcburF0)2kYdRl_S6eGp6ht#6ayHo z3^4*$qrf+uDOqbh5yK`{aig)A&V|a)m*L|52A^@6;n{8`#+pe=4Gu;rk-QVFv_I7- z#Q^Iq#<60+OJZmvRRy!_N7v}Z7TnIk+}#Vl8;^2whqWAwWpeYC3LV#(5KT+O!B0vu zOao$vnp#XwJ2wf>&R)A;&_$c}SVz zD5-+Rj_*6jJe)&Kb|3~&;F*7L7W!o?$kg92)8Nzld>lb?umg~(t;E><)fm%-Rud`X z_mi}Tyoeeb|>vdk)>h+2; z(FRJCp>1(j%bp@39fg(%vmV_#Xbai*#q>b!(#IN3G)ZKnwp)FPTGre*#aF=^l3v(SktjUV*7p z7?tt*3k64{^3T%Ir10(D(gHdC9OKg}4X7Z>SG5=x#oCobhuoM_p`5r!*s+$bUt-M` z_DvFt2E~X=d1zvd1y^}D>$BMLR96r4Hoq>)b-UjL0pErspX7YkU_UE77<7?Q6#V=e z|5YwME&FxPR>Fd~+)6s<+C^Zf$$oq+8xgA-v@k`4^`s|tT&WAYq6VF{rR#E#usRm~awe4N7Mn+z8A4=b zgt0{Wn0Ks>(@x?fD9}2FgXSK&Lb%r}K(_8(U#XAn5zKy1C1mLrmUMGQ(Eo!?qboXe zo!q`XZ+bYgg8l`85yRw~0|N(;#&o|1BzoY(T-h5hxt81$pS|euVgP$jw9sXaWCbIx zC=2==@ohzs81-9DMWhgh{MQ4nV?{w}TsEVz0tFs5z&+1IAD_Cc#-`6bbMKf|MzaXs zs#kK1Bj}K#FTNY19f~DU?dmCjCN0c3oN)Of3vlAHin4-7&%}k~8G4Kl;5@*|f_!x? zW5-`IXk+;y5l|X&n3SOAT(3$=Na)I{-=v!5dBooa+ZYsb8c z;Jwpn@q=d_-ucbI`Ssqz_|@9CF5X$enw^1xedi`GFVC7e z3Ey;0pf?eaeAzv||G9$c4~JYMgBeXJfJ9A2E@VJ_tl!tpO^@^t;-~BA-!e_05;EYp z-@hqTP2Q~Jz?{T?Qz)C{`pAK5GN8w+Z@_aQImM80=}Y%+L2@D#a-vtn zLg!4aVdTn~6v~|1)!h7>+h{M{-5B}EU%q_VbTd#B&g2Dp|79A{?xd4~l4p-j> zhn0F02Q0gJ;zGxopsH6syU5F}L@VJN6&wJ=jyJVGKdPmBCD@qZ)v*A?1}Zq-PLj-O zwU@=u$xljx${SMTz+iB;xh%q$iPNJM^!SjF8-^sa;lgeQFWgGnz8UA&?|0iVn>_YU zn96Y%Cwl_5M9b){L#5ahsOD7Ii)DcRo8Hf0+PRsqqH1Il>q0UlTN4c1>1E)gC!a;@ zst>b+8=nVke!Dnebt_UWnpPqpKMXKT{NjhfEY?W?`Vb0QRPKcQn`t+!uT-QDFuI{t zG!&IktH@}vh}futh#SBDF=BT^D;nJ$!7w0|{eNM@NNb5>I zDNP+un}<+?vdf!7uQ{eR-KC|nk5?Psv)`khhuILR*3(rgV6P6FFz-;nP+C*n+~XIg z;u|0*fOctNxAVE>@PZrlx{7F^NGZBQ5nG|?q+P~C*n=9ruYZ33#a3xd-Wa!TmRZWt z&`Xyk?AK0#5jp*&OFKO}j7}`V?h?y6W)QOxM+NTm^Sk-lkO3{6*68@bNk zuQ2Te(DCfIM(TeEx`_f|9v-0V-K~D(^sNO{pem%ifa;%Sa&L*v{;s5}Pi*zB!30Q| z`psoEQ?Yxv+FG4G9D#>Jcfxk~JnH%z5Erb32Qtr>X-lh`Nv0q7=^bZfL{+x~R3i7k zRs_|S`7zcmPB&hlyQ8ma!fQjf^1iE*qaL{JT?jn-hNy6<{Ia2QV8lczJg(SOE5%do z{T`?6WaZ@6s6Z&$aRd3+tZpeD6rbdbirl$tz;@{8VH}Olcf5w^8F5p0t6%D8u3Vg> z?=7Lvn7q$_$#rt?`7bDWe^}X3X!gbKi1*lXlpHY|$t2 z3G8FIsc?%%wV#8S;2o?}lO-xPLgOJchM&XetRD9QNmf2j*JApf_vLQTuvvlL<#T(` z3xr|!b3P$Wey@~^;(8rqd$pGrA%sV0IH2O5bq2&u`|> zV-!ubxo(}V-#0>>(j&c{M8uz&WZIh|TqmD=$YqA#kyS!=Kme|H`*VVBTw8NFyFBBd z(&II0lnk4UjCV}cGHd=u+@(gv$|MrMh|#AX z0a-@jak;lZ-Kpn6-^B{=QutWCi3drlWF<_uAQ(-Vbm?Y;(_6cJ7gPak{8H^8bJhFX zrGvT3l9dkaMQ>C|6klpVxm}s6ctqT?WW&6i_bx^tn7*ov2rV=p-?^V-t?bmRwA=kE z6BRKxEK|y~Wkh)SWm}2Jvf&J>igOh)*Dp&Bf`;CYV-jn?x#+ZIq1=8QS}*se{0Ne1 z5{|~8t-|roK$om)BAI&s3Q?6Bv?*rkBoY1SBD+B!NRwQSPi7Lluq|NYtF5jGZc(P!u!o8Xa+)7f8mGyeVkdmZPHJBaMwji0BRQse+&1fg)l~m^a}- z0>yj9cvxFub8nz<+qGj;CB6uKRTMTc-13OPF^11^9+{n{OCWc8)s}zXBF%AL?eUR3 zbBR2}C~AK)s{RMq>kzYt(Q$=l6Xo{hgTeyt<p((tpMa`|QDR1t)V&SMwXj08Ht(1ZbFTpqwquYK8E z6FwrM0*g0gSs+|nFFv1FX~8l@Hq8hv2=K-ZwXpmp6Y$^%^3e|wc>^u@0(htJ>~sX3 zIT*0C5%05&kVk@ZH|z{LY(r-_tRZb~k_CE|uR~GSuqzeD3pHLqQj{`b&mh#vlMt45ZrPNMHTR^ObxnCrs$u%aAlX6S&>Z&(j0O(*q=B zLlK5xq>vBZFK)afb|+bO)v$IQ&;s;zM#@%R{|u;Ea@`fYE*caBfdc9&cbv{x5&aNB z@PG#?g}$AwBBjK31dZ|NrqD*bqNUeB&FG1aKx!q(8&{uweI7ps{PFs;_h8y~M17^J zw+APMlXq^TQz_1LNka#@pDYNgMzQw&mv$%P_WD@fx(YQ;B;E=r3rqXWMcqKxp$r<9 zxnI&$!qlyc7ilvykQY&Z#!$#4#m-@zsVDzb!|}DtX%5A2=H4YO=!=~zFnL<|CU5Uf z3XsqyTX2b9caEhHEk?L1uzYm^)fF((emIE?6)-)#m!7@XWj7er?hTcSSi{1Ho44(=3APmmEw}kv-i4#76K;+cE5So(*vV)-Af#${M{N<{j^UxzCNb3Y; z6dzY&1V00|FAM>MCTifX*V{f2YRviuDEkP|x9WZt%V2AIP_fdeG#)}mZc{vGF5P

    !AMcUKrt!GX_Q(d$)Aa9z=JiOrAM9`8fs(7@XZGC{^q<6|GD0}Y6_##!Nd6l}= zD{y77jLdx03uJ?u^StuabvheK*KEZ`h6D2Rt1`pjf!yGWam_cD?}!lA5V2r?m>1{) zeDDsow=J0D^IwDu$q83!3Q^bxPaEij?l2#FBOBriVEB?=?SX?+BLPXZA)}pbwc7A z3{3L?P(=>oubTG2O1ZA?#iFEwyxAhJp-}`Xv~>o};J^=BS|$iB-*A1hr1SUVQC=yC z+av2pIwC8|IwLCyyXfi3x;=wadhJ@FJF8(X?MLhQ;U!^j{3+Y5l(Iaokd@ZCS)hF` zfy0*od5}F;PenqJFVJ`43oS@%{h{g$-%7N`F(_-iey+40A*yArX)*I&cu{bd>=wuW z@ZB`#Exf{kpop0X0RtiGk{Qf&Ac{X!5ra>`;i5@4FnI9xlZHp})gc_rLQ`Q3F1K@g z;bzuD!A9Sxm++i=<`8;=zPh3DmUTnjbQE^-mit}7$HeaG_bt+1=x=IrGxGM}ge*jf z@<3w}nK)ZxXOyRRlU12hwGpl8CNk^=;THa(Ds&o*yp2>;4z>ML@^+REhr< zpd+{+mPBVh=SNnrtku><+8v^qL`w9U6BKmU(vf-I9)7jhYpxi%3-$1Ge5G3_maTNnW<1(&>kSAK*^C=F*xMpi z2tN51H~+4uf!!5=cu~#{ZN8?LRyTw*J-JkI_<5u+IfvR{**bn;Y1J!0JyO1OzQ9b$ zyf0#((gdqyOUhTs-?bS3AyK$%lN_|-eS&8vOBy)eoHpxL8|Ij~MRov#2N_(4sLVY&k5d8T4o-ljx%lJ?q$?tFXSRPQMlHg6*V!+#c zPGq?a;VnMuh8M#m)cmqQhs{V)dFoKasf!k`fMVIcLmKS8A13zZ!ek)0GmKxFyM{jR zbHCSDTD_YxMEz1xC=lLPmrHrcG6YZ4GsA(3^6;$FpsK>$8mEnZ#P6zcQ(8R1I3g(= z2Rn}``^&S|SXH7_6SGp#mog{W%UsQ%2`3k>hVaq6wi#~TR5L8b_t;HWVV+Rqc002n zbW4#zmq%0CSiS@Zd^T-OF&{cqvrPKQ``j0FCR5n&mT3lz`d0nIc`j{NZ%O z6Qtywx`=$)Eb+@w%~ZsKrBszz`f8|Nv~~MDLKrqV`m^2P%hsJBdnF4Z(>a#r6dpzP zCTs@@x<+(tPQxMLI5iz3Zgsx-o&_3BBL9%S=6xuQrcjL^-&?Ai+tVj|Da;H5s9CT5 zYafi9>6BFoLmr^)m>vBp64;6HDQj%$10u#H)--EHVfm^ch+P zaSIWpo*cbp+H>#&2-tB+VvyA~ZiN2H_(#N#B}96i^<~R5MYef&hb)PtHn^yn3QcR1 zx1`su<^ zx0piBT(VJ7?%s@OsP};HjV#dJ=>t7}2(yPeYUX&rD6&V}fi#gK=opSGS{qt+Fyt{|T9?Ede)gKOJzKRl(D5>~!D!EtMlv&0gd(VlfW;WrsN+aq4P5%Q6? zx%{jgWw4;XjhWezbtdbBhV2Nv2be4(N5U6ZZnLwfm@3-W|puUTX7GEEB8hqy6!Z-X9n89CIc z)RsD?$wU7^zDzdxO+HeBU+`(}A{$4ki${NG{jYdxj8Nr4n{&oot{&f}sJ|!8mo)if76%L^o1fRL}F1 z3^!@Wm^oj}ftc;vgb1Rl+&yRlGo7jzXm7^*na5XiczKM5;!nfnJZ!7ALt%I}eiSSD zr^E@_4r)MZ<`I8t>#C1D{XeyPrAHnMq&6D^kdBv8f=Y--tYmU@=YUH``e^QlEy<2E z1j{1!ShiFMAKIYs;elWvlw*T(M8uo5eBmpG&SaEy%o=QWHHCDHSo3H6V+@_*_c7Av z7*)ivo*}gf!H#tmmTw?@tPZ4gOo|@!0j5V5wH3onrspA zbf-+Acrv`9-R}~^Ds({0<;RlFUz2jqOD)R zEM7mBLRI;YeX95+LZURrU4I&v35n>^wu9r(-$17ld@S4klBGjvel)~#qUxzq z#Bz8>t*Ts_agMn~4|h(q^^Lh~1=feDy@+@=ahT@*P%mA((~AQTGbd#gP%`6H(WKiLdw=0Rsxw z0Mpi7N39FrZ8b9@K0f2lq#%$Wcut_2;Wd4}@H5`AxRs5swki;5)rLec9{E{_ExI0| zU_cb~7oOzoD05zF z1|oW}91-)MzSyme;)PLPZ_y^ML^pbOfHHIvTj>tXgk$m@c+_U_>?m7*nQ%4kbUya> zHQlUFargHRXIN7av{v%crvwz5O%hqORc;t@uzK67eL?P5gEFZAQS-NQOkJmyif-iG ztd&O1{%e7nqeVDd6<<9btRP9W#@--|xXxRPT2-8VAM=2bV`uHj<{b4J0bt7hx&x+c z;tTZ;m(u(9dN#PvV@n-sHKpD`?m$T<(Or%2a(&+WS4q&ZMYRzUM(kzyo&i>VYd6$LGHpOz9jk;wlw4y&x@dMh zn}pRi(lsr6C|r5qLUfg=@pNJmlt2BD$rovsx9zkwLE06ds(5B8QL7ij9jRCQa%v*Q zWY81BM?w+%ReM8QWiaZC?1+n3*sB&HON7j5UhB(NN8j3~wi(Ogc(hCB*_w2gBb+)u z0&}S8k%(@*So3kleBS#Za~IL>i$VB!p8cCpaXK1MqNMpwmNU;~x`H=Ik}8bLXoR~$ zQEBXgs26!S$D<96eM+rkn=ze%1}8Xhl-E%qAv%d2e_Z#hcGsHkOD3ORpev>jv|d8m z=PyJA7Tez^%7l+}(@k;l&+TlekSFZ8O3ZM_@sOQEbFB`e7%j!+z$ucH4pc%#}E zdLE?OH>%TByygw`Lbb|I$QkmUD9^exoG4$7XppU<*OY#rCnnYaD$M3Nbc)5;ds!Gy zLByplT@;UH%rN0wZ2IP=t-y2(Dv+?pw zw-mP5$I;em(HDfp^;$d4f1XR87S7?u4Q<*fgP07g$F&^3Ii9Ep@T`UMjt(e$b~JSE zsb1Nq(CtgqfYkReE^s*w*4%(4wPf=?RcdpEb6Ihs%y#>gu_d)Dy!5u;Y7;zD5w29u zQWtMr5kMa!1zV;BgDzir-NFmp!z>Qt|B^pEqPm0-+8l!gTe`qY#-NYiyvvG@J2>=h zP9BTMNKvn{0j$|S1-~8gQ3uD4kv8uH$mqsCO4E9wILe`Fh4nTPWL4qM+S!u%QzK#7 zs^KVEzW{k8VcFK%g8h}j5YPA`>uqb%4Nm;>dK@F$jdt)*i8JcNqR8BLsr%EK7wW5J z*xN@XZ5V6iGVk3<1d6>DxEZFWSwaC)O@o`Ay0Oo{gmkB;i=ADU0!6bC@(=$$R5PhmHm1Mh4OS zY|_t25bsNe7GyDFHehe#dTAv+3Nqbu&cgthrbccBZORW^q1}s~Gm$YvQIkROFQrf+ zVj-F`i@uMEu*!Kqt$4YcCh4p~c^!POi+zf?7_o8#@7=+JmzSq6zg*)y_%nx1H1mtQ zJz*j<6hbo@40T2;mm?nXj_JdK8LV}r`}Yk)Ebr}x6Ja+R_*2P&UMJ<&k%ZI;+GWib_NG z7BTzLENd(y`ZlHrwx4{Xv+-?Y2cJh^x)8j(8p8Hc(&2604_K&C6G?C!1q=~dO3XE5 z5+*msRNt!@euKB_`)*>jRX!ZbFVi{1hTq4MC z`VmpojTF;1I3~}ucDkc|HnP;d{!Cx2E4)GVbEEd>ruyL)Ujr5E+)<199Ia^Dgj401 z{yL?^hL;@K25ZIONxzKlu5oq2Ohl52%vLptVyq-hvT||E07g~=k<~g)GB(lZLM)xr zY!|Zp7E!HG4P=lJSws8$c&H{nrP&v$egL{OcTO1hf!LRO{Ho;j)d?zBRH(L($ffe3 zo*eFHwdYw*8R_zRcPRT=CLbv07Rm|FPEnR)H~Tdaf?QPwYrm8aPB`jD^fvkr5X9vY z@ysb|#+w^+>Mqh9brLrHs{RtNGZafN%ddhd&3b+>w0Z@K3I8=SyFGQ}DkSdoGJ_-^ zci>Dq5koA90_&G`^T!GH&Lv>##p>H6=>p66u12e9n_7~W21xpNwr+`+1>K`IC1uPP z$vQrhbt>u;6l=ZwKCgf9`(977CVB#_H%f;(kJ-LpF$eJ)9!B=3xl#;Nbng97wj!;r zy(sa$K(=ZH<;}SYm2aFZ3VWyZ`93EZTyGKWu0xD8vT!RUQPp>*q)K;e4+;9JwCQ!n1 z-n1myiE)Md=i6#JgyH2g$_Xf{q(cPEDJWuqC6%@cEuw=5-zl;s8P9W)m!vPxzQ2?KVzd~A&J!$NNpt#T)o^S~x z!Edp^50EMy$)hgZHGV?nB`Cln{H-gY>q(f2gPW82@x%6pTTJvdhsbL-F=k;77EUoS zaYlPP^Z)iWn34anFaA74Fsc9r5GR4R3yuKgf25**OHFJdB?$AYVSzg!)hCPQ!6}(3 zb5MXs_}e0mMYP{4MSffU?bEW@cX}AWBm6B#{sZH;9BBgGEE+nv0Aj_9r)l^OL2;p3 zws649+7Q=+4c+; zK4&YIkAyf1tsDTr{mUnIrX=YQcThcbLkB@|q2D-?{O$((x2OJC5b>LpH$?f{M+sl| z$%y{d&Eu+hbQg_-t1YD!0PqNZ5Bl^Q-D5j!Fr_eLOuuJH_AZcwAr=65gujJtap}Ph z5V@zB#1Ea~?LhBj~Dqz{icwz;IIfZ;1T{7E?eOJ9Th|g@_Wo! zV9!VWPqv0ZP+aJ762aedh7E3p)c^Qw|2GR>;twk!LyevAe`iBc>`}qGmC$bmq~Onx zI`MDY2QE`w*x+yf=FI=*aO8+SP9=82KqVI;m|6T^LluIcxX{goVt*_JLF!MI4qrU0 z4oL$59^r2bE_JHdZ99JhD_CW8dZ(-4R6Bal92 zLIED(?+&h9-aN%xWB?Bl_y?o~9K}D{%f2nzt3wj^)*zXDf3Le~Y>B7XrI!3x?D9iU zTxeG^iAQ}L;LniiA0KD@=7icv{GPFd+mW~b9?3t8ueR*As=K49^vnXnaEO4`(LuuKM|^@2zZ3Q`@y7Fc$)8^ zD0w3Ke|EZmW}z5f+)%m=0C}{b0`$x5&jkfcqu)t%3X*s z-P00-{M`sLidWB7A2~P)fi@}xU^@uy&mg>iv(@rc|ExekdB}+hZh%n#Y|+cV1;l3l z5wO*I6d;y^2>d=WZ>N`VsUU8S2!9*hTcGw=-|LU6 zpKM2f7=sIqTJ@g-f1G3co7LQ@_7sU3kSgkLdqn)?^m_E60FUr@M;lY%5s28+BYefw@1!zU$B-uO9#J!0zAUsYH|lPp8~#_ z^9=&Ii12GxRyI~HQEm=#5e{zl|Kst#@YoAf5;~Yg8M5mnESbn7f(alS(4W~5hM>4m z3y>#8LfAM7dSRM`{}VzPgeDpU5JMi}Z+nXF|EQ%S)cW`7_s?R_Md8L1fUF_yum8Q+ z@!55srkF?RUyEHHg5pAF3G4n@H2#qK)4|vxzxYB}7z*$RfA{}ZQ}-!0*CE1BlgDOy z;)g{806fCq!n4Wx{}~errr&kY!4{BVKb=b-xJF6@i2;C1Zs31yO>f%upR6r}2>&@& zn;|GJbpPrfl?gI1y8pY8;InSA^zlOj9^r3Wa`6m)9~Y!xBNd1*e!D$su!^@K4+waK zzok1gjsI9)50QSFl&{VgpWprh03P9Q=?N&)|F~Xyo}fc&gazhP{nzT0fuOk1@77HJ zopy298f ziYPqO+q?F9CsH`N$C@7W0&+d@dPgZX#tPSJLxdcJ2&KjrYN<$+(qI!)45>jYiiB!| zIW5I8n5KXjG)+S&MEpZcq=~Ij6QU9te-N9NNFYt&n$~Z2X0JO(_wtgr``$PE?#-Jw z^ER1Xme`KQ%s=IRJ5GPwP6#Izu`I7yOn2v?ESmqP@=EVI%nlwXtFyz#*PBHbc&gJ~ zuoSG}`1L@u2!WSyDnj7Nci+5L9U_F2de2dRN(q6MvPoZh2DCEfrE6PjIx7g_q{2_c zQ!+T8*kRdxYo2%FB+?WoRlD{5RC46&$+fH-$}%&a2WvR?bjx;Kn_<;zphr6Syj3;wWv`+svX-_QJRd6M+0BJf=Dx!!@c4D zRG*V@QkB;nrIf`na{S4iN2c7#AI?tu*g*hgryK=qXosK6Hk;JhRh-MeHg1YO%gQlD z`OFt|(j{ztZ5q1;tfBepq451<+jPbUXfEr(RncK}3-N-MC?T9wt3F7$*%0(9OzYRQ z?K^(Ka1c(aUT2$ISg*@EaWQjIo$alI4JOpvI2H;#LkK4odZNoK>=tQ1FyKbLK9~mH zJ@9R7)Ta?nD$x16SKc!cjhoeE>DsF2V`cGJyfju4jg`dXC6#kdH-DjZL;LXG`O+Wl z_uVwWig%_RwhpYJ)vV65Tehn_m--@^OPAL2J3Rw2kDZtGG-100$!u!ij)7wcY-hian(LTN5D^%m!cOdt4}URX#A9&vuhgZl@Im*E)@NcF^# zgh1--=>`lGGX}48pXupBzT~88yWa|lf2Ol8uKqF~*!J%+p^~*76a69Du)nFLv8g43 zT|HJvSkAD2WCG>8?a04T!~(mqhB58Q{N%)};(ND>C|+9`r2gHRjoY_m=gcC&l{><8 zUt>%CTqfDKK`l~H1I{pI!`RHdh>gNB>Hddc4ejH3kQJgX@Utj#e36KxTCgaymxs;F z;Ai)+Un;=9!&M3Xkt=A2s=_kV`1Yws7hcXt>QK|?gdDHVOeXLA9A@iZvyx8Ri=Kjl zO@vJMXD+NZHLR2)WHUBj1=tN>ycN9b?9UA`Rojli3)pF#-jB6qqtnHOhw)3`LE@dE Im6VYG0kRv1B>(^b delta 289852 zcmce7WmH^E5GAgIySqzpcXxLW7F>hN;O_1koInWf9^8XF1b27XNxt1ZyZ`s>k2}-z zreAe+zv}9$+x=z(e!!Parotnu$U{P5f`P$-fqimi(@sQIh5GkBLz*lDf&QIQ{qOo}|1F0!G5Ei`>y03i8Ib?B z^lWmfs^S9%rs9)chiO1qPr&Tu^Y6}l@Mj!ws^rcJIG{?(BG%BKj2%zp$9Q!2Q~*)T91S8-m6IkBS@THammv$}zP|Y1FuCHb|2V{Vfj}ls~E(sv(EBIc8p0o>l3!e~AD@<3uW;KE=3Dss5ql{!joWZck+v%w(@(Wy5r9W0rg`#!PFOvZ0cGM&^O+fc>R=7_ZhunWfqJHQW1%>DWTqHZPd%ug zj9xA4_gyw}A-I`(@3x+rN;mmgKN&_RIqAEslI^UBd{S&~QdG;^Je?v}?(FVm&t>2d z8wE#onFiz#e%}c^{t0i5J@_5gX(~8y0bx2vI=3;61nK(~C08dq% zH{}#0zKF*-g%{tSY6#+^wyx9dY8M#YWVLG9U?y3vd;hDE_mj6S%(J(qzTnwrv4m~| zn{jK|NJg$Q`n#M@tmxEy);lTmz9M+U1xfgBMKxNBBmpi2JH$AxEDH%nE;4QIxU$y1y+R+1C%DV3Cc+h9x9-=Kn}(gSl717x5) zs9yR;JlOu|89(sfH zB^g7bUMH>I^?TyBQ^{>3Nk6V)8lV_ioU_lOlQc4hTkT+R7YyLSJxTx)GaaH|K45#4 ztPP5k2dtNy#trU^;6|9q6eJ(?<&v4ZQ*_RPANYAawUZ;>xpI#nQ0X~ZZpqO6mSFqI z>#?f;QTy|#@PH*S(3v@IHXcS}IZW*X9m|g}@OM?PB`k^%gJXkdmv zL$g|bzUIu-8>|Ns%t7?}Yo|o)BBVvUpy^?ppwXpHvR%#-Uiw~lX1>(S#tEDNEpQ7a z)Amsv#q>n9{|IIWm`1>3U{g?>-8rZRomA>7(5y&qt`Z&a*SK2S))9A|SCcMr<(+YUH1PTkWb*CLlG>ee4=k%N8bbqroYCdD!u3EVUk2=zJuO7aKN$rd@;>V*t~q+4dp=?!ibL zfKM}w2N?Cb2iKW24tN%=;3sM0lAcj+X}jepAV;l0J$Mmrqf1njkBUmNXBY+SzOo3$ z9)Sb=AU6zv5etZp#v)CTa!MIm{y9biAE-Dqnd%whJbA*D(Y~SnP$dmDHfmH=t}XB_ z6hJ3wu92hFfrGDhLN3O$oUPPiig70bA#w>4s^==5Mz^dK?=dr-!S^KM=?_H>Co_{J z<=YFmhFZmlv1_+LCy#Ck%h4aUL1RETr@5-}46b8fn{!w01O=_9cu%QS-bdgFC z?}2ou-p}jA>CNr?$z=-2o_W@F zB8gi8cE4gwb>&k|>x{TygxgZ0+gAqQXltbm4FXNCW zY3EvoydwJsxylgI@7bH5{1euOeOB?N4Q1f(^|+_JB2V!HEbt-3y&**FFo)^GAA6X~ zf)VOgtYAt6$K7Bp!wU7eVd04`6kz*6 zJQFn~fU3`WR*sEV$_2S@U#6Z2ZGXn6`7B%4tT|=&apQWYQO0|00_A*liOvlV{vLtg z>wK|PpW=+z;UmiD--u_PBn?PsW%3HZNi?&!a2K}%8GIxU$YJ3v$<ngnF^0KZjO&V%GtX5A4@F*spu(waM}NWpkp6MQz&UKZ|@0R}c+D zSznFw1|>3-OgAGYozdygnMUQNW-eZ0?#U^95P9Ud(`nBJ+dgdhBE72}Ih!<4t8xc| zk@tyxwmRN`sUyF@ch^|o30Qt*>Rc*&Iz{0wXxemqHZ~P#{jE$of9=#bzG~e8^fR`n zoRp_a{S|c8BoC&^P?@{Woos|WGiCS@c7Dcv)+yZN&!qR!V20lGezWmRvuxBSo|-B9 zYPU9^Cj!I}6N1*thx9suhtsCm-O+gS0qY$v?GHnPLI>QF;-1R0=!mmC?pv`s@8t0u zv5Dp>#%xjxQ*GTfM&IYhtOBusMT@}#jxEWin*t18o?<>8vqK)|-?BZ{BlQL<@={MT z3%t?$zT0IYo?3#nhe}->S9`x$^V=(ztP_2>_T>aySpMS9&-NZLC~?jFNkXw4pUB99qge?iyua{$b>0pF{DBB&jf-n$ zeeQKp0t;nSV%IP$T;mHO5Jl7`ez$$Q*T?a;ntOQb1HglGK z!iCVshG+-H=(Rm8$?6A6TwJW1Q$vVkU=ii+NwJvIcaf;7na5mh|e+O9=SLKxbsO0U`m zQ~e_cYfg=ZI}FZ^7X!e-JJFhb341^4n)}?x+Lm9!6}+nY`H@wAG`S2lACM~YuyCIb zzSd9zz`!c4K}p8{mFxtkHHD`&fr9`60wf4fAV7lv)11}>J3jC)L2=r1K0cKP13Q)f zm!LGq_`qQ){L4_n<;xL405r>&Bc+I-{LN;jy?j29@1ejzNG@!`N}ocOgUOFwU;rlx zr#(Uf0T~1o5Kx%40sL!Pu%sai)essC z1W?ly`Ja{oYyEe_s}fiEs}eT|Jk764yfFVIui@Pr z{2&N`AlTf!Aw(knPabs7_0bL$7}yR~J}WjYI8naRIs-UyGYz@$Db;`CaAbs=ab!f6 z$^X?)8?V{U#s&k+#{REd z4IKTG*t}{h?tzB%*NBkveO$9?LDJH}@m`3Uef`7-X#dHwJxovKh6V@YhE6Aw5yt+{ zy7D*wT32MLcynZ_gedfX!X~REI7t58GyMSF6qySK7Mc4$Rbv{HsLTCVD;;DSM9m*o zl2FM1bqdx)G91=Jsu|Wpda*D)!A=J1zw1>(%;8l+pFm&%ffWR{<|-j}<^NLr@OLM6 z5ICCOoj9M@|22yCWfqrP3IdE<>R+eRS0{B5Q8>jpIm9G6xTVkC1;H~N)I;}SAD3bvxt zTvhbKA~G^Oq-@)d3)ka&?d~v_b=Oau4<~N?Z7l~UZRbxp2flez{qt*UF)X+M7;)t7 z?d>ufTiZbZ0Dzs`i4A}WK8kTl>;wZ9fW0Q5I$?}IaDV+Rzy$Yx)%*Wh2L3;7EWGEJnB6+TPy$n%f-`A+T;WQn)QSJ{{57 z*_o7>SZP3U)y377907RdZ(~Sd$ zUm1x6#JdzUanptuPwSo3M?#Xt=FR>$pdY{(k~|%GZ*0S+9I3pi34DH@d&VKQygDYT zyx}7~O+E4jF}g~H_iVT0)n(^~!wN-jJ@s+_pn?0V5;7%ekK$=|axi3S$~-Ck8SBRj zyAx+*1l(^~d0Aizs5{e8KRqL3>>ipsz3=>~Ry#N6HadN}1EV;wCvX9!>;Z!;Ad5u} zfCe8pKUtg#7xKxf&P=~4129E~5;{y{(#j_UF@B)u-az(D^as8| z+R6u=1aU@!%8tr9Klz+m0;8ovM&Y)8$pTu0FnxBw1vt6NmXfR;w$a5PeIcwd^KKkv z)bYHe#)9EA8^ZPq$RWhk(AAu}+BV}QIir4iR?Or0gn~m)_x))~NQ6UPE=v3Ue7#dg zPp-1Xar6C?_x5*ktwO^Z5m$om8c z*&2ra?CnZ*2;>l!Sa6a%Ztg{!TXq}*$M`)pfMb3EI_LB9ZQndD@-ATLkd@N4adX(L zrhk~1)0!26IHys#W%!sAjc*T zb`Mj2E97;p!Y{}v%TBdd=dx2AleY)l`@rekY9(TmL08OOLbFZ zxnnCCBIL-A@PRYZ-?ae?fme-PhvG6*JanO=qrgQ)a{&odA{N8@6qOjk;#d#ND0iBG zI@>Vl6LS-Qmc%Om6P@ohEF#;mq=9D*xQLUJtB9bEn^}EjE0=KX7=ETjBP6VG9b*s) z@A^bW_Rfb@66lzssX@#@OG`tGjGt3lS(ych^`jIZ`s>X9PMpugU$+U+&cEFAgi`yG z2%mj$P-y2Qm&%2Ph9*Wt08x+U^kMK0+GeeVclPDJrP`Z6ArItky|A8we;R zJH}txuB^1V(jf&sY|FsE9k%8sZQWK?``rKwUxz_lCNw`h%AAIYg;fGi4gOowfUp92 zQKGn!R5j)%`@$AzXD2}-XRCT8Os8%t7bayua$H}d&Igh%xveM?Q zu{j-JV|z?DQH}=>f6dkC%Sh}nX(=RBQ~Df6Ew{)Fp@@mFgSvIFjfu9u7c}KSnnXvo3ERUB1mnFSUek49f*N7>|LENcyq*|Moa84TgtsS0x#6fIJy(E%^xCjrKyq9zXFn|?d zR4(+c=xU(r#e^oUr6o#r?Ge2JoIGQCS5X{D!s@CG*=LO_+L6m^D7)zL&o7o|BTEB9 zLwjZU+@aQ{Ct*6Aud7FBYqx)zCD@E_nw;W-Z~X}4L-qZXff!{C(OMb#_%U`0laluY ztQ+rF6kRXjRaM4grd&>iyi3|MwxL-D%YMq&8i#mvit1xKOw>a{+dSdc)@^;;Xc8!#1I0+KMo zpd2o!2YS1|`Zp}9zEiQ^?P~3t&=5D(cQEE7bt|zrnz!WxUCi`a8jPn-L32q0>!O+w zky?_67+J{3$EGw9NF({)YJtO5zd(|gkf9)4IMV@r%%=Aq0nM?fsIPgy)lN=#cFN6Di=?mu`tySrr$MkT+v6@g$^cVB^Q zDldaUpY3sE1vZ_6SXIkDUAcjEaFO!WSojjcT@IvpkaqE+CvPGb!0&?V5Q0L$Zs_RG z0GJ!~9aA$)=(W3bBNZKikZfrcRQgU5;V#KN3#!ApGUY>ie|Q_+Bj6b`MNk8WPZ9VV zW!JBqK;zqbFpE!JQ&+j{yB`SH^y3xEh>-|15q}2$_)fmawmOM(xzETL5uwLL>>_aZ1dpw4$7j#Q&}T6 zwv++gJu0o|0;((j9k&~MsNcxSDh?^rf@jE3U7bC!bqWr&(82z*1>?Zu3%7&lp}Dzy zrONW^R5}KxLJcjots_e*Y4Tgb?3I7K+|2At&sUn?5m_quFFmc5W@ z!>LmWy$O>aTR+!+Iy-^6JCJe_Y)Po5d}>1ALF03CLjPHBBl6z+DIxm-qfZJA`z=VA z`W-gf*u3t4qPN&r8!#UQUkhU{sXN`}I%X+k1O5 z#R%WmXHHVjM(I1T-Cws)D~};hX&2CV2Ji8*!=hatK=xkcu{~dQyk13xlv-V{a)tT{ zccQoj1T($_i5bZlSUQyF9B=UZs2q=2+Fc7G?>waW-KkWwADV#Eq1fl!KSlOlGT-sV z_i$djor<-i{m#vcg8J0D&R+Vbo8GpOET#Ih78r?oZ{8$C9)$%1gP3D_zpQC15oTu7 z0UOnPfm09Nh;4op_o6jcPENxTQ~K{1+BF9L@Y=DUp!09!KL-zw1aGjj>*~6g&E4vE zY&%B#$#`!Tsvma8RppMTkUY9n`B>Sm@OfF6zAFYwf|Mh)7b%4G&uN(S7m80GUsB4K z>_&OARMJwht#iuf(&ucV7f_Pv{b6+&!Tl!CR@VqT}xe1H7NKN-o=8y6QB z2-UEf9MEf`gA9tYGnBxVNDK^^SHr@?GE-8qBf7>%#T{MVKl%4w|5$LL#4nynM(xh^ zigESiA}~$S zm8nplPLFG|_XO9D|5lWwd&NUOT0Xk6?r|_WE_(9a#~KX? zaxSWMGCa7c1#6A5*U;Qs81`;46c-xv&&&%#Qvqu`Om04DRlx@pa zE2N{W*^%}eC~#)O3}LH`Z&U734ddRokGf24M0&C3ArzDpgP|NL)_ppGz;w)b)^#-q zjHA<2Gf_-es4$C5*id1|tj{dv{;OGu9l}4Arvnd?gji9CAu9*_#5x9CU+NKV;)#Rb zUkVU+3x1^Mc!--dyk3OZ1hNoUeSfm587YdEl9Dpg!8Kzcg8XY%$URN=Cx#e17Zc+X zBYRVRFRfQdmE9_age4omWS$nY6G&U}hq?1jp}5OAzSa_z9x>;+1KIjPU#!vhGd{p7 zjt3wd`G$)*L34%XeG>p2!NX3jCdPMH_M5N7 zLVotfFjY{%G2&upceOv6itRNSh9n_k#pT*tQsrM=I$TY&RyO)NGWpaE26J&SMPANQ zjbg9@YkWl?jTVx?59Ew=+24Wu`etc!({*M>hj>8G{uTH&zb*~`)99$Zi0n}#tu{J%Kl{L#NT#@GwudC;V(t-1XtYZ_4dgK7I{`EPR>fF% zVTfwXX${zBWwY!EjwtD)k6LULl3(&18zXLC&Obxq??9|gBpjT5IXql`-0yg0Lonyw zyq>CFZC1?w(slJ?Q%Fjl712HA>_t2=1CHeC^}WKPe9ugD5SJ~*@7(e$?@Mhk^xE^o zi6)P2T4Fe`HFOVJQgSe+`>hq^aBu#G`k$SzZ*F|-*MD9sEsW8Kqmx*uZwaCHoTS^5 zs`r!WfO$9_7U5QA(o9knu%{C{DditTrG(2+T-g2sVvXGMlTP8H)9GnNla$OC4GcBP zv=Pv#GL?QIVu$oZ7P+0wWQ~AObm5XNR@L=FdI0_s>^)p+eThw1QrdnsjDjM1^l5eS zr6-H}=uDDXYxa(OHhwzPx1?>xm1IIvwRa+5(;@TOEw%sH0w=)**#1p%`-=jQcG_;9 z6m@G6TRvYCaP$T~8k$$G9fy%B41qJBTx=Ew?@tg%xxZr|8|iVFk3a2m%FolSF2p*d z1O5EfnV9X#=?6!YPZHXJSP0SIMe*r7tOi(wN_A-u64Nxc6~%JNtU@2QR|rVtjim6qS7X{-%gUpE~HgAk^JDhE`;RM7+Zh3 z>|IAA;*5JV>-;=5wkz&2(Lwpks$fF^D|^P$GY3n*eY^M7R*`};ffV#IFJSnPo)FH6 zLyX|Oob8*2&n})xDgLsXIJG{$zYBXy7t^HF0984N(fAk{<&2<+N>e&t$dATJ%TgI; z)k0AGOWGHS9jq5|eqB@k_jDzb2i;U&w{%VO>`ZQfcI-=&t!vXSK2cbS(;7uRU=?Wm(^*M!~&q<2&93!0qC$;AW1t{skApm1wYZhQ6pmJKURKi}VI;|G|u z-S;UUPlIL!pQJHe<4u_*(t8KI=<%4ahPK(zBZHn1G)f}7C87|AXMvLOx=X8#R%d_( zlHzb9jS7>N`VN&tf+1n1iZ};wm8x{1P^hyd;oM57^eL)vgn8`?S>h+a2!;g~C*d^Z z!BP6m*XK*hIAOE~6*r?!ja<~hq4!wn-z!o@YHQf4YqQ1*Bs6E<42q=|jZ15N*K6gf z#XBF~G@!(F;;*g=P^ofz?O(ThS}CNbn7m(VQXngP>dWYgTEoPBhCjQV7-*1LW z$<>PsttOhlM*Z7q|7^cut~;~a<9xb$7?yJ>@?sBBxjK}>d@08+vG`qh!%YuoTz8K9 zUTapgiqYm~8su)=@L`2H_~1a@mY*W6I@kHzcPD^&Pq}j7c4)OzmH-P&8(nkf=k*Gg zb`{&Kep)Vs?Vdt*5E@doa@Ndja&9tOSC6u#r_g z8QtJYdBkD5vsD8!syBq!9X2s5b6hj%5ti(~aYW{5E{k928flM3ncBA1M>JFcrgK-f zfIhXaTRH%5Z5>gGiuIPe>V@q`^9^CF`pagxBHY*Rp{YR%ptGufgLSH9b{S_=P8Mts zLFHf^Go5keAOm6Ar~0pJE!NTY`9gj_R~sk*FmpD4BkYWU;_&UTa1=d~t2UxVly_m* zQ4tQ?D01ftf?#WgTYA=S^rr%-ai!U<u`5=~;0k)4Pvz^sHbTn{(kb7)72J+i>5MeEdK5o&BNU z&eM2@l^o(*Cvyaw$G3L|smz9K1}`>&PW%on{U$3Uf7d#9sA^PgW+Gvy>)*>*Acqjz zgHSgu0dH?m7%5F|wgQc+WhQkmCcp4fSXD!JXbrSvZ95T)udubEi%On7QMrXYUWAH* zFMdiK-MYsbbTS1)a&I$x0S!B5Il9mKh#jAs%13<1z*mq9lsGBU6bd1Q`NUGZu*wGe zv^F1})8(<-*dxEz4ZQHpqTPVOMi3Gbq8E3M=r!pA2Q3PvM8p1XHd_|q{X?Jly^nE# z!1669h5eAWVpVp2nXp-p(8S<lz$&c^ zY$jsSC_u%{jfHaHqy}=kyrDYF_1;w3^jrP+#&csq>P~AEfo@pk4RN+4v5 z0B903k%5MqpN!SB3W;LO>h2?$(Ax^D$>)~v-oiS^-2u} zKJtj6XGc1d^65l4hOX{;j&=g8U*<~f!!0j0@*iN`q@Vk${R!Plu8cB5tt zZ!=+*Fimi>y$hSLwCeU)g>mVNBoi33xflv&NBH=`M zNa%_*W-v4v>sPwaytc%YoS|aQ!HTP}euc@V0ldCl;#J|qa-j=B!sUJ69pf`tbawY? zr3PgqnXTKFBi_~i-L&ncIz8u>W#r%|pTAS}J&51GW=uJ^VI7A!l^KcLbGdJOfJ%`u zh_xCa=CW&-3k9gi?kf3WSFGZuDQHv6I{6)1qV@_?^c#B;O6afo0?_(>sH(@5RZbP~ zD`tyKg1y)}vkkl{@;OWjswpy-K}xM4Y9nnZ^q3v6SOBldAtsylxdLMovIy5djOe7X zM|<3P;?1=_H!Dl-IgZHZUbNn@{S*{j7yR|iui&IXKyJG=UqBL>M2OeS0%!4bCDpP0 zB=Mk026#@jXech!RU*4{d1Wc_*=CLS{m+OTQ{0U!rTRqN3qnl8SYm-va=)|tXfw#| zmHKu#i)c++SabA#os)r-AnFJCFhcvQ_dZtuk`oKF&sm&Eg9WDzj>@Ie;@5|VZ zYKoyEUb`kcWESjVsKq{d(ph!3vdB$Xi4;Cm&Roe`SmjU)&(3UFw75Y?)TYl7Mgbe` zF=sT=llA*5zI-j-PI}X*X^N8!e}K38ffze#laAX&a)v^`(eO}STZBtLC>}=JwbcEQ zpR0pu#v%+uGQ*ld0v7AM;M1JfPLT2&L*jCS$*k}=NRp+rAFS2_sIAU1bIA9TpC}v( zs#Vs$5;Cv5MjAw!Nc;?Gp`}rLbpaNMzFD8dl#70L=9EbF%&GxXI~-f`HT7gBwM0@v zM<$Fe)zFwP@SxO)uKn3G_ERRu4F^xvWSCB{K!5FTV^Gp#u##~~3&fOiPTvc?Cl6-*YjJ{^Q5 zl*56)a0d7@JoZW4-nzP299WC~0^4mOmzvR~+(sJ)PFzMv49I4)7&Sy4q*2b*g;w-9 zYXbv>DIRu6g9A#TYwOuko9uPn=f)oLAOwjZkYh-(Si4AVRvYD;hn8zy7|Jso3Ndlky0cz35Z#hn4DalbWYtf zQyWj~$nE^w?a+jda#6gxKOZiTG&m)aj+)tOexF}PN-ZO$mr(V=R#jFPgDsc&QJeva zW43poEnpb`cFUP*)K@dkQsIxZjah1js7CZHaxo_I7kF{V{Ry+=zehxhFv4@L1&AT08dgO-NIxYdKC2@4|t zyFWuo(Ru{7VuB#uo7bpa5dQ$GnS|66wCOw@y-0u9stJ<41)F;QDS<$KjMw%QzO zsP9V$r!7QGoX4lCI`dP=@A=RD*m{`cjjo*?(~+M)*=GLku3x(SP?VdbJ}(BMprCjJ zn{(IMwB{MwhBL^*#b~8tYiOU%Y(ufJmYgM_v9Y*|hDEQ<^#8C(Xy|Ep)7IcB91g+% zT}FeWruOOu^oEM~bA$mM5o3CZ?E|e@{CnKnynJejo>d|pdQ%T9sHL^w$IqkEDRpGe zx3;-F3Mm8G0vaWQ2O04~)!LanMLmU9v6-S7WFkJi=$y46nwJ;YLngh3!q@U_hGhAaaH`>fWQkkiXJF{gWra^pIJ-1yLBMh~=7!l_!aUBtx(|Er_LqoIC(b3Vfva+tg!^3B7 zyjRF+JEjyeEqso(sqAF@1KLk>1k1REzwv93EwJO1T!`vp5qcOY(4 zA+Tm#UZScI`x&#nOR#n2yBvUqH-SSGqjv(dN=V#h9kJC)HAhS3#GuzWp}SoD;V5cF z&IA5XWkGzzV9>j)+F$ z((87(ll0bNAq*fz#GLa6opFfRA;#7c0{R)C3m>WIHhOh|YvV0REJ4-5O{ zSNu0 z!)y?jxv)%#$*v3I72?`srdt}Y;sz9*;gm?h=NNcH60Ss_n#GZz2xGO>fz?p`3`8Be zp72O8-g3QVJE5?+H;pgVSNa90K%IMV{<TD8Y{CZ#3KRJRBwW|_sWuW&$rx{W8E~0VO#M+JHl>gDB+(wO zZHP-d&_*Yi5(?It2E@g6b)Q%@fWGtd^B6<11URy#je&qIwd=>LU5YK34_Jo5kz^X~ z=cgw{>$(b?emPf7V)vh$0W7XOLaA)qjqENDO497qbfleEZz~qYApRKC zQ-!Qu+kUV92hAP*K+QwevpPIYs`u+0R9VW&^9n-8Yq{*wsrKcq1GZ-1L_e?IIiwxN z_$cK&+VnWic|Gb3dlZ?M=_uw~M6tAT&F8%;UR(wJzfbaW;OM&WiKMF$Vs z6ljUYVJ@$%NJtaI!W}TOU$;f{Y+|0W?UX;U3ebQO3K@+Il-$8Z-KA3{=~!(oEji-`tL;V#={TT$Dff3%79x0%lOjsu z_vc=y(d&GteGD41z7wTEKHS}J$-gA8`nJJM`>~!|0ND7{1Z$o3coqc8`@pfxS{eY{ z<=7X++xvU`a}x}y)KRI&T#O{WQ^>WFsOKyZrf2tH9P_`C2G=;h9PUa}t3)P_xdK9P z`7~=RQXh}M%K`i3bF`NtN|m=9Z~R4Q&sTV0uC83jBMf}Bb!GsO7#yMspZ{E75|6!4 zQ+_?&^i0XtUN{%$^M?|Qvj-*p=01FBRzDGuk#lS;Eb0+oB3X%${`LgnhXi9iM=J(# z<_e^5@8aZysf{=SKiK?c!XYPXjGFUR<8tE6mWC}O)S?wD zsfvE%3M$4SYeaH?!V=x+otFsSILYxg|ID~%xe65_fjc1n-JX(ufJ1c6+~z2BjTw(s z1GV2D=3SNT1*y9x%!%65+6X@sOt?}vf-xc4x?w<74=j{_#w9zcS_g^DpM+e?oyb z5}AmdY5;L$t?znn{>xGyM$NBmS*O)*c*pz}l%%hdB>6#>lOEED+AjrvhWG5fJG6Q4 zXqoDft*dU(=JhSXl20hx;rwDve4c+I<0+y`^oaqDsY-n!#zs%F9AM3z1pL(^6qp>z zNDf*7!tmjT(z5VmrZ($wcY5DCyJvuJ10X))ug2jJAbwyq>Fs%5WUQoK{3tCVTiX(2 zf+jb28e}uXptmyni)N|DM(N?e?QCrJ5wNz>T3d0i1LS-yElVN3DeLI#zZDD4S3Eri zMq+AxM;F(0I_le=NY5o{TxNEr>41TUcPY3ke#C3(+Z1=Kfvk1$6u{yIwrCY(K0}mu zuWhb!h!7g_SoVmPEO3Vofmmf_?=frBBS|<@De-(gSV+D!MimQhGedcQ^IWGkZ?DiB zH*GWDQ272hP^$DbqGXtN1_$yE~A4hI&r^UyLP-L4U&QfQ3v>l zKzsg*!E3Gqvs5ggM`;4WTU%QX67jp^&Pv3YoCX^dtqe!i?m_Z@rS%9hF4#TTnTZNAEmi-#0L1LEIqiLH;`}L2Ue;MmN?V9Dgzb|C5SCx|Ei3>XR)573C?~bC0QONn zcX}8A_Hj^=T;yYe`-*2vK6|gVQmCW04`{OD{}Ayh{2LS*hoh^zfd!_mN#>zBp#+ZKxmbt{%r z2+*+;&>Kd7CUe%D{o?PImoGnp+lMgfgmcl#A&gx{CV^cTk1e3%Pd;?Kyu6jEsi_k? zgVDK{RC4zr;o)U7%gbJ@IRlJ(4Z~i~9octZPH$UBIxycUdVX#1WNr{9UxuNhC*Dc- z^N{b@S_QS>P2^K8#WC0kCeVXOf&?E8%w!o!UPppya*D!krR;!TyeLDwgmVY2+`f+* zb56H*0zhSMcu~^?DW7Q4jz3GRQK7mU`yktkzbn~Z;$7%<8R zXNr5E(9{`bM3q;tp8gZW2QQY$r!y9l_tO|TwKRkXRiFibmIU!KKNwYzHag8JHsO7M z>5;i^F)sFouDQuW?OzURC5HF+yOPtAl8R2(+aCg2Tc0!ypwBaUO7@0_Wr*0>)jh_L z-YJ@D@CNI=8mX7Zo)O@>IMXPy<8xze-Pnn~@qnohH9MxPY!-bR4mNLdMi=Mnk*+T8 zmG+GOfN`5Y=MWVLbv;kg&++x`XdL4LKHflW>h(+mcG3c-)6S_wnsma81hX3wQogCQ zpB^X&Cv-1;8JCGmNsR#oPkJEjnp~3?t501oGdr<_~#@#@b zt!=HsYzz!hGHUtIX9cL*e5yZ5Jhyu1Lg}zlJ{0H6>8Olohy-l`TWtV(yRXs22i-5y z>Nv=7Csuzi{bupGQmkRgmptP_AZA3+*NPWAafd0Sc%cRzW}{lNDLq0dsNTeq82BM6 zDRl^X5O#4@1Grj$x9H@-=Yd<03ss%SM9v(jX!~ax&ep;|#4fY4vf65lyEllri@pl= zd^x%RenEiSDgM$w)bCeK9c;k zWW2jLX;AfOOTtRI_NRl%*2Nt-o_bdb#bmU*%A9EXRRm0YcHozw=rGW`3V969l-&RP zQNx@=5zW31;q0kZ&h9*-6QtzdC1EV#?s#NammMJ1OCZp1LYi1Ha=dGU2OeSauqug1 zGbJrE{T;Q13>k77`YMOFzB4Yb)3&F-KU8OsjWwIv0Td(Hb~)XV?R_!jxhKQ&d;A@u zP==U##0qhDAa&#!iVrA~GA&5B7!z!EfQ@aDBh!Jt63A3djW)6e2Y ziy!f^rQS1G6pG&qTd>QCN{)@@;XAnw8MAR$2ZpjsUjq~ns;=ySiK0l%ms+n3bo@Dv zmwlLI5*(}B{zOW>fUm<_AME)dqL({AoVM`?5B)LSn53u6GLjBE$tP&g)F^c2rk@rQ z7yT`NKZTrmNoZIHdXF~yY~}Uc%xyiiN_LGx!<_DH8591cL6`&HejO)jfl>8K#i6Ws zs%O*&Si=F(BqS$paw+3%)q}99uC9*U$39~c3FI}^ta&AoU4m4B;rW8Q3oi1T;{FTY2BUilaO`Dya{fb6| ziy;Enp`6(~ax4j&Z}K9e14&Pn66z!j;53l^FtVy#XGr^ePFp=2TLtZN>y8^)p|v5O zhyNOjb&HX3yT{(~_ZO2WgD=BKlV19&z~}2R#`Nr&x8vhujn5*#T3vBYk&uu&M~n!< z?ttK;r)OvE>guk4`Yi~~Wnee6reyCUDI#kA2TflYmPOZgO?P*vlyrBOG=f35gmk0C z&>={7mvna{Ty%FMAky6p-*7+g_lrMpFtcaxGuFA*+F!zh`A+7`^hha+u@r_z$-p2V*W0oj?~oOA zL=uD$g?m`oE zpoj=%zqI91L5FXPWF$2eY0<}}hC+rxn-hbcyQ#~Yl_o^FGrvuKkA2)o^fmNoZ)R-S z{^)lM$jxLAl@y3a8l>@iGNSzazKVx+Uvjs2abpQN&UPbST*0}&HOK0))>6lUH7uCN z{`eP+=>~4@?%b^&XHyz_bbTDSU@%msyEcf9Nm&$`Z)?o*NMt38v?+HTG|*^0)2Gv# zoSHhH8p{yI+~ohJtm_+`XFZ=zm<$G)qbdN|)?M;SSi+&aM%`NM*dZI%tk|FLu1xRqD@oLY1|Tf%iNh+{@m2m`xg-caZ19k1-8x20@#%7pSdY1-8K1*j@hYQ#7JuKfS%+&EX%FlvMb~ zWYyO06tj{45`~jz*46;v{XqxM3H7|+Gw~}PU-uYi)D`*6QHPLSzv1^uUh*{@*m$*` ze~BeC4qs?+<5{XUMq5-e5x|OZ8$H;3g7mi`CM6`4?(gjd`7#jgSePu~S{6AwcM8gX z{K!lESa>8jk;BWvLq0}K1PMn$L7C_ce_oHG+J-?zIi<2vkbDEs(gn)MwqWH(WVr>f zQhF=l{{HY4_N);uJ^{$=Rln`{p`jzU#qySIXM~;crKM8WC#&)FiED}mJyt)6v_%2Q zp*SjfJC)PQsP%J-B+`M^*(97W4GXSns60tp{ng~8X^db5!Xgez>C(=QhR@&_$_>~Ti8@dMQBJN z26{}TbnW;kO<5o&qMma3VxZ{XilJ%k-Kn?Bly!27` z_&oTI#bn5n&YJ@o;X<&|%lanAQXS+D9LPJaO)&INlE#wz2y)u%x*EvAJ zgv{#q9)t%|{UV{JZ_s_4U?max?_D}-&UNDN>#$`1cm_!2)iB<~IW=4Ho7s}Cia7Xw zXm2Uu86WR^_re4)hf*ta@7S4ZT7KaBJeNjd22!OXax4%|)4Mtvj!<`^Iz<|dB@iAB$TLoOjzzl zqyA}E4b_Ycm1yvR9Z;2QbjLny;{o|(F0)sT7rq@hKbe!zcDPbY77Cu8fO0A^cNdfe zx_#>d#*fDaYJoeW6hnBea8R>WX&IZ7pAN8G`rMpaF`$j%SZ#3q1zy)$>meb^7`5ob z+qIG{Imgc#upg*dySMzQ&*+!2eFKrwHq{I=JIOeb>HR~bKAk>4J(L^YLN8iFjC7oa zo-gmew}SK3#JF^#s%}rzCGCgJ6G7|1%vDdm#{z^u>j5@+prNj9G25+GoVjGeQ^TFKI_Y`PUNI$>;Hk>Xl)>duK4JX!0LpY+Ik~ zxv=`}d>P(>DS50^~uEDruPdg6-N?_IvoqH{I!bNlFtjl?NhTMm((lM?X~*H zBoz{%6?kJK;sf+OvVwT?b81sEl%_N-?#@)r*9vYogr26!$lt^KS0`?iinmA|Mk{0? z#td%9D^KIR3=H9MJGi$iY@>Gb-rjF*rDBkI-*o_({NTWIwc_EcS~gdU<1Ylq0E9M> zn=t?~iFP9H?1})&u;2uOw|c;m3!;BhZVPcQ!#s_Tm}03MKkgpReIz>G52NM)O&sGS zBXa_d1%+%AjE;*8()#3vwN7|A&N63^8KG0vEpN9j5kx2^*1>)1$-8Y2M%Rna6QlL9xaWI%z}fZ(k>zP&aO569l7^M~ zOI~$a&l76arRhkEA0eal9!rLEK3KoY@+7Bddsb)UM&&+h;@Wq8)N6;hzYBJUUKhm@9+PWU-8 z=YBG;p7dJt(YBx7Js<@t+<1f%`q?O47J5IZJeYHIhn%t@&35mjs;J^{ne@`WS5Y{TeCuI=ayAXB0;=$Qlw^g0+5`|(ipkV) zT@CIR?aeV2Qvuy+8^lrPXkoNb7m#ApbCE9+x|6g9`+0t)je9>+6j*Z+-(%$`UYxx6 z8IoiA(kBgrNX@ed-4bw4+uEe*cB_T zRC-8ecJ&5&F;ryYG%Yt!PJWAZQY_@nxlgi8QufktiFnzJ#(-8FdMag|3V`4 z*_KmX@#-op#F}K<2)5>FxN0?g9bUuRq-z{uYyHUIr)6@~k~v%;c`rA*a`+I16-kLm zvF66%jjkD1V}4Ln6Z1dpEMa$_-dH-N3NU}89dwIT+MzN1*ApKFOA|ajxJhP4_StAs z-(mym=naA~XLuz4WMpNBPcH?O<>9$LvyQN`AA-dU0uBxlek}pEp)_vK=sUx-dhVcQ zQmlf=LW^u|O}xotpc`4ddgmyD{s9sv;A5Tvb!N?@4YisbW-K3tQfD5stHyj_6uwaH z!_yD`u1s^2KpMt!zmuLQcOE&AO9}gz65tAL?2d1N#HDn+G(dIIiW6!M?b|}9mwqaD z85kUlf&6q$&H~v@+aVHpEBpA)CS;YX@280-VI`Guh53i*etq21uDID48yux;Dk8yl1CF(qDb=vYS=ZfI{|~hM!V| z8I+E`t|rH2)Vpi62;z_5J^p|wMQ&+kLXUdnFJ~Zg+{U<|XYXI4Dl1Dx1tyv|6JA`j zH1rEcE%bY2afVizih8&o{06Gd+0~J_BnKKA8XrVNMR(Sr$&*jOgLpxys3i7olrKG+ zj3R-)bwVa=x5WH26`So1u)&~41}4z0fB&2u0>}z#q2?&-v84?W0z0BDdY}-qqQ9C5 zyL$D9X_&$pQ9`M)YY~64X$~-Qkazkj>0GrVG6a$VCnWf-%AinwRLDWc@D3QQM5SSE zI5t+i-_dQD%qm#*IJlt<+YTOdF@tIdAgmOl;hJJy8fyIM>RzAaF zkbQ@x+FZUbe$w$v!-wDVg;P7F<%&6Bin0;@q{}Nu2|MpW%Yu~ArDiKMom!bEal_KQ zuJAtubGQlD2CG2xL^QN`MP0xt8E=i+(W^=stkjE5@Y;5U`Bo)So?2>Dy5Yz{*uOH< z#PTB3Xw-4D?++>(T4vGzb>3y5v@y9-!ldW+EY4oD_==3ba>P6>V(^5zt&1V6FtgJ| z9{KfQQxxLRkFh#7n+rJ#tU-k=qv#Kg?}3jqN^rCR})2nvKrB(*|!xbhZJ*(CrI zIAOK;fc#M2<$!&|Hjnba_O9fy$R9rxe-wpM@pAE{o!D#A(cl*CLJH}-50X# za31wXCkooT7|#v(_Qn4yJ39q#@i!oc>gft7A!W3__e*bQ2A0$j#Wv2C&SwHczU_j5 zLjI=^FlBb_O0xsxH;ru^jhA>zUjC53l77wr& zgtiN?Vc7g*q&2H_972TpD6wu@f>FNtNP6gfMq+v8qW6+gUWW^vcYl5i(c?Y&{s2{3 zQi?x1Gc$wl2rU0NxpK(-uYlP^UJl&(Xgb4X3scf{8QhZQ{&o_e$)n_-u{Gq6RRgY- z-mtNKGPa;(RxYsrY@uvFQ|ZpX4=%J9hZpkOjYGUvgo!wMqrlqY;z1Q=<^%6m_Y<*q z;6eY_Wl(8^2FZ~x?4n~YGOIE*k+Bo2H#w?kO82Z*pslN~H%(7ZC)nIZLfhs}O$9|Y z?oxfvKkWs0A^}C2VwJhQg}Cjd@I+~j%1X4%H zK-$V(VM9YAp?syQK^4()kIf$r@qdBs!!mA>s;%2GKvwnmT&27Ux+_#BO-R>cQs)&q zAz&#J7G*toN-a{9#3J^g4!(&8IEjQ$wLO-+4UMBDr0OSV?%L$Jn>c7gaA9a8xjN{* zl70d89kh2eCR%wyA{KpAbvq8qtU=wfqr>ckM1p5d7oa34{;m)5PIr0@ih=n!2~Cio z@=O-MYQNqdP5U!8Hug`(4WzSnLR>YrM>9@)W@$}M(E|KJBRFmvU}CJ4`1(3fkbY3+ z7ZhBdf`8%c$V(J($9~y~nreBMcM`zJD`tR_%0uuuh!|Qg74u5Rmt}5M&PQ^55)U`2 z@~7)MC0`m_Xrv+AOEExHlS{2lBUtbIun1geOtnMgG!c1QR}{CRA|hrMn;Zk4S~C1- zV>M90IVinDRh%u%+`fz3b`oCn0V)V0m_0r{6>hNn9fN;pGvP#o4z?m1BYNWEc+-s7 zYK|lwm%jDAb31*dF<`Dj-xDGA-+%!w0;EI&)+*|Fb;$4wfM<1dBl7Ki)GNdVfEX92 zA`yhhC^zk5^FncRWF|~^|8Q7jCi-*+pY6W> z08L^{3=@^7Ez!1buLA>2u$3iXjSgf!^L%yz2MU&(is&^-m;HJ!gKDeBuF}Z-gT@@? z^4eAtr4bfZzumdGgn#-(&A`sKGVor>737lR>OnLHoR?xeaV@o3{WjKGvtp zUo9BwTfYq3rv|2pjT4|B%FywU%!qSEfhzEnXf|nY z{5)`cff(ys_@Ruptarv%!NOrxs0x#XyW>962X)n95HB7#Q|DBd<3RpDc`u7r zMz5ovgW~=daK~<%9@9O*y?Yl>-?IbqAQ%wRJrF+Ru_nIME3xSEC_7BPrR*6W*R?-6 z^-UW=Df6pHpYY3jpZiLA;=#!l00(`&;e^8EqNI5l$r=+b``KcM!o2fc)$f(#Fl3UWub?j4Nrdx>G0M8BSO6TE>0BL>Zeni0!5(56NfA?ogw@LZR8neXK@{WOs zatcb}Mfw8ec=>tuk$e`djcLMySy?$bYh%fk>MoO}0L}B_cXnlSrxxRe1SonUg6N}} zVxfn0PuLjze+rK4+}_8=#=h-t0At%pbmDOg>~b#V$4)%R^9BfNEU}0}7nGNCOGg}$OhzhP|ZHZ1V|>@pwrjux*Gl2>U=*zEX>8r za6@~tNQ+=Y7pR*r%P8q~dbHeVv991mG_pp`N}GnLTZERE^#R*?jW-*p8xfKUd}3Te zo%WFkB2xVTQWkvhdk{8nC&T%#dKeF%oz|A3Gt58)02_RtfkxM?%Z?*gw?2$@9Ee-+c_mw z6z5#`fIA?VGc-Ir>38CJoKMqCL`&uSuWS4^PptLz=!{p35BH7mqd{s}K*^}L?wsBS zy|Is49{`#UpFR!hellQE|NQx7lruCWq}4Aeq|h%Zs#Q`)qfJp!vCg0+P2Cw&+o#LN z$xHt?De6aAx1nlV*2{Qgh%Eo)(eItz!vq-gilXEfYYW!t$N$^zTi5rab0fmk?#GoR zKfVVfFc{72`ezph!abDVRL#p6cJ`dlHHwnU1{HnI6Dxa-;y&%Bl2aT7A)iE4cU&R6 z=M->^aD|}zhJ{6snw3?bak*WsZ>LDkSdw3HB95GkNFcLCQhs$IIWn-rG@fe0F_Vq*1Hkc%W~ASIW?9oc9@qm zqy^Kn+2{l>gb)V}C{F8QwQvs_d5{>qMl zW8_E$MemTqGMB}_{}3X7fdOJ2MzSoAn@@;~OVMJc=>3^lB`SnS>jgj5idP*Qfm*q| zoc3+^Ax)roe?jk;AXyRh6mE;i9WX#9fuk-2h=32T3NuXy!pBd%)Nxkg_GQ2Ww)!1< z=S>F{*M_&FrA&!3i2o`qtv-2pcJC zadN&FrK6MGnmg(rikuf$n?0D+&z*AEml*OWr|>^?x_h#a&`eF5*5ffw-{wvAii zQsXw-F1!5$X;aqD=R=Eq@@V}Z#FLu!UTGYWr2LWBn{q#U@&87GeE>P!DN+D0Okhecpq30$)xO@a8Sao0lWHTf;N1 zLZ+R8y@#2qfe(u{HBQ7J%MYa(n)y>%SSpW|23DwHFdK#UwaD~Sk-52fMO6?A*9RI( z5f2V7Mn=mis}Q22X$&L<7yNS0)Pe;Yf%;A;VeK9rm;}3i?rCf!{fs?T8HBSu7q-`O zawx!~Llqtl`z;Ls`qz%LYhmMEmoVpRL{Gj$d>|{I47v9%=^6LMrQL=1i+e-kWBX^c zVE9_IX<_3AK6iDzH!!YYdt1BK{MH!Lu^%dY0|P2wPNJ5~BXDt$1RLA%*<_G}&?=De z?*b*LA)(~u<$V-yS!2j2;pL;|aeb^z+s;NgJighR>`Vf>TRVq_5(4&5UTJ9-Bgu}W z&vt`Nv9SIqa9k_vZ(6dmCFnUg9JtI@gap132@9;sKiw;SW-}D{U^y1imH&(Nk#*t{ zElvuPEL=`gS$|>{P?_8--D2cu*|xssSU@F6W6ZmV43nW<1?>Uqz84EI9gvr^(cxgl zj@{*b2m`X9&#YhZd9dMc;~1T3M{KFCIEvUbGZNyRl^8*9R1#s^c4!! zSh`^JLPm$qT55-ND`$R>`t$zu+UUf*X-|@6eeJ#`y0n_5b}3{_Zk5R zH|7gYW+~(q382X8!$?Z@9evQ4t}wvV2&x`Z@9lavLM!mTiy;aQW&yFe{9n&&xtyWv zv=-ck296k{V9YK=(O%mb)3189<1iocUq%YWdB^UnDncN!+G{o{rA z#+ruQBSYSr(JL@6dQOW@N9qQfUAN)zZ;H}9;qUQvpTW>A(u4JH9Ufob?sO+~ObLV} zw;LaQCfP2WkZ0-i&>p~qu!)V4Y+VBXNkFs z|02Neuz%xZqbpbJNB(y^r+7Uh|<*Vg85>GuH>WvXkyJCd+LvcOK_1beEwyn4sR-?48Pk&d3qIi3D8mb$=ws z|J_QGT*B`@)8R6yb9DiN5c+~f2V-%#U|K`Q`OZ}3-FqFKzI9v%RU7{w=>NSO z>Uv=iD-v_42I`Lr$^QVqp_d>kk6ZqeYurH)utNWAs|sWY)#uQ<4h3X~u;^j+2)i9t z1u0hB{|;{vO_RH*YEi?7n@{A;d!<+9HT^-8^v3VQnKf=9;^QV8QNYb9lE>V;`Qy&j z67z*SIeRs&0YgTn>`8@|4#|X+l(bYb06|o@&NAoX@*6*sk*tyH1LdQSSd`uMQ4UxX zqkObu0YVp1!S_KcI-LkSy|^rF&ZT;t04ZL_`V8mQ?XN6`SBA~csC$0<_KmoD_}3@2 zf;{!}vvLue94?S2HM3-%U-`5s2+dHUd%X&f5}Zk3i*%7c+2hG@Mz|w(Aq?VyNo?rb znzw@JT@)K7^Ji-Q%Bk!?nU1g5=mXj5Ga7&-@uJl3S*;L_{@+^J9H4iz&fWjx>}>uQ z4Cc#&A2Kp<*3wc^m!B#Po=!l22#`?M8XEde5N&sYyNwN1DsHyYr~AIbFd5mu>7>p| z^CU1hc&{e4lH$U-ipZQB%_72QP*rMyze&Kl7a=K=0~(c$vR?iW2Xt=YwXZS6u?GnB z^k5k2V}1ntq?o&n)-rxsGtTk>Bj!_CS(y!0LJsS<--mE$$^#=KWJoG*AP8MWS?u1t zx9}WBR;ELT@N#IiJczfNGB(gRhFGpw9a@ADK!kwi;)&X`3dm~Fb?4P8U_+|{l^T;T9)s_YiY1cYQ?+Q-2>e1FlDmDB7CWI;h}eSKrAx8sq@UTUze+jGf=~92;?t z$c>~4ZzveObBY4dxY{7Bjy=P3hpph!uV7_XjP)&WJeHHlX}~KpX8dreJGq-(!14{gFglpfEnXslE!v3fg;?CaHuB$Wo>QwxhA9Lyoi zGQTA+xd_E*%+)z34rsaonx*7oLp(YQ1TS}~pSnhw_5E2&1D~5H{#ImS0>VElcz;{R zx^?G5%>@K7nDoue@@9imAENphH)uFcywW*4Od@XEB_05)$E*_h0#t*VS5$*0{ zb9&^2;pkZ9$Xz@63@-q##}0gsd=uTK&0_GhOVJJMQ)yCJrG``37jEc147@gDJ6{mOXtGwwFC#gV(ApfTV*1!5vSX;7uL=JR@q zkPyzr1JDCiI1H29lSPLI)6t2K-{#M^9Hl4jj^@@5U+eN zzd-TB+G_szX;!=XMk8d`d*|9l3c0}|lR`VvTr>LPwny~V)cTCbPAPUR2}aWzyR zf|)^g1y-T`VOjHZ?cj@8}hB@i6cqW+>H9MT}|vtyO#%Y(cUG3Gu>9 zn+eB)7;4hBD0yFY#7!oE+oh$1r7&DRR!Y|!!kUv+_S^DIztxT0BxJWV@KUBg2YCoEQ;&71)AK$}GSBtQd2C6V<01|!Xip^@v6=NR2rt6N-K?%cI8Zo4y zIk}!(^)*Z=Ml?MuE4+L29tW9PZW_UfLX4Od!7%QYF$<5gtb#>FL;(;=ZLS|l7o48& z?|1Jj(*_j{5rzlHa7HuMBL~6 zXxm(-+3`>GuOQ%bcpg8YPwBA)1tr`u7;F*zC0sH1hn~nUl`c*>kxX!v*b{MjqD8&7 zhs%ScU@5^nbj!MyIwNmy(S3UAPg|tXOieC+Z>Q&FZ_o=13f|Vwi%F=z;@w<4 z>ECpLYxL&>LUX4Y69_F-C81isAYS_-8yPrNJ@xTKI`|0F*uI0#RQ_kPsST4;r9+DTL~~VN z>gkufIbgQ_waFEaQRZ5O zH1;);OtVj3>E><$h}4RjppHXeB_Xn_iX!^xXAp-eROMF{6?E|rp@fxZUsA*{!oR)U zz3lDT4h%$$@9@5-5w(TpF)kC~6}hi}2k3j#a{jbSeTFKiECuYLCx84v8HR`~ebOUeC6uL{kDeNGt|9t&eY+Nkx^ncy((?SB>|HhDz{&sh}ud*Aom_VbCnRz&MB9=f9)mEgfilZh2 z`kyA!2fdM~-!e}hX?lzt0BmM5WlXP`UN-RS)bw-;7h3{bD1+J*rhZj-BYT9b`A10` zfsfdtz#TLQ@fEb%E;rCNRVR3Xj{$A>P47>eYkxI-i6YnTV|B3^`%a;VVx>2)=j2BP zF|lV7tnMagD9}<|PBlxc_5SXH5cZlZf=DzQ_&nuZqE24Gpah7FvPf`WJ$Rp?hsU>n ze=0yF?l9KUj5^jYQYSW_6GN6HgU2_?U`(Y->@*YqDJA!@jn_u!SJ+f0K0nBZbSX_w z*Bb*7y%#!9l?-B*Uc8pqnrK3 zieQy2Q@KhZ;2#wg9)Qo>Lls)Npq95g>h>!+C1pkVokw;gF8u(=qloq8-m2F5x(CS0 zei5PmgNn8IF(~WoQg$<3Fgzpwza>hx_bb!Y)ory+e7_okO>g|sc zH#O1Z3hBHJrW@)uH3*O0Af@1IBF*7Uo|L%}RSyfk<@)mF*N5S&=kv0C>fkscHF;V# zFzT4x-+!kL3&Wf}EppigL$?B;#lrPY0p$I7^^N&{p`GdA8CD38U+C|*ARy=lEsQT% zL0b|LN<2Kvs+V^?fs-WdjAk8KkdB1l0iKTUS3hclg@P@OaB&Ejysw1h>lzyT_7(>w zWDx)T`xk9e@=OzoJPhX%s{IiQBI2i1Sl}?K?^ODdF6b=c*bR5lWs(fQQ3-aB(mJh6 z;nMNg^J$XUz9h2?b{lR^SIL8>w?@yXNNfy+)~NW17#^U*Ta`rejg-bbw`U8@my;Z% zf0XwK=)^PaLOZr}gtx(27T#vxH{g5RUpi{&js(Mw-6gOQ>1RRyEuVQ8O4f0iP%^B{ zJ?M}y>1Qfn?2iVXA%M$~^ErHX5W5gVmBv$09FBgto~+0(2=p=TdL+Zr3$cx|(FTVC z%>X+??ySYA8=K?B)wR+1?jLz+{1r12VS{%n*Vl!7ufvAdmKC4}&kgACoicDxrc4)5+!ra@ z8eV1N^xpulC55zG@bxQ9e>a-SYE2vNhV3`uF;}CM@sJ#ZBB@5F$FRI?PU{*R%^T4* zG>n3S^B~ojLU||n2a}xfEe=*X4OCv&VBJzZR?iJV*=a)X3%XS0Yuqk@UIo7RX0%Jh^W+UfZ@*VN36GL@$a_$45bhbzqwS+4|gav|5K z>Agc`jX9{$1?jUZQ3Slb(jACau_F;b(ZN(Drt3 zbJa`{CXZ_qOvU7JDFCHZzq}XSbp$?q!;PMeZ^81a#k(}ecx+B5>2T{YnzvPxaw@PY zH7_p@p6?L!*dAGfP5PU}Zn(Yfu+d!ty29pHD5~boMGT&&S2Sw8*Vh*vf4DiJTkjyO zOwMA2rqPs=D%(E;foJ8_Gkaev`&SBDfpUt|{LDFle-0Bc5}Elx4gx*v!9w(1TZe~_ z5{8CA5SW2GSjLQuy3>n`Q3QZu5a+Pu1FK&yi~R1%2+15EIYR0)GHwb=Ih zdezD-b4DBsC)$}Y%%jLIBt$J9j5T&mCtv2|HRia~4GM5XAo+)nguf^77-1$Ic&aa@ z%+#=fM~eFabIT%benT(xw@V&U_&)lSRrSQa@foM|?TOXU};;86+m*8YcZf?XZ8|E$LJb3=Gf~7Z)e$fi!4+3EZxbZU{t8 zzr}^gc_f+hK`w&GF*ZCLReaHQJ?rUU1(Y+IVIEUNX>pF9765|~&6oRPKfyI%aWQ2j z-UIZC-!rmVsOp_tT%5fHeQ{_^@whm&8!1sR0KXRZ6IEPD`bTyH?>Dk&?g!nhTH4x7 zGH#$Leihg*zXg$bVX&9eVM3OybIv1JRJup7EE0Z>qUc{bg8q6iS1#;*_P6(oS!Gy; zm8IpnlA0QS)Q=xEM@#kA+W;sx{D>TYb|g;R*VlKimL->>D6=<_wuzQu zAv>ZC$lJxjY;^c$XHX$Pe6UMB%nr5u>gVwZ4+6zg^u?m{*d4e$)DN)Zk!%C&=l>qO z14urv*jwUdxKN0rhc|vXT|2wKvJQxjj&?q+?&x?{Y#Dp%V-@o_H6jEJAlTJMy1Ke{ zz-vK1O=Vtwp-LRo;t|%+IhP!A`SUmYwEv&ScZ9{^JItslYeUuXpQV*zy99xtbUDY1vheZk&?8bLTDUMH<6E0Y1;(lpAe9BD%6AdKGQe zR~rU0R8diT;=O}|pkqNI!PINA_n^X!%2RvI$b#38mio*#E-0w?<00iU_isWpjL?-8 zJ#vs!qPukDpoG{1=rC-=)iKGFvTc46 zl9=%tX&Jv3Y{4)wt4llq;mJAYD-4Zs4i>h_*QS5kzOkk8mx~|#yH1Wm<3uY$JNR?S zSnn$hl5)_VUqCCG>0S;|19Tf4@Z3|v_zMUKnB~??RWX1i(|z9xCj%?m*7WZy@`8Xqc9{?RAKZEBRaZYN?>;k3(Sz-Op{?_b-0K-Iyjudlh|Kg zUVcI+UeN(LaDw{?+5^PjG(_xKM+#QJibbp0vbXc=UI)MA9Wpe=r`~kcQI=~H*nD*DO;Fkqj za1Ke?_Y{=Z3tdQ@ci0?U+}!wKN_!6X0+Ks`c1LdkjEqn@6&02A)0Zi(Z9?!WASP<+ zPso|Z1t*W}P!E2krLCN3TUyOqpjW^btN=iOMTqn~gnxH;S4L8XY|+|;4)pevhlhg` z;N#;v|49xAyX{QmNCTv#%Oz`Ut3uG2M5LtFo6^z-2G4v)NmbC?W&;BsNEXB+ z)U~y>Dc^;9+?{VJSKWY9COcAgc6%%9j+-b|R|&jnxYGvqTn|c_>Zd&nVH$#PiynWq z+wFu!mK|KTj*sbHSKmY5njzb-G@ZS91%|-32u{y!ewq|u=c4hVA$|z?QBar9_|?V+ zkm>G*naRCLcr+`M*3rn1%;@2m;0jo1X=Sv+{w5CNQ)zK@`K=(OMG4%j;H@-e35fkN zzX{W$qpJ?O0uYxyulDh;xD8J$Z%bRmwHUx!f|F2j5+qT)FDox^Z{@xZV;5c^KRXLQ z>9pB!&}az)WLF?VWv>I2zev1j2tWXJR0{V_lgFR)tXmGctoW5XAMX}EQAO{5YTDIb zCA;4EOeR`2Y40ExpS5j_<17a&^jk50<-fsncR z8vUwD|FcLOV&TV51X@!e%CEAJ0M;9}amWQA#C}%CjdL}&&)@?x4eP9c@T+a=AF%`f zrF$<(+{llpi=?&Pg6!;5GMbtH$qLEo}ykl zGq(W8;j(yXBnc-O)#K$ZFo$JKX^-K6C2Md3C&vV;vy&4yjp>@AbUqTNp1$;!Ul%FJ z3Q$%9;Ha)JE{MnIl^~&NopqnQVZz48zT1Aa^8*G;&)5W~M zlY?iNXB`zmNyf#cuDq=5@Tv0*{skrYg}zJ8#>|Xo6Pz^%V`F18NVL1xO^!vynlK#y z@pS59yvk(Zx4YZDE311Q15pXW^p}H&7eKS-uu1-IqyL1S2U1hH+I^)czfZ12AidYq z(hEw~U;MXaN8dIC_Tu}I#P5a!!_Zp;Chkl%2Mwk^?>bszU=V)#-LxI)@;E*)zyXbo zMhRx{RhQqs&}eGCUmK@Mv~1QoykU3qGU8%m=MD}IDx+g#O&%h2FJ#RPyu2K&027o& zrMqC?&?t6H%2r;Rv2?*q0YMlr{%IlhN(M|Dq2jJ5vj$Udg@(t$&d$tWIm*kPFsHBu z%gTO3YKKlRE;vr^lIWI^k^-+IO{&mB`y4B)L|7Eto?n?RR5Tuw{^>)fG35Kh`#ibc zT2uHAI#zi`>G$|@jE(ahOZ9y(z?0?9!F=T!VpK>$!M3s66|TL3JwePfi`s3?lS@Ho z$|DL*ZjNlr3M5W)IZz4-I8xpb+e_C^fA~!5IDC*iOn` zz4(Jz!AW`-_`%$+E_T=v4h4xgb*w`1f+7kAD4`idEo`nlEXLeVIsv=Ymg&P(nvc4= z%ml>5-~PGN#uFoJqOr5e3kM7#igOk{V$;f{n=y!UDyIlLF4?Y_tv(Mpl+b`l1Ld~U zXogD)FAU7#skIM_RIj(U@%(mv%fh05vwtN|p>fU5I;E#BLx*7Z+tSh;a?@)#JjRDC zG?Bf1>@!V7vY%K1+$3Q%^Jc+%wU$A>(P!a#Z|BtE2J58hVzAFk@q&elMjA{BxFUDkun!PdAmDuF0`GOI;@O zqqrCVx7RE8@QuhwWx$>b6H`=zak*LLo_m|m(-PI2H~+}I$|@^6V;5VZ<3A06fw+~C zkmJ9yu$!PshR?So{;+zp<0i54IR~mSal;mZYg7++Bh#Xb$zM^!g zTsMs6Lhgn2;js-3Zp!iz8n0<75|GIfYj-{oe@Cp`*U=h!ftzWps;b(p({FR@A(+yk zW)3yF&%`uHOP0Q(B40G1@n5Z{0B4k>)vBC#HX=J$r{qfq^L>y)^m|>RcE`G*iLHPndD%w5el1h-`a2j! z5iYEIdRn~RFzu~I3``++@x>d@CeuwwzmKsr0U+Bb$R~;S&8>( zq;Gn;Uo?F~{f8b+)g}b!&udGlpsg!FSmMl@vYrId%I?63X1+X#JAaP@< zjBn}NcqE;>p*jAU^mhP`d6AZdzt?={U&luzOw6p`Z`mFGJ74K`u^NHywcto4dDWqJ zR7D1j76St#mB`L)ze9HlyO)D!rn%X3WNv~e1qoIV#;zt9xUJPU5y@A&^fe|kV^Eot zXG}^;y79*z;%H7DxvC5N0;YDSI%gZ3vY(jf-@e@~3keAU%Y%$r;@+|O-j_YR0bqZj z^;Yz6u9DAJEt%Zd*AmYo@qbCs$OlurQ-aQ>xPF8%4@dtNOx}FRXq$f9uJ;lcpUyF- zr|By6opnHAq_QE`ArYM9fy|`%LA;_DlLpvZ55MzWfzhBOHR0 zho|SLn*&O!2uPU^`uIKK+J1fm31$52N|iB$i7{J}E{*sB-thG4;l_Q+PB>dU!Uil* zj1)MP5g&WF!4d`a*A-|~gF0cx{}q@if*m=#m;)ru+gJl1knVW`oxY9aV>SnhbZuM}P!l z#n&|J@7)bvIza_Gqx^L1uGIMOAztZPhvP_P+Vu9ba{Qh2LeUHY%C!3uvL7zR_vh0e zqwY;wbO4bC8~wo$|01xwY|p{V>uOz@0#|p#iGK=DNJz*G7EWcAN7a;a5CRh-%RL4R z6qJ^KdwawS26-7t+Nmpk{E^P`1svzb%RRhNk7(>`@8||_&Fe$)z;$wuPe>SS^Ei`g z&dKo$zy4#+4xZoGBrMJdYAzb}v@&mge%jFJ^=x&xI@YEF=@1%(RIs=1v#I_zyNutpRF8JILUL5Qw0lD-MLh zDdFJZOHE7x)1U5#3tbbic)|5eM+aO84Y}Rm2G3Fyr=$SwvXVROebKBDQp)t2&%M;u zv;Eqod*JjlI`DWCj?LJ^-f;*vd6Lb8ZT^0L6y=)oriU)&#RK+G*&*sPz70e0UR}SX zMRG)~)x{t3SJe}U^Kdvd+nVh4A%$+nIJvv?1Js^iCmhUaW^Nv-rl^=IY&DgCFgiNg z2D&QVgYJsKpwECutQq33np{1&2D61XBqUfeS`Lz5lFlWpT91em; z_pO1TW;x7bZgCnfCe2;$$PX5=Y-D6aZ<(tk%sdmV}^L`{Wc2soN(g4u52*aj6$`9$E_X@39yU0zm3 z#^d!u)dJOwmKTtWUx%*d?v^RMFp4!UD$RYIl zOsvWNaG`p~)Wjq)Bq+!>ozIpeQsvOMZP15yzLHDQ+ONhBt2$$U%#ejVTi;n($hVJwJY|K3{7OIhaNUUa zad9GpcQ5{>g6hY&wzeMdhIo6UiP5y0!KG$oWPpCG^I)aTMHpCX;aNf+AU=1P{pr}a zKG;+hpHCF*5$V{&(`Z9RYOSWWwk?MaWI>H(`XVjyQ}cPwq@Vb6gykh;Yu3sguds#8 z@~*=HAvZah=UB@??k}8_loZ+NOwrgSnAAmrqg}yp?qk{qNGN8%Yp;^L01?RMTx|G! zMbAS*l0^aok8+!bH#z$+(@jq_1eg%n z{#_mt8miQL^BSdi3o2=CZ!+g-VPOH~adm!Xt)dbvc;AJ%zv?js-T#TOFX`-4=MP!B zfm+e`yLvhG^p>0a5N@D(BbBrNE1$^n#-;hAKq*n|aBsO+v>RfvF05&l4&xP6;Nr(9pJrp{ zK?llgbUl6jNrh~|MNLuB%@z$@%gPLHo4Ft0izXu$_HM6@%jnrEI{H0QEMHKgApTHh5^23^ion3>?U(yU+-^r=tgY9LS+_WFd?-NWw zFK2VQ*42@$4^FChMY<5^T19W~9Q}mM`w*AqrD>*VE~!E(+e@58uo6-KpPiBrINhB@ z^au;3_YV)7`6-=%9-;-*1g#m^x~Q-)2x7B*-Mcsy#Lxw)kE>=_1iCQGs+$%jy3c?xMe%ol@Kr8f;I!BSZL zh1H=b{6+ZiJe39>&7dXu4|Gy}9i8cwkeZNDqbTq;V^w>Zn)s*1hLpT5Z#4y6b8V*?G*uQD<8Iz7$UPl9-Tf5*|gJ}s!%r-*aS>bItguJ%BBxKR)fZ21e- z!Z*gy+@-S3cacdOrcJ^wAYa+^wzhRxuYq*1#>K|A&qYcCB9Ebx^sTH8_P`N&3c2s{ zdAL#V3lV@op8t&{GjrO@N#1{LB0e2f3oE;BJ?t?bi!jLG%GTp`Dx-GJ7z66{frI>cr^&bhNhP%>AEEbTE*u1@lt6tfldj9JTx`#sGkkN zp@wM8sG^!uZuAK(cx_|g;YrcZ-`2p9iyL8dGcfty6y-K}rRhJQ zqDCct5*n1&kuq{(=&}9lt5bNK8SKAJFE>ULJ)fC5ULv1Z5^I;@SK1UzJE|~Wt*_hZ zyfb-*s_AXU5sv){|T%AL6;R~79fOXNoNb@OoqYhl+1CnGOd_}RMBnwq`Kt1Cgk zoI21kGA`{}<8#e^_?aFWIwS)bCi$*nbKH-*H~U~{!{!9V@Sr69#Xx5H^*4O;TmuIu z)wv7W5)tp)uk5WHk1$~MxOwsH<|M5HEy%-Plw=X6m#2Da{T$VEy7h$&X~a4YD`W|g zaV2DbypoB((b$910GUw(Y3Pf$@R0FVybP`d02LR5DG`ZpJ2Lz%B<(c{$_m`_`!Ll9 z67aa&1B2;^uFlTr@tpTPvwGd89)f~rk%1L)rV^gtS0^|8ci$letI9pFvJ!Nwe?7e# zA*xFtep63ta-7_a+3?pwvu2=0gvPM4gM)(@;aVX}Y1RR@@xs!VAqGu?+6(H2&8-p6 z>;iH%{20COhWxl-OkZ%i+F{XVF-iLCW@)I=YPQnpC*hHrvNHLWHTbgcHZ~*+8TWVo`$^Osd_Tu91l!}^jTr{NUEr?oBX?Xvmp24`)T?5V6p$w99;r! zUezX-KXQ;Q!)0jF?X#Y!c?&3u>IeLyRztCnB_t%AW{Kfvp}_<5uCl1etxSj+1*3__ zYKFQagV!NjRayC~VIdAoKi`k6y1JSQheBKJ582O`ioZ*l_jho;FD~q z!Dw?8I-1@76}hP$Qt+4s{;)+O_QiodHM%^R5MUww85EDmgwch}#aRdE#-7i@6=KRb z=E2ZJSH*2&p=c+4X)itKCa9@sF^ZbMTpzmkbiV_NPr}R7+}GE~10?r5N3S#V%RRl$ zV-76By`Sps3C$tH3lObNp)Xe=jq^0+rKQ^x{j4a37T8qyOu;c;JqY!o=p@4RX&UJV z!ZB99dR;N_x9LVcFF(rul<{ry(9VPmgN{DhDXG#Ijnp-+5-_y)-usbtyB_?_mHef= z78Ddz{E$eG)4O;;IxTo`lhGBE7eza9 z(+M>-EzGboPJQ+F`b!FhJzxJ*UVBz+!-i(hkR<*ac+lY$xQGy3d zz{TYf5;uP~CLj(Aiib z=l$e~xh0oCd}3AugE(i_Os%U;hqNNVu4MF)JEIZM6Z4i97wrt{O-GWVwMkBEjTb-_ ze?1%7LaB^HE6{sy<~~8E6_d&Wjv-WTZU}e8*yw0Ic$(@wkOB{&yl>C*l$4dHZrqOM z6wGhBfpqEts;ArT;^N|2u$$l{#)9lPw|3}#@!*_Y@L&W{G2}Q-lOMOf%+W zKR-R39fID-qm?0*L=y#MT3NmwQx8U8g-rJMQ*CcV_E%^D<^$h{U>HWS=#z0nfbQF-YxIEkh+9;NVChU2XkJ+#Vqc}eZqX=M|{FE>Tk;RlC@A0ufDkc)0 zRB$1sk{cA#{o%AhE|v%?Vt^7xBY_MYJ~lW+X@TqtljZj5!s@N{kq3>&sN8br=VCB> zaKXk+er*+{PHo0q<3hAH%~KDqD;w~$$cw=C4}rX6UJ^D#sEZccu1WLBVucLFTZA6+ zYuF=*%V}+UFUY5W{Q)kV`hsg=H);0H&qr${FC3J(hUcFDS4jqjvU~t>`I3w+fp#3~ z-McpbgM))z3JQunpd9}vYvlTnWYY(Kt9>)YRZ>#ofxY=-_#=#GQi(!FGkX49F8@R% zyzn?A3?wn|dra%PoK}7-{4@jaeFhPJ0~;Z(<#dX<1nJ=6;!zEGI~HG`T*>>3%~uhZ z!&OEHD&q2DOKR}^{9LWAt&Lxqcy?;)R?-x_e1AIogByt4NnW49{nFt;_Kx)u{9@X} zc#hWJ&adj$+8<_AinIsJc|8DH2g)cFYo+XNhRk7vo?eGe%*J8sZ$=mHp%E-R9tY zP_SoQ6;4|qG}YFh3dRa+xFn7HJl-~mB1+0W@0}f-fT<}d_%fwGu$Dt@DI|3V<;*|l z=EA{lHK~k(LX*0xYP%`K%Ie*@)X>wUij5R6ArL_7Kp8&QWF5e{*Fhznyf3}Bfkqed zcbRw%_LI@@cdCS?CHO{{-*z%z6RdP_o=9It4-9I>OhFAF_yl0zvuBb-tD2;!9 zk4~1F*Lx)a2j@v-X^bDGPD6Kgt8nV&uTs!R7F+Lv3+w&OQ6trz!>1M01(SG8+HA6# znmij?zhP#7H#SMqED5Y=HKdk^Qe1MwYYC|*efj0*fp0v=KPsaLCJk(M(HfZ4FV2-8 z)gOIpw=_y1nr&+x?kDLV1X2&)d)au7;{JU1tM`7V|BgbZ z59lbB1@c8l%HX>5J%VUce8}JTQTW$3W+c=E{5()lP+mQ4du_zPL|y{j!`98sZQfto zzUCUd&2!-Pha&B{HU&=YXiJD-zgKq|VQL|?U~VaACLUe2xY)dUs=)bhow_~+5=gwt zA)B6&F^GeMqoQVl6DfjwcU~6>nelWM9B2Kcg%RcL$V6=h%_J&kP#Y2w!mNk*H2b#a zrL~zYQ9yNdM$SYbv=D*p4sB0EpZ!_)U#&1?B*E=xlJwlqdM7hdL)~0OqVPrI7HlcY z>gcrHm#LNTJWl+b{Wky{+ruHU($WiV*N4A`*6Bz&%_F%N81Xyxz!(=nWS02kY&H~U zuoyVY!Yg>{`EdgeKvd8gkYp`}V8vgq`EDZq$y90=dc|i=#-a!lHNEejziA*+oF)xS zMBy0wO=B}ZeUe|kI;fm*F%0_}9?lO2B?V1Af8bh@)ox0(D(KODAnpso$!CXY?m72Q zY9c0S8K}6x#fozOr!~7EPgkCV677NGS~+SQY=He*Fvq47Jk#G7ko2!^ZxP9C96La{V%N-^LrS= z`_tb&J+bZ>kWWe^S3m1ZR@q^Yl(D0rChtkM zoOSN)Gt)h6DEtsWHH`%8Uk!d%GUCYb@d4L3A6sDu3aHFid7s(frhg3aX!r(n!? z7X`f+T=KpANJ;Fq7hEr<>-PA+kELiP?BkSzvf)|y5Yn_6kN5PGWdwV~ATJpDl2tvf-5fLXUxbgpH=o?c}aRlth>6XDDr~Vj+&~pD} z)S*a5meUV1MO=-7;d`RL?;t;C3hk`}fZo~^&v0Lx3=Ma4XGcN|eykvS=9-@8)ajXY z6+*-KaE&YFEF>YLGaFc#qK|`(&99+x3;Z|JU&yYC^72A(k#@N3PvvP5+}%n=6E7b- z&8{9#jc5ylNQX%8{r9f`*`HG3a`HrHYYFx~zvX-s)rmr*2(d#y5uN~BVdE2tGWt@$ z5vOnZorv3XzQjDf53PKQVlUZT7sTtYttA3K+5hCIWhZPRuvH6Y^Cv;ri2C}gImP|8 zNH2X6MuYpqjU5pdR)U*pO$pT-+|9Oe=bg1*0KI40z=9`NJkd95%PlUZRVC?*sdsrx zVW8bvyPvS0c@QYAgVpufeyvl2q)+W$z%a-eXe7)iv#)fwTAd(U&C`mCvIJdZU#;|e zjJ6PoG9d18LdA=H@?o>5uHHi1;J1?Jc!?dezZ*c&vn`J-qz;zWAFI2Z{4~oW`;tAx~HqL|F+Ejl%n{v*hs zu|_miiAf_Bh`gCKY!eQj>m!7W*sb5jt%^5JL)_zs47$gw?>zgN)vW+-gf@OI<)8DC zQQ@)?FR!c&GQN$E>Ao8-A-s%Vz&y?yD66}Qfc}ts>AnD=i0usMMw><~SGW54{!_s( z`1X9CJVKDk$nXYdr&C?!NJ&bOdVDWc9B&=XerhQ~jetDa^>ez-dX81u-w>QmyxEz3 ziP3h|nXw4Vj8l@f&uHG?Udo^!-@d8vM!+{zM&wlV6Dih%Ca>u3^$%o4h9+f_@5ZUr zFIGG(23=L`IxX)HG&TzMW-bBo7_{8L_((-w=>;Y@hcA+}JN$cgs_}cE@aA=P3MK&r zNau91K`QCE>5;(@61UK7r#n}r+rl%EE%X4pcx0qyT<{N9DUD~ouB|O?^RpY873m6D zoz-7`Vc_A)>pJnCbj#MYJg_aZ1#NgS&qD8HK z|?x*BnHF)=u|H+y2E;VZ*~ z4?^n3I1oA6x1WEhhr~8FH`3|UgDRiI+7kOVfP!LkvB9F)P$^Tuqgq(!M!Xaa08Crw z)vI2%z>aoGJj>UVDX{l{E*qI(AZ+mYMcOQ6E<~+u!WX`*DPZSfk0oGzMa-A2_gZ5k zOTdGa)`f&TyeHCK6PD^d=?Sm~h)RScV)wT={AR5B)Ro?;Jjui1Ikip{6R(DLve+=x z)7a?hpO&T*ib;PmVipSdp+XE@yqoXyQeR?`)9wqG<%(>vOeEv%3ZE?#&Q^W5prF zScZ^|GvhzvgXu5RujMA2c?yifLgrmoBVBgyqus%*!Lzrmf9)Lh3 zcTGT#^9SsqrfE&YFMnc)(O0Fw0A#MQx^St~AJYvoW;wDI64!Lrlpmm3xQy}1*rN$3 ze^GaYXEd?kg;3dblvTf!Q=2w)ZNYVj*{jH zL|XXb;iY^AY>at_w@Wilzq?eleZce>h<=W5M|&8XT>GHmxdr(i#e~;#_3uS+o<%!; zOWu-t++@U7sc2}p&azMsJoRe);ENw0J84;de2lhIb8STfa5gUmg>PfS<@H^q^Q%eO z-mhkPq$1Y5m6nm-GiM+BvNY7UHwbtBBi7vPDi_LTwD zD|XQ3z%;^@^~dB`V)9W%2v1G6U-UDPuy5r}D&!U!EhV|u1%a<1tOL)`+Pb+HQIe_O z^qnR_>4ng)%|B3RrN@=kv21ROfbdWDD7(-;AE1KKh(3)FqswC1f!f@fFpap9a3^JLbzzV;(#Yc5#P1 z_a+}x5Lu8IeABsgG^dk(L=_bkg)?{@2;H#7dmLyCTnCz>$zX#%N{D=}6XaC#^Oi`T(zpUJ`q>Hk8Gl)^+=BK|+=}{J!T7>A z(*SxGmlz})Se#&e>|*u&764a3UKMui)&yUQw!BEPW(I7rVt!H(U#iEhraidb+}s@1 z;oDn~D^6@_4zSgS+G2OrlzF(Ll9=1t9)By>*dT)j(sTMXK&O(Y3Kk%)uCDHWSpok& zbRwFXbEQ%-qy%TnEis)(<0$5_o4F+v6ztX}l8*Ti_Scrj!=LE4=e)z4^s(os3#3}^ z?>#5l4xGl6B_xVwbxJpl1EVxqS~}AKzvdb8O~kmIxZ*DG;O87qu0+MkKpWq?DPk(2 zE86F0jg8t=k0LiWh@0`c0m-&zCG0&`^onH6cFnz8zyvzyzYoU9{cs*!TK9}nN1L|F`j zAVymm{b7SwI7Ulkoyb8U4|jKM*Qcujrkev{N7{GJ7!de=l$R+LXs=J@rP7yZYuKpM zZo1oA%j=O8h^f9l_Loo3nNjZdU6e`dHwl0wS-O(EyeACF5wdsAwwwa)fzJ#eOsCVx zX#E|663H8*Pp;#VF{QS39J@!a$}4OR;dm;4<|7(aJCyfPuotny!rq3?bo)VC>zS-< zI*INf^=bN#eHcl&xVY|&0s>y~_4W0E(a}G6+`ClUJ?jR|9@OY~vs~miJHCW;1~G$K zcBYi#kaIh@8jaakqV?LHT{t3Bs5y_`h)(DWnRqDx{4pl$EyKA~4FIs}!JYBp<>m^U z0;RVCs8-=YmGmLzxQPu@XYrGAl^7)W?Cmst6U+Y7)<@SfBW4v1SZF@8d_glHB7wl^ zYVDQo6C2n4*wx+7m%D9#WO2t$oP-$PQb^Fq-aB87*LOZ*R<||47l5#3Z5EyrFHsYu z-w45Gt_ewRBv-vq#Xg@A#-8p^Y8Xk!Il3ci9!z)H`~sik5e!&q%%U7^A@bh0@<6O! ziA#iQ#HF}7OWoLIf0#JBOT{|eLdPj!F(;B=*f_Ar);%>f#{QHs4U%B+{o6)<% zx!SQXZrw1WFPTeuLR-@MLruDHli*xHsI$?y^*Xn-03`>=P-QPgnoQ@mp%aiQ`}g`D zx(qD%$4Lm-1wc99ltVxiw+>PHvw+}*#KRxZ| zI}~W~^Q4F&^aT>3Iv$YVx#rt7IQ_B=993Y=Y=(1vZ7x^i0Tj`G8MSRP6(y{`M}vw! z|F|M00I|UD?c#)qhQsRMhMg~nQX1eN2Np8r;xrQH33@?pjv2-Y^Ttss|1KVP?|S!N zb#957+EmFc@#ChUV4k-nguIM7O+n#0B%?b_)~ji}u(syQJW!^PMz6F)xQ_DpxHI($ zKp_;zu86tZ-tU+0fZ_VGQKO60mxf+LU&)si9^;$IP_)^-<*%ENwRz=_H*HfDQz=B( zNn4T-|7q@F&+zs68kjNh)=ANAvd32>e7MX4kf%qY2XM-*);b-1z!*GM-LXRax-N%@ zmMQS%F@QiH*5Jj7j+Xt)u~Hh>9y~xNL`%>P3Wn13q@`;Sqg1vY?muhQ40T?8ATlkM zE)*;qEwO8Vu|m#nlz4=tzwx697zf8Q1XVp045_epw{gomfc?0YkA{Kq+~|LE_rT97 z&yo~88)@U=gH+N{YL}?@u_~IHd95$};|%U}bR+QzN=lr!pp!1RLpOs=yj1z8E@!1gTI|`yjg)0v5$r$@&zI&$_de`p4pL_m2n~P9si&vM zf>^(6wtNNotgy`Ob_yom(Of|ycwz;tT1Z|7B8RU*bqM7n4`xs@^D7BbVA)#cBS&~}8pobhXlT>v z=_&1TZVF(|e*ZxuM2&JW<#`wM`{DfNS4Ac%&>kK_8ztBX+H>&pEdl}qS^4<+i^0y< zg3){S;)2+;w0BQ;mwWu6{DT?!Bi^q`=j%qe*poZeE4C)wGKPP*xd65IZgLF# zPJAXnz-5#i>|3 zgd&y(a;59NO;#p76SVY&T%K?k&Jl+Ym?hp^aF^DXBc{n?QF{M&eR6w!`u6Q?7350) zn-@D4)gLCzmcYx6Lg|&CKYvCwN_giLv3lZ0{V=}<%3REKB7@rL8lrFX?gWA4D4|GD z%>3!HCumkAVoiP=;=XOh=x-5ZaR~X|)}`AhtsnZYNJ{-{Bs(u}kL;nSw1}c23lM>T z9aR{>vCu??FF-JBa)TT_2y=&U=33eR*&b=e#Ka_NwpLeD>whkI*id}{iH7t{(cvLz z+yA~C{Il?@g=O7*afAQhEF9kXH-wXmQSNEKF2PZkj%mQ4q*9RDWoFx|dvvs)3{(?w zZ**fpR1J~Q`MU2wVq)UZXjlx#m*kXrj3IW6UK?hqe1Rp9Qy=j<{VcduzbdJD*YL zTqAcUXt-Z@GrfKL7DA-?M~oe-J;(E<$ulxCD$&>1FL=2+1jGa!t1C-OV}JhoB_wn6 zF%=q}cMozJC?58}&?LSyZMcHYeF^ciX7^OvFz>QsQej7n`5Z+mU_eLXXSX*MbwuCuv`dA9TA@8`j>x7uqhHIJO)8|1PYk#~m?5ooC5`ze&|Pl+TCT>y;WmiTA@?1!8Oc+z778op?$Gpu42V;_Am9_!ch2m=}i@vB9Hy&QjxH+c$e^ z%KJmV^XU(>-E7j0l)HbUMD6P-?{l!hz;5#Wn26nYKn6@IYLPLDcDJ@%TB#(|7so(NHxKMa8f?DBOOLG6~RBS1~POXkSwoh+r^wS=iDQ z6khQII)e1T<`Qz*;V*B1UgKzH#lUW@qZ5pwv)CtMDE_8Unr)T!@!#tmpktxEvLWM~ z?}e1xt~B1!FH)s{XdqBLnS`uc{#4e?kskVEe7g|0I$(x|-y@HEUhJ~U?2Uo4Xjo+a zramvm-4~>h>&VNG=QTERxq#b|XB2bxoj*PI3p7K*E_>pYTZht|PwD;sQBb^!;p&07 ziN_&i9ld8)3CiiQL6&(ytK%>>#D?hWvsxMI*O(ZPZS9PSpe($kP@bV2T7J_U zVzNgHxw=p~LJH&tsh!i=WI?AvT2urwKWa=;4py$-j+RzbsCj2R`x8aSnBqos{=@7D zln6*08v1`q*EzdDw6eVe&`fRb!Y>`ovc@Th%|im;ogAAG>G)8Rj72~;h^o7>)=@r- zJXaT1`9BrUs)X3G5qe?~vKjjEX6A(k1!cm#e_1?50yJ!M){oGG1#E0=`k7A^y1e!) zeEy)6glV_XR=*lD#`lvuA7V|)+pGEf+G*vJh(t?)rrUC##9j$aXf%Sy2`zqJk{^!vy67(_kFXd)8@RL*dlfeICp?e+w??#yfgo9 z0QAn0kYpyEzIYjR@acVgs;h9`>`It^$+L9euL1x5p)ZpziY`$uyte$9`w&JEj`}#@ zh=?pzXQUlWr<9G~35cICcQ$UoFpqD#&2jdPBhLjI&}1J%=)>qqlCF}isItA zKVH23aQh*zJy$XvU`q)U)Tn&l&U(VOJ8;6Hq6d_Phi5MlLJ6dB4O|yfj>RGUgf;DJ^M0P>zD6FvoF{nv-I2tZ z%^`)N9S|vRvbYtinEl*dG4?g`vZVwC1?hwKD#Z2`42(x#bAx!66j((S+ze303FRS72d2J8Pq zox8yb1gF>H@AcDvg^1x2k=bl>&Ox9ntPcdM$Qn|lc`IwFY0R!csZAhyT3R7E6UE+T zmf{gj@oyY>zy|>hgC1Z1)u6ZDcwzA_guxU!;hn|5tDTe@OQOLW{-YBnKl%_}&S5(H zcS{7{g&GB^v7d8OMXR0zQ|vIil`C2RkOnSgLa=u3Z0yE=HK}s;9nQmA@lVo5|X2LR6P}p zG;COu(h0(llq60B|IzE68}quhK{J7l{*JCk4v6OnWRKA%AQG<7$ z8DRSZcGZIi9pAPdY;eOcVVWjgLeu>%QD5Pk_XUHZ5Hyl6+>DHeUvqMD9{iwTyoVwQ zOrlsLjPRoX{!x{jJXZv0VfXgqqY|q+H6sC0iJO>ifF690To-#X`c;|}JdFM}DHYIs zHRWG6nWVa7XnyI%WH=*M_DtZ(dL>RjUfL{TaaPT@lbZ`)!(J3+>Y>T9-UGY!&r;Ap?5t(=q*Kc!m_ zpvBoznZ0@MzcX+S>}84yw^QQ1S|VxeP}hTzBBa#~3-KUGmnI_E;Qy+IF+y>OG|U2G zXRDBBq*E+^$eS0cQZ#W1*gILocHwfoMnlX-84T_j$^SLIE)kRcGe2niBXQGB%E0@_ zTc_`WL)B4H3YJ6n?3REK`Rz^W-4{)oBp$hRJo3J|5F7Zx^*A$<r{U+KGvgoXH|{ zn=}1`l!#pBBqpjifS~1H@Be)QvIPw#KmQW$LqHmWB>}R_7_uqv49KWQ1oECd7bT^! zU;z>9@~g41jV-CaB%xIs>Jl?^>yA`sh<2Q?yg%5{&#{OI2qto47J{sy!I0nT?e+Dw z_Z2<2ukVv;{k#}FI%y&O=yRS#0GfK>bra++&Ow@6m2@Bwj34nk+oPi^0PoqSvTC$AeVmt+*XNeO{K!ZY zER1jG7gq07TDOhyMiU`$S;^S?9n^ z<2+au-0I-$Lk_-k>E&gjqvOShasSR1kei#EMIHcdI&Ux(kA>!<>haO)>o6Mpt%dmk z_PwWG#H#`u5b z+aLN@8Y#!LvUc|N>r`Eg-v1yIE?1$0`N>p?FDk2;fu( zsDmWP;BHZf;Z)Fq`sY=ZdEW3O-)JQ4!prpBzo}7;X&Aval_bSW3_*e1y49hV84NMU z;E!I;4hgtFE!r$ef*})mp?FGlxb=+huhBO(6-!f%2G;)2T91sNmz%qtTHwqlbcPkeZf{M+HUa zzszf*VW;40mLBVW@RDmlmw$_Dli-5wAlyK85hN9jU^eTyBmIJqSmOCP^d>GTuJov) zLezSR7>YV5PUS)ftj#xc)%EcHghMCb*ygL;S9$B1ABOW*%b?r+-`q?IYyQ+>(YAIC zYibeI-#KN$`YiOz0 zQ%64uClBYfyvC~z#Ty+Po9$^-gOP#t97KSFv&(n=W(R}eX=It3_2n18as(5Ht$BX* zr4nFFWv~hC{qR_SN0S+@1apN2kvq>Zyhc+-g%@Jq4<#Wcu3l+%qJn=AJ;}|_65!Eh zN~W|7wwOq7>L~bF1`X-#(kqr2G#wT-WsQTXXgV+{nkLCW;#w#)`B>HEr1(~+XH_yU zKR!@EB2$3pu3~9D#Pd%vCXMg*CZfx4xvLIGDh65(Mn$sn333u*ZuN-Ljh5GObvwb1 zJ}W@i%?rU4)y}%SxmjanX3lB>mRWVcHli?r5J{nbb8yTd05b8>)73sga99_aTSJHI zd#6JkSVBNjdA*K-$T2?O><^*Tsr6tD-ck3NLQdd$jWhwTUCsQdb0IU_y%@^#;pT)C zguUb#lp{#dl`mBB~UFN1GQT3SU^n znFC!0pu~2yAXvM%ehWJdDa72{J4NqoHMuX(64b)*eJdO{%;jklMiO;f>{oGaNhlM+ zSIMHKsaY--#6cYvFC>XH(cdQ#adsgTIzry>w_#rXr~0gbfK1pMU)Ei)K|0o`yV-6O z)^6te`MORmwlwwdlL$Q*NdC+c5)wjRG@6>5^EEPp7}X_wtUlrc>-+nNn%1EHwI>v_ zD)HOw%kruT_0z;JXAS7RVprWi>)4^6j*YmtY&tV$M?%PtpX`pPE-^VGjl&&pE5b+tP2^G@X(~~YNX*Wb?_Vf0bUL< zcW)r0fI59j3Rkwz*aw3D=ax;_&3nDhO9A~Ko8ZX?%6*=l*w%<>o zm5VZ;pj!mV>Dz~Z1ot-q7s!vG>mrjWqwt}1aMu7N4cu`?_q*5~{cgcy>Cu@Tuh21d4nU2 zy;;%VXr^^DwqQwXp*-4!weYojN@DUDJ>#&(X3x|>xlutOy+QQ;rY(T(I2affF==R$ zm>8@UIi{w-Bm<`(7t@!1q78Bmt!eG#VVJ`Qn!xw_PFAqo3!f%ww z#qZk&3m2q8rM7ir#0>rETS_HW#N^XSv9`)c+?I`d%(E~W!HtI9oDEH}^K^eoQfUMu zOjYWGkAwNbU)BeGzL}Z$l|M+$w^5g~j>wE0aazi1?hoAsBY>D@bcVRNluY)C$V@Gv zYgXT1+&{rQJUM>O>7$lQ5jHo~y6Z1lNdkiOeL~v396td7et7I>Il{;va+22%E}=9) zD1{l!4E%>Y9X}a$;0Qi>JdXV@hHNX+*`>b2xaaTa$b`no2ty((OIa)v6QhG?@Y7Dt zvIhl~eh&QL&KxBg#NCF))RfwWnkH?9#d@^p@UT4CQP1jnKW(8%ZgPQC$cqNbDCB{D zMxK~d(9_WhjEaYVErGz5$8F8!1Ir#xVnh}{m*V=vE8SX|UDe@lSkzFMc1zaGEOo8B zEd{6Cr=P;&o0{BYH#c2ZoDaACFPOh{Rd#-Kovg_3h$f#M9=z zwBC2!EBop0uz_wYUssltv4zghmxB@!xGHZ;PEeG4>)6On|4x1PqSjFjTU5JtEE@pA zCZ3xm$K$qDmv}&>4q~gcxFn4=xQ{ka7+}Dq2(=Lv7R{w7i$a!;LAJ_DOZ$m#$K*>& z(11J*T1yDzW@jr&K!!>I6|S(HDFo%ZgMt}Vf|`}if7>+e)*0ouo}S7FOom|@V?28J zCl|E}R^>J$t$9kGj0l9r+IQTgg^5wmD3HJ$&W5qN-;2g=cQ^}Gs*E)66j%E>d)MVu zC$RA<)HF28_ZP*eq?D9cKS@n4)M&AuSo-+|ysRJXnutNgYo@v3MA=xy5FtUa`|&hI?;#hp zi(506Q%ZJVx3^b_njZ+0?CyUhDFGLagpP_&h>2;vNrqjZqWS$^KJvAxR*8~Dqh~e6 z%rSgnOZH=V#qj1|V4Rq~0bkhO7A3=WFv?sC5idI^x}BVMy1RE%gM^-;rz`uQY1|g?&Zl-U!dk?Ul zJM=Ywn0vpy^0$QA$Pkht)bBEg_QD8E)=qqrqy06zTej5MH3~1{>yHo`a*5JcF$9ZP zkdrn3SEyVEOXc&S;ph4tvV!U+zr1yR%G6oSxd_~N;mAs};f#*z7~?6)QwUk1Io^B} zl~+)RdIFmYH}OKaNC7advVQgpJ3dHO5;6@>%S;yr53U6*uPjdx zOSwI_@R`lb&3Bb#sDlt9Z_{Dnx^w=lK~}An5PmDKmZttxeC%N#B=8Izb!@P=jFsX2 zS)xVfy<586!Fh1sHU~A#xk6}z8C>qHNGh4gDXXk5Pbw?Tl0QU;dT=woTLt&* zM7XLh7m7lFE&65~0h1e~N@$jmYiZP?-u=LGwuqdT$2kMybw!zd?;X@vj&V%XmGbN5fQdmE8CR z!_U^v&Z6dH(;+T_33-zK!qSQ^1bMk^Yoty+5Q(H!8d!^7vNOQ!L;020#I%$IXGEMZ z8W=o(@b#Zw9UEJ`)p+%lHCEp;8}=1S0;LH|6OY0d-B-5||MUJTinxu0ZNFG~Y@7^q zUARbc-E%|^^;ow?FH?ndu4$+JT6PEW!4j&tt>a@`;DFJhu<+Ldf6;^jLNu20qb{_s zFRdR-X7Ra^eP%zvjUZfZ*OymWG}iAdvP&0feuA@WX_-}r(vaWNb{m$Md4EUMzkir6w!1cSJ_{Q|j-2m(Tz{ z+ky_mZ?D2puwco1KKOSRd|Fu5|GN=*hEan)t$zzSS`|Y?GDkDb%#Hij#SB3tVyjZ5x?vH3FK4P7dK0XbFIlL z555k#zfejajfR5>VTPe4QR2mwekbPNC0ONHUBN+tGcTmF+YP5xw`TLnBDKE zU}uDap`r66B-Y<{TFpX=Bb2$Ry#%pgV?ejC>IW4)kA_$nYt%Xyg+Eh))W;jteF+gE zBna6pjT{$EdpA3byj1IhLjeu20(Z7%gkFogn~8*^vo&FZ{q5uVmdeav16039(O-DR z%^S$HNObo%eh@@wgGZ0n(t9`yO5VvB*GTGTx#%?Gra*%M!u5$p*u5&j%1AdO<;AgF6-V*lo9? za_waah3aM{)}4=V?`ZWUCFSKm##0pMDwBPLE+mLHY9+5-vURd%>^wD3-}&j&jqglqh_z zJSgzJYyKk${N$fATd`jD7NC#xIh zI$7McM87F4nvRnUxl6WwadZZQ-M1T zj36s~tw>rCMH_j_jHy6Q0xd!*0?Hn3C>6gS>w6By1W(^ae1Ka{3%Whw>d$bCADK_? zSE(b-YQ^%Omo=+aTlK29!N$|1d?w!oto!uoR8mEo3+-)+R_%dO)owfsEC0U~Ix3#9 zK){4Tq6^cCN?QwG?cixnQ<~Hdic)b5=9X0=8a}!_ppd`Ez$&0(kZ~$pkwG%rCOo(~ zh?J}N9(_oIz4<_MD~|6GmCCxzL`jUTlI3}KZ)0M`U`}%5eP4x~{EFCWc4JfHae7Rk z5gk^!X-|U&>3MK_gfr)O@gXA*;z-LuME-aPVOz9vEzA-+Tj}bFm6zl8`kOCqJ8J=m zaV2R25h7Tw?$w@$`D`hrPx6YgKfX0FEB{+)iC7r z-QGzlc0Eb|72osJT?bqK9g8mV;$y4j9XI)RyMsOp2Zxv=e1Z0)r30*vnzq(pSA@^7 z5CXg!){7+ySxFfc!t1$saWVLDkp?in7JF9r~W!!&wvc z#G@P-Q!T~xFjF&{|HIQcxMkMA(LTE-bFytuwr$&-tf!i4vTfI7+s0(Orkcq%&whXB zI;TINt7q?T&))aF*7__cDkp1X{PnW;Cgm0#Cj62^{poBA?#?l3Iam71)jx4g(^we; z{ryRo-gUYiKtdYjed{C~Obb3gxgflS#Uaeq zt+X!M| z*)-{?V&)P%Tu&i=fJr7D>xcd_cDefAh8N zK5jq%p}{pHaK9@^()S5^^~Tlxwh~U(caDmDh>1);vQo39eZR7!rDbDXj>DwecJ%Rr zoHZR0ykhO@dZVnQG{f2Z{;&ZCeA!^{`q~OkaD3x#O@2PvBTINP>~UA5XJ)8L%woIP zu{?4aEOD-E9`j;iTO^&ajRE>XAFr&6i11CVhc`xLOem|omNO(wj4tko!*8V zRBVBW+zanOB6cd4Sg0rJtX`SqOH!G(AT-%tSIDG6TzhNaDK#g_Ht6~NCKSabpE?PoCVaj7aa!$WWSCIA_ z8Jz)<>cm)`uq{$Ap-X&l#Z|rkrzUT|?UY{~MT2Lps89ESi;Re#gaY!HH9qx%U1^k) zvQc}LI=B$+-v*8)FnoKF|C>YA{aeNVxzfHUx@X<{ak)IY`Y<1uC{^RoGTJ3t8 zg$%f?tPHNn$%#!OZRnh*jYqUL*Y2Ib>=p4lr>q1U;r~a%UPc_y)@rvBix`E?)I)t{ z>jDDofueP)8*MH{N68Bz(ZpK6?|hyPy19%l4dXrx{kg2{x>B@8iz%l!UM?GLW)uG2DCkY8A+TG`T)ijucu zA1o%M`=eXx{RS`(4E^V5jQ#K4;`D(c7#PcV1boc-bDTVB?4t=wXuXe$8(Zq!2Sq=X z#+MPrto$VOb5sT2FC4TXK_9RcN3!jCokau+nWqie_f7xA9KXZ2liM^(-!lot|{B|b9$?6p&&0L`tLNj zdsV%@Lz=~0&KA-N_ldNKY7?VNh8do657w`t| zLx~FRj?`icfo>g77RqMIY#)y^dOrL1wty+D9&N}rs#%4S<*CHDxj_P7<{+u{moIH2J1RT6skA3t06 zBc~Aa4Bv#Kb=2-bF6i<>qH@QNToz|)l9TmuHfra*vQdEaKUXUj`>K;8vk=mCh&*a|+_dJl}aW@&^CWh6t1MM)0 zK_X?8$E6-|F95>kY|=`Kw0?G2*@TU|-I@g(O(H>e0BG{iWM1|6dS<5X$QFI0#E24Z z-J`aby^T%A9B^M+l7JDf5K_8`op6zPuUf5(3lG~)*^BjTqgr;g!=xa|gzbJ{7WaS{ zwYnJ~qUaSP2}@r+_;nr~CG05m0v^8!r|^vy$MP`_du40lz$EOWND)g&Ior`0U(fAE ztC=|vBFSs(nQj4|8x&vt& zZWW!v@4#}(z(Y+8fqX!N0RgOXC-z(}=wp3Kn~H zq^}yQ$L2ODO8MVWB{!X1Z!TGHEYr-2Bj#@qqM`VO5pOIVwozw`x{WFk6r4XhTgXU4 zfsxbshu-64F>hl!ueZ+oxuN9ILW$Mpb?H{b(UH~#;6}mF<&T4C;RuW$-9Jyh>TCJE1>@|$ z#OO^r?X=$x-W*Ok0jKaW?r*%Qb!HZe$p9_zGUCB(^M{<5cG+uwXl@%`hL`P1AZ$@s zWpH_CldeKrf6YKIGuIC`w`)I4u25@Q12~VOjRHQ<5&vz$RzNKfE3irgpS6ec-*0SmZ#g-xue8CVpjH}A16cP%D-!&_Kr zH32rA9+@8V8BRLGMlQpWFiJgWr-q&B0`26+75(V00Nx8an5-Xj4CW}3l+a=2FWPBiI-BSh+EGTfKE$4H??KZ|gpNc_4HN_aA zFtRrOkA>YzO(&9EQ;bGwpDc3I0MIbDzJ*q`$nzCt|8MiYn!S-%Mc>5q7JZbstkF7Z z)bclzd5|@nKo4u{+6?qs|6Tq3QLF;=w)~2!025ju39@uDq(6%|J#!A_#>w@YE6w`j z-o7Vb@P(N_-ojhkHY8E~XI`%Bv~Dw_qO45Q4X7)Y4WnWrO|15-t6H@?Z5fFr1YGB} zbneHcd8u{4|I%w|SV+j-KW97X1;kD-%M=p=&@(&+6;C1?7({$xc6sY%D{|b0fE!!b zjtEAV|DbZhiE^oM0V@Z^FsxF0ltGu5%R#=o$J>rj;tws%FOMOoWT*dECO$gKWcZS48CmOR;E!Q*`BK_B*rq`p&6w&=FFTx%}>)N3_D#=@~8;l#qbyIcO2z|Tx9n07#n zlP5n;PQw9jej4`rsFwQInP+Ti$^G|#Z~V~RLIpYQKi+cw^)D+MX=r!8A(5(J@vcht zFrI{xGVK3ZGw}T6@o@Lh;muNP7gM$dRf4G^Wtv(yZM3Y2xBxkLZpE)c4VO<53mdy3 zX*oI7KzH6#FEF^oQ2JH{i_5qKtpnfuJKG(%9$@M}Bs8%5r4)(E{=})pMzYQSIm)bE$=MT$|f@ z`x=lDsZqOuLr?&(AxKRlRp7Q??hP0q#KyMVtQo88?Y(4K#V3eweEYZib(@Mj-N{hs zeY9U}G(cvCCNc1?FzX*9ExLTc6eRw+{#k0l>kQfKb7ep#>Z%D}Ip_&#axLWt46@Ir zVfCW1sqg+tz0l)FfGda)Wa{hu&pM%!EFeN>@AOQ_C;wm`}k(s^l`kI?eunwa?A+{D!P{s$(dDNt$fwKlwYo@Q3 z6~;q{uq1Vc9O>&L!{UyxsIjKquKx9OPUxl6;Wr)qMtP|1b}T>r=DpII;$klY0|&zQ zr9lZ`{;O~Ic{IzO`p&%%VD<>{foE41EsP2(a(p!bk$G|P-7={-85NbJ(d-I%LHu4m zSnYLPs6_zV?s=YG(0X9+)q5xCe52cU$LTm@_>XZ*uid1yEV@X6Sl>A$fs5Vo(cR_y zY*@*b^S=mypSMpm{P!=pe~aV$p_kq~9|Sz;3fq z;VK5tg8?7RRREd&xUMJy!i*VUVG50^FvQg-TdvBz-2H<+PnfDC(VY&)=LbUcAoz3TdGA7vF`R{k8z~$b{JpprMMF<%m-J<>HC4Wti z-}^T1JlEc<-}#vvho|I5ITZI0=y%CX#pFaKC5b-d*tfaB8J`CV8@Kxa-U|`=kT9HG z0@WC;>~?*kOdeT;7$Vv1GFEBwe6rtZlAGOZauhR5ED1V|_nbJd36B6;1K1e?|8-E# zRJSTW2D_x^kxw5kqMZOF0rbTR!MNl0dP zDo>Pju)u`18zv*3JmKnYs^X7x+dM#$ejv91GXfu~`DpU#5dd+F1^FG!kN@(Lh=#Zh zWM<`1`FkLCV9VIq6s@N=RZu@cZ&%T-Z|ERnlY(0qp#k#ovst1xDG2_C(Rs6EvXjIY z29?wwpJp~cJbXg2SDa76%tT7t-`8n~bwH8OQ4u}nGZaZjg0LdggzsSZd_O^Mq=v*D z?mZIDIylL^bOo9%5ZY~#D$24QpDp+SNu`kc4Cj^*tgi_9EGF+(Twi&6dr0ipE#>6{ zefsw>ZI7X+wg!PIG@Z{-@1UwV^M_XKaj4aY$2qXWAac?~@B=N3NEab4ThK6NY?vxI z4ccC{?Wu-PZwdrxd<{q26A=z6p%``{V~Ct`4aA8JWd(g9;(yoyuyw;N6pV!=nJmXn zCov8!zJAh_B@sLJ#@ue7GWkr|zR>L*%vbcD9v&WP(N(4qDN!*{-IbDPUsZCW9DEcr zImUC7!8w9~v((-G_$Z{+u*TU$?mN1RKIPOYgr zV(Ryn4ysmH)+T!#R=cXCP|GHbGFXjIPR2E58%B*A9lXG(v|t-Ptus;vEHuT5t4iMh z3-6C8S@mI)BN?{;FWH zFd2uf$iX!Ez^ToyjL(P=Pono?F$u9{1vAHN0o9ttM@cmlc6aYTmCYFLb;Iw**eohh zW04Qf@pVXw7Mo0a|C?@ECM07Z&~~{EC5I1ymD(!--MHS?ez*um4v7{x zbbtm5%3c4|E%Lp_|84}Ho_2LWu|Vnv%htj$qx_E>BuAqB27)~Okw`^j zE6UPj%~8q&X$f(vN`Qnm(%s=g)r2 z?{zaZk>h*IZ)FRz?MWPpLo3y|AxL-X%0iHw36$cD5;nYP{N5i9<9zlAUayxr5OeS# zWNa}CWo2{Dn>(wb1WN@_<;hKDKPRU&$&zv3OebU^(KnZ2dR~Jii@61$q{RdJ%UeiV zO``+{e)aV9v}0=d!A16WcrCQOyAM60 zk5f;9Ek+5HV>V3~gEd5Q2j$S{riIwzJ4iq264MfTao#pLK?5ca zjZlyqDUs5`{^{y)b;->hX+AGD^dd7-T2uF{kmaJfg|aW`$-=>D>5NphL(5bD?S4zEh=?@x3qDF(Lt0)|ZS+EOWGteg zRMJXwhA782GBSPX7`QDd<@t4qL1@a}JT>{U><)g+i-^8Xd$^FQl_dqzs}hxar*E&{ z7vd~>40$<=peU(u3hsWh>FTSJvNLu=Q66gg`+Nn(A52Wh9>>>VMsTB0qC2zJP>&(l zFMx0HnuS%m2bXxMRLgSWT=d*0g(Q>)lj8`-@1^H!8ucLaEQiT=X+$Yt;>!KSgKsjq z&|_IdlL{z6x?Ao>n96-Js%#FUbw%PMV^DmS1Fm55l+k-B%QrG?>H#qroBW?E{~|fi zwtYe0=zgy)tvvnCVBet4VSz4WbxUu*J>_N^%pW5^vqRk$Uul&Jkd_V?_NRqb410eg z_py0AxqF920IRb{2*kByd$>Hb5wcpEIDEuNyrBrt(^IF==$%&}EbLLh7Yo$HVBiR(OR`qk6=xo2r13XHE1ZX$hn| zXzOGQ1>5e`sO(}xh;KYLWPv9B48sj&?U+{OFFEu3_XT*bnEpdMc@o^tmjo}zyev0B z>DveF|AHGpDU}W|aTmOs+#J}<{3l5=lTaij2S-PkXw?+yA+cVk83pxa=olJCaOjMG zCrz-|raO_5494OZKY!YZ&`3-KnG$Yu1n4mHQ8IhQx&yJYK3-e z3#4dY%WSSkB5;vYw`QxTs8qAKT6;E`ng}hzW{Jn(S5VGlWh{eHNjjSbZEWIwZhuKJ zPakXd4iH}*mttU}x?I=+IF=>d{z_io-b4lLmc3OW0Qvp`m)e z&{AL|3l7sefXE&VgMsVsvD~AH<6q`qU|V(BFDAu3P&BOfRoiFq50X=kLQ2Q{BmSXy z%jkIsYW&2??BFxZvUWs?ELYTTJs0t`PVWqOf5HFn!uSWz6#PkwlwJc}63rt#KR>h0 zu5Kn%9iBiO}enAt1vV7u0DLbS}x`{&n=O4`Y$TSf_Y84o?s|- z-@Os)R=@MgC@D4sgeg-V-{Rd&3#91ZResO>akscQHP87q27Fo|#k}%C0``Wis&d7i z`375MF9ukLPZh5z9ZY;!)V(j@#FWjxo{}?F|B?iO?faZ&#zC~@yddI!F4=|UlPnw5df06U8n7S0YN5_Iujaj#iY zuF4RU4%7}rMG;s>Mqclvoa?oGwfFmSV;)peLBWEQMs-;#8#QHfU`B$@z}O^x8aRK& z9J$XQ^SIsv2p?hWte>jvcFNwAUyNjH&99wzls!1VfHdk)l^qxdh#_~E7lnR)(Kf~U z{AZn-SY_msmYBcyC}*mtV}tJ@MEI(@5TA{-c?6+ji3Rnvt`&ZBIQksi^`~0x+s%!f znb&K{{^Q{xj+~G`TBPIFtys8ZZ4TFXo$0)_LMUF6o48~yq{g0#WnxH4jEc3Ou`8!{ zf6>WoI7mJl?v)o|RJ8h6xa=<36(P*ChzIk1lqu{-Ao$g@mj0_JSBiIr{bc=?C z!tCbYj=&5E)eG;dN?O*;ClZGwDcd}T!AJ<&L|W+fkgvtfS);7Em*I@jQc&) z7;xM;`{C+(5=R#fPpYjn|z(w2UB)|2(Bs@mXbx_ z02MFeZBkl4UE-ho32FNZhaepLEP{E3_XKTK2v{9#a*0&|I5eV&ba<3+)tla^bkk|P z-u+ufSaW09eF7CbD?MP2^8oe6K8soZeWt3fdHa@oL~$>A1k)xH z$kfIz88AGIcCuw4Z!C^`*DqAnTu@d5vihSde!C|S4{Y`~LKqOU$p;3DknQd5|HkL^ zNf($2YpswJ7ACU8BCrk^p4WH=CYt;V3(JH9t}P`nT_tqHPl!uu&@s@#?qp_UJR|xT z5v)wzx4A7@noA{0ctIzdZwFxNy_}rGI^b6;Di}#A{L=bzcybU2jSk*V+prGm<|}d_ zpcYOhtEf&ACT6cl$Wf#9d0|3XT53?{tc2)fX;k+1hOPxJC{ zCh79`A7j)Y8URy5RP5v^6%@l?@(t8=4LhSnjcyFPX(YnG6~k0WCPZatCodIO6yIqR zd_VaR`lMFferrgIs8E_caQM6JzeQgP$-o6-io$Jz8PuV3q2=&Pz#xN8Mu*0)0muED z6|asd{B;q|+I8m{4j(oPbqsr)awTo&R@txo!7fP^!* zBvcmh+qH=#K2v4de-EUL>wB6D%hB(?a8z0@SPptbAnp|p4L|x?x|ZK#y_sH6UYIya zUrSRoOeuQTWm4$-f|m$uSmhfo8t%$^4VXLmHw3u89}ai3}iWxk1NO$lg6Egplg; zChSMnP!_l+Uj9~W?-J03K`n`t)K({}@*|UJc@)0b0UTQ|?U$~qPtp;N)1RbIwlanR z5ykgEjMoqKz}<_&?tkgBs7ZO`S{MbzjW7KS?UmX^7Z!O6mt&~L7kW)qm!SL!^I&7% zA$bK(FMheLwU-1^?qR|m;C`wUnx$Ehll$t6ggBK)CpIQn$@^`3#NdOqg?Tf^X7x8d zS(%ezI_b@eu^>uLL_~1;A;4Y-RH0nCrcm#3CG7sU z0h-E4VHpI`0OO(P%x=^7rJw-`$FbbFpADqz!6+;J>sehU4AJ}1(Nr3Pe3UNdNE-1~ zN1dbI&$P>Ai9}!adX+2jVVxEHHP7}qAc&T2SHAu;1jqLRi7+Cj5@rs{WC`Xn$CHGh zI(z5Aes>+xkhc`4X7j0zT|8DSA4W%Tz^|_uqYD)BE_V7JOd9L^<~%N0*=yYV@OaL) zsaPGSd8$tV0cbS=n{U~vxw#fdy^q|gPHObtaYk6M*{`o9$AB|C*ARdQQ~&p-VFr%R znUaE4L1yauX$Qds1;>}FV{D#oG!2shg$Eb++dMNpJp|!Tvr%tXtIc)d(mxU6w;@|1 zkS%?x<`no2@}DzGr~0AdrVD)B3=ZM~y@X5^Mta&3ilSenvGen;D$>$$9%39MJ;tF_ z(QUfrB)5b(zhU0AAQ7>YlQb_V>hHh;c~IkmNi3Y#QGu&?mo6=t;eylgpx-8qx-vOzl_hWYz5FA{YUG zw3sU5(D~rO1{D#LUqjWe{Y~_(5U1GFtbZ7Docc&q^^lgeJ63(?blJoTp8wmfU1#(f z@DD!TPM7G2Dy7=N#Z!C3sPAJGt@DMzm_m7;dADqxTAN|4uFws8m)6~e!qE(sa=)Pwo_;|fL;zBo;WzKQQnH6iWv%GbT0q~o zPYW$ub~36die7`|mI)d>KCn>?P`Wz}23?g_OKE{$cY1nzbjm>OL#CqDZpp=Uxee;j zb8{OFnua*yiB(y}WJU(#rs;u5vobPb0n$RamOt$MWuzt(mt@!r9WLz>YQ_i#E-WaR z%~R4p0;kJY

    VVTUq4cS_$J3Sze5K+P5fIH>ch5y))cNhySTkV}Aq;=UOpR-h4hS z;u8hyATEQGMxYXVxXf9_ngjNEZ>e@dDa9h$H`UQ_P8;FSxwrzp5s)*C$GPT3T7s z$29s(cY6%@bdHYKdKG0aPQ~EYh|HxIlERqYCGCkVfj5bH;9R#IMA~_ zXv-$79E%P?J_vt3x6AlStEHPBi1@A8vw!@@*vcXI#69;(u)PyAD&CD0l<*h7JxS5| z_t8t=1?BU=AV@bI-OP#b!NZBs;Syt5h;Iogz}Q& zr)ES%UuLKzY)Mdo%M;9@27~Uqa%odEqfL2PL5vkC6DxIo)ehFFo2q zGIE=sJByXbNIJ-;E!Rk*fU4G#TTNpgewT42&m}i^_k9{>69n_Y)z!tQ!D@q?OcgS> z*M1)JCee$_no*|+oUjAfR8QOIN z88}HlC>#0H`gT)JFL->m5tlbmLq~^>2q%wDLs>ln!#JEG^y2n`0@mhe15twmNERId z20c`>`u%_1vqs#IUjFXtCoQ$a1J=j$u41l8V6I?TW_2l$%u7chKJ>KK=xih5!39j- zL%2OGWfHoP_&WusX)Y1TMuQk>7Hc8DNLGcoULAF{r&SdZf4iq zBK_z$F^1l^0&+x^>+HB&P3=lLAb$j~^kYiHSwPSY1v@J&Ut9k3D0sQpS-aIBp`Z|v zgs))Zs=cRY{!&a8C!^~r#N8M}o%;q@ATUP1#N2$5J$pMX-Lqaze>8d!@>(%&sH7kF=k-T14g zzkVFQ<;BX)z;LjsotDc+=1Z-Evk=m?MM3O@+SUD!|LkhLM@v_IFZ+EVD=M^~!1;X4 zmE8Vb4RI|{i~@6@4Wg4rVsf%6Ku>UN$S1R=RklVUNzE9?td#rEmY-0~i!kAiEz%3_ zATiW4Hs=u}Rdc!47Zd4z<4#Cd)veCYS6TDwf&P6u!9WrS}XQ)d0vws2*W&^VEgrMf7kLm#;JWS z;Ex;dx@CBs57-dAsmvWwkQl6Rnc|KBP+lVk9J@gwf0m);n(S`jvN3zz<%M~@?^FK# zpzij1{ooFM;MC(P-~Hugxr-$LLI@td_f?_neZN*jt3n(#K2Tbno5+v(*~FuL4CV<( zCgUs?xP;GP8oacQJ~>mpOd@RddRc=NB$D7ot1p=uF->ISyJReEZtuN!H~h$V>lF@* zWkNz?9v1-t4W^yxzM@VaAxC#6KJvlY!Gd*r3v_tM%3?+s(xSoPg*gg=fDBaWR#fsM z;xOfbZ16}0XDu2Q9*^zKL4=}lj>q}g9hbMN16;Y+b_?yDfXDi>uzqw6x4m;7pVJP{ z-H4z#lC-n$6LEy3m>%2gLT>MgT&D{+u0TV~K?d@XWT&4Gog?9ju3r|emg!I%I^LrN znVCP8B3uZvAZ^%q{~A4rIR5-pJ2^>DbmOX*`zTIGz`N{AOcAHObT9(xQIQsNan&MJ zMBK3jXVmiQ)gSa5OklD+dU?jPp5_Sho(IA3C_<9+907u$QuL3p?^p0Jh#Vp(gJm%Z zk|0B7377Hv9cb$(0Y5ImyZPpSmQ5fCT9FA4znv$p66C*-bORtiG9-MHNH{fA&ZFap z=c7{sVTAV6Ej94k8gVHAu)t-X{w1N75tZ#LAz_&3#RF*s(oZR>UyQm;P*EwLjgyN z6NWhtFR3Zq|2FS`4twG2W+A8}QZ>VVyct-=5%J&SdBO3oGf_%VC}Q@R2h0!?VUZTF z`j^TdfwW%xYjJryB-w5e>o*T6rj}jb!=V@) z8e<4Jd>o1C)N^|gE&-dxnXl+5m9^OHg#&r0Aa)@t5IErRd}h>`g;Se{LnuUYF!+Ir z((1v=!v>!vW^F_BXJd0ye;^`5c+A;Pl%Z$4rbbpi#PU08ntHgCo+xl#2ytTYth|jt zs;bcsi?)VYlmq{H_X~u`6RR)yj*$tf^olCTei(KmS_p$p?39%@txZJGfLFLMc}!ki zMXG_k_irLzmB?r7{moE|H_?zuMs_E_xZ_FtZa8>U1AA6K1PJg<4i5BUB!a>GgaR>Z zjdOX4VIJa?Pr^8-r+<>-ELrH zJ~#K2yF7@aV@`l#!xXw(Hmrk`N-<1VyZuZ>2cF1sf9Ey_#8?w7ahP7rTD`L_T%51z z6m`0vStUYfo8a%x?J$w_c6A4+21)!?H8rbHL%K7C$F4?`<8<@IC&(jIJAM5LUZxot_sXx^D7vhKG zU2xH;C<#+hzj=ih2?g3F zgUQGtpp4YMxp#5#InNUcv_usmXSpS{TE~*^%}0cRnL?n$w_R5b&#n=p4~v}8Aw|Vh zYkLYYl|$r|5A?ibDt!{n1iH+(y*tvNbbT=0Lza3+hC0r-|Gxp-I8453Ce$Lv?+LGsK3@0d<~LaIf+}&kKKv>M5O`SCm>t^9BYC^<&O-(D3 zJN);LUJO@P&D&5-mVqp|vrLVhPFa{l1;jwwQ#Zx-hxK3ASlK8kh z^1_%LZ3@7X2!0r`jP7nECG>Z6M%&-?BUvL|P2`&|)sk6SA9~FP+-pI4<4#ig-fQj6 z9JI7DZl5-|=k*2@_}`S1TK!Cf@F}-MXh2-`WG z^ik$;!NVlw<3;W+n5f)-CWe8b+rM*g-%TiZE-f}i2O%J^bt%fKmY1i88i$@feYkvj zqi9zf)G>*S^E@VwZx0y-aaq#nFzl&zWW?wZs#w*+KJ2SMFU z2Ukg^fUg3F%t9h0$>a(*%%PRZRlL_N2^A-;l+AZqzx7f8MW1{mI_p7RG(tm?agh7PbP%FR@rE?tR!jZLg@@rk0a~8^*rS{bn`YwI5ame~1KSQ~@G^E0E1f69v7sm|> z*eR>xx5X^(;v1_}fZhHlMR$AAvtIwI)*?pv$!-jk@US+h>gNm$=;KAh6-BJRx*X0N z?;y|A;gSXM8+rlTo=UPpI36eFjiYoNA~ZASyQ4V)pxaqc@*y2Kc(feNFXH{Fn7+-R zwnG3$=!*(^?g&ZRD=rT2ucH)m1$M&0PVR1Qe|jHq!?klcCvP|^T&gJCZyD6M`aZS}kw-%Y;evmU)fu^#yYYu#@zcK0|=D@q7^ z6q%+yQP{ON6mMG2*W+qJ`u(h3VUGNV-_VW?r^7!Gsa1GO>gl#YkuiXYHr?uQPokrt ziKn5X6P5b#QyO%XZf``&6k5o495^y`^D@+fHUtmIQ4jdEfnz7(F@PZNYfFXFoTiFf zpejZ{$`iA9MSclK+g+tVp`)o8y!@%obDnEj?nDeHjD`$>ROg+PdpjUV{_kGz3kFrv zn(rp4&86qX$Nvuf&zt-HAJt=*i07lRZB{P|A2qNgW0L0?!pf^BCzWTRXRzMK61%)e zoU~-y_0`qi83Mj7jB93v!Udd1OLElsEq(1F3SmnhGX9k7cInP+*?DQz@OoR@1GO!G z|2Epz#jLK-4N?w6+XA6XxS;UE7I6|2JeMhuM=hq6*5}9I&l61+Yj;x=CKH94Y-LpB zKy$FzcH-r=Lh2dvxzQ%myT5bj1#v~Jsz`kE;J69aD6}4r)gv;_-z!{LSOb$;;^W>L zW_|%Z-cF}Lz261D>wz>m&Zr7H8L%JUbmlu=*)kB&l*sDW$ zWjt)I{MiZf$Q1w~fUZkPnvFCnK6(UjU*b&WRHl7ef%{YtBPPDO(LOi=eW4S-0XDSr%#={6u zd~nG}GJ#Hm697(nwI#7PckI@i&yigM$-BIuSxvauYnKz`XysB4JVD|`Qn9kMwNDST zhEbw^7d*q3$^Jdm>cb5Jg-!&+;4;jGeL0Rrxd39Jf`Lz>P_BLmIB7+JAKcWv4+}f} z5Ds+_P#4fuD_OM4qw#+s!p{l*on?DE>O6CKT)fwHzS!8=QEThzU8<<6;^U*C)lZD> zdpml2!|ylyqY8?&`Ia13x+gIf&+fENUQwy2q{E#F5Mg-$Hik_Q-xOeL!agLGFX#@O z0o;x}#b>>prMmFFLNPR`)7t+H>rjWG&jOg3E|ta`t1?zChgTutvCSa+#^CM{0bdNg;C$>(&Xc0thlW>G{; zY%l@nP91S|b^W)~3#v5%Or8KLJ11hx3yCjAQ(HZ{;rn;IR$>^?h!?Q)D(?(at?sF@ zRmjWDQ3iZ(Q0i#L5D;>9QwfgX3G}oUMT^m@_Id_cpcFNYq;%B*g&77D@zKL@Gd)%m zSn3iM7`%_qLF(R05bo^R33Klna^@y*W0r7Q@}Gx2L*~vdwuYQPjaEhFTWJ!E1cedb z4m2FIr=o;Y7MtV)u%2H2PGvE>v~L!yTKRM|Q7~`)J!VXmx3Zj6*ss)-R>b`3v!$H6oSM0@NYvWOa z?ah{*nE7kDn}8SF;#lXFb5*LS34FhX5Dl7w0Jw|%bKq1Fe%k-vk@ z^p)*MYh&f+Z>Afm2ZWeCC{GNYP6QD!z`h-X{q}@3rSpNi_2ElpqM*(Q9uH44Y*WfP zw%miTX3Py|ipwo}!oITxticiD4)f22(Akfn3Hs1}bT0g@_L*4ia6jGqFA1`|-fY(j z1@yK7p8T&?!1uV`+uK_*5kRw~AtNg^DpQng7W<7<(fsO`#Kbr#Z6=8Z(e0w61Hzja zV=^A15@$U*IlmuyA81>Eto!kuOEQ?gLXenU-5-x8Wx< zIMnKPH^;;F{ujCk85`qpCmxdl5Y%YVsNyzE48z0o9SA5y`0izo!#OV1`*!)18Q`yR zT)Pdk=UNNcrO?@8uLmjT^0+6i%q69NV{nn}Yp=*J$b?l| zEykraZYxX^=oTqR+1i$e4JsNMSc>t$E00IzKmfB;xE3Ixw3UZVN~CBo;CsOSxjupAyI4I#BUcfG%EWWS?KruxSFVBVri&Z=3?NeAR`fI@^Dtkzrc5I(b`wC_cq9nBvT^7?ZpZ|YCTi@2fkC`& z7Le>U`-kY8t3%vH?y`jgf4-r1oAVyIb^$#j#P|})XKO|8XMm@J zkiW&^LftK zjrryo@of(Q;eHC6t0HsDyfZR_)$650_jj5T2ohdLw3ws=3}irX3f)G0{m>mtL*1%M z15UUDAx$nHL+P9W72?U`+nBJlfUu|$6NJ&tI#>+1^AD#X0&RaJ#-+!7(r0ZVgv0_4doruqvr`M%?eE&}Fh(~HUKYNw!B z*IPRv|H7y!8^uC~@Uk&~Gg3L?$1-e_*Mby%nPw)=O@r;I%=*!45;FXk6y;G!%L!^f}H6`W+^Ak&x`QpV%$97R_Qc?NU( zKTMqkS6p2aW|83T?(Po3o!|t5yCzt0x5k~|F2UU)xVr=o?(XhBmv`n{YyJR>)wlcH zI#o~Y{qw)oKCm);|4!`gXNL#fkr26g>yWgxG-v_9MGszpQaHH=KG;-cPz{dvd^RVE zZ*WJ(?iTQs9T761qK%L@pNXbX8lZ#tk!q z&x~pdSP1=PFZm^!p3|&8K|~B$gnO#0ivH(ql7=3@jNJih?;1URmlMsH#6&JkiVh7w z%xGZC@EmYp+Zgj`qyz$N`x{Uvuyy00p)t=EqS#EE_YKy<>04zApJ=B?N{Pch9K|0Y z?~v>`1c`>W@DL5F%^yvoP>r>vSu3>*w}Gi@tDhGWbV+2ocS)9^N~^uD}qqp<8EBbfT22HT|R^Mz?kaRem*mvW=S_ z7Rhe`r@`V>W&jxJa7`cBVO&AVBIO28lw;ZiK*i7+Ot~g^ zaWF@F3BKtjlyR9|Ap-tA=B3rqI>|I?F*Tz>zv>GZrHrUAh=! zXZUclr$&dr(@BMrJCqxvw3p?a zCHLpcEz@?gfe$Yc4o(q5l=O!+I3hGu^Kg6nx)u2Djn|kAf^1G#Tkn?vnwF0*fdCFZ zgNQ6R)^?dXabBgi-;HRSRI6+9RZU(C2Mm7Mkguz~hT4heY%qOY4_J(WMpc`C_C-&v z??%3&g@qRV!m6N}s_GREllBXkQ&;uNx~4d;yn04v<^%T=YVwf-HcWik${~- zR9{rG+`s_DyR$(Umc+z~-GqTWH z$3@hzQA%OWUS7%=pM6iCYC?=Nc@v@MULsg(=JZVimGSxTf z+-9BU35+?LVrz1s`AI4DY_0sDd3j7|)DR@yA4wi5UTC9>nd8N$&8TN?tS_Hv*<1q5wbZG8B#Cj)9hT0}CPrH6Rkg<||jQ<>hEH%Magj z&{mHcOIrZ;P)%t##Im(7w$%-+a{=(;?c>unq1WwedvO@?rx?8^&vkSM_p{fN8y)fE zbunU3&7@ICGwrllMKxIP870AS>ITd_gQ7Ty>`71v*z$ejy;LY?Z@14+QSbZVW}TOpH;}6sO*S|poc)iHoK(C9^PL}<&1zdM6$OV9_{pHe;}&$3 z1A=-dGb8QL-0_@b4mCHKfx}!RTH6;TJ#*62>`=QwC@)Z#<9;>^eNL@n5u8N_ zdnN)VBj@$Rn|p?`8Hzxi;|{N&CzrUui|mHAdiXLWdzm0w!3Z5xLS>b>7}dYGH^}q! zOl2_xZ-}FASHPKjxQCsm7mWBQ^tcP@)a~czx4iKR?4!3n1DmTi4;XR(t^ZgYPpS2W z+(>G#s=1?NHO(*<9l-r@g~S(t!Dp|LAt1Qbl10S3LpJVzdx@y<0$FNH*~(&z=1>H5 z@+Bl2(A{`nBUA#!9$AU@LJ`j1mnH!t^3Li)#N{DKwBVxvTAgCQ*YP$il+~w%xIyo*rp5{Z{A+p}#O~QG{XNZlWZtxG-m|*8O3ujm_cO3D`A*{h zQgSV;sGe3)P@tVNqm!7oDkoZ7hps0oC;ls^ASV>0XbSp-=nYqVCB|u~@59A#Nl`{g z(Hf5RTUGU$jY~s_jV{vw>ua!%;3d&EVjoU@XLhSiB?_~&T3dVj{k3y9soLiI&%rsf z^YM&Mev2Dg$o#@JEQ%gQPIKdi7IT>m&+Yo17=Zhqggj`b2)H~aPc487pO>f zj1KnpcnF|#0zdHrksJj-k~Z)(BO}OiCU798O)t?-o%7@Js+L@B;R=Rc9*E#?TGi*C z5&Fdj^)-)HsI^)Ru?ZJqv*s62nSZ0!`6uMD)%EpTqNtMXnAN=mZifJPj{8YlPfKpD zF*8G>uUdM%jv@zM9P|JzlZZ^Tf7rZ%Uhb``U{cM0uLul9!9VMqA zQ)9*46+AxWLih8qW&a2pd++@8Bx_AO8$WC1p|n zLO-G+d3$_u(O<(~V{mZd4X^UM%)Y3oAR0wKy1t_$o^(8gK?ZtV_=Wf+)SwY8Cne6; z%8mkRX5=V6-JS}1y0Xoky~G*E>(M?32RTsw^;Njp$jBu<3s?ug%0}a_*YoCucPwt_ zr4w8`FW+~2Kxf}w0q0B0$oOwCbfXy%{vZIfV?CfD^4rU4(;Mgj%1^*V6GD$=^1?c+ zpK9G-Y|8PaD*Uy3QD9FNL(a1Pr=*lCIhdCWQa+pDU(cae91p=DrD4=tA`2W*8zX+A^62|GJj!!9au=ob61p7&dUSjQEANXlpn!~QP3bc-~4Ew;D4~2zR(B2@?kDx?76sN?bOf{GLxMSmr zYPcclHsvh&qs6mRQ3Y)&j=+Bg$@oPuMD)jvFc|i-#Esj;Y7-*w*Y%~3XJXOcI=84J za;lr$9g-Drj<;#FdZ36NIi4R`bGr6pa5_&xVs17g!*R6Wos@Kmpz}3BF~yBK6v;7yq#w3}?8(T=s)Q5neZBD1lrT>A_lGd+dE4~3pb2p+$M-VW z+1(vA^wMj+HANy}qlThyvm-&(FJ9oJyqCysY0;h<8#^`C)Lg&^ST)B;RA^uiK8oq= zjN|=G`OjC9kjgY%6l$U{maH&b1ko5CL_Q>oi57)&&>M;-V|1 zNIcGiDaXl89ns2x@OR+_b(5LTwg+0gW(Pp$T?{7&0m2R(y*XwX=i%Z~J#R z7V$7V&WTKXp%*I~8(cqgv60~Lz_I_29)ip_gj%C!j z_-}#A5Y8s(dgrcpJ1-!XF)H-M)X1Fxsx6yg6V0x^o%QeIOHHw*h{Y(IfUK5Zr3VS_*Iu!|jByEr+WP2TLNT}*A5($DH z!;=#Ag0t3jq&+Y=2;=K$Wb(@HNA1(Q3IqE;1#1*mEgI8gr6pPTzD~G`63D9s(0zR% zETs=m1a_KKYA0sZuoiO5@W$!BQpyR#P9BG4Om zRCwTV;5Ohuy&iCSa`Ij8&mC94O$@a=8QXiFxTvGr>b`etU0Hc zYLsdFV>}P!1m=s~Z0Qj`9T#?rFwI}VTiTI zP8A$>pLbk$h)Y(<@AYtTZnvHshzmxk_~pxB5>T&wg|*JT!-(0Piw5Ps=HxKrrvD`l zf%i1Qa?XH_#*INm%VdV>(@@Oe@z^Jf$XGpY50tD3b6>)>aO!SB?5A=h$V|`@etfum z!6Lc*_wNQgfjb2v=v-V`w1$(KIwE1*Mg|UA+|)bR(J{iT)fLMpU_z(JEyrDh8|Ga# zFbd{&z7&Y?#X@bhdV-!Qo!+GAJ&re`c%H+ynmS?9c@BA5PB`lHJH3T{hfVLYcpdi~ z<>W?j05v+cTYp6fn8ROJBrs!ZGqXSFFCr|u*SOC8eAzC2F~k{}=`eDlP2xJ>F`YU% zj8ma>>IWNP_d^bGSzQn|029Z$Bs+Ibn^T=Ci&r@f^?be%9c0{*h0ECG$dW<+WKbKkYSZL~#g z=?guH7C<@0?>hIx^z$YK&vCN%nOW9ax5uQpG_T~>>`6|i!`!6zZl06`Z-ya`!`a!{ zz(ZrWN<_y#Oi<9m3MAMM2r4ML*lHfj(EYo`5?r)7?!%&Cctn{*XmYQeM!JKOG2@-n zS7JYmd|w?2lph67p0M8LZUU8N z7Wy^Vw9{6wL!Ux`REV7K8-7084E3Gleub>ElqD<+CwV;dD@rb*%cpquYVEo|RmIDf z&t*M*eWrpj62A4}vaxw0Iqm?zpmfX76qmZYCkt$JIDB)AaZ=)ogy^s8DMH)rHx5R>PtWb)km||blAIgQ1X)@HJlo0F?K-U)<$;#4A9G$pLK9BIP=TQ>yz}( zg&@QHbtcn>b8c+$t1>u{>RutDA5tCayx@p6yG)59O($| zQkBoe*an?!4;X1m@tefA;{axG{&bW6IqXZbK=%Ac(ZH+5EXe%_WeS)9Nr{3{NHl1L zi!mB3S_Xcc#rCVBDB{I$JI^GfkJtYs-<@PEb~~P)pr?xzUwIKs^-ZHAAc7iTC8^9Z z0{y?VR6qBFc1-&(;o*OKHed(F8g=wTJs=_=fRm*H2?EKS({s6d(@9kmYBOdU&HiX7$e}JR_pJq4?v=g}vaYk-|8kwS;bJ^X`Sdb-?rJ_-1D8#)|+Rq=b93%rIrf}~7Q&db2ITz79cmr_z2r=oTAvu{FA zD}2VT!ufWvhNL3C5250hym0xBsj(=qnckK|2zsc6#m!hvM%JiQEb+9l%z?Cgrcrw@ zmnU5+*ud!C*q541KGjr!J9THL4%oDIM1FlEE>s}Sz(h+d?4s$}5Y3F~kvv~rbp!Bd zAkN9U2=>a=3FMXgL5c^J`$gdSCIas%HAom_c`8p`Oxk)iV3#wYD@l*Zt0a)JZVi-K zOwHFb#0nB|sI4eFiQYDI@`$xOvX`!1IFDU{V|x6`FWj4tfW zc^7N;rd8v6SUC~(Y5w%RHWg@P+gd!nsH20}j1a?(T_so$tWOXJ416OWd zLMPOP*K2LF&8%0m`Y^SSZ7F{}$*=Xoa`TJ4Oi?~VTU!wDH;a|??iz3aK@G_N_2tEd z8$0JkkWq`3d%9n+?f6g}!;U;7Q6qvU7i<5^ze2MFR$tPHBX_2%>_Y1q;&llcoO98S zM$M!&!eAg^gNTfZ8XK+GQi8*b?0 zjFTnTAE^0Eej2vDyW-}b!+{g18W#M?1M6XVmg6wakALf1X9BY2=ETKrkbW^=soDlo?ggwj3614r76RVrH@6Ig!@L9?t`bg}ICYF17?RcXkAlfFs6h z3^`g=sj5pfPb%ulcVsx(->DcHg+%CO5^yA9vYx^Tm%?f+Hr~W<;>$dqjH+R?k>({trwXqe0 z#}vwggJLO6fToF=b_gH16D3B zL4-c^e2jJYTvRAu<`mn+!qQUwIYK=$H4LZU#>BZ}7Sb z5+#0kU^sh3A>@!G0uH#GfWCJh1h^r`pS9hf@9ygWlA7i(1-AwTK;W}l>86}b3VXpc zc6G%7G$uNtSo&5mEQYXB_;fcEztjicH-zL2T^fU7~*)it4pVW8c{be>3&7 zbevcQTCb^*v1w~%wmUZA9)w6v)gA|#SX?YIH6j|pEzZxo4kahX4;X@MY&wnsXKBYr z%i5-FbYKkJYq2{P%(wthWZkZKwK$(G;IO8wvSq zR)d*wMK&r_^)oqGZ5Y&y=~o^uXphqovBs=~JhM78``i`uuASX8EV-J)2ogFi?Qyp- z1v@FO`EZz@f zKKiY6snPQBfyO})33_ia!IkOdPS|{}{z|i(TqOhgh<5*9e>b z{P~m1dV$r-dV11EqmA|}DgMhfZ3NTH2rCJ>1|BmrvpOiSB0qm4IaZWhv>|yn4=0r_ z*>>UB;$CI5un;E<$jra0lG)!Bi}e>c(~|$IN(x5R!%RkFS(8Or1nq2snbW!hsQSN! zagY~3xY*d5pWa@dO@KKI0po#vIJ}50VE?cbaKAEreq{J7u$70z{M1_wX?(7K_zu6!kiP9Kype5oXAi&eHZQKQ(drPy|8AahZR$|I5@kO zV`*H2(9f|h_g5!Mk}z-X6_tD)Kr-B)+6fRq4hnstcIzJycmMATg#sx2 zFhagZ)fE+|a3{Q{KK&68P`O>gA#r5!q%F9zE2)u#7R^mnsiZpO;J*+E8rF|_jip%{ zl5J}#buk}yGCCt^d;jkHTqvQ16!I$TsIPl6(w|&K&A%2Yq~GBup{C2h1MY$5^XUSR zT*+4|D~sI{CWxf@)s+=SY!>|+^RXn2fVTzyv<{C$u-cGYxD7q;S-#MHoCF!U3C3p| z=OzG{+3anYlXyLBEB1U0W3 zD4EEGyaa0+8txpeRoo!dWkurooen^gCOvZ);+oJd@>$lhfezom#%T8_6et`Vkyf%Kt?uvs;v!_uFr=zM?InSGe%S)Xc!gWZ_ zSh0EzRin*TFc0Ggec$Ww?AyLC&IF z-tzxGyw8-9?Ay=STPtZ8=r|` zFH0hXdaEZiO+oa17ptr!a{>2j`xH#!sG$svA5kNBtgu~!QEzs$(zdZmg0+84A9!vG!(yC<`ZhG2M@$KNt z$v?+6wT1=M^n$2%idoGoY!zG*DJVb_!W+o4zDa9UC}&Szir_l#ULFOi=#zgV2UnZ@ z8z~QIqrilMFZZA>4hB1afow`~nzeOs0ISFSlmdikIBl9#%X*js zkx2UhhFFa34?d5JHV8eC>MuFkv}fUqZ%0xJt>0QLXJxI-34_8xR)aA4n6Rv>)&?D3 zk6!_W0%Qhl=#!1F8vX-RQGUKW`O*{wK4_2IW~mV?gW}gY$^D^^G?mx+pp+n2|K#eR zz8Mx4;UklkWRcy|^;$Jpr!VZx9J-M&VCx+QfPKio()0tNG}VTye=tzFwSHPJ2vQJ( zB$^sG`;=sV95^kbtkq9eu=Mm`rk^l|fD%Bw%0FwmpAgPv%?Q50t4?Nbk54}Wiv9s` zsicV(`K3%tdp=g{2|qs#VRH6Jpc)C0cEgkF0eS&o|6NGAYFWLDrcXQ=@lL01SFIDc zN=!@S7(rmN(Za}|D&c^;5=oNW#D)2YGJZGNw}zh!si5ldN=Z*QxVyN} zL{PUv9TDxbQpuiN6P1D_G6*7dfOGPKW%om-L=S*zU^FV@3XL=YnVqlL&giu!!_%-+ zr^97+Bc*S36>(9uLn{zc1tAkgU_w@0Y&GY`YC;S395?E7K+VINCs91ze&~8Q1Qdo8X*_Y+(R>d$Y9P&p=|I9$lUx$5~A`de>(hh z5ax&5NWIi-6nF*9B#XFd#F|S|_<#6=JfzTk^sQ13;8fBMJ~88)QHQ;~EEhEurxZ9f zbX(%4x@~F_`g}mE0D8UPYZ8x#Be=R1aOkZ29D=5)_yOC!A#$#MIs_DaE&_0|4CzH{ zk|(F-BsfpOp*9?-`+jUysmS6U)-{Ppec(%=E|qP8?4_N^Kc%dvpsXdK+VE1y6(E^Q zpOG}o{JXJ77Kx&y1eI+CouT9$ocRfW4)dWPNtCHqphw~P#(+0Cxl93fz5E3lYp zk(m|T6T#K@FXiNf;<=deNRBTmpg+y$^^)t^vvP0kB5C+HHAS^xNmijzJ%j zmJ{Z~q;+zHuOfh*DsSH-JKYz%X~|7SN4hSi3@3NMZN`r*6_}8;cN-m1B~mT1P;G>~ zai$YRPk%hwMptXTj>hxyx>9W!^L20m*S8M<7qQ`xrG;l^t}>D*`E~}QfheR-A|fMo zu?Y#=K1O|kabXP*)q0*68&m!z--=+m~STaH1kTl6dyqVu}fD(f*>Hry^{RrKO5NVI+jv@AaWQ~LH&Mqo=}wo!du zQPDoxQiwLVN-O{@_~eJdw?1QgLeV7(@1ELl~JpE3^X+ zM$Iuh8+|Br6WGSZ{bq5a$T7$Hx6H)+SlPidriA~OOKuH~;gw6ngfstqRP+g1%)AXEDceE|5Z;Rw)o>B9OQSqE?08w% zZ~4cQEKfocb@#TZHoiMI@>B1NkHDd0NE>CfwEySnxg{wstc9RMvW0TdT`R!zyB;a> zb7J8mi0bOv$VM~X`iqE7B3>#9iIju^Cw&sMxF6~xj23!y&^}dp`(9a|07|S;)|LW< zbIcOEyR*gN0HNwTfL>bo^GA}3@#WK?v7?1b+?D{a>UIfCG(Gke;}EqhsEd!%`YnE6Ltv&t+@t(efu+(8cw=elGa{XCoNb3(n{%$w{#Jm02v+c z^VZ)C-s|S{U5RoT%}D6vqA z-0R6W_n!1@+ojXQDK$M=9EzTsfg7jl9YVBGNub$XTn3n@Ko?3quRO!Q!W02&g7xyx zJa~^5KxFbpU;ZjKi(qU4+({3h<$CP8appQC;j%{?8amp`JHwQBf(_Q392#^KOMM7m zj6uSC!SJIAXjRlv{8n0&RmJ&n%BrgUw7swwIDkmZiaooQmW81^zN^WBhU!oo%S{-4?9ad6DH z(9c06s0x?ZdnA8!!rg zHv}d^DyT?~>tcX1*~{bZ#Nzzq#LKALA8I?O*;W~X^PgUem-AQ#ucP&^%-fg0jcNi-a z-&Z8IQ5g@2Dr%5SC@6()d8fVw80rE3(NCrh+}4_)RND7V767j})!*B@ttlbV=TI%% zOZ^M5QU77J+7NWR=+cXs8aK>qFg*267~{uylnH~tR4Dv zu!JT~l$x%VC%()B*CvYuGUWx>ZAS6pn1o4DJ$a56fDZL<=z;alL6R?WrdxE2vs&@& zNulQQx^!amQwTT&+2C(9sR&hLgD6H1NTp=z)A^fHUkbQQAVigOUCQy0AjkK zFtlC=>pjx!CW+63(dpq#(Q0=9Zhc?RiZD=_AS*f}>4}Ci`2IdkAH~ApWoKky_y(oJ zoi6tPrIC_kxqR=AeRQL)5*|5RD1Pr`l2voQq9yGw)0-~W)i5$kL2R2r;mAuUJyiM1 zq6++D+o3nB*36*nG&4&}59HPj5}0)(a+aN+NI1;8D+fCVpN*FFVeoMH{bas&!qM1r z17}|FcO|mE`@V)T|SBFqEV@%YzFt3-HSU~C5JIVuPb1*#ymOrJI^S#dy zspiipj5n813zaz?S#a3so57cwQEhV=`}RCNz$#8!{_39ilDV5(?>}=@&>>~TO&PR{H0U^I*MYRjMA zk9OH4?&lT!X=8a_LS`evq^=QGqItIJGOIApVGvj%wUN`FLDM6f05kJisFb*XCcZVJ zB3>lufXvVYSicmg-w1a$WlPp6syB`e>l(ag%IHkR&qz-e-bhNkWj7k7==h}CNKQeK z954%j{uY0m{tA-!)!kaS#CTr@M12KCEV)wxa+`7Rn%x)wt>DJ3??5A2+HGT)rnGg3 zN4GmdINV92wZ1b#09)c>BO~n21JIV{p!0@UC-P8xIXJe@Gz%TS_HEWXUJ+F(bm)^m z5>Fwrw%Xchl8)pF1XBF`e0=)wh=?l?XWN~IRoq$f0cZi=wtCCN|Llaf%br#?gGh_t56o8@CBAtzQDQw<*rblX%r{`sCxau zjZ9Od@*KlFDuR6@3R}WADn_~lw}9WG;E8d!jQq%tH38ejgYC6vH51B|;DM;(&Y>3f z{$amU)J}XUXdntO!mQ_M@)>wJCHLq{StHujknlR}=mWRi&Zwv;TNl+bF0j77EMZrV z`J8X(trIEv6#ssCX?Ab$fZW3IeGNr>@mIR?rdd8?0N~a>SaZ(RZZ0&}=)+QG1AcpX zmI2%4FAb$==W=3g9^Lm7G`B8R@qJ$u8Y`{BbaVf|pix?q6z%nE7;t3$?gYlEeSja! zTc?y}t;V^;M2k1Ve!tc%Z_v=t&0B53%TDkTDojERgr)KQq*#A!5oz+e6HmzuV!& z#kEcJ3Gph{lf>ZOB8NC3;M8(`2X zFw-Eg1*l$V3J76vvJ_4W^i4YDpHLT)tBvm$XH;@YE1l1jgcbUHBDBv@k^8yUCvJK| zMTa)c6Vu2Czyje^6>Q)$NG~< zXfqcq3X%I&Avyr}yI$S*m9X4TLTl?S$^Z=lN4p_g@VP8j$3G|*AQ*(3Kl#Ue@?At- zotq#xli(=qJyv_gRyJ|5|FGYqZ|v*bPYajG-kS;RA75*>Fiv-!Yn0 za6$ej$6AQ?3uEx*CjpOGA`)Wair(#6;73P2Z1>(ZKtw6RfY@|P%a%M^@lA&{U0|84 z*nAyu&~$yIS>k6o=W#d4e;OIpAhc}fw9HQLuHJ!}7jkfMg$aOWC+xBc{JN4e$v8Ko ztgzTgbXj&StiaHp?n_Dz5J4`rj!sHa(bg1`{QD9Ean23W3X% zJp(dmF-8W3_nYU&YNK6|;IXo%BP0TDU1C9xdID*Kjyuf@Bp+Z}FaGeT)3T8SanrX@ zV~R&a)E-E3inz`e^Udp&*HF6CayFW$V~-g80;xo43Ya)Q&3M;bg0!X$v1GpcPS(`f z0P-~bPM>y>+~RbEV(1B=P5_YRt(?Yvq3H>;_)zdWe&#aFepU^Ly41?r$Qdb3Lpure z#(r5bqQN!K8`sQB?P_HKVl!0CnHft5+u^cDA244e0@BMcLm&g!KWY;|U?GKuUAd;9 z*u@QbcfJmasRxOAL48G=nV$!p09!(4i?wC}!^9|BzNK@OdY$JmWq&m8><>a7{clHu zL+!exXSjy~3Bc$Fyy&1*BUrScvH?cx;qo0{HYCm3^`88>9KUz5`>XtiXJ)IGF9S6q z!dtinZ@}&@x&|F%e=U9icprxi^n4~2TU=ax)RmP5jZk7>#FycUzN&qV%DZThl9J-d zq5tS*BMrGm6AKaoTiTt?Y=?cZ;`}xRW|*>E*p=NdF-BBSeC+>9s^Gs!?dL?6v*V{m zIgV$!yT>YD3XTKr`OJDzP6%sb+vCm6nz@02y&V+cm&yOWeqhy_KwVGIuzL4RA&jCI z#2E~vtesj66;8T3RTQC9jU;eIlbub@(7+Drp(BZ(s<^2?Gb(u83}xk0afnLXjx8g< ziZC$33agSE0<)9rfhYpD%gf8UPPJ~!b1X3LBX6F;c#U&RnPXW2v593C3X=K$BH4`3F`a9uiSri zbrqN0O!E^p3aqpj(BiH2H)_xP`*%|P(E~um3R=M*8W~YXz2uXy47P884StaTZyEc7 zh@GL2D-hJ(sUr8SL|sxVxW>D8Qi=rTQ!h(B{_QOGpmz}Xq@jv#PaN5|Z?4Z;E}S8~ zhpm7lY&#!miyy3g8_4H_Q2gg=G^+G%`AcW47cEzSvKy#kco=kt_uAsA955ZZD;T~ma5V_&%+P`adoL|gi1t!ef5|&!q?XG z`LhZN+==ypd7IUiTU|G|CV*f$vN=)4?c_KkB4ULVR@cC~4ij_Tc zJYHtf`dJpOnNQEF%3Z+QAdU(AVeno(6(W>I;(b}MYt#H4ueEf4Xn2#s5HCb1ujddvTi#A=`W9kJWxj*_oN630yi3a8`eZ9`nqm@ws{!K*MQ7<%0cdUXF(g7Vl*a zOKeSknc5&AKrap-$1~hB+e)%s9kmJU#8$;|hn^eWohF*=*~2nF5w<(vQGuRB6yb9FXlkFb;^O0Li~mVEVT<+iIK3Fh z7>p)bhD687{d4gZix_ARswPTK$SQmV)Mp^IEnrJ~^C}Djr_JKHp;N4g<>?}8CGE?z zdJ9qcRe2gsNTo3SmpLVdsXZ)*b+7Y1#rZGySyH*lECw#Tu4fqyfVr}i^sOk#-?l$k zA*SL9&pfI7(PGy)zDj8ARQ#38^q~us%6brVjX-Y^v44YcW7ioTqU7BY1vq5I4L}A4 zrZa1Rl(iNZjk#Q0ZV&EvxuyUerAf5zWEp8$*!Q&Fy?^mW9~pIEg48u)_v$+`63R~l zTYJ;7f5Go=(pyRRzQMUSwLa)`Yj3Cwl{pvxSJ<{*Mu7#JfTy&mYv5k6&2DI9Kyk<+ zx3J_H-w?0a^Zx7%SJ4m$&0!0)AOVJe!`$I|FiGOcyb2EhgS1fZTBsoUtfJ!W0eKkI3soQTyA{br$NK4mQ~;B#vQR#9D!NR)c;-WqsxkQS(+1fAxD zHT2K{Q%o;ZW6uWC`cP3TU#wfxS4Rvo!y+HdSN-Oa;EER{W(S+CjHQt81#*43Xp+HX zf`8ux5q?+yk!0W^2WQ~Yc*_Xhlb`>>@8jBc+gC+|;Rf7SvynJv%x`#6Wos8yptS@m zMDDXRyf_jdjU#EI=gT^Pi=lQ*d#Ls;I;R)lkiO&41WAbXzgYPW@TTk#n1l4~LZc>n zm7Gj@cRn}m7nux;3(Efy+sd@;2&2O)4RL;RGj1Bo|y$zj{#I{$SiAz6dt{&nJ|EPB`Kh}5Im=tl?W zIV3~HIuC5B(6p<+l`*S#^T3d1izXj2I|!`Gs5;AE#Q&G|A8z;B-8w-}5C?qp`0JiT zd5PVv(I%yv^gHr6P!6nMKxE957I%>dpUb4zJb*(8Uvw%dTHIVtitr5U;-{;s<}})r z+j^jqtXh$=J$M^4E#Lu61JjP|w-8X$#)aP)%IL^qq;2Lr80+vL!TuAQaI0`twtQQs zGR`!igMKH%zZ6y@|Lw+?3`sa(w;zxlHUgD-4Iq3)Zrzg1G081%lE!O@li&Q!@|jQ@ zt05K#h@A*S<>!XuhWyE{2KFVOFNKol&wd0B50h_)7Bk*-{toeW#EY#e0da7=z4)UM zr3b8ws^3y_))o`~J$S@c`Uywz<=2WUP}N0mZf**T4e|pgE+hgDQ%6YbrZ|u|(^d%X zeqZ8`iBcb@VIdS%1rJ2_KpsfDmnh@ultB4O{?$&Cdt&ntUE2hSgaVpvY7i0m&Bx`O z`fk|uUQXoJy`LPz^z|YLQ~=yBaFrj4zyBz>Z?Zo=l&JQ6Ny7Lff3+RgWF8aS2RgYI zdE;`dt;`NtqHTM*3Ku1x0`$m8z(o!yjqZu~oQnTsWo1bdA^_GhNHep7@M36 z!m(JR3;Y4!H zO&-D=^2%8@gufG_f1MCrk7=${SsZ~a@|qcc8@L6Ld3h;-t18LLjef-FdZqEez^ZAA#&BFoNRC^p9!405_Ji@V*@w` zBw&8E=D8}u9gO8s{T4)qW&13z+oJKSJWDMbNqETn3fmU;;qP1(Vb^E(Zj%IB)sW*d zP|w5{`GIk{b)BESeZ0cqy&fMH^pmTJv%RZ#azSkMtbl=i5* z>Up}TU{)zBC!sy7JHnCj`9JAMPyXq5{CYlX`o%u{pdsrHp!x7|H29f8(&Zr-cMe zzB`_KyVhf>5_Q{egd#bLG8(Ldw+Pv`oXQ%`&Y#E79F>|dj%?^oesCuN?HkTfzn!rJ*R0`5DuXK%>hV1o`O1NR*XO{jM>wmI}*kFyxQ%mtf6 zQJT50tY(eh{5x6ZSi^B_o)%Ll-4m2sVbs$t5w z7q984HpkQEx3llI>m8X8vCE*I7vYDlvL5xSziBF1 z$l+a8Btx3-ojBEhPaHls$^beySmTuSz#?09tdQPVVga}6-;=J2sKH1C-*17e(d|M_ z^$*~}(-|j744@68wsOVHxUhh85NtL>o7h@14v~R&M8l8+s(-FS(MeY*i%}BOH+#Kh zds?R%10!1R4WzI3nY;mi{@*Rn%Q+MUcMdL1Z@!umM2<)8gAg4*4K5IWZY?h_7Xys# zg)vw^HPqJGz2$_jSV1C0Ig6MZl- z)mdAdV`UNs(5+{| zn%xrxu&@%na`mGp>$2i6n%fchB?nJLw!9)7zeQs*B zGf|KMJq9H{s0BtI!3})@xB!|um06q;`{S7=(8z>tzz2Lk$d8W)jYz<~u)g$^^WD+8 z*RY^)I(5q2Ia=%*Y}k3JoiArrM}LcND-NCe>E~dv63F1Q0<>+h=TigxJPL?T#?Nth z2@A3>n@>L2u5Vn)!%d#Ea)iS8_`G*!P-NAS)2bDDT6Wx?;phb9ZatEy*-HX zx$5-xk614N!WpOd?^ljaMP8QdXn^r#am!Vja_|3ZBgUqZz3X@cNJ9XCUrk790 z=`5T@_DwU=Mz6l_9a?+y@tfI2V9Q_?!_*VWTlxje?B=z`E3fHixfgGvbu7D>g_g7D znp?D*+lFL=JJAcjc4R%ZAi_tGhOQVfWZJ&;B5!w!Fz9U#7#8*er=23WgZu|85Eawm zD!kweBK42Nw)}EgT^Sh}PKMra*-Ur_dfo~TBy*?Z@*4wheYwj6NgKpW^*j`0^v-wV zH$8NO+4wYV{XBFy5eo|}@u+61h2 zsQR1Hp_U%Kv>zB>HaZ3_|D2g34x3JH&qtG+5i(>2J-7GxnNLm3@(nR!ReD-Y_YVg- zzcti1Giq&uE;6Y|f1Yiv-xvB0~R7q*$hxZ}ZhCQStF$h~P z6qBmBD6)zWv$>osfUf@!RbRoBRoAvncPO2LGy>Ayp)?3ccXvojZ9+gnLg_A*?(QyW zknU~)>3$dYGxN=Szrf*g?X}MH$eNm(UPcauEa9B&K$c&lpDi2N-l?k6PECu^hvrRF z$6^!~ddLT}Je!M8X6vQJr#e2SMS~s=i;Bjz<8^g)=^vgx9-M8;q$PRMP#!y$=Y7?~;~`5u1w==k(vA@>Edj$z_Y-;KG?9jwa`G0o)roqSAQ za*)a>RHTGkiX#M&)%wyw2{PZ$0AcRi5rbAlgyoT%qhIHsOn2g~yu@Jd%2An-{2>ATBJ!YZ0d z7y9T-0QrPIv5$wCAYNgwZ1RBa&IL&!GYgXY#NC7W5xKHyI*da4sdprlAu7X~#W` zhAmj52nm?A*wPP9P|$^|8#cE$HC-Q<)~}$km1o2X;$<)rcK6c?RZrfke~Yc(Q4>EY zkTONg7xQ~njKz*+j2LGM_#C=Zt^>SvAB3Gyj^ao1mcA%ekn4{V@wJkOd4V0{6D{L2 z6w{FRDcBLXo0rj5R5c*GT6zu)pqKXDSzoVQ>kcOjC3vkjW2^y|IgDebP8Lik!Uog% z->Z}2z(5H`l~UOviz|xw^aR7%wQ0)VvQ#gF)pri|a#>#wi;Y?@#>$;vk|9=H~e0--@R2@HYocO*mSw6M=>0Y$+-NL=s=`g&`uE zz;0(2LQ0)X&oG&~d>Xlr#CRYMcBAZ)g2&&qZC{N4dHPOG7HUqv042~A-_*ldKU^Gq zfq(UzqmH!a5~dehhURUu-+i{aUPt%Dc3)lDCjNVP+yqrkO?rh#dbAbY;`{6EjK4A8%NYpN9%xZmB1h|VO{2$D^O&0NFwSsdN?hTRCqbIv_xE+VdwuyI z!Ca!VC-!XtC<&i~_lJp}acbttkqtCVDXy;r3)nJCFQzr|%Z^A=7rJO=`D%@&$mu(Y zv?P}6{l|be1{(|giPOibDoH8wOqPC(S7*d=WP2ddv&*N<-o z$Z5@f>b7EFByZ-rFEw`&RlD6sG>oQl+xfSTAbW z;{k~sKLIguy$~OtrzudD#em)c-+=(cHJ5wI!m+Kmz)ACV54zXoFy;Ji+~(#BBs`%8 z+WPuI30bsV)@wN5g&1Y&6frck@HS|kYx`AoAQ?(xyvC(Wnt?jV$rr3oWM7~BY(&`c zKu$hm2!-~_GW(7*axc5v-V%NWJW54RqVw6!k3LA3#s~o6wYDKSwE34j+i;M~(%R|M%X}%ZI z{KS8#IUCUcLwEn4PVB8adCR>{5GqW(0_;B;YbXTv4prJ4@qLhV1W9%8*w~5cQ>+Gn zTWfT+QN;4qEEnicY}-izm)kcewN|-#6%QA=T(;xmU}k6TXMxrDib^1XkThe7k(#{=&rTSbr6 zipJO|v9tgga|T9bVg2K?lM4WLYuJKAA(Hz)x~!sCDnP>aIWBIYw1$bfg9vFU<#Wbj zs=L;A>MBKpL#0=xoW8g)tMH=``J#@H4?)1j292$Ho!i%6R(miX`pJG2ou%!`qJAv& z^x2j5ZZ_gVh+Y{T9jyi-H}oLhv*s(f$8d=9H~bDA%bGAXYzDTgcJ@ET7+Q{`2CjVm z{@p)XVPlhg4!M!k!dpK{fex95*Y}nLSut&n6R}FOY!AlW(dlbDW_&TkzA`ZV6t`l> zql?pIucoF}?d;+*nHfMuL-V5*iq0Si?KFNkef;A({jP*WR3~LZQ}^x1IjKc=@yOLr zkAq&Y$rURiIyLQBvrF2ae?{#EzSc^h)(w4C<<;IQA6!U4%BiGx_0AUv##p3cRxP7S z4~GX>2}N(_cj$ygs6(M}>4D4p$gU85{ed7BVnQB~xzl?4@gK7P@n#F%-R7is{|!P` zEY8m8v3Qko#vR|e&cNu(0O?x93y)HrO0|2cniL4>?m)=5wKpyJg->)P&uBFx~ zS*oX17dJP}brA8AJ12GjuUh=hVaAZxbx#gOXeXkYow>dJ;io6~`)In~(G6BR3ddaeNPUm1*wLEtuY!LrzjkG+{+PeTgNd6N zfRx_2XhK5b;Zs7A&(rs#yPwH!91L~PP3ZlYFHCpp;J4iKv`-&m@<2}%dX{h7iE=@w zCERJyDjT)Ui)ib1%R^j}zxv%nb^XIhq#0kN3~7)*?Bogn%>F)kX*U6Ct^-1ss`i2M z?2v*&tx_<8Na8D|gUh#g6%Ax194VztRQgWn=0RuiGmC^;0oeY(`bu(! z`f=%FAFe@&aSWYsXof)UJ?0k#F`W<_BOC&M7*Z0FC3h#Mx(d75ilbb#DiyXQ6VEq) z2T>>i!E0Zzp4WCbop2eer1Hf)BV*;kujB(GFT(`6|NE>oco%=azt z(&OQ2M;P#HW-S$Nh}QcS=^ImBkJ90Zqab&2;g&llI(hnj{#)VDok^$sukxQw>nz@& zv?VRE9(_+jAS&+6V+ZbylB|DH5;O~+hc!Ppm#$UsY~E;al0Di2yL}nh;Y_FfB`%*h z7)MH%9Y-l7F7|x|T3EqxjEzgeLWRqKu5UndJb&+WVB z-YcE8OT=!{_3&iO?&|FwnHn1_rv=9hCbY91TR^rSiV`mC_=jee^M(^@X+}`j8Q#=u zOnC8ezobzEaB2cE{RdURzPA75Cs#1rtfhqs#GpxK#gzfgWjhH9cEEEN{e-balAn_EIxJ`_ zDh|0ffyYi5et5e~T|J)8{E@$&Ruvv8(U;~QH#kXi0$wU*h-w>K?x~zf#k%<}7k#f* zonFO-$!l3%RQ=)}h8?f8jkcIR(o}B9n=BOV%S&f?^#?K>73e?=!nR5$1w^@c%VhGW zPg1C}rc@+k?voJB8_FpE^>3{Q544~~ww}Ep1(Pa>It)SV~~5sI#sz^+kh$@*>_Q8^<8fb~(nR!%xPM^78S56~b4`C=W?j5H5R<}`) z)vEBq$HAmuPBc8oF%uOmj=&cu{6ssW8cRLmAm$OlvwxZg@JTuapVLZH29#0y53m)Z zgZcLbH6^4Bi|;F>>5L}#=aP1-$}9h_+^k|NrHmpnz5a_T>}}#(ZFXV@kMuU=TXXaM zkE!p*j;smRD(u7+(if4||6D*`|IXOq?e-+lq@=c2g4rp*@b}8x_oo1I@Unn3Yx`LFrfoM~qa#@5hqw?_E4oPkB|Tpb{kLZtooFZp z)t}fu9m8ofClEZ=a1O`>7X5WUgTRW`vOPC9$I8si>@I;4HHu7)Aa=U&r# zA+UacZv$kG^UKJ~!&+u*TzXa`)L);&nt^EK4^l0!PaJR_uUfcyJ>d(A<guE;v}V-}Iv`ejYIK?He4rB(z56W^xxJCDkiy0T!8Yb1 zJD-_kQCLjjHYKTf_0Kh9#rQsDu0H919C!T;TAWGP2Nf#&3+?YvEMi&|(b>m$wM*x> z==ITX@Ah!q51sVuoi{C5Sxe!;gB%r%G&hzb{W$kxQ{~yn!IS=>zu)@yD>3KAwQVCH?hIsS`TN^mzi0%|+b&f z@7WsMD$2!?w$=BK&2c0$R1Y3(3}dsC$`lP20Sc&8ZQ@!es1U05(e`$2j8d+Pg|U?# zBbm%YnxIF#_@p<8P}cMlUg6r?JB&^Sd=d_>x$wz#PK;G2-LizVl3-4FuAju}2kyEB zL=tCutuu*#&f}>dcXZH^k=Xr%moO`Jp_a+MzyzHrJ$K+sO+JrSzk2nlMW?Vgbfw|aa&Kk8`yi@#lAkR>h`Gl z`AIfryTP0lT70m$ABWg78$)cYmHf;rWk}!Ca5YrhY2(FT2sKf2c{U03EbQJWx|hSi zslL+-#c)m55C)=fdZvJX|AGyLVe<+h#tKstle4E^5vH)(@BT*nNx7!wU7-^$FLNa1 zD?zcb*D3KkjmSy{LOok}$!b0CK&nm=NqVmh1YK|SXr z4h7=Abu*$%vhT|d>5t85)<)O!BAnTwgJF3?P%3(Qd>?mrGj;Kqgm|R8hm)_hT4n~S|e`lvo)az`g z1Be2)|92F_X0D){eFEY>){PZV+Rk9%59*qtULfl(xvPqLIw{ z@im-a&>{Ko8O(SR%xL}cdl}iV6E;vT#ZducWH$P9Yxi{Jh1r2F9-H$2ABbMO zcrf+O!-M57$TJGh&vTUkfu3ib%#3IA{Zb?Hn)Yu4C7~{mijfdw|7}Y3{rmT>?J|Sx zUk90ad3ahxfSNIQXv|wOhrExD4bBW(eN7GGS3*G*kb+patthmNN&BuEHOP+zeRlrKDVix0GMpZAR$YeO!uBR+t$2gGQrZ#mJH;z>53_u4E{d@RY%SF;vT5cUK=;XJ%&D zGb#QfeSEMV^=gRQA(+>ooRd&;=i+%n!k~kp9O6RA;0QmY3{p5O0c-t z%V$nYOl1|RBOb`#ePpI}SGRBYnUbCD3fb#;p)w}@B+>7R`#msV-sY3BqphL~V}+d6 zfD%Uq66RBCN@%}EM)t5MCyooN5YoOKx-ldh@1!=7c9^T$rFtJUZz9C96PT5ZjDPnO zE@muMqiOpYojJJK^P~f(pbL14g&jri-G|Z!;!TF^hw+h=4k)Bag->}v`42awQ)5T$ zeB1VRV7qTho_52$z}R_04@A7D<{{&JIcEaLyd5(-UVFl*j1IG>EXg_GitS@6V zs(h1J7ia1*WlsL&t0iC(b8HY5armcug6dXeBuo-lf`_*~o?qZDT6@H((tzXW1js>C z{yTUrp?#mle7+2eDF;Kb_sGFr7r!`vpc;1IpyW?X@S+tJdGTQ~vn4Mbw~O2SW*MmW zv)P`=DT!y|@y&Lx3>0ZI)Y1rv6kz1hUt(ru(k8{tkVhl_yC{hT1%Vlkt%?@^*9A-- zPQb&T-d;;=uIXsu^eM_$Yn@#s`i~KEe z*|Mo$+)PJDhc9r@T%2l(Ok6GhGJf*);+*{Z1iL_6<4C08u`zOaHh6~8wMpVvfEC3( zZQ*UaJipblb?=?v-d@B18s`nITV4$owa!rD27D~u4;$R?XrOe**KNPpi*o$d)^8Td zq)!L1yObSHJyFUtil>k>)E|j?>tC6*baei9em<54?+QivW9|?zHd`%!{(?q^IRBSq zqX^^}$BuDv`P$FL3W_I0evnE3gE&wnp*0 zpGb;}w{v~?U=aWUi;HR)!v9l6hv@@VbT?=|it5cTpz#w3S2CF_Xk>l!9w;9MFk+= zkPf%JQegs=&wIKsl^>&^FXhUUzs+-S%6)C%i4kom^Wzgf3J5Th2R|9#hc$s6rf0v6 zP?59>fxq7N5~PDgVvzBTKDogtf6K^6@CFu_2OQt8WVPvp51nyyb8~+7vk!{y(%C}#)VuaJ=5RgBhS z*@|xSjfb}_i*kz>60%ZbR3JPaPh0X^)i+;D=EqYqkDEsQ-(QpXE%}y5wwI^}Qwceb zZktAKz5Pbg9r-uihNmsZwe9bRS&Ya=(;SA!ZyDHExobX7bZ(KbbIBtH|R7_GJCIAKC)J+j!QyZ;U>@9?w^!k1UPT z8^_?)GWY>8Se=+6AZR&NRva!Shhm>8xRFu*4fqaVGzoOeO#*Wl`2)i<@GtNfcelZZkC(ejfx z{@|Fc%RO$7d9Yz&@yGPq;zuqi!b5~Vz#D<>LBh1aDxzWM`?8Ai=3}GaWL@khb!Gc# z`6nBd4!Ae(fQ?g_GL4OkYXQp{%^@OT0(>BxO<;&xdinyUi?mJU&O8|y{E$*d0rAonM%9G@Ok3AwCkW4OAj)JDVoB;#U%t+n8VcM z4p!XbJcu*d0GQL@XBcQ z+KP&bYOMzt?9cuFST)u!M1N^E8@@v;euS~dd(=4S^(I7jx2TcY+Bn4JKwzHKLOphI zwmn(n*Epa`@{jV8{&;dTs2u!h&|X1S|J}Rjmx7oUE9WT0#&$tlpAkDrjVGp>y*&&; z9IM+MRT`K#J3}GtUK$!21vm|ROnu|!RktR5$Fj?ak|KdUbJJHCJaKI%c4GBGk# zZB!?(8F$&@$6BRxb023{#TO~t$5dLFv#P)CiUbmh1J>$AnrCiL@bQ1xuHm?7m0qmF z_oLt7Or>oJX6ENv9Tanj z6A8t5U?DFPKik6v;8pz!{tIS}NPn%rXHyX8F=$33Mc1S95dh<7@0 z6&AkAK$G)tV!26a&nuA!c71d-xg9k{9S1=KvF&=Bx5BCieM?cS^h_F;JlrYK1-5-S zNl93FuCACIX0DscY-&gpzF*W@b`19Z*bSVq%iEwziJeJ8SVXEkEgXg5SVv zo2+2Lk0wJWX6v>0Ctp;(;Ws6RYhe(g>B5eITfj?3S9@~d*fjdcGwCx%t1ny2>tn@= zPUP$gNk6?g1V{P@%C@7YB-IIiHVud`q}D>+GWv+SZ7VdeSLDW3a-k0{ww5Sim>3xD z-=JpW5fDca30h=}&Q4F~?d@%wVY&>*Gz0~I4NRl1INIU zHA1Vdht|Ayhp@Lm0d5){x(RC(skF(DPn(YpMoK~u+`&@8!HBx^m+0X9#uy&JN1w=6 zlkzpq6ai%7r=AItX4hbu1&EQNfB;lTT*1Pd7Afc@sK4>DSnK-IYi?#Hvrh)w4lhIX z@AUMxsw$X+*x#RzpFcliNIm1rJvY9!R1+^`ap+9$C3ftMM{$YNO}AI8bxJ`@Y(dFF z+fiX~^2a+M z5@~f>zpf|1;H39L(b1JqVYmG!If{O{_d56CK@yh4ax~^=uiuC*L%P~dpTR|!owFfq z3ezfsz!v(;b~da1MDpS}Z-@<}%>-HcN?cr=etR&4sxf6))koC%gub9V7tFTwd&d5)$Q+jEi2fLwtd>%r?|v8(UPDp*h@lf(yXp-n4+bl zpD=792^^$nT#s<^%e}t5_{d(?8Ui6vK7S%g~*$+tf`a#V=5v7+9 z9-f$NxL>I_=rgSdhR((gxmx7RJH!c0Ykdmj|0eR4OW$Jrh0h^XHj>`&#l8tH8cIbO**~&l*L2%mnltwPGh5 zq;X*XqN92wYBfqEv{+RO%E`(~y5Uxr)hku3X*R4PH9J8qc}a}>r1lJ%`=!Gz8-!sy z8=GBw;NYSr&HKlNBZZA`SRMJsm=mq zHtT)-aE$w`2{fL~`%mW;6xdKE5%8>lj8$ZiQ+N?#_l7;ft(}vtukM=>zSWJ($@pd* zNO-HOJj@go@GyhRS|@g#!DV#)o);ArmD~Lj!VtTmzS(+^<0T^?;X^Gked}hqD>5pR zSJ3dHzrUs=r$T2W(rt`AW5=lgIZ4L=e%6(d@njEd`^77+Y=fWj=|hG%2Z@1*<%5~+ zA%=#nfPlayrC^hBC(?Mjr%DxeN2kxw%I^Yg*xb+ZcT}%{GN6q643jrKqmVJ?IdupW zy4<{P(zClA+))jX(beq?r`Wz%h;Q8Ta8tC6=@!+0AR4w_f3nT~l2`P}8*6OO!1;V{ zGVVRw0?hkpdKwyLI9=MS#GMm1S!HDkK(d`~0y4^Sh{Qjf%OOh$zzv5p+46F`NR498 z@X7A%4p_WzX=5TLtwvFT7$`ZLeV{D&`){p*)~p5=Sr5K~aw6xE@wR{8)9)l98|d{H z81UUvTx)JC6{Ck>hA^Rrys^mMeoiq~l-~sPcO2PHet!wKT_UyfAv^l7X4@7v&qyXc z76yipWX;qt2;aPIv%y4jM8w!xaOKyp-o1~G4H|qS$`feJCui0h+rqAKiZrp9PLqWk6@ywy3?4a6 zyMY&ujK?h9R+qT6WV-9-b1z z)|ND_cn>^+`*oUjixV>3{cg!`Lz5^Q4_rynMns8%m7)lpeV|1Tl{d)PKc9Z;&mY%+ zmzSc-zov$P76NgbK2gKgEJjPEiejm&S9xergn@ z?pM>JFPol*#^TzxFS+46272l+ zGv+PYqU|x;olN$2c2jEYPVi2HsI#k?nVGmx#%q}~&+P1M<~BKdu%u0VChHwxi6vw; z5cY{@vvTKv&FP5Kv(~3F3@Ys%Y#_YbK)w$X(!|c!ewN(3UEI(~X zLEE++!^d{#{cm>`1l&VWkAZyr2%~1!u9v>Mw!tqgXMK?F#1j1%E zkWAr`2BoEK4X0*{o4WH;2jZh6uk+Y`D;3FpvDg^j)6-*feaP%( zR+6kZmRsB8A3EY;S8}hA`1aWrPcE|KXp8SHmcL)3<|U$Vd3}BTQ`l8gbaZsihYug* zKmWm%d3)c(%P4lqC3lT=E2fHP2 zXE=@1Dg?Wdw;WHHX9QXZsXq*n4$|$_m7X?eLu1SC39x_XF7Zs^Jx^}=Yb|BvBR(^z zsZT?z4}CbJwXA2l*LHkZ61E~MUE@;(JlqF%m6x&KlS4wVGz!sevp@e;cV#mWnr_S$ z8W_PwbXEPH${sLt(~BZ7X!}CM`V(R&rD%#RPaa7{=cs#1lHMx*v%7-A!p8P5VF0?I zW#H*v8epQ-+S=rU(br#Wj3#$?aS<$s%=&RUl$#jl2vt;!k(|uWY0}k%u%RfHpC&*9 zvIhr#4Y!e(EX5Cu&sSO9_|ARQ)wzpbr8B*&> zw_f*h`T}v}54<3Bbj}+X7_js6^Er*h*U#@=TwJ{UsSGKa%w&6~!w#U>5K+ zc4FEzRA>`X&5AKg%Qbvu%)w@~KeyU}olY|a0wpgqffB^dU^xT45L3hL?d|kWuei7} zhDK!5)Ern^!N^TTDF`iq^ae45rIc*n^+Q|%t4}2y#yoL`Ed=BEczAnaH$BDPPWSY{ zix_rxjyZOn7MuA~k#~v4A}5l(OU1!}U$@%@F}PaBAB+4*%WnsQvDYvCOKt-f$cgaf zyBthm0tSAa&0~WXhym)&H>!gjeT*RE{|7T+6EQtRy|B0#1sR9`;w>d)=`#RurAbCz zooD3JCT}IvF>o6b2WUfqG(JDi$AFmjSCq3x5Q7JOmYJuP4rno;pDd)78G!XztRCF&nDu( z@j0P54QjWYX=_{A16xp(v5T-V7`+eCv(G!;k!t9vMsjfp5;~oV=ovl-fF_yxP~IEH zBj;~_Su4m{>>Iva1f0lfysaWd=sYk}4jb6}mWr``w~?##4p+z_CgLt|2{-w}T;&@> z&qJOOSm^$I+5)2>L%5@n(jYP-LZ28Pzxp``#NX6#1kz}GO~iM<1|eft7$A1jjY?dD ziN_uI=(9&9hz0CV_LlBo%UMAT(g32j8_D7NAf+FuUZ1I}bcGm@MSLI?2X3jqdRI$e&fNPS3_o(ySNK3L3 zBGX&Psf36zYGcm^$K{Z6umYCJ1!vR7D;hv6JTH>n=V5~{Vi!u~;Ja*NR>R!bxTskJ zNx0sbZ#Y>CO8c?MKA41W(^)~yVThp@P2bVP#umUHq~yF z=vXAH^Eg`K=X0Z~U`xpMJ^p8&D5Cde99_EGubtk8nwq-Afv=td!`6yMQgQLd}c`5soNI}=IG7qViu8n9>#1nkuV%6RsqC%dD=a_hx@0 z{G9HEf>g(4V|R{ZcP+tNknvQLOX|6Vx2M6#C; zwGRvqLWAX*6kAiipq!zq1B^>E?L%J`b?veSnZ#TQvd6h^EA*?VRNC39ED7+ROJE=Y zhn2aTrJo2RyEBHKdPDirYQF!hQ&12Nn?EzXVcXA`n4O$l0k*O?CkAF_KOEE+Z$JCb z&Jq8RTUuJue96GW#s`Oyz$;-4a3 z?yHsfgUW$szfamP+M364(F7E9_ zqBVpD9}hi6)0NEFF#KDFnO1~N!MvQ1<$_C_V5LI1GL0gb)CPS% z5d$lL2HWgU6$>iYOt3O&=+{9`S+7~ox<(^Plru!cv0n)B0WMoEz0vMn750ldy;;oZ z4>{h?oFCgpS-U}K&G?KrQ^Ne^nk<{p+-TqaUGTtw(TTO!UOIpSbjSiS(RPjzs2Pd;>tpG+B@-g#y23Mbq=bC@VRKH?+X9W}JxYd%A zF^6K3UO0n+ln|918dc_+!VPL(1xYq(0Jf))fMv}!SJ>LxA_b*Pc<6|YPtgy&;9hvZ z$Qz+5@SnQW77)n?>z}mCt$`3~NK*6W^3QGFTj6Y$Xjz|IgRl*=H!9j6xmAz4y)HiG z7se!P-esR$o}jvpPNoSx296pL`QJL~3*w|Tt*{3>LkU(efzo}yBm~z$BDxUR=}_Oe z0N&AUbt4<0!6;hF$W$cq@GCWgKAWZg!Ex2@#0x>eMNazPI4ZXOa3ZS#4p-n8K+|GN zyE)GcYpJMv?LkBWTRwo z59cK1!2@i&wPz)!si`TU!*V!%I~&=g#{q*b0r{gLGc|moqD#$8X1H-1E{t=}maNL9_2|N&S9~ z6v8l06OwDEn7%%Foy_O<-Xw}v_fg`azNu4njj5Nxk*Q1=4@ruJu82GbXMhZVq~zOI z&h~#rFxuZ0HCBOuN`c@|>7DbPv7p!#sc5UDq$I_lEm6RxTduf<#uTSz`M;*3GI>eh zRLai9MWY^{8rXVr-cVVetRf$@#-H8SH;BJ8SxCqy%lC9Xn6Uql^6>3yrtR#wk}T=} z)eLrBJ}ns7-`i6u{p)NOkpWTVvNR9gR-$(xXr6wdHY50{!UR+FobXH|9TVBRhnhxY{_VeXaCJ)vlk~IUx7aqA3L?WxQ&2VkBiay!KCyBxlP&& z8k7UAQsu-U65P7h!s4WrEA7Y%I=Xe=pdd+%Id5@tyn3S)ILFb`A#iQfRgY|MZdSu@ zV1TMUp}FMk{DOk-h_}22!5ohM{cZ}kSM`80LgE*V0sG$fG6MDuK zo$;wQS9~On4&v8KQp%`2Yx$L*zl$p>Dr!na z>U7tQqfE`p|G`!_lw? zOh5tv1aytHO?4DU9GzhM*LUxtHRmPA@OUOYyDSf;D@(sY+*gH0W#+;Nv9XgM7Bmhm zAM^wzjIM8bcMdjDI>HrU&X>qX&s|~=!SHv%#mnmv5GcT5`OY%{wDBMTyIbPf*_mu~ zvGL_ckbf8p)U7o`8KTQ199#!N$Oz-n5DOd&=->81o0LfM7%We8gbo{uY4KWcj4OFm zYnc|ig|R@vg{&zo`wK*m{ogkWNb%pC_PU1#*}$TnaG1SsU()hpD19o*>5vTu(Tz|^ zLBh87!sIfhpNM^G)5d%p1p$Tw zoHmi&YI#6M{1iebG;?$!240dSkQiO|)6xrYMKs_QmOnnZI$76rk&~7g<1kYC{w+T5 z>`WP#mWt@bAH(O%Nt*B9qu>+z_2w9LD-Fe~bIHFkmozTRL-E+=$qU!2mP$dIHRiAi zO&ZMLhS~ICl?+w7B|VWB!(h`Dq^G4FLPtgACjl?tCw)kmohK?7L~|_Pg7JEr*KTHX z50^FUB4S%@d((*=VAy5s{swg(j@+N@NrXNB`!U$~&!-Qrxj~oiZkv1OqmMpPidDP7 zp{CD$d}t{i*n?(B;K3kv5eS<)=O`6QM|P`>lr@l>>vZqOVq8&9qD7OXFMSuGprGKx z1}R(_x33UH$9;KPNr3Bvc>ZI>LCv@HbP)jNZ4ZEXc?@#F_Ej9 zg~G}Rz1QFv&2PPCqC}#+LR4f|Q-&}!8IH}Xe*tp`7RYmjM{Hh^94tOjt@8Ep34H4> z706(CV#z9!0G?)f*MphzC+PcSQysl>A>iNtKn{*aGe6S4nb6DPo!^|YQW&c0L~7~} z{4Q%Tg28wz{C(Xi^w%$cIx>O8DKWnj0aBLIQH4gCd^pf7p;L?!2~z9w+Het^Z0p$ZHPR00taHY`8U>5xr(5C*}T^oUtwq;UV}d+X=Aai&X_I#KtrBNJFJH$tw_uB8P0Cm z$lf1Qv~|c)L72TtBNXDk@W+AvFHS#{+3%(+!Kl>X8VHCj9X(PQ?ems%lL;R5nnJ8`9IWhP2RDw_I_ z7+WRr46Hf(z|PLjDe8N}W%UHyX?bESNoZ?n)p<@8X~*Of{N6C?=#qUQ=y51QbiK#< zGDQQ^t-C?fv1PQmbxaxl7KnRZW%n zH}caWBqA2j;Li5nzflV9I^TCbRO9s_1*H?6bpke9Q_KGF>yT-0M`tHtz+`fH`G>~K zgj^%?-uZ3pHn%OjwY%Vq(A;n)M#h&Qj4z?7fnGVt*y1$emuu&<6#_hN3XC9hM6LxG zd!j~xg@QdVnl4)UFB!0wsA(@3_ks+4GQ~NuMi0M3h@Ri%WzneRZ9Uwy*zD{N32US& zO!|62f{lZvPH}bD*5`Jk&p_R}reVWU&Tg|H@e#z_l4fz@OCu?_KhLxds*3eg*Lok1 z@*E4bxnW=`SlTy}kRU#+a>C?=Kb(M=-dA2y-<8s!p0kfk6q$#}_t6vQ+Cq(v@-VWA zopHoa6^l1K-uYR`8z8)80aBnA>aleb#KdqAyUm+CIW-)O36uplN_I+(KT1oX7@%%3 z!r%5T@to$*=Bc0MpZs}^X#QPC$HwY+EMvk)H^X$KPNV&ErbQ=vd*8~a;-V7qXnt5c z!3qO2IFVF;h6JIIl(n^f*(&3n=`jGdL3NnV#+Fhe0#+8LhrWj(cIiL$7=UJwSxhrq z``_qo^|0ul{|5ME(Q4R&6-sa=j77l`I`@5#ZvFt{`ZEaWVo1g}VG`T}mnt#2;_DFw zdpa-OGvJx2VO5NmhU_U3NwW%7k8rQjFS_Wf`?Ia60DkG{PZAL}cVB z5$NGgz;En1e1xu`WDcbV2KX9AX=dj*sbm<)2`yuiMDtn*~K^0mM(8*;#+ z_rTxIR^?bil4HU9yv2d(!ld4td*?q7WqDv*G60c5-?j?w8&0=& zkWTG|g!B`A3mXaR4`#8&0y{h}sX?n~Qu;0+II5Fn zxk%F;pFOa^PK7Z+isCW7g*l7TaO&bb<$m`eP~{UYF`%q%0&~^{>SI#i$C(@*j|$(J z@dAuoQgQc7yN#l>^maO!rs9B96r0+l3GXg6yl~r!N}tAm^t0;;xD-2W`MxJyZhmCD zV_GarOnmlxn9*Jpcj29wwB)$z0Sghgo1O4i>Qq5H3B$S`a{HOh2%)1PdI!oO7ziDy zPvh)7b}YWxuK-Mo$NE)P2g}mFh zW>dT7i6BoBvlvQAg||k<#CiEL(EP_4!($+zghX5+wiH9&d&)zdIi?49_q;|KZnN zIi&Wt;;m35{=MP_1z(ftQqxEK7GeamAn8c5kE0V46D82&!$mZU!<`#gL0rJjEIL`& zsAg@QuL=wm>?qmouZ9K(?MT1@5lwV>RrY+F`!T_1%<8}sBL>z389n*0X!UbI3CpUJ zjuG{_^BZtOl5EHn4@?O2XDL@h?7SYrPRGYselCBki|8*-PU^RSEa4oGIR`iR=nPm- zo>{U~3l)G)ws!QN95p)yO2_>mIc>=T0C`R4KWWp~)ebSA4 z@~aL_r-eo0Znvxy8^!`3Z!p$PgT6GJ6_9m7-+xEuu^(UhzkM0KIa@KUOk7X~j6BU} zfAT9Ku}$Hz^>sQUzl`YUG6p`rD})(Rc2Noff*KlDR%JI3DlWacEL!^xu&;k*cLT2p z`T6VN>bADxPVbhU@r8XsTTfb@qGEt?Av@aU&5O_~w_<2;I;5R*AI*q${?a4HVX_Ay zxXp#=FL5!y<7(Yrv#GHf>zGHzBAdhPC&}*ZMSF(#SWwMr6_S;Rg$7my#Y^DjLHqY_ zV;6mhJ;&?W9QWnN8E^JJG2mUQ05 zzcEI%JDCBUEze+QjrrV*o+vF34^bpyf-=Tz9fn%rOr!T&T4k^IU7kC>sePoRqx)*b zMS^4Q;Xv(~gH1ML@!1D{d3w2-LOEyIj-W{KDNW&OQuHal^k7(+%OHdWe*#rQ;zWrHFX3(?J! z6N|&m(FWipZCx*JVltW`oY%*u?OIi3LrC2#NBK{Zu!Y9`DeYm{XkWBpgpS!j$-aY7p)_Q7D$#Pua!nNk$5zQuW+e9Rz>(x@FO zGpPQ{g*SJSvQ@&EiGroe6$wIOGD?e!@#W;?NX9@1#`f;+ZrBX8{rLq2;`Z1dGG-PA zttf}ala|j)(jGJ-qLZVvvki|42RaD+2vj`}hOuMc-&Bs~vUXcd_bYIfQ5@;&)nYy8 zvb(Z6a5V83@p~;{*b?U+8Lq5DSZfOP3ZSB%pwa$(onahlx;Je;luf~E#r{MU1Ouc1TmBAV=j8an4E!~ZDcQ;6Pi!{=?V9_BUEiEA+jg)kU zG)M{3(%sD&_TJz5&VMehHEY)U&NFwKq5OCR$n-y>4*+4TQ+j&Q`W181fU-|amtDwZ zl1t}Rm=PIGUY~=S;6P;l=1WV!%0x!Js@-jKN+8(orpp_{4V@sHnNnBVMy%c1FsL0j z$AEOMo8cmHImIGzWQe@(rL)RUYjny2T)ql0=R6cN=~oVav37j}Tyu}{CL9c+iC@0( z^MIt`RKI5+;=_dNqC8DyH7P#aj4mDL=@!!&)FBpDS z6~9hSn*MR2>qt&L{#Ag7)hJEf2pWS1Nm8>@IggN%7bm4@$7YR)x{(?i984V?kv5;7 z=l=`#;5z^?Gyn$iBZAaIacBO=Ry4SiDvykeOgH-7e5{F#9NaYFCdji9UHo}BhtU$6 z!NIzM`@S+{JrV9wAhd}jTag;3%Uac$HXdB!{qWK${_qjZ>`x&r&}>jT8$xW9gui2# ztp@5jYZ_{m<^*#NIw2PM&_8Fvl>oR!SuUgZCjrGolnwoTR@9 z0=)it6jNCr;wXglg7AJlK0a;%^#*OAqu0M*$p$5;3U@0#)qhdW&e{eDKW+F!prGuB z9V?;j)s7vyqzsjwlO5_o8srSQw7Nf`JAK4*2G+-~OULFamZfS<3O(Fvl7sPdbXjh| z#U14U_&`{SzJE{u;OH2D#&Zo6*srL3{Pxwfv}iK2v)g9Cp^FmS8Siy}UHuNgg#IA) zdse-s@-n)Ay_w0iE%lXykznSyi_l3_DmW-Z-=QAk(^6ZLGZR3TDQ?to6t6E3YJ_owu=l{eqgvQOlLREkglFne(V^udRp2st+iMF(j*7!LrLfCw10ryiaUSM)~C zcaoZ#jhi|Lkd>d2nPp1+!Jir4Y4$9&DayrP=6BOhlr665;NYIgZw^#chghf2Q3zBp z@7-TC3Zai-uz1`SmM5NWp=OZBHKln#70n5zS{UrPkw{%|fQ2r!6ne z=tvHCVAWf8BWeWn38}eFP6P0ZijQ!?@TssiGxMH;Ts&f1ROwoHu)g%=zH6?2x-m90 z>-4D_heLvI=Bjn2ZHqV@__^)J*6wxlA@MeETJeSnWAt9LtMT70|IH*f8`^%TAWVkl z6e|#<`}f5V9-694pI_@1x}f~i`(ds84ICV*Qqm!Wq0&8>L?E`Rd-2#eN6txQIV}%M=AyG5Yx2zz ze2Inlu^3P-;2)E0^6pX4R=o$P?!R3XSb-*}-Uk*-S({T->W*7_Vo}^}3FjWE&a` zg~k>Y7Al9YcYARWtN*G*UgAIpCB$bs9K7akX z%A>$K!*g?bBS{wC+!jnrbU|CYz9@O5Iv zubz=sN4B!YeHi+vB%`2~#46Sg)l2XysP3G+5a~r4TrRkgR>ddK&TR6Ywb&Vs%aH|p zEt4(i=?L5IgB;At2j~gJ%ViHB0wq_#SDGN;*ZZ(^W&S8GjHVF6q|e_l{d=;iBTQ1# zJZPw431Zz(7ofG+ub}W) z9|j9GAAgMwoHiBJ*>lefjh5VEeWUloMx?C_%aVPVoa0~rNZ)2V8=Jtw9Ysn|6U)As z)T=Lw29J}P^iXMsmMu3rCWg#B;bINB9j^pWi!LGhIIR|8t6IE&rLPV>orNdHz; zdAY-z%QtlN!Y&J|N71jpNg^;%WOep97)L7*#H`>S_2A+XV+Di4XIUg-R7!Dn)c%7> zjWsRf7e`WQomGb`tlJ3==k36~q&OiBe=_X6Cj^Z|4)Y{CNeO`+j;5o-{`i!#cE4@6 zd--r^#K=^73*Hs?w_s(nC#8_E*T}MBY>53K`Lc0KfHQDS*?y}YkFBTo(+?q-;K@Z@ z{e=L|m9}OTodMoW|C^%D@T`XHHbHbm&ePMOP^YD8a)*YW+l>iML$jh4WB1qc=+v0N zg}eBx(p6uPfrUluZ&z6Q1`kgbe3QJZ4S<*J)!a+M^`oS2ETVUVGvVGvUn*lTNxbh zoltn$iU42wMg}j$DMb>+YJ8|}BP~Affs&C?TU}X=otcUy#1rcmn@!d-Uu83pmZfEH zttO6}jm89sBIgeFarcio)gQHTzCu~4S&-yOlLxunFW})rc|qUnXt_7(w`^SyuQIs2 z{3KNCfw0r_Ov$Koa6WEa51tLJP`}^AL6hirnW9iKhRDfbfE*<>=ILzgR&g330)$Q7 z;f8jPzcZ8FbnqiN!Wd7BV}DkFRbHJ0Z%|w3M}z5G6h&LFmZi?OYo8X_aD1+k=vr)l z@Do|7+=^|&)pSb5MUsf&qw2-1tgKk9l>7wc*~)yUR6d3{8?s7<0_YVi4(Ma@A)(vX z8=8h)kZh&3{>8raca`t99{v?lOOKzl_O(A*lfs6!XQ0zcExTV%@NjUPdb+!3{l!Ds zNM8fJc~s<>RX{Bjd*dPT`D9}-5g)qoQe{C*wXCwT-NeA)j=7L-lgu!S^-Vy|iP6S+ z=SfH`)tZ*d&efuZJjp@l1uiabEfO~EBBh%cB!aq=-R&aC(alkHIf^5Am6Y-06JuU5 z{P%SAaB^Q*Y?5Z#k1fXR^<=2u`{FRiRB8UbU88EBOl6w=OMu$U5ipu5HeH*OvrKah zhL4j{;Iq3~qR)YPf~=6v&m=GZvR4M1@y~}1vp08E70XGo8>;s<|8(d+%owJ72dyEL>49DBw^MlhdU%mt>*{)Lx z=n<-G>dnWqJf^(st62=x6VvIH!VVFrB$rUSF)KvIFw{%>2`sS zf9kr#?oDD}lWB2!*f4x@Nv7Sor!dy!KVZ$fe3o44*T4n?dWJAI!YEo4*Ma3 zpN|-4er#@w#iSuZ2)ULI?)EJ9`2`<7Ook>m{}BX*CwNy0>jD=K); ze&1QUP-FPOfazws03pc!`-7$fde>jUtB$_-;0_MlgWa_?bCvTnU3hBDTr-PZC_^b% z)C@T-qw&jG2_8Ev{ot6|?YOx4`R%6xRGm{=0ug7%mPSyv;* z3GF%CM^o^04zg0T*Vn56!iVC*q&=We`3pyH)0cv+LnQ4Lw{p#yvFB z*8&b6&ZU>FS=!A!&nwYB63)Hy`@#x6X8>V*K#R(Hbn+QfvDR0}Tm2o4-|4)z zAQZOzgZhKbPo-~Dtgk|fMqMS6wWhH!F)@8~<7W=v0KI*;XBVzpOG^tITpQqcbgRw$ zU`mLrdSyrrv)B%NaWg0s!^)0B?K*1!W-SMiE<|ME;=&op5=;exS=bM!C+nY}q{63Z z9Z3oULs1WrgU_9>Y=v(8otaprdxuQ6RIlBVxyErl_UD}gy-GRM}p|eIuqUjh| z*^xt3GP@<@oBd*Bb)(6VgJkn#sL_xK?;oafEu+d~%-gS;*=sCADX8qL7muj$UR`bS zvit>l@vn+lVBCZzveQ{IkFVdfn#E$^;1pMuloXnwzz@aYWB>bP&BsvK_?vCJeB*r3 zUw%p)o2zS6ku2FfsA>_kY4p|hixC7iAxTU3>gK_!0zmBs#$>gpA%`Y+4wAfGcD!T} zVD2V>cCjxELqkV5h0mfdl^%ju0yT5y2t;@@>Uctl0rRxzmmi%F!p^ni_4GBcd<)UR zNSxxTb=pxd)DwnG6nyZfiC693gt(R6szL0}A6RE#aBwvdxjFWAxpc`7KlhoUBg%ca zb<=W$3yj6rVdyzXK=utuIM_S?>64T4lFn#zsP!XwQI!e?O#e7RkfR^2I&RSKUM4 zqsh3Y!2oxbcgI+1z5*Wc6~i~ijJJ13n?m1zoq|@UjhS}EvHa>YFL@*Z#>x$27iS5L z*FKmh#^!nIPAOJz7R^U4i#Hk@H^j$TN%#39Nzv8e5E02{r>BLbW#|yCfh@n#Z0}a< zzwS46A9Ki(^X@iLT-g{rw1IVm+=t#~omADV@$yI%4kXbge=RR3QK3a-(f}&bH5w+? zKuzclqj=Foz;+m}0J5S4`*1}CItM+jp&@(V9eTcCd}n{$Aa{Rd=Layivf zC$Z0Bq4)OFlKqYwHfXk@V`ilwSN85p# zeJc$~G?b{ZA)wI2-sSrQO?5k}IHjQymX3|^W%9tnEh{Z8qAA*}x$t6;7tnE_ zf|XqQ68}-EUSp*rJe+7I;!eE1~=8eTe7@wR9-l2eeLWU_)LX<+-*3otBP8m zrYq)F3ABNSroA$Q%Y0*-XwhV;N!k;!MdABWw4uF}ucmcU-@kt!o!Bc4 zMFMN$tLS-2q4TV>iN|y-Bi25kjb<#hQ+EvDH`qL{nMA{r>MgvGgBYirbsodU@gW`K zX7k#S_vd72i3C(Ie`z1CAm*7bxW2wl!w}BigfU{5qg*Mj1b_=>5^EZi-sfEHf#BrS zU6k^${5x|j8O7$m>V}Eb)UWwTLWf+a^B&~29g6*x{ygovVO$Fyx8dhGGzxa^46u=ru7hFVN=E&ylFuk z&6>}_A)e#JhZTs7j3h5)Wu)ggE$jfy4cY&@`Z*&KnZfjx)AihzpWQ!7MA83^HQmzl?1E^0Kns!;KBD zRC_i7+QGp=JPf$*ep4hkl1~w&*wS~>D#oj>AN06i$|4r)tkC%TdUnv!$teGA|1;iz zbF9Y3Qn~)CL}xr2=Rlx#So`o#^}Vm-X98w|GKB77n8w`V*Cijl zez;v|C&3u%7+~fI^Sl3(wA6IVWW^bVe6H?lazU|5yYDE=0?(yd@zu^1LdE<~Dy>OYlp?KwnDe~_0bZ1`_rkVErp|biTgaC=~c<7=R3tXQbWVxM^V@j7GO48E&u+V zNbX!$A7wkNIw#+0eP)!FmUadxp9&0`uV2_yolxF8(0PrW`jFa1wXPfM z)jcj7x`6V1Ch$$l|5g^Sz-(M|zI$TP@A0i|NHVdnl)_p(OW%nk)@-&Sb8 zR3P!6rsLEjnp`IA3AVQ9dsx59-zgH&fEKoSf+(K`1;p0R>(h;+$wn~^_k@3V^GP&x(CyV~GO7gfyaPOjo zNFYkQT+vhpW*{#ER4n2KkFXr<^B!lPS1jKcgins<>l`9gRU9K%x&`qIGR?UK%hCW8^34&9%&{VDrG~9%{5-c>nRvDOw9(nIC5XXs zUrmGy5%bBJl*We2#(F~*P3!_cdMoVG{cJ3-PkGn8$am3XpK~tUo|`viX~7*UOeY8z zhFb&`G6zz#@HFC-OJp44)YMcau@k}xi&a{nocw=pGGEVo+WR2OvkoVPcIfWl{vmv6`+X#d~&J`UDJosWE7t0=TgeS|-WC6rhC#5poV6?Jw5dnQ9KdFIXyt zjq-aS6m7$?32jZ!WG2DIb7kd3wLS;$l@RdBH&pi5x1uK3-;-X!5!Y#zYGWE3E$V{n zDeBzLJ3(J$2nVdJ=d;xdV4C#GJrBO__{o(e<%N&|X3Lvuu)>cX(J7(Sa1+@(8J@x^ zFRmg$JXpdX#nc7%^50^rL+IMJnJ`cj`ZDX?$W>cQ%i7o&G?|Ekni`GYwmYXx@kxSJ z4yY5|o%60eiU>7bw!8YpPO3x#5DFEmXZ&0W5?9JEM}o>`Z0-&VT?OXKi9Ri##$F=J zNK7o#jZJ)%>UZueG~(SaWk;>TD*35#%<=W2zx3GdjxKwp>T7BWZTw1RnvsfyrN(@= za04!@E@cw_-7&F#FxPT#PY)`^+EQziqI?H;dll457RfQwr&W0bGu`UD_%`j+ZWg4h z2S8|dK}@d+-NRa_nVIeB28Ow~xa6kG0vFgXdH}m94u*Td|Cy&Ad&o=4ef%s$ z%2aPCuN+4yLo<@ky3ddJmlXvGV~C(3p>X5jWs92oQ@hVhs`U9>dhlzp@oHP z$(2x<0$;c{tN+&{6&l*xSg*FDG|{#_sm0$t%jWh2Hsht?cT7!Q(%p1F}|YQ8HBjXu(`_I!}U-=Nky!aH&*WC_OnbpdrW6gEPWf zTm4a||9~>s3Z~IaPa@9uGNP9DbJ5$YEB1fyiu23rjM*~meDW?vJDb+l~>#6JSte|{5*QJ(N{ z%Z{g;LO5@YWT`%ehK3e`*Kd6=&=VTa>>j0e7NSSC^bXtBiMwF^`YeejP zC~JH1MQ7Dn{uTV3v?EmgNLyIdE+T4VEPO2isOU*8@nBAnfecyNApgDU1$CnYjHFka1gW8E1*hR~ZV&JX|Ious|BsIRBfTVnok^0}8L`DKO2M!c-1 z)~pVh&}s?HnGA38qnGyeOzRw^a&EaGU@(EE0Ek>g2oSR7!Y(pYf;}3G3$Q#t&pG79 zHY-ZCK6ag+F?e)2a83Z4v*1siyJ)~|_z@-fX9AgAskJbRTUkKK$QwVy&jhswbC3n` ze(4=3!yn{f3n34`Vg4W=whz_E13vm2rDNbMkpF7tIK=i{+UW5Hl15VTHRRB3S2J+%rpAT%Ejd-s#`5? zjvz8SgUwl_YX1Yx3opOM{XkBm))0Z`0I96Fqy#%#*p>P5NZfyS{QLM^wl2Ang41eW zJXk36=4iJOjS$3dGS`6tj~s=9$f!zyw_Po5dZr{^_{FbZ1}5$gLi?@PzmaxBtW-N9 zmZn+6>;SW;<84)l(6j=0a>x9sooPISh8kXbOEdaw0CmEd_pr>{P>#8`zoFAqkmFFlE6?hqyN9uIX&>BtV$G>-6dEkvkOJmIM7K_7son!$ z4K<9Qpf(Tl+dFEBH#BZ_0#9j)dMtVCzhy*OcM{<;y{h#)`WeJ-ljGCAAs=iY5yHsR zKLgRiWk4}6^ed&tN{q886a{~mx;qWdQ3 zVpEpV-TlHQZ_tK$H1F#P!kV0?9|o)YTKMITA0{d+G0(lX8^~u<<>Wv)mNq|sMN=|c zO-P^KYf7*pHSKPw!Rjb4Zh5&;VOPvpYqa?dQ+ONNNkPfL@PV}u<(myUI|&V>VK;4%;}$KJhvPgZs#;b?!*tCJ3pa6ifrq5`SpW`)|tm61{$u)o@*fg z12_NPA+`hdp=XD)EBK(cOyyafs$R80Dux~&pO3MNeug;cLTDMv8Heb|0ith!NKKO; zb6zK{zCFYi3WUA~wGh{>Y=5b^N}6M3_Ip(dqsT-9=x>4tQkzCc-k=4QxAf%H4`fHH zDX_8;)$-HjL}PorXeqW*tpr)50q`bf?v7TW5XY}d&kq|)ci5*(P&W~)w^=07GKgL| zF@31FzfMLMHR9l=y~Pu+u(45d#Jzv`IjZ$y4=z&Zr0MAxB8@(`an?khrqto`l)>wi z!e-o(7LOfO4+GchP+oU7DV>6G~d7P z8CX@yxLx)@23cZXrwcf0>c3-2V)(-u9FF=agbAk_6B8AkgnnvpswgGFIMjlVgbzOeHLem_?keup=M1Xt(jg8Zlc^LZ4buHm{cB>ht z1iCGAyM3L(;htS56mB0hw6*DPNHZwzXitb0TN?%4ZN_J;wx(-vQ5OVz^U~7=q%<$# zq7WoadM?A@gA;MnpXYt#5HSy6%Y4pWF-nWLi{sp8b>7C2K(&v3!6dI;fR!bPv?8(_ z4P#K@rPEZS&XlyO;>lQS>N4Rvp}tF(9L$kY}0YyOg9XnPR#<_7!aaS^6jN zxGmB8#IS@`Le1z4IJvV{AVW7_FfAeBn4f4L1n|BFuArts&AjKsU(ZK%(sF_{U5mZVSs7^0HZK82&wOB&w^Z_iew#k-TCW}=FEFx zxEsWHF)c4Iqqdj6Sw%y{+8y%FyBtXe$3y9w>u}RW_n;s$M^=oRwWv>CytA@{8h8wB zRHQITbh&rYb=c0)B91n8QW-mbE%w!FT6j7RjWFdaXUv6{_t&S4r}D$k^Z)z^{Japk z0T?+L-4byO)S{1I!ZHH;Vl^1R^*Vb*bT1Obnl~er%?-Fgh;Au22J>jNOI0Pw?>7#G zG`MC=PcMz+PlEfaC!>%xjCuCEJ}qU2zd$F1cn_s$+3 z9X!sl`mgck8 z*w|R8#Ka>h*?mA>MDAmc@k%vQXhB6=CS=oA5R#!8#Ln*D=^#&^zEEW?@ax(zPU%z6 z$=HG+5;oM5WL|Le0d*M|fc$toD+&+3jTop>YhYT7U3ukxEk zFN5YKBN(!yAqIxJKra*B8e}x*Eu>p`^Zy3E`K~+BOsS+np{S^2U&&rVWWMiavp6$r|HqLj2g0xd|8WQ9^phJKDOgOEk|jp!dZ(@_&Jh$2WetK*bLq6}D8n z^5=8BN$?TJskBzJLR4WZzU91AW1o*)Q+tGu+Nz3WzfjH3owrLcI; zX=r0f$$vmi`TKDRGVtW$L>Y)(34$2vhp-v>N)%O8vVQQ7{%3ycqEl|r*^XM^UXNTc_G-($ZRuGA-Pa&oReqM z{B>5CYG9u7Lx^Qqy1y>gau6I$6g{sez-C zUiba}TqL@1HbRW4mGLTd7*(?6{+m5DcM|hKbLBckN%s2_S2R3Sl)CExa5IIQ_Q9n3 zEGNe>)W<5kkZ(+ofcx*?KV&M1Ow2QU&DUG3-sECt_EzAJfW8E$wGyP(^Qi3sh>!#% z&Kq@C0q!(TL=3<|sxNR^|58|a{JpQTpTrWYTgQ{zmE;Lu9o@>3z8#b!DYR7h8hgsc zW!*^sSZ8q6PHRT2KY~WglS$=~wBOm#$-eyyFpQ7q6Ww%)&F-J^Aj2b)15>=^z0r6$ z6XFQ}NF3GJX4dXfk~CLK@F-(hDNP_U)6=M5fe}miY5FRNl|X3$kagdlrv>^si)R;- zT85bB85)Sp6xpQglHdk(4U`2fj6!irJvR0uitZE|CqbQCuS!Uw9pZ-qW9thevw|gr+3q)D}F8dWOeI@`3Cy zPF$dq;fvYrT|@9URgxzm5e7wMBHQ>u*~YhkG%jtqj}tP_?uEm_(u>3!zJBsE+rpTf z@8}>esAJWUdS1P$L+fQs>0bAsh6W|qHLUkFdk#V=Aiz~y_`X;-TUEuRXO8o zzqrhD{A(}A7l9$}Z{NQou;{KbqMk-X7g?_cvEz(fXglzEf4uq?kdu|Tu$MW)*yc}i z=FX1lM1Sx#IAIymt~wn!GyGxa=4GzIhmuWYJ$abc7-@RC_KM!7)r16v7r0QkgCo(T zlrHyyc#2A3zOXPlMnwh6Ch-ZMzBsbGdp*;@x9V49C8gvf1ew%oTJVl2M+W=$oy>Vd zY-M*75$ifQ_&RH$ol;umkn1!SPVicxE+0?`~xfj?rS|rB1}5^CZIHVLp$IX7A)X(afEKc)L&g!_bC{Gp=>u2 z1?3}dDqGgceVcFbpLlVF?QbJoleoXQt#^EmYFeNlBXOg{@>G|ts?bze()m}P^j4WJ zC%ldzuvNdQoYTsoKqg_j{;fRxIp&U@0?46Ff9KJOloS{0WwK@w2l#16Z7V1+?f6ee zOicIE1>mV`YmeFr1zEm-j}8!Fk=HCq;$y#OI8bqLq&WPpZA549RAVA1(Z(|7RaeGK z$iaqd5@Tdij8B?2s`NC5^F2 z_ah+69|4-pM@_x)>Ka=WbnRFvrfVAsK{kGm{tf5FP1T$nWR5odxD}w^R%DU~@q21R zwrSd-KOb*+!$$A|ZuADBcNbsJ4>RvMLS_vWS}kXpV)kEa<1QR9aY@zta~@%C|I# z?Z4!r>up>1VU(qheTN2cPVP71UVM?3GYw4ov|a5CyDdh?z|aTmIJ!3fuw3llX~&Qv zYUWzGQiB-mcjI&F!V|0Q5=lUCbq}V4gvw7N%QN@&gyy@E+(7@Hb^q`%w%qE=yRB26 zg$>xI*-9f9L2~*wS76{7n0CaQBwS36_}Y+$u4na+*t2mcItrO`p?zdLOBUCwh~IkR zjq{_AQgvRQxo|u8{54@4I(YZlIz05x0~{fXf#rQ}aT;53p$5`8(v>Er6vGb7-psjh zL(F)7&+u?1goKL=u^mnx?nfxcwMIR>ASn=RyhL$>jAWaDl(%HvYR3&~khA+a0P}Mc znNg6Y`ONQSgNd$1pi+eCEz-G$!C>Zcsl+(DV`=((kF%iw*MMhN0E0NuW8m9j!|_yR1Q zJXEro?-vdo?W0k4(*881a4pLzvUOA@tg$pOtx?kyTA52rOZS1y>EF-XxY}_TCKcMl z!GV)r&DzC~e3}N5bF%YCMGSj+cGTi4n|OsR?3;_Lv+CGSNZ&i5E7=%uY_$X- zJo@N#bv%u4&$LBY#{i2j0=X3Xt&@+~v}zb7gNk{h&V`uSo((z2T^L8Q2Tb{q$&dpj zL0^V**|L}QR>faLvudAX>XP10_IC!eSbv>Ci)#RldFQ~eEuZ-QOu4~ujnxqCeV+(lru<4OMO36Bvvt^xQ5RvIZNcgd2B-dH2LsEgk0X| zFs3TGFuRivTO_9H=W;P!I;+j9Z{z)b{TmD2bzvcAV$^A-IfSg}6cJsLi~LnK$VU7V z^zKPo;G6+-ff_qsh%TVF;xJ6y-69n}3AuUwU} zkJCb*-^U|GAj+;SzpTZuthf%#@@aMyjIC2jr(BEk3y3 zSe+4PH2!RcHnZmKnS+ItZny9ry-IxuGV;Lyk(>X+t=8bl<$S(Q1^=*5&ZBYy8E2=G zvDCl!M?%|QUuF5{_%e&PQTziO#A^u4kNA7=Q!s4&f~s9f0vd5$VyZen#`9pK^48ic zIpZ}=cD4)qP3q&Ia=Lf3oNO>Nd>BAg#8$KH3Mor`0WWO;znL#p1roG8?%pY1>EH`8@&5)OOc-+{C(DyPJ-#=-9SEq{t5vNGqbMU+y4E? z!H|*)%U3ZJFqeM2H9ZeOX9-11n60a>Y6K1Mhite2n`%}kUA`)*?R|6Z&5HvMzfC{v zOZbZcL(Hs_>5(dK0EqJ-ZR;DnHqWr`P4&gcceP(k3Fg4l#gO6po_G2;yHplwPkt8h zg^SVTkxhwXV^YVkvzdB^YC1^wPU($KeR}BWRwesGNsOxV@8-dbG=syqb@ZQEi<-u- zE4&=PIyXmfi|A|yHk{Ko(!8?FpoT`LJr1NQ4PtiFj`EZ_CrF*v3U_fS4b-?-i^88| z!laFsf*#>2Nx3w9{a~O|`QK`H_>`02V#e#B6ZXHIk(;iY{HP=X`|xZ{+2TVRRrq6Q zt-@J4UOqR(w6u_<;4ww{s1-faXREzS<|+<(I}z^#tuedj-##3W`TMs(=w;Q<&o6xr z#X+}Q1BG=hB(q2vzPsw3VI#1;+Qj~<>cABWH~3gKukqK}n-I1=p&I0Oz{6h=h)9US zRlMjV1b5{Q%IL>AT2Z_wg0dxjEYt=!$8IQ!A+5UJ;L6QCEwfZVqPDs^g^XK$oI%02 zZ==J5gM=VlOcN!qzl(EsZ(BKwiy#h1+GTKh;BOJ+O?h?F?ZH%s490!ks_1seCUH`1 z%fl30_H8ekA1RSLavLJl!YJ#-Q8?;EKuLwjN?n+BJKs3bkHor=TwXAX%4%q2UM}=( zPdF{pzK)4h-XB2?crgG|X(WQGOj;S{79PJqT3)D>x!yxh&y26%Y)-(DkrzaI$ITK4 z(@+7)Xz=5%o;|e)m~wrJ;=x6QRSWfbPPm;DRPR_~sF&_^R;+Vh!$Q-;_L2nt+FCMG zb#9)?I1is={S5kOZe6$V*N5uoJlqBY^TOgSG}+z5KUoePE}Y!E#nvqxj47yf!}mtX zU#;GZc#A13f3g8p0EF9`GubUGOr_sLJ0Lli@5PwxL*RQzgK+67l7s9b4UpmbzR~Vp zL*7@pUmK_pB7Yi?GW)Fe5CXq4kDy@I(bF`Zf___qO$d$PEOJJ&-g=Lnxl@u4- zOh4sR8|PM4$<+WfU0;v&2?rq`hYtYpu&G<&RG_57f~GBdMV-WX^5q4w5|A zLMbpPheiUtnoCw3YIA$vp9ZJ`OJj4EHFb2*|HO$8+x(QwKnd%NwVKG2ZrHa!DC=+~ zFeC_|Geu-c)JGRjI;plod4Y)%wk`TGuD;0>JQ`VVEog-<&(NnGOQeE`l{hq#{csb5 ziWc-W^|#&{4$dM9II_okjEUoQ1p7cC<5VPZ*lV_WI0Fg$8;qZ z^?s|RC$65`)~=FYw%3Z*Qh^ZVoiBX%C`A<_AUx4Y-$;(f|C9jV!wdGq`iAzph|Xfn zD)$(1mcfl;4@{{OC&KI4?X4^fY?|IMs;o8hr9ICtg7$n08#f~i^z`FvG}^o!ZPkUn zKNmY}vr_^`rUw{-Jr5bOBL%(`UOCB){>2$Xyo&nz3JUV_O@DS~X2ZC#58%=J*nVdm zkY8J?iKKs#o}NBx=fo<8i>uW&;?C6*z0(&-B{-{rL!=cMbI$(*9h!?*(|AnQd&KYk zmUechb1&8?sbGBXJ=4h;_ZI1k%=RzYpk`@tv!+Wd12v37&>rH@db<0GcvgG)V{9+{ zb^F3!v`LJ6Gztk^_EJ}_m! z!6Wuh9_+9(WV7GtR3I2P{XxJj@7*3nNOq`Bu9^N*oqqlbYwA9hYh2FB!JN498=8=c zKG7@MpG|t+aF(H8^jGUsa1s7Ir|fymU4A>LSxZ1RL(fSf>!%-i;Ux8s6?z?QHktM< zu`(e6?S(u13lxN@Z$Js9o4&Euhupok~RmA4IzqiBeBy0kUb` z7tA5r1U5f9*(*qlTLwm#4mW=dc}%pUg}oSALQ9?!C=>#XMJEwBhl1-v#!%ivY*&|r9=%lJjdFvw z?t2Q98;*Kpv>mp^{Ss#Qt;VAh3eN|RhFJ1eI5x9w4n#g-21$Te*i@9jwFNn%UL!A8 zUH!H#)icW-LFn%IOx0h%+~V!(4IpVBMGk)Q)nUZ2Q}W&UlYtL+&HGAJ{6t7|?wd3D|Yo=r9va2)|R5ABIT z7d!L0)zn>MZvw(e1O`%|S-4<5GzlOYu0!EJ5d;$!6feQW)oyFqph*1ljGg_+1yYGr zD@%!KT83e3mTuL0AR_6jcF4KWBNYY$aa|c3x6KSSQo;C1dt^rSv=yhH<-OBK%n5=0_=)b4T#;}>QGRYk}8PbKEV*zkVtxAsHHz1MG#d> z8-pi_?mwjdJA<)+v)G}T7o+#fQ1wl?>fJyvSDuSZ+J}6e+)DOI(&Oc(;@Qe)Qb{gYx@ZIiTa-v?T z-%5t=XZf<-VYoOUBS#_h#gY)yQ?aOf5Aka!6`K-#-`x6g@p;aj8sq5-oITp*r@G|0urT?|!)W&z1=uS~Y%3pAY%Qy->tP zS7?zc4q}D{JGv>(GI_{QB|X4`dOaHU56W2QWvH4_+Fyr#A<5`KZDC0Ck!L0t9c7@Q zCV(9NHIn!a`a%gf=p9PVP~hQ3DHs{`KbXCp9R!i;@`~q8i!cAQ|1pfNU}UN+X*DNf zY5S$Hl{&w=JlJvkDL`BO%we}NLLdEuS=z$NMs&^(Rd7`lrlh2-2PByDgTkP3?^-0Vu)xy_v!5P%iW^skYnPV&a1# z(N8On$a=)9yzvdC$lvDn*`qKA4)>fik*#S=**#JBO*1|i+I@BoM}1uf1kZg zbJwllrwI#mq@P>-2$vNPa`J{#Ug~=&b5pdWy-xqgRcKUb!!J#P8uqn>M3}Qw%&;89 zQcQZzx3|519Q{Cu%4Joi3;9w02mKNE%X8=G^vsVgvF2A{#I@aatfpn5v~SuOd4fo6 z+aXKw%I@}9cv!i~DO&k?YmC|WV`8}c7?_w}d0jV^c(a!>q0lwND#Gar(({><06!D( zJ~X{Z_&OdEtZt%O+2(PV+`}&;o>y9K5 z9diI=s|CoH+|o5LxB`Mpsh84AIc*z}8DG9v-_J2vfX%t1+_=ia8p)B-E3a0x_Y2tB z_<4zii;GHBs~a}@@zdbFVKDx0=-7`om8n>=ub*$`AA=@reXkCMUy<&$5b%DkjRqU{ zj3ZX*{cw%Kg@mp5nplN*uE9fB(|W!?S%y#h4kCw!n6Z6R4HbpHGk(!u{lL`>fdCmN zdG-?6#5K|3EV~aV+1;QNvko5-xFIAnl;%(u1?dspb}gxUIvfVHM)3K>cf zJ{8a?$XU`T5R%96ZswYP%7{hcUbysCn3zxUk zntQK^{+iAoGrk>-J&Fi$fBGsPw)P}&L-ch)xnuN%JIFO7AuxY$Pb6M%qd`eiNon}| z>FLK%Oe&c-G+=AjZ+=_7HH3Vb56~tQRlqUvZG|!xo2J2wk+qorP@TuFghQ%QX?Eg8 zT$*~iX){1qP?MGhoz`+q^Af$`BHn{YkspZOk7mxp(d{jg@bla7cCtHfkAD@0Jo%fo zX7n4Be46Qod;#=+#=W7pgZ=o5eagkpw7qo)WHfGuFMyMOF+NkL1v#@rMh<}CnVTva zbN2lBF9l!l^#JL~=6#8%@ zqob3Js%n4>C2aXIa9MlS>M+&y!G*WH5t7g$gc#Mp%Hej}9<;qD^dZ%Yl-YS~azTWb zAglTH>(l$Ws7>4?h@zX$XX&`Z;fGa%34&wn(Sh$bg(?Kl-G~0x4e)q#E+~QtMF*_y z{yI{0w#?Z5-}cX~fybkrkpL6d3=s3E^WMcIJ-f1}AZ5H960{ z%dDR(ny#kJ6lUwX4uzk<){PXGs`wgGG6K>j)S2c z>4p%gp>5aRv8ivr+L;qyMQ%JBnBpivN0rzFVYdtk+ zNXRY^@;^J-bwfb5`CeM;lORy`?pw#fiZ}nxly5bs+et5;HF?F~uCA3L{=n6Qd-kI~ z7MfQMLp-UTe{L)&96?<3;ljB~V3ON1+&#pD1gU4M(Bgd#uK_*kmxj-h(&<7syJh4? z*jSgJLH$)g*k>Q%p@V}1{Ij9Ol+@IslmGA!2Y(elMdo++3Oi?6E;eh8!B$R0hM8|C zNFtr0GRkr))0fue+{9}ca(dptCMBd$p?u;x{LAH}f%ihJGc#J2P@`*U@7$Y(DS2@*c9&v^&5&;WIy`@At( z$QG{msYywvC?O3Z zB_JU!ol1jrBi-F_27B*&&-n?k)|zvS?|a|p8H9sYmU!xHQC}G%9G6??IE8l%Z^WI? zy|k+6AtV>sXVTW!j_--v2|Acd=ezxN{lTMe=qG`^;%MSu`+nnhGs8=LG2k3A>F~!P zB|YB|sdJij(PL_eg2XiO(D$wc&ySrDL(E?*NJxjMm(=qf70t|6sq{oQ_`mHa}py_iXEqNTbn%o zgQpKk#|&F3LaOS-!QgWo7M|0@H>|(FlkW95n_*)J{O~~-I z+Nj~?Ftf=Mq%Eu3o!@r!z@3gpn2MAbwO$AN!7b$*J6yDP>|oWZ@rqstzYye5m-zJQ zBr~P+0hZu-9M9HZJ*aARfKtH$?P-6?lWapo*XPrG22J4?1Rnv8#o z|D|$oteNx4U8cz+B@l_U6sq<9>wQcAXUrO9Fe5L>aa!qq-Q3o8Cvh#G^NgpEkR|o` z_1wS>)f^mCWwe~{02=&0FEJq=-j2Yyy=O~xb@iPwQD^%8JVGxQwID?K_WWhY*#A^k z=qU1q`0Cv7B-C8v0UmLeAsCFs2#AQsfrGQhYrURX!jF=l`XCeHjWB;Gj({W0135A} z@~v6Azn`%3+l$Nn88x}f7mX*f>=@GSuCA*;!Tbf^lg@!dN_lKy4b#=lE!_sd=oKgU z1Ec}S0?RqEEqKKoBz>6Y8+PBpvEpSUPZ94#=4hk7-HL<+b}VUQ>5FI4m-l|`kDQtz zZ^~`o_|PCgng0&v()hLsj=3B~*S)p;Z@iD8OnbiWCBCE+$<8$)Pfo@4azVX)cs!COXcan`S{&fB8CJ6r(lg zQZiu$u`oKe^g(}NsXpOgErrw|AJttuximiR`n8TS0>U9$ro}6#g~p!|G3{VKP>e^2 z;l#zkQAtQZ@SVm-*kZZmPwXHFAB5JHJG4;nH?{3fbctgKh%t61y)h4~^DpH=fr8m) z=n2ThcG-GOCKUesiOf}`r_Vn&*Wa)@IH|!%5hvM-T1EY3d@NFju`hCiz{aZc)Alb3 zV30&t82!>iu5bdaPS2MqPp{v-)oc-8&l3R7{DTbq!xZSDw~~d_>8C{5ps{q)eGw8c z$h*ouf!~d|73(kX6WN2%`ySfB_er{nO)yt?ZYLJ3m&Mij4r~M9Tf%H)@6ow2KclR3 z#AxdkR1Z#VjlMA>(S6KeIXUjfsOf4A@88|0pGizoQpW@vYvo0xmQc0-Xm_@3rh}s) zto~+u;%mQz89+wFLndzb>c@V;*hnHPLmv40H=A6*1liT)tBX4$ znUc24%anYa4t@?#cTT+03V|OKVjVbm$c9~$M>m1XR@s}S_4}$~?7E=*opUCS?ddye zw1L81Vmd2fc0YCrS%m0ey@1 z1U21eZ;r!Kba{oq?B2btsY5}^8J^^Q88Q}trW~5%NYHjh+|--;A4?|Wk8 z{jF6TTh_q6gopiOB&nh~HGg1I_l3LPozTVMT!5CI0>WT=w;}yA2AJ``c-N*sdxZO! ztv)V&UU!(ietoiDs?=8{@A>wlB$qPJXpln~vl!9Y>%emVg(lQI=z3hQR#&I#p7BAk zrn*}H-lx5T0(iPn&CC*HRjp zoU9$4np(OorNG>}2Ogsa%O~jt>te)fAgX!T^j#j@e9Xfe#^Peq^9XYzA=hL8){CgZGT*#MmbS# z^6!=uDSH@C!wSZDx@jiF=@M}S*sC@Ues+HSRj3Ea&d`*;u6`E0k|+SW)Miocv+RGi z5JN+goLpS#G9Y9x8Mu`HK6fS35X}E6`tki6j^)$|!V&#d;a-i9Dl(QY#glz)W-4-V zmS=UVCt@^wqxXS|O2Tx0rV~HFCh39+%*hkR*TTM$MqB;d0|hz7<;$q35*4X1jQ1j5 z2L^>3E!dnLU{)IkAj+kbVgY*-|DX2NL0NG08|Y`h76!yy6AO!fP&PagMt%1LV%@(= z#boAoUfC(_%o`#5Hn>xX$M@z^p2W;XSsxx-r$en(RZJ44#az7Ny-O0}f`e(;^|`Zu zkxO`c5_7g|&|j3Do4K-o4hh1Fm2YsQBepD0EGzA=L)|#}OV?@&Ll5Ww&*_FOx zVBldyZ`wZhEtDOPgpz~XXYro+K4hIPxVVXuc|8)mlNH9ks5Kp>-`%}k#S)H*O<_4Q z#vbOu$tjR<`uzA74>@J3L%l*w()l_38orEx99>=*#6f~JzJpTJ;TDpT)>9LP)G3NNx0tG>Ax3y+P-IH%zA{Mp9MjYw<>Ge#uN6 z_QCew4v*VX# zYOc1tulL_P5e5!R13jI1tt+{@Dol_%-hAYSYFx`Tqah+LLcx{FrJ+or_*aaKKd0%* zzT!X8a8K9&q^$h63G$?_L7Xwa2!K0jyL>`Chb&@kwo%kJ^GRw+K=V5c1&~N{y7K-W;CVqH`6VmE^a3sF zqNn8^*=uEHg=uB5apDLq!FF#ZkFCZty$~dN-1{HaBtG7BYCgP7A?ABSu;9#kpGZMD zt%`e%+)A(c3f8>FNLX`u;sXx+5k=2(gAwlc32`<7pcH!V&=45$tZgY^d_!ce{V+L6 znO6@kW9&;DelJB@D?2*$xGz(z` z3}w62AgRP1_Z&u-r_>de%EjGos*}nMKX@|*awtB ze%xcYv$_in-OgG$GvHk7Sx0qe?kMKWN-I`u;cjeeoUs2m%6>_m&0qGQ@T}s`CihRG zlJZyx1?VaPUiq$h#O;gJtya_ezho5AX7l#9$dMa?jTApACF|{RRqUUucPolt;H0N& zkdYo2a2{Rzw*UL&)bT<3^9UxwVHj*{Qf0nRPQ&!=kbM+V?_qXok9fJNE_UdW<)_aX z4LBpHqG5xUc0Dj;QgWhL#O!TY|B9zi8!iu^gXc5?+~>^154|ZG-czQJu&*su8NjdxlV5SZ z(ZhFi)NL5?OBK%=Pl}349yXbiK0O1?TjyaBb*!@}u_nbp|G%{1cm%{+L3FW+GKNr7 z-{h=NH`?Abf7Fj8w$vpR3SuTf|Dfs<5HV3TYVveItT@1=j|WwFw`3N5nV4R3)c3eM z=AIkP_)tlaMO&Rjip+d1>^wL16@`Ej2}`O7PEgzzeR1l& zWvwWpKe~g-7X5BBW-}t~jW<5rpgh>r8HVZGA9*aUh5>uj76iY4rK>ui-R=xD34}+3 z%abY;QQPwihrrJ(wA^GTRY3y5IZ}L%d#P)d7fi2Lpwd6-^$00-k0bR4RZw zORuY!u#5?|K5*8w5b$eMY3S-QHrlSc3Ngy#x^MhI%{31?_|e}lFK76R?LJcbD@v`) z_0$x=1}4;el@qB=E9vdgr)Oc≶O;aZOIdD=Yn8lKb}U)W|C)68Al^&_}Y{ilX|D zasKmH#Q_Mv;NaXRB#baHr?$gdvwKL-mK8SY1W1uPSXh$Hp{iT&iMliFB_Xe!iS1i( zc29Bjv47&`%s%BS8$5QkzGh`Dq6UoOpGvc1$ZUd8Zg1{~lX{mm-WnOAc|6jn?FXZR z0v-m(zl7Kl!@j4F=jSaVi0XW_67%nrt#a7)Ohm;^4o9u}&edO-esE6^(QTE~x0p&4 zek zMiK%~zp1Rz-BeWZ#5}ONqHiY5>L>pEA&C|K;OYe z*WdIg8oSB_7CEa=sm+TR4f>GV5cHsC^OdXK&i~);a7|I_@DYdUS{UZzhc!CMaUy;u zW`p{p+U#s9yZr{8oRSg+LQ;G2B-jAKopn0O_`~nN+|S#K1h{Til1*N_?fB(zhp5MX zi%pRMJF&zJ6}~g%c37r57+pH<2@`r8r2gI#+F z^V7u=;oCV$-yogBtQa3Le+aEO;fH-{!DX2(DJV%b&YvAmA7kD}Hzo2D^^z)ev zT{$9*R=@_qt6ghFpn3$gWwyZlP`fEd)}CMC*of3k=#Ngq2s5VaCEm0Ih4 zUbbzVcv`W&$s9qdFBm};Hw+ZgUnfg7V#h-e+9`I=QTI!bzt@h*fEmnGCcleccyh89 zb0OdTvgX;&-~UFqfg5~XyG_R7X5x4lx1>+-H6=8~-e9kVkqMM68V(mjV z2)i6Tq&Pq+V9 zrVC`n?*sd;4y@$xF@R*srfmq;y&b#`ggE@Jj`A(01p+URvLQ!N-<=6#vipIX$I_cG zX%rXeWv_*_yriNsBlwEL_l}Zz8uOU=MAVxgu%!F~o_dec(P&4y#$)S!R@~Yd z#>!50Mip=TA~1*ZY`wQ}B!W5eE|_$7RgCgMQOv$*YGl5RsR+)YW)k0^VVk4Tf-E*7 zV+kg8ZSOHlhA-8%)bU`xVW_gQGDLi`r+71bH5=G0yhAP$HHQ0#2hz>&klZ`!SfN2` z?$J(!JHPDkR-)bUCiq|_9+(f=BX7ukV8k`B7|PeIz%*|3SK&Itg9DEvg_UTUhgVcz zYF@^gRr8TJ@%&5gx9&Gg+&nyo|B>zXw}LaN^tAhz)YR`FX%h3?$37IfGiT5T6oUHs zoEDjp4cQCJ#`xQx+LfXKXOMFb)m*dY%lqU z(_mx2tsjTpBk?9g8+EAp-OgpJ)UlLT?;exgnEl6hRzj_iP4`%9p=t!>cLI|t8P=

    &ym-rRkv zTxGa752>-5AvaTH)047%CRtlvu(h^HYQg;`rtI4bY1)__<)(Q-!q1v{fN!uNX%>Sn zWr+^>lmHQH3a%8;)2s%Cb1M=RJq$<>*>rxG(CC(8nm%uGzn&d)S?fW(Yfj)9!g4Yy z2rpj>02_ESRKNhq_w7L;{W7a~I-8Od9Gqt(?%2KOEHGscv!Z1OBS-l#itQCBeOhwQ z^nSnHaBH9q`7Bkf`+zD6kvKYRG(H1MJjGGw#SsM^DfFYc+0(Hq@cQGep^{S1?e*0a zX&oVvfvF!0iRgz25I`YqTb$FqpOvh?LrdJ%9zWW>?Nc_Wk>Y z;PqXqKfwX1Gd$Q|$fl<`)MP)j$W@O2X@pAaj7GKD{?ZByVYE$Clq(hL>WS?IIdGF3 z8Xl%s+BG1FUOW}0fC0#gUqmHf?PlGdFP^-W!(*pQ^ecb2N!9*x^-g1>Pwva6UY_go zo-xV*^srVF*dJwzj3wW{%c8%NTaD!P)TukYu1omgRUb=AXmAtE#z)`VZ$r8r32oxf z%%&B#JA=xao}Qkz>=Sn?+um*{`_VVHB7QhjtoA)4Pcn%9qU7eF2pSEdu_$@OR=jL# zstg4gn}@ReZKH?7-KjEtuLl4o>nd~w6$gQYTmjF!uIxdNdYY)WT7nFm8%$T&im0fl z+C#?MbgPFg30Q9ATWqecoI2K=j`7j$FH02()ZIi>k#_Ro$s`@Hkh(+o%b z`0?`J-$h82BNu*pg4DLF+Tro>*F47G`eGY!kB=XO^^FK5_Sa?Xyum(1=>G;ZY@~|5 zS>_c}>W$wOF(P18jOYD-tNV*cmJ%tfT!ig8_lvGq-zHhlpGeC4rdomtNp>yAPF(^)y`Tg_tXbw^hZ?Y;bMwLsbAN>yGh zDS&#BOrAV=f_&d+yv5|uDenLCr?AG0=_k+R#xSd)2M;&N9J=B4pHEvWchTK;^P$u_ z!qC|i9aTbx&oj0NxQ zkN%+g`QGA_>>V0P)Klxh2F#038-H?5g_s&WDS@d|Od1vEd+AKR@e(fv;&Na*wJF=l zjA=X2$*%J->i_}xl;dLaHHK!AYm*&5B4T$%kn;JA8*5?qlzD)F%CmERb%CzzB9I5=~& zvuyVAA+XMzQJ_^i-qDe_U47{ZQ=@CtXzhAtn9>%IgG-mh4F>>=eN$;4?{8n-)#8&k zYvo42Xx0)5`8}$H@2XcOk(&YXEuWIxts#p{8S~wSG0xu#la6lN7u$*)4^E1TipZSx zvOmzPe{#v${`&Q+LQ>7%#NRxUrYD6{?}%>{uMxJZafby}>f#ZnqQQ7ay@ zdv7!iKJe~&zxZ+^N)-RKa>`}ni5u-={{vwRyb6#0Gy0f;t2^%^#||Ug4SxO$(|=*^ z3lch~P@SXDz|=SyVS{aSc+Tdp>#I%QQncq_p0K6sji_hI6XUt1N!fL?t2-QTjKBc4#i=BI= z`a#Ol^Lo*YDa2gw$oEeTiE4ayHC`u6iqo+#iFjrx>R12OFqx^c;VI|fp9x^3-n) z`L3z&Q>~_U^s=?ep5{xM2DjQfEnN4aq!f@zG-!E$ph0!tcckDXF3>on z!jXXNgdYggV@HqwdGN+@4|a$ooJtHH-9#(?gPZ-Se8b(Y*@rM;X+o}fU{|MwiBODcTBscqsvhG&6rV^TO4S@)f^z2&$ zenKt6RwM|OerqqrvVR9GSoF?$Kix`$S9(}J0hH%2L*OT~x66uO3LF>`NI!)zrpO3? zf*(R;p~~qI>NL(=Y!9vW%WDnd34R#q>gxJ}uS*-Sa(Ie7yg%!2?_fzA zg0(pIgEjGUU;4BO7uN1LO#cUts{`yKyb*<{{YX`-ySfEoLa z{$II#j!lR0F-nnGtzBxiFq#63)7F5&q^GqJ90w|L*Z>i@jQ!Dg`}QYWp`K9nGmKM! zb~gfB&qTkAj6ppnCMJDrOSEp}SfLf>)O^{;T_@-bWDy?ZCabh%nwY)&y-eFEIy(AL zwV#%OAwnAHCOz+OVuwKnS0KyY6%{37|LJCE&}P z1kkLPVKCi?MQ{^Ysuzg+-icl6D1`{z%Q}Tgf;N(h;Cq&? zD&P~lkgidM(zf9<+tkYHT?94)`LOqmn_<6{w!HylHgmtSl8|0ssG0!dR0I4E;97FC zvQ(A#GbvT5_!^NHGvj7ZWhD(T89kw>q9%LUIPjftRAUkK4|3DC?vZFvR0Au+9Ep$? zFss=Z0}pv^z>ksl7P{M%Sa~1}_PA_tikvGWi6xMJn%i6ttel~1-;WfeC)P{jj*8=A=xiA@ z?VEt(Uu`1}c*x>|GVS8t?i!cNAETuMV1$<&kAV+VzQdPApS{xcvNo>%v%@9!Y--r> zA!qTArKrP+4x^@;Nes9GM`$@5iz|6iRKe+*CDcFyi}A9&+QzTa)6ztUM~u0^zegi| zHp>0`4{Gh>kswSg$k>&)@eAc&^;609vJZ-UUhk;C&9H+MZ@tM=P>(Nj)V6fm*%&Gu_`S z7f8wbUw3Kdj-43E<(hlnHfk>&5{ic&eO1DoNAK9|Gp%;qx0p_J90AZZCsIg zWAHypjout46%Wa|>bfS{NupN`D4A@MoqT`~uNzM1J7gU-w+R3D6`?F&w${+o<(vdb z;s`LfM_a@&uV0`biCTRA>@sdoDSw#L+)3A~lVLnvzuv5p+&)o^CDZXIZuDCQ`K1iFPq@;CYwBCr^+ z2YKGi`;QTPX)|-~?D@nS0Bun8Ke3Sl9_|E=8ST)bJXOs9$Z#Tk#?chT(eUduv-A|vsJImKnk`6+gRHQXU>q~TF&$&2a;iByw;P&b*<%> z&_k7;t$zRrp2W_+Kp#{YH*AI)f7kO)EyygIeFjYhtSFb(|r3y|&%m z8U2i(lu*NM6}^zd!j&;8Ihj1JWw%VRcc2m1t&EaJ9N|)^C943pQ>BxO)QwVPrkc z+NmMoJs3~O4m_9&4Srr`6;%|*?1r!CY$$&eCY`R(zYn4B2fO9HfCwZsh6h36tXi-N z6rC>niL6hEhE^4#&+Fr>ENF_)?^u+Kcd)NW7l0OFw`56>gIG$LQ))GUprF{BGv{@X zZ@EjAPw%yPtSo~E)G=cn^B8Gnd#yu4UI)UB5cIexm5(VSGgSGb8Pyey({hCx-QIWY zEOE|jKITbWC4n=b>Kc))d)7N%6`zepOGi@tyqa--I|y!JD<>KG`=n3l?`2q5JL?S0 zxI!6QJ9F1Ceif)Vl-%666mARW^er~QQ&d>3$In;y+iqmsTdi(~e zmwz`FS~Bk!h(7i>#>%e+5)0WZoO9H)uQpz0LoM!K>U>w$NB_)K#Ain z<%SjeNuuYyL&PyZEarW+^LJ7^d>cz8!@P2fl$&+c<6P7tP$Y}LtbX%fJv--4>_)F@ zgBcD?JlO*LV5)tDzSYV2VI#*B1s*z3==Htw`Yhp9KJ;(azs+{gJ%b;ra$}Jme#w+@ z%)n8b9i4_*{=KC4yf3LI!eyej{yEM?8~lohJ_e4x;6nB{B0#==4jA9)aSKJ6Fv)fx zlTNl^U}trgdFlpmohPG{dJLy{Is^9mj=G>X-QMd{9iEf&$B!G)7k=@QSqkapZGPJ_ z|5+FPv+U+R7#;d;QfO{cSC^#{9Xoy`{|uZFyWnI`r^%~e8pm~=0)qcT{E~ZId4#Rh zxUbu*Y8+7Q_9*3Rn#dHeWz~7Zi3a4sFSlT1k#vcL0=t%1i~F~f-eRJm4!_3EZh3Zu zEl+yY3#`7F#)s4Dwf0v(a-Gg(VlKd~hy;T-J>#RM_%f89k@5Zb!Emo=nfftuIP2Gl zveM9}@Cpw2WfnX4k)o9nzcfTgC2x1fmD+pCDl;=l6R7w6Rzf0O5BoU*fqG;Z7LKXz z)U6xu^lt;aV)vCjx_?JAT?9=+u>OFkzgjHMz|V~Tcl2|f#vAjW67))CqkG3dXv)XO zcM0YmVo+GBHaj=>84TfbCns!{Pw!FPlg(@&#l@OIh57825e_QqP9D*UytUXx!*Q61 zd}Wf=Y*`vx!_p|g{$GQ1KqugWBTD-sZ{Um|n(fh=|1r;bPMxLL31@awmr>Q&9IVju zWiYO0VeTEe-(yzDEjBjA#D`DjPK@kg!Sk`(P%Z`u&^_5~8Tw>}LULUZ^s4YO?5*0M zVKiE(dg&z6$ONhHsR5PvU(F33k zT+u)L<@k-T|scI?!szBW#;7%@)RLS zUhltfj9+IzS3^kvd|uIAC zsH%kU@k>zz4CQi^*<-&#^lH3QG^~?b+o24!sw{XRlnbm(33iBXt!8^D9P_q=OhtJ! zCd7?>5<-@JNK!(Uj+P;nu@dK1=Zgif?eedj(VRC=l+G>(K8rWdQ-Da) zRplNmoLHq2QMQ)<`&HSXx@R{EfuY>6U{MI+5HQY`H*T1L7r9VKRM*t(YjC`jGyPJG zi-v+BRh?45x>#x9Jhp;(bQ`D)N8-2M4SZ$e&tygIw+_Wwz9(J(RWZSFEKg^dw&FoBicH;x-%ae7%(^DOM$}M-^W9| z@BvF>YfO534)97cd*etxym)Dxd(AZeBhZ`DMx~R%dw4(^`<3~sXk_pQQuQEqd=|{- z1f;ZqU+bN z{D9ppn7{F#TCktgZx;qCcukHrZr`wz25#rqHXA>_Z-XJMw zStz+RUJ{orZGQm!J(V*Y2u5gp9Jx0ixSY?mzw5Z{13maZcA0NE*1Z{GkC$IQebV$` zDC!KBCryhU%R!Q8DCKt8=XGLK$6fgiI;7V6;@W{F|EL0Umr>2{P|)M(yfEwHo~(BLoquvF)ufMkXJ%q*#l8^Y`&g{!b%^L+RJDtq?zO7jD!+X2?7xvegq0CuA zKths!^qrArPRw^w8s^uX(Q7%16m?fu4N#tYr%LP2R_Z0`-@iY%76)~&d=b9iwEekh zyKwm%reV0Ozq_!oV3kn3W~v{K7WN)v%PBWUMb$~?A0ruddxP7zyqg=Bt+ieu>p?A5 zg7wy5ZZOvRzVtNJ`u`WzeIoyTR3L5Ou(4$yV@fwTu2QPF*;ufSLBS>z!57y|R4Ad+ z@8qK+A}qW#wAAlDo#QH}?S>v0q)C*}z#wi0itG5!$LcX8lL?g|I}*ttk?sZ~Zbj^V zL|K;B+`fhHr7C{i8}JcGTVeyV^p{8RYlEWx?7W>ftw!ziuy=c;R4Vy26bY|HBC$ zUm{#-_+EX@OS+96EjK@odSEDEkcI&T-^ zRp!*9S1x@AL#V4gH&fr))%>3DvZK>@=S`Cq8k$)U;`rp`BpUDE=tpn4-^qiqri7C= z*auKBbJ>Dr6k4>M5EJ8Df^nOVWM0?HKJr(Bh>!T`YHGqZahaN6U?%g`pA`R_F*`#0 zhzJ&U$2XbPqUc~4?Zfo@U%{0=b|ZEF>bBuq*FUWqBBaIEQsaajxNgQPzaENj`DO^5 zp-z+EbuWwm_esnEl;db>>Xa0l;U$z-Z@K38C9YglLHRb2cmG17aXMJyTfXYI&d`E$ zscQ~%jF4;*bW&x+E^s&=^VYz0Sn3}eJ<$%NfwRERc{%j^_s2c33Mj9sQR>xz!gKpl z+4`;M@J+Z@*#2xmNb^@ zxj46sHZJzVg@)+GlF`cSPXz_91GYk7Q9>VEC?m@=dAj%iYB@EQAtAa=RTvu&od>CN zqw=ib^u=R&=!LAZ8o2KNa^Low<<`JQIKW$`Rj5_M=2x2kktW#-x9YgDQB8SujTlpa z@bGlPPv3D`YH|PNeE;p4JH)#dzW2(S76brBO|qIcv!;Qats(DVq3KVcr)w92{y$G& zEX!X#;d=svTJFa^Zn}UE?!M%R1zMi52`+aTsA1I89hz`9Hm<#F^&D^ip8vg7?Jh(_ zlD$y$%??Mx)|9N>EWGy?k)rlHmXV^yK=i04oM9>fd@>|NM3OhqE~5(w-L;F0@2#&p zaQ2K)PfYQN%R`@Vm3`&J{^6%aP~|2JDiV0s^06ru=;}3Lf>!rr2)(K>od)I8M*@2& z_QT*$-_^*%hV74BS8WnO-7i;nXnhZo{s;q%>7KW8(1XF7xibB_+4$^M6tcnQSjVjF zS-LsCI%#n#VaW7?;;Ga(E-jDtenB6m)<>8MIZ=WgheG?r;gQ4m7)0Z4?wO-uQpX}n zt(1-l2hbmn9)od|6J6t|DPIxO!BX>?)at)|E00Ugt%L2~cNgkOiPc5~U!_a0%&XP; z3)hPRmDtW!aJ@J?`;kAd_qD`mR!|@@?>F-vVkD;-XtyxGh+4uHd$mX0!0m0eY z*$d)#fPhg>byJUlItdkjRK$vi8s3_a31AB zJviup1F*Xi$&=WB$;*{C)4`u}x6Et0OB{lgfsu?ufL8+W)3}ZMcVUEh7r0)3axC!w z!NIjD`(}L>6!B(ZVi1>|o7&AU+m$(i+%aAww~J4tuR4)=iQuxazM8x{DYVGrN{o;u7Q4e>EOP#U)o>?Zw!>HedI`f2sObjV|W4dVX8;-OHVFx*> zQR4hGKInhN#YG6=^I9 zYH-~YuQ6cg({DU{1d9;WyL-W0R+6jY`q z0-a;Y9O9lXi)J6!Hy>Lbid-1@rhWztP8QY#eTf1WI4NFaxYhXVXq;)G_RXTer$kx~ z)(Vszcy$fF;|euurPC?1C;qhR~Phbf}=6+`-aWR2l-FQ zsa~P7n}lE3ToM?WDw2^)e>6?KJMLnE`-+2F4Dg%kkuCle_oEzfM1!0G8*7`tKZ;?8 z`rm%~oQs9YO-;6_$x9q44w%>{vap6`wvfY44~1i9yX0VRZ*OQJeBl+#gp#DB`0XYT zvI|@EE%P@Vp4hI%(2dM5P*HDjufKN^-9GF5L2W1?Lh_i37Qx8S2aC`J8eKj3^k1&x zvbWp3NX!C@X~Wu9+xkr;NMp6=fkwN0Awc@_eR7=20hR1e*A31QezOHEDxk822y_KA z!xZ19rl~l>NjSe&dggOnf;I*Jr+*}IRE~pNNs(Ay{)87LET(>NFuo#N7;_SIdo`I@ zN@dVlkaFSYdbk@XK@BAcSm~(;pCnrF%1k`!581&(ILMU}1yu zV`F-Hwsv+H<0$L`{rs|49-vN7BH(3cer&^tU}Cb{`OgPKED?%`%Y7{ z7h!`C5X}<7e#`yNkKul0yiQKipyonfrJ*gO;BquoU1aytfhXr!V4Xw$f! zl*U+Jn+=2r;TxT-hCCdOQZn?;nC~9npu9M1i>>s!K59QusfU#0U5*p5bw615QPaBH z5A#n<^xy?pK?j$eeAWZ3RRRq>-N~ht+T+&l5-6b(JzcxmL93TfKmH)T!TVcBb3#2< z6bepFeIq+HUY~zyp+ja#qU6s%V(Qd9+j9;@* zBT*}245Dj6ETb}|b;8epR1!vBF>*>2`;ozfyAxJ9dxB_xmOE+;zYY&&t6YGFkV1@z z+EBecAq9s>GTbvx8dP{(_OoaUJhqfw&*Pcd<(`LK5Xrpsc-^qb*&ra9k0$1{c&cge zrskWk-zp!%SOT~$tdUiJ3tXD}JxFN{B5)B69PkjE>FN67QcJ*}ZAyUCkku_pBm!?0 zfrJ?Wmy?OTg(lDUn13l*@Ambv1U(M~c0f1%Q*Q_kj+D^bT^7~jzla-w&9QWCe* zu^)gW#g%5t)zxqmrNqfC_}|5tj+|hs`rKdlq67`vh2e`Z*P1BMZ-6C_E>5M7pAjiVln5BzY3R@~zWST^UGJ`@AEu=_A=9?pmm@STH*np87uOloFeJ$p z%aziRI5-;lh?e{~eNKml9_nH5;86B%C}X=PIy)%XAJkP;VX)1Zi)wz<)p>F7@JM4* zHRd<`Ib3^)vtTNMH>rdKy)58(8{}7O?GO>KDJaMf2A)*a1p6cjM%_IvB%y=PRpT;_ z`APuB@V?{vS*lfz9u<0&gsPJ7)ftPjoLY_%8hTXr)z{Gl;g1PE6>%uR4>RL^R?6}; zR8>)SDjAUO_A2E|U1MXmKZDd)n=r&Cwn6QLu|>@63CTupe4staj_?d8l6x^f=Dm}3 zeN^DgM5S1o17Sdp<>!0&S6GJkcE4LQlpm%^@K2Ya{RLEmfon44BPR{z%L0AI%+Rk4 zA3RtZSOm-$$olj4SSxS6Sa<5xw&zud~_*_*w?&}4RZ z$%fBj#gtQN8YJJU7jU|rwt4F}Y*@Jfreh@nZX4u|`-iapA{d>Lp|^AEX&|onn3$Yg zTV=fDBsXxrYcZMUHn<7@?c`A51beH}&Ln=xWiv1Dg~K!_AtCa~^#l%{zEiCu76q5h z*jKK(3nOw&b6i9hjchiFOMG9}?MqeyMR|E%8`}~-X#LrQ9E%R2g7B2AR6#|*OMzMf?hE~yn@dcm%Ko(> z7r=Bv1~G%H7QbPt9lP#t&e zze&_qP)(Xu2b&V;-Ed*auZ1mHU1xZ);PixzS?E9lW@glXH(rj4{`=Rkx0>@~ek@A+ z{Q_FFtvh;jX{5X?kL!f*oz({uA2S5ui+c~DmR|J3{aKvB>wNJ_K_V`)%EI@>VDxd#59xl2J>u3bf|XO4?qArT)}mLePY$ zEPwPTkz@5k?YWL2F!TNYlwl6+J7}ulj$VGqmNn@sy*0Xh8T0mYpMVFKchMU83UObokSl61#%rTPmA~Uw&Y8HNAcV#UF6V~c9I}5$R{9760 z92fm1t;a3(!EmRC=P;X3ON=Tr^(|Hp{-Hzu<6+7-jpuAs%x71ns;vR{juH_1o9F=i zB4vPgdxI14cy~J7j!rnBO3Gnou?Z$~9}f*f`Uj)k5FP)#Gjcvg?tyY-i6bAKMtWoR;h5Z(@!X%~>F?_+`ahh#RZt#H*9D5ZJHg#G1b2d4aQ6Vg-DPlx5C{<53GVJr zfM7v`ySoI3GrZq_ajMSUxtOXho}p*Dr+fF7wb$+iwz77=%X(Hu=Lt*8sw5K-mVSsO zwOF;a%xAKi)sW6%98%6o{`5`4QTZX0(hutW-Ba9TrS{h~H+4lHc>GSSqrau+Y zb6pQtxhJ{X8rWXROQOz3jxts{*bO9{Ib~f23Wbq1fm~~kfR`99FRx%1@3EYT35du; zw_}k6qP2EDfcepJX=pXBfzS9N(&7O7Q!Qi#&Y2HUNCi6rG7l&PQJ`wReyzF*f<-2c z0gI$Q^@d)3?#-Cq-i)+@;&YCL3*_DIS06-~cR2wI@c92-^65Hi_qux7eA_7F#Kgp= zRR+<75Oom-%Mywy<4tA=R|S#ifk%|S%0M*-)Nh8}Fyfu^3`!^#9NIyWtMs%ql(Dff zSr?c0Zrj3a=C+GYnGgE1_E72$KPPQXDhCc$HGU2+YwN%B#j>MlzoE2V@tr2p-zx9c!)0};et8H#BLrX&-?Y=SZQe}>JIAI$bY zNmrboJ966jV<3urFvuw-I15f8mxu!dD)MY+vt=J4z@lF7HRF=D8>@^GSHV=v(lHFw$qn?XJ)NPW@ar(F0ZhQ|6*MP z#elM|kuyQU*p;d9A>#e*6J1Q>UEWz{%XIyMIK)R8{wIdX{YAD zQG2(l`Yyqqs*yt&MU^O^BedrOHxF(tjd97QO}%+31=SIvBGvs5Nx?5SGD2UX&xOB> z+BII}V)!u>5eHQh!fgEb@gtBRBsBet!AAf0gap+A5ahhEp6?YY5Z^mi=3Hz!Bz`~hc&Gg3YKUOn2}oPg#Qi;Q7@Zf?ZJx^y;{Y$f^!fz7Cf zx@_W*vYd>Y8wmpg1I6;A?8(u5%x_EFnCYos$JlRTW%)Dh(wIJg-m zJ?UAMoCnsqk`IgS{CaKUkBgr6Ey>xDKO7u46g8y^DNxc|JZX`QofTTEZ&B*>CsneN?;leHGit z>m^0y$G&xJ33~$96_>|WSH2tw(HK37a{JMun;Q;s%@{8F(yL^?VsfZ(I1=%A2oE6 ziJH?RTGIqoG!u6GnI&QbN>!pKJn?gCv>keFpu^)A`n^lta%&Ln9d=je6iQo6@O#-nv| zlGl9a=3@2N#=33$Tb#w`{w52fjvAzEST+M(u@2K}$I26UG8chd+M{rqpIqRa;-U0W z!a!ZDc09)5u^DFQX=(lReRjvvxx11KBr8S_BzU;1Z@?KYMV<14LwlnAcW&}()m)86 z@e-8D1~Pg86`;g)vKs8Y@Qeq}86#j8gkZP~@&*zEoLZY5$ z>(Zzj?}t_zj;8FAaOpzTo`t!=VvA*j_eEwREG?|Nx&@_hjCHXE?Rk+zO6e_-Es-PGN!sG_?b*zz?Q8Vq#))Km}Ltce68_l4G3xtsBB%>|aLL zP|lPG@)|$lh0(ElT9pN7)%H)6<<}dVtbjhL6?|}8e_h)PjpwZc`K;x^A`)D{i|?9{ zKjeGWKZdm)FT&p$qU^BGf{jtsKCCa?KRROJCQ9~JeIC*8__hMcIQZvJf+8G=E2AnY zzWiF;D9DXIH9uWU$p0(DZd$Q$B_49{m0$+gPlhXg=zYv+l3WQ3r+_YIe=WW8}(yjm3DaIny+Ue7?M-oVrX!TU&Br8RCgI|N9}dd**aB zZ*1e28p%zJc3{mZv3_3j>5CprGmcv7AZjn(C(JN%6utDOUx?&^0VdioQ@EyDTJx3w zsBcbtj4O$HCZoa&TSh7C`-Gq9_SCeq;(PcYfU^^NCqgimmRRLzoIR(f%k# zF6_7-zyY(_+REQx=X3U{30ZBb%Z|V;2$=^twwRcw8fNjV)+TBe_ZpV^`H|@FU0`!L%7RI z>1WCuzh0RzAccR`P|GeWpf_6UNEg$%Wlj4tmt0!Pt|J|9*$1%P-3xl^FUH?hADU~j z9__67D9>`fce!?}$1Pke83qVDn9J-cx5L)tPR*j_jnq!iqYbAEjy~ zSnrV6l6NS^aqL3EsNgEbs$%-_BNw_RJ$-2!3~`p6Es()K+im}pM0*l$P!6I?2b}^K zqm_%>Ki6128ct1;YA1YNgFyTu+1_mns1JEA(LO;#S?IT=4k7XZ!jjZK6@Af~HN|p5 zq4CyLG$#6?oKGy`K8mXb+FI*=W41kqY~E-VlaOfX%&FGjb=Pm@e70my{S)ghG$u!m zL*y2(#XXs#wf{MfRh@z`$Xsf!ENqXB*Zgai`rK!WB%T5hugZU1Ov=(?Sqv3r`Nd33 zRE27vv=tBk5+|e^0b(Q={sxw}l-!!FGfcr1LRdIbMJLN-qtC#O=&|jK*H1}r2~+`r zw!6_3HuOGn=2mu;XkLVVkdvectkEJD-Quoc89mQ(=x&10521Op`0ooFht(B6ah{~Q^YEMBIyOR?X3SG&B28?r*Kal`eqv9vzMUx*B`m^G(fDTbJt?rqS}}o>^N*r)?Vq#V%GsKC1UEOR zD3lbEKvG3ZU{gz8t!8a))BtKVmLe|hhuQ&}9i&3G(Il^~NVb2DGoRF(N=HztzzJ12*nE=UjXk)4N!GK%0^8JOqkr(-?9DJR?{5Jx;H;&o`** zK=K>+ptZfQc;4VfL{G%~^Nl{2<&~8VZ*-xBdcWsSgSUxoSC2C=cp>7vp3t1?tkH6Y zYO`7h!>JR7vVy~mTX28g{e225?SeH=tN;GFu3fNBMMt(03?J&&e(Ov2(HTr;V(_B@ zdMtQkoZb-;#>Ns`pMAzF3w$6(M2z%E`n=$*o6tkBgDbPR>TiXkopCcmVlB(?hR zZ^GCZD$3nE)QmxovM0t;?U^3bb`%;(+JnzUV!stgE*> zy|&akdg_f{WxVQNjXkSC!Zf20^5s@bAOZ$9%!C6f&=UkxO3={Iuw@DRwVqXVbrEhc zF$WTK-!=Gmpyt?#JCA4Ryj15vF41CavfbTEYej^C$G;?($-w`+G>{ zSgFIsg10QyWZVs5FZ3VAEHjyW z$CZy%6O=Nd>a)N=5JWv>Lr)1MWT1)mZ&C8yupxg1+V_Xs!`Kp<&!mbs!HDvsFx`!a zAu!nLkq*nvQ?CX|3m3-IX+{sgd*Q}({0Cpx5BDx*l^CbmHx5u7>Y)d>UM0@ZYyng0 zd7PLqgM~c>2=p1<7kr0*$Bqd_R>#|&Ka4L93=B-n&wKbYWz%A@=Up_B`PG1lLFgw7 zHCv4=U`ly!HJHXskP%D7;Y-;Gb)L;9mpZu^9PKE}TC3w+Mwbs+3O(PZ2l_Td1 z9(QLsa_#1$c*;YFL%?+rzgyzDV}m8arTno>vnZ_ZSr3dVXlR0%$vesD>q{iyVTVoKY|5`^67QnLucux0 z{UH+FnD8)jRk1AqQV3j7Nyni$6sk#zL-eszg22k<+_JLtI*>o3&gbb=4#x@T`*-ic z)untC-8~vOnQ~_bm|4?us7Icy#-7xHC9AR>nbE|b20A)%;9y{WztK0+dIx5vI6zsR zM7;p2`C(}nkJs_>ff&9Q&V%?juve|ws;{n_9BWErW zGRqgN)xmR-gq1yTTT*Uj759Z?N|~bBIJiKfBpMv`H`z6}`@BwL!#%c?&n>NFJOM_N zAcebB_u4R?up)Ix2-881<}BzQWC9r!-z_&u@|+fo#H8ZMJh{hW?ql+ki975(oj_1s zULDeBVp4@kihn>V>qodCTj7U%P6b_~hG#oF4P1hZ9heW1TC69d>+^#sGLAiXBLH2H zs<9se-_3j%a*y$CZhJukk+QCyj*d_OIZ9wNtTHwt2TI?*gYorZrhtblF$u~0&CSjF z!3jah@q1;=R#6n=?8iI$z9y=Lmoy@mlfy{^Lmz`09u$g~;7{#tM{_$EQS;9C@L5?X z&;3lzfeUu_Y`H!fNDYGgFnu#Q1^`j`>yb!!8b!PC&1z)#Xa}ugnk$^tPZJZEi{3KS z2N8@2Gc&UWFwHH~`#|;M{M0yIF|2iVU2I`au5>kDY-0dp%}cRLey_g%E{Sf-<@}n{ zCXDzKJeyiJzngW`&!2l1yxg{5T?Kt98{F?r1-v}@h$U+70^K9(D83HILjtr$xIvIH zO6mNsa^ov^;T@n6)eaB3#&f4XQo>Ym?&q@_wu2G>v6JHqGf3=CLcbrx0_<6(jYw3j zatgOt;rhI1^-j~t*>8^xg2dzKX&m3!*r1}oVbdWrIoL_L^Dc>wg;L7G@cYyuM3g2a zPRaSJzs4Y9BCcu;k?%dwR%v^=Z0v5LA}dXt8TNu0W^(cY?OF2$7 z0YVQu-j$RsYbtxusMZb4Rcq#_#GB_J2t{$~f*cV7e3g74NDCLZmhF1}x8$s*Hccm= z!g`_8$sP60=o5`=U4)ldoAh-HA=b6N>2e1eMGw?-KS&8Du(7?3;|tRF9_TgN>Ts-4 z%_wwrc%LNPb6+NQ9x>vzl}6UmDUbe2jh8NHO;g0B*L5DXf32g5JY_;#B6#<1ce5Yi znvWeNe}WUt<_rebe6JKguXXypzr9;A7xq-A{+>VorQId+VCAUMcJ+D*lB~;1TTE1j zU6ek|NEO@y{>0)O%)Xm1;`U8`MuIjY&EvJzlW0Gc5%Bln(V|DFYk%|1uP5tgpla;i z2)rjfzHR$rW@(9!ZpYL73C#~}LxD4b?fUxq5`_3zPF4X%UB8JuIKLBzkzp;$Vsm-l z@)K;H?zqgyllFxnA7fwFoU5^o-0_7rgNr6QnIDBPX#Y@i!ZJ znoigMCa)PiFx2@yz5(EU_0O*iBo&0YdwiU*y54wIk*C&&VH4*SToS6~vIMxlSz(zpC+h+)) zVqh5d29N42X=r6-VZw~w151bgtPc%kg4eiIJ?H069Df1&z}CUmu^PK6O$5VRQce68 zW>hOyW=4(`kerYc(N#-ATkwcIqk&tr?{c8_Wnf*?(KasFDQ17efIwOjOj^35M|%HsJ_%WE>Sf_;y%+_O!G7HTFk0O8@@3BQ^(< zhzB9!N%tIUFLXmUdabs&{2ZDnqZ-qE_HUT-3R29hOKi!@j3w<-Rx6k?n{vJ!S!0Q~ z(*Ck`Xyo!dP8a$3EMD@m4w8bG01Jy@FDx5MED>k4%2~d(ATq4!@%HSMe*GGHV0*@N z^Gryo_%Q-?K>bnln_9XjfV!S{#W_uw&gc~lF$*j+Zr8#od?`xgKK2Le>S|UdCi&s1DUO4~*?rRdqAc>&rO>voKj4%z zT#x!&E9MLRU+(u#;L(nC8tqq#jEt|byC%>nu01fKOej%^adB}=Ke2?F-7nIQu5k}= z{c~ZjNaY__hvnYv;f?~>pdktHdO{_IH(oLdWsC%%4<8niPesbd9{t5~#Jwa7v;I>z zpk|8b0zP7enar3{Qc+bj*{?i2hTR+ip~9x<^Q)f=hj^ZZEASvIu-V<98WC2ipS^tu zZtCy9#+LCo{B14{!GdHM@B ztjUT_9m^!{I@5f%3S_g91N3G?iQ8j<$l$GK5A?+BP`R(;GukdTI1xxJEYW_cR-|vAL3-}jb6?{o`(UlU5Q1n%)o8cW zfbckrfu#>%WPs$%oaqCm!-gOY>^Z0yTNzI4AqIT zgGjS93@j{8Zu;#%=Y2z^2L-?9Uti&J?mfs&d}ihY1ew z1S(Y#7eqqbEIemkKf&6o6}m0XJ7iD7bktz9EngE-nfLt9=buWMoXgA0|CFGgl;z^-K_NhV-zCq?q=>{!7%AU=inOG z{EAqofu^;6CX~}PF-?qK6Zt^G?y31YSrexZCOllK&t28r;_ippNQhY``xTNHymp4gLM-TXSenj zS~bxf9;&jK<+#y&arS+y*{rl=stAGG4y)+qM6Vrd{VEEHFnut@{+rr1TC@TY=wr8b zbHogeCM@4~_b@vA@b7UtLnxgjHSZ6%m=7C{{K?vpITSZR$3pdGZ=)$O!2e|I;7|AcjId> zb$cy%5)6eF6FdLGRWu^&%gg!#{a%7+L(`?9k~9|0>BQDd;0&ebSO)ytpQ8Hv_b=Zk z9B>W0(z|;!(CM|46?oaRJaiNccN06k@R} z;7g|0o-MrGa4YU%t@}|wLr5uF)D9M$AGK-?3lQ!86J-8)v|l1(-#V;#dI)Zl8b%m} zeUujkHk`5%XGRm)^F2X1-sS0aa;e?wI!ucGHM`N|5eCFpG+96S^C~GRonjIZ9bu5B zmLq;O=PcyYO)G5x+=T?@+>grh3aXfXLd=H(dSYSSck3z~E!j^&i~sK244}Uyo5r(d za)ss{K5}@$mRqNo&m&=<3LOi-fg7qL;qXvD>4AsYBC%lV+i@FWe0+L(I=ckgcmLcZ z2-lQP$IsMkaIa%F@A{!Ocd&<02LNyIB@H=kc4N!{Cavd2H2g&h>h@KK5{OAn$lN=y zC99y9- zNm@FhimLG?jM0?#Z;xvQr$37#omXVVG;8Oa0w}&}RAu2I$N>gi|7S zrf`|cP=|AG*9^`HP!RJ9OGM!Svya}c)47bl@>kSF8}bzTn}8 z4aFWR=v&_A`CH++y;(9|OkBzAj*iooD^DVK!VmwcOA~2~~SwQ{RQ2-F` z8g{V~`Sz~opD;g;#M#<7bWO~a$$VHynBluW6?%K+NldSGX-%ae7+C(3M!tf^uTdi0 z4$pi?I^QVObQ6AOSW61(lZ060F3ksgvm$c0pe5yhXN?}cU1=b|LyA94Ar@dlfQSMr zR-63AIJOJb8zLT9hBFREJlb%Ev^aqIId!wmmSe56m54JXeG)OR^8^exq;{S6PPTpY za?^O~`#pA6S}_^VnnP>#TkndMI-j)-+4~8jVb@7D+Shw8h=#;M`bJUTU(Yz2bLjFx z+b&mGOP~?qIRP@rrbtkPfH4G&ZuS@$BzmXza(GpCQ5pxJh8J zu4l!P7T!D;uM0J2RV%=V+4J7d&f3j$YN)c|T+4T81fz{dqQo5w_JaYC&!z?j_-6qI zwRe752)XEOScHO)-7f}NVtWqmL0@ypJfG;1IW2zhbtzXUO0HGGd=a zm-gH-;$wXz2m|X*z%>>q?J!g0vZwSFtfX9iByq z1X&vRK*85$eB1h=>)I0Gh`YcDI?MIej!4pd#^u+NbQov{T*XEVj5FU&{vtn#B<}D-p*sHDVW}2dy1v`%?=-GLrcWVk;+Y6aY!B_)2 zWWIr_X<9}CIE_@yrPSa^S&xD^^Fy~WPHy*=M>^A~raW+(x zWhMu>ZtRvkSOfF*wCeOdzTy%Yhw>=pi|&sN5)8$iJ_u1#+S)qG=)*UoE|Mp+oyup> zX-BPmjQGmu-AZnEvWxLNGExehR*RzPQl7sH3IS{Sz*0Nsxb=cQMPb{cmP&kRh8o#dCQ1(jDox>S_ z3I4%7obb*rVpV3WnCZ#trXelFhXD`FN?;Hc7DleVL5f5|>60nw9tB=OWc?i)-ojJ` zcH)qmgZ2SyX9ae9PAnAK!T}oh^*Nuf^5sbE(8`X+qM}+u@4qDw)|=T*;s^%^FY8hc>Tsu{v%D}M{<=A6M{%$??4iVqyGEq zAw{O-f9BnqLz{~L|Ala|w;15$Clrn}NEfV1<1lF9_U6*OWxaA-v$MBXU*G0B*lxbS zhOVfnNWAmwM0nPlgeE3&v)(9_|0dDPIzZHCHzLQW4nZp1uW;-h_NYIJRpT{pKDN23 zY8xp^iK+&PrE}J#WV=9m;7Li};XZ&R;H3|9C2~F*SOGMUx&<^<;Kbxi4v~Q63G0c` z)DqDKwg&lNV+r`U5gJE!uNbJVWlI>Eq+zpoIbWYbN1;gzchuOB#gJj()|K0wuXdud zwWMWsb~FlK*aX3F zP1DiqQv7Kq=;w5wce&c{+_o|=nY6ZAd$~uzgtRo|s_F|+Fj(7xf?**5m7Z4N2L{Y@ z{}Ff+37D_yR5<0g)->m8<2^=-#PAT{r_96y=}unTi(|IK)x~;#tYMP3CUWv02nqI+ zZjnfE6DQJ__W<{l3q5pg0ir)CBBa!v1&G77#g8(UQ&h)szF!>qF9`inqH zZbjj*Gc_FT^SZ!)SiHt@7b{=@a?f6P3oH@0c>Rmp8Z)axWAOajT4qDjnGZ=HhcyF+ z|1{}O-Ox}{Jz{*1rrWWlVJVGSX4z)+(ysptp4L2XAkWmL|8096QF?Z{g_S=IFPg+h zp&;NH7u|&GW5<%mhyrccR$@T>LYMWmdpZ$1ST#MFwc3o?#id))JsUzK`vom*X5(P> z>o(}j2q}OnwIGp#GRjb6$G5nijS1`IR&A!<2pW`uZ1`RT;_Kdz z2tyZ(pe#yzt#YcJGs9 zKRN4Uw6EaS=SBIR2|;?-?D^U zBQ>;0^75GbCe-j4#7yobi5iDwoF%G-6(RzR?l@qmu06o_@kYPK?n{I{?uAn(CgQfe zLys|AsuhT9FpcbB4%@66T5?ecw!*!TWs?CmgT;#}%M3e-h0bk1-HAT!~-o*yDHV0W3q-7UjDmXSW-NRvp@cbU755W&6#B`yEpme~Y$;0r18)u%)$d(NV zUTSP){-Ft(2;un?QdD&O7h^utFNJ-PPNLVzj1|ZJNdK6yFgd$DrNIdneh+`s)e^nD z8rePgPm*B+qP*`)&BfM3<<7Q-(7g*ql#WxrWzBtH5n2(X+Y24M!mrxiAL{XZueRlW z#@M;S%oUj#D-5^B4ME|#l-1^jc&nxeki%^K8%FSZ7iJP79Oyy3wDjq?#aO4fNAnbW zJc_1cr&@K{o1DC_2eb?EkoU#HSPIArQxd@7`X$3x=igf;@xIPn&%8eZ%L`{K7mM=^ zozQKLK0^n`DK8zR3Lb*loM^TrhD7~!A7EH{)8h;HB?`Nea+9f3aYnC?wrsQX( zt-P$;zZObVnWwma?j>+BwJwliZnNIn#q-4=PByCldxYnemNaiDDOrdm&aPi~jxQb} zjM~R8o_zqFd#70FsVqJgl$sp%p4MaN0NW12fAHFZ9DC^H%pGA^lBSA+SWRG0Xq3Uy zaZStXl1qAL_oU#JNEq2fM@KRcF#lYvW&LF#w|imXIx?zM%0!y#O8rYmKzDh5z8W=> zz_FNQQ+vC91;}&Ka6aJD*NcBYSTz#OzrDBn0}l_^6&#LDcB0<= zUw}0q8Ny-(lB;5Cmrv5Q1^mC42>xamObK2h4f*VyOX@&FDEg(i__I^6GtKZ8={>AQ z!S#*}!sw;fggmO5sWZw1oYCo3jfkF#N~M^ze1(*xMvIh|bep=OVuPH9#z~T{z>O+6 zhm3rD14th}jNv<9Mri;T1t2Bn$i^9>A2^cPDPV5zAFqVt&ND$TbBHeg!rZJzNlHqR zRn4Ih6COVPVVzEc+|KfZ$?Pm+@3Z8!H%oTQ2i3x$D_ z2~b>DqVVIJ4L?^uf|*>(ZEbC5L77DNe)b5FSfJc$fbvcUwNDnQVMs0l$Xceg+w6y6evkhg2{+0=C6*9-;gW6QN~LN?Yse5+%$7~-20 z?|*I#%n98x1&teplQI&4EUFN>ByXdlSRDYDCxDW)3A$C3JH59uG9qh~ z#(q(d>@4qIfA1$%5BZ3%5X$TPFtFA2Zf3r+$f!CK%kekqTb&JUI$YtAbs|lLFrYMd_tJ|7GJTF)mV=qx1`yHvxphcaJ zC{uqC0K#0rdPR>B^tPu#@ztOOgpn=QK)@*O*o}j<@b?r<9p0kMBgK6Fci6Bcoj&|K za}L@PkBT}ZO8)5GxRL+Omsg{y2QRNsFxCUk5jGf~za|s(JlF8gCKE>hWh4}A>40<` zaVlzCOiz%2C-BuFBXi>0V=TBHj*4R516utTwg`yaKM*kA-Q?|GHsDvS{)4*pY$Lb7 z2UX_@zf;x_gxtnJaGa1I*_wl)O9x($SjNe_?AyoF*o)*7r@yFq=^de;6@_6~`&9D{ z9!ze=i0;Qw7`8~0C9z6Jhln4*eCSeT3 z7%{nkDT=Nv0$C<3c?OD=s0J{W#N zH}mM{ih?=nRqu#9r`Gn^DHMuu>eXg^d3v>{#-+5d$_8a{L~m}#pGSh0E(T_E zO_~Ji{-UOVo3#-9wuJ1kZv>ht>=0DcS)hER9`pqJQVR(W{~E$Khylc`=dafy;{IzWtYb3~@qb$?0_p^3l1TPe`lZ6! zcUuZ*jvfBKyKuwBQg={UxiBrK2C2swpA&GN9Gz1xgMyp zy-6^Ye5p{A8+?juWpE@R!UxZ#PH(PgkO{M|&Cxd?t>=N2xR2Gdh-7ERw&DiC9y?Z7 z+}@u?cC461L4m=C#Er#3_(nz3=hE=50VIbUnu7;GpVFJqc`yYl9E7%SG=q8$t~dut zTnAeJ!k@3Rlb`(TW;MDRt1=rCVv~x>LG8PoG#`M`SZk9F&Dd7g{MWHfIX=SK zz1`w*(ECi_k15Xb-x$lp2m(KepZ$__cyM})jexc0GuNN@?WWQk$<)6#aA_PK1GXqS zbIFHt$p(uiqIhN)zGQ-|b~3)&HHpM7664y3hdd?Tz+a%HP6HIFCkqWT+JMw-DgH#hg)QN%iNosQli-y9GA@2Vd&jl^ zt{n+g~5#DaFj8Pq2T5@7Y6WKoAbHOIX&RP@r4M!i$N=@iE&JSemQwWYd&K24m&V7bV` zYEkTCf?}6i!EcfJm`RVFdj+DHF?(o7V!{OzRinWQ6{8MwPwvP@{C}QhlEXDSoX??8Y zBPA9>Ub-V7Jx?Owmyr5%z=EgS1({gA0beQ|l}MPf9EAG}FB}G7U~z#m5j;W|e>t8v zYENo>Mi`z9MuBh7PS7k)PnGTX{SuduCpg+IS~pl7%&#Y{Cf3`WpOBH1>lT(B6w|BimsS`+U zeQb1T9j}&R8ag^UxvSOCFcu9`(0;gxxHJq!LB5HljYaJR+&o-mjH9Z#I#N>gtl!!x zno3)1fXadx11;Ub%8Jrmu5Da(mniwt0_RJ)@7W@3nG5Uny1 zmA1RChe9)TAW)dl=xTX~#4iNqC^%qTzW8B$9~~W?B`4n7-gaeXWt|JFM$xdiyR)!u zQ~_%v?+(2jH}#|zRut;~%&*X8>-)^^TCctUFpen5>JTE@2P7wa|7M@8p_%+0q(c85 z6iHCZSo<-VK@!&L)Nc7I(f@YO@1Q?sr1YW74@E4wwIfZkW5PmyMnnAr7wBo>OPbAi zSX`9izI8{Wq|h+ZF<8^r*Qe1jyie27SEVpgRV}(~^b4fD{g>lipIeKZJ2yDUYTgS2 z33UvVZZMaV}GkQx&ID+pA$4MejK!$~FJcfsUl5`4qfhGdpNn zs0_dmHv+v(;t0>kt_07ErPg2oyz=3}d-fZZbZg^G3q=UVgYVlz5daGC3%&^uaRiEx zeh?)T^46kme3P$ltr}3@1n(9{h-7(NfnZC<7F1&XYni?s_HQjLz5n|9|I-!m|F^GK zSPxf&k{|}u?39g4W;_@+7f!8g$On8#nkHmI8FwVKw?7Pek#2O$KtOcMq}1T(6E~Gn z$sEZ1cWd|$TbZUGwz6_RP~UEBuK94`jtBwap0ZJ@N!o-8E0=}%-+fJ0XmZi0|7!{p z%Mq^p@4xl#<-+yu<-tnj z+0olfkYwRj%%7U9m{p)-{&%}$vr1au|2jtVRSie;Rck`?RY#Bh->($#8X~#>b>^UM z?UBv_0g=v;&4EV`Nt#@yiP)4>tkJ^p-_N1WxQHc#5D+DU|NTsoO#g(G9lFZ|iPMy_ zs8KigUw0`Y2ZSU|Ho2Ns|2M#eQcVe@|2>JUL9-0=zvlnV&3jdPw4>OrXiZWh?E!4TgU~6TGyV_!qRNjsDjWCa(^$%m11jWjX;=|7-rl(HGPD zU-Q^Tev7Tm}aJH{;b}2D$kEJ-4f3JU?U_Z<{941zrQafIeQ6(t3X3dN?iW?P2Oc=<7dS17jW49Cb*f3bb( zp|S$1>Z@VdOcZnBLzDU;7VAx^Z*lB9ZxD9;dMxC+Umae#L6xkW6&b5?;CobVfxr8k zH6uMcNuZ(HSXI-1eA$T)+vVrORmXQarOmoj{=hC4b$1mntKlefTHu0r)omZ+Om*z! zge6@g`Sz2(`376#-@)Q+F=sYd!2;Gzve#!zr#?wvVF|uRw@;-kYc3k8y17vreAxrO z@>+$ZG8I!=+h{G8RM$*d_n2p|9DH$mq4L8f2JNb5y7V_NT-;(MwxxotNvfe0Nrwsa z%JcW`x^%KliB_2zR>0q+BtAigK>>z20fupbl2i{>m$L%TvjV(TS;Q<^;WKJ0#i|0$ zRoRM;M68a)MNeAAi_`DEfE+#HT@ELTFOvDe_^p#Q;qQ9UI`!5x1Run{iaFcl%FCA4 z7^cw~-{S8~se&Bej-bB_vN`ZdtxAm>FpO%~UVignB=HlvW&t|hNlV)X8|KgM{Rxxg zn$zDl<-u7pEE&p0$M{Jkpvo!drc77pPJ5L#E_V_%=caNPSSjZwr(sRKeqqlud`~|@ zq7$@*+^E1u$@|x?qwF~I`wBRW4i8oMvx2x)S=m+D%=W~DjzoSRI=2gZ)U$%)%2ip0 zRkmxT5v3cYLtr=a`)+26hbqRm>4{_M(2P1$6leP!==VwFdvY33jm+x~sk$(OpPeMx zElZ^Gu{x8S8X~%o?|#p{R!#oemM&nfd^gMLnO3qUFo=eWwy@FbhhvIUs2h=!9s2Ps zl$J6d7hwybz+QOs13@G&=3G~GN3OK-{_XlQ<)R&GyC(n!Kp;I7!?otRar6#0Nv?Nj z`R%w391%rVOTtyPBy@z5bdxG)>QLr|&nndAjM#-GO8h1(p1-qt#M_YSL=cxqr1E3@ z#ay_Nq^E=@aj$Fhp}RR(Iy^8i2Z!o#9%d8tFAcH+YBVQ68+`@+ETwO|si#)*d{@J9v88%u<$N45 z??`+KPEl&>p3)UfRU~#VdXg{V(RvKuHdafdVa~CY>AM`&9Ahk-s(2ySLz$)=48TGy zuf3P}$TO)a_lUXk8nPJ+o0AO1Q-Y{S-0x@q`^zDOQ?^Hf4RVpPp5X+9JFSyl`wk

    tuRY|}5zMu76+RG!$HC!fcFhND| zsie*eVTC6u|EcWvziTRr2PCM9c`L}kCo+K?^eNmiu@_$Q7s@ZpoJLTNMu_4Q5bE-x z6QhB{3irm;T&A1~D+%;l-Bxwn->YA6xvo=4ygCKfJl+bnBu`2eHWd3CABBuHHhzr96~2F4*C!8QV0W7N_LCEU>RU3E5t zrY^Na*02~cqMPQZ_IB_RDU{XdQ|^VobYP*}lr1F$FcTfVgLLoiu0%ui|)l7d)-H6mZHO9nVMBhgZv&H&0kN(dN~?$TF)5@wf;R3cKjQ8H7t#aL;@o?1E%GunvMz? z=`h}7{^43(Am!V^e1x^1wbV_YI;)xc->?gZCFX`Q-Im2C3-g_roZ>VqMLQeAzYhj^ z3Erhyq`s6k01ej~x%E5=gfE6SQM~}_aT=0L2NZDPV0J8d3qjo_^-m<1M1U$KJqHqD zL*b*fkoAG^%pddrhqJo?iX(UzMZb#^+#zU!ySux)I|SDxI6)Sd5G(`@?(XicL4r$w z;O-Xu4#_#^{_EDeRqwr2{XTkUdb)d>+1bhR?ar5~b9@EYch!f?UaaW=Yds#qsVCMF)jrujCpG%j|M7bphbwpW~ksa0%4&*C=;fy+}}Y$%OP zW?-|>K_FQf?))Gi<^p{w@UAM`Ar2DyvvQ@u-8_Qg+YZEMMYeqO9*rgtRT){7?pDa( z)Tuq;GvZxi{*O|mD=9Mq%(@AZvCBe*PikPwLVpaByWDHfPk^V4Cj9WU_?s;VgTi zbks;p88s${Q1Q}osuI3R*zF<3;d5_lo@a6sGEpSs*JY+M?i(TIO#kTmLA3)T$nI0= zk0_`6FDwNSQ~~EB({D@A^6hq@FRtp>6gZ6zB6=Pv2sU2dzW2@3Rg|oA7KreeQb_+% zUKQT#kNNbOO;|FvU$tM|rja{yk7a|GY`tNkpmTNLH{{n_(2-`09T^WtU0YSKAhF9W ztIkKUuT{ZEeo4_{=@;m~W@UEsCUU|y_y-N4Y~6UAzl1ALMID4&Dsa0fGS_H&i<8>; zqfZN0<1aqCy569C&ZgEZsS7cSK&_)_GPToa3VbaWjPV|)zjQ+^kL9jtRxY=texop3 zAVg(W@eHz!9!wKeftA7&6M9uGO+0{OK*)cqjlj%nM2qoT7Fj3JE(EilPrqi`eY`NZ zjOwFt*0T3r*(zt^O}Y{RQ?>?o>|XM>>>3LvUT4Mvd8?_;CJt?)$)6aCZg1)65tm(r zFQGo~Vou9J-I=j`UMDXko_Hp@^sN4P?LO$(+nWo)r`9ZMPL6AM=i&2u7jIQv4(pp< z6CGXDpt#F5Y1*S#y;RVrox%;GB0CXbDS}LhckU$jP`z|83FY9kljJYd)gEHJi+X*J zXSk}O!cQ3`pj|!nlX}HAt8Z$w#atQVPQ$g+&FQ0B5m%}tKe?K6ldgiXA2(w?0-n4A zbj{Eqq$mfXQ?8xcZw}V0(0ji_*XH?|&WUb_e;ANfBgPkE#tgt_*JZ}%LI(! zI^6Ox-!~x~Z{WDinxW%|-c<|p_j& zh|kRIiH_y9$Vsl~%lViO6Xl**wi`LkUM-%5jaPj@yN%wk3CCWlbSDD-y9s+hW877y zZ~9Y&3bXjUtKOB z!$1S?Yh3-FP{`c!)m1^2=<&=5Nf+l``NDpT=N@yTaFFCeW0u1JCkotVkYH9|D|5jF)t*j@jex3}v{}5&?hgMIQCelGJ|?lm^gzqQDMKfr&raL|5WL$| z`0(A?j=+rtKDe@W^sy6Sg8k-@)aoaOLE7@i&3u80e2_-0Q_7WK2mR$A-F}7ZgcGF1Us58$~NhkTOjOCuViJx8elN8cNdXRs6^$sEcjUsON zMSOt?W@NEIF6xS*q-2$6QLKRbz>eVH%-B19t3B z`Lwj{w)RJFy(~r3t>Q*W9Bs%)u=pH9dV&liwQ3WhNPimfGnI}1^E%a&hCPiR1FT4Ataz3t^h8O@7_PLzfhb+ILw=(CnR zqNG96#a7{!^}%2Mq>ZQ)$ChbD4z6)GOv{A$-koBR!cJE~Yw{qVeCEcY3^(v>5@e!z z(vk-Sbj_|7H+Ja+RQi6=pdvS;exndAZZiw*$%hO^f1fNUX8x9K)2`LvM+4#_c4hZ* zg3`u{cRB3C#8B@!mDjAY_r%asKfzi5?=xRQmLlP|zHHUMD1X8%($@|eNBuyN4p0)+ zFbZ7>x>Z(Yleh57y#E?mqQUB&iVVHgMQio*1jpsW4F_$P>g=1(ki|8>#bdPVo;wAN zTrp?jrv}47%c>$QYuug6w?)1>-(gi0HGKydIJ3BB(&HCW$lRwr`ZcX1kOvr$974l) zv_-qU2}i7B(;5G`KPzT#Gu0mJtSrPExb-FLU^mQ1<~q2nBB<0`(KofsHb`hm!x>^U z)jxQ3I)(7$D@>)XLC|WgQI!-XoW~~Vs)WrIzE)V0bz*5S%{i6gqRr1)Uw-CEUdxE6LX?Y8V>LR?v9UEH%h>a$Jz zGv!FctOTOrJeKb66-yxD-;oQNJ23X1tcy|Ke~n5lc7}9uLO9BI01tAV{;MgbV{2>jvO7Ec0~nrN zTb(?1fmqRzrIhJ&)auBqySz9gM zo1EtWr79z;6xXnKZhnxo3@kpU*2UOZw~5fH@<_%T3Dgt3xL= z{Y8SsJ(J(NdWIXl!rfm<^$!XQOp|NYB1bPTPxdBdFAZ(HoLv-^5IJ&OL*{er*cP4` zIdJQ)5x;%T)(c;3TG5kp6;6bj11_$#IAfgy>X8$$5S)H|GR@7{q{bjRzSqDqwyzA)mgpq8&$*vIsY;;?$z7W|DbIQ>mnyxMhhI7-K;&bQ?0iLeA!T#Ap^t0#Fa}%NzkDVG-vFJ~di_&X!w2{anK{gFM%0o?kgZe$} zM)Ke6uf8S2r#@uoy&-7puwA)~Q`$pKxci!S;@8%^52i(-Jcd2< zswz97FRxB^r+qG09B5UOzM$ffyS}H{?>pR`!#2==)h7D6^>+IpFRX)I1;tH}$0*@_Z+$;Lrov$(pb(ArVEbXaw? zGxxBzYYDom|)+}<&x6jeIRf-fM0!8Ls54>qxR-w8#T(iBro%>6HJ|Fywg8LA0UTkmD@cNxJgHD zjr+LsI~cZg`8ml5t10GG-3|IvV?TE@k0xde^R^=mPH66U1AULh4QLF(d~BCUc{qM2 zUSlPJ0X^J0M7SM$kV1b@v&l?nX@V| zsvZZ`vR$j`z`Yk`MUY1YThI11(}<6l?DIbHrr(HxHc<@TBqPsLms1%y^ zzBSH3{Oq3LvwZC-Fqv;_rCyzR}-Vm;e7@>8-n z=DIh|B}X+s_zk1@>m3)4i=4SEQgT*dNe*1K4ZF47s>);aiMk>%cb&XRLYK?qj*B_l zRC3&%%mL3NS8SeUHoXw)7!42=MHOdQ(TZvrQS+FZAq)F&5qCDCnD*@i31PxW1ipCTvYiU7s__lh@K)cl)%aUk+nDKZrx+!ogz^Z1gWe>RQ~2|w>x=E z^c&BUH}9g~$P4k`^5o~}`YzfeW{~)6${+3ZAerRx|4s%MSuVY6Uasd!FCUaV_?AaM zlb867&YIH&r<>gM4&6l}6#Zr;6Q-gj8ugoS< zEk`sSi!ll3UI~e%qEda|YB8+5pEIvy)U=)Sy9%>Kx1s_oegGG*O-s<27Sse2BO=XJ zR>nc(T=Tj)=a_o~Prs`eIM?JqF*%*SMSg}&ZNtP}nVa-LPe_}Qn72n$h=V~ASZNRM zmUoGK^Dd?!s!eOIpBhui$WIIkGNcG=n=-5wcY7Hcmw47|yHXqME^M~p!BqkLcMl4< z1ZS>IV!-$ax1Z0X!QMp~s6109`lEKKbU+KDGl0roXDCxtheNwIQU^ zp&!!-ZJ{SlE1ZjtM59TVnJt(!LAn+#KD_F`y_EU=Ig}zwWb^K=NJ~~n9a1R?kmh2n zaBpbWBWsM-mw6)P%6S>Iyd^+AGZC*~mcV9w3-7|q9urD%mp zlKVgJjg8)f2k~Ik(f<4#G-7^VsSrBKFxM`JmxE7N3N@(FL?`_`+`n1%&9RU#WED8; zf2e!2s`@Qgm;fin*~-M_tp`L`G@LuoFB-~q&flg3y0skid2#V7)*ECgBvburuo2td zI@z2{>jM3tFD+6}LHtnatubs-|1Wmn{Si0KNXdO~3N>OT$;kT>O0)Ev#Dk@M6O z^A4ra)!(p$x%N{bGg}92irB#qNrMLRL}eGQ{sP)7T4Q`C*<2FZ538U7jK~cc6PvjS z+crbT^MOvf=`qEJZI5@5W^JR<0c%Ol8|tmQXK>vw0v&7alspOMnL#Z7XXpebNZ^ya z>{uOrn3IURh4Tj7fdz#-o6|g||3R>M8?`Ad7Rux!EN%uYb9AMV+K6e-BWEhrkE*lE zvD`%c$uvB1t4Yxl5pHk|8oPi_U(BlOZh!YqTl zSIu>1IvIalMT;XQ?7_Qmfwkk_J zXmZ=oAR0ChOEi#%e#R|qO2>WhHw5 zjaC=^V8L94yqS1W2kWWO%ip#PV~jsfbQSf=le#J2eoO@-wICD5hT)TeTCP?~wSP*t zW$VwBoqJegsVZD4w*g+cg*&}q<#Cn{IOChGuHP|)-B5{|GB~(aKEfA&ha|h8wKs;z zo*Tc|DU*GGFTJ1blQ=g~iK8ctSCaK*Dzv!kfm_wi@xmcwcuil^{e52wCGKhIuh={# z)h3mMCuIZ3J@U_-$2WH^260V&-YX2`3E;bm!*K2#BW4ld+heixw8! zsHoSU*@k5~ycXEhbRC!RMnzyL<}b{OF1vUt|M2c=`Dwp%YDH*6N-c-so&(1miFOla zX;dB&*)3{9F&u?z`H4bgcYH*oxmni7geIfL>fgmdFhpnPhdq-?{f#ojhb{-$WvS4QD$UJMSzgHuLG!PR1hi?zk9<5W{B$kz zYDaPm!Z%%0v9~}Cvn(o;o5IxC@w67^)yH@FsM>$}$B2&odRJqcj^%4WNUK<-k|Q%Ln}v77y>Lix zSH@LSsH|oBCiS+bq4IjZ`uTcwyB}5Qo!qN5;QH4P(N7RTjX2Rdirx@@@RyC5{0f>- z>tYv-EPX+6#lHFa?n)p!ikP088!OjB^Br=P`;nuc$vZ#C z1?Z3X#KPO05H6Mb%^4`I8MZ?rp*X1`6PX^o2qH1J*C6Vi7}Gz#~th``2E>ri`ZyKFLi2CCtG#ZCDX{$f?${_OgM6S*qVO~E2rMs zi1=>mArs|lRHvk6Xz~; z$|yT$KZQ4=q&zj$WbO{WCVi~=28BDFBI`^n!Y@Tx(gUHJNntywcnmEbo@UysEY`Bg zN1>zI9li2;I+o5F+&O=Mvn@|a4tnp*NMLUJHUnkWfRi0@bz3gg;=dm$0}q?s(~82q zxpbUoeo%OSmsjz)#}4d1UocTI=8QXaEMNClk6RB}e`%<`>4{WD9v;DKx};i|3K&7urjah;5H`L=YMTh|8)c${;(U2a|-}5t;x@0q+{_ z2+d{$|K=GakJa(F6@o!+g)jLU#2Jd$^x#(+k-!$%q4;`c4fuNI1BHKU=DOU(NUwuH z((C_nOAw(gKCJ&uJP7sKvH(~DtN_*k8-Ojq4qy*(Xz-i_#AQBLdq zX7k^S6hwDX@U#{PG@V$9Z9vkXi}B$>>p#*O8houk82wAz2>tE!0q_yv1aJnp09*lX z0C#`~z!UHZ;05po_yBwX5P%=R9}oZt1Ox$s0U>};Ko}q#@EH&R_yULoL;<1!F@RXW zS3n%#8z3H#07wKR0g?eJfbW1*KpG$&kO9a9WC5}PIe=V19v~l304M|$0g3@7fKosi zpd3&Es0362ssS~CT0kA39?$@21T+Df0WE-5KpUVP&;jTKbOE{nJ%C<7AD|yF02l-e z0fqr1fFFQSz!+d0Fah`pm;_7#rU5g6S->1%9@uVNt3SFwMG@u28^i`c(Pp+Wci|FUn$qfp`BuXrCEYyK{MNkXE^xVw1C;psYj06aEy z9X?Te{aqV+X!YE3Xa#oe{X4?nLOZgA)w@KELS-=<4ok zU_pSF=Xav=ccNDrOjp2DHahe(7z_lcmjL||U|s?&xFhs492mCtZ+9IrLhxX;e|>S} zZ}u}7fj|sKFMSbr3_~G+HH`iagSv2ajPwWuB0c(-UG?|WK+<7liU6iP`dh;YtFyU@ z1q5nh`8UuC;M_slv7m$q?qT`cQ*+94KVzUofKp+4d34i4`qowzA_+?ugt&hJKFZp!TJBDyTghN159J_x1Oiqab7bv z2-J-IuOZ~ymxksOF~Ggp|8_UC6a#Gk`d=A+00S&6@pnT*H;WzHI}phB?(eQ=(BA=P z$&Mr>Ot8z{ztN+^VS%I3;jmu<&P%`rcc8=JfpdrdHP$$R2bTPod)4uhiI@E^iz~VS z9v=(@f|v06B@n&@qL)DY5=dSG=}RDc32$D)+m}H85-45*au{eoU*2tLE+fgX(4v8Y4?=B4;IPCREC@SYgt<)s1i zAODbmve|n_7Yj!hCJzVu!?dO9l0nablM8IRrqt>6$EpUgWq1leiav}L(sX04IkqlarYcip}?4!P;V}cOKfe5#$6z*HwWy-Px}sL zXhvZ>`sEh_kZ+PUJY-R8DG4>7NS+3iR}nAPD%$T_n3uOE*#_hGUbmopgzEZ`=I4uQ zZ9f2+B(}Q{_~khkS8|{5ytzxbE)3fr*Fvd8v|~f6g=X!jEKoD?b5+M}21Z9G<=IkR zU3Z=$?Z+&+5XxX&MT!BR5+7sF%|O@12V$6|f}gurR}f8a;)wEw*N>MyVYi52Pb8_2 zyYW^jZmQOjU;A@r2B)D7J*ox|#@F%RADF1)i_da6^!mhQwrhT^6}YQ75q_{P9g@Oh z7(jCwAiLMu-qVr&op<2y@bz?<<}wQU`*A*p#cMG#=3241iS{+!rA()T^NGC>6J71d z(eC^WHCc#$;`EvKrQp>jr2QE^6s@n-)-hHs_uSc#dnig0LA1rD4{l0Zo*NEZ~eaaB)y<;Nw>19ae)8JBq2kynB1IZC>oLK)Z%!%7p z{kH#9RiKZjk`yYclUw49y=PaoDITNRUs}{L6P!^wbl+raEjTB4NeW^RvbhIGh zS^5Dve4|vSJxg^uTf(4yC+f*fF;OCAX*%`M;RXsNVv#mpj8E38K^MKE8l)<xtrAsHdlA+>rP7pe%uJT zVv%}RY8_;fMRd$Hls_vct7J{hurb=kog0+o8GN%e(4A4Eu|3G%XL3A>^Yp04X$;nd z^a{-lWjDSp-c~IM_oV8ZNg6liHXL6QY~5KyGq0<0t%yI5q)#}ho~Fi|ZGX1CtwZ+y zHdLFn*r9bhO}2}WfgBO($`5&%nvS79zLMLe5UDIB^9RP;+~*y~)0|^$SMnZvHB-9HgN}Rf z!gSG>69F-~SKrQUb6_N))O3Q7rkHIH9Ayq^**1LG|cBJ_@2hW7uAELkKQb-V@B$;#l**1Q5INjhbkjH_wZ>Y{zfWH?q ztyAmA*gr7U9p1Y0kkTzTc81(uJU?71Ki@YzKlQ9WokYV@3Y?bfe^p&LG}8Hi0GZ#XXZvE7PaIsf;~0*o(@ScuMU2;c=DAhnskPR3 z&L{*X^5ADLA+}6AbTA+@8wu!pF=Q6OOCT_4!J4vY zl@!VGX_*aQ*)lMVrR;7Oy>;Kd9T*jS7UX!|%#Vgp3{onO$MJ8h70h{gK*}!?9AG)( z>nu`wX&bN}IjQNHt^Bmp+YR-l4qImg>(zrH7~L`*TjRH?u|n;7T`4|%O!qCd_TPQ> zqng}n8Ld{?R2TQ8Od}g|5_ z;#KKti#>+?goE9d02<2rDFpW3z7a2>stOIKaft?DBSB>8Jl+=OyQngq4{-NVmIX@^ z|B(DX3=50l&)?2<8bv#~T(EB!%n4XBQbX}9bHI`!mIcnryHXFfFi_Lech zRR6L`aPhDs)8VX->|!TT71^!_W_EcWZmyW6pmL2nVW-Jx`h%5>6{=g63rTFDjH6(& z30xTnxaF;`?)D!iy*FRsY{bXLV^=3Yl8A5`9=(JFlWfX;bh5Ia zH{+V}ki67qWIpxPD!M?7c074aTHJI#W$n+Wqce=fh7dWvr$IrYpQnKH=S9rw4_14^M zk6=WwE|-V#4O|`g!^onU)PVT0PMix{f)Pt=0B12^zcfTdLew5IG7k5L%#Ir)0hg6# z44aXeqnbf!K(1<2WD;$!bJGX&=YrQ3ilM>%^z;!|)c7dsvo_1_X_8c8C~ZSL zNrK8dM9UniM_hhiDOWyXu&sbs@wF$$n7m3RL>5P z6${&6)2*#`>kpL>a(J7QueEkD*Acmfs;|D>OK4Ey-!MhAFu1;lnVnFf&p}xx_*u(G zPHW6!>U(Y7@9r?dP-~javE6p_4ex!}&f0jwgH@7}tV#97P@Tup8Jtp|nJ=9BbRQD} z8yl8IM~2nsnh8$z^Z}?CjgtJw*0Gr4UXmzD*L3bMb=5Q?$k^;J^YyCg)^AFt4Xk&O zeR=H)sob|o0+-=K19wi@VZ-*RiCB`~zI}Ckci=4iq{qFmFllYbvO(84lBW!{7Rfzp zU;V!H%Z*pKdubBpGjCYR?oQCYl}9ndd3M6|Ml^qHPIX55U@5~Xx1mT=d}s8VQ#5*@ zOx_&dsZ4eX0UqF$@-BCDD*s*Ks#QtiE+>!4DLFR6O1v<{UZ)eoS}+sITPCHoi;Xza zZP<#1-Kke7xddypKjZf5c!>|W*=8(Y=yL+Dxz^RqdaQ#QUzdVbu9-!E~DstOL^QP~@=u5&k}c{v9- zF;feh%$m%;=Ca%1E5Vyfa8HS{`T1+|EoqCS=QH2k>t&*!IIuB&HvVhoZWj}ily1(x zy^aZ=pK~=H@;sZig8n3ahLF>0=KF3ObB`I+(BE zvtPJvQWBoMazRp3JX1Lc%TOg!YL+PLwMyi@b|lks9sF77p9Y4fo9fC}Gk&(UrLS+C z5a0CA;_GvlA-Uof`v*J8*!l*p##yM!aR}WYD8xwMy!QoVk z$^b$-R>50r9Itw2nCSiJ#7wU9LHRs-Yj^uzHbw74EU!z>MYI2v^<`WpQWlem;A7Y^zN!zi3Y`NH`RPgW!xHy zg$%gIKaw}$Jg$sXI0x+4T(=(cE6D6U>K`5m;rJb<#%*T3bOnM40tp~3Ap|WZqUak{ z176E}K`6yhZO65CIZ`=&+UN>PEuuUHFz_KdnA8RddX29kiz@{E>dK7LC-jbMMKjms znu5!-&c0G@kp+$?Uncho(xbK#(qB`nryTRpWf!l*oDjPa&0OcpDCi6?BvduZKk?~gj)M*zjrxdKZ98z{X~MxbBv`i4davy%CfhB+!v~Xx>r0CocR(c zE`(%Qt`OiE)53}ZoN^y(NR84fc2VH*0PfE63r{Kr?M z{$sR;9Ch0)v>D?mQH`dWh8qbv_Ih`e#Ac!={rg{K%b0>DueyaUR0XQB>udSCd5Z%c zuE8tHFg&#+38MnKkounjcoD*34nsDr-ix>Xb>1E8Vb&*vGw;&Y)c7#jZI8!Bkn=7Z z9`wH!ErmBw?1ac_hNuj$U46Pgo-Zxr-) zFnbiDED^9T3kNk3Cx0w?^Gn41I35Wl8|?b@0Sw3*Qr~c9^u_qyfl+XTOGsLw}fl* z@#dQQ7)>d8uW>8av3aA%q5{S=_M|%Z$@6LTk@d#9`r}@za_N;8JcorT4u_6~2w!!= zA_Cj2b}NR0E6Znc7>Nlc(_b@>-3h@)#Ij(BQ9D9__6UIGcBVDFbj z;6@T-X`1wW5`X-QIPD^gy*AT)p8m8D<6vE{&IyAwK$?+TM6&eM$}7xoqSfR`U^n-u zJnuR(kT-2o1xT%JbdY38Ay6J55&kb2%0sM160W!3~DaP|l-}~2tQ`<2+ z(4Eky5Rd?9T=ta1Iq*&Ah05=)82C-Fr$~Cupt@Bk(;)P@$sqLUOO=J+HrtZs#8Bh* zL%yVl0u}=qmY?f660AhvFB>@pJK;~)>b(n{Q<1%QDM(pZz^!n&ja(k>_3kistiU*+&r=oC(+%h#pmP(s($Gr~X=mutIoKV18HL6Zi&$%70(I&_ zDA3mN3N**Jp=UJ#eF+jQS4Jxv^L(;1M&?)5YsS|)7}A}@G+7T(`Gx+<2>9{)YTKi4 z;pYmbd(h|$8N*nq&^dFFr zU$owz#^1m8-s5FhGqR{Z*}~dg?=>DWt4m$Wu2s96yB+^XTcPBSk7${b#^$zz8@^27 z8lcTP>O@sw8v5ybB?tj>aNCx2qK@$?Ebx-woVp0h@RnVUN{#C{M<>}pqS2|Zd`wTW zv2Ci5mloMJ9AG+PBowppAKsCLI}elJMKj24=cr+beM@N~~$@6%&~ zN_b!mUoVM)8|d1k>*c}A_yb2!A)O=)fBXbZ(B`MOygvAdqAdg-Ac4?9Fd!Rfvc?z? z9;P2jCOi`b$o_RG3KPZdnl)?*hsexw<}2tlX$!Pta*$W0+{=JWl$Q>>TwzSmqPG5y zd5X{b6ND68k6;o30zvtK$Ra@!d;NJ(f~3*8_Fj9h+WR4T_0q5qr20^~RJ{tpOF3-e zhM1PQhu(wyVn~AA8|}bxMsPnz54p7$&`D`2LfoEKpxStfi<*!UJvot&lW`0QnaGKmELw$}GkHHv*_H=&Vo{dH>N24L$6Cw<7UH zM3?q|hVw3n;6Eyce-TOJ{NL+f_Dj3|b=`@8L9Swj^50z};ICzkz5W7%{A(2G&2{!a zdMm5}=J?-+KyUxAS`5SY=d=6YGl(#)8~EQ72<+HPU;j^CLHsa;{%>Ra|JPy|#{ZYW z1O5NqZ3KLb|LYk4j}~JJYgQPaN3|F9QlO5d z+LL%GpcuxvtPjXjf7211lmxyn`f;7$D-SVKJR4tI4ARLy!g~TuTuj6O$YybObMJKU zBc#Rbxmwihx!|iUQ#H@^v5Tl(XW#2iX_K9^Uxr{EA(4vj%S*c5~sml1w(Z-M>+6C|kulP`{OU4Z}EBB8cRcxNuU~@-%>#(O5t3 zix4*OmeLLQnmx1*W?{qLN<0ktH`Ak^i-)qlX;xH`I(1HVzOi84wO#7Xqd5IsnfEjz z`?Ohe8_(?{T*`*4i)+>()M^>wyQsb`+~{YRIgAAD&#iy6u&TzRit=W5GI*Xv&i+WB*ik4|8UNlovP9l{ zpv(#N61Y)>;d+pf`%0HvuP1za*%-e87l$XjagzIP9w(;%m|__QwT@Zc>n+c$n#*st z)5(+95XH}iH1Qf*U#29+qnkN?UTiojB17vJhI{Mhg?r1FeOAP(h?x1HewN0yWHuJ| zFhECZ2eC1{m-$R&n2sa-Y@McTsBO%8>NEE&{&Ysif0f{ftRL34B_#d%7%CXD^zMm4rAq1U&~aq)CT@vvXZx_eP)8?d3911W?tXiEs+o`9 zp#gR%!72@gZdNv9*)H4+X(+)?532;I_0o6%<=Y$-w^CPETqC4bTrBD?g^}%IaXw!| zV(o~Ck}`EZqatS$*sIn99!OzMNfVvp#d`kXSRq~81L^l(WYydEbR`$>!Zimyi;{2_ z=QK)7nqI$IWz+3rAl|2}GT^1WYWDpxA%T*lC{R(#G-il=rAJl8R-iX>e1$&8@7AhD zBAFJocMvP3wRiAV_vt(~W6lk)*ufz=vK;Pe|e2Zt?La3WQgQ6I2OD zh1wniUk8_!O*i>jZKL?+d)+Q#$lfM=Kk%22CAOAv`+Oa#RFj~ZaQlqTn!k5-X^!&_;j5nU;|f7zhguUikY^UNy5 zN%tZ2vO-zcV%O_x#ps#3(YRp+rcVo?PpZHHktGZ8m|hP4MO zFZyZtQ~&f&#?&)ri@wS^p@?|&j{yGaeJQh*&Z7Sb_>6Vi@GPx*(0g7hw(A4&u@pK4 zrwGX{ad?tuONewpV4gj7D^&eRJ)C{w`!mPbQLJpm+wvx$4ajEgx`!T(HgdT0os@8T zX(el73z5S+&w!~v`T5KSgA@hKONI#~1?3FO{lT^o)B+MNdc)m)I!?orL0o-WBvaVZ zq)C>!{01CT+U|1H*YvKd^McVA`Yt56{Dd9B5uf0SAp^(Xszi34$g3iSB;wnX+e(TZZJn`DGWu(^u?UymET(5RbS65RRDf{_{ zKh@lfANFg}h^MB*T{RxnSdo=X(j)xaEWuUlz4^nxb1g!nzVH~%H?^kc@3E=Ll_$N~ zIwEF<>V`o5G^ZN>En$$wdMZqnk7s7}`&A$v2kqG739k6>hg>>Nw^>v=POo^ixb8r? zQJuX0u@h72ncT}jW-r1*(s_N(xGk!7bj3Q0CiHq`2F8jyo#V#$DU=bezMEq64QoO9^G7@vyrOQGcA=t><`tJuvd(}*@CwNosZe4_L z1*XiSlJ}hL8x+LORCVOLhq5wLL6ba7HOGTBCz$O!>l7Q{#m@YsgEv4PAufS>T1gTm zjax5~n;p6l+lS+2-qXxOqKkhI^Yo{Z30PAcUiFnJDik-=L+%%gDu_y2n4f6XiCG<@ zY9F(GqDT{!j>#ypaz+=pzL16_f70>*#Ej zsSUgPU4!ra-Y+f|_#1Wc;(q zvwQ`s-*-InVEs-}YE?fMJyB}N`>nKeC?a{8@xE+Fb2amiK?y_yYfAh{a;$wTk96fO zBJ!2?66(bnJy*k3Qq$o;@l~rCag^@>ilKUjm+vyu6H;QsB@0eAPH%fYM63j{u`2Z3 zk$mC=d&GiHue;S)r>Sjk@p}K|A}w7l>I%9otiZup`|MfJPH|?gCVbVR_k>va zC*29cMw2(>V&Nj=g8=OMNnAfhnT#Elz2>lx=mP3c>~f65>%54Y9S$*agzHc13V|ln zrL}X;mNgs*(Q;cF18J*}u`L%?4;iKcV!Zh|vCXmme&u>;gxFwynygs%8JV3FDK{>z z*Lz>GV$HU0gE(D>vHcpMa0&^L$5?I@4zb5g_bN|nqgzfYZg&nix@osC1-A=4k7YKe zk@yXVlH_z|0>*dkz<(A4^7;5Zv7u)_dJTqz3l44ve3#&yNm9 zIwqs1_-xud*01GeCtQ?PG8Snbwqo*2#ksXd`Un5i2B$e*XUMYJ{vsotyrT0t!OvQ* zFod3V6))P4Ttut&e%?ex| z#u3umsv_7bdx1B$9{p>_7aK`Aa{B_lf5`d?6g~Khcg>@18wL`SLPh9QaZh}8$M@$`SDg63XLKz$Eah*&nq^2sociG4?NLW#}>0p6Z zw2;T*akxbtf5o-ysz-JJaZP=0bzo>Q2DCSZQh2wK6J^#|fI*g4k~*jEkj{>*wn<;8 z)>eY?`R$uTocs%n^PT{_vWulXJSf*xe|vATn0sEnx?{F(qT+Dvz=|R3cjG3l8>#x% z*>bBN3vs_=@?TFAWP4$)Y3HD_;~X`qEPZ^nJH637OYXQyd8aG6W2 zzv*|EaF{%C*5lH%GEvXsN&RNgm)HaG44uniw#&s^4qM4gZE0yl8d@W_J>Ixo#+P0w z6A`^t0|IO5GiF2dI%ax|l$Iaoy-IjD&0fL4%^uGw4GXkdxBE;-W9!<78m5kF)Yeb$ z7Tl+TWx$r@B=FN1MQLoo2PPs8%&*kdx+izjIre3~1ooZcuDef^I2Q6JS@8!+B)D=< zsW2s^6g0bm(Usl@bJl3rg1=r*aDV#|Si2L_0t>mUJGy}@fvqZo9<4_1eE3eaNU!#t zm389%@WF`eI~MJMW0R`}=tv@z5zdjz*~zXutmfOsdhRLFkx*O7z@xGt)`H6d^nlL{ z<-`aj+FYwypFkHv-4 ztIT&uG>AfL?`u;Y;a_!7SZB#l=WS!l1jc{9kJOAb6(bT zua9W-Q|YIl_%=7Lp53zU^sPKt`gba9Sa|#bUfkx8o_DA+n)QqpsN?&mpKgSo{{T0b ze7-$ceZD^E@U@YEi8}CVy`Jkk8#c{~#v@rVSY>{u|HZO2chKjwbZbaOFv9oQ>Hc>? zNyOGs&i~@+8-q0Kxvtx`ZQHh{ZQJ&=b+v69)1J0%8`HLJyT5+!x9a<~PLfk+r&6h$ zWbf>?@)$n5FLs@VcQAS<9z3-7{PMX7-2Kx;ITVh&Tt+YaSAiQq%^@cd((##i9b@o& zgFz>hJsW}mxlG)K&bBoTlYy?J)j^qZibWNr@L*u@|zzA?u*zrLScS&SR zwtY!DuFSs9Ku_>{m?QK_+H{TC19Z~7u`McK8i03|kRyaw>`kU`^pl{ybIRI~{d4)& z#|DS{(;p6je5d?^JXsIQ_&|yID<;L#gcUS1m1McOC46n$$a?DWlCtxXAIjJxcWlFF zoRk#u$l%<6vwU{_(S3yxcch)S+)@r$LlK$r==W3!*?1{htP*`I@L^KeM86rG(^@OEhsqlGWmeYT`Y)1aal=xsyObAq670rv3zRP1iXkbNKY8^%~ z4|=6iEC`~~*O8n%-pLNM<-Uu}EkqWvcz{?q-f=;+WI&H~iO=a!LsnHyD1}?AahQZlxjFe&!R*?3&-t2qW2+=k6 zZ?;oYC=;HS^7E&2v>EG;7yog4)kN>YVJ(yLakt)lqn|jdbkrZOfSNQCS-^sP znzWaKt%bwgZ z3M)xq2sC$hdjjAn$|X$9+W zP{_laJ(b+|y=%t4^fE}{stfz_P)imqWomJl_#kZLc4f=CFSpb2k5)Ku9Ab|9Y1pQ9 zC-k8Ou(RiFgc5`ELPKL3;7_l4E z#s155W=D1AgT=uU0mUjmHL|X^bF7qJClKpCqVQ8W#heZFc zD)x+$IaXTnh-ij39|rc3m3ECN?P*gU*g5_X#HiT8U?Nz1)61X zkP}An-%enu#B6kkm#oN>IntW?fJ?n2d3d_R?R;RFpxy3WvhRHux>cAK%aAB|f;G?Z zsBVq1py`S7z3~9NJ zSaP=aCI+EWSisCVD&@ma;R!K7W1miA%IhXh@1DQNb8^~m{q(g3@hF`9Q=)+#N>lkb z|17Q@tUK;T;WyG=iME6Xc_v~gC^HiEnajh&NUn|KEClAq)NS*&4^`Oxs~8N^`F4u2 z^GsSIdcEv`7mXc|QhwqFSo9fB2d+@g2++OaxpD0-BZlRXmR7AK&UHT|-l#rgOI;!H zdh`>}B);zx&_E2N*ps^l_tp-|Tp@Wu>i44%wH1DRm5t#W1EkOp!FV>f;^g}C?8nA-xl*UdI#l;gbS4R~ycpbWdoidDh&C>kUZ5qAGdK7bva zHs5*~e09%LD9#JCv#!ofw3$Kqj}#e+hx=W0>m@_({G*T0komf7QD=6&N!{-rjhQ2baIyB3KFOlb++8-+14i})=?Mw!Is&oo0 zOwu?jj#EoOmJ67P@d0yHQR#7(jckwCFPMJ92C`^rwje+)-ZUWm4la^av>O$nnzm>7ZrJ zY=~t@c6+lY(wEp*9+31bYESpI77h2~vwhjl;~0heS$qAHaKudDxTLtqj#)~S*j?!V zu(P{>^3htK2=p1^MYNNwmE8y}zWtGbwYu|ds?|l6b8Cu$QTT&lVO6aX7t6{$ ziZfUT7-UNB&nj=*&+5@qy)!5OThq3z`7{xe(;tRQRSECyV`C`utHxRL1*P@kJOyaE z@WJ3Em-|U)?*ZB?ND7Ra#H-H;nvV2fw&vigwU+E;w%EvU?sn}AM{^X_?+l&}HXu@< z!|gP>gO7pabXUM(Y2Edh`Ca$_FVBGg*5?FRjHlTtjV!h)!m_hbpnE-Cd&u1cVqZ6h zq)ZB9<;GpGbxU(Q7ZpY%2MzJ)COBUN!+jUyRbUs?C?jl1%IJ;vdD*p* z9ImX=e#v^-<>ZPp!KsX!Y3!r0rzk^BjeoI<7U`?+BK=HW52rTEY^owW`;X1weO&jxhfIX zst`i64Tj9Q8_^1JcORWM1WnRX+CTP2DroU89R;yVCRS8~%DRvt8j2Gsiay|a(I>`2fUvf+9^KoAY;49Y(W@I8K$~Fo-fpI!lo$O! zwk)<7n>X@dfyVNh?T)*nRotw@6p1#!!OAVF8s;%(Z5;&o(8{BC!pzo^jpMG)ATrsC zp7yKcw-mU@P3kbPeMUIR;(NmG_oC0EMAASfAetB?sAj1o;v})Lq8N26Qrl~HC&Db~Af z6A}wl07C*p!ecX!&6QUEghJR-#SU~#l0XL?5p)?E7V4`wHI1veg0Qkrsa$$ zU0lbB38}RX+Fpcyb2`bL`Blp^Lt!#6n)_xvXQ!=*Aw5kEhNV1U&jq4YN2KI@A#1K* z$rj%&Q}zI9F9f4hugjt5OpT%SKNb0v&j(VY}2GhnK9P+yT`rfBGt(KYlX56>h)`!g59-tL>AUUnU z!9j`Kw`Se%Ru+^cEuuLw4m}<$!#FH+t9;PjC;9+2d6qfo+_Xg-ax#Zx5Q$6+ldhwH zynTJAZ_sr!XlQ6N=t^>u_RGcR)onI~TL{Lkr@i+Jo28Ei=Bc!IpfG(}BhfB4=+lrM z$&YkyE9%@mUnfR^#YdDo6zTn~w2yJ)yUU5^OB7|+@!ej=bXfOrBr z25JBYdXLqP{E~NMVzT_yi(F_|D>UQdt@Pr^L<8L{ zYX6nbDgL{n&Wi3|6G9Kt9KKk+6$T!Q{gsY7jQVsoP9PnyU+Zu#EgWucF;iXnbP(?$ z0ejb7PC1epqmzb$ry8rMx?h8OW>TAj;DSG*^+bM%PM6YO)QD=A1>oZ!pMu}MEKQSg zKisp+9+72I4@e}PC_Qa4T zh}?#jAz99vN**-96G`z}>A@~jt&-4-u*r(=B;*TJvLd1CJ(AGuuu1Wr33pcLlz9Ny zn17f3WU4*0T$|L2B5ByA30{iv;W)?WWvoB!q;^5I97cBiYr#zul*Io7XdBceib_3u zXym2oh^DEox~K2Y_3x`d=9nezy5`4Wj=;~=TS)#Fi)Ped&}fg3{lymRqN461YEKZ& zuXVr$NIA|q*b;Xpe)BlYM9gC!pi+-TVG}j=+E}z$3kkNlV9)S1L;M}J_wFd9e|pc~ z^ISw&&8fHZcfuVtLh5-_J=odZp0l1{jbax$Qw=JUpa9dhlqt~UIirYa@B(x>sxoDf zpEWe{56DaA#Cu7_dj-Yw5I;Ic*itM1yy?I2Be%g4cm=iz-Hz%a*aQfM`a#MQKeCgp zjXbNbbwT%ltES9u`O3#7_53pmmm>nB)L(x=ukL5-0G*M!IhGjCG1)7j+bD7O?wf~k z=QGwqe6$MDuEv#Vk|Kkel*3-0ioDEAKhi`0t3x&U^iS^+Pw%o#_r>%CA+bx~gWg5$ zrwmqr%0u#NBNqewpaAg)De(sfvh{SRqKZuo{7V`M%b#vkKnWk$=Vbpkv?I^0MYy2o z2ln1fHcpuV7obE`^7BQ~cf`44RaeLUnl1V+W!0_BSMehw z-y?nj+rCwP19Pt%={cm8F~rQp0)0=xe>mb@hryvh{CdslW{F6v#n^*gO-4-N?9ha zn3MljPA>KXJi@MlXJ!Fs?>&nTOx}ZRQ*Vd&JZ1gzwK;~oeNQUuNPTXBmtgDA&8W5j zLClrzZ(arH<~-1@Pw~+tA%OrNkXNuf1$yHD0rUatC?o9X_P1*}Z#Svs<-N>E1vzS7 z&fiP&24avsutDf>R3yQsV5lFUB=Vyp@~cnFTgtLI)E>`)iXaoM?XsE(DZZOu095!N6)gqC#m z#^Jqh?fA4%f-wBv{qsz736X!=B^?Gd`=C$mRfE!{0XVI_X=AhUu>xl6(m0)`!Pn`x z2-%iOXuUKYk>Kk4Kj)v@+L=j+wPJ2n)37J6s7#cG^1a#q zuRlZo1KhyBL5{#CXF$^lFN=%c$EzE!SI7?JMzi8MiLX^;!hgU)WGlE6+A|OGj$sEM zP&7iBoxRrixO%DSa`3K~v-ZZH)^`WJUl2CYA z0^C3@!PcM~Q7su;f}wtZa@LP-R=<~40J<^nPq2IkCdwdXxB^lhk>Bcp=nn`8`vkt2 z1-yWF@+Gg(gH1taqOwt1>f1vDkbh8qHankN`2ODih|*j5B=pR?YmtkGY*U+DtbiCs zZk0@oC|8ItzystKY;WRcTKqs1$gP<#Fjc_Iz|y5bkq_ zlVYF>gBLBPA#?S=i}PrihGW1->%scSY zMtW)vp)S@zQo6lv$Ey<*POngmFI*do@+TfAZwLcvtefc|ZsgZ&;c~Gs*PRN!M zu1G!X1Jt&iNr}1mxNzF`t>b=8_ttm`$CZZFEOx#TZwT-*GfS4t#4zv-A07^QoifjdVlg40cdQm@y_7NRFVB_+F zZW8!|F|0#2Us8Evv%~p$ZxykL^>c6zpadpAKOR+~E6|+tT!z3h>eMNRrE?bC7b2<` z;eW@-KZGtZ$EZn1EYwCVMYRbt4lk~I6CkcC7~KpGz`WbGAt~@J4R8erM|}P)wX2t{ zfQfIy3861d)JZYtT49LO&lDB3m*80CL5f~w}jhpqFZ@zTWuKYu_G0C2*#Sr9{US4)hbp|qQC#-)o}=h8-Z)16vb4?>edVo44%KG?oYqq zLs&g2K^<1WR_ro4dK(H%{P`l6Z{%rX+QXl+E;Cd?L9gZs` zip;K_XgXvzk7G7CZj-aQUmy&{1CXSGe|w|~nj;DMVt`9o4y5_T5l_S7BgEUo-6QD6 zkD$IFH|HSxOGXAN<0UgEb0Zk9mFkO`_VOfal8VkMJQOjU}`a+(QaA&l#UOSnuvWp;^*n(%1Tlqd!5`w zxx}eZAzS$-|6)b2o)f{LJV1SrkAx|rUSfL3VagJOGMO+!g-9-~I-%^km;c>a0Wyct zjtD-UnRM7xSgP3yqySxl@0~`<2B;0KF@VC5CC1V>sJz-;t@q0wJ$Py+Tql}9S3Zja zRbV@sR)ha~Oxc05VZ@zP(qYAU9Lk=sH2ckfzwMVjbRnVlFXo8GKe;bVe4uC=0$;Wn zY$AI1(%t@}>*HmU=u1FN=_nZAx#Cf(A2Ol zw&0;vaeSXl-%^AfdWRedPQYTI;pWT!$n&!UkYQhqUCqX8f^3hbVAR`Rtx3Ihr@%*e zR9n$u;Bl_QJ(gALOASl+?Wy{oYRE&2rMmQ zRf4U^W^naT`;?;|zbgHj$`Osww!_M-%w_T*ap|iTtu1OpjVxo#ZAy@dqc+-bk?#au z9~~OhZF+jTY&Ms)IXPQGJ)a9oK3RAaN%zu_XI3MS@__q5vjH^{qBd->6T5HjeVpbD zi+yK*JGR!!fPPjUr6O-erBq zhp{9jy`Ke#>zx|-H$WtwT=L=sp~9N@5C!+NhGr8vMMA3s3X+VqtdLFw3J3s*@_v_$ z7YFrd_0cLx0>G>2b})bfU!`D^=;f$w5lL6immhm`RHWPw!~KJ-I%h-Jhh=4ZC2hg& zRS>1F*TQvEVI-iH%ZYwgn+a*Wor5A`eIE9a98)^RzI|TP^YHC_QcbigbLA~?Z5~uh zN1+GTR?pe0aw>{JV0L5WY?2%iN$jp@lih^W69{sAZImR>n z!oTcD7>bsW4zKkDta~)rplzBIlclV}9UNC%)KkrrHt|6*%n&ie zH=w`Huk9(4Z0 z)#?$RlQ20|2amRjB-B!saGc;?JuJpB^vO5)L^=v>K_lKoVNt`xWW3rf`A6&^H;F?c zZD#YAD_>nU@dDf!2Nd_wPtHrc0ih@zt#Z#12VjW0FjX`<>r9z00)P1x{SvjFe{?Y; zpT2YmMh$F!C5TB}Mm@$9cU46kAsp0^uys}BU5^LHqA~%>ns~H%7xQsT&jj=yq)ZeIzS`u{c}pSjtUW za~%zpS8?0AuI3>K^pPOp!%VJH!c3we^ECv&O?Hb=qhjaEBFSdn{IM>e#)E>C6KSN0c>#kh)^OTC1lb1J`V z)1?@zWW^1RBg5+U%fgPS_6dkYpT;91_coA9I4u)i$d|u`FVkm)mb<7=5efpa5SNT8w#T819iYKBE6&)+V5dEn zkMJ5lm|!j6dI1BvC9YK#Z%<&vWX?5Q+?|7ths=sE`qzAyy(tmt*9P*-?_oRuLI(!< z!3=#vT!Yy(y;`)rBnqXLWZ2#2!_wFQtis4)k&V-m=Xk?XE1u9(N7foaVMhmH^;cNVF==wYT;do}7 z;SHJ=DG)yuy4tYynv1U*gK7u+Z!+3YzuukS#DldW^f$C*!gXf_+5Jy`{T2yK-;qU_ z6Y`4ME#b2$#DFkY&|l4#nrILE7L^|KF8;F|3Pyg21tx+#FJv_47nad4rn!?2t15fO zi4ll%auQ#I1Cr+H#HgJObr-@$X$-gG^pJ#WuxeZFL62H58|$p~l{Z!`V_maOb;IO& z*A*puL7i#u3i4Pldl90q>C{}{(XjSG$I~0+G`X9t{D2kS4RdJxszrT&SGg)9w)!&p zW$njlxE*`<=u7U%qpFXVxoY1N7uhZ~)-CL+qxYrvEL0~nCxLjNRfq5JIG`Y5kf|oYWeK)&Ln~xLrxWP9^@5dXl*IHF^F`@f;m>SO2+w{< zr^tSJQ>5TP2nh^9D0xz;XgWrBMCqmr#f5``?SK_IAu^QbggF~9W@aJl zjN(WLA08^new2g?_*O}BdLZdSm$X2(WBG4&P!Cc%6RUH;Z$n1E* zfo1eX0eM2_EE)C15~y%<#{-c>^r!IiOdTb>e$O%t3T3eS2GsYMa0Uf+ndXfVAvSO2 z5I{Qy*5!}5SCE?41w3+0YfNJq+K~iKN5Z8*aN^%KglA+dlq*obNbJl#xRU+^C>((v zWn9c?VR9xQ+Hs0u+6rh|yTIb|dmE`InTR+s?P_aY=X*!Mh{UJ7cisTXCkOaX&jRy2@TJv;s@?z$hQcecK zseh{>8d7f27-gzJ=vNf%6u3K?ECl@Dy|D6Fk``IWqQ#{v4Gjy-UrNj(MRTlDy#SR^cl)% zGrDJvuh0(+1i1~Vby+yP)otm?9ss$hW+-!~?Wt0a%nb_V<^RIdAe1+JV666%=;Q0( zfZxR{LZRP`75<*$g$5=rAO>RfW%_(*eZEb?oa{hIb8yl0#)FX++U7H!8XF6uM~Lq* zQYJT3t=|%u%C5ve$2Z3KRjrNPujiCKl8$Tg-6;WCjWLlDW(T;!1_@7k&jUV)(LTlp zfP#639pkGBj185;L}Zl96?Wh>_YxZsdp#6Rpl@g+l{QCOoR_Xu# z4M6=Bc)^O9MHLxBv%jx&(aO-8l@;C_kTqqBXETSA@W8%W15>Sl-(X$vM(bRhh9_i- zIO^p9C5`ZiV7pp=@Nj0?cKPn3@Qs|^b=)57&{XZts3rd>{E=J5ibLA%*az4a0} z`$Wt2>{(M#qovK|Q6`3+XvJ7*@=TjJ?4IZQu1@p;V|X8WLW>$YHq&9ZLK2_&c&6>T zx(7c0jHBQ_4a1ZFJGgr1Y7Y6)=?5*r!)n{^h8FpUoeqH~#ha^rp$q_6Yf&xI09IWK z^cRg^OAz0_jC-Y@2c-xo+ z+raq=DWOhaJ7;Xx-7TWO)Wb^F*{kCXf5Ym~)m}E(dk1^p9^QS;oaH=6PgO{WRxq9; zrdQFOSy_hWZWe+VDs}+uDz^#yRu*Kl?elBRXH?d3clVwpG`H`vFK(4|XBw)TWKFgX zfGMUrU4$L1y#_|te16U=50~!Y%e{qkFuoE0 zix2wB{N7(mJn9C3_y1!iUPTk*gSIvv7w*zU*K=EJ8h6`XRrM#M+Qoo!1X8B)Jd|VX zAm#D;7jZDa?GN z$5FP-?E7kzXJmx57-0R!BDdbj$A2xjZdSwoe8R#c0wKX?WEe~hN=iVK$NMQG1;e77tlifg#U^jUm8`7Wz8jW3ug0l zol7-4!>Bsi#s4Vq2QeHES7nlG_z(9a>nQ)thi|g7&w1hF=6A-f>3Fh6%5vuq3F(fg zna4>`M2F!QSza-19RGOYjPy~hGL`_&rNxcX5i}8_{MryS-V!GSB3d5&a*TBLoNVA`*Wa3QhE&f3?RxGDNMSVuo0GKoH z2(T@ht=$M`lccB+IGDpI&vM&Nz|-Qm4^~|EJV#H_jZW)z*xpX1RfDNcLR&y9_6Zs} zYB=YHbyEv7WXHz>LV7gsh>JW9JeZ^!Ixa^_q49BJc}B1KkJkB6g`4R?(o2h;$l62v z(jgGYWD5*OSXYG(LsJ7p*lWL-({B@30Z{sGhgT<=+d%a(dB0*tGF)ovpt(Kp!6d2Y zyl=ICcP{FxIrk>60Xd|+^VjN#JF+|zfe|cre0wah-2cMep}RNU)k&Z;qXTBA>O#l% zfd5`Nk2kWAcgu)(Gh}0+cHr5X;I8BDca|7VqT__k8`%J;2aldn><69Ws`;P9U>a^(r{U;UpW2F>>E}S|!%)*mHNc3;nvjiI zK>T;ns@*dJ?&PWIC#6(#{wGZM#B`nry|6&Hkgq z+}V=`r`z118#;(Ox6joyPQ48aAS&&E>@HpU+L%Vs<#@=Frt9}Ls(MD6S8{30&lP)} z@u4?p*6Q%uS-w@;B9Wwtgsmq3Uxh#W4o-!Zy=S?J0u`C6n3EnW_7p+CS40sqa7%c7 z!)hP^(gzrkF!*IDp7LyjNX_rNcL$dlTl9ag#;FINd5Eyoz?hi)GBn_OXV4DBi!`Mh zf_GWTv7JOD?Fo7OKdo$lPbs&t3EheuH(<^J;Rqfo#hWbmRgEy?a$)qK;?~EIuqY*{ zf6Zuc=DpP}_?-oD=YOqJZnE0zSf9cQFky5Uh?Gb;1?jwflpSC&>S&-)Wod@U<^~Is z$FkJ;;Q7WMrr$^oKN(PrUYt-wf-D1Y1%bfT~P% z4m)izk@d=}4ffLq4!X;?uvLac<4WQf?w@%r!B4C;1wj~v8r73^=6?W&DDu*@kH!=% zbtI#ps@5B)%sq0>bAY1;CIX($i~m71bb4#d{YwXMA>W4s1)p~c>&@$|ndiK=pEe2r z;^h^DL(a4Nvg~oc0O48??D{;u_krdSE0f2+YuD3>ZP3q-UG~wHv#%>$F3;ZpcfF>G zS|r7M^_~6LGqm|M_(kR>$Y%Fn+58d4anj2ZM^}whfN3!E)s0V97>@V*m#d4?$4%@h z)eozet4!l<7a(g=dlh%_bTw*7_%0U!pAEd6nijGwJFJtCO!|3PKjVlF|NEbe0*!SL zjZBZC2#d`@(oD(H$c)B2Nm|5~yJX9KEgUbnOIFqg%Qbs?ehSZt^$vg6s1E<3FIYgm zmKO=XsYUGQP``Rwkbeng2>GCf0yIRU+fX80RWa;?qXX^@NW;}cj{4Zjiqgy(s6 zACqyQt_QlyWe{?qE$#0UjHTl!3679T=ZN(Y`_veLO|4+=a)ku?^bXXno{%=_(xU9c%9g*J;W~hzIrPcBeTQskRMJB?hi5XO*}%{) zGg(6Tc%|2o4tm+yM{uI*ry*F@%W!Sh?zAdOTK&E%T#Nx`N$6X|83}ML&l`Fs0Ka*AeBZl@x|M~6;_j1 zxH!mc`I2)H>kf7B-+aYE&*@EY)-OIg8jE4+AB;hlD0wK1G07@vt~FK2(9$HS>2jDl zLfW~_9%4s^r*v+aYZu`w{xL8Kc#dTy8cBjbEw&YtFtO5ofM5an71v&fY{7S7HOuW% zBW{|66S{sf!XDcLmgK}J#^9au<@p|`^^S!ZqQ(!2J3D6*R>;*u7@~jlozfO`VWU9I z=#M+&qNw`(L_c=N~rkq7`OeN8ImxW@jBjil|mWV%-xa&U~IPFV%KsR_!}~BD_^mfrbj}6E#j{?fqkK@K>Ermhf}!2eakuYFG`3@> z)59ebE%#6_57(uoDYISrn_TGwoHfo_&vOx%90fTyI=S+*JWDNNA!#dq>nJr&HRT` z=-c?_SxEczv&nn%dsI?)?fv)bjdALLms-1b3v_}4I`w@ZwmZbFE|$KVBkaD*s*EkS zd#79~L}jnGqBNTteTL(RF5M|7t(lpLCOKD(N*#$3u_e6@b`!QYI9l`kxX1bvMJvdy zNm*rpOr^-Um)O1A;=+v(8yF>;&^5{*h}Ij^`bf1y8rsmLbE}!DIk;LiPo?&m`U~q* zwwWLq41Td@Z1wd&CwY?l;przDDS_nk^zwO?f#Fx9)zfxwZO1X!ZfGcTMDffutI8; zw2tOKm%dsaf}v#IDNJL2MJj2P;s*|3zwe{psp-=Y=B-)

    >ObyWQ$msO|c1Z;DHw zIrW7UwOI(Dt%34k_A_0Ls2YjkZ712wbl&iY!_6k%vB4a)U+|I87(ls_1ReVAo=&K&!Bxi)iSmT%AfAyb67y<6Wo>`O&`?35f ztE`&*GRi+U6Jp}uI$f!PR@TaED?ECJi&@zs!x0taxrVyGhxHzk@2{)n-;iapD?r$0R=)N#Z6nuaIMzMx@jg3B^`B(0~pHKWCNvCF= zVa25t>E-2P<4WhqlmHNGs)a9aE3k2>BGV%;bI66#*2U#pbjQMG35l3G{E;)ORY@aR zR9?Kl>*rL}6#z7flv88#*_|4{?-VnW+(kR(Xd;YiHQU86W;S0079Ev#N>d@WWadUx z$AfVIhs~Vn=^*|t%EL~Yav5IU3P^pz(MV6V&_rjq_w*^OmchUQP%-jMq3d0g6CR)p zULS_8+0*WLO-_YRUM^0|XSwJt*;bVpdn;6n1}yDKEpsia?6wu zpQkJ;%$>gI@9Nd2WB*E)b1PMmZR~uk&E?hxtazW;lbuUYE=iK=~3ZyeOyKb{Np#n<44DbAWSK!$B2h<(isWB(C^zY2jTP}eI z5VTqEX{tj^e|}qWYi~1w6azD2zlUE6znf$NVH0aLd?C;%`+*4fYiDtC@|ByTE$rqk zJufe-Gbn0+-oa&59ZM)5h@P_B)^`FI7@{9O5xTj*uY+uyEj!zTS!n;zr!o!VF7Q@Y z`r-QU8P3k(f_c>t>OG%IYRB!}bV!5^;I~?wQK$nMb{obEKyP2whOh}h%;+j9RRnuX zoL{Udv>abIr6D&4IZ=dG6)U+!mVFm;ti zJzR?Mb@1wckBaaRT4IUV5yfE&w(E1eot;kNK&l)>&H**Zbhn>nxGSCt((lXw7)2Xq zd+;w6!KnvOlqlNY&{uLr8NoHc84;KV%S8Y&K|BkA-fkR@RhyzHrzrg)s~D4Gl)-*V zRps$tk8mv3iUg*@Ygxz&SBw75{LUrJ;X0ZV$>2aS>h)D0E)w61b(&6#*O$p`T)~dh z1(kDWk=!j`)i7UTuVVe<16Lsiu%iUs`1H0B@CVLVG;E$_To^!@iWwo#4cKF}dU7RZ zlKkV1MH-V6w`B}Dq@Y_!B4F-Tpf|i>^YM79g_~4VMdc?}(j*@iQC1^a!>os_H`hQb zme#BF-?1Dy$I+D*O=UA(REL;$zl(3CvzoYz91753^YVoIohqxfrLM3Hs3j@Ee4ks$ zqx!e#6VMCGjD4OG?V13UZnVQAYgaD2sjw^^A}%c$Jg4_U@F|3EQF39 z(HSiD%&mBcqEvbSO(|qp|9)eD0zuw%vbm}Ql(Wm$<|N2>s@hDwDWfC&OfBnjcQpl^ ze^QzaTVvQbwY%d^1KG+9$nU(plg{tv7w)r7SL`pmZBB>jL3P0#+yYzl{H0ZpkMD8T zw5B2f>+T%1x(UnJ+3q!_+_^5_q9gW`lH<~BnD<`$ofpBzrOnXDe_+G3Spu9eP7fPS zhHr3z{5P0YFgNYV2C{pMqtHxc8Ef|StELF-Au>Kwj*pfo-JIxXRx~b4 z*@}MDe!OEQXov0(U`@ZJ>LOe$qQsJl4hM0Y9%$#v?yO@y$4EHh_=eFY!X zH}nz8rqbM6dX<)&;c4T@(Y~@=A)86NlRd!Q8!w#wvsvO$36X*v~brmR&zDyAA$YOHumT0XuLoJtKQXB*XRWSeR8pWDtq|KyfXT1cAH zXjJ@!NYbjjFv>5gRyuBdtp>ag%!(ynD_dlFn0;{aka2$wkpO`2kuan)g!-y0+l9lO z;=``DDmia+2Iut5s=-?ZJD%>Dg=i@Ny3~-Z)rZ0E$P93)utwI<9rkKOCc|}M&u6#a zjGHN8^%)?j69TU&r!rI3Q=TcxgNo+p-5>dJvt73YJNtJ>R(A0#5CDto2o{JdrjNJD zY%Db|H_Cqj1t6OF&xNG&<3eJIOI*^zq7YPK#Jee)Od0e8c6$nK#5XSAWbc?lk?-C0+$%lKgpj@O__qY=(PSn{vyFizSRe15m3uJ@Ji z7DZVWykZ+*&XWRoEia(zp#1q7`Hv^-RN(*$&agj+WE0brq2oC2MmoX-c%9)Gw1Y_` zgJ~o|%k9$UIX<_9a2QwCS9aMUOVexXe(XZib@hF~=;}hSj&Zm7ruA=_*o25l+Yk1VREG^1Q>@mQ4 zSZgx^{$NmQ%T;PythMnXQlVO$8Nsi6+T99fhGTBEYJPs4tbr1=MgOpSGsG6YoIr4` z%xLCuNpcc>KhnPqP_{8TaX>xFlct*(6nr=6{GsBJQr{>2c!H9#DU_4NU0VVO&AI%W z4U_Pj3#e*`_U>P1jro#-F9*XbJlW^tf=T#md=T(eg{93?5E8Y1OAo)-M54c>v7{fB zSJd;E@?GddDKF4#eMB^dJS)q@SVV$!&os;^EIYSFcu!fXs`(03bq5?RA3LOM>l4`h z1@^TS3(8EuhxD5hv`#wCi18Z0gZEyb!@4pjlpTg(`m$3sC+$KbG3#g$!S@f-qFp1x zBAoHgwuO|kI#F;rt3D!&`&JR3CFva}k_syl^6x)R=V*^!?0Zq{+X_b**0}4qV6&_X zJN9PUu?TX?)ND=XJ&V4GDQS7#nwh4)!4jTX+U$~0?v>t1U@1iRfCxr_K)<`n(r;ef zVau^%%XG1}N7TGOR#!HE2*^!RqqSJf$I_q2(`z`xBy=5U)-B*NGZ@$YA5-rbq)D)~ zYqxFNwr$(CZTo3s+L*REZBN^_ZQJ%Y``zdL&iS+Is*H@t$of%HmG@ff-kjiSy``=z zB-M3?>p)^*#?q-ih-~UR3ha+$cn^Q&ZkmpGUK?#!d@ezGi4?~fyvj5tn}yV&}t>3x)Sz?uRF z^pU7bj4hl8?|1?O4_+u76JHDTm+!d!VA1$&u-&JRMUh?;{_6!$a(g_hkihvy43s!>C~__(CUiwxsEL5{I;H9)Il>j~~FbKp<- z>%uSqBJ5=Mh3C6wANS`)9oz!IgehX}~_+Aoy2THp@YAqH`cEs|LX0r@# zGe$B`jG^40kWO(U6xWukoszn^twJ%biLIPyq>(}yb`L~!O>_7&aDYdK-1`_23t1m5 zV{8P;HF1qdi)`<0mMNjQpvzY+)^}9k?zO%gTCJ}1mqV#L7yy7TIm5EuSZFX1o>))V zw&m#7tR*rKu&R7JhOs$v{F~*-ka&W}AxG!Im=l0XSxY3hrPLh?K#%*2L!cxbGYIP5 z7zBO(yLjb(8>Jv|cPq~E6uk)&#E*BlAkE6z-weOCNLe^%DACRkE8!FqCU&bdltUzr4Iygtp0p#acz-8rQKWMFm!@4P@6n@> zG>OHwZD>*J)+7Cr<#X^weoks+4dSKf&Gu={CQv5k0Z3glhLmwDLwv_~U{of^3Kh5Q z{cgs!R1yx#hM5#z0FnV4^{iLySbcS<6bt$c$hr2!xv4D>NnQsgY}A-7?BL@+Z`x0S}QmipY05Fe}94a!ESqOc#MK_&^#dEV@$nIr1x zq35g{S9Ozm(IwlglHh5mMDuH%lL*5OK)@wbA`zQf-f+yF_bY00blHyI0XkFrEOW99D|b=-=xaD7b^ z+(>&ptiuJ&>D9OsuSI-ERa|1>u^^u|a=mCsF1e~W%^U1`G^6?O^A(oAIv%|le@VhZ zAE5l<;*hdcjr%=Sjk}m}uiEIomcqE)xSitoCsp6&2Th>36K;WexX9+2wc+3(_#m$6 zjyG0pbnO<luyv)iRNrX;g>(9XCK0HXHf3Hx- zN!kyP#zoqns?DLd?zYT{x9)(=x%Hm{@uPb(QD`KpUshU;*=WxRMNfTxFGdU@n`Zs=)oTqd|q=8A<~-}Zmuvl@xPehIBN~J zd7NN(Tk1ZOJC|LwO0~i57#-n%(Xs@uvO}j>-NcQaJ3tvH)5{3mptCYZxsHP%Np@l# zD*jsqke8C6|FKtI-cf3%Ti_^5Mgz!(JgW~(muV36L1zAyHwNVVu(O2!W$onZ!pbN$ zy?B0erM@(zgxl%+>Mgu@&hJ*x#i8h`*D6=v4to;$7FDOU3$Dpb?be3Kl-Fmy3s%-} zVA1i~Q%0%YkJ79t%1BKf-WQf>xKDEr6CqTW(tr|NM6GPFHFa#*q`SM_egr_nERYf^ z`r75qG?!o~qZoQawD5xd;-c}1MeOQMN?n6tI@h7b?VQOuq#hAr9k0U@lc>hwz)zLv zwF-QVJBHC1$*jzh9>5IPGFCrhfFHp59wB?#=eLJG6@T(M(t)@SM`d>+LGO z^h>;v`?5UvBkRw2WhJN90v3Wc5a%Ayuofq_tq|lsED1{MGhL*{0x95G0f(_U?6quZ zHCmX<1Tfy>>;@|;kH%&FA~|sib>e&y8(#;tlSW=m1Dae7r~Bv>fy=-IjFT;@;$o+w>ae#k+6$ff|WujMo*^ZVUQh zRgSEPse`oM?JEHNA{i6(MU!w9njPn6hYpMO9bcl6xJa(-2@@=^03bUV- zbMiLr@vSP<9m48M(p_XrE&v}R<^?~+Xj#UJWk?2M%s(qu%|QerZEvylL%=$9I`%_x z92szXJzOg}QQB-H-IHc(Hbt?&sgg$pqe~Jv_Fq70&!S;TBhmk1u8Ozx7h#O4`x*p8 zguNKtr52)G{RDjG#(n*WhlBNia^7m68D7428aUnWF0CyU7-1#}OF`7Lhd5PWi}{zX zF4M%8@@NZ&!2FhIRG;uevAdtoGVtY`YgQ7`JAzOOiReN+MKwP^;Ko~krYx8eg1IPe zcCgOcNB6u1`dl}p(2mbFC-Zq5C8dqG8%o>~#%!4W8Uon4Tcyakh%Sx${Y6_{Y=N=2 z+AGa`Ho3U+JKu=5KYed3I4xewF4tKQlv9=W*Gg9_kI>4)KHGRk(lxV>smS`mtM#TP znAIv9e|~&pUzX-)XQy%Xhe=z)8>lgr&2i}rF2Rx5{+AcZ-DD8$HcOYr^Ay|kF7Gn- zy&tx{f(LkFY`-62`~l9i45t{`ZYHFNBml9-7q%b?zac zaR@$tKp{Rt)GXT}%%Le&CgWHDY8r9BN8LrqkJSsKa5Q6M#ZN?#OGrgg!oC#>{Q+us7j7M`|kVQfh=kq z#Q-iEF!!nnC5fGzR<5<)whwro`qqXnZV-9-HR)td@neA-1Goa_&OGX&a!zSyDuslB zqQWoO&255C6{95hmF@sawQ5J^p#%`GhrW!c9W8-(1|Sr0O3tnK6i&QWKbCWTan&?k znE@#AB4{x#Jr7bu9Sh~0^jLPvRgnG5FaV?|9ED&s7x58kixs~LXsqCc&t%+Jrc5Rs zU=T$mu5SII=-z?p{Nh#daW8ZQYZ~0G-gp)Z3b|3=l9WzOg^i^YpMyLZ$4P4SHcY2M zL#w|!_J{#WXqh!Or5ewoXQGw)w%lQpv)wj`f-_i6^Bf5z;jlfzJJpKv^E&0Xsepr& zDf7Q!Y`t0J#&h(wY=!Gy%} zVEL6PsVkv|{h?6vR38SexAm_)QBx+Y#~Db=<1l*z1HOpZ&5LFA2vz?6<+F39=p-X| z7_E_;INy<^`qMJ_liB%*H2+FR#GL3p)SInJX|!wi8=Fhl_#V#=quv%+ms;2ui%?WyM6urRl}H$97ac?|CmBn*|#;&1I|Sm#oH77vMNMgow@Vs-Ht* zI>WvFWLPKGms179@AsVP%{wv8Z(xQI1J5R&wi{ty8z2X2PJ-}(4F@UBlvHTP$`fCZ#6A*4(m;S4DDHUg_oaW=C7Q)J6 zJ=5-zci>vLBCGw?T0bskp?j-mmhr03D&POOVa|&W!gk%`n@gv{qKa9|7Z>6J>jY#a zJ1B08lYN5usV}U=|GIV9OGM8UG1{K>$-dzcqSFNI6AXTTu^US-9gsG#H_HXES!-p~ zdyv0maQKWeSqx>l^1EPLs*53+ScEUDbFTt+AF0O8WtN|1p;L8bnCw2X!W6YNJ6CLS z$DfXU^LkE!@NO;<$ahso2tZ(jD4Kv}tHAQuInB!ZYND3CyX2gybG5!DW6V6`0mF)VJckM ztN!O9^QOX@$QtkMl>k-BFGfp96AL2IEQ9uTg}-F0Kb>;U56}%$j+C^1rj8hu(U&L? zkO0>C6oJI$)i6jN^>rAcg@^USvgXoArH`%K?72xDx#N}_0_Re8*K+oMIe>SE&U;EWEN4G zsCQZ6GgP4H;w0s|oQ$N#7MYxC&ip+B?tpsiSYkmfHot~(Zv~{4$7YAl(&mh)>j48{ z)-O9)!L$O@6gKPjjJojwar$FmVy@iXCxEAYmJxr%4}dV+oRewCXUo2pWOHw@cu3QD zOZsPQnAiT5YK_x2RM!xh{_3$~%srjgr+sn>ih$a708?9IS$p0;AO!fBSVj``4+!cIoDTp&(@%h@8!9FWkZAU#S-$X2ykh-qyPH* zJz_rZmGH}bRSBqb6L}L6aX$5$y7)|I8gIfI5QRS9CbWZsq8#PWRbJ^sk7VoaD^BjJ z|E5BCK3%u8D{HO}8{%jKZeY03xpY;cQep4x2q+J=vE8J-$ed_D_N}m0NMmy|T2>WK z`l~WbFiyzXq;tH3*+F;nhi@1Mse;jSjU-fNMmNhg=$~bMP9Fr`V==#I@%2yBlFssI zefRv~v=ev2!E8!hCoG+yDfvapKYKdNA6aaBIlq)uJrmccDRPdq{{kUMc+C5K8$iQ# z10u(lX<2rWI|Ky7<oPjL&_ZY zAGicQSmYdA!yTRjEL0F7_Ht>Pp0PU-3kQQiqmW4@5d9Y}A;|1bwVEmus#Xi#-qRHPm+hPud* z{u+ctA(ZkXx(oUb@JagB6<{6Z-Ucme(hmUscd`FnHJ4jzRSC*<0xwA-!RU{_FOjQM zu}~U_K8zdnY{@_Hj{xx(MPK)~{z`q{g+nQSkc}iF4i1GvA(8qA{kg>b;qO%nq+(W> z`rJzRwyOTiGzm;r|0>!rM;O;r^86+t`KioM9C~8*c{y`UCIGG)&<`XrUt?37uxTie z(s*Rf34_A_g;@fp+3@~d-FE>v^hkcl5IpsXlXNbd9!Hs(2(%NGY*}Z9p|=0PjY4)7 z?zr)F)lY7z&al&qcG1-&a^7KxfgXL)YS(iyyJ$ZlG=S_g@mBIb@C*dtKttS`&tz7E zBo^(648W6|DaZ@r!9ytF7yaLT{?CRzsb)R%I9aKI@c{(j@1$zYi+JvOcw&>m!~iAIwD1#hI)HGlWlN^<{& z4Q#XxB`7yd4@!Ma`jM2NdVGS%eaZjxtzQZk|C>lEINv`o|9=y)F90t8IyGJY_``^e zKu4_0iu|Ej1V4D9QgNI!j2UI&Qq<+5ydCLDGETe_c)|#D-1%y!{Hr|;*&C46iPt;NL3&S%`emHl%k|8_+)m6 zR%+@Ies#vk2k*A>i5e021cCm5G^5dTcmtNb&%nqIZiSy1nQL3%P zr*Z6oVw}ZmxN{5~*=sBk=exz%BSnB%@o&%HY-rx(ZU6G+Q?Ub6w(OQrLh zC*K)^OXvPZ))+u;ex^G;VfG(tSAVO!>xe>k{H+%ja(OQu<+m2#qqd-jloLKtZ&vgs zR=2@b=E3-%#zJqS7zYc#@HV5+c=-@Ht{$)b2a|Qr10U5xd!T&xisB%L`C>}63?Ag- zf2pBXFHy|QllA$7tr;=p>}_7_H|pzWWC+XDB--n^?M#4VSvvWgy_7*Lg>o^6~p+WLBVik`!W6TIj661iK@Bmx)ida{%X#mhJtU@{i&q{xX#UryXPIxT;IKgJI$aaRN_=?4B8(cbkG{fToF&|CB@0dv< z?u#1j_A4?ps@_*x5|W#4OgK6z$;bXu%*`bl*8M&8u{10cA$Y+NU(DIBXJk zs92KdR!(jbyAUm&GFy%T!a{%hTMEieQ1+UMI_!2XT(yn7sjZaolH>FvmOlGCH|>E%{azz~PWwMz+@jYE(B@_f(2zExsas z3Itc@(mmImrqr)(WjbRB8aOLeKcq-&Bc%fmQ7s+Lvq0UbqS1r=q3ffx9MV9L@|0f% zX%670x)9c$Agj<>a>TIxz7PHd$3FY1jC~q&91lVbJvGAuERm}A2@Wkid3r(p?czw- z!^idQb;f6)Ly=KXhmolD2MU;=*AQ5O_1TIpKqO`(PC`W<-7*oywv@}&rmA3@PFzxQ zqV9B6wJlLJhCxC>ny;tR2zvltOdppN5*d)QyZyAO%iZ;R;r|b=2DD{dEy1a2XC_a! zGCJDaEFJw^;=plr(}`UDn1lYpj_QzvE5z6p zNUm?hbzQCgzkyOpmt-iY&cUj}X)k2g`pO~G`bxnYmPpo_4Tr*XVGXYFEONhGoZiFq zNvi@+wj6-xv>j4TAopZc0jbKLe%_~sSgHVAI{nWxpdN(nHy2hlX$e)qb_u5e9%8A} zWqPn8YH}iX!)&O$1*`GCEU;=xG3QKu%%Yh1+6$F-lh7%dI%6;pfvqwVNbKEpGPFSb zs~tx>^HA&)D-l0`7c1UH`r-1FrF6UzPO(yT`2m3ATgw#BcYxA_BP)&@8+$S{_Rh}Z zt+MQlJ9`i0WZzecQ=6qb;*Ub&??V0}`d0!~+IMlTvXpc?8wENa(a|Ydb$YJwXG`Xs z3vq(L=xJOmjTU(CCYU%xmh&-(H5cLJ!2)oKwW;c;9-&PW9mqU z(Qb~iAU9P?)L1q``orKgog8aKQ|we$t}B7!3BpzAK4Cf8&c^tDykU;z5bRh}yA=k2 z_p=Z@Rdi_G6gaK%{OU89>RNhu>d%5)alP?As1Bk8^~V;deP_q*nHQ@!@piunpSxV` z?S!OIrk7&g7-lr|3_4%Y2l{y+0U#A{@yn7h4hm~%SHzgN>p%R)2bu|On9ESz=)H?5 zaI6KDrm+OpeABfYfv7k`+>S?2MkoMeN{?*&@ovwQ>|49#cxwv_2Yw2fEsA(A$@FJw zffY;fCdc4{WLd1^kxFF21Pt$`apw}bvh*!$?J}376=KVr$xXCe7|U}!nQ}kDp8qae zWSpnZl%`hjS;x60JBCMz5wy>K$}#HGiN?ObkTz$QeL(qobZOdHp!BHoyR`$%LGYwdyyc~zOo4Fn$dVru;oqUT z0g;X9dbxOl8;x1n#5l+$>xKfLjg^T}x0AN3D)>x56=jE3I#%kY(I~LDne; znOtzX;Z_%K8wfVLi!bfrYA8cBMMV^IP2ondsZ+`5D2*;^&0|RU>9l5&eG1%?Js&1eZ@DriEm|z|s4!+> zR#p&0VwTbE!cqsG(#?YXNZL~N$PS!9nhX_+@7M2QBgMS?1fnn$j)h4IqSat%7NA*X zgo=oqM6N=*!r$I6t5^q;7b+@0i@~Fi*xDE%w0V%ntl>AsbV5^-U`T59&d@TYJ&6$uvDwkE%$E~cj0_r-E?f84wo>2jh>r=0$qY<$?Xq} z%#x+M_0mCLENnxA*XOOxfyr6DSSlV4z%#V5BPr3C(;W(fQO4D?X6jRf^=U|;J7HN z51zPmFf-;1Fh#qkv6dHxI@#mT`Lg_T&xrbZ-hn%$^Nay8tPyGYRLIY5I}(vb|9#~H zm{IoF(uQ%vZhJL3H)3;xGly}4@lcDZ@d7$?d$E?cL^al0_8L61W9drwDLbN&e0z7= z9CamzVfnQ7Nz5-n4WD;At`dz!G8K!NGjn783zeq;h@oy^2%0W0X}4u`3+C&>#BI2E zgve!rOWQb!Xuhg}3DfL)2|m*h(C?e4Rsi303n^_t-=%nan2lj?66qE>Z!H`ey)Wzv zh}0@Kp=YPbYuo&DlN`fw;tg{~p+F9Knwp5xp~XpJt-lD&j+ddDCHnSjKWuSjEz&O_ z)Kk+AfW~{-Ls63b*#!w?ZLm6bwuT@wLMS1M9OiR$e$!)eP@6AuB&p{@x)CxMe|jC6 zdnYP!bJwMFcf~Kz?kaiqEtCxCS%baZD}uD~aO9An>zWP8^XE_K zCXkZmNAer?A(AUAB+55+&dnt&XT#!-x*hrr+P2|vDBv(H(y=vFj#`X2G}A(8MD&ZU z1&D05{~5Enm}1CQE@L_wYBX}CfQ%(>9~`RzeCJP3Iicw3$uqW8Ap*HB$4jKyK=?`~ zK)>dxs}>ydodAiBr_+hx>WT($I%kPysMs~4d#n?af!e3iRAbD{V1x*b>k$7m0B{wW ziBm%AN`>3CH~c_e_==!*s`+6)6S=-L<=Nt>_$`9KxY=GA))6o-!K{$Paiep++lt`- zv_FUCO^)2pzFI~wDWSDm2r~{vvC!M&|-UsK6l0~N4UFK znbk3e9f?@PAN2ikJ;3p=9!|jVFAKR^R!vW<5NO8zAAL?ofs19|fBt$mIhKJxE^I>3 z(uBjS2Gt-}HY~XY006H5qQ1dy1nFo7j?rSXok%Zx)gOr-yfDFn4RmMw1m&?Yj$vo@m~ak$=J};G}A6w*;)l?PAnkgMDCk*&&~WAYYpd*9giFH(M-EGtXgU9kHloJ+|ZT zS6X9&F3OPuwLUPApyQPjpnOV?u-m}Dy(1^bGIZ}Zp!>@!PI3n%Jm5aZRgN2r$s8k) zF0XA`rojB_{P{z%(UY+3BoV)!9c1_%WwIz;UATF*a<8NLSu~-3+z|BFCigd{Cqnl7 zm(~4s#KGJLvROJ;-^uI-nb_=0@Fe_NeTFa|l3m{GJ8ni;iDtqAGO$^(8}`!+xc@%C7gb}rjFq~S*OI~feoLi&v*!Bx z+bga`FYiED5Ey3@c_a(q(GQd`7ClJj>3Oqb5U6?5OQGDMX1aAN-q8*KbdK6c#1T3D zChUdZs$x8;3B%t8#0Y;e&UPT)I$*gwPW&PvXve^kFmdmXs*=zPnKXK6STFwtOiLVO@wcOO@+KX*Fz z@;u;S{;@uYV1LB`wj9juCCEL42Ii_e{bD;6ucVH2rYNY@y+!EvqzxSEu`)~b-p0;tD+ZxyBTIXF# zHp4J-hS3Q@%j~C9N~{`GO#q{52`VNpukLiVu`SdkM3-iCS@3(-0%0Y6@%(VzXKb4r9N!w%Cl6)vmW4`_S zy*VcWKqMO#`e=7Mk-b{`h6CLT&oqT(bb`5t&!KEPH~JAHH|E1O52LL5o7jQT~6=_Yc&38 zFqQjZ0Q9i((E*D8LcpFe(%}kmEq)J_%VcN|Q1_7C1!DS}eC}0K)w2Yf?Q+=Br1;YD z0@nU)3`+`(7`Fks7`oEOs<5$Y-IW0g%&$3Ly{GvRTLOLk&#$#$=Xs&h2WvB{!mR`o<0H32<9;2%&sT|Y* zU@6Cp9#)-*Xcx}^2yGO_?f#mg`P6@W;#Azb@eoaE%?E>0i#3XH`zi#N?#XxiQemi> zj-uaDL0@9L*yRyz#+5cH)TL@x3%kIe-y*$<(Tfp-$0c;JoS7Oq|44p5_@};N^6WEs z__cogE{|!y(_mEWNI7S_HaQXu;UcDF$;A^Ap%PDF^^%8Tflg0CCm zq*PN|3e_qHLE@RZh5-mUQM(v{eSra4nU4m^^9iNnA`6?KXth8Bx| zj*Z{UOcKp)dA+;{b;9K+(7#Yr$o??i1E0@pMKX!7i>wL}6%yOQ zL6K)l-vX`IAWIyYqodhrg{7t4kP@G}7qRWTw9n1bhcBRx$)R5ZOGhi}!DRqbJB$=< za9Gib|0!?rv`+a$g%jVeg- zZ=Mt(76n^4T{5%#fhAN}LKes23=HlIgC+wDkiZ?{Qf7fdf{Q;>(SUTL_nV;Ty|elA@K}eTlo*$NQa(3JD{- z;F*A?GB>=>u9}Vk3iUmx>ru%n@FRf@=MEQ6E#-}eWQ61L7E)7JD#WRs{E}|k62(rz zDIa0r60vPWcie+VBMJRC z#Es#B&=HaM#LRV{q0v+XC?agV(dVcR-@ZZ7kXCb>uG13${-MHdwK_VGY}!mvt^p%# zm=ZC*g||M?ltLso^`c>iS&sk~E}n$1-+A-8RgugIEAF>QslJio{t}|Upb@?#xTdf* z+5<@zCO(UxY@rV1T9Cy-xoBn(LT9m5awzpb3k&hgIB>28S_ydUOUIpbd04zH>ZbNv zfkZRM8gs${2AQFRJg|UC(P8f_hO~}gasQZhv-|~r2CUNtfr-RvPn|d>Jatm~BcR`1 zX#nWt>^O0;Xa;0r<-JjR!5P(~S33T#44{Q6QSs+bwvjcfz|7-CE;&~QNkfB`f(>*F zo8&o5@ea|(MTY?J{a8Gik}~e?d>qbS{XkA?Z_nm{pIG66y;Sd*u$&quR~nLeKo)h16N z@^G6Yh%h){JXRZT3Ba23#*Y(9d8>815H-bEEa?>S<%XgrOcDO9R3SToO56}ExVDz9&o$%!*F2{)4EIE5e*s?2HtzsJn&^pG=Z<0nO0qV<>}7k8)T9YB{Q zBFVV4Q9#<;K{PCS%fiKWfF{o{y_Loxseu+Lhv%5VPVthvfC70Z8Aa`))ML(%X~+kK zL}`i@2w@oF$8DJ@MY(???fT5#mB{tHEFbn9>Ot}1Tn8+*AyvVMY2Bc(Ci`;Z4~N_V zCeB4J^^II600;Fj~z&7=FkK~cLW6y1$|QRgZEOvqV8 zD7iaSy;2&r@mK>=ywKL=$qBkZvQT4Bn}>Q&c+-e-!%JnIHKHT5lY0vH zgD;lEXS-$@aTCDdMe{_dWsv7Q+>iP^2F7k2_rY@@Mad<+4C27j@m~FK^6uFtu}AOr za9R~Bw-Fu}ZrsCG5S1d39P1nM|a!2~&QO#tmeA1z#{i>z=l9rzs$G)#IiMQk~1 zX7<1S2V&7(Mssc`{@ZoPgvcDZ&>>OCII#=>-gy|`NgI=RZ1G=QmhsR4+Nc7n&hI_S zX{FQW$0&R{LcR^dCh83X0a_~?joC|_l=-gQxUKWCikZ9w>>ltWiF9jANX{e=d?%qS zd_Ux0r7?YQEIGtMT!EbF?5cM%*gY^96YwqRyA+>}P9k=nk%Zi)7$ey({qoOHKS)`o z5zbsT{mm)Hujb6&B|}Jn5x70c*RH?|u8@x1m2Ce07s*SfkiMLCbc{#9&xVPk?)5|1 zFU%0#BZ6*=B1bgibF{kRcBwUImZQ?4QYNWEX?;^H00NC>Ox4^}iV0trP*4VOw|8nr znjw(+Y3YzEYrJzxQemsS#iUi5BILsK;9xef%$-;N*x@mVb>1G}*2U6+RElU4gph-C z3N3>2>sqG!4nsSdt+YX!x*gecFb2AhH3nN0Q|KuC%xm-%3;`(kSTliWOOAU++d`2& zf$0%$)yVF{Fk4&?%-*3^F%GGh$pAzI%O<3-d60WX_Wwg?wN;}yTN!!7V;UFbpm{pLUntGxA#Ix3;fcNKlx`2)MZafOHErI zGy2}IOa`SK0Q;ULSafzNI3x*m!wT-N(LcA?9L{J!apMy$ZtqwaMBu7(G%1fxrT*a{ zl5eKey2x?k=1uuf88Fk(s-$*AwYH8Vq(%LNtAm_sDI944kEkd)hC)3-?S{ZrwuEq3 z24*fEq0(6>jD{I3ZBX>EZPlRUpkI@+?^2f3C7_$V#v1#A5)vb7D8aBP_zLzXWKklG z(UZ}t!}F`9Vc?wgUVbUfY@&1tT+D*1i{$4EXNkWk`D3QkOFt(;Ch3!GY zkvRQMd~&-h3W)_6qBPXE_Xwaw*0+9v}>br9m1$Va70#ptH1%RmJaR=GpWK7 z0SYXgS$G*}zkv3e8;>rhar_o9KhjJDhF`K*n?-a9P@D;qhKP)p9EBJDnWC*&3R5^> z-!U`22a~>nzp!?1Y)jg>L!lIvP9co~bT#6#iLJ0KjalcPeL^4w1 zKEjF`cM+a}JQa#rN!Gs)op#ZRGF6^Canb(RY1$801WtjE%#L5y>NSXMj<5a!<)fBPBM7lxEi(E^$)qQN22!>s z6!e2`1->N4-FIwHRFLzDhNI!Ix)qT{p@R_y!djSB`ivfcMiaRQo%5;|@VZ;4ZEFV3 z`KZ$t)q`iKmi{>eCe4`2x$YtcUA1t47(Gx1VB@|GMP8`=DY#(+SE3Yxu~6zRi~xRi z;_#dCvbdevr=ss4oaY)(Z34E42sy7hd?kZ)JNJ`3)$UwPJ;3r?p%Pbco8U0kdaG5sbs2)S}KkVtHv{ zAIXY4w_+&|o11m^;%G3tbJ0(2E{x>@V0zcYp3%HOp!R>~j2P9T4alEC6H#eO!oDL& z9%(PRlRg8voqLqIJBMk3g4s;NHL{Qwqu4?}7=<)u-$){`q+?-YlQCY-zbJ68o8viV zH@P zNt+MHJh~Ip$}EoPtr5bF1<^ zE;au8Gk6mON27U?scj4w@%wNuM&h}fn%~5Vh|!+jn+E0SToO?`qpxw2t@aL0&;*=M zs*|D+zE-{1m(A)581*XCwocBqu@hp-UXXR%-7jPrCn`amj$&crh)mWQK)az+)SOO+ zKK}0|m*jLdJERulbZFBG4pXq@=GMXR^s|g=p8?*39V)B>x+v>?-d#CYVP( zIHu@8V->Y+lB8(@n1b$8ptLFl)2j|PHw5=Zt}y(yc7Tk97@U%CszQ=Y5~QHFVRYrC zV#{UI+h4}f@W>@UBV72)zf6kHhO@#w&Qc@XD8ji`(%SZ?d6u2mx@oYmNZ(c2BiA`a zeEtf1<+6CrOW}tCb9#@?b)@O2x+Hi_x*$rlBoyD?TjP)d;ETqY)`Zb!K^aC-g-44= z*WKDS#xPWszkJ+m>+o+-YuRin3OrZ2r$I-{mfFH&-ZF}4tfpBTJh50%0So8fBa+S| zpFkR_9@5^YI3vWZYF^SE&)OIhVU5Xllrp2#X^?exoq9&CPL8rj=RQBC8z<}84aHum zY0F{LA=m_vjidYy#+}sRO!Jtx^6pG%nY;HY2uYOaC~v|u7{#^r?wswDD#~%wF#tWO z&dr9nHhP?OprJ1ddXP{w0QF?@v7-E)3Tf&M%LO~kqutw-tT17-OHxT$8O*EA|5z+j zJ^HVWX|qB&7=O76EelzLOm#A`u;RJrWXM)iOD!v4wPXt~o}_ZI!9&pptbLuoDnwzT zE&pMZPyT0mG}~Rp+It6n@2NZMIlGs~x+$AAbhip=!dH}}L=!WsTvvR@LN)YnbW39v z$tVsi6?$cmL5^wIvXy0>!qJMZD9MS-*;s9v#i8U%)HU_5&Sc9@IunndmKT^}+zi*n(4I>+S9)i< zSZ%Vke98nmFPKg9Q8HZ^`7i5Ob}mDtM!qD#GCEW>i8URA_}Dy}d3g*q^+qoYg?23{ zMF|=CNa7+Lv9$?$B)I*e(KAW6*y`@P)j%< zi3XCyTt+2lE+q#6hPrJAPQWf+O-fcrjM*a}4v1__=r)PGWffBnhLWMBRio4LG_klG zXrcLmV|&h1GNVgoO_idnKsjfb`lO*>d*U3t0Gxi2&g%#TI~#pUBV?fIT5b>~(s0DE zG!9Nje(2G{!d=a5M44H8aW$p#gTw`(+!s9xe$t*?X;Qna;{v_KqDh?-E}|5`4krg025hh2Hh6V<^iZ3~4_9z(*CIg+TnXbUBmABBv~ zT$)drK>jNdn(~MRTsh&vXYFxQvzQ-TxEduG=Ln2_&S6V9H&+E^ae-B{$l?-EEozBh z`nOQfs2;6Z)_Th*3V2z$8%|*C5Chaq?g(ST9&WbJ&Q3=vY*2TA#8ixqqUvnQ%`EsX zcZ$`8@hyf#lGE*xegAH;AOvk~|zZ-*F^T>K`!C;pt6Vi@Rx zLV+hJ+RnXkSfi{reS&EdY)21Z*a3^%IvFsVx9Qa8KdXQ99@3TRTX}L}!YhzVD(lPd zX;jFy-H7_m*r9yuKSRjCzw^a=Ti^Bml_lwm&gH05*25KWI*m%{iVF3uh_d{Q&l@@Y zxtG}6(}gJo-+J=(+KKbdr1pW0*P_6%5oBGN`)aV&0SJB%Z|<=o^t=RIe!{;? zbN%jsB~P*GU+Sm7fL*ogoShNj)@pddVb{)Z?m4voY5Z%TF?9VDd!9^O85okx4P(RT zM5{_Bl7PW3JC${ci7g*H7i;Yj%|uMbL!4HqNqeeyJ!CF_ItdHVkbtHYKO*~~d1gP@ zd?|hCOkDVIxCmi^y>j*K;^i{x&2F5$v{S?#<%Wby`kg6T@DyO;?#4zIgT8A$k>VnR zC2QwGQ;n`e2DM8DY8$4(>!5-HxC&E9pu8{%@!YHfh9Cd|@(Iw|xTYz8zSg+zpW80y z&Hy_a3akrCE#d)Ca37=d$X8dVNehk9*ojFh$2`rhv$JV*i!$)itN7m+@|%oWKg9nc z8$;NWnKHOO?0+(@*cTuzDjbNoOfT#%2j*|nX|XBgMP?Z;vFD^kO8BRX;>SBQOKQj8 zj)9tl%kFFl&^Px2huYRQ5xH>$K~PP>gI-mB6^7+L?@j``EIq%9xowefWi6R!H=p|7 zkaI0+F*DCa^I?cK5NRa^8-|VT5fl1zDZLWNh7fTbC1ZjxaN*aJ8^fn%w?P7}8OdOR z_kh;9*4O_dC0fD{pWe;o*mk4F6S{5d+j<1&ZV1hv_Q9sD8{(Zb7EU#`+#gREcY5BN zCsV9zoC5NGUh{|+?4|;I?sLlcg6!-~WgDRqI(o{~=w`^~A)U{x4bwcJHj9JqnqYQQ z0pABd5DG}WZ~p;c{*zop(K~nO>=OT{Ehe|+q%#Ed=A}xs0bqZ|tWcXx#LcEGHKRo; z3}^_Z4`9#N>vM76+pd{ebtK;PfoKay4%%`+68RcOH>OW-I&Z~fiS~I7>L8@ip-d)d zj)?U37A@wzGIs6)L#9awHCF^}Z{2g#??UWTdTH6AnCFlV7g6%4K+ofb!iqyYX)bX! z`lP(L8_^&BR$gvr_p1Qt2lj52?xVgrkXOBdAP@((H}o4M z5N`BtDf!FwQ!(I2YRb+*hR1cclg}GXH5ba+9&zzOF zo^vZZd|^Es@XGta93Fbxt6XRZJ}xK}5-y=fH~woWP1+5ji!&T@-~cT4o88b4T8?iR zK03jDr#{2814GtB`R~YFq*$-d{5fC0+E1bF3VO&0l&xN4WpaV zScPC0f9!rRx4h*6OUJ!Sg_~#q8Rf?-KGA;c-o0w$n-#ekQue<|w|N+xriXRQtoDfPW1B?I(D`_3f-y?q>hG0`K=9 z9=Y;#s|!5OE4$`9_#64f|L};^ACf#`%0D!DM79X=H|M2wL@>tnf~G-_WSO zleZ?C$iI_EttBW)_tmu)6|q{AcnT^C;p_t{75C+s>T1sg*GzusbxqDO*A+F7 zdO(h!t`NgVJt40cj{Eh z)=<16zGl?pJ5$dGCwANa>~*0?F71hSPeIAm1w}xt4v8@nET-7&1J>RSr$>IDgmjEYd4+Q&DTA{-6Toy_WFIcb{Fbm47Q#xUiUs zi8hWZ8WK}gt}_i9oubT?Au?hij)_W2j+zx;y89VFWZ!7Go*L%Q~AuYb3D*#XYPuZ?O-#@~!rKp!cEACuxZ;L%RuS0j%m4LKL`h+lqe zb8^t**rCazj&=<>J?c2R2^SAI?!ib?GMbejjq((w!%k?`uG(Ay^!>r;!MkX|@85t% zmSXv8Xy{x}VhO|uvAAhkZ=)dQN}a}3N64H%YdFeye0wQAU4P{$#YW^Ug>OZ&GK>kn zd#AT>A6-yGlFQ|PRSsW-wLe8Z+ej4eoVgh9oVYml^42?s;iB(i|E_caWA%qNeSYdz z=`hATc|_5ng~Ql=yfTLW$Iu4G0KP`fE%jUei+x=+Uf0~j3I67XSGa}GxRI~6*kvp| zuGi>z_i!_hYk#4CxY0Wc{KG`vX=rg4>XCw3hB2DoUf?Na?cMx^-s9HJ`f@>C8@wop zUI0}3R~g=^^<%e>RpkB2YGNwKyH(?OFK{LA+6`Q0ujam@_OT4yHI{+9#xiiTScbX;bpK)%W4`G75TMkPGyHM*?5^GC?en2r zL41DW1+ILjVj`qv&hGEFe~j+Nd)a?JM;Izj%|^UDhxugD6Rb1L&JaBrtpI68z8{&@ z5#{DN&wsWnGaH?UrRRMP2HM@qo`04uiP5tSs8t&;-RBZV%1?@Y`@l&bIOzi?ec9p9D7`%XA7$-3>mGLSB_y>Ewlv@U@01~d{>R)^H1kf~GJ_nk+kU4yhF9)wg?-1`D;=Mz> z8h;4)4)I^JL%d`uwkWTScPfW?PDNa#Lww>q+S^qaySF{RXaPY~wnr{w^PK=L9%zp% z@2e(-{UEB;0is(iM@ZIOQMFZGHDUkIr%bNC>eU+bXt03`WW(jJ{340otKU*F_g?+p ztKWO|FH1GhltA7t>m8_%Od-Z#-e(%-qz52aZzxV3rrbF-5 z@4foHSKt1{c=gM&PRgt2oy@C`bZVWWV$l0tY1Lh=Y~?lqdidGGLA^)6_vrT?{b~^0 zd-Q+J9{n=+MO8t$wjO;ha7H~O_Hw>ZkN$hl`@G%6etgH5w2NKd-#Om9+krN^`+qpl zK8(i0&;zxwUU>dMn|sgC+qJBx{%$hR7T&WBT1h?>G*;+)o0p@~+)v!2k8uHP2U;7i z97_}$x97eW1c$;#O0`Dy@V%`+f2|nAjRQ}5+B(p*(3vmS?%&|MYP%}x9}mecq%R}= z-a{~#`zn08-JnCL7JSagiQI*Y_JNZ=aMA}(`oKvaIOzi?1=FDq zob-W{K5%0HQUWLY$&rPpRmCh%6F6bIA+fY|@8K z`mjkg1n$Eozv8gT9{gmLLsccY(=3F@Du;`VnvA0WNVL~(pglO@S4VC+ymah-wmDh+<)1G&MWOra2GW$Qj+WWYOA(W^_?j8p>0EVw`0LT3tj@?wt;5D zMWNd6bpTI&-pEaYLA3^hcz<(h=$Z8RtBrS)ZvWTm;U~4rY`AoNsqy^qCEBR=%F&Hm*Op$e>!b`_z1>AIf~C9JIE#2=?%8T9ixA$pYX5^9#}1pu zi~86_AG_#d7k%vFvT?vZc7e*Q!>ZDNycPhQC3rz}gY~tX`rt($ynpC}7k%)e4_*{a zhdy}G2QPk|!HfS700960?0xBS<4BU`t6*~1+N5j}A^@IQ)>%tYRF<~$>XfQ#x@XqX zKp;q>1p+J_I%;Rl>K)eh$C~x5&9ls-)RU~cM+69v1PM}yQm1I3gAdkN~ih&@w$wRC{1&iQ)l<9gmr)nU3qkQ|!Xc((R0_UDfK^yryBOdZ&>tI91!VR!Y;Tsm+c~ng%`InV2J{ z+_{c-{RU2!A-vhKD3UMSwKe{aai)t;U8B=%clxLOZoS@a>diBC>WyBBNAN8ybS6`m z$?w9kfBUCbY%*ZB{K|w^!1fQDo%bHjk7VneuquB74S(wdADjx?oXkcnKM?8HsC{4H zNHx8Y%W`;-UwPA6AG_+Po!SBqG_d}SG!H-}Y-%Yc=xW_q?HvH!boFuEfa7=^Mbq%j z$%$i|AZ6x29l==}4^+oL5vT9T0XPAcoO={7T5{?Iz^c`U9p0Nff&S7rKiCSp?YH*4 z=lkq8Jb$^;d)wxg(8A7iKbqQUwX!Rs z-AM!6;*zQ3=ghz?*9<{uA{_PHPjQHq!!j()Y`7|jnUn(>`oOm$+bVwzC&S?ijXB2Z&2<*Hsu}3KV zVt>nCaz@!xxf4yyFao*f9Gb1@uX^n(JPQ92y2t#~QXlx;oXp}O-S_$xtp^{y&5X96 zP$6H58N;Rm_gU4U4?9e<-}4`*Q}@1Vv(OoN)roI2`SVHM1|+l#CCByh5Ot`n8XaRn zNb0ISe-<~}>7B<=+l}@n3K9RGI@gD4hJR6OHqTF+TC1+r&gzY3r+p|2QO@qKt=#=r zK%lJOeDsd0*A^D40TkCV>(tQO2fz2PS*BZ@2E~m9eI<)ll!_O!8d{61L{H~eFJVzb zt+li~7QrjNKXILwLb0=Lnv_tOXTpAFCnh%QxE{#+rqn(N25Vza61-;+O0 z`Ev}1v&W)GK&B}`M6LP9cc;pi?uUv}|D$60l=uDnZ~tJPACJbr|Mu_XZpD2Rr$$ag zTtS#fy^rAni{puuOOBeyGutgVv47AN{LYDfhzD;LoOe9gPEIZiw{Se6cJi)9vl8iW?LNvugR1lm9m1lNC_}fna2Mrh6Yc;d0Xb z)sL^>{^j&3G`8^MEy%8PS4*HM8F}xDw}Vt~;iY~E*-svJu3WkfNcTrlnOe#Zd=$*}-hqZ1){(IJ~_2EP7tgAPB z{f41N&hT+`Wq9!LApM5GLwBQULzu_d)uW4Rv%GdBzRQBu?TNF*t4 z8my|sY;QSft+ryuU^(b|uJN|a%kuDDdu`%e3wt2);~caHj8jWxn}0{vgV<9@6THWI zMmV&UXlzEZc~dBD0>uOk5rz$lejo}Um8ok+IBwExLw^|EqRNitf{w+)9B|7AP32@) z4|@9ns~OQt6L^%M;oAt-IW_~ECUG>Y{dCP~#9gc?={a ziv+V3WXUL4Sd59R0Dq*lV1}x6Z(!M)1D8p~*oft-k>OEFLD^5EqTYgV_Wh zPKtp{EajyQLVq9OjD~4BJ{@~J*>i$Q+&a&Ee8z+21m*~Wv`6Pz z>4Ynta9i9RQ)fA@|z6>iop+wWPNC#e3I`Hu^3YDcq#PNDcf_=rIPwWx{h`}aOxuQ; zhj2gWELf{V0p^`MFf@HfP9G#(H=K=>ch?Dg3nzgs+-6Xue=w(h_+6Ol>6Uawsc@%_ zKa$soST=R6VPWKWT*%!fq&`;&gkp7qRu02bv=j2P>RQs0t1-IRJTysR1*#B|azR=P~mX>=6^;Oof9A z{jVOo<-^8r;ZE*T6cl)q8ZSN_>5O`3YD(f;bYuc4$+ro#xg9eB2*>z4DaS`pX~10H z8-IoJJ@|B@Dc%~;ynX&4e7LHdqv;_u`s7)2Qx`J5eD-OoOA{eWbos5|ANBvSiEbA| zW#C8S!cRzUr6s6vBtN*)8RC%drMp|Po#BuLc*l+D#+coKGm6X+H)WFN-8!y|KHGWD zNZEutgxJvan%L?=m35eT9-Zf8!EAs&1KBqqECq;f{iV4-I>#M#^MK0mNUiVzUz6zEx)~PF~hC3XdpM$ zTBf~j13uR?HbG~LjFjhPAE!eE^W_+2h+t`mpbI)yq+Fo&0o=juTPE^7{^s2(eS3%R z+sh_-)pMZDJNXN$K%Q3}toJ1aDSvf6TZtt?H?s|`y-__1|EJX!AI@8+4ZYPkZJeH- zot>YapLPy#N1G>ee#ETU!I3KI$@Tcb$3Id{f)evwGg`H}S~C_{g~f!eEK*sc@$xVSfIe@3B$P~^ zp2`tDsrefm=r?dsCDy^VDUx{;spm~(Q?%H1SY)kNZ>N?yMfJi@%BWyw_pE3tYhh&1 zC+6HG=~eeaF~gECGR+ES#(!#!*^st?i@@7aVF96m3_VdxJ)vAERVA> zE8!-`$$%x^GhPpzK#fZ;vh>JBKKDSwh@%SpX|p>r`o#?B6qk@P=!OJ+3_HVyvbU>g zp<5HqlQG9JpJA2H{MCqA9#(k4u|EV|nw$^l;|sYbJEiK8!)$EcFnBmz2*bE>{5W*) zXH($A6SK>V?{IxGhJQeV=aUp=_6Zz(+OthF5>9Wlae$^kWAQTN_G9R~h{J|&bs z3XkDNd~zCjA3GA0UP`6)yeV-6q-0!g#ZxE%s;Ua_gFIj$j(-k$wq5S!hG&e$i<4I& z)u(2Faf-CJjTh!QzcRryx@wf?JuGwLN(b43gN#shuguX%LM!%@%E!_vR%URq6!!9R zDS2#1*n$jV9M(1idrJnux9!d<4m8w;F51Q67XF6*oB2?MgD{=|spzZp*et(+61VNO z0q*+?7Y06Q8DpM$oAtVi8a>Nnw{%`#~N%xSMBUPzTJt5P#weLzE__oPE69kRLno!s^W@ zToE|OUt$*ACvjc;?df<8hezN~?-PS4Qoc-OLWvgCwVcV=LQgyY3hHHEnd6=S`; zjTu-)!GA+Y+U#UeA99|(6ZXNo-lC0G++kjO^_FLdJllh;1t>nH{;Y&OmfaDTJmO__AE!zBod@-oqOx)q+x>Ee&8 zoX^_{{Hw(=oMg<9b+L*oyzDdjHQ8-l4R4l%oEHyB%(q$Dsh_9}+#N*VPK@x;y1_Kk z9oJ?kYN;>p$br|Yx0ZN9HjK|{^_u**shzi4T2nteKd%{$wo%6Co-#gHFXMAh7oR)D zW`EikVz}l_ebE^K#6y!)V#}VH;dtPisE?%-xgRe;#dBHo`)~gjQ=Z*xtOM|QwmNl@ z7Fq9!YX{>G*fu5dg_nmsIus%q@Ig2chAVCZC&FNyM8Jg$(Dr|lpiz!moofs)ZTi?O zK=!N?h_H~&>68b85`WOd^x~mOdsPr(@qYu>oq*ouV1Vd|LZm#ZSs?{nAOlyDG6_=v zEh@KWn0^>VL@%we#~kE!-vz@H7*fISZkZGPieGvoP`b!!!8|{0QW-_>CmW3fBn2eB$yjdr%1XzgXTz&j6s;GjtHvmxthOG0Mc*|u{(S%Kkw4%i@e+(@}`!q{|0;|-pD z4VyB0{URSWWgUS9nC*LMoDoyZU91hoQ&NuL70dTtI>v45NB#QPZW zS%7&)wtwq!zvvjGzv_bagW)pSg+o*mS_-}pPk5eD$HM&}Q|~CNd}G2dxXup@L%MWy z9jc>iv^G;c{{$X;lc1kGPYNs{lOsl6La0)Cny|r$?(=m5z%~rcoQ!coK zI{9`?v0@LszG%pF((rP3RA$<2r}5^n+N0Il8lS1wIjy%_TDM(q_J3PVqt$7hpOrr1 zr}PoecU~xc#EQ7}Ud;+noxoT(d~aP}T{^8e4|L`qE< z3<1}@SHdwEhBST06DbP6v8IBXUtO(p#a6NxCc z|10Bsn&#N8(wHJ)K+z^* zvPk>5npknO3smK22Fnf}$)okc4@{UgA>#-tJQ8!*jOd1V$`I)sY5*lj?<0m00>o6( z3sK|=A$b&LhWEJtj;cVbsvY=KC2PcU)FL$E2`&d{G{;X-sWf!+Kw)-9qtYW>dW07| z!hd!Kre`YWgntMioOV?E^|GDBW$BEZN}T0u-yUjc&xBV5SPH-TQHv;oaRDCKD{e=A4hfDb{lz%@kVOW@e!6+f$;TWCoV~gQ9 z?}4^=sP>)x<-Ky0l23l~d(#`mu)FL$F`!U9glNhqAb;pO6sv}p(wfST7dy_jemZQP z_N%v_9WR-Y$>CThpgk%kg|RmeNUY3v-6?A>v20$7(+miQn}`8}g<87uOIQAWz-IK? zgM9dU4GyZsD0D;BjEvrlC~57CYpb(OL&&fILHJY8%Uj3}6*Xsx1ex$#7 z$g~=c&3|dOT-^8KNLiKyflSCx64nYV4y~iM7Fvz~i5qh~XleC~PN8X{TvyJG-ov~x z;x*gV5d$MS3hpIcg1`@|V=&x*Md(*IQHIk$gE=3emmv8OUxr5dsgKbdh5k1^Srd#@ zSc~5ewVDF|G4MYc{wL|eLagxpy9v5yyjWJ(gMY$}Sg}Ef-q2bi#>wcXCX(iZLXXvz zzbPN!4}5$B{{G0X_I*G1hIh&3@UeyeX{W#Gz<=~w>Kh$Lt?TJ;@DIH%Uaij_TZjK| z;#YK4GyM&|NN=aV!50~|)Hepc$k1sPl4ZZd0_t@pa6?HE+`?kl1aTf7)vEusrc`Pb z__1^(c&x8^DO{8NA~%IoikHAO7;)wdh- zx61*X=&Nt6FTU4M{#dIbYgXUcSn^6f)phS|F21u-?47M;qkV1p;nCE2eWbUDQpZ3s z9+6o?^Y*fFyav5+tEY9gWr4OJliv?JoPQpzHT2LHgpY2;8>?$1Mq7}$!u-<~q>UCa zjkvvT#7hJY@5MXU4mn@s*4(%tagsM{?pu(zqeK`^n)r{pZpaHVcGReE^neAiI?|f@ zCQr~8#B0ML=nF!2RQT2fA=~ub3!=8^0~X|M(+4aF-KH|2FG$}}b;B_%%Hf6&Sbr45 zO^2{3hedBS76ov_mm7-`xZxr&76mbX450ehuFzBY-_@xf5?()US6pX#mH9m|Z6^+^ zgbY!gn0L-3p8V+*=?|+ebUc1xZI)27plHe;(mM1v71f_dYklgdzOm(;4=t*{uFj%m z@K!)WCkP`YjM$WlC9w45R~|6SqJJ?`kTjbGfYnF56$p=FllPKjJrfC5t`J*J01Mif zIv|1V#4X$xMBOw3Oa~T?9OCH|z73GPRa{Tl0K-H4JKnh?$urnAdbf@;TGl(1`|;dJE>;I3Cy`G7{>y(FN;eSh~Mr-~Eu z_aKCd6H(x^?-6Dokk@srYk8Y&Ol0{%AvM_crxb1{f zTqQPgm|+5ecvv`LLR&prE8(&uW&U}vV=sX zY=Y*=8vVR@hKxf@4`+tXtSDN}DdAzvj*1X4w3K>AQEE5CMjmCaF8e>^x68sim zr9jAcKVFcVCe^76OTR$0d{w#d;K~qbM;KF>)Iy0mi0m#hT1;iaOhn@x#xAlG1coPa z3}EpS#%aujh!Y#$F`?CY$>p#vkE zraj%lyPfnkn#+@LxB%UvpwKgtj2tzInjuc71iqXmkR^lr*{Xn9^L|OxXl85%qK(-o zFsEbwr#1HdWGZlkdV+H!+{XD@qFs_XNr$Sb8^h?ZTiVedk8u@(5|DgTJ;rI{9vL_m zb?~7IPRosLmhLH(pnr$*l?RftaaPAu3Vl}@#smfsFc;WKvYI+LXos1wU_`sggy+PV z3KG_3vsEye!by>vzEWmXlo=HZ85N&oBGpXV%3O+v_2vOdTx`htJaZ|QNXH&CC>~h( zXsC_)Vj~`1t+ksg81rH(AAgvowh~KGWu&6FN`gH`CpJ%w-G58*;|v!KPj6nA$rYJQ z?c+Yi_RjZhD%;*(jrh^VxSqznjeYjBqzVj^JK&{ur?c?*9F^e+(IO(dQ;R2g_liN`#*UKn|a2 zg2Et?e`NcXQ25@!6b~FMDk+We(iksnjKekt#_xU&@P9p7%`d3}feP9LFQ2cuTvLtK zqW-0;oo4-8Fqesm9%mw*G0~WsuhagHpMBd#-}BT*wm1|U7!>Z?xznLucnHWx(RV!3 zaO51bjpHMOfiG(}1Jl94hMX2pB)3qktiYiJOywqa@ys1KE_@*p&&?<@EjY26HTIle z;=*u4`+q@rE3LtUv<8ibSc7^^ZR(58yN;?gGhMU|)kyON@haL6um+o_TCJzoYmIu{ zIBy!wvs!5lKB+a>-mf*N74i4K40Eu7h2IqI*s{q#Fw{nI(*7um$q|iSH#9{Dh~0y>0kICzPc!$YdBLb}mYms{G*JA_#B= zsDJLU#fKv@ZZIJz4@x5vcp4U6N=XC`0#_q~o)d-49bzg4*eTfglk!r;b9@hBAY2m! z#ff5x3m9gUC^ z-@}9&kz8dn%a6gP$2^9i!2ZRDp~4d|oPQt(&874sVkgGjIq)$@*iMowJjU!$LX_a% zgB@>GZ5+%o`lfw@NsYwTo!v$Wt8HOcI7M<+4~7oAM+hRBCyejas~;34d-H zM-reAmS(8_iar`Y7@aWh#EJu?&PlR@!xO%y)p0a&bE;h*eeteE@M??2D~68}iRU|S zZOkFs8?|IZq#ntnW^+DBO&bIyR6<-+Ag!2TQ=u%s1ZrjwfCyA!5yBe6&Qz{Ha!4H5 z1Q!a3+T~x~gYf=cN+k&j{lM;~4u67?UtYdfEUcRv5|}wx)$vuT(pAV#0-;Nc0m2BW z!aL;1MSj@Ok4eMdfa{5u#muNuxq=Xqh@Ie9RsMErOig02RF!(W)uY4&%(um70=(XJ zR#3aPJ2^!EESQ}E7MTSR_kd!06o|^q^_WN;Y<9@?S-PM61z9NPpX$sC-BtN%++rV)kYY{d6?lN246M&NUMqt%>J&a({=Dcr?PZYv-T=MMnG2pT1Q6!7vVaYj|py&6QIY?1g-% zqN(@E%tevFMPajUY-=Cb!sSm(NUMq)qk4pPJ1uX+yfo& zGNK&(%z*S}r*W+8V?>u1@4kT4rp974YI~v0-&o*-Y61#KYB2Sdz8^-(5!9MBP3iY~ zY4r#5e&H`kNl7`Ht*RFI$ZEe&^YKu08+x;n~@6TfP z*zN%AXf*hJM7#vU51T@A13}!u%^RUOMq`8kR9xU59Pv|zY=5lq$hqvJR7o<`d6i2@ zAqW8)NP6nbqL$V_L7OfKFC>Cyl3{&MN+x=uFl|7T9NZ7EMG@F!Xyc-13{&3Wt3y@a zzmeyZX$)l=!}7j8orBF{n6H-IOBO?CE{maYa9IpVH=OROZaBM1WLV9TCrf1L%q24D zFCmfPvxG!8sed_Q!d5JqF)8+$IBsN@aq=+4SZ5i@G`)S~HT)RzaFB4YDt)YgLmlIa z^pjBeGzE<$h+W_Tht=kNhf*^mUn^HYLq87k6LMB6e>*(n=9{$cC3T@QpSsZAs0)U+ zmU)Mhbx?m$)&WpYU!H@W$vS|&q@Jc}O|8`$56C)b_J14Adh4v;Z`ICq-RPbl0!-Zw zvJN)RCupi2V}br1wV`Lal&H12UOycpC!L^EIGteCag>j`S6|<$CMR7$Q|o$Xb;>}k znX4o$OBtBXcAe!1(R_!V?UcPsX_S#CRk`S0o?Q4>O7gWVAv{=huuN(#rVbY5^X?SI zGX3u*rGNkBFQj6{VA>*Ftfn?P83P_JN*}{@*fNVZeS0RQVC(3d4>R8^lxC?d9!{`} z>2vx{tI%6DU7I)JxoSNhZ&plJqO0BgY%y0h}P>!5G)~35SVSIoe1;pGSUDX@pCHE|>+Dt-^d{ zs+3`ZGEA^wId-im0Ui0m@$tSzBN0vi1>JVRMnqlr;BCYu9DUC9kFCyP$E5|hpgG38 znEFSVJK({XumK<(8^8bd51vJjb@E3{9e=46-t-8Q0Wj5{ItLPBA$&z?L;RoNu%fWY zQjbY8;4vJOFZGx(wy>EeoZ6r~$Cxc`(ie)&JcrqoW6D#Nk0n;Xrf@)oGB!$xo6@VX ziM5^2mSRPX%Mi&rs;0G4jKLyCEp6D~7xf2p;cj;7z4KPLtM$R)uD6?7^O1YOmw)zl z*501iCQ6K($0=$=WL4godX}~}YhxS)%%#jVFqS4hV&^i~4l{T(vl6cv0zQW&haP%hFnY|Mr;h&2vf6sx(fKDS;R(YFX>6%P+J)f z*%HGjZM+urZ*An>THhC1<9OISkd{)_tGu}g!cuZ;AO)GR^Ay-Z!+Zyt|5Oyga69GV zDrJqNk`FpPCWn0LYL=;ivWx2N46DAjwIIKKO``*}ZaK7af8+1SsU`=}51 zx>tLA`$ra?T)s86yS(?Tao|tKW{9Qp7yW*}+A~_JrWG!nFI?05AiW~r{wtE} z*HAmHMSTwx^k!NY*MHjSEPU=2*J|5jp_N#Fhv5~UcW0Mg@kdHRt1UprlIwXf*=*)5 zPa5gj{;!PZY^BnaB9Jvd;JH|d0-cl7HOn`fDY0C!b?=jAg^p*(*x`*My}voJ)X!!AY6DPhUN_+_z>ubXl&}c@x;plk?y54 z*-sRIrtp-=2>&~royveA@-D{)9U?v9e)_#kmnt33dvZ9h*gOjuhK8ZGo6SY-TW#rS zlcSd638-0}ZGS4jW`#-Ty{6Hr*P8w2d9U8?ot7ryQ<{YHi@Y=mA16`D;AKftzv71; zBed)=ljkH(7|h+l&LMtaR|of1{+BW^Lx(DdCJvS#@fOtr^-f#@wp};42GOsG1d&@z zm~veSJkOimPke+Ut0)|?%p`lz0sAusdk}RUS?aixQZ<4H&h#xBxO;j zGkh#^4gbX?7>>&?a+^4}cxu!D+mYi4dH9LzWuosp34)3<3t99AafN~L0y7=1y#f~V zM)Qfe&wrZ%V8Rqv@@O^^a1M#H1!8b>69rW-z%C9FqdL=FYjQB-|Q&c&jlK-HMA$ zhT1-4J4YlN9c;bmz{JGEjI}4)L4cCz@qHQh(|=)%N@KRMpY}A zj-2+B6UJEV#l0Edq`S1Hb{Y#wP4n(jP~nYcwwk$H z!gKPT3a=z0EZ<~U%I%@h3ebg$Rufoah_(P~`kh0aloV@hBC;a_C#=f~-RdAOJ%Obs zaDNj|U_ORkkrWYK)fROFgk?-a=p_juvvloRZKGz8{C|u(|EPD3zScRfH*05S{oZ*` zt9MIp;8S`7=dn{uZ{Xu4h@jtU?vNp!QS`%0`veJD$Mo>m%pC+m!#hbyZy)bbbm|6~FYcg^X4P4*4rs^$t_JAenAb+zXOHCCu$i`F{I`r;SwVKz|h!9b5=+LWh z_mXIoH!-Ii;8-}=@VzjbfV^~NQb}ntZGv)dG?v;(jrBGX$;YOqk#<#EXBmB+@0dHM zf#>5PYgz%sf`)2z7WOyT!CGm2z&dP#Mn(Z|*Pj^QeqA;#$X5T31s1kLf1~uUyMM@y z;{pLc_i}UjH{S$=KB3gV>PrvNd?lz;2pm~o1P-dJhMu-m+iF|WGKQ+Y1#*PZZ;DUd zj&W{ud;NZ|b7q`3&W!_5fi^HtzqVE{j}^WHZ9TTL0UBmw0nnqNw&w7vvl;+c3+>$H z@oel<%wV5eN8BuhqaKxs)Ndc0QGei%0>@T*SLblrSCq4h%N|_#zm?1G$4jhdQhsuR z2*Z8AMLN~7vs5^x=o7Zt+GTmsTB9jBh?e&|y}i9vLtq8^w|RfOefPV(bR5gMX)sVA3Z1KiRZCHn`zA3ACk510T*nI0^`6hU$NBU@=i@ z3EH$osb7&Qzzs0isneuoPDu+r!ZZ1pz*j)${n-iFCD_N;6-Cnf11K6nMR^wh_dl2c z?A9E%FQ*6U1LnCaa&?pWlD-i#iHA&%1~Y&SJwIPaFfGwCshHa$4GqIs!j9|&*h)|DEG{^8WT$E)+ z$j3$?LYVI~WVgyV_H2wmPuR#D+{41#HL6Uaz(wZZBI$pWNG(%F)TjZeD3#^uUK+Ll03d~XgoL&JEA+W==e zUijmsa>fuA89s)}A^6B(QwX!~U8# z2?Q(rJE;k!2p+Uvtkd% zjPnskD#P8@bUcJgdf49kbejpKhfMr{NU}O zUm5ryXQ&!i>3?kJ8%he2f`421u`rWI2KP1|FO>IHTkRiR;l3*UqX+08ZEouyef%7f zuiN(lT`y`crs^*3DSe~#@8EFsgm;J1nqlL61emGizPrcl5?ai4w^*3>641WeO@v8> z!(9Lj9bH@e7W(IoK)gnMa!&-E035Tc{*=u`UQ?|+}X0xlUm`jsf^M+OcbwdhF_ zA&exQt7HFmPeUZT4onTovqvFND8D;QC_CTC1r$7s1>Sy!`-6YWEu$3D4(fiFkw2xH z0SUjlN<4&F{sp8z%G~t5av=dirK%FL5vu1$XqFM@xS}mzl01LE%(K8kLo`~`4XM8k z4^LAQ9DlkMCN>1qprSZ**^pOmAh+>pI5`l)6EG)aa~$|8FXsFNO9qV-Zs1V)=+uw+ z$8qoQVa`I(^Jnn8eeKqe7-KP-|JyRru`FSp6&BcM5+fW8sHb5)34qA4rq z3$SlAQ;}+*Tzm%G39A8UH<5SaI6~>5;TvI5u74Kxwr;LT&v*4I^WqL5FYXDP=F4&t z_Tx04SJ<|8n$LUR%apBolN_C)p@O>+ybrY(q^StpF0h31#TP(^PnASD^=um<% zwOVt9#}bb$CnR`#;XmTOCGG%a-Y6PlPL_ajkbTHRsit^MctZFNqRNro!3=BxXz4oE zwSTM)oVszS{Qm#`kK$O^K#n`ETs9<^9Wy~!2>e^vpy3^SZgbP1{H_Gm2wq>^2A{!Y%+M1P8?Bb^gUZp#OzGVv6QeW=P$7*35t3H+1@ z4kZI(Ij~Lm7NE(e-oRb<^ccA6h)S2qvxzMXO#~aUd`dCILpu3&BMG_0H`0C^iXO=4 zXlQIEF{n#`j$p@@R8Cy@0`x~BjDW8{=C%q~%KWK7(4SS(a_if_^<1C2E}6j%et+%o zvEi*`0#(S1NC}R~^mz@hNQGo%%@Y)td5_PcdR$7>=#AO%m^-hf)B2HxcE`%k>Jp(c z&GOl}5ifZe=H)%yc&GGW7lHjD^u2GgIPIl)6{(;6a=z|61G}_~4x(O241lcoWkCdL zVQdC=u{G0P;EArbXGMZb77g%-Hh+1TK4DYPe={Gd0s)MFl^&brH}PmIcx`KgYug)K z+nK*MK#ghP!T=sBzP8!W1pT9GG1twAzQx+F=H3gJ%nt>=S|w}x+E4?$ge#GGzLUkb z?fU&GFW1p~P|`e>i>&;#gE{-l`{E-xnPYn~Ip`FS1Fg115SED_OVo~~n12Peb<^(% zus~kHnwv%WxJ>B4Ff%|m%AfwE^#A$d^6K)R_BW!hoFrf0WQKMi6ngXe5TsNuDy69d zZVMA;CZ)CymKSyrBi`)TQfhaymeP|;{XZRm)PMYRr5u{%@x?( zZK&bR> zD503Q7!fACXar5QFn@J0TP}qW`Cnod+$%2Z&oKq0DH|e;u$%ngo^nWT%)nuG3Lj|K z1(`76od9?v;ixQ#_68cTiRF7DQ94OE=2OOwRUYU`PKMwiFJx(#n(OR4;tgY;?*=fSh$$!k=ES=W=X0;IlrfAlhEc{a zw)TIQF^n>Xv8vp!R(rg1zs+J8^-V5rY;y5J*P z=tp3#-+vMUy66jU`&NvYHv8fT3>3X^3Em8ilHK99OvpBbkU_2NtJHFHe+KHr!K5R9 zxW{U!&4;k1&^GtwQ~KF)ZEIEM)F<$i`(dQoUO038ye7JT4|IRczbFoC(*YtK6~7u@ z|NTbKCUhS}w!z%Fu^E_FgbfBZdgJTO-$+P}@_%*V9(`fJClwj?CdH$TCeJTG6xr$^ zVCMB4Zhy(!gW>J#gJ$g$68gC*B45~u-R*flM-MV?=qKvy+uPfJRfp>9>wi@(f1qZk0@Z}U-hY{YX!w{3` zb0YAR)`8{bYnH$-ZRHh7rmtpWS3|@x8%P@Eu1~0?l8<+BFEBl!}Wf*)D+*@rE;9IRk zzAeMxyZ56#N)(*=7oQc!!<~%xs7l%`?9b6)`LP!T_lJdbn>Hv%%+KVK3sV)o-eWi@ zJ3fD&20k0uVE}_ZhAa5JKO!8I{gHkFp&68J$2yb&y?NH7d1m`5Y^J@7voFeJJn-hb zIX!V~Li%d8mab||@_T99LuxMf{nc0d{_5)ny2SOL8SVq)63=4Lj~TCijQv(vk`X4P zk>#+zxaf}|lc{kuoB{R<#dN-;br(T@iGF`yH0*&H?03BBHl{dcURj*|%CX2V0FLsSB!%H@GJRqtncA*p8b`N!tEG?CV;x90&6Tw&N<7Ea6Jxj`V`13wxUz5!kZZwVZ0 z% zwh^&};F+mqw-twxKatiI5rKD*<|uzJrVX0;Fh+nNk#34SNoa*_k|p}^tZnc`?-F|t zM?Sn|8$vDoxLfg}&cuiiou23s&MC$Er1|&pckp*bLA?oPJ7U-?x!|03I_%$n`^P4d z{j&oLeQXBT*v})hK$3s|?cd*UR#IDMVN&ph?ZDLKb9yWhL~`0Aoe`oSes3&f?C|gk)I;E$_!hGrge|P-OD#z)msRUEHf-|SYAhxYb!w{= zwi^7dQx3#B<6W!K|L}i|vonAGN$)i}t#iHCY1hud1nIWU)u}gnpj|H%Z8-R<{0TIy z6MV2_UShD(Pv5Q|U_K+QY$~$l#<9+DHBg@!J8s5Z?1aiFU?x{cK{+y`s#zVmre~q1 zL;4zN?)1BbS5m-$tGhQ&7@My1E6o5jexd#z(F_9jUisj=zBN8ZHTHi7}E1x5o(-a3`dcTDzoENZ8nX@ zqVI{r2Pz){4`yEISQ|GhSxZO`RK9};AxHXV;5sm^+cEQ$Tc$*&dyUG|0Hlz-_Oc5M z=}%*tWB&|GPX&Ix|CluVl)ig)yH}nfxBO~Uq zz(gX0c27nM(v?SrNQHyvT0Tlo=1R_eGKVI__o`)1apzSPE_P{yDJ6pT>`#Jc@IkuZ zi9Qcnqzp=IMdNswQ)f|E8zF8M&=$mlZUU(w6Qi&)WHdK4caeW*Da#EhGiTE#_Kl3Y z5V;eHKWuUAiUk@*uzE(Ywq|sO^@SXe#tx7=a#%(z61f|IhD{fY5#iJsIj}&5krD#? zrJ;gdi(JbGo4{|BFaq$vR;f4g_FNKg_bv62#1BxR=)b5V1#7kfDv>|zG!-IIp6utcMAA-bNE--H={GWJuw5}pb+6q z%&;2gwHpt6XAsNPtgM06&3Y>pHCSfdZlvlCnzo%kY_Q5U|7ADrf3nr6UzF>1y<%1wglUX0KDed$EuF(qKAe+@R8%f?O+2tCxoq5Ds z+5%Q#7hJi1FDaRIL-aX%Cf|UUHiU62o%jctbz1|=8w~7wXQsvl(-?et3*q;u^QGq!B}|4bRO7af!Tp5b!W$z1UmGkQ&G6O>=8=DY z63yJcH^iQ!L$MD-bRjfb#JWE}4ftu0{9 zMx)B`W~bGzbsAQ;YnMB%ZnI-`4#hvgO=tNW+bid|wPuI>e^h~uuWq)QiF*gHw9IPa z?|rgp2d!1q8r)mBdseCDZei#+!dHdCX2H_}gMFgL&UNfhtXS9y3OaVU%Q9?#32m2T z-DWfYp0EaD2f%SM3Z2>5>oX`z-L^>SM(vbv=uDlE*ti7E#0cR`u)7K?w=zhz>kiJW zlKk-RG&Y!_f6FNnCOlk{l8!1e7=7eT2S_ep&=K#^y?1*k`}*(y`j7u$czx=ggRqi3 zS@6E)4-A)r9Yw59NWa7bd(q{s znUz{=&0>5#>`M|E_hB~&SI~{YBc$w`JWWn1d8AHdaklIu2)p(sp6`U{HY7PY%+Ykc zsE-F|!3-)uvAn@@b@#z?!)#QnRlzd26Rj=4{1*@`ubJf4XXPeYld4&(*$c+sFe@#+ z?@FaPi|Hq~W_salVk=}yZkH|=)$ywR;!>~i}6X8ILH`q}NYi1eQ*(r?IA5{0hU ziW}nek~k4!)I}FTBUD62&qepZgJ3g?y%7byN70HCJ5on>0xTStkXS^F4)`CUQDxaG zMC!r_I1DBU*C8@e1qu^qHe-5CJkI_E@iMTTe~JGz-Pm z(H6>A+#<)10zrE7KD&dG5jnSl;qE&~N`naB@qKq-<|wpjBtGXh8orI)%t~f<3s9i| z6&65+D=wJ060EHPTX@;nLS{K%EW}`!&2p`=2r)F)Y9>~{7Ki~(`x#CSbF;I@I$}z&veZaF(lQgzEY;|De;C2kB-&w79AUbc@O>jeGH`=+)eQbP>u}F)IJ7sPW*RQ z(qeh-I`^>0cgF6p0ALCLCSPe*b$PhCrd#<2n=PU;3!80I2+*#eFqB)h{8&M)+hMGr zVOf=08?M@^He1%YWwp)N8$JzI06#n|f53taSWqp%f}Ly}4<)^AI3wCoQpA(WdS~h_ zoJvjrqLDH19}mdTfg-Nb8PjRN>zwJ z*!=`|FyPdC-}m|-xeNl1E`J^wU;fvBr~JD-*L`<^pVl%e@jS>Iaiq=tXk11d zun(|l{FEiJWU8~A!OwFrzpG@O*=)m#dAUf6$h$}$_LGs;P z7IKYOq`fxchD*rsc5_ zgzH&SuCT{rV^$B0tdvlH)a{EjVM!E5$)ZVFO@$bi@*0n6ftBLj6B}&-e;XCB(IOYc zxpm1@&$)&VEx*8yUN&~5E#-^Fjb6JlScjcJa15sIomSpT86YL!^JH>88;tOhPD}7w zXYRD595bZDf_t*SW!=XJ+juymV1jU*WP(qMCZMmQQAfil-p43^U?Q*svBezgsUu?+ zL_C?`&IOc1Oq828cc^~zf6dW&u9rr0>AnN5h&SC7R@4Ej$K2(9{E!0pItbt^3vsPp zmPeH7*p_1zmg~)C!H0QPh^tmWT+ae=)zR~u#upb3>~3TpU`1sGXgnkbY93`LVSZ^8LgyZa}ot?Y;=aPe_Olp_wa5qRFA{K zf$9x`10~r%<%!@at&o-yP42TymN9f4N=;B|($tZPXxA5-uu`BU%_%$}0&6nm$*_mZPLLgY3w4Knb2 z6S^v%dT>H}^El>5e@2QhDM6f);S6I}P6kZ%Zyj*^e$ObUcz|4yWps=lJc97_D@Y3L z!|}06R6r~zylF$Wv z?(PRm`_7wqf3Xss35+lQ?SC7UJj?h9vNwGD4%e^eqN=Ge$9&`SUHS;_JDg9k3SfFK z6=Zgc@>#V4<||;n&0)UPh{`6lZ*^Fg1(>hWGRw`HesDFwjnGf7ld@U1w;;4>U|-8_ zHM{54ZmV9dpEVlg0_=NEu&-W#eY@ExHc+Y+)o%ItEfdTo)0k{h+e@yn5!Sec{N6a%>*2r&AXq2Hhs$t-b z@Z}}2&R@dUl~pNr07@_2&zOA{#tE(_zacN2&*DV0WaavA&d(zYOpr@SN~BSEkv7@z zO?Y)S7gL>Ye0bm*ZQsu~EL_@r*LlxKZ0;*DD7-+rj02PnV;96V?ngqGQ?%`+uu6`y8km>3Sa&&bZk*fnr|JL_Q^dR)B}nQ zh!-ag&CrXOcuP1tCquAKoHovw&oCYZe;g#Ux$h|SUag<}Mcm}Y@Yx9{M= z9%s*LwBcERh?Yk@TZlkY0cc5m+{ef~(ldpFVB&aF=HMV)KXC4egDY6McT70v_nu&$ zz9ES^;_ya%^1%!4r=%SRbMj$Sa@}A=+-m`u=EvAD14c$+zP!s4<;=)T#+a7rf1#mE zp;>Q8@6trzzrsavT$~Iad=#AZDLzN;FUaywO;ORYpvY$IBbz~cTanIq@#&1klkz3y zGhRC_n9kB?NoJ&A{r)%%rUCfvUZ2i+^p+EuTYPCR4CDbi9zzHiLU%gg6w1uO24uuE z%688xYP1UsJ1>U4+DF-%s#>X-f0gDcN%_WhjWRX#x?$UAXI8y+W_7GiyK@K~Z(b34 z-6+uOXOV8Jlq>nsYniy_hL|o#qd}il#JOD|_KjPN)~71HjlylL@{Whi5n~8={vBt| zLjf7U|0m!F9GoyQ!@198+~V{i^n?#EZ%XAE3M`=-U>H?Dm`vtVk6V-^e}j0VT5xg{ zn)Kw+J96>(#;A0Z;4yG_5p(e19r;B$0RyBh!o9?JdlQKnDjvXu5Ik0U zN5nLkPDRajf9&=@A}Ps2=u6_7sJ!2%~%k7kqy*)rKzh-ufX7A2zD| zRKDlZts{HvWa_Dh!5oYve}m;xwBN&b7KpL1HaK-DoLEEInF`EX4OQ&>E^%5BALuPm zhAGDpgm7)PRWJ@W^a5BY?7axTHqD%#z7SCg`W66!i+j*f0-venX*q5V(Iu? zp8B5#19vYY?gWz=rh;Xcn%l@!eQk^*6yrtXI4%+% zk?t(BlHeNmj9}zMEUK*r_v&riR;SafSk1cKZPh!iR;v(@dsfJzSwI%g0$DVgEN!m& zN}NPj`DTe%r^0<~f2rmmDItKv?PTDE@LhLc5Y$kD==&p=LJ|QFBf;CX=Xj(Ja(OX2 z&<{1N#yL|_bxJEsBVOIhi1`<4q#EJ9AKjtUnGsD;@jaCA4Q1xtPi}u6yT$}r`b1## z?~#;4NJcRA6_E|a?z}0gs`)N_UJ(P7?;#m`Q?2He<>tdte{xa$St?gV?v5+uJa`Cr zRjF)8!;u%GmH=27D%>0R4)QM?L7-Uf=nSd)bs(u}NC86evB`X*p)&Xj82rOSTT-;c zi5rgtmM9*;)kC3KhHw4$mw6EX{*InG{~~s!1@wG!ffJN}!Dp75WPN zYXTnGZNi9x1rH*R)gF;c2OGg?Bo*!kVKAGCNt(b-)2}GnWZ(;(#y*Mo$ns=(Op|9D zX`jfU<<&eDvXC*>u{!#?p2Bj?f++zx2%*6=9`fV*f5$Q6t}Jgjbmo4%(p(d= z&l8PVn@l54$-DQLYEJOqM`I@(+~I^xoaub%kY5$4F88O={m75clDGFh+;80grm%xmf|-#f@9breNO{Kxh<2^alNA%09jT=B zE@O=0l_?|p9-Q#5kpG>}P|w$yWE%9$!r*7vf7_1bp{Yp;3-<<&gD=1SMdAg>&CnQw zB1N*WL#8~z{@9tKa4BlLD#uTykz^4CQd-Fyq~cHcOryl9>xA6mhBFpizvmC2e_QfVW zmM>4$tX9@_0IteZ$xBaqbX|9LB95XcSyocH8bSPrYpb;cRw~~6NGE7@SMBT0kj zyPx2w8*m>$N$7At;khxuMeMXNMnoFcaq!C9V>- ztJ)6&(N)JqLaQ|Fy$my6*h5$#f)*JbJ>$rU`ksds#_%8GD79y}yknGbqrm@wS&XUt z82);GL?3TQH6d5qvB=zrsV}AFQsj#wCv_l0hBJ(JUpW83aq``P9O=tMf2h^2M>`5i zm29>3<=W>G+2Wo%Qa#skdd*Z1vIq|oEg`LSnjm#(#%NO=+wU+dFT2@0ee5cyn1E9{ks!E(|8Z~KPze;$FC~ZdoouS6pRFR#J`npf#iZg=>SIFb=l2tV<|7_4QaSg|m#1*o8F;BP< z4A9&o80vpegEb+%eqzY`ahANq|B2?ki5JIMw%{df2zYwE5$4?;V?OnMnTzSX?82VP zs?XwOvGHP&%-BJ~08TSa?*07iZTs8kY~cU==gHl-AA9HDPma|Ne?1F>5&C87iu2ik zj8axfP-e%|4*b7`@&4W1ox7&-J#sY$T1&>%dZ%5i-n~!`VxCTfJr)yTkd-YNpE`B% zxOM#FvZqZkWsbPs1kPwAxezng7-L@>+>-|-Nn^q9UJi^2_8P<`9}I*NjxH*n=|Cx0 z1f6)y3Be)SSG(hoe*-jqDp|`Z!q8N(0n~_b9pGx3o{MsWQ^GFk#s&$C0KUuHfT-Qk zdwR>KGqrgv>~0q{)+OA1LOnCgDweh2EVcnbQs@lXYy znj+OyYOY#^>N8yAOpBc9v*%3l?^=0jezbN7`Oy#SEp1(f^kGx`YEq=l8VatvVc(0~ zH^#Y$(z%x|e>P`UT+gRXmp-sqk4u=^WwTscsF0|c4Xe5~Vfr;xiPh`6=87ag3p&xj zz4gGkUrtdpj=&9m_x=*mf{`;7>|b)Rg&!}f;XOAzMmrILYMau^p6MQ8N$@7&b`(8I zAFaWpbJrtGLU%f~s(A7#X7e665-6Ali%+ghB2c@Ze|yIAI#tt83sPk{KG`eQWqJ0E-d*7 zmW{~YVAX-f=fwLD6B1`)HnRB?xUPGkEO+$1+MHgF}dx0R~F32DON>^Yn_t>+T8(xo5nfl0_ zMU`WNRfGi`HlN|lx+K9WTZOp;Qys+#aHLiNf2K}I!ZNQ{U0B}(`h3hri=XDJZ^QoG zX&msOTF^HRkG`=Px4?b`x8Q?yDC`1^UUtGR`0(oa1rN2~v%zB8k%31l)n=7MRPp84 ze~EPZeC#3CoCXk?ijVyviRMm6x5S8!A|l~y3fUuW!cGp4I~~PiIKsOc?28p%x87i$ ze>5hDP6>O->icIk;8()Fr0auX#BdmLQBt~3l*Bn+qnsCBl z0PMd?yj(Wt%*Y!_hK2lm?$XldYDI}RrC@9cr;_NuoN7AdJnr^DWomLcOQ|dv*vLRT zS<#9R2@ky}%RU(>!$IOXeiOoe<(-E!bNBBGos_;;7&igJ*|O*apX?1MgrYU z#P7fs24Ers>5i&*b6LnWUXk|O$oQ=@nf*Q|G)WeNgc|Tz2lKuwYEd9Wn4$NE;}Nph z$6SZWwL~nZmLmEvdLVq65;ml`r9=vkjXSRSRP2h`J$y^ueyY%uIRhGXh*Alie|y-x zJ7afvoUSf@NgYE!WZPpGDCi4CLA$tbUUM$J6NIvEzbG4d!I&t-dMlRoE2|lKB}!Q^ zKe7@dx`%Oo;?sCIbcq-ur3ke8@~#t&dw~Uze_$P`ASR*T@ltTzrx&3^jmLN?RhBE(WDxYX;etIO zAcX7Hb)y;l4tjzJ9EY6WzI8+2nUM%WNIvLunvk?=1iU>Bd?Xdw(1_+U1lyi-M9u`6 zKZwwljO%%bu&ARg?E^g89h={GV0ua>MFof|fa5MOu0PxO4jbSSkW=|6#;_F*Koa@U1jA`Z6fK}s#w{Ts+-MnQ(q~| zY$T}PJ;gKIbda@doBwLsjasGLt~9J_vtgI(mGeT;?pdMOY+OAw@4B-k$P9F=SE`{;{+>=7;V3srn;4a zONlQNtw5Q^8za*fKvwZ3dNhCdgE5ZdS;8hFrvEQ<@7D1tX&x;3f7%=Qm1N3H<2*Mu zS}B7^(-jbIS8$Mx3l{y~nTGh;2gy%@`e z;g6AyNx+nmJO@ zsrd1ImKYVh+5%Btf6`)s;YPs={|eXgg_XUlAT1?Y2Q?Na-4sneW+ zNK|^D^sLfdeRkHHT_Irt6u*t{F9)0ZFtEiUh&6J*{^oSDF z{oGa<1aXc#vf++SH~%zT0GmI@rk8utxJZ?&fkc%e1yxT}H2*NrU9O@NOGR_a7O<%E z-H+ga$%g6AFf|k-kQB+nvmzyd7oV)u6mH+NWA*e|wFl>~mU@UV7UCM>%A2qefBWs} z>F`fim894 zo-=HIc<}In0_=TlVDIR`7OU23fOj($ua>=_;$=xEO{@=iZRM)&##LYiDGbT0<<;cB ztY)`Ush(BK7qvEoF6DBkb^uyl56!f-`QE(gNyA5<$YTQGe`C90rmTSeU~eCW9g!TMDkA@B@21 zScY}$3SUW*MdXiaedf?>q|U*_S(U?5V^t+jj9S9oq1u2@j-etseOL;`W=XmncyKvC z9*mZ?1`ifl87xqgf)pR83bu!r`(Y48r1qpQe}M9s^*}5ygLadrVk6%7MvoVjU%|@U zIrk-&4qB!a;gL!qlafm*W7U+7B-MX9cBXx%`cv6n!p--R9@GL+7V~Txe_V5Ev>NU5 z^2t=gzzavQVB^o+khddE)q&y^E$N2q1ebNDd9Ln)X zJ(oz_u)Hl2j?q^@*1BQ3f!08h!ihk~+E`KgXK@6Ia8D(Oin^{ZK2d`3CwngSL|`49 zd*d#c``mp=4vOYDF*4J5mk3h{6AXeS6=pX8gA6qCnDGpu{6@14gAfHUtFo-JA>YSsd$ zQ3MaP=x&n1d5)>PX3A%{_=qa~PE~tT%1|y0oqgGJPijK(nL>|XNvSV=r1Up@CgOUj zv}{x|H%kqQ6op*As(!k%K`D!7e`LyuweKFbiQoyN8#I~;)jTDwxnQ2Cxm)&mjDrzt zKGN>)=sSS?C~A$xLBJ_nO*gcsHSyzX!GwYt`N}NBi9E$E+xI?uf^DkY&a|vCJDLf} zc;<~p_gG+vMTGMH&_RwdZM2fJ26Qfnu5y<`qe?Dk_BrZmW zq}*K&+Y}fM7R~)KpfFFD#D(#Gc;Dp5^-(~mSe*x9&|~2RDoQQ-j1oW2dcun!G8s;C zgpkQ;7Q6V&ui_9C+5IBBzf?8LK48_X^{NboYL$+@~#+_6Lj*NATn-Cu3r_J0y zuxN#P*0#yd2Eh)=@|L9Lf7QJ#W0p=~ym-1FPVWh4OeGGV5g6;RzM@%Zx%Nz+O?{dB_W&lm*fnuzZ&zdt8G>-m*|;POAZq`IT+ z0yGyoj4*Q%Ul3GR3OS_rx{m>0B~jPXtxJeoWKiLKj8teYWja#nf8tdR$vOD$tuu{P zz`^ypQlvbY?Gn3x>p+A(h)Xr_EYa1Tl+2T^L_xing{T6tun`H`zlu}6$m1Vg9{(9s zoR;~p`$=+UW23EAoYn_fuOQ7?s5liWPLGF>3Kge9#p!jZI5i4X?(0D1@EJ4OB1``o zD{HNIornXJm}M?VH-|UB9V`ZS9;%`zKhG zf8r)gqKlj}#g3{W_*3Al!`<(E5jGgwpW8pSX<#!ahAn!kf60d5c@gq!Cilk2sW;rq z=sM2K;n4*l>mMXgCo;%5dZP3(?p&YUa37=m3D@u@h{2boC7$Abkq{~c)=S)vjqA2j z(9_mN-rT~-cWwXR zwh*i(2)QHLa2`@H=B)Kyp2W1VzVVC>Eq6Hg|HkO(rx%8kf}(EtNT--MKK6_Go1NQu zQD63TC5@F~T_nvI3jb;B&zYWhl9W~13!64vA_e}Ae}MEz5z+3j|#wW@Vd>$K0U zZpS`=@+Yo-(x?4f?1*DDR|cI=w=9-fTLi-`vuRb*50KSrr2+ApwMAK4x!d9YUeucB z6}!=?wCw7+-Km{d4?*N@{p8nnKKZuUT%rVQ)+#9>;JR6@r>ZZjqDV0BLs4z>pUo;w zey!W;f7B`$cB|Ss{K>CB*W_FER%Y@W)r{pgwy^w4rOSWT%V*7w-E3Z*f%UiRXYI;s zocxAaYb{ZaX;ibPfz?P`ezmfN!bREJ`Zc5IqE2?pNqURZ5PpOU6e)WXV*%9}*D0hGLP<2jKz1dJom&KIYZKMj*dd=5BhqIop)`bhr3(+19`i0klThCrD& zA~${BMx)~tKF28@XPc6}XPnJKXtW?btR+2Ms}r$cJiKhi!}UYH&2!Kl9#>@qe^GY5 zyvTRRHmE9_bz6^qzK#Y}4Sfm0-x4JmY3*|ZQGtk$CK0jZp%d(Gw3TuzsU*r%?Nj~D zH(WU`l1X_~aPXQ`96g-pC||08QGP>C=@wVYb0JLTy+QIQ>IS5B4f2&l;p48^0=nU( z2Apdo99F?&n14PrxO6FgW$e-|MwS4n(D zOB@;Vum6@aPJTW;6P%$Nsi?M6>`B!-Xs-|H4WVnrcMs>kUWFu!NmvjjQHoI~GZ$xg zpB=8gAe2LNS>pOz94}!HSQbLpzeD6nP+&v%$%SGH(QKbfB1n_-*QP_Nr&qOHubx6?&0JayZw)x{EFmL3Ts0vw2#t= zFTegJ4|n)K1p#J65Sc%sxhl*S%& zL1_AwRqw~#SLaIa{VdFTaO7iWv~{W0wikZ7Qswn$Z-K4t1zUT1#OFi#U@)JoP|(&g zE$jXISAhC#(wy}If8|yD`;w9AzKk&&w^>l)s7dGD#XX-l;VoEiyYHjCfrD!rmqUE( z%dh_;gy7+fmwXsHOVyk1ry1TpON7CvN^smF(B;J>X47-~4rX)I7k%Vrfw^F(TdB-- z=S>H}9sPwvP`|AvbWcs3b>-XG?T@G4FLPJO=G-FGH)3%#e=ic;%g>tEo$BR0b;2;X z6Q&VNv;H?GnNXrd!=sK@y5dKX>%*WJBxIN7@(Pu7LUeWn1xNi3Yy86%j@S6`a%q#1 z2t`KW-QD4j@)#VP4q}_)YsvKyPJ>wq{9A%BkN2}=6b``jOsIEpN$=&oZ&O z9A063YbjwWe;rN;o272Z)RO>HBEQq3j7TxkkSH2)1DgFz$9M1mO<8+KDX$BqY1Isq zn702Z=@wwO|&dXq#RqM?^~2gNwY!C>c8x!E9pgxDxf1g+l~ zKX$K5#!o+VO2+l|TW}6tAH3v};l};li(PLvf5a=b%G_uLOKLD)9|m)(ATnUb7oI$f z|A!kGfA?(%{`d0gww`O`DYD{I-s`2Q`K z6)xKITQ<(|4gIgQ4=|Pr{O|W?xA32v@2(AW?2KFRR!g`f;?HWy`0?UQ{9&8T5}KR% ze-oDK`iJl3Uv|m(uG`lBGR>W=;tPP^n+5#-QsMVUsiZI0PT2?ip4F<|8h&5jYo>tT z3G;b3bGhUbJwt?G13wtu8%OVMNa-BLGlNZ@WW0yG{fic_+$q!>vXXT$@u-7zpSq2D zlbHkV8q6BiwWEI&da>6h5%loZ>&sF`e^z+LW7H2gk?eaz*M!&!e7^p;q~XKKIjah) zae#0sx`A8x)?1lDhyv{KCld$`1!9TPw)iq!Ogp=^R;F7d5h|-9j_eUQcAWw40gqX; z)8*$+>Zdn3Z#OZI^>L5h|Fw6IHO8!;oh;Odf#Rgt_pQYAWSD#{e)0!=qQ4gaf1fG> zPD+fu>A?L&;@#9SoUryJA(VkEaoK6aAH)!L?LFq3yQC+&(SzG|F?}P$F=c=vbV#bw zVMdc1Oz>m6OUixlFMLpv3Q55CVSw2auKdMC5@p63POsVql<=Q$sbq<+2(v}3w#`_r z%YAGTuERcN^SwxNL2!6_8Qg%~e~9P!-7Rh@FubH34b4SP{$il1$7iAiX4YVL9&O~Z zm-KKmTEeR$OeH8nX+b$DrNwzFt(ijnagy=ZOR>_)R?OgF17y>~H5uc`QJ=Yh#?wYk3G`RaY9>!`0qRv(;Mg z^BZQ%ZfG`kQZ~zFTle)VW~EZeQ})OIS8cHXq-~#_SI(RDrghP2HqUD9i`oH{{jE4z)X4~NL7S@>iaz{-i&#fVP&uJ5PpweMDH*>S>Wwv67FnveCcfBo3M`KF_q&7aLZ zAGtC+1j?-kYa>xd{T+tr9)y^k%j@?I z-*t@Zv4iaqAk5<+e?x{BN1f~Th3KVr{%Ph19`C5ePuQl96)und=3CQ_AIt|v z*M&#x{wXlWoWr?bq(aA)+ zA@+giwR>UK+do`i8XZa!?P&y8Kfb%T{NWtt;GNO=eouq=^6UTE zIi9t+>z`)4f6eqO4+rfx_%ZMl5ZP;)(e31sk+}-HpD*8gKpHz)%E8tN-v@%+BI8?R ze2a|lL*`Lre2a{4k@0ad(=O|JuMN|xww^cV_)u7ls*%o=f0PJT^+Da@`JeabZXQ&*uvS-| zRUgj#*35ckA+-guWJOQES0OS>HKD7SEn5@a-CzY)v|23?# zWgBOB6#6h7=Wtj-FxB>b&zWL<^LO8M7;=a24cuGT4`!lRIdpxO3Y49QS|gnZuPzFP zF*QDlf5%}kAB}~=W+1~hSs>rJhs{96HUt(=VVxqdA0|YoBdHB%XkQi9zrRL|5>9b) z!r{fY5Igz$8Mf+x$!{i#o3TRP@`)Oe;Y_(H_Un>ZJj)e&5F*!uuZ#RrS`+R zm4C8p7Wd+`TIKWedh?=LDO+b<+wOGE4`s5~2#v3%x@;meUNLL7wRrB>H9NKCmFxO6 z!?)`87JWA@$vkRV-B#nGU2fDG^;*qpRN60KqU(>DXtdmitQn@YYNgG&v4uI88(sO| ze@?q&HS1QZX*X+Dr`kP$Sw3B|d8|9oSMS*sdjr2}VaJ9YTHmlyX}_Yws4cT*)t=R* zvL0+&RjFeSy2#5R7)jsZPdF)?LCwMF&FQH(a3F?qdgjQB$Mc@)1*gL2I9+NX$|C`n z;9D<#JMW3HINxkDsOa!5LlH&(WrQRkR`j z0K$|H08mQ<1QY-W2nYZ#b23)|00000000000000C0001UWps3DZfA2Ycx`OuT3d7C zxDtLpzha8oQ?*;CG8jU#F*V7Sf4LZ#00CpJFDcm);2=w0S&kvU{>TP08DbK~M*DD1 z9ui`tuUoBF_t!0d`)lpuFVBei4kfp_!dE5t1reJZlgI*!Y-DsFEfLW9mtnS=$A_2rkEMNiJZkU zQTxKp^`BR#;$OJHyKo3ZYXlEvp)h%?;yJ=?*ya?CQP_e9YWkcBe?Q3GMP5-zXNd-L zV9Vdx;{e{G6eB=#cXNP!lm%aBlpNal9Ox~7K!9h`NQy-G9$26bU<-%%5~W1H+YUi8 zWjt6<$mTi|52Z`#QE`lpE{3xpwUizX{3aj}BVWTI*huu>$alqu8Uu@gIBWR$?xbH( z9XqZ=07pHFH?h^)f8qhxB5{d<=}J-3uI9Zg8Sb{*k2ctdymyEXd~{u^2qoAich?MW zZ_~->iP*=1Y$`~cWISk`d-EC&S?Y~F_{@63a!fynP6X3#Ks7fLB3rm#xF4#d$hrN{iQGv(~?A2a3a^!%_&0rSyO z?Tc5XlzaLE{J8Gf&~?Grjw*hAnKH)gk&kPg2|6NavC@;SC|eoel%3x)KZMjobsck# zWHBj2z)v!!fB(cnrg9e2@?)YGiK&x_&&a4`B6JCSaz?59KoXMdIds;DEs_L+Q5t-B zMr@90*hULrZ&C!I>nN@luN3h?-3)K?*P&Z zh|Pl!Ia3xsytP-NnSLs2yngdPd1Z-VagAZK&xZ~D2^96sOjlb&UF}RKU2LyB4D}nO zQ>)CUMb)=1zt2sxU+9dDU=nKo=uf{e>JMMM)@%a(*~C!Vqsnqx*{fV+(+Qrdk;Et5ZOF!)B>XTJmKigRCc5B1+tZ_B3x~jk#1yJCE zu^RM7m1mn6o9P%URk!ldfV# zI5j0~*EGLV4a4mmbu(*>LfBZSou~f2-Rue*%&;ZKi8ZWdu7RP8pJwJ>Mm)X<#$DVq zwfmu7srQSj&~H?NbwkLn-`5wFnyD1}{gE*@^ikiekERo)&@<}8o>n&sc4LiEz3@D1 ze+;i5R;oK&q%DGXN6U1ibd3h!8JWw#wFqz|#I~LCO$S00rz#m89M?inr*fJpy9Lx3 z2%~PVECcBdmz2m~-3KE{5_U1O`@XHYZ;>}qh(*r5=mC2L7<_E@9@`?CvhRpLmK5dD zj@l=WozhhSlE+L+v;<{{?t}!hXoHQ&f80kj5^UyzA)n$PN+g*q8(B4B?dNnpz-1l% z(e`TWfmAW|B`%>t=}NeObO9CNVUi+D%svJ-b3FcGut_f_x__t>XhwC&&}biV-QRw< zm|&$59SIozBkwN(LwOHGCk*}jvhv&SfjC-!>@>*xTnrY6?yFC;obP@Bu)`0@e}9&q z&uf2b$FY-pR4F?faYI&`A?p^96Jx@8?!*Cf1U-;u z;YFr}KLi|$G$6xwT|rcO49yW^e+brktuw~**ge`J+(=H46hH$3NX0RiV4;e`UEoP` z3@iKVEIMUYTuN1iRABSyUNq~=Ep0#+LBdVlZoMcaJFe0ol79qsI7oRT0+?W7M_By{ z*T5CDa7g?80XrQ*5VQ~Hf70uex>s{1W3P1M|8%cD?Mr_qU-P_}k1$ceSOFPaPgI_P z2)#_i1wr=CcrWrAU!t5Z3gxIsGzID}y(e(AZJ&Sl3TFP;OS*Ue1yD-|2w({HiaQ4Y z0Ol(I08mQ<1QY-O2mk;tb23+K-_M_eN`eRWh-U$phPmrElJ0$ynlE}*oaAeZj$ zlI{jkkT{p_lJ4$qB&4NVN4CI(zA!%dduN$u%vR7oPLeU$5=({=FbXgzN$GMp242J zIr8uCHEhO}+;?p~Z>XZ)(ucmIiAAy{$?*hwQ~si)U!s4t`${&+Kt9z&EXPo>2($)K zz8>}3R<)kWqsnRsMUu$wpH5{40-H_P#wf^+_eK|IgAsL+A|SO^To=8t=8wE%75alPny+^ zt3KRzq2KmD%90r_4B6igtM80E#>B*YNiKE&C{Os3pH$scolsL<6OwQjRX-A2 zcUY0oSKT~VQhyWLlae%4*0BJlS4=m?4h|*_UepZ^S5Ew`*<7mIJo*tAHB*u}QeU$j zAM>|1?q7Xff6L-<`})#I+{|#*>{i3pboB3;`rECvn}e2-k&(gSnc>-y!I}9VVH?^J8(@uBU zOk00-sB>8cF-mxygJS$j$6*kgJ&rtZA)zL}(3uWrndaI+X;&Zsj@4FXXa=<+k5iJuYNGd)@0_3Yh z_Ck;DypOWt(-^RnyB&_QHm_M>mqucM&Vwr5tT2>O|2+7j+RQ7)u8QSA@Y|<}i}Qnj z(SKtA3{z{2j{nYs5Vvp2P#SY!!l5YehV%M8cpmtvU}|y|AQgDmHsAfI6owqs(HswT za&zNm-JB4Gn@A-w!fpvVND^vJ%K z4~^>3A{7jxaCb?~Q2=#*mrY}=VD2`>PJhZUJ#z3VgPcHo(K1l>ZswwT&)wF(yc^0@7b3mLO?hW#SDgEK2_Sq6 z;+YvA{7Hi!2IAVPv#X`*B??VpV|5j#(vbO~U#$OpsQjaxs`)(UB55*H2=_v88*lsjDm@YC zZs2S5@_EsP95st_$6qeRWHo~L8<|ZaSLM}E!r!%GNRVZiPKKO^)kxRUU5Snyf`=eu zX;=pUq5aks(cn@c`3jU(n9AM&Ha}hu@+z0*MPY*>B2v0EOSpJ7E*qC8n=e8ioFGyUzlzTf93I&b z%V)thFP)fx+%GW(m`$Jg{{}M@lmA!7)l|)<{P|0xuFE(PjhBpmBU7nTt zm$49(-d5UxBA`p$eVA4|pFmwW$= zi}ySOHVB@V7M}~X?OskO_Z+XbS;d%ANIa*%=G`b+vjR-|JEIta zEI-L#Vs=)>zuO7}YQ`n8nSXn%5EGW?qn`!`O(04mX|>R66@1xNh47)VTK|#Mbt1qy zBqml4pLE$uwtwn511g}aA0zJbtUKvb@6I?IJ+rx|nj%gm-7KqK_K%x43!P};?1wrd zIr0`2ty>cR^oj+lLpE&~MqlDc^`RYvY9MFcIZFxD;?-~fZwy4I&YctNA(I>>;+Df# z)Y73+?=%}bCob7@{Xb%{^v-56TkeE za?x8@OzdQT30PGck8S_#ywDl~Ii^E#=;jqdWp>{nxCam$H6mv0_ zkwzqt8imewj-5HkiZTcts8pU!FDRZmuo6ZA8D@-eBhebR0btXCAmciMSD3;?-vb_4&~+%KoF%CW%5wJGwi0SX2$3f ztXwoQf1g}_%t@gDo-?*}vI7Zpfd9>NX(>~!Ps`nr6Fgf1pyA3pVp_j%EdDe(?#1cK z{&Npsw+V$x`J#^?=+4W}YRNG}zaX`{F;+E6B=BszP4l~nKCl$9>``zzJah7eIm2k5 z#75Uk;MXweVVLQX3#J?DwNe*OZz-~}eIDTG<_hg*O-r$fT^)aDEdjhzYL)Eb_y6ic zbhE#|PJffL29o4OzA6wO$k^Lb2kz3gp_5^_gs>bF+a~7{uju|O$Od}Omq4znRjg}u z0s;RtMwL&RU3D55RW_5|$-M2%QX)UP8T{ssI09C6n1iExor={F-W=HxT++T4L|s%T zy3+lvM=SVY*T28Ql#S;?@VYsBEv>$gtSFbPH-r`tdf0bSsIy3(U zU%dNW71yG{;z!b%h1*6^pn3PXAQlet-E^gF783DG84Vo?I*ETm>-9RaL@Q?dsvA*wR4Rt8EO2q519IhDJq-kxan8*|-r*(3N5M-~*`dvI%L2j*cbX8PJ zd+iOSr%NJIHqrglG7%ZnRn6a#Ve$7PHcF86xB*iGwStcJnZ+2siCNQ`WjOhV})^>B>hg z=Hah`GI1lkE65n)yDgRe-XU1!7Ax`c^~Mq#GsD=ezHMh<`u4ZIQ^ORdk#n8j8_&eZ zSegiJ5pOh|8S3v)MCANNeOmVLC0m1m9xS`zk*0MoCU-V;iv#)^NbqP`MF-L-O*l`p zKhI%fAFNczgS&4@Q4+8midK94trqqm&*+^T@ik>0rpqy6C)Xkg9^HDqoJP55GmXpF zQBiQu=`z8jEV|ZU%VFX&D;&hwWIMJ;H`Q@@fiNdQHhYgQWrbx9!xgWcE3Y_s9T4b+s4zuRAfP_tpg6L|zlh{&%Z`mJO0+9awq&zxVKKzQ^ zyTaQ1NfLi4H?F&sieGyuOTf-hxvd``>*@1)IbU=u&9Qq2Kd&~z92*&RO9^z|7dR5V z-J&8$dzN`7f}i_dF~46XWiGevE*5{g_>pyF^G}#p4wpFMg6C^sg#CzJ?a}BRr93Xfq7O_#gnB8V zS(D>pNJ2`1e|UG_>xHiJSk+K~ClrmAx*_Z=2g-Zt8b;S-YVin?t2&F|ieQMR_8fQB z9$n53obM)RzisEW9{@C$ozm@WwuYuVw3@bK%beX=FhAq#}gj8(F2mw;0ALf+}D!4py-efPGY9K|63`uy3 zcxz5Br()G=@BS76teC+eoTCQr(YMB7=vB~9r%T&~Qa~rL5Wrdaoeoue@f;-`Mky-A z;>ohdZU_7pnVS3{KEEn(b)B^-LO_*t=L}q@T!HW1!KUFyCPRT%`Q*DZXO+58NMN8wXq^NEwRuQF+A-pPz z*8>AFx<)0Zw4-0hv?MZ=T!Q3mR`r8K=gh5fNU0+qMGpk>+OEj#yH!{xf8wl3rdkqR z{RG3iPx`yN$({({8qa#Uu!;y+uaW)D5qwWCjZu1GdWxgD>L(Y_z!jQPcRU8sqck90 zQ{QvYfG9DeNZjiMky96{35t9+^m6ombDtKAusG=u_6vPS0xsy(4`0_~cF%V)but{2 z+>ElaUQ9$3VbCzDEA6g;9S7f1vZE8+VnCr5w>Pz;z1lHX*eRO>4febbnzmZoyhor! zV!35+W&iESSa$n^=*?jJ5qu`D3?rhp0LnR%KmF}4da5*0{zlGmhTa!UB`88g;3baj zuu|jEB;L+L@bNmkF~`)Ob9r8}jJ-A;FU`EY3fmMBaXF3ZQq^$GQf8`N(Tn@!4K8{W zpM<{3U7*cyxFPvdp*JD52X+%Y`vxwok`DYAY1VtAG?QM#SdT}aNF4TC4xh^MxbOaq zG7iC!3*5?+ZGtCnZuK~f<8X}9yyiI;12#g7a!HCa-FW;RjQ5JpL~j_5&2?7i)2n@m z9WV2`&v!GPwz^{}{Y~=uanXr70%yw;9ku11<{~o2uN=)KS~iEQwTiF4V^N2lFg_E0 zVzUB1?=G)J<#v|QeSH;Dbqlwe+y zU5;<)Cc46-li)>FufEz++CRhEB9B>Kjq>2Ue=_&j$ud=H#F@QyUbC(_X&vMxMW3D= zx-YnsuKf98cK(*tKrz)Iz_2^*PIpo8k48IrS&?6d(ZBaUh!2m28Ki)k1q&BniQlJo z3)I85r!Nq$%c_mlwp6aov-aReS@C{^P{~&AddKN6og>YgoGB|is+MNkvXv~Q2rSgx zf6Ae1PTB~5c=(JuiMvms63IGs=e$ddM&*EZX6?U`a!aGi-%o+BH>)aMU!G0X5l}fS zaeoUd*s31l2<*_r9pWfkRE%l=vpm?3SlfBd~3DV1yBYs;}^y5!N@Pn7u5sv9u?RE_(v9G2r-6vam=RubvMv!ki zQ2xaj>ri(m48nP<$lzK0MT}GmCtrD2XI|(l6(nP)P5j2=-TJ9rZc?JSgMmE77#*bK zYeR*lOHCTFeMwQE^tJ~0eQaQGQu)hF!8*yez|ahg&$H5MnI>OU6mM|;)J{L&3#q{g z)lhJpqt|e{a3~m7QxCQs%MLYYBC2vdEARQ{qu(6-to!O4F*+iKIo?W8!?Sd3^2<_A zC=oeeP*h)PQ7RPW{7iv=Ly7t7yQ3lglO`Fy%$*S2vxFehF5yLOa7^!@acHFkV4xL0 z8DqNg;zIycx=fgX+K%~9=z})wUd`7C$}*p4{)>+>vCHZ?gKD%^{hS!he9yzYKavTT z@pbCX>0Cqg-10&w-mjEy$(jLv60+trfsz7S7sah|$My`2@6m5%yg^fTD8)KP+12;t zvtM^ZN#f>;h5GpT1iZTk(EV9*MD5uzw31!Y8i$<*P9bzGFoaq z@4TCv!^yQZeV1sV&i);dxiihWl}xq_h1eejxVP%b{~?}9bA?jI8uG@9!;$y|Ub0Hl z;wOxgR6AK4$>M*yjIf#f4EZ1{l&NYO0YSl9KC6YzICT*qaFcOgjnzXZdaT|0E0}pc z;nIYVr(t=dtiNQ~1D`foy+O)?kKMFAGBsb#pY5%^t!}LzfoVBWxrYV8%_at3v^pe9 zOS9+8W|$o*G@rFRQcG3%Qo6k2(G}!cf8}+k+qZtB&-=%P z%~x-=qMxEbJ(biq`wJU-UY`xmVpLg^(0J47`BYd7bu@yXHR9ze%#~_(ToZst^c2$zbcTW}{;^jMU2t=+TNP`%(P+RNZkGaaBvHRHnu0x{8 zLfmG1kQ>k4Kli@QxV=33)>I>Ye$%=wLCi969G%uFMdwH<3cxvJ|Nc~74AOu7OV1@u z{R5FPxWCx^zVq7Wo@kREwbh$Y5?2 zNs6zvM~-l^5x6@glnrtzQSO#ZAG}l>`&@83 zq}LVqT<{lO!p|jwF&s%kz$K2jA!SPkO}|V7L|}atS#R<4;N_yjG7(=?(D>-6z9Vuw z74zPupNz&Z`p>tcD`l&ths>*T1B-zo32ZCeC&cY>&#nx_D+*M4)p)BPj$d@9U#}Z^ z6wp3uzcs3Smz!Z)kjrKM7zWoW5k+H(Mtei6;$(rr{B`K3GcdY^lPk8Z($V3^5rG4y zgFHXrFcvp5$vCo!FLJy!Xjri3+YphzxiMn8hhgtGCcpF)d6@EXCGv18)t_%%*m5m( z&CX1J^^Vil;Q#l`3w+)2TJddm<&7ZHgY(UaG;0x`nE;A?#C5}qwTaK7bI_AY#_`$` z%CE`Bqrw=m)_{x?fUr2*0uTF$PN9$lklYu=oP-On3klR5Idwa!ipT*1uc*cRTW-Z^ z?y#2MWk|Ya6n!x>@UK$R^k*0!fH=SFjpkvs4K*3!$R=|w{qQn*q+ps|s`&2vOeuJI zhKFyBD0Q3n$a_)aid8eEy@?}8I5(~sq_+>uw?{MW-DCTmSQ#0zOD}tf3`+CDv83&3NYvj3;s{KArGE335c2=kx!?)W_ zTwI)8CVKWfWn|}!zJ3|8cxGNphKV&)zl;x2OSMS-VPoUL_-YWENDsA<4AP*^|3Lt5 zegacmTcvPZQ39ryQ1?X2WLRJNJEbuRZ-3{R0NYixSfQ8NKNt@6DR5P~iUb za$AM^RdO~`+2Erfco5bpE%r8*!#OH<+QFhJ5ZivFKpBUsStt^MdxD{?nQ=eWTX1_R zVJ`=qZ~ZtKc{!mT5U~4X=gjjvIjSACCBleU>!rEhTgCkL^j&5iOD(9UOJpG!jYe2W zfXIQ+s7NHr)~3i7vm}Ti@i!uH8Dit;W6y{mO8L)?=ncf8kr#dQ{w5AfO8 z{%xB3$&l*Hy@7Wb|FFz|=xHJtdPx+kvl+cg-{#xRMIyMcx(e2NlDQUo_!CSM6~g_> zH?RW~)op#q|Iqcj0Hb)^vO%X_1Y)xZZ1aNnj$i96gjw^I*gzKjCYJR%4R4=Vx#F4P zZlgDeex1BR>JuttmAm!n|WvmO7^53HTtAC#FhmO;QQil`UC21=^_X-hN=FN9gB79FBdP(Hc@~ zas(4L9~V?TI`Vy|ujw5*%YJj@dn-RGEY#E9@M}%K%B~t^4tZUySiPii%fYhmsrGN4 zxe_wD0n=xk8`&Ni0MLzEW%fT7#l@uVj1&(;AX%ML##FUfRdyF&xi&+Hx@0l~|HjGB(_P8N55J5}|n%Fs8e|5#7LS0x#MfT?^==O+D5;^-IHOs2C z>?#GisGdS95WE(hrn27y;ib$ki@BXuDSPhJby@qbd~3#wZt<&QX#h98H7RkXPgc!* zkydNU7A;aK8^)c0jvR>l_lAWC<)A;OyzsNr)o^SzzT25|C%nm*Rp(Qh5b1wlCoNfw zBrpO1!_rc36GkfT!P}G7d)jV4f_M0~Yjq=JB9&@_V^BI2r$Ua-yF)IXTwHMD z&Ep&CWn(3a4|$YP)YO!vSYWi-8_ot&{vd&bAyyAAqcwHEtnwm?sytZP?;|2As-WVW z*73OcnCDA3*ZZ0V=C!M|QIdek-QKmse(ptc<*HO4@|*$5o-bCwCBOAOIcxKhxSb<$ z&`lSoNs$;js4Ot}aJgNuiA`{sxytM$a(QWyEd0>7y}DDL2!jAHutfimq6!d*9U&7K z>3&9p3PJ(iu42q0I;zNvPFK_Wu`5r10H@1W^5;c}e)DH@rH?{>eDdg=^x_;egX)hp zWP`)EQMD0FyCh0R{db`yMN}Upv?(bCStD7Lvg5gqvP`44ebf$E%u!{=USs-?+X9}P zczbTg@1FKbl9m*#@3ALhTLzLh;p5t1$LE98jtO|LB>syfjbS=5scrF)P#AFEJF_>o zG#9^>KTQ4=9rKv^&r7>UTDt|Mf5MwoG+KE8i7Di}=yVs&giUknV2UmD@TXi^$mpJ9 z5~9Y9*)^G`@KS#bf_+X_CnyD+?53E*2!pV@OK1P~g5cS3`imm)WG9B^ehNDz;Xm;k z`e@p8G){_n!V}@M61@TXeugHG_lgOg1BdJMSb(wF&D0B-5ThgBzcu|g8T0use8l^X zs=DmUP*jUz32k!Q8stN+zZ(=5jJEq$Ado=Fj~v2uI*v~V?rre&+;k|dq_AI-Ai}B5 z5ts5RAJmsQ>Ma*{WeKA*MW3W3|Nd@ZhLZdItC}O~g>jb!CS#{IA0-5ZW`JRqiTcI? z$+-Y=*B-9sv%vdCZ6lw1Ptn_Rrw66S??SY6nTCy#)xot;9VTl#LGW^8@}HGoNW1KR zt_);(ULF;JE*mgWsNne1KiUvUdJWen^J{3Jd5t<;i-R~tB<8tkO76xf>cyn(Vm!lK zO|?BNP+Q7g(dq1+D?MSXiQte9k(xsO%RGvUz>Fb2&Nor&(;5saibLW+BHL*A6}vde zDEM6J;e88DZ$mkBt4{~Tt^|h?3)oH}>2dO1IZN^-Zh-*GI8M}^L6*={B6R_o-Ux8m zxXE2EWda9zyPbU3#J88b4=yo5s&P91Ic0hLo1M=QI(hrBvvd<=ooMl%l%=c(Z>%R~ z%az?g$c+$R<033G#qad*mAsDN4fpIQP0LKTWoqp#YPH!f`d7J}^J z5wYoo7-+0~+;f}9-al$d{VQS;AjcR=ss_=}VxJ`KKM{e>lw<*+HtxWi!U0qutgeMz87Uu1-cM zpxA1#1JixSbvOJMJGBqG%?K-5gc~1UBxS$uOC~~`DL7skRnS6XpAxDxAWkF`%<}z` zzJE$Pn!{eYc#f6Kp%J=)Rs7C^(9F&Hz;*DXZUtE9|7izhJ=> zw=+(L@E3YwKhXp6^5lXa_Dwr>>Y-oq{JJ2H?>pbuJOT94S!(HUvvG1}*u{)B2`uGq zMQbBnJ^La`+C|czNcDa(g^;7SkJ1B87S#R{zB7;rOpI68K~A z(epiA58tx;^wyPmysJqF`H=xZ!a%;+_P%1-V`46BYWO%RJBcJf^aIB0(qU?ffg~J{ zos`hfY8*QL{!>;_Y*+xi0{Yk=vP4g`s_-nYKJrP61YNNWaPikHR;CcW*4>^r7$B8-EgxtV}7i%e=r!~FnEMS>A!3{s2f@L{mOG| zp6Fd8LWXC-R`1d<}$&kKuS=cVwqRglq*}!v zr|UE{Ll2aRx+`;{sq=RT_A8emRY+id=)YFlu~`R9r4Ft7itQqt5?NWe@iT0wecRz= zlS3a(jjukF0H#iK8ET^rFNKM+4rZ3NQ;|q9!^GUk-qD^qDqg_GMdeZ9eT4~z=s>`N znW5)zG7?^7Ij=uxnxi3q;BAF6TjCA-P@3G8f1NXN;2wL50$)4i-H(QduDC`=St+FI_Hj*-a3A zea4%ng|t7d+b{fyk!GaRxgA?$F>*b{k!T&t?*C}!co413<^4JJAA15$X~v6h9CyI> z3+jiP5kH97fXKsb`Gm-Q-x=)8$m<`U_MJW{VeVxHGNE23r;ikPipzP;K@3u4$&kq5 z4)hc@M|-U6R#Dcbx4aKUY0Z#ei9h_lcz5TudWGqazB;5=Wo*5;EnZ@C7$ zZlF+uwiTvNc6In{x0@U;DClBVn1rQ~VvnDqn>21-$r(XnH)J^o;T}}e)&4AmuR_Op zVyV3p_S(Kl)97-P@uZRIZ!)&?P$g$0ueqIY_=_ocx$c#0btM(RKnn^b6rWzf6Ro~v z94H10B){>I>v9$^iiKP9P?DoW2BP(ylHwTYFl1c?$Z6Xw z*X;jI(cG@xP(yh!bcxufII$xeq4*9ACOP7dB_~|3lUkuWTqL!L+z#D5Pyx{qxr~K5 zxKOPY`e%~h_|_uu6g0ZOEw7a%L_W9`20TKgT9r%DIl=#74U;49^rLgk@o90bj2>>R z4$mxu1;$$b`6OeIY_#j3_`Ju>hJT!r9r+v`-TgZ1_+;z}QDw@?9gj%=5i9iicy1UL zh9&cQ#X}}8==tkbyb)Pm0(COtepS^n)2$VlC|!^O;(`2oJ^0O9MfeX+6?LP0;?`hI z$siX}JuEIR~2vr~_c8QXqrkbiB~29Gn|n}MsF3IuEZE}`jq&5lT#Z?1E|Rp|`l zn0H8TaU99T)<=UA>u;l(2ihl5F@6JjAa%U`c=$WuO#41IW0i4f;tRr)Ro{)-`HkQQ zy9xb{7=$bbo35VXcQQ5#3BCYPJjdVI31qM6M{t|Jx}hZ=d-Dzqy+1SP=5~x#U8L=l zJc(vY!DC^H<;+3>r!Z`^#a9F?9h+{(_!vyabl>$fWwNbg^ouBwEu`h!Zgdb8F*u60 zD=r_Dj)tR?sSHg1JAVSpDTOi$GE-Tj2Q(4V(9(8|=_8+2tnNf$%)uQfa4=_5ZJ7sZ zZE)_9=%igxV~?MYt;dsCYjlkuVjR5Nc_G-^!l`KOBY3znG#Mu&;4$~DORwD7x#S>y zp_z}1QZSYPNh}7_Gxiwgh9@UmT123QDuGntISs?u4HWXbC#u~sbrwDv+188V6OT{~MgV}yUCmH=*6?iA{G1(IT?Kj&$ zW6~AfZx#^GcQrIN4$Sw1K`7qDTe0ljk@l&L0SIYo;lY4JXq-8G~n1lj2* z5OlRsfCo0+M=gqOKRS7Ijg3l_Gc%7!t9!#Vz0*$~w2{SJDlGvbJYs56PRZ_CCla=` z_KHk$g+@u#6mB;&UP0KrW4pAC78^|CBe|2H=8&2O`KE<^fV@lT-49p$VwPqsOzoK4 zHOdeuy#%sB0ZOh23r&3{;PfI83{4E<(0BY*_g`!xk*Qf{Ix+bX&dzDhABQ1-C!YT!&CZ4u;C2RH6WC{8pqzKHXt7x=Z%0&N0QR7& z!dI~`8s!Eqg6L?}ZW6%YC@uFZV?o;iNZ%A+ub6cqu`YfcTQ*tO%UvY60zePsU$L1a zaO-nt%%yK)n8Rbb^PF-}*mEgPgn2MhUC zHy3^PqkaI}no^!0_HXbf5zP6i`#KBT6@jBdYC(uek`CmGp!4jp`?p6%V-p-evRm_I zIfmSg1$w5V!z*tpy%8upst-=B6C_>D#LIBw6#EBrbqhVX)ReP$OwKKd!F!p2Dg0R96# zV}#7dkF>NXx#^yvWh6JBLRI4y;2>{oP1GaJ&7S#QoRwL82_p7cmpMI;<&{oOple0B zv0yDco+-wD9Q-`WIaixAMf9G=`0txfg|IHB5KcWNtgBCKiL<( zQPbQssJ)w0LfpG?U122_x`6<=(5ez}(BSO#S09cN+SYl5BLa0qk@Tkz`5JM(@UFLo z^q%}rdn}hg?#zCqm$+z(p=u!0&y#$ZHw@O|p8rkAeP?J&BnhT3AH$KFk z^)bU|p*#M26i_n{Zv=?D64&AsmJ^-r@Ku`09^B5=-{Qv>Q%v=!vWJ;Nbf#O6mvcNn zirCnK{cj9wk(h+EF4G7qDylD6pM3Y)34He2Ki%iP_CxeQ5-yEm_1`Q?!rMQx0%~e! zl`*i-q)%t~(a~%jI}2U5`lf6ViQ#Qh;VV4HT95bG8_hKgzDER19l||JGc5cmk2!e! zF>sL==rE~H8UH#>jh#nG)K`R9u=9dGgHR2`gwa}FvFq$U+2zNrc)`UXRBarWOJqv% zNNl?z#;wMM4{XT`ZKU}3kS*F8=K8~FJ#iRQ$zQ0^+)aj5T|O>RA1iuHposD>g`WI| zaaQkhrk7z3Kf-patiw}z6PmXJitKf(c6FD3ndt5eFX$q}C8PI-8I8jwSN}kBHG4p3 zu5G#GpP%H6)` zuW+0{@V~dLC!OHLQqYVOOI7oefy(E$Bk8CrDAPDjNk2SIbfcG`!zVOCp?L=?5YP~A z!9)N{?xZv#GIPo2c7YtUqruCX*x>hY4NEdyEQbcMlQ8*4pa3g@r?9FAd;Ea94AGCJ zbo>ELoYX2iN9yDW#1{=)PSGCfwY;SwtFunUs3p}p!-b!VYcUn1+vp z^NOgjkWsWabFuO2UFr~hN`HNI(zGK{vZT^8IZU^Ag<-g*(eeWtrBeh9gCYFZS*)s0 zg5ks`v_@k(KAZY1bxG|XMSZ_2LXx!iWoHX0m2|qdNQ;o%MJ4o-YNP97HX7%+e&i#X zT$!aT7Wh?~DlK(itn|OKwTtdnHRcbRxSK)5grHkgKnrOveptU~pQ;8n7pdpVjT#1- zuvv4_?k7Hs<2W^$6&hdhK@DQP0NY9S4`^&^H*R{lT|L(35gMg}6XlC_RWyC+*QSZO z-0tx#5T;)^gr^&_Ey!RCu3;I^q~Zno_VN0!cj#GZ76PqZS|~0^ZG`|U-sd)Sm1Rx2 zZz~1^96#zfUkXrdH;5*wiEa>TtGH5BC0jtEGh9qdbr~!v(Jp;3KyzMgF+nYJinMO>ezc#H@dx_Poc|gp~3PJjT#f($@Vd8W;k$LdPL{* zGjL)kV6+43h%v&+(fHI_f$2Kvz!%Ec!SUCu^)fi`tuvo6dbVQGYKP7Cu=Qm!u#l-P zb}Exfln!gNC7R`UfgWWIa8?{ByaC`@!?ecF40R{i>DUN0$HVRmKxdwqLReq}>N^y1 z2tSVioIzE&xA?|GW{IZ#Q1!7|cKwoZW_n;zOH_jH?E6E}6U@QHKlJ_E(OkMj7!qWv zjI@ej_%&_&-!Ja~2Xu)026jPdH*r6?O47@4(g0WF3=RcIhU7z;=o;f@O^i6`Qd;C* zh&q{#*ca&FmDzWHl)g+X|6$Nd zA09nyZ=W(IPs}()!;hPU7BSNGHau|1Pl9t+FG8Sv0{ImAmvJck>%xD#Lmv&^p~ilF zKVcUckE98d4-)kgc$3i?X-JHAusEf!i1G>B<+6tf{HJN`OLblmnYf}{iB_aM2e-fXh}XwDqDXyEdgFN+*f}9&+?_DmZ-rtbj#6Lo)ehoct2_lxpzmvO1 zLl%b?<>V_*!G_~z4#S-tZ)%;UL1Gu2eB z>`g6zpWC93l;T_8Okl+{28z>GCDkWtPS9_hRqz-8M>`#{BotJG=XOYs-62jzw3~e( zNvBI9)(gj)`-9*lmL3PaoLcVFglntZa|D4EL_i-tS%#MbgqSqVkbC8GS zz5s^)qpZ2QPWSYj)(_db?d~tQs-tzVeoaW!WMQUgS2pR zb@|)7{?LCyeoYZlM4^Sa7*45mQVcInHT_5u3X&QZ(u`&8+_ji1zWu366HhW?dXzUpeaN3iac6?Zsm9dVQE+kOd$W=g9#g{~Tv`Y#UAlrNl?Nx4<< z;MLfa5D%2H-}2If_0N%oZl=W8TcJ-10UBaCHA>A3)&dT>9xiH9_SYjc<;jSfOv$AU zVZZly>F66@o)yb5voBW0~*x5}<_oQHZ*?>(M-8ru&Z@ddD*sli% zFf;}cNDq?~T3{5a?L1HqPgGC;N$hLbT$3q~SUD)RF!T$I`~!K_O`0;NVMDoa$BS74 zD_|OUQYT33j^CSfs|8q|v18zm*9vwmklp%{e}9?2E83aldH|#|NHMmLB#tx0>4<1E z1^WHKWG4-}Wd)YBeEbs8TxIHYpuXBMPKu+>k~O+E#*w6)Z{*BzNMB4ERB6bH0X;W< zIisdI6G%{*bXq`bCR7dW?YUO@SHHt=&nS?%&d+xH?(l*_pAwRV6MMd!qihR*RVRMw z1J4 z81ZTj2$}dK{%|70kuI=N~XAi9+LOHM9~cY zTCUUs(FkKGM5X>PDvLYC*2?(NiBc~khPkeQ%+^4?14@YHn08` zV=L#3Xsg2uzmJR3L+oCS_zC$+_S)QOL-Ld(oHE9tmsVGQTnE4YOp2G(L}BG;m*vRe zlY-o36>CJpVR+)26vPpyl!S+qJwbQYK)^ZsHjtqc%yI?|8g%L!SZ@ow)pEl@^I>GJ zvR&mWbZpH)>XP9wY0%2wJ4dFN>`!u$W`y_VM$#7E%rp*T^;qOcAeTwWE2JlNZ2i~X8P2X85y~*h!Cf5JN??>O zR>>NZyi0aN4&Lhu^!0f~>Yytea(g%T$a%}s?)ys4;T%FCP$-g=S-va~huvtyS*e5^ zfUjpx=uQ=~wV=Ub?HS2r^CUA_UQ#6Rs#*}^4dl!&5kS{|1&6-8SgPx@kU@c%f6X!% zPI0=aJYL(0#)<6E$TbJ;ROvea9BPz|?~HM47#|&!(dAv$3+@SNh0KWU0Wk`c&?vOi zk0h?cBOn#4qsfvT`hz&9V4BjJiHvpY!*3Eu!OrwxyY=x3 z)+d32wo=#0u>}U`;8r)d3BDz(UrkY^}Iu!F}XjeAXLw>bXpAC=>614 zL`ev9nn-iV>Q5?u%nkjb#5|5DVZ>au%uZ^|k~7GE@rni2S@p*7BN^u7 zqubVjN~Ap26G0;p5B)P)(Kh?s4xHF8dif2eMH~a_x%444xpsy|Gy34V@G{%tA_{JVS)a;i_Re!0Z zZ(qq&80cOEy}i_k_t6KJzxVz1o_R`TXzThZv#TY6lhqlCFK@(#uVNR#==yX4@uH^O zx=Pcnlb=a6x5c##)-4yk*OIoJ-H4cNl?GUmnrTbt5@GoU5i1cqbtRtqbH<=@%%ZE- zxdYh+zb@pirkpy2{IGZ6T7C=o$7HSe)vZELO$5;Sh?`bKxdl2dC~tj}q1N;;c~DlL zl^HR;VCzo*^umZo176A_{&3i7LW6m%g z=O86{hSNff(sx5z2S4uxonyn;ovePJ^45QNumIl1|0?51are4Q9Q(3*=F7%*BBg=Z zg9>Z9REH0j!f>#zIx_m3g#;n;Xy=2XVE_8rZ#UebUArds!-EgD6p)7KZ$+C}P~*n` zo=6h`&kQwqlF)wSJ4}_?bRb5apLd$kcxk@pY_rjw(r2nr7vvM;c-ESBU1*i5r64f*2UHoS4vnHi{R z{W?82Tame*aIv;1ZYA4dWMl z_B%h^DoSE0uJnT4?C;xke#%}?^pTxScq{Fy%`+^lrT#A_<|S{&i{i{bCLu@tbVwQW z<4E1ssI8}9y-@sok^}%nTyIpiZHZ^|w4peP9O zS)&vu)xuYtE?F!>4G4xlcfWXie0+%e8HbyV1`r^X0ScWL| zx^5J0SDx3#At5r_X)KzMR;&F<$f;cs5outdG^%D4zjkzQE4NLg@)eQ8?`*U_wZxa2 zC^tSHtGE;8)&~XG2l0oC1XN>L#|i@JPze1Hsp(Y_(x&@QVZ)rbUT<^-@RC5p z1-vkL@%QImyEJ*56abe%Q72c65<|o)a8-_${q_?nk;f4W6&2 zs^-8Mv%u3_%34OwrZls3{?WcKU61prYb)H%gp3u6qfiVb+H5%@uoT_R`%jK+6wu;q zbb4pzP*gTLi||)AZ>Y+CSz0X?GIkZz%hJ)*>#KOJgW z82exV=hy{6)Auzm=Dq3s`GKqC5dmh0Dy#_e&zF-KUp%Z_XN;>EJR>`ao&dk2g-q%{I4~ryT4Ouf-U-4Dah5^L#dp*3coV>b22g=I;jv}lBJ<;gOUVBIxbqfOmZAHnu)Mqq)5qsv`Es6+vX1ST<6i1R0~JZqNa)-gSMM@jLu^8>ltI zj|ta&^YTP<$9CtJQC(#ar0mue`n=mOm&@nVbMV<2Q4W#j z(LuCZld(|5fK_4t3eLaMWjOw|`i_+?M4V0jMMZ`m(lC_@?4p{`+HAG62Up(HVCK%Y zZ@-@JSl>`IL|6VYUm1*r%ug2#eC!441vWhheaynD$8#bff#ld=mCC>Qimn)7*c6ij9N+B= z`tFr1|M-h4&~c_<{)s=979s>-D~^gv{a!Hk5gVkXxp#Ip3BW?cBm_yjX0`6#9SE(s z{awF1f!{Dve5-W>yYES1=>v0rov(Hb_5#Q5)Ui=Indb5O+dN65&XMWgu{gp*IHL0b z1)lZ;X@iGgAgk~O&Q+R~-DC?qkg3i@d8O^sRDqxa<-s4EQ=Y2o2@ufasjC42Uctq3 z>Ub-oOPG(b<2)mS@UF@DpvzPLA~0T5806@~A2)en?eU!!Wd z=c<*1B?b#nQ&o_b%-%#NhDZ`4%eONa%`ZK(R72Z2(0`s!G^*~fp~oXG4a){ zYo-hO4K~MB5BOjLDlJ?_-B0T3K<@`Lv}-~w5{M+SZy(x-$to9(S}C*;?>)*@3)BUy z65amNusBeoU5Ro2M??Y{(4+^>J?>>a?YU>Q9*+&b1IFGFViGPc!+)Nyx#E_IJVQ;( zVJMlchkcB)cR*iFCl^ZIo5JU{uG5?rTb3YS`DT)I z5JiJLptU^gMSkH|8wO;ph+1plA$>Pq zzUC+))$%6V?)H+;}b}xa$=@Nk9U439=nbR!z zXrxS)L8DED9S$w~offFUCovfY0J1>|uO13eK$Z$2M(`hfV7MUu2VycF8v-3m#X+j* zkMDePm`@G!Z~q-HM+JYPe@4@uybfFu%0M$OvCVG2#Xukqj#YQxJAX0J>;FE;-PgRZ(I~8Os+0zch9aq8VWw=<%t2r zfIk8ARiM!2=20WBC#TA^M+QV5rb54>yjzC^`q)X07ILXr8&|OkpoAw2qFa^Fwv96b3iyrIq z8wXm(B0nG!$S3r9ek~rM_BqlLT$@5uO0Awjx~mg{zk~fAa!YvI@iQbp>^hU|p?B=L z?>W}GZr0Q=O%IxpY`@Qt#d(?&_z2$w`_LYUbO}JB&bx@YaBjm4{j2(7^X+(#gn_YL zWjVilK<^p)Rno%=ZTn&r+s>o2J!&RoHJg1^unqZrKVX+!6XPNW^b`0+g8A z_a=#7)Pjb;)e|^9#N-kv6vwW*F%n|ycS@2Wf`=??$lweviLKLFM8*lPXC*FRJ~Y- zlKPnZdr-A2#o@L;gV4VQd}O1K2fj#8nnDA;9wZ@G38f*-<{Ynf~?_#Bo z2KaDeyK%na5RXIKogHEE(L5pLgb@QJ27#iX2w38}p^=Wjr;lZ6KH5TZG9oXb!p=!w zAU=C}`kGl&CwHaWqXEV_dWadY4%=AtH&u~Oz-l63G3^M{u`f2w9&Rd%hiu0875t|) zg-hdzo9=3<+E2jI{k-81yC zq=;Z@&4NT_ob&&RG?@lb;nu^|-a11srpK23PRpB`#)1I5qv)(kHt1{Yf^wFE#raI; zA7>|m`l&Huc8W6@;ZSbM*Qo*6P7JZMAWC~3{DyFJy&uGzWFCIuW?^fAQ-7QhO|b9Z zzqxk;yEp}pdL>Fzdlby!jPVUr> zg=#~Mnm=P=5itZpbjhiH9J=?q;t73KD(!b>nB&4$evgw`1!q~ifBeb3;q~Ja8E$3t zm+EWU1$-qC75$=1ZZX2p1u@Xl$K=R+IY85MG1cc0ooeCPJ>ffCL?f0z95OJ_q8JI= z;R}{@9nwBAXuB((p=ece{9W#&$B1>04j@AIr}HmlMgI+FAJ;ywso7q#F$TsaaWjTL z;HX?NBl)r2;1Q7R!Ek9yi>$ZUhhb>b;*=(o&d~^M(srk>vGfJyF#xB39&7GX(4Jry zHUjSYPc9DK1g@CkpVOus|2W^|D?$-8>G=eXX&FoWO_jhW=f>Z|*;s8lLXPcQ#WN+k z<)yD#b$?#ZBtw92!wqycU6{lQ%}M;H|1oKDn>H&w!w;3{0b$`dw$|WFN?a@)M1OiX z8Cg63*Vrzh57`E6h0=Yo$hhtk+$9-mB`*~(@ zv>vNMS$3hgKzO_evMXOCoFngJF3G*-{=f`2hwq5lZx0Ec=M;em~JuA7>wp1!w%bn=9vbQJB_wX z06^KyouJ_@K4E{e6L_zEY9@)54tZuPRF}pSif8kNWwH9e$!TeesPAv)z!U5Jyl2M) z&92XZ;3E?jKp`$ZSn9uipc`*jpU3cL0R6o4*fi7f^ktRraJmNo1hv`66{;J+4A=68 zo7+Fm`Y+b2YJK?}QI?q&h@qMWv2z=bd(;C0N#2fU+fo|@2jirsMT!^+R9V}7qsJWg zaRn=uHSGs&d1df^>zS?Hd3@YTZokl#x_Qb)eND9~D0WJ)jPK#<-n-96*qhoaYXHrc z9)|z{?s~Js{396f3quABv;X&NC=won@9MgEnR-kFTV2ouGuO?W*nb0Litf~Xg{imX zfFA&LlEm3Kn-#;=>~i&TW=i23S8*JDy!dDv${UO0zc=@?#!?P z45!|iEh?dE#=tA)d^K36;lIkk#x=g!;86X-_KY@Z6g``^5_C6$NhF+*8~BvWQ^uXa z;=b(^7L@No1L#qxDaDd;=vkVJ~s17lrd_s+pYA77tu{s&l}<{c|s z&H}GEiJ^NuboA!v;rwHY?D3Q#atvsmfwHsPJ4RVp*$o*qrTC`&;w~`N@1py;I>;w3 z|2?j!tPTSsqfLyrRA2;4?(+lP(|N!KiFsrQ!$CStD^WE1E=@QTz7qg=3`(Rhs=EvF zENjh1bNGENW?C$Hi)3u^kUCxa*yrW-Zy+1s_8s6qhKn-N-6ci~m_(*AwdO@K1$1-E zIZ&$nD&{I;EL2jl(!*IBG6exsFfXMDulGQnL`MyNK_m(khfnaAvsjU=a}kNUWrqHp z=r*f=0s)0$--!g^2-^8J-)r5UhffE_YIaWG)iCi(qMq4f2>YevKcLggV!NKNLq3}T zb6mFU+(H2}7Sp@QtY92H@KMKmOV|%<8eRIX!uO1P5om6mJ)$xI*DLZ3tmd`D2-QmW z)1Spf5;utzf*95r^XdE>M>foJQmphs1Bd`Y-@?i&dg02k$J5pAs6 zmse(0tjxbb9{>PT1`xCv?o6$PjGej1#0I^voqgJqw=IK}Et*ZNkP0{4Cb_>uH-fpz zR4in+OaxyC%$RzdY|ze2z+MY4h&dPt)KVz5DLCL`0hp6g{BvFvT4}|}sfGtsC=d|g zVMgHzy(@*QkbLUO?@w}95qMersW6SzNj`||)HoY}`kS8Qt43}_*?LP{!e&3se?s|$ zdkM#jctYhmg6xj4{mw|!D;Rzv{Ap_0cPB1%JE~n_6mBh3_omAdPRA4-cj>Y`90!|O z)6R^Q7#`iX=N*0RmW6o{=z1XTo_}v<0e5{#UOI5gXg%<57@8g{f=ngGLSGoyTtw%W zfbvxkq)Toi)LQQa9WH?EG>>Z$3-%H5DZgKTS*;YoVC)9YCRyPEcvcR3wfznNnvrF% z2H^hZUZQ)DIdQNgGJep4BJH*BN6M{)r>iB(qfg3+rz=o?C*aN}iq$$ zDR25*cvc7y2@sHrssS~t?bt;D{%nuDhImCy`~>(3Wh$P0xsqT(8=4fm93S6zmX&-n zVVcFHc(5Z9<+H^^m=ZU>N%mS1d!;gT&-G?EkHTc#i z;eYcNY*SO%G4!M;j`lr*f$dzcJ_i6X3*?Vf#47rY|M0cseoK4UQcktD} z5~iXH{=4co#P8<$kHLFbG49HV!nwHGe1Q9gX+wqads;7R0{M5cpe3D5e+u;9&a6Ar3Pxq8T` z#ejP6We!}L$%Fl-h2dlC>y!E~J3p?{|0*69%PK7_gw^~Y!nLh>(s9^`UxH_RGS;+v zJ+i#8UPhbMFqwxF3(`Rhx~Luiwg~^EgFX;o8Wv4ds{j$;b~{ag#=bL)nemZB?(brR z*ZqfdiHivLMbWy7@zKD{_Ri;-jyGJM_=nWW8-V5CvGKF8&s9%Je;l_Bq&n%9REZ17 zIwz+;c!iVwW~hiPEp}np=7yVp_}?`WhUzb+h(VjpK(J|g$Rog*hmnT>_@C1QM%4bc z+KXrcZGdn2U(nJgiK9POXq}_iO!Uy5a$XT=g{EMMg0{lh8h@jd?5J5M7ijlm zcCib_ykE4QwSF*LvNg*n%sa-)nF>2k|4(>P{<^DL$@xF=S0In;D4xao3u@fLx)}7z z7oTzPx_MKY9yNM2;1JnQ{by3IOAxDmYb$5yX7pCx!E``u%DIrt7Ec1|k8IgtTN_r% zXz#S3s1&8o3CUJ+pG3|SkLQTN{oi@QSo3grW4oML&7H}1{bZTF!~Hab=b5!AI|M5L z=tM6K*#8U532eg%4#LVNj1+N)>ukOKpv4kO!pHFYqxeXz793~`n^W!NuL=G>ubPcH zQ2q1zM6`i&Kkm4@vo4ZvkL|c{#-Arireln6sf%Ro;-vtk2b$z zZok<`Rqg8ZVNRy_L6OY^VZf4^4MtnkveFCu9a?0^TNb7bO+YK$f9dL^S*OqO58M!1 z@bRxFp=U@q&7{bkNbe@)k6!+6Dv^ZsUJ(L0_6P(cJY3RqCm}zDIn0xer|g%b-}5MN zNeBei#i=`38MrgF^E%L@xD7D_J@V@3__@hMWMO6U*Fpgqv?;A#Q!*%3SJ<$?b1NV~ zYCd+KXvCSJyGr)80}|i~TXR>QD;AjCkAxQuWi{6HA4NPhokp2B111jrOt}5Wd%Q8^E z?cYFXnylQ{6nUzZm;*@aKv&;Auynh%cMpDO-GI4TjDi${a(`_*m>qxiD4!;^#CFbw65aA({o?{Y1H6@mIgiDT|I@M&SW6uv`&*xakl^E6j9N)a^lu{#RA!SZw)sc~rVU;iQwd1^$)AsVQi|{tN z_DB|#<4_d?TM2sQO955b$3)y4U=Ws*O5tL6$S|4e3Rm{r-umm=Z|`1*Q{o?rUvpv7 z%{QF~W?rvIc|DK1dIq@f#$mdhtyGVokzC{X9CS$EK0nzQ0&Q_l-n(YbZL8yyb&z!f z0grvhDV5CzluZ_YuO=qqKJL2wWPmf@0Uxj`A2;w98yx?%TTI2^Q#hU=iKh+aW4GP~ z+z#w95~_CiS^C^zJ;d2|U0e*EKJ8wZJFo*h832x`S;7MKoh4-YzcetHe;@`+V~Kya zuIGe{>xP}RoC;LzgyKdtrA*9|;IR36V6yF!*|P}6MCt$?A3Yg>&qwfjI1#`xZ#<0| zaCK++bR-pY;P_h~*p0g#B=;aM6r-X_!zAkOB@?%W)c&A|#VsUgF{&4l$(L?zfEnDJ z(M@f_^o6+pIXx;=LL>`Jn4uSR`GObCf*3jV5Rh6~ykhQ;7zLTiyM3bv6NW~xAE_3A*dCaRoPvoK) zc>H;>EU&gKrsmbFTFOU~%diObkN;u-Eus-~nnc?i1 z%=2alQ{WYs`7Z`7oxV?Qs@R!)qt>31>dg%oYvsm;nPhA9P!Jg2Q}#l1rt{9w83MDM z%%CPtjH4NUi~%6PSk+@>diFH84N$W2%oE5T z?9apyAW^Y9aUcT`x(>vqxaiC-Qr7kwjqos_@?i#Zx)C*S0z9~4LXcIUC2ie@14pXu z&rg>P=4FVuICxwn1D=|yAUZOmYPc&-O#VM6LgkA}NWH;F#|S{(mwI4D-J)0{1vur> z{~sUSNi^CTtv8!@;4fa*S8-g5GdO)XZ?eBGwcmS=q~!Tdlw&eh0h)Y)w$|v2938zu zh-=K*RbCb8nx{kubfP52!ETFL9h`Cikt2eahujJ0HN2dN*L7YFG0tlAv&_O-h&o$; zB;*)OPYawi!L>VEtNVp`ZL3>x`3j237UHu-(U-N*a(%-UeKi5?HV?_k0R@7zxNYQw zHOffpvgsk|#J@tpYaI>b2!preYvmp8W|og-McNd0WfFmjVoYdQFk0G=n-L$?(LY$e zN}yC2hffc$rxvM%6^LiSgef-@e%61*5&F!!^li!3JcDcv4eZ?4?<{;XvER9Y9n z-}VxG^Ly&qGP&Tn=?&=Z$L|H}67TT0yvSgQI-qQD8DOe)#rW)2CI?48t>7HhIY_%Y ztDX8bwV(hL*hJ10Y78i>b3z|eQ5_u_9-&!*2Y8wBHsV;=b^vya+#3~PnoaO4vHQZp zcNEK{RTCm;;SHd2lY2fd|CZ$gdw71^&!+xUc_jj(54i9xy5~LAC+mrr_W6u1i^m}E zkFD`UQllQ??&V44pzo}y=XutOU*^gWG-!dy-_=>rNZt>d);zBbA{gbV;t$FipAI++ zV4LPw#dh0UX9LsSvR{}0TNvj zI81!Tp?Ur;<#VU7xz{1NEQ3z;(|so zuHqX={?jxB%(i23RT#Hi@g=GcK&v-UrFf$ZdG)k*XXwg-8p^i`Neja$ftF^!KFjn^r#yZ;f@_N9{6Ipv z-|wRVeFlxrUm^e4|IBiHzN!0RFq_B3Tl)`umv^i1e52Cn|Fj9*dpt?>Adq~6J^^J|Ou z+2+y}YJ+Y9hIKkBG_%6sN78EuU6Zn=r9%!W%=h)62ML#rzVp?aZ6Vsn-tQwe?VqB$ z*sNQ)4Jou^LW5IL?+RXr5%jw*FfIdX|5%1gI=kAXxDJa#Q%2WWjy~pb;2F6_|M1WZ2v%N1o{KW|$kR&4-#k3{aTYT)KZ9#*zE}Jeczb8SAqGcUvbVc8Q2ffr_HP2&G@R{2ZbJQVh47(I-uqV@u z4fZQX*((rnI$M=MVL0vBch&uF#_~l6GFwP#V(uxN<4RMs@M@%JXRf9Rvi@`S!~Zwr&wXAeu1w#&x?!K1L*W^nLt$L6chAizG~S)sNLL}Wk|ph zn{K)Bfpz3)C}T&NIq-b-?oKyG{NF!WQy})u;2fRk#`zJZLH*>e9$+(@>iut+0xGGu zka7dye@L;$9B9J*-gA(K*d-~2C_d%jGg!CgfU|h27StSt4)!F(_}C|vEN$>IZA4^$5wYDdh1RB`7d0pV?288Cj#QieBIg4q&@4zT zx`USPH`SMSurJ6X55+6F;McXl@6_J`_7yxfb0%e`k5orClZSs6?Cb1jKWx|i>14B6 zJ;g=52m@d%IjNqsdtNhMtEMYugJc%_H1&pDj8=#+iPAsnQCCHt#=QFF5>CZWg;7jNQ9yH=XUp?6QO$F=L->#olBIHQ~J*(c=w8qboTymjtj*E z#U(dpqkOuASDy3dztqSe`==p+yBV%gyE&7hPc?yl2*Cq1aEPw)^di$&H$@N)SY0Xl z(_}cE&`WRE@j=hg#q@}+k%xedSM^U7f+C1yBAI-pSo9wh)cGrws7|cS`;1h_cYG|n zS?KJ+x4e`R7xdJF8&EpGf!ZYy#Y6s_@Gx@+OciqS2K@&B+3I#UtG7IUvwyvN6Fk>` zmg8}GSVt#iOZ(7hg(0c~Wyf^d6ByKFcXSb#tujg++r;}39~Jz9mG=<`YI~sf;Z4oR zJjrM-!{=Gd^A}7Y1WUd!EK=(SZ;$kp<&C^DJJJMhkLCOqK6+<}zj|j_+ji>84tm>l z-{;{a^b!;6Wut{~Kd?E=tzrCR32EX2k_|wx&6(sT&?6JM+TBK?YIH|UN`lpG=RW)q z$VT@ohvkuhUR1wH;>Be7FuYR)d0nycrM<8>o!=r3WAh)Tit|bwY_@?jTw+ptAwX6AyPZFB)gdy5t80(fDfZg|qcCKNevj38%V z=j}H}aIE0Omhp0pC4?iVr>`s`OZCD?f~1#K2v5wc)w_D*jG01;CHb6=`XZ=o+nC7L z{=n-_(;)VuLFOU|-`F7=5!M6+hfMPi!_`ZX)$!c`O!J5jFAyOEveynM%udDAq1ohc zo)FM&vM&6)R3@uzZGdSeG-Bb=Is(s{n10#Zhv7@>{s{g>v51=WXzXRf54X8h(T&m$ z_X{50xcuOhL}=q$46#T+UO25#wED255M1a$fI~cml#*39%(%1c5r9K!7P*xee6Psy za}WjOczgBrs@N1rViPK-D}4(MUU+r$(vkVV8fJpbF)QoXDsQoRzNJk-dGd6K!R~1m z72?Tp_B@N`Y4bzf6+nMyF>lmf6Y}T#ElEC|yhPap9DP+&s|RfpES*28nPz>+gjap~ zdokkt4HnBbk+toEk= z?u|;hEW8;DovG*89Kqdn?~8@5!{fpp!g1LG(`vO!zFw-2aEd^$antId2-SMTXD?sm z9dj7%kNJzDZ$(p_?=$N@P3eCcc`+3qp_MS`#MGUpEInW;P=i|e5kSIMS`j95IA4tUfj9jZUSE1(|N{dj#+H)RCF_9(rcSghz(@RpP7!|i4S42*b$!zx?uXq{kmnPa2jIOv*&*S(d zl?uEsaAk=bQirJS@aosVe@|BuWNgv4X!vBf?_mSJ72=F&vX7{jzJC>ChMOp^yT;NA zW(%2>p*<*n1W4!sFOO%j|1+cq^a_+tub0Cne6+Yj`UT;%;LUipo$NX)5bkSwiLy|8%;_c9;e*S-KMB2zg^A{UBeV^wYUkI{xs+K=Vm}_ z#V(p8>Lpoqh!%Ppcoz`Vec>2s98w&n1)mANDyo&z-H`@bE%Zf;875P)4qp*F5M=cxit;cvyYoi2>@GDqn% z9ahRJhv{fAaHghQj@E`;tm;oK;*jFk)xR~$YurJGeW3j_9fX;U?Vb)F=d^)VjgoF9 z{OB?!jWjC49v!oGcIZ2}{knmxAqqn^GfDKQR*T8dJ`T=H%wH*%j*>*bZ|mbW>_N$j z^qIFi7&>!7#i)qbo-@j<7k`4OD3@0?o};a28&+KQ${MEgVJ zsSkUag@4*^piOgR1Vqwva#0u%+P!J*@)x3VvOc-T@Nf||N)~6VmA&+$B-Dki>vh%BNY`RfC|fu~7ExA%-TV(rG%(UF)Y0 zgjfht5}99W4lAvre}e3{7EY#;8R%e&4bc((hq`osKBq`t2i~{4OF~-)=gw`o=UoPH8Nk+p^paN5AJ;4tX7IL_PT7*G2xynB7=Q);KIpA z7^VgOTSNd_=y33Elj(eRD@LwB<8jif;IcI9#sTDL)=4I#dT2|CQrW83%PO{)%-(t9 zvsYxQwIJ38G*GGU+&V80mI47s*KLcRtrQGj~D!50gI z3Ixk8Gy8@Lj@k#Ay&z%LO}(D~l)|?t3915PKP8||H%DwzHZp=^&HCZ5wvxtzg+*0g>MqgXP@BAJ6wu=)`sTHk{;rLko;WDhMNR8Vj~Ag*pAPi> znTbzm-7;ipO!Pcj$pQ?UK%r_kDKK@bt-X#iEj9UZKOD+VA`3L z!9|UY`mP@zo36=e`Aox7^>Hz-PWcOiwIbr(`)!k8hM{!JG%aj<_JYemK$TKY4?QB| z!%sT3D3;5uPlAbd+FSi;G#vL*#h~M->2JiqMiv**F~ad&W^R6lh93b*H47=1;>m~R z2XWxgVPpvIX!}~wObNV#;jyE7GPIcfS0Y?)G0%G!4bHJX@<@P*5a z5=2HbgD-*^ zX^xioh8HcN6fl+1xS!-c{(R!II%qgDtApsw#R%ipE&At#AS-4y;@5XhwISx!?xS>w zLQ(mCYw?6eF2DaH{)=sgGF#C>bZD*0gTwyUx9Z!NmKr-hb^@qCmBM~TkS8=OD+j4fU|hm*RMz% z?IYj-E+c2`i-$KBm}}VTYfuFU)B%MC;RWG^fJ4DlZf-XTzR<%E6)~{(7tDB2_ zFykJI6i34V>SLfKvO4h7(RTsKVHac3G~CwPU0zPA*EB3N>6ZHC33kEW+P z+NLrX{b1GSdWc?i@qB&BZ#XEq=A5vol=`?zk~Oz%gufh`ebwt&XHisgz;(*#lG9s3 z%IW3OA>`!CtGx?>5&uv@K??F0E1!P`J2o`YiU<1OmW#G{*MtCd%gP%(^aQs;-8^YZ z1N5zw;-OdZ0(x=mSu;P-Ab{x(b2Bru`{CifwTO8%PY)yzQkJ(ZXBQjzv4W63)IvYh zD-ZCk7(I!z*dH4a{}ljlk7pvPJPs|9d^rT%3@BLA!yPu={UWgWuL`HiMLx64+UdJy zcTh}rcE)~#&&m3&*PN%q}~1H@kisMyF=$rhyA7mKY~}7zlq|_ZlQA&-npI+Ms}xJPpM{}tU8qHN5DOaQ?ym-07bmjOLr0+<@dr^0fWv@nD^U-3`V~xAbhzTM!^nvSkcGgzs z+wkkdgVZU^`R?_RWn zSs{L)(@Rpi?S4OQUJt#zIt?qhJTSZI?lwL!jobpXaUyrl9| zV5IHe4djuhMm5h|MtbqKFk62>+CZXm9JT4F)oY&TB@Q`MFj45327czi_Qz7P@!@J> zbh$1F6N^loz%exk5i*037y&=h)Lru4A>)enUqb^bz;MCu4+mn&Cb3)*sox)84EC9z z;;0x{*NCXj56X_2U7*dh1WR&Y=!q0LQ7}L!ZEM)ls@Gr0b)p#8W*7|K9VLE|K^s$p zqm*jij3BVSh1k0c4N=9Y@xAR%uBOiV__q|$;|x(FLD-U4$)yR&!L=>cp{WpSN-y+Y zZ$$?x{0xRdHU7>wi*Ot+)7@9p^GPH3#A_B(#wn@Z>jjp4+O}%GuG+4>1`%)!g8io- z(S?XHeVkPpfLA>L;r48NP&aQ2`z{hF{IU9SLi_3Igo~UW^F4i*oP#_mUrjcM_dhe2 zrpF;_`FitmSn3uYJc0OcsWt&)Xld{eR;di%slwLFU?yE&*INBSjnaPp>iIF?25(TQ zaHS!ETN2@TNz}L28iXMEgE?^JK|czjkIZ8WE$xZrntJJJ}#~^{io- z`kl+zh}#qEa6s%aCh%r&7`GRfPs*6PKPro}74~#tf%^`yi2~PmzSK7_HC1@NMH&mW zz97Xv^!I=}UF=^pr50hY1@D;N$OHv02a^${K#G6;EO7ZRr8hr?q=|pK+D}K9FDTXO zH(uXnt+2hel~VXey?11`2^)i5B%gdG~IEQ#2o1F19}8Gt*5O|P)RKO zo>gPd{+=i^RKsMGg9E~iwa|~o^5qX9v8QG)4zm1DC7xmh1NcY%?21Zy84EewaX+sn zbyfBKk-uDs^ zZ2)=4uIRZQ=@n6iXzDVXHWZFEp4!T> zHEu4Pb}0BJ(JO&RxIR#r{L&E}PMLY=yj(AESr%+b>?cd>4knN!BlB=#aMO{)t?LRTHxDzjo`in7hulx2gqImRTYZZ{DR#`xTkI zvGn~^ilDv1wY_N3b0Y<+ibY_8aeC<0K57NB70Q!u-QuNtM{OvlPsK4NJ&DZZy4j!t?kF|0N zj91e7`RdIPg}M-ar{CJp_5;PXie_M#aSN>;KV73^@+aD+lc+2>+~KL6OB|=`G=#CO z1Ytk|;*WKtuUiN7lGL)V`+p@*#i!8?wm)J2$ez8Do^h2yI)CeO=E4i2eE;VbA%fqA zr%`#pMyL#*;HG;75hJ(`eGc2lq^fa$t+!)FKM5mcARt?I=Cs0JY#FaLbNbPnm9Tq3 zcMTvY;9ZO~3`Ywt99pr`Tct#dJML2pO0u3Rd^67jwj>`B|5sSFe2r#Y5wJc`JaLo5 z({@nB#XqcYe7~`Ak$Z>seaZ9UYZds@Ix$c^uJ_efubRQ))=sc8n^F4{_o1IOZH{zp4?Ky!(8E+N_YmYv6ks7zUHcHJsF$|;4H=ayFbw_u%vJMri{(sBB` zhlhxipKm-|n4x2j{6FAhbM6bR(s>Jat0A zD}ClgOP7#>rlN#n*If7UdLwR)X2Y1SX^<_<)gPg%Ta;)&kew$Oev>NS%`Gs4oM0>S z)q#d}wbMr(*;F0G4cf17ZHOsDoo3fQkDBgP>es@p<0XzwTK(-SgqpJfXIO}YR)oC$ zmfdIJ-PZ{|*C~b^wK#kWx$nRK=v@??zOrgQ_|X4@j{eFoPK?0u%eMbWi-1$^PyL8; z{1eI;hnG8k6_+$E1?tMC@e--;qyt3HXqUQj(`U$+%1l8eA?cws$$YJt9cE<-vQZlU z?AHC^$Gxbek}s~Ci-U=+r9@B@908RlNp%dm8+=mqL2JdR(Yl?<1PmEv$6_7fcMKD zAO0TMjc^jJCI15bVL&VuTeW;Kd_Y-*Q2^~aj6{q{z`IM}#QV<+_1a0fuoJBsLkze>Pi=0 zqhRrd9xz|W_`=3nICW_`-80M(|336Rp__uBEXsT5Wz#k!o`D->vBg=JWq0Kyns?h~ zkRuv3;iWW_7RL~xpnx@=ZouLt4@N_~u{O!F!%cOgowrgjC%mPhGeVT>?h4#%@ z6wQ-M$%2HNSF_~S+~NG618EG7HKb%~#0rNMBK_&ZH^@=r&8%o|-DpStexRL)5x=QG z3yZvR*z}TAQSgt$x->hrnZtj+BeNH{$f9_N>ygL1r~UslLF1AJJ1@FhN@mNsyVLC2 zK1&v-ot1dH7l7C1@^?|c|3BP(()soo_={FdN$H?_FnPV4ogB>N%B!2DgvJVFg8RKe zB&vT-E0(A={FT4B!Vu}m>j-09WqzlyQuNwv~4Hj{u5Vu*1@1Rs3>Jk>4lf1 z3nDp)x7{!&?DAWB&cVa7j6*{ySVnGP7FlN)%n6a*iquOcGLHzbTPBK@Lt8SCc;zX4 z@rbv`M=gwQb4gMcPx|p~J{FgqI{aPouiO~vezy8?CW%QKn{UO|GkGAISq`~n%EUgL zeBN(hD@5Bvo{Q$FmOV2|8G*$7$@PjP^}+X3f+-n_W76Qq`?v{#v&ljl59)78Vd^Su zC6YuOJX+&%F9=!z-{*HC&sKMMaZyHmZJuABe520>D3A6gNkVD%qbQ%4qu>-j{g$fB zXZ@s=a#G9bO(XuVu&;osvUwi9m+q48?v!p25CNs75ou|VkiK*%AR*FRLPcq$rMnT7 zke2S24*$;u^!@R^-#H(i*)zK{vokw88_#w3dBi*8pBjkfDF8Wsb-S?VAVt&K0ku+u%9%nbBZha64W! zVg|T!GnEF(j!8+hyShdObsq2vJ{a{?Y$id~;EHHwR=A*Fg}f>~&PI5~=2hTL;G>5; zyDU_la&p9^ODXlX1|I8k(cW8e#p1rka3Zg8q9;>#rzISG-|hE_xiR`ZqHE(~=8w9_ zd(DyekqpcD$wB_*teWc7(>E6HzfZK8b_faa?80tEwjMk4Ca`Z;;5KNVK^P& zo7uRZA(rS>e-dJtsL>9Qtw+H`)9ukvEC0Ec(Eg(`o|&(Eeq%HCdwC7+=Pj3dUbOBA z!sCg9t-Pr7BXY}G-ACRok~`Ic!oT5Fm5@=gF9n+w;6R{3L=Z?-2_69-gaX{Oxr(t) zL{=~pWYC_h8p~&{-x)1=rnfc2j!7ht*9nBl^179mKLN$uL$+2 zwa#g=EyP+fJ6oKYPo}nw?13LHo`~CyzDPM@x*STY)wSc?mM9P$-B!6gD{1IsYJePX zPHnbX_>_-t^(SySY`jR>tZX@AdX1g3U-N3y6XI20U1ezZ^+m$+i=({0oSL4FiD8Qu zmlp@iDk`ULE>A(}y_NOV`aZf_XO2GglPhamPW!7SmfByj^?a(0#Pg4GIPLql3kydQ z^7aEo#l%-z930Y(X03fnJ#7*sy?q3JuI(-@ZC7WG>%aVRo(t={$m(@@;A8PuHKK)RRMnZncCbm z&JkF5t?f7$#jqgDsZww|B@426cLU+x`0pO~VKSge+pGj(QW+DA`KNrx;}yvmGHlk2 zZE@*+D#R}1q)MWwV2U=R+2smi7sp_efe7J74GC3##N(K!=kw?8MPT1IKB#_)O=zyi zqVo;Ag+fx>lq_yrRziAx%D7jEd8j!?hT|u`O=G~z!fZlK{?=vV;I8E7D0NZcJo#3sqq5sPl~@R;Cp7>gTHIi9>|?y z(ztQ7vZAN4s)Z9u^GjMNVA;$W>^}yvgd#D%*N=_0K{2DJK7AujE>7s(k~4};tC9BY zTXE%(Y`HwkpnN&)h4Y<_bI6mAxcF-r-xwoh!qEC!o#rekNkcHvB@3oW=v*v9<82=H zVdA|1O^sy$bP^IfwUCf zIlDK{n(5%2FKkMm=v+j&#V|bAao}IyWTf?7CY(>M^V5RRLv#9&4=9R}W(0)IcXmMm9(%ZdHmq_xr4t0V4iB`QQ@M5^HwbVBteB36B?e zVh+)`fb%#JKKj07KRU0R09OVsZ|OZH6k%!7w{Otzj_Je)4nIYH)*QYjzM8e5+XLau#WZ8Q$oZe848_|}W7Oa}meOg=(9kxolnD#jPnvt}F*e$H zm{vM8&&{6{w++2l!gXS(^4Q!(Z2S!e95o6ik3xIAnAMglJVxu`<_;Qvpog~@*RCG z?Zr1y z6Cpwlza4QNb{*juqU*9B=#%%mr6y8!iuMO94Wn=?_ecm5T90je@cM2)DBCN3mwFPt zPl&?kbnl2KfUjAAog7|8T!k5hb}SIJ&gWHNl9B055_gsDk9R|{!^=(++mN?O4;qO{ zO7OE~`a-qGf;u~^t%^MyKjC4@tOyl_1idMH@j#C@5o1o%gPdx16(!uH^#WCfcElW}$oj6w7{^#5NnhBo(1Q5tFRl>1}YPjQyO>g?Wmw-pMU zkm(=1Ne0ftrBV7AyY{P1WYQ2fVb^Sx_kuI?+)eI3kXj0-s!|jzp#u#es3?RJQ412 zZVS|0Kp2fqjY21e?JK7Z8qQ}(Brgx#&z6@=d`iV9IE;*@IV$s}+8X#SrpERe_7kvw zBg1wjqjBCdrYIoLvMA2Kw>u9x7{eiS*2}GhzI$mB z!+NRkMswbOqEF<&xn9IIcWvmC#>~aiL_1Oa7qyMxrVH7ah47z9Jp;P|IcHtlR1loy zxS871(rrldaJT-K7s^$Wc9Yb&^9yY+Ou=SYbE2X<0!ML%_>;kI8*MNA>zw9m%shzf zr>J|LSLT%8Q5~bmMTbNPrhnA~y(37NwLn+YJ?7Ny6?kqc7537SBdS;CZFz(#M>RA* z&df_NO+r#q>1#6neUtjs3G~9%dNGl@`otrsIEgAX6aoF})hsHeP+w!;`l#a_O zyEfa03v#SJHOS4sz0&DhXs!^G6CLub>vIKz(uC1c@U}u_O{ctU|MRs|PBXD|*4Wrr zyuHY+qQPvQ-5nRKlZaT9Y{ZgB6C;sgiDqZa6NZ^V&D5c+fx4VDJV~NsmCMhT7BZF` z+c-_Ap~<6GfrUj0JT@=GIw{Qx(7(ZPC={VLC6bF-D>bW5wq_B5`ta?y!zQb$_?Sv?1{jMz>p}^ySQ>s4pAX1&U)Ue!*&mmbp_*2_uAbjYp|(Z`*fY1a1#3a$mV4BxwZ8%@~! zM@IRoR_lDqqB@UaqxIz8ep4ZEq1IVn8EX58ClaxEYR41-S9bXY>g@t`tEWhN=R<0G zHXdJCDJ$uFIH!yzQP4_^a#25SIa2nzAV^m!NHBB$etzJy={pgdQlCYJeDgybi9GD- zA?FJc+HAApm~y+?KNV*^7k!-5kT7$T2tBQFoh3KcvpK|F2ZNF${63yVC zbK*z9l&RZQO07!ae0q*kZ7&xX_D-YBkCA$av5Xx$GWw9+EurcKq5$xeQK*>Pzp^2eaPc7JN<@l2;Bxe{8)I06PCrY0#2Vkda3G$ zxPA`DH(meIqgi!`H(UAS=Rk$8Rm~wE)8M6Ku!2re?DLlzE>E8%?JNNw=R5wjFEi*;i($hM&Ot_xM@V+QTl9Y}VoRMo#PwjsY8exJUUyqJ)@Se5)8{H-}~p^zg9 zqNRKEZJSx}m|*O}RKt5Vq_0O!Sh5!VEd90r623(KQ(4zMT+l6 z;A)Y(Ha2#V*uxS(_Byilhs(oI#&+N$!q%AX1@h=o%d&_)IzBswXrVE1v~;DkIv*N7 zOZD9$+B~@1?mi8(oYtm8r^}SA3;~{q(|D?y8DjshJLe}@t^}t=&wqWy6r(K(^p92drg-MNRJz`vc-1+mo*k8fmqX1zv%kJ|KGylupZ z-=17_dEAZKH{)CA;(LR9(Wk#zp4H%M=OeitlM_kd<3tw=9aY2sAa69lazKNCrb1{Y z9gp~^eJ1U!%L~zaUk=gNAa9Qg(t&1BQ*lQ-FGV~uV_;n?{L8FEJ?*QXrEtHeGTcs{ z9qeTsP+3CT8?v6Eo!ZPGO=&g}nPZ(v5j;k};Km>P)|!O&8~Hb=0WbU|k}ombX(rlA zHp^2y@W59N@FIb#^xf0U)t{j(dOscH{2(cC$7X$q(e_rA`0#fg^;JFBD~MBdP2p`>}VeJ(r>XB&S#&@D09a6*NuyKyvxM zYlq>OsAOGAEJ=gLgzygx+tKOgv4bBPUQIAheo>pN=4s}XV-g%$`(SLT2jalQ+N{aj z*&@Mb2+{XmrALuFKC4&L7yYbe9-OO+=b}NhX^7XZPqsHNY#*jz2dU|YOsQ4YfF5mR zcxxW|GWdO;WqfQPTX=!^jy?u?u!CiXHh@She21OD)`E^l7at3;w$Ujwo2PalP|+V# znh2s*K~*EH6J7_(2$>*GC)F&CkCUlaoZK?e_D13l`AVBBCU-YH<1xkA{m^31D)ay^ z>T^`J@JoC6q|OTYP=#4*Nbo*R?PJQ;07@Bzk|T6#)dRbL`V&WVl(#-l9}#3=_c#*K z<38)%mW)Ru-271*D5DZDj>#^X-NgUSFkUP6{l({g^>5>!g9Ihx*MlUE>(4eH6bKWP zPm8&3QjDZBUG%BM`A8DAYmPK6fLerFXjXs3@LEZ1pcEiS=4tVp^p@fQl+n}9JP%h3l`J{RQL28P*`;O zi?C?woKgXV}fn$NXEY1#g(|Ev0`N>@1%BQc5N|C5{gzePfu3gsf;K!IWjxz#p@6qIKvgV z7n5k#CZ0nZ7oUJ-DhQr%#NFtIH>+r#(lyTi%f}aW@&{&L4dB06lz)fpx z+a=4l@qLJv8Q}>(f?S;X6e1O4R>W*-RqSGFR`P1(wpBw5vhe}Fb#iN341&!_xthJg!d-_Ro(ZXES?Qr%}A>@bsm-3_RkoX z5Ax7VXiXCkxprd$r_uwn%IM%SF(K3{bp93#Dx)boNBW~75UqI;ER9&6-H!ruxM=Ej zL;=4voH~RI76vhh>J}YiY(kaLFOl#VdTd1vScQ5+d)(bqKNW;1JtoSUeNMXdL+{+Q zWbK3VVT^*1>!CR`NWQ|#G=#?)YCm2iDPTYr|JE{zOEBE`@DY1iq-)e@SD$r7jX_X- zOVoY0-z6-hRuHAJpeX-Bx`M^PD`k@bFK4Ov4%Wt%OtZQ z-Vow&e8{CV0@BS8;)$)=a+VTi?HkQ9lH3Y?aZoo{`fFAG?#F>DWO=u#GNcaLuJFu< zY*hTo4K0TYvy3V8SURy{+N`O?I}9OMhi@Y4PK8;rt%V_Mi^KxIz->f_x~+6I6A*!2 zp}Rzjpo-K;;Ay)Z^i-M~oybuOfvwy(%80FQ2Ct4UAB66yix5znrJb|o44Po|Cd42q z$hZ0hM`%zgh0N4JFs&%j}NWM|?=gi~Ux^pA4(vX3k|h7cWI>U*h}Fy;VS}Wo({4ul%7)&V!Tr^Kb=CB>c$#RXq6bWo5 z{A6uX>7o|J30Bx&H&mT)I`;a4b5g0U#98Ep;xa^e)jR-8dDRLfOva1c(@@ReOFi}y zTfUv%7ZquTWr9Fqbk-A@+@j+2#dM@+FLJAu@+#aY70}!r;~WpZu&FI24LW)XDW!H2kwu|#ukBd(J`&wMLxO%J1s>6 z=4b2ncevm7DAuB+C7`jIs}P7_*;*M$eH_y03Ze|sX*Hb;Ws(h%7>Vw0` z2|tPW*%z_I-8In8Kb)f=Ua7YkP0g$f)#s*=O9!Ri!D2y9B>dJvKjdC#t zeV&bX4m?vX@_L(j>HUmzGQg( z_{?j`U>@{&oOa6kB%0rPjgQ!pzD)mkdX^e=f2BK`9k9llMb|es7_sRQ#mz z5an8Qq_Q=-1y<8x$2-)}%hRMwd(Wu2*I%8=Sn}7+Tm$AKoBDB)R8>ezJy}mGUDQ?9 z9M=@)*TVC13fB~jbpoKW;s@J~5{Z^aptVl|wcKf+i4NXj=A>&DrdN5+t*x>S#Wm%p zM?4vhlSuVcUmMm?ST05eQI6rT7WLQ&LJ$}EedNb@lFU0c9=l<1iV|^&@>+}~9k7Zr zCZxSeNE0sI==F+EBY|ZoUg^5!KQXuLH(!2k&NR(|cf44&L9ULqq=0c2PD$O@#LFp9(sFW1??RCP%)kvNO@``{c;ve#;Oc2ly#FOSZp31Q87nv@gP z&`{g@UyqfSPy894@CeHpI3q0AXUu}rJftis2Rvl&w!(|-`}NNYH_YFZB_RWE-p0jV znamb_;aN1woSZZsqN|v!xg&E0v0@SJT6fN2JfNCEFtN0c+PFyq-~Aa zj!{ZHL-)}?Fo*Q>1m^wH;B6bwkbPQ6TxIg}rN0QR&HOKQe3|8Eb&pR!C7FB-fAqqo zHJt;pLY8(g{;cv18dfxkCC;CtN#7F+Ia}G7G4E!sL$B>a4QtZP(`q3M*GQ_(Jrq0 zWl5C+Z#OFsFvEs~cB>|@>K%HCq_KQ9Bepo?(YVNB|CAiCTy1Zs+Gv)$Vrkz> zgY%T4;NvpV9C@S=0$iC@VJcaeTV&$M>zt7JM;>p;uq%6eyCi;SKKgvn z^z&x1KppE3>fa4L+6%e|d{@8#Qc%#OAe74mFB^mL>O9>ztDhd-rW_v!J0H8bvq!ZW zYTJUst}p)WEOF#_Jcv0PB=!AWwQx2~hK^JQ#2Odmg~{|}T)&b7VU3x(lZ2y7%364Z z8E)}=#Zi9+z9RwUTvHuCJ9TLAxsC_{eTAC4M=c5+@)uXWR}5d>$kCDwUX~Aj>_WtR zn?_q`NLD5^L8`6*{8th=jr3#0nm)L1?^8TkGvNt;naoN1t{DGtqInTk7}2CZV8zn* zWClXhyI)o20p=nx{{r4^`H4D`;2Z1}t^MtV#@;Bq9ef4t`r(+7foN{0ILGdbH|7_# zNx5(4az66ysF&(V^!6lJ%pov~h(7le&dG^vro)ZRB!p*W*Y1tA=zEaOFnq3UQ({WK zucBtv`x>c05rQnn7D4#kP8Tj^dg>IxW#5-URSs1Xf9-CtFgR0xtUb&%+TR!QOE1s9A7QFANMGKEcoSFWD= z2I>9b%op|CuS4S{$_l;2$pJgHcn8X?&BqD+?DYAR2zQ?M>DJcU!pdE3T)E0fV!xp4 zcRc18QH*p9Uo~rpq-5zdTka1J2P<{qNROQ0tqYi2g*}~^H?&-Jp4Z&Jz`+gU@+o&^ zJ(hg4JeZ$*`qZ;Le!i8p@^py7pa?ZhUIj8)v%dD|-g4b<)pR5j#*%rTcpdI8sZd{1 zGEH-i4n}O`O5VxFBm>}M%N#C>B-QT6-ESQ&s;z!9x$+@+6H+l2lx*8bZ?@Ps{8p_% zti&z8Z=zX6CpRCz0U=hjT+ebBInGk`Rbbi|GKmo`Rnz=_MAeNn@ZovO9N(x`>zX|z zy?~h}EF@O+xoSdI5+C`H;bN7ojaYV;SYXhLEk7ikgvjV@DvD=oUxrJhOAOP^Ny!hN z+cE`N3zBQ|Vy zUYd1ISh+|RX0G6h&GdF3@tjw=gik4xe@F?pXK$_6s3e~mqEo`&=W3w8Mbt<{^VZYq zbVHk+t(!`VU1{mZ1b$C!g=Q$4>`;wPE_{Q$uG(d>iSB2A=aNBmmuZbj-TZ9U#f@3zb_c;4~F$C|5pw5o}f%E7sdVjU~5ZsEy1 zW&Xz9Mur#pDa9kPUhxxUpUK)GeQAkW54Mh#A5JK3EvA3Emzqm?;PqR17JGL$^!QXh zOtQ6uYHl8T7c&wE688EkM@C3Sq$lR550av3UFp?i;HUh0{^2*kWfuc&q@fmP<0xjPvNX&=Im zQjCL2j0Wya-w^XEkM}*jmxObrY=*K2l{l4!c+ktYvoFO6<;165t6;loPOjFRcn7f@ zR5H=~lv1nO_yO&eMn9Q!<}P25ry+68?vhm(OaJ;+$Apdkh!9#8>w@YScCR7CWPW^? z^Lb_sE+i|Na?c-ZG?7tZNNe)p)poCzcnXKbSMQ$J*1jH3hM@drg`@MkOA8rbtM_PiEQv;H(G;}$XrUL18SF5V zBr9W{6}d7KEZy*HQ>Y&LGbg{)|K)f&O2d2Set|R+G|axV{l*|%RTN4Z=}cAw`N9_C z`i+^1hsK*W>03M-0Xfs6=`Ydf{Sm*P*KIKtTSprA<&nVY9vH;tCdX#lJRX>{91bPW zHt2waOH({CSode3%-%M%b~^MyEW+n)i97xQx5Z*-7gyl^ZIL2B>uC^2{flJa@-x>o z+(y?ZLl7L;ZYq0VRJ{8gJE~cAw=@y{XNUDS$z!sLn(z-~6&^n98p6N#&_!Xmtl6xP zd7qV~iOY&0u2EfLdBY;nVh4rg5JW7jG!jA4qq=1H=Zk3Fc zQ1%?a*~$pCZnSbz{}SM>%L?%=zo7VnpJSb68{X}`r&#f!+Z(Onogo_P*+5U#B~^45 z7sRE)H@QEg#^&IeLreUJ=IN=`$sg~Fata(}J=KpNDUNh+OOOtb$Q9CbeccOwliET%rYNq74!Wy=jw1;Y{fjaQ%!=9r_n=f z9OebA#*A>ArDIk)BsRCzH)B$Qy$l*0oA)3DD3-<^Oso6Nd&=rVia z-k-MEf07=uPa$6N!g9Kwh$~?@_TgB~YWfGsX8rNad|t&6 zQ-mIqi?RtXISEF~Q`Dm)s}7<=7Hgk`B!0t@XDi=pFd|$%>_>hj(R2;7(VZq&sTDP8 zXed^a3$b~I*L>QvIM5L!18$E#aN_FtW#3OW_)%PbI7Qgwpvy2siY(*KV%&&$O0B1X z*Pw82y2_IaoUJS~pATQ^9{UV`Z$ZnEg_!oo3e^%gwHJf|i|qPm+QZ?o$(Qb@nJooj zOy!vbL{+R@) z_4We~Qp$KOQ%|db`lC{@2an@|W9s5%G^l9?MXg{|LXJ=yt zmAJO4aiG#Up_YJBvhKe6DC<+N$2-K3n1|1g7(N|bj1P8)=vdiX@q*dRS%&HRhR{jt z9l_YP^oxp5l&vf^PMx1<9L_(N)Hx6iZ^k4UU-PqDxoiQk6N~IucLi+m>yE#EIn%;-WAcKTxZ4Hq$SB{c}t zAp-{-3I)UAgYZEh;5f$BvCzu_Ht^l+lM>#8Y+zETGLYg!bG`%VbukZsl7e5wU4W^e zHUN(HKgG~V7P`IylRAqF1Jgq%033}PrVe-~#@|2kzZeV=0>?Prf%*fS zME@Vo=ioR3F!jInT^SFT50053hn@mP-B@|uCM8&FVrtO-Ep*j1IAXXMCrYUOKSB)v zyU}$kX@>w53ue0UvP&U71_+dE1$_+^id@tC0F)H&usp%|ISn-wb(jrIcTM01P*V7I zPm~1dS^}bk2rm>W4%L4-KT6fjTTTiN1Owm$T>tZj*l{IC0%adz1GCV;^bdG={l+>( z0Kwoka~d*w0=1AXF*FKbX1!Kl3!tR%mlxPD^|a74AbWj~21+#wqil@h!6*WMZTfRg zn69{6DWn7rphG_{d+3J-$8ZJXw*Nv<>}=%$e4Lxp~@ zfibQm3S8MVFusC7Ft{x-T1EjaNyY$^Kz#vjmg{EZ0VpZFKoBJq=adLc2%QGJHxFk>j8JX^p)At=`v&>dIY=*ivHCo>2j7~JM|+@iZ`Rl?*~Mk?qh zK;qiasm9+qxYoccTmZN&QQOa)fLqKa0L2&wn6K?52T)RYYGIayT^dQ^1Tq^bw1j+8 zc6_MAKRl2to{T=0>$W6N7qKJ$b^o97NE|z2_An3(g28RIC1Wht?mq+Sxpsd={)wuE z790o$x0zK9*{)l~9wtnM^Y6HW?o7bUMJ?mFjvIzaAa1Vwv?8S;IdBgi1cTc(-r3~7 zR^RxG4UCeoIW0;AMVu@HSdk6ygMl z2a=S~um6x|uE-BO`2RYS@;`p+JHl=KunGr)!M_wn19JXS|3vm5*J?Dp?`OsZfnac3 zgv(PXp+x$O7&<=v#}SxNFXt3y5C{ghnR8zWB}n5s5<|sj{*E>q040S_EE9tHlL!h0 zvTWB)?Z2YXei8oL7PN%ld9wKb?Gv7#usZa{Za6u5WdCXPpTW7=x>4DT2?Fs^{M#yl z7b4ISpoV)_-8gU=g&C0v2ZF(E>-B?0t^>nS%K;^U|AidUe=T9XiVhJb@#|rfFebrC z1oZ(5Z@Mq?iXN$Z?{A2qCvZ9O;zNJJc&-eI9>lKz z=9>up0-&VuPztpxe?hl_>`f~u7GV_eS+(na=JQskf;s|aH(}s+MOL-dyms^h{)tUNGvp65z@gShJ0KA0|E%92&;^^;O}HYi0O5MAmJ~oq;pxS-uICA5 zAbZmbK35c}G#wa406G9f6SP%#Xw?$Z9>0ZaO#M<8|umw<3_#+Cv>nSqxAIjG&ilv6$&4Q-F zXZYU*jc*XYe5||Pb(j_c*&7E)D+9!{j&<~Z9Yt0+iP?4f&I>nx#Ivz3Lolfd#xFm=c%9^ z+keAJ96(9o9k}ga)0_Y_`X5Th73FQH-HpG#1Nm!zDIooFX?y-QUXv?cz&VdYt#II?2T!KSCpBj$FNWm`0vDry9<+S%|5=4Tc|3Kr@orf=w7Ev zJ7a-BFt}~O=bB?^48V8oDo}+KCNHo_hrw+=_wE~e8iBLsXbHA?XZTRoy}xb|0Z?GS zJaT+J3pxPV8>7>%C_Ypte*+IW-u|2jy7N~!eIF)ED1QQ*lW3umK=#^d?!YB;s!|XL z2Dhz|*EzZF9&X|De*)vrta7RuSAppT2g-Hh{+C=e`sua5PXQ&@o4|hM0}T3BFbD>> zm9T`K!0zgUOGn6i`>w@j*ZbsSm6$SF?5~}tR4F2zIqt&f1 z+}HvvxB%Q%)@O(SZ8`#;-k>1|e@x^1u+Yx_1O$S?ZSJ2mh&SA;f4P}H&h%4l0^S1P zHn)-AAMS^Te@*oQP*V6oJEWV6ivA%@Uy-KLuSvvEBVb>G4DE-Yg8v`89cjR5Quvu_ z)SG(JkJ-TJP(Psbx)aX}5`=t#{RIqeo2B~ek4)_<4)D042T0y{*cw1d;c3Lt{-@F# z7x!I}9%cP62_1@Y@^@C@22fxlSow#cJs%hRPmKK8!h~~UDDTLCKrpy%R`=i^$qt~V z>mV_7Gheno1%Y62n;Vl5{l-StQ-J$wpFzFwy!CN60tg1Txw~I_DzLBIt=ae-$!(*G>?lEgIY99TFY z7~IxsjE8$=<8@CWL5Glu!NkxnK!rDIyJ2<1&r;LeH02V=->Bs{hmllt|Bzr^g#xt# zN^c(2qhSmPgFZAjCW|{W|Bt)>3`ty7q{n5nU{LcLY!Ldbg}%O#28wgR1|~LuJ*7WI zIe00G3<52&0nfO%`10my!OrF`E>`xI&YbRcwtu#{e>&85CK+iO0s_H+_?9H~IxQHQ z`I7}`b1I++0~My|>ZUKW1jrKz^V!gW?aW<_|F_ydhW~T-1_UCwRc)yq9rQOKPkS}P zercrz!2xS@f7QRI5nVUB8@Ix)=}1kdy(G6kg#j{f#Erjh=s=TmQ5LT5`ok+Vh7EcF*UZq49?e_Jda? jU>5B6F0@-sP9|bV<6#Hi!SVz7fxX2C9m!m%#=Go?tf zrzw+BVc8o~0T57nr_djf^ch54>u3X~NgX|boT789r%l2zKle>$ggSb1Et|$KwQBRs zhNHOkKNE|Z8$ROG@MeZ(6El;@eBTyp3I)h*q!4@S3uw_7^mW zvzUbCRcE)9?6ia6^54k?8mCo&Zym6XDv98%=)m78-1b~7cZ zGLzlOW00(XY>L5hLmIgfmNvZG+)FaKf$FsWnuRxM3{q+~tFS?VEuKnAj>y3`^i!Zw zz`NbxdF^^LEg|zCx(qMz#RqEd9H+eA!1R!gFJ3i9;GE#xCSv^!-`}@^`VXIPJvJC$ z_SD7OkojC(x1XFDL_)@rWYf+b zV)J_rFZTD>AmCj2e94-+6I^1meWXace!CwJmM`8xK|Z~o4FSYZ*gKrt@z=d>obY!o zVM(-2FV6Q*mW~SD2qoOByi8-Vl=48V;KxncA_WBJi6hKB?;lUDPYxe}1C(xBa)h$B zJW9S9t^p$kG!LnJOvu6OOTBU=Dvxnh*9Vcp8D_6=xmJBVy>r zv}I6}^xNsp(V5G(SC=xXe*&y*41`?^H(pmn+6^pQ5!iN;D43+7WJW-~!Y~wIGj8K}$%)F5XT7ASXDDz{m_=?2so_`Fk zDHn>y(35!*OZQ$nSIv^o zp<9)}jsuJ&xZrsO=CYoPvyMD_l#f8pLw7*r?bXn%JI+X_XOyj!`4TuNw{ z+oZ2kVR+s30MiPYzi&ljcSVEp)q9I~MF%;v=b;}=OAsA5neQPS?Z6gYqu)BjDE5Nb zq1;^XJAWY)sePk_L@(Noe&s=O0Uw$k8L{=9h3R zX76G+0Uemn`^uXMa$uYjrT}Yl2np-`I13{YbYAiV7hCk4EW&>+3lbDX zcTDq_y4G~Z3QmkVmm|#*VcIh*?%j`#sUdSX)nd9?;yx`u@vpebN?iZBT=OSFIb+&i z$9bv4|4eeV9mlv*W4s|sqqyEsn_Sr9o^qANrrcKOA!qZ(dx7&tl!ioI@~Qt3kvj$N>dP`Do&1)+Jn7K( zqfGb-1EeWRiG0P~;^oxT;YY+s*yb}bV7BFp7WUd(Av(qG*Y@k??9&>irufytY?AE8 zBI2Boh*nJqgn>W?PY+&wNokbL;l}%ic!pWkF(+*SVXVB=OOd+sO2srWgzV{<;84%z zo}H(7lJ>KHqMkR3vZeCsX50jQ;XGNZ&CXAwhQ6VyxlXnv4XvhH$BaCv!5k&Kzwfx4 ziRI98*DAJVU$NRk4h@LivrC00e&6jiTWZvp+sY??oeg8tpq3Brm1<392v7Au@6;L$s;X zl&Fo9!Oh!jesU+w__fh*q^}wIe{ssVMW>qMzs-DWZWo9&7L5}> zd~zfMD|u~aLj3_H&^sc+PS{Y0G=eu_9d;E z?Oc0RWmg$qD5$hXpow{Vy!iN^2(-W)6#KjP3XNG&jYv9YVRx@LHP?%!ip)9D=j*FH z2A2Y4&CX0K19+E+mv4~m)m=Bip3AQdVM@RN*bQMAne$zrhWC8%+%XID$&E{*)VUqI zTI@1)J~>y~G$VxE^yrZWVh#m+KVCZV%ERFFq8k{6wlC|p-{Fxf>e$`t^89}8vkbuC zSZ)l3Q=|V30%;l#!M7qG*dYo@+L}(ine`-j z2VDZv%lISKJx!nXq7->Jx0*WCdxLp!RTPap2F(o3*LnW5%>I4Q$s&%*;9~Y;3lO+^ zmnI42fB56)E4D1*NPC%Y^cr%T zZ?_y(EZmrsJmf+t!m z%Wd?_04a+_iOr7&6yfGm2_eCKpLhe_|+u`V1m zeAm3@dNQ7_1$Q>G*8@|C{+BJIpJ;+X@TU*N&2PLMB(&eYts&83>xPR?l5&4$2BEb> z!L7BXXRUEgw#vjab}vM@oX3~9CVz<0NjR|VFby(cbIXmY7r!VJ42_FuEZ&p&>%!gJ zhKWJ2gTQiT!1>ZLaG<3bg2YfmuC>4!$g?8@KFv0V@Ordbf5^ zZE-%v^H+7zMl@e(Q`Wg;(R2I41-d>}kb`y>bq%ctax*56EMm`fAuoLm&q;98kUyp; zX40-;yg>_F{1&=bIXuGxA(yH~XTPPqXad@6^a!0e)3^&g`Y*-{n?w7l@I6v!YF|VT zm2(KSsHu=LGe*58r!tOr=Pz=WB4L#L;0^S|k z*Xxy(1Y~Nx%`tNhoLdhl{?uSG)T~%a^~zfZK*c;RW*{_QX}8s} zdl<%Xy_Cn&B_=4h121*;N=VW-8twk+AaDJpb6;vx0|B3x=?@|TbD%rp4a6>9*s&qI zOm0deqyJ|!)sOrYz?8yfWu8W`y;vD(rCLlcrs{Mq!d#7~l=ifo76u)Y=~q{Lx7GP; z2#BWVv0ClDDlodrl1c<(f7lcq9jtGmq=I(2Zui>5JFSR2lj}Xt?-0Ct;vKssOoPpI zxF-3`Su((lb8UfNCGope^hjcM1;GD7!A6A0N2W|?3S1Iw#g{y;U2R22^=Gz> zW%+?Qn1=kuT?=z&#(+|euHNb1 zGTI2U40#(!RELT9AJ3zw zp=)}vo_{avQ6(FRgC>>nv9QphJ;}d2{gh)E9^@kc2w?=&rmW$0xJxCQzP|#w9}ZBL z|GC&9(i2JV@SzjSG&eP09d{YcyE$3OiQ|uY-88H?BR5W5aHzui4DAYtqghM>9yy-x zzEp1kh470I^XU)2-wq9;)5oPO`sKOIGN;{IO-LgVKL)tj5&JWh_}|RLvlC95_rQPe zs~~&;NfW}&zkfhwxBbkd36Uy0c1Yxnhq(YAVrkv)AiI!YhZ|y z!u#ER#dleT$t#hd$6Qz`S30!({PNo?RS?7y>V@#b2rke?@+BzQm!^@FicLC3kAp@H z_m`R)*H8yuc{i54){-NU?bNE&9{E*^48VHtI?-<0-w5j1u=~$ z&|Fr&g)8ZsL)*j)RP;`+=R$uBC3=B0?vba`L`l=@+lbn#WhTb~y|ohp83kT2Y7Wz@ zKKC~{n5OZWr0umd zu+THO6x>*mpvK?gT(fe0aWwEm^0iZ6qnFj=7@f*2ElYxz$j84)QkL-SMc@bAJlh?Hqq2Y!(qIOGzXoy~>-+VE_)yUxBETfcjB_GMr zu2e+T)dWIj>y%%FS98ygFc>RDsS_P3pKp;wmOhz6jA7|7p81>~o3C7J4T_N{6gmUZ zK_?aENJYlv2H_5&d3{6`(;uNAw=qHR;939QQHmw4;dqNKZO0FsI*i;0yp7xkq6ittM=*augaPZ;?y|7k#62rGtB_ZL z=%UY*{qhUL_Zx3CSzU*;Nw|x*-|5aEPJy_!ebJyQC>|s#jA4O7QD1C>zI{Brx#Ycl z1|j(bKKZDOVt&|*z7xmjXW=m3ZKTR7enj;22OpMfW;_5+?CHL#(gJP%wl90~I_l{&g^qzFdTa5Vg)La}| z9D8tZk?mqiSGk44dChRti}_+{S=^uexbS*IE3PY*1LjV_N`?dxB4=G#IGBftb}!8=fuCIUt{X6e zhmw&Rs}`s_Gzr&r1!M0({R|FOgPQXQraZt+BC~{YVIiutJP?cX?+#YH9XNgHLW6{N zEXJrZ*2^@@3gRg|AXjmC68;TxFk)XIAmksvLIrX{O%?zW4I_>TyXeby!)EHf`1>ge zvw`&Gh^>^F@#HB#wLZV081C7_a1Ky9-iSuPe|s7`!f7zLU3IJg(`6nkKmDkNH(8p< zVPjRq8s54U=e896Kr%p=scJnC7w4muq4W|hNn<~z2-gC#8xTASCenk$@e#c`V+gX- zP(BXV0%X97k(@#ZTx-UoNzF%8@WyhHv_jRG|LWA7l#$dzgMprzhVP=n2mv`+{ki3s z_-V<-a}^vWf~Ujo6OAFVoh3-2)%7F1tqP&tFH@~-X#fQG&g-EE=W7x9?sh6X4r*2C z^Ni;}Tog#QCSwf-ofQ^N7nqGiTe|UI~deO{Sd@<^W zw?Dpe63+{HNEwgozDnOLpns27xLs(F!LC;4jJBtCuZxj=cqGX~!8_BZ{kcluXz4y~ zncl^FcYgjesa`_^Q^;vp*4a#cs^;MlQ$k^@0Ly2ba&YV%l1Fx=OCA|NqEdGYJ3o`_r`C*ZWe6(S(qh8$T=lJ_IB)~p1RaQ42!WZvNdHW5|Es7Rt z^U=$9v393ut^C(V7UoDtRB1xaWz1o$K2%W`mu$crXCNW4MYljkYgiklfnO^XPOf|udvmYX)Wn^ zxYl@@QpjSm>{LQ%J#Ki&%{?MEdEx#50TW3C!$hoM5_@E4<@3Sa(eG~yD2NH01s6tu z7&GcQTlu`;fbK9DYT5QVoOE!%-Q<2XZ%n#3p8xx@RFQPQzxQrA9%+L>3_(}TEH7Unh@)E;Bsig+di;DaYtIPXq|^*a;PR&s zK85%=m!#PGtEn zexZwq=U>vavhcoY&N@hsgm=kwn!20!cR=#+Rf$fu%Y29Y9Sa|x8SUwy>cFo%D84fB z6NZp>^cv{3<#x{i*s|dHBRLBEBJYrIO$RgK?PzQj+OwUY&T1oFukE3Y@s7s4ZY!S$VEFS!T zNIIS8Y5v+;3h_Ps*?`IcIJl?lz zV|E7CkBa3nW(H)RcdihYz6uiPC@n{`|K)pDXgERI~e!-zH>KASFS;!Ttzk zgw~%cuvAaCiLFOmaAo{z3Kmf}+Kf#hz(pA?P zuM`4IZ7|)3hzf*1FxE4Y<{r#j239F1n>EjU`CctAX7ru7OMw>&Wg#r0?$0iJJnU1p z?JJB+2r4^Es)!=c!2`Ym3%?=!j8f@)j73V1HAt;B8>q@b*fbR5vEdW*CPFkyq`Y1Q zVYfg3qHZ{^g>!Mv35jVtZo9|Ma2Sdkmhl(QDdm9WHtq1vzcDc}a8OkTT%3(t@3+_l z>vGh@d(Md-w$lNlOn6Z841@tmi*-l6R9nQRVpI8aDG39B;w)?=U4EEVU6i7*y%3Ch zxn~+)RV~@eL!S0@zFW|k7GCSxIwW4ug5o$dU4wZioUOCR5+g@k&kmhfVIWaaOZjuK z{%pm>*!(NKQ#Y}5XInslo}m24>Ah8x{r&AWcMClfO7+sfHUrdN&qI~5p;T|8zire& z#-}xNzJL=zA0*ZLDBgM%1q|F49CEt;RPl#@B~D@xTa`=RC-9EGXIVm4|;*$wC)^EE4YIE3Cf+;e+4N9 z*l#i+{KxAHAJI?giAD%)Fl|omzv@K&NF#PSoCw?gkBxnTeo{`^-aiVyw~ZM4POk|bio(7$Rx$5ZRasdn6{mB$ z*CPqH55tzZZrF;gbbI>|W@Fg6zHU!|wlO;=aEiY@&!S?hgndth$RFpS$v%LOPkN4M zAh^=bd~|vrzM$*-Z+Bol2HuD${ABbwmJ7x0jSKwba8@=HHmcw>I0;9gEY!U|3>=J3 z1K%(kYGdQj>YGV)ip$&cEX&#R)Qs#^U|bY!k-B|?*YE1JPmbhhT>8>VOa~ociNuIw zIO*4uge2B-8=fbxtXDcZ8;q(ak{?+>WL99WGkaz7p5k(xLWpKMY)qpg!%CALl4I#Q zbwpyCMrVbT)^J|aqA>OEua}l#!<5W!O`|4Qm)!_vm=K7>8R#roZRuux7uN_VU8nTh z6YdFFRVo~(+UFH2948v^03`$354T$ExW|>7^tG)9n{LMTvI{|ae~o9(Wu6T}D&xa8 z>e5BV@{k|lBr?-?$X`T5TcO8BmNAFnP&)oMm1D@6cjd9teqevBt(ZY54F9Np!0R~L z>Hn_Usuu{>4zni>YatWr6pB?350|B-9?HW*!H`0vKPRF&fs@U#zKj9LP|OB#SZ`V6yL^QH~O{}d{z|$7zMwRCY!DmBP@*cCK$K(zTq>O`W zjTFG39^G_~z?{$8PLu{L7(N?x*_f}(*+Ids3%J>`{(w(ey3T;~$fWxhPf zzx1zfOrB`JV06-fTgc0|Fk%!^2S^Cag@BhjBLDF=R&^*e z|Gt%Tvv8*k-$9B3@^PCSC_R@NH~9U3r{a^Pgoq4fodR|iaLJPBTEr7IP8C*-OMx%wFj{=aEY0l656UGG^$(c_97m{o4Ng8u;97SiHPEjn$1j z%I&NoHjC3}!#ujhRgj!MkbS-}a=&VjGj-NCU&6P~LBMAK$OQE|i9Hzp8b=E_JEZk( zDVoa#F_L#q4wWT%C*n%NwM3J#EeAyps!7Q36qkHCzLw}PY>#D)cRVLTV|npWw~fz3 zf^r;rVnW(g9$B`2$QwUWn0BPv;yIec>6jamw}_ za1BlyPB4hTV?Bd^z)m9vjTD#l*BoY&Ny#V)om&6qJl|~RS}1>Lw#ztO2~s`Zs;FiW zBg}vqXUox4D-nbwF=Al8V;E`5J2Obs%9+(-ssZt#i~|v&@&~U8K5ZEDL(K`iTX*1s zua35LSo5I(#|`2SVK!-)t#q2(T$B45@tSgp~3`3pMFkkugTA>!X1kpK=xa^E-+p|J4LH2-nR zA*RFQ4D4XY2wXij`++VoNt4kZ7(;CLbo_mqs|i=aP*Xof>0bF^NWBN4U-?B`wn9_`BEIpLT3-78dCKoMm77* z6C>!`v}X3Ss>-P*|C|vuExTzy-*eE+jKJ@TL*}Xs1;4D-$c5Hen9o-**K4@f6h0Oh zDJhtLtkJ;Qta$U&kLr6Ox9a!p^Xf6elhB0%CCkG!ROV`_hB^59pM@*-sE>~ce{^;W zB?+I{j<6r{;kad`R0& zT@;5Y5ISF=3Znj3x%>#?D*@g{DkJA$RFptJ$8Z@n6DeV=h4F8EgR8as1Yb_MuECMe z-fH;0BeS&vgko{*A0LwgihOwT@r!?-Wt;K_yf+j;GflzKGi7)9|_ByzGuK_a-Cva>7)3Kv< zMDkhi_xG{;|Dllce<|eRF>D2!YQ2aQ({5D(Y|DkZ( zMwtwtAR(|G)Z+BTM(PBCA{P=a+pDWX;m%fX!%{8}@RDFo2PxPtbkf zDSM6U^lf}48(`h7N#774H=l_^CPgM&k1=t^mA061XMr=vnYfHk^%)}_nJPMF$#&*j z@o!)`AC~z#{t#`;?uuI#tsk0$AHfY|{qM2{=7k?|{~BlAKa6-Lq+Z$Y0GgZ;fvHd3 zbLjv3?3g?k`9oBG^1LWk1(=2lzG2c<+Lwr34@_%RYPS@_$Sm)NGwcWJn9^+rHJM9^ zx5YpH0wjs z^@xB4+bdIhm*kUs97bdMpq`iYLd-mOep7=&^o<`cMD#s~nB^O%{ zr?6>bkwcpRj-*tHA0c5a5FiQu0SNwi^@mW=#F_9VDg;9;s#ftIv5 zR^WU5i0w!SN70)0p*8%UW{x2#X0W=6Xk4)v z)H^H(9vJViRqdwSziKjX`fMZQv)X3Z$rEwNv5O0T35zkH-ABv$F+PONouOk<{7S{S zkIRUG62a8Z6{=6beariye--dd7W6~5?L~W#XPKq&xcD8p2}DueF9LOu{w*~-wZ9-= zRw~PNYxOH7U_5&>%?}Ib7;p`WDXdg)`%Gi9mmf*n@UVKR(*^0ynf|(M^y!DAc z?s;p;w6|E#OX_qQ8B4?QLig>963D)~8tO)#Pz#Vv8N+PB9jagnE^nG}l-U7ZCJ|8N+ zn-28_cY%N9aRG0Fovx&2yXp;Y<86;z1T6%8t_FhJ!Dy)!41@R4nR|U9Q(QjzAArZd zMt9u~Wa9S0-oCGeZ-;@UE^SfZ^G)DKlAIBlAR?bi`kholqWm4(xRmJu^BSQ~_QAM~ zb)om4aZlsF+;USzOyWsgzh`Gx3A^rF-aoeR^Ac&&-g9zU1l?C+pYB z&K9QQ)NXtq*c@%$22_+)4S&e%Qvzku1eQ%`lCDKc13z)Zp+!zB20^Pgv0!zTP@xEP zMu1M>vHg4i(4T!s$LjPKRTAnPn0>p+n;UNy53Xp3Q6w8k=|oBR3wAF{f&dEz$2kAW zB72f`#H*`{*5em3&(+cq%5oWxfwBHk==>W>6R*@urdGvoY5W63%?n2mrWRXygcYY#E!bH83nB9Mp>JQ7}o!~8j5vK%y8Qw_&8 z{b9C9jSZ%1I4@((k$;221b|Kkxsm>Zhu1~UN8LvQ6SH@jKl%u>Jdk`!E>{XQTnBI3 zGPJ@RG$Z&~mL@h*lr}8cf+yC23YkF4LyCWF5f3s1r>av~sVAmSu3>0&vJ zB#)iCicE6+OL?X-h`P+UZ4armY^*gb^JjH=O)0dFcLXOz7{`Of0APlv`?h1K``|LU zoMfc77deZ!X2m%&(3Y$6;rU~e1=?^9=70dR7uD7 z0j_OVr%qqIj(Q$5HBi&E_p;Qy|6oy9FoM$OW;pLvJpT~>h*x3V2a3KDHd;`U#HQD6 zw+^>D)l+VT+NsDMm%>H)6O_Nwb}*rx)ur$ zFh_pb`ti1v-5BDiPEmWyTEo3rQJg_s&sKL$+B(bbyw|s5lc*h8q+lh5_8sksP@g?p zJX;RTMsxbfBBfi{((kYz&VCBkh;{J)uOY6!AmPARIn&<0AjN@A355S<>M3r2O3@ik zBA6Sme}x^k#`$4||7DV>e>tQWUf=f}dQECf>bl_9R>JXb`30P)$b~O z(5?ODrpx1twt)lS5ZuUvkn;yRsE@)7QqlLs9?Yigf7UV1M2*!QQ12(KXkr8{pw{W4 z9DJmC03_}Gid?{#Z!^fW8mR=mZN3@3l9IG z(*KvG$PJdz0iCcfW^ezJr1$a?gt6{I6uKaH^Mt$ebO8yk;n&F?e0pl)5FtZQ*M8TM zq=(2>3@Z(bM)Xebc8Nv51%?FC8^VRL0woh3dZP}9i6mrwnuP@pMXp2YnTqw!Gwn*i zzbjQgN#ue&#hrTj^7v;Jx+f(&j&)8{G)^IXya#L49wWi|zEnuDYbAjyEiAS3ALf>D ztGwhB36~^VZ89)Nh?Nr~7O_5_5=Oa67c>bW*J6xc69Un1b3I_Z^~V8%{HI8ZjSLxq zos3%VjR@T;?6YPy?W@enWzv6un1};_zffj#+W#h(n;|r-2z+~rDq2%^mLhIZ9fTZD zN@XEs$-6N?Us^B354A%b?E)PrQsBI(AC*2+kr0y4M{5_;Z=B$2LM%E)@31t#^L3&f zb}IPmqBZk?MN;b=3kAzkEjEK323{s;ozKCXeM$fhp1nOuZ9M4g7K^6BRrwp>mMie6 z*J_>S#rIBBw87gg#E0O~7pg0O5f84l5K?UYxKKuUbP&ZwDWCkv6A6jecGQKP&XnHF z*7P{5S0x5Rzjg9Ls}ge#RB~O4>b#vbRcZo5hGnhF+pNx;jI@fN8wz(^XzPHK&GBoY zu}?J`R3S_e_Yyy^N%%EiY_|khNV~EP3Ty*Q;xe2E5~M>kx7_#aM>zxovpo4aH(nK& zTHeJ|m@5;w*ypZ@;;kE83GTQpSB|G9ydNt<`?LA*xJ^ zF6i4U@z0Z+ZsFEH2OsKa#}w5);x2#EZJcIfZ7=S4jQ=ZO6}W9F&B;-8VpjljEz+1 z>F=fsN*rc%tn$|Qj_h`5tyjd$K{INiQ7zJ-^ZgduBsRgPu6qfA{Z$!^bH$H*55c*E zG&Y5xrb*5;L-T8*JeG0x)h7kX>lsE-!sVC|+E}bQ?!Vksd6%TMSl4QQd8$S(Ya!1I zYlCu@&k$Etwzr#>0Vkgyf}jW?K3{pDl{lanZCBt>5vl;bw9~ObAIU1BNopTq{|KZM zCbb-RQ#mRqJ+8K11v`o+?yp&qKEYFb=eY0(Im{>sGNH`BB1sS9Fv#xC-uO*SobDRH z*Yl#ixx1SN)<(yv-@oZR=i%Muyzi&kGT>$LbywkQ>ig@7kJV%`Tg znd|Lq9pDLjyWGe1sjSccg;1AvbFlOJ;U#>TgnU(`2Y>bW!$8-2`aTa-@%2QYBEg`? z`}T#nFWS7OEUr%A4)Xiub+#-nPqB}V6oJ^74%o-ngOI-nLVZ)j-x}NdfW9{HH8l4z zny=cj4rkmyUA<}iTx0gx4lv*1Rfr-T?f-mXKeT&4MEm(R+V3N;alH@}Kt9_xj7&7Z z8-rX7H?ngN`m0f6>UA^zv-?B(*>Nf)iHdUw>o_`cXEP=RfVjT>e)d3J5$AW>mvWg6 z0oKj#CSTj`N1i=uTC!z3PIPCPSFDlz-o5WCyH2>i-M_pJflq>S=V|gIhc9=f^Vyg0 zzTCr>6ivNohWGn#K0T2WmeQs%r?>e29?);Ap6uTP-o7AtUp@10I=;69KV$W@u3w?w z29q?fW-Fep5m(SQ)8^`GM@k64c|Tv20QSK61NH-Hm*vftL`AQ5^$%m;4r{?5jVZ5! zYzsReRj&>)9(+emwiPN{b+zuz%pz&CkcT!FA=aRX2khc(`Jg`BeGP}v1xwaWi14wl zqe0YqMUrUGjk`y6JE!-X=ZSToijdWS;;AgC^WJ`Vmp8w`MGM;&!FEgGt6Og~V14_D z&$Juw=skvOh>sGf*_L|kA>(@pRuTAh8kC;)>^)Yi=N$7Fn{o6eaPkLZEDbpue;EhV zKVjAG41yq@qX7L{RK|XMy$g#{>p_q$_R^Re`}evRJjKIxkkNa@AaL24UOclU3gH{8 z4=4&4XTx|ihXD=;1NhWN13$Hnz}e5tcOS*yq(#BIRBlACR|od*Du~*k-TPf6Q?Z%h|~(8|KZxc zbM2^8R@kv}uxyonu^AC5$+$R+?S8zV=MZxHf=RW+8 zGM?SB8(YNfQMVgYJSh|^7z$Y;VL=MjWg%LB>F<9ZKO?k=yHK8T)-bL^!5(3gM(#C% z84^e0b&H>R!epdr4JX!&z~4zapAmT!d5)}S^Lq8WCu>s0oXqu9PtfZ1qPCsA+1X2AFlyxDx_5TLHi@wI zCZQ}w&WB#n#h$;N<1wK69xQw!yWlmW7~y|TG6n?BDM^%n_B-QK;H(cJk!@gC>uqJ) zmx;O6ZH8#phJ^_mFcN3vAOk+k!NVE|YojGyn3n7WwUzCTrbCC!9|u#fP; zj5s4gi&4+UsLE_Abt1?KPuX(GPQz8a(wbZ>nKBPUl=U*YIq*<0wedVhVmDAXNEMf~ z?eMgI1Ha%T<(=Zpc3U1Ju!IA&@TA2M4fp8@jS`v_2CZ8RTQYROq4p&q zSLVqB^GZIo@D&+ud*JatHjnhjlF8C=c-BDykjp~#J=9r~LpkjwI2N)KtR05u7W~x?yy{I6Rs9)k$ zZ#naEV&gU$AuWdbi`XlV<~M*ZDaDnl{jYe$EVa4*nZ#U~!_T<^=y#qRJKnOlKER^5fp(YdemK--3U%uK{Je;|R z9!%+jN*T(l!Z2)M;c~H{aT{@4IPCaxVZ+F_rYM+Hy0S9#pGu)iVNt`Q86uEk)EqLa zyUIFVu`VTiR2gVHJ6^V`N5p!t>51MZ3lvB0J3y5@ z9&&qKZjvXAz9^ZRBOUXVY*2)39P~7rQw*hGfgy+@pTQPi^1%(4ElLRYPC#sSt$Wxc zKI>`0v?E;m9%c~>PH>jyWg(}Th>PfcQ5E^b7RE|l!!(Nn%dE;?{&jPK!eeT< z6dUmtHupQ_ijE#l3O)kV11v4LhO5J$3dtvO9d=d{JTuuJ*Yc9sP=7(>5DxFM8)9N4LJwAZ0Mluuktv#;obgZh zq%@3S(pKV@oTqy7q6Fa|ROKHGztX90e()n^#*snCgRqEoCLGK0D;=j98bM(J;`9q< zQIXSbDc~%*#YJFdG!)Jz-85V_jE@RXm=G5O^<<$;5|?sBu%c{O{uN6YL$FH*u@dP! z`O0;ZZ+#I84`c=Ernl4JXHe@>CL8MGUg!y+spAoME5}6f=^uV{@{n>q(QUSZ$SSku zJ+G*({y(!1NAM1pZC|LgaxvurX)8yhuK5gx->(NCd&JhS;giI5zj!53y)utjY6;Je zsW*v2<`bD1P`knx*gOiu=!YQQu*J$8i?dG~vb_=PTZJv?+?Z$a2dTm&{K#q?)NRbV z(ZNKJO%bRTcPE|O<4?3NTKyrcE_N~FpZeR>8{1@dFY(m6(pB{ifEGL zdBkMO3F%)_1g=vFM=p;*vw-q^f-#KFB;p&20rh)~|FurHoa|2G8otqG1ZnBS~xE<8^Fc43(7+DM?_E#;*dm?3?_!jYj6!?>q9dXQ9Ps; z#7r9EIVr0$q$0~ufcK< zVPqG0&%Yug;+SBy%nUsU4lx0;?gohkR;|8gE_YrCbRU26_`ZHGM&Z`gToZT8Jz_gg6F~n^X6h? z5g$=dlTI7@?}?Zqc!Svy=aPuT#q+Z;^-wDA@?}E{66!X15>s1R2>{a$8C5#h2?4}z z`X-_M@)}SmW8>jSLc7d2;eADW42Yf0XbtAPah8&ZmMS6oGG~Qw|43_{-3^u9N_79& z(206c^024Mn@yy;9Jj-#(axxm)JRg0t0yUd2f55R>6I)TV+F3|+y1pe-NnnBTG=!# zT<3uL9i?macTBw*CJ1me4^C;?lA&jL=2##?UWq+=$foll=1l0$O_5bVsu*Qcbs+ie zv97``-&}5oG)Ba-UaWQtEWZZ#0$}rfP znkaKKWW)r?uWVl+VHQA14nY*F`qvsw7{A=KuJcyxQkW$&;QbIF9W$-t00v%K3I&PN z2@`4k!bXB;vJa>l5Bm)B-%(U}D;+fy&*Vqm)R8dkQ9jA{`NWN*$YYFHvjj71*_}k6 zLfpXrU zoAtS1#S&~Uq+eBIh?7QUw*@i_gP_OZro3qaH&pW;A`6({6IX&?oJ~F$Fd2<7mq8eeJ!qr?8BA$Se|j8)(pzjADx} z-m-D}REdB=BbZ6zkfHMHB&;LqA8{l-4#JrkN`6jdE46<5Zx%L!6u7@KtR?a2*_9lN zvE=spUbD36z0~B@;XBYhV1~|B!05v=uNq5iiVEGC@g&56Exe#LM!}<8iztyW$Z0RlBfgrscp}E|)x#*t@hVM1eR^k7s%t*$ zrN@49ihJF{!;t?p;?g?G<=e+5;q3FAS#WfO6SMC=}D>$U@5T#DwVdYy}Qhp zcZK+3wTA^$FA@wXNcVEkd=LkjvlW;Ixv@2v3yGd%N4ywVrrzCh(11}xZ*kR}--7|q zpy?Qp2tT9icxE|L(MI$HU>@uc@A3Nh)al#bJ|e#9&%F|O8PtE$KM2z24jgb+`;ElR zI$p+9@BFcRG_&)~S;o@#Ex{ACa%@!K{JB=++}dvEp1XbUyxkd6wrs8I^Jn?oXD^jO z|MFlZSG~{uF%qlob*Dl9<7$~%aJ%a&%DRu|8+j01_Qf!SX3j_rFbImPtkFO-vYqf*lEm(8#lIXTa9fynb@`)yRmKCw%fRI(%$pG>puL~efZ7V zFEg{w!*{;#?Ad#d+-D)q6QdqGYbGH{Cek451x&$*t|m)08HxEYyGkbe=M}oBYQYp{ zN#$j6ax;GR_Wi*GdgJ`*V>@ElT0m4$-9}4Y^ zTW?I4(F+9VctL3eOvg);8_>t#J!DazEuXjwB_|sXZ}eJMzmVk>Hy#=`yI7m%Yx`3R zDS6dDB%lmq%(os51e zXIDgqDLVOqe_kYyrdBMN%f^$6^HR>#4U{Acy7&nzaD`Nq#rBpXW{$2YPn&Xej9XYU zmzQcfP^JVHaU9=zZ~}I(@_Wb|8xfaVj0Th%S}_Ib1qA13e2WnU51*_dQ*8{f=-84= z)o1$!PVSP~m!;fAz6sla7r!p%8RXZCX-FI=Nu?QQMO7=tIE~<|Sb%DZHix%fImd2?)CTJ3^9CB&^O0J1(YS5VvT^3_J0u{in`tn93y`hx}(* z&Km;8)cRJEf@{%C3-ww<8pv-f-%sf!l*7LKgkgO}O2mMM@z1H%05_3YdnNICc=6a` zf929{8dR44WWf9_w}xbx(((I!y`AI1bPd#7)0H|Eq@JwHQg)AgG*(}S`SZhEs2Jn}golx&7cL>NnrnzFi(y!kz> z@;S&yHq0awA40LF(O5RsQIOdps$HMNy@6itWLrBGu~4H{OznzRNyj{y9$#>7)m?@S z<1f+A*7jMGCh)hPdWuog!(kWPvb9EAe^xW4X5Ot$jAJKhX0<)h4^c{yyGpj4jD;KQ z+7j+t?pQ@*GQ7;9TyCfumEe?0Ng8G+j$B%@r@J3m#8Yb!W!Kb_{SkPB&Fn0L2U0_G z@rZaHpw9=zFyVF69Ap>^hvoO@M$d}!*761AGLnlnQ^};HsS?lAR4ZsmjQSN{?rIj{{$I@lft8!RZ|g7g!btc4yvM;H}?#U5!Nu4}pw3)YP z)S2rJYRKf#=OQ=4$gB-H3{x-05mvGxJcxQjhUe!ijQqCh7vsirSP5O*!r&C*b*6`y zVm@-3S*Z!uq`UtLiN8p{1iv-qeNMONJH~VLg3t}b*W@M` zl$wET%T7I`nt~Zp$H5IB)Xd@*a@(b-A7>KvyWCOMuM7Q^X$}_3(}=s>%2PyC#b2xb zfjbPwX#WnBwupP!371*USsZa(;nJI{OoKx*&*WkV3kT%)4<;?m5FjplFjU1=s;mWz zm86=iXN7$Ts|ahW7q~T?_T>#DHzoG{bic=&s(;d=2wu;{sz-h2t>@y1zY-DL;r1;Pn)x9%2c!uC2QfW6sKO(5Kl05 z8}%j8Vj#>g7F0wU&ZMJQd}Gh&TlT8m@U7#h?^-z7wDEntNZ{*P zZMe7^PkS|roq_MJu$j@an6c&d)&DE{0TA?<-Hwy>JnHG%{)<@3g$EBs0gUM8^)L zk{p+-KM|{>-9pcTW@=b&MySNt`3(+I(F<0;TxYDqRBGP(b(s{0x5jG}RK+**LMFMo zQrPQ4|H)Zed5l|U1(Y7lZGP0buFyS3DcN6Zmmn-j>nc0fU8j*;iT`Js{_082!|rjR zdTHrzsX4nGO4I#xknE;sMQLVg=X9i7z(S&{%i@CsHZ9oV&kr1!E^ZKm*D`o-&1c-z zIPQ9!&tf2kqRPPO7Z^>3l~^OY!w&Lsq=T(@JgBLmc_S1gm!Qrd$9{-xScUUi?8`M2 z`>QK=a1LvQm>u^_V$_gB#^*@8ZsMJP1b*xsDNs!s8QG>W_VPQbx!hB0&z6{jaQrvNOp3&h*-dVi6k{w`sTxt{#e$yqVciu27mrDwAFRo)sD9C#|HX^v0;YwQ|rTeEzwI)OTubAfKFz1B#wP%ncIlm}2C3tX`OP z{$5g~nn(!f=DU}FlpkLAtvt4Sr=eU;$R(!Pa?0E(#H%be{5~wTx^BAlAbOgihg-Jg z`1bZIGPFA*i0zN#k5G7dd7E^@-S9C!l;xzAI1_)5lOly5M_LOwy>24%%Yw)a0T_wk zbqQ<#;l);)eaw@e>k6KsYc|X2B>qx{g;>Gc{!&;Yd|8+}o3Fg!S>F z^X4>22?w(i!vVI#L&{TlGXBd0|B1fi%lT*bUeTwjpq?kRE8mFaSuXw?acl!KCv&1U zUXQ!1)<90$$?_Ud3L(h`RKlnxor>O;g8Je)8V*GKE3nx7O4 z4=0)i>DMP%ZK>>uAMiLV!3W`5x!&ys|4N(2xA`+pagb0&!a`sr^i*!F zI!$D%SSskl`_M0rUBA6=SfNCN5gvWc-AajkDttx6K#hjb0wPU?9sSk>;r6B5>jf3` zycHrtOA-Q8WXI^;<@Y`%1ClPacRUO?ChVx|t7LU67+THipurftsXZD9BW0a>(g4gnOf{?2;Y%@oDx9cKkv;A@^!K>NoD+k{1Ut zg_=dRLN`v8*@89D4!x`fDHrf=dP3kx#D=dSnYNZCC&>r{F@2G4m19nRWokUGRJXMjOGc4QdKqijpAMI z-vsMNoRVJ{rFuRzXPrCqCe0?Dr~S~*PLRPpf=$#tTx4mEu6Y41RT`1r7cJ=)`C!R) zCgJ!OY4T^9&MA{1@QVZq`$|G-J-mA#2gQ$_C3gWg&OLc147Vwk~u04)s+dVQ<+nr!-3G#%xKEJj6;Kksot)j374Q;%XrNGGDnZh6UqQp zVOEM$nr<^#IevmZ=G8ZNV98^>fyEA4YsBEq;e*{o(4CbVxa1+Ko>^^Q{QI9p( zqa~GBx0ZAf58Q)a3TG(nC#iVLZ?ZP2kmDWX8W_a2_uv^eg_@C=WI@u#^VM_Y8Mfq` zpoRs*)IAW;Gxg!ZFI#igZp8BIaNeBQS^euPo3N-p!K?BbvCgZ{`mgZcl-9J9&EB<8 ziiOlE-hx+{YaVIte}(_9MR-Q#!*&CcEw@}T^Fiy|$-acSTOcBmCgLf)B21?Hvjp}Q zO0jkKUcovCM{tT^`kdP(K~8voJe|Re2QPfO1!c|q@jF40A%epn+p!@Z0I4 z;QRTz164<0LFtq+K_!w3VOQQ*V|2k=mcNO>qQmJAfxp|kqEi2k|K)*S-#KGWPyf06 zJ%$<|1qaK4W-hM@b3L3Y)e=3=EHD!78GYv?5gZ>?o6>!~VKBhig|2ZW$y!n27B}L7 zd>Y>u`pfUSh31UQ1I5q!HQqxb zxSW4UW)8wb%zz{eu#^+BFhjR$Y(vtE{5{3ZLeM92|Ap8ijVC#Q2JK5!5%!hZ_lIdX||4{Q1igC0m3LlfS&-wZY^%( zOQi0Qb1XGOd5-m)Y0oLtZSf2}21RR{w7so6Xc$86(@GcUY&s2t9BB++BEbb~vSd1< z!3pSSfKXkA_U^{T;p-&26AZsLQT&BntXH0?ifh4rmkq=&MLx!?F~!!5i>)?Zz`X8g zk&vqd`>&!KC0(+4k!~F=JR7!Mg~?FHJ7o-QOFg5ADCOmO5SqcS(N<;Dla^SC+smYu zerw_m-kC5kOsbNhLi(+ffrs_fBgN|Gb}D08CtbJ?9R90UPbk)b-p**h{CmAMp-J&p zh=EQP#(wEr+jMdX0+N@!NL`XPf)ja4s?C}dZ#IF|X(*!!jrpdA)guSC6L?$8lmN(A zb1(Fhys5!JPPf~?n-^=XUE6gFrKJ)5lTR)joVf-Q-S3Vopq#crQ-S$E{s{Vuw-WS% zC;2kUg+k=j97i9^asD(%QETNGC;}IBkCMiGzD$M?*NmklD^3-ynroiQ9uY;yirCtS zEt0=8g+Mds+o&I*06Ot47bN?&BfY;+;;!*ZCc(>;Z8I={W0qpSq3by){}xS#VBGB` z_zTS3&@uSCb`iwelUT>Q)D|20Ik2#jmc#tOZ#BL#X|?JOnZtpnzEZ%#6mMF(rS)MT zy%Vv_D{$YSvi}xh<*)K5XQV*uHZOuELR0PM+siy* zu%^3fYaBL$Mx4w5(N+QGsO=$}$5xyGtkg(~Z0-=gUsxlkqlO3!Te#NcV<*~!dZrZR## z1X{0;=blA&-+sG8d_1lskCXw~b-Ho}lg*Kzyn{yO7ts-hGvBYBdF@&r^LI9_y6=v! z@&>U$r$mpf3A7(fDBcbX6VZ6&u^L&fGh%PB2LhTuV=KqxtNBagFGKw zaZkapu`i9sJ7cFZqvIg!GtfBS#Eu7weaNcKoSTBFH)2J0G=5@!@24I8@KlkCs93+CO!}}nYl3M18M+YF=Bsn z_`Du^G9_8(F+zPb=$~BVD;zka4+)5nMmjz4|5I{UiD%HUxEAYItbG{f{jxstxx*T- z1!r^>Sc}_Sl=ff`|Fx^rgp;O$&O;Hx$SkeKwB5JD)zwnz^@4nqvyB7 zHUBuD?Vi?7%Zux3hjwW*#GIIKKoUN_07coo{(o1)72Uzvy)xmDTDDyrdGC|5dqE~! zCbtA;d;B{m+6Uh_N z*vxO7ed`Ky@)FQugLA8S@_allqmSNwR$^O-C%zOHMoftUTgY>=1@g?xIWh^X_xcrn+nV1M}MyRz~m;^@< zldu-ZX4sBh#{_)|ZA(m-nJV3MzH?ED#GIkL@Jp9EPiTLLcKBZ^y#khnE_XPvZ~ z_0~af`^^$ZvDEWRw#^`Z3TpZZnk3e_09F0yz;t=!7L}#}cG#AE31A&;w{7K;^7}=8P25SZPUp@~w zD3niN4N%N6XkjP3VI53RO`?*C1S)%K4lQ`QkW4iT%l+48t)?wCLMOrh`o=E5ZBG1H zAa%AqTWd8{)?@wgd^l55wKYs3Pwf7=dRnB-2GOi2eo3$d0nwjM`LJ@8NhO5JELG3t|2{ zA*Jo0iMmbE+eOxF>ZG`V4skW`18aPoJP4(fSgr1fc%_e#p66>;Mqt)sRdVu1%Bx@! z(p^3l!8Ihu1Ml|bxnvIJxK#T0mt)IoEZ*PFoYNcAdyF3>cP7-tYz*U=?D1B?Jf7y@ z`MCXUA?N4&(~2sXMH_}){X|O|fhRha2mQS-Z}zZUC<#loERP^MOOp>vT8A~^SiKS7 ztP^#+i`zX9C}wf8D_6Q~*ZV6TDURd8sSa(S?m;5Z$B;*DGcM?3_E|PTS^Q@vMvkkuIO7GFL&gNv-t?nQ2lZMJ$-d`3^M~$6p>@@~)6DLQNNXbXG2qvMW zey(lmdv_bVSB42yCXQ$ptkJ--p3;B6FBelx@Ps?Q_uA@Y#0y`x7JMa5-w!0?`&0hX z#cFam+6imQg8VWnhb#!`tqJa1VzS$kCwHSG3J&L-`P!-$dt=!aZl3|gYgo(yes;4C zhFll?trKxiel#>aAn^zad^~J_Dhbt)L6|n+-{upIA%8YdUr+L&%6A+ z`50d&j~nc9kjCrg5(xSS(OLdJy&vvmo6R4|vwelrCaw6B7{|{;NqZ>r;32&>51GZ! z2D9ykBa2I*>26BrvpB>p8R=+ybW4PdHK^fD_sjYH1M64O{U@8N#=pgqP2$hFUZWn!{_uY zbQqqvESRPKdan}}g;Cpo<1;Y|B2)FC&;4;JCO?Fy!QcoTERoZ*m_fYKbM8YXViRPy z!%Hf5pP$f`Za{h|<(5*(JiW!Dq#44~$Sr4>iKQBhmz)C8r>tPqh|{FP!ja`FQc@gZ zubcGye~`-N3vlVA8^A+|}nPuF~+8 zgef6C@Uf-u6F(-uUFWx`Two4xI^W7zbI*}q z8QSJxQFF=v3W_{kwr(pDcl5f?jqkSZdXxgYmP02CFwq*DHTTFSQ=!Inh`5uHxbn8I zR(@>c96VFL|5JI3@Zash=qkwgdTLD@*Bk0gAABh=vlhBDF`eEWc>XZEeeCvhJ`(p) zum9Wg+x0RE50w6T{r;?v^CIHqrM5pvuCBFF@4yJb=k!@07FV!)Z|9Z9VBib!A={Nv z4vGGq2`j;NzDm3c58<`>HcWDZ&L@1>eoz+g)w^B=2QMgMAhGd<_)Bji%8X|a{u0BHPxhgIVByoSQlQ6I=~6d7vweFC7u3_rjj{KPdjldrQx_yp^ShGU`rD;xnX67gx zI}T*ACKeKq1gQ4*;y__|`=UU}Mw8^*VTLWvl!ZW|3x*hG9K%B+VYSJ^ge%-RkKt#0 zeIkl)8+gk%WKvv4H^tkm`O19Hc1la_4ThER-WpSp&Pg{^%M@|GtYkX-s2e?GGpzZcB(?BX?-#x@mdidb{ZBIK^X5Qo~ecV2Qq#&)ZW1#l5!1VrC7)h zYNpi}s4`Yz#bUJTP%ZcW9)BXS& z%7L-o`y*OdG5NhO%g&9z$>wF80!2x|Dpnw}Wfm=XkGadjeGRJMoj;VoAl-Wdi>TYcqJJ2|zwIKRU+n{N!?nkp>6 zYSS~lNvNv0X^t#Qw~M0E;MBa{gE4V5)2P|OafGm!I5H|UzZN$L+_xCF~AtZpxv^9y{BLMTm6&J>|x)a9rD#P3%9iB-U{I-gc6I~M_TC`=2FE17Q; z@amhnCo_5Imv%??$g>_ALt(n`jw56B^Mi0&)7n%0C>tSVc0v3NA4X5v6x{sH5~cAv zy#K9iB4SjsYRvA-3JQAod+PpDLw8EB1nDA|YEfy~d;5|)WqB-BQsMmrIU*Nw+tkjX+iOC+&$B*w>y>#Dl48}Kza$-?n&C~j4gi-t5 zu}625&IIoJkHcF7wqLHVunD6Js9sboU(T$5JMuJG24qmEu7nRvKwwzSQSRe z$#3kp$|<(jUJbVBD^JJaiIYujA|DYc@?-QFNCl{JI0D5(>RWT!d(qHchkWea z1;7E|0SEv@01^NhfC4}Td;y>V&|7PcF(})?^0mOW(gn;U>k?`r`?`+)1y`yIWp0NE zXrTnUIyVc~Ru3*qz`dd}4Y_<}=h(u8lEh1nW2DFQnZ2EyhcS(D$>YqMIb&k+yMa@y z2A#wL8G^hlcQ3EHr*cR$UG9@2?{5vZbP_%ECr3Z4pS$1QjkdQ;HjZ1`|GJnRew2ba z4@K)RgB8pjf=w{SRZu8z40C5sPFJrEJ!&(j%X+6|onVRk_zgPy*1b71zBHJvX8&S5 zISiG%;TRlvxQ`#j9f1UmPcG(43^aC8@w6vr-}>Nj26smv2Hu7VU%UC?oiXG6i8T@Y z>-y1?UAxUsbYVBpF91v6OzXIo(3k@bJUO%M`di;R3(3UyWK}m_astB|F?#{?14JkH z2{DKRoN>#mqW(SWWUVR@429kZ!*~!X)kROD>5hYJ5q?Zy^ux=}v+s zx66l=G-0$iB}&HLZ?8Wj6JOnBkOCt;DMqOEa1gZi(6GouQ}LoPgka>Wl~(yIMjB&- z&OstF5Hp&Et7rD(wQzi1gsXJsSxh>!BMb*=n7<^3e%J9)abl#mCl^bs7s5RMLF$TD zy7TcKzWgYzG2X+>m;YP-#2Cv2_yqFMFW0Ycv zkZeVj#g0_B&PZsK!&OsB3!(bZ?LYYeHt0UiCugxb7 zF-Xo94>l#jyo`jCiuMXt`mz^kMcEr!7fJQKeLwwfMH%nu#jk#!_(7RVU|%yz8Zc1^ z%4GkELN&+hyrk0pOTy6YZCJ55;$%M6)$Pkjt$9(0FEmsgkjd_JMJ9 zri&l`ui|EutXijVE;#dVcC(n}i_wqy=poOQdrGVOF0l)}g0x$#q z^WCffHUK+-1HcL30&oL(0K5P`06#zgAP5iw2m?d_q5v^~I6wj*36KIv17rZQ06Bm> zKmni#Py#3eQ~;^~HGn!m1E2}e0%!wt0J;D@z;}Q?zyM$fFaj6@OaP_;Gk`h30$>TS z0$2lV0JZ=-fIYwg;0SO6I0IY&t^hZHJHP|r3Gf1V1AG9!06%~~01OBK1OkEp!GI7z zC?E_F4u}9m0-^xXfEYk5APx`@NB|@Pk^sqo6hJB<4Ui7V0AvEP0NH>XKrSE;@B@$! zC;$`!iU7rc5fEqw;>wIBdW+?c(d^`oWefMhZSYzM}vY)I_ zQNYf+{$LLtQ6KDJS;J~rqKU~W>_5NzTh&y&%-}qBm_>C{aVfH4DrL+PuA1|^UI%aw zVfvx>k(ajJ_f@%cjk8m!^xpT)O~H@p|V;ytuC&2 zO2zll%^whdDO<0o>jgi9-+t^`(}iTZ)1<0NJigrb>ia*9hF~+&-k%D7+^-&@USIyY z{rHf5^=^7%ytJ`?e``IAzkadd+3Ag`9rgW}{^Q@@%ePsFe>X~h``tCm(L((N(thw@ zxg0$){&Dakes1>X_xJv%(t9$rCDH72>p@)_6jx+R(qpp4F!QB~0^HED&mrrl99RE2 z?q5|z+ilN*bml?VUP#6_ctl3K@A88Pu1~oC@HnyQha~ zaKq(g#y}b2>Xp3Cy&=k4^F0B z;N3+FaW}BV$AHtu)JtypltHkFpU=;lQOylwEY6KaOlK<8lu=4~%A~y{mzm8@$1;NY z%Q<0yd|2uWVrs*cRH;g_x@mK}#Vd_SH4Kk3@gKxVu`DWZv>ZCw(*$N|HmZhnk$*wD z2D%?IB`kd3YmS17N0Olk_OsU$#e=2?zMpn+wRoSH0odYayAgHBHwr5p`7Ndtm6By! z2}>+789rANLQ66i^Yo&DdBapF=-6?RyK&=xhcns7r_0rpilT)^CLt5rNhK1BwOofi zNFZnk!FGj)w)1D^*AuV-TL;ph;>c7svOvB@#pfSeOlw@e&XXI*NW=-ruPb}W+6N1PYlD;m0yoq9|OW2uF1~ zOhUZ!){Bw%tW-Sbmc=oDlY|F(_1HyG# z-qdNRB+ThJKZo=S1jgg4pg!Z8EOyG4)#4uZ#K1mNl!vF--u&;Cu4*IkS0otEIYImo z!!Z6uzLz}4JsLo9CVj*W`bpp|WPEFO_Bj?_ZC;dPlqhy!RB9BJ)wz$#QaFAAfr!Bu zj46t`I(=U}5WXp4r}oKd@HPh`;_IN$?@z|_(TAZA&Qq}?Z2X+>xT8K+?h7N{!kjU3 zVY%8~YbemDIqH%OBU%E}AmbtG ziU8pPH#~hM6CD&BHc36qeCTh`SO--r;UZet1DNT=BME@g$39#VYW^%?G^eu*CMr*`yU~Jas#|;MGvcM@IuF`chWfcfGM*LLoyn)J1eoFZtIEfqK{H7W zxghmNVmId+mVSZJKKnLYmxy3Y3QjKYB*z<(po?oiV?!R(yU&R;wZ}DQ32b2N#7)zt zzkq~o9J{o{ZeAiOXhHYnNcMxV048AfYvX0_kWR%Jm~5rjPx}bMSl%VUQjmk&=2!;O z{KG8wo=*Sq#rMy#w8yl-8eMTkz~PP>BL&QFiG2CBF}eZC+~ul|HZn$S1D2qs9CVu1 zWuh#&*Lbp&6Je{XjVN~f<7j`2>q%Wy{q5Cx1dk~EI3MNbl*$BA!g!bKFI^$Zd!5-s zW+;_d=13B5b!293K1wPbbHW0oIk@A@hM<;+DgIN+*$8nNq!Vt@LKck*3A1W-qSShG z8?~@d2)M7$pDTD>ZI$sfqQS5VT2|Xd^wrD!)PvtinF%8Ya+r$m>8p$UYy$Bv-{Gdq z-L!0BR7jVq`th_hH-lKE^~@rt%dK=AN2KCs_;Bx~Jt^n&A=faqK5Gw}92H}R7?{!? zwM9blSit;yhBwM|z}I>qD!_c<-<6N4{-%9LoH`mi8>7p|T%n1c{1q&#^p(nOUE;V+ z^q`qwi;wG9gj}&`m(YcHX+3(#kBqD#ZCt+J(nL1Q;pEBC7#YJFOT%Z=R+T13GL^ba z$BB^PJr7re^upe$GIcQpU*YCPrpE|(2l0zdtB?UEv7I)eyNXy+uLH zU~{umr(*<9s*I;s2Ur}IaH|D3M5>}_Uo7gCf|K(75-q(aGiQRE5@78%*M zKN079A?SleDj3_fFk7UFxRn)U7U@eu(e5fKXc<8ZM`-;g8p90!Iu9NH+q6oHO;pp3 zTsnPNGJ3n?`c&DUZdcAn=`mH+?i%b;x-Ynj z=EyPfEiXUFjgpSAsn96xR3y-)l%}+)xu4slg)eK6TT@IjX%Nqq(IwbrkB|@?+~|ZkqbE&_VqqT^f`B=*HKz=k$+TEJ_cT|w*||Y7!yKx_{8?R{ z!}7%LXP;QXE_Wy=d$<{~MTRFbG68tgdyb{SnFKnJQ^4POjAx3=^JZw{@%JHp?>7vl zG_%*j=0PGSMaVE6OiOV1W5%G zCZf)`kE|4p{RwzHNwH|#Xh9piBVN>Iq75yEi6g3rCQ7H$FXST_*UE;EpWeI-c4*a(c%1>*AB zE_P#JkxecnhCY$WO-DW9h7=Ah;X5J*24JorrYV_f9zkWwez%zDx!gIl-`GmBaiyVS z1qw}8eJ3_!hKRS^BuYh4ovw!%TE%_mUgSwMchq178=ftuybMf6AFkWr!pIkDn!$vS zJ0EwF0`E9nx`a6%eJ_N#xyKtjQvCeiBtd835-#)n4068hD6L5ZsP=9F$S*NLY{$>a z8(6c2P00MHNIr+HBR+Q6znf6VZ~h5+My#CMVxbXroF?GT%tuJ38J0@|&(~m*wZnZ< zM@qp0<L==9C1ESER0bMOOO44=J2e$=DT#r^kUt+jj(e?|Hm?Eh(Va~k7=)YMaqHep` z|BaCh&SRzEGflPj9Md`8C$(#q2-l(vQU3ZqAY$TNfA+=ZE6cv;&%7jP54kGc8HF@A zc?w|QDR5uyEB3S5r@Hh-Ma^{6`hze6R;>yRH?*@^jzFz{xviT(Bh#`lz$RgtI1r6r z@kJ+|z*R4g3i`M}7QFcsJsh578-i&YvbQ^t<1isTy6Wp_t>~XlqAY4ieLf@e`j-a- zb+Ra?hL-Tg-&RN-+xH+hV*rg>VYp~uGVLY(JafoP!lRQt5?eGPNeNp04pYDdY`@8x zYe6~JEp>%TK%RyrJD`S+)qi!IxF$yHZcw+$olH4rsxMw#^TIBA$HT*j)E{^V+1_b> zGnPi+-Oepv8iV^LH$zIF~xkK zdLw80GO|jl(W7+-f=<(mlks7EHeY1&Wq zM+Fj9)>%{ScxrMwbz8@uVuC$w94)_#T>ZH@Z!^{z{C%CvCT~&T^3{cS(+yL zo3P@v5NBNNbjh{c?)BZ;`vD#=HxOCj2Urnz!H=WF=6WNfcKaHmVLhB1iRs6Zorw9{ z2B+=Xr^IwB43_LNTQegG_l43USRVn|a&a9ziN=OD`FLKA23A$3LGS|PHJ*#piP!Vk zk1~Np7??nw#B`_GcDq^ExLq9l={=L17RZxu2-%-}#F#q_G-l3|T-+(UeJW-5F$+<@ z*&hTvX9Dk}wev^m0gpVd`bIFCMOFbw^T`bBFwUm6Q-wpi;VWs1aAi)$J^ z{p+YJz!HP(lS&|mw{u=hq!=ry^S%1PjCKrhL864J1!8Dovk4zlEP^!1W}75t^Ejjc zM1^#%NwdqV{|oFgnQ+p+FSWVdpvJ+;kG74Zx^$3Yd3iXLbPcBB0ta0}qA3yx#$b@U zNm(+|92TV5c^|rPcsXL=pGt4J04v0lMOD*D34ZiAqPU=N62|g)4~r}LCw_rFpK{Ib zxvvU@wW%Ylp5N=NcQ}g+a#`Cv>5}5zNH{QjyRcsd4=J-3+G33}e;iky5Y*XY!CP8N27_%BVP#@q zjvjLGSZccv~S>qWWPYKG*is~K;i=WlP z6*jaD&0OQ!bZOzidq?1kzAljGB_uf#9n>Zhm`%}4181a$Lb6`&hm1;DA;uls$fff@ zg1u^(TP0?#pM7d?ro83hnkoKhkfozh@<4$sH^&nxN4T%7HbjFo(QoUtyqu7g4orWG z!8jDQ4zhp4xjjBJc0Lk>cyo>N9ZRF^f`T&(d(X+U4hST^cQxS(}A%*D9xkX4O-VZpAKza zW-uPG*UqqLK;wg-yAQ^qN7;FNgY{b5B&bR>r&+}HiZr?4i4xA1LS24-t7hhE12+sa zDd57@49yHt!}3aCFX8&)n%N4+DpLrq2jN2=fD+{p@l8yj*kJ~~y@ya6*GY?`SkGZE zwVeW+N4ycAg_P1D?Q(ut^F%QIiY>Bro!X=^Oz;zw_Yj-bH+J2rz-DZ`;_79R`Nky- za&frBkpAywO>WiL4*b`o$jwN0V9@4t;wzaFHK4vm}^ECW<#|1L{_%L7e zg)=rC(`xO!Ft)MjW{i$CmS-!$@mcU#u;|;aV=>O?_3HMmPrk|@3bfgIJhLCTt)7K0 zEbOgxHikZM-E5GoE*&}!YgP>Cgj7>(gs+LixEx15!9OUH6-7?b%I-3qz;V5bUBZnW zlu5=`o0|!-&?Vz(QV*hws{N!UzDK6pZ|XDoSLNi^cvAly_&0?2hOtlvb$M7~>%8+@ z4?=59%4H_Z$8-@Z5urOPCZv^1;!z58&GxvYcqU{=KEsaD9^I2j-cjx=iD07@k6WSa zh_WUo5pA**B=!%FGU|OB1K$oqX96`pwv_mNwyoS{vsPUq}g=Da{OJ9t?A1VCkAl#5Kw@u;Jb=0u>iIES*2-yo`OUI)r zkM;dzfoLHRh1EBD2Di~4zxDlm;5BXb6S$K7^enm^NAX?2QdoDK3rhnzW#Czl+4|3smO7i^=L%YBI1vpvLxahrrU z&X#;>saTq+b&(=fnn?)nAxs%Jo(jBKW8Is>EZ|DA8a9YS@F~wF*#~{G z|3H{H7^?2`J@HulSCx88u?S(HLQZJ8m9cb#7=I$tzFwS~PbFTHO&dmw|UzVlcfc!@ZB2%SoasJm$UU zD;7RTI&>tmcp#UY--_^;Rn@R<|K`4Q=!!}sW%AI}w3%Bln_WhCR!a~z*v~&_?YXg9 zq%qf^B@gj!L4UnCwKeBnX{M$0JVTPfR|@%7F7lI{fH=rR{#3ME=uaO@#hEUfxRKAJ zsTLs@_LO!}=##e{B|HTV|kScC$-dD&HE+O_C0s{-X2A*`1sCCNG~Cl{eq& zYJYk1=n%S#U0r$b;NBu1i~}+KKSX^6P+U#0E^fiy-QC?uaCdit1%d>EA6$dGJHg$9 zdmy+w1h?P>=k4ad_r5BI+S)T`rl)Pb=^kiq;_>OM63=KjbvbwpRHb&hEcqOLw~1c` z7@)t#8qLOfUrC~QylYk8^o26IlP4AChQ6PM=HPWJq`nO5244yXCy5^OUDPCK2Ma>S zk3s0%m!0XJk8CA$d{_IC0u!EE9Nm^bP=B|eT$dk9@JIxU_{;D9p%TI@s;UbKK+`RP zE_r*DC*x7~#{hrJ7^2LNY5s+A?I?o4mYs3MLH+U+YV)-0wlv3x5`+c~4b7>7(O9h2 zF8F%kx;Z-tOSQKzF>WK8y(LtZum|~Bo5Wf8o!4e1jW*nr2hXB{0Tt4lblM_~hYuoT zg6Nx-*HGba+DYqO`wyPiJz8^?fFa^N(Lu9F5S0nj9O@?1AcVh%!M3aB!e@5>BWMUH z_o`vgH^%#1R*nP%0b}PWvotS#4hl#35Z|z%dnVMFv||iF|Amsj*8LvBl*NrWf*h3_ zi#xBh+^Mv@JP_Av2p#>H2UU1n--KgC+39NriePJ$H&N11^7+D*M1=_lF!huseZ7x# znmQVx0_l6Ymn<&2@R`cL#&XM;0P@LnX^RD!Y_-^j?77J=tfP5yAJw))g@w{UQG~L+ zF#Xm%sT_=ia|70yse8Kg;(NtlG%cAxAb1n?mV$1oj++`ql=9`i-&@UeR=z^t!@?w9 zB(^vY(PuI@%SePk1`~+Jp{FIe5^Ae;IZ^6&<9E+vpvbzm8l944c~nonWQ?KuOEks* z4d)@k^g-mHX74+98)mi20JBTMsGq$zjsh*zTw!-ixdOc6NS(j!YNYiA9U^LFE{A%9 z1TJ;K1qQcwVOSWqoO9TtkQ4P!*+2X(X9UO#A+~F(qpOhuCbR&qW|;9k6{(`w{W0$^ zwAKXk-+gSI5%^yjew$h+o@!U_A(R?bmu!!#7?v&(E$4pHAVC(6X%%j8*^JOCQ?@Y?;tE&Rj-U5*Oi>D>I`l=$AD2#E z6Q_}0BhUbh%7F_3GDO7AEoxpk*GqHSVFIQ0JaOQHKA~mbN6b z;HXz|{sz0z=4xl4<9t}j)4Y7$bb8CTB&$kHQqy-#06^P&o*I#}Kw^d7#sB#`j#Q?; zJs7%{n}@e0D0JLInn&~i=&ssD zZ-V@gwSJ^Hh)7?o2CQO|UqepppOLv__FCKQNF1jYkl-7dW-;>3`7ITvAd<`bg!HsP zJmBgf20+@$R^z$)2M3Noe!=4+FA z%-XYj^hDMt(ab^!kX8r6N!J#t%EY^nNw+!(z>+7~50{M;2~V%!FIOnC&ymlOsu*M~ zN73EaW;M(}u_0G<-YSz%HN5kWI|kBDRJ8I@+-Nwh>6RrTy^B{T8D%#-i{b;6{(z9t zpQ{m{Vc*3_zS?VNRMTlV-+%=i;8HY#wXZXliXM;wl9jH&e6;MDt&GU3m}qQ2C* zGI?e8^NZ0HH%N1Vb5)*Q=>0~>n_@s9B3}3k?oCCp?mQ2hA?xmH4)b6;>(RY&*e(Z2 zU0#upY(*;m_3>jtZ9jZF%wv<@}s+DNGXpck56LAiySpVla z;PrN}@|G!-cy=Sdas=7UUSTDCs8I~`iWNmX;-<7M#XD$7HcWlcOsi#<)7rbai?iosHAM*EdKNx(;1w2-?j;JmNYrQlcdocXZPRMne-QR$Y-YFHP z5s{-p_R6!28@0VqsY`$OKad< zLsEh-BK6pek{C=Ng!0|FKQ$ow`7jp}V{)JiD$vz%Tnvgb$rl0Zst5 z*fX0ysV;*D@qs}u#!w;A`G9$1tL%L^CaBI73g%biZQoX9r!1?sq1w;^L~X6IghRa} zc&jx~IiDi|E8SuF%Y{qrr%b)j<_Tn(RmV`P`t-2w?@NuoqQmj`Fd+- zd@thz+s`leYcsp>SK(NM^%t>^6xZ>t=nE!dHomN#Zfyje7ZUe(m0!j^6psb8U#_-X z$?BYc8y=jF`lvGkT?kk$TYv>#{JYo2?TeR}>vao+`Y}qbYsjB5gPeW1GRz297LsZO zk^%yq)@#eBe=+X5}dy9Z)0S1_)t(W#vjzQYi6QcdNds|8= z-2Wa2r?HgtDnhbtsFzMV<}$(g0yknas<~0Qli%U$yC7Ba2;1Cr)S@8S-9_dyA&|*@ z6^=gryHL-o!JyN{$m^O&BVLmF3pF}yRm&L1+1E+AX+ME%?Xxne74GgeWx_u#n`NfX zLOI5W)!IOrowNGfowNDyWJ2hiB&D@Y14U;>Wj#C|fz(hd+s<&GW8(EMPurkw9_{Ji zQyy34D#+$f{(H~PU9mWcEL|o#4=4JTpVhwnZYa#qmu*l;cq*++c!a`RQ>Ye8k`q|6 z-JGGUtKfL39{ojO#?*GaQZoDi4(N8~o7Hx@VLV>uEUM+F!k z0z=Z0rHlOhf!qrUa2YtO2>cryUZ+|U_Qt-e(mfD8-cap}%bpa+nfXer4H4@zqxSNf zid8;t$qvm(I7A4e;V(ha`9ke|7bqqS8()K)yjF##79RZS8`t@=w3?UVahJ!rwYZcc z_eGVzJuD9e=*n&IqJG1Aw2l~U{%ra!OkUm3=2<@-4Z=xLzx2qPu<;On4Wi-oF z%<4z(sSS@PX)!vP!j)-r-7DWv3bOnI4$QG{6FUBiU0ET|gAPs?MWb)f{QNnp;5&gh z`2Sn5jf0(olMBhp(ekso9TE~JdulH}40EclRUK1Um}(uU)q`3Cs5OFG6R0(VS_`PP zf?6A>wS(FZQ0r(3Q|%1P0a`J-Kv#-|{dp|o6J&ePx6WYGSE*5U(RaBM<4Q^z+NtxW5nvDXnwHw>VbPLeGBpZtOt>D8UrU&fj`b6Z_8xQM+GWE>h1!0kTu^ zx9*o6)6k!p+hY`H117oG+QCnh_O_TAtD=PTzh@tj;;RgCYX+v_3f*3 z$h*lN$ZeQwuSRaPTmisq2&=Nvy*FEYVH*(r>de9ME{1(5;(6PLaSzMTMzz#&D{FMCUQXe`9FaLUSX7p{RqpmIY{apcyf??{5 ztxW5bqvHGJ@dnWeCjJ5_%OWnhvZ(6PdULgDOdkf~3z#S&4oIi?pQv7+VE88P$G<5? zV_Wksh9DnSOP@vng0Io3=B5o1r(&GwapFWQnU_{g;?iM>zr7UU2p%v@3^+pRL4a!4 z*_&3;)O^R>j_+B7VuyaD{R#^`n2XQ|X#Q)3cVVa?_bi>;SrTp%f zT5R?tfC=j3*W-7yN;~SmrI?gr++0pYipkZSQ*4C0|;@0e)%~x~| z!TAu6BoF!n>@4`${govp{U6}0QDz=A%z;ZU49;k)0RPqzlw^hgf3n-c0OuXd-_@7` z-0LBPY7w$e8Ktl_3n*391`hRvh64{t49>|F$5H*YrMg2+&T+v{?!?qo?(gGt_BY>! zqo;5bHO{oYBiu9Mao`!yq<|{RQD#8UM}1%I0zkw7RD{`6eI(_iFU#rnh=F7kzMwyr zL_r#vHyoDC^R;|u9Gv^r2p3lJ4kbCG7k<%3nF2Q&kTUTrafuq}|4Q??B5Fg^Suu72jq8Ldq$V?<{L(XhA|wg>&R8>@kP`FRy#r^eQyB$Hcym!QV){ggLJMQ z0zfsuvRohgo6(YncTuu)W%zdsSLV?+69jH3-0$o#A9Q}d_X3r2C)9s+us%F6bSzm0 z7;y}E-h5O*f@l+-tM4y+NDPGy2$0Su*S0n?V3Y5%lUG#TJ+_;dx6RZWAU{qpxsr`@ z4Ej9U+B_P69JuW>tSgRCn9s+X6w_upK?w9d;z6vKr7+s500`cr=hCG_m)|nZ^Iqb4(b06&l0>AKxM|aez>9~ifK77)7 z=6PJ(3XS+(5H3Y_vsmG5Or$R$DZ?;9zUZL;b8jMXO;ACLGzXKRuAC|2=fffc*DTQV z4%w#-)^}eGi)wdcX<9Ig+4B=(QV#+1_1xu$%T zNbrwmh}+~(E*qngpTBLHD{FhIpoeEvD*Xx1&%D3Z{PTAl zDtjQyq_Fgt5=x=5Gnc>-xyMz;Mgfn9-E~Cm{SwZUOEb4{7wy`aR3_XIf*&qmk7&0` zVCyT()<-+G?|08?S>qk6uR4BQ-H2XD5gHVZ0->BGyEyfhDeJ*huYSHN;i@!7 z4}3Y^;epQDo?XuDY-Pz3Cp;IRlgi^LPFBmzwR-eOroD4>rLEl-ZK2a>>};p}YZ?Y} zPI(UFq~M=l%I^lJhb_L@(`E#{N7XD7uU{;&*UOM*!}5!rG!k!Fj`f`v6MdA4Z@_;Z z_?hZy?juf_)>djy+Nc=#}t}fF6GxlBfSL2x*kA`&w)Vx)QKyTwBNy)&d=pUxu zz4C+Fh82T5h>_k|9*4Vjlx_9UK;=ClAt7aay*o&4sf5JWzgPkciu_ma_;_NdIOvj? zlf`e{*Nvx9kqUm$kw-*z0znfjVcs_J>;>pqKcaKJ2E;02a&0RyDbj&0>y{1N^nQoVW3 zqWBgZ86DkBEz#=iw;E*&2~)MBj+wxZ z8F1D9)Hp|Ji(PQ}ptK8vEUAG_?Dvwl^PLX9v`yHv zL=&@}G(@%Oq;^2$;0oQ{%y`2Vk2mq6o^$|)_2lW9u8k!fBx>n=Lm!0 zYR8T@;7vPC&$tcU7?!sE(3vpvBQAgzVym9s0ESZgxqVzrAa}3j)Ki`{M+R*ZB#X{-t z2;=Opj>ztEe4=Oou730WU{629(PKe(>_)U`E8aCRrUS0QxZ>AGSL;fsj_iuIBV~Y< zqxsiu7wALv$f1pOFmfHHdi!j)oKTPYu- zO7+wk1jrVvC+}k9x2>)M-cL{CYroc8T`KA}?CV+%SAmAkmnXpUY4UCR?yYN?=;iwS z?Qdq=psAzS<|CTHkqjU7&sb#{ppWhKWVQP>%q(lgB(r=-os-=#I>YrZenHvb{qY6^ z_xbD1s=?1~Qu#JL?@5&BGZRPPKC@W8>h5k8=zg88nf7}cd?kFnJIe*0!dkjt@9uIp z6t6q^$&64mLlTtUx8c+;zF~CpJdhrb?|Xbs{ltUOqX(t#x*Y1!awgyG^@>QbmtzQR zXP>Yd%a^&fZUA++X8q+ZOvU(x*lxjEAY?r*NHPLj9qWd zt(NEfYn)GAuHPHb@~y0oHmzmZiZjm|jrn!SnK_%&dTL#Nay}&kHnH?kObYfl##Vdc z^x0ItB)*2ZJunkr)1asrrKqk z4oMBocK*~+cYR{r5*9VJcW8vYzny>Web+K3>Bqx@{7w&}r}*o#mqk`Qw?CP0 z^Y2p+qpiJUf1l$Zu(uqw3<`_ry*bW{~&dYutwl*q{$e2EIP{WW#}X>W<2c& zyKSD#ttL}K2okItnKazOf0aNk1!f0fyt?q2~yu%hU=H3tAGcxG@7~AOzBbFI$ zrW}m|4%GrGRkKF6C>AT{ziaj<=QL1_NgP|o&v;i2?C-DFc>!DE07niU;rVsxwo$J3 zg^ju#Rk%KzR7A9<`~CLiN$BqyrlW%@U@KB~yP;3X zQ{p%A@}jLT)g&WJm`*yIbbnBld(_!%WB&W;@Tt~_<><|E@?BLmE4ozIAa8Ip#_mC8 z)H7yWy?t!XbJKO-!FLvQ;gP(iYG5gV-T zAsBLfi0NxSxaq$40m+5k_fH4Xog!>b^Ue3-s`glclDG1!aG*SPa5H2y4UHL1R8u9~ z=T7sN)hka4#yb}@gsTAi<3gO7tt=>Vn!I@IN6fae2q>oER*QS(iqNi!9GoI^A|G;k z{^}|&Et}3sB>xouA@v6hX(eo3fs*n)?AFco9K0esa3B5ZD!C6ftES%}Y!GdN(&N=& zX^|?43+<|YYy(n{cOB$ft6R`gXFIIL-VV9Kc})yV5c*JrQLcKnncyikdH%TatmnMw zo!olCBgi}GPv!9eKhKInFitHUuQmwmUUE3$Ng8Yt+V+?}1eWIC0TIKH)mM~KKdIqF1}ujUDW zFs1PiHL3{01am;~@4NN!3nFl@CJ@6D_C{CAgA!2WKvEHB8!P><)36)AMO;65A^R$t}+_c+vTv zP^9NAH?rgqtV6Q^i$q zG&{k(EwRv$;+b_{a0^k}ItXcdMme+`Rwg{P(^A+>fYYF;eMinkUTQO?c?E(Z&5{q| zdY=P&5z(VWPj#{dHgoVwjfsfK2c)aNw|tOOQWMujY0-+mi8Yl>vhNME*6+d`qx034K_^t0ymOP(YmU*_BqHn z%qiKxZ|~XFO!x4=D$)(Fo#kLRn%Ddd$kT0YmeXc5P$Bt84acD=79CjAc*m7MhWpPb z^8+MjwugZ^RR4v%0QKo@x?)I>5zT)o`X5noVgLP@`e~iCWu)3;F!p7EG8Da_( zeQbTS1K~g8ze1EvtQiLWDQnLMZ@wG-uYVJ=r#^bwLW39-J(zFZ^Uq#yoBA(7N*2J> z+zTCg$n|Tzp+!=D_7kLdhAv(2s%D?MFT8flk^2$e7KlMicV1)&_38FRR>dqowy_Ltt~(UB$N#N%_xIk6<3|I)Hz^Pa-1a^3#u;8GZdC=zp${PyU}zE3~Wk z8!_oadt<&`*@BQrf8>6V(M72$cL6CXEk~SBOy3qv_y-`@SG%;S7gAD|dpa(yytK$> zRt};ba!S^G`tsjgL*p4AdMA<8YfwblHCyYcC!idDYJtoYJ--ydUP%!8N3uv4h-B@v zTad%!T3m=QAG>5Ng~+2JPZ-e=vl{tNtX=V+C*P?zp@_!CM;IC~F(t>`Wi#oKtR+~G2SoT#;VsFaeUEe}E$KW~qP2_h2#JW-}h|NjVqvPq!;;84&l ztWk#xOEQ{=!w$kyEt#Jwcp86x^iq%W>Rf@u{ia{-k&--mw~P}6Rf|FHadu^nX<2;L z!|^9I^1&kw0ChXN+~%S*he;QSu;h=@v9`6-iI}O@!K*>ayIM$=+JVoD9{-C^6-92z zQGZ1*kqKzEz@wZoCI3h@SP}(vTn1)vy^aG4?JW%4bZs04sV~`(ZI>||ocJ6P{&FfANQ}iB9QBuf&}6wOFZP`O)8lL-;KjbmoMoI*Pfvg2 z(1^o<0--N9{4p@?LX`brjg=7Mtny<><17zAdoW0=;H5Ko z&FGo^E0^$WJDJqzpv4;@Y!>Otywbs{Qe6@G7qn?NF~hUaGM+&MFMK?!%B#WxGxMpa z+9MVXD=9&229teS`ZYA$1{U-JQ`F!49(0DA)$7B`shRd5upB9?6>OwVdq$m&^g4#& zL-TyT^E2ib1D$>ll9{^s+e)hX>XYwkT?}<_&o9ja4drF@Q)l9NgTEA6neMfgGH>ia zM5o=TEs&oC&OD+bRD~gwTN1cM6a3$Ry7q=qqFvK4u)*`Sg7iebx%dEMMX#0FB^*4Q zI{Ph27Oci*ub$;`epXmL;Wv3-bEVp0&|-A?4kau52r9qbCFiku<49{u>Va63C<35|6qv6-k;m zEiD!+W8Bz=oRreTuGXMLn|7Wdz(}_ExL)zgVzJ=4ees|{{dcNy#u&Ap&8D6-nf8h! zfF+KP!p6;Ch*l9)8W51Y(;f&GXweBuw)P^CU{%Y5>=>9G5*@=~wgka99eHkTpsm3_ zC9FWSvLlJ|f1h<>&X?qClj(%%!a@b7xHqjN8OSLZMm=7?diZLKJU^bOMA`F9elrwB zSD#x9xIzdYblbZ)At48XVLBR{SH-?(&(_Da>&?RkVddc#YUj?Qe7-OZtdE9QXPhi5 zKRhmy5odWE8dT%z*ycorrH#-#C~S6zsDx2$XGv3RuYw-N!|pfmF%92a&j%P2T_hpQ zl*};g>U!1Za!pd-bw6G~JKxG49>=SsJ|$nMrfmLw^wFnz{#^lZsg4x|&>>kOW1w_E zP>)`{Y*!RRGY#Y2^cwh(hc_>W!R6>G!Ur!nT^ChO(tZapO!w{sMLnX>NRAmjiq9DD zC02z6XF#I#0VN^_;X_x*#lBobn426I1>yOpD0X)3fPL4_yT>gSQFdxV_nLDNtS08l z`1d%pC$sW!0G&8XXw03)@fJ#IZl3CFK+-5zS;LX67tGx6c3zJlc$g0>Hh;fvcE`)% z()rg4YWLiiPX0q0J`zOW`Jfc8Xt?W}*%DFxizH96>Xk)y+A85*LVfk|pS|GW%U8whh!?Hz$#AF z(`I4-yqS;@h*cqOY(YxF&b(Crp!95k=p)o)#0yg1TYB#g;$tM}O~p972carZb10Wt zu+T#uB6+GL1@p?P^dd@KvQod%3aPQYm}%tjuRTHcxz=MN>iwXOb&pit`K|Lf4S2(w<-0a50N#F*5(TO!L-sWZGx1at-D~$g@^{LY z4?LV!R&0bcN?0&GA7;(u3>BqMZ{veHBj(@f(8!w z+~jM^CVyw{D`U?h6aS0Etbhl@#)y`}zcO>8g96s^3b43f>vT z$lB_$y07o?X6z>Y^>3bT^?c7z(GW%*PJeBqqDb#tP{I5}su6dMLzCuEZ{(c*tfFM=e&Q%j++fy>0+PIux zY#F;?ZPn!MlgF2SX}Agzz?1Ew(S)r1D~UrWezV5v<;BYE?4(8o{j89CL`qi)o0gG0 zE7V|=&Z-VG94-AVey6<}yzsWW^?C9rtCKreb?uw(6QcA(w@I$n{GSW| z{5~EY-DXGXq<%$+T1@tZrGbBJD*?Yf?dSPp6?XgZW*ol>c|o`)DzX<*HOg;Tw4!u< z8&cv+5v;F_{6Z{7e7f@{_MVm<_je4dV8MJDaM z@ugM^Fj%~k<2fTG!!I{9uun=ch6Mw>_dopv9mYv?1!xJ5=|Vs}BM%R*CLmxER|r4^ zJ%?D?2_rWC{{poKpwFJtHgI*f9e@J9Y>2$3r5NV28n&V}u)6et=I;>JK#&max`W56 zOzM@h!ki7~&jGqq_Wnu*Kgv0rRn#c^D|JK$4Gw)0sNfzQ2*09E4g?E)tbPRr75z8< zMYyIt@y!A*L=nul_w}`)(}a_r&JPe+?64l8kWd7geU=I!Kqvfz7aVX1Ak__2n}nSH zV#_R!D3t!2mN=l2#NPv=$(aDpkvy`m$<1`6#aAujTnc`$0WxM4TdOoV8p>P z*C-udEHHLJiU5MK(tWNR|3LMfoGpk?2=eLnnH{M7*wic#Hqe|G3K?Gioqshmb2XR$ zfDof#SjwlwnMX+f1uE!nSNTlPk)^e|X?+J;0v2UAySBa3Dz4opJm=r(jN;pC(Uf}- zw2uq5U}LhI;MlMv5`;EXi3i<(5CJq`Z}CjYo1vbdq^^w;d@$~%^3@qEc#RZsy&3$&l5so&_*oE5t<3dceV%q!s;Zo6 zTGcCr0>55qnT!fPH!W&4gLI01S=%=&g0iubxpGYy5fne?hcur)U$W+D77{isr45YK znh|f{f-to*EfU4RQgWzwGSpcDaX3%X-YHp(RAP+a4Z=SqV9nSM(6(6y`}G2lu0bPD z*E66#K(QRyz(DB3U9C&kG+O>c7-m0);RER}kcYJu) zrfR$2nE9ekDK)J`pV5f^A@glTvPk5p&Un0NZe)@&dwir|sLO z$-+X{BXA5eb;7YdqN(bVUrsmRzLkj@ksTJZPj=z`>jQ#M$xrTv!2 z3@63&EEjMF2akXldXio%o65-P3GE*Z@sbiXsIPp@x&0mM6zognWqY7VQC_(bVIhbh zvzV942K7q@rRM!Uxr+Kp&Ndq060&QAqgUz}$z9SY+J3Mx z9P@f zYzr4Tbvk%BQH_h~RvLa!M-t6|$`_&+LVJA33xkoh@%{^e*h!T{xjymt+i&DAdSRa# ztNM@j)owbuE{xUVpix@w8f)~{GClN*Z3z6Y1uY>KS-4X$`pf;Q>QYXZE#5KVBBK$1)_3U)^Z_-t8I95*#s|WUm$HjLyXe zo#UBP&Vn^5Q?XrW5XNP~xc0nJW1E}%TPTy~bbiGazNNRxyibL%DNWZff~w^Jj%t|V zb4aKb_Kav4|JRZI!U`GkV8`A){NcE0-Du4N`+>W;`VT!vE&?vk>_8h0mGtjY17Fq+ z1Sb#V%5MrqpLfs>BOx0hrx%W*+97{Fy^@-u3exyz%pYn+?tUHQSMhI|Ex?3S!xY8c zruWk?)Q)^To{DM|(nfQXMa^sZBXFd)X1MITBFpE37Ut->?O z)nP{7P~bNR-$XWs^wqkMN~xHTAc2a&2L)b#@F3QsX1X4DIb2BKS=emX+OQ# z5VI}c_SVS69PuswXOH#$>n5hHtE}V%MFqxSZf7B*?3C13uIx<g;GM>!AAxAMDo`Jk!6hL`j@S!B;JGe1FR`W^?zC!@sXSDA=h0#h@uZ45Ypj z?2;a!XwTa@8Q}P{C{c0i2iku@pmrZ6k6E&1WcdLmu1yVfHlWiEQ3fpss7U#x=Rel{dg58#f|4Sau%px8jKiT{)ma$LI+0^u zsK>tvJ0)KgTsXn!zxRTF)VH%jtcf%K5}`%6hqDu#6@0AWp=Hp}u`AJOd@i;5 zMko)dw?r%t2}zt=dTsG39T6PpC;4JwTNmt+g#M zCx(=kZB7G+-f+BWx4cxF7N552^9z(#P%yh_9e^3fxIVL{6=v86Tc93Qz3OZEb^A#@ z`sk(5FT&2F!(R)BA~Gh`M#`gbbmGj?Rv&#Aek6N#!Y6Ji%tXNGi)J)W7O(Xm%x}RE z&+8x2Pi6dB4ASphg4Ev8`x7v96fQ4!3X85y_I=%z2W$f>GZKYhvENUHgoYHlgx~_J zx;#fwB9t;6N0AOuzaWsoG3fp6&wrB9%0aPQe5eRNYq(FAi*+@+-(lddo|?XG{`K=v zwIyNVfp_S9{B3k7|Krr_EyxuKfzBm*)n#f32_!Nio;?w-Zh0bMQv@L)>QYD+5?>C6 zPcVneL-X$&BG`yE20vad3kPP|-vM5Dv=njS7!fpsa^FhDRh05+MR*3|E#$xOSy4Xc zeXRK!z}MI6SwG*>KK#+6`BD3?tm3v&YF-!!`jD2;2#@Hf%zNG55(L1Je>j7wwjs!h z`77@m%VQpdMUGpju0h&|#t6!xl&~nwNFvyNk$FIcPO?=N@|P)y-fDtYBnC7dyBILG z;cvY<-z}Y@QXZpkhaX(o#Wx5Q9=EHe-4`_1N~&@E$;lt%P`O|rARdmA ziM&#_6vLa|MEnXJPCLf=$G&hd+5E|^Xen;KlMA)ktrn!&2Yu|H_cQbFhU@W#O6>Fy`aX2^)dPtc3zGG00CB>k!|1H3mbaR zvRy#yROx}(TB@HBx%hrzHD|PpUW_dLsf0P0O!K%{Cycf%>Ny19R4f1(p1d!mSe(lV&kk49-Tt;;d~5sHW$`^uylS&wEFt% zbDMfimnfAHu!b^WIHqQu>P(+Y>`sSk4-)G>#dE1T*nJ`SnxU+y6HF)a*l1W4k#gRm zW03cZUh<=WdUT2mj6W|*h!BAc!8?4W^PuIe(HJg9^w?l{17Nki&gKA)G9NF0!kiFnkvl-V-ryQGz)c%vndX*H0Fy=)F?fEOk@QF zAqgI!g6xNOP;T{6t=RY+`e5^NjVf_*m5c^|`Q*%+d@X2tbsX&XH0Ei2?X$nX9suC% zW&QvPwm00J|NZWgMlDxf`sJKCOH^+^axj_J={)I;rs@~UNS7f>tNd@zt)VU>ByON( zvO}9?r*f0d9S@>9@xK?31Lk{qOjQxJ;1~VX=-|f7hQZTN^}OsHe`@_Q`613r%M*l^;oEiJj>~6jAybyGQ9vQH4F`k=qC40qHsLE+Yq7UOO%9p8a zs;(su+dx^h!}#*H@w6vr`tT9%GO{qr=|mA+Rn8L9QS%FWvTgMmsk;jjRQ6yroE>R|!(A^+yjcWC2+wiQ_0PX|)Y#2jcaee; zyyMQa|7}Jg{!1@@q0tdYp!`eSErRc6!#}2WfP@CxiJab7)n({J+pKqna#|T{( zp42=jp$&aWnso=w`_J0bYbS`L|Lp|`<<&M`@cC|GK4?(fxW01rgZc~9g|X^beyVk; z-aY6p^Fz*+>bI^1gpgkHpLmWK>SBpwU9lEC=}sjELB=2zlG_n?tC$r0zLVnb4SYoI zdfFEczzV#cGP{QAlc4g>jWE9(MDFTvsmK)hpMed24RfxGnT{}OLJLZ5Ue42}=Lt7LGEMO?x1xj{kz9Cn3FDtIaWQCUvHr@e1< zyR)se>f<3{JjDP%?em;o`B-;|L8shiDT8s8-i79mIdd<{&#gmGF-XyteDG|aAc>8b z&o81jvu@3zwoo&=Mo;yi%lBbq?sx0HiFe9VqpncYoaMR(^vWW438H`;;10M>CJ>H^ zG{!zj0y2fsin&xZM*`PJv)m<(KxX3pmTUZEWOHKzAKkVB+l0BGLt(d0%i0O=Ohyh? zt~{H^&aP0JDJhG#NAvPy6WPf&EvZwQ4(?Pa-ZnxBlO% z7p569&@HOT?w9^m6F?|YZ!!_WQ$Ly2i6(;cacC!eJN54TVjS+pl`w0LtKssiN|`G_ zk9~_vADJ8T`9$RUyhYMEIEQV5z*v!pj`=0$3c>g7;V$g$KGElXtlL*`d)FH4k9B+1 zc*}mk_9vut>6(Q;D9gtLhGWwbJU^l%B-F9j2?&SFBpc+urv%f;@bP1j`Fthb{NZ7zkEoZpShlHo-Q z;7wVq#H<8egxEXxhzXz?h5A8tdItMT`q_4k?PdkKdSmt{Y#rOLHkp`C2SO`YVS2nb+lHe}eI+@S(B8q8eJ~>xxvv3z z;Mmooblmwz9`&sO$ryB8EH`F-z!J|qF#&3eCJ!Z!pGW53D^zyqo5>DJWpi^d3n_SU85+2&c$g2oq^26At^?Kct`y68bS5v;q^hjWH=yT5-F^_ za}GWb6FoSLQ{m~0`g;!|^~hZz93qyQe_QWD!@tV`SlIo5JW;97 zxRpkg=Sp&%wH-JMQelb@W+luQk^bp%f#3Z5PNm>MJz&2p&0E7(ZQ=5LM4tJTzWlR) zE#1`^Or9_*myfnCtJ+% z0EQvTN4hJ94~(1}$RELz!w!G^xg$nq_t%aLzapiMSg4_f1YtXc6} zF|%h{)zW}sp44O*#*C^k-B&wJVH&oO#>?m*vp-IfiF!pV?%)ub2^PExMA87M|8%3m zNQ9cr?OcbgdO%OORPiXqq6m%R_CU&9AXGlCjvWJXw*y@RZSvyabkfNN@Y`wO`SNRs zfHeel0`FPiJ*xyO*{2&v!Go5}v}&G_8Ei|yRY^YNt6{(P*3gBJ_xWqf*Gg||Nh9=N z^X)~NRLQYzN94G#|GMLfKqS<6TT>WFWxSrneP&>LMtJaxz!pJ+tt8BgYPV@Xr+=xl zpQt{}NM9*j`1>3-7p~3`toz2S*47Y@o_mZ#kbahLquJSTpLbO|?oEry_WLl09ei;A znUI{o&c8^O?kgEI`Ux%V#aCr)rL`tS=-6|%;ASu@xQ8i3Z!u>39sj3$d49qGZ=2#N69%F=_R=nSuw~`uo#ASkiL-qX*yVH z$)+FHAWemlA=)yS0v_X;t)x{7dYZx^(f)%#fhVL`9$lj*#Q)oqHvzrQ2?eRn?- z82>XvY42OLaOYWhMv+BLs3Q8liT;%zFM(R+?*ACD^)H!NlSOi=-(RBjArTz-V4%^l z{wlOc0AYzHatv2$ga8GK0Ab+A-!j>kfQIZCBpOoFz)h18nJWh*Mp0bce?u1exxd0u zVEpkn`HyhCZ2CQo+*%l!+-&+q4N@nN@R98VP`|+ZolAOytr`3iW^ev4UrrUv$4k%) zEW<=g7ek(mqE~Zl#MmOE0Jr>sfD}ocnE0;-OfX^LW|95*FSlc5))0uGBQiop#fgEJ z;6Mz+KgfW%6I_HHcPN^2DEez#1n&CC8aO=A760F!;ccUXQ8XDNAk(3_@hL(t0+;D` z3r9e62X`c9QJGI9FD`kOst5PT+Y=iKQy_|i%3gh~LP_N4b&nvtS zQQ=(Z=lN^tY5+{~8AgZRFAl-7Cj=HicCUaj?wg&||JWG68gA$j(KgfhDP#twp$9Ft z#pD35IkEv9wQ6}nJgcxbjv22Uai?tpA%gd!=&ds(|8Gc z$4Hqr*qW--YX0zDU1*V5ETYvmKhF6~n*u;}Su%q(*3R3o@773+Eo7u*SrE@Gq*z{; z?GL8ZVx7#sHRVMta^VxvGlsC|72}g%)xyo~`x#23beDfK4n%mV1|C?kno2hnmc00u zydzr_D2>$HUcAmd-sl7|D<)+P#HovJ3VNrv-o|$JxhRvr6Y5@YdG;w)pc` zfsDr~#~*!8DBq_Z+$d(X58O82>fP0sUI5RwwXdG*r^So37W9v{0xlE9i#EQ^=8(nz z9a-$F{SYlC?bIsyoLv8>&Fu?ar)M<~EF=9cwW{%1M$)_CgIhWY+ic=Vn|X1=vgAzx z-^sP&qp2{0E&ibpa~yB&3Eq7WXGVEMBQ@TN^t5B+UA|G9X9k8uMP!T6n#5g@?7H}$ z)v57I_!bG%4lY#rX3h&gF=-d|7f9=LvBFF~mc ziTgBA!03R0RbE3ZQ~p7eoSH2FGY)fxz8p^!$`J-lUW35WmQ-GYE%WQc!@5Nc4_+$n zj#5!-SV%TDjf!^F36y@u1j@6E8CDwXZwJ0r!QyEUITL$B=^tFnMxzfuCjk|-5wkp! zmelrVNM*2v3?crXuQ6J+_l5w^*E3(H(TBC{aK4~4qJqsL`*Dz;zbl2N@8^^Pxu|IP zd^lf~!d8}+vAKBXq73Dif%<;y(wFbWAOV-1fkCn~Su z=WFy?%hF*ZhxSXUFa8uOq1>DMsqSu)EffD4)QUJs z=O5xs^|PNFE)-q%my%{OkY5XNR6pFbODSEq=L)r^`CCPiL-W!O>0Vt%{nzjH8Q>k! zh{9mdY#yN_0`iOmm$k4n8H`0Hj-P{FvGi$vSI@W7Lf1k;1bp>wS|Fx|E%EQu8izbq z88R&r_Oslc*Ds_>Vh6d=)D1|VYB9Id%ujwI16e@>TYZ|gJNx{MjPHC)xv3?}UO3M7 zuz7^^2ESfpOL%NGKZ9K&{?DIQhVY5R7n#pbg zvo%#Xb6GAO3!4tMr_BR+=?p<$65AFx!;MNP7+VDr?Bb!$7e!e8_c4Jh1Lh6A!`YS% zG?YxdHtYEPmt`hTs}3@#hH3PHygx*z6byF>A=#ix;_W#CrG4X`!YCHGglIPFx@7fZ zVhlcVS?Ko&R{Srj<dR%H zquywPx-7vIbB!s0vo+)?EM`$a8Ub%iJXq5)n}&xE#R)5y+Jw~@nTuc`0PuF*AkRWstvRwDshya*-0^+xi^woYmO=Kx3ubEK z&=tQ5hp|AgpbO}4z_zyOAQNqvLe(EKjB613o)WEd9Hqr;Mc4A!fCDO}aD+t#ZJZ5X z2I-WYqhiEbVT<$Z5_S!oFmP^y%CHQYz)H!NU3(>~Vk!~&KJ?Pyr*YdzBV^D*$n+Z^ z>g>us$A_(3Sw*{rV6|77Y)KEoif2f_h9Xi)2-|?W6&>&0D)#pEPkJE}Tf>)jj$pe1 zC6A%3?`Au(XGra#L}LfM;E3lY7$T54VBd5poYDguWeG@aRMbwK+SN%dnUi9fgP0JW zhLR_k(lHpQD)!YPC6MLTx|c7HdkJG%R?u48!Mue^u&^$-5T#iUqpMc`q_4cllqgn` zQh=rc=@@^S=W`{t40caUh%$EGhM+OG=T0`uT?f(ose~X7zrdWQKz;w>7@$zpR-GHr zpOD#R%Y>qWqVI zPXZQis6{FL)JHfTc5oALraj%CUXNv(9Id!Lcr}NcQfm zK~qIN4JC;UYI?w^!;!X}c)MWln6T7y-j5&#Gj?~*ErJepXml+`XHUk7J{2&^a}-9- ztO}63awxl0)Bpx@t@Pb261Lr8jWd(vThm@S6I%-pPVl6w*wm6)qaS6)X%?N`PoORm zoRSdZ&Mjmvr2cBRaxx`+Tm|l}Ltvnl%1Bds`}m5fca%-;XG$2g0UFtOvFKZv(IAn* zE2>ok@u;RZJ#M^MXK4vJw!ja8oBWW6^!<0UMTVEVddFAJ${uKijpB}*oB9!yj;RkJ zo&KeaZQZ2Yi^A3xw|4>q_+0*Z6Fc%vr9o?(71`_`a42wse!-53{Ykw(d?=L~&AZrt z^-k+%QJ&_Vx2~S5S&iDYs7sR`gq&mX# z$uu2w?+iq7Zx@rEhuvp=HFBFsN4aWqy(!hX9yQrbxm{T|!$ z_;fm+ck|kM{U49s=}1lkI|BT~_`MpV%j_RnT7nT7mYEIt(a=Q~m6MA+G+WC%nVMJM zypae$^b8$da69D4zk}rlf(|I|%JswY{DtbWG}}hd`l!Dsoj#7C?zI@0w; z?|YUmfR3>V!~CBReX74blos4%oK~wIS$VO3OrAf7qROc^-6ipdMnD;-?L=1>?jH!a z=Mmkc$nGHSv9*A>SDx;Gl_^%Mw}~+4|Ecw3K}h<(XXSzbCxC?V`JY+5fJs6Ntp$S2 zTMFtA*q|rg7pel`pFo~QCl9LvI)qT_;Yw}Q-9te?!^uNu&4h|6I)Ry%S)=HtUrGu+ zqB(2;jTYiGJait`sn}xkIGDM6JI~ABk%sIl(?nU)j)EAg;h0O9jhXn>)%@4whUP%@ zn$$Y^N)FKZG8_|RIQ{U-z!}?~?hm+&gU|1Gptpq1grZz1`UX6NWgHVxBiflzl=GYooCz^S zg5Z3HJf1DE233-9r}uwWf+52JF3>5W!$~kvjbhp>3N@Xr){jOi4NkIO8#2ktw_=W6 zVUoPU-L@LWh8&6tr(o>El*(R8hIuK;hNu~04gvO0 z&<1(de*&cf1qvrW#ckPqL>D(p>>_*z_eq|VL&eW>56tDM95-8#R0%LC6Lwt0MycqJ zv=FdvDaN0yzSh=gWly*Y#{&z7`iXuEtT zZf!75VDlHt?{_+BOp?cPhegh7$5{W5G6s;c2>F19-~|LVOR6o63v0r9bfVpeJb!>g zQ64f|y1^#Z)e!9uW|_^hPJj#Xy4fqcSx4A!Vwol2 zgk*@EWRwpLo1vSO0dlbSO1on3m)X8NTu$-~6TXOH!Qz6A&TB`SbVwsinDEdJG_fe% zT0zq%MUOF|8gQDC^EA|Kdx>pmAl%)Lu}d97-MZ%YhFh1SIedT?e2Fy@qE?TPEWZ~^ zwilxRR6&$F?V~+Z_92x9bE(~;>yCaPt8}9RkH(^v-xqEnhNvRGLVws{cM7DlNI>-B zLDMyxZiI$3-+GJ(1v(_i%xmD;64v7XEhDu13+y14D>inC_#%Q+-4Di(|kY%DS z$M!6FcV$Q>`TcGuQ$Q?g1l42PMJz^lcN^j9IjYtFSP~Oh>mU!=^2eyu>uIdlq|u zEs{VlUm_&8g*)sq>x$O}2uhP>`wB_Se6%kV6p_60O44ZFykEuK8cCA+%SJP(&=keS zMrbqEWkNOTwP&{NAeKcwa!M%vubWmJrsxHPIn*|OB3XtO91WoIY#k7>LltIlaYk0@ zw_)!Md79>SPoWQ3HOB4NBnnl_!b7(tQ=!s*B+}3Ew%YID05lwrxD3`_y4o)PLJj0Mu`uiwaBP^t>Q2X+l|C*VB%_8KV^+%f# znb)K4;9y)?9T-i&JNTrDxdC;@&2JAnI7}dHP*T;bAhX>TknjO@m`;3?3kLMx9A+B_ z!>`khse0g(BlvxI|4 zV3gBY2udbm8|gKPM#~Xf#S#q7Bm!cXe>JAZRR9RlCoz!8W+*7|6}w{E5hI6286{tn z2?ZzUl7Ts#>1_7|YFJWcZSZ=O#Qa6%wh7oN|gsz^nz+TrXJ|*MCH1fke6J4=Y;{$u2AJM&Gk) z&oLE`kiT${uxyeP%nlji3|a}cF@*gtZs^-#V}$n!zOA=v;ZUK0ZUi7*Tmr z{e4k}I)jY^1j}T}wDrKEbCSV&J=z$!W~GzKM7DAo5~O0dXQPI7!F`u{52)4K1z1LL01!KWSkS zvkh3*;Hz(X8@o~(>8T^Qdp3v5e?}5$z&J4=sBxnR;;ic?(geYD?Q6-A_1W^D=&G0y z(x}6FlkGYOh{SmIL5UrpQK;ws#m20IAoF9-`0vJ-#F9f7qVhmKq4w?%y5OOncyj1A zNjgW0mtJGjA@kr;iZO0^8v5jTqP#LraM954IWh=*DNP@IDNTBon$S=AKFxUQHus9z zV8|wT{QEfg&o2K&1~O;{UABM1eH!VmD2%Io&}@ZCE%+}8G&DWPsE^8u+{NqCBvKPV zc}$2>a?%wwVM)>zae-kSYr5du^9P%8JM427EHk+w8wErAUj>3N@V+Rz7!&|;%R9j5LX+0P-18oDTcH^q3ro0^Svcmb_Jy=U?7?lWZH zH*_fui$(OQto~JEKh*My`GlvWYmOBI3of6x>!KVdmz>0%9r$I899$g8pq)Juel5&B z>#+yBPXWcmkBm9g;8y~p&YlWusY|;D9vsYh@IyrWyW@QF^Q}AX8Y`*6-dZtpoXtSG zAg9uVX-6xaaZHvdljTU^YpGg=n2Yz3iZfZsXiOdXNwpUSH8k6%|F>r+!nAx=xG}B1w?Qbb%Ioze!{GyYDFk6(x{zAgF*%v z@EUH^b3x%`+IJ7rwtFKE)V7E~YTer!X#LLsl@f zBd4~NCefA`sxpF9?>L4wL19L_2A94`kH|@g!-twg6AHY^N~?ktS$xQ!L74hE}+2VbfDuZO2o2O8>^ULNLZrey#%8LSQWZ}M}KDE zL@Iu2L(s%ui_ zmA)G~hev*)-BNnaK=IjCAHtY~-rhz-DoEPaOVzh|2q0MoQR%3yLv7hQ z#8YkA4z)zX!HK*u?h_nPKp5dM@HtB;9jd+72eemOjz6#Q|6`na($<+59V41d1o7yD zDwU0oVw5o!AwO**gfn+xC_n*i#5r^_H;q8&%-eK4X;t~iD1nBHvuPx?w`K>LsDI4Q zps4wwfJW)p9lB6Z_3~bNXp4>|po2vH{9x)jqqd1Zc}3q_>yL4W6OsijG(>OF6XF6^ zMT4Zhzf7PHFeOel)6GQ*ReG{TGtFhi{KANWRNy$He%}bo5EX#smtnS z?96?441TaGb^$;3#35)e|INmN;>h>sLKVQ1MA?=g6m{Q_F!CQ$+BXl8EYr3|<^4FH z#AtKgLPPPw)-?y#tEM}bjDk{Wd1Bxc@(6>aOOX`6SHRK&i_&~Vx;0?!F-Y3w%XBh@ zFC}|{$`x*8f>tLyr1ZYy7>LJ5l?o}JiQ%rFbs1q!BxUlJCfDUpiM` zQjYzEt0}@NsNg+f5J&c&(bmkgn=Z2LENqnmym9fHpiXZX zd?+s7E%JgublX;KYn!{2>vyq)Y$FxU386USHkPg40+m#SwnOuZDfo^M^1bxlewjuk z@R(=g+4I%@C9ImG@j^a;{p)FW5yG1w<+ooZk~z>ZnjJV6s14xzCZ%?<`Ri7hK7S5U z_WSZRmV*^NZA%cjsf>394w|2~cj{C4vFi$ix>Egr-EcrAZH>ZJUs!~{9SNey#qMJA zFdet(<@*C7Z6n&&??9<~L00IK$So>#Q5nMS+{80nw(o;vd z@L>NEjuu@+%nhG|q?5mlq2k*jjF%>Ou+17SVbc(lp1)ES!K8)P&p0u9G&O4w%juL( zYTEg^fbh-CDpj;mzpoAd*1m&?O;qjd| zZ*0gs8-sqt`vKGX3DZxp(fHaex6y}8h6$&@lHr$|EGkwR)|JorEI9U*`qoGlg!wnk z+bO5I&D$HEGscAxoIZ;mBBz}Or#^~sJ^yRw9_tVKWS)`g68Wuw^Bi|R-2&oZ|{y=F}wD_ ztC)WkU&yuv&&1Gj?A2tMuQ^kt<#kaQo%i%%@rSLN8a4XJ=g90TbywlfR~vf_y%+P3 z%M=JS8gxfN<2H${z#KTgehhjTD#Iv=8HQIY!WoI&|ELu`KL(FEEhz*)=1q4L-jU!? za2z!!R*_Q$Y&T$%w=kE`AS*^(dKA?I-!YjH zJ@>8J*#fVDBxasE7Mh&?yUGzya1w|2>02Xl|D`K$YeBQZTol(D#i@UF(C5B|nEn0Q zp8>-Um&+8o=<`({lpPH*YJb{rh#PtQ9@Y+{tGG^TbUwAO=(=mY2%=w(Pmk+_j;);7=|(iSg^EG^%Oyq2=5jU8Bm_$12|cE3V?BQ z1eWga!>gp1&IfzI&PPz_Ef}`73-_oyXot`vvK(h=Wkx~D^JAgSNqe@S+-!@37wOiu zHM8w{5@@a%JX<5*Uw(%yFJRuSf>A*~%pmgq&=6>suXkgxQYn1VU&dAp2FGq73x$t8 zgn}N5!2$%atW?1JXkH#7z5^d#tEmkTy9nK7XIWi?OKp47om1F!;b=7?AX-p7w9H~} z-1B5*E@r)7JFmt=YDaGT{^uO~v!z14H3TbY`vgShFgF)>y&Wj}?Xs`JJ@Bb%gc-73 zn!7zs5~0_22ZMCH_PV!*21GQa`&5yDbGhoZ1?%r1l>EhNh)-y64$%!S?GjXOH*EkN zKJ`#qI7h_`TL@+Q1m5;XRv=g`7T)MuG@c@Pz*3j5CblsA$J7vzc5kr{({v?q7A4qer17il!=O3gqBhV^vS_RJN`#&tYuJU z4UU*>a%Se0>5MrsGxxMuRxzLb;Qs4A93r!%>ApPH0die1%S5JTP@aK<>~UFw9cb;4 z&f*k$zvfTv`}i~n<&Rv*PeU8Y*;h`>I`P-O!4zDWHr**Jr~KJNb?mP^yB??Zs~SkZTn{3>V&Q|K&JtX^0a z1+ok)gPki@?uLJ}8kL;dm1^h})dTi_;(QO%JmANKHQd5%CofW%W7CBGA~2_{3_~B# zrPDDv17N0FGNZP8mkq~n$BqTJ5P_BKM-qB)2`;IhNLzMwZy5?tXjSU@c2@h5_cPE@ z4}}x5JHH4MacvhCo-c(dRA2nF>(0or2#k?T6vLaJVcLjbTMr8`(H%8-wL(={cAjLU z0q#eVk>huwV|@*d>?MxmTtZ7`$mRghsA`GF{-VK$Gly>AUnlqMk5yL$c^cja^0a?j zA;p)W;w?FQm;iSqnGx+5Nm|FbMEP6it0nMd_u^WWurOWyOc5wEL@VJ*d1n!DnUmtC z1&r3`nmhib;xndWT;jovqsc^7DfKbFXfV-j%Pgu&y`|V52L6S$BQ~I-%@k#?iRO{| zTu^0M3PvJtmzTg2(mLZ9eP%wQD@AU=C+r>XgjXubhilMiZ zn&CxMhGJ>+<-B_TpM_k37LuZO4jqYpIcm6^m7@Ni7JGOXLs;%5{?n<1wuW4_uZDf# z)bkh#Xg5Xh`3|U~v&S9x0Xfr-MVdd7(mLAz?&Tu@ZwNL|wjeHN=}? zW%##B&${_DYHOG+VFNn|GHUQffnqn-t#MW4) z0YSuNvOqmSJc7aNwWE|D&?}wnTKE7;9xi5(Yyj;7dnSStp2zMoU zo(?6!w|vXs>B(k~gL4)pfJjB>V!mSPw$*rdvM>AUK%J4I!~ASBHh!u6lSHpADJvU6 zjnjg-Z1i;K)=r1R3C3rP6q}^+(LeJ_Z-O@UKMw2J8iV&Oo$RorPE-yCmK&|nc?=CE zuUs!Mvz>I^HX$&E0<*t{M(f_p7J9^lALcuG?`Ap54V-Jazex})IKg|Ud#cH<6jv9X zY}WIZjWN#mlxQo{?2EJ0#t5uvXNzQ9?s2PTb!yhvr%TAdxOwvt2{T^P<%p$*TbeYg zmJNu!H)|tGp?UPY$j;~)e`uYXJI!3_?5MTpaoxD-m5>uEyV@rCZ@U=@prc zo8?QPO2RwgM<%hJpy^iz=rQ@(KgL)X-}z4qYz7!bQa;1I&MV)UX2&hSuGV`Hb}XQ; zUGUN++m`t<=?VCy)%*$nw*f2XR8aQs!p@E~@#*qJpX^CukyR_01b+O%WnGbOexp%Y z!XTD&o@C9-n3c0yATr~jB;mFz_}}wPN;&IOrX*u4m7+km=;9tI2jFF$uD=w}i*C@z*1XiX^~kVsPn^HDw~-1=Qb0Y|I(P z4+=+c^HL=ylnK0ZhzI>L;P2T>71c}R?H=5llLR-fwyuMV5-Hb55ee00)z8)_6ZkJ$ z^C|A1F`jRWGO4p6(+}2P9vb`T( zPC+GwHqFG>?&Sc?X3Jar<|yZgKbt@&%vZzSdFT#l8_Ae8Y(KdczugZkALX!*Q!KxNb}<>~U)5f-k9xp*~v8uwN0|k`?KfjfVv< zF)6k+%$ zmoYX2(^`GT(TvZAcfO=JPRb%XIcqg{=iDC0-w>m|5;sQv-qQ_~2y&4WWYe)vdpgXJ z^os5~->7;n2dHDeSGAy&#;r1vvZ@lFEU4NsR*ELQEA%@S=sc&E+&z2}>@ld$VrA7~X%oX41WO(sU{T|(xO`W)QZJ&>KBtGJ*?4a^J9&y_hJmqM2 z->UMw1|Hh=%Y-UdD8~y%X;OdlmQmDr)DfCes~Ed~Ck?q`?(w-zNp~oPuh>*##U$y# zo=@MiRp0oDPEIi)PMJRE%FU90TPr5`t?^_u2gXNmd~w%hTROQDe3u*+OBq%bInX#z zE3bW=PuGu_6prcxRSCSN|Ot=M$LvcESX z%;LEe?#>7ke#oeYf6sA-reIEi_+IF*Y2fk^S1I3)B<|B?8P~pEx?^6an3<8fU6p3FR*IYiHwLXvgiOf{t)f$i;b}a%;+kinq z?~1w0oxXkkn(Y^kPRUE)Zga8abp!7kqxHB|6QS0XM*7n1=V;)^^XJFoxi)jQ6~i13 z<9lw8kR#2hnb2@RYRLh>upUs`db|{L`U@j4XWqK`H~U6M(jb6euylYnVu8~?-@}U> zS9_4WGmd$qPtiDT*YRmepV>?dYQl3F7hpJ-PUBjsqk6=W@slDi~;whwOY@h z>h`w3q&q*k^aPCp)vOdBm}NTta;@bv7V-?1eUbBQfA-4ByA+K77VuZ_joEr~+ux&7 zKWYd0HOZ?gh1qjxnd<988dWku*5Jr1+cHtLyT_nU-S1S+L{SKfmPaG~5@lpraFXG> z6WBlYsb5}3#2LKB|5ui~v@xY{^~YU;x28&`(@#b5C+`N{IAysJUp-2#O|zMb%3%~* zM^Vqayg+Y!k((ZOZW6X59@&S*67~J-umSm1!cw!ne~7JbwQ65Z+0IPT??pxD5f=Qv zTYPvk`-tG!GoN5P(J~9&`=}#f40^%O7x2>ue)`*B3Vd5ZBOeEq+z`+94`@QGRP2U0F-`%FBZA`z~7qO$*Ki;#` zl_|0Mk&?5dl7QsXRqnM%n0cls17YgyGcw6RS&Tk6-?hKh*wbK|j z6S29{f5t|H4z&u4T*hqXQko}+5&Si%9P)xZnxZXPhNr6b#yH<4jH#b#er2QT$5YEg zw=Z4hA++aQ<{F{b_!=HEtJ%M@@>Q%ylYY5_4wXKDV*+?(l|=}fxbaP*qN;cZtV1y%-SEm-dNF1SIE~l*k?AHlirp3LLqsyHlOo`*0`x+Yi zXmzg-8*?{xLo4N#eMESR=NW>2 z_M3hyaDgma(MNmBoGU4_UbEq7P^^y`-Kh_!y#Al?(>3}p#5mHLrxQ&eP+)?2-!4_- zn?&vk%Io`A|=e2;e&rNsS5%v8k; zOE_f_vi)D@4UL2eQ;C&ZXR^mdV#maHmc8qWS3N1^nW` z&y$8-4m$1p+h*kL)6!R!0oS>E!`+i??OJdJ2A}krH2RcIJ`Bl&Ux!+aBc%|=8dy@58 z2_mb8z|-)SNV_`L9l3AIueH>yWX-Q>S;jxzC}08-IW3m6zm$kg{I)QHm>|&FWcyBx-`a3-?BH5KD zC=%4~{Plz_tQnaJT1y)E!7iL_)(G_;uh}zME;~pR1l!lIiQ#-Q6z=0}M`N6EJ2fr= z(NzV&)vw%pKGgOp`z_MGV9glJHR8i<2tPDdWc(XHZqfPQ%j_y1c0#MpzYo&Y^iTZB ztxx&If2=#m8Dj_tbg@!aRW=>5OvfHKu-CH6%4uKQ`JbTJKet+M3DEOWC@%Z)vcmYr zP5W?lh#OQ?bT8I)uiHp%#YdX1wP54`4Nv#-m!Sp=yhj5+c*^5Y4;2Lz{&dXTtYWkM zNw_FywUIuFIw4Qe^EQS>*6;h#Q#WO{a^j7M(DU<(9<`6Xl{m)m?WOAR=(?*QP~al`w4eITa@*mE0<>la zeLjYf^LDSi_{Lw!a(XRew6hlHUGFzZ?|W3&ayauwNywrgxD73AOO3faj4BR`Xa@z# zQi)?YWQNd4xiQ3prlo<(9X6tcy+e)J1`C!8pXw0KUShvYL>DU44%3r9%TtIq40dl1 z3m5tz*ChnU9lUNwEy5f|ZqZH(27r2h70w)~<)Z&-5-KA@WkM@eSUSK#Mj97B_*4s8 z_Yc%ne63pKG}XhRaDV?p*hy%D#iz`LG^0eGG6A#R%AoiDDCaV?A^ zRM>9*;v4WH;4G|1TNfXv*i2UAHTFA8C(7m)^nV#)?{hpyXdIB6q?l!aCW8znS-Yfu zJsf7m293;B)WU%*67;g^cnTmDrzo@?p)9&GdYCpEO{bX06MoIC+dTb|1a1B1Qc~A2c>iaQSxNr<0Vxk_|P4Gu*SsI*k^FRS93*b<qQvtYF~T9wEEFG;JO~arkjOxrU|y1#C1&6y7aC844teGKF4WgUILL#Pg$dObCFCfRO@+zZ?P6k(HsK2|BEqwF%Wl|GYsK!-S26poY)s!={T6RGR- zd8=2X)m8{omn3$1x@My|ZQLn&C9(kFpXx3VOLGNHDO0Yd1q)f=5OqMK!O-W2$M3^~ z4n}V{&%^eKvlX|@`W2VVV^K;QU2w%`s2)4{>shh}zqv{$dv9u`e8FpvsZ5;jjvq?{ zTv8&-qdP#|hu)Z?uHwYEpvIGA!JCU|*Vctn&LO1N{3SQGwj(S4{nIiqXS*D_YBcqr zH-?z^*KJ8?>A(-@;A!Ydp+vaO3Uv{?f_j&$+<3{;67g{eDc@vV|KliqlhiE*onwmA^7Zc1r@f^=vtP_lPXmq`2=&j_ z2~k>q4|&5jmYGKR;}=R`tjJ@^hWt&`mO_O3_A3ZjX$^Y^Y$R_+H4*<lno zKwCxb3XKit$F_l+mGJXdHtkuy?1L@-+mXJC+IO#{6(~N=1}&FC)%LxGb*jGq)3xo^ zV2oU^Z|d2$tWENY5+xNEQx?u7amKC_Kd0{5OSof*gH_nujl7`SS8O+F_q6K#;mrpo zI~)HGhE|M5CZLOYko}71Ky{x3_>k#o6%B_-zYz>G6=;_pFvH8eM#I64-BmqB@w&$u zVw)x*_u3iSOmUAQtfMc@iVYr&#@jOJ7bx5(mDjv?eX@X8NFW`9dU#)Qc7yQ;ONq&_ zW|kX$TcL5n=hyzQTIhZwyCvpSn#Y3CPCgx>ys#1T7qQ|vWSNM$j1 zWVOb-&@7o>wk+INZmhqS+;!E}(Q6l3U^ zG|s98;X~t`g4bpnJz=`4$-87@tkA2PBDABfLX_EfiKc6kajYkmkHvt4u0rJ)sF$zM zusvguEe@Q0(H$+`nS4(ehU*URE%rrn{z+Sc{sc(9fia?&#c)ZX9$8G<@KZanRC_pG zJz1pSG`Maxz8Kt)aCIY%IPRQqQ2?`trQ#zP{mun%uCm*v1Gin%NW z0%irpv?hCe@qH6K8~FWZBFHlKoc}tuObqvSj>W)`AGO+~trZd9 z%ydrB?aQfYQDuJPb9ZPAWI?q*YPzH_Qxxyl|8a6>& zfS2nvp>Dq-&sq1;VoKFqx+=8kmzkppFwzu|f*21w=#cwklIQnk-maU_0=RV_2A#)1#w{=Z4C)b8_N!k+n@e^Escm01%7$ zL@`n-kn8VL&tph9+X7=BdkEgfd<#K>X1)=S>>~4;CEbP&+rx8 zfDcNSvqO*gi{FvwsDcM45sA}i^a}iXV5K`s_{5cl2$m`4Ngee#`sSW*b3`?AFd8wJ zb&{5Cl$A6p=mvbT&oykEio>n;`GAwgRhPKijUsXe9rG173>81yaQ5FE;Gsev!t)%> zYE~CKGlWnXX2^22b$SyOpUPa`2>qNw$>^1BS7sD@@Qq9hw!Ma~`atkO@zB-KpxC-Y zF&;Iwe#$JvuYqwSH^Caw+xGLm(W=Ho>goB4;ADq>26}5=coVd!ua0iWJuRSZY+h(? z;yNa%R$s1b=nePjoA4&1$@jaT&TnKgolYHOf4L`9OgC~5 z(GkaiRikeYY5lmy`?jD_)71xn5|uG${IxF7%8>br_fo_No)5OSmB+G|qQiSU!ZK(= zXo=hM9)Z`=2$t7!PC@o@EhRRJo-S00oi6OE8XI@ci<(A`_kOa|X(+gdKujkkxgVb;A~prYVxP)bwSWoW1f1q$8sF1@m`9 zJ}jA)oPw&~@o&~7A6@@F@TPePst1K{@tE1GpN#KKkbM1{PE^yH;xY0dnSzuNe*8C6 z%>h?^OuP4mfn4#Y(3kYcJZ@^g*md?vO(nQ0mlo+-_hC&k*>Dk&iR|_*KTJmFYXtqQ zta;BbXlZ+wb$3i=zWHcU@e4Ze)YLO%Y5ieNx+C#pr#>{La)VIGHW1FBQy``xypK+c z#(~@($?>XaSQtNQEU%g`?_u3^pGpnEQi^eV-^b{h9XIgy@k`F~pGQgT4+aJrCg&NV zQmiU0ekYs8@)tqkP|03gM1p?^{7nUmD)*uG7q29E0}S-Xgoh&aI+}=Vf9+ zgb8ntQi7{2rfW~nxB}|$bi8T${$`_9*LSMj8i&QtGp0E-{+M-_j)=JkRuw;vO6i$L z2_tt?=2NSRs=nKps`oYSKk!Db`!Wf5Gv=QOdlt{Nb7h*=-C+NG_l9BM8a4KbcA<81 zh}#2y?z_q=#-X$RYhm>tKhXM?d}=T*-Br|nWZuDKd!K#dvTg&q#g9_p5fb+F2PpY= zuw*5ly0m0w=Cx>X?kT)TagA~%RG_SbB`6INeM6NBpqI&awey>%7C&~nA;p-id~Q4V z{m~oxZ-8HlST{9cS(@evF}C!g57}YNT?aM25Y#)((ciA&uG#g~0YTUK91%xRn|ckU zDQU^si`!pe1?gmgkghIfa1HrO=}NwpicZlDFVv)jsEw&RbQ`7EfbRxOK&CGr4fH7c zlS8b`Pt7esGXeXx*QicVGDFWb?^{rBA8Tb!rc7iOubsL0-*lJISY@kE6c6xMu&I#0 zw&%W?On%IdroGDvpsnf+AI(jPjVW!&k=I|I`sk>YAILrmeDo<+{G@F6gBpFV%69bC zdnXRmc*V@|&m8R`m`LPmJ0ErXR3L_dixTP5mpBi~XiO z>9C|-oQNF%=cA@uCvM@a!mP$#^q#XLhFusywZcq%-t9~jq)$8>kozD9d(JKw{Plwt z-xum^34ox>D|i__VA$_XYrbcE5apZA(bpJ?SiZlNZ~>x&^u-alB|`eUEPNB_;~?|H z;X6bA?`1zyEa-`C)4{9BM_6f{OSB{UL|T_e=IfTNM%eKCsfCGdh8f$31)Vx6;N39L z(trGUYLvjlso(qd&49k`qzv~Ykm>ZpWPJ6nur6S9omAvZxjNFD!c^Q(WT7MV(&i+s zMDuOs5u1Kd2dPF?y`JsT54HxTV1HEGHz~fF0jA~yjpb`}0dC?5YnR^tkG8iCi|T#X z#Z?Sal#mh-ke2QiiJ?2ByGy!Rf`ZZ#!;m5l4FgC@cXvvMba%&`g?{$l-+iv%wXc2l z?;Ng+KW5gNHS2xfC+_=xo;7cU$MYyBAA(G?X1bwsmd%XKljEv4Qg+UE)gINpirvAJEUF2o>ea!pgCENqE_XyY0*68iD?@!?MW&riEbXGNe z9<^AQVO+#fzrB6Z??3CUuLdv)i(U`DOtlTM6zoQRT$v)THkeH)6yRJw-R>tP+-(rt zZF}Q+$=);430o)#b7?iGR@~KCe344wx_I)?+QUZe0}zvH>sPZyQyxFSyJ{=W4V&w| zEU77$?@Z{{PlH>l%gy^RaKEJax$(}QABT9WYDD6vWmRK#} z`c|`&U$B8F?)hr@D3R~Y_QBzf%Y^TE1dP@KO={6KsKY7T{b3KRUnj`1xQ@8k^@+fM z5#8(5m#=}l?Vvxsy}19J{UYH>R+#<6Atemd4%f8rTkrFzgN(u5T=P@d#VRoPLJD25 z%_GOCyKS@!;7tDIPjUw7ajBpG-ZCd}!uHp`z{Bl|=Wz1JmAMM}E@-nQ>aWzZB(s#p zzn^@nTZ~Vv)EP@2x*wlcZ~T?5;Hl7SNF9wcN(uo$V1$JSUEAfYYaE8D^S)trc#v1A z)KWLZt0oX+_Go0(&Pai(_xGq3W;F54;$4N;81%ODOD1icHWFyTzBXvbBl-`~pel`* zUV2JW+&5Bscw#?w2*k=|+uqQ2v7COBTt7u4ZHs%s#@urb>r~;rp>Tg0PH(5tP&VSh z@Wwy`aQ#@0mK)0{Gc!|GOkv=>{(7lFpG-dxz(erXQ_|VpwRU)y@iSUGWpo~kf%YD_ zJ4Q{3XSlfWVjWs)aW!SaCw&_v-nO)dPu+^wvL=3Na4B=keIrEoE=IC!-`=;kp#~nI z#cU5qxS@zq4=*h}c)U;ho>V_!P3b220LMcMpt<~O88v~Q8ta8m+A4v3#*xp$dTDtK zlP!XPpdNg@L`%#k8#wb6jg=V!T%(hdUFj@y@9X(wBb&YPMkPI&%q zTDl|!E`ytI5$f{^@iS|av}U@HHaE63EtcTj zla)>{k%Y+p>QfP+66ck5hr=p~`=Jp*fxFKlCIVzfKWbG`bTiG#R!efA{i48%`9?$j zum_NBtc>^@8TP!I(C)LbvU9_(yqb7m9XCykFg@=kR+zTKKISJDWE1$`oW+7{!N14J z17pK$C4l{0ZeoHpoc^T0$H57U`dZA5!okT0qqxMzt;qFm(&HoGeZl&|!Ppv|jgy<3 z_g|_<13Tr+soyvV@1n!@mLHM991tixha=^cqv#JJonYiqPA=HrSiEOYQlceR>?Fp?ALAw!`A1~Y5=lZ?}Rrs;w|UK;}i=d5vpiJTt+oBEb*E9QM5t{uy|VjW}ojEC?nS_rJ{n7dvbYr<3Oi8!sz6iAGY{9ghQz7%bB!1 zX!Ja2XdiLju+6CP=q^QI%pdjF@16Sr7kxW#yMG4-YDRAh_Io}jorrU{Ft>mte$wYC zM4loqk(U7MY3nr+(6E=0fk2cYW_DZe{Og~AQ^n%1W=Q1I4%~WzhyQxSN7Bw0r3}6l zJcohuukQ<^xZ(ZF>%IQ_|Bctce|+M<_ksV*=l{$1-}yhkf%H&Pvr@_bxTQOH&S<|R z{&?rC!R;@&?``zYkq<=Bwt;1|+gA-=9{$^`3@EA*qX43fYle`!;1O2A_oNU0e&7f< zL%VP=iSm07y5#C<)1NmnpN}j5J^ETCDzEgRs*80SWzL)J|Bu6IZk*J<6kBw+rw2VM zg8%*4d%y37E+Y|LvBdwZr{R1<1Ss(T`MU@X7$l-HR^fQo7;z7L$I#=B0Q%oUYqWo_ zKxhu0{?FNH|6H8tKQ4an&-w3-9{xRa=gzm(zvmmq-~BHx1zh~!yVn2YQh&z(|8|J~ z9*{{Nn#R(%^HT%*EnzG?gRqCWhy zg0umhYIYz{i)24V{&5RTw7-6Q8v}+VKC)|Xa8E$W`o0Ykm0i3;G^URxaeBqbz#~70 zbie%>D@aj4LL|SW48SpH3tu9K=#>Sq?-|^>+ZH$!+BM9<$=uVBiVErNpkx{ zVVl`}KL25h-c&wXPF^``WlN|vT+(4^O>SupAJdzzf(sw`+C;Z?C5E@q8(Q)5*737Z zZoQRkp%ATGq$}cLf9uZCXPEu#apie({>v#8ezjg}Ik*Z!Gn-KLBMmi|&v|kDv5m32 zIc?2Pi$>brf~%dwvN`g%hcg5=bs|Lpw~zP3C-PO87zu!ib z_mBZJz1K?PH4Ovr8(7I-E8yWVkes;17Jk#sz`~5W$n@;g`q;a9DtYI_vq>?$Foo$I z0vgr*_ET@t#yv?wsxH)vqyP%vscbevYIaW`Uhex~=b~|Ztf{McklTduOzv`Z zbdbJX^hp2P;2)`!du-Zw(DFHp9B>+`PbJ<)=?HEMOMQv|vVPB-$^)g&+MiuBG^_E)dQKf1R8NXiX!+uIeeuvHTU1!a^?HZL{=44nNVVPuH ze707l;Ixta)kX}o{`sWG&KWS)U2m!R`RWn=ka>?%J*hxTm>MKQj7qu4) z?4Hs-Mj&?@Hu^>0);Tz|b>U}zmNI)6|0Z_;Lv~bE`FbX(wt22(7_jKW-^2=iZgKT7 zhdtvzPsTUgxb~al^vDF^~;4AHv*fMCULxbv2-MU9QUww z4}RbiL0VFXl#lXGS|6aPYrbmDs_?z;Jm6wHx;#ne)Ep0quoJ!--M|pBAiZ+ZJBb_r z`Bsurvn$q%TJudK?EMF!Z?W|jS-tU$zvEc}^Q)H$D$Ry+pb^~h!T96(_fvAN=N1*u z$LEDOtP-^egu}M!a)?C>h9bxW8d=<2&dL~`Je?G(v49L-H#B&%E<}m8-VA*+Ji1>g z({34Gig#`AJ(OUgV~@Y8rq^r5P*Og+RDqLA%A_7K1&vtIIT8M;XGL3Ri|BJefMyoA zq>i`Ce=<|mOAN>3L+Us@jd3g`%B*VPSr8(YdG?hylZZ;N;As~W$ zH*r9ns5qzN)UK|iTyuCd7_J#w%oyVAcVi^xrXeSuE|WR%PJ-IOS(3ryQ3=&@=n}O6 zKWZK(I7&>D+d$bswf1otc?j%273TJ!N+n~7Vhi)Os-K$@J<`bVhu`%#LV6jeM^3qQ z9Zg_ne*dOu*+(3le1575m)P>Y>hf|CVST*=(JPLW91G1oV$V?Mw1mSsC#H-e{p#z= zU-r9l6rRVWIH%=rZ|QtGk(Y(m{^-%xiN3rc!8mkl)8#AKE?}%bj{^{OBiaV$0;kS9 zQM*nd{Y%_&B`o%N?w_X&(m&8pmo+ z)&jg)?#qEcJRNYu&Fb0nZB|GSPD=LT<)VK=I6JtviW*)~-8Xf!dxi}u<~HL&)_v|kzB>6&Qw zv9l+ZS#lVns7zxOc{ZB3EX!%&Tk|_2@7sCYc2h7@E09$pg_hK9C%;^N*j{1Z9}*Eh z%0P%v6D50ObwE=%sa!*S3r>aqpjN@ANVlT|>0ys3-sBbeQk5lTN(-O*d@?t@qetLf zzx6bPD?Bj4jL9kEpDC6IayQT!P%^iBRl)_;nUP&272;L2zrG~ZY}C_itOX;7*J|w~ zaL;~G2_j2P^1`bfs^~YNy!w*GGOu&jUM8u_ZV5^ab6c^Gyf`VrPYF2ESnW<^u(gO> zCA%=_J3dUNsx@=Saf#KNhL+L)4ksAiltq9Z4b@~?jc@>W$(8o2>HRvQ>_anU&qhnV zfgdJG`HNxn^n=uSxcc=UPrJjK4EzDzk$Z4bU+blDrJQIYx6sXVvt#Fb0lxKVj9YYT z*hO%|qCqp5a>nEn2KBtM$z@r2^7`7J8I!X<-D7XF zS5gyH7_fBJ`LJ&`1?L<1O<(m|YU6c>9EA7)B*}CIT^H!KdQn67ev#91$J2AnD#6{Eppsa>>_inkz?JCBy znz%Kv>ge_ZkmhKxMyr7>fPRaX2u-IAAcbQ@&8EbGGPNF2>&LJmFeW0@Z7E-ly+tQA z2W>0ty0=z)b+@-VsT-lGV1Z9MakU8BL_bv3EMU#Z+MuK&lB9xl;2E*2XUC#ZbPxv1 z(L=k#7rIK-X5zxx=6rvw9CYSuaA%gjC;K7;XzsW~6w3;@n@Q*iMvbbNt-hl3-srY) zV)-dD^BRY zCY9pc3;R58&Q|W(_|#~TQyMMh7EGa@ZQ}f;BF$)j{SY}hXh9>d%F6FY4^++Rh{c|y zTdPr;ND2#qri`gz2x)vFO30o&NCYJoD-wssntJ%T%Z!dDgNaToAzVgw0p07MJC329 zyf?77A|JFi;j7*%UvKtjOsJ8c4V%)@gXQ3AC7&o$lAo(K3#;siXvV}?hqFVO1V#&l2Z6`d7eeFLvruRM+Qc{PO#we9HD;FFZ{O3(n!2WoY^AGIz^;{BJdBh z4#K^4gZZa7W$=&dB`a7-t;bhDu~$HS+^EPy(Ejgktraz9WPq-{&8(p;TvSg-!eUKbkF4$VT-@S5DBfZ+uhqw=QSDUo;(k^- z{Mn6J%{}$IyFeEYo`C(PoHE;weXAdXxdxBzYaso7=i@8rW2Uo?`1yct8Wy4+b*|yW<|bbPVKX+gZ@(9^;w@75sLUYN1Sq;;mJ9BymG#+ z*=M_0LpSp)He7f++f`pU;rRDgHFy+SR4&)_z&6ZI%IH>Fc)xJ}53cw)w@sJAj}_T^ z>@#oqS$uz~gY5>eRvA~`Q@UMtm!9Ad`FYayc?TdZdt@z4B~ZVS&e=V_Fu89d+nF0W zMbb^yA=CfRS%c5d#s$PuUe3q>E=H4B2D5m%UdtRjF4T0(`k3eYg$t9th9P}#i+JBQ zy=<`wjj-LYe8=)*SI%hnY$p_o^rXJNVu>)=#6Z@_1LKF97)HAW2yeh)Qod_i%^p!1 z<$m&Wxra?w78IuVMI1DzrwUDP25Y8B!>n1VOH0mNvR-8DR773JEJozbCn>^Mbga?Q zRlmrfSua#?^1c(eIE#UUp!xnE*#Yz6U$k*$59!QVjUiee=-2Ik6cK%r%*8Wcunn9O zf-xQxNtz$>J4v?Eq^GmIjKm=ls}Lq@(OmGqFGqpnY8!SD;|?3stthQd#tsT|@`N#L z)pP9>yqewbI$W2124RSmih{$sMU;P4H@UQtdq71{2eC zmB%Ak?$?zt6+O;3BU-t4=BY==_sxQuj7cCNibGo6l16 zRoMD`nO4?29Da1r2WD?by}>W-zm|u!@?Rjf@Y3bC9^NajE(l<>C_dp; z#g_@xZMAFc(ud5U4c(noKByDB`EhAK^(PCwH~1&zRg+SGp$G7rd-p$;zF2NHzz?%; zT3YwBRs1)Dxaz=tYR65RNt0o|(G2f^n%$>J^kYeX|47a}UaibJFlTN28F$>lvuY6w z*cauh%eACS4o&7rjT|EBEP`d8$J@GG{h0aPQKCtc$_Xln!K61YLo`p#zNqq4g8OQ) zY1<=@t^tIIPvy$I|LCVWZ82UC!_iZN{EL-gd@vXsrD$?I_grBS)*c(2zbbP)ok(S( zeXO-Jx`I6Ft-_b(+Ai=pRq>4*k`*X?W@q!NWbnO;m(PKTj=Zqv!FshU9L{CLj#bg6 z&oa%}Fhv?Hygw2Vk;H1&wsq%#*Sd#e28k|!eyjhSJ@}IrJ~tXdAdx9A)U!Wb{Pq&o z@qHJ6wNDFaj0kAN1S5mL=C=`1iMAHn40D=HQ&wH6rEfUtP0(E#6~n-xD43F$Q9J1d z1>=rIMwZCU*w4#q77c^}ZpPq`a-|He><1IE(@>l=H*`shu+P$+Z^dVWIr-t@X@IQE zNGf0PK3R27YHZ7xwi)vL%kmihRIN7cxfz7?Qi`H~v-<#K6gTUDjR*i(&GwBW>*|+& zJzQN@wWYii;EMQll0h(ui?p5@R*GxSf>n9?U51xToNhDHN+mIjQ(xJQMl3%1#bjWP z{#f1mIRAyZm9OJd^2Ugp&EO~w!2FS1B7aOxFcM@O$7jTUM8*b|zeF4Jp@7U2<^u8% zXF5MEAx~lFJ|FN`v$p6w=x+UGA;gLQiPcf&_}Nlepe&Wi?_~xiBq9c233*qj{J>M*>U9Oda4nZ#o}L6K{!lj3M`7t8lD5tBH>6%*YP=d^PQ%UYOhN@GVN+saLdRIF8P7T;3O{|eV)`rS z89*^n35sMG*=ZrIF(ecEl!g)3Y3Pc3)RZWiEORK@5ih>2m+$pX(a`(2iWfZk)`)A z{-($eEfLYuapHY@5ssGfa1Sa`ZFXL{*{OSCsi2rkhQ7772mka!B}JN?44U|Zj?eBc z6>8td#L~Q(JT=~swB|;8PXAU%Xx#P>?i*`eZsK|R# z(m0pkp{4q=;LqF^uXKq?QhNk{`Uhi|7voW?ul?@r$%xUiy-3q>OLMR-D4KJ|PZlnA z9A%G@K`0lqE3t$nY?Z=i>9YnRoa!mEFf`e^;By7Hm|>|}kLwr6Rw95g27z8OiS6ZW z8E+e|YI#dpC_IU(tW1MXm)euOwwBdfwP%^54~3kmdlsiPC^Bw^YmTz8f-6=_fH>Jr zHeVsjYb;?%&7K;9OXmMDv%DJp=FmDwGAo+?SRX&#cWMyneU$^sBvB$ld`@AIxjRjN zM0~$L%PnZU2aFF&t6B_MT|Oy;W5Q6D*Bx=MXQPYY^Jxtck4>rsR4$TQV#7fHK3-4` zQ+%E?zh(Q|HRnwX_V5 z>13G8Oj*gqHrIozVn^$zm6mc-IxH+oIrw@35&{@2*L5Q^5g?AHFd8Zp(ep0r@LQbj zQ=HW*HrDz%_$``o6ku>G<;gDfIxvvI$0g}DwF?nG*siJ?s(BP3!Y8$DZU0t(I_6?5 zuY1nhMB1O}X1BWEaRKhejEpUV*BPE0!`0HDc`lv7iHnbTT$rZ{f7UPD@tgoTHZZ4S z%gU~jQBe+=$L^R?K4>&-S#tzwEv5K+DMBKZpikXERqR^oWo1H#M{5^$a$A^nWf+n(gzxr4DUx0hA5whQhtZ(sUy zP3kXZznWDyl#iv4C3YLx$i49yj;fkchSKQ5Rcnjf&k4v8ojn6xcwsWVP;qCGY^V;f z-hUH4^<2HoQ*5bIjAZxcL7+}_aZ+d%dcoIDhSDtFe4_r{h~3y`T`Hw*Ez3~NV$H^H zO6!!Aqp7|{u`zAfFMm4FmCPcTJa)q$5HnG!dQt}p&0%Hs#f$AMgF^Fp6!T zxHfpjnm|#icya(C$%STqT)C*T^Anx8n@kD5#KY5XX5kP_b*%))&cfKMEzL2Xb18v8 z+0Jdr~wmAc0$4Z+(Enzd;nM~xT z-}R)Fj(rmWIrDX`mAgp-v}zb6o5AE`d0g6+A-y6QhDX{d7o)!Gz00;Q8K#VPs82v& zakoiv*pk)ER+A}c;YaiO_(D=5EKuM=2Nl$S@(aIJsa3sLkiu* zio1z8*Uph-iR@XW2fQ)!b9jyZH_anoSLMHj(Q^@}&{O*wy>apqk4?CdJS&C>Mom!` zTdNg>2OBAn&c16`2c@3n+cdYWj{qV1SWwwu4Y6ytq=?Jc9k*D)pw1;Dc6>N~93qbt zA6=zPqi`%?N#=YCxa8RV`TUgU$vpQ9M5WdF(lyla#|Fr9ud2-yeG|$!8hry18AD_w zc~N;TDLaX5*&{tA=hC1IS-#=3p}g)WMH1}>h7t)%&77Zvn! z_LbYD;B6}U|2F0=I-{}a*Yz!rh1fy*bf{IG}ip~|f*Hj@^-!O!`U6K))^>cNE=-piv zv@7KT_2ggqsIa{8*5lHys?_qT-nZx(J?0;iIU#HCRsTSA2wwUo)BfMH({Z+sA7$1cF) z8A3ozfF9{iD~#W`!(eerEzPggAxCXTPzF6nko^|Cm30lybNg2?lFBcSog`lUR@IUv zh}p?f-mKbLSSRo*h5Iy;P2#-~=xTKiB56`zjdWPX9UdkXm!3JrOJ_DPu2C*U%s}Tx z&S|}M5@^v+9FZg#U z1DG8nouC?Uo>uDgmoGEgX*1~wN!0_x9%;tFK1$|9J1)_1#sSOR>MqPo4h5zJNfjD= z_Fwz;>lwfz#Xzs%b%A7pzQ&mQl<`qoxYhjWJt)1a772XP=0Jewg_%26*^Q_7DN@(~ zF&yZFY-RA2q=mC)BJ)3%|Z$u=f)E&lvQLfJ~;jSVzQ=Q$#B3=l?C_^-D=i}*(~s7EiXWH&&P%Qvq9?65m0ru}s>{&ixURmI&Ezo?AtQlUYwQQRhJKR2BDUmtz}OaHNjKKpx=?N_F|k zs`hZk(SER1Fg=lNX;FlHcWeFXU)a%n=P%O|wS=TT=L=GFT>?%|)~nYo`7+RtzgdG- z##<@kuHtFni4&BYvdX!v3`EtKj!l{;KKI>Q;NqFVJT@#T<6f}dme}?jK{sg+P$F}K z3b|)#}(ZOkD(cEg`dNWj#HBvIJGx@w5I%*x3aFnt;f$T> zpHTDdZOR7Jx7_YeUb@9rONYxy7XD&0@GTAy!gGLBBCYcrefGwFKNC~49!2z}kpDh?h6`Hj?Q*TX zfd!tROJ)rwP=4>tAqvHb9zM5~ms11?U=?ss8O!?RbFmZc?W#*d!GR>4$o=Y(MLGg5YMzgcp=6b@D>4DYAC`hd%y@={SUGG+c>hV^uT!JEB~o-n14 zkO)5s?0uo*XI9P}L3LkrK@t@H8ozR>E^jSWo0w?m2)R^-*Yn`}o%Ku-hv`T~CtAB~B(0V^6Xm>p&^0+YR_jm`dp;RTRL{jb;S0$jUe=}; zE*K`6tABD&lp)GSHO3Xxz)P!lHZ|UO%in-lB&X9W=M5n8{IoGz>6d(gIheAXCIddx zm5e=U^j2OG{m}J~7JToIDFUAxtsuzj5ljB0O`sTUu7V`o9@-J#IOc_XA~0#DFY+WF z_}cpcbd}A0#UQge+_*28txL)v=?hl`6|ND(kQLILc{0;>>zp@9Uo#PPan9Az=2q@c zh`Vh`UHek&v~WogQ4B6Sz{sT#ZcI_}_bFu+t_Pd`WsiilC$*P>cMd|tuhzMpVLEloX;Gp(?_X229kURQFIVKMx+R%@bi z`%W2rJ!i7OEjCbAzu(M8rNq06ou&Ru-y=9q;!i9o2hGV7e${(oOIH_OH@WL!QJ_PC zDXcUI^@gboVwVv>>N~>R;$dNG=p#UUX80NRu?r~k)L{KpL9LZ0mH9I$ACM$3z^{Oo znAmqM*+2Xo@|ZD21TF@&bRr2XUlf`OCd8p5&9ddf)r;W9N42y3Vu1c`dmggGH4DYb zRPL&Yn(@0a?nfY+zHF*Oyh3ANdZV(Vja>&K*618akCPy?9P#nFnixM5W*MAOqfk-W zAimD9^Nw`4ZgQQWqxH(~*rOg;sv=Oi$N*{|_;fZ92LivNz9HXa(hQYYK^68PmnP`( zJvc8-y=_fYzAI4v%5go#w|wKok9BG`Eijtx1>4I_ zvxU^M-8=OqIT6}&2bQVo6ip5SB3#KeIt1FgZ1?>Ve-;qeE!{g2KC^MkOl`6_VK84@$KbY2`>c{DwX& zo1_wVvLCGPn+DzVq+5ZZ;srqMjO4r9xO7Z`^I+Y?2lY8H{z>7Y3N}pQ?A(@g2*KZ4 zYq%iW_De^8(dPt2-o9ZFHgUVNu7^vbNX}z~zV4L1I7oJO^fTD!l*-rPq~_cEhN6Zi zIpS>tE(@HmN+New=i0W0@UG&Y!@fjUT55TizVc+YI2s)6LHyR!t;t3t9QuWumCq5o z0~b3uWpOJc?2n^~U9If2;UJd3m8!n?ES)Zm5uzTUh5_8Vh*99CF?wvn$2zPMdK?Ji z9uK6ml^xe(VQSpb^c?BLuf`DaHT#CiC{rVSk+WKq>U15R>cqZb ze8Kvp3$QTXiW+pcQsBco^1}3)U_h3V=W>L|xg-AdTr~fuz`@0icvipPY6spY*Op^~ zZgQyT02Mi{sZ990*Lx=dZ^*^4eEaHZyT+?}Ffc)H6h5~U{lu$H%HI-Be27`uvcyx$ zZ%X*`0|gPzhvp?y4?KH^DV^|#otC#XX6!%l40Y7744y7!+SP#BH7&>BKEGBy zfW5bCrh;e_-te3I9*V$5R^6}bjl+71LtpmIR02X!97`TFq5X0*Tzh#u&OUQV=Fcg- z-VF8|QO&TZIA}GFxDjeZm>^eae5GM9TS_xY_z7PaZvEyli z4A3-?+qHaG+@)p+!TnvmEpTDDc-WyfsW)Y;^K)CyVfgqMBuKfNnP%OYZxg!We;7)? zQK^!&*w~S{Bx_%bp|FEU0K11xCMPr!>yMW}`%Yi~O2(t?5qZk}>gdEzJTVj#bqOm1 zv+wE?`QWF3S%#()<_sD-HA!J#`9%Ihu#$Fqb~1_F2qP4-2Ymu0*C=A?SME`z9GJQL zSYT%z^0OW0+Sh{ zUK|h8IX=oj)2)~Ke%sZ2_Kn>2Gi^x{cD8@56fZtTFIi=IAIbd+*mxxWtq%{s-dI8n zWR(vi+=3#3+2RU~sncia_hn;=nRT8xK(74|fo0$3oF&?+LDfHc_}Q0Rnt@UZFD(WE zg>ZybUgiXBD}`@!>QuO1V0)B+18F}c=I2rv;m)Z!NkthyyG3{S{@TQyb961f8L8v^ zsoMak=1}={Ve{b-K8edH>ctH0hjtm5jL;du&IWV8ht zvOs}P_hVlrL zg{2WWuv&d3kfZl5e%fNUsD_^UgY|1eLMt&|6|jYc?BA!>dG*s5>?suF3nAYzK|jxL zb5kJ>Y{d4Qo|F0DqjWPNO4DuR+HR!~78$Z;QwH{aQW3{ohkUiuI!K@F#a@1;KMr3r zs;&%hx=wN(<)X&^$yYASa2`xWi3&Zn?oW*%fxi@}QBi4o-w=zupbMLZxEST^R+G=6 zq!RPFO@>waQ>av}q8u99lZtQ`R}UVkWY}M8tNLo`%bI1aEk@tRkJX?2VJ-1dJX3iy zY{ns>@lNgUrSk9y*;slmuz4DcMoy5mW;g)y%190KlVdf*Vv6?MRO|waU-iy9SYOO5 z7rR)5Ynhm!p1X)vpkm94u4G^Me0rY=J!oOe(!k(z_OyS_77u%vn}c5y$miRN`>t*= zxp!G#>P-bVjRK4E+8KejlE+S`QYrk3RP@n;KZjqFn%|RWkDp??V?Vqf6iy@pbXw@( z>^n%N!%qOJ345We%_Li;>@ZB0ND;m+gWaOrm4Tu|84`r&jKET^Ao0I10BBzp{TRe& zjvb#YGIfgeklX~1Wr5FBcZxSLrRP) ztT}Jw9qj4_R8F?6%Ujc(&O6C@eh7duM065t24GSzSDe+!F&)m|^ehy}uDUN025G0Z zKB7r15eA#lput=j2`{v{j3UK0c z57eUCN3A&3oVLAr0AF6365FODF_1xjrD{DqY{HV-WxaDWWP4@_lBC`6Y6RbYnhO5u z1pwlv4|@$nB906qsE6?T0_I)u!K&tGW_fPxcwwomT%ZxHui#uxaGVpwXn)C*dkEA= zI;8`5mf#~{6L*(-*Ph<{3eND+-M`2PwzZc0-Y`LhDuf0d9m@8Bh6h(fA`wh_d$z}> zDz77GWH58Tq!~l1%kcK!#`lo=gh&P^C zL_QlaX6|=*l2uoFpD$#hMY`PAdl<&duFo_%w!>h#rK{!Ofat4OZi#XRez=vwaQ7d4 zqaT#s$B7<-FXEI`wB3xACe1a)J}*J=BVpuY?d>Gg?1@Wxzf4ZtLegv?Xul_w7s4eU zlRY8i_S(8H5`n!m0@^FM2iPPBxC5RG(PsAR69*=*{9j;^Nvg35&-Du?0r-T2_}?bi zC!jzUISq!=sOD%uaUMlvK6bt2QRi>38)pIfNV=rJXuijMugc(*3hF^0Nw;ynP=Us1 z6GnX4^DVL1b$whh;yH(N-__1A&$#l}Mh8eBENm|CoxhL(LY+Q9 zyX3|p*^+MlDw<&gvtot~i`;DVdmPI%*H3h182yREW($%;HoiIE_3sW5~HtG*}!g84r5rasdcY5CP!rl#i zd&--;@<4S-Maxh3+>fNbcpd^>v@=O;0qRWI;V%XT_2VABsq6Vr%WUTgL9kjlbPEOeku znKEV<;6{{nIaVLkvC)h`wd>9-U3Fg_o-h)DIByv)1a<=26~n!CU0XJ{dfU^ zCBX2}Kugh~ActcGGuNH2Y8iv{F5p#jT@7G~>tBI{<3sK5?Ca<>5vYzI&i}M^msUehVHX{1; zm9{9K2`bNe9CNU;6=AS$-e6$f#Q5N&rq=U#mGC~P$ApyXpFVNy)|KzMWqb%Fc6}64 zoU@SvWcf{&`q`y((JmZf!)|8Zt|`3jr?KUCw=L0VpHx11Z|w^c_#FGC^sRU)ACt4A z?i+M^TCR+v2RMPu>@vt^SRPmcIonfC{AzW*ff^jZl`V&KBM&6Sr|jwCG&(qH zvBJ;eF9QoA;}R1>cOTZNR`q*WFTJgjLkYkG`!62;t;c-)8*#m^9C0%-ui|4e`>0!A?^HKTiwOmsrnzfrkE$SYiYP zB?C7F1)mT-SB#58?pL2VPb)+K%YCtosaZl9 z`{_FB%KNh#Ra9rWeTdLi?<82vO|r=eD1ld4=3WFGbPJ%{(R=c(_wz5VyMe#Vso_4K zy%^Z^GDADd@Mt6g{exO3K$;5zz6Tt%nUdm3RwH@U>H-G14C>3aJjlVTh8?)OZXb)V zZZ4Ol8G}%7@6mu;5Gj7s)F7DIFjxG)SHCc;nivEtJRRO4bD5fQH@|d7zH=pm`Kr@}}zKQ|B3?{zQn@GZ2`bM%^tc#qG z(rkK|XDJ`BRRVQHQpMJ7a^8_keS)tb>^iA=(RN8Ax;*R1`Qq)(4TH?19r=!0mG1rtJ4q5jByD^UexDiuZ!5}!YJFJ2~u&1vrPr4b()B2DbuE=`j^KOO|(DXA&2zM^wK1i?ZDu40eIxmE46dTz5 zNQ%$ycdxqmYfZvqb1oU8^P{sJ8=|w-C4}36J?A7(`f^t9`xl^|2KkTZ+ZWVPYB?W+ z;dI~Yb^Vkwy97w#ZyIbk!4`i%p{=3{xE{#8yZEd&deX{merCItJSijbxwAgl6WwV`#74vON8)&mD6%U&- zLWzXPKVlQ7N0Mp})YqJitwCVx>k-=@AZ2y8WBvOg4k!f*Pdy&)jbPUvyYopZ9a5*K z=|x}vI|NZS>3C=hoK!AqwPV{~?4_823fulh-2+gV^xW860o%bf@OG^WJ00@++`W~V zePVr0J$H{Euxxc+orEGzlGlbm@ytFo&7+Of>@$@Rx5|)l_w(#~5OpBl)?)GMEwPEh z(3(|KX2G^JNkaEeJTeAl!A-fFybL8m;mN^ym!-r?v$G-qP6mSFk=u|A{Sm;)eqG>? z)D`{k{TAAOw~l=?E7z%RNEQ|bJ{&Wkcw5J7psF#2bYcef1)-Yu3GX#4#0#b@2vabQ zdKGd@Iqa!gDaVb*oGj=yvX;a3T2MU|%-^NoeFShSAa9=?0A-WUq#2lG0t{Q;E(54g z2H+8(67Bz5a{|Nt81I5pIWcx~HRwD|?nJ|RbW{&9%BfzJ@=)3j*_x|Fp9ImFu%qWe zCSy}l&-4>Mjftz|rROT~wvBhMvA1BSankn_++}i$9Sr2KJ|A@Wbv-sO=-Z>BW9(4a zX|bT9GzwiAgDuY#l*W)x={-o_8IeXe0!G)E+64;D-#Y(RBrowj-ap6>e+rcDSkak* zj-|=J=9k{TtDurwmeRe!W!r6elo|Fw7OaSY%bJ5I9O zXE2_Uwq})tNrubin5b_w&+>y@>I=4nm`#2>$f*Y+qT4kTwzbhn}-;LDf*X2xC z`ISj$QZA;8PI#w(->Vt`?2_e`9f>etZPe*56TDGrmNS@g=Lfr_PY2D3!|83~9-We! zZD+qBCBuaayLvS5%J(I$Iv1vP+qiifa<8jUhhuDuhNx&WY=e>?!RgDIE8B~xT_&(G zcCM1?;1VTIU?T;L6h~aTJLy-g7~wbxk~up*p%i9P21Vi)VOv1)s9Pk#4~|$(xMps+ zOwjorNcOl77vS7Zt~*ue8cY~4dh(9b5eV)e_#CWQ6tk@DJ+bs#a<-d+^Wfldx5W?O zqc{1TJ2yZ6)_~3$BBB$b=xnObI3221rg@KX&>^-z+{|94Qc>pUEEII|(|P%gC<%tBR_? zwA$~ykUUj70bjkstWC-SflnH>oyqZupeYKnOO9HJhhG=LQ|gx@rZpezK8lb`0{eFK z?m-glwGudWIaemtm8l7eL4*oQ=nCYW2u5JL6kbcDtP!HYH4c;URXM<*{~-O4b2up_wgR z8#a=NzMU;I>^ujDSAeB1BHXz}O?E`Aj%gjyOJ zG$#XH$Uepfx@cP_UxfeTb3 zMo)MQWI!@}JzJXOz?LgnFH*$LPb0`J%w*Dtv%v3V)Ojg1UR)g+?Vjy!U~sj%JrjPF zkz;r$&7_xau}xjkDB7?l<*Iu+45?NaXEr*n|H?)ma8awZ-lJ919f@5s(H2 zX#r_z6{JJDySqVhA4R%zq?MtEZWuzk!J#{(W9ZJi@SOX;_kNv^d-h)IAJ6l9ME||S zTXNZ-xwz75t3#2TLTnTCoOakxGXA5>u`FCeOz!NbOR|zTC{8^rG0wikIE{ow{Sc&6 zs=po&K^9!JvDFkasP;;pW9!;b-KFELSen|+Hx0L@!6Tb?*gSWps4X|EWb$qw2>=3v z83fbw!iG-+4tuoSK%o{$!Ih^0Wm+Tpvf|25<9zOgRUr3Vt=JQB2PxCUbDS=*pP@4* zOZDqMzmOg=aqKj<$DO#He6;aA>=@XES3~P+x(_7-%#_*yg)zPDVG0dLQMzs+#?Uf4~b@FuecR zFx`QMQnJB7Jw|~0s=4x6Y*K&yLKmo+Z1Ww;l$HkZH$s=Jbbhq4J=;qUCKl`NgL#H>UOFXe^I4*B~olOy-ruPzsN&>1KUXI?!)`)ykx$IR56L z@yLF|V#-D5fQE4)-AuJ-;BuDjXt@&4$>9kwk$`PH>ZsUBi$d z6^d)`>B3s%GM7M=N?EeL(ooou{X<~zJK4QdT?Fs7)4y{Z@Ln5>XlPx7H4=t@=V^v= zy*Wiqp5SW{-km9h^a};w1RSf!uP-*UUl;iFl>88-_GAP~XiLj@IvaPAm;pxWJ;5!k7`;W_qx(=!PhQN+k_#>WZ|5YSZviz8K&N z&O;jLx^tDo<6L7O+sw*~^&Tc2TBZqSJYv_gWU77ZH0uL8x+}5$OXUlzdr-E6rDTa{ z(*@ephH zLhr%QD*SK0vktQGw|)s(?J@`FA4vHlChdO55H)%1<0QaP>&n3Ok2u@*kn*;5u;uN_ z>CQ#)WQvDseK33u9bOEpRxf-Yvi@X82v=Yy8ELP(QfTYlA9q6b-P7@}Szt#Rea)gz z{VI27Eh3w(9JwHsU&)9Dw&~tVE8x-?ii>`N3&(t{D2eaROcbp?*z5uf(;qjx&a$gw z0`9kh2RDOo99Z1ztt4G6N-uG>#2m>V8jf95)+tZnF@el;$~a?|P~TP7&9|#IV^#CA z!fq^2)P>h|=EsaI>EjN+w}zih=_>Z4-?$eR%q^`9W;~3QJb!C*_V*EFb56kJSl1h+ zrEBt|I@L@w^1Y3g>2FtG^ghF%vq8@UDE&l>Gy_;>!ID(Z><@~Be4d0)GPNg(9hz&0 zvg|*G$T_g*+&KqIV$Ed?DZ+P7)a;(71vp=hK_iV4+xP^88L!=HW(()^d>*kF zofwlV(|`2sSY}|`2=_)-!22X%N!-OaQKuBwrZ{j^^-`ivRf;y8Tf#^qP^(zqYYM}b zDYrUqP<}f-Dk2!Cd^aWfOm45+j}3Csl$E49pAw}&UevSK$GGNdshLw9XYmz$ae*!D zj9Na->%@s979}ab4p-b5J5hG!%07?KwQ$mUVce666)4uAJ!r2RI$`UGIe%?6zJJtB z1Vq!{i<1tM0IWboyS$iXE={eodm`7Gn?+5Iv?4~U!;-H19PvkSGEoe1mgJOL9ghxO zYi#oa-@w;Tbs|5EohU!aliP&)yvyZC&m`=-u3fXqkDd(pry?JXR(&RJWN}57e~jo6 z1m}QHJUBFIx3xn0ah+}fyv-j75PuW5OH5zK7f@OV;qbiwnBBwu$5jjFXSXY1K$Ext z8^$)|lSFVqU>&Y23%g;EgpcfshnnIydd~xMs>uwv~8gFeav<&9( zw<-8x0phu2KWutVGS#N9o@ug%kth_=?CzeiEK4BMi0nXG# z39-8U!niu9TwwBn+e}U6e&nx;<3g9CV~B&G0#f07V`<^+pTc|6tRUt-x@47Ka=l&3 zIa!e|Dw4Z`(Jh>=kui~Nv_Ij`ZZ(xDpUH8@mvu3eo=5$p@UU3SIu{$Mqj{dXh5a;*?CyEj;@7}2PNzxbGfFxc9WfWc#!Vxa$O(ZRK3HAIf?4F-ln4rmbLk{D!>OgA9iH5@0$nmSHkB%{|KtPn*&xl zBd*N&riPr5wH>pjK@3CrR3-`(U zmKj){Fiv3&8plz$?7WBT#Iik@+!U+JD_S(%JMGa{ee;DX4fPNz0UuRdoUmgjnxSIm z)D=MI4607ZBl;BX8kfvlJ70kK{y|M#HZ&>v^I?Q z{BYlm7BWyB9JQa%gr;Wpm%EAL(8cMWE;ddXqABrtqh7M%a|>>?R>GZZ$DXWlrxu*% zN0!3zlTXvNxE&4ClqExp!}G=T#W4D^S^Gm$-$1dCZ>1BdSH1g(pXjB}KUu#bLzOH5 z+#z{phJl=~#ctZ} zWYwAJji7Bv559SAq<1h#vU3$Zi18Vg^Htfdt(G_GXfLZa#j9Ca-2=5Y zyorz~vw*J>l0)8?Yh4qGamez!o(~~f@4H^ND-Bm{WsuhvdDJi+tLr#z&>eWWwI7?W{J18XHc=%|+uoMX zvBzOOAY)a{=7YVCVtje|gzUqeJoe(B#1P_5R{6y4Pp;f_e&w+6S?%1B*9=^rhUY3` z(xz#w&Jl;i0?0$NA5>7N7D0kskQ9Bau4WX{Gf=*fP*1Gx?;NUXc<1xCGm1u%SY&rr z(S@k^6Z?N2-!h7MzWotw&SZcJ>-Bbo^gTKkBTNG^u6hN}x|7Jziezd-Pb4@w6d@kO+@qe-%NkVRhGVh-4_W zuHmGzZ5qNdPJR(%J$x!es+KXhVJt~zE7mzbS{PXC;I0|$!6>iKMGZDr{maw6_!U6! zGh5M_6q(EIE4A=DhQ6~W7e6xzy?ZpZ2usoY^!r!efPty{?pC+y=8CLZcQ6@HV9si| zxDMefX%{B}`w%EbypB)TZyb|qxGpxKyob<&pO7uVj5GeP5c$K53deRP=Zr-jq$xd* zxuvt<>Bh7MSN8?L9ZXMr0atPygIKi3q=MjC%=GgzlpETrLV$a#J3OvZrMS3IW@!_1 z!eUG#NzmkU3!yEBt+D$4YL?gqrZp8=$KwFXPpk|#;6pq|<~mrE^~OSrNM{@Wfi)2AdHe49n0Rb?3bw z;qj5uu;cangbtXoH{GIFgl7xoZ9D=Dn{}i@$XsvCNPyNYiZ=tm{GvRgD-4D!!hgJ- zJNH3BDf+}eN6#s3Q97OrGPHqZE1?p7<(OH5oPQwy&L;0^Z+S$;C%J(S{x9PUX{M9>g-F60Zff<{D+cy#3zp zTT-|*xp?8m!2<^q9lh*+(lu~NAow3p80*4W#qs^d)TVzFs?I=$ifrmRHx2vFo@0(h zzHC7nJmXzw_Csq4jTv-ag6B9u2 z+TyPOtKMllR5()m@msCE*9nY*#8pR|@Rj^=@gd!2wpc`@BlyBD2OR&g6;SYX2V#Q8omNsJUr@2Gatq$h!6O>% zFeNX1b_g7NYtJ9uxVq~8t9GUMB>SnmexJ3cl2U7Fv22+d{%Ctiv4>F~{lXlI{`tfl z_VQM9Ti8SD*#42Ma3GbSQ=*v?krxryZZgVUV_!M5JXRV*c^~oCFWdl$unW3d=-J=D zeCTfe_1)aVQ?YjX0w9#dp&~c8{{_5SX zY}X#!zm#B_I^~Q%RZs@go>BK?*Z|BA!B3X+M|lCZSICm;wC`sL<+X3N0iQ{3b_tKH zbO<)FRYeL6mcT>Wc}n)7ovWdW+pSq+0b92a>6FW!U;9z%=x06#^xW4x$Eo(nU}EOW zS1={w*onf+Ebegu;G@-J9`61XW$khv32>2MIe|#6>g06nFZo#)B*CXap7~NJkt_&MtRH}hv zsMVwUD%R6RS9P5dm5(w!{I4eFdS;$dsah+17oF7*3V!EjS~3GY3k@R z77e|zW2>{J!SQnHYH-p4ixxAcrz%`Lni3dVfxD^GGPh8p;FxsCQ;lxsrQ|n8JnpZv_AJPG%mJ_|zfIn&*I^g-syi&k89~`kF)QgUOr=V%-A8$G zX}!e_pmLsr?#%=gOd0VT61$QtOJqW3JV!nmX>SUb?^V8U2#O5_Qx4nun0l+?wNmVn zq1fetCxhqjtG@6`oUaL!EEo(!4#T%Clv>cD$Z0$)gUs(w)==BrS0k%d4BOz>f{TG* zK4puMuw1aBYXgNd_#nt_7q1?9Y2W*M9)`DAbTtteqvfQZ0%zs~2X7sgV=bOKsl+2bNopMOYN$~Mh1d5kS?;wQTWd)rRbxqmRqmd;19r9xF@ z)lDwv_0XqHC0_sr%Vp#lPc(qBpi=oN%5$dLh)@_@ROrsIhom$-;?#-nuA2Ha9V^7@ zkK4Y4@vd0AB-fYM_oz5FyPv6T&2PU_R<)MdTuuwiWNYvDckmXh(qE&TUSDbhsDiSB zmI*Zz>OxmbO+K08p^tH@x(Q-eN&ubL-JfLxP3yUD_kuJE2W@VL?jY-SsEG7*#^LI# zZ&F%u&y0f1q$zs)y6Yh;%x4;Q$n_So);UX={= z9(;`}=*fn2v!4jmmTlf`(h;C_pJA+k3Elzy><;L)ZjedsE-`KHy-Do4F}UCp^w4BD zG26k2>4^U<)eSU@yx+9@$CO1L-RA3(lOCH={;WTPiSt7`nbm)beMDeUG^XolS^NR$ ze(T3aqHY0~LDPQmDmXLU4j~O7$_v*Do{39v&l!zmmrZ<;`D48=nyUS4r_v=3CWn5V zNajRh>IFeLJnuFbm8kQrW3mlM>$8pf+cKFmSMIV#d!CqyX*arJs8G|go~KF`R@<1b zJ*yjsY#jabtM%O$G7e1lakq=V47FKPSO8AOFic(U3Vdn56dao&m$U4QoSqQ{;~TWf zuSlc&u=Z9~0BFoZ_7rZ*T`xB<%2JGbZX&V3TKK9fcx@4uIFjH{0`D(Irfl)z!L8IIgk$BV4)Hku%Py%{jujf}Kymt4<;)2|ql&x;veuCPa z(}V9rfCwuvHq0R4PsUJJPW<=;Z`SMbu{*NGJ(7=y%qZ%@l7=SVbw_9Q0-z=~7KO5T zhk#8C;@f3^#wAKit>2nglATCdXWaae>a&SxK+(FWao$VMNy4H;o7vSLI{4{OoUK7f zDa~ARY463yMArE(H&+~j$;_1pOzF$S79X5OUPQ^*4pHaDIR402KHaXX{$C^5l}7bRtq z;!n36xil3GiIDL?Nq@MPGnKHR!rT_CJqK+_${xkhWhBU#$h03nD@4fqO~@y|5XtSG zA=Y$e$|~obt=l#e%;^IGDm;T5qY_1MY~!922?O;O@@=oH4xp9VS%>QSg=aK<-WyAE z&oZiHoH!-vbny}}DCgGh;PU`hAOKR`?EF1V#Nshj^MXsNyuond;A95i9OUtK*?{&q z_qiW}j9LzCWq~emA+#FXIvy0g9(am6xl~XPvm!qm4hiQn5sR`S7-k52kU8%GG8>JnZ!w#3ni7}{n<=aC@wK{uUzHwh;glf8*MYUc|-63 zm;GwxhC>MzBlC(~;DmK8v2~8qls%7*JC}0C!_y0&rDKbIlCDpj>#G;8s_(>-OP4kJ zLLDbruA-bz5}mIv^;%6SUeU@iUqm@CY#yy!@<7KHm_R`_^&o|GD`}5wFC0woc21`Q zf#5Ap(*O10#TwNO`bx+vRhV3xdwef~D(S>t*u>fV9i%5g#nn)SrkYJKw`3 z0^jI6S@+-mGGF1d)+a}$oIsUR-21e_+gZdUlbQcZWJk=RMmD&7qC2fdJWqG`Dxmeg z4;zcSU_zx8sE37=8-7<4#+Hg5b!bgr(GXJ!c8@{#At#BnU#u{sl|t*(_)nPIKc zJazr3oJS##T@G;C@65FBx*`IWR%R{5HGReL>ech#7H~p3_6^7LLWwBDDC`F_bPce2 zN(|sU`cGfGji%GaW|V}M-5r>Dkp#z70v}?G4~@PEXYyQ>oH5fH_?3|1OEPTVt=W+W z@;gJ%#lD{eKe-c|8p8z37ILb7qIPk!+}EB)=(Gor$t}sl;45IsHiH>P%{^L1e&fAx4{&*67;6yPvYO6LM0@GAxUQ&xKUXk@eJ0TK(pm9H~+ z`gDo!F1>T-7G^BsPv4+xPxUWU8c-vipF`An2Pdn z9<@dkNZ;vK3BZaf(U9(#Lq(j@>AJcls@Pgq^Hwt*eqJ`~j`=rFE}h-uWNG7`j@MKC z4VPf9SWi}`-#LNDq`dBd6wnttHvzcS5N^l69ze}v5{@z{T-{Rm^Dk^UIO>#O+yAuW z<6S$Ka{FxnKZGX)10UeW|5j@-mlzxo63N97I{i-^xgT4`A3_}RN9=ga2#PqD7z?9q zCLUU69Io%%wC~<)e&~LJ$3PV=$ubPP#W!)h^!-Q=l($kj>$Gx-ttY~vE;$RAke9fq z8)Hz&RJB9wk-kC8b5){8qUfw`=Bx70z3Q_>&FVHt2lvDcQRaqeI^_5IDD9TZiTZ;U z5t$!U`Frckd#dYCZIM3wlNO|4ts7BJFKap^j>ju%s1$8lV~2I#A^1WlYF`pxBUZFp zU;AL!XJb-JtHu0-X$kF?NLa!K6!+f$bj4=_(8s3LOc0FaV22FjgZXp~1Q~1;`@}^_ zjhvO#0#qg7{Km0_2FQqqN=ZKm50SUSU+E($P}q=>F9s_kIzlF<2lThy3Py;j(hL@G z2cx5UNk-e3&;gbi@^BkvslG`a#a~J(=Ua*0(NWUrtmeTF8q{{{$e>vEwnY*2VVV`! zUPT%^w~BROYt7)R$c>?il-p>~TGPCdX7;4rTd$K#=*F<+7&LLhB0UrhJ@LV~;~S`R zcMk{ira*E3Z|u(E661YBU~DfCKkd;R_EaRYlHCMjr+eK$gDgY;r;f%nzfBXKe&1c8 zzJF@&Gg72~fc(hN@KMy&YcR*L<*4Vbct$D?!PPac4qL=+mEuU_NRwv0%G#q|TfIta zBrG`peMt>QW1`GY%79=u-%QhZm-#sJ`zFg88`z>t=$1AeY;N^XG-$}^$QjD;DUOxC z_&x%@K8x23oHYS=gJIpu#9JcTT9m;WmcLe;G8~|M0Ku3;Q-2BB-~7>`4_P~rpIP*7 zuw*K0%?!)Kpyh8F>$$PI#7^gS zBLTehr)C{!lh+@BOg4som}4k4gnvG=csDS|JYI^hyv;^Ry^iwt@+p~T%qu2g4;gQ3 zNTOgcF8gB_l_73N1KlvMe&ud^#D`o%Y4KlLj9vANMQ|{K@ePal7_XA=Lw5KrOEe7s zF{V!b{cF*Mj5=O=pajb84uj7WJgy!UxlZ%1g-|}t0I~BHj74rPt_x$aPS2!T(U|=s z_I(E-O&@Z9QpdTwB&_a9B5em%c~A<`Zx^LEa-Jpw9QG@GF|=Y~I5b*29(Lle`wE37 zy`bJlF0kqZXTM~U+ZumIy|@O4ZI!fF%`x(d9&$!{shkUM+)%CJ|fHb$3td(|Gxz{5C>yfE%jk z(yQo_Qz!DVAxAsg&E93hVNbHU_?7Lo<67g>a^mwa_dej`2+<>uDOCA-9rAL^cl8#L zf?0NHB_lOyd#yZ`Lo?fryy(||6iC4ec*qhFOW%Tg%A;FA);`WAWfP=yRZO37<91e-;`i@#TZqXf(tnv4&@1{Ee}%%t7{fm=A? zmgSi*ZlWfFG;~RY*hF17;aJmWziyO(EkrWMr2oBpRUctIFuERV%iWcSC1)yi`nfX9 zy1V^dS=O-s4H&&fh{aIFOu#9BwEsgpbSX@;6`5P0!3)&g90XvOvQk)K3eLA)rmy`- z7p~(I?6@uil?d_^GhdZAZsW;aTC>-rWl0k zx4!ErDe`XSt*VA*24q_*-t+C&CcHqc3{?COuM5>wfLUoH9(tuuxF(c_pCO1|Fxk0s zWL!%YP3Kltzdu3g;A5dDCO|8a_GCk9>}trj|MqH~lmF21*>?q~NfD?GKP?Qr{(t`) z?_yB1r&-BA8x`Vo$W!C;8O6CRM}8)k2A3X3Z3Ng-GaH9ov?BJ<0`wQHD# zM)%u9!ogJ|R;Xyd@g0DU=-o?QbrppO&q#F12P)D>K&}2XS#UGkLn2R*t;=pFI2P1j z>O5fRS7pzIO#4KzGPOArR-rUeX~W?K>Gcv&Sod~@ot2`;&lDJsX~hhQU`@bPka?do z6+a+_nM-gS5Mp4Ju7&j;tpevPY_T(XMvuM9mkWY5r~7@wqZBX3OU_RP;!j5w!>>zE z8n&6P7KMU^yj(lQwqLpLFNJu4{gcqSUMHFAl`fM9XzdD;%Slg}vr66^kDh%II5Nu6 zpi(uL&<$dxMTw)RyH&+nX(DKWHl$jC$uwkszNZ*WD^@~>x9jV(>p8Z)zgzi+k{Mh) znPb17L5c4TBkn1~a3?;^8$k9rs)E7`4;$0>3!u&fj@ z@P+6lTkl?LW+oeB<*|9zw|tiJWWk#K_QDb9a&O^Gs=-RY)w8>Jdz9?V9bK84f3XKQ zPOV3t0P&*l(N`e9ygHr4tPBFI%DU2JzhPyAPVvD`CEi#+tbb@*)r#FO+nC0IhBeAj z0^cH;)xf)G6RpZtklL+_WcUq0@-C|0Sr1LPpLKv9+wd^xexO#juYn5}S+(^cG%pV> zC{MD>U)JC#Cu*HQA#d?X23?LYV&d?f-RB4MRu&ez>u17(RBq-Qpytg40WPBHAGj~` zaNOR@GMv%8STub3C$mA|zj3bzUl%{&ZJMqCx|xyh9PY)~dXgM!rQ5ry*exlule zcsa6(?}Myt8O-#Y?7+#vCCFnqKL9KTZXuks_xu>R3&NRs8sLj*j+1e#8>ZtI+n#f) z+Nw}vBg^PL-!6bZ>Jn%ILAKtDA3f6;g`8g67<*~Ga$IVRJp}M0;Ggqp0%w>Bus~33 z*x1?%@Pbj>yxj_VeMctisre-33&2MB|L&Ko5^#nMSjnq&2(tb*XS*iuAZDGn@|t68 z0JT*I03-m+#()iki^qT~5PP&B7xp`v6^mSAxbE)BZ#OFK$D3xe)?1-ghfQ90F_a7U z&9Rz`4JJM4J-A1u&z6E2Mt^*q}qWpK6Y=j{-a@WlhsL9wPaIqW1TpYUB$G^8I`g7-L z|8Sk|;RAD)fzC~VySojXF3YkO45p=%sXR3==y_@ffjd^a5291F02~nzyo6#cH5HaZ zXZI1(3{toFr}CE718{0a5GHBew^5DhwfD#gR3HA*W-8!%ZaSQFBfG#t+M@HzvRO?jF% zPGpE=cLUT;^z{R^7d3>;e&D`0y{Uq~ z)BaZrTZ*kM1jyf(`FudQ!cFeRN=4BMiG)4xl8pkFxR+VI5Ac?r-t9~C--#4`Udm+> zfxa9Qqxz^$dv>`R@k`aR{=$d|_NG&Eu?TM9GVU#pfCYFTt+w8G(8M-qLjaQe0Z4`@8QFKsvu6wIAk*kM3hy@3K)RCUz3yG*8G^{3V*7a=P{N;b`y0fYjZ|3Xx=}Zf%V(+O2b`53tyx!dmWv)|Ek!^AAUS4BQ?@S7x+GFq$$k( zs6eEv|D-uAw+d}3BBvlE{dEadIaFBq(JggzPwH%F)qnB6BUH%I$zSdc9lMm5Grl``x7 zvmGEP)@%(^6hgZnmxlmpafQkXaKly&PmKUZ{OnX}jvk?JjsK2PEFbw89zHB4VZ8ka z1#MM6g1>LAJ$rvv80t&lU96;C4k8U~R9!gJ7P-M~Hbl=5P`l!7*!NoB?+BFkJXDgYjl{YE5+w(zyyW>28O4xX|CzVs;xG}181@pSa$6y2ol}>6q zUWBiCSlpEIg<0d0wH#m4>k6=F$dJR}Q|Cgr?BQw6^O%IA(WBW^R zqJ+mK23At0kKMKn0!?GaWayE06nMYQQy)aw0?^|d3d&IVD8kW7uZ$;QPnT|`Ld5$#e**kQLy+*DkLW$b)Jq*7_5-zYTZ$fS+wNHVx z1N2u(DvrkXeLgNu{ZjoU!1d+FK0&VWts$_?F96sLcRI$%xt}XLGZ$dPx|HvZ#H?@h z1vgktUR$}p=ZB+mh-yx05pw2G*vq}_z+ibG9RtI6D~8Gndt~~54w}1g$*o8;sbb9G}%&Np>$55 zlz5<=G@Pi!eJ|Txc8m3~Wfz!*1cWFJ+-(Zsg9f9&r$(q+V9m?7b(oco?<`;Sv^iKx z#qv20G6COvg{^HD@cuGseIF!(4-&jep?Ec|8F99fEbyV7i9lBEs=m~9w1Un;EV1hA zp_B3Du1{i9I)e|r6suA0FcX} z4xpL_$2-L2Hb8aG*iTpa`zXD4yH%iIn!bj-WdA@48PdEU*EtB zB=|4?C%4AQ60K&!g|in<2{RJ3^8|!Ms_nI>Y_a+_Oe*OAd$)I+FgCkSTxWvRG%45Wd=E4U3>-S=V4bfN+*qpm>f0!B22kc z$X6gaK(wu8|D4jrE%Xa&Bed=0Q?f>LHisxPp>pBC4EACs)M&n_{hV?lsaVh4K$4eU z$PMb8d8#O18$4W*uICghuwjb^vnP^~guFPVSQ>sF!(t7@*}*h5xSN4|y!z9?-u2Yd z=IXpmQ=T-?mV+dmpb)l9V`kQ`Vv*4gUF{cx8!-n69iwcU#LPeCixQC2#9n#YH5X#Z zDyVBLy8!=hr*E=kY!V8bIc>E+KSJa3#NMymM;gHFJDcp#E0oYCJsIrl!Lz3ztD8mw z6?wqFDoj?uh)(7SD)F=e-s;PkXzhp3fvE>LSzljH{MyC{OF;JAxfkks zSik^(Vu=FV{P69*nk0x~h33oO<@uu`0(Aet?1(a=7TtzYE`sxFpo z;IXz{yklNE=|X;K(;Q^XD$m;X?Ia`yuem%e55&Edwle`;`4t#zfN7oQ`FPOs-Z^4u zyXv7$Qa4v3k=G|HjpekeuXtXc@aXf4s2-rr0G_Q8gDr@!9=Mpf{SbYm(=8@Z43&dB zs0!ltPDq%#XiE7(h{z>!@ z_)i0?%hz>Z<#|xl$vNO~VG>jvXPq6y{!mx~tMf;-TQ8pa=0Z~E{$*tNUSEXoKZ<6o1J{(PIMk5W!}$iU^vQtrBC9H{0SxOlO> z$}@lA=(?M)fXFJj*%gksaj>i_NEwf-q*^}CoW?R%$;Iv52FnNFo4Dhj^M-SDV@#ao z@3m+E)xE(3R{jM@`_1qv$bBvQ1qGYv?_IN&(L_E?y1jgbXg+n@5$)M`t6`%Q*O_mId4gteAae790hlOPL$L!cQNSuQ|$*!MT zo)?4FYaVAQ2p^nhA3fgRG|GIt>~s4%PY@JEf`rbWCgoAMj89fmiiIu1n)?&*L&9{# zoZN|vazz4gM$ac*O)PU>Ter6F5GqILTF<;Ubm}+zE-)>hxQ>-x&{eBOqP zF7L(XmSP}yC`it>d&2AtUR^X8<}eQ+qFdgMP>lvcB^%3zZ({V!{f|NFhutpAHMNG4 z)h+H?p(hyq<0%Nr8E$mwPYE~&<>Q!6duGz zotZA68FAv;owE147PDayq`d&y*L9V46&2&UhWwE>%!8!=p(d~rEQXUTJtT75j$q_m z?06utb|)cS2LMkI%~I3kr80r{2{bM5KU7??3NHkH4~=9w)e*uVlPDfMp{;g>a>dYqE1>cU4UlBlsqpF>`7<-J>Usnf{o5c0%M5D zA;O#H7$-p*_}d4|=P$7}jr}sojH|qk+GM^_s(hw*+7_IZ8^1U6oT0dq_~vm(5=Bz> z_<~RB^_ST5@31!0!50#Xxs|%=YPxZ%p1d2|9{t9)P#`amKkJf=8EuJ;jmdMxd-QUG zJrgs(x1E<}s1LEY$}i4qCqLEncwx(5=>ahwgYf$=%NnQ(4`=MnPIY&CF{LsZLDnmw!p!Swg-@p; zOTVGcsma)iHnt6*|F%XN$WqJ?ox%AnhM3D?m=H&}>q+Xj zXE@e0t#il386>wNqAam+W-!MbN#=I`dAkNQ-+fGoZRt)C$&H%$#K=q-yI1Smrm!RN zY^BbFb8Bs_Y%+Y;_%^^`F(>DpRlO0{L4SEZ`WN^F!jY%~FrQMt-UOj9cklS^&ciQx zZ1n<^VnoKC^1#<;OWaKY0M+4`pp|z2;yed+pz#QtDXx29lw(kSb9&WV72rD})(XtTB=Q9M!gjb{YOnYS}bEuxx1R&vkZp+XrO?TL8!#2O> zXmwQz76m$c_Oew>ij&t5*JbF0o)=5!M67N47tafDD<@Sve?bpu>fawU z5ZYiXC$mOvJ($a&6VZ4lYH2VO1kx;SG_$KC4M3g3Ir{3Jk3tUXL0#$JH!ajl=}dzQ zGqFR1Nfc_qEc9jupf~n!y6jEdfOZ637sfIK_!seU?Rhcqx*$dM$n!?n^=&`uRuCIzDTbw}!5R z{mOPFCZ_drv_BV+E7rPj6`n{l5BmYL8UO--AQFY~)?}qng?FRi%G5Syae65MRToA~ zVa-^c(5+pAEz@#~QX5kyV8Wg4(B(=*z{T>giLg41&s8L~p~6)K-RK93L~+PHfCYf1CixC{aOj zuMPg!@ThC+dljGhJB=KzNPh^}ml{f_LL3h< zORT59g6xBz)?iGomOOl2+A(n!?V$OK>{4QIWkAe?y#+zr4 zIn{pRQH9S<%*j8M|JpSP`CVdUnNk7MZO-_U`;-Xp3$(BjvYw+qlm+VOU5NP*u%Xr}jgE8t7>BJ>Hxr2ME%rT(5Zq zTiU2;aWnZIos_n7U4!TTi4E9g_>WVPtR#=Gy()fJPfI}4UIhgluq{E!3>A|g>0Pu_DI z>vyK{-PUBzcLB3RqwMFH&Vm`DLYLos9u4$4hk!i1I<~yxO3UTYKmBFMI}tGf&a#1Z z!kj4lju6p)f|;8`Bq^%?HS-JKDYHdxUdYf$q%3~-{c}nRB9bTBpMJcq%SfnuB7@I0 zv!vnD(iy|+>SQ)1O+52G_`HcsT%3l! z{TUn1QT!LwF;@)7iw7V+L=uNH&4O&jfTq>ca-a#)BoWeQ5I_kvhDG`KcPgc6(dfrt zdb98o9|T!CWrBWRZ4?J!x6Id~0WK*(O=F<%X*?v-_zUovHqCfgK3;WU#zTKxtYuEu zrS#M*u1-VvH!+)<29}75N+o-xiEA^LD?2^sAH7pL&CD9M`2d#6r-A5nJST&}3x*t4 zH_9af*FWZbp*Tf)$P#~!k4YecMHqwxyf6j8XTsEPnVcfOgm#5(u3uE*ljsqpyRVdg z$RFlXNS}rY!(R*uC-C0b>7UOjir;@R{GsXI$KXUlPFT?>g zr|Vs6L~bMus3$9yS{Rkts)KA|a^aH^1Fz)4I?#oEV9`kda}S^a@mM`$Dq=M(??;*w zFulf4op1+>6mf1ZW89HRmef8r!eL2Ho@wEVgg@^z6!Gq2JJ-VYA!5Vm41EXh7Fr zTtIcx*ALMCZVQXD$95@8MavP`VEE>Y=7k7Ao`a^_EM7~eLnYlv5adR21@$>B>h<*t zEt8%%I$VgwrDChgUKoudJ=QQiV99*?Lhg2|E89>R={c)EaECX?-M*ean@TYjrE2CI zV1{Wf$+pErB&F2rNi3%sgCqn(M+LCXW}~@61q5)3wYORxppI&LO4}Wole_A6f_?4s zJI>Gqnl8p!v06@Ag2oWfiF03Lp+iux151)#^eApeG~)+1papZ7O`(R#Ek!~<8X8Wd zn7wp7+uV=T`jCbBK_LbU@2L!W4xA1mW8!1@!M@25Bzr{ebg1c{tp3%Tc)tF%A3Lt$ zLdyh*G72XbWjluyj6q=Q&?-={hPUmM!kv=;nCMX@zP$APpAMo@of z2;Zqzxc!w>3yuwAcoc_T&PBwvv3Y0*#{SZXh0Z!u#BAP+ks)a=r~02Yp*1Te5=X#L z@^fwGkDdyf*vKJ7eaL0xRmypE=ujne&{Xi=LqVx54CPdCyzT9R57P`%GTkjvzUcd_ z?nD0($yvBNPc;Y4VYqI=S$-ri-cN0n=eI>hPE_aBw{xgXZ-dab7tK9kAm8TC>wER$ z-{sFE20lq$X%hv&-FUHpJ>6AuZsF?9N<$T8^@4WKNnL*3*Uvta|~uDb4cUPbp4Lzw7(D7t+xvULcCLKCK zs4!mBAH5gT1PG1X&1APs-cp%yu=W5B@WjXhQ$%yZj7~6vayC%f0IsD(C|D_Fq_YeW zQ=Xu8$=|7=)_?s3n;BnD+MK$!Mw^56K9XUDr8m&gvg3y;oStnpVWim&bK=Epx_K>`spWO&e7q1g35vO+7 zJ7luTc@?ax4sS<>8BL z&zvj2B+qiL$~bWfxKUpGmf+ya<*-u2m3QnNP?5o99|r&@=H#9UYpGhV?im$Bu(D=O zjSc+hZEotVleb~Q+^a4Jyv04=qI^%D`G46xyefAo9_a zS>qXg;@d-(Yr!Q{Vy2`Nwhag2Fh~ly7`;c^us}zDQOCP-l#jB=SIOZ5wn*aU{;+{M zyPN0uKNauTCY>`L@Z!inWVf_=UMP4HNLyGc5)X;qR0$kUn-v>D?RE1Ic?xeH;{NBG z(W#0j*f-;7-gYUIGGF`qgDOSY&lK&`dDP zUIGfgX+!HqP>co!=;8JFFqdgw(+Wkcf5TOLpmn%CN+-z51iBYRCDLk&Q-)&%Z!!id zn)t3S!~db{J;R#Zwyt4&0TEG}U_eEr2@wzwBB1mtz4zWhTIk$XRFELOgAjUEdPh)t z?;S*X4TK&@@-Fr{&wG8}bI$w2e|ujSnQPs1%{k_nV|ZA^PZ%V=K|6Xub{w@8OngIk z)%MrEgBc%B=lb%%+{075n4h8-{wc9Oy|9q>l71ml8+3E%2zU&*)r~cw`dvSV%~}A7 zsF3e@Nw;xGH$V$FrHT>r`|~wiy=FNEsHoucVh$C=&g}@GBfqfroDy~ zED-WhH|7H~R%iuuWNniCq7*~U_N*&E^2g#8>iK%7;Fym(RgT)!@W&Mg&uT>P4phjw zjDE6q#l2+)J;KnthSbLEkGI&rzm4WLw_FAdG7!qk#FpicgUeS$tQ_o_*28H9?KHxv zXWMalTCOBJw;T=HR!Y$7!QfIRw*zTknMk41Zb;@G?}v-j387P50fSteuH1^v58nH0 zL<1ugHogJlzzhbB!}?my_jLxg*MQ_EyPVJR+7Ph%B1=HkflCc0ooE}6x*>c1gK|Ll z+`qD(wLEg=lo9ItKmIL0&UwoRscuUmYIvd$*prNzi)6u6Lb$pUE_~&tCGydg>8O>k36)=2Jw-<{Z=YC5O z`9w^2(bUy62ha{{@4Da&KiBA&gW2nYK9^P-1pOf7&8y>-Z-5p^3( zfz&m3Po4tx=X)&Khy7tk8K3BXG@_7i7^!96G;O$pLCG)77w-2$N%h~PUN+F0nnEQi zp(&Zr_@K&?eVqjY>-W+uwzjre1wf8TCx@WH91WHl^939(7d`NpEH5{|zwl0?z#>e?i?{Z}aC%p3e4vHf=QndpzsDD-TF&LheqT{-8a|=9_g7@Y19NwjlJfW2Hur^I@7=ny?SFi_V&YIk%VeM ze`TZ?RRJCBDY|la>HmJow_n(2Y9sXevtu8#M|O)tk~*47mZ2eK;45xNMi}0u*qKwd z?7U7Jhy+VhfRXf@12mr(fx@lHi^+4M4`uYoUyLU^qD}SMvdl{!ijQ7)vgD7_0lEUb+B9z2kbAiHDXaldpVT9@d^Ht8Ur)-bC+5W1GdD|H$&%SVCoGWSHWuxUN$ z9{M2n=k)hC_ppGpQ7URJ4fI^PlgtR!eojDO{K&{fo(pV$j^6EzPEtH25amCdfjzZ# zdQ`p%i3mSdA1n7s!|=_!t&m22#UU}qQ}1N5E9K<66l7k8eEG~m?5KW}B9LLLp3^HW zl^x<&UofTd=VkNn)ny*N0|2@!tesf#(o^PY_{Oh~i2fx5b z*-+Q}dH*9&-q4iKbzQw;d4VZp=6J{$&~T+XxLyiCv6S?~%kq_1I+N?lzavY^{s2x9 zQhptyxM{JM;FHHbUFs{V{wbnV!G(%L%&b!u^yZ*)abpvny9Hk@I9DzBJWIXS$w?RJ zZB&Lm3@!q_V-K;WDU`+ozrJs@w$sB<4$ADKxw4&sgD9Z<;GzoS*Td&`Q@&(gD$jff z*+pCvyz8g5q7&R-^|d`Lj^zA{4}~TbhMZbI;-ghNp`-K^|22~S&Uiq!qVo(r z{3bzYg+O1!QhZIwX?3ZVV%wKqf~uNiE(UqKQ|V(mpHZx z_T1)=1d<;GeHxUf5{gxY-46enQ1%m0N7Iv`$NG~3!G)^|;pWcL#qtO2#2>JicBc(b5%0f#_W8?aB^fy-xvs(6Ol?zg;!K}fv?oO*ye(o7dYzVn(9Na ztTC>Cq+jMCEgriEW-yrAI^~C2%fHNkRmrK%Ure~n0X0|p!2i z@%HjDtK2A@_+aE;^H#BQ_t*g>FK=!>bKu+utkSt zgMqjV_>e#G95_f@$W2uZZBG>6{FPSp_;&Tp#Ls5Jlq-?ub?l7xB8!6vy^)OMQOZywHde5d!+RsYXoy zBuBD;BT2)k{xRqfRgesc*xg6UtbDE1{k~W&yx(aM9>hgA6be zI8TpQEklD@BtTeoJ(~4}tMm5*YL~TNO8cd_TkYPq1#FsvJf~cw@6Jlj>${Z!usrW6 z=LqA+lE6KAd@jzLU~%nO_?y2~+0n%LF|fc5nKl(&i4_wOm0;5f6;U#LE`@ys2qk<{ zcEQeHG{X~8Az~LZ&=;Pntsh}6pR$hKGtA#vJX+5S<`(r$j4U0yb6IC-b2eUa9Lyg)crfn6+< zW-J@fx_n?Wbni!nA@k_n=o#TN3&_mt+M!~n zyd!RXQA}WRD0E(jAbty=3<9}7JKiC$rfWwc9&uZt>^HMq`PC5K9n-oFr~H|-FGzw> zZXHRv&&NNiYsP%Zc0yE{+3hxkSEfgAj06^4_p9CfAiNSpO{*5>rV^@P{viD8w>FuP zu}4>dHQOfG-PX&M5v*L+r{im{TrRT(H?kJ>+ha!C5Bf8wp~5Zn`Q(j+7QQlX_v(7q zjsJYMt)*`REg3AU+|4Mk;2>#r!Ms_{@-i@P02>!2Z;4O9DE20=O3x$HHpaPq4&wkZ z$A^Ue@XBJ=>N%1(VA|SXGjn5PTKU}D#!D^;BKk%^2&g(Yp(I5o$Zb)3v&+?feL1*z z!sZ;1vaiFM21sP2iD?|}1u}N@a25zWh>5l2ZytIX-6;^IBWpwMThbY2S2yyNxD!&n zs*RxY!LgLX7VOP^g6Dci*3P{(uN_kvfBLV9%)Orv0^C5!Z;ie(gU3)nG4eGxob(pYaBz6pH%3%C!?^r7xaBPZbLKVlUlXcsjVj zn(eQgrJ!FfMaylQ_qJ~v>eGDZ+WzaKKsXE72md^A4mgwVPcO0;ItUBdcJiL^!PILD z6qrJoH12Ckn}?x)qnKDD?cSj0*nivqjZ3I{Q7K0Li{fM_?;mR1wv=}Q4 z|1{(0cH^a&=W)tkEca)Ir#RYmYxu=Qnh|;P`!w-4Z+MFOx_xzfR!G;!0L#wwIQwg( z`nY?IG>&6k)Xz!K$88QW>@qjFA0OEU+9wEKYH|P+B*@4|+HZ@_8?V-Gt!qT(y2T4f zm1%lxo`23jU$ND9U}RJ>K|P~sR^(r8tx`(h5zjN-`D!Pz6LXDSi8)UM^Wk?p-SEZHJ`o{?U$XDOw9Pwv?6StB z3yr&==X%y3$c2{j%e3{i+)9&5?_uO$Wz9E3Cq4s?agRUw<+-UFj8(chn}3(c-(N$b zr|6?1^fT2W6K1+|TY>lo88cXp5!~wQ50me95;Y=jBZ7duhi;CLne?f`G!;g-m`C;g zNUr-X=g+(Lw}8n4=x>P(eIt>~@Lt+3OCW{^3W?(n>X9H*9bgp& z)TU`YU(JE-qWMSD+FC#@-hsNF)&1)-W!+{?S!63jOW}0q-gmU0$FpYA>+gBM8e}u< z*5(0<1(5N$5+@I@s<9{}adDZeCon!rIUkp4F?Rut5~)*;0rFxee>Q@n94MekF8f!R zYQVAMcn4|XZ|Iv9K|w$>(rfmXrOoTE6;zyV1aFeb$hH9@KK|&q1B-0d=NNaMt8pEH z_AA16CIF{!5OuS4r%+UfPgEwS@8iH7CEw)e+!C-<0!-L&qt5DEWI^{7GJq7G{Ufvd zM=3y}hVXu2e5}R?EQ+)HkXHLnPwOri(~K9}ZR||szzX6kHMCs(Ph9o@R&y}Zng=#s zp4O}l54{ClN6;sAwwU9QCiHLs1l#z}HVve)BW3Q-2^7rorL4)#pqi8O`ykDe(n7)` zK7itR%PR7NOOXZ`v$+|6in#qGDMvmzEuBulBygE(DVH4VUmf#K{>1_3na|VMQ~l_> zE1r$rQU&UOgbzyZ`{?(}Uwplvtz0T;$3u^3cm8NS0LdD3P*RdMaD3R_)EfscL>Hd` zXV>PJ)l)|;_iiT<9kAypM^&PMPsRnp1N75_KC5U^V^YV%3ksbc6%&T_W6GKK@#Q@7 zL8Mv*SL$^mn$pFq>MIC9@w(R*~{o=1nphuZ`T8#%gJOT%qn9-Ztt3lbE_J>(}>&_iV z;g$9LPdyxiuSMF>!1YW51I;QZ-!oiQ1!F7#BH-!%8NNFGo5xXtjPQDOv7FT;IrTA6 zE#NU(F>5m?+CeSXoDp(*#*OnU)7DEMWT7_MkCBd#FJSwyUl$X>FyOcR>E~OAVDL** zv)@J-mIuR5QYoq=*nH*?S4b+MW5e@YkEo3JE9G+kF&74)C7}Dx3-ClDy8^eyRgc$> zwdyNHHx4qysw$Ek7sphLz5~M-gs+?OdQ2Y_8zY+!fEf^Q@MGxPg`$T9qCm9(1676A zqX8g_hZER`6W8CRD=s7sIWJkVAL8bKeC`+FxVvHeehoK8UX>gN|HO}GOUV{r{>TQD zZxa(x9TgHG_D=a_jCc_{DEFI=Uq6(cnte*c{0DR{bf#m@gK5R(6 zyUe7zqd_V*D!h2Y)=|6XPKU71B-STjkI}VYKghC3?ndg2N2pBl z16qYX=d0lQMk#MJuZiT`Rtw*guA8cusQc5|M+UT*9%|y;7vEyCI7W-ubaQ&Q3YWrf zA6@jIWywb9Vae9+gO8ZZ;t9=7y+vGq%}hKgK*oj35jKUcvp^`)arQSGUu^KgKG+KY z2GfN`x2V`HC~cv44U~}yWv@q?8uuv!rovd}he<F0dW4V;-|A9QBx-;JMmBdTAS8yAXJJS;eZx6Ty@KVAy6AUa2$Zk7yl}HF&CbkxK8tdieZF%wzcDLHSwq{P#M6 zovEQ^uzg^d^T%v5hL`1TjFIL{E%L;v^;Wi6eqa3Go2sBs{@u)?ro+z4JGBY@ysKf$ zpBLhH5Uha=I>MCIf;QWi>u^yI1;`xn_i1B`To3wQm`V#4<__F;2ZGOkN1CVh(ltGh zo_YZEgK52ZiBx~X>9>|qak-quVon}dn~d~WS~-0tjg+~iM%~Q(fMZCg!0hD zyVJFQFl8{jZx+RMwI0+zxuv+XeB+woMy|r;cLg@Vkb=wtH6ZOG$2DIzG)iB2viBs& z56s4GRi@#hI$)>L;Zz+5HWsfqVAVN5uSg=*76&iazRZ%!KBhWYb$jDx>0PjSKJI(blf}ni z{SYi6if}8U1-4Z_HGY)|R7fA8FR3nzKM<~7-c_Q<3=0Wnj#NULwdigjop;-X3a#!j zt^y&*2$xvM9LFn68k%m!%ftf5EJyc%&tX_CgJSy$`*s;}Xyd~!%G=7!%GYKo<1Ao} zmIt~TLfn3{=UihHZap;nkQVTbB}9sPU-l`QG@5<)g-LrBtAoFxXq5IcJB9H8yE(7I3si+sg0%svK1HUs<{Lk>(1%rgBnZs@@V2 zvHrq?3l@#XANpt?xHy=mvRO$t)>#bzN-16YWJ-)a*CDhhHxU)wr}`mkn_w`Bv9uCc z{qhB6RN=W$H8cxIx$8XpfiJT=HY9A}l@(^kWm&Jn*Q?Lx0$JnXXkDl3i)>_snz?pS z+{U;tDq?pK$R<$Sco0vMMM9!>`J>Ibw=u7u$EtHF$voC}4FlDf`>9H-kdd{H4xer~ zw0rChc_GYzT7Mf$6`s?)OZjk7%1t`7em=?d4mCAT^kB=2`_r z!+W1ls1SqVBV6e7RL}ka!b3}j43&_-)JRVYC zi`dqCECG!ckjC-<5ca#rZ?5^3w@Eb@U5#uNO%kdh>>Nbb9%1j>y~IWZFOseO#Ue9m zaDU$_5sP<$ZjbdDP8M|paT}SA{*e%w+mu{QF%M(P-?2um+O|xY1ELIQl9`l~1 z;XkX^_Ms*tu%^1;+(_5t)bQcFMC{9+@3s+7d;}1V|_&FFlh~aQd38qzbwd%r?I~{~ESr)~tkW(1-!v-i)Ke z7R=d@ww8poU)!K3a10ii?mvqhM5CkwE*1vp^rHmq9F3z<0$bbpL4j5k_H$q-XLs5V zP02G3JXpBNFQKsRDfgdnGc$n-N!|Xfl+#Ufqt!j6+SRh{2wv~}=^KnrtRKeOpPHrJN?~^~LD!IecopVOdjRrt|$Zf-9c_0S`*W@0h(|7=pq1yd`g@Pdb0(cL0 zIHhmZ$4%GrC)XVIx8)g(seqLc&yj_+zY%wU&7=Q_g(%hlaBf@+s27Hz=&(6GqBYmE zoq>n(%*c*QYBf46YAcoem>0pw6|<9&d0Wr`b$-qUbpeyvU)ianCsw-_-_c_KSp|ND zrGKGasJ&iczd_&E47^PZ-p~oJz5oE55031eS*~$Eg8N*g#aSV(pQOrT&*)aIpzP1be^i$cOSS zmwm^_9Klh%xh9r(f z`-_-^iGfRQ%t`;azT!cr`S-*sdKr-F|M_q#|3KHgz2%Y7t8}`*{`%+RsuflMx<)r&t_~sb0$RZ4{V>}5 z8$4@}^?SYOFpsO#bMMZ}USxuU0+*3%_L7!*?!1%TVDO zxVt9`GZM<%M8^{((` zx2*z889bOUhZblob>8#pS9O3uMQ)-RYkA{}>M%;G7#X2|B^a0|_C9=I-OV^Nsensd$>(t+DlF2YfS-qnfO)GY@a*Z zlF|Y*&Qwo|D023r*pG)&C()N(!3;l_wXA4E(}amRyDBUkEQB;QreQ>kejta=SN_0x z1y{wqQnl+poY!S}kjau^-a7+82=f0uT80?7AFQ*^QB%yz0>kZGuLPfYu(y@XdczJd zl=OjWLlLw)^3QGIg#9k=6HRjZ?{0rS$A=w?^-^Sqn%->0S zW>?rHH;fdx4yGM7+;oXOe6vYWb%)Ih4E%w)ARzH<>wLnV%H4SUVP$#+)qvfI({C%a zD@`iRP?)OD_2P7!YdCl zJ5<<&fI0E0yPI<~Q)0sOU0-x)5}*%#H{Qkqi32(Y(Vv}aHHBzvHz}!KqtK(pxV5NZ z+ZKFpJBglrBpSFw;N)-LjQw(K)N}uyWLgl+9g~z36s(pkT(x3oaCR@@gc|*R*p}aX zH`8fkbCkN&G@DQj*DM`+s+*(j(H_^o85a>Zq<7lqfFX^!6Ux&J!ZjtAe+6dCj~3rb zhJe7nK*kuElg`}vaOEiC##wMHu03~~O@FWg?3M0~8 zQ;h%-N26K}gtNu)gEB^tyO{U&710YWt5?G_dtzX{wIdflw1bf?*b>M9h$t}J6h#WE zve#A0F!IKvg1@nXl35f()>7Ib;Mgd3}= zQpL&*LwRNDMK98TQ44ti~F%7`=J)SN$i=1JS!c{ZRWNFkB^Zvi520`8W^l}va81)Jii$#=x%C- zM6GIGUP!QSBZ-Q1kdJ!zNU+@{qGgPC|I3CfgVNS$_}pf9z`=nZu~`fHa6dQb?&pW` zXIdR+26`G^yn8-7oUeCr@LgsOQgmB6`R-E~SLlIqU3cAc(=iowc>lrBBacdEmZfK2 zS`!%2$y83E*U!v-SSaeZGG)z+9_K4@Vn)2 z0e&C{k+!rN8LU-k?|oDWDHhgN>>U?69Cuwt5capb>-}ohdg{js6Uh!odm;ROCv#nJ z5yAc$j$JqJ?!@)OE~WC5?WKunAG6hHjKkB4!oH@Ry^}j1?M=D2uPJ&@?UjGaoOa-_ ztKSb^Yj3Tl@ zRa~6xZed&}9w;F#DbhS;4;+YlAB78r5yOM5gTp=vj-PXsN+}U!zXV$S_dJ2m3b#1wR7 z-6AbIxx3$C2OT#oihDdk=<5r^^|TDOx#r(j{Plw^e`fm=&P4#asDC>}a7=*%D-p&fiYe%rwSrM-T+hVKJ&aV}2^ z%b)xXt?<%S>iw_hkZuiUkR`PLx z6H2xB>Wxl|X%S)Yza;pEYW|(6!|nw}n?;@}<>atirGhHh#`^k)o9xV?ZyQY#j_lugz0+Uw62MxAVFm4*I;mh23ATX$LBYP+#RFo;fzl2K0S$s4e6kOdjHrn?5b|d z`1YUbLM1%m7bo!$?|9#L=m+}n4}8nnZHuvf3O@sl?$kr$$Kc-%k>G`a@cswMqGBxe z$Hy!P;*ydN5!}B6LJ#A?Ne|=pc0E+IRv5>=HZ0KBMG3YROdaY57RlLX6-wCp{g~@aJ4-exjlvoy;4nf|w=ZMlKb+-S%gWu2s#w zvB~l5!(Z2g6PIkc8L(>P?$k5rd z^}m{iglZUGIIF$O=brcqi@Y5&tE)D*btQGDw{9M+4d4ghWv9QDu%d-f<|_I)f%z7G z=`M6KyX1M>`+`FH-=Vn2et`tM-{K!5k;d~oqPW>+qnh&Vjc69=aJUn~n;aBQ&pZ~U z(A8MNUSY>j<#RnfkBs=UHd95&(9`nWTN{ZQv<9Do@fn2fwST4#uf_gRFFzyKm}(|{ z)QQ+HqT*Xbz6IL!?os))nmup>Boy)5dwtP@!{kGT>e+ScqahLp7*|hb!d-lHkFUv5 zPF28SnRaS=(oX6((|};DGz%H>lBJr!Un}GF)hi$Y9=2eR#LZv%Zl8o3G5%$HGooYo zkL2YEPZPd0{a(m5;0pQM5QQe?G`SKyreZ3X{BT;*{OXd1Rvz-=`IA1x1Y`u6tRFBs z5{LwgnVBD5bl~>oMaGXNmQ<)S$@JAj$9vtU7X$n!_$D8E(UXP%52JW*OmKGniERr+ zG&xvq5th%9AoVXw+28z7}EM$cdUP$n?xOYi;LcY}U}>h}AeC@$KcDC+b7x)?Y9 z6`Zi|%cCk#yGH7DEkSun%6D+z6}uX~U#myVU8w%PuHTomQ?k`TEd38D&aWmoBD7xR zGJJc8&mGbCnP?xkPQ6X_1bcohL5_;-7X3|lE1!G8kI+9pg^Ku|>uAZ<(hp7Rst$KnOt|2-A9L^);`fG7T=Bg?)QF@72bi z$4(0P14blqMig@#GP5q#e9M5f`%@W#l9yxUG#oo1%zK$e_Qa!VdXYl{F1fCD^P^MO z$zlHO2OQ?Pkleoz5#b75k`1i>Eix7x4Y^g>ESh;vd9R|hd0m9RP0}pm(QWw z8tZ{7J%uB=U&HvA-~A4tyDUw8MGs3lHgL^-&jP zjn*34RwVoD8bVHNVX1})C%Lft5s5Uq7lEID&-hjBiTW2Gi;9eSZ4(9uB}%$i^mXR; zKiLK_@j3AHn~tg&7~AoN${DJ-dkrq+R(Naq<#c$A5Xz((myb4wwjrYV5)lJGCLDn5 za!l?+*sh);650ytp)VGx5Z-f18smg(^RU{A+oSV8nHmd${7Y7x7%{&Gmz}^pwu&d; zu-hl`O;p?ZL=tT%J&k(H5eAfV1L6>F4{aw@2CQC*{6BJy6v#EojOF=xeC3Q06P!iX z+QRjNV=8foMl&>Lk?qw1HR4HOvXPEjy}eg3nKf}$a|iOK9zWgSaKjB zI<>pym)+N3te9wKk#B`!;xo%n{X5o|uqCy3WvP)fD|hw11;?teA=g-*qi*z5=ZcNL zcwr@xNsqmiQ0QPfrkS+2o^JQI8qF(|WeqR`~d z_zwEk-0V=Prajj9~kJ|ZW ziXybN$Jbet#lNOPu))uUVHZ|JiEB&I`B~d?b@9>pPnf}wPmx@7P*aFp~;@4}T?ukRn#ANR)*4|;rvhdUdPOpiodhAc#!9j^B; z*?|ZZOG~0LwQhAz8*wrQepBtb(@a@(yllLbf5mjyRmUI|1FlbBsVsgo< z^M6!)PYrM-&CzR}Z*2a{0XDj}E8)IJ^dr+-8}v?H97&h|+Y=6fH@p>v?X)Yagk7fY zP!`}5&)1Irz}$(#j$NY~t0!bw$lHfLRDZ>)UUHj4qo4coMpk+h{LzVLuzLMJM zvhNvsP!ECBT2K6b9F56`wzEU?>FFnva3BEJuMdQ6=FRS>F9>y^_TjH#>DZSEqzYe2 zY!lV8+=V7|7j~?0(=|dz+aUrbLc1dfB8Umk+oU{4VoUNI-x_$?4{F`ryQ;E31ufaF zT~xwV>b#LFF$V8dkWt+wa7H_1=SKT3o`**JO#fBPPy&g!)2i<#H5)>Xr9@vx&B;;g zQ=Jo<;exfaV&}u^z}le>o3TrIbOwgvF|32Z7m+17z#NtFMPOskcoH(R(af|aI@x}`gg5|yoPAgx!VO8|z)z^% z!43+yRF6;m9x8Rug&Dro8=vM(yWR0O@o^^1ost)m^?O~$v2dOG24$w6VO{&e_R|*W zckpL?xB*P}$&wS2Fn3V>St{afj)@8v0k;PGcpxCz_;*!kdLe4cHAC~;V7s~W*i-Yf z>&tJ!E6e?_XPM+Icz;d{ma9P#pe~7A3yyxTOw`~R`KdWj_g4-%yz!D^hX5vX#0r=-= zpIK&%zf*nO0c&+BA&NrdJ`1XlQuN>XsnWe^H(M&^k`62Boqx{!|9j-n|2^||z2QhE z?YbP)gX>IdU7U~TZf14Z43l7}8ffZvOTp7}qVUPP7e!FhC_;Pv>Y2rA3$T5}S1iWQ zNKplL8B4Y%V1JVEsGPmJmmqL+e{+iBc>bs2|&%Ok`NtGegaTtP5)J2o{7#;~y!TZ( z5vqyu&#CTFyC*-5IN6b&AfDuIfIjT+V@E@bNEEb+BRB#S%LN|Q;b`TgR%{;V+(|2ZM#i*rTIbru#` zefeS!`%wrhGZ8W!hX-vDw9~Ly?^^}#z-Czc1tPA?1NN#u(3(9lwQ z?)_WAi+iHv>(>0BYN&<2{8Nmb@%f*QMzS4+y&ZMFXTON3>&>9*uKFI{KX0cp1JC+{l zsq7Rc9}C&2oeQS15_WLr>Od-Z6JL1-)wS%+uc4W#46z4+YO;f{OMb=NtK9^B{FG?_- z09Dh;pG0>|z2IKZ0l)7_xFR$hk+pk)>`*t3@?6K;RT-7{065v1**?TMfDkW^BpdOL zviMx+Zuo3&EYhZ18cFvZ?R9oNYsKQiKdtNNziV;m!6QRt#DkafXwa8-c@GfQm+BR8 z*VP%V6Y(dRVX%ebG0CdA`HO=bMA2ltDHW=exCG%(M(Uhlt8+VJXYpDq-eYHH>$?!=6l+Q>cdCiR7JP%1-a9#5*D+U7Nv%7w5+yFM zL$fj}Lx%wWxR>kZ-1)2|&*u#+U7K>Mutyt3>+$yM) z{FWonru(zU^YW+)HAqT^Qvb9GuK}z8HVn_mo%2dBc?(;}Hxh_78~%Oo-CBp&%)^l| zlRZr}bWPJbt5K8RR*k>0eE1=8LSPzq1RdL6l+A$%BR$ZpyixVaFqH(9+{xvI-f@V7 zQ31Hicir0YLMm)NcF4WJuI^}~$1er@NSGu5I&L2U&!<JGVWg`+$ z5{6O4PZ3Yfl`8vAsIJ4`TrBf{5Fxc?EIkoWkdo*mtT zrTCF4>w+DXw?QxELOViJ4eyQX)a7hKb~6>5q(->7#3w6Dbz2sLA0)UHgfi`Em-g6) zP^t0?+yD*OxtKfmxC3TVgiJbOnj%|Y~V+50=B<7WuW5rP!+;5LQ`S`DveNyBu zZ!+mU|BotCOPbEnM@8wWws_)rgNjA7DFHZ zuIfTXzZ10L`_8n(o|$#RM9Vl1J65v9=t?^X5Fv_``owDL4Kyj}zHykkCr9nPb_LIb zT&#`kJTmVG7J%l$ZuR1HuD8U8tyGPtzW#yb{IgVo=~g32(-T?(`1x3n;G<6{em?|tG{{?NL2MW_h*ySt2(l>H&Sm@ZAUF+ zDc*`a!~W3xYPytYSB>>_n@K3(OSTzYl)?;sUXx#Tk=_-4{M zCqsiB9OOFZ^h^}M19PIDRE2fBpsDXk6^82LuXSb~hA1J4`|mgzYic*E;fi&H$x*wW z;M(m*x)Nd{2U82ier07h&~(aOU~<1}ZO!&h>lsF#pB!wCFLd2%Sl5)^uQ}) z{{O}T-qh?s0A_;#l47va<+OATFY$uF+|qVrE)Qp^PaVO4Qe=IFL3M+5wNaVWl}u{! zhx8~6dyD^gZ6q}snd*{aro~yBFu5Exp_!tmrk4GYZ8SAytPhrw{`%Dbl+Qs8`w-^g zD?C0dbZF6GcY2?l{Ei>ar=Q+xqr?7@E3rg?=ZYPP?_9b4K~>zwf4gJE_sDKW!m(x( zr{`!`=Aw}w9;fmJG~fz4ZI|xpA*}Bdl}c$%&d)gM`@ACydYh7$;>c4)qZc}s?XX?d?-!L{s9AsEzB>ljI)%?c!u2cB$?#@-+R_ zgYN1pOJOZxk={wC&R$Z{L0IXFNp_#4RznwOUMGK7koR}jh)DM&s@%lXc}GW0{%(GT zI`qbFU%|(o{bxJNy#vvgl0CC9{YOdiOKLPd2l{or#J^DZufk`%IGpQTp$KB1q|F>+#Q0$wfAWTq8TgxTO=b^nGbMVg zzeJ%Vm{j_jTtV_05|T9hIj-X2t$r{ zUex+j1qKhn?z3-*dz@fL>aqn^;_R}a?3Lt#KKf2eGQ95EABXP=-qUTQS(tavGI*ty zrYHUO?-*=?S6s0EO7*;up__%GaQl^ql7*Gj$1G|QB}(tF6DG9kP}wg0LmrCe z6Hr2L^$>AK#2(_&od)6#JX!MY@iNPM;?5ZSX6e-`5`*I=xRH1(>o`K(;{_yrLpga3 z;HP;7t`s|qi5`@(ifwY(fhJ)ZD=?+ ziv<;!D_*hVD)fXPMkfod~%_*xr>uJxEz=#7k?a%6x2UhUQsGAuxQ~v|@lA9+3|d308WdgtkQ^ zqV*1ZW@5MFKmfmr@2UsLOo;y{B){KQcL1iIXAc|s!-|Vc*w1+j+tiQ=-xnqH{t-VQ zGpc<0>L~P0CY;Q$?#bcgtzS+xkGH4kc|{?u>aCCQqKzx|Vpj>!YONyZ0Ct@Gs}=+p z?Y$0$N<&0?eR_U$!{X!P;;Fj3IQ3@TD!#`g#CoXfO6;Kik|ReRZ%{cT7O;&L^+`QC z7$NzN7L1yAB%?E@&bqG3^+R=BMIG;cX~`Rb(bL(yx||bOjJ6Is_vMLWUc-lJ7FQ!5 zH;jGOLY@o~q#5WN?jJ+AGZ7cCa2#~HXJ!hVI=}x`ca(?W#CGlh ze<}nKk^(#g{I>AHqDRv>#uZi1aC@s6A3y4;h0K|W*Ef$2S@c8zO1_j#>;Fe#^-o<{ z6m|NrN_}c`mk(8NQ)I4@T>JHx@F!6ZFas^X|Mc#9mIKq;kJr$Po`IUfoDA3k$8VI& z_Ev;#@jDMV{6AUnNfmYV}eyC+#xXBm*+Sh0gtDxz0Yi?!3ur z9)o@l0GuytKa?qallMgppLj8m@|Ht%Vb1Y>aJi|W`hb$^ev#*mDyWT?Ib8~8G=tk$ z?1&oq`n5Ijb3_r^9NCT~-99aumRh}w*+q(cDQu)|{-{{il_g2LFO9D`Wh8E@qM2#3 zSUbqYTtsG9K`~IKQTj6MgXzO2gTdCMJ~6CyjkQCqGLYg__;h*y0Xz`{ZB%X>)s=5Y z0}yy+Vr|C9j2}`Aw0*J|!sBac3GLSkSe3e3PWu`Bvf~x)-I`wG#ne<0hG_WlTZ+D4 z&%j!iYPjFQyJ>AMCZa9X(2JIUVwI-XY{TW4K3-_diO9Rle+lvy#~{O(t_#@dupsD=Yf&WrIF%s6>NZ! zh>T&55h8~vqxU-YXitEX$^OA?1h!wUQqm@H=GyZ|_k`8V?-hlEP(x^g{ObXnWP?@D_jk`;!ol!DE_eYg!xqG5wS1pY4-8T! zi;z+px0Zo7@nt+)u6X*}CJE9G&Q?0Vjr?r)-GhrQU-@`M zh<{I$$c&&f`}`SFY-;>Jd}V;7Hvq2xRyd~H7qc*y8!d3M zoS&WS>oEmV;U^SPm0p6l;~_v;zpQPI3&-RuWkxkWsk~S_a_p4h^s#JNYMB~SQ?nl{ z|BD6X)@(LScUh}P_B~UVr5^_dSoG|Msw*@JT(@z95_+BYpDB4cnAd{C>CaH%>I)ca zb>&^4P*=aRek(0T3f+4YlLyM9s%~}3b6>2bZEi1=1$!AykVwL83jWs_-HQg}eruBD z+7X5g)*&o~X})?=N^fjO)C6~h;fNY*Krmag=X>@MlH@^ zmAvE!C@)i2vDLzh!t9YoAzonV~}zmOmU z!#cT}`=M^Qtz8g2^lMmt-rFrtIGyqS&nWM?A=_1P zv6wg5H`710h6jsR^i23S@(2G9Szj3z)!XfDAqom2C=E(C(lHDTLpRdhjr1_!h=@oH z-ObS5%^)D%-QC?S_->!)Ip@6Re?IYrYjd&hwbxp|SnHlRr6CG699;7J2$HdiXBWA_ zq!ZZ{aF7WfPFAlP_=_3fY{Y2Gjf6}aB)h@|&rd$APiXGbVZcOPV&na6N}8w1-0)m~ z4>$Fla5yQ9TSHF28x;A{GQz`+i)>w@@%+b@b8p6Yc_)^GVkzYl_ro=<$65lC5)-v> zQJ&B};1$4czyc9>whN-&}Bwfi8IuOGzGZjxJTP%*3bq*o)_5k7xm23FL3LwCA%sC@^CmGytEqz|k=OcLKainRP2BB1EWA@C6KMhv zSPyq>DybUD8w<$uJNu7c(l1I?(4GKgTpjB_ntParOlw$LteonX1z3?e1S-i=<)xk+ z(1E+*^BU`;4J5!RqH#IV_?n07U_fP%l^0$iAf}SOBIfOA%rTSkjI-=X(c`ky#F-)U z40?*))uHfnaRY6I71K`c{oH^Qh<%wIUp0Fh_HuP})ubLA^QDk1^sp%w-m$$ih~v*e@32*8l-+c42g%k zqc~hW;7+;Ny&`B@OW?1)%wu(pt_qcJk{j1f(terQ`Ovl4gx|H?`re~!hkYhV5& zq8jnKOk6UycFqY*n=TG8!{d5z*?_0(Xs&Zq}U#2NZ<0=#%pDNI;v8?9azZHw>hvAR)o91LXWA^Ou<73=AG0}p=n{2J#tL$5{4X~Ee zU&V0mKhW74|I)bZep((K#s7irqQ}KBTzcKEVA^tw{&fLK{G$X$dVJRUxfIiivtMn# zf6t?s23G>)0Jqq=Wi^3I;_WZpX>c-}s5kz(IgNz5bGuYCmalv|)>rc;VM$LJrTeJ3 za4Tcw@j*!{*GEcYP}mN9c%gE)Ge;pa{nUgP`h4*bqpZZh>dWtqciua`mzk)`WO`GE ziE!h@vb?QDcm4Q|#sfwVbhFL<*y9$^Wi?%XLy8!^X}1}px^*Gktuiwv>`Nt8-9B@m zTw)cne$y(iDilmkt**6CXPq^@LT8%O();3;wFhffNsa2~2T*-Rr90VbtEi7g-Xj3@ zd|~+4MdN^Q1rQfC4nOaRT2-U5&lYUBKr+(3+USb=E7 z-(ae@BL>*W;DmO-n(e<$QG|YC9hwELRPzh7%<7b!hjsZA*YbAe-%pHaLDm_H`5~lw z`OC4B*K`JjTTLt4zgC1pemw<2ySoDdcLcp4Coonc#Bs95hwJNV$q>|C@^+2Eh=;Pk zckdg3J7~II8S|!XfWg#Ce&Qw!2fW`f5fAbDstto1yqlQ^X>PhS9JfkeBk7#eqwW~% zb;WsHkBz~b$LNitxB&bl@jl&I!>%+sKgg;6eZf^Oo#2?2B)|YgjE=jq z$i=^{%_ktX#F_nxI7tXBhZFd3f@u$1@`nF#viIrN{TDzXyfbP7ZcC7QL-7mYMBt!FIPBvZ@Zv zU;PW3k6V8QDIyLQCiYaJ{=NHa5)5E7rAHESQ^Un6K8<^pMimuss}W9L29WO8+1?!f zam>w|=F_vQL{Z|&| zL+R%v!zbBWh3vJV(?g!Z?bBaTVkS$wDSdql{rr&7REtP7WGAWQ6u#im+w|@H`><7T z!%2svJry2j$x$=iv*&qV*}L9m3CfGvxGI#&gS6pY64#{mTV79yX-HVOep~8@&=B<- zw3nY6D{V=9H*UdnZnS%~lNHk%IF0~_CV(B{R>P=-=6Q(p>F_t=V+!sj>BEO$J5mkR zp2IUd`bl1xr~WpJo}YG#3Tzg=KJ8!Xw~Flp79KgNzk{g`@)3l zRte`A7h(k^L}Kzg8BkP2J6$1tbD8(oBwva;`(CbvUreSXdR+HhF%A|&&!@TQKn^xu ztgSj4ISaM?*VP@d3c-E?Uu!0|sq;QL+o(-z(><%qCKyAjr)FO0@BJ8YM49S8g}XP2 zC{Go_P?z*2DuTu5MU6x(M0q_*X@1U-@eoeCXUSy=37BY7Du~O8?!By)Ca*i5ka_b8 zI2JX&{|G@qdoxO6vhjwqNz6cNySe>gQ;BvFDRuY6#Hpt*{tG>YD({h;iXTQx>;>#u z>m^UW6aFp$6|X;{woKlX?IC5H74zN{SdLmf9g%Tfh&)X(l=*2&EA{q~f(;ykZ_DhA z@SYj=Q;%t!u1nXRQl3}Zs&ja?jwc_VZmG35?9CoXh_=jJQzVKeGKpDnfIBG4mb2-C zS^k(cW{qqMQ{cR73Fgp;y4m~IfiPZ5#-|y^8V(Y4Dt54zuUuHqFS@iQp^4`m`?k#= zG>O>2bdc6*mCkbxDA=7-FolOvaC7I2-T8!6lqKsBAxLcj9{x{&|5Gwp>7M}f+f z8c3r9pv1mA1)7yD#(S=|OGotsos{=w`h=z&@bsln{NVhF0qr&*^RW4N>PZp>rtorM z*(0`l5Q;!Xr@IeH$)R51w?mK?gz$9XO(2SM>Feg{90lo10)hL#0ss*gWRbpy_xV%= zd-4Ci`M=2W>z?JnE?u??X5+7j)FBw_PI~EfqCLm)w=KKk( zDmT3I#u3qEih4dtEt9|!U}Gx3HD~BuR-}YPObH8Fc`?IH_UZSVIh5q1G`PZI)#PI1 z&u4uKb5Gr(M&BaiC$+1c`gecs5NZvw*?gF<_u>k_N+2*a(=T7r>BEiW$sAwJRnK!h zvKRSe-TPEsI^8mkvUvWh?(SJ&gvH?n4FITa_I?qwS_W@nMwSQ(0dzg?;^@Xsqhqyu z@6A*E!ExS3Q+eoj4$k+gU2s`b^=uW$1nfyAve3KjZW4EnlNbce+^^cCU4T1Z z%ukx5LUR<7@5w&;8(;4xYD@~AZgn9yZ^>bnODB|Ke>323T;yUMI|4!32v{kiArMd1 z&$OYC=>{~NocCss3HV(27nS}V!cAQ5YTzqwv9_30JPg~}N+f)PKb;8p z*R@}p9RUP&yn6FnOsUU+J&{+JY#N_}llQN|FJ$1mwm;}CuHxc2z@SyI8pL~?PX|n< zrcwbUZ2*uWye_NadqZCw%*IEVel{cBULQaJng#q$PUd5?^`Y>mstr%5SWCd6KIIo3K{ku^fgb=yk4sUHz;my~Cx?vCb7MH% zf}B{S8FhDZmZ(9?Ga!l9z3cd#=+^r4=Mat`nev8GBmxb(-_6pO!mO(c-Ov4uSo85FAGYy#?N~bR9)2SG)QUyk);Bx{7n&j#F zyGFu3uw|I{V}my`qgVRSLrbsGxmxz>PF~RDYzC=>j(>0DZqo{*tUXI%iVE_|x;@g0 zF=i6JR-{{ROB5R=(n6SN=-7Bgz)@YH)bk{l6a~mC_9D-}t(LQ@ky4DDi6aG4@Z0AT zPYeVmFYh$64Lm)6S8dYhd%K;CTO40d7iJ}S?$>eAhPqHi?(`6)oOXS~ud=Mmpr}MT zM`-lFHgiqxTy@1h^SeB>gB~1*yD!FhpSHvE4t2FoM@DU)jRrZL0bhzX0;ma~ICk%t z-<)~$<~hZJTo=E@d_#peug3h+fkRIBU4&Wf9NkX{3+IkkmS3SJ@JZxJz!6R+C*S*O zq|UrVG__RWO&5ie$&tjl+%^z4P`>(g;~>PBhQ(q0w)#9WiNJ!Ph}3Ms`30Fe+%M&m zZKBdkfVLSh(WN-8{<)`+h4BnX{`n;TA=T3;cVB9TtM~wbidbvVY$CiF0AjdyEN4y% zQ)ECXj$hEd=B7-0!dzb0<)sW@UcffeI%2FHQ474mYAc95XT!=KootBHOi!2jcwzf9 zJP964uOAS#wz3XkI4{DjYcmDojgn_rt&WmXZ>bx_%^ngUi)$}-)<4Oc)IGH`K$Sne zyB+9NjUBigl>5cYW3c<`NXavZcG>0R>k2l$F+?l$y~$3JaZ}LY?sGEG)aUb)sfLmP zirx}IuKQ$0DoiVts6F_mRTQOMJSuAXdLa7jIF@C#Pv4seZg92Z99bd&ItE_yv(S`7 z_)hE5EUO~et2*cX`$=Abt!ytzM;q6~pPQvf&afd4{JToys#Ui(+jNd*&S{om zc1pR@Y z-G;~Z&w?168C!HXY6Uew)`2aP8a{4OF0{({dw?pSsV6D>y366B6q!pFZ^<19mZc?O zVK;a}qk<8HpS$z^olsiO7N)q^@OMKhAB^NubzrXt377Wj63;+Ki9VS(kR}RZJM~fQ z_rN#JDpawNmDAbvBI$3CzCK~_PdtTp9aNf*&200$tU_*op9#5qGgeD6iy*OtZHyd& zSWU{d#&b%i=`a_Ezqskwvm>k&ld8BJnmGLwV3*_DfED`l<#{|%4U3BS{KnI_x?m-P zY0Ugr7rm+;De7xsj3$bL0#{qUkMRdC^u0ZQPj^acN6HjE)@j$03oEDG1@7f|e=J6$ zuCJvUN~XSsq*|5;vYKKnAY~?(4JMVyed;zg=bi#gq5!*azdZUcr5l=+DTkyljiP!F z7LO7%TPSRMNu;>$2rVSgRjfja=bFT{JbN>SC~s9Z{XULXsb)kB3asy@N$?hvw9yMc zT4k@8uSfHHaqD-4gs(g8o{R&;@w?mSkicp+acfy4oR8vX&z$VQ&E6($?#01I`o||z z>LIe?x2ytu7eKTO3UZf2^+dx2X7bM}HJN$JKY$W8oWs_!^j%JVU-XCIA0FN=$j0G& zA9t6Y`>9p!8DyPs1j+~@98|PJQiQxxJqUREE&Xwiy8Uxc!pU`t$%72+KXrlPddY*M*aSS;ZmF#lY|oPWKkU72$I+5sRNC zdHm(3f0vExX5>vDh4oMN-py1J@4M^npiTHK2;_C1)Y%RS)Aw&<_S|um!+U11PX=y;^- z*+E3Y?N%PpHF;TZX3Yz4r?D6Df@Dzo@hZaq_NhGlpZ2*s$Xz-q;^EM3{+m6zH;x(Z zw|{-c!-jAZvQ>c9E}B3@phD>eaF-3uyUM|Aehb5KvNHCI!CFFEOR zgU05=@lBfW7NEKMUd<{XJ*8(Vv;bdiuTs<}nBgT>HBtoB3FpMNg~!@m>?adf`h?mZNDp#LhrGs6R*M}*J^|lLov|=kc0V2) z2tTLmk}tgH(H26h{FME}ZLE+ad!R+Xg8>eY&B)Q)S6&B_} z(tq6aR$-An+)sn!C_PIz80K4JNUpljDQ*K$NqGn<*W{mz&_atmWfBOO1Z8K&9LT?hPUJzgGlZiyI$XlTL5{Wef^Q@W$N1ZrYE2qk%KF1XSRbjS;&l!C zJ1f!7%8QX@m(URL6cncyP{y1?LtnccU(-td2Z#XSj7R0(B%5i=Al*{E!KeWWw0oCn z4{o+|UgZc4X>>7rS^jpqkWeW9xSp4_M2P2lXd2am5`MR2W&3JE9x_Oxs3#!gxcz%6 z>-2GG(k>i+l(K+6aFzm&pJ_l6Cch00AhsX|{`k$6Ul~WIKZ2Z4z|C}PnnHO8my~k-&0^- zQ7b#^Wt8YM0&snIFl&8PBr_4WeQ@K9GLwWG;L)Ti5e%u*?LP?zR8-0sp<4p(`(t!; zNq=9TFRvI~igC2;d|DI65BUvyF}ACSWu zqFcv#Ge$|dsenxm=Jfb|^lqkeG+ti>A0gywbTx7f_mSUSSx&qCxv&fFLSpjxx%t9G(3mY0H4EUIdOveLKuZd zk9F2nAcdG>ZRH32u#$mr0`>n*s{NJM>qRYf7`oK=8W^|b(osT*DEfDBZz#J{OsUb+ zjv>l3!}L*?%}p9vI={wD$aM-WKgQ$DO>Ld6cVJ^+nSvRI5^LNucISO2dQ51q@+Iy* zVS4e$M^kJwv$ze-OJLTJg)_I7+~-6o_~2;mJ&$Bd{CFI zVqahEd7j`wxa}GcQ@x?V0@p`JS5mcg(!4Ns*TsMXO}WBN@%|>NqqmxpoLD$drpXap zH(!-yI-|AkoZ*91w_Dp*r(K@DF?De=zYZ4F&}NiPUb+DNR>7_=^me{b*hL?{7V~UJAmd<`dHT)_Mby2#F>Fr>Bx8ua8LR>Dq;bSVTXZ@7SaxqTrG0x7EifrVv8ub7(RJ@z= z$o;_PZU8{B21LV|5tNEHa!WuHkt8s;yaMGP&W#Z@qr=K4l|b|Hhd=i)9SG@DK%JfO zawV>`(?Wo$o0=>wYa3N^!P(nA6UspWZis(&`faQ!iGzPCiZl4L_rS)4&_>msB^k9mlA`7SF( zg_QNxCauiI?IqZs?p@c3zgm|HVw;8QzT;uhtkY1rD%-ORM>8e){AL(&5`Rs?#6X$A z#DL!#w9%mxuH2atS+IztOkfV-8A({b&oGI|=E9_1# z=~ZwnE0zJxY)~7}I(Tkq@@y`1&_>!Yb~q^Q=RQ_sD;jhDowDB#sJlYv&#K{XiA%IT zufLA@vfy1h&sa+%i3H@x1}~h^lvu7;_oq%z6>Ui9jpT=$70s|l47gGa33rO^*(GG)53q~o@3@3n3(6DBj1wE)0yaeqwaX3l`uk#K$OBokmPu%)AtxuABm z7XX;Hh@m?;a+i82-rr*YCnmsuGt}f=zBfQdtS{~KIJ$6!_7vf%gkzgz=ds*fM$7ub zYA?6L4lc;h@Dh8xkq>W3IlK{i0lME*q` zC#_4X*x0(LZ?u%&2hW+<#v?`)CW<|GMvm4YNAGUh+$*bUy733j(|c3ve{3tcKtjYx zfw{gv$u*Zi<01D$HR|LZ%v@CDWDvUZ22BJ0J!m5+Z5_H{5|jIc;+V$ZgUm+jIw8&6 z9OO0Bg{3edN;`ch#F`{2z;*NOE`Ars0NyYn;rszbyE4F8ROr9?p~Ijq44jkF`v0Iq z-Rj1Tk0Ft4Xj|UnfO({Z{+InQo-Vg9Z|7Xgc_E^eX*2TvYyXV$$}2gzZiy7Jp%ISd zr*@~YYzqzzeZK>VkB-%JHc$?mM7J^Biv2N!ig~DILE#Uc8Fbp~5ww(m)X$cg$MMlK zQYDKSp5mxs)lKVA70g@VTogFmKB3{@hR2h{%LYfl~tUj_L4ze=h95S%{kbv^R8rVq$< zBqcfTc68vUkidSYrvuNBwvYj#Gs=>aL$6Q^Fhq_5+4c;o&T2nlE1_(wIwZuMbgTB# zW2Xh?$+GG!Io!=F?|F^Jq}a48tdp6n%k6*+*9h!zysY{BP& z%Q#Rpq3C3sM4v&*wY%;6TI5ah%8c?Eg@y5#bi04@Nr2v5-ZS!O4{=}!(7TqCv*Hoo zE*6L1HcjEWMZLksyWu%JHbe6;^d$*T22c_(fwt!S)Hrq(It=WTDC3I(7_ZEaQ?NQ62of3+;?EUka`st4m67+?krWh41F*1<1hidmwqxV z+7kMi;_<$3__sYwsCaa6Gt1f&QP+vnjKZ$&x2|4HH&M-D)Bngc=UxzPul8ZjY7P>wvm5elo_f7`;L0N@32w?}u z!$2QB^tpXgAUhelKGJoUqjKv;t)rt}6KkN?SyJda$@`7S-(5W!rcOF|>?I~Tjmp~w z9Jpq3frvC6%k5Rzd)?2brkfMl!w>%e^-kZ@@F>6^s6@OjCsKd%kdFri`G23aFRQv^ zlkiQ!56&LESAd60_lHD`uAe<)A4lxy_PnM3`tEjIn2N*(FZzL&QZP8=zL$HW{sD*O zG)A@4MRCu!gm?QE{S?VLoZ{PO%P`(oeH>*Bafb`w3t z!*Z)EcpB*5Ir;I<(7!Ff)s}!(E;OBTZPNd^1Yq4IXF-?Lk<32hST${a8rWyg%4wVA z57T_l8!Ph%NU>yRd3XeGmX?5I>$jZ=1lx&`OG8WdaTh5pLW7LdduO=?{gANnR%)^R zG>*P~(}1Mj(f;Vj2c-%@4|@qzW@G`;>y@7IbA9FR!h-5U^nv5>GO(O**681pPjUgLEfu2yCkj9yt`?_uuWw zJt8)@Kln!;7EK`43-7<)(r*Oz%lHipSJ#++^w{k8Fk6o^I@i(-VdGJc^Xi3c$ts&!a@8@#O_yo2QI)?;BXazBuyM6B_LAp|8J} za`vTVl{F0WUJV<)*f)V}7SVrypTo#XT#2k}9lqWzG0GZ9#Fq&vUrT>EMmIg|+zcgt zvie#}pEpNN#cvH+=chRcZHj=04%wLEkk6ZD>Uu7yy??7=F~NQ2at)yEvz5EMP%!V0 zqb*svwybaHoX`<3`;|{iCmDhGg#pyX z)Jb4un#|VzWFA&XObW-_w0yQaa@_(HT?2tdAux{Xr$*LS8o%Gi>cG?JEjR`vh*?$r z7)Z^Jp5BUv&Mp4=B}NziFzKDl#qXc0_}>Q>M`wqNb$Mrl5adF0u$u!EP_Fd_gpT4i zes+=*d95tBG#u;+xz!%Fz;0O$NIb7>4d}M?wAx?4c6sWLBH%>ek1yDxFKf?Lg^4W!0f*VxLF=KR--6u~tKb_`$mYWONr%d^ zV^2S+&c&3$&=BaK#Q!otcc&2T%{y%?#lSbL$|&dD3&$ zTCd1+=Bd*{w@O3$t-bC<9GaYq;6jU_r|0mHa~RxDj;l40>3crKSZ;A92D{VgM%Gnp zf8Usf^uFan;X1QcF9V8=4r;mb+qM2DWfT^(3vfrpiPfI5h2%>$woc4fSZkwVSOKv@ zYFB+*w$u10Xvk+|B3Zl0@H(+wsItm0Qk{g(&cq9Qht|Gj;6w#Kcx?avNx6BG3LH}@ zD}1YmB8gGa(lVwCYk(MWbtuH)dhE5BbsFdIb@tHq6p#|D?d*3Blq@EyZR0{rXjFR# zka4`E9xKb~kb^^VvS*Wg-~@}WDB&??IzJl5A)05=a|sD9uE`Be^X|vGe^#-vfWGI; z2-PeQ9F5-YPF|cI$G?wSW??J_znsJ1g4xNw2Oi71LghQ%{^*Ki`yeNa#c9<$pw|*~ zuGGPUs=cK%TN&0?@nzZ~TvY zLt8*{=6@!3;@knHVS9Gpc!9(zvApm9s5&#s7-O;T;W}^6JoLBVJxqqb5|4XiZfH!m z9WV69O6%M=NMIWS^tOLbQc;Vz(tg6T1n8Z9<};nf;P*XCROJ`SA8(1I&gnaD6saWm z-IGC-tE^{~g&c0de{oL{*6dhel;g%Z`9-(wB*yl@@4^x?eN7_cio#((Pwq=^QHgqE z^jZqetxVXDlX{ zCW;ys4L4(c%a|6oY&q_qk5=k@AcNRs^0%meFewx64(Wj&z7D9j<1KikVR(1a%QL?8E>;`GhEN7eC$OeQ(k;q zjUdW2iabPYPiuiQR8}1?&z~r(go1xa05ksy31@xt^G)D;6Ufa#${y%*?cLFRbw!R! zR~#@qQRig!#Ey&j<`6XOZV5k(H}MA2uHE9?57(cqbDa75-J6(_%7oo0rQ)H=@c5-;Z{7-=fbo@B_L{a~Px@>Q08nIY_Sk|Fdi z2{g{Z6;DEnp^xG{Ir8?7lMtBv1HclXQUYFHfPhB8yY(cz3VLx;T%vFjiPnL128LO$ z08CkEQd|BoWZ*)`#lS#-#eR0G(n`DkV!*{<5!&b#347m|hs zW5N9(=xv({Sz$sz;uM6HyZ>1j+iti`^|CDGc~k4kr=R}(4K)KkoG$yS&CA@;n+cn7f~zVMg+)da8l3a{L(Akh3=&hbB)H(^X_0!J=S=%X1EiLH9e-^{cV zcUU}~F$pn#w}agd{#xs8<>jjf*xnS-G#@@ruB zH+CP1sKTg3UWbxd!mjp?>P900L?`Iw1`r#!DRrFe+$4m=&r|DRrFF{S&$+83*FOG( z#`b4Q305KyfOC*CB#l=i3Dg;R59g*i5rZ{1X1F74K%{;Da z2>3#|I~TjMhZWRu;mbD1|Z_NYE$;<@yhcv z1x7gbhY>`0^4G_01BcdP`ZCO1#&49*;uGC5KvhWd>EH5C0Ox}ePx0OlmDEhvl*i{+lZ&J0% zpqutD)2=nm^dFjMz}3r^uGiO zXQKsV()aS^!OX;(V;$P`U{(%DN=Mz4V02W8`9pzux=UBNXGigeg7Q~@YHOapvX|RJ z+}a9Ih*QHS&f+SX+4A31{$W|ohkpe1u-W)Um2hgt5Pp!g3Ui8JHv>MinPIdk$+4n! z4^-v|o5Yih#|)Himd;h@o>N_%WqU5A{-hFQEX|Up>Mt3qkR%+13oe6^V_p8CJIiZY z`7xGU@{nW7lGE?6aD*osYF8orii`6N?iMh`*gs|H-^qAKFPECUvFCid;T@+Ip4tiC zRahl%<(e;_SaoE*K0GFynFQFArp>_@3+~n@z&H&MudqEIAGI8~IlJ4AJ_w;{OW($W^z54vNPMj zaen08gq^fK-Z&X_@S_^OdAQy36aAK~nk9bf&+%71My`LF56Qc+M~1iJ)C2A^6>OVuD7T4NRQ zTvZ%%%gN2rJ3fU+79wKT(C@iV*UvkXkjtK-C5&YRmrmb#((oayj_loo{al~f?#ibd z{7Fy9Qst#SVi#6h7;Q%`FJr~ll<*w=1UKEfJQg`-Q}nP;Zy5sqN=E|1OV1y-#b0hmL`z) z2MIVd8#^-6!jqhD629V?L$}Pz>*eM~2f_c#b7}v==iDdktOGWU%MY1AC<>`6Z-5TUhpE>xBP$AQM z`$$Q39WX%FD_^um3`zmd(fZT=kfhnT0L*+yb1aaos(j?m9{AbK46_&bvixQ;gV0+^ zOIhJI$*Um8Y}y|)ITULRmv7Tmb+O03atal4t-QS-ZJMod0rY?T#flOBMsQ8M|by6=u#_gr*UYqAHDiTIt3SMGt?<-v=~izhUl8JmM=sk|eTbD3mw zlWxnlLOn}&Ij~nObCd3qK3HdlPRPtgXl5zZogq~Vp@L#j@^{t}XHT91V~zv9i3$tI zrSD}Lv5{NUD|jZhWz^o|ndWDgsjWL7?P&eJd=`C5J~cTrpN@6jdC14c3&tsOhq4zK zM1N=pj2T?V;onjqfF9j=(Q0_mD`z&XtWR0c&-{0GtO{%47s>zOdkm+QPg10XdUmlk z0H-sKY9*5CR^04q9nCt579U=2ki$PZEvHHs#d`6irz(b$gJVb;&&jpe52{%0X$tOV ze_#Akz`@Y&J&qLD?&S&pL*POV{Ca{(dhR$o6G#v}CHK|K8K3o!vobn*S_=70RL>|o_pp2ni;R4RrNoRBAs63;wRuQZ@!z$OMyG*s93@lyT<_O ze==B-ltuA-A)^tEoNUOZK)J@*9E@aoI;arnNsh+Kj)OLDs~zkQc7*wMP~M6=DJFM$ z3XAvPBJ9-toOsWploT*10$6z$8b&){)qjGP5kbUBGaEptpue+olnkD(aMqcuiv(ZV z6tX|!|LV9H09fMTLvP84pKa>9ge9eEA>7FtYYwMc5GnSHM}{lE!qsGhN;;N5ZE_4w z5tNH<)iyG#AMf+|CGXJW^jQuZM@anGn?_w{ooD{R4ASKwupysA^ECMbxgqj7E+wKsY;<={#XUcJ`JILPdAte#P8&eMU zMXq1jl4#R;$62UIncRV2nbZMKW6pu%JHz`qz#O zkL}#<;+O{-f4IvN3#q`@o{reuE~c zXwQ%A4%(~~=De5Wj@JZR<8Ft}*36kR*F@{+d(SBA`Nmwb<=ZSyO_VSI`^P*#ODuEq zIf&qS5-_9h|J|#K2kb=rOKHE>bW?+Hvk=hHkBMo0Xli3?i|MB0Q{7AN7<1NF9m#zB zvv(4aub5+uOB!Bep_GDTaD3gVnlj4c7Hi2e4 zVGP)f3?du5(XZfG&w&BOWY9PeoSWU0^WNZlBs%B-6kdPHyYYH(F1g;Z+QIY#1)T_- zZU;x*trVK2E8kh+pgk$fJ9w+$lFB#XzL-~qez}~rb7^bC2XxSj#RJYcH}xQ|nnRfs zA;8us&hE!D%{yBl?%H=8M^3u_IC%tiNYq*`u16Xd{Rkj1Z7|*2?6i_>eh{wRQvk3`az<#fYq&{ni zycgAUAt_f4m%dR`@FK73+AY28W=wo?wEBlby1QcQkBEOTRF6RAD0tXPh8h!($%3-} z?w3UN)d?B-hE_J4=S6+WA6S?|qiA&rp7-f|K%aCncdVCqC?=hMGT)`GP*)`})<2v_ zC@(HiiOg2R;P!UblaFw%6`K?2I?@wK#X#e4^tJ6wd#dx5`0d zvKu)cX%g-Y(mnvi^TVABZ&OzDR3Q!IjWrHlPeKbXd+rUXSn@qc`3v=M`BeTa-m zz@@Rj5L5W6HpIU;@&`cPi*xEs5fqZz*<-x8fFw6Iq`*hVdgD)}Dae%7f4`5yb4%87 z;+-emzX!Yt;nWGoc^sXpzh;5_mKq+Qn?sRb`IUr!uk4(xg#~qNkjxj4;H;?Kq>K!V+sk)tDzt~K#T{_Y?Xt0MNV%Rq$BdR&Xo zcv#m=xn7C9G8G#1(kt)076)k$1|;v_13CVgA8f}Gz6tKUz1%0;v5a-Mv#I;zVtt4} z%(}Y^dMF+q345I0eCOzNbW0KQM2eQV-_tMm9C+ zx}kX)ez)KDIK8c=Cfzn;HO^lkLA36`5}Q}o1<&jAHC>51TTR;4*I^19PH5B*8Q}}R zFy|kwA2$gZ&|Ob523Y~*BxBpgd8jwFys2=}CnpI4wdyN7tvortK3zyKgUCl+Ob;Sh zr1x`+hkIwS@ZtO-8YF4|3T4IT{|RYB3Q!NKBnC;EwGtnVNe$MN&HWJUlu5!-i|RX* zZgwzg3(heP-zz);3X0 z{KHOY>BqL^5IiV$vxzLn@;bMJrO@Zv(=+(|Jo-gtHH~^DT$l1S05l|TEf84~inLFZ zolZPj6;m*1pdu>1fkJY$lxDJXWS=1<+SO6i85#Hj^qGKI@@lpL+jYU6Vm#qY8slTU`P-7z8dLnc zF3(YmgciaSX1V&1)f@SL2E;o*gBWEOKASLp<7%n96IfR!TikHK&A0oU_}T z$v9x{8Fv=$MxbS2p6$|J7NP9FGqWs8t0o=Pi8_tDJyH4xSJA~tz0;h=BUj0VMwf>c zT9`AVaE4`&ExqM5gJW2geD-X|B?=l8-IwW?Wj*Lpn4pzHTc`hJ6W_2}i%qPL#Uh}f zXW|`0Hdoo}=?+AK*#~;aE-?RNiq6HfQLUDF&muWoez!CtJHBeP?R&R8ky-EUd>W6; z148X^ZsPNv(q@@&9NK(U6?J$RK%~{}4j@*ymePy=CI^9$CU;m66{dpz%I32XKKmic zTyY3P*L{)|xBTFbz0)A{%c>NC5x+jvt>I)qTQUUuA{gQF68lLNoO*lq0`RFdlYxI& zb?E6N`rnB8U)H1!4bbwsR>E#KXhN5$3F+00tZu)YtYeDj34Wv{%=-NyHQr^6_i%5Y zgk^X$7T6lz;c_4%cR_KASeX8_c&w(1+`&1bDr^6C2@Hwqt9A(b*%?BhmwHnbI!-o!UBLeO;|yPx!v>zXfAx~> z2cvVPPS*H#FM4W*?hJ z)PFXPH(xcTsXX4dqz~h5d}B^yGM{|EpO^>~m6-;3ligu)_1~6PaO~5b<7SI@5wa~j zq~duW%R&H_8^xS!+TGaj!TIQ?fqk>d=Of|Y$Z(u9QHEnZJ{KM%V}?@o&IYr<3aqX@ z;2ELh+q|VEFppZB&Y172?(X|D69~tZXBz~E^%ZvuxOtA6bIr8S-yitMH}UM0%^{Es zEO^djQAo)kftKSBa1W7INj^crM^wF8Yn-dXBE`<0^`OTBMq_D=2pG)^x6SoEp6@j_yr? z;o3Dtgj&+`**u*A%{y^2kk3s9?$zxIcj}?@hmzU@z3%0f$6>lRb0_d8<|e*7u6(%3 zBTfFYw^*NE#`;EF>*wB9@|Gd(O!Mu#x8WCAqOJ-jTuMEb#ubHGuKkqxbOx2r&!6S9 zzG`^CN;oatl#mVwQkMeBcB>>sD)|<#(}P|EWrc3FGHNSGzum0e1cIe1 z{5<=uKiITN#Eq9g3mb@BH(-M@@PqC-jWuMt1Z;>!)OaLcc6A8@YE+(B%_`-V zhRacyWQ@K3BwhE{wk&BeuqO_^T`Jmi$y17q*B_c(bQ`0j=+G~!=UpEV2RrT=ZX)1C z-NgfR!$H7l1%AOILs8mY02S@Hw$aXnV?zSFl6)q0U<0Qw*)8~mIB!i&ilPl-j$x1%>1OCw>6TW& z_)hQpx}NWS-uEAv`TdS_AN$yQ?X}ic1AVwsSjYvl{}ny%?m7rU{~vrFhbjhH_JB#A zY>!I`tSm3M4eF+@nHe1STJAga`Ccqh$;aPetaG>1h3YI|k$BXcrxD*M4OU(P#3;=1 zr&btLt;}NmLcVjvVU^2(sAc3;FOXiZ;#3FF9eLl@i15S{Kh@rNIwXxZOXeA0Obp=`;hm51u-dyr;jH z>6RisnNDG+z3yC^s{lYaW#Zc5&aEi1R(CfiwJIR~X}g+(_cD;6+*KH;zbA!g`UbXM z`!(9z5S%jNh(+jBtXh;exCLc@Q#h^R-u9hojQ{qX7DoN{R`x=exqrIS7|@@USll}F zHHPI^h|CBGUi>_9ZITJEynI||zpV9|R!L~u6A>dNZ{bFy1=OxTU_0EcUW$3u=9flX zE>LdHN%fOOzmc2gxE+0{Ed3Etva&|KhTv|qwLZ$gR|-GLU0tYibaHwO~WN{WgnYpX{%i%6 zvO#-+>^fE_0Z0_xkI4lh+x=$j;KQ9`9hzCB3=D%pYMGO40y9P>nNO~Z( zEYqE4pkGzTwo5ulS~qGI+dkceeF3BAoWWcPHU4NN(6)lo{#Fnek^^c1@cn};FR3?T zaXFxQ#{!j!z#{V#d&pkt=eWurdLm65A3VdDvSYc?P$%hUXD6rAza>UcMT&mq(C^3$ zpslwrPrdg=ZnU+YeB4+-hdOkWUl0F=Ew|uvO&o5VD0v6{G5dLxAGmT>?_lq~3Y(bd zEj%V=R7=c({w6Yu(~!Q|$`*Y@B8@LM-LpeXYDoyiK>Y@HC2FI-IebRcH8%G8 zeV6X6n#)K~3J3C1=UOF&s;`VCg>Cll+=yV;U%_{v9b_bwZAgQF?VlEjN(nQo@L(^a=JA{|SZHy! z0-baN<;Ih5?w>_+*E-o;~(3>)}EqF5A&zE{SOV<16WN>YG4HZqi zKL*{b#cm?$oA4L0W+M<-wDJRuMYakT>#?19OCAiqkAMeLv#+@C{*ABAcxdo&=K=$k zm{7fYJjTbcUn9 zj#>Z5B=#?E0sRYHXr|J!+-jQ{jZlH#xH9u};dO)Wf4g_8KI;(D$@VKT;tsK7MwVM- zT+Y@t%Y&V)#tXgogVN&&YJe;sl_Y}z6j-Ggl{-QXz)M{TY&&bm)?D z*3#0}qPH%v>JN<8CXQ0UNDFR)uRtya4&i+cG+Maz2Mlz$*2)o__vPaTvJUok_Jm1H z0WC~^!`3|7E5=4ZY}w$aY%z(w_UPfL%rpLR3FnB3x&K%@-rLfmPe z^)?~FY2R}1-m&`Wda{dR1uGZ}akw9#S{P`d> zKrZn)V2FSo{8jdT<#hU3j?}4)nL*2TLlXd#nUNFn`k^%x=fBC_`VssW7NCMW-Cu z*~Wb(R0mF|fYOqcfowa9BZ3MRxdJ4lvK3U8wS2o50!-8VAm8@xN*nCDLWLg}8+_-% zkq5A3%&y7K462_%$dB4z3JvO0q@k^w<6puuzCcHMV?vYoL}}LBN^hr6Tx*p+-(^S2 z`XL-sJ&0XR*?Em z8X7PbsW5TN=tnM#{xu%a^5r{NADpwQKyqs{eotJD4QzHJ!!fOvN#OZCTi%vE6U@iG z3#yzR+14__2U30k__9;{zcRyr9StyG6h`K${G*PRtUfjpCw}{wZ9L=yV#Kv(C&rK`91@l7{Q~FlBZ?<@IkYa3bqJE&Q@pFB0 zP~NzIj=<3dGC<&}-Qr*u{emIioI|guhGttuD0cq))KQ306AC(l_wE=7@21}!ZuxMT zwu;xdt|t#|o>@u~o-XABgOpObqSz+!E@t0--?WI`gl0o#W%Z>Fcxju`dRvR_AGe_J zSN<06N5IDkePC9}&L8UZM(>RciC))C>>&Rox*@5%aTATD9bbrp`RYdg!Q*23rN+|i z*LW*9@{RCaB=p1=RwG;uS`Z|Zmt3eFo|`dgE&$MDWtfwNjRcU*iT_133;{l%#x0(d z+5y1(kDOn8F%uoo!T-w6?861tVyd%>aoYw^VGAPTYxYz@TdFfgB`aF9V<;N;21*MZ z+{Oh`06b1F6=HY{Kam=+u8fryaM>t0g-)Nkasi4*81;TM%Ut$Ie|{kEttjtCr+uK; zw@JnoSb|*CJ;VKX#3lpy#jr+E(xwNYu|kRC?jv@B`fb2;`@KYY1tc#Qkyr&!4^RBDLMt6tL&@QR;v##QmRU*dY{Yayl$n|D?XtkwD zYBw-q0?y|6DGj;l(mF{^?f3Ra*%!sbm^Sgx?|m{n{N;LzQ`>Uzit&8#v}^molFz^m z<@gluk-i3AiwmS$gJbd(%j%9x zPXF6`1A|@tBeXu}npryV7q>R|C*P1+_s*U5_F>EGtJ8k z#lS-HsZ635;Tl4-$9KhLv9&UqmANrHhSryz@G@d6361;pGLy+BxIX!-WXtBbN5-#%Qwjt9%m-_=AOthhx)pIvXYm#wWS7hG{>vi&^3`&@`Mq;;~8?)iGPQ)$yjJt zEl?n|B3;BXNnxan``9+-(WXoJJkM#FUWx|vGE{_TTt!!LypK-9hBzN}xw-<;`c-~* z`~bXeugle7FTC07gZZaf9bh!ME9ZiK( zJ#6>|J%O&Z=>Vw-@#_b>Ecu3o$1tD z@jkVdR4K{09K>`d!2u;vJ{U2cm?zV#8q@C<_UB)?ndt@0Y#rWCG%W+3=C$Qzai(OI z4$EeRLTbK&1IfL^$cYIX%*pNzO}R!=|8(Jz=4 z=YxHjsGfC;vDAI}8FXn@>?@^=w#z$>63%5c5oHsN?4!@>&9x!zARU`-g&wDyaGt?Wy_d|u*pU4 z{?!8A;jb5)ElF}D>jv6kG}27kHbUTSqqmcdx+0_7#GeiHOY!+*g29!&{w&Lz3@VTb zfJk7pVh;!Q|Fudz=}AMtG3GzQ-u-V3^TGiF%<6YQw=Wl_s)yN|WaZlWMZFx0*xymQ zO4GA1vYCN%^y}=%Cm-RGQy;{Wr8-M?lqXI4Pz1bJ>E%AD7`aGP9oH=(GA@&K_?fl& zH1J3GKq)ZoCOcf*b5Fya$L=%7fr6Dy-VTuXBSRe^M*&LOB?luvGVs-??1(yAnf%;b zVMFuFmHoi?MaT4ySt5(tM*QyUwqaacz_B}ErOpz0%FEl92P{ob$=N9l&h3SK zrH8Efdvt9NLavV1Q;V;ZC8ci|G?f~#>UDTxQ$#w1LXVdlO9K{#Txg)n#bL2k(M`vM zzko)`Hh60zpNl_Lt$9}M-j4->*%us4=Z!OYA;ifl&jv`hh;2iM0HJBsgIddYMD2q1H9fDAu$;4RlQ!nfdBQE}o07bbj(fEYJ|ebe@>cv^tTk`_PU)&gO- z?IcU}MV#FVA~{o_wyzY7MA@4g5M%$BmuzSg{Ec1Hk2=js6Yd@AAGc;kY@*rnZyLbM zztY72G+}|nlk3t2;+~&Kmv@9?c72ioXLIeekQRd`4$?>>j%EHf<&`CzB<6H~_M1|5 z%xady=S*Lr=Q*B@KWdPEc%Y1I5O(5#0;?LLz&W zbn5&?^jJQ4U$V*-1FF9XDmzNR)&6*G#cSx)Mx;hnqyPJ02&G>Vtwe#4%M@bJ4 z!ai^e#+9YG*4-BHdD2FMy?`pIk@_E%(HARz_SKz>#gs+}~rJeNJO#;uL%E~5l zW_7P|V%gPdV;EACEWt>`biV0o3aVme`U@l`T6y|ppcxBbABqa1M4FKYA2)31i_~F5 zHx7C1ZMY}(@0AKoRJse*%X17wld z<}xT|lFIb<;=hcg{~>dH7$3g-$+H@e9VLU6ZLTr{yJ)w(#;h?u?O7J$Q6<(Q?zL@5 zbyZ3ZJGvIb-ExC@ve4ffS3?%;+p0IFUt)sV*YE^^|Myh-VOS>ut=vh-2&^ZlR_6X^@EI4aL@$hq-IbA`?UU24QL+f z$hFy~a~A&0+>UcJEyR1IQzLbaH03s(Tizhxq~hU)g26_oGnjeKjzNr^=_-dn!`Ok*y2=GPh$~S@Xrqz8gZZWFwqP;RQ-^5q} zLMc2UB*;8>JqyKO6>f1^Ujp#Hu?&2Fn_v@@=}sv@?^EMH|h@?_Tg>_V0xQ`6uZ0p<>HpnNWi3mLUkNlHuXRx~T>wJ}&|7e5?6 z9o&34Z&&X%E`J(Zk-I49lI2=J?!MH;MWMk;v~_N30!>|MAqNY!7Md(>I_h2@$u^di zVO`tn$266zZLI-oO^1=X1`bqZ?@W?(q|_2t&;y{T{8;>NRSEqt zj`)-2VPTHE^fDxb02c8*J83d^mX*-jKse=f&;(Y9=&1#_pUJD0 zb1|m=Ry#6YP!o1F%gmxqy!MWgp)=BFk|ypde$Hm~oYl_~oQ2<@E8BH_4fQV|L|mnZJn@3OPQ)KUpuJ1}V81eNIuVAhHI$5={`) zf{ttg*EivZuZoct!N1=Y#qlmv>-y_ItUvw|J{aB}fV8}4)_!Vu-R_B$&XDKRaW>m_ zg5b66$xGrdW6`_gft6dJ@PSs-OQC_AC3DvBX(adO@6W@^l}`H%{ODZIU4GNZt$NIy z9oFQ3FXe!4aD{vYAcVK_`2TP=0kfP@9rY%c6IMMM?vFU$2$7Sg6gJbt&rXc_ye6`q zo1(1%#^hGh&a?UOmoI0Zm=dpOWvIe`d2XSNj`455344Hm!Xv2FS$JPCW9-&;9*4+( zcqflRfYr9NaQM0H(Uao$W~qk4>kW@m-%l`vCHt$ci^L5T)l;Y-n1fTd8UY*tS>q1q z3>+`pf!SHAYwbhVK^3-or{uACDINql5qciluA>S1s*sRIJd4nT(8=1&yVI7CGE3ho zOFJ$ZD_?eKBTaT|k>gMX>3BrlknHc|%7faQZ;{J`7K%=;3BYx^z&4wBphq>wGcVeu zrq&GrV+xU)cM~z;?RElH=hX?6XWkEGe$dt?`v11sf}`3PLq>Y6Oqd0cH-Q=wJnfyBj^V@P|xh zV}De~BkmH;4qTQc%zuu1yb&JBQ(fB2`x1a4vDI7OIvx}T*@>dPfC1~KkR1ENEddf5 z--d5IaeaJa&x5#{ci#atL9jkEw~0oxYRpco0sibSO_$r1VtqdH?JQ^e^9&QH#5dL{ z4^-Ks0&BN!t9`4zuI%4Mf;! zuB1q=Hnx$3s9CKaQ#H!&?bI4{T0oHSN#yqA&G5Jlk+O2L+7)(H1%}7gRoAey69v9f5Lgt+DEC-)qdeXeobbmg0->AFG{>K~->Ud}Y$3FwU8$_DM(E%LqtZTBcd5 z;w=Uu_y8IMY;jEhPy-;44^Idp87?BT2a9_9`~7PgrPqPT-r}TjNJQ?Z{N6}{e5{g( zagL`I5jj?9+BFqkw&1nQ49zhqdyHX<>jqhMTG}-wuQ@Pmr2G;{in#i$*1Y6pqw21) zM4N4RUODxU5#%#5h+2yN{RnWZOv8 z+n;l+%J{ZbXmhNdl_oN`#$cM&rXnqlXw2q)>HyWk6)@*mv;(ABtr_t z{LWN?Iw(Wc<@QF$b#Js^(AY_%m$MCyrn0Ox3vCyiIC3kl_1pZ0@oXm;Co*Y@&r6Ci z76G{m%OKSPkV3vtF-<2RKtVdV<8gI;kLkpqcCO;dnp9NtG3S7pja8qj_3P9p>p2_5 zC-%E|*EmgLe8k!0?#HLNe#m=N3zetYwCOX}-pZH{#WPxmM%MGtn3p($#%xXbm%}vD zS>%bXGrQDMQXyIS>it_)sXY5OZyLs?-X%%U zSD+!lbnBS7Y-LaZu0wQ=-<)t%#>*lqPOhcv`Ab#S*@TfgqqSye2!}@)95M8zRp35f z{Pryq5qENX4mJcIhc#xgY<4cz%*E-d2t%vs2wFyzYe%I3+0=0c9#@%#gm@2PkhB!0 zs>YY}+!feGgNz(dS`MZ_>aqEob3wMAaE=_K&!ub&8VbAKRaEt1jxnKQrILBPdLA2}Aa z`r6n8dP|gfZ6p~fmB7WNpSNZBVm%HQi!%l*SD3!mQ)tOvh6LDIO~o1znclF4Du}(= zeJ9cj3`XU~0Jpg&I?KAL>Q@Np_=USZqglM~99Og{2yj96UxwrJ)N#`cq0NoJA!I z8e8|1>Vkz=i|UNiYK!rM%tKqwi~TG^)*aqlTz!FW9E~O8S75sd0NUL+xF#K?XlA7Una! z)iCovHn;(t^FLZWZ1`vY@8}$Crg~}YD0TssQ5jcZT_(uC!}K25N%CbZS)hT~oNg+! z3N&%#abHS2w<=ZyYYdRTQ)8j6^#_e`2`a-;*qkhj0r?hG;KSh{>=y%G0JA5k8wX$2 z^8-9qeym19&R3p!M1ZhjcsD^wXFMkH4jk3m3L{Uq64K$63+6OQ8`90p}H+7^Rk|H{nRyK#? zX}cL#n9EqUau);zgt5>cmNrVOA%EoN205@KYxWTiBtE&D9pmpzGp-k(dlQ zI9qxP73fmBs*ZhmOsLnC^DLW5FR8!iw*&pxZ>Nuo#5Z&65}d&?J~}b5o97&~YATlU z>AymB8^4@?X_9K2B!0?Vy}E*Sowv{Z4kTD@C+ed0>2euZ9U5ir#$h^+J|^@oGs4Xy zA!b1Owaw)mJS|?37tB~Wx+n<5bcOzZU~}jLCcx!Xl$th*)PtDXNSiYtz|K|K8+xK+$Y-lhN?hobTl^|SXg?^B8 zXJ=%$((q#>)?yiI4w131o89g5_Mp$@X(!jAb9WwUIUEEY(RMd>X*Xq}_vCR!HahEu zV`5_DAP~%9WpWUo-^O@u@XB%Pd_&j8TLft-#5+fO9bKHNQJ>E^9KuJs!EyV7f&HFv zTEk7+*8@#CsNrQ@)wA|w1vL8$sNnnyUP^on68h+!mO>q)hs9HpLz{Yl@OMA)lwve!)*rDpWTBHszg(1!6<0bn~4e`15(#Ee z%SXJ)odBUoaLlWESxeI7gLC^HXj$ee76K9+d?iXd#zhRDWoBquUH#dt6VtNQSSgsr zLVcK6LlHNr+K=kdao!A%a8~^B^I>Tv8@WaW(0VR9Rj+DjSU3^n^YhZ+N2R~X{1`CH zr&5d<_tO!xg60SH5Xo5DTE%Z*vxtb&tctIa$5jF(k|hT#Z;?o&*_a`UShnG&qx?m6W(A9aNJ@uC`YSF-^^l00ZQgPvGUf^0osInZBxrUBd(s| z2MAN)baJYg(bzO*#V&0HKjYgG3ZSy%BhNNcQD!NF0^s7(zHFJ75Ui%v5{bXyKbez! z?Q@xc!3(nMVj$7s*4ODimR(z$v3%*M*IA1R^dIaP|Hw0dtg%2sUTaqavc13G@xDEZ zHT>!Dkf5lnciU%qy&-+M-iSlYOaw{4fX4dIf6=e3-ssjLz>&*=|A&VFsSYUb%f)cYGsVxDBb*y>=pNkE-F!SpXKzCz&W6jvJ6gkqrZ=s7S z)0N+|$AfT?z62a(x2ZRw6C^P)o}5kczXh;Go0|QBDPr7j;x`5(5{AoAyU<$fogM}X z`%z?eh9eihug|;!8IT`1wf_y~F;4CAmm(zwfXv%l# z2Sib2&J(BCM-m!}G|hQacl|(JQQa)a8{!>MiTN&VM|Ix;^7^uRtRo-T17f#Y2rBKB z5|QO7o-ABhfl|0EYYP36I?v#OCzwHM}T4h!>)x6Q>$D@cZI?yU~6J+6tL6Dx|!V>yg>-u zm$PhcF*L@Ye&lG?6s!6?8iD|6IKkgF?gebIY3OL+9<9mb>FR2jGcQk+x>S$V%rl)h z>&Al-e|Pq|we3v3v=3iAVtlxDbLiKlv25iPSgw4d$`|@u#yoK;J?LkhHz(A({a@vi zC#Y}AAMz@#u2NA^$o;V*K=$zD9Kr~$2ABtDG3;JcT=)wFzddK*CKf_C9C^63$+hK?hWdN>o#f=f?$NlBin z+~m~Vw6e7SPf-W(Us-W(08(8pG@Je1X2%WQ8BQj}D|491@J@|5!{VjB1LWjY$@9!| zJ_FK}#i;bss__ZCqW^Fnw8pm@w7^x)3aT~I*CeGoKIemcjJuH(=O&)A&b(t$la5YT zYV}I-_>jeTD^hPO&IJ?=FyuTZ1f)R>&M)vNecV3agVi#EZAnOA6{<7^TJjcxdZe$g{E-hxPl(wLB$N zP#(l1pdxziB5NdpHq(TZ$+3Z__dx7>b_}XG*EqwcB-9D@vW>F=u_J75R)5v*{Y9U1|r~{>F`MZj-S8A>XApAtpxQwP~F9zvh6=b0$_ zL@*CpS<4<&4@S+hJx`*$brw`(Yj@IxQ!hF(?6U~Orfb8mQbrmL0|TFy#@iNe@mf7; zV`vX_c1F~K63Z5sRPsXH**UBI<=P-g;>DcGO*O2NJ(LM|DO|mElZx&5D5M)^;a2I8hw;m`KfBF+p$xF8Ozxv>P-5FG1xWMy5U zLD~!a+^>o!X^CDrd<%P-=S@c0Uee$`bi%anR=Xg<@5#FE9lmoj?0qI>2u?<7L1CV@ zY^(RRWl#s?6@I8X!AFytgTL*eJnlb0k|BVFo;=MSb~I#x23pJ$*mh4fGxT`7e^Yr2 zY;(8w^1huRX~o~BQ%T5BO3zF)S_MRsmtwVu_!@$qPJwqMrJD7GCBE#6CzYBd{c&cI zRComWoj}<@wB^5lx8E>mLtyz^N84tS%NKz)C=jb{En*GtJ1`%Lv~K)xcoSR8^;_VN z5_dUyEUFqhC@|fBu5p|lM)^pL)YAaml z!p%*1V0&Nf$XnJpg2^KkGrrV@)XVE@g+Lv`6x(;ubCjXE2FCi>NYNL%%goW6rzP1~ z?c_04!}6+11DN-48elMaY0@Nsfa^EF5ep58bgy6ccQY_hTTc_%WS0rcHW+6HZ{!m~GA=~PN*VOwv+d)a- z74}Q)`70B+4-@O&de2pmP|T4O;|HNtgG}X|7xwVQiJCQ8f7X=k;OoLO1`T=5GqKyE za9V+0m$WZ$RnyysHTHG{m9?pZ*jYIb&x7|F7Ah*q$e7Z5Be9s|FK*MnN~;EN-;nzhm7?skMfVdP<`~$}i%yu35Z_Pa6s+&;61E97^$t8+E1yW{ zM)iu;7Z*!sdr?t-bb?rJpk$UkUu+#sjHcDynS5vDN~@H){G&N5^YZL$`yaIL^OeG@tX~-w zj7C!LkQV2!K($_5PuV4u9tc)E^>V!Bd!3U@u-qsHZYQn8))^rapd;5FQh4!QabFD) z_WSylB$KLM@*82v4e|jU&8&Di@?{NS5&AEbl;$-qz2%7juIH%$`eWyQh80JbtIDdm z4I1)e6`eBlVARcxhqK9tR;dgcqW(=Gt>#s4`u zO1SclqI@PPpDxx&EVNLMs+CwL^o~O!&k7Z)pKW2?!z(8(UX(;Ptu0Ve(k2i%_h>)g zOA<#4+#)cuC#9XPSp!iCcq+#ZPhhrrs;tgwpv))-BfwcM=eMFUB_MwW)_p%DP3q`; z0tz&SHos~h^5@QCn+WDM$z)J5M*|Rk3&#il;2nsU>cILs>EOwrV2ms5fLg9Uq@A`5 zRSr$zV_dUycR^uCK38cmll6Xm3O~>o+*xF44^`2pddoh)$&N``;1}NQG%N6lmmRTBEB{(b`(-d?dM|YK#Ec$3ijFZ)bqe9sM%9N=KFz? zxr~Y5)JDIa{ax^)@|TGW)E`nxUtCbICMS&M5>Tnbds4LKw7L?%k4*t$QzB%|z5=Zt zj&&2G$)VOt<{~^@+0~&V5|j4d50;);ezTG_^ZL6U(Cv8nWB3xSe|yp}m3u_-*mL58 z`r(juF3tpQ;$6fvegbdO%Ya>5YNzKmbbyNW8 z$>n$3b(7CWc%-3FTGC`BLQbH?sicErW;P+}kU^&_We!C%x1`Ipc+fw)>^_LA4U%?x zq$o#+Jv_odvF8vFUr0?y_4tq(sIRXTn`+exTN{kQhvUEXKj}M}2ET9hEWB@{-QukM zJ=iwZ@xZEXC&DYORjrvGA}02?wRzC?FV=6L4fWMsq~p`tNzZf98R;3kmdTayi*jX*a zCiVF;zjwBMsj%M3G_3CCqA{!$VR*V2O8+xn!_DCg|A`#VuV|!faI*iWp+I>9yRUR) zqfkN~%rNDi!Lgl3Um0~wrRCEliuXww6AiASQw-ANj8aG_diM+{DbZ?Ozb-6j@=-Xs z;`{k-rl&;So$vUMP7|ByNX~;|S#*ukyHb{bPMSH{9P6GwSmNsfa{8@;KL!At;(LIxs?L}3T}8Z>2f$87 zQ#=dDYo4ZtLw?$~7frBZS^jVJH`|KBJ)slsVBq8%4FB0Xg+aBXMU|xx2Q9Sr9`j6w zp?0!=C&x^dD_jW8=me>oPmL%hj-L>Tz9xUc&VVA+Z~r(;p`=!dxmV`mR>~@v2$cBD zk?$vt9q1}k?*5F_XK(zM??h;1HdcuafuwpJN!Z>Y zLnA$U7D6wfqrVMcYGOsu9v;=nl1$B~hfSr+Jk?Dl!?EmGXv*|ooz*Z`S7iaxL>)}i z&pz4(41S6RnC2jn76N5eAvmT?irTCtCG9WpVxJw)yP;OYo;|s?zICXm^?^M{B*a=PXyDnU>D5LlWD#;flH$o55+HJJM*5{h6qNxnc|XH=`CU*fNNa)feQ zOjS=hE_7vexu#d!cI3W8W9P%n4p&y@sPO<$vf-5K2Rv2P&CHl|r7JaVL@w44pUFyl z=8Jhjv>*cMoL0i=mIovO`}a+OVBTwfkPb5-$5OiQ7 zN;P&B@v)W(>Pn5XEY<;XaI(}L;O3HLCUq>i3REegXzRB~E&A*1TZyF)?2T{FoFuRF zp2k#!{Yu^-F2e{6eDPUinvBp!cW3r7`w$d)OT$}mc3mQq#yI}GSQh$u&Ed^5i%JvY zh(AYlQw_UAbw%vE8xp0N{?gxXXL24tmqO7GThT z#f1eA9i57fu(PBeLFQ685%UFUc1rB3sh?E6?4MG6+g`46brY19ga{ftxLi5Acwke# z#p6g(j?fAbm0f0Ufa8sU))!mQUGOZ<_8W^HvGPOOvPUP9@k>~p(`PgOTdExYtFQ!| z{VohnijLn)^i`_1=IuaZGiku18G?d?1?uKz*C4@<4+al(ac}C4-1XUX!$G#y>8X}H zu7%V-5ak46Dj8TU-eg4e=sDB1VOqu0E?al@wb_KX@+GlV9xGP+SE}s7wR;#w=_bZ# z``e-$DG$Ze{f0$@yV|8s50bxmdy9(|v+;XsOR%YiOftzwtGPnW8Tille@H0~9O|2S z9N;L453Y^CcMYD}ie^9d_OqhTERn@O8fwO>C`wBC8tz$VVl0#MEd51k)^k@^d`B{? ziK>@{cj#V`c_klTwzNDFe^-$_(zHD1kdv<<>g2|J%vuoicCD+KVcQE&oE!em7;FJi zbHt5x#Pa5}N*DKo;_g&rsZyA`)mgSNc>Yb!No4<2&<&v=L6y*haYES27uweeQ{Wrl zkp{SnoM-lY8RsDrh5yG$m72+S`GAZ#t`cy&2JxG>XxYCE1Uy3cSR<}Jsj8{{HcOCE zEtOec2L?zUFG`$F$Wb<<-mZn?1a9K8mMwxYqR^S&8$h)y(U332AS%0VN{2W(PyqM3 zA?AJ0zI@mHU;<8{{zez?uq$JOPVxNxOx+2v^nkNb#9$GWgVDDZ!lo+VIxlb`bnJGAuiVFA%Ri$ypv) z?CFhbCqGw?dsB1q*RSPqk8&dv?h-LS5rkJ^PhJ&qfn$ttpnytqhkkrulSYN|n$INi%Pp6K7?V z#gh%3GJ$(kcK8YqSw-(xR#8m71*Z+0sn)#dkNXyv)-~Bv&7o4fW|AS6w&Ao*Zd&JT ztay%+Z5&+;Z0()Ei{!8K87pHW=lX4I-{gPq-Q2(T&J_^T)8?Jp=vO!D@PDkE(Cyw0 zUFiu2_%AhI7WzNjrM*oc0>A|3Nb^U_TF74B(iS7iiYYVwj>nSHo1Rpx3dQXDy1wD< zyl3hfeoGuqY^k$LD!abJ_9ElScW6%Hr_PQ9CG9dc#6f;6>gCl8YwO8oVK^W*?2|n1 zlZAbA)mW#kA%H9t6V5}ezi!5f;lq3Wg_O7(`bCE!m{M$rqiR?tEfaWMG=$sblhz1N z3OnTJoy3cfEfWbl-_%O?)Z`&ztFo2qoE)w$kC{#0t(z82!U~@&4VTb}pC7!^mM|@{ zY5vTi6*x{G(2xqsBacf3NAgYf(_D@_Ism+L!H?{Y1GbRxSFM`~wU7-4W)n1Hv78Qp9=b793%6Z>q)yf2yi=+78Vx*Zv1+#M!} zu(NLPE4!B|E_RTYJ1rqNeU6h+G{AZNK>XVd0eV)SzC$(Dg~?W{{GTm9<3Dhkq>qg3 ze`jCy99BunNgt|;hzUTXf&?XQ*vUiMaA!1RzwAU*f85LBTR*z7lCZIdG;~Q!qY5_4 z_J9}7oD~}E%cm`4zLoql0xM@Wd@dDxnC(Q4WRG z{KUBT^jaizlznB-!Ua^&a(KBWeisnyCk+yXmO;y;>>=3soXRPKIhZSr9g6RI7Z%=D z6q<0j(K)k9i^^|#tGwf6_~v7iNx=6+bZ93dj@sy(fXU^P6|G#3kO9{Q0Y7oOTZUI+v#!u=`vfl^DPXM0$1#X75^gP}KE$TjXldz?l7h(@UpRBM6P zfbnJgdo5P@U%Bavf2kQ3gy2J~!N)0K-k&NWm?~270g|haZ7P(@)-K!!cF-ldY2RIZ zMf^VTd1?Pe%0W}(GH+%Cx-a7ATCj4~ZKwRlj0mGDEqswmfE9?92H+3OpN-KeUq{nb z$Bw1yyG-V)57K1J_ve*E;JBt)JS0bgA^}RWZ)ox4E@?SEh!R$(Gl=Hm?KQUsbfY@l3dD0ee+A;_#bUFF(Tg zcv!sUKF)YN$|d|F|2Ie&|0hU%)0kDvY@uV8#5nANH3e^g2^pv7qp5u@HSZ9>%xZbs zctxBt$;-nAg3kS)FF(VM&>LX!Lqr*y{9M_QM$B%|TsEXS|TBra{sP8(hmBA3a2))K4f5|d@9CIxn~UoU^1`ypdtHY0)Fz^8Kq z2!{Wk_F4n*9Hv;CVzHs!UYBZZUd) zn=>51<%^zZvx>l1cWC@5cCeq*0NtBpRM|;Df_q~mt}&~=mJ677xvM#?E?6`%eIb;y zv*^$|Xpp1MOpZU446(f_eT=8fHv7mfs_gxJdcsWeYpin^c_Q?F#W)Pmj`@E|98pMH zwtG41$QM(@Tih#PUiB;2r8i_cYs5k}OhcRTy?Fu)n!{%X<@0b2a8zE*taP315dS+v zWkL>ayP*Eg2t@}CUDnXTm4(RJ#kZWjJM@ZtNu(?U2Ki zTj~)ZhxQu1z78lpa4wv<|3(GC_^RhR*R=cdE~UEjr0=jYbAR1*C%MZz@}bZUQzgh2 z@bb(|IKki&+aG4lk=ALl?laWQ>1MMsSYUCvBY7g;{Xn#*!kTAs&-cc)V3aDLg*6#Nz>(o5_PchRLs!a4bp=1)ZGo& zCVIjm1YuLyCbOk@9#qoAJ{J2-14GtQPe1+UMpLEvy+@Tpd95HTTMlmlC*S+_Qjzx# z1y{-dJ=;xrhDCX?Ora;xO>)VqIzC3vTFV(yok!-g6LelAJsFZ^7LUQ^>}orN58Q{3 z(EsVm0M}9@nVP)0D$7x}jNk0QpwDDwRc=oQa;_((abU%n`MmabxBa>Nh%)b(hVS3s zWdHfts($m_+KPHt&(KI0R}M7l*gk5*H@&tE0O`WQ_dpkbpRn@fE~r*uOm^lu-PYP` zCiuc5^dpJ|`L-3UlfF=5XxuF&C3*~IUWXl5ZbHIuLsk5UGwthPbf9=<4icZ9DW+=< zo0NN5ls~BOzGk@lEhWJ{2F{e?^h}B`*@h4nJt4_#?kVS=Gm3Wz#Xobei;LNnxNNOd zU-NT=<~5kZxTL}DinL0kj*#k}HVdpp;Mw-X4p7u<{&l%KW*eLf1qS*LR7n0Q`KP;N za?$i}70kTHl=5Dg;Ez7cc+SNS;V$blEQ3DQuJiXk_%xoyY#Q&un>uts!De?Gv5&|E z2@3yQx~hICCZxJ}Z8qn@OB~D{YT-yY_gWh$R)ueKDS0WWX2Fh3Hn2ZFwwC-nRn1Z9 zOO36Qltziri~WpGgy!O3H5h{$E7%oN%K8}5zY0cmjOe9orf%WTo=d&fdFztP|3`@N z=R3}O^s1?P_Ntkj{xr7R%EpI@^^2H`QxkZj?eas(yKe-o6Nw*JDka3bx)IoLp4)44 zk2YQj%&ubOE^FyfT9WZQi`}+vUavpk6daA5E)JP&hk7Z@8cbRLWk!-d`j^FbAES;3 z47MmX1z7ki8O+-jtq&_M*5&JM!8~>W-C_VSB)8EL?8Xc`MiPlB$1+io$M#CKYmrxkXGMB*&wGOM-S``w!+rojCnb`!G4gDb5ygQD;Fu1w9hKhk5 zF->W-uB#ifrc^`}RAuZ+nrSlL&fKgQ7hAz}ts%3jj;XsDyUZ_@<&sDS%15hIF)I2^ zw+*zEQu89L<{2u)Xv_Z0`{s4Bj`FpU6;-y_pcf^L29|CHcT}umfG8Ydm$@(PQjzU< zd%s5iKjPjyD5`I17al}J38IoDi-2U1EE!Z7G7K3>N)D2TC@_c;9AL;<;*g`{90bX6 zh!P~HA?GM?H=dv8y|?PETes@_?mbgAe=sxb-FvOoPj^4vtJm8ix$zg6e{VmBx;4u5hQGm`?;H}kDc ze_s?cnZqQoh3yxQ#$)dh8U4+84HM#zJRj~8>hr$A>uL*{51jnDCQt8)kB_zynI~j; zDNeE^r9W}YIPsNVMZmz-T8wBZ^(u;W9=04G*QMT7!L6SPr|hNobIGvRwy`>7B>yHr zPX2A1H(bJCAGv7DnZ@-<5=$7!KY#VFypjkDOL;2KTxRQF+CI6lHL!Vc3+|$(QOC@I z3&oY>*ou5wNV=kl^MP8{Ofb4`xK*nwx--#+8w{yBEN9U+> z{bdF^aV;fp6hQ(P6$?lyb_H|Ld-+R@QKH${+5d15P-qqd+ zo%Ob`_mb+*@t_)U=C2FmKfxvvR72k-K(%Xi@$PU@CCHpEI2gX9h@15}Cd^wXv5wZ}}G3w?U{8Sm2SZa z__S50iwWinWU%8GM4FJY9b6`D6AH$9rmK54qL$Cfaso3soZt0p?w=7S+-LUl|EwG# z?`<(u`_`lEt#V?sSb`#NVy&;uQ9Q4KrK0e$8C{`+?Ym9 zoJpk@1u&1#hgOOVXP-UHP$kHk!mux9tBTVr?H>!T7;;&i3vb5`4{Cgi=D9kxuxth% zsW}_tAFQ4$pp~tDf6M;em!;@+4az$t90i8E=n=$<^pg%eP_J`Pl4$ibhb{+0rW2>R zmFSzzO{OE&qfb50$o9wNE+#(Je>W7Zw}8c9{xW*;bw!GA&NMh3qM>?7x4~+gcfaVX z`zL2T+uTX{J1@q4*|KvX3xvJ27r!w^yMio&nEQBBf~z75EHXs~sC3MqRyUM#rZPNI zB>mW4cW#2Up@qu~2_X~^U9tH<9}kd{rcY|*RD$lLBnF+Z=vMowmKCP4jxmvknBA~ z^iBOH6YFu2n;v^FZT-BjqGo_0tyv?EJH#rKsRtED9+DS+Hw&XHM*n#OxdPCoV`3nO zOK}ik#oRObNM7}Mj#Ci%-BevzAW$a|I={H2Repp$vS1fm0&IYAWZNEA-9=>#D*k%u zVfIOt>Lnqzi+VQIvQ0LL)9}FMv3i8OvljZz;~+;aI|Tgf^d_C;nF&lUZMV#Xa2ldcUGAHs1J1KSi^TcTL&lpjRRX( zk;P1*B)H)5QoD$uv^ej0-u^pFT1OJ~-ZP71Ci)^%UvP{;SfBJ$Y>1+{^NOhVS+mQJ(#}x4&X5 zn?AUkA*kVK^BQ1cNL4DF*N4%Amg+&l4E&X(#${o;0zF{bvV+QdLOapJ&mK>=2sJG` zBc(#MKD-2yA|RO9zt64o0vA%l2Q-da*YD|R2v&Q4;Zm>pn2^Y4E16{U2^y1pg7>@T zv1J%eEvtYl?%k$(4x{1Rmo$!e?&(wGaB57>0V0hq9|xf^;YSd^-qUkcEl3rkAupI3 z1NX%*U!yxJ3vsr@#5&nj8lLbc%#%Ln<;8a;-@r`L=#Gm=kHxX_E%>%zI_CApW4ka+_`KSW3A``*(HeoZc8{ct?)P%EvgL| zRcorrbF{x4+J^6+30dRz6zHJYRJ9>{v7VcI&-@f^pN^shI09zpN-YV`IZ1e}V3|7v zy&*^Ujj5QE@XF*4WF&&K4}hNLqPHbg16l71lLwut_aeF{9|{#vx7w^xu8W2;an-7Y z7>-6nXtZ@j)_yewQM@m>cG_u6zSq}s3ocxoLTc}B`pXo~kh0&w3W%xx@4m8FvZ`jv zdFOzXyXgM#|KL2u#xyN|{Y=S-yJLAiM>@}*y?iBf>mVSp3hjTG?wxic)Z>iw&fy{=02oA5(?iF-X<*^Mvem&@CTC@jx%I0mnx@Dk{$=DNr=a3OtNR zH+s`;!jkti7p)QB5?&rVSP9hq7_TuKzU|LcM^fPA+DdjOO-J{vR5*sNinfS>=fZCT z0)Uzqu>S6UD0m{K0LO>*!^PPk&DIjt{;6a_re8l49sRuJrvhnWoFR}6d>bin5-5F|UdSx+*ors9_ z)IJ^w@b~N*Mac+LjW2{lFGLSOD@yLl9P=WvQ5h`roq9shOh#C#QiDU<+B(vOy80py8){%xJdD)Xr9XY~4x0-3gfB+W}LqUW3iIj7AC4g>qMHSS+~3&RdI48=^~ zA-e7_Ke!soYsFLdoo?$_+`ebdA}lwaqpHqO_T0;32q@8U{=m?d-Jb50pjs}~0c=?^ zJW&jTsk6#HSXOcCkB`^EwYNHrpnOx&37j`OOqZpM#Q$epSZ@6-oRf@Tdu(#7GAjFMX7trozXHO+~`h@(8?zeen~n1pBJ}qb{J5q?0rNx z0%ItgGakuMfwJTeyqYn z7*>ii1n_zXk#*|w@@?n|NUiBLJ3oxM#p>MC(SJyx2aH0bFX-OBWqHrSETev%n4v#} z@}+9nS@7*~IvKRoI+<0}ni7`aV(kzk(;#sJ2VQS8|I3hThS8_w*%H;g z7d?IOP5WQM7-7V|3Ut6a{EVweW2bN1#oqbxi9A8SER9CWOV~JVo||#oGC=qVLgeFV zhz+-)^66}-ipWlWY5#!_^scUWb8SPB>k6IB-qNFf55(yU-V9Qd@ zuCzpkOc_IH0Uh6wRkgtGktpF9yFw*lI8_92%*Q)}^V=e;d9SmG;?x2bEML;)t!oVy z!!`8gVTM#gI#Rt95m2X1!n+06Efh?8@9&7|>hPU&jm>9NhMF z-EYZ09J+@1x0wNHU~SECIKiex^e5I-;@->gA5)oM#1v^|dBdWJf4nx7nD^@@C|Py< z2~p%^scneB6%G&yrB~d{t5Zp)a4jxL@MYss9pEkbGOmv^XZcdpw;)H3jb9*3?9txY zC!E#jxK)`+;{vOw_k5xA(Q&;;#21~Z71{!g-rw=DL?Qs;0Q}3j`w#E%7E5+NH(e7r zR+M;!3XAP2p!4rcy!bxx-_3}d_H7|GNSm2Xd{oQ%s6W9cYWo5c=X_KL;v3Z?P)fb^ zK}srWHA{vMBqljXk{g=0sh&UC?5^Ml2Rf^$SWSwg$8Qqq~BFmRX4}M5c zQqUcQ;UsV!A(&q+#9NJB5ImG;=#Id0O45;7%Fc5Tz z*%5)=5tgFoPnvnX-e0n|9ruJdQzlCPLz0fSXog3o;GLnXx%vH&0`PH;*eFf2BLGLw z*}H<`X}2uTN6^n;h8^@eZ9D~5txH}Hf1U3?)X+4Mj4{=CNH0j8m}nxgDB^|AT;;n@ zl1XT$nbYxVzsr)#pS+K4%EXTl>MR&b$6nF)-!8j5F4~vr8`2t~ozy1L}OLyCT6n2wMJ zWfkHByHmbYk_X7jKxoQDyh!-+&WV6+>dH}3;HY%2UZg)?8(W%$lpyfkb9NGZ9?W&v z9)H&PZ=94OQ%5r;_58147f*~UkhpQdL)X1L=6_`k zI;ZFu@+sQh!0}}#zrYRb!P9cZeKb$Z6U3X#1}49|FdC%&Fc*LR$MQGiX{zoaR+M({ zD&6|v?$;$)w3G)rv-g3U%Me5-8e*W{M2?qd0EyZ4P-yI3yEr7*uq|dX)1Qh@z!OZt`Gul{uOxZ7>NZ>=BP49z}Xy z34UiRoAw+VI&hkV*wliGnQ$LzhTM4-XLxk?5rY!?bN*yT7EYg=v~r>n{u%fv*CcB= zSRR3jqF#5Fj=h-1Za#+gn?90;_^ceIP0PB^lt6Orpzy&x9sFa0Jeo!+J3hf8lndF%f zWjJB36Q^vp_vZN)?PKqD*%my}FiNP7;s6ulq?r)6_?oE|Sd!&sbW*+wnIx3jbfQ1$ zY7v`*L7z7cCbRvSYEbImY&|i(Z0=h>B(bZEV9uR0roSV&X@M0KG0@?;j!=J_M-hzli2i9FV{rUoz+w3Cj`e(BBaeT{%Bdlu$i<4m;P*R&ch5_Eh*s# z5kY3GNjzKC(r`vLTzL-`$gRZkDyKcY@$CbGDsvucvm8iNf>xA1zbf*#=Vs1!_4oAS ze}Fud{C}EZRW#ABLe}j_tPiCR6iv$H0Z$-~^p7WCxHpt>y*@dVXNCV*mAi?OYT6TwcPq79dj3=l>6(n3a9Am2KeaH;So=8kr?|U7vjeOOpdCr!K=Iw1 zrfRKAD9O=K*ISaKThT3PHGVmr5r=D^W!wc^S zVwyb^*jO6*3I7h_Bub8$LCfcE;fm_udwE##@Y2KG7f_d%N~LcIb!wSN4lKW>Ef7~g z&L$|CmAWa7ADesZ1|v%>{0Dl2Q%~;3-8z!HTdEbc*W||frIfP!=adWKvPjcGe5dYDf7#+S;`*?6#Ut0%pA7Z`#WBAdZiB_lmx5a_UmcA7-EjdZ9 zX3(YKb2kkXD{+{R07!t2Rw!ZM}QOQcw=;e#S}xVHu~k=ibk|~6=Tw!c%{`}dGImtJvg+?gW$=AW67EY ztOm4LJ@KhxWGrJX zz-$j9G%Iy6Q z%YG8-#8DdtB8J=YPI022R6TJ~cNP27xf{^zM}L!NI1w3c-{gSvd!6$(=RDTnx8NU% ziD_1Vlr&^NsHWQqPZEC2Aa&257YBl*{Gt+>Bg^v?reG-IPwE+KB2xJ)a}TcW951WB$dxzvZ+CjXYe0~yQ7N-oQj7*s%KWy}Y zKO*qw{%u91%qy1zk&7`i!yBYWdM;1d6ydoLQOo{o+A01$?Xs$#*_LSLzG|2pK~caz z0Y5gL1nyAro2K(;w%_jkWhVf)SL!$}X8nm?QTnHie?q3;40^d3E|{<~KlFpP zr^=zhf~qMBn&kxGoG9LgR1q?)l=!$2Qboe#IOdQx<^x%5wDCO)wz4%5Dmmqdr(foh zo*P`qYA*MlACZysFW}zR7!Alpskm{NO2#xq5aIQ+mw$FgedEWJAet)3foqLeb?a?~ z!3`z4t?d8Cn4bYS2mD`9)NR0G8`a9oJ8O#`vGkBmZ0Z8av*HIRkEZFZINTOWN9ZVh zD6l8)&@)3_t~slN(V!(Wt;gTI zIe-pGiT-V({S8=*cjVo)MI|$rkbto!!enK+QT;4T>_lVYDopZ;Qe6GTquYK(Om7YT&`J$= z)NfNh4Ckg~&i?ZJm%#*`OvF<{&B&qXcm5Aevsg@Hos7a8Z*To5cV7B}!}~*T0e8;f za4p-OpHq(HZG;I-kg{8WE3XfLCM>ck>CGjm2TJauEH%X`nQrjepP~5X_Fr5;gnLOj zKp%ax=9yU01r*_rV+Ay}j`8hLknT2rp-SmI!>b5rr+BI~S(gPzpaSoO%$wJ8hv~j- zSiY}K*IP4k40TM2vBM zq9~v7<8HnPhp#@ok;O-u;2#KUz7NV~0q3U~CHiGv7GU3qlPdJ@k)bzfyW1;< z|BK<1p6-?bHPGt*6)-)t$Dm4#jpuv`P}_h!*Yyxp@JdR>fk1nG3dh6Q^5XbPi*QqU+ zs$gawp3LdDt%J`6zP1y=tX|;r@bJ7aG1ILyHIt4vVf=6c+mv12yDJi58fxNo=pj&H z`n^}iW5vDE17tJeP4k}YY3Vhi7lAZ8$aHWfMB!a~_Wa6#x=sBZdEIIQGC#<3O~luAeo zw9u(5HefFxEWg>E(lN<2-$8tKMY__(g7Sml1+ zq066*6nDXKz91q3@W<`e&`q)s#8MH100@I>vVZ;*-T$curvbj0CP)7Pg=iU|&Q5~y z)xWOEaQ4(R!49bBl$Z*?`9F}#7bviq9Lk+>Q+EbZk0|VZee+8p%zs@E_$*mA96`Q8 zaq~6sY9@T$_5-#(S*QF!+@g`|Umt=7-`(8h&&%!EfBom5Yu|k8WB&A}*U-&tF8=@f zPyg(H2d?%1^JQ;#)&Cz|750DY!Tt{=fPs?#qY~WMzyG8JH~0TfO7O4y|K}ut{ohxy z|LsbI{l8H1|BVE|`2R;G_%r|iK?(j@fB#P;_$F^8J+rbH3uc@Ceb^ii9Oc#71QVTl z<=8Xz>G~L*6X2oj?fiLQcSoS`Cv3&Y#M4qLdWGU<#{g*U_ImJ9g>(CQ!kbqb&Qh6a zxPDR0mZfpVCEB4^j%Uh!CQg-cB8>X~9lr zRO((rthaZ#942Olp-g|wRSx|TX<-g8QEb%8(n@AlCgZbp<3*?gtkzB6)APNao{WWs zy-eT}@4NVfvAes0oojJFKYxDhVC+EZ09KP`3B3N2(nh>Y9BsNx{AjPNT3V0uN=_O_ z88F7$kqK(2V{3v+T~f>5$8VZGdT%VKmhsI>-aL~}PaeNLc|?HAn3w&!Hv{Slg&^*Gvxi25^>=-XOnbYM!;%q$v})72zCesEwZ zZw$29o>c=SDcDMttW3R)_2vGwG6hIAXO&@5o<5|atq%K|9G)8#8jAQbie89}j0ARZ zA9&X@4MC(-C*#8J2$*F!2l!;X^X!*V0mLKib;`j`cjh+pV4_Ta&6>&70CP)H$HHs9=>Bb;tLwW_bh1*p zdboeV&^c^m;rwgq`O{agLLe7~jzvPouN)z-RHR!W`mJqI{(}Yn!H>48a3ntD^Nc0( zTs;nn(NbR_C3=>fA>Hw#{YU#V28QK${fNlO!c1gV&`2n+$Wv~mY{K;Pbh@WcDLNJf z^b;P9WI3F@dxt`Cb#*ag`AJ3l=S>PBS30oQ9%mq7J}p|qvCi7ORztI{infs4m5ck$ zzuHJLlteB*tt6(+{Jzu@Kef$XNyKP2jaKK=Q{tx%%$4r^SuTfr?%k)*f z&TKj|+;7PUNwB*E8Yha>ZQ>~vB;s>@+SvFLHa8P;X!NSp=W_gt|K!}RfxXTSb!3@M z@gc^lF&8u`vwq*|&Hdazx=!De`kb@ri2$eJQ*U-Q7LsvNA`(;6Rr+V^bjb8aj|kaU z(p@rScEd$>RK0b~P z!M2gZ!qw}`)(HXv!^|@W%sJnpEOG(Ak%>TQ2H}M)fv13oZ>vJ!Z1E|{bFUfvP__|%t#xf%#Y$PUl!I)_6!x?zn788 zscw#U!aS<%(vlO0$S-ch4X^$8VS!!=j? zl#9^$y3y=->{;W{r=7Zducqnx!HeFRe9JwS6fR!oiz?C82*j;#IjQOIbgL&V4m)U% z+l2}RrVPASi*rMz{d60Oc7l!Wt2QUe=u6{kj51`J3f8#Gb}^SYgrr&MeN{?{ii(Jc zh>y2Sc3D|j$pZF2wY9fnVPTt_nmT(5kyBE7@;y;0R_^ZW;bdZaq|3pMOH4w|aYau3 z@F5v-Qd|z{IAK`&@DnPm&%M7Fu1|)>6ByHR2JR zttyy&yLe17AXU%vVYv9ihhLK&8?KiPluF=P!;KTvohD^|*u~LIgT2=p`s=vnc z!s(7j-(_*AxjcI9Rd50J;7|>{un+ld9>%ZGY@aSV+sNZ zd}i_+%SJ++ZEmu@KxkyVxB#sMEQ%(kavg_~GPrH|5Y6*${^7lQAzo5#ngRTZ(&UdG z8Nroby?hBkpq9&O61uc zY@yqeG}Y)1hF-?+)-~yz9~9SnPqg-YL9dxl{cfB_k9$?kcF)n(n317t)}jQ=ZO>B% z8m=yeC$gYXd>a^@#1!N%(mzQ<H1 z!9qBJM!#2!PsT;=R;=u#gv$1?kNjrBuqTB>%R3C3Z0j!1w{)w;mdYEyIryr0x$O0* z@n6E4l+9)jYqTyhkqfy2)cWP(SLtr;Esm{OxDV|HX6Tc*vkl#thfuk?{np-tpz8Zx zjlZbC4A@5NJ^8<~Y-XHd=}>EhGvnDQW8RAxKh5CM2m82(vRx1e3NV~5E-oKlBe$Xu z{+~bVHFz8?v<0mW7y`1Fx+S*z@Y1Un!<4%@nF@H-N5^W0wbXrXp_%OYd6f?Cj#N&G zQO8H9rJjAfHAfP2dxuXM+%$(~Bs65A?X&#Wny^sEtG zw?5ubZ@Y~?3feXx8Ai?hc;81r4jO+LqtnFy?I?4-Z!3tOgkqYGioMY4)Fj_45{5{C zPIXNx_{j6%=QKSGkp@@QuGQmaA@}1(+6_PX`nI&R4iE9j$@Q#>;Z#Wr;RNfHY8?EI z^da&oJIw}9%7Dcu7EboE+UXBIIeT+*9(rvGr@(^uu6iEWWoICFiuXR)j?in}WA3{xCaE|>Bgkjh-r;&C4bW%)pP*nLf`4%}%e&ECVjiaeWlze5v z6n~(w_Sw$EJnty4;$P!=8|AZDpfSLm0(2WN`*Mcm zXH<+9!#R->!kM1(@?DwF24E-Ahe(38I}g8AiA^;U(bzP$^J}!x4pw~VW$m|qEpvYNCA*uWW;s|cZ|Aa)1?*f5tYrukURpJx~;b}kY?vmvW@&aYq-1|FpN);lMUlJ ztQp9KM}!oKiLr(dnB@~HzYBm;;SCiXy_m{I;>fe|iW`CSzQW#QG@#cgdb|vECm*{t z)(@Uc)HD((+9(LyWFrSo&qcUfS5u4|b|@DwParceig&I;9vvVd#4Q!MUV$B=JQga^ z$GV2|wg-srSCD87^dS#mmo_4@DEj)lLPCOqLPC1_`nF()XbZsgRZuV%>K;MbTW275 z?Q5h=6U>uc+}*1M7^y&o`!)4_^U%Y#9WTSUor`I`*^Z_Icl$gYq4m{+pRQsA3dc3( zM#i3#G0;PW*YFi=9G`q4FA2?wLf{Z6S_ez-TvQgK*G{k>s}VGp26Y`B zXCWzG1(PvM+SPb4KBBl@m}HQHLsY1m}*6P~qd@ z!Gq!boxLpVti?sSqrVwIl)(BYaAje7b5K5vfz9D><-G>@vP%nJB?Cw*M5(-n>bQuu zxbso1!(P;1*FQtccNQ=cXlOtjtWD|Ox^Z6UwXV~1z+CAzeD?K^)zl4F9k@1 z5gz)p#C_j9nx$lU5OP%DR=TH7j*dcJLgWt~Ja|k*f2_6sqWdnmnr{f=RxP^f%NHs{ zwR3w)3MEX|@Y*HasDlcf3(+~=^p=9B00(`#q^*n^uY8WL7X)k4|BI_qh zGG--j7=2&e&=uJF8tDVu$SdU0R3`^)0N{c?I@)SfYFI%7Q!rR_uuAt7$z4|3)6HsS zweeV!;70ukTz6G-Rv_8NGvqv42T1JZqi79^XUTf2Lg+RBviSrWLXa)(lL~KRiw*P| z!rs`j;#fCd6}rvWk&g2IP&`UrG3yN|@W@znOmucuW&rH7zp1&o>p7J7`SV@COrf~A zbS4A=pK6q^qQY6aHnhbn9MRH>^@H9r*-7aAuZOTcf+wJ=Z#?ViE9f=dSsNV1{;}UG zAbYwJ_oENU_nF8J=c7!(`^%O?)r=eHdG*a$95(s^_>8*2=RuJIgA^ia;3NZ7jwU*% z`YTNI0|zgg2m>E`Q|dRs%LRfW%bW-!)jq?A%?3Bh5P#N|5b*W>MH>ZXDUKYkxIbw6 zrHjs9xtcDYEZB~Q*RBf%>I(&dT-D!<+P^fXrTX>QNP#VpF-jL> z7o`J2U_dY++Gc)gnkqVthi2Lh8o#gx#-d=gfQDDx2Q)47+GRb8P*<3Z>heP1p#H>w ziA}(waS=4FCHJnuU8q*PJ?Z?}1VTDR$6d6pV9(654WBk1KX#}{U(V((Y@jhlBkM8- zQ>B#`ZDFFW?&w$=kb(UE{rhTvQj_PhoQ#Zx+w0d*s6x6JGY@NBPW5N0ggF-=u&?Uq z9Tr)F{!~uhAd8I1J>$APXYdHukwovsbP;;Zm@xKz&0{4FoYXD0EF|_cBb5eO$Sr$A zfJ4}acLN^ejUU;oKmd~kE0S5t$jGRugq^~)-P`~ljWQr&sI>hG38nG706eXjO~Fj} z&Iyv8;H3PUyC6#Cf&{QGV5L_dRPY(G6;sAr$eV65>@3sK<@R8oZ)&;iW^F_@|P zI(u>OaR<7(_Hv-=?)M0k6-HJ`iH5w0w*8<)O!)=pDO#{|D{9BewwiA*fbwdPE6VBW z;~7xd)@^&Z&c^qc|IWEE1J&jG`IVqrqG7_M`^sl?b@~g2XJzKG&vm&$7u9w`1r36k%sepDw-yK#f5PW#m zlA*Yu^Lg$EGtRb7-I8Gf#_gNbUHVc zm*?c~#c+YF$D`)N%#M)xOC4e2MBcNXmDguKbW3DGZ$C|CA_0uc&IKTjJkQbbAUz#< z>3@$te9CJ<)Hw|x7$@ux$lmU$&aV@x!{P9BJ{bC-~qtL@WvI8WKZE!+L)y{gK zp|)EuA7cw~;vp*G?0Obl7Emmb1q2C$-hdNdmrlN7P`?dZh1qPkSudD7gtUgPB%m$A z(`cVwOy;F-c#{@gBsW#g4IMQHTMI4&&%p>#Nfdc`{{8ZH18X|FQ(h|>qalyn~Y#7y6%_TJB8B7 z;)0rF-J(nD+s$ZzPShCX^OJ(Lefe^}8+eyM8T{&HD?n|xePNw{=bUU=&2#`cN;^LFW%N zW0^y!h&+F4VfNyRk;iv+XI%kJa>~ywWMyYnR+J~e#od`R-Oy*J3JHdHclR?F=g?F6 zQP5KPvEmNKUg;J`wro*xml|xpx7c+0)HE!zTdw6{5WZ4O4kG2U>2X&RI&TkFgg22y zkx^4t4!KCYQMEjUS)6enK%uQ|5@^YplnOO3UUHzK2H*!683nSC*L(Au;nsjD4+OnH zEfH#to5x;E)o+NA7EK&=7DXarH2Lc5Q2XA$))jei+;}bDWo>?)Mx=O*I1ix)2UYg$ zJUw3;cuQuc!J$O907qD~x!Cp)7_|Ij!|1MbdC0vTSV+nVVIhz55y_5F?pgkwW~urY zmPlr*2DDSL6NGuCD!%s2w@pySZlmsX!Y5uP290pU{n=98+MRDSO4`BFvw+Mg8YWkI zjj>fn!Xm3<$xc5sFE6mmcGj9?4qn}E))~8P80jCM?{HDSvGH>Au8clCRbigZsaw#I z#Ym6^jA++lXztv%CH=>1uh%9fN=gXEKjueLF*YnLtlflHMC92seo?xz>I`*Cd-Q%DpVCeR4q5Z^si%1;6QrkDlvamRZ-7paqndePc~YISuMP&*W58>;W4GRR}gniHeWb2l!V#fHabQ zR!s`va)E5!qb0P3nL|b8l$yGxpz8*z2}+gbe%ne{wkEBC01H&LyF=3(10;_xhOCc^ zaPNyKc|b~-sgg=h!Z1U_)C@$HI@84hR_X=q;+d(4uZu)8^-$D4!sH)D*5l4+f4^9o zo{pU=rWw;$Gxm~cjiWolf$=Df=hxS%y}#FVyo7`MVUMC%dd%h8b>>o{OEp8+Hv9a5;^;>K-ix^6ol{SA1BhvylG!M(tm1Lkk2bYJe3hN2A>6?op@W`eGG z7wSc*L?0w%pFJZ>RC1@SCE5uIFgS1DXfoI=bSJUeek~CNTLItmSvj0&1H3uTT6e0u zBZ9jYPN6ALL#PEga3d_<(@Y;AQ_d+9oL0kjmeCf)e%QR?DxgWG;`I573eCmuS-CH+ zM|EV;IY(aC<97AM%Hqbe^!cFagb^=ZfZ*e1Vc{zIWJWVePlbQ)o}kmpd!T2Fqns5$ zGyL4xhrW>QBQ6x!E~=I$|Hs{D2TeHXl$PW0sLNbLD4QX{A>CT<9I zeQJNq{%h6BI~7z8ajPsO1KZ#Uy1G_kk0g%4igy|=-k261a}xR>Xq{;QUR6m+7C$sl zMqYlS0BvD!zniO;4e+agBQD?54MdU|Dp7hwwtzwxp%X(&;LyXu8rlTAXnaz-#SYF{ zZ&>J;glyy=UkL?D6|_dL^@-MB@w*wg!GB?(>w;pE5EXT^=zSl$U#=H?Suo_q>NMZ` z@TXLlp`m8jjFSxvAieI)kvkOD6|Q5@a<1R%4?}PU3hE71(k^>$r?%d>?f?b9vdl{0YNFyYsDYjFTK|4*{_cK&T7QjT8gG(HObm(bWcW= z#F?ost&Z}p&!&5TB}EmUepYg8kfdXwc%uIvpECE7qRyw z0&;oAw8lqbqP0v`mjKQdNVsfKg;`azs7Xk?{R@n+yviaZX%FVtKqwIhlSrZ7!w@-= zWSL>lsgeAgJV7!d9@EinAThQ*=flfTCvor#JC%J3y=K>Vd~Rb{+%=_CIb61Z>*&92 zxCc-(z(e%!z^;$X%AEXYL@F|`HL+!7!I690?Hd3?-J}2# zf~ndhmE_fCWt6k=u5gFt!4Vpzy43Z2(o85Db0O&YHD&Ln1P_}jcA6`$BV zna~th6Y`k-c_x0@(qlA>O2&<2A%of5?O}~?>#u!5TMX}>!I+D=re-lNimk86G1lCG z2n;><533z(gGo=hZc;Sn)aQc|QY9~6?yCnq z+c#vFp_ic6fiYHUNF|v6#o&pfR@7vNGIN0;1S1NU#R*a!9s;1C=+13vX=&$DD6f!^Ka^-20bs#1vFxEY zyetz`QTb=mLh>16i;>Jh*OxWP{fc1mq*CnzeazHCfDZgHjA{xwyt=U1;ZR#q{^UCarKLgW=9A8ISez{Hsqc1s|OJcBWXpX7#u7Wxznv;bbM*U~CAow*&L!yzQ08`CVOt-Rf_M9D)|9!mo+~8cFuK)Xq z{k~&%JI>3i8^+3D>0Dn@Xl|~f`$QI zZG(%sC06*S`aPq{73|wStzvNvWsAe8D$P?k_Co?&VZg!=ki&q0UMRji!oS!>ug+_` z3C6aPUNulRfMHg0ZujSr#izS(_`%p_@y!7c0>QjTD+I>$Y1~gIYnH5??}uDER6x}` zi!Dwq%KU(UaCtm3NIQetCjy8?vz1fsg$9lU^(o3K%E;j1hFajjWbE)t2yE&MQ>DvI|`Uag6 zXl{e<*BLi2+y}zU{k^j(`yFwD3OcGwSPBftI;jA*!>7)v7~lX^-Wyv0)drS2H2^z2 zq@tmxnh=@DSR|_?OU%t(hJzE--Oakj2Uq$8K;FvAck|I~WJD;5Uo5%M7SW*feZ$i) zN%DN60;j@t$wuqc`K<3Q!8?%&G#H@!6ea7gfg}$n`=Qr#&uWpwOclY&)rJ7f<;FR2 zt~_kLfwr{yd|q)mkRByaaOt{gfVPm3kkEE}4bZ{>Ijm@-|HoEK|JGA|qp7FL67|Ip zPotL)-hUHWtu$RERSHlMZzn+onTzEPLhKkXE?->(1Ogyqap->8#va)AOO?x8yLH$b zz>S!D?&ac8mjOc_c+y<-gQpdyuMpub*~sgi$Q9_JpDYF6e+klvwy;TpOnUEq`stUq zPA&;o_#%yp4@0z!zIYHKXG`sQtfv>gGBvAoUk^_$1>w!*m8(xMW3CunfjrOuZq7IB z3bNVjjtT*60dTL?MxZ54h;@A?CVK4}cHwrcnBpEk1h@nDZ{p1A7eGbYcK@$o$Qj}R zJYDT6m0$kZ7bH4|7teEl`$s};zm6W~tgAGT26=aOzmEE>Ec4;mee_O1%D86-MtNI& zCy_ajOPj^cKAi><*~#}1*~p=GzzfdRWikPk``%3T1}~avPzT_3M_<4wLlQ*9M4xbt zr=B6o1GwZX^JKwVo8rdft&MyFBa`3jou(Q3PRJ!FM8(WBbcax2^HUL_;njJx7=hAJ z4a`w@7?t9UW>5wzgEK6=J^zs(Fp2gKf0pQDx2!D;^!1^zs8J9{U550*F9!|>TMv)9 zUd>_Dq85y9%j4&&8McmagmORLpl2~gIclPlsAC8fki~yYN(?~oSLk83Vei$17W)v& zx3vGvlmx^GBy8rkf$CRMAnT}g5F1W9nT(LT0{m)-uCrj~Xu?huq3H_g^?IQsVAP^E zZ`DyBeDBgKplYpJ^|J(uVkWoMnv#HG2?ChHvG-80qw#*6IPC1E@2Yy6}OKJIqX?HX5JG z9b94!y7-y;iytRtKcn)p&l^yiX&g8`6ItF^f*!8^s`o}UNC{0^)5>#WSiq=mmiqr- z>#d`rYQw%!)JIeh3`%0aA|$0@5HJX(8_7|SZWusvn>2%Tw{#5MrIfToHxdI3DKT_> z_xQfwS!bPf{Oj>qF4%kDbzQ%@!CMf&wV4ULd4><1zTKv~;(gCP%?I_h8^6b10xW#P>-=4^+0sG7H>Rx5p z%Uh-QVFn)T`a8`RoA5xTZ11{_1gZjX?>XkL-%G${Py+p9RopE-M)50A~hi(l#JlkGd z$1bmAAxzI|lp%G$Dhup#3NhieSToXFnKJZ|8l}X}`Dd_KR7gVmM3K@1*I7Eeq`!HSn3FFUnr}pa+h*-`6xi_Yo1rob}zu=WFeI zINhB)cW9|16T{`QDrKm(^um%9=K;p3R#DVGR)$#+T( zXM4Ei_ROhL;|hHpxO&z-m7a4pA|})-3FW~`2CqF6_69`xF}G>CJCP-raLfOJ z;tdGC2*sO$CsIMdZ-+aY2QfWY*EQSh3!VWA3sVQ&EU2(w$<7ic#iwb#o4IaqOUGmL z^V#@0B^eqE@7LYV@x=;^!P6&;O}TWnS*oX--dP3f$7b>m1ZHH3lqh2p$35ETZj2n4 zyMl*kFoYNePx9R0?m~RhJLwmi48S4xPeJ()@@#eY>d)xXCTDUOH`#|aruY+Gb!u%5 z04(7yV+v{(b&=fD)Jt$8!uQzqsxbXI*x5&%;AZB%{4*R^tP>f>bid;htQ{alk~4yP z5KoZ_pC%KJuG6j){zjfCD~d zz00MCP}7YHgW{-f-dQNYEgzB5zb;~AB(%ZHQV|8edZ{LbaoYiAPZBT-d^Y0Gj$|L8e@T06}hI1nmJ`-}XBgr6toXF+h0s!0oVA*a{ z${TGZS)Kp+>4i9OYzu}w)x)peTavMZ1~Mo$ESw{NVp0LKoQMc=exnqVWp-J2qBeO~ zLPyPFU&M=u+x$nyX|mnU>IdX5Amd$8mUV65KHWZhz;+kiAk4L=a)7|;2o^ihBl-qtol{c0O21RVkcS4G| zn4&_He3O#WbJ{I>zCDD;W!mI;5BBT_fnmt+{4WG(^hS_ubx(Ij2Mocc8nW>>NFzYz z{O^w<%i~69MC?wKnX#*k^{~a65Yca$T@%ivYweW^{C6;a&X>HwJ^rN^srU-@idlKD-)E5*PqLA~2B&lexrO^cNZNNIZSR z*hYus1Ttd!&R@H}y@S~%ohut+mhyGM5KQz=RMw#f(Nnz^ns>j=B~s6j1f?WF{4!++Lypqwt{!h%1X!Z z76XkJkmLQ|-+z!G*W;w*J0&qLDcblz%j&4o%ww(g=1LQcXF0&e`drTm=B7YYX#C=! zBMCY_8Rvo3pX+VPnh6=AC1B!A;c16&FZ@9f4&NNOu@@-&GE#HFn*%CVNXhlb`5f3e z`1=PgA7*UDU9Wxj?%j0NGP35)7&F^T`@i=$7;oQp#C8sWNx#KF6-oTR4^tfbGq{Wqa2^b7B-$2e5jzVy6`TZDV;qnOsv9UJA< zIGxF7{FeYTG;?TYn}savQo!Qb2QUkhMm;x3iG+a$r)fPV4KrEi>80lQXUw>E398+T zcXhcAt)G-BLpDC0VaMgWo4b zMD_@y1gchU+X1X~4@Gaq`*-6&WRzOHPxEDBbg`9nKw#!M5xE|tV-pUy zJkTJ)!&SA#3eX&GiYQ9>ktR9OomXJO#sg(D=$wFd{*frQGpAWkwxMyi^jKNhUDD;* zX3SxI+7dnhJpA*Rfo9&fPVUms`h-3$y3~vACJS3WoUI@85ygntQKYhHl zeRjMFZFjKN?yo(1#5Hh|eQ}+DJ#WtDXbavDow(1Iqp@Sm7Hyzr?D5%2juw8QDz87c zv%z;sgcs)3*}jzVwE@k!=Y{jQGJtt;4^Eg91Sqp9_@(g*P{c!k@_TWya4qQ!eQC?=JcC zvs34-Ye**PCGb;6T<_2=9dV`=zGQFiN#xf^!qq1AI9eswiECTQ*D z4q>IOj-WROvigpDYu6?!8`Hv4pDuTUWkqec?*z@at|GR`hEIs%A~c52kWFAPYFS0J z!3D^FiZ(B~iZa8zTu>oZ+v}N)@C4MfxVyI;V<7JZd;Nmqd+^G)%3r=BHAHUNb#o4J zK0zA6b@hk-B)^-aew!M&)_c|XrHq$!@E-ayk>Gb)S->Bt5A=WLPMQ%~7z&=+Kn&sw zA^S$#UVoWJrkkZ+7CH*u=ceyo%geT!fT>GL&AE(8_bu(mRPQWOMMreHs{cMQzoZ2C z=E`po+IY!RC4vrRalg6G%9}{hbZuZ_bWqPHDX(B&;7V2Ty>^;1powz$co05Qn>P`M zI0sT=5jO6BNXqz83^AVu=FK^hIq z^8g}q&BS8EI0pd~&ds$FVK_E^0#0lyp|5w+odnF|fqJBelVBI%pow(7&-L)`Wqm_1 zh3eAyfHdMhpXD)>y`KTfmFWG`zhmNHDwQ9E9}jz<4(4B>3X|Q6)F653x;~CwS{kXen+cIP`ZaB?p&M`U>)X9rmrWFqto3$K9cx--vvZ)? z9&vGSvU9U@-;(s>05vX<`CbF1e()1<4wapR0bU0k2$YlJZ#OWM^z?_|Og4!wVx;)f z)|>UU5-eYj3^a}yAbjfEv_MJs%o$I{I&U(T(gSFryJUhaR7m7R-8#-($?cSzBb@m4 z>a)(99!;%7fFX*A0u~#DsH<*(jN-7D+h&0B=9b4M6KR9{V*lhl)tMVALkOfHn!^b? zS{3S6f)_X57us{zjk`|=Ot5kna7p4Gb>4s7Jys^{_PlncLZ*Rw$Yp&TpXfS$xDc+) z;&r^JCaD%ye)F_#bk8 z{?W83g$&L>YUuuKC@~IiuEl2lTM(?>LMsat~ogU%iJ*KPV*MbLdbMq7}jiA*LbzE4E;?e_ZF4nUlR^}xvO@y|F z5H@|h5kRyrWuaL^A%o6gg0R9gbkB<~YhAIVKD4+H^MmR`vyc?b3E+uN)tg!IrxFv3 z011IL4#hE%5N&j+OxQo{1wIvT+Y{lc=}F9iPaY1IHDgGMTNa~7=hYn_F8Da#quw(L z?m;5Wz7&t95Og0v_vw|9$_`v4Lfp3JKRc+w`P*u+X*j$y))Xw?Wo*>n$EZBnXjp0N zFh`yIrDuAJ-n6yw%w_*OI*Q!e_1Sr)ud~-|xOTFBxsi^y_gR_6Kn0hcX;Pq}ykf!7 zD*yB6E}N6pW_?MQu8{xY?V$r(+9hTL({=*)j5A^9z)Kv)3wq*cl^o_8qv6E+BeCrr)akZM@xcypS&1%(uh8MnGQl@=jclSABy=F zrWPLa`WC$&9n668Rwxany~%`+86&jt;|i1Ka;h(*_ra_zquT=F{AdI^Kb<+pVzKr6 zdlLajjY)$^VIC2YwPjTVQ?f}{)cSb&DmcJ^0p9iX=0v|8|FvwgY&0633ySgI_#NY9 zo+tw?v|+u?L`w5 z1b`}7ol~;2!w@(JT`X5t005ujwwN=`Bx^4DbN4d(uHK=|X81Kx(0)u#&wUdI5?(v> z?x|%KqS8P~Ue;_wJm=7X=+AJP6Me+Tw<%w{RdzmT^()E>;=4|sE;Qz;a>vLv@!RV|ET4YUKO3GZG_B@J# zR>*pEp(9+_cCrdO_Xg4(%gMZLB=YI(hfYY7c=&QaGQ!^ro3iG({QKTOz02lw!AsdI zx{cRq`J^WGk|Xpr^wl&CUhJ#>BZJb{!r~fHH7RauIsFd?3N1aVgert!&qA2e1RzN9 zLfKTwZ!hqIi1ppo;t>nnvV3VYwdNfGNphk|U2~cG&L)+Ke=jFhr@Aw8^}}yH)n@I`uO63e|GwFWdzfcik1jlnr1@tFw_zR7R=?j}Zu)phHkhs) ziR+)Lb&V$;;pkTt-C~tr6@kVQQ2|}nJm}?^7yy#Uy@(Vck87mRXAHZMjC;@`CS*CovX4+>~+!(&3VC(f8NaB>%vQulCN1JC72 zhbxb=dJ|E@7N>LS$Ri43rJj16w~YTVa-?lRb@U z#v1zv$lwOUksM#6xla-AzDJ4m!6+s(i@W&XeigyJ33FUg2;z+imuejSq10O2wR zI~jm_LB(#5xP`+?GQF4C`CFM8LD6Oj&AS||6Bpvu! zGt*xTZ$kYiSAo0rC;#e@)K^BalCz+szZdMe!0Z8DPtaDv4Nm;YX7qw&2rSG8!+IcQ zrE%Ge>J!nWWK5dfoViJDDktj;hTWtyLNQ(lCSw1zQ`8kU!CcV!{ca&81ZeCH@X60k z4#hq8G-6RG2GQ+79RDutYwZKrSG^r5gy#%^NrHWnHU}ZotX;VR@k#E=_J!*`$2-4B zBZm@xeo&h8)UE17maQJOO^65ssS?}pzh`#rq|+t4CKw_E*!Xm(GANiR#xE-ApQ>I2 zRR8_{pC^3kEP3fPlTmcY8Xn0*sawIl@e&3S;ueZVMoMqq7^=6cLh3+iFy9ueSL?Dq zUGJf&y7Xy>l=4E(fpcpt)o_}sgQ)$VrnX@EEX8CA&jUYzne!UAnC)*HTg_8^`S_1;Frr1HVmtM}V_5+YID z5;>>aPDF5DC?L*9T$O#h`H%Zo164dL1wCA$&!E#>joC5-fV-1pA*yUQ>RfvOcE-VN8YJkenWy(EPK|!Y=FeI7AVi3I1%=;u$}z4m_aWvVYXK9B;*EpY0Z zE-lDN%WfW3#0Q%X>HxaQ^qod)yBVTd4L~I4u^H)$ka`H*MbvG3Vdz6sO3EMgtiB+6 z;pr!IFhR>f6if`L9YBK!pglhsLgkt^kX=~7RIdmmixjHW!O-S6p2`5jdWLB}eu==DZEjn1@#wLP^4!C=C6Wj+scI6CYy=eXkbZfw>v(FQi= zUuaH1#}j9+1}iDb?)&_P94J3fjG|<0{wfc%@FV5m>{9Q9SduID9rUVri$9oC+KU3v z7+9S^Wh)y6nTgRkYr%Ds6ZCJ=#bGz?0%WLg*{wOU>-7l|UM!qX?!#Gx9<#mw@#!+q z)79WtKfibmTE0Mexz=ZI0Bd^@JfdemXa4< zN^%ePTLtmo7CqG^&ANakTDp(x@&b&W9i-f@N~H8nTeWfI%p7SK!Fyl5l%=|~U-e#2 z%5)n8(D1C5%DrMF($=uZ2KLDi|KKUXYL6>`UX2e`%^O)FCSEkCGv|Ui1D{crQX=^^ zvOvEeaQ}^9Q+qqG+njpOKF`@Sf2+#dyh89Irj_bC2))QFUpvp5!KHlfN6la-`{O3s z4=QWiJU%%I0tI;q7{v!^b zb(;>FrqFa18Gf&YU<%hmXcb^h#du*B;SF@F_Qt= z2I2t`wdOx>3>fo@V9!e9eoWgdS+pTnq#_&?`-yz`W&dziv_2WI^ugV>2S**|y9Y21 z^X*`x5o3qL#UBimJ){tSISUjB7=M%KLC-poI-rSYp1llfENzV}FMzn!c&_XBvBH)Y zEQ9eBO6Zapl+4n1`AP>l_|e9F0C1agOkkGJ?ijn_gBM+bi&IN7Q|oF{bG43pgy3Q@ z!JI;?>};FK0lMd^O<17JGc`5w{VHos`&Xav>E)EsL4jR$p4EJhe}mE7%aM)uSzr=( zKI+Etn?VO}u@ETIx(8GpVg)SvH>N!9r>A8I68vh*&j^aM0Hw{BQa@g(>xPge&H>z> zhcya$B0*;vq})Sd?!1!}b4x|DS(J47jBB2^!EfT5MctJw->&7#f+Vu4Rac2&u76B^xCek{kp|{sNWFI$iLY^WfKm zgih2@_HL6YO3L@pYp(vDC&Ghbw4R6*2*c+a>K68LFh)X#x z5v(J0fjhau-PYirzNY)z??rOt^qz?@B)g^cMMgmEK1| zv|x{289^rpBQ@L$1+9iz9zK+#_!frx=UGZm2|r+dI^^1i&(^Z($7xe{|9!D+yT=-upsQ?YYh6#8 z&H`amsS={q5Bd0x`uZFS?SQ{D>o#( z=ia#}apTwsL03;=Q!~%Nq!Xq$K9|@_t502?AGj2iAjiXr9JZlxm}JXREIRJv@4VX=`km=FA> z-G0G=T|HfB0S(>~MuOb&8)ejpPev5e^)7@v+-t7)i)~lB;Wqiv@hA}98K3t{qD0Qq zTz^-sZ+U#$2Hu~tsd4ciZtP+WwzXmDhsBpuB0qJOK+mp3zXX0eAH%b(`J=nO0~p#X zv|2Y(oHd=vutRuF!u7986v1==+#MADU)x-U*?$MgcFrrRS>Mxtg2QX&;2^E2C?QXq zpU1Gf;XUuk-`P#m-h{n*lcQZ+Lqh{>z!eGR!WD9cK~`oOYAR5O0}u%K>Mm|bLjt@$ z)_$5}Kb#YxC=mAYRIlcw+g5DJv!RDaq*NLnr>DAR5AQ5;ClZRdLzm{XqRdPef(!CU z2OB0GgzB|<$+hwXll|B}8Hk;N@grTio>j}{hk4-WdX zv*-T)Z3(0iwizvgyibpu6$y~D^;n6?NTC5pjEi)gD)6A?*QHr>xUVB9n|OhxmEONE$Ma7AYqf=?iIeB0VN@eL z*GE@h!#geUM4Y*TLSIY=Hv@_iphD7(hZu7e_vUCwtnlV zvcl&0ko3%#oN27+ZTd`tChxMW0 zqpJYv3;+;@hu5shMYW~}|0~X3SZr-;g&96EQ4jHjbHW541&2sFti>4XWP?Jw#qZV? za>nb|$N)w}aT~flkF5Fg?YFqcJ~yKH=SZL3W`h?{OaMj?kXLZj&nYlX3VG1^nSeE2 z(GJpePBN$bpeC(Yei&(ZHnFBC+rBsJY=*U1{hGZbLPM7s3)53AWHze{T=%yS+^>%EC|8S@6sI4o? zY9Ae2HH;DI_vq9EZ~l+ht^qRmuOm!)ruPV+iv)`I@IvJ8#gnDfzbXxZs41zLnX~l8 zT`fnxD02~i@4=aem_4uHv@^kFl$EI^7CyO`dY`vg4NY_X)vMtJDcNMW!`x^{biFY5 z@t%MI042+vmU`DGTnY1cK2tGX*sel+*)R#!n=C1LpAX=?S^0H8RW!L=)K64^ZVUhe zKt86c#a)^kA_Sd)|etfoc? z?%-ywuku#+o5Cz7u^DF^OQrwxYaYqJoH|_S={jE?#=c(30KRZeL0+~1Ayo$d>de<= zE%6MWX&3^G`g-ePy0PEvaSI)!SxT1?4GdJbZ__}xLT|zn?@*+N1Pi_j2nYt)C8_)u`>v-zWnjqd%XvJ1yPO0b0p{B$Xk1BPQCG4OpT{ zNJ+`fq4AUy>~A8Og$=U`X+u{BWqkY9ugUZX8`dA3_;}Eqbxi~HK@F?VwU-}z(Y>#E z6rYaY`NqP0#Zbh_yw|VbGs3ZIGn<#0`QGEdEyc#bYIB{GG%zr5U=^Q}lY_(IXlZF< zV`Ftnx?=gw46WSU%5ek|vF>EMiwCOT?I-1_`#b5>C%)6opX{|a2HK9nko=i?4`nq+ zIiP)aRxB`ru1RA$01?g2+*oD`wt574i7{LK-#Tp-Z=K*pU?5k7p>7aFVKM!=J}@on zoJ#RwZ-9CZdL3yNk~etg_1qmCj|95W5zqMxNFs}i{lEo#^66&;G+5?W^jm#(X)|$p zA|iA=5_M)LBcu5I`Sw^T&HhF`^6#5b+<*fO56k8MzWaQ6_vNdJwA6x>^tEaX=4bWk z@yyBAw#)z)KZ1zn>yJiw9|GvjbM`CEG-&*)ot7A%yjMA`OFuor*S^O&%9v^a*e#Gd zb%3ydq?9c1*-$}E@}8uzHaGiqT_!#Cc41ed@pp@{1%SZ~ll#1=N804P5TRp`)i6}N zSBEwk#OqcyD>Pl@0k20s(>qyQup8wpZUZZtUJ29FMp&G0j# zd(AzUlJs`4m)HkXAKfh&StaE*2$-(gn(U5kmkEMIgiX6Mu2B>!#Zf+SbNm(YC{;c4 zi((?3g!4*L=!2Pqt^0k_2oTXqLm(cA>1-fA3$$ zAZ6KAs)28&krs`o?9LNzJ#|^xbbW<&QF^_9+?&*2@;lMx<^l)&HYv#fKOg?+yI+yY z`3o`B>7R0sy>Da`9tHF>{6?Fmk*k<<4)Jry`U0 zYqygYf8dz~VLQVHpIE_(QKqJ@-N^Is{PSk>S!v&+D``NbsQ>EM+ceObrSo*-s-5lu zfk5rM$ng=^GHJN(icrrw5MBdyAyNSS{CNG!@6hi`-$5A!gcQKCmA{q%=HKqY!Iz@H ze|KoO874~kx564bk-I)YK~^0dnyRWM&z@ag>SNs;qo{Q-KIn|R#i4aIi<=ZeH-=wI2_*JzZ`DhtPu22`0?Kbe+pR?gM-K|O?{V3Dd-_vf|IX~!NWN3hEs*=B{Vbii-1-jEGH>7^g6FAU3k6Eesx^il z;oBcp+45{h>9H>b-0x;K)Q#I5p*DhQOdV)hCT#Hy5=U3__%1Li(pe!4)UC2}K|EVm zceh-S@-NhYXaXvZV+g0jAht+=fKiNMF1UVd#Nc4sTv)E9*4fuAFo@%tj^0BzmiQW8 zQy(5fZ>mQsY_ zYcG}xb8L0cme_3xT}tov*XKekX)MjcP%Bl`h-JfPq9-l>2QPtJ?1$gg9^o4waUTSZ zYeI-KYZ1`*wGtoU;jvr6)0N9dts3jX^dDBgncgoD(4hJkiPYB4x}26)YHS>wlLN4- z36a7x&`uHpy-3K1Apl32EP+(O67XXL-{)&K>9l;f5Wm)yR?zZ?-L~|REhxjSTDM1||X$l047`lHhSvVnP;2avf$ z5gEhaz9^Y*ffwyB$1=BGsz65q9XXGF%AwW;`)AH=#ODjc9^Z~wX;;gp2P^z~ZPuPy zdib5rccE>9?*b2Mq`(ymAXZ8f6mfxgrwNAA<&G8`6VIgN}}UzkGq( zSReZJuz@tUc#uv9Od>Y`y*FI=Q3X%Z; z=c7gNgJorAfiwDVhRKHd2%Wss3Q<*~x6KuPR-eiB&mG&#ZN(roe$;K*@RF>P?)#1-mnN0q#16s{~%CK?3U|xjDNE8@KU3 zvo)x2iV)&lsgj2$Mh3yt_a=y%ykd#RwRhd@mlg;0qB$96eTkADdkG7l8qcvH2@IfaB;+VRzo6g& zW>CVLy#v9XR3IbMm+A({9bp6eo@MuB^gBC-qn(dtNwHKS$QNtF93ZZav+UpXd*%c? z2b5W%6z~eT>wp#sNGF|kw)sm-0Av~-rhc0OAAI}vS8zJUjEdY7Ds&L>_I&=ykjM7E zZ47{+!lMx?8k~$N`gBq}1+`ND^BdXMNjsoDG3>Siq3i(O*G8+K8D^%Jy^9`OcUK%- zZXY23O0!(TLFo0spAYd+n2|z`umwmx1tLSBH3La6Ro~10g{lGz*3)}HTzZm|T_rUs zGpROdI4MsejpHO4eflo~9Q=SLe$bu~eiFFPP~m@qzrlYJqEP?+KO&;Oe;MF}zx@CI zQ|SNmZ$rxe+HWW#d|qzQQJai-X(x9IPwnq}{S=&uM(viOpDP?UtQ!HZ3E?hhBJQ6Q zaRK*UMP_)Or;s?!FnILV&R~tRq*$8)W7ub z;TZNW=-%H{+IOI#Ni05gD>JwC2J1H5(Ta-9^XrT^%%%O?FYU}#nS4btMlD_StkYRg zT6eA-QOssg2$|H0Xu9tI&DQhqJ*_dzHoqhxEUKjMCX|~$yj-^A*q&*mVwABzZH>{T zv2npTo}29d79*CG;FZWc-;S8l4v=Gy{8|n0@!4--Nl;)|i~J+Qb_D)&vaVkA zy+xq#dyT|kn(yDrC1k&|to;EVoRAMsH2jO>OLC8VuKF#JG6bA1K||C^dpJK)C)znm zuLt=3zIwJzm%kSm5%OXHN$N;azSd^HH*Ptc!pJ7t5%^4g zDmRkoK!s0tK3{*D@t3ms^g;R%)YfPi2I(6P4e#aD3Q+BItw{W>xXG`(v)eMdFiHO? z+XuJY?zBrS%)^FZCeHo`YU(URzTMi9ZSZ&GQ5rg(k7wI?p5HYZlb@!mC=`Pn1bEET z_SbIr5r(=Ff|!mh3xH=SE|FsCE0+DdI@mw-Du$xYcJsbHD8MgS0Ig_R4Rp3NrTYj= zN#=>!V=7_C`$Xo5(=dzkzZ%O}84-V>ct}K~?ZQ@d5M}swxB+({y{{4o-Nq*fNuc!v zs3=NuHyCX}%w%=7FZMIPy>tN5wV+@1eAMx9r{OWPQk~&kXT*~LlQJqCTY|J9Ew$jQ zz)Js)$3YX{QrWB#ahc)!Q2*xR{~27k&mmh@Qws^JL<1;A_rJc{E^s&2ssje(537%v z6n1?ZX47bG=ea?eAMrztGTqKcbO!?!CUG+|(I)SWJcCY5OI^yR?@@oK_!Q3Gla5hd zT5;89?_|plm1zJ-Vd7ODSk?X3L5WkxXKEA4X@59(<>twsp|e8u*yHu<5yI6pYdC+aNWJEKv-u$aQ#XuceXc` zi^ZF^_FnzG@c$0Mm8<=Fch*GTo8(d?|C~i4e`a1k)WYi}r5(;*`~&AyDjzhl4hrsw z7=HwVBKMo@;1D=B!m*{*XrlBh_sGb*|5(C5a~I8} z-tz5y3LH^1e)RGsC1X73Nl&b?hj7&`FhYrMVKKD&qAIj(O>T=#cDs26;o9s#|N}*%A`Pn=Y)#+qF&n)zZs9#ki&;XZR^hX6%Ck4SO zSb9!`%G=s-Mh!ZNd!tn`jpTk{p8cL6mht?PSatY3wcPn>3;xQdfLb1f8msq%Xb+$1 zevY+`S=D-K*7XLp?^S_r@Hm9l{?tZ(7HivCs@(zF-Dg^o&wa248R!%flf2#X+3pGA zAj$P7?DGR?Ok5-3lLwDdgXJly9F$sUp?)R*rJKD*(ED%k9s<*=1)H}Q*ZORoxrdut z0&*t!5DB@p#xLgwPKyx-JL+>MduBA+uU{%Du<|&_J1l?a=#!52fA9#E`+nL(MylPc z;?6dUi&-9o0jm_UbN6)McQCe~m7Tzu=lrOedp`}v5uzV_FI$WVK?T!7#X>!8uH{6O zElbOl2w@09Mq6uTYi4aH;yG<}B6GUmOftRZ?EEj#gq%p31${H%$iJ>cc>gJ?wKn^e zENRzj6hntsI|rDAp=m4kb1jvFLcmlMXK7BU!uECr0a< zrki6l&(j(?;hjLri)|js6z5~nP2l;?w=*w#gf}D2wbY~ZPaCpGe;NI&w&Ef=NN+41 zjYmakREXI4hp9MR!t8pFTEi*BX);?(s2??6pd6{=Gca4{p2K|F?J>!`51XP_+0F8% zb{F&G$6!<-tmVZ3^&}B|Oy5nm#3WNa(W(Dfw2-t`&YLZ-v?eig%RYV@pXY*DSd}~% zMZcdcFyklxj)!Md8LLX~u!RlQSvtJuk~pK;3HP=HPLX_$%BsDn?|Ep$vdaQc`o%(J z!=HYOMKfoMXE*vhSIfek^#BJ~Bx6`RF^4$FOX`72d(PMLZU(L&0cnS`8OhnC|6$dAsskHXs6-{qeS)FPG1?J*{=A9(C`}Ii|{9Px1$MN5C4p_VQ1l z>C?#Od(7Lw1SR25{=~2Dhx5|!UvY5K%AEYdXd1=ZLdsVomGwDnx|$(D{uNqDb>d?8 zYF|TRxqOlJm1IFT8yQKts>@viEwpbCQ_;saSnzRav!0kd{Ss`UY^_3>B>P;Bv0RNv zH$Gc5y=d`8vXs^F`#wMOL%LltZYrJHjB7Zyao}F+H3HA-Da6yE`!O@q^muYX#G=#O zKl_f}lg(dVf2KSgBeK%BoxX@Vm}1N-mvx~>lGxLd9NE0!TC~vWDs!*mcH1XG1oum| zUDv4<#O~_w#sS#*15(Mh!$$(uoddoW*;&Hp<82dkG@Sab<}Ddrc7wAg?Yeq#@{m~Y znL!ncb{b81@nf5v5sDex4uxO2VG!z5qQ*Xe+KOuaKzN9gGWDkx}C*Z{-R2D7~%aETI@;9~cp^v1Vr^v8aFIW{wQ1a|$dr8S@Zq z`00spvv966&<(%^OjX5H^Lb__PozTRbkNVZkfmj= zJrllrFll;VK-FP*DZ9jE&0FOi2ssstdK>TLGTjIYx)nK8Zbm}Q(CM~XOFhM+ooFo) zZ~X*eUSpU*zR39Nnmn)H_~yryISKjjR)1V2!nY$@0d%rq6IY}a#uJL6!{@X8>25sA zR+uZA#diYSTJ<7^jEA$(lG;T$&(yj?4|R3@Sj4dBc0iZFulDY<8nfkWXWU%Gz2478 z;f(Ynj;e!+T8@(}d+Ry4vi`#TD6CZ*ElKt7@Ht270S>lRK z=igxmLkcgaTyy)Xa#R;$9joCNQfCzTmL6=LcRMyGtQ^81Yd0;`0&|_fw5Nutj$%mO)>2OcM=NZdZ+CM{AX%s_@QuIQ~!eV$B%r#eL~V1*0au zc`j+*?|rQwAQGWeew&zV&A39y)=}S?OOWkp!H8LFmn5=4Nyjww;BkOVcI#r8e;t&= z#-T7$nUTX5m$yyMIycWlS88!6NPAiE_+r3Dq_Yuj#!*MXZS1)6S!e)RRfcxV?ofBW z0at?^A6aE(blTs#91Dvq?=H3B#78%KTv{ap)HJ4@8cLv=vqw5vEUMQF;gLKp`gLk) zU!s|Yj%8&y{nj*HVxy5YSdzHyR<_Cms8UJxZLK1xCWHH7TzV zr0D7fN_CvO+r9j&R9`=p)CB#cey~M_TON@Q!y=me2ioIj1e0H%^WA;!jc9$enPCBM zeSD5>--Z^1U%TX2=koCMw~jr2k|7;v7;(N$?^haRMB=celH836ggEqimCNNSUP*3J z-$&H6f<4%f6V%-ou2H2)Kmuh_Cmd61yt4Z#OlnkSw5^rFz$-aTEJ~k|Fu^K_9{11d zAW9r9671o99$hRV>dQ?4PbeOgWLj+ay%LjYTVd-7i#W{mhMlz$&ex z4lVs&46|&}#WLX2e)E&PZ?uytn?qZ=|B4?8&A(-`8H2}FM=f5plpj*UNGh&Kvsgmr znWr^iv~rS&pOPKM?8bY1fuD%Thg6vVX0Bk6k4ez8SxLOVBD8(If=jU#O)apm;pT3X zpJw;U;VWhks}^y4yYL_&N2|4h%rMrSyM|MuRPMy%-eTKH^0s@Xz0OEyUCJ;UiE?qy zw(ZML<{@2nH$%tuQ5~-5l?aY276H&=mM4x`I#J~;YlAdg04h!8|KFkR^mtCf?~+X? zu)s8t@aMEn&(EUG^stV35tl6rwp=D%TgS&>Zf0~wnS~{9dr$Fe@D~0U)ySQZEIF(@ zDI5v5qgUU~#fDV>`Suli4J3XkhI`C>cjweBD1IjK;d#S$${ZL-=#kYt`4N}h#`)pM zgrwT0utQUy4W0k&&YX>es znz1N3LBm$!mm7C()5e;rDEKn(2X3TpcVs@?LlKtp4svjGP*p$4i6jsuKqCh9N(E=q znXBi6Jo=b<4d}k|?S%rn^wI$gC^)ab4mFZEG@HnC*~SPP3G-N>kLydY^<$j1 zRszy8A2#YBYd#|yz$mnmG=3VjIwV`TmsO`;*y=yB0Oc8Z@k+irW9?ThVK%7B+ zPVFVzC~57+tbW;H_}fg^-~){_=@@}*bT56>R=%hDI`Zo*9(Zl+eNmgJ~Q8;qQw zJ{@|F-*#iVA8pEe&$oONFg%jC4fV-DmYY8H>(;R zd-E+_t+tu2dTlI;@hP_|BgmZZ90j#@LSJJ&M4 zPFxWT+2{3oz+!2;Ew)m^*-|?9H;%nH?R~^KxaVsf1kCl$O}fcqrKmJ08|i^~(7RI1 zYA*A-+qsOJD#LfQ24~?zx&yoJ02(s0z|x+wI8=aalw@3;4|*|zHFtlzR{r!ccIgM? zX*~Oixztq{qB)G8eoJllpqFkdR@0-9+TZ2J0$1#V;mi)iC%joa{Z&gP!?w&`i|zOV zzW96kMqDteb{&joRk`b^HtFshBt$LdLG+k4u6vlS^;oyimLbY0l`qGejx0TL@~&v* z5l;zbWA1^qgn#%ENVD1E-Tok4Tcw3TAV=e<=ifCN_9uKfDe*9G4YBzq1m^qi(EN;a znbNyk6(4W)H!%Q0fq$l=WIXdz+KsSFxNIZM%$4yYaQJFeLB-%>Nlg>y{!?h9h?8x++G?U$&XG5W?!vl z>)4Z9-iFfNV?y;054#qYrs&$m*cLr3Hi50F_5R^h1}cBM_`0%UnR^7~{97uVk*8^7 zb^wP=_9Ji*t(53KWIVnU$=@IcUKqgfJ0|f8zUIS)oKf#CS_i(g*`n3(e5;|U$CKK45n>g2dX1anff&IT)S^`>+dt~lgc)%^ytgKab?Su<>HY0Kqi?JgwZXe#~ zAsVEwN|Q#=`CfYJ@7Xa95VY?c9-P)^f9wR}Ij3ebjn1R$Kj`99L#A-cnLAv>^RJ)!#ie6=>4__>KqCPGf>A?MMHJO zKx?ScOGQd930soJg>S9!GSJrGlGb-5 z-iDkB0N2sQJ%Rz+X3J8v=FOvIxQ=QrIW8dm|5?4vcgUr<13fD*wq$+8i4M0b$oVFa zTzK9$Kd7?xh5Ulo9{+R;sqasL~ld&H#XJfdV=-L^ZNbf`1wr556&W zhxi1*XW+YX$mY>|Gb2oow8s8&9Ohq?+#D8Jc0R5C^m{?h0Y%+IcE}(G1j#tAzR2O> zpo&D49QSG`t4(iJyLEx3V4lf^q*rAT=c8z-nsUAIN$ZJ_wysNozMasI%+4FNEp^Pc zj>jo}ck73gvTR<-Vo75H?#pkDgvq6!gogM;y&S1@KyrORy#xAFq4FNARp#X2AnW9A z=@VFFh*@%7tEH_)Fp!IXpQIl8=^t;K-`C%ko7kf3%WD#wNW zu6kW z{XF0AdjEiTy}!D22{Y$;?qeUZw}q`3r82FJW zJNR51jLA*@t7{pESA#0I$s%?9FA*^b4VmvJ@066ZJh+GIMCf7_)m8zjw`rOhNwT*m z1!jh1zgLhs#TdxvW{@J9ROI?y9vgZ(hrO(gsR9WPZqf*7jV#~U;2i}kp#tRKtY@WICt;|Y-N&DL$Mx6!YbyIm5&8&Gk?FU)>kP+y^Er(_X=q8&<-kLo61!93Yn$}> zfyUjV)Ld0K+h#v!e#}3*Xx*nz*an;3DFF!#u+5Z|q~ZzQ55V-HkYBIbve0&S4X=HN zSaTHMpXb~3^W{xh)ZjE9(nF-zXvM({qA-s-1(EXzgIu@P%u6e$_w#6wGQ;!?DT!0B zn5bMiv@0*JX7m+Ch@QKIh?Q^8Epa;pH3igc;?me{r13jV&C#yWe4zuUrx7i1=c*je ziGqe0y9%qzOYDuNVwWKc2jn{0CT&nLzI*@o60LJkCopP@$lTIQLS(;s+whk2IY!r zMc)a=O*wKEzVeGLihYon(gMb8rH|s$0Z!*=RMJUlhic|u@gK*OFD-I$?{1p0sfwan z>yOpL#qI=d8e`=YH?WhE-YGuPr^asN)6V7cNd_&|tSrOdb>oTb@IeIP`MwH)mZK9W z0(4A0$S^&Z@ehdZ+#63&`vdSg znVoB~Q0-7FXe69wvr^qllWbjlU=yvN4TMFIT*^vnPR1RgHJX9(spYm0!iLf{1u%JT zhFtn?yo5P%ufczNI5?WQX-mCFd7c_M(pTO$+l=W31WY@}4D^yZF)S>MVpxO<;XqB! zVl1awvaE?D1vhC)AWDS|PfLsR@A4l2f3up-oE@XWIogov*X4d}6TC9zWxv;EF3YvP z<&>Dbo#++V)#g9*#ylxGoew-t?@913?NUocBuoDFv6J z`NGLS=XDMU)oG6ysecw&iB+q zEM2z$!w3uFPnWmY8(J>3k|XEeEUSYd9|+7+Yy>KuhzLG)Mz&*-C<0tX3QqZ+Ske>2 zpOISHqg@tMzOFBL@TvPQT{3!`csPhQ#Lx%tb$S^{3Bg)@WG(*pEo045gNLX{$v7~K znPPHTKyB2j;r((Oj0X+v;I@ABz-?H;{K@?T*S_D)s|>y`X<9Pr&7hI2L_)v?@L}Vo z+48DY#)eS-+1dBIMhhu-6rP8$t|(r(rz&LUmx(%8jc;p>;_rGU#2xPbr@CX+fD-)F zH2#!4^E|HlTL3=sw+fTHR*HiEm+#wyqK^}9N<}}8KlCKO2Bj^i&dEYb0Q-lpX+#;W%*%e};2#VnixU=S zD>vQhhX2d$Q_ZY^Xs|Xr)6aHx3=?eU6qxQ%@sU9-bs+HLcP7#SQJ6Ri_^gHlLrnIa z+`D(nwwz`sOQ}xA1daf5fe5$n9)#*Nc2XS->@5H~4N$6&1cG?-Rz#C{Ze{ElHlgkD zG`o2zX{Y<_%Y)UVki}~}dC|sIV6p^FUx~o?_A#OP9I>?^>(Xo#7*hHdD7JuVAIJXE zH)~4Clf$JmhjxQ6B~SwU=z)3?oA2)1#6GMQiwL@{@qwdKKNPj^d>UZU5RzEV(>0`r z1H5`pV1EpFYJ|QOOztV*ejp1d+g?sE<|r~HX&z)THS}oacRmn#p0tl8@jsnHV5|YL z>HSVqxnZ7bw@~h159))V?FKv}`*KhL*8E9Vhmi6?x(0w4UE)O-Tbi{K($RKz{_`~^ zhSDd-K)#|o%)pjSpIHBuM)c6uC?dNwkn%~Dv*ll)BcMj!=)W6G%0BTV^sGM?S*&;?m|Pl{;!`!8A7v5V2Hp>t=JNU-A{DZfV+LHQLV_0^rSn&b`;h zJvMj{avYPDT|N3a&gr18)vgL5=MG|ipjkBjxCW%PO%r4AxwVP}7XlB0<+bN3$BZ)C zNwRj$rmz3~S#V|n`5sMVFxVa_tJu$}K7@<(fvufVQzVzC{Bq=LjGA1AmX<)4utV8v3Q$hCoe?2G*yO*frQTP?@mDm@Ury-jFXQCNO#aeDqv9 zgDk<}#TDo9$63cN2?O2F6Xe{d4`08OkE3Gx(KdP)0CYd*x;WbVQm2e>n>d zTP9Np5%u7J4>@b3Oc5l`9O=e-iKD@;~<9f(r|0Uo5}5X8wqx% zdCQcG`6F3S$@ee=FU#L`l;~hR7O_{DXfj?V7h|`xy7QBYsp@^V1G7@SiCT{Sa~x_` zt{VpBCWEvpDX}ip=b-P^jJ3M~B=u(~qxm(E@tbXqj0F=4*Yu5DZPGfT>E=3xXRd!% zjSsyi>9pN-ua3!QJFs@$cVj%(i1BodTJD#n(SmZqaDfyKW43Jr0*+PCKL#e zb=b5Nk`h#+UY+qgSfHV{cI_Va-Y?D)@-zbX>ivS->V$Kf3_(jz>lRI1TdG&6i)N_H z5Z6R`{qhKe*?Ze3VR^spxAvkEybY3={{>IgEw)z4=fBU#x~2H!_t@1LtnX=)H~HPi z)2*29gVnBe9R1?%%-}Z-#nMpQMVLGMRT_24erU;vwyPN98n!m9rS~mpo_o+VV6BhD zWqdYL%yGF)Ol!RGI>_Eg6T7z+_;sTiqr^darEVUfhJd^MG>_V&*8fF@UxvPAS2 zYJr*Tg|B+aLF$*AOl-@y^%?DI1KdB0`P*y`rK5k$R?`_vc^!QMTaoRKGu_9=vmf_} znjMdS1ag^W{T1d~Pv}(WKjuzlA z{md@oExjc?_S=ui-4#?3>xkFymZIM?4;C$$tAg~!D<90lB!Rb=y9bt^yfVe;_*uRE zh|wHfu>1~2!hU6{WCKxg#{c_;f z{80wadD@1K$C{&4t~1Y}+3@}ZCO2XAK|xTh&k@sT1yUO?kjw0LG7yxL9PrF%{Hnl*reibYX9nmVoxARs*LP}QJE8Z(NvjL|OlMAG z*NfU9gj>723T=e9$g*K{Yw>P|elG)dOy8JM7d z7oV+BX6!pWykh$S|`)nKGhf5iseQ}9`;^RUvt8*oIhskgAfD}>zvE%NEdri3;)&FOJW3_4|hh^UJa^Cv-V71pk|L*RB z1i@jZx^_6RT0VZz52j+ZFcw<%mg~)b4gmKA7r?Tt;CBaOW}O$O_qyP)_KfuOKo%HF zuAD}%q&4so<1CEbpg*&1vIiR{@YDd>4_51zISWjw-z-o5&_X;L9IB}lpF5huq}V#M z-LV9(jdn!K4Uma$5k|KL)9nd!h|CSeJ7*?>749vU1G1Jjn+3z9iDhGy3q7$fC2G7*~Vja2k zY3Is}fRXhwq|UOdbGHw?3hSW|mdEc~fY;}3og5tnkUC0;-E1$Wn)ceE_`1G+$mDlW zUg@*gEx^lN;dlu4)0?ouWx!o_pWgenzn4gXZe&4GSK`OB8ay0ZD(t5)JHw(gG+z;` zEtgJ}f)WF5n$LSK9K^PaB!sH%VSQCZZxKRDHld)1l1)9ZW7>C?hA3uw?HZYbEts9v zZ<{JEP)CZXGQ!+7T8h+Vz1+9JPA!<_Lncb>6ym*Zb(E5`6M8 z=c>MXK4Y$xq9d>B5D&lcMY{HQ8j z>BhmD0eS|mQQ6_fiC@%N=OBdEttFdaokio%bysfslH@8|VT-I`NG8=JnB60_ zTf-P8?IM~!{@#klS|%47cq?wo7gc8qn?Oadsw!m8oAoA1IS{)b8}zvMWEml`(w1(A z4Pkf$YD(rrx!6A_FJ2>dBJbea-U>11mEZklxE|INRm=+q%yG&Xm|REuIV(Ftf#xC6 za)9EN*Ula0qKwJHqJ)6b=qkd&wa(=vd=W}o;3g7JKdHs+O&&EfbqV(s8C&SHd7xt| z(c;W!SUiC9oq_fgBxw-bet>n_0H%nUovT#R8>-h;bA=ilztxutB+I&mpH`Gt7YuzrUGG*jG_j$hw#QxOxuLaRkR^sJ!x%nX*NI-e*L?vbrm zTaqx-At!7mnm!}*m;`K`K;k(8K0{L*8h7G!EF|S>@OJJ)5U;mqf@+fX$#2mqhtrVR z0op-Cu^s4z6xs)DD-^y4*3^W}V6+|H8Z7{Mpse?EU|P-F`2<(omiNr_5T?K6GAFi8 znS4Ph2L&+>3sc!brDFn|90JgSI~Lc(nLn%dyfR-7k;Wfop!-{)|2qsqG95*-w_Q7CoTVzK-eU-~6;=aX!-5w$kTiSt;?7sf691Kk=5 ztxS^xgFe@C2<}0->!d28kedulxl?{xa2>nw>;hbMNUdJ*YBjl?jj%6QPkV{Ts&2 zosE0I((s}Tn(SLomhm=b)v9xc<>zZLcO!{R<_zs)_*kIp7@)SXW zH-kWS_5rd<+GJCcD00hT8aMEm_?C9Dh+O9272?J%j<#51Z%7HV2I76qd@Y&132Usq zteFeBV*LTWq7H7p{dKXHigC~(^G!T>$}>`1a-5GUHDt}zFtyEdV2WOlFExh?@x6pQ zq4cIs(+1tXWP--A6% z;^M`wLR`B=o0fWVy19Ik1G_z&Rnc4Y`hQ#IA zw8J^%hb0kTDTIZJKR*NeTmj~7xtv%ZAH6ybK^wo|_vl(2z+3I%LnLJKO{PHet~qkH zI!hcCDnfjVe7X;e#2g>UA?v%S`T{QSEPueY;sU@}lxK}B&0hlP%-+cfGmj=v6z~W;Dt>yH)L??6YkPi4>x3Y|Mqwd%{C>LOo4bZbU)K)asC;xXj^B?WgC#x7g)_GOQ!|sY1{}B??!#e z%VB#Z2`*(|X<^h=)KBX9K+gGQ4o)#4TktZxJ?svj$s68O`BkR~32wRByX3DIbEGB< znb++9L0V9^y(}Y>6C4@3CT|{&`tAhR6d5ase#T9(FL~WhIjA=*i=k@Hl-}4dTi`1S zlQ~q6dOd%<89V#cVhi z=gn=sgB#6;&CgX5#l1m^2|5gNFSiW81NlTE>$ZrASs->c(W@r4hbpHl7PJxujO>nC z!`Av?UrOztpL4Zf`v&w|G#$OxSq!-d2~|e`fGsJ`NK?>%$h00|S%Jk7BeP`F9whvI zp@h#SQI%Ob2QI1y^HY%TKOI$@kLE$-Q6#2WBCl@I^3sdFiNlX-8~X}#*hK#qj}%P0 zO95aQ1dD#?+R7`Jve6TO08gTJ(vy~=3zx|wQ|+5gDBwE-(dSw&Knd%X;HHcCjiwxL zPVV={3rw^G@d|N>s$rTp2gkpt7|3pE!P6xNgOU5iw1 z2>M6@{;w@{6KEkczi*MPqo_D8lwT@gue-9d^As37&u;br4{uRf3*2@z8g&TA>fZd0 z={$4%Ze5{vulDvBBIihu8LdAosr60W27rPsnwHx&$VEur_+YH+Hc;o$qM=9bSX8fw z&)>LjFY`18frck%Uhhq)UocxzX5x&VPyFZ&MZXPlD-?6b98DOYTyv_>J`!5ATu#gG zvgZCEn3BG^&W=ms#3}_j4~Cm@G&4L0@NeEk)u^6xM0qv^j9la-QD@mYUY9#mrS=~& zf}?xD5KSGGzyiyxfXLW2k^Cu8I(o7Wd_i4qX2opz>9p))x0THz)mcyH+vs{*1_(Z?C7`bTp?%j-00`%Mrt3x#Y7vPL|p}Y zO-AlbVZ(RGa`1O>>zj5zfU$t#?80{|n&%!}Td z)H=C$ zRL!|dWY=_ti1~b5QN}N~|FDL2UE}e-!WOU7bkAeI*a_jM1tOp((b@ZYce7Zn6;PBs zCqsarQoi6!y%VAh7fwKS3Hg*iInDB$J@Zv0H~|-Sw}6J*?J?gBd7%+|CTe2rc?!eU z)&O=RtpdoYeJgNdK*vHT)Pg#Ubt0@QY`!B_H#f)TRoT*P|0CRGT(zvyu7@si@F|EE zphq)!?g>7~DOp6N18??8u0{5~j*yc-Wi*<8js9g0pj&aJo(iT}vQ4|;kNU6OoCj}? z8XVC1E&M>#0+9pyu%9-9I3V)HpKzxf|AG*Y&WQa?f#=Fi4`+6)iJrmo!rOWYJ|F-G z)I=J)zrZFO$PqE~Q}UW{L+1B<`=i!iiLWnC>eZ^m=yB)G9!F&vA_*3OhUinmS z!ZbWjw7zj)u*QA^E7=_1@$!F*jS1(P=p`{tHlW+o%BBxn3V-+c{0z193%VikPX6F6 zZHTdkw>HMLg-h9pL#Ub(y7hp*I@4G#S{ZBJ`xmskxCd+vFI0e_LVBO56Z6lX&Epj~JYZ4*W7C)1Z>E!Gjo{Cto?J}*e|u!Yz-kH{KW@E+r^_4bMBd09m1-p~67!l)^1iEG;c4G&G0 z5`rbrRHZ@#I-6p^wXdAnlO*M_^e+R011qDJo+;0=Yf;_7dNCD;);$;^`Bod;FGTED zV63{3)IFc=t35>2J&3bSVo zg30EYOmaNv3ixaW1I`>9Y#1@YPJ%ty>Fx@F0x>BoS>#FQ+i`F$R{G$G$A;XTm62xW z9a6(wpVjS^pQ^1AjGl_lLE^gzM~c#;hckb-;H)m`zieN*TC9ef(tRYlbx z$t}#0|8D>+@R2O4F8~{txuR33$I%xgcS-rK1u{&a*QVg6%JN0cOf&%6wSdptq$=y2 z)!byU*({5H{w1Vre_tlw$c8)oE<@BCqZ?F&qk!zVRzz7r$RLH9T>&9G0TDvhkN*NB zA7dY($|_W`_j5&~oie-l3p(j>kUevPA8>^FnkY_17V{Jz#zQ+9UN1_>@>HAVnc>i?vQlyF~*p zAaMfRnsOjgK?p;nSIxInZGt=*cdJfNt?r6M&9)^L`0!dvo2eMvo!eTJ;!(UjxwFp>J!VUN{LyvtRn$g3_cm-;p8s z{+@I%#8A2Bf$~4!e5bS3KTlw0=v~i1x8+DLO`oM*FYO>}Hm~~MyOR`DTbFA=+VEg{ zzF7i(G7zvv$D!E2PAlx}s2Y`eEC)pz*RP@hj%d+}*Df+Rdz*Q&a;E?L2%xlCRdFL^ zMwc7~iL((*H5okGiVkt%=(Y}thQQr+|1e2@Ve}B>W}DyX0ve_MO|1jUCXoSzPGq7n zv$P(afZ-!UR{B4l*A2>gTI+w>tc2MLPP*O-9e%&pJag zt^f~tD7UyPu;XZ`Az@dgQk!b2E4^YP0UT?h@3KjZLV!w95rfil5lJ{kn*y0!3_Wv- zA!fEf3JS11Nv!`tmBrvV@F?Uy<&G3FL9r;=(z4y+2~D}|fyQL^`@pxz^0!VFsK<=a z+>x0^7ni?kbRc;VMu8>0IG1DGssqV>;=@w~;L*so49vTeWyZ&-C7z3TTDFksP$?<% z<4p?@a|PZKrNi}gzfOeJuOpm+=@i(I0e>9}!QSaprx#($-E}|c#cGPn!RW)S_g(v5 z9?-8xy#Ewr;Pv@)mJlJd^L+H#BLd3o>*_?{2EysZ}6fh>mf8T_3f87?@}DlNm-J5|Sunzwia+}}yZ z<4hi+4ay+3@3Cej`86o=qgYS;m!{MZ{#s|tbSvmt|5tb$r&mnpv>=NY5Sq73$F3C% zjM#H!pyTC)30`au+)YG^|2Sddq8Hg`a#X)H$yg%;};TT=JVvfz`Ht4OtGz&4o;3Q2FO8lyhg=89yW zu8zsWGxl_#v;UggySACpLK2`ekwl zB``(-gx^bj8sz*bK~)x|@3ge^2nj{#T(Fg?-DeKii^J(O?h1sf1#O=hOAKC!1Ci=hdx8gpdmJAC>g5Jb( zz`$hmysZwnctTM|BoWy%7wVaxU}4w}#9`@JgWx4tvJ|}nLqq~?#P_0m{|aY(-wO^1?ZOc4rX`H7O7Ks6LmTCqU^JRjx3JS7OwN@~0acDMT zZ15|S_i_fLGedc3W5!5U{Fw=0(QRjIuPG)^OBo{Bs* zcuN-6Vf`P(KfJnSvPnP4koH1rjO!8;?murKA;Aj)JX-vM>3?)#HK%_l`ZE(B`(|dt zg8otDE=n46*OaU`)mNHya@w+WQBmmYrUVOvD6v4$@o6_gLm2|+q4{RkDI7?sis;v$?KmTaK9 zsJ4M4=BJ5%23$`?Jplr_Kkk0M#IAh=#*qlIBdYz&!FHtO)^{y1GqY<5q01}0D!Ffu zz?!;6>+lervmqGOP;=VruHrQ){96P-i=tAo3Fo61P98HiPVBZ1BKlz>#(}y{k1^Zx zRz1n$V5+6upnF|HxCFndSQh1*H0-#JBfV-kgjH>YAu>XL&ald|EuaoG}9tT0M zBUxdM9GBZ?0ko*A0Wd8frHje6HkaRyK(9*Vk}mSmM`uFiG}M2id92=4mR~75UgjzD zDycZO?o_kj?rR_mqAEw z!b4?7OF70D((^?m?r&f4mVSE4`+D=T$>8*-b&cKTS_X{3Sbm-Iu0T+uYH z=c++YCQc!0Lat8=32`@AQDZ7OV z;yEX2=B`Y`fN|@X#(Xoful_aJho1Qbx}!NLnqWP`z%kh^@tIN9T;t5rf2 z@%<_PIq?`DcdTzic?XRN9gvx~mlFy6Ksg)Rermb;Ld(25vw!)Y-$1+*^$nH1!znGc zsX(VfjbFlCLe?)~yS9skfnAJ7?$?S#oka={eWIec93lq*(y+~QYwa0Rc@&u`kABqBqj>Mr};G8Ba17>OSB>%l|BCS0E0HAYaT3z z)f-{<{x;qE3x?+dEuXkLqOHA?ENE;LO-aCd-}8{gOyPD>e7w*s=q~Fl@lM31KWVJg z&r3loka?y#4YqqhwO`JTd61(2{=e;4Dud`-4ELno&W%^_2kM$CVt?EEyjX=ck>D}5&00as~e5zkNthHTxFwksNqIXS=FJMO7QXT zEb-1WPAjo)AjojA zOBWl3-Fr#b((dJGE1x%Yvah&Aw92Nb&(@yofCpc*pujad`<2x3loC|2Vmo3) zFAmt#oubUnt)h>bZ9m3tX<+W_6d5=aKQBpN$ugFwc{m9-a5}L513W5-(wsA!y;Ak} z-_{OL*>`*$sJuqw70P~F6At8UUyw0ozpsD%|yzK%B=4hgY@#jxR9w%Cnz!f<{MlDKJ z%i1G5-4Q@(fI&n?I0Q2RMwup6gMsNyAfO+5>lDv0kdAG7Y~L#eiEKbWXf&{LGpvp% z-j8Ny`WYjm*SWe+KaQ6wknNA|!18une_=>?%q?io|eL%qGz$ab1pN`pGsLlMv7;)lX zPf?UF79B_X>RZ4Uf3ZsXT$?j8al4xqqIwn)3j4twY1ow04Vntm_EbjzayDyX%={yQ z*TAw3;bQ;l$k~kJ*sP-*B-)^7Pwp}sKKr;o7UUe0Fk0NCs|1&eTwB|dc^uO9@R4z} z!u(azYW20CVTe*v|^`8-0`@)EiGdA?*O%o6oq$@Rg0PX=3S6tzl^)%0<)TxL|LjU}k99<_#QX zol$SyKZ|Z-^4`=#$lMWri}49{K}%_U7rDo2qnQHz`=vnP(9|y?;fjxM%?+Bf?q{|n>;UrEOe3Gvn!n%H zc6z!x?dmeAJ#%H_G?LxD%Sd>fJbvn-E_UEjat^o(1E~Wzd2ferE_fGLbcVlrw?*WG`JO(k91`; z_a3o4>(+@QQ1+o&G{w^IX-V6$E5FUG_9i_2+B^M;X5Xk`n<^}=(uN>CYj~R*x`gK} zPt3kG>HX(hcMObApR{Pq+MH~bqiGVslji?5^rZ&ks74u9W0@m3ED}%0B;_|zrI#0^ z2(P9=`?C~Ak@gj#hNT^^kc2=bCjlmznm7OMRUq)3qvdKxHs2LbX};1A;W+r^TAByU z4Rz%nReex~De@cFs*X~`U#ZuCx)RuL$qX(I#czcqR?=!;cokaZwmhQYlfndsM2!TE zV+9xa)d$Di5*TI5u6-@E0pb?Q?bE*dyL2?!AR^&QQS}{HiRh{kgxB_p=z@KBn*K$t z?4?h$Gs0_`5470Q(JyYSeph?ipE#(du`=eRHhH>>?bs3+SXLc9#CZEc>ZQn0!(hlE z{V=f2DuU`$>!R8i4Y9>Tts!pHE#o0$hzd^>UV>h4#9e42xE|e2dAreNX!d1U{jA!Z z$9PU*KPX{VaPIYx>t1l&(6ho1w$Ek|X>I4n4Qa1bq!Lo2vnprJ^kLQ;Mv~EY@Y$OZ zo81cV9ImIvkyj(LTnW=qZ18O}*7YMZN74Yow;7+^c+KUh35B6li=i9-*;KuTj>$YX z3rp_PNZN?Q&K|VSzs3hHnzJqXv;CTW$L7kFsa$@vTKEgRUqaq&UaTS0s0~xFT2h3TguW9L1IdU=5-uoqNSUqFmPLTMi{DenAxEOqW0*2KuZa|Jul2Yll+Gku2HY<5W ziYVtCm9M?vm=0WJS4B~4f9RetkiM@26$d+paeJTtsBwRAy(1@1pO?#q`ybAzgjg}(R zui$84@LwZ2>ac+U7Y624Qi2JBbUWey0R8#h(5 zTch79OT^Z@XtpC8Y{14`p8{QzaF%qR=hPx&JJHX`Ea(!YMy&=%*2=cxIr7xcE13^1 zmoqdQTDMq4UA5El$6F4@*s(Eby>^0epO7RyNl9et@o94q{$l1oK7 zoo9$iQ$FB`RtB<)EGjQSbDx3bV-4e)v zhzkW?;`O(Bh5>w|Y^wYfB-m`4k$%rr>Zy+U!k!p}9zc*RVcR^~Md-*6H<`*!4vzF@ zXgFAT5^s`fZX{NJxSKPT`A-t}vohyTTGajwoT_jw^M;!m)dd19+R?`oW5qUMS$)P% zkot{~kxyd1#?1Mbf4B8GC8>otPAs~V{7!XwnwEKEjo)z?Njs1($57*jWMWt4xL((L z!|47e$VF2Drl?gyto^Z6*oooq(jmjn0$$!_b3zGG$L{-2N3AXZr>K^BHLyv zd&_wuAK#F{DBI4=bc8Ve%`HM#e7S1i+2~THn{i@_;TWv>JH6e0VA}F*z2Cc>*7`;}b&ZF?4Ed z!`jC-f8(SM$%C@q3?Sy+|Hem#s*BqW8B)@k_`!13eLnc@FI_d9TcWDIm%c5a70<4g z{IuoTR=ZMerI7W6(_D<53lX)T^~{uVZR~y%Jmj`uD8ZK-By};mJTeJnMGe8=!0$rI zHLxPxp0HMBrQ3q`1CbU2agra%-sRpOQ;t)PwVHT=o1K5oqbw&R^P2H1ck0k?R$b5W zKMZuKRpy7PBKQYeWSt9(aIva$$>=XtEP?E6+menuvH3oS?(5NIsM?J3KIypjuz zarcXiKmYZU>PNo49*Ul@vNG}-=0hLY$|N$*HcDr_$Ux_o%sRrvE(K4fRc0wd<#LO& zmWhEwcgJeX=#uY;_dlxlJ72rU_+2Nvgu^zOO94(55rLmV6U2O>oK;lr1ke>vk8GN! zE+O}=qM{t02^R`cRr(lXoY0M_WH%<>Ok|YF4P~wm6=ZEt=A_G;a8BL&e8bH*<6Gl+ zOZE+UZ=+4J$x<~Lua$BM0|P236~SJnbt4n)viZ_HP*rlGLsNg#z(gOW$RS>^1?;_5 zC;BdmGtfo=`|mvlp`udl+ikxUDh3bo-e@ZG zCXx6V=(k1&T_QDh&OmKKJ*GHZ4(E3|eBNlTVb-19(r2>AsyWc7bOC+fT+DuW zYPa!{yGhI3kTbq*a8>GEK&KsdH{Q60_8s}#3}pVMOO)ata7*@|*S*ke4!jCEr#T#_ zHMLznIpOfFRUjB24!X)_&T%fj@0xXEtUVg~!A0}sd(1o--$>f8Gu5=B zsfp&zGr%7NP!_2|-7J+s{A<>c8+V6GRPLQuZA!4M(ZZQ#j7_780=M8Gz?BbD^&EzN z-h3RSxx5Fj-g3XDK55tHs^Pccd-t26MNsn%S&Y`=9Ng~4-07Q?P9ZOYvGnPIWRa}( zuypqW85Pj~C@g+HpI9hAC9I&LKj9+{=2UR`SbVD0NuT8~p4y65g>w)BliW3NZZcbg z2(59}h`rr^vI3INJ;w5pY+bKPvJ#2?TgAW->XE^jXlI%+avK$dB zI6rEfR<$n+&-%R0_gy{Vt#SEVsRCzJ`;;pB7l$#+`VG5G&01TQPWnfi`c-nx%(I9+cmX2`2X4b~{PZUH+eSIMd>yo*nulcGi4kZqJ__i1nrPKEM~Q zNoSdh3#gDovOQd{?X$GhCYjij;aBShe67BF9Ooo6aCw|iuiYR)Vnp9{w<~B{**dRv z4-3Dyb5@$bLff?6NjE2D9%1l*jyc>=?WJ(s)u^RB(RUlSOklZ3p_0x6{pbBpek9wg zrAFwyyq2o-&+Dhayr1?_?qrk-WcRYKpJn*o3p)2sfv0hBK=2a_+AKxVyV$yi)Y@YZ zc1KhJ+SDT_bI2MHoj3^6vYB)P;KMmprHZQ~$;AbrGCP>d?#?xN6{VSCZ-G(pCidH`VCaW&6bsk(k`NG_tDwkmsE63f7MTR+*tKV z?!&C*;Fu!!=E?>rhO0OqOBk0Qz8w&a#DE=ma#kNyEJ%hv@x7l5iFmoeU3foyFzP7l zA)Zs*Lv+4@3S)^7k~&sMt>4q$)S;@2!$xFgpyhH0LSr9nr+Q=k=QiOE*U-`FDpZ;1 zc+cFFu8*L+O}*>;e!57FA%^riOEd1Ry>amRoEmJDrIO+<^hKIzF5kJU;Sj!Tu2tRwC_eJJ*VZ+T8>u1LfPxTr@NO7)d(1#3#ni zpxuoVuSQl|oPY3ujp?1Zq(}Qh;&WFTY`BFgjQ$?QILg(Vq&;HyJAK>l+hvud(`|E6 zkJ>xu+8Jc5mchN?tEUIwkT&%1Spf6h+ur!YHS(R?Hxgs8vtsVQSfm}o)Bn10`{FI- z$Lsh+?T-r_W?QjQZ&YCkvBrPIp!2@8@eS{;4qClB_<1ua>7yt(oC)3Ahkm(x;3FdO zlGo42bET{%7`!+gzHc15=K~rnH9?n^DT$hNK_c~#2GK=*Z$ zs%T@@hw%$KU*8c1C>QR9nA|JnIYXNl%5TiveNl>$={$xa>%bLYzsC!1m!_86+~1&5 z$B@-yd2fzWM~TL2vC6gqW^gvSy^V%@859`lF8WBe`j;im!B+%U#X753l7~$znAT7u zp?;!Lo$hn4dr&WH2ijCZ_z*kicWB*OZyHRm;d*R=x6w$=8G#2USFpeC`7 zpv~>?vF&-%%E5WiSpw2!OZ6CH#mXE9u{cZ zxy^?&uAM)0`t_Tjtp21^j7T1sT<@R#*Xw%w6=UVLga^rBIhTK$XC1}cFlKvFT{_pO z{HtqBe60?Iu7831HU2tjpDizwSM9z}m{`Fz^pZ#J(TUWJah_7A?ug8Rx^JwW0sipq z?*9pjSHvy+ob3#^9qWPH07?5on{$3jw8qk~0KotH;D26`g;CPu=LfBR7kVL#jLajo zpQ>#Q74BPliB(4;@(ms=b^pzL=l$ovD}3mXIy)bSMb=6-d}1N{pV_)OMe}IaXp8B~ z`&~i@zyJ96>Hmh%A3Ai8?LWp~_^tc#kYRrCXW$F`&n|FZz`wtM|Nev+*Z=R~^etMc8<%&G062qQm9X46r&3mcXnPkNfAK?zPv>}F?2)9s#i4I%0ob^-gJzc*hI zXpNcRb)6?@s;uW{HXyF-YWORqTT8ccD?|68&K_1>Uw?@-j0hbP@8&zCe9i<8Luf z6)#4twK&$czTy9x;gehPa!i zrqFQTLav2XVZ7FvlvR{6BsEfU)?gNln+Uatbs<>)pf7Ef52L>544HuZ^`FwV_B&xy;Om z2FEIwBWdo~!6#_=qj7=?^=Z@QvD50j)lk_W2vjhwRLrjOp@|Zg>g7YOiJM`{@ z8hG$Nf8Ls4f>6Z=?-O6XhW1^4(^#OdhSszD&pVv2-0Cs5_q|Cgk0~}%!n>nM^(1w8 zhbD3N%~Y-aAX?)(J1$;iVWB~e*^ zN1`5Of8MeDmYz!z@|bzqu}xJv@C>8U;U(- zU~vxWKgpJljQIm%dl%7hd(`xiA3>ljz5?GG&{r{cOx|gf2RToY0!>otIt!yH@8lbk zI@qQz%nV2fHCY@+DaQD(JA(_7h>TlJT3=XNblR`>UZcysIB&++XOSEk%v8X4<-JJ} zVJ@cVq0+Q;+0_bmYi8#6c9Z@#ltjuv|cSPy^SWt*`fBgOC4j@YjN79Hf6n=eJl7ryfTSu`ulal z1L4fWt7&;F4}6UGZ-++S7YBi=^56A-v6|m>>b=z{XJVhb*<_Xz`Ot^*i^JYU!zWS( z_Jw=x`aqXKyW1AEoa=qN-=(h#WF>zT(^Q>K>`haPdQ4z!6Eh z@g*qa3okS;YE^(HFq}OC<$slMXXU)uK7U(hl$K&6hpX7Rm0j#&+e5Kg<)xzDv#pjN zbK2^KUH@z^9_7)yvFl$jVaBkLw}WxhyZCWhJH(x;;&dbOp2EZ^)h^EGR#{a%kKG2OM?*!~oGoBUk_-`)pvzhzdym~OF|%LtKDP2IVm32NN+m!$?D`|Fn_s?4XL3kUMBf}|t#sWO$;fzR z?XP(xS9W&Ydv+0?fr0XO?>f3_6qVZUOHBS=i)F6+rOx?c{i5LUEDM?oi4Drq^s4n? zl;2y$w>{U17^XYhKOXHpeSU4cPF3UF(6=Oqz}5q@2r2aTw~?Z zuX?TLjo@7bE}`;3z7Z-&`4XTbK-|;FzDE75?V?^JY)z&e7Gvw4C5? z59^agIunbsGE>PZXx4CN&vLVgGlwcxgDi%K`|O3#$_|Th9J0&kU4ndDTo{>&&FG$> z(;Gr^8s1bbp)!f{GQyv=8LO%y`N(;5ptczsHc2CYT5|Hj8JV;vB^8sFsZKA*q&XfE zrHR8Sd2E^YMw%(?{oDPbxb1KzSM3)Pup^qIjhK?`&*V%r_W1nFhBEgpx*xKd5}wFT zm{Hv1t>H{VOwOHSJr2+OJM%`aYL-QH%G!O8dQ@{XT$>2zAofyHPF)&j&rAyOmRx<^ z(qiYQ1mZ1+uVdzWPrl;t)&%W5Bek{HUqx9Ut|w&gi3>>n(Y#fm~qu-;i)X{ zcc*W%Q^NX}kt^S<9QcVdS^U#PI+=`1hT$`9-zUPP{ewF=k9*B_ly#V$J*xrR1exT) zHlfw)aKhgpsL6p2%Y=KOex)(|OZuk-9KLTz5suX)vX_L84Y{&v%I0~5$bcVplEONf zn0)FJMmv1Terr+S?MLM>Mhfzj{j4w&L%vkBeKo(-Tp*h0Hln<|Ebr6r!;wXZ6gF z64Yoe!!CD~vRa!4iy0(I#_x1oq%yf36P{snv)`d0Fkf+>)4?ogq`+HBm@6S~&Ydxw$}8`BV12Em!kSM>t_WWE{& zjh%}w`(k|^3tU0#<-Vovm1C*IxG)+!yv3)(x>b=_g@YD!F zE)iDlg!OatPdbFCy;c`;cFxL@9XT_ZIElBiuFn&j@hSAvyDrNVn!g2pLN zf>eY&RW5M8C~QJTsEpW)yJb%5x1-wYBfP8xZg;hT|FA!k6E#zE+dxU1&|%RE<5Zp`mbra;mnrS-ZV3 z%9S~^!LZ7;QfWhCClMrQ7vB&0W@=;_SN0L-;-N8#WL)igXQNGYWCS6DSF_B+y+gYJ z_bX+MIFNfmOLkKyjOpOP;;6MuCnH+@xFe{Qo!=Shr@AJDLa$VwFOlePBG-CA(5TWm zqBS_peNV>jXdcymdTxI$jS}g&#ud4ojR(7R_#)^N?~^KXPP+t0Dr2&i)mV-XBLTO~ zXE5H;`lmP?j)ZTdyd4-N6Fqft?%KEatQUQHt=rl=f!VX%zoVxH;~pKWHn+vWNV<^K zS9tdH_`~Wc3h61(}=ao}Y{6-m#_IAFPIQjKbDaTaq^Eb&fmgCE0 z!@LCHL_R*cQ=%JZ zo^I}{QS2URCPMrWd-o#@XYbe(V+1lGQ1I?@D|&B=~#lxcX;GPI^^xs9_EU?PQL36*>4PtDbSM z>elQ^*N6R%zEalKl6*?9hwoPs>^v@e4O4~AVIOwZkpC~uH3l2 z^RwVWzLmyKB90}wCUDl0U2c(2__1@|V2Nz5^`4rI=5WbcaSP*_*RKLHDzDr~B!2z{ zQ{uij=sZ>9McCqgnM5$7&hDwfV2{Nsngbwb(?RF1QvrTsNDNQ2X+wk3uc&|avUB&rh zCYuUu=ejp$Y@^;rg++(2jEp|Wj?<)2DG_)!I9^M%GVnG%D66Trbk6U+%wKd;SD??V zVDfYK=bXEilp6Xb`@?tJU-(+!d@>hQ3N%NN3hP-{n}Bekr$>o1bET@QYZ<}m)>hVd zPvkU;TcYrg4SORF`%58Y+L4`C+T{5=M)6(CwTOo9~$(7`bu?=?Ee~;j0(|IL&)0)S}VmvzP$@VPr z{&1Xx*ApAMe;2S)#)Re#B1g4pw;p_}U0zemYUy_G`g;bh4qCHE2hnxQr}_mfR#WHv zsq_1qo~KwOt6 z9dAS;G>9`Gov(3WJkW}fY-RE{-Kf<|Nw!F3PLnu|o&_gm3B!W$AH=P)e{(xg;GYd7 z+VYf!sN0XSKr%PfJQGJEi~q?69`;m<@35U^CxG8x8<3#(6p|u(DuiB*9EM0WCc|biY$0duX7{ zS;wgfyj%nuC0|h_&!D>Fy|eJB3n7zPYqVZ!D>_RGtw*?b4VBiHKQB-|7iTa!`>OFe z)`Zq~X39=9YB)dZOcLwkKO2u=#YN-7$fXu%ehwe3Hn_?ulLGrI_-XHGljtdS;x*|= z5sqs>tTZXR!nh7iy@~50^hXxy8S7Ie(Y{s2Bpz2p@JrAw?|5i<1oK2(a2nAw8iRL1z*pN@6DRX1W23p=D&l>Sp}t8OX>ilk*+ z*YEOZWH`ao%jyt2Mh89mAS5$J<$_}4bz-jMKHb-S1s%1e`3KpbImo(y*Iv*LGDF*7 zncpFO$Hwg6n$irF@c!!3YAj-BA(Z}k*-%CiqfVh%a@Uq5a?JQW7y!NV=7g)~SBXb_|Jg~- zT<7%2W>>(3&qYI%qU3Hn(a(I2W(9U>^{uM1A^SGFOW z&9i`Au&PHrawxcwA*)n7ul+)Um^mRFnIeW_NwH()qdwT)9kE*PpQoDXQ8y;;xZ~4E zq)XXNWs`q?m_;kMwVDVSAEFy@ndUa)M#&reKJzw6(rp^44lO;`SV2!mi>T`V7{;si z#6vGoXf@~yy+#Ns`J(8?9JTAJ;U^oe4JG#Q{;t#07q%yQ17NUu@ggO}wQxO!2rzbe6}sa$RYE z`1At9;}|6mz|~!ywznqj$Y9+JXWyUX{Nj_We{ZXe8!y2Ww0^Ogb1WTWap&Fl;N1T# zp4iq^QJk>su$22$Mhd<=L@7uW=2d=px8)2P+8l>zuYPhOJN8i7hl3_;UlR^|juVF8 zwa10?cP}2S6TL0U`0_>swra$O#jDOKv#ueKR-UG` z2!%w%)y3h$diiIC9?}l$B7fS?4(J;DTt?+$;oe@$R%3iLZz*tU$ey5-`-Ozv7Lis? zZF+;J@!uX!X)E3gNKGlWAGYpHrjR`UDj&I@lFk)9%IPsMDZM;>(NABIvu@ZXmzTg_ zGMjnU?xQhx1|rp|L20;3Z0g3F_rtMM!YIi?P|fJI=HKegTBSTiF}~MEG5KQ`>0Q>U zIV!ESMPxS=g+1fSRs=69Tyh4dK}%()_ra6j8&A=Flw(Ie+WAIUVl+o;ieR8D5LL!# zZk^Pe7cFF(hLOfMS=?ytegho+yyoWS4b(cBY-dPuiNbDYW%1CZW=HNxC zw6**uxE(4SD9xbJtXz$nZG=UDoH{XgtQmG(!A^cYw}oDeF~eS#$7L35usKG z#UW(tlXB)^f`;lHla9%po<7{n9NsFcW%};*AK}wR623J|)LEA&%Mt$Ffm~q%;qzxg zN9&+xe7U>sGFN<6%D|l-f|~$ZC}_xhA!o2)|FYqo@60hVNNS77L4!-v*%6bjmzJ`0 z%G@~Gs?;f@)zPNFabL&D@}J0{PPfyrf(={f}1ev|72dz=0kDa&AJf((#~pe)|++V(QQ{J?VJ0r zl+jHojb%3|Q`;sP2V1kcaQH@L$;j=9IZ?%OKiYEXbko3HkWcRMUvEtR`!dY?8 z4Xvu@AO%lz8MN$Y@uDi-b&D2fwgPI{_Ms@}IDPxPFKw>3KlgD;(_*9QCM@}uHdjHK z)L)Owv4WG^WsB*FP8ZFo(Z|?)yUyevsI0HAJ+`SD?TAT|FP2p-{Gt=S8rB(#Db@_3=@gbEqWR*2Hli9rWzeQ*_2Q1VEGc7;o0-f1Z8+?C=g)Tqv;DXE9&r9R1>ty7R@G zO_V?71rTMfu556dvb}Ld^IJM$-tvVXhQ0UGAwelHKs2k?t~nu;=ceLz*nTU)x8U6a zkV2`037a~~N*FI5sy>|G4}Ps=Fea3>Z`CU^xZ&l~_Szhab>5%rPlf|cnQy zh_xj+^&PfVwbt1K!*hC+s=`BKHw*`lCVx~AQi9KMc#cZ< z$)9Dr{X;}J8YR1I&Hg+o>Ux`+pSz=`!H+_w6^h<5NqCytqe*jq%Feg0+D0L_E`-$9Gvkr^-`xOP&f595o|i3 zP^+j_2p?!K-$^X>*uvdd9W;Ni_l|G+9=jyJmOREb#wI+dQ$&t@I#B^jvi0p@B#*pN z?zQ;O1|An~-=lc2tGoSl82l7K%k6ve-7?eC4+vr(ydCt__k0Vb&M$@AX-T1P%r3Yk z+(J#t%E%nRi4$zLiTx?!gv+S_rmymagrd zJt*j&`(XsEI;D0huJ|Y=5odSq8E+QMy&X+CFHukhV-w5Pf?%?{;j&d&q7ziMBR91Y z{<|wc2dR`N7W}gsbdHc|dMz32{?hl|o%{vxy!;~c>xlIdrg=CyP=j70XS#>N=h#1< zM^aP5{kI1(R^wB4n(2K@$bS&)m(cAb3$g9v~f7v;G zCzs!5BsMyz6C-cL?omXThv~+8|H%90$&l>1p+8W-zLboA{b=vAspt>;<*rN0OR`93 z#>tJ?W#zV!ymH*69t@Vg>mdCD6=0wE1vOo5wW`yRft%uzm%1V{#``lC4^6EBQ)}7g zk}S@%7kw8pe8q4wn{j8U*HhJr(s4kjA<;c*@gl<|9=0av-{Z5!`5OFgY7R?{>eY{& z7c$VT(6tcd8|O~&2Zu%1OO5{9TFfY6!rdD3zu;CEMK_R5+OOX*YH&O;FrIBxWfvogW%MuAZW0j_xxp8otwUB>1PX;^xN3E?_S zF9#L`;cw&=HO}~bkuFg!00>oGk8Gy&t%v7X60>@1Ysv@xAD(n}GG}U0l(RoYkAG3A zJ5}aY7fkSmTTJoVOuaJ6HkYOfGii6-af(D``D{!tB5=GyqX5~Q76;DWU8}7Chmbb{o zKL@zye&-RJ>NiEv^5s&SR|}ukhBJh-qgc2x2BI#r*D1LvQ4(^2iYAmvyhq*y1&-Hs zho%0lKCoP=;pc~^qyyC#B=LJV3r0tg7UkPsNw6^SfjgX7yOebveqCayH{u`o0ch2n zQ<{?od-k3-=FQ)E)U)8o3K@CZ4)sZg@H|i)5;60I5bS(6t41;**dq0Amqm@)f)s)g*j6NZrD7#}^fqL=E8gh2u07@c+%kJHwXW*y;dYa1M$!+ryfMxpKem7Cc z#D&BRxqZ3ZcSe{h|7p!tsaP@lWG=xWV#p63j7PeqV^3C-{SoWIDncW{lE^$m&75Lt z5S&OV)n8Q6FJ2);CBnl((7s_*^ptbm+I&IMUB<5zsrpCEFQ=zyylqV1l$b1?A30>q zLzku*7v$-={d4Qn9`x`;fpXXJpODk|W-#>4kAByK?xngqJdX!zbk?Ai3s9&!fz(w- z)_!L?Az4avD|7Y~+9aqnVIt#wK|JM?KWAq9X;_)A^9TFY@N4?v@aY|qK^%*3jh_%R zk#7$%z6=^94vnvz333-1If#rr%5WBK^;}3T;rZa=YYTV$K#fE%iRAVwSiGEj|&<8IcG@ns99p!6T9EbNFH=9Jyw zztpo8iY%b}leM3YQN{+2@^?93)Otm&8hxhjK}BcB|1PKZ?lI!ja53i1B@9TXRxpaz zeDIp%A|zGf6evJ?$Kyl<6`~f-U@t|Xzdhl=c2%S`mI$5f?nhaO{GPp)-3d7Z!}4KR zjX?4sP>(`z0?Y_!tc~c{ZX?f=B2O59caf!JpA@vQ3dOwnM1*3Ux@2D5F%wE1?4;7a z5Zv%FY+O+1Xw>Ab#F&=ig@H8Bv%8nho-MTb;c1iKF=P>x_4V}IRG7(sy^eRb20UuGsv1uXFs&!%<|hBttU|W{tQHS*!}w?UqATUe%U~ zzAahuTBhiG(A=%0)Du)0`R&hXJ?3;A(9o06swIlO*M%b`s>%RAoz?MmIBRugNt0Ca zO7j<{UmBPrJ&(*KSy`3(#PZ_#O@5zY%U^9|XT=AeG>sk%tYlxjz9VIKn>0m+!2DHR zq}2Y~6bvR0rr|#2m|o@k34yV1!<2QHJab?aiGgzH2*m;d*(@|X zG4JvuLa5e~I8Wvl)c8o*DU{9KeWFIMG+XLDNjH_jqBjjd38)umilt|yiC1fI0fHO{ zjb}rA`37+&WQy`owC~T`9k!t+kr;_j$R2s|66LqO% z7vsCVjgMusYQzUdzxb^LM&=j($II*a4_>(=52tX>$Q(2;hdc^Z<Q#)=$s7(#tL9)4wMOTZk}-x-`lMOQAqQ@BvMUwX`e zb@A1XQw3XenIs=`aYczQLKD;PX8womfw)A$(j1tFqQGP3eLj6^u{IN2vlcp z=U}`Zw)eGbs&#%ZKl~+W^-asMfJhCN_tMk$;@hh!&D@6QtaKSrZgfh4vmz4)$c@5>&69FeuG9L~OUQu4G9F|%n-4oQ}v=`I;*5OxVaV2_R8 zZtn}-TjsJqg^i8j^`H|p$u!4wi`jI&%(29By`OA%eFuf=pIMlgh(zWYY}-y;)N|Ie z$gmeDZq|LTRbtd!(mTcfrQ)enpCjpH^yuyIqnDdj<-nk_hMjp-1ni^BqJiuH;UkNh3nS|cuf zVxh47L}3`w>pSW^x&(U`1+8X^>Vr&ndCXS^+$FnTc)uzP>F^=&EP`zXwX7nKL2k^d z+zHoTxPBl1XV>2#^Xj!Z^?8_ex`^#rB0&wA7qf*sO|v?=Pg7C224BcXF$1e&r7yAG ztp>ZvT=f-3QxA@aEbp>^|6BX8#G7R{i9^Hu>ZN=C?3)M?nDqzhBm2yyGK(V zt!xNveHRrc)oq-u`(VTeKwuSs@4vrY3_Ze^S>v%YajCKR{8SDtrcee6$d`6;1`<5m zVb&|sCLGkG(LFUm%hNy1t{?o1y5689`s&7V;OdLR@Do#fj>ySm}lY5BXS+ z9sq99yl{bMPfM8FqWDGLncxVZh8KR?wv;FssFymoNwA8AEi&>%2hrvXwL}-+|CRY^ zM@5Zn(UjMn^A2ME@G>Ty$!~&Er&Hm!0^21m-NgW|ez#6WRy-wT0jl(@6WsY(QIH@M zSM;=8EA>GSBmT&iXaRtIHV^|6{-eI9`cZ*4$-X=5EO7?P>kY z{EA=?v|Y+Q0;(BZTFtYnw2U#pz52@nmUa-%5aLWe=QHCM6HzB&$0pDvbmh9>;wM+yu(p2ja8g2R}usoxmvK@r)%_3&KgZ(jX)jN=S^;O}?GgZ2czogiA#fMGuD&-cTBR}j2Jde#^Y4-cd~ z=6xT$@w0mzs9oOyQL1bp-Q37;jGo?3Xvh`m$ex6;pv>!XiQhJm% z^StHz8Xa&OTT@#-Acg~RHzOJMO8}`K2abov3HN39{2(OI@gI;g2B4>L{^2L+~sCQ16?xN=2O+|`IZ=N{1t(Q_XRWxB3ing(s)PmBtS1D}^^e^WvKce&4ce zT{_=~t0v@Jbyo;!?Xxn{T7SPos!hU}An03V;2BBq(bc}a4 zIwAr21l1}jtnP_jVgP>cr zV7b(I-TJ`h8~$Eb4{tB&m8S_51yW#Hvg-)vFX=p*)(kiXu<$Q+S{;j{<+2;j;zT_n zxpj0-;-7#YuP-iF)OBrUFtYWZzRJ*t8QUk0E2XFS{&NSfLu}ujfA!21%K6j(KgXeFPM?z#SmWI9oY> z>op$paSpCSlzZuksPIVRRaVwQM?&~>D!J0d>i8BlZOAYPHqz*H>k=2+01wc^4Y|&r zG+ABNBDEOCR98cWU)Cm%|43UGT2tYjR?9c}#Kke;Z#85%_x~3G7c9ijQ7Yi3_=6jm z292%#Yl#MEQajJ~wCoeM#MF+Uv|xW_>Y`5&*S9`7Baj=hMczxWw`gCRqgX& zeq|)$h_U>P+3N+nGAj7{(b}nL+KQ!@4YLJeB>>-g-{B~qk`nWo5iEYg%D-#ns@L`x z&s#7=FNAK${ET0awv?C4%l=p*aEhUl>md+5CTJT+wu=)$f@tw(A|HP=wZ12p1@0Yi zZJfr+pXIZvayn1QBlGeMt6ya)HDy%qM3U{=T82si?Iqunj09BTqL78S}U(Y zHN!bdEtYeF^Y$=bUn72>c(0wiY%*FGRDi*+?4tr3-k(?3P(G*#rGk7k6H}zN-el4@ z8Cxl1Exn+LRU|L?Zgs*;xDNZL2gLUFtQv%Q=8NFxjq*QNx%ky&W7Vd=#C^MItg?D8 zeFng-K-5kRHTldiVR`cPYnQUTQd^13wEgfu z&+LaQ+tgA%Ue_r09fu%oP0_K&f(xKC1Gy>v0tqz0<2;-c`@RhCi}@~}-etRT(|V)o z$btX$`qm|Qu3;)Z-5a1I{UW&R(d;5t@70I7>cxTCpR+x{mXkf;-un4EGT1nlGQN1> zSNL0OpG|W!Pm*g&b$J)kZ1mm;&`0j9E=qD3t=|_LR?pbI`@91AMh(Ut$5wIlzw08bHgH$=-z5y1g;=Ew-1GJ*3c=*dO@o}d~6DNCW zw>$8TiAZ3SnP`0DajH^=v_f&*=0(&j1W@*Efx>8v?~2yFJTKi?l|p7I>`Lpm?eCfe z?5~8+iFOZpw%f4V#501K#q#i77`j_F06!(4j(k|X4)R@@+y46yYBd%`3`N3gb&t0} z9IHd}8?EF=q{dx*PjTGP-q2+fGgZ2{uUM`1m7hvBc=*zl(zm0r-|FU1S{f<0u# z-*9{-@%nVX&pTKyrZs4%u}6LWDdL;l@w5sU*e?V=uF!0prFhf4ZCa7>XYF4o4vD&E z^TTg*s-U?!LPh6X84pF+RtdP!z^x%KGXjU**J||{=jlaAIk{pM1 zbmE0ZfYtzOYiQ&ezFKCZE`q3~Rem*}qOGttTP!v>KSjS7*fm=9rP!% zDHj>2>{!20bKUEIV24GM#sv~@_ScB7ZP@;Gk7eG5Y5u|agjCp_SSkDSPP!@foXe~* zBid9Ta>5bJ8nJ~o5KPhTgxAAWe*>xn%wuEoazADso&bQR|HKl3IsCrS_~qt zafobsq11}&Oy@4lIa+4HZDcoCMQwL|V;UL*uk+>vm(nJc>H)B1MkwTbbu*yp| zjh|vfc10dFt!D8vJdf3_ezXEM(P*|sclWLK!_TBwhXh^0WfP;bsi^HrIe*W@4CD1e zXde`~Xb%XrN$(!tZvoF;slLM_GP-lLLl75%X@qI3!ONTuFY0=u`n zZd@ouEer5&OMV-?TfpLK!HKDk7j6oW@e{S1TX*z%GBhFnPAK_y@J$n)=b^SY_NM{Q zUJP=a77ZYS!)q&v7ab$9h==i$M2pS#(jWU-Jg79Ee(Nh;t%OfkE$3G{1>v>>(X60)9+r;1% zZ$_-=@`bD}{5)W&ro;-*o7w9NWgl$1 z50>5iHoKfr$&osLd7^Gv*IK1Dbj{N!&QVdY#UNyzkewcMGEGF-fkt-qk zHy?KWvK1bBp$fQx{_hG!i^TRmK3(o-3K;2cHP-r9uO@%jbgCq?K0IoXZYe)d^D|@d zF{q1|T;?o9TEQz{>Dcz+UZtwoB|CQ*G(E>u0Li^|?A-WxYYh;1~=rO zfdJj$OjR-uO6yknrvml?$0enp&Wz}>^Z!{;b!W1eGvLQpeqh|GhSg|b(I5dG2MMzZgyUsZ3UYy`O}|U%!m=o zF<=datIK5Jsug3;0ACfu;`KSk>vHt$b5a#kQr^uX=LYAr%;T}v2QPQRVERiW1igP=hB-%EkX~kQfPhJ zl$jf&{uJWiS2w-y6-8fAY`BnykKZV|zxtA0+|gR3v%6ud-gIx^&-zhbh_0ccag+OZ zOSu-B(duaQNzdYNO3cAtVo`Q01X$UV8KbGG=>$`0sc$8c*4!~V%giM*?-sYN6Z9^L zLjD_!S6GJiicR=O_mJN$TVQxmIPMb{9kc?jvn+>Dn7^+=q=oMhq(^uO4(ZfWr|qYn zHxhn+=(pk2-A`{(|Et_Q$gMi>0oO_k3QzxIXOUy^i)zmSmW}>5J%mR|#%8tPzQg z#^Init7o1(l@Jn78>ubRFW=8CqAPQkDDmp-;7J~t6FwhDOwg-r@uxyG6MSPx@wuxs zcXqI>Tk)62f%n3;{Px=T%X_Vk?svI$pRq*~)V%A_-*)mJw}ccMa50@QGDi2c4;8&GK3)M3$SWrQu!Lwq#B4JYeAM|y<#(KT6KI(nUHtOcMLyq*u1j?)Zh*}#VUyF zO6%@-YnR=84Va?4>jO)T5@hxLk?DDTU%r=#y4B8YRRBbh8NXk#EZbEcY%{`bQy z&x*1GzxQHp@!8kP0s^jHC0~8rvOoL(Bg;y2a;cKm{ApFZa7dqMrTA0$nN}C9NpN~D zR806gh42L!ETk#-p*mo@oWCuVcvTtmN)4L_TlB`SrDJ)YYV5seLV}h>x!8q_jS*F? z-e=>{pOhQNA0u<-8Dq!u$?b&Os-c`mYgPac1~Em&QCx;iuLv6O!+pk$fEt^zXvpEK zUpV`HKT8Z1F482nQhhkCqDDBdN+i?_+*!gXGxNC*}iB$Nxk_f_paFUzr(O#KNkj`+6k z;*>~(>fUrgR8@+UfNo^%llkdw%gIVES_p2LbklpN_g;Cpqv3N^%8v9?E0+G&m3?RF zi>TGNo8Ea!8Ov2E7^c+DBBd&p=%A*#qn9r5H1Cag?OmlQ*hvH)1llo!h1elC?3T{R zM5q8s@5il+vTV-EHdi)|JgKQl0q4{;401y7WorvlMtJZI#YBnS+hLC3W~3l8Do83l zc<3^V%GOA05RS)3eX%<%^9?SHe)%0z5u|LJrZ)Uf$aqTAL36etx&K@EkK5D}^|+@s z$;~?Xg~aw=>yFN4txgpTT;g?=;D!UIGqURYd!Pr z_^OlxU$NWL=ZTDl)Rdas`(P65bWXPo_EU-&tlW4^$*`e(6<9W!*1sF5n#L!ad6EiF z+o7*4zBRB5Uo38SdL1=Mc@<$bsB$$F8_4@gt;UDaB1-;yQpy{nV-iwG8@$5#4aF#O z^W^ut#i9C$XiT@D9_tK!Da)Jc>zhxEf3iJbxy!6&o}L00u-tO?%Fz~oZc&<^W)XRY zrN-2hYZ)Ud;xJG4%X^Cp8@8_HSc6p#_B44_R|50O$|Hw*lnS&1fMe1K7uhC*ov?ZJ z8s=s=q)>|+78J0V~^VMb|b6 z_@pTaky4jP;palBs4Cb(9?krTDHlR#$CYn#%WbDj;m5K{f~>3%hnvKi|3E8Wh00*Z zX!^I|I`C0TW8TnWCKWq7rg@C_VWxT^lak5K88}`aOFzZ7S8Sm{*{Q1kJ<|}zve>(B zFQ}MY8)c+BuKO*%ah!I>QqPc+_?)!BJ3O%NxowvD@$+=G(h%E_ox**Vv=nlK2PbmF zeFeOErZ12B3w>Ov>8UP(gTvTQ@gdO%8NRUvxbZ2z*RQqaMP0<5_mZKP!2<^ABJTSdkp;|pL)%H( zYxrvK32gK}O;iP&(~!oi(-A5dpEN?pzoCxPG;}wWIeCO~aTMTHq8d^$NjN8~zxz!f zF@@?HTAt8T-FpKr7|Yu^)Ubge?@D!gGSg+uQ&V8tb80_B+177X zmu=r2pWm5eQ}T z*HIr;fTQMcVkH^u$8DRx^5EgA28U6uH|a@%6d8E>9^h0hMb zZlpaaJ@(L^I`r~8iiCe1WT%<{18c-`A70r-{kOXV^o zV@llP=Rj$FCJcZtjA8x?V}L^@38IOMTr1Nzv-is<7}*m ziqITz)_u#15-gzx9!;v|*JRk@7IR)aQnog+NIrssuusMNqiPRe-~1rf4O;m33~d|N zo08m5wv7KNf2JWM`fI*yJbo)W@W2ak!|P>53AGcXdPX?!TwBqKVZp3+ya72Norzss z`1_q1m|8e=AHdwiMXvNbLk+U$H=okGMCd>lC zoJ6%H_b9c*>Qr+QDbfx5);bpkYHNFi)n@8)N=a%HdptvDJkt~cgm#)zQ$JHfiev>O zEBMJe*zQ59>BEd(l?3#&^7pYAq))Xtk*_-lsm0^MT$LbsHR=K=JYMTWODQznMFxZ7 zJJd^|aKa&f=`|lB`@Fv1iKX#4tNP9@W@XF;E*ICR$p+>1nI!^f!#9^KAiWYoy}u}D zdH-A1c>7D9y~V(OAu)6sN&NJ?i?DBJc@nZ^bCd`VE7IG zbxz1v=eYyU=$&GGbOw6=YA*65J|E@?qlTT!9cO-YJL{^S$aqY@aA|cPGJWs@Fw}yW zk}4B+Uu^g>A8J?GRU<}REf;LSTK7Jzzigl{6rA(7mT0kS@L$Y;tex?hXI&q}w2Ve$ zK|`s|Cm(bac@lA73az-(>0g&l^MZx8oor@yv~=g;0HgsiZdM{Fvnblnn=&_|D=^d2 z#l}h>M8DOG{b1+K-zU^2~i%s^Gd zE)SnFDtBP5&4`rCf?>u1S0~t^^h<|d93#uAMqlfqqWpt<$c6dUdRs)!D_CMMPb000 z_&?Z$+4$hb54sZcM1uXW#xv1TNW?iB2>;>+*E1@{X|D(;0zGr>j1rvVHx|e4idm*h3Hl zY5f$W)oy@xx)M}pHjzDZgY>|Mov92V)lc|HcE`3phv=>?S%(>3@ly@ygvYI){>U7W zlpa`VB*91v<@V^gQojaoybR^=b;|v~Hk6rkRE-kC!x%@xnf+vqrsi6H& zo7(KcuG>i#QgYhs(aslu)oa|ipfwc6%ZA$hVbc z^~ViKKvg;|z}>xmV-fcrJ|_?|xGdS_)JXBYPQ*K+!gBF+9OSE<{$Ae#;akuPBuXs&?17A)BR|mI2A?hp(~%wggs; zz*6D1pX>)T`ODYO${v?F{N{yT1JzeG*XsggVW8mjm5?-YcF>#^RFusFFcq++2PXlr zyX5_Yh=f2qX9Rel=KMXzzZE9@0mEHJT0Y%!h4>Y-)?(>{vmnf)UZDSAVSk3vVB1*h zLeNQA!QkYaF%Ee~VgEDvi4NUu*C10EUWP;S2lfjWwb%G$k{!LSAP>KxZ|^6z|ZvUtLiJ7%#4>o=#5`)T{@Jt0gfjS z-2C{EjMpxj=#I8>Jj18;NyT=z)PHLH zs_~M<$bn6?1BpNg`TX~rK^LNV5TgGh&s7HGxu)7%Gv?*I%1ho-kad7;p{ovV6;k$1 z1cr8Q$4w}farhw8X;nshYw=l`{KPrfcpP^nC8*`5Ix`mjIpUd~2tIKH!6qouR^>r1I;A?j4RGwvB*#jzUz_hUCG|23uq!-H=E#3h5QP}-h zleZSo&6g&s&1Z`)Ft{uR-s~fJK8|qEYAoByeopDYe~8O(*9@T$R6yvQuWS;x3;@k{ zEG>aw&QoPhmD27D1UV+I17v-RXZr}yTBo6HX*KSJYSDIX4Q1)HYa{(}R-2qb8@Zy>a8;*hwWQ+e475Apt?6<`i4XnVHGw|St1 zh|D^Ne;BC$JUD~?Uc>R2EMTJPFPG-G)Qos2II$jQW++Yb0&!fN#JdFPnpt)xTW*^k z@hzh_P!3!wp*TNg`P=z(^pI#4lq}K-NE-M%h)0BK2R!0zk#lHi17^Y3G$$O1Im8d_I(pdCsMM1;7inv#F&fCubMs?x9NCu zrK02=|J(xg+ZuSpzy9#$4{hZ?{#g9tAG!hfi+{j3>;8Tz`8gC>n|rITig2|mJI9*N?(oyq%OJtNdl^6s$jG% z0lac=_<51W!DLV z9LP$p$7PAYA@L0BSk%X4-rl~z53v{cj~Np!2y}+#);0P4`8BMcfKVYTx zHfQYL`q$!MAOznbBf;P@jTB}%qB?aL&;de)cV~RgMk4D!Rd`Vb;H@_%2|_@Twlp;n z91s3Qfj^dk(y9=1PVAWz$Vr7^UHj3g*v@bXWW8pTJqTxS|Hpg7${(Qa4LHt#fE238 zPO=x?f->4?S3rawtoncp5tN3~_LI=dJ&^YSlW@M4P(*{RNzi;%4d7ysLW}6U@=jb< z2$zRKw*G7!VR1n958r6Y*KpF*{mC+;QKkupZ7-;B8Pe20IEjA)PTl(&w4uKBl zWiQA?5nX(KL*9_m42iT{f(pCAID4XqM748}^gG_)RhIu7Q={&q`DYwyP0zx}eLe#8 zGUjS;y_8c}_QFSx&P_*%UOj3l(U;9*ib*Kxtv}YYe@O`%YJu%YRUNpDs?r8&yxr-5 zHe-w;ti`LY4pl%{rKA#0$-eT0eoulf3wHz4HIl+}uFlKpZ9wvUPVCmT0`c5HTTG#=ULd6VB&wzde+wvV z3$WZWjDGvy+(q?^3g}VL@0>jwHHy^oU^wOA6rOG8Is}9ykeG}OQvDj-NW68DRN&?+ z?8R~U;jQxi=|sp**V?}g6cZ>k_NxO^4SBNSoEp_FgY3oH_(=~hF+r3r9iJ&s{5Gx# z2r+~uMy#9QQq_L z0oPF1R{9NQ5rt?eL`fRrt3Q&sS( zPUXBeH*-{dW2@Hs-Rs(N+fj?zPo(-wffCf?=+U#iFeOF;!kD}EQE$aibkA>&Hj2`2 z$0we?GF!G2EDy@J1f=WaSl>a^I=+i&c^sJ;hIb-Lhp!0kbnQ+zM>vtk$GgWov#Ies zr4Q9Fw7BfthtVDi6(1AHq;-~XuWVWt?cCK z*#(S>^48Ua0pkelse*3ivh!7xAE}A+YR$e^yuM%}?QA@VQiZAUHf$K2WyLqUeh!N; zG0+#j<{1h>hiLQSl%3I&>#Cd6jucL^a$6H-U*F&?Zgz&P?><4D#(y zN(lHyV=Nf1t$=gIsvdYKLenL=S7WMPH}!H$mCOgZr&_6TU<}`uY90IOmV13By#G$4 zB&MQrQB4}MUf~RkZSPX#c~w>B)r*Z*fp}rj(HtMcRwXfcneevDG0Qy3G9A!Jx1Gz#M55RpHMC0fPv#P!@7`Xy`5^4ulON$FpLupaR@_6Qhrx~El4MX8vR>^h ztX|i0#H!r&Vm3b02J95r5TxGQ%+(cZAJLGg^Yy%j=FzjHsG`H5VWuj?g;Hd;FMBN& zTj#eny~7B^kc(!H&{mpEhYGEEe$lDLsZEUgxB9UUs#V6ftoT5%vW5~;R$BRHJfE)I zKyhue=9=Fs@?Ft8l3c|Zb0^taV^bnc-)^+j=xQRw{lG*T9p7mO2zdJkQBE?Tj5t8~A9QoOU6B@%9CLIGT`;Bk1;RY@M0Pepiv`_X_G@kt*F*zu%c(>2 z@R$7-F`=@7+?Wa~5K9g9tjP_X$fTu$7(sQqhC{jA&8;PD3(tM#L25yNZZ{Gxg45Kxn|W5$17{X@!_Fb zm!o@f4LXRU>CsPg#A&Xen4w(X^>xj>XF(sk_`Jr0fI2^xzXtL1)vRGXg-Hq zxm>1SP`{AXPXD0oZJwgych0v*#Fq-o%Xe^lZP-_o-!Dy~-;6$Q5VzD}r$TNp$!M+G z9&ueIwY}hW;F(BJ5&#qNG*06~_WWsOOmQ!nocc^3{31gJjH+MUi(1Q>s9;HGGAoO; z)(v9PNy)+Fj&k7+%wpVj%~8fg^P>h-8o0L%q0%gG)JWteMnfniuVr;sFLj)+?AiE3 z>s!Ccys;6=yoDyV&pp&Gv4j(Lwc;5YLrK~jW=#7u}?@m z`1puT!!Z3c;beV(KfT3`UNit0UBmeI5dOhvI%CTZV>L1?RGjIQc+^+7{76~x(l|VN z4Hs0c46Fg?(?kO~arT9S?mg_A(a221O2$E7KKcq4Rvq!{rZqEO=&z1wpe>B7zQjy83?K#XC^<(C3Nv zw(<}bYsGpNAK&^eroiOlfYlK%I@~luFvEtVH7{gZuj$$;nWBcToyEg)CMH-iaC3C& zibMN73Yr^vCO39v(t*`(ivXB41cG-`sp^==bCXG~f-ir12T~L=ZgBzRex>WW2mRiUI_~{^|CV%4RS9(Q z=}9ad2$*{lLKg;0&ATX1Vg5AZ_VhGn4WkLSWqxjXg%KT=?M_eHoV5Ca(10PS$aFrn!eRCzNHw;z{0H&Sk}yUBWQI8n!OJDtXsP<)T}p(3|gP`c6(L z%CcFRvJl@xA{zqycsdyIqVLBgG@Ks_F3}D6y zx*)0VM|Avjj$HSkyZ^C95bP&d)Y_|CI>%jHwJK%LkJK*|%@Q6|Uh{L2?Nx=SPd!fa z6z?F&x(S86oesK5izi?-qWlmrVUj>gZtP)&rhlwPCV8Edk#mFFhMZZV5yiW7Fwroj zLd~qgMtDx&)8ipHP`p)RMcQS8UCi1{MUt*AS{t{TMK3o%vzDJSa1)T`;l zXHtAPZ^lh;(rWw4p{3FQvMi752)&|kvYt_o6WxI0u#|xX4f!Cqf!6Mvd=fP@r^%1| zex7gRj)B5!5-6Oi0q``6cKc`~b$Y_3 z@w|>`*mEV#w?hUcud<&jqj&QyHoSjj{62UM~@< zk9v=rN@o8Vg?BaUwsve$(fP?9l4phWuO+j_z}a;uH1P8S2dib1MAA*0wgU@GFGTA5dVVj<* zrCn|t{q~qJc{j~{$}r{Yesv%EIGwqt(j#{!S!`9J?=yA@#)Sz_|315y3aEks6XrvY z=LhvK+1RgoU$${4O(Q_Sd$LQ*RkZRQAC~sL+H19^Us4`wy*QdB>}-w4S+e2WHyN;` zTZ~zcrqh@?=h+lt!zlM9%I?g%#%{=$Kj%5Q9w|+=RcHs*Jo}IycL#d1v+XYZnF4d8 zw9t=O3w$I*2ZM`)<(`@y>;9p@&9>g$(}QadyS5CkNa++9jlwgFhQvhcnp- zq7~u(?t=yB1$79kb+4C2`XEzd3K|0@cv^tnu~mZuC(8yZ3(ZA_dOm%y+Uf|DKaQXN zo!>V4Q?8jw9*DGTsPCvTf$ka{2KATr*OROs_Ruk?_)b6m^hKq_Y-mf^?K-D{oWz$0 zb`J{sfoPo0m!Zk!We}IX#3)k~Q|9oW0PPO^aKX9D{qnkFz&tLafp9aRnA!Bn~e z{5;m|%H8Gj;yP|aV*U!m0*Co6&yl_&XtHoY0Q{x^Q3R4#i@>mXSP#{M=PWhy3XYqEt#{mb=ChU1)JInOnb-dtal{ zB07VWb7NFiEVLcI}EF44g5m#&tokwWwOH@P707Pkvk4y_YhL1Wp;p)EO~rJy~ghvm-^Km_Ft z*O+@woy%-r_4D?6Z0wzIH-f@7N!3C()HtgE2f;6XMFz3dxYt#X;G%2)!!HYF*u8mE zx{Pp*iD~>u8ZY___pyV=O@%9w{-nA2g1H$K`gRAGJPsC zxG=fECl%kEWgen08@;lX9rXQbP3=mN)j69ltvZ5QL~tOg2aLG#&hXgye$9A_S2?CV zFFFkDTU!Pd4rZF^A6e*Bh`1~lwp_|kO_d4|ol2L^4B&o_IeetKw_{VW{XxF`d=7@{ zAcHvgiZvF}>7N17=Pwx|)4MPag5HOq7Hvu=zX(vV1;-sz3y70%8g4zNw&7Ec4(5#nZC9j+pV)&_0* zaLo9FxOI9gHQJ#yT1D~=R63+-#FB`YE4-Y5^qwb0)eY8Ar;RYrahJd3+=}@LuH82MO z%%HO6>XcY#5e{s~f)&ued(|#6pXLBF2Y1&8gJ)VCCZ)0y+c>dk&m4lg#awwTQ#XqY6AQSAe zDIJ_C^&0)N{K*|sc0xaN`lZ?+2b z32##wo0=dwENMf549Im{ldYgG)8@eIF27u1<+S2h>m*>HYIDesr4X5v; zRRU{dJwv~q-~X>(V%P3Wu1plQ*snD4l2uN1u`{A22SH3spF2NizU~>ub@{sGM8aye zYG6lh*3D4k>ydhyWLh>VavgZx7O$QUmCtsue$s#}gQhKQU%Vb@8E|2smrK&@XYa0x zLHp-XN(l>u(dzX^19B8EDdIE3OKBuj{DY9j)8nYEE3jxwG+6 z^+oJtUni>yk5*6N=J$B{oD8y9*Z>=mix149bTgi`)*Eo>cI3RIf~V8Mla8x+831A%U+cI zK&~_goiO{MgMFbS=IxQ^kbQ>+m2CKH-ROb0#pA;TCt9t0c9wius34hJT5JNqn?j8E zVv|n$M=-ck&xGKAFaZZXJ6C#Aed%hxKg^R44 z71qFO08l6nnjdOW(3PCWzfy!e*_(h}4QMq``qx4k)-B27{6y@fc@|((#JpFolRxdC zgJ<4VUjj3@ih?VLUa^n z-mV8B`|igPW=!hGFzL=NjiUOjT-wQTm6ti)!jsfBE6%z_Y7thuo9I>zajYeG*X&4G z+JJHpv-;`=%|3|B`z|Khh^_IhKz|^ZtkS{cuW-MmV+-|mQ+rhwMzC$a1m2$R?AA~i z=r>Y>kj!R;A~#@43QBRsTb}^1p%x#)emRwYN8#&vA?TtNlxGV!o!C?2aHxD< zqx5Dj0N9$wcv|I4@5SQd`LW{ooPqtwUY)5;c~y8i$by?0fR*% zE#DNFsEg~g)ZU_Q1*}Bv5SudZ82LcD`j4Xrpt_*yH@HLa1|(zODl>DC49|Ig3q!ek zRX_0ZFew&pD3t>5z*>~+WrN^WnSMX-7#BJ!s~;Zxr3n2<+=ny&$HJ_tyy1>>q=)FL zHoDtuG*M>B4WGA)x>nGF?&->cF)Jr|KPjHCicGt*2sX>c4%ZywFo*gb#{jo=Ul3^5 zR)zOX9dWsw>8#5&8WZofzUX^>wMt*W!~j_&_*u8Sabtj6i$%l4r&iQbVONc+wg>D8 zW=BRmQNS_49Qg&+7%Potw{oH0YRiLHhim!_v5LtSl9K_sIM)g(CC&bpx&dQ)k|Qd# z`Cd1se~D3U&7I)V;pE%%gQePdSL;RL(+4>bXV1!WJa5CI=6Zc>*wW7fqe?e%6%%=$ zU6@kCv+2+K>eDAzbG0o%RzgYU&(RlEWF~vCBW0~PPYRk~6}X9fEQq(OGX_9uj+3)+ z{gHYkRJk7-(Wmr5VL(PocA1RO63NJZaD$LC5cDYZ}u@~=b^{UN71)4R?L?g^}YzJ zo&UH8_FXyofHL^s$OkKDxDy`Fp-7_E*Gv1slnP54hT926k?$WNetO=2?FaIIR9|Xa zMsmI7Ym}#XUI@)0)aODEXIba~Ud?#2K=YP+x?gLK^`YGMJ$^(B7}X8&@|A#?GPvi1 zI?Xy@DJ&|v+2s0-!W;UAln;pqU9HR2xT&yEGYtS5a8g@WEVAfeUgWG>(kO~CKNK?~ zl5VR2!GF{BBs4!|Nb`#sdGvn&mk2?Q=GLKy2Xo6=IN=$Gzc6ZKkjr6N7pvwe!}>@4 z_^~^91GZ4bvC!_r#!JxxR0bd=gO$pvpIwrieQM+|Y`D(4iy7M)$Y#oBKK%FN^9d3W zmnPggomRzN@1^44+{^j6Xvnh9bh$9mwy-nECctVt8IzF?7_cC%)nXHH>he?PG>`D* zh+Zt}9*(Ab@$TG`_v-*&FDg!6AZK7e`P5Iujf>xJy?u(XstE^Ej5uIQ2s?cbq&M96 zg8-!lW-V#pk$vmb#5G7m{$RC^bMyW4?mauv18o^taq7O{fyUmL%5Q+jKy=h*DW;v3 z!#vjCtggp`;AKcS!i}%}c&g;buUo?pwuqC$Zc@QpTK{2kmUHuOSZ&sjcp2AJs~Q~(8FeOn!3O7ZZe+X0Td3*vS@+%jx%SGbp1tx+1LDNVV>I5 zJRaa|`MK=AHw$UF;){a+a`z;#J5X>9(E0M*10A;7<;}GR3$aVEQkfG)-#WX?zt*^| zqM!}I0>GONS%6czk+Te(R8y#TF0$A1^bu|r0YZci%$AdXYcyj-WK5H0@>EQ)~>3S#cd z^Tl^_0-l0MVs7arUifh40frI)TSP+vHj@fmYyek$n-IKX+*u#k#07W?rAcJ>9yR_% zCEf_(nJN&UMvkWYXag0Mj9v7v=Lb!+q&ZjvzB~~Z3w(q*xz^G@&&8-8Gp^4tcRi-ZY_b# zM^8WsPhD2t(G<{!L9{>s(;TrNsxVopmS8-|>`Z8g2dg894lY6Y=^;;u4}Epk%{qX4INcDqo1z7@z79^I zRo~0R7KloCGVV;}GNQx;T^LWOZ|?y@!fveD@3w#vwq=sEBz+rK9r zz_ulYG!=JG=DH$kLgZovOc%KH>~!5u*MvzKLLynO5>BXRSqIMSB&O$al%@gng))V( zA?JhWRqw%BH@e#|%FeabUI(>}Wkdd*97FABR*lU@6;t_XR;o#Ou&(>@RIfs6+G}iv z2=N&&rh3U3*PZ%7N(*!p{gcv4&35Ab{?31z$GTdl#HwVE+-AANZCwtRow?Bnri2cl zme?GsQQiV|Yh@EO*p|Mb1fg|j(SytSD$T6Tl9ui1Q_PDBIUNL31UiHWLYSiV({FWTx6z#FSxHV*jiYW1NGK{U2`6o=Od$O6UG`+a*!2Ch#d`NHB zi4IvSzUKU_cJ*DhtEPvzF(f(pQ!8Eja;^*aQU(neJOrEXdVtwleZ0w}PpBeOD+~>0 z`HI9UZ}mNNZK-cf^@X&c8}b!G()(@Qp4xSVM!SSDXky-iDCpx}V&FTZBju1)`C$Z6 z2PfhJH7FXHMrXRi*%$YzJ!1?oo7}ObV%TUwsT=l*vD~eNax?v)qo8+2*C+6Lb z)cD43Xz95&n&@JXg2q){Q;p|Gs9{U#>(wh;x)M~{)DLI_j^V)t2kC zy_ZDYjY_*bMIhQ;b~y4dBtH1cNesNyUDUUMgO>GqhUQf`AD_Sgl+q;orM~6TyYo$sg-OYNkV7S4U zwdAn~#Kh1(!twJ@%U&4RqF{}L7w;dO52)LYhE5!jQO#r#eUD&n-2H>>7UKd>PG84* z!_Wr|_tYIxT1N01;6=0<>E$jio@D5RRJGmv_6Ur;(2B}{O~B&ku8!iZ`-N_Qehl;; zu!XtlyS`dKX(Z%(`0o%riC0p++50gFBvQ=h2dX_I-q&ljhXk zKFYOA@&iT)z{)SGR$&v1ab_#Nw#LhV2%#wqEyGvz&IT~}-L#AJ9F)(VTyq=z)8`nb znfsCI05BwkC(93_qrIP&F64Vq18C1y(W2-yQly0(7Wp6DmH#~Se?vmrR%oRPCxlOpJ1v31;uvHkZNWl`_0 zp|7p&k%YFl4~(hM%qIXWwNyeNNEZNfOBdD>jdag0VhEam;&5#s<<_`Sp`{k&%cC>sRCYUZ!r zBGXtr)m!;TR#-|0xE#Si357*a;!2>2vGSKf0Mr*iWVx^K7*xMR;N8+W{c-Z)Id;{` z^YzBS66)=`3^u}Xm!j{EmeiIZ*ffb^khGKnfSlw3-(SDh<5E88l%1;WcY=CGoU0{h zP2SD-@H@T%Xdz9UC`UtP%9*g}rIEr`%;;PT=dLleL#MAKHi#AEJrt<>AH+$2qL9HHT zQ)5)cu1hk}D=qj2 zfFX_DgAgQJT(9bhE(GQl`2OW$pz!hX3TQ&6r4XTCKJAv$^{t5AAc`@ok`sZGSYfDH zfrfJ@4{jg_BcRU&(Kayndr&O?Lqe<9^cle!J>+G!i!~Y(HnZ1#YVrkxM*&p1oJjCr zXn+oXpd@!2D-G9u^5BQSOdMK?hXe!GdL^jUJIA4rmdXdF@hJ#jNC3aQW$_BsDzQ86 z=rjh&H*muIl!21pXKW7B&G*Yskt^HXFX6erK0xDyGc)Z5-r)nxib*=pKY`STI9SyF zNQ<+RfwpN@8vC9(;-%~%mXPa=^V#sH-QR{EN5zLR=r*{)XG#KdiPH)563!a5yvNnd zgDZp!X@?{0&hP-#JKk zLIogc)Wj(*bBU$Qd32^cJM9YRKc_~6fS$OJ|EN@=GTaQl~!EpyG|{l+Rk*Mnv}1?!8~;dy{` z-ien}|LNjN=B#}RldMbi_!n&)5b}7{3(TZHJO|FvbA|V1Yu~9l4bn-oD>ny{-l)WV!#IY#)AJ^zBlC z>eicW$jm!M3Ji#*1vx;whFh34t(AG&p?GekS;2ne&F$4==(3Jse_*M z7Vd;aIj8hqc*AQ1L4oq)k0YY1XwH+$OJ{FnDasCZ$xG#@PPB$dGk{z9=L*bkjD`wZN6T?)P~dUU zl4W7Ob*OX@(Y~mo`v{q?`bx~QGhD?aG8GN=XZc%6y(lcX^bCGR-NN*JOofg*U$e>* zTDwd96Z%B2cr4~}SyCCmKwzq?7qe>S%y(ugvArW@*;2C@dlGXKru06K6P{tn@ER*T z#ylDB*wIz^l+4u1fU!4fv;mc@MOmy53Q`=7YRy`p?Y9|Csy2mMS?n{}0I)Sy9>}l? zmZTo-KJwx474A_z_EHbX%rIFi|ADT8a{y(mQs_kiDcEK&#{kgXDe}w7psv&1Hl;-^ zN0vM)iu-!H{-N>7??COOD9{RN@8pRM z8*nX;EjSv?Wfl$mq8UlMjigJXR=O@L7|fd{L`a%qzr%_T7w<+lPnvG36j{NBW_5jQ zRL+!V>zcnB9d%PN-18+${OC{mlVSR|bVQRgCriQ4U!w}KVWbCogf+{bheZ{4c8k7F zzNj{MX+{pj#e~&T!XiL{Bw_9lXlNu8UE=)c#{;{k+G*@sW3ZRrBEx55OHy|P@s<*vIIpn zzqZ)9T~BtAE6}0_a;wvhXc=hA$_FyOICJ748SQ7R2yssDW@P>lr1OdnoT4E0(=B#?=-6Vn9 zp_ssHWS#6}vs-cIRbL_AJ7#B5Bti01Y6n3TVOIr8FOi8S+Q-?9x8)P%&R(aqAQn3_ zGk{mrjDPx8d9#cMf&OgyCK;BQpu_SYf9}s;E;bROIUPVW4|EPMs3-2tgk+ja@B7_q z>~Gfji0Qngkcw;H^>?%-#^IxOfL^8uY zkaU487-f5w-$8@93(xcyPzqy>^zG%SAaw-s{hnjsyPQtR6%DY~NoNe`REkF+#&wzbLbpild` zF_`EEtHP`h> zdO?ljc0bMP<@13_Hnb1SW@=`UsMd0h76&UUpo3!A`(mbay*B&Qj&+oWaUZvcLu{A6 ziC78lxLc$ulW&iWM~%{VVH?Dg)O-OTd&WQzO~ic+Q)!XWgzrwr2~s-OoGQ-XwZlJ> zW0+uh;XwQk8K8yw?PpY10~^D=Y1TK&`2)mN)qy{yK{8hhXU1e(>qV z*{mAIt7x~#9`e+i*GgrZJ4w{4Pe$V;6;Q#0A~%h>A&WzE%C2d0e5B6yyTcQpdJWGv zpCPR;sEg~<8j@G4@&-a{?^8*3!K&m}^M|%n1f+SOc3_9j=J$>ajnvptxb|!WS$IohCTH1E*6I@0Z}ST{pqL49aJe{ zm{{UFwGRgyI`=nz&8AN~_VR?p9eskhxk68{qbY5!>1^l9H_H)3eUmp}&FjKCgNlbs z_XzZT_9YmrYwmb6xaY<_(q+JddEcBPSCuQB%^R09oJyI=?9AH#IJvjyitTkr@h=OG z_n*9c-Og$30VJSnZaC}SdzAQ&p7x(WL0(!amzs`=A?6Yf2NQakllNso)zLqECc~3b zB>Iy>W_fbYGgwhdX4uF1TaAIv^E=NR zkTY%3coioZTC77KXw}IcLmPn1!k(LMyCT_a9l8R-Vw4e>{)~#<)H`)R>7&_PA!G`Rq zv0_|Gm?ZVu!)tkS3B}$(lZHc9&AVp56d5or6;NLQTJ7rfwQyjTX7{$meLYdqDaVb( zjR@Dr6)w)*k`21;Z;H<4HT^y7y5b8L5YPF<#3k^=rD{rYfnN7DEXhKG%F7zD;%|Dg zPSXkIQmKdJKkDW`fugkC&DX98Q9h*;#BAQNjLXLbxq{eM(6}%--*y+Yiy3lTN{9}d zz{;}%*vLKe#^#!bYUKXCSg|bpyPfy^JJv_Bj3IRAl%vEWuJMrsIeaU^iQx3foPq8Yt!PZ9ks&jy`z8@t2rlS zp2*OZb+2CqzjG?8bB??taOv_EiP)ZCPQ3r+ z;b*9VtbtXT4xB}-iITkUZnha}JvRB|44-q;at~1_)3INy?caCa|Dc6j>2PYz%6QH@ zl~Oz!-C!X>oZKlmDoV_HULpBA8@4F*>^KON-;?g~1s}l#nI+2}>p%qM2USfR*XNz{#((#m2)^V> z@Or_i+D%Bb6#)h;K3173F(mIRP&aAU^kfL5_)usy&<~`mFZ0FyDKZsXvNM`7BFjL# zxZUsJAR&&YWUV*$S?RGAg1uL^Fd2!sJ!|^1w7z>PPg*K&`G};8)4w(#(Kk=^wnju4 zW{UX&L{){ZZ_l4ct6+M|>GoV{fdVgPGgs!?`-L{}b%VqSVd_5R3ToV4*~iLABOvVt zYzV2&C0+_*S1dtBinW20g-lHowP5}XMs(s(^?_uX9?#fU<#r&>2>$Yq3qX<(#y_j(q(-!sbilJt*Ul*h7bL^T93K%Dghra}90#z6nKs=9FW=@JAz!-szVouuZu zi|QKa;T{aDeGaWNMiBEXD1Dya;FK?ttAL0_3&$k7;`r znc%#NBY4U|CgiNKJdwAME3b#nQw7EuuPlkyZ8G}G+or4SZ+Il$9|J(o>ET%38W*T@y77>l`8`Xhj8Ts9C4d@DR(#%}*4NAmZ8 z>vA~K(3jh{1962?sjhdNo%YTFYttSRkbyz#LZQp_ic<9%yZ#D#za69@^Y>IbP0SMT zC<2j-&s`$w$&4r|xuO6}srk`SGm~2wUoL%;o)=}B=H&5{5eR2g17QUD{_83Sxo@1y zmcQ=yTmI0f1RacXNvOMoxb6e6WL+y*7mJl*Td2LeKm)0g#MofRZM3V5VbR6=1={Fv4Id>`l{a5#2` z7yxfz&(E@b`!GJCXVCn3xi#Ju-(Ml>3fnD2fziZ_iO!SKTNbc>lzLDtck^w5c{@g~ z$qAWc0@r8i4Nr6b^IBG}VmtQkE6cM^xhO?j!B~oCKjfi5i{^c?&el>sZd5+GT&En0 zW<5MB+Voy%h+Ve#leOHt)-||5oRHmomh+J^~HYIG3uegoDmt!RmX?YG~)mQoMOUtaDa!nU_CthzXGi>%(jF)B2$uL+ z2>?7~=d63oXe3ePy%Iqr6w+a+L=p+&X>y5u5{eXBAH-Ire_cmo;+N7ua6T7Vo}}(hpeSyn%ux z^I>XlNA*4s&CK-_6*~wq(vwlIIiJb)o2g8ua9<5UpUcW?{tI#M71rbyb&b01iiib4 zz=(n(9i$TkY!EsUnslW|6A(z~@Y)cigcf>JLg)eMQllsWp$Vb4NC^;n@8w_Y{eAyA z_vhkp#iKlsEWRF zC^#ZKhuk?=&foBtzw>jBkj+&4CzGeU>jEGgzD<>^r9g;jwIw&X%Lod}Fa@zst@Z^x zqx!z!j^gAQNOT+E>VfKT>lFOZa&y{A8Q=V^E+(c0U;XHf4nU^w0BaDP^!7jk@m9O0 z@~r0*%vblw2gM&EsxxBmlmmn|D0oa~gama?3(M+QrAC2+_&#W_wRANM zY8SCBJ3L-de;xHIwg)!^7~p^botvBq-ny^f2+9GlldxFk>g_7e!#ylm3*Jj8xOmE3 zM%!EHx{)5>&JM07r8ze?O3hD>WsX0rm=a}Z2XyF_^_ld#vz6g9qR#H`7s-3(B+=u~ zA8zIsCQxVtUS!TlJE0=u)UBgX%7J>zd-LvbaC#iVc&^%7Bk?xvpPoL)YZczRD+&`| z={R!4yf)!Nqb&RS=j5$7yBzC?&!bUND0Ss^mlWK^O{?^!_ zLg!%rpNt2pi<>Wi5rBwY4(dy%PboXaWUv|4nYbX*_0oUn(k)-n#vszX_-4yXo*+Sxw^w3gWe0_ku<`W=>b`sV7|y_oMk zSvy>?$|-0A`gx90NTLgAo7{;|PKA;*{S{;P17fEJ4TxMi%Nb1Zzt_SacMUx&b{T(= z-7J@7F(cqPBD%$G>=(6P(0O9C-d1kIr^xYJOz2&(OBV~473=CgFKLnC)s*7MT%3^~ zd&XF@wB-(Xh&b=YI29Z~?=!`$wFNTZlNYIDz5;9RW#t_UGKk8;UvOrC+OEvA4+AQ& z$26FjM?5_8gfPG@EykLeB(-t-RxOOn!b>jNIXLHo^7hatkPomd9hEv3v(@)(w)&)A z2*W*fmT<`GosRELcf7Tu5~9hyKb%JAKk_-AtnK2^rCnWva)qkx6A}u5VZ}Gt2-r8q zq`dc5v8%{LG6Djee;Q8~FEA}`>zy0fO*%d14t90`mpheFa!{tJiY}u67+8vY(E0ma zd~@e6Wy9Sinmg~VJnXj6BbWWb3+rGh*}*v>Lf(c6OVxp!h$x(W?zfrVap>-Fq+S*% zR)8CoHX)e}!N-LUb1P{+d)2t+2MQ}wGnt&x{tq5n30yw|GtXWjn;QDc$#LnL=bi*0 zLHM`*5B*OXABH69<%eR+rhV>F!aw!9hg%W!0ZFdgr*GT8&mF&+RCp;DET80+AL}43 zD2dC%bmKNm(tq!R7z~!A`kJhx_ZN=mm#*x>&MU~DdA9SxdCFcxCZp~p5tI&)FsYgb zsS#OD;bOleM=gFLnRp83Ww`zUq@j&8J7)cJ^)KJOH7lWe={MOK6Pzj~m%(Z@RKt{j zAq4iqZj&zDZdXyv3lzNluKUB;o)DFLywqRsKF33h020kID7GuS={^8E)KG*$H`(yY z6H=m@bqo?kt(4WsI)mk7Y|uOJ{G=^mMCKCsM1L>AV*KcL#w^-0agSdlxlwx^f= z;f#7IarVRP*brEI$yHXY(0m+-Q+F0Vy?i#Q>VNFZ+tCg5mx27-)0M82UUNMwJD$g2 z7eCXt-x4Wvh$66%76&#z_XXgx!gQjd?g&gO#oT$3j>`_L6gzTc%jD0nEwnK1w0QSb z6$srUQg?P8eE%y_54S>Pv%RDD{I}EO^;yt6^zXlb((Lf-i8!dmz;+fih!Fq&L-t9~ z^9kaAxV*I~9aOjfx4`>;w_}>j>zyb5H^XGs1U;h7S{Q-adSrYU= zFZl39zCN@kJ^bbgozIK0EwJ}X3Yd-obG2ZTTCh+VsJ4^LqdxG~QMSW z>2J-tLBJuYh!a*~s2rz&T7EV8+9>v7#s%;J(u3;Z@aI1>Jp+reopis}dcGT5rm&1) zP>hF;D!bB$bD00F3;g%j-cQ6t44B5LOu!0mtKAdo(3&aUM;<-=qhERd{p^7&>OYOB zVjv2eN4;SIdfrFt$8gB5MDc8@%i(i&=M1Jv>k1#B~3K1-QOn5pnSDNhBc0W!L5E)4T!i6{cSFKt0b zXL`NBa=*QxrQ{^0leyJbQ<8C)G^?nP9Y>j1ycGYJ*QTG;`OrYaZ;<>`vZ-mTae>vnLV+!$b#9E`;b)29bnOSV+eKoK`$Xj-#So| zP~`Eb**FDgzP2;d16wMs^FE4`n`hgAr7k!mfT8%mr+(E+sTEv|-4tLrrqaa2)aJ73 zcUHayY)HhvV5Vbl`;~?RI+L%k3Os$xSFSaZ*2bd-44q~LL>EA7&cm@4{}ssV@%Wxp zOZ~Gd&o8+Fw}fuVnYoht1ln>{cRt+v75ljLSBGD-@)xYNRymfgW^r@r(L8{z#}GHx<X>AoiCrfRkknl z!+!fsCfKj(PElhe@;$tI1_Kr)CaT6_mTwM#DysfEls^A0xfAXDd659jbo^HoZ!<5$ z)PaSroR4d7>CC57^S8*ewIO@X@u7?Jo6i#-Zj~8IZx1cCs9zCM8?6 zE@8b9Xt}$=#R|KXtIj|R_k28Fm%;3*Fab=sCMaH@tM185&p5XcF-BYZrXOq1S!(?cNUCaYr8%<}MAe6S1=feqn zsdC);PTn0ddIAqXkTz-dJFe_Ss12f%uxa1?IDpUg7bfhJ=wBUDd*0WZgwWU{{=jMP}BX@8nXGo ziL}e%Po{T%O%u^5DL$RJq*q4Zh4kIoW!HNI!W!D`i_f<$JxR z*~XhrJnk5=5;s@3J-GB+^vk}84n=0k=V`RhSn$xsyj4}f;)t?l$wop7v|n$sC3Fos zkW_bS+zfC+S*mNa>C3ORe-xfGdahjFPaTA0AC=wW)2ueVIH&L=MsYi@3O6Km=NP*^ zWiLar(tcvRIyb$1uDY&y3Tc*nGBVX1IXo54SE(!Wz{WgpeQ3(Nt$1NsCw+OXF4h^j zS-HDJwr(9(_58bBAB1&*4!(%}s$$(~Ks!AAKJG#>&g+8~KN=A#?r0Ljxud-X^wx2j zIiiqBq6)z&qQuO`ARx(CdXImqo-a=LR(h*10HHs}Mx$8oXMxBe;= zMy5q#{5|=~ssN175Hc!#+p(ftzGCO&|3!}ug zM{DBc#Z-uwW-~FyZ{=B7=sJE{+GG4_CB}qxt2mfAregcL@R=GyVa&EnO;n60@ZjF& z+UkH{I#0e)2Cns<`|h6mo~d;Nb8TT)SuyZisW~m`x8B>L=5Q^>X3K+%&^A$1Gvm`e z%!sbeC2H*4U$>6Gp2693Cp+Igk=cIt+3-pXdkEwqF7o|=jWye?yb~Y(`;-a6M+p2XM*qsTNmQj2Ym9@-k=;T}wez-JhZ?io^SAEiUwJHCB2rzG{{0mb?h!z!E zDMNN%oslbfgJq2YfvDA_+X6UGIwm$VhBHB7T+IcM8NCIgp_er+#*u$=Yf zd{{yZrSjl@{%<+r$+!*vD9yF$$sH*p=)lKLp-EzHV^-z{#ird-yF<&uf7ift|MM44 zqq4dCnjhTX+rqu1mp^Tf5?9Zk)AYLHrrzhN>08|z6W(?ZPAHGYoONJt7?QWj%(o}E ztKfcyum`L8;Ud#$KR>C_n{B}5ua%Fi32YsV>`cE{r>xU=gp9{UZXm0>_K2qfAR9`@ z`BxP`W|cKl_o{k4bK#He!fBZjpRaEY!GJA;72w+%JkR0% zHQGIes=zo0K01_JCpwUHlVY&dX4atBfv^1c1D7H}iN%U|b;I#r9i=d7QVMF-WD%2w zJ24>7BP~t!D|ZTGxC)*m)MU`qpyeS!54*c9AOxc0)ceVRfXZl(&*p0 z%H$UfdbeSOzyE&9wM+XMxSjLY_HU52?#|5^0N+ zYv?tZJ`fJAWuZho4pTe8d!Sdo9m*^ev!mz#QyI=%A?O9kp3m47%pX*5>XFNxeEfGN za_9woyH@K04z??8@nd91+kJS2l9;x)PLQv0+-Hu%@Wz}Z-|kV?Xp@Jndh{)w5_O}n z5vh5V6IrY8^ocdR^iQ|Eu6PNC=nKK)q%m(O)z{Ik4e>qfjU=>9%nwWo&P>2M+&0bl zwVJlEzZ)c`AFl18?-wT+`UfM)7o#+11d<2#QaWz9#Sm)(uRv{)o^w*%5>^R3Yo&zQ zdMbr*K30U#kUmv#`3~N}dwn;Q-39Ko_aRSYrPa&5LklZ@7<&|&Z1&OxoaEK`L|`xx zA01CTuH&1G`$($31$&U+#N7gC#}e5Ec_rvJ4EWlE!Dy-B0~Bg3n!s)c=WW4<^654; zL3z6@o_vPuo%kkw6QhWNF=C>udkyX@v(3=S5D=nTP$EGn9n{odOUa}}YNxa+f-}mK0Gcc+J`Sle?B2I7z?7cGJ^e{T2#`di|BzqOAxg~d<~PNp^@6q7`eYFF=6gB zeR)dZfG_?ds(2Lq8f(a)I5?vt}{$W0lozF18q%T-lRl zmX&QZaNb01;SVup`59?7j-E|C$9TxZPa{S8jw~k`qyzf^#vze{0P9Cv3eFRQo@m=B zzJ~kyGE{+2b6?X(ZeF(86 zP$#($oPT`Tc6)OdHn$)-z8saK>5|-pXfqLO^|pKw0P<;)&bg*W^9p(%Zll0lO8D zxkTb)Z}W>-k=pqrR#wfr!^m$LBwH*%tE9)n*S63>v<(%!BAt*0L)cLK-CDZNB|augn@4cZecX>`OPeH^$r8J z<@V*W?cD0-gJa*c8pQMPIM_t}{)NQb#Fs>@plewARLV(zR6M)4>~@G^UJ+{bZySpP z@zd7I-!O>%f^nC;`EGP&qb=8fyx83yr>>+>#SeS-l+V2T7hTV%jT8T9a?X)F1LmQg z_zO3SwwwO^xvo0;Gs1;HZcljggEV#RlY1mF9$x*%U7PyHq;yoqmOB{tR6 zSKnyLq{2rx-Pw)f0JT<;o0XJt?mdKfoJD;uoBtar8vH4Q>~MT0^(pChP)wfG*@cOj zPC`IpQ{l6kcOPsQxXsGF2-uL4>FyZ!F4Yc@;iBBF#FNCSsN3&+Vz7ZOX?{ctec-if z8EzSew=6BnFPV*bXvl}rn26QIXSn=z%JjTaU;Q|dEyqG=tg>`MRc^n|GleM$y!;(KEp+!xUY>8z7sF; z5**ApC;dF+fio1nC8e5Y?6MV^YGlVa-Ss5Tc-lt=SzuN?ZWKr8G#c;VB61&1SJRfi z>dEId`2I+_qn}|HAzV|{K*Hp5U<20@&RwM;i%n*WV$qns)~y$BW*q>_UOLM%bq@!Veam9oQnj_u*9(AYWUCQO`bKQvk z)6#S`j!QqlT$ksu3R?eX0~w7;xcVpEq#o44B*>Fjz15_0qp>lMP6_`yN_!$Fi;S0w zm7MPepV4|aoTQ*FduUJ4(+0Nb&Q@2HAudc)}6AC$jjc%$TeAD8U*YD^Rq z5md>j>hkHDG|4P}eOe6Ir9=b;8P{U78-5~ejY{Xj^ii7i!s)oey75b#)b;&G2+M+n zVbyTDK>mnM&vCw*IHJ^D9s>#7tV%gY4#AIeN9)rpb$eL7HTgiRTVdV%>ErR(g3FdH zooB|6^6E=UzsJsCb&MSc&tbQN1;e4}2>B()!fUD8>228Z#^{(Xcek8$AAdC-Hsczt z(%mgOX8f<{rU1qs%0e%d+ZoO~V3tj9-|h76;D&DWO=)V4vDvr^Z;#BJxW;fqkkX{1 ztd(sPZy$hO?H2VLYcR{)2HoQzdd*GNy{wFtSge%kc!g1E^^M;U;iC4XL35478D?P6 zdzOqsZC3nZwcuo+G&GRV_k^l+SDG9eAr@9I(e)6fzHIF*_Kk@Mi6zspU;b0{xrcnii?^y*QwF$s-!4ldZd)+F4@xDXl7EI$Ec(_~2Cm zM516mIp@rk+s;Vf(|Ol8vJ!lyZL{HTO8-P&!RAL#SI`piE__`Cj?kQU2#hjXztxxr zZ}nl>b*FU*DXTr>$V%?auEc&$i~ryTS{4cJCK61x^7`%x-Vi*KZ9C% zo?W)!)ly+ijb9-<{#PW2mWoBfj^XnnMv=nIV+}WX>1EfxVpEOICv%h$dHOQ?&kGlN zAoC@S< zf0of?w<3mdK>9nyxDFMBm0W+BPfbnra_3L`vXln@8+R6{4fOe(W+rgn%f)fp!d#Q` z8|QN;*q1<&;v&0kspCxgQxJe?%;NL^MkxGJHd>IraWWU5EC2AtTYyUT2}hdGnL`eE-kWFd8~>zBE$&2 zqhL5n8v76eo_LZaJ3WgWuQ2yx-s@-1C>KpMN3Q4ZrY1E%4Zsdf4(0mm=vZo5&D8y- zKn7oJvLXuj(r9;#EGA|>m!n@^HppUcO^&o%+&@v=<*?B2hJ>7W#C7?@@((c9589KG{c{(j(geW{=;Bz?KBm6Eb z$|;IFiXL64pMcq>={A*Ou9Cd2=gEEOAGEA)_fk1 zAt`9nfkwl}m}Pk6^`=f%@;&`jIC2#Nl8_1oIYhGdbS zciK$#Qzxz|mG8U==$L7j?(k64fc8eeFU%{sN-ea!$S)SFP9H4PK;SXA&@Mb5i}U4u zuv}<`+d2AAuZ_5!y_>}W@^cGH%uo6>157q=KT9SVe>_q@IFym{)iX!Oy$jdl2Z!4< zoDPC=rOx?7!`tdcYEBCgXVYF@HYpiYYOQ};L0x03=qZV^lu;JlaDdCB&mq=9ml+*U{;ff3*v3H%P88>(BE58$vOt zhz=LK{g72 z$%8ab`lr@EkDpLW=G8sArb$M1UNwF>Sg0HQz#9>a6W)o^mGj<5kcA3aqPXW~n(GbH zwc%&;nOz`h(UxaaUU`dd<26m5)Ki=E0xm1OGPRowj#dHt%l2W*-pU>AOaDa98jDfC zhqV{L1hTs8*g**p0FtY%&eF9qsQL7LTj%!!{J$!E zhFx2>=_}5Rzs?1Kbcez>x5ST++2uLm->By`64qa0xK@~gDYY4zUyUnbV$;)~!do*A zzTG2t%~Uk%Vk^$TcU{-0puEZ@p)Q``&Ze~tvOD-2IfZc~x|h+u45>bus5`Bd*F%@xx>{T|aDZe_>;hC`)!b zAKDbAC-2(S$O#HHA_d|jc za~}X@etwG$ce5C6%{~PYIUNQDtvvyIfj7tbHsutA!VgB%ac=#kiv1{^ydsgyLnhMh zmoDK&aQpRr;G}>GwYy8X7_GFGswgMmJ~wQAHvrI}O=9Wg^KX7ah!WisWR%XpDcy_L zFW!y>A&Yny`V)5X_om@pP#T#q->?Vy%hqX5N7+GrdN_XrQw=w=O_Hfd)LuuI#9#jn zw+2jP*NlYJ4t81Kx7@LZ(U!lM_d!N^e^o}JX*gGhkgkwy23)FZiqh^!=X|)fI0_hL zlENRShD8A*sBC6mb&C7t3Y^VJJI|nY6d)c>N@}{M%Nth-)KldSEo)BwCbUX5a|gBL zPdZ?+T$Fc0?@(J$%t1jfL0Mebe+lU>5C&_{!|j`e!2vv!cin$WGXl2bsC;cR2fujm zLqn*P2$8CEgzVU$VcFd0>Jz3-FLY9kC9PYaxXD>2kG`UgaYLj3RlNi3PcYWU z9ynNKJ~C=`nHX>GGX!u3`q}S@G@MJdYw4|i`^3(xR90)aD zAt;^mCe}{MOF8Q&i=}EEn9KnN5Rqf?!5&DNw5WUE0|F@T=7EAlIY2?(2{>MFTq9*{cUIr(2Ua8q87wocVMs+;;SOiV8>X6+O3 zVLTvq-X57PU%_9m1SxW@E&@u!;p#Dm(0ab^trnx9-wU7Lk)ZPEZ&=dKF!Jr*FFK#3 zUik=T{4@h+zDCnQzXj~VOL%P&U>tJh8mDLWqU&emN)`;aopw$}Il{f}Euvp;_Ka-5 zzjKd9LvWhOv#2CsNNY;Id!fhP1>~z5d(Hj;D$`EBb>canYgeHIG12-oSr4JHkRPWi z_&wBUwrO=Dlx5RuoZ_VR*k>YjW4xZTjjvkhV}w4N=Ch)?HR z1=W)Oximt0aNZvA5@z#o0iK@eNo3AeadtxK$XB~LuiNUZGW)7?++trw!W~Pdvt{2J ze=8bB6_h{@Mw||Zbkq|iL$}ZlkxqR@%yQ2@UGEDxFSCuwkfu?9&h;Ui_EW#LJO&yP zotR>4qV{efN=xCn6}E7@K~@?|oJgFrFrcTDhkmXGrFqTveGQ-2bEgBhCQc6)by{CG z>}7YK%FJLpHBrUFctE{JD>hn{plMVmqK*iG+_T|ly>-!ByKAm?6>bao8H&+Y$;b$N z$Rl_*Ae&n|N`uYEMyul`%m4{P=D~j%%2i0v81lMWVl&h_`at2VbVeG z1@bYa@>4u}MHN#8N^H{B@uy--=Yurr0GcJf1r&8s9=*)dDHZlVur$#S+3Aw&P?}r> z4Sj&qxqX`w>E3k{>5z_Vbz$gxjI0;l;{aIFm^gklQeD6*%h__`H4k}O!p5?~9i-|} znJM(~k=&0G5quw)TD=U;W!=eim#j?0@K!$`OT2Zm-+u51XMJ{Ord5UA!wK7d*V&(X z)3nUu;{myz;st`RA#d@Y#rRxkb06syQZQkgvF;53{H~mrcEp0pO42;wbPvFYdAX0I z!4`S+beX|NWtQ8g%GXf4*RgvN?s{T^hCGaq3FmLNclvJyK-})!|_Xs@fUGLV4V!pgMZi3YWF#CReGHI&F`+#57z*JYZCLe;1Sd#G$r)t5yLL$T8DEqCQp6^+yt|o zlYm|4JW%*?4tjLil^XcDg{;B{3sGt9s@Y#lX1sk}%?m5P@MrH}(bwXtt^?d_O7VlE zXK;3CNNlzI?VXk?=l1ZOep@+K776rZb&`Gu)vjc*!FP@@&)H2pFWtlq6R4y*KTXGZ zwwc*!_k}9HZ~PFkb?`%SQ$@!=hcT+s9FN-{Py63)>~_j z=6uy8$Xb05T(r7tQga@uyle704@_!Bs~;%0H)P=9tC20JP6IlP>1Rx*ntO_B!jt6W zo$tvxX%w>VZTwco>Y+y zk+STniu_ih7s`uF1Au0QpONIC=im`ktDF*BbhIOCVi?Pj+lK(X*{omuVc=15SQN(| zU{%xE`DakYPwl_pRRJSb*5NJgAPCKg^GuDK-xTngt8DGivNaJjD18_|0{G_e+7S>-Zj{-!!_47nZDcKt_m3IaNfG4i7hXDw#C4Lf zlpr)o=IjBaeD~(FLhqz)^@Os%a{K&sN`1P(32B331@fPZxRSQfaFOx(YDNKk{@b;! zObZi6qg&CU)@@`AyDq@@Nxlw5Mv>dpgyL9iOKhSGCABADb`Qv_eSM{d_L48Rr^wl) zJs!mrovbfxbqdOev4vaQLAMt4zWc2$_;Zl8WDb?74UuK^n{lUY#wQ24_a@MP^$azw z?4%412Dd0{bRv6-L*EX$Zzh(ovu&>%>NP2+l}-^VEGFMo$JEIlAk0WWh-&{Ir)=g5&W?^qdcno;41xxOhswznt zK!_;hK>8N}MQ$c++FVBU$opbs*G2v&keL{VFLIK_)@^kMihk_+tMWTK^A4dp{gMd9 ztuTw$xcKP2y^mrcc$NI&ClGB``|#F8IP{|v@7m`fE1UcxiYz9t1EG}Z*aICkpoZ~} znV>-x7o933A!sUzzc$TuFt4RtT(VYz z{c}q-1eK%ri>u_8Y56QGJA;E7!fK65;%M3ZiO_6NP}wqrqR^D~MskgW+`h7^%JrZc zTt_k1y=#O-0YiYdTNXiK*YM^h+hb1!64KftbDEJ47WK|Rud3|`ae^@L32=Nf*B?_| z;MoJUa8MTMgz$S&b=CZG=2s1woMhDrXD(L!#wx(!mg;Z&uY#@!Z~h&OBN1!rJ3I4c z!qVIpIvv`Vh~k}ccJZol2}&tlnEG0BroUCx5I_sk-)1{>|Gy`h=NOSM^l1cr`>%|W z^&gMU&MoHE3QVPhUH^nQw5t76rRlUrE}OekSY%cBCKr{j-O`N3Bg zw0j9dmA^jqIr3t7Wm0M{M?vBRVFRPm7ziYBYqJ3%e>H=9QOXG3X~A@zVK(4OCG|~D`W##OXg*^7+5D(l<16=S?m=Cw9`)y%Q#w7P$7w(r| zvz&x?x|h(V2;Swg(N%^)@{DqXVGjL7NC{dpL_Mb5)txz@r{7!ub!^UI!YUrZMAt1# zfxQKnwO8a=FTU8#lczs>Mnjlokj*ONzw;}jilCboXfagV@ru?_#nwYI!?QAm06$Z= zw*W_cc((>w3jD}S4%l1t^wd_X^7~D?Pj_y#E~_B?XNBShKqUu+s;T)pKqG?^=R?S~ zA;1LZ$>)yHhA9@HBlN9Z@~v@71aZvdLV*(8qvy}t`kJwq$Vk|N%^ z|K|+TxbHz-ajN9Q&I1KM(hInu@XyP4WYBYYgVfFnhk!oU$${CjC%^!qrbx|5(IqN; z%s_HAGZFDSvdN~g@QUotdEsbb09c?J9dFUMdf?AV^wc)QVgfrY)Zv^#=?KoJ|8&ktV|_x#4SNSDv_}q1w+L`?X7Dq^?J`YS(`~OTx%CHN|9yLwN&VRlGyA z^Mcbu$FjakBtff_KW_F1)Xn@F7VDETB(|N3fZ?8K(H43Y1QKM@Mbf+JKh& z06KpF`1VS)`M>ZL6H%)%lnjx8Md|s}dvY06;EvNW8P5YaqJIFY`XJqpStlky3YY=) zlMhq!y2ts@kB89_`u!l|3LTSxE?rJU;xh767iRN$KQfH(BQ}SmeJ<^TQ{F+~C7&cnLJEn4?>gzDEzNl`?y@A1zjO|_bFb|7G(BON5g%Pc5*^P zHcg110jAHBmU97`mN+iK`-Xz@`7YF|q8dgmy_p2LA|3Z8IL|?4K)!m|8ay!!OIzo$<2`Onb zv6tLc=8DXZ93y#86Qoa>F4$CwAM(h0b;Dw?Y9DI0v3an%umc>N`RrS3uH~=i``qvQ z9ZEAUM%AO^G*Oc8FQAnC(S1e&$VDj1>jkKK*V#K5=xo6(&&)}n0f?>O&u6ib)T|p8 zwJ6O!ZF=D=VjF;p>V$It67V>Z8ff{^*_ocgR>3m>^#s(YnZdgNnZF_cm7Dgn+xj(S zLV&`&#gjm@d1+j=nSQZw0wi6O}&ABB4pgQ22lk99qqBbQsu~}?*6QzZnZIy z>G3tUepx%9?!!#_QnF_95S~2js2$f-K=>i62yX!8y0_NCS;p z3K|n##pSf>>p?MsWq!QcK#wWG<>!oF%>g)kJ+-e;-P@Y&t2v2xHgJr88pQ|=e-|X& z8VUkuDi&*fFevlHj~8N1F*s<OYIA-+1x-j=*|P) zgJo@B1rn%KQGoSJFN;*RP4|5V;5Cb^?`?5aR`0l;NaXG!BAJ-LR_ZhemR?z>RGy2$jU8|RHhrDB& zabAiO;LhyM^K7tZmv!-tU(zGvOuZCem{A_|zp1(gKCFlmhY&Tg7UH?;ANN1PV@1wr znvDy|*Feca^A5Odye|uN($Pv$I-DU4=X9@0yCJhbcemvV;Q*nz`OD2Z^tzxYS|b4i zhYpp`f6p4sU(+c1*i+tOAPrna=(+$pfoR(_ZfiC`S-t|QK^f2~q!j37TV&JbjAuxu zS#fhrm-a`8AGO>V-m5s%olChPpdt`n7Fal<#OR6gnoXDTM!us7ee+HRh&-eygyxp``Q$U9#qx>pl{&k`I! zfR+hDna9)Q;_bZ;=Oi7^_Su7LXspJzQ``ZQb{UGf(oVgE2u*&d`sYq zo~U4Gj;(mZ?!yuRbSE6-nf=LM+O9Cz@w{uQ?I`P8RIj=pL&nf>sRi#*E} z$0Q8tjAJu2lE1ebbgiTR=l9XmLV7p3G9s>_>opRwEb-@me33~m^CK1kv3<<5!fN1r z9Fo90AWscZj$dxpE|LENI1oM5Duq{{QnYaYa!Pml6e*1_5O;vNTy&C6+c6<>I^Y%OVFs%YGnmCfy z?`}6-kyI2=oqW&tceREuwPIyat3N|`C@{CTEm;Pd`q*P)uY_2-uH|&*;GNUg0y8{t z=42Fy=?Zatm&tq&vd=yV#tsJ}o1{7-qb*U^@$LR6ReisT3B8;=5QSd;d(I(M>I1>4 z8A*pYP<+k{WbrEblVWA!x;<5TOT|Gm1RMuaFzpsy)(n=<`w6cw6KH+-s(35^>H%8N zL6^#$b;48J!SUKpV+kelghN`kZNV3SWX1KIsZsIQ*AjL0RZNq}c-;ETA(<|viYRlS z^rfOJx9DPG-FRO~!ysKpe;J?EF?sP`4Yj)6Cr)=P=Qm zTnry=<%QB`QordH;e-?|CntzL>$}vF0nL8D%i5ARmPf{VBu81u?aY|BZK zALdPnNTSn#k4Y6`yaUIT0z%$gb^OhksOD=3y*y5u);{fX{V}5VULsCY(cgMp3TAbb z+x<2Gd8vIlDGTocvXJFbLD>E&zNo-zAbj;uvK>ph;K4rmIvzF2Yb}R@HmXzO5IJ}P zW+yGs>LqlOw5Dacups$(qrx^RW8A?g3ET}#?RUND5K_yH!Uur+$;)53v1OZtQE{*Y zfhtAMp$)W_xB-}mT#Kj((>d8GGjAp2;UR&g7rb&M?mp(DE3;tfOR_2Nm43)S#sm%r zWsC^B_*~T$m_U8T`ZHnP=V*->On-h+6bULH~mYr>%s_ne^l;OfBZVNHz8(U|_J9r&p4FyB!8| zXS{{{s}hF*&=y?)mLJn%81BoBR z*PGM?!%oJTv*y+UD3w@nr`gKieF)CfZfmME2x=YjB9%so=#f|)%2>!j>5OJbKAY}T zb?Wqdq0BgvPr!MoNBO3ZfF6&4RmgPr#`PtCqO(#Y0F5yJjmO1ve-xPRGa5qr@g{tcYv7S)&PuGn_m_I5VPLC zr>WGYnx|E$^3JT{9UVIZ7g~%1f8Dp)&wHon=IO)j%|hk&(1^FCT%WH+BF}`wZl%SG zIhwzAiHnYGid9V{zS3I%e670htjjH>E3JKhMX%J)VF%k2BC;V+>H8kM{W3g#^05ZR zcj1S{%H4Xb%*-Q@B+agE#C-X(e6h?qyl4YIwLJ&=*!+u4joLo#FZ{T<`~&n7T1ebc zX48{w$@*O1(Yi-@{zZ3>6W$UU#gvCzG`LdXC{O$~fik_oM{nBpS}7&pDPKBidr<37 zQ!#axV?H;A(+8T{4iPXc%R%CzubuIG^uazL2g&I9en9A#Ii0-~k|vTAy5!-;xQ+`e zQhdQ@rNNmJO|D74ZJoDN(n z6`qdGc%8+NQo_Z|TmnPD12-Dl+NHZgpCk7?UwvGsy!tmQ+n6I=QvUHn7A%3ZAn?Ee z>d;*dtS-tBQBJ^vj6i)m+?x?qd^@Va1~k2a%L*F&sD^t!)aeqJ6Jo<796dH$yyBBS z)ltpU_wXI1UA&&~_$?`WpldG+6j~XT+R6j&+u%iCXho${FuGw<=o$bgk-h>U{8$ z#VlK`HE>kuj(U=;yI;A`t-!j`EVTu>pbsa5(*#5TS4v&(Qh>OkkKD)`@*9wvS) z3CnkHrpX^ULeeU`UJdMR83LYO0@YaOkaJeouZ*=g*U2Vd0_7r@gd4757cwpN(6Is? zfgttk&eMG|2WvELxU4MCbgqc3XZy;4smtEgL9N9p{Kc8eY#N^q`>7B5C6#t5i+^5- zI%*Dw=gL9L*N?n*f9&xX3ua!r-CLP@0Bi$2b-jI+>OO`!7QA3y7`&TUtZ^5il!oI4 z1ZL-95~pWcIMLC5cJ%uQjxgZHo$qw#aOmy(DV}G`oix!&?EF128_)q}Vyr#4Z#G@? z=Umz@w#$)=IGo%h)q!}=>LI!3S1$-z**GIcUP;>bIIY^vy3YP;bTPZf$V{_2@g?}Q zp(#bo~=gi8J0avuzBR40h#gQgx3pv<|b=#*d7AG-P`Kqjtjupu*&^$8Vgc-kRv#HXJxP|v$p2_Ey|KqVNd ztUL6S{rBs$IoP@Q-?vZhg7qT*eVYlwHkds={5s?_|NHI;FW2F0?0@seS1$iIoeAFR z;qm$JC;q?u-tPn0sH7EsA@%CKC?}K&G>L$41gPbD1Q%p z|GYDoY8?=o%-xMxpO^0ikIlu*<;ao0&EJ3gjP|Q69ArNB{nX*C^&-=ts;BT$4o`_J zn}?+BJUM%g!McscbpuxNLKN20(&R+0(T-{JmV-t-5`wIgFn-2a@w3MEzP@`T^B;1- zC^7C^xkSnZhPDqthMe!OhVlnvP91r@3@FqJhn?24(lDwnpZ2bH{(ZtB`@(jCMwI3e zk?xUN`rCD;f>z?!Bcvp`*V3Ee8&iLP_UHww>)yiGKW)tQNoN|7!zxXF&+qaPl2ym% za+PqlWuVXL>3)!T?ku!@q9=t>+}7J=_vgK_Uk8%+P&1*nP7oCO7sRTwN4V|X7x0}c zcK0R|PGs5ATGPQA`NMbAOv;DeP`A8%?yx; zc5R&%^0$WwUra2~u_{p*(nXOO{B>P_-jR=?Fp zY|3w*WRq8dpVbBj@O9xjn1%aCJKaDN0=t`A_LJ5=DK|FqY*3a*%YCeU*CP|tTL$=z zt8#;xW{)W$h>2q8*-fD)-@8YSc({Ly#=NkaR0^Rw2wInSk{Ay<`4)A;l&ie}`~+i^ z*syKI4APIB%iDsXWuit~e;2k-%vGkh>4Vqm_J3IW>Zq#r?^_!Ym8+yuDkai+D8Zsj zT0lbSZjjs-q97o7Xp{yC=>`R*ySuv%Asm{wj`!Z*_cz8H?~UIZ9#6@BM*1~OB+>CAvx$0&l+K|J24WI-X1HrwT z0eeVOd_MRwmz~`|(b-{j*A)RGehIs{*W^gz?!W5Jyjqb=2DvB@YHB-yYQ&9w=GD4m zry>%PKwD)nD#!fwIAdaDPE+tY^%Y>;m$LcbL`B;q`wR2^EoWl{e9JiCKB8Jh%{UfR z<$Ls{4w@^N*fN%Zn6K69(_0D70e{{s7YP;7exE}6^b8qi?k7ml|5j6EXpNOYh@ci% zpj+mdkQMjrXp; zG0w|DNudpkF1(e1WD4H5(m4Xg-=O2NQf9J*qcaj9uU*#U+Ax^bl#rNEb?z+THIa1r zyX+beQqVV z3rgLXy@`)j*MSGLZ2@ea=oAJ8dK-Qz2}4ukmI%gu^rP}Iw zuppCEQ+s_JO8O^9k7$c!W#v=1(kCj321W8UmR-l?LZt;^5gtH?KzUxd4l)8@b+~o zW-}G>>AoP*j|K3^#Nf%O{bolWtD4h#2cBc4djba|l^1w1oVa)G!~61{QcFD0A0^(x zu`XI6H4N2E70dw;T2L3l642%0!~jaC%Y#4hgHkE2(Tw>mE?X>U|Mp(eg$b)M8i0_o zBOnavz8S;XGkWNqI9le?gvGtrI1pJ{4irAr87MHWa^f=GP>AH4I`Hy^3QeOHJaS>D z$;3QHyu*X0>_+{R$w^E-SG^B*RrK*<&)_|U#Ua?u9@~{9)G3S>Un|z1i!H76o+>_830y6z`ATB9uWCNCo&_*fky+GFR?DZ!W&WYes^?C4I?$>xg62zP6?~6gDVOoHqm+)OJHGI-RJ> z<~5mX9UOWFw>-}A`-xK-Eu>OvJ1)AkMBilxMK8;1ivt`-`?S9Mce)ksAQ10H7MO73 zq%~-5BelY1cGE`3<&6@arEXS@VOlkYu-#&JIxU(P95W+{CC9}dfSP^BPI_QD7ij?z z)*%eX6(L7@s$XTv6VtalJA7^c2ny^EUAY)Gv|GuUrUJ*~AGCIcA)3KZ;kk}h!5_?D zda>86k#-{~ISDgZp|B`f`c`@I4)FLbJ)hD$K1kz@m<_)9>H4EQsgn-7DpYS4$C~L9y;fryKwmZOU9F=c4#Gd?-hb7CtH358X z^MkHqYRZl2h=(3Yvpe-QC@!CZ+~?K3WtnsB&ctFkzl9K{Buwi1vlx)FfjSwtwDoRq z>-+R1IEy-xizi($JN7)N*XjuUS_abi-U@1RN==ZRy-!7k7MVMzX#`v?fR>s>syS_e zrQ*+sG6p(#TC+KG&*8btVT(B`L2`2(RuAsMG^?d9RKlpCQy?S&rSKB9Mx|3tGRRH3 z8z|qo?f_@NxHZ=JpceA&rdd@_BxqA5eE&;k>2xeL4fJy#f9`Pz#|0 zif@*7l_E+*(>2*Sk95#&6vvF~ukR>r=(Qf~?87=@M<%IrE;BBq9?}l%eSgCQZUxyo zRUH65-tsmK2N8OrDfjfxgKtQeqCmHl#ClemFhjJ%?>CHnOAI2JejbnXr!bO9lKZY^ zntQOM%vHKXeIR}eDx|*3NfxStUE3aD{-xCcSl7GLtFD|vu%)2?hvr=Vk~5o1GsPSA00&HTMb_C7 zNO84lI4r}%5H@J4*(lMd1`WYT>_Jip$rz=Ji%*0dD^&|}6kq8aOdzVm)w;Il z7X=Ig6;Dy8$!TLM!6DsnkgGb75&k7uR%l5uU_CxA zh-{U2SDw)Xk%ZE((Dce*!v-#bjw@E~+J)g3MX5vCZr+QF6J+e#w%N*K#fNUcSBs#~ zJcET@Z4tzI3s_hm)}|NKi@pXBhX013Dmj>Bsnu104v1flK&hS5;=}I4%Wmu$k>eIO z9cd2dRXT$EPvL$pKdR+^Z(Q@JORIJsw;9^Y$`9-zJ^(02_}ywfx%i`}`$D+aY{Z!+IJJ zWYd`xI+~7ixJU`v+1bsBieNPsL&Z8V4{#V^APTQqq4=%qc~e}AE&R-fb;1qt426)c z$Mx*$)+CB8x2*)z9c=t6v9S$z24Fw-_@$m32`K{t5CUAf^>51FQ z5YZr=SF@jv-0jN{VF{fM5Xnq0Cm};pz|Vjv#q(PU2h@-IJkxqXg*CF&t?p(d9bDx& zbeUemHZ9*g@2BT!JcT%cI)_G9t)il({$H+EqzZ<1Usuwoij~v}(Y$8UU3SM`Xa@s+ z{;XAnAd>a4M^3f#rwyNbZ#@0jg&FK%EOIH@(rkYrby-A1!?NfCYt+66ATmH);)$t& za&_6(eCAPFasnu0c?@=L7tmy!1w0RQ1p;F%95Gz`QvNJKf`aCKs}9FF9enJWX zO`k``Z}5ed{rDN@^s+rGdG9Xb>^hp}?t(SI=Z`MT`9$7t#UwjaV5g1l@WL9ky6n`K z2ZrzRe|1@Mvb!oZ!7}uSDotT!D-)CmVGXY|YbyN7$5AR#7mL>_E_B&!n2t6X*3s}p zQ_^2D=+IN@4$>#I+dyPp+0Kr*3?gC&613GvnMk_?ZB60?P3VF6&-Jx+dsAL@8jAHY z&-=&LCiCqD_=MD=>~<$rIxnKP3l_9u$bPntV#P(1K#bO6JQ@~u1fpD?=&J>@4(VBa zVHxNQ$wMi{T)NIr)|}jfFR&)wyE$BOWd2pzLcxn7B1)uMNbk~9ldwGci*n6dT8pz7MbiqNa&&&VPPd4$DP&IV2MxG=kwZKAkrg3`({xhCvb z^zVgK8x5o--HRamGGF-7v{y#uP_bl$aZ<;`hVP_K?NXhAdFz^nJfYiWQ z^4}N8yWr*lF|eTH(lhD71vA~^)7}AU&e-{-B}STt=ElM&L3n9Mz%=u;uk4tdbR{DO zkg?PQjSb_UO_b*d_a7W~#RvD`h_a{;6mzo{E{krc4l61ByH7=iD%5pXm_b%X0j%P! zHb@qE%sXlwl#5J8*zLLI3!pZxi(N91*E`D_8@^!BG#_r$4yr((9Eirlj+@cQF{5Z8^4`fo2W!3mhV zZlDR}zgg50O&-z4-LfeHg~Y=nrM)`Z8h<>}VFZBVPxP0cTw}k4jJRIXbd+cyG<=1W zZYBOmOfA71egDMpm-BH5rw6v8aO@}SuQ$8uWv?o?_!g+9C>fqrkCU%J2OjUFP032C zC2>wbi8#OOEgdp_1n>zvAA|UCOXyjdCQsXgKH1$-qF32O?-VJ5?*!nZvzwZ2r>kz0 zTiXm~xk#r zCtcrr#HJ=_c2Mje@~Tm^L`A7}N&L7l!oM+t&tg*4u=%JwCF1e!#KpX$gqGvP(?>IKyDpQ7zs3MwW&y*o+fP4(BlH3odJSe2EkRcM4 z;Op~lp{$X05!^HyDjH06^D72I zcdKSLV~2%Qi&4;G2}M0gR*92|iU=J6G558+**kZaa^t3#`%CIT72`B~+A*MC;5kVx zP<|!27E%dtVlsZEA5a7<#n<82Da3TEj%*>d4&AL!e&*^zf*xCCBNg}tpG;sfn)0IE z<@Awo5?qnkJ@KiME`GrK^wq33RxjeGwR*asugz3$Tk_7EbI9HYrD-Gb6u+vETz*@N z8vO2~v-*M$20Wz73l(W>i^f0P6cwL8-uiqvUg&GuXI0e^b(^{Grsd*cA2$mra<2)L z268(P-#_oDQU1Nl=h=SeP&Aerx>q$3Im|gSHp9fKwJs5QQJ`x3CDQ)J%xaW#t4=`c zE_(Ep+2b`Hj3Mj*_M;c|sJsR;_V%HE3o>bLBZ9>+*i#NYj&F>F5u={l8IZlDE5AVJ z8|r`LZEXX}=zzG&4)qnpXjwVpO%^sAOm?_e7iiqybmhv$hQ7fD{-W>ap^}qn3-R3n zGSc?^2nP7=Uc|cFT^+YXv+NhWxpUu|%^iFnZwJ4OkmHkSvRxg+Ou(?0#i?JJtP+?M)wU%)X;in=2y6?=v-J`Eki3_)l5W)254N!m^NRJAFSjyJ0 zNLN}xwuMM(&u~s~1+#dA%8Lkx*m1##blv!U4dQs;eQgL=K>*kHJJr~gq8rMdq<2?W zK@;!Xb3XnF$bX}UoaVV8NCA@Tu#}`qsp$Yl2v>xx-4RQn!+AGc6VID1cjfCkdV@%4 zdTiG!pM!kPq~mUsv!)?{w_*!!H-h0*X-&CxvfwF>&rz}A~ zrlna1;>bb#Z72?uI|>zuAr|(-iX%^cZsQU0=}NY|x8LwRFpUmyURH8bv#u zQ~@iW5wo5Gel;M8fk(mSy5gnRbY0R3 z9xv-OBR4jFmmw9NyBV8zwmm1pf3(e=&2sxUqkK*2`?9kq6HFr!6!uAKMCJeJ9 z=O?MZShK{^g&CguNf+wKe&rDyevw_V=rx6bpoA~h&49D!)!2w_Snp+B^gK48zUavU zC`rSuvr10}epRSiKLHq$!&t#@SKW^ELz{WFTuopbHBNc?qQTh32#5#ZJ0RQkBD7;* zS;%a2N>B+I3l-A5(8*bqOcgA1&^pZ z6;s`>IDHL&_pc{Qd8sgfM~e_L5x;<>u<4XestqX%t)_xNCUP5q{ph>L39F6}6suUt zJ-j+HEFI*31f)u+fP`u_`I$xmejqjq7t4Mee1|vMaX&xUzp=<+WweR^Nqkt#VWl}% z#PX%-eJb35$#o8%1@K>%X7w|WS-mgPY_%NxN>-i~ZaIYLsbB;lrXU*whOKdc^|$fm z_p0Pr^&EeLPDL^kAeT)fROag|OPbF1^h*pq>jYC}3g7-Cz3SwA+E$#M9)tng+W z*z>rl9ckA$!s?TnZdVdp@;|<_kQ&4(KkS6{8n}n}SHJkyLb*wIU?HiNcP$(9%vzM) zXgR8=mQ1}#qhqPH`~tZfn_u7Ei<*pJF(cSVa?DNFts$C&+meL&A89Os$OJdD1#6%> zAvd%ouK64ymN7R5dyZ}98aL?+r9du6!YkpqKsCN24|77hO3r%)cztzpqPJxxZPvv327gM8YQDATFhP4kU+*?!0&$|}yVga2C282`K6Lu0e=!t= zqJ{0j4;24oR@Y#6!ZKMEhK6{5RMOgZ1&^BmQaN zZ#X-Jvf9MqaVq6-WF;I8Umpe!h7@YE7(0M4vs7p)FK+q;@3tZ) z1Dz+{*nc^uEaGzi5Y(4>zQ=f|+jc3=j8P(upEKAHSVt%eI2$IDH@=t?iD$9j)=}cR zuxA$O#K{_zKU~J@V_$eeaJ!D`l6-w84?}tH+xH}lGz{eL@Tqb{*0XDBuFI7fsvt@# zDZANjp+#|I${C9L9}O;>6|rI01C!gnr~!>-9nuY7{1Ca7Wj1XMWfyf9Hm9`21f-G~ zbH@F+R<(1WI05V=j&1d9hOD1E=>Y0GLAs9}f^zJ+OV^(5skK#}&R;MAmfc+Qk!h-e zMD`d+XDvO4Z!_)2sz^@HfqEA7bB59P)R}RVj{K$yvF?Rx3F72e&kkzJt1ezTTurR> zPB{dT*Rktr^2~9v!sk2{qzjZquw(!oy0;573)xFgr3HP0{)W^*O#=XG@3zHfH*%o8 zO@-}c?=lJ~_yr6ubfi>uE6R~E{6m&B@&x*AcUS?59uzG8;oIwkxY~iU9SG{412XmI zoqxAK&;0FW`=l(>hOUkR3ciN0z#@d>)YmF0*V=Mh7DLD$vBUvF~ zbC7<3B~uwz34Hp7@-Q!BR!ohngf7q+_CN|UHL6f@{J2scho}f%cw-{476!DIoD;C- z`f~zCkFp#|j*|87f&9cIAU|&o$xtn-bdUK()%ah43WAG_AfifGQ*#x#XfSryJp{)O z%pxktbLe(unS?nk=FeZ`hVc}*!LEI@prKP49a^OSeDC5~SM3(i%@RKra2LN-1fedv zN}Ws|vbHHq`P}pltMfid;Sxmk!F(Gvb@Fjh8CzYMjCtG14qC*0dP*vg7t{EiXGVN+ zQCa=mw#CZ#0*(d4Ywq}{O+jEp+om~Uyu*TOX7EqRd8AMtZM zk&_UmzUFj~yFR_6);>U(LDTC&ZlP^$B5MZtWl4KUDu&mslJW zHl=+-EJB6jV*)8=1gXy~OyNVQEVne=n9ex{XKGYUfH2uC`-4*8r>hP961a5;yZ|bJ z3z8-aQ;{=~M`19(tqQ@Wll7;1L61>hv5Q|56e#Qq*-2q3pmBIR@*eE@|7;GBJm42%6k z)pME4s=!eYus+nnb{T+i0Ebg`wa;_swj~&_Dcvt9F4Hip0)S|&&?7~b1!;^f!VGJJ z;>bV7Ek77o(Mdg+p8Q<^dhU3zLqubF=s5@IOH!kmD3!;jJxR5n&h6jEk#-vmw6V*s z5@u!eD+Yi}vJzp)+9gb{;kbt@rmoKJvKCJPMgzIvyLS?eMNOIq8|Lj`QV7m+Y4?*X zrogM_*3Ai3@hb@9v*v#M+(W|@;CUL>{a%~{1n&Djp%SZ!vq#|mh+;o`mITI=s?7ap z>Q~c%R|GUJOGLh?6y2wF5sQ(<@hCwla)O-V{vF`;8l>PDWl2F>p*?}tVBGf{rczQt z{F1UD7<@v+nb@EP`75rbGjppp- zt1}a7TS$|ylHuUc*7LDZzq-ysK4?Z3d|mfkP51qKDQQZ!;#K)?*r)Q;BI%g2kynBF{w%H5WJ)fL71$}f&PTVHJ{w$T;toYL1`mpvm@Jaovw#8eq|cGu z%n+&)sv~A`Q1RPH=|*f4oo*6+Bn+PhH2`d?zTY2TAY%FvL|sv7DtX}+(}|>F4*Iz= z!5Q$a^&AtG^g$Cm8?f^kk#89BWYU&y0>4?7BW^=(szU+6xgw7@J_m$o;=yAf7Kj2J zgqY2N8uE8WsT$;<0z9-FAU^;ffLYZs7|IG~9g&IAmhXCF_iGY$G+`h_+%x+ap|K}H zvUJA#olKH?ayG~oSZd$1ANaj`mJ{1ZOhkbK@02v_rc(~9z4l93q0P9ePiH9vC%2}; zeJ`d_8;b@GdghT@Lb3`%;M?XNlih?)VRc40iTCa%WH2$T_cUE+%g_2o6&%R&`64PC zqL=~Wk=mBhBa+VdPmV^+G$cE|*caInoertP-WHD#whP4;buym3UQdbAYoq zjlP&~Mk`ac4-(`6yhXfb7BxXvCa!&u;>(SJ7Yqpn(kfy{fi-KTXuF%cL&^%fS4n#Y zcm@8t{*J62oD-6Rou6!JT>6OYwN;$Xix$NWxGEq26}^>mKf9L7V|8aA=Ogp6%bCwU z#6vJ0^p~E~@8atme+VtLcTCx3V$BB2JyNplPO82$)XBB*0xbw|%}pn}G_x=p%8L(_ z5L7T3n2z-PiW1eX7+uWURx0~sUg7lCIEn`4dQ?5p({Bu}Ov#w*=7waR<=wzPQZfyZ z_R8>AqR^ieGY75 z7YDJ6)eTx$yW=G1ajHD|FO7Q6TtB`hX;OQ=ySAIlKa9HNor09Bl(0Ga|ZU zz(EI4YdYb|v&HITU}u{=@3>0=8%Rwbz5Jk6kh@t|$Cfd*DxlKC4Lh&=t0gz50-p`B zCuzBNybP5`ZIMwB&1i46!F|hFPanG~G=gj4998KUB32&5bn*m9Nx%sI9)1hB=M5yR zAXLzY)K&e)s0R!_9JJDs^B#6EK8fh1{+Z3dgt}4x4>>Q&H6J{HLJW1SeC92V{sRVE zFHj7_`!H|^w^+Ez>opCdO_N~y+IRP_M@P$>mhRbx>x;})wW5bbNB8@zmLvrIq+GUl zOz$hypYD^3MTLBdRCjxxc<6wr;1i;$-9Ec{01M`rf*Mvf8pEYy!rK@#vKQU8i4YBl z@;a1B%Qq=>3;$~H6kMzlXxNcm+fu=S@OnkQb(>O`RbOv5o^F zYDHW3zt0g!OyB|QsPUIGEdwKFSH_lm+q6&2mTTY*il`j!?f{tiK-|C6pkt?bgu+u6 zxkf@ArqV9P&0VKxD!T*AbcmL8S6ulMdqLINyn~+)A&>2M;#?uD`~ic+cuvqjtka|Af(%kcZPC-{M{*cd z&QWs$MC~Is+ksAj27U%wa$_C}48a3X9FHkpv5K>vnxW7J=T7sYSRxO0T3t1p`p7f% zA4gp1M?Bo819iDJb%|wZbx~&eLCX>Y8%}&wCq7sIp(oz{axljZNkvDRRsh01$A0@^ zKqGSpXAZYfi{*4z=T5nHc@vHTzU(JvfpARRl87d_c-ayh)&Q$d_k2{js?+!eWPRP~ zS_qgF4MvRl_*0{9-ZKKhHwx!QD-b{}n&ws+F8?>z7Z*s;KdCbH70iL;!wbWEiP3&T zhfUC~>L@W40bUw`;SHg#@uj-8W&h3R$FS|os@c06e8)BnruaOfpL5b6$5z!mU=F~y z7GCL%>`L2ZzYt%tDl?f$cF(x2=b}b9u+DxTzkAnsG5ZmT!;_c-l-Q6n52yt`@#2Sy zdn3YJ%aEg;%lKFo6JHe|g4u2ANl~sy8CB~2+KNDEW2w;VMCnMpnI@a^n%YgSgr50H zk7zt-Lg@`dKUjwsaWJcfSkeXc0 zRwqs>KO`JGFdPo%G6%S_)SUw5oaRSr8Uus5h@p(p^jaI!iF;T6&`71_BggOpD3>s( zL~!*7yMBNHaqf3GUg`$tvwQeBW0V2?4&3C;(ns6rJ^)s!^R+(&)3w+}k1#Bb9wy9- zWV8WG9C6#)WW{=&0b(EeZ^9}D%F3Bw7HaB#7yMHoguF~CqPZ$_{=|tjwm+RMPK@fp zUZwNZ>QGFkQchCR^(bENuU4>K0GC6HuB<6Ai3!=C1j1|i)SnA}iPe0rw9!1U31qA} zwXaryBLR1mYDRQ*u&oLS*?*1u>i++kBKwC8`~Qg{`+abSy=u?37d2B!jyvyTWD)lt zzbt@Y!1~{o3(rcjso=AhJ|A(*;1gzFhu@6~eMfszq2NH+)mbsHZ26WR8E$hO!SmJbM& znhQYEsW?WCv3C zLAh}pBmzI7O#rz1)RutH^_Q{lKcKdtp1#;y_z(>&u?2>9K0hd8R~QUjFed1Q1R9h? zcdCpHL}E8vUY{G4LjYLavgns2?y!aRq`)!@Z(|saBfGR7Q(bLgY%&4-}Iq-0! zIgaHl4J`5#FR@KwnL_|#jpka`0cfo;Ab@5=j;A3>0~51?uHO{=FMwqV30{;EGi`@gY%pQB6I0Wl_4IH7t`V1 z#x;P#Pra5ZtF&{(er&GW*bk0Q0pkxE4ns{)sP1xa+J-fkXa$V6@z8W9Aqly9;3Wn~ z0fWpfgn@ocD}Q0${%v` zvU=<~e|1!xL!8Zf3qUKh?^9^XLIf>8gdKht+y21i*&=#D8~Z>gF2gRGSKI;{6mTU2 zRWm!bg}{AHdgER`FeFQ({f$IgOG&5>xBH6RyE+uoyU7I_kst9%V)E|mog^3|Rs(`y zpslWj;b!;R$xnP+UNr1!$TmFe)dR6wqycnX%0qdtwlc0_7>>7s?*Q1|qwXL#1?(p5 z{D=aUDPlCU&{*&B`;EEoYk5YkvFbm$sv`dNo|~zpKl$WSd@Z<3mWNmi?%5`pL2&}& z_C^e;GO)mL)`l$NP(Azec>X-3ofE&In6gh*)-Ae!386d~iFB-OsHTmF2}aVjKdB0R z1SIWsgv3*`Oj%eDah#BfhhvKUeAYu>d}rGp0*7iLxuYW~0R~EgCiozu_iN9Le*_K; z5M)BYiY`J3>8MvcB2``;%&U4hXT?s*{^t$-Sz_QnhdZyC%^Vb!>*^@pL4=UQMCm|O zk6QX7DO4SI0% zSayp@hGC5WMNoqRpN;9> z^b}ANe$@1xb|v1;=huI&o-tSF^;XQC)99%Oh5@j9;>(4?a}x}B;0qx@leUms3jp|J#;N8+$Nz;Y;> zDf)YS7?^x8AaX--eKvZ~__4Dh!9}a0l9$4{{1u-<3Fph$vb882?xSXC2L-izC=8ibY8|78kW) z1#i>(_C#|S9z?Tl@uNQW?ww{=iDwsZ9zQ%iQGC{UK%+CQL+|&V8)Xo%Kh2r2>jqE{`*y0{dpSOqrkh`p0Vo=YyY5sT(hQ;80bp!hb z*M=XT;N4%QE4kMkE2QhQG~RBrlJOD!5?G4{oO^qF+7+HtxRyoEcDEbv@84!k!1)1j z&X8#g0K>9i%rybjDWD_5)1IJ1UFyI+O%{IcUtoHUpH;;}`3>dyOsM$6>QwFuI-eD*DTy zI$#XZ=9>r^TgO>vuxd)jj6A~9TmXXrcu5gpC>cvbMh!rbb{yIVdh1*ShSs5dU+f`n z`5~=Q-1%M%7H426=|`o;C>M1zDQsgOCWZmml(FI2r0?A`ZFivF`AZZ0_&*BWo;i95 zO&EISQ~?<2D_kkYKk4CtcWr;=s}SM<7TI=miOESz44-5^JbljcF4l=yht_qQ>hnrz zbXcqg#96RzEWQhfQPVb z_{d890@|hwvyNwAfJ~PNSS4%)iMDt^ERj^$V;$&!Ctm-#p{ZXH;&O_HL%<#|APH7lyl4`yw3G}wcM+hd)RsWn_YVP#|4v=tPww&W|$$m*B$r$WIHtk&7`sU{NS_N zx;a%z&TTdN`d4kk1?qF^Usn_IFG@VaLYtWU8uqWt(ARWpKc==XX>AwhhSh!s90PIh z1X>_iMUo(2doQk0ELyY<0z3wFN8<4Th0%GVktDST?4kZcFcBr z9Ta_b@}v)!w`TF>MO2TihBoJ`_ZF zWNlcfEGN76pesdf!*U`{$m6MmB#DFejVB&rBunE7P?4L~F|cw`g^IgE^rAmC+2oOT z+S)I=#O`QON4Bj#gc}87`qeE!wmwn|jk>;52mMr0WzjYXz^e!1Ua$*|6bFKvoTGv- zx15BpyJvLBXWJA#Q zg?zs<9gv85?(YiMW>jzbvYMwH(tH9ciR+NnKxqXmK%_KieW}6^c`4%_+{k+Sm29CI zu=#}8#4#=sd$tpYJo_6l+% z@kyR%4N&*tu1RPm0%8R9)nJr?dN1Bhrb0@0Um7MAXb2!CxZ=0|fl)d=!R_7owP)Nd zcj90z=T`TS{A30%A21*NyEV`|LrKI$Hz&@&7i(oVdvJDz8TT-b3*aYaGU;wigwt54 z!#OVY)}%s-XR8E}&&^NvRSa@)7$1LT7JiMKc*9h+2rn(5+Zo&eN}eScks5|Tdi1_r z6?Ro1u{sj4fJ2?ot3QuJK0?HP_|akLgQfZPU^{YtH)jYSTQu_(kMn^l)R8I!BpQB) z0(wwXVs799(NS7Je>-#4g8hCbPM2(wN+V^CK%ocXaf?=G z_} zrrRLFhPwJKB1$M-3>OKk@j=1f&##I$=?C;_fqfHV85yW_j>;pz1nru9DuZ)|tH+3q zMpl5$AINl29$)De<^lID&?n1Z>K7~f{!rrM5ss1}K!K}_XZ~(XO;>8{$;4#3#l`@i zbl7r9)GB^8M{XO1{#27-^+tR#4p;4k9uBxo6%91$ML@I!!6Ixwe}jrg)`g)7WSGcP zH={#XxFUD*w;>JilqTY5;FH&(97lD_17=)~8XNfLjcWt}j?aHb7?N6^06ROjxp#>1 zbiUWwTagAz2qbi&0l!y8KQU4zoVp_=xObaXABuiTBJ~TTR~)rmzO@c52${{9+5+Xb zG4<4k56+oILpVccgwI-kPYo=VAw-JdzxtWpLHk5N zYqKIv6atM^#D7$aei5-PDZfgh{bBu8{kmWay{2lJPQQ8BGbRy0g@NH_^%@rl1H(1K zA9v?jV+#=Ofs%xG`&R|zB%qW5@^U+PahR&BvclF1zCvWdX=53 zf4w!2bm^)+X7vKq6_{TP0N<`>G`7$4=oi!mzxG)}>$k=*O5tT+2!A59R`beb(AmJ7 zD{wx3l{@3t1^H1n=s*gVP^2X&nOOhQa!asJ!THu?RAz)&ZH9;soq+60cnUK zVIxm2ecZHgsHovkqZ1gr-9w@Tgm9@5$qC#vwfXV+CatXgr4#fp6nQpndm-Zj)-7n| zft9uorZEPP3p62Yh?ywVlXy6pO2CH@4;>IVVml>#ozkLehJtHv#Lw>7RxE)~xUCqIH`*qyR(t z^9k+)fSv|RExke72~dp>?l}SG;ty^VRxn&j*w39faa#%9CoIBr-!H@m>a z$;Ziox?pH!fcw`4ZeH{c@-r-daq@F;u}gxY(!}8gC$|76`o3E=r!p0l&!M>= zrs|B5vF6V=cX)+Qow`1KX23X@=vC1M4SsCpMVhSf{dEDcLP8D{QgXH{XIUuiyf`zmcyjCj`i#7w-}sCHy;rxLM<_e zKJ68SqiDY7ub(}}DNAZT%M3-qi>{)peNZPYn5F7dz;?g%dSLSI zkjyKtQsnx)AEQof$7yTvVHs8GrE1DEAU%6RY$IUqcWMqSpOB@8(GD`z|Y;a#FH zk9{18Lr-0~(`6tLWtg01qQaW_fqPY^aN`L}@Br_MGWuSypM^`+ZAqp{8;19q$_!l^ zd49H9=`t0W-%S_VXedgqQt^D?W!O!O6xr*X!nlE%sv3daJ&?3HR~L%eNBN zgF=|X#}(o})HxA3%Cn?z^O+gEBng%ptx55IcDViH9n%Zx!@<6k37>x3nd>ZD8K^)l zfdyhB{*$3GJo42hPZy<1)i5aTFxMY{rVS|{_di3K55@nV0UnnVdGRDG8Y@-Dg0_<^ zPXRndxR|LVu?EDlf39Fv(&(`d7UIf{qtpR6z6}gmk)*JWbI=4`w9YMbNNnlqXfL4 zO4k)Vm9AH-zV`3hz{$zW#mn)Z-$VUb8_-2$znIZB5@qtZh2Z(wQ~Vr%U$ZaSFBUW@ zQNtay6kUT%kuOmL2_88==f9VW65##Msrb=~zNi2B_IuVY`J$&34R_C={p7mv3E{^6 z+r#BUcMRjPp~q+%$}dISE}mvSV|VhzxA&K<{=AV>e0=E28x2h8j}moc=x;-Kq-f%s z4ZkjF{QJ$ByO(+Y{w9h8_s!erM7b^j#7nWn%!2dc${|Vm=>*B#^7HQq2F?XpjaM^2 zNN2&2M7)&>9t&75Gms4Q{*jwu@6Y$(U7O9BQxAeJgk8+!N}Mm`a2NI#HC`hnAKcxc zI3IMCvigDp#xY6mR`%DYZgTIDiJ9f7=)1CopNs<-CKWoV{XZ*xGdd^b6Xc7Q2scB{ zvc1-@VBI{=gnw0wEGQ#fL!Hm~NByY)ZyQgy_gVIbm-l1GkwfRVG;!Z&$fY0gom2hQ zc%_z+f2@R}L-v__$yn#scdglHdBb#XteCcqEpuXY9k`$D=aY`shi%+Aa=Wiy9U?r~ zp>6KOW>Po3qoFx0^3i$1=;FTGEe1J*Q1kc(_SWu)tUimh#1C@He}7-TYlFF&9QJTQ z=phBM#K#8Pf&dw&TRqE#@lt}<`iPl4Oeh6tWpwJJG%smP<-T{#Js~MnPY;A3U>M)w$7da{LC@SR7(?`cV?!rIK&Bu*Sd)&p3u6jLA zfM%j=xQV`~*d^;7M%MsGBOFa|G{eyXM=Km{aJ0kG0Y_(17+u$^^Oye}o_xG0UM>!_ zsAJE6PIv?T#j!`e$nW9w%Zs=jii!wrFV}VblmG`hK(31ft@*A;00~u*GpFGEs{)f9 zZhxb(*(5Pk?+Sn6=@r&*?GNXfEH!;bCZFzMg=kHS82Xuh-N+P)oo$JlyDzck#((mZ z;Pe>*12ob7HNk*0*}C2es5Sc=-^P}TPTo9UZTp0Maq(OAAg%Y7z`hx(l8_yR{7?+w zWFN1rKIcx5KK(o82WAer`Jyi3-gCQ~c;QvwN8YeiG->F0x$J1ImdX2j1@b~6{ZGT(MRA|5K<*pY@+viXr(&6oWJ6aUHXBysG zSQGV7`L?Brub$zYXq8-9+C4{eUS_rLgJY%mhv>G8BI0%7*Xd8T-9b{-rHPaxkf*0= zhhN2eHOa6subBpAY(#{KcSJpEyvFPpz>AhsoGmLf*&oPKZw|_I$a(nnhodE#2z88J z`F9C?2hO@Q5+C859#@vq8Uhp(vFm||f0E2-*M#&;X|idC3O^p%donozrqG?N!XHfG5Grp={U|>QI42yb zc}0G3_;)4t#)W`D*P7|ur3ozzd!x1zbmWRDsTA=Pwr>NwT~A)F8Is6|>Q(bp`e>?D zaFw_&h(b`@P5$lpF8{CxzpJHrnXX>q(FyJYIrJ6vbHwOD-<}Jn`8c@H^S(VO^!Vd0 zX0+7D9vN>n#V$Cyi_{c*25Bh-{%a-Y;o#!_Zvm44-=Fn44kJc>k^sH@xQhl|d!bjp z2;Pa;r_S|s=$0No0+8BQPi2s^qD}PO9elGun7pCZ4So=NnHpPvgkRB4=XV7pNf5hhe)T+yoQPL;R#ECBq4r zox{pV8J%kbyn6662TuB2ztk;py|;$L{Tk&py0%3E3a54~p;gTewBU)OX4YQ_@c@ zeRhL*Kd@bP`OVk#77b&cuNu-{%sKtpsU3`k&qi z)t?UXjMNy{f65!aS{t7y?7Vs+@@&c(70TAD1`)QQ^;zbJb{-A1n?yS9g%Jpc6GN;g zugn8B)iJkvBSlWDM~`|C9sJJuQ_EcQl9s8V3@s79-S+qNvihC7lk2w0VpKlp1$$4G zu1ORg1-m6S`Mza77s;|O=5^0&d@wrVMz{f0(zPjjs^xP|%4K=(j8?km@L9i@NSbai z+>F~}Fi&u}!ncs`!7ldL-q6n*S(Izc)ZI?ru0$QA?iSeHyt}QxUU9ChyLn115IY;- zNjMm|bj$j==g6D)qmCLmGNQvhtGV;x`F@d(Qby$cGDUjivtBfg-_+_X4@KrSB@#4IHOy(`zyzB|Jg&hYVZaiSx3h94p^ znoT|i4S^$d>ca(}vxl3<9@9A#r0eAq5u0!}FPiZ@Ffg4TZN{_-7#$UpM2ygXc-?42 zfP_a;xw*bo_CIzzaDPi1eSfIKUeqm^R^lMj?qFjqK=gQZr|#k9qx~6#dZM0*QkTa3 zmUy;#g!M*g;S^)sdQqJ&Qbb1PPPK0Xp5=ZWD;-`*ktVw;Q((AJ(&r)_bol zh^-;{Z7XMwnU41pC+Gv$-gvfe$J@%YKW%g29C)BDliqeYuB4s8{L1=5;&CwwIm~89 z4p>+9g-DPwyX1aaCW>vTkK$R@oDnX1(-7zU<_R9R2Q`t!wjj6Vkc5du;T2`U8XMPUo4aK8^)< z^@n=tzmXadm8FP%x9z|#nS;NOGXZ9UpV~qO5^Hzvi+Y+fU8j7zPS5@-TdP0g&~NC6 z!f9`!Gg;#3FPEo}3e6JxxV;W8@ApSP`LW<(dRDJd3*Vnv-&*f~k@e2Ok$&6vaBSNX zOl;e>ZQEwYwmP;Zwrz7_JDJ#+WaiE1-rv3VTlN02s-8cd?&_-EXP}|x7?}NQw7>3Rk?BpI{>WD& z3$+$y4*U*g1Gtb86T=O5ie)|#x8=V+1K`@mk>4ZEfoRK%PN`8} zcpA%S=VJspFcgOv4Wbxf^$CHKyPA-Eml7-^@LX+SF4-0FvoGI5f*P+#-nB7rX*%Fg zCsc1PadRMh7%DF@Dm513B(_sxmF(h2^7E?8s8T}e;CkgXiGu+?hheBykVCBkEXU8& z6H_<-%Dlx*Qnq#_D<%?Zk$&BwkvG!U869491lOJ4(hRFj1sV*Hx#CgkuD>YGm2^pi z25WF_>nRJ!W%e~f=|(8VvuWzXi}3;G_9{~Z6eI50Mm}IMd+Z^rKbO`Uh&Dsj5(w^b z@gG`M3js&U&o4gT%}kRZKtRhWux*44B$+cXR3he`W@19sq==VOM*m+s^!TkMj(&O4x2|D$@qmawt%*O6f zYi{GRR3MdFlc3W)3V}eg19^ZjA_u6;(DhrYi1+>|_r^JjZ}7P+%dxX&G~>}xCzcB| zGkhE-MPBCs!{Dq5VKyjO_b)P<>L$FO)>5dE<%PmP+zqef!za1dayqg>N4Lgk(bDf$ zrpiVusav#b!=oy@#Ry~p{&aAO%NT*+8{%^1%!H^>4E&Xao#;=f4X^;$0Xi|rB#AZA zuq8RdUPz0;ag!7NF%+n_K?7STlH6o{PO7nk$pO9+dp>X%TYaqKrvdJ8s9O>y`FMF{ zCmPf(R|M_#JhZMW;ZU<;x7#)a&|O&EV6;8sAF^U)^roqJyT(CjN~eR_}fr&?O5476t9IC z@n~#RKr()G+>&+9!!*SaI99@02^Y2UZ?ak{d-bgC??aEyVAFt>3fYL0f?JZB*KO94 zqWWD6&oO$Io{%yq#EK46P%Q5F6US}cx;v*6E>q=#s%u)Cx|6@>8Qu~}4u#~}T;H)% z{eHn9)Z>PYQK~ZGP>8?WT_<$_E=AX~D#K#5e| zK}3z&C0AQOrnUnvNWrw7BAQ*EnYkdVbt8v>YhWjrB#9=4O=;Yn=~^eNP9Y?|eh6yj zgKneBud#FB`qTA8yMBUBPPke~NGG|mbR)vs`*^G` z+xS7=c`!4aOHq6k-Ubi3e3(Z_F|kDgNolJ5!-X&V!*M|D6$USa*(qybJ4aX!C`lbM zT&r2agd1RND>*#ISjt4wV@l8e(!{9RfR#nGSMs~L&z~dxTFyVCeki6ccd=`Y2o<21 z(N`*kmZkZTzfn%`)AQ*$P&mGCtqCR8A4U2M`DnQr-$OW5;UAP>yj<6{e%Boo!rY9{ z%MGlq=GjlbDiRpQ0{KSotN`*X;^{8t(BGX#H3|zzw+&I*N;fW4qny{=93R)YyOVO0 zZA3Q`VP*vLB7k^Zpt+I&p`Bi9UgDj6j;51?;nvz%L)%HXOIy*h-p#N!a2Xaehz{ov zEn&8Y%SGQ?YLeItTw56QsEWAPKn$-B99D}G-nG~ZV9%m2lIe{z)?J^?z*v)^P;D+e zsH6g9dLI)Kt)lA@2)RSZZdh}`u)8K=5$sn~5Xma+n~9AuWM$IDGK-U)^gqX*ac^va z9y$oaTDFr7aW0#Bv8*$j_(qni9we@`4Bjl>!u6G~$?_UcS(8EVrtjf&8eaIgDjNvM zG=N(Q1a~V*6pGkZ%RLtt5ZD~!%REXY6NUq*h1D(wL2={9M2F_)3dPbhW6FL1s0XM?iG*TG6Bn_gdCHS*cVruB`E& zxfgR)cLeD-`M8XuFT0`958t9S`U$G6_tP-@pkjKFL!f+P@zAGeV__+?2{2LZ>`(`o z0a938&}Guy`GbaLI;` zw2>q|9KbHhb%<9Bd&+u%MrYix)>E3ZFZm$GpNx_w>Q(x57t%tg6j4-}de0@gCxE_Y z6=4d8G`b#B+Vx7lWs}f`UiwEYA`Sqq^C`m4%oNfuM@rjcv!SO55OWW37pjqg8hdJk z{xF(W3y!plvdANMq6<=vw25G$HTZFDYiVoT;nON5Ef790S`_eQMQZ;6Z=LDP95f0ZaZS zNhF?b#P@Bw&KQ|43x*y*X|v?AJO*8u7VKOj;_yT~jd}_VXp|6z*w_hcZ0`h|CigSV zqzLW_19dMrQg~{(q;yZ}uC2k@@GZnjY24-a+~B^7VeVRuIq>R(t><5btlCK9_|cHE zFFL7#K%AlKb!B*8zf86Djx_-5J(V`Uh?8D;Q>}?5A2pm`Z=q0bnCI>r;?K-=$8}t# z;h7Oqqh<<~X)(Jt18Gl7dvCw&i9Mb&tyrBQ8A(&kObDukS>gtGlq(xdnIq6l86k@O ztJHA}W?u@>IWeR!g5m?i@%~Z{tfS(Edo}imoH<4%ecY%9VYoqW4E5`x&+%9Xo(@vhQNFUYO8<%12rSXI_`C z{%HotQi^r+v*806NN>MR12=hc`Za%|she824U=HzedpmSTuz*dEm33|Eb8ewA3_yH zlk2~8j{=*N-t(BX%^auq?rIWiIZcW~B2c~h?949*J>1>EOw!GZLb?!a~(3|qjoWTDl(9)_ZzJv5I|YYVkO z-oi&%$n2kc&;32LQ&)(NSbIvmZpp5+6yUbr&@~Z!zI3IhbJ74zOq`lyjmZSYQ(3o3 zjFF=-uO-R}XG^!_{?s?s@RmDbJ}l$+`a=a{+MGix{|Gb0>X8Ym%Gyn$rfIYb(9z}V zy(cO^RdfKxJ3`n6A{POZU*1NIJ{UzNFQ+<+*X8&0yPTg~C#+Jsrq@%zV*a4Jg63sM zEP+L>P;5WPN;O|HQ!7!UmWCb|4ae)7hQ%n9q!1x9i3UQ^$JOCl6S|h94v#7(tR-8C z#>)^GbKq7jVb<6X3#1+7PGkl_)3=Gh4b?4E7IVN&P&V33O?wglU7ZHX9YzzpfGQSu zUYLJRVFs_=wl%FZx`ykqMbhO}L}RCxNSo-z9S79tCEgfjW~qonOEt$hUfrd!YIoWo zVKp_o4t+5GlauXeAhd<0b&GANd~ENONYI11k6+VREm>eZ?)EnX%P}df=x1HU^LZvi z8wtSb#ALv>{ts>ns+h=zcSmoW1V|X;q5(>vgV@CqF(CpC!53#Q*SBCb%nFR zx0u1*(%T;tjYCH_KR^6KM(?U37X(4AFlFlOm$4>y;YxMM)b_D_yKuv4Ue*fb!V&<8 z?&{+-WD|Jd!K@`-`N>bPn`?tF;TC#Yf^r|{0L}48jN<+b%*JS)fqJk^7Jj=o{z;m| zj)td{)^Uo`_n6b%gE#t2_(FQmIp=RM1qmds*XkC-O2Q^K%c$A&OgM-J-m%PKbQk1f zmbc~$fCD8Jb`oqta?kn|hM#rIy9*9gH5nkd^2?O{dX7}Zk9!IJy)R2f`F9t{*Wdcq zbg5KFN=7P64S!RwXYY2sAvgBE)ogx7IG80cN8{?&pP&jaygC4f^MW{1(1N=d{(Q*% z+`(Ht_-5m=3-I^<_#@a$VReiA*Y`H?FZ2k*z05x}3L!WfD-)3EV~hLW>drLB3JH+p zPX`AmTfVXc4k&sAC+Er+R==?Jh4n9Nd||VVlXJ_s7MJ_~aV%`CoLsE`)Bo6*fp=sR zT)?ldBL=2^Y|-Waqn6V5&AY*a4nX`P@hBn!U0%2FaG3w2G_rB9vHe$R{QA7H=sh|Z zGaGRK7bH1gz+saKq31WP8v{yM36(Y&0=V@F!e)(DAYpWFYs=8QgOummO#+%Z@Ay{9 z#a@VgCdRjK->5^xAG)}4n2dsoqy^S77Q855ux6H4PY%=G778X-m;Av;Su@5gSW?>} zCgeH2Gg_w7+?bcJ&rn-%!S4l_zRhz*iAbVRZY|l z>$}??I7T6Bb@ieVt8YlXhRV?RF#IZ#1%@O%5fHpi{=dEk4d8@2d~BIMg^p zEp~tX+cS=5?~1=)X6hXs(wVzp(ory3@uQR7QKkuv`u_GFWhfDDs$H|MPu#VJsG*hS z@jmhc%=IA4`<-Du8tKm8IthjY{cb9QzK^`gPM3uUV4qqx;tV(?-!_9tMB<~W)l!;x z#YUAgQEOO%*{W7o4L~voLqt5nF_3Iz$o~z#=^-AdK`XQw-x3K|Er`x)59T{YYp;&X ztIR5+Y3^X#>;N%I&i|Stq^F8+-!<*dz>PoykXHE_W*5gsAUs}JaKii;sg0(!mTuX0 zC0X;E^pdHZmRwCG(f}g8_{mk4D9D}4H|}TJw5+X5yfka^qHig;B*-be3n+rb6pQK~ zsNxB$>1rQ1l{~~SYq)mV4N+@JnYuI6R2LJy#XMJDE{D%< zKqK$s0oR&AKY@WA9#EoCL z)x0)43#u^FLvmRr$IX=w2z;40(kvBC`YOiDy;g9-%Ty**w7q!*jf=DRe6l-{OhN9F zM>8N{#aEF7t8ooNcgJ4NWCdGzEsTxy02{>|%@WF(TR35#4tmb0B?{DvWP!!LST@Yz zg0ZQ;7fJo2BTb45@qShqm4kj}5wO=4n*4PM#aeSjDiFZ4>6pPtdfj;D!vZ#GWaTUf zbsuq>?o6_+j1Yq7`w&ux_ism=MkGE%!Gd8-pBjX67$agQ$(&(F^w5Ibb!M>*JfZF< z52j54FXLx3+4&M=dhh1o!cu3V2tT8(4+EOHD4X14#gPPtgv(*5_a^5yuUK}mtuUn>*%FDn5XGk3)7$JQ6Nzp&Fb`?1UK z4$1{YaM{BF`UUU704H!Dz5|t9_UM41n!W#TJ-02p?D0e6vi!$E#LUI^KXb#E(gif$ zfTkm2<=|xCWaTDiVdrLGVkPEg;bLIp;wJtwH!v`NEp+EKXgP2;?k{%(7c>SCunmm} zFi+u+zhFWL_01J|!U`3O2Ane2dxh+JBV3+U zoPy9j8$l0#Mq!Qj_dA8W$8ca46~JMg-4!F+c>bB+T*! zYF^Sq(KR*UXUI_IGHC+MnJAC%t&sNtmj`g66GZOaMW`r zWH=|#X_BM_f0H*CjHE}Br)b*_sdEfPWR0Pzem;OazPi)He^q6-9R8VN{-)#*P*02M z88|l$;iuD}$MR{+B)kZ%a2%^+K$q4WaT@NbE!OhPh?Vvw^%W9*OXKJ&^U`EMH;pIx z1KsgmY0i~l@vDw!)HRD>DwQiWc$t+~lu(W#sQdwGZJ;ZJ+G$VG;PM#y@hc9sWguoIhQ z4IF$mPo;{*e}W)^J6uQ>Bfl3)m@+h;&jK~nK9-+hyUG5oHcKE4$K7B%MsV(LhQu## zPQB>1TvlJH<#_#T8*{2Da}3yszYPFve8ZW=+5RW)c(Q2m(h=CFH#1F18Ks)^)2htWxy6whU7M)a}wZ$wPQn zV@Wm`q}L}OnM;>f9o+T!^zuSeu0!R8P{PaXnI{IN+o6zKMu4`x zhnLlnpG(k?xI;Ah@_I{MrX;o;EhuCCl1}yv{CqvsAwI;QiY1w?NbetuFSCqIKqS7EQ`dd(k&N zk5CPwuZxwqKm-ZJUX2+=i{4Q2_Oa!+7q}pA@CTp&1xmFrmwQa{G!d{q>&RIeD7k#- z`{L9D#j8EK7JQ1k(hmrMo&MieaWOR02J#L5}hpI?B28N)xCHDgLmJ(|ErCg1au;dS0AT$gl zyvVZ*d+Xu6xxQ;RSWEh!XkD(0TVW;e?H0?jZCa+Jf8FKH?Pavu&3IXj`cv2$aElLd z>esGl_FyK7UH`*5jnwjTnKWQkNeDE~I0P)L6h(x1Hd3@mC4)bn3$3if#;v~x#j7KU z?h|IAyC>R2{Bn;mlhO>Gy@s_y%p8 zaJ5H>>Y26@gtK9D!1PLk2j}T2KubGm0)7N~jE`^S;FNm3DzZQ`+)7rK6oP&t>LT5O zy$x(n$%!FK|LpXPQ!2U}c(c+lwdn4erdeP4qfabA4pI)GCa#o7+pVq$pV7-hmR8`# z?z%s5;gPVdSo=at|J-KK;q6TOxW$Mgud4h1-} ztB2DyEB^9=>IRo^Wyt_z6>ccUR9NAoA})qO@?_fVU&~rN_TiZONV5h0YM1nvO5)`M zP{n+WAGpmXUl)li;Zj{NjnB~l!<0()j-hJzkvueXOToADJ2zh_hlqAQgJW-@w}1JG z|0@iEe^rj)z*ty-@Tx~*Kw{A&VxXhyk!plM$le$Bzi`kd5OSE<2dw2dg9WaN9H9Wm zIL^5LdG#Cc8|Rr~TfFE|CIT=<^b8K1g^3%OA$leXNK2Eq-C{xszxjj71FeyX>mPz@ z*WES00~SssqG-RQ(ny~z`!_%mPnY9Iww;#NRI9{Iv8RREe8nF(Y)CjZCAA6iTv8g# zS3D(tz=gneg&|?(z3-o$AQ!Bk9k%Fi*FVB0NEPinSdwuCJIAug*B)%8TyNc=(Oy|9 z2JaF^05_uyIB~FPEgF(+HXoG^ihf^mwMJY5GJj_G5E1n4lMK_*+K@mwk(|VoXr$Bl z+7K+&O$9VETJYP$YXfim_GfF^owV;sb(V&*nax}lzY!6@0g@sItk}cIat-Ts9)BE? zm~5#7Y=FvMYrx!Vvb9_^v+ER9Ydvz_^6|47kn-9`I897p6KxD0s!zror;%q2DWWP* z3wNpPZD_S-V8Lb4C6}XN#pnLKsnm}nOS7ufn?a&mC8D-S;m}YXS-)`MVRxcr<&8>ry8sys}k=p-Fjls~>A zx1kM99W4Dg87DMm^cG8AODg|EotgC84Hb8&hy`-YU{B{QEIwPimH@#-!{?8Hep10q zK_l$2y;pUZ!vJj2=TtB59c4Z?t`##h6UuF(JO^gtf*GYoJJmM>GO z_*bmUpW54Nn5At>B9kV7U=>O*vfH+0z5^!VEo_fLdX|d zUju>8FcALhv0`Q7Vh4_4U5EnwRT>n)nGv=hF!N}0ZFvqYn$hgi6ikHVgp93( zuLf@pyDnNHLA|9u?ssAcBNF#{34#I>hYQN0mvK}cTbOco1`ojmz=u%EUxX4<_fQzb z=AN^(!IK1>85(!ov6d0eRs;nv*#!Xy&WFzj~>_l6J ziZ8_zRBD>_BR+#nAyq+lv9@`7+x0KXivJqYjM1XlGL^;~WoBnfQH2F@sLI0@eUs;u zX`75F-c{E1u3D4 z%>H*?ipRb9vWK#<1G8{1xPgMV*VMpI+zYvgzv5?KIB)wa{%dX=jEx02k92_zG~K#p z{P#=UTi0JH3HgE!8t8a_4GY1{_2mflJHHkM#C`3rn@lJ@zctUgQLg-?8X-m#eN3$! z;lqh!6z$te?Q|Ny3cA@Z?{Am;5?Um=_sNW}BL$omTVH1kC^!~X)=`Q)YMiC_vsGTN z+l}LN0#aN+UayByH@NGyPQfLSt`4ZTol_?b>TYL5Ha+*at(2|Hwy?BcZtBE@WON@u zyEAYi*_lKqzgt@%dlNU#G&`AfYA6EqT7tlc6he^5DiHm^D=`H|lIuJg#qJZyh){{{HbQKuq=H~T>Sd@H; zd)oK!{#5$?gTbeMM8`QJyenB~qzldk1&ZsXNt!1NV`hsbq+XBgrBM2ou!FQCgy~>W zg~XVZ5MYWw($#nHMCc)uW6C?{lyg!S^v-`ycWBEC4{@GzAJORl^37g3_mcJmV6VKG z7Sy=0!)U)%l@zayrV_@=TkRLwR7I-_Y=4Y@8cJqq>pUy&)B=AX`3?nkea^V8@Tj_f z2+dtwXd;$mbPy&@HY>zcM}OpV6JOGg>6<2K{=yE4*8JIxj;F1Pk8|btw&2`hUYjyd zu?tW^%^YrN;NQfFyx6G1F(no2>fzuBKR5>{^oPew(twtaZyh^P!r1%oq%l-JA)02}rKpnf( zM^U>8<|g)$y$2Mn=S-Kodj5XC)MN7$j2rw5^}yo1@_)`ADW9@1;B0JP?VY$6n83S( z9{PW1F$CZa?gjC`Xfbd$cBXvhAp}s&2sylqFI;}%s!a~>`tQJh$uJf+4i|MevhZFInX&UdoDf;|XO1n7UbFab!Q`uQ~;82i^@`1~64t9jsG|P`Tyh z`^y4+>Fu@{~7 z_q+4EsFI1M-z+^`E=SVQRXYCkmu!2SO}{@*AE$UGZF!IFD^IvFz^3dj>trC}{{`P?2>98*4}Lhdlp1n6$zT&SaHIfee^ESxGPHFo zPw1NsN(Y}y#Zq8BcS+0~R9Ptbeav^?yr;~ykn5hwy+$e!ziR)pHL|JsDg(HyAgGv7 zejc)ahnHqksB|n+4$i>+t`&`buQC^y37Ubww??=3wlbKFPWi0X7?bQ@)DW}=1;}LK z$dFE764Zrvz59~!APg(2)5Yi1q|KN&gHvX6!I(_PJ}q#nA!#JwI**^$wJuc$>^U|T z=@81kZQe(eDsP@nE?N*CXrbB|N}4xsKxk%YU|;zq*h3{3mYIn1FK2Nn5fW%uY&{x#4> zYV)V?SLXw(U`vy_X$NxZ69WP*m-(3{NkY)IqroSyo}}pMcaarEqrVGB=1(Fh@Gf@gXB0cu=-UxuSnGv0e1n`7 z1XjDzaT{R0s74uTCIt0f2m!W_=UAzeiE~&o+@ug7m2PtV%)=Ph1&$qMmg&F9u3ji* zgEP!zeGQ;qr2C>p%6i$T z`D?j3ldm@@roBK%23Oio#UwIKBDEh~{_tJ$#`!VQctq7I;%QnHg}3LdN$(DI?VZn? zeF2WGCx^_BO#Hm>ZySA8Y$wmhys@a8xH<%IVpK@tzH^5j$PWxP!S8D*pjy>9t^>ds z5CCy{(l=&jU~l#-d+~I(NUZPihCl!C_53}@g{<~{oy!cXD+{iy{`Vn~{XgUyH!~No z!0ztLN0=&WOTdgUcJn~(hZIXTkU`1FO}-pP{b1xNqOIJ8u<-zBHpcueWX%)b2nhj3LmsAq5N^*ZvYWgWCi(m3 zvXnF*zbm4;*1hquMBtt`G~TPP68hLTh5!Jodq`8pg4d0`h-I1L$@{RbrR%eWPd6h@ z63V`kX^@itKw%jeL_8>@Yl%FStzDcAL(^Yj83w>gkgqV}l`u@#n@ecc;dt22UfehU=>vHO#v@R+ zJETfMQoDVoGMj+1a#QGTpM~7VapO-w%eI{E&pwl5>CA%WS^E^wKmMpk_auu4{L5{iRNxBa%}4K)B)fzPb>; zs9Io;!yPO*I|mzZ!r_h+$bWlH2c&hpV+0yCKEZ%-FhvyIUVq`Ht?2d^$_?p1`U^7$ z6DKQIzJMVfC_Ye#eu?N`h1OT=Cy5(0?f*}Fkpu%4U|rzhaQsJn`KJK;-+uMQ+x{cI zeEo(m@r4ZFuexBf&4l3pqIuSVqM2+y7H%Zv=xFRq3-QeK++2fS?0NWH+9x=npt7

    2?g;ujw?ggYZi?2$cx73@0nk_*G5)+8`(B2N`en% z_ND1qLfNa9NnXrI{B?gp>Jm%)HBsCHly?zA?Kqd_E>thhh+HSEnJXL5oC@ng_7_Sg z1Kt&&bg^=h-_2ad_+W8k?5BE2TT%GImfw8THVsSFN{)v1wbBdN6PuYEZj*o{ar>BbXXX%Gx zdGlB-m*=SnCF<&7(lr05X8C|*lom_);9pqj&P%>%U{272t8}&vDSz`%HTVs>Bp~dI zQ#eTlebEUd|JCr_Obef=%!F&~%t4+xPUI6u_!Ck9f5!zfr8KI;-@vC&`19E1ihl(d zHphR`72E%f`~T@JWaIcx zSJ(gHW;wY36*j;&l6!Q3-8xO8t`0aqL{Ez~>M&&1SDo^0g1m#YgH|@)UQ5S?yD5j0 zH9@qNyZHR~bzhWXj`Kc69sff-1^u19_51Vc^-F#kz>_U(*AZ~@T7sEx;9*XzV;G~Q za^F$`uW3Cj*fl4pZXB|?Wx3xml43-QK^bAl_p$G7NlvDiq7n_@PF{M*Uz($2BY!ZE zpUW4#3OhP*qI~|y%Ld>7EtSkmf-L5H@NvHPLVy?s+MX(TjnwWu=Z-?^S9I*eSi$r? zQbe&6eqS(8@G>vY^V?8$hDMg}SSdDs9Gkr*rs}MGFzdd29tUcfyz@qM#A$`9KbS<; z2Y8x{b}b>of|VBFFt&c5M7VE3ISwt|+ofNVYJd*A^z(pcoJXP>APkm(qt>E2TCTLN6knn&NROXk(|fG2Le$p6%bmt7q(YFl)L5X4zCvn z%E*fzJjq}Q^sSVyN#aKUk4a6L=IJv@+GDODLW&f}E}jMu9T_Mgh<)Qd=;3yAb|gAk zkR2P!-I4X5_ia?3Gwqick@b&U+gj)6-@#BqBxdA2O)|ECRle31`wB9UHBhN^CW0T% zyi%YfO~FdZK#Bl~=2;YHu@y05kl+*@FHE2L+wV2=ldd`?S{yZHYs9}W!9=UXqmSb? zrmzO2FERk9txVz~qB3hzq+UEpTd+V@u?d$g_-d@Nz%HrLS6CpY);6AYa^GBxi5v6~ zNM+FaAn6*J+h5#kOv>A~BOSQw3D>XdU3}Qu&;%o6P8q|pv9rjv ziESuo^Ul z>L37wKrDojX%<2dP4$f;#6$bgGO!{h;qAGw^>hlLv>Y11R$v6jx9v6N>x>~45Rx5@ z!Zb}*h?|MS7#QKK5F_~~!N(J`md%;copOoXMj1aWc~B`tJctwH8)R9!ic44E&w&*(-UA%VOnB2~ zvyF8Dr1t$_g^AzHXQw`*Jm(I#e>!l}px><+!ducklwxJTDNVla%ubhtfp*PnM-T?Y zIS!D==FEsY?OGU_D$VS%Y<~^%>uTwUFeeKED+aLkI0>=Uk zee%F(=Z>gFIQ#be?EBS^^f98(qj6day)I2@xEiFo=F+cKAo(;W@t!=`n(`o^3S%-s`!P^eKKi(7;hVn_SFV@?V zj-Zg0QB4qjgGQasZ|YDopdH0Mtr?;u()z|Eb4WkMSge7app0add5ozPI91ULJ;sS} zX1Id-jXzJB)A1k3#iaNSy;03e-wzRO(BxOI>c3>tdkSlR#9zVC zdSbMB#1lab^*4B@h;A$|AJPGTQ{0mpJYcLJiec%IzJhPG3%^w9q6D4Ol(51M*>SDh zc>3p_Fsp9w8sw|LJXY)aM2F}kJP8oqGX*6TK$*(#yynw0tyx2~1xgaNE({l$9y|N1 zM!@1jfJkE&pLmFU+f@SkQr?r1$si=`bD#(jyJz2jcm69{@61(A!DD|Q_ECd zH8$reIZy@Z6nIy$_p_pyT8QF8#BUTDE`D{Z0E~B36=vp}lepgSZT&rUTK;$I&m-EV zDtOzWK)qvWQa46^nY)@HcHHL72{iNoBWNoy*6t3mT0s0+6xR!eCR^>ff15HfnY?vs z-sWCljsJ5H2x{$MNt(&d+k_8?mlW8!9c)))cP-b`WtOi^G-p3zJz+ylM9eO?(Gu&* zAf^m?tDz&jmhD$(?^_yZw!v4wjO+&^NcoT;qhCZV^4SMkyE4B2^R*gtl**4@$WQw} z(7{1gJ^;v@3^kVFm+7u3z7@!e-%oVfIA_UL-U+$nu7i4L)r_7~cCIk`Xf=*0O;)gD zuF5~tc~GPyuJ6NCMcR6KHiS5%85Ghj7hGiggx#Er(!Nja|0Ew6k?{N)m$Cw1G*v_$ zwQ_%&d`9}$av^yNTg(!xA~}pQcyH_+fN<=+0|!L=*g~i0_-{SO&Hlf>d$zB!)&IWt z z$6x6O2U5=zH68U{ZHP$4^41a@xPdi#Uw-fu&gBH^Hjvd7Q>?vlPq{-l)|5 zpfX9s_@|k5qL~W|FsEJ?I&6y7rE=HWG4CEsE3n}7zv9fx;CAg+m8|do5cmj5gC`2j z2N{_>;!^PLd4$6REIA=IsIHYCrU2P#@96=OUlxbqyGxX$fr3swMy!xO z!^_&arz!(jj?{XHic4{j&FlVl%3hsjjVI{@sRB0rRt#XmNCdyW9E)cwmmn##n zeD7^BY8zq%e!SuhRMrY6z7dBBFdfH#Xje>wnI&=>0U`h@7fDm*KDsB6LQBn(RdBMd5#^V_=k<#By!kNh)~pW%O>4FDV-6F@1(R zq$c!_s+HwauBdoq=A|;}fdB$DE5`_go}8dOw{^S;?$WOJoF+?!ftK7WFRuKV%8!C zA|~o~7vPjJfy7n6jRn_(qy6$L03RVov$QHuD+t%ijqD+_ltG~pA`Gc5Bx)#*N7Z=8^iIZIa)o6`br0|g^2tKX&iu^Oe&G2l zozgMMkib7W{MT$LB>~`T;~S>6czmW#y4qrJ>L*XGue1!M{oTbDmIwHu7rN-5Uv*uD z+&ZmqQHji9VC_{qa!dmUji*G>Wru%8DZn>LOw_Xy)s|@w)0AARatNX~aafs58S5OB z_uEdu94XCb{mPk(<%D-sDb;>8OlPj+}L_XpUsl@xnZu-*& zS%pMuM3>0zUnxEfE%v)U!7zH@T~wr*Eebou% z+&;g8##5YXW`*)&$>Pfb(eGIxvqUp;kF|qVgohf;nhaWFW!55LT45qIbcL|(f3o&a z6=B=Iso{P+9^*D+2SK_`K6vu19^MtKsPYR}s+PSp*LImI5{#r)I$VyB^ZkNNzEb&P zC1L}`RU-|+HA}V~?CRVf=xrKZX_ca4b+xMrsX`pn_X|BLf5&6ojqq%AS-FVl6&ab<) zHmSabYjTjOflwA7U`m4+P;r0Qm+p)PbLaLG_<8Fg94`h9CaKQ)$GZVDZe+`#iCGW=Iq{U7A1IdYyxxp6fW8$*_Z>6xDH^ zL;pe`lni+hGk$X2rfIzOt>&;!u$1#<;Qp`FD?HDi*a^XQz53Z+-(zdErBxvCZ-&7; zXZnf#>Ph{q6i2Y$%w^TdQl~eTxsK>r@yaZ7~5Tp1myPq znWxaz!zu*G&C(}P)KZRQ55Z>(_T=ScQO}pOYIslJ(BuoaFIL^&$c}c-<DWqhv=Z1EIlN8 z-|*;{(*09kvZ8>4ERBda>qATEIC!Cp4qRBA3F5;bCZ91Axq9PBBf_*>(aTfgU8ypA zss_FXEJAr+xpUS(Hji*_B05mp_GJ+%sgQz@b6N*S4v=R|hwdYwK9&{WnUvNm0HNKn z-pK%gHR7)UgU7g&Hl9GaOL!eRaq2_2&BpB5x2CE-q#MglnR&1P{zn zD}Z)|7CNhdDLjnYZ{WQxd7B)4fmuc*$QuW&M}nc;PL3CJK*tG9N*9L|%nn7H%?v?N z)a{+Oy4G(Q)H#a*Cf~SWG_6TZ?=Tv?v-yU;eePg!9>eKAy|LPRJxOtTl6pPw2H9KoY;;2TsH4Xr6b z)QAY8GEBv{^9mXK0*(Vxfqg&QAjaA8KzI?zS=&*2Gh*m`B5loTDD>a>a<~$c6`5I) zB4xj4kKZgz%ds`v(RTTy8O(kMfh_b!O8Zxr!)UjH&~zDhZ~{cWgQ7b zu5hdA$HQ%<)5Pdpx$TF6f@7zFt)rWf7>5YXmI^^gdhrWe8<&hU2*tquFcdzo>)W2u zZR6av>fYA9`qAx9yNeZw>WItDoBS=6;z%!w3+YZ0PJCtper5VMiHQa zR7+UJj>N4Msg0>z>5kX4W_P&`x4y$bkWb4PyrCjk-M~8FDbtZ$d6?QVz|PDW?AUY2{ChIjdZC6c%07pyB+xU zMe~062#YnCH|v98!TvUbQF03LFcdptFh!Led{jVvA|V@s0k1@_Q_73QeajpI8GH+o zQ5qp`NXoBc;b_ANoI-DGbAHYxYH$gZn4lfC`BQ(FSc8uEA?(X~;j{-pT7ca{Sf?M4 z-!@V-WLOS(=?Dymi5J)d-LMtYe(&?`Ujyq7!FIZ-Mbt6xZ-Y+02D5Duq3Tgx%P<=YRS6F5a|8{HLuG+8e#jtQpyyT&z71sALzYw3u>y3jKlcq3W67s!I0#WJp4 zqqO4*DM{41(AKnLPJ#r0tRQ9Iy6MMmgo^3SKJQC-OUYZc>1{fqld(OYCB9_M!P&ge zU2HHorrJ+}D;4+TNV}-ErCuh*4Anxm`U##-osp%qsaN)_R>)z3RDe^;33|dJeZ_1o zM5*smTw=@xhG>~G@*#Wig+zwLPv;siTDAI88?Y*jLQ2Yu(g2(e=>pD?t8r! zXUt4`vyY^O^UZr77%&*Ty7qj>>w%uP334-(rW)cPTh&tDu?sgtzeDztl89t1i}$U@ z?ij#-@|;)lV6j ziRZd+`>LMbB&x}+w>m9CDApxbK#7Vwhu^(OWrK$11ECI+CeiO1NI?%mNgL>4*#)Too zL=9k!Ew{}(jx9R`k+nnXUPCBI(A>sb;{+lubEVCNe>l&re0GaQ?|jB9Z(Oh=WkTb2 z@qH)q{C2mMZN(wn#;592SztQ>y%*~RjfE+q)qW{49l!Mhl2MH zeO!|&CVq)ZrA#G7gI)QPjG30++q|Nq?TC8O_G^Ipkxmo%F>(R`V(|NsMlZi_pal*VIJ+EN{;p-*qFdJ;skrg=G61`}rIN-h?v8`F4| z4!C7VGiKy!5I8DSjGF!ZAUI;?CgJwWyQifoQ(Ir>!6^ksni4|xftmJOIi>U^ z>D<2bvyo(ux`Ot;^q-M2zE$7)(GD7hL`VB4^;^^FEKm+gh)f?rWLVW_a05`LyYrs& z=~iiOW4tuC1AZCHh*wP%MV=#8IR;oGyhXRj$wfS!-XCmfGI;7ZFjSvx9#}J@m5KlI zqnQ6kdI;vp`j;q+i}w!~)_+$s`2KdS2K4{KilvR(B?XBDG3om*x2Yc17v9%yEFJbMS!Vk}VotOxJ0O7f z*&{#l_4&u6ypl}x(Uq1!{?C@?0dW!F_Pyrm)zHyg+p+ys!{stRph3$0G`sivB^nyw z)!ATPDTk)==c$}BT9?Y^dO@k>#m}3|qg{Ol@r10Hmi@TI8ejeKU6{B#f|kX158#jpYagtX+2jjWYZUD+Uc`o}gr?ho&Ckj&#e6-aO7pfeDlzDP-?1kXZPd2ymB6|HE1T zn?7bhqKOmJX*sI9rDI=)uaDkQ?Z)Rij&go1zsR(`31GxUV%pl*m2f15D-!qDG)!G zg2QMVxSL?j7Xfnq1(|E3VF4+WM}2*UM`LX5Xl%pv?GgJqZej@jF)qn5 z=@9;F3@v!jNoV3ea=pLf^V39bLnoasjxL)r$V@FfIx^rZFwm@H$|$3Cn$UCaDoGl4 z!d{VVmGOmWF(o+RzOPn;n*PE=MyzMgouoCW28`rtWUA;Xt|KE)w*d4`cVL>S-(w)X zOHFHX4}ac8{qB4JpcTEIWtlKvk;t7Q7sntOSuv44R@<<32rvNxjB0N2<&ii_joL$g58uRBT-qw{||n zhb^<6Gp{0#PtDksD1I`Fn!8YKB5^!Sy=?D(h*WSAVqnM-%Q1DlNMYQSe+PaMn`6Ex=g`~ ziCHY+WP?E6Kzt^rYpk2u>|9EOh`@5FwH7)bq@hPtcB2O1vnW}Go|7?2(Y!a_q?eC+ zJu!4h@smu~%3UpyV#hw@F?GBmIfl(e!j3Y?+8w36aom*B(5qcJlPx#Fa>6rCP2l)x zR`P3>vKqz)o%Pta5S$RV^HCor(Q0G3j|OA7RllStlT_&cmI4$c`S`!or6?8CHVV3@Q4oK;UaYF(VZb(29!^6XfX#vkq)e|~GJGq5p|U}Y zyHb_p@im9%gR)0Bp9dZ7Y-ClRL_GP5CWbU$B9q_=#MNE~3xmu2mUqUKl@ZVPVAUV6 zmOFWAI}Y;3VpuA9@HDbD#O%sk{f(lA^VmxwH0A)NGRkF8c;93Ky%xzgiKRpa$~2zz zRcE@UDpTdDL>W@vYc>74?U_J3%1>N~Gv&bQFvzb>c43r*IlVk6Og28H@=PnPr!?+U z%R1g$pf8!mxNnKqP}lEO5<3&bQUlNQCBJlk!^#=xljRSV$~l{uhWI5M%pSEpl6X@% zEA$0NaI8&jq(q@k>D-kxt(KB$z(WX#2ka5Q#)Wt7twFyk>qrD{ieKX+a^nF}4$^2j z{S<%@64!(%v9}0!W|jjORUVlQPCz<|YbR<@M`WziNWhawyS-(tL+x2HuwCL>nJLG`fdwMpihoMDxUeiP<&ytI<*K;3{#*){Xj=rJ$v z(`ewNl78k(M=gd~cpfwSo_@x+?<0qGQ_nwsM;fspk1#McnvoMpD(kE42f94P_IU(E zLf5s6Q#+Ys=Iku~h+qFX1?YShid&p(s{(X&h<3f+oiqbjP7v9|V`|#?CzRU7w%Qx^ zo+i>>CB24Cba1ys&m@phRvx3tk@aQgx!0j5EsUxaiV$%1r3S^w#S8jjC*iCELQB;? zjSp(=e>R;+rZICRvy6j&0w{#aNOAZj@S38t&^-~`8^nj~MzXeSA>dXXWCi<$ zN%OHwum=Jp&5YUF$jR|W@!dYET>ki!F;w5)A_gxp{MEvY=~bugL?^0;vNZ7dyg#=*Ev?4Z0#Ycs!}*FLYYxzgTyEG0_Hd)Fx45wuUCgWcNn@Mb6m zms)!A(K}2yR-+Vc=%3-?y|toLF*vQ-(o9u`3Z{Gj2Oi5N48@cM&&{ti?D6d^y1F_F zi4@R4i%hBs;4Idr#{N;nPLg%1Z)lJ94C*{5@(4?+jztT);Wn@87cSJ4G>z|BX%eeZ zoNm%YsF|`AuIW;5!!*whk#=cxElxb$6iqwqhi3yuFq%wWUsqYdDZTlMXF&EZlgYEA z6scbU47lx)r-~7NnyFtuBu6=z9&==NoLaInNn-Peauv5$4y6tsJg!oPP>;~j)3^+& z^iZh+LGMZ5qjVw&Lj=>N%u6h&{=J(^DN1> zW!^&!#i$;S@U!E|K<=wy;as9JKx=@MO zl#n^w#*uqB)z*s{Bd(MP>-*k(%^tcs6FPByVQ51Y-C9XZP>mAe%$jf(;-0$A8(k*?8E1+hn&`KpRQ$`Xk>z3Bjq#PFU=J;dVrHqXao$ z(sa^hsid75rFH`OARzLf=Z)_l$Cr$q4Dxlf7#+;~Hm=6&IC=2r0rMTOD6n)#r*$I; z4NXr(>Z1Odq*XVppA2%sFA(d!a#d~duMhdmCq`VFlK~Su;Q~g?JKbXmRxYICSRy#< zcF_xJ*B%%EO&)|KR8-{%eNB}x$YWMokLTO(OSX@On+-Ad+YwH;3i~+J#H)0mjSX6cvsHK-%xb`Dh=&N~|=;a=m+k~DRWcZp| z9_wSR^rj(={u^DIZ5?G8gcm~Jp?T&wL((LoCYw_LTtRtn_p#CWVJhgGTMI&D1)s*c zX*>g$-ts9&&eXN_LF?U$vLbNuydQ^se<~D;%<3hBJb+X(8OOdPRKnfOmFN^GR#Y|+ z_sNP7R&hPx9W4P#7jLb3CNAh)vb05Z!$z33^Nj?9(131Wb!6Tn64~_Cz6}+N&CfMM z!X*D10H%v7;|;e8f3!oB#E$(y;iOUR{-Vqp(%QF}3XbXl)vfTj-oOhx>5ayLGGn|O zjx|b zBytzVPl#>j)`pb^bMdVw7Q_99e1fG~8;A~{0E4Uc#uNi^W?*<&qAE@Im!0dhx~gU8 zo3H(8v;0_*q#qp8K3OsLd5|X=?e9jGyR*>ga__Vp^Twu>P@4ehe*D^*p``rY=w99U^7d;g9O0?#l^=Lj;eGGZa={7rU_N)=hQne zbN@!^PyD~L`O&Fw8Njgip07~KT_A7*J`EhW6F+de{03aI_*;7Gv#2ky?n$HDy{&I*2@xw zgi%upRHwKl#N+=HQ(*s34FWEHU=Tex(~|$6z(T6lm@N@I_WG2rHF348iEj^?^IM{o zcc!_~)7mTbDa`}RH+O#2vF3BF^cJQSL&CBLS#~ITT%yIve`8;gz}S}$&nVW$qN=2h z<97(kKE_>2rdfgfDg|m*tWXPb#<1@Q8ltM^eoPRYdJt*ARdHH(Z;ESYiTK{HbHD%^ zKTk(Q#132jGIvB1u*gjMy!Xq626mJv1LFtmVQu9N#?<#Ep3JZ3$~aVr~& z93ic~6EuF)d&gG-!yNx*4M$Nc+@+xt!0~NnSZqOKLTm;1?4|IDLb$j;x$9OCfrAS0(7~XT1_w!x;__{Cdo!=gyO&P`A>l23; zd^l8xj&9f0^Lg(?l@9zLIbAt|&9jq7>Dl#$_K0Q$s7=!)50vrRIpj+@4t{1ZnnQGLHyMxnfE~r z7$64c_#4X-0s%y7xFY}}3O^u1akKFP@r5723GrHgCB%0=>fXQAlTF$*Mb2C&_`m7! zfUa7hc!wn#F641J62%9Rj_%x-${a3hHZgfCkg`fi$DWha^ON?+)>%=U<69wsW^M=6 zM~xHd1rpu5^Y1Pmi-iHZZNAMbF;K5z?f6rK?tMTR$T)E9le5$sfMPj6$)7xZd=%YD zqTfJcRa_k2W|oJEyVM6^*1)9h0b{>j^EnNKqbVMU;lGY?0(~ZG_AK;KtFO?JRkndY zBgHNLn2UOln9mlR9Ure4Mqt%v%Fz#VZtJbf#wJ9CstltUBEWLVuo6as1W|Y^pL*Yq zl-hmwt3FTEle!iUuo-GO3y9R6X#-%VB_*6&SogTN?Irk@O*bmK$}#hh2-Ld>JC-sv zJJrNdObyY!*s#99bVQ_lfk@bfTezmfDkO1-ECpv@E*SE z*W(srxW$=R&UqgAbLk&UW`Jy7)#6Jp(sq?FGcHep)mL&!cKl#P7*}gF9L^82T@82D zd-zyr*y==d$4aaHidIhM2a~|#2z5#-T<!>P-KMO70>wdk1zU zw!ixj69bO+f1m+^WI({Ya~N!7wm<2|+&sKM6tM?BAQDz15)h^NjtuB5_MjB*(|iYR z_f0;{zsdvtt%SnE$;J1t%>WDS@5ul}#A-zT-Io;D(Et1wG#V8KcqQ~e2xJ(4MuY_O zA@PhqO93jiM{L)`&^t~TAM8JSYC9dnl7E&C{%(o>-PBcKCv;1`n)TQ7{A`jX&F<&V zWC^~dd*9|xY^$vUxK&}1^_-Ve^z28h^NXFL_kSt=*dBbcp1%C?)Bu46_4z{`{_LrX z%N$v}A|FZVK-2!VrH4vAiiPJ_PPHLLS_oM*>P=;U@(D987ddq1Oy*Ht3$e|y1AUJY z+TA;`u8W$!HK*#3B_|^|g!XX`2k$L%M~mHDB+}x$2{vx8MYmsC_7wg}jQBtVhkPSq zQ_+uI`+C&^mPF*^WOzeBJ5wuO>i zR|1OwLZp~>ro4fLNKtB~afBA>hCQ}#%`|wO{VIc~-mF!h8H99ARC;^F>U8zo2OhFE zx+&5h(qG(gWyJ;AdOMI?(AOCE8@zRb=**0XjgCI9_opG588?U#pR*v$bIk2IVU*X% zU}8NaCyq#&i01(lQn;ScNZzsFZlegbW-)&S$nJ;A^1<^eOh;5Jd^qGp*cS7c(_s7t zFYH1uuHgFeCCS@I&5?esS+1ovpvX$w)QB!1wM6@jYN_|}Q%HNS$#9y;tBQ%WLzs80 zhG_}RvENY&naH{iqV&A7Kn_?k_NCY50o|-U`^IcXbfZ>Ls0mM;1*K3fI)IzaL4Q90;p#h z+mmcKL>wdUTlTWz8)MI0`9&)4NQLQP@K;B@v4o~;f4SQ`ZW2?%y4~CG?K{DJN(CmK zcYt|vrk=sYDtI`6F;mY~;q77%;Pwb^PfhJ&&k-RY1F*(NgyCf4;Nj}B0dLd71AWKA zrJGJ27r@9tB;nAUm7*_HU>Fjhi!#>2k9Sf+@6sU65?nHc_X8M+ROQ1C1|q>=wOM}< zo2z;9Z8dKe~EPW+}&v#z*s3Kt_Q}tfl$p=S>TL zPR1h=$ZTRK`q5f4%U?iJTz@RNB?U5MZnD}V%{tv*Gjao*5)>|J#0f>g8{pRJs< z7q=?>LS*meetHWoD^}GhChpf&#D0J(-4H*+Pt5Dq1o=>rn5Kx+z0r-h|IOQ@QHgE1iwY!hXxd~; z5`u_XjgpJb;I*?f_`CgqX87xD^iY@s^(2p9(yTmO0PA-AaZ)TPt>I&OgZKcBm^rI~ zri1<4IX7AB^Oua%U!p2(8=wC+8~@{_;^pQ8RoX&Ad<_?veg?M}aC?mwn1<*AHwdx> z(AFk21OhAvKR>vnOVGU>unI0Q@+o3 zZO#neo)^g@4Vc<-{jkj0h=IYKs5)N`gh0Ypz8)!x7_9RL1Nb&ur*!vAB{f073u63> z?ze5sY868$3rRwbN5^H-PlxAKDqCcZa*W62O3K{VXG`e%M~CAXQ;&W#`_9f*IyifPjOeP zZVu6Q7^UVn1wXfRG>9&F{8)M;0;9&Z#Jtt^F`5gJjpYZ9BQMw~p`+Q~>1=V@%3Y{Y zx-N9d7(4Hl)+Vle=0}iJx5eau2DE;X6u&w*?Uno@$BkdZ1kYD8@eKztY>$s^A+|BA zks3w|f-BKn3r}L~n_X&RE&@5tCx&=TgRO={ruPPQ3`L)$7bPRdZs|`%Gn7VLkzZ%b z5%xR;SVE<6YKg`4<6%B=YY?^7xm|OlYO~^K{nYr*a0YU%$5{TB#iV8&6$&5}&FRS) z{9re=BokM@h!fgCA4SL`kiu(2?aSK7kd%XD-SH!V!a2VSU%7;j@5GD?I!#0GlSGOM zwl-byf!ADVZ)~Z-9T|E3JDM2r)8=*YsbagL4RmqB5s&o`m$-0F=W**lhYEmx2YsrV z$uF=-aPZ;(0fYl9&S4OcIsQZ}x!L$ZxyR7pCrI#vBs~b?1R6p)-p~#b0{j96(Pd}{ z4H5Q#KzV$8T%al*xIZ1xdEp@Rn@|RxiQyo@g)6}RH#R6s01iSB_zc*>1g!h!b-*Bl zb@Ob|7jr`%aG*1et2P_ki}!s`qfUm8(}s|IuKM%QBqFwTZb_1&fV9@+rC_e_%fiP_ z^)3Oey}PFls6D0<%_gSrGjo_U@;Pbldx|nAe z3{m5=oHA&ii$R7#2!^KfsHaMf2<;cyBSo@i*2h-~4rr3p?%!3Z5Yz3+$14h+rb5%3 zWOpEU#=f<0iJn?v{$^bXfxeIF?0L&iolmD3ieXta3+TD0dAl`E@3^%kvS@q%-j>!L z6{S%`W-=C1=Rrd-Y1E)~gUBrML+!-{%CB5WB_ekROj84az`CsuG?s7;5q7=_2rEvd z#zb@;xRvDsYm4eeY`l45G5LPtU(e#5pu%#QcVO$~XCsycp*1W^6Oun*zP*LvHcH2< z{Z?e3-U^6Jd%jV~PP%3gMGo3DYzrpiUDbuFMg>X};0?7$wV&dD?<@?x@Ioe>3d)2f z)j3&6lflo>C=Wr^o(hQ&ybvl49xHcr$_PJ|@+RDvcZLSTy!G`x&&T`I=9Ln48ov}H zH`r03?2v>lKb{0pDF6+S-+jRnBK6HYh_%`0_+nI?`STrHY=}5Ji2((9>1e@wAy@t+b9~Z}c)t-N&7feL>N(b8C`8fAG2ySI5$R7T2t8 zm_%j$Y$%yi<>P&<A_ZQdH63Dv|TgVhXtC35W-b_~QdDf#sP2^clRZ6t4mnXz&XR zM3>45EQE$4=(GbKtQgt3**H0QK@Z?JfA%-(gojY=G6l;s9Td`^7zi&vJ18F<@Q?&8 zfQ1?hu=Ld{uLF$FMfX+6OiOaGVR?ScCRjEuUgv@iVYU(3^!pGbd)M~3*Bt~m`n7*Y zQ3g-HQ@FL5b$y8Fu0XPQYHktL2zhIAeTS}Xh`NH>$7uGb%*X$P#F3>(eq3#T%Lb15 z@`B7xg@pd)eE#QYO)e7oeaxu}X#GsQ@l+83aDL;=%cj)}(O4bQSzA#O2GQ(jo?iM< ze!P?drCKs!p8q7mEpn^YStfat@&l*Lf&sS^IonkA)s@CO@<3;<7bganl?u`ELup5;Ru21*!Y|00 zSSs?#knhbfEzi>mecM@F6GOlXxTpUe;B7xP_haFrfhbl1{k0KljdH(Tb&T3f(f5>t zZr%F8?=CM$n}sk^XrHRAAqpBc+1_4qBym*fOA!$5Z&-hW$VC6_8)f}6U;^t%>ySeP z*U?$>Eb~5pt~ufa0zh7Ve{Qw?9hY9gU%hRe)b7Rqx1-B)15)0lzw3b`(1BECqn;2V zALR}o)U1wXh&e$VV`f4d5s)1@1&Jw6b z6W_TO%w^(5RVm_6#kyYS&+^IReN|vkQ#+J?*D@Dg53_Y2tjXsGzGewCm-&R>UPZ zp=bU^gSg5mdf3DEW5(vq0`;neyh<40>{+EKv@_*bmlp^1C5)p7hh@)_`zL9^#F625 zvNYl+@QJ8S8dt7o+tU?wKci>8c%`gaO^vP6hhr;PbeWU~(b@dxZmXo9vtKC3Mch9c z8-8nOi}BwlW?;4nT2J*gOxqtBIh2bqLEiznlK3EVOUFN3dYYW?p$|8B z>W1>#C%{%j`BdOBeOOq@uCg#G=UX83U{DR~#|xKST5BG4lFp>^Q7nz^vo;rb^#0iJ z^kio(%?k@c7nPN8hGI%%McX%8z-Xqs$F#Te3gfiBFTMf2_sU%H`t&&Kk)Eac(Vc!J za8KmNQyv5UIZoNt8(F(G_Rmfhc~y~B>Edgp1LAGiBgLc`kJwoAka@F$Pz8nKPe*hE z7~W+qoWaAdWoiVG>Tw81-jFz3uMrANIy%YXc`sg+pKq7 z!eGSiXI!3de;X^VKXwI7tN{vCLxA7~8G~mu184`lt=J_o1P`&O2VSE52OP)2!OQV4 zXpWovujTlEdU%0}r&YQZz`gAlK@~no5QtFhU|+5oyd@3LQH*}ei{5!xHN8CT+Hn&s zJ}o$hGBUxIAUQk|i50W>{^Q7|s{HX{yXS;TNReULgTlixqrBi6Ouwzl zKK_0)1K3hMK+T3ll*!kVpUHaVBBkZ(<)LOjVC^DxegpIq2%Hj5!`*wMQ}=`S@J6k+*E$EitB zrXqlj1N>ACmYom++-ajPE5oc;ZtEd)K|n3 z@$${0b)H5T5x8VC!eyn^g3XVF8`5E^D#)8kxi_yXonogko0?k%svy6G*{TVhGs#># z&;W)ktDe7=!jw+vq3}&S&C7SBb8$Bz*V8E5Qa?$}^1%|lX9;xP)+?->O18CyEpo_PJf2ido1S;P*()<#$1p~} z04a@ou7is*bCw#~Q2)R@<1~FCW=GQ=5&%G0pxm5|PoAw>?Pe@2K#IK)hCOFHydR$P zTYsKqoC%^?7toti$#@F4i8sF@JaAkomSD7MDk7efrttdIlIA(yuju(Ka**-9lYV%c z*yBM)gZ%ha5L|rNl)p&OovlgOw&+9ZfuoPdQ!K0m8&D3N_+O?X_hX5e;a$jJ_mGr7eMcax}( zXDU&k6OvDx(!!|-Qz}j--UXq?!6l$j)5nN76>@?uwM|2_-yh`b?JQ>cEIy3{l#EY) z+w;DkE(F=xj2u%ol!>w?fM5KIi4QYhb4;DLPaH0v;;`UX=j?h|e4IwQ zj*2>mq*z_bZ`ZhZAu4EhD z*#*g5(6dAUJd+erVX=U)NDzZ{FdDDBsw znf?dd<@gT`KKK6!R{l+OA8KYU)IZQ+Ua`CUqMH($@e$d%%fW4Bo3JtaigapaLJA1DzjA(c_8y4CzM!+J z!-7RC|9R#@kwf~@UKG*h4Is=LzBg$NDW`ag%o&b=iWoqb9$(C_T0eel^)BI&Kc)5U z$~7NpU%w4Y5j~!LAIg_$3vfVM1t_<#cjtCQyOYM0JXKfasjMY#{YD&J3&M}moqt7t z?NnCiJxaH9>fEzk?$5UP9(k0Z=r*^nvQ9-?b~dWz^ioHbTK+B{;sGzOQBhMY+pjoN z5?kuBEIZXSHdJCU_?&`X= z*2oBF)_LE27^p0(D~6`LlZGL2{=!ms63KuV16XN-7cY_D#1@5nehPECR>OF$ypmvx)Chr zqy0!E%vsxq9x*92urXTA)xT6=fI0RgLgFe9v+6?JIt2D@&qQq%8#;9~m6e4(c`=l) z*izAv+-WY?BMkP@%gkHNx!QwwZ-$n85*fRtXJV$2ZFAE24^VX_qgZs4TrHNqq$L{c zd3Af+_WMI@&W;04#k34_RX>!c=wLT84=#OO-OzfHSx@>79ioW9;`jxWJobH4h8Yp@ zU09K+(`iX%2FOoxHc@=mes4%s$H=>KNS1Lp@RTVE&cxF$|2bGJXgD5jL$OL}KdvK(lsf%X z1J}dAqta!P#Zvhp6_MpAYi(;I{UH*I;Fc;Foffk&ulkxbTS@Gffn&MAB4y3vSu=_l z1762$wUjDj!o;}e*)dx|y`VRm4f(dEP@;}0FT*T=z3aG9(veg<4^gQTl_^1e6f}Lt zo0f(y#rBi)I}t<5FyvXr74pihrU&Nah9258G-!d9#SzEgC0L)#k9`ZQPmaN*%9d6R z*|uVH)4p1FZ_W7H;pPX>OUdA(0J~qLxyd)*B+=dkdYoGg9#9au=1Bx@X2YP*P$NW% zW`t2$6UZny_T$+&(L57z-#E>OQeL4LYK!G@43c9gAw8fPX0s=;W9}sqayHRk7&(F;Pf&l+I z7I4WAiaKW<34#s;pNR~?^k+2A-#H~%T|%=+5CBB{e=(;#yzKvr`E&CEYxcm^Q(o7Q zAn3v41!ep_9z_#cMTa0XJ~!{5^&ECKp8q^712H_XnL%pc;Tb?I9sd~=Ozi|tWa)AQ zr^{qBq5cn`!OqUb#skW+{LLQ5_R>QPx&s?L@PMi6@XB4o;GelfL-`+U1H3CIXc&A% ze4xz?@CbkBB5?EacbSqQLkRfd|8d(n+5ej#13s6(auGIu_W|AYf{zNcm4**N*`*7< zEWVg1e19ByFy93is0KU$7I35pof?Gu6&ZXme7~G>4=RWeTvi4F zjg#j;^kv*&LgC*l1vub67=UcGKbd~tA&M@4@O4;(z~lQv>CW|^+#PP7-`ANLg@=!q zRnEf3%G#Zboefx{*Gmlc4t`&C9soDrZ&yMCQA7mspF#!RS*O|IURXm9cT*!59W4lX zSPF;GyJelnNz8aHcVWt$>r19%$F(T*g|t+>v055({)BzG}2eIVI?bfJmtKe7Cu zgM4GpE>=ZZ7}et>5)^T_MMZY<=d8BaVV!IT@#6ta-I~jd(DrOWvOAqUBSNBYV%X7C z11X8?{S&qFXrzVC(J6A0oFlx^vXgxf_C1DJ$20Lrfkr_ge zW-GDzF)nNyE`~ntipLbPpJFv+hD9nu9y&Bjb@-klJusLNdrXUb=1N{%2(n`YO93zf zz;MmO?|Hj18XlhtCDraCd>19w5B1LgRYR1R$%i)V?=E}8h^L3&uu+|pc(6Ua@uD<~ z@=(E;DqW%fWX4aDkYYaUMv&r==zK$U|A zZ9@Uu%7|NA#UCh|x*aWxj*czr?%Vf8tX^OAVpmZ3N3EH8nV9J4gCb@T>$gLBB=S&o zhOrL~G`^~hVvRzZ%?`%1AZt!g4#ua*Zq|VzY?mBR`_TU!yEAe7*PNfD!9c62On$2u ze6|k@fVE%IX=cP|RcFE*@aKUWb7vP3jIeFyZ6>5= z9vl)^uj_p>DU_rUKokU zZrdBau=CQ(|G@)$!4&)JsQ^2Z-R$6Y=}Gy$d}JAXr2JjSEnRLO<|2N3j&(KV$uK>VYVijXN!`?R;rZUcKMn#ECI!&XA~*I04`m z3{w${sAN5iZptoRg+<>pWqM7vOZVTizrGQIBq4cAas|SpspY#(yT9k0LVNR763I-- zV*FQJ5^a*(eW)G<>I_{i2e%=w>}mDDxi9TilkjpZ(BqkTVYRaH#nKQEjY4etP`W7S z&^Y?zm&vI@Kqb{^3DVR~90+4?k z22U7XGDN%erX1B(M;tWZ{3E!5F3`rhui!#hT!R86D>QQEwiWKeAMF5s2K|ylb5@-k zgAR|QPXo}Wp95us!@~87b}l1dRX&gJEctopzxfytzlecqS@=c%|L^j;dCZouQ)1>m`=!}xg@{h@Hjnx(C%T-r?jQ(VJYIl#%IgK0MA=A_Y|dGIt2enz#y?VtLQBSiNTWS07*l$amo7-?|dMDMw!SD1MS_zk)3v+G+6Pp zXN9{_(8-_0C0#W86NJ;whK{)M+KT!M?rm*+TSpo6Bc^_yXpA$^EZ1zXtK!KQr5~RR zAr~W+1UXf5+;C;Q9xbaIsyFxHK3m$H=54yR9>+d2AGQrf(?+Y1OuysPcQ36dIme{m z`^okB^=JiP9AFk5V7KIHIG^~D{~HbrPO)1#3vOfLBKPSti(MNx3p2MA10I~S6eK$X zzbBk$;r68j{Zu6diBQrX(Z&&?-gyQ~wZ%(T@hpBkPoHFiVfB(#3=yuBkSSGQ1e`bX z_}eP{8sxlv_`g{r+-Y3d$b%dH$#MH~*)DVqPKAINB zrB7c7Hgpndj-fya+!s5^E^nhyrwzY$0B5}$N){c@$~ZUdIka;YfyCdkMUAxrT1&3V zItyert(w*xSYOV zMW-BjVyPVc6l3yIaKs-yyAfY3C1hadYalK3ByihV54N_H5K=vHpOU_U2`&n%>}3D$V)qM^XK@pMt&$ZCX2=v=7)YMaR=3%oDF%rGhXF% zA;QHe;V|7r3eRUeL=OvquT9Ac6N$099vz;FNH%3wtv0;hOn7p@C*)aQvg5A)1I68= zZ!`PLPax7JT^#)|Qim_itE1mYgWIn?S~rYrkD{(N1wmUBz*GJ8&)NPSVA@W%gW%(7(Yj}Oy3&UkyQZb8 zBf_eqGM0T^pp!!t`%O~22_Qg;L1xag3ywkL%Wz5jH;@G(k zyp+)2^9#AiBEyJ66P{XO)`v$L@M~9hd2#alx&!NZgQ47FpW2w9z$7J-26L`Up` zp>pF_-?_-=lg@j-vkqP?MWq_)RSMp!#jge!jTC}R!pvNp!tM?#QX7_)1L!}_Gb2S$ zCr?Y*!7_ao!{(dqVR_xW;$2*MKNde{+%&-TZqbW7A^5#tY-!!Xy!V7N;0EoT$EUp0 zlJm8i{Cx#?kKOgg9Zk4JC%y8Q_jlJhu!^b$U(PkQzswnqs_rKZ2F))EoWxkg+pp)P&YWs)&HP%9!}r<i;~yw}CV*qYDuTz;qBMp%z?a(mu9s=;)Dy4_H?7)(eGrFX zb+CRF5Rmi=X{lUs-rZ>&bu%=ihudhh-96JWJc-S(ljU7Tp1~|lP#qrN_#$`gLyRUR z^pBWd1_&|kD5r}cIn=7LS4Z$};Qgv6i_Dnk4SWRKQSkisrX|}E=4Q+EeLInldImUu z4<*Fzi<^5l5KK(%0-jQSL=#OJ6>-%b^*<`++!{Lu-RB%D`BK~5{MJ^qGlu0-rD*mL zZ!q!Si3Twz?h#3bY*u&}f?19FyS2_A);-xJt_Qq1t)Lv!1T1?$C42=>cf-`qt^pk%$CDN9C{X9* zF_o&>aT)J79qjyLF5_=`Zf4olUEji9ggOE1$EiI+5ag~!6+d&mm?OOZIsdI^Z=L?W zwwL0;g0$N&(nCLRy$6A}{ODJK7;h*xG{G!zN=^}9d7?O?sg?rMhXHb$Brn{>1!?Xs z)DGL$2l|8zPB0IPPJTL$!|JlOIH6L6{gjYCm=NM7!H&>TPv6p7p|sVs@7e%r5wcrtjAD3+NEAinII7__^L?PlyA)II4}s733}))y01@f znss>ch%!q0?hngoKmjVq8#*7xTCcHM8gN>_`f}cW{Q`NXPgr#*5&%x`3Pnf1&TDl& zeZctd4QAPyNN0{e*l)(1PKG+<5U&GgsZ{nX|{vB!>hB!nJe!NGqu zvl@AOBK__sjlz+yTwB5Ej-2>-fb!j$6#;-=-nB&n?5gqkBY@PVm3!nIADfToK#6o< z0j^mxL|OUrU}*o)JFQsUXe6ZX-lDX*zBOJXe&U@XzmdxMPyje2 ztU7k$He@B4nix%(H(}`?kU0?7W)w{~)KnK+nEWL@+B)Ukz~pqs(4eLiLFJm~4G4_j zmB}8Cins$zsp4Ov{_j3^Q;^_Y8E0_C_EA=|Z}45i5Yr zRTS^Z$S8TO63NKC*tPaDR@g)PLQ86Nc?}KhaDd^QU6U!?H;8NEUzV{oU?uV@A{QH% z7D1)aDL05UO2<0ia{%xUe%L|#F%vnTcNJM`6qM43)&3~6Q)y{vm@4Vtr_#`X14Fb> z23W2e2+&@1mR|Hu-9hxR?=lV*nNzlnFUmmd3o@C`3^P`STw_ZC zjaRa;ih;}*YKmuOjr8kJI?O%T#8!8zvr#HZ5Ir* zn*Jfus>=?iu3zTN@)zwwhl-DHBfPue-(XynLQDx^rVG$hbJB>UBSI7tl0o~(d$BR^ zvH45Tq+t$9IP~GXTO|91O4Lh!%yJa)!XQYaFp3uiW7ZOwAb2+Sw$VS-PEti|82fm- zxnHYO4$w=Rf=GR}ipKb8=%B@cM9K5z#E~ui=E%^k&)rZ`xfNbfJv6}1dOIya`9#Yp zWzdMPv!%8DO=?|v&zko{^DD4-u)NS#*EWuYUHX<+vpAosXJ6stuaUKtsNnEp#g}NM zP?y`oqIvUlH6|Q3KQ#f|Y(85Iv`SLrEIyAb4L}!p7ySPo?ZNsg!khD8T-J}yOsKfY zG-KNZW`};xDhRB$IDZTFbTEE~v^M#+d};do75qpg;o;n|zHE*qkp$X=urP(rrPSF? zvw{vyQuC_Z(>d@gLVayzp_cF2!zu)oe&$gu0AVu;aj4DFhxF|v%}$>(0}{*AU?Q%0 z?1-vxJQLZkc847^Z?uv=7`r zS|E9w9dXyIsJYLg7wq^1=!yI7TK%KEPP{`R?w+EPAzLJZF|P(~%!MqKL`h9lA7(}1 zC`i~K#rpkhO>N!1aid~X}cZYgPL>F(~1jdb4S`<`>|ckll`Jnp&19Px`W>D;%Gg5yl4 zI}9{Fluf-k*Yl{WZq85}WlmpE`KdmLe+KtT^{25xY&V6zrwXAW9l0VSpo%EwYtW|W zP}!RFBa3p`^7>Iu#tEIHA!y(7{i-FSAmHru*?VqeVlMVI7l%IQTRx>JWn;k~EVS(M z6V?s20>3@1ty*Mu8mkN#J2N`NJ%7%9oBesXY|@yvhHR=}E!x=Jd@3#8f={cE&TD+N zk?$S#G>-JYWM&9p+G9X5EGWqwX#(Fw$$G`G=fk;snLZhfa?yY>Z~PMTbl*<{0uc#O z!+e_=hliW`rfeKbZHOCPqTg6oQ$hNROoq=~m4;LCyM~7G35~~Sni+lho&55OxvR@( zHc`Gx~gjU=*W*{|2h5p?I9$F=%P(r%?v+pmuoS%1mn;V}jjlJF+n>8JVKf6_x*n9r0k5yx$rL1)k-oGl zy}iFjh?l{Ub_OC3Kr$=p2KMNvfc)8Y*q}(sL;Jdd83s|e)_nyJ=)FBvoBrE6bGMNQ z$Hih%B8^HVj@7YTMHPj*JgeDB!$$3d>q}aK>1{YKSH>=dD1JrR`0RE#F9$u(v~bF3 zG%M+=R3j>i6>yw?DNttK`onO%w2e}i3mk?16X@?Ys3}M&d??8Pk}Fwa7DznHvD4oP zUl_>6ycF^rNOr#_fx#=WE}OKYALd>WHoFs zP#Y0!#vNZa+%E!H>&AUE*b59iA~3zq^(FhkDX`bKYSgW~(RJkF%9<5Sc~6V2tv&0R zvSuZZ4TT)!8c7YT8$&S>4Jo$A>XCoe%q%OWt{WDZ->#;`l&m3i`}rX?S#}5Xn^>%2t`>9Jp-uev==_TnUEE+6}{oxG> zneEym>ri9kt#{a8uRrbREXF!=OHk7m=K{I7tmC0WC=qRBS6vON-nYz)-g>jE zM%JZ{YN&@0HBX_zWJ;p2daG;CR`1=br03R5$HE%_&~QnOOvh|as%}OvSj1%A+QZ{G z8ir|cK1u~cr~D_4u<~=8r-iquBhBlAnCO|&{|1BEs9taey%YYsuTMSFxk=dIj|Bd6 zA@HCinCR=I-GvcQ{uMS#d*KBE+hY5yzQwcuwyrg>%lMu#akOz3ow+%i-*b$xaSxQ3 zyQE_c8)u6qzdPlELmjez=e0E4=tj8Lt{nWwe8`Qpfr88rHXr9~byi)AK05?d%aFcx z2f^Df(>>S$r0ucafp`Lnc+A0vuY%rU7>Xm<42>esaj~{tUr@r4nJ?48m&)S2fLZD5f<#?`(P+mYT(On!Miba`FSB}&L79tnLh)3Z@$$UH`2ev zNTp*F>d)8Ecg>|OMXD0$8?;x(`SdUx8vMnQEHU~w7%Rs7-tZxiB6%Eg!mq&kOgHLb z9gN5pJ{4XtE>^M(1tlunxOunAMd9~5)gEm62S2eA!(wIw9UbMdWy6A2qv~B7^K@uf z6x&P%nny0x&QgrL8Xi($fEfMN_ zO*UJVhFgr?!1ZX2Bm{hmH9kU-j&5Cn zm24co%Lv0uxF5UU57K>(vONuMrsu_0?Q5PkX?CZn?8a($H{FvwrFxoFKX_l8E2yfe zoTVlM5h3`P{ythZub@cbq58@!Ho`JW5`JEEmwr$-SXBHwGHEcRf(zftkPL>$7cR`J zU?d561gFv_!T;a4CoxJE>Z43}lN(sCuhlX&x>+9d@;|dp>U(p|cS~UZRyz(w?B92c z4B-gbu=4ptvHNz}Tbv4d-=-v3L|Av1kYc z$vJ#L!pl%A%D4c?3R*?n!jy(iq=fobxCcqh?vFvsUVDF{O>`1^et(=n`7R^oszF{R z?vFTI_MAgDSq2r2w(Hh)8iCXX;UJC|J-@kz}CEq>BI>&~uPIr+aXBNuNm zGN#fv+Zzlq9T3i-BG>mm+3S5u*x-`15deZ1f)_B-Ga11_S*CF1raN5$v@9Xg_gfAs zBd--CwPXCRS3Of{k?;11JTIcA<5rL29+CRB4RRKheTxzQ{bh!G89D0BMRVP87wbNX81zPV1F;G`a(^vNq-2D5f|una^w7t)|7O+-UNKwaA1rOZ=RWFgW<2>awz zqQdry)sL8B;k56D`0=m}Q*XM~F;R%^sbq4$3ksFENNJheoyYIt>V=WK_+RtsGrJK$ zu@Vj>J0%k#RR-)wa(t$+#`M>H{hzNihBD?l_D!rnL9RboQKpL>@iBJb%kn@levn|< z7IH{~TlexI-RGNc-*Z$em)*adTDepuUF1-=OQjDZ2O{ZEWYiFE@#L+TlNJ~n^V@u! zT{g6A$r&6_^S*FhcwCv7VW9LTZPgb5Vrg+=KA#}$!xBej;f#}!RJ+FS^aglNxgSp# zD1ePAms!_#XPGm#B$+5_m)FG}8bz8$B7)lLRQOTSjY$D4=M&2RvgTSHB>SJ*BD_e- zdsy0+x`(;urAnr`2bC~}p&&Wa0`D07d#znW#4tITVU)>Ulp8?ZbZ^9ECjoT}D|IGd zg$kFJQnlmIvR0pdFf0`0*3jVWsd|l#VGk1^MOL0Mp5h5VD#tevV5RaCTUS-BSi9RE z-OnG}j)#V7K(Zx7j*5(AU^Hw|l0p^kRY*s0OJaHJu+5uBMHGd}SZ`2ButC5NQWR;_+ByTD!$_`bC0Y|2S`in zYT2Is4;K|P0CJ-vfSOQn$on`W^-Koi6}Yb^+n)0z@{BZNf&G0_nKnl#=pqUp6a7Dp zS_|nZ4piwYk7uVfE`QVhSg8To=%V&10VXsFb4|}5awSHK0oAn;xLczq@ffmlgfmi? zf~Z&(aPjI_Oduc-_(ECXB4Nzw#wN1QK!_cf3#x6Oudm_I7w+{WQZAUSuB5?(8g0b- zK|o&SfTDiX=8-l>wzXpi20C@s?LDsfHnN^+X^hcfrs$k3BWz_eVp%2B1twBk2OTg+YrqLS zru`Ibh~S%3Y#4t1e}RY=Jn%O@o!%l^kggB!Gl?k}EF?Sac(gRapW%c-{M_*5oaEK4 z{lyAsVoLKv4N-V$Vm=6GW{+|~nm_Ur@u6WrCB}`qvsk;*vXYGLf38bL3HW{E)~@~6>JiMw}E4Ab(9sOCui^MO1YjUKiy3~C!8+D zj42!Mm9Vplx8#X^px!{$QK(kyz#XVzo0gw-Nq3nJoYO`veF&e70Bt%2udrLNCZ^xsEB+aTZj#hdo-Y&oF5Vfrl=u zjTh(-NcL`Y8eZa-GDcZEI52HA8pC^E*z#=EDhjD09K`tBU6ExVEZ^V6h$$jlC}>0d$}Y?YL6@(BqZy z^j7*GqJOUMFP=_o@s?eKG=DsQ|AvZ-FU7!^$`W$wNileR?-O5krU##&iV_6{$R=dp zjij*yy=9GHdzQju+6y8xe>vWlkLO^++IBV(2O?VH&*>bOrnQw~nVAA^>q~I5V+#IV zlw&jj#jnv;1|q6{y|W`(UalwGi1>0e-Zff1m=GfvVj&d9Rb}yzrR?83aghvE%4Kk2 zM=*2r!Xw;U&`orWvR;{uh*P?P8VHMv9MgqE#E8}kZZirBY{qUZU4(BPS%7WL+Pv!y|k%V z$>XNETs@HQn7R<%eoSKEhC=)&7cUn%+%y6wUzhedE0a)#c*{$#gBj^0deQY&f@;?w zG^N5^%WvLP^69KZ0^i3Xgw|sGBlmYPQ@Hnb$6MekbHw3z5kJx!-T<$C`)C7Q%gf<4 z#pEJcLjVj?c_oV!ibJ+o&z3fhue<_1$7Vg}fY{8H& zmu(-ro)cpj5xn2HBL+7IgEhO^M5M>&pOU%8-}DZUEYKSZ5a`8lojI*OEyvSPyjiKs z#sqJhWe53>us)}KjVp%E zs~lr=??Rj)m(H6}-9Fz`!|}0Ts++o?M5NQwV-piC1H4+Sv~qZ~>o3`b{wR8SY^-{X z4f&8X1AFAYC#Lv?0e>%r0-N!S?iBKko18P^cvr@KMZ?yMTQmc>R(Plwh+v7TE`g#J z8o9LIffo?ViP~azvs}Vqy{c}Z;3#IvQG3`Ooom#8>!eR1B6kSHBIqyY*aX3<4eUNN zshoiB1qdk8Ip~Rrl>0A)F87kQQvfS39=kuk5w>&-)4%M|$?JF;e7=5oHH2L^5xttj ztu*-XL95X8BqPvTWg)PG+b8U}Oi5Yq<#G0xnHRhvd3-5^U~Wb2eCr(S@D=dz?Sq43@)xjOnQDkxyqhz<^#+cpA;xvvOGm-U`Tl%fDC} z!JTRYlHjI!rLbSILUenEQVyuc*c)~8!Iq{!j@%)ncu&!JsEX+AazAb!P_31bL2+86 zL+`}LUfLb?J&K%qNVQGv@Ng!;f$htU)R)-c2E*#8Lzvk=EDG8?qfik6B$l=DiG@qoQ~*RJTi|R?k}`-gDZp>> z%Gzjeu8+k6B+OalGe(xs!i^MJv62cOPyPFgtnrvX1-dF;NEiz%CkOP^`+|3{S_O-v z;tQ5^RX0&;HMgNhc`+;GG{{WDA?$ zoE=k5?8kE?blDn#Yo)YXMIP4|EuXLAjAZ#`t~k^+aS(d^eIVh%lAO6|DhRkL$v1PP zhhOAc6wC=@fF_w$FUpKAd@S@utf(^XzUpAf%ru}}I_c9pkm#4( zf;Buo`_Md<)tVWNb5kIUcR|GFAbg&A=0u1^PAp8T#n{MUp1%zY*>hr&Xp7J7hCns? z!Y2rqJ;DKwTA+C4-G&I7`FmkLy|$)zKJgV|L~m_gfq+*Ms*rY}`0$UROuzaw7KOBf zj%rEv&l?;ZsCTcS4)ZNy1K1xrZx~@4yDP3$nuzE!mCUyqnvZ*E(JK<^Ux`#-^G<9q z(D`*ur69CPg`$DTLL&@oQ_MIY8({jI?#M9x5A3`oIeAVXBQLLqILI1-edAFS>Sw|e zw@h;o<5|$&{vvQv!hQN|$!Ty=lmtOH@NGd#WYNnY2mA5~yT&{cE$bf!ljTD*H%+~4VF~$skz1Pdmur!}{lQjQk>;2QF$`0&rq!J*H`$|;SlLBCuy`vArf6t%& zifLl*Jeiny?h3NvtLYF!@@V`Y>6nj0EH#O?RIXm(VWBuOf9;f~N*GK77d|t5kmS#{ zzGpBrEkO&kTNUd5?*Uk{S}JdusHg_U-vE z5@EjG{4%R^Y!t2XZXEC5eg_#mx)qRg+uN!*4N&d?HI&AHguMkL%>Bf`G?;5#fY$PY zQBOF|r?jtO86H>fpzyL7MV|$lh1@wTt~o%^zT*o0Vh2sEWw+NanEMw&g!d&B)!lM} zgGCP7^$OR1;Nlb5$G&tSxQ8#4Q&eyJ)~P5YcUrS zAedkYj^r)uE6(-k_0ysvzdcu=>!h}*=*FNUTRVXFVtw%p)6{zm*@(@d-t%kVkK!MD z-@+UssvE|&T^tU3FFzOL{7fJcN9+19Kv3T>{=MNt92PEa&N{LjX|75SO&(Rg**T)R zOlV2z$^%&!+(7`Lu}7UCBRiGPy-6>GY=bphoPU8IWg4b+AGMvimB)br;2QQiLV3UT zL0qX_D2D_ZsEzVM-cHqgs5kkm08h=o^AJSn1RFZGgD|Md%;vSj=p3mX#joiteMZHo(xxuO)_ZlnIAUYAkBA6nrYS2sYI%y`GY-1eK7|d;G9BiN*l(RUG z>{i$HEi}|joF6Ty1;}0ko{cP}^3m`>$N_{`yO2nz)ju7u;FjrOi|o`y$0UCQp?=kg znk@!Y!ikj{?mh?ku3FZgZ)$`4aD%G_sziuGS1?0yJ73%KiB+dFDJmk!2xcQ7bBEMM@fAZp|61RCZ!EB zMW96DMSOSnMw2dVB6Lu3XT_NT0;&zK2sh=Mj|Y;O_}r)}htMAPj=S%d`Q8*;%9pFV z*J%%74~Xw=`4LKPg>z*o1<@3ki1kr_5T(osied9%l$O@u)}K`NZk~G+CFiyXse2Cy zY7lhCW{qM{viHJbM)ij$qgAT=PTamOw7ul9*bouuc}xDvI3YJRfaI*KaLkbuBnvuI z+7IU;|AuCU;1bowdMiKg2S%(8Fgc8!*!z(8&2i(bc;|et!s@ZxNxPlvJe$Xa26FuR zhbqIR6e1olBgPc$a6uSi`57$cFj0*2^o}H=eh&|Y2t<_R4SMC&0jVUcZLQl_(pL1Y0 z8=)p~C4#Eyth4>hNW}XFtCNi_NC`GgxNx?Ny)mDEMGxs!y_$tPWh3J|cG9QcK;@EI zN2D$~uiQ?1tU)s(J;|LQn-8|cbe01DzCh02*1@cxYRF%F4i zUW4=X<{?%BAm&c-$>Ge8DXphwoWLh?;NF{*Y6m*_c1bvTazq9@DFZO zq7#l>${pL@e>8f24w=*>`n9j2VilQyQ)jm&h_?}RD>7^T_s3m z^&1_-CfI2ZjF%qh3U;v|W zjyhwFh_g;7aLd&U3cSo4CJ<@TKt5(?6XeX#ohZF;1+UX*jaC6l=xK#Y5Q{BHy@Jw- z$f#H+IF$kA*=$dvX<2L%AU-aIfFS*S+B(J8cghIe3?XqhMw&>1?94BCf6jjT;hImF zPOymQOTB{4YP_TCEZWNPwW-hkxbH6v!K{A}q?7cdhZywqrX7jIY$J|fk6c`MK>OdW z6#fJcic$6|_TwUw4bOT^-P_5;gm@cbkblk|eQ*wgz#e5O0UcV(A6s8@ki0#qH4ND` zr68HS!M+|>S^ZULd4x*B#iNO)Ds0?9S@bz~3kf#_8XDHey_%=0J(c24I5azI7cccH zYB-o7CkGSWx;BKKU||muz#GT%JuwYo=`}IGJf@L zDQf%ir-rZTO}UYGS`n1_;))>RZC{h;NMLXw+$I`;h&J8ZO-oBvD2v-M_r~&PLN*Ge zy7#x7mf?j8cU8%{5C!a|NefW?PDmcltMJ6b=L%pzlfc+K@1|$x_g0O<;E2e5UCOSt z0qb<_0P;^tENg52`rnsP{%xl=f2wzPg;jvHuE|^bXmR6{EWfW~w{cG*mk(tYZeXES zH<96MaV5Sou#RzXg*~&vN>Yp1qETdA2SZ?&8W0ESfQOx`H{=#H1}#(ezvTNg00W)} z?rnz57wdfXdCuHC-#_u_@kH1k2cvIDhkP`H_}#;q`-qG6Q1#N}`AdimsuP;?^EQN& zE})?6$rhjxd;w7FyRoI!k@ELInag!^=wRf*LB*Se(ui_(c!tul#^w&0JIvS*^x?MZ zy;p>9UyfqFj;ie|Wqn#ycRz}%19~Km@9mk|9cRw_n-TMO_5csJTDAS^fms#Po5C6n zH-Qo!D~@xAkkCRT#Hip8BhO5$&6MJoYlCAnTJ5Ke3K)h$M~aqEWIe$%+@$^ zfna+jafi~`*h@zE+D#ZXiJ6@IA&ZDI*C5~MVuX;jH5Tiq6FP@I@jMnL`fYJb#Bqd* zp17N;41~2tZxzp3bUgN@G{am zxFw8{)a^ZRA8Y7&Cq-vXypkndWw`;RQ4UCW&0kdc<=IIh@40X4;r?t>1B!D-6ZOk(ew@O zn>hnSvl2YNUhzkvN3p_7T2pCFL+K3EOkZfGq~|xPB*@-H^Lkk}AIO7hT1E`aIc#r(d1<$IeNeD3PKlv2Ry;)Vz9!>_Dh~%~lFV(jLgD!Y`KZ3r1^3dAJL;L#W zQ;*}lwlwaBJ`mtP8H#zR>644lygY4-IlDSUe7>@=cS-55QzJNWvt6}|*f~eckix^n zB?56#g7h=3=XvtdK%}G57!xM+R#(?B%IRQArR>|^ryu;a-jOL4^6&VAsI1!j;?`xd>LZW{rsAH34FJHHi*G;?ZplYNj^Nhnv&( zc=zV%nO>=lu}|g;Er6iEB3&>hy*N_uOL~-nI4fr|97fSjBT%0zHldXH!l<9^#E3M~ z{>3PF^z{K7S_ljH_Jr~a&0cJJI3wzX@z|6M-EE8uDPsG%>OOqw>6Bo@2v;dgANq~# znrwEbn-+sM9jKe8rB3|I($9V9d)lQaU?NCh@FLn44-06H1PIx5R~{=S?w1$QpELew zI}G)m(i}e-XlJ%=-E@F%umbG+*?cN&frx||hO)1`LuXcuNE=2bY^GYeMlx!06bwY} z-D{q&6jweXi4@>rb%HLrC(-!i1cGrF@R2JuE&i%*kGtge4hx{1=lM^kSX83F3n+^F zrs=b$hWz3MsDJv!9@#9;-?FrEhBzzEP|FMsn1mit+A-|cdn&8KvqV;)Iw-mMccDsm zZfT$-KBM68O_=%@H%6{9TJaj25(X@0xh6nYF)oLvAUYvcE7p3>YdPP&TZ5K zq8`Bgrdg4V-#qqth)MM-MUc4D(Q98kft-7cht|(1>%bkTW2{FXQL!8 zB-|H_dbvN{-rSX}U4GAd+IcPQ$Y&L?jJmUQ*%3#*Vhj&T<9%j*&Da-;@!tLGe}eQ9 zz=FkUL8NJKJWw$#wka}SlIf3j8E`WJb`gCSb{=3D`>wa+{let$xfNc16%5I(z;QYn zPGeu))Z71bR-XuBIs5oWvP9jnpm1)KbQv;vq7=$&CCyl8(5^#{BV8nmQr+HLLTpMS z+3%KjoR-oR%k*cnWI88)o}9Eb-PO>3Bt&R7ov&&CE}04B;k+Vt+WCOc=VOM)!kSm# z(4LMN8kemOi&&@BY+50ne?Z}BS)a$E^A6k>W{i7KZHfdG^Dq!swu-){K&rz zpJD77O2NGdgE)j(dd7%RDNCDlv#eJ9T$G>*$+F#bKTaT~-p6ajQ#J~H$7NLxU!F|{ zL;QTEKGR{~=zVV|{zwfhKeiFe$M5*H5ZMqo`!0uxDSr@v4l+L!@%~d;14DpBh>zcp$Oq zZT@D6=^j6W0gx@iJhY5af7+MkB+0Fr0gCWARu9QIn?NIM=CTB}H?>pCcjnS*oVZg4 z1t!qCwgOnyUpCC0xW;A8-VMUxE7}OQ0h@+zetHR8Z!ZhTLX5C-5YQQ-_Fy~~C z9m&PQQ-z^KoJ>*8D&n|CXQ5O+(gaV93+dj)OC#_IAg$m9tvLqwGbH!0trdLd_Y118 zxj{Qb*7>R>OWU+bqk}SVgHG(;YT5Aij+&Mp_&BFw`bEYnj$j4#QAjV}KA{)tZ&WgF z@@|=J@6f7R?B+fr{+gF$PTF-kHW26_e>Ke)bq7TTorw3zmjf^{>`N8*f&aRUeYn}V zC`b~Jb+3!XXi1I#rVth;Mjbx__FW@~Kmyw*dTgl0qIj)?vG|oI{7X!GXUG|vD8~`KJa1WAep(7GnKg3WWeA82L0W{0#5Yt!{Tv>sZU_xxB^)M3!9lpCT zNGK(oaJ3vc1_-PV--6{yoDTXVQkVTfV=v~3unLGYIACL;&-BD){Si;SLnvM;LH zMOMo^y|{Emgx=mvw_dQ>wwe0iC}y}W@!c@@*mkIW!@@}|F6Et$^mKLIz}%umlcUD- zY-ZB}l4#|!Cx~L^LDutsvRpn9o%pJv2$X!Rn`kX^6B91J+o(wa;*)+&=eey)JHWQ-ej7dW*LVul!Z= z6CTcOXVQUsEXf3QhRv>Gze8#^dWCed@4pGYGRDolRiIOLfD;obyNDv4ozlQ@oguL2 z{NzDYF4uoTo@{6Gp5i>ld0OZ0XhyI(ADU9}AZFK*@Fhg-*Sak3!B}*al(Q%+L&Y01 zbHpCDVhSoPZ2c;6KP&$%6Yf6hv5ziaJMN}KLFGPR9lw9`QqN6*p4>=P;6kR@bLU5{ zI4#=2(QH4LWhqxde(>|1@p8G@qMzz?60h|z6Ss3C5rrqLIF?4Phq4eCJuGBGoslDc zxBg7E@DMgav>cGdceDR^@q1B_2;__%vH>G=WxJU&!rerdzcvx6|Dyg-k_!<~GZ_(3 zru?ceS0aopnpR!`tqtM{O0dY~>So{AFO*j%iiLGMzTB3T9l1q^qowko;`hC|O~oDN zzF5B8(Qk$u{G`A%GK8~T8+ zMv-Ur4FPmb(1@_k6Bcdhexu^?zqy+nvO5r&3&SgoD=KJM44ti1*5geN8VR@3Q~gXQ zRD5dbOc$N!rB?^76mr>(!jAz|wuc7d9`9^jGnWTAfE0M(UjM1gQZTmzx3y}v^Z4xN^Bw>*rgiNgw2`BIqeszs1_U-y6?Hd02 zsTH}#0)OHkW?cm0seJDemSy0^h&s6{OIMZ_Eh^e=7HT|}f!;cXfbSR>Dlwpvw_mB_ z)hiK+z&vbe5z!DMW3^3nV%(2tsVg7Cw2fPqtrkBK{@K(Vq=!RqwYO^g%)pmJ`KT^k zsiV66wJWpzfPrPtgYb7{?zN`*VEdf`yq>{BC~gY~`Fv+YXbYChJ2WbZAt#&EDf$Yt z0-B5Wv`sX?{;$j`g{Trw+GH-@eNGAoG+80XzBr6Omy#aCpnij?^dFd!zE`-L^39KF zP~?!|^rS>v(@1%Q-)K}tk4(xSwcyhb*Vh3t{?5i6iNp+6r;{Y6o#d>~4h0+I`<6( zD>+3Ex*j62406tYc}I9$LT#{o{wfkZ&C1>*?Uw9v1T_*MNg3I;5%b8xKmt8GMWD3Q z$1ENx=HVZ2wx?|^g}GIuu&{Wi8>~Qy&M$m{y@CJi@q$l21hz_Z73zPGNVjuAI?hGBNMXl9pA z(`;ZuCHMjdnsC|S(XOZLQoYt2V7nLA8iD6bqB5L|`d}rud|A+I-OCQ(X8*b7&_1Z# zYrCPVBV)1YT8Q4>AHe-|umqqI*680ax-m8#$j7Zo@QtQe>U2DrEna7upHzt%5n~Oy zFJGG7yKK(4JMXd6qU}c#kAXV4{#fwOG4KCK9Q3|pAkrIO7dlisQ$kdRi&c&L$X_hh z>&$I-%#0DTtrBoBZQ8=(%G5qB_my$>`>mwXAcy)v>_$Ee>(9w1IKY`Dm(LySu$3oo zZ{XIYUrZBzOmUxxBC)~}rWPBu;OO^QbTa=fvz~05EJPd4*gd)6lZ@ILRT9n+nbBf= zwMpEBH{!r$wjT3uptJ;4S9j;S&4crN&cuXwu^n4)?r8Wx_)JlSeM5heTFYzwUy8}p zB<#Yd2OF#!w7?idc=#T4$biAoQbj6#xsRSTjIiJ|Y*2gA6QZg&+S-W(#^nAlQ5Puk zR)i^oNv)nZEWEAWc*R>6JceIVRuQSh-|D+8cKJYNrs%QHktK?&-8pTP*1~Gyj~abU zNc&v8Yh`O5s?J7CfyEA^X(K~j8Y2Y5A(Ao<)5r)2qHfAvkZLU0NJEROmk2Xvs!w&b zmKXnPI2ZEfRwo*nw)jckZWEC@r-;A3kG^2~tZuPn;c@;Csc3E8^5XNBCz(&mim>}vVNBO| zz|l-j5F!da6ZWw`?9FO2T1`>ynkF7_X|U?%U5a_+iu>gQ^X=7^nK;w50Rj} zefksL&ey+%uhn4;zz2ZVx665^-KcHQB~mhF;vg0Lo?bb*;X`L$6zf4wSiNP#wz$m- zMiZ0beaGT_=CO9e;Uj1Ja~!af1nrdWx^xof#0_j33_O7!1l8xQXgYu_w4?RI9n5j4 z+ZBHP7cXUQP4 zy$b6K55gek%tx>e)T2(8SzKZce$MGoIy5l{SkyL(}cL6)%aKDm%RszEkz*b6gcenNre5f6ZHPZ@2esLf5aIa zGcShv;`*mp!OmF-=mh)vMH7x<1shz_TQoSv3_;;c&|5JQ2n6esg7X-&olyjSraDB)1{0rYl)ocfJ<*XU)X8w zJSetbwPum11jV(rvv01vn?0L9l@6lM{}JB-r`CkbCD+Te%RSO2W8i>c;39taavJw8 zl28>u=Cy^E(=47uvCmW}pHztx-%%Gng;o@FYP%)N$$mr(LHFHZ{p@~IKf6X%Gs9Qj zGdpVQwOi-UEo*!nf0qilT60@^nU^%0l(l3Dxkz2ldh6-LXP2&MdGvcewp2fCnT3)6 zcrR22Evaaq544iWOsm~1ZE)sHQj!PNqP4z#Irzs}LvfN!1bCwt ziy6~xFV$ppS+zE*e}N|RYDDIykMKhCl01lOEIF}RH0~hmHwvU|W#8I@_DtAU(oIE_ zm6*h^^W{QiS%p-PsehKWo!PK~P3uSdhV48_CdNeMjga7=?T>hi{(|P9u-;vnRxVBA z{+X>(gddlJWL=GYEHp(=+=2&$c&ewkzxYIpgfkck)vzS#MJYr!+5828`^P|Kt<-?x zpi&VY3m~6yGDGsQVRy@t9i$=mlqFNyBiw(ZCY+B+c!S)f@%yc@UnI9Xnp6@Een>7y zDe>US7m10VVQhxhr4+G(dkx|U2#Db8_0Zt>`HsXvM|-Y$5aW`AZJA-%Y}ccn9kIFJ zncOBQ4h7d@fu0bcz3@U`5;3{GE|7ov#h4pl&$$RvhPTZ%;GCg(*bo5RxNeNEI-S%l zf|%}ZRIJL%K4sIO>7DiN1rs-l0BT+iq}}7b(nDj%7U^p%2XymV^KxGP**W2YL+iJb zMy#(s-{f6IFZohTVkzsgC8I=QDSyLd(DIw?UF;A*9wKNf%eYnMunRZGU6a^ zwcz>kxjU2Sq;|f_+(8nRUO`_Vc61%u&BpfJ^Tim86!eG9&A&*k34PP{A{TOp@)Y7U zv0 zb0V98QBu*+3kpS&gqkN4$$Hy^C1;V3-C#3uphDilwAKt#`-^DQ*0bX9+a$O)EW6$`Tr$>7r_Kg} z4t(c!^ZQ{MYuWghj}5Im-J?u4yDYjU#MZsd`U^^B#^Jz3p@$;so&@$zNh zmDOY;U@T6HzR#TTu7qw#N>nLI(WcFwNre%m%oO>blwOV!j-7*8a^DAa>f;O4)QSveFuPjIX%I9KX+!LB`^6 zhhXV7Yt6lCN3H1cX!Ep7n!jzUmKwG(@(AQNuWBx+6&FrwMbit>8Ep2J22dBw`H;1# zvEm_-kVx%m3$`tJ32kNFO@x|OE~~gy3uohe&y4ZqE0+cNX8+=EQFncmX4T>f25M1z z5Q|R4Eu`0KR#TiSN`P+UTj9P)^~R$8iQyQNEX6~>;QrwDtMkR zuIbSFQOP>1_14ExkQltkL+gX<*e6#)USOpM73y;4q@Acn<1gr=E-JP$!F6RDGbN}X zBhiPKvGNDhpe^&B{ROo8SP&$2oqG<m;qH$?S|^EQriKZ13SaQe5D{(v_!Eii%QxOAD3LPbZK{<&NUGk z8F%^y&${-k2Sugt!o{|dCckCTHgELkc}4LDVJ$7X%}s-~q^jxoFpX^Gvh!{D(^O23 zQ=b%lWzC4z*S4bd(7KwD+AcgIV(Ot06|YW#KyT*fFtHvWo65q1GfzKg33)r;)N7% z=bKjs@AlHmh?K@|uzuWdi@GP7di-YfswqoHB;4cdv` zWlx23tRNSM+6L)XJF}$fSGz@U8yPWYAQ3+5cHxDVqfKF&>#0k^19WrXg2Uy7rdWTw zao*bcJ;;dN!G)9uChf=&r+eUEDm>^Hx8mV9 zFDjnhc^r3Gv}H#5-;LPInPLs+ocw->%=is)fcyL(=&j(5EN0Y~io>z*8Mu=)wX=p9 z2|ZjLmCWGNs|E`%dyQc$*u2HT85|-(d@v*52ae8TZGpvW5gk#da>_ldBzR23MBuV0 z@ZOR%IyUk6_2S}4Y?HXCi7s<5(D~AM#XiW4 zfnL+c*-62TBNrS|mT=#Xq$FukQ zd;$*Exz?Qj7~?m1TcO+AgZ*D|o?}Z9Uylb{Tu(^e;1Tm@@OwxHx6Y{BH&2>cw-~V! ztOW$9;gq0H(RTctbgV3@DHfBHhZ)|p{O$B(s!5RlrCytaj1^bZu`vFwfN7Y&(f$nd z)ZRCC9|}1?-tyT7Xtd)Y#$Q9oNTJoFZ?d*MG3bf6we?JPieBprXsdasENffuRn7D5 zM5H$-WTE3CI8c2?c;3#Y`cgbcs`e9wa*2LvVd2b_wOfcgFpzaKH15gcqziN3jVz*( zFJ+5-xd$T+rLVId*flQ)D_ZNlS;qkrX1Z?WN!fpp4 z8hO{?DZlVYjoPwZ0t=#pbpno=1fZS}7x3&^&0`g+R~TV7`BA=aa-PgT{#)rcs(=tY zA909#G?5Fr`3)_%OFJl|wnxHEcz58p+(GTl@p3_}=Rs5_7)a7|j}wBU+VDF(`txCR zTs1I~0gEM+tT5&CreyAZyyyVlNh&qemAXr1k2!q_lem9C`mKg0cE+2^+qAdg+2o5g zF(NzQd~9%%@;3VTy9md~(lT?~GD&^bXlpn%7xov@3vHcQ){*~Mx9RtnX`@^B!}dh{ zCnmCdbldvrRa#Z4$U<0BC4hW^nX9VyC=$CyS}Rl+J5dgH!1itN1xRS>ffl?1pJ*s2 z+K)$+8#IcgW!21?p7&`J#n-7M*U?$+7gdxDj^uQ%961E4Qc+QgKhmt8(ENeXtM_8&Cm4fmPi+Joi6e`i7gS1tZxj{aJF=%)4~n0pIgBt^adWE&^np?M zYq4N{X93hC#l=`3uh8iGm*vR+*%b>6&FHQf&GvBn4)kwg+kV(qC)Y*$Bx3H`;{Gt) zveq;%z}a-igIO?jmCi?k)-^)`x|p%1d)oc9J?6z?s^ltwJxFR?lBV@4Ad!w(R-&az zNfJ3VXR?Fk^0ZGQ+v^|GM=olJh`FM4x0~aq^Eo-2FUsw>W)(@6gn1`*zz$MTdw$ub zm?xD0hfFV($a81qTKAX6F$3ze=RSLi*03~|*VAQ4NJ#3)h?Ryhh-idR8>us?2*RBR zxt}y)mI|G}K^c zKnj9)pwjcxqm_Ir424o30X?~`>CIfq)^E7J$=6ptuI#%E>X=enZFjiVSC%c4FG+}* z(N8Fu0otx|_XeqhXZ zFaKqnyix@SYrSV{nO{c8U=KqJHU0~Hln22uUjqV8bGtuo+t4@8X`-`S04S;?@OnYht zk1*lYJk$vN7(=9_&BmArIM6g*w!-DT1f1s{Ob!6o3&@F0wq4+~F8*^mJw(7~U1)>O z*_{Tj+FZm_dT-rUb{Cd8Y`1O6(FWb>e3H)$iBbwxlE;wwO|HtM0GfTfzZ-lEc^Ai|8&U&D2g|JQKuZA`K3I79Var+Ea~VQWGOxuY_m~(u7^pw z!x^(veWB;m@vLDyeE$XK&;7m~Yuy6v_gBWB+}T5IESAMyz=$7v3TNxoKioeK`oNl| z+p?W*QZl}vNw+D`y^2wCPwbb3_}}IA)KLf(@p(ZPua!RBe!XKSy~f9|++qLt-Lkqq zaA+EA4&#p{#J~Il)NAj4D8yS9+~T$D3=AUgz|{HlF*yVlk}z<@o27)!qg=myZFDaL zOz7}5BK!K}1*k4n>VhRHGWd0u;}+7xTI%-5OcIh~Q)C^Tx1f6yJMWM`&;N^Zk!SyC+D9=8B3(n%e2>vVvP{Gjy(rfr!u>vqyE@e^nC2C{R4o+1 z85Q!q69ql?{#5-vBu3AIh_3u=YK%h)$bOm`i1nszb+x7$m;Y9t{!1xL6Aso%j>PK+XI-6R$3?sHX#FLBEgO%)#iaTS}*M-W``;t^+|S@7T91^oWQO zzQ#9*mW>@rC}IGb8VYWa!mr+`00~TX&IG*E9;IDCE*>VH6_>m(cHud%RmZohn^W8~ z#KRPg5h`L=qtLbxhpN>u_O#Xgj^ot>gE147>>cOORFR~tP)S--_wXp=QBRx!_79_? zY0%w9|A-MNw|+w+mqy7aVx)Z%ZPN$fP&nafo zpj$`x6kyca>p0LqAvBvBkk4F$`ALPx!b0)Un9lwS){EPq0o&ZY{z|DTC;mrDQ%O;m7#PPS1SZfe6B&SY0+boP{oKA6 zvj~MfcN4brm{Gufv!%>9>Z0;ij~8m8qLNYMEub$XZ2iz6i-n0R!@B0{@$Pp_ha?W6 zyjsd2RTaD@zdQoaz!~oKpTcM;KLACOF&K{M!rxPrL?P1ne-l_FniN_2s%xT5ca6!D z&a;aHd%lMCFKXk6aTVi1d9$8DM99!b1)KVd5l=~BkG$9YX=u|E@@HLdKy%|YUI=q{ zp77bj`qilL>eWkwwJ{#OatyUWa_(ou2pIPD>?T*(H3AIR_m9B!*6r!5fGb5*#2GAA zq4+{ceEuiet|G%%z~XN6Nsl}k1WJA8)FoB7ZNGxaMc<`9IazElHik~^hIHpmz_iOH zXn^8r58!t&vq6#{o&_i$uZYgvG0{;u)$hHTp_n9lFZ@>aw5zMK32s?q8%f){&6vqq_HeSboy6vyu%F;3nzyY5L((C_$un-< z=eOS_GqFzsW)d{=P|*i;Vyj$z>;N=|EB8yU+DDPkHBhntfD#U_ZTQu0v`fyf%yGw; z!H>NUBTd_cA74|Zc08G+l_wCpcU@0>3^+w-Dvmp380A${mse$|&i=ALQqPeRfjOIX zeO%wAT@GWy0xTX(Tlj`~eJn#Ozcb~q1RR_Keq^O?0)TT@?h*Z`PK#a#zX(`Vis|-3 z3DgZcD&b}I?u8_;Z~Yib{R|$K$4lrIxw0%>B#xyp+BLRP{{_Hc$?Y2-O>9waH*qDj zd#n-E|1i|T)Zqg+zLvey1iG`c!XdtkGuwiGnp6r&(|D1X=^NF9Y5)KcYC0R+W~#vn z%nA8}Dx456N_g$EpSgT2CqEho{i$<}g?C4nngi>DK$GOGtT?d0)4E>C^fe0uBpKjR zDOpDg%;q1#;}t065_P;QSJ(>Js#dcQI*AMqvNk^h^C(d9HZ4Vj0S2XNc|2Gi)>K_l zZ5E`&9hVEqls7AnsGAG;bUGY-J21#E?R?pX2jU>~iV)GKV(zM-;%U1GIe9enNm*0+ z$C)wxf%)iV0G`-NE*JPkoCnDL{49 zxk8SI;&=rsMv0e*mO8;^FzeT7G5_({+Gnp!puqdauz*k%h+vo`YeTktV&?hA^>Znk zKHY$IebH_n`NY|SyM$%h9%a|I+NaU_c4`4yff|XwtpXwG-Ts_`acCwZ)GJUixY~{< z6W4AOYN|71gwR~&{y{YB_c2nq(6J%?9C4w-WD;}A$h1Be&?GUJRcA@h4kXgzj5>oF zF2B_Mu#Q2)Y@qdyqY6X?9LL-pCuXHdI_X8Ik<*+EOLkHBt0!&MQ>vx>uHHbBfeIfJ zj!GToOsKu2?~lmUP>mO#%=vZ1XB|n>@?{6h7dg;;4xy`?>+Oe zn@TKC?JIArj~qN!7Lzfb?B1gNxS#v8KRl1(?+2#q5a3U>{R;I4DNHBXW0wx1pZ$69 z)%#SKI|Jei4G9YmRqB3>6g-|Vf;T#S%eyv+s^Da%;#C9o^kuZ;hHuOrekVJa=5UT9 zSrIv&SoLyz_i^2A)6WInx(%n*^ZR(Gor=oy&)fOsRawTyqgSJm8K~&tO0r@dzAT@6 z)iA7`*2?2;=^>UXpBsZs`(?A5CDsuS_t8T7;XgfHvVoYBzSz~|L2sFe9Bd-^<>c?` zGr~gS^#uJ(5fpg#r3WI(tAxVBR=BGh5y_VvRwlc&WWQHG*(2#RcMJO%rDMZ*h9<6b zR7sc;^|gtev+>lagxP%)>_GqJWc{cLKwyH2M?o>$Yk(x-a+`I6TYoz6y*IJY=q@X_ zjD>|pDOrX`vs4LqWy-Lv7^c3UjNESBqI}S?6rYEtun>W=Ue7<9JsaQu3|=Zbs+B}g zsJi)ips#X2&KUUan}C!Oj4}kj80s6$EDAUFFIm;Loap=vwx_C9!+(BT#t+$?1lvP2 zSX*!1ML`+hEcVc$EaWYj1oeCREI2WN=XsIjVar zfJ(E_I}?uR>Y2kE5ANKyN!N`C$gD%>7f^cku6*E}8H<*;blg704aLUMlaNLjI=URC z*0cmbmT1KM73$ufyHMaI zep()eMcw%7gXtrn#s<6wp>uN$H#G#oh1(|{d+?(^pwhjB{WB7We9e)c1Ab5=zRvHe z@61%h`N@Kflv?Bti*K-Nen@+(cbA7q5r_kMTTE9j&yz?on-?4EGL|Is=sZmb0D8v# z(o^~p0XA!EEB;7In6<>v_c3Cp#Rb#VssC><(@L$$3DI<^%xG#K(=gk!ucht|1^VfE zYeocU@qE!7UkbV?-M6i-)%-H1Z5;;#o|r!*IiY68e(oVEWFI#75XZYasdG@%S4Fq? zNOQI5m(CQA!L0O86qrEM?G#Zgdf9Wv3RSty%e~mjXq%PPU;J@eDREd0hUnG0^VSjb zzhbH4J5gwu5H2=D5JjbXalrA=$&sn`s`E=;9-JWqG{E!*2T7}bx&!!|67`cHKK?rG>_1@;xbQpQc5P2!9Z?J9-4bpjJd6 z0opZ;p&y&TF{*#@?twC3;ieSf$`l+9j-SRd%VuB-K~HzLS?nnck&>!iMeZ!gPXs7c zY6c|P?#=GZfo;5AlR6@B6@UM68Rv3umLeVaZY$tNM@*uTgfSr5QZL!EY!`6q(@`+N z8h3tyLn5Cf$GhTn|ybD|ryIIB?v02)2u=KLAizWHrNaEyuFI=tR z)~8dp>T`gq9()HAcpKz&Ngg2=OVWD$4SWTZ8}~OJ zlZF1)pu@WGs$C`@-+tv7hE}p}q+Q)(*k1LS*C`5Pl32~B#Tcf8PXdE1AZVZKi5`?=z<&PcrZ}c|5<|t&q~u zu-4H>Yd`msf%#@Eh)d`&)7J?4tdv0jZJA?*xQl&q5{@vVVVA-%26yb{+B;m{5j*1zC=FV#nGJOZKGD_NWX>= z<&(wdOW~mJNi^cW&hU%Sw!RBXcIM3e35LCcr6oXG|1|c)0H_dxzfAi)pJXL6*N#J{ zZ5+XR)EQg{X??}aEL#O^i-+^EvCMRD(&nw9I>I~sX?F?pDG3g}snK}*QtpU**SO{y z3cn7lu-+=P`JWcnB$&APSn2WtvI^=e3%FEyFTKnvZyPt(VBnHWRsBYSMN*7BDvgaS zT1NSa^Ye_B#7Db{p2NJfnYME~T}LJVXEbvT;)4`U1~I%&a`JO^hQoK8RfCVBlyNYj z_-`q=KjOqKaDpLypW;c^8(|SC+e#U{kJm@tcen)lg=z37X^XQ$A4TcT>hZtx%~S&< zMO-n532#|}MJ~NFUh8`~i{i0y#~aUArDqAqKv^XUqu>Kr60)PO<%0V}Ke9rC6Ywo^ z#ZkZXc9)L4uLDL>vr2#EzY#u%|M(vsJ#v3B4340k*$8b$#vQOnOLfgBx(bT|@dXHF zfD9b3*F5q3@0ieeV!4+&xZomc&u4&%j1uTe>Rm9dtyYBuJ zEK8p!Ydm@G9~8#!OTmsOaX(+x0<#)DbGiaSE8r8@rbs@$G6MYO94Mqt31ICn-doCV zG?adIJ^g`sxHv5%Cm<@TvxYX^a5x?tI)sx z2?>NDmGL4(U6kz=8NKrlEc#Jty-hr9qSA#1!G<-{gO(^vDN)`0s9*yXKkgDVp(E>7 z)xNg{9iLUle7rq$PoON%W+2QIeL_Gp4G7XBTW(a7P`=5;r)w?nFi#B}!k zLB#u~uMr8>BNN||V>9F+pA`>WHofWFsY%{u2cTCgdSvpSNE5!%M;hG-!0M}AZ#wHM z7lC#e6+{1tM!_esv~k4@UWaTYoxexu9Yxs$KrL6yh=B1f1Y8mSl%r{MAU6YJC=kXD zMeV-V2Nh8tz@Sh*nTv_^JwGl(d9{UV(ZP<{kp@14(apy*#j#z+ZD1bAR;KqV@%!_k z`W{?x{xO&KCSH75%-FIR6OLpxNU0Zmay|lf+Jno49$-IR^ZF|8PhIWwx4UinU(1Bw zFLt3laEPi0t}ZzGoS@zQX;M`p(pw&XXIbv?0_$-6;%%pDrE&>2THMShc$YF!qE|!- zl$w@7i5)mkM9DPiKWGHL&k2NcfP3f}^5T2d3IdF2wzQ-(E^q)Fb#*k9kQjrcc;;fg zNLN9FZ}nO3IzCXU(%k8#SJB(-#v_I@LX>1w{sZgKsp9diF25qtR9yPV;^A^76L&yF z=(MqQPbiaB#FoIHC_4?>I2FfGJ^Bxyz70CCIShus#AiO*7m!S)(quaM1Cp`MT?tYn z{09qkeJX{iJ9x)~<5Xdff$wpXBN{lSCdQSE5Z~XLqfE4IRa?k=c49_H7GSD@5@$~uTO&~2QnYp5PzoNt>qOF_ zoBeXVqR;u(=6oqsO95fel@oyW9yC7pd;Zv}$64RUfu+x`4hOoI2vTLjc_F*zxcUsl z#ejjExEkT@Tf~#6FAMdkVr6&)*hDPdekYG1yh+M%{M1VD3M2LF=fcRax7I&LlfjRo zMtyx=B~Mr~oLD|(lyyE874YdsJX9VK@NlzYiLcGhpcYr%S(U}EFO6X7$d!E#9BM!{ z*9qhW0J%HDDx)T^Dyo_U7!L{vNZqFZY9m0NDIQUgXhC=bvAd5a zqQ!L}cie-JSV=w!{lPF?F_`{(1=Hkd3%k+u6?Q2HFigq?UBJ1ykz{I~mYCN`uG?+= zd;YH=FTD#5HhZC=n)(3U+7ILWEJ0LCo}~}Z&{{3jD$?1j@fUOg9pyY6_~Bi7$#&kQ z-7um~ELp7xJvj2Em9emeFJh*kaINO!XoX+;Ch}_-+)QPY^h!4kwFlo1=4Nj|lUkdl zZ1_UO(Mk@g+W%o62-Z(P|FjD}3XPU?pa#&bc|0Hm+S#JxQp-ZJ$Apzy=idkj?-`ic z)B)&k^Y`O>3GP67d_qjzKD<8Kb#CXPV0eP-FnRpXUq9pHd?`>4HeMDyZ50o?qrwZj zZ1ZV5)~G6tjQw6)yrlOwQ%*L9iYgE;n5twD{lJm~#D5JDjjKZ`%sciqKt6KW)nf?` z$3?X21M|{C+TI~mr@-SFR$CC1fW9Gx_brVQcJd5|j)UCO!DZoTV-`KRp7&k(uN)MI z$c|L-7fw$!XIuSD+0h;HeaJ^r)(fv5>#kKEpOB;NSFoOQX2sdMP7C~ZBvb-oKB66% z_iy~6%QBW7Wr<$H#8l!Mie^4~dY!38JLHfd-}4CPfR@+^Pk}IZcWVKsA@5q`2%zog zNsST3d&!B&K+gdWC>gn32tuulQpVtl7$$o5F)2ewvYiGSIoJ7+TRU<(j5%)OcD!o6 zbb1YtJu`FrN5(C9tCaxnvw7CE$(f!7f}DDR>n2JZvnCIWZh+Ti@VbDMSVUS~(Qt@N zCz-2zT(U<>lIF#8g4)%mHPoUwn2L);TJ3K~mL=@Fsq*r2%=^?|anxGci`?jg1w2;2 zKWAq{cCuaFXFg)CZXj6%TXe%JN$O4si)^e2zWv*@{m5xFU!4M@#kIs;jYn>t{pZ8dJ;4BrpRuD(&J1kLyXdX&`S1ag#cT3l}HN3QbW zgNjZuPTOMkEfjKI??kOU!XY>maP79Uy+#7d3_$hhqCxpspYbY^dR{yhhe=@M;42V6(qp}zzl8bRwtwafCh`uezj9f- zeuzQ#UU}dDKw%BUTP54S>{qgFSibi>2wDNE`vdzL zm#IYbTZ0*mjf&23dlc(jRq2sqpi!C6Y$+DyV2=`}j)!PNT&c<)iA{hpZ+s3%P zRg;H|tt4x~@ggTZd{oVrrc1HTn{M_XO}TK*JLkwKN=$w4zPU+oT_RuOE3d%6Cx#E6 zFwzR5Ig8eVW39qXq=-zu*6m) zIaCFg8bCIHhBukd)B4U3vjP~zux4~P3f2Wx>hJV!V+oWzaol6FxwKDcMRUu0XBH<*B&Dh4AfyH4QV>;;VfuZS*_fDr{v%Dv4xgA4!P0k1*9x_JH~f$-*5i<@RxY*SH78AwyaWD-x?-i$>Lx$0Z50_ zRRvuqPN1NzRX%s0vBqi9(6o`0SA&O9PVkbLJP&&R(k4P`xIk6H!9tv4YU_w0sSyH* zbFf@=jyPTy!L zMaBIeK=z+9%}F)vQw|-OXVGIYkY9Rk&39W%dryinge$TemUKj`R>W$H`bx*y_nF!q zu!WVpY|4)A!it}l?!OjIg-i%m|TA!(80 z1y=rG#>4CV_}@zLk;V}`M)cC(jA>xua%w?+{r(q@ATuVXkA#|{#uKSw{fghA8lS;! zDOOG>wCYLxg1P{udz(C^mO_7X*r=EUJmL=%WHX$y9#QO75U?SNX9o_#=;fr94{u#P z7OC{p7j>+{_Y8(KUfu|KNUBF+_beoFcNa_>E=f#-6Nc zU4^M-Xb=hwe_O4w{daFOoThK0+Q(J31bjQ^-17!3QA_tHI|uM6r7~F%$OK^+-YgwL zM_<7t-}$YU3n;Y!Qv78+o?#+Wt6ywGyobyvR^D6}mtUGvJi!Osw62$9Q+#^9Rq@5ojJqhjEs;Pc_*mhy z(w7i!k2(1=Vbu74u{-N{EEq70jt0`SkT~NETSTr3d{uQQ+xC9MTr2eZ*)r0XbdHmi zOB@&&BHMisOl0};Ak+WP*zeYhZfZi?-l{co+5(Y`ZcT7glgS%wV6k+LJ^93& zAJ}iaIe<3*&qeq$-#s)$iq*Lp#6UF~L_G91I`EmC+`tus2LZ84SUgR4RmcT!%6(UV z2d6XXbz|UAsQ|1lHfIze?*4M&&p~iZud!u1q(B_)|4BS- zO;ZN$GmS4BM?#Ca>^>XMZqH7x`%i*)|D2v_4hCOr=%6}EUD%ctvg*IlRP$)}ZSbru zX#DBEuNMo+kR&8wlEn?U|0JV)cCEy?5NK&ao(;(7@lxVlnGmS%0{O68gy`7KLfExB zaOjt3(p2?T)ZAv3-x?K^vT`g}5YE;$kg_yp4{1QN4r?(7og%70TchU4 z$JGeuW#vusccDw=Ev7&2i|D88rf1IYt6hB*>mfB}9GN(Fb;L$o=6p2_#@J$zrVeO# zq7+#*qp&TXxtGy#e!*Vm+N3JqNESb2BYOSiV}i-Q@kwP;=?%aH)KRpD3Aqw2OxoqY z&->l8Lk!qfihl{?&wGBOW8kFq#r7N2F8DWSq3=thv10WLY zvW0aA9-Q#6LP9U9MbTb9lgbE*RJnt7gps(K13Pyzsg_v_>(w)--w;dOHpWK2^CZq@D*xEs#a$SK8T_@6bI|dZMh0_K&Ec1KmyYY!RQT;= zroH?%Cm(*hh{-6gjIh6cVrvTp_iw$y z22ixEXl*EAXIS2Zxd#wn>I%yXP=l!m?+&6y)%aQ(@(N-_2!hv-9)BH~B20{|VIgUV z|2xZ{QX&}W%)z=i`nC`VYZk4(FH|Sfk*JT~CgvDW3W7zI4 zf56q@u)oHd!#mTL;VT;rgSYQe`!+oY3j>9mN@XZqTzR}}sLQihaoo-?b^|EZ#q^>Q zqPY?a)^%~|y*2n0hZlBjv!+>aP-7N<=_WAl#@5!wGM<#5${A|=IA*iEbUvqd}l|zJ97j#?llB*dH*>i9%&vC zgP!o!dge4ZAijTh6Aqsw({!tUXK~TlABf9xmW|UuW99L%5#=GB1aj>v^_4#_XDxdc zRSBc1*tRWScK-K#_Qjb@4K*ZvZvMk#3>#_q6*)k-nmrc1tu3gMnrhR2rR&HJ=FqO! z(kixrkl*QY2^p5IGq+Y*`trG_oK5j z4fiRnqB_H(w2 zXVfV(AREsr8&kJh1H_u(lyE4&G_FKif+y&;9gVM^!E1G(w+m7CA9Mb2#5ErPR1=i!z@0) z7GGB@O&oV#VgqvR+%q7nPcD7(Mk*1({hv!P}Fv$ur z;TAs~qkt{@_mQbgXpxwgW{U=)%VzK99qv4s>-3`pMd>)16VW+-P@mGQpS^;4wLZ-{tPgSksde zS;qP4IZApWa&=^bC*-gDYia_!L6}l3_leuwD9F~^^@01hm-c0Fj|TVK>5J)_XL_jB z8rZy8qhne4LXw(^Z5D;QXA=C_bG}Ejm7QWuzT2-2jf#J`6DcA{oL(xxav-!%0}lkuFfN>RP-HR_Oy~p8Z0=gh_SInB~5AomH~B<8`x)Wba#E44l}u*t2;1g+W(29e?!0t_o3!4l3 z38b&;6vwv*o^o%^V!K}M50iD!k5LDTHI`(}YnP2ZEa{{z{is#V99|aLi+=C~4LnyL z0mfw>sZUDW6AW1U(1S3|^0j~s=GARNA`HnYh4o^zwHgAToeoeq{9jKq4m5BH9v1uk zvakBVnL5I7^f*Cy9$CYbwnQhQF>hU^lcGS7jzQZeaV52@{=_QhZ)}%?EjVardl6Hf ze3Jls7*U#{Alnraul7}yT_vqZM-PI@d~};V`x;I?&J;dX@giN$?)lO#b12$wDW2d% z+hGkD{|xbAnN`0B0{g!k$&4U!DID9FKAC=hF?5b(@h=$2$j~K%#S@5QOiJ1I@I6z+ zki!wJWEavgprZR86 zYPP|8ar#ix@p4O19Ss_xMBsdd-$*9F&c)0YH$*24Vd@eTabkc&9N+|zU1(pgc2Qh^ z@}z2_@Rb9jJIe+Y@he9D!6Ri$Q2c7wQEQP?N%DY(fdKObOzRL}q5gB6>a`b(HwOz? z-OjKzz+h-U9pk^nyYry=?bb-fp{<1m$)~e@?#En*G&;rN%mkGzNHwM1jm=k$tw)MB zfm?Fc3K`VV*5>HZ@7yLbnV4Md2@RhPzkTP=TqYd*wICvLGoEM(WGL(;chk%X+dySf_vO8N5a92Am@Wno+N@W+S*x*Z zr#92Wo4M2sJl=`o=kM4_j>8Hh0hvei!!?CakQs9gH91HK7NSG**}!0@_93oBJqu(M zrx3i^O#-o3we;CyoTXeKH`3>?2Xx)P=Wyzc88O)VFxh#G5qd{w2o?<+m*5}Su)(6`kRKzlapds&(kT+B*mmeDHn)Qv2&gmxb$3l6x^r=isvE! zJ_eAcMM@W58*TIEc?0jQgp{AnM_^9zs%&dGePr4|^q&1@QQK-#N{?w^*XiRo*)Hq9 zw!>B=Z=fi(OkA0uxL)z05^nI$0rq@#=%VlQ6_XTqO>#|yU@K6Jf~dKtuL24mhtW#u zOr&{dUPi8cyTjFGNFDxEr0CY-p_|6V@l{PBaINR>7$*3)0sO7x0^`52RAno+Kwn;4 zIt`S{n@32^GWkkF8U{hYRR?VHQ1v?vr-e{=Ek%((=4@S$-k&c7cGiE$$KmZ@TBD?6 zZY$ZX(nVK|cLyZh zgn?S@O-rz1%H*I5HvF^bs(Wyaxcn$Kz{Z?6O$_`qV6FuQBhG){iGcc-!n}Y!hPePx zG6kEens$gh-m9zvrcl(Oq5W$sd(JONR>MRLjcR!S^q$7wcy*#*h^FbhXo`zEW>#M} zs;a9JQzaYu>!`r!b@eAHp6pes-1kB{yheO@Cfn5V1Yc5W^-4p3s1l!q&k(E9s(iRy z`?V`3o&PSMf+;uY^G|3!IhRet#JEBdERqXLaHH=Nk^YzWPyysdR*pC)e(@(R`4G= zToV|pomUT&s!7FkyMLgHeaX@ceYCR%+lZBawh=(6x086YUt0i_8(&$NEHPcj?f7e1 zXjF@TADPXdJ`dLcc^;h|ZN3o->t8fu={!U|mbym(kX--ly^UTlvY~ow=}gJ3k=s<; zVizz90te{bJ_8e*1o53V})%+WXjlLKkBX8DBl;Zxade#kTaZ4>7&zCq;l5wql-Q^~NRgVhqROC+ zP)CNf%o79$II!{zEoFc6$JvHZ3SPxo z&EU(eYVT>D?OVV_f_=~Hhq6E|(~({KJ6Y-V**y8dvd`@VhW?ezBG^XO+9L7#xKk9F zG<76QJs2cl?##hGnbkE$GzH{)Ya#3Aj@;sQAes+}#{He%n0PdWkij}ltLdV=E<#OA-r;Otz5C$ygE=z+NA znto?!O*r<}6DRZw2BNLgM0x>7VPr1al9=B#y`q3O#K;D9Re+x!cHI1IjGZ6%Y>@ zW7s!uxnH^z+LP)s`GVnS?-P?iwEe;dbfhbRHy{E$UBK~^x_Acks>Xpwtai5>Kfz~v zB&6SgllrTmv~@P}4g0AbMmSXa7WS?7II;8m9;^0^d}n z3t$_JkOYQTtKP@_?9cthg$KCs1?LLiBIsJ*2sWeFvd5e$CKp0ixaSnrCY)qd`BEU_vM4Q zVSWV>J^H0o*}~EzjhEiuK2Zm{;O!D>G}Lqp#fI(BBhzUQZdG?OKpv1eeK1WH+E}v) zUGB9`Y+PoBXdmyV#fR~_oBjPwwpuaS@!jGy`r-VPs=CdnR7w^jtYReC0LYRa)^!s~ zzD%$n0bY=0s3VxJ*8obOdjXj((FdD;F@r&b^Ib;+LTYesy-{G2Ib;k{=iq^H0Er zid)`qn+q_QqoFgdd@~Og5_f}7y%+><`&Q+u*mH;`gZfdrUrV95wR~~+bIz}M7gt!* zf9Yo47i>?1jPxm{NL;ntLN}IzJ6M#Nf}REY9maF>z%BdQRH5q8l4*^U1-*}RBkqfN z%d!pQwSXv2Po1{tx%Q*m>`ssG`?BvBtQ^Nw>_727rw-6hEl+Mja!V_?;a^NDKnrpUPX}m66*{+lDuJbbK zDl9Fe+j&$5cZQzG<<^M?B2NCdS4uuwr;Svj`OgDROEG+C^SY240xDCMJ$=i61`DSZ zt4ATA;iyozLEYIEE{l0*N(Q?WWH&vtd_QRVI`LMbi6G@gBUGDN&Mp>4f%;nePzu6cK?aIVl4*{>LmrHc(!GN{vkL8PP? zUAsEZ(T!7shT*=a&aXGVlAp1Q;p(0@3iW8=Ial=RtEq}V<0S)$W28*5l!M~BBpcwf z!Y~$k71pU7$~5u<#500)_yE+4)l9E=!r^}5vaKJ(yn>Mh4f21XNf+*KI>iyTid!Z& zj==+=<60S;`}UP*Go=NAwvzjJB!8SI;z7hc)(;3Hl+F*%c(#Z}wBS zZ>xd` zeMH2&wig)8ZGnaM`(ZFn0r^CaG*S7mU8z6<2>}I$tlCDS&%mjq;>1%mb`^N!zM18dXuUX)rD$ks%#tI7$m=ni$(Ek@ls0s2MFl)3LtUJGSz zm>2gc^IF=T2ff$zT1ACsQA_w;?*Iz&e|c<7v6;5iLn^y`a^5$fNP`T%Z2{*}77G(w z8t{W*;6^X*6AK3P;>JUTqXsixwKq?%(K|dp8h|XNoUA$>OvjQ(C`WHjbrsiL28Ney*>M9F_h~JQKg`ssOc_r#|I&fb zhv0tW1Vv5UhV$u=QFek;eo6aKIzJr6yUk51l+M%K(q>X(9SX#f0Ab;pY0Gogb?@8& zCf-T6#^}$v_`NVN@T+oqjyQYAapPH$j@(r4Rq^rQ%hd+$}KmR+f3H^-cU)C4IO_`o1^3W<{8=7^m1gp?a*rw zoSOa>d1dQM0LHoH zUXuvWqWwtf>s4WtN?VYFd7MK@hkqOu#yKs5zwR=vyF>4sJXIWhXsGLB*%M~7aaQHw zGZavfQ)9q@&!KdVmm}$DZK3n!cHs*a1+3iv5I2Sre%AM z_tp^FIk<>luw!bqtjpZZ8d%(Ayai#dz?$c^-__<*XKZe{H#GLG{64{Pbtdnidu$o% zZ=0`N2d4I$PXUfHg zCAXS4Y(_GaN10MZqK7JrJ%bnom}tR>S6M+yEU*Qdv_$`R$>Q+L9v61hib=3u8J9gJ zare)nC2F^|x|0VFM(iA!!fF1e{V7r;xee)WG(KW|_&UBZV?Z4_{m~I z?jitPH);hKQKA2cd3ZfR2B6uJSu_()n(jz1Qe=oCF!K@PGrSEtl2C1xE<>jtx{dn_ zL$J0DI)cF9R|CJo-wK4q0@(}ICT*)UBc+qBdmtOJ4~rArSdO@M`r??R_VcxRr-CE5 zIh(6wPGG7$nty)9CH6qpv}F0i(G7vfrDC2$0z8^^WK&Fh4=(3n_~6f1j36M$Xl`Ux znjyXr>64rHy{Bq>$8ko7Yo)~n&Fs7!d-UP()lK#Ui;(Q?Rq`IlMi)Hqne+FWCcNg% zk7T!Np0{gK({SFp_*rWu*TJdp8D_e=CS3R_LiE9f5~>7BB~kqjELlm2C*pq@T_ry- zJcfTRIRR;niJPMk@&ontoC1yj<>4&AKn-kXiMd$oEIhE-2Wcsv6b}U7tB~hI7ohU1 zclid&o6mm1$cNN)XIFSMu{tfmaK9fTgLHuvq2yt3y}yh7Gm2yS(HDIA6Hum1;log` ze}$FNz{m)gI&BO{Jg=ocF6D(p@li}QIS@|*%o)hwzJz-g9Q{YBoV7b!z)0l^CqVr8 zE;-ax2wm2_6Q8+Y#;v==8Ftq~FjYFG$2@Ro>7G$rGyTnuOB-6QQe~#O3{VwCmv#iX zD;1LbHmpig!=EP;=qDgQ!h^c>_aMJ~jhdWA#{@_`03p1A^iB2V=h7Qfm2nq+03Mj4 z?vTR8}Q#K3nE>bjyO^|7RT-E6*q8C~|IHSBLns$r6VU*zEMv$UM)w{~*CitZs5L(mz=&=WCfaB&n3fc>KXOw#T91w;Hr(iM2 z>ie|6V^8*!ZGuz_Pt}_Ih<|AK-Lx7;{tA|6XDN9*U)ez7M)sO4k zYzNZ?i2uavv$W=@tNml5o6O7`%n}(AlaSuKUsM;vS`wV2&eH-3&{`=4eyClo5rQay9dYs-#ENwL7jpv=&-zh=D0s%FkjlHC;yEH4eikGbk-AopT?z(~r&ljZ8W7%GPG?B$nqlry3EIrffG# zb5W-?S43zgnXwKYCE#78#?t>9LcX_N<}1lxy*J({9kvs^(N&b^z`(#MpR%YdJRcEc zpl0d8l2xZ)RWdYRwD}%e*2LMZXkH+AIuvNqK=9#fos1LzdKZ?2`Q6xJbu!`TGoqo| zyjw4q>7i|vS-US+oKt@pf&X+J>vJY!{B{NcP?~|c9QY3T`qx%qsQ>>89z0Z|Ej0c) zjjARgXl$~)cf%WZ@E_@blpC6ehrL1?*SHUp(g5Alx#dz>3?Jd=Ce?LBPoEwB0~PtG z_pDBGK>X?R-Sa`eKY9BCOp0R{6A_U1UVenpr~NQX>&8|1H}ui$JdB(a{2+v#`^osi z?y7z4l>x5+IX}Z*OKM`%lFW5}arNYOhHPStHa*Ml;Gj?s(Ycqy>wIaS`&Ag;23m~2 ze!c9$v}yl+@OgC)K&F>39-nY)Bf$WZ5mh~S0%jFa9W||OzEi{vAiK78-B7=&s1O;} ziw~`cE%b24$fE67tK1uyh0+NmAGarP*{5ww6XQ2WkU*&l3Rah^Oir9t#3FKobVgy>Zgsm)=oYdAMk~otXcJt+x(~vU}Ht9}6r* zT0uZbB}GbL041bBxMm*?YhH`@Z)d z|Kd2td#!6-d0yxFEIY5Gg*=Kng|fAP0Xp?40hr|@Pwl#=g>rdfj0#bpFEo6f=~YW!#g5RGQC_ca)*u#khVPE>tfrx zU^`v6>E5B~@4`2*ArY4i@WL(%N#5 z#>Fhk{@mqFPT(WkzQXI;kBN!2bD7x1yhKiwlZ#T8zRPcTXjLeOF-zs1tt=5ePtt@w z@lR6}fYz7?dpZ9Y#f%pXXa5I3oleHEMtrB{QhLLApNXOCUpf)VZ!XlMu4BpdG=J8k zQ;u?ObqZint@*}HhEBU(Ipb`iUS!y?;j{IUMFJi$jGngrlIELG*GfI2!sc-YIo&UO z$bA5qBmreX5PBn@{kGvz7TQ5S7FvR*X|uN9ino0H^YTWfJvE`rgIy0 zDEH?)d$-pJNWFJ&am)EzsDAtV=EbS>bDB?zw1q=JnGPPI;AJQ9Imq)395_LLNe!U_ zN%(o{$bxC+Hyfq?!n--C1n>LhHNW$YGh+=^KIY$lkl&{l>3`?)&o&_cuF(YssrpqF zlXoC**w$2LvRP(;XR-tsp#3m<>lKznNdIP7({b0j^pH<@MD6)Y*0*Py0F$^qag^4O zX37=1-YMWwwLT1R8|nu{>Pi7ipnnfc^mV=KSmK$!y&#tzcCoK5+%`5)f)h?IA;Wi_ z(1&2HK~`279-@+?e%qhg)HsXjCSprVZF+c+Slk#;NiJB7qm* znkR_(c#Y&Qn0onK`RO5h`>y7z$3?eU|3Q#t*hc`ND*Y>1(aXRKh;5dB*j}dMBbcT# z1t7U||C5spf0?07b}_&wLHp6@%JWZvlpfyqPwN41YTx?hl|Q zrni6iXG(V2BotPi`}?z1KHvP$AFTF!xWOr~3$xXIP7VABpp&)NE%7VhbC?j3^ND=- z+8$RzVU881Opv|#mijoZi7PO59|akKI%srQDNnH+xg;Qk&mWicc z!_U7~wn&fkxY;U#0s`z97d#u>{k0Qw;#M$K_g==}*!gr9Z>|wfHH&21v91J&mUkTW zzoTfemfqncDMTqtfI;+(y$&#=JlkwR`$T%y%#F`jZ8|(1)3{fXHj*YJUpF|eanFlJ zc52TLLLcAibZ(xFt#*q=bRlh_b76Ikr7$M>+-;#Au@*x(%SW($mldO^V@)81gzMI*3x>XVpI8bJBrjs&6E1F<{kJJaMRK%RQ; z@%a0}4#Gyn>vI1igX?J^-vP-an zM43do8VFb3O@FfX%br~=rdD_NUj@5BSyG-4<13-eX&Y#pfS4?YneLG$38@-vY40j? zPQtF&a9H(`2`w=SbX)_LYi+gjLaPJur6Top4SRkA$ACB>X5Er0FXxAILzI?VcpMnl z0WHf34RXNX9XjBao#0{uWIE8^3byQr@x6!fJ%_n>wv-Lr)48$@}8I*AX!SZjO99Lu9W4=sW+h zzdN{hYw`MX*kyaVL`s>%#}dd)2!D2MAE3J=)6xLH(#ZR9|9x7}Wo6C3Zht+rSWLjT zv*D)AFQ8!4pIBqH6lD(dF(0N{?fq!YV;Gzl`pRwqhVIZ(LB$%^H@>6QGJ5CrVHe~Z zvhm;_&kN_j=TS6E*5un79=tFo4OvxHjUt1JkyZL4Hedb(zXR)HNADre-Vsf|mst^l zE!Q0jTgg%1RJhc{QMbtN-C|63TtC|u$PuLzwyHJxIc5h`+5GUU`&9*+Gy4+aUaaPL z6YMX}|8YO+h^ zI<1{XtGr?A9WV^Fda~{T<|$_5B7amn-va4TC_1O<%P|~m45skd?)Fx!^?8|J@{;ac zr#%!qL%xYthWEPP13#ilTew_SzvMgoF^Kv-*rb+>r~^=@m&j&5&$ACDUsk_f?4&nI z4y_}?vcPPeVVu)(`vjHc{P7?Sf8>Hph;d)oGy2c(QhmE^lN+$ zLQ(WU-+#!On4}&@qo27!4TzZmEwBqXu3FRBiPN)Hl55q}*LOuV77u$1)+}tz&Ff_^ zVERG@<;~o8gTZv__z1BMcrL`=zg36yQAh9f9SvsPO!3oSG$>RaQt-5}m5)8Ie8Mlr z>h(g+cdtl|AXz0@z+7}=gcxiKB>KI zdT_S)cS}0u$U@kjJ+9qrTMNSv=ptBpD6R%^M?Q@j{qj+6eh^|vjR8u{mqS9chGg9w z;Eo033pV9dUs*hf&C}a!-5mvV9c!l823GN>2TAnqmcD>MHRQ=A5ZYF=^$B@0ZW>&^ zUX}f~Yr;--rcbr~RgrE9Cyz{{Dk-LpGiQ_Ktb$8&NXL$B{YCN@8ohTX<~$>fi_L6(~?vjcRj4Q`l#hrlj+(SN=4?_S6U%Wx+q zz-+dC131C5q2SlOi@sdo?dOqjR%ZBvDAn=ZKNaXDy*J-Z7YCUyY(B)O9rSH$FFPd& zuyFD410D;oM@n!{z5cyAG-Q*|l^3WA2^(3_TEi_(Sqkid%=B2Ye!*doU$2~k>dAYl z(fhNHpFX=koubvlQTvHC>ehABxuikk=7FXO)lWT&mi2GsJ%Q-QF2O+&i~fb=*CKFW zgy`Z^`+?B3=KizOt!>bMoyE$Xfo=;B6#PqUY>q!a3I#<&88T>023=GS`MKGq&4o6( z<~IH;N{T^(bvCz&WEEVkfPhxVlEU>o8VcCor@yFg5r`&SGyyvSq#~7KbY}}-!E<#@aT`Je`OHn*3(JZIAvQi zYg4ZJ-veTn)OS*1h*%>M6rKuJH)gpmuP|G$2BhkzN`@A)9bq^>4zPE-s4W=L8|fA70I z{X6`npr|>(cWlb@xZ=Pnp=SfTXg?^&13yaxb#~|iMgq@tYQK#X3Y^P&_o=ve zC$w)f1#%Gq17{1)doS?>JZ+emC|$Fthp+uPN5DYu-xadK+XQghL@^iW>syum5kE^ z8#WudclAVcnMo_Z-+}6%um^zGUXF~)5EG|w0cSidg>QW>V%Wd#LT z!i>dSC?e3-9yg^W6#$%pfa{so6p)WQ13rcSm#5PRLS2Y@m81uGujYI!c3{#lL3uAAf`> zx)S;^*~sJCjqksOrtt$OSpw^gGUsv|=sl4kCmR?s_ihZ^SSR5fQw zDnZx-TF3bZJDZ2KOez)n4$j9*wLY4dPo3M z166M!p)w2-_YHEuFHyN%n}^QB0-7=HKoDLC?T@rOTk1^qJ6?TodQ6Y|#jKF;BXC7o~Mus^MnuqknV4 zS*=205*1PlL;Z=B>grl9iL;jD@a$LzYZ8?nDm6$4Hs1>8$BsMB&D`XOx>fb1ex zSD~1IWS|AnDZl7TEVli}Yn=bHhHf*|DJVxdiwbftqt^NIyTCJNMMvY;iE_n?y<_}> zkJE}VB%O)8nFXUvuGyOqUvOGAFt!ZZj$LJmuPKwJyg6g~X8vZBZb&dIrCoG&$K_ia zq0l2b(>dS7A81XSLt6YlOV5bm0~sI9%4;$btX9Kb;5&qvpU>#L{t%32a^-XF`j0AsNeFc<|e zm;NRCck`W9H=BVDnLH!7K)uoR6AIv`-j)q;nF;n#?DT$Xc%bcvwiQ^_COT~_@%2Ac zYb?J*QUW+!%MB~sQmR6V*!>RJjT@1_gODe!^*D^SpW{wuxang%TB(J^$Itl2R#lnd zn8{^B=rr0Mzpw3$Th;c)4?T#AH{?V(;_W8FdlSsI9-;I4 z9N;Iz=~R{PmF6=-qT-$)uz{$32Bl!{U1+`7o1WvF+CL2Qp&x^_!A|5wjC@yLCNB+} z@5_6uoEnR=k__`TfjowbxDay8E--}Va7gKsUYpBXWJB|mQVn$^D0zzJAUf-x%;s+? ziKMHUT;cq6OeQP?XX<-@YFi&&E1%-bR^LzNj=;5YyWu+*w(+^mv#sL|I^P~6Nj{3$V8G(h2sNtWF5&W8@P>3b9c7dml-J(F=0&L}G zD4XT8voc9qaDF@Zvx3Gj_OYAMIBcsi$9ZqbF&0yT#!eB}eDi>1=W_|nrOhM@-bh_} zGhd|BwjA)4yjlFDqeijwUk^Y*+2Cch_n+M0d4~--iYYzJW+Zre;cTa*ysYw=c`1$x zOn;Euqvx1Z%HN3q<_srkXXKS2BPeDye-pnja zD5gO9Sq7h{`iiG{-_DTUY_YG%OcQ!35W*Z8RlC`z##k1j+E~HL}Ij(Lj2m-@dP*do(8$Q1FdFS!zPA)SmM}*nx+Q>ce z5`-nGahQyEp`6iytb$~P!kCY!=x;-PGE3zw+)3CJ{-}l!cchKEed_SBbCKtCNVX*v ze*h=MAFH_g?e~xN7Zo|w6zHlYOzIpMR7kb41J0Iz-v#vF4`W&yR^wW5BN#Tmj%f75 zz_{n=7*aJ9Wgm$U7yJHcdO~Esia&ESuEjL*8@#d*$*Q?VQgTNcrjBBKx=`#}IdliR z;OVzk;Qm!cuBRx|@I9whc7nwIkCXAi6?xY@Zdm;3###j)Elzu0V~oUzNcJpC+P+tt zhg!tX+b>>96aGk$5Qm+>G#wnTROHqXBasH;_f?qqbWwbKRfV2EJ^M1%BrAp)RBtHn zpE9#;opzgTY0BC^kufdGBva>%n#kSkcsZwVB)lK{%5QjkoX-BR$aAvlcqoUmW~Kx) zocHVaw5_bOzWCb~W`imjf8f|%gr|?N{CmoO=y)dR9fts8Mo`9lsxwB^6jCP^@YLs$N3{9nN+FJI^tF~zQ zKdRNm-Pj|?dBf*aUZMxd#;0sg=1n;sD*(*T!Vhhd5)Bk%%2fTX=bKozZm8LWLq>s) zJ}N|QPUVxf300i!&D*I2)Am)#xy)w-+t|Rg1v_8`D!YDO`Ps54R1CO@&)U7J?|HC?^#A7!*${FN@xHB}2+;XQb~NPUQBCO|y$ghzD#e zBd+C(L516#O-RTYR;1~4&rE6eQ?~dc1ka{c8@t}Q&b57=%q<%C`HH%jm4&C3B>Ri9 z*Y*v4z5IkYA_~l{)2~&vPaxcm&;-h2k!L3<-S`7yLfirJ&iRP(vyd-@e>qEc#Gk!{ z1`@vPE?j&QwhxELqQRdy5}zLpxcQ)Gwidjs50ADOxsB)=d>j_f^Kh0C=oFuFbl1nx zWx{$m-L80ppzAj3Fwd;fQu)x(BL^R__Kdsv>0w70&`obcIk{Ds5rl`~8G~@|{KUfB_$am^jgYmAe#({GWogsPaJ-c3lCEScL z5)W?{da-#E_pVc zfxG2jn+xAT@r`qIe)Y|QZ$PUs??1+;R)*NYNy5BMZ=HkYHy%7nf~Ek z*l{6bNCoQ+y$9F-T|IokU+6{xhySRuNjh6-UQSjN|J_1a9akqo5%2)2OkV{_K%wLl zBykg}2n6zXRJYRuf-N&}(y+W2oy$CpeGUsyQq|TjNM$$*iHibY)b0y47KYLKq-?+R z6@RlwDy?*7#K`p6Kh089YD;@Qh)bzq1 PlKMHa6_@QBWLhtgKuAyzYJzFB$H%m ze>UdoFGa(lvfOnceA@ttzuTr|*XP4~$|6gbXve#Fm)w25_G+dlnA44q%DL zLSoR~#u$Ppf9xXKB-GnKzi7jRYce1xD8*IfSUek#hhFX9)fE}BI9lDCCmi3u<}Ods zu74XclKX3Vz{m2*^KFr?8ch;Y4O3M|RUb_zYlMr>+3qNW`2~M)4P}@R+@oS*_{M9`gr~0T~Aw& z34XaghiV43)N`Gh{gg$^I*?Ojm9;ZYEhId-Nr76?S88L_@0D&yV)_p;(swQJ-K)ag zSX;VCXNXbFo3A&y&*Nwj6PH;Mj_Rox?oqs6xZRkD@09 zKTcwMj0y6HWO*J2e2mz~?UV?sU%n6Rg*%GwL4%oF>%!NYo~^#4IGwslncZN}Qi0)u zPp_*{8`70I=v1*=f}sHTMi<{Ah^ zGo)(9J`F0u8AMx#kBYBUncCl4a&PjI>62~{K{hS4kVpQtRf_sg=zYzu)4PU7p0HS3 z^ERCkLXUU9a>|@*NuA$Va)i|8P{JA&uqjte2 zR(II+Qm^pu)ofSmFs2$=d9$#R^zQ7f-H&3fYjNwV?;8cv1`O&4Roqg=CnT#&jA_p1 z33;2(yQ>kc7Vl+nxB+*3H&t>oNS{EF)oWSLowif!+=OiJO-$B)W|=B)pKuf81Px7b zok>|NHM1N~`W&WKA=SCCoVWtM&ASe3pwewvQOGUzW3Q5=dr)u7i$biZn#aClF6ouu ztf78|;2}Y#V(6amRO}CmLhCca zg_H4#-Jj7eYfl11%pbcwv(_!s{Ab$%?Hn1jEk3@^U|$PG{q@BvCv{{H+!8Uy|DEH& z^_0oNoHH>KFtxV*ayl;eeOmXZT|C?7a(w7BhE!{-C_0aI)!~hw%f!eYO4Ta}uHpNq zJxITuX6!gpiOydACr_?3g&G@n;B(0My-3b#Ho z1*(wKUbsccw*kBPdmEc-KINUOJQ`9q@F%1yhSHH9E3q-?5AhITY)Rkl&x8JY2i=Q^Il;B*wq&iEPhHBVfoMcwv3{J z)^)aIVbfFKrce24*Ih~p?9-uDc7J|bxn!uS(mITdw2c)!3J`>IS`JB(D4m{**XOrY z(|iW9=uHUUgCxPtIAXazZhvLG==!KMVRsfVSB@RUkk`oLD4Py|1NB8-u~kqCvy{I! z<#|%ZG7cHM>`>-R#JH7R zjY6PBj2r!9UuYeN#=UU9BgD%-MWG=h&Hh;HPPgPs`F8ss%c!e$0X+FG=XPNw-Kz&4 zt5O9p9%>lI1&J0<#e%!_+i$E*gKAgTj2*D|r*K1B)vXUZp<`(`4C_KNewq6(K0)5+ z00MtS5Bb&|RiNF^x5H}F{KW7h+<&3{YuIDU7|!#x?VBr~2s--dBNh61^Y&T=Cy>Un z$7rjM54%~ihgNM}x+P{8^ApM7O;J5sUt%>(&lhWU{eH=jz$--)O3nJ%k0L~Dxe%&K zM_cZpW5_5^RTglAn=jk+osv6aD%yy%yc%es{FfI+%|CZ+Pr=n$)9PNfP8B`ZiC!6P zp^Pf~&a~mAopv?n1B#^Tj*GBt$v6HXP87^`Jc>!ybykyH^bHWX<2mimAJ%D9Xm(l? z1p#-NHcbN6mO`W4E7h>+xLF!(nO>q58LX{A#CYc-`*fUlHSW7*q>7G`F*A&Yl1s9^ zd$&9cj(U3BT`Yu(y0iKCyyxhINL2|j*ntNs_`Q)Sah&O`F+|g(TB>;eTJE8CjCi`l zY&Fua^uW@%KN>z&vadqPZ92Vl9&^)QUkrj;KL)%N&Sp!RWjLLru6h-^sn@g2BKq@~ zr@-coGi{JGOznpLkyvA^6=^WU-`pw$a>j?8SBs4`)4nBzdA#k#IalR>h}72k-(d$- z8t;Q1(dt~behkW8)rKaexC8#T^tLW#;%^IretyCp>}CabQfG{{CRH7ABPceBImnPr zj^P2TgA&1-?(@FQPvl2F%N$3O<#PwE7(pjR-lu9=$B_9Yo&<7NwMEXu;rzQO`5t%M zjW+i}(jT6Y>{r5i*f~D)yBGRSwO!szGT1i@k1Awq6g|VGgb*92osA$JfhSpC98W7R zt-I`J>Z8EJ)C9`Gtu*YrnKb;n8E(JI9d5sdop|vn<%gK&lcl&czp|YJVmBNj=m0wQ zFKRxAZeTa5#98bx2lVzB(AZ@rgpOA!sngLyjep_IGP}>UJ?hge9BUG{qh}23zb2+c zu*~qqgDSdvgdve&a(u#!;T1wxlQ?>7)^*?tETQkxvfNB-K6+y!TwJhrW%ZY0Z9s@A z1D$t;e$;~~TA#S)B=XY2U`tj1@Sg!16a0|eoeT4OQS^qBe%{r*QM+3G(Cq$6VpjTk zLU3nw;fQKSmU(tdB1siuFe;;?eC`V=nfcReb_kLD z(nwCBljQ*cd~m<9AU<~?_lzcbyQ@UZ*BuKA@h0@#x$84DiN-X*&(KLhFm*Z#-wJY;S}P?5 zw$}fZq7GcdG`=8N{otxFMUl6?ix_F*@^Nz8$K^|vQCKiGrcvl6qFj<&tWJEaxIYp8 zf(rbQMQV3h_5&jT_X5;jeT>y!O+6Y^o2>402OlQ0xRYL>uG_YTo$B}SDxAIVUI?`; zhsu3H9u~^w@mm^(s>#`vQ&mvx_*xXrKv%1sN6KtL$eZeIq<9POi4F6};V`>JzkptB zHJxHF#D-GR_(e=+@?oV8Y4AF7V|pIgmd&sS`0+X7ubpdgx4QMeN%b$QCo_k~bvzIHmVdq>4R3S%zJPsF!5YhGIFoP~xYiy%!J1_}l}dBA$j>tm@V- zj+p()=YvxGJ2*c&`R+%Bq*B}Ji@`0;EQ@$=!^~t@KO8o`9eIT|4+qLiJFB>H{#sDH zJHWGSQf1rX71=f%@HvSmWsGy${ls%Vek*KAnvYnav;q7cnX~)v z)PdWy15Y<(()w{5^!C_uERhVc>uusdrV@17D>&+(BuOG$oJ%R~aeQdrgSaO@%=5L% z8@J{OY3Y=0^HX}nyRtV;aK$9}Dkm|SgkWtks-BgwJnP^5n)MZ#igY|ADtv_+-ijQb zVIqoar4#1=?b;xAMTS)7uYqxM45|9}hGpxPD5(eDy^$&s5&Wh_j>`XBW!-&k=fH=5 zgQA^`@zkAAHemcZL6GGxI9Dtm{&?4* zAe5d)yf?ooDZaqw;ehwjG&{fhNzZ=p?p=&8pH{e!Pu5FFjep@U5o&GV2*2H1B#xUu zM>q3g{8a?-d+I&#>uG(FDM$#0@rPSNXV++NVAjMZ&wkTHPjJ0W6%{RYOfP6=y&KVG zlr}oJ;#b%`vZ7|Na^|w36CMLO-l@^P5xAVV#IvvAZJt8Q#QM6xCn+rMepR}(U*Ss| zE4PCDTz)8BG2#_mbl!L4&#%5U!e;c+p9_z<22~z)ruFfd`Mv#oS&alvZLM=6r`03k z$27J;W#cBdmE`lPWy{>9=rKa~NS=A(qAki#h0;DL~@ z4`vj-hG?-a-iVkNx84t4(zzR>pO6sgaw?ZG`DT*MNvEx%hm}ciOTCSq!_V&WtK){k z4uqw%h-b{t{05ushHrfuKle&N5#Bf)xN%Y&-6)RR-M%pH{md!xv*1lLap>gj0kPQp zc`JM)?!oy|ZZd>prsc(qD`XC&Y>GHP* zQQnGhf0&0>qe`>&l4Ddj4?mKfv%rqZr`o|{7 zpy!@^*i{)CP!61OizhMr;6*AH@K(o!;COy_f}$XE3hDb3xCJ}h0lfqMaPDX=ZFjD| zf-&XJ<9v6+=+VLL_ul-@Px7Z%$16Fndw^kYZ_PW@cNq)y8EY>1nND;~H}kbmO?jx3 z$SZlaRL?-AFgwtcr8ZAR|7^$U03!Z!T{J3`TYOfkS{!4F>!UHlxVfKU=VfR_5geXX zJ^X&gl<9hMDY`l=wQT*(%-rhr6VsI3%F}c?XzRpH+wPu3gPu#vy-cB_!=`TJO4@lg zxlcbb3AsK(h&F5ss3ewju@`FHzbFv?c}>;>2GfVTVG>D}Zebn`CGrkX0tAf`eG19+=mTWuL)4wo;tWsbg=q|4dZMKb5lorc@m1mqjyI$^we zOhR`<(Zmr^q%E(8lH?$E1RkWa5lJo;%l4=*AM}FSw)F2HGs?OA zHRHm{N$EMP3qS^1S@_5%Wa{eh-Vw8~)fB8%pmkG8L62dMJCvvuU>$|7cvU>Zec05I zk!QlUnA}=UL+aizkM=*5R}RW+1X}Pvm^mE+pupp6qmfJN>7ulba}V%KxvyaJ?iS7X zvdB1M0be+a<;WV+@eBZg7a-UD(P&Y>xskyYv$9}{Bzu*J*CdX*1J^|oHT+jl&ALJb+|)h&y1N8& z{bryQJyT?@=C0@IV~i=7cxBuyb~b%9B`T% z9M9BBr zypnS7Mw-|>8nGHVQ5@dnXSTf)&m!jY9xLNmg5N7TqHhv9`Wv=fVsPK{bh8UIgTB6f z*1liAFuw<3k$?O!Ro#-_^#)Nht32P9Ro_<}2px`=(sChUxvlMjVEdr;__%03Ow<^} zz%0`0O<%A0|FUcJ-5g>lz{69zdOHXWyj?3Dwg7W#yQjrs`?3rvu zPt#Im2A`A{A$vvX^_;DH^m6KudXIF)plgT z!;MQ96B&+#JQ37MOmaF`WL=bt%5%Q^y-qe5o_x372*&!Do$$2gW>f`)7AU9fsS%9C zf^uX7JHa}k5-4G!rhk?+SMK?sfWlve{l2pPx@7eTXsS6lzCi!!Z!_|6Sno@Y1{1d7 z;F3)BC10eZfU`jS547NgosJ#OC*h6@qDu^D8$HcWz(s%`Bho12Q?B>0cu0!kul3RO zEWPRETzlH$)&;TWMdiB!49m(=hU3z+YcmPV112OT2FwkLUD-Bb-vp9r;~MTG^QcI; z*%h>O*yH4yROiOn{4ebEADfnpV0WayUGH6VJL6mM?`gMPrvnL`lR%z2!@!%IlV{58 z*<{Suj3=w%lEb1-x76EamOQI9*lmMDJIMQPMXzQiH98qZ7O=-113!wZP=ieoI*Lx-Z=IWF3WE0yxhN>JvH_;TX^&g` zp+1u-Jh#!%^Q?Q<-6-{Z@u+)%C^-a`)>I#v-6cz|G975Jx&B*aKJj$D$hu{QTdBdr zbN%mujSpl&ur!D%ICoY58vuw({>!7YkPMK@ z9{d4UU^n$(nlj0-lE``?SkK)-8Aws+njRQdQKF>MKlGhg8q>|?e=RQKg<7qFv1_6# zymdEwdg)9Iqmx5!|HtwVtVr+|+Q7=nuqVdRAdI(5w@fC|fUf$VLqvJScw8B!+_+>}dBI5N7`5g@W_V4_ z41PQB5~UV;qn?HcBj^L29}}crtsbaGM1&w4M6pBqyuexbViAjdy^<@RRu;WWl>6;N z1*>F>&kZW-l^+gjtA)s8zyvRUiTpZq&F{xCy4zHh?$uDt5%a3KScHR_B~ueW7y7V4<0Y{0xB+(sOS|LC(F1hNJJ z0u|DfHbC~)oyT{0999?LWTyJiuHwo%&S}m9lD4 zBU>&G-Q#?OSOuMU&hp;nEh}vm(W!%!8cQ)R@3ZJaH9_?+L}`unOZ7J40%yl;nc^7M7jqo3z44=0cPN>%;;_$ z$47LDXPY%R8T5weE3=N>{GUD<3Bi_QwlR>j>NuF4UF!zkb87s5-Zg+r=@6%ccxX)- zb!}*nZP1r)TV}gCWjwLc)W;k{Az9ZA(1r%bvmH-O5R$upk}R!?w~53vU(;@jI1c!nP?8Te$;$RNO zCRdXT3t%ynsQr!sfohK{k31*h#)(6II~L;Ci;e;#;*~B>`B~kDGvDCpxa@dxl9E_s zl;p9xxvrr7%BTV6b8xz}MHR@E(q{mR_QaikcY6Ez0n%^`&j*x{Z+Pi0=IPkFMsIfx!UA{WQ?KRWy^UP2HGz(tTquK# zacL?2jl~Nj@`(5d6GV8F{v~x|r2ASB!67Pg@hoJon6qe2<=9wErFBot%NC0kn?3CB zjpl|4p3E0S%MfR4^i8Zp*^i-4_`A1a#l=7h{{=QmEIwXY9#39--SZwTC92RXZQhp8 z0`%T1^4ZM1?11B@pvuj7!Y~8rncuw#B`=iTaHe7Cd`^rcg~8#Pke4{d=D`>u4sYp@ z^|K}4TH29Jel;4(K&O6-vn-LuK%d01uXW3Vccux(wt97l#{BWQT*^f<3W`!$RK@s# zKpr}l9AKlxk$qtc4b;|Hk6&I*s$ z6CZ@p%`f<#hkS%aI(a9!!kh5~LiWow3zK_)6}A>U&CjCUEt@d7KbFY8hO?Hg;-Zjr z#Wya`OHF)F1|>Rcqp>AMG#C)L1i6Ts{d^I5txx8Vw$4-c;GJQY$WUDhaWHwi^TG}5 z{DyxPY`Z?(AjxjNqH}ezpMtI#tao8Pvh3t!-UB9@1?<|u{h^e7?;|B^e zOp$l;cxg?XsVHUNoCfQOeTzFvC@inmVo3dw0V^+_nkKEf%sOi+Yr=$-O*8MCc73oP z`Lc;W#aO)1h@^xi(jz11)tE9p@^r6n!`=9i051uA(*xNkzk}cPrs>9=s$ZG;OO`?_ z58K_^BKqTCH777p?JHJmUhV3}BF0ORk`(+08enmEP_myMbhU!;V+!ip+{%sbOwQZa zSdAK#!a0>V)Lld==~1b%O;B9^wTrxXN`So zsS%bY_P^$x+9*~YF-Qm4O<_pN#0vZL5b|Lm?`UbJ1 zjha6Zg$(#0@>%<{uH4e90ZPr(X3^f*&D8wy<;usr6j?CWbg-j#hYwQw}c zn>gX9Xe=h^v^zR^FraJzH9mFPL9~gKDEb|akLDu#zp{VxDz~)ZfQgWSHq#Db>eBvL z%N^>%Ne0~~2$TW|tB1Mh-O%WUH$%p~oMzHMd)?|e2O>5vk=--64GUhCY`a=c4+VQR z^ZQUuEzqkg8`czi6x;m8CidS+BmZxZrR^_O8Za`QbV&w|eBOLiw6WPxGeSy83IS5?!yihP=^Q zirBDcwXgF_HHSqx7BUU88Bz~gt=p4Kz{~9QijiL(jk@3V@ERP}pjc&gTJ<(>+2PT( zs&qMq04*QLh%Hx9jvdclEs(8~Orqdp^YDQJL5q_n@xf5ln6=cDY9$wZQ4MP zG|WVXO7KA+_eQ5R@V-Cj>FU^+9DMV}!R&m$7W%`AREAE*|J0W#H)4mGmN@<0Z+D&Y zHI^txk^wkCYtc8Tz0&r4st8rFcPN^P@SwBMj2gacx8Ova#x=n`CDJ9wn(zDu$DxI&(TeFQ_o2&hu ztChIf0H$i>Jx$w-W~92%%FzGA)mw)}owf19yA~=S(n?B8OE)OpNH<95&@tq!K}+Y5 z(hb5;0|QETNH;QcGjxf+Hw1S?yyZ)gQ z8B$dWA>H`Q=%sbN`!lS94;!?ZL61C4Itcrz{GxU_{7^q(APPnJeR8^eI7KnL4D;|l zt=u+N70U`sQAxoK80Q{&YO`{y`$o<|`av`x3A2NqY@PPp1~U%7HvKtKnhRtTm+LAlea#k|Q0Hdp zd{p$J0SpE;B^5IBW$|5BUSIJp>}?e=O?_e0V)YX0{4Jdrvp9rNJ$oo*lb(Kq5gF6v z#Mz%8ZS=9&gh>!`<+yJ3U6O1m>u>6l0*?d?ACXot1L)LWWEC)YPxN6mjZM5_8=+K zqOTpg+$fZ6hMLOYb89~{w00}(c)6yl$mDk;qnft?Y%55eWw5yiQb3lG-KnA+DM#?= za(ZRK`J3qFo-X4ONGniTxd+P>CJB?nTTCa48{m*sV>GmQy?=tCTj1HDyY{M&4REXU zHYw;fZIsMM*#t?-lYZZ9L&W2)o>MPd{Kp-D-P zEAZEO4%U&d>%e4U3=&xRbJhkPROaktKQla*G&;;VQs%12z0l(OQ9>y+a=Kp{?>zqw zomds%dIUCHVHa)Jw6@dhK_XFw&<+PLAF|W{%DpRaJ0GA#FRvn9E0E1^i0gVCNJFlC zPwMjA0Dt*Qpyv_25TWzDB`uZqUXNX6Je|NMK2@9?>`9B4MY?@}z?RSq_9DGa)VJSP zhVndZ}egzz)WZDI>yS?)jkfa%}KUe*2~*+*b6nNdgD+Yy0Pj4Mhm(b zsc7B=@0IXxYcYmjFT2A_Ub3oss@uu*u}}3#=CQFkD@i(SfZAk6lE4`lC4&x|B`qc? zsqydisQRF*)nce`9zh~xvPkg~W)aO_6WWU(X%>wryAMy;(Do2F3Mfuk2On4am%*z% z$5f|)X}+!{CL1jHZhdB3j@s> zXo<*asVG(Z2gLnyDw~a!7$+P^gF#z+G_e!R0Vq=6C&X8afpGRfE||}$bQEoSLm6_*c)AM~f6+LBt@CBm^Hj~+pOgk7vV{VZdz?6JyXb-4l|l~ z^8FtIt*m%5B(%Pa2$tw0@UOAqJLI9mrHj=70l*0v0pMa?UX5_mbN?}mUuzDE%?6JM zfMt4~xJK3H7sUYb0SX%<*sIWrA{t#i;tm_FqTK)!^_~S9s9^+-y;`7ETM#4 z(YD^S#jb)a&HFE85tkw& zcVSX@v-gh6r#Nt$ulrUVrn+W2XHLUli=aAPbuRZ-jSylr^)#FCsX}+wJMs~^Hd#~w zm)p~)5f+6}(J=vT*ejo^+OM04@;eKm#+m7JN~_qv!y{9oI_6H^4zTVpsv8ht*!&r) zzN$6t+yhBs3QKKF`BZ?4KztOt;8VbdRf_eL&I6I_|7Q--7bzJUH#9|fWoQ?0u&U>= zv!D5}V^BaV9p7%}16yi~k~Pbbk2=;zg$GOO-%1meusXJQcYBCpclL7k));lTI|`OJ zy%3%%uzzp#O{*2b5^2sw=!xRPn~S4ef60%`q90(g;|@++g~k4=Cb8_p)BS<%2LCN> z=ZLB8Iz5dqNAOg6o5KCK`Zi0aieAVD6+5f|8$?w1gmpdJ#n-N8=lbNKCmVP&V`6vd zJ_>6enmqGc+nz3+Vlrt`J*^RNQWpJXsm5Kr`DQ7|hTFMC@Xa?q4}P}~H0SEtkZylk zk}1nXK@}%^42%zHn_`48q!H<0>hLtt50kz@@L)jc`m+MsD&EL1~D(oi+om(98tF*IxLMy6_vOtU9AqD;%Z9? zB9*TrikdBHeTX&M%yw+Ud2`y#+8K2Kjs-nGfxY;zOVrv0KiYE#`df8(Kg={N;Cq|< z^yE>CsDlhbJrYf+@_?we@as-rJe>xkjHr6vX}{dK!I}>vnz$A*vXLL>C=B*}@?ffU zanVc=QBqQl{yUb))vF+ukaFJQTq%CTuk6h`2(6T9gv=h zA00CP%IXgay+(bb5yqlfhzZcx5Y#zTZiPD0-6B4>T5XpeF|SdF?OZ6^nukBGRTMC` z(K*M;jfJLxm17z+q>$gyxoH&Ur=TJaGi`o#vR%t1)sg#nQAxK8T-4?+FGiG|8!rgc z`V_2O5CJAaHD>K2wGnV#7-(0H+BQpdyB~q?dNx~&;bFRpQ(&N)IzQNl?p-y|R7W;9~Ax)6D_BM<~m)C7js@rhh7Hl=9@GtdZGYhMC~Uk zmhcD#&eYCS7tpY}ZC{M+2*@G|jVb-Mf~vq7^+AsuCfdM?d9MI70`R+@h~8D@cz?M% zwgXG{&DdW-k~PIz?h{2{Q&}_-iDhdPz`>ZC@ja4LlQ^L`vXf{cEL8Voi{q4v`L}op zHGZYPNVYOI;+5zBn*qsReK>l<(PBz6c}ZMp8tH=~ZzB(6%}e-|m>Kb&>4=Sd{0LP9`6N#>qRo`@?XOCWQ_Qk%+ZJGsH%+F;T>?Bu_s| zLJW(FjJLf|Ktc~ z_OevwAb!*`vWJGr1BpHDWpFTz)^L4nhl%#j)eYFAWYcF1^C<44t_VW#Nl?}E1BI@J zL)9f`F?_kb46L_5F-%k6yaHCirq{(u18va+0-O~Qkp!fQ@!f#;;Fd8(3d?GGc<$!2 zCI~pIQuv8dK4w*6Uwqx5J<*PiYq_+Ny%BkR)|UwgCzEfgR>0At6Jd!PVzvny}qQ?MXac<NV_%{d1b$rr*4goXD4#)|FQnr~kFCp;&4CA)&@Dm879KoN?Nq zh(Sq}ftfuKDdd@d28iMNXUQy{ml8Ez+yh7Vqj6y_9J(=zV*SKK67h{|!1Kdqr=0Lo z_f4X2LlOaI@}bz32C+f*v(Cff_qGmAXgs(yN;Y{u^Mo3fQ~8b4|I%oEJ@H4{u%-%I zJzR0b-?L~D2jG6l-3f^QWf(6 z^>FO0=aztKF~z6dl}d*BMixGyqpvJB^>cSdm@qS1-yXRT z3pMxYku9G239I-iWP12mMwDOon+h|7;aP|h{Be0vg4~b|Yx>prKO!P_dFaG7uzl-> zyz#8=fWm_cbWI5}p5lx`U7|Y*wo>L;>!C*;>{vzysb$YqI2fKC8H)>C-5|)F#U*ag zR@TRdjhETpN|uCd*KOy8SG)p zAqla=-C`V}y;^W}nm!i`@ZT(M|5%B76?i6{WqK|;DZQvtQUx0d>gyIKjVJ7%ctk*o zVPmlv`V`0>4jqh3#8Uzimr{C>zSSQ&p}NKf9kS~G!zx3;sj{rfk*HGaAZ)6d`CD8G zt}gzlf3hPy!%-ut&g}% z^RpUQX~RH*j>$kz3lFUcVy-?fR;eI#*G58^0gd_4?fbzh-I>J#I7Cz_BeaSk;CMKD z$QuU|D2rG{kro&aaHC~Svf1_DNzYARzJHtkQ`-Ywll^{V&7F>C4ANA`V2b1q+(REm zB+EG&k+lT6u5P=3gg|_yBBEt-Ct6<{M8ZOrkz##ar&VdXjGS3Z(Bq?#NTpoRj(u|t z*u~r}u6S}fy?k4>e6bv0%xPlXo6Vdfk{lx7tjx>nGcBmYagg=_^Z1|#1QalAoIlU? za28kN?62@YKI(}N!RnGj8wzye9qbAFzN&Tba~tz;bQI*BrrtdG0qn)Xr&?E zmLvIA;*9S+!w%PGKx-!mOaBKk`FZxS*8j1{$BD1jd%{Y=V@KlhUTl!6{gUERlkzns z<9G@hc6%k+@pV31rDxyfd12K&8AOk5U6-5YwSQh@ zSbCC!T!)*;<3*`1G@oZa`P})JuwgQ9#~_A~G&vS2ee4IcVXx(pP-~YR|Hf~+-!M0a z6WHwlRX6%3cmoD@P~EfAB9+8v7^*g#Qh`5w^J0=j0ry@aIcW&2LR28|a=vRPIk>`@ z0_o+NGBQ_AZL}%+djOiFE#jARuuklI(}jYMW(NjIw>k`=mq(&sVzTKzSv>rPqJ z6s=E`SY{yR^2bi{W}>qZl@QE+6Y~+STN$(s|EWFn(7cd9F&`+wBV(P6Dr69WA+!wMGDarffHE45BT zXBDMU#PspKpC_O#k}KtXsX4_jDdY{0nL4%DU~vB`;0JOT8*-KHpi}tDzv4)Y>7Z>z zL(2FvXH0nmi`Rn&Avn~G!$FjXk0Ho91*Cn9Wp~|W$MHspx1$Q)$u{VluG$do%8#3l z*fQ!NE-!!GY=T^#KTJr&V37?zr}Mngdmm*98p9TZ zrBd|ZC)4#B#R~nGT-qy_N4T?A`4}238PQBWFX>$3D4ViN3-dlfr!-13MxYB(PwT{- zdUe2#cBT|s4V_+TCwlA8R2ot75rIOSB^2m!I31fAoBcFndQTKK@ufmk1iFXr!7z=+ z7EMmm9-HNPqV>#?C087olnqzAKNF8FNQa#ojvUvoI%7e1`oQ<28ijI(I2U()6=bTe zV+{d!7{>i}xchV&jBE&|D>{4&W<6(L8M2gIo%IQORo`XV8;AN(CRlI|zOJ60n;wBY)kI>9#^PONlDd(*I7~94 z4#%pf7D^`@Yr}mP9ft|CR-P?rUA2Gv^kcfwmIcb;Eb7@Nzn_OKL*;28caE&ZKPtE; zc5iS)u704-*FU09W6-#-d6t$Le*1+c3K#qkxASn^ipARUYcxE&_5DaA zqqEawD)&0qa!vVn3C0!p%Ecv&(v9OS&eO#nY&Zj z*pz`5kjhokY%-x55myN%&3#gvkVEx~2nWy4izWMphk*oUZ6hrj7cRLHA^tGPs``+( zNk%k&xF71=Yg2g07Eb!WaIMKIU-(>#Ouhh1loVX=nG~X^Z!j-muano? zeTd)_kHAgzOlz91tbl5_LgMNXTS5L4qrSelgWmS7jpFGPq=(b)4G)iQR)4zaY}ytc z#q6Bt_B8A#vT$nv3TWg?QwnQyvKf=6R~{#C&l?$|LrnT8^itxn)&K||`%CHmN>#X4 zCPjpixPZs5{CWrB-Q*$bp4&(zkWY})ZtYA~Y6t4QB+7Sd_h%=M@=PwjsdyUFgRvde zY{kF0L+wLJ_hgS+&>aPPNhlgnc7B9>BNax5f-)Y1QE97J z(1-4sdFURq)TqPrfGhEsj6sXkZLSE?aV*izluP_rWOIyL?F%H!8) z&z6N)Q(X;YCOsv?Zh?19xW3r)+W%;J#jdWb3jiD)Rcu<()9q)K>D2R$LYb;q(PCV$ z5*`Wg+mJ5k{RzInv`eDP7AVEK>nFaTC0J0fdoY5TITmO zF&8E1>EhjhR^8cnn{zhjj8Hx|)_Yii?%RkpCVC-9_f^Kb$IlF_HX`_Km5_}^dRkC! zyW`5~!i%Rx(4VzWDS}8U5?nKHXSZI9_GRqhw<4SwgWx9Wxg6u!P&>u7l1wXD0i%ylL*aQF zJXV>S7y~qWDS1F0M%mE_;Xp=J*k_Z3L*t$*z<>s!nuIN0&)Z9@DQ^FWdRpWVkdzB^ zbHO2PVR;p{CAvurmAhxXmfeMYKT=>&L4JWbd+8%KlSEQAwY1gdeB-xQgA|_H*T+k@$ zokfjOeyOr`BJ;4SESeoIXTA*M)WmyA@f6cg|DT#8Cu&oU|C^b^PW^aPdt>$1GTRLL zF`(6*={n1g5dq6S*bTewRd3YW?&Nvyw%P_CxYUFL0HCnT+^KRMPxj7ogWMTUb4{?Y ziPO{4^Ioa>@%J`rc&5Vjc1sm?Etx;v3$N8E1}TI_y!YB%Ox1oK!UBa~U)&Med+vLb zkANG`%~G?nqZPX1WnP5g$`Fb+%ZM>^;d2tt3ny>yU>60J_wG43VvyAwqn}+&v$8*Q z^}MO1EfhWl|01}?FMzZSZQ1576cP_ni*E6evQbkj`mtsqVG1(1P89TY0yr{Pz5*7C z0cA;N11S#~BY{C^*tUGC6nPm6sc11h4mtiAMlH3>flVasc7GU1munjErDn(~pDIa< zsxy|1Qk_llMDNpGn=@H;+LgIQ&T`Y5@adG-3K2w~x6G7~kQk`eq5JOe!FX9PAHg$a z+R=Eq!QhX;ZI@gOTqS{!&Dz=>oxd_q0E0Vb@ke|BCxHZ&nGGB<8gshfdlPiQWBqWsksbU|m|$ zi|=lz;hKuqgNME*TQWyjIX{CMf8No03zUIlcE1i=#@F1X=!Hl#vzbhV(}dh!KyV6S z?0{A8do%gL;Dtts>Pobk;4VO?Rh*DA=-BX7u2G${p4)fyfXAxLQ4*h6(tl+l(8 zY4125&Ln%mDCU>ydwnwou7W4xzbu`-g$2b4ut%^t==Ni?EcRH#P_PUNRR_qgw-UhR z1$>xb#M6x@A_kVtxSWtb951LpKl$4M-aqKb$o|cW!7E=ubBqAeL1eAjn{}G_{SJ-} zoAAu|7a;s1B(<*nIv|Sj?HWxrdZR1GFNw|8!3DTSG0LD_ z`c)@gfB3r48T1_Ns|69?q0DE{efWE(Cwa0su3PhCcZbDQ0EP_1-Jgw%Ax7%=aZGG$ z-hKbp2os{r^Hg}{W}a16g|P3wc4onV+|ItE(|jm362V-}mhZ zE7#x!THAx`BpEiJaFZuA2m4h~PHmt07q` z9rW`$5bRO&O_ikX>njm^PBh=YDAr$kLQZCa<#rz1;XczNgF4`qo1IY|XJX_XYNh_l zfz>xk6>N{VBv}tdud^0dHW1e3VAPK9cYwgn`ai-d!mDZ+bz{nF7oi=k%QZ<77wA)V z@Q*gO&yxmeoeh1!Jm=e$kzt{dy&`PoY}4d*BR>qToTj4CDG&uAnxI;E(!cSbx7(em zxWMDA<2$nOdT#b4*xK~0KA0tEd-=8Cexhe4a_HWA6**r`4;Vab)J`&Bsn3L5_AQrS z?!!0-3u3cNr4sI_-^j7&jOeOZM4C0aFw5K~PWseTFaxZiw_w?`ojq>+%GDzhC*i+z zrlhKJKH9@sKPfu@AlBN(>9%5j`DjhT`#v4Xtdu7zTlr!Xj&po=S;!OIe$6Q!zjc6J z07CssYUTZz7a1s6|I-7egU+uUMxD-_WJO>F@rt=ZoVDAP+s^TtUI?60Lag@(JB9aOiWvWXI_5RbCNZ|kaxH!KyKtn z0}N56ZZc`ylWvsX4XVcJk1BJjbqO0nSC3fYDz7eWH|nSg0>oM*CKd|-QY0^) zDaQ4>MJ(X6q8VL#thKIJrU1q?`t{3wJXvgM7DFX*Tu%qvGm6FJoW}XETb}Wu7Hk_? zFGtGlt;sA23FuL8iO4*! zFseiN%7~H`J1j(O#rguDgaXljwN!@xG!kGsZZjCNRptrQTM+y)pKC)(@i9Pyk1h7w z#mV(=Lx8H4{E$RYb1`n?Uze2LsWO7a4#jFe@#%O2B$;V@01WJr<`12dOzV8aqpRLp zO1!`8pHd?6<-*eLx8xK;Yj%4MS-x?Cxdk$lXzH!!)M2{|6Ru~g-+8*PhtfA~<_ez_ zexxa{l8Jqsz*<>`)#j>>h$ESh6p8zOJBAVWX}F#r8}G4+BBb-n5)-TT41|3x)oeQ2 z1?Wq2$k|DzZ^`eIs#_%+?mftD_qk?gbb7Cb$Ntu>l%Hnxw!6;&ZCbCc^71*02lw~3 zcPPn7RlLp~ctNG|liqyr*qzO^6?I?S3B@(Q z7E}AmM-a_48HaCQ|c4}gC67iZkB^r)BTVPkh!->KCHZaJ<4Nh(}g z)@vw>Eah25BmGRCFGfO#2=?-6cp4)NfqJo~kzJg6Grr7=O(Yud88o`8ID^V~C+FaW z`(X;bP4R}1Cr<;fid$^dth(gd3^xc?mE%Z~lna!Hl)K4O#WddkWL#A0OEigl&HmJ^ zHl2R_H)_`vh8OBwN)Y(=vKsNJ%UWpRxgdaiv?lrOSBnef!>`xisS;VlNH=j z7+$+CZ_~kR)eOa+j5BiO)?Xz?!h#sU&E#Y=4Z055`h@xXD{eZ*_tCx;mr_-1&TQe( ziM8Bbny4_Sc9H<*#muZ26IHREG*cRm-W!995`oRTI!V|k7)M(SBqi$n{2qyyM>@%aiZeQ5F(NsIFN)UH_mEkx>ZeYnpBeT&>XNT$YUH)$7Ix4D-m$oW$dyIaB!9*0r z>1JkzOZeIU^Gul-1+y4G0+5AV2wm#8hVOdgJdPo#@!g_1z%P|?FTzWpz0&aNkGge1 zr!K{W9hE&1O=q!C9n!D=``j*bBw-+EKvJorswU~va_mk+5KWE7t^bOnPsH|EQ*}Oj z=Y#T~--Y7=*{VuT{lo+(C&P>-LMHAWMOz z_ldSt{sQe&0QSNskfN6F4FE0 z>5{aA&!{DPPhw-4KhuuEi<}U1^iCx@!3|48pD%ViOE`UfT`VABAI#d64@-#q#&beL zI$L^KU(>5%7o_lC(xN{c z>!d>itmi@m`)Q>`uSx1+%BVs*ajbc`j)cx%!`XV+AJKT%fPgHOv-1aMd;9+D(o6dp zTOfonOLW%n!=d!>mc_4YFVC~Hdrvq##N1H_7b{{+Zl;tHqsJHTVOqL2|1>oB=BG%b z=8bK=dJJONAJCM0Tpn=O$lE&@`5nEz+G6sHCM?a|6bmTZ_@0^h9Q? z++Q#D)dPj|NfxU!>{9Jl&ePe|Gu0@$;pbxnWU?CA;M^#2OCB*-SONaQ<%ZEaV~uX# zffKEtN(r1^W`gX0CZ*TJ4dvvjtWR9@TK_0=MkWZzA9s(EEEZkS#6**=XqJGhi88pC zpoML?^2>KUprMXbtQ&T`{`sc|waJ$HGyQX=q`@G-v&u+SQ&(UR$-^}XBocg${<-Zx zAjiG$#aYHOgeRLU9Jav`^H^n$wBHf(so9wCz1=(R&D{S!*7e0;<;6scD#f19te}}c zJ;B3bcBd@no6iS`l@hASJNR`K4$I1}tOYU}vvGkW^?+leYJ*z@_<4KgXSs11`5UD9d)H7`+_F@O+%d^_ENAOsp z=@pXEc*F$`m-_LMcJ!B{iv`p|F~X{j;-md_OqrVt^@#SuLjsfiD_a~E5Wa% zRi@kD`Nm?xtq%5|F-~D^<3E3FWdF%Ox0eKn09wzW)X`-lI-gi`Ft@No?V>O5p9$bv z(l(}@qm_8iokOvka=cjQ2N5q{MUguHctwH<9$UWFz@0Wg7QVxsQ zLf>AG7Qs&HqvF5aI_R!@@vDuwOlA&_Z1?uwH#cd7oOw~}$rDEH?#u{J{g`+z>RWU^ zvUoCiIi7?ZU%B3_@6c)->Xf`XY{~QxuCZhEafx>I#}k?k=$V$NiOyr?6Plczl+72d z*X{q7tNPA~{?Q{@gPBzrREG4co_Itnl-)^KcNw4$YLxrpXM(syqF{6Y6+1hoS`>eH zo4Fq}?C~!{p-LqGxAqlD;a6T!-6IU@@U+9$90aeJ`G}CjbWIgC2S|%LVB=&dK_>pj zR~zU~EVtFnuALNT!&%Idp>`=|drQ9!GnJEjcL1x1D#qv)NI+fGrojKr9Z{TNSR7TK z7Pr_eR_kr!+rM7nAq*ghQi^a!mMKi?F2#=1@rQLAa`%=wRZku&d zqt$&@1>-w){)!(rqAG7V1&qOAO0UN$7s({8;muA;Ys7 zmClM@%qEw;h5+BL%b&XE1%Ws_j18x6irorE5*tm&3i~7&4816Xz*X|b8e`IThk#a8 z?b(w@!8MHa$+(49VYJuEuheg7?kEIVzKn@GJcuK<;$%hF%7>RQ&#lKXMV)|lJTUHE zC=`oC!$hASHfqA5RR-@TT3?DD{KWxZf6TnHEXRKQiX?ayL z05?b2BSDn3W%)Zch&uMA|7rg0qLW$VY@4)poN^!;-VJO1^CXPujz`MA-tq$WFi2NJ zsgYO-y(AtUNE;1-c}@pFy^4J&sPgj}wItm^6C!7L1yU9#rU2WopM zYF>qRo9etMBt{VdnGX<@V&lI$TAd2k_oinv6}LjpJf35XtqRUmSJpWye#*UNOdj4- zXK?P_`Zu&#^s(*C}%iE78OQ<}4g*YwxHuYc$l$njoPLm)Z~ zmdS*d@9m_tH=ER#`I=oVeg%`#_!U8ymLs)b8FI1wEU~AtvFW2zWo2*q>PgM+bxCQA`bt8Ybt-iQSq7d?ZCB{#Y@hmJhS~-#)*t~K>Mz2X5h3D?FJMkm3 z+H8vGsAsl`I~)sOvs@zZRGUjlmf&u^qP+Q;Vrsoja}u|YV_UBy@?4yg-BndP5M@ro z%~60SW-A-}li%h!qb?p@rh-2+NiX#0F8-^wO&mlauz(cHqoO`Tgm~a(RSlYQ0f}E* z=Guflsm`hdU#hOVBhD1Lp{w&wPgQ>gVcSBiQ&y+b}D*zm@2!PYGx@* zxM74i`WpVBd&>M(g{gnzUH;ny-4f*1F4668?8~0@z7@H?H49aKM=#dcqB?Kg4MMEq z*K+JIUgf<5T)RNeZvQ#Za?jO!>`jlJuF_oXWj7bE$TeDULCpNHt{*Ak&rr?AZ|^+f z+i-{*ATUoXyMH2T_UO=wjWI)(G^U;!pqT4!l$ONTqSER1q!;fpOW@t!4*<|#YATv zttWtd&`J*6#W=YENfob4$Okk3~L7EgKqtR zqn)1~I5CaRFrh9am|tYGgdGf3yp}&@o?W#)DQ@2?KhBujXv%zL*+_T2mj)ng;9~R85YXtaM_jIj*Ya zW)c;mJy?GERHEP=2x~FSZ?|Kom~JSM5#^xNBmW!yIaD`bx0IQBj|7Nb^(G(DX0El9 zJ2OBNNST+x-}e``@!ZB7XxCKee~}jw%HgRS!yJ4YkAG&4X9pA;&k2tjUsaUvh2ZQ( z`O8F6FJ`6AjhEOea@eZ$GDBs|59hmH8;D1zKkJqKh{2&$Cdd>?a;+vg!OD&M+UIji zXi0&=zdQa`ey+ATL-xTwmo!SuqllBs@TgB*n|c$E5^Uk?q#?+$@#?3$*u_kEg@!A$ zuu0_V@~@d=aOX?Nj6Qq#19%E<*s8MM+F3%^I#+=w@P}jEgr`bNcI(SyQJxgNCTH(t zs<$lQEb2y5q!C8X_Y^GG@DFVvA!YLSxO+D+MW{s?H!u3h2`DtE)bM(T9YW#fUB z;pS67&nY=tTh9rkCmDb3+o&0NM^)R@_&78EVbHt)KgCQ_sr#JK(e(0u1&0{V>$}G| z_>~{`ca}JZ)xH0utKN@CvFYQRROlhGl zREuQQTHa>c^(^VH>li6y_8HlNw)4u$(_*nzU7PB50t^zQr5%q<^3Q^ z<74-Xrh4z#u_&r-C$+2k;d;tN=NtR?x7z^i9=L*9Ad-#YDboA>j{Lk$gl{*j-oWdH_UB7TO!W07o-frl zTYx11IdSujw01>?mat!1-M0(IA?F(Sobd5z3i*S%3D0-$qtJkdt@ZPh6GQ{{%*YGI z$`ivcLT++PP;tZBoAP*gZMj|dSn?<(vn%&PS;E=vGWY>4SUH7(S0%h09_)?>BRAou z=K%UfY1^O|=L@3B-6=!Py&!37XQvOmAr2Dq@ngM#lHy$}x7G@no*4`xj&qm*V=-h+ zPK*-8^3~2_8-^%S%qGvOjZGtAu=o2oxU!o$-}4JQSL)a&_pHbsSS;{vn2ScmxM8&lmYXj#j<10NyY{zYWq;&$ZLvx}F`fu)z{Jzwv4CJ{u>NY~ zgX`qW9xxXM9Cq#)8gA2*OJcF=-`n8t9=x@5?QM;zb9b0KyQ~AVVL+4JyfNE))?5O; z$PUvSsh1a(-sUWd>&F}+z1-RUHvLA-p9`cawn$Fr^DETu9YPsw`fDDU$q(Xu-!14m zv1pRz%0_kE9bo0_3O>6bj#kq~15}qZ6JDdmBW+PntcjQQO*hGQvE?lOcB9N9izD`F zzq(ldWsD%7-QcgK7L%Ux1oqk3v7TNKmlbD9X(SKHa5%oQtR(yLA^XJ${OJ_JMYbm= z*Q&Rferfjs3mX3;ZkiqU20ufpk$Af?cgvni|2CmOl7odG{oBu^8CO}VNOb)T&Y|Ab(sJKyyit-7_ul9>5vF6} zH5+f*>8Va~60L80Ter<=IJC^q7P)pqW5w#KXUpUFPS?2Aoxt0xO~aHn8(4O0t@x1; z7zYyE#X#+1J1)UTvh;1F*2?{QzAFldR3BhT?l4(glM0{j?!MSy+uanb5#SpkU0+tV zk`_(stR`8l)>{@*t{uBuqQ<~i7-z_6QH5H|!wZ_1pJ*3nA7_hoCo*quJBtFX|ML$1 z>V^6yhrl}ar=#+tJZ&Y><2|OE5*T=1M@d9;~D}XqoN?zgRyj z4wtZvJ2-;$gh3TCt9n_Q$d^sQ)&~Pu7p-E($ONz5xdmiE%b;Gcl)GMs#qS~cD1h&@ zq>#BqKF8YSj7=-4W&adx&>u(eUyQtDnU<<^bh#$6#?MC}m*}Gga%$r-@#iQfdGHpYkLw`6xH0+Sip$JWuGbH zcPg>{`Yd?EGGqO$C{9@hwVb`Vn8608q~|=_+nwj1TE}S9quD2|L8%~qQs|k-ze2hZ zzr&HcZ(uJ73HmKR8%qnaiyZE=!vrDa))h}dN)4p^s1xU3M)xnAYTCu>Pq~j1@)e~; zVfBJZb-s5$BY(1d{=froC9kQ0=zAWqQjpk#9^%OVBb__iN=B5fDoKAaJ@Fr%+)x`h zb&66(Dj{cSn7$>l91LT58!BD4v4iFeZ;#!yonPTs{#e`Den@2`zqh!^RnJ`I=|0!y zB^=2ARBN4|@qB+bJ>7PWYbjIy0{FOKy}C{HYtpD7En!M-Ym2d>P+eNs%r;&%NrGaC z22W?%410Y&R^6btQ-%XIbr>Uo?+fV((W7#uI9!D!BSkZer_|l$g^p+Dy^~Q3Lio=0 zW{a7W8De7Z>*{{?xYYFS@i30jdG(c;X28SaiBu|?9w{)y-Qw;Tp6_kbN|^P*=r3t5 z6{I2@adz2n)2pYRA{og?cl5>y0sN<6Nzbh>?SE)U&lFx9J)Q6Y@;&Ad!?IVaiVOD4P`-ZzLnb5L z8d)1)-WwH=j5M1#L;m``*+t}61R_@oG*t()vsHoB5GPGTxhC;?E~JBBH|XG+>VE9K zm%&$KXF3&9n(MTV4j16pmBmjuVC9=>GP(2?YQoT6OeVyiZ_3U%8^ z8nVE-#|%QWXru}anqjg7;y(ztz#}Xp~2dK)NUKPA#BH>TLCTz%KNW{_YCB!^->Q4Vk zFT>M02{Lm>wyaxNR;V@Ils8g_P3_pM%Bd(8VPeCop}K5SpyfDPe3uNAS*)-8!U#-w z58OnEqjF9EmT5L#yg0(E)H~Ff5_IZTH#TX^llK;G@MglbOUqCg0Qn7&ooS(^mW7z$ zIwz+&{v~noxXrys%8}ihx`wm8aFO*nu-CS?p71qUwbxtU57T8dl48xkW-;t-dy0Wc z0%&@uOl@eWW^Z=3#iAurc4n_fX6E_syySsuomNZ#n<#LiDh0;LrkJ{BC)K(bDhF`C z5LX*M3HoJdO}GQ<{)RB&qX1uSRSs1R%h#RXi^HH6*x2M8%;;Eb#eVpg34+glcI;FW zl@9LYgrHe`g$Ns*7 z@omY@W>JDhZ0-z*QQPgD{8IU@HIsWo8~>(8<5n>fI4k@sAp04;e)9@N%)4zNw-{5GO4&s4_32Fc?@>fhdXo~k>O9+em&ofTga z7fw$hi$3+j@`mIV?xh^Oz#^^lesU7Dp!Jd!{QRJEIPAHtCT{2pu54^pgsIsM4-Fx4 zdn3mnbL%~kp$rkQ7&=EAxumF!W384s5YORl)4dxkZ4fW4*k9Gp{iN7)U9`o9k@AzAO^tngksPyXW@S!`fPYv@IA4h z8P}@;4ZK$%HcDIbX4kM+efMsK^isu_@$$!~4U7$99^#Ea5>rvGMKt@h#nY=XvCsS% z@@WPR)6q`^4V6lznrdV>*hW)zprM5XXUa15%?VOYeKbHAa@}8Xg}1Tpu;Em$Y96ea zLBl1!#9}+~oYcTiA>@T~01FSkV=aU7SBciE2DLtl-9vt>=N&J6TtSkttLQI5euC5D zKyer)-hD?*QLLWJan~gLbPvGV%dI^y{?v5-YKGl;MUC<8)2d>kV`)(?8I6h(58lG+ zR@D+UozU10E&F3p&mT9A+*IfF@_$;lTalH4?TR|kVTrBy>ok_9I_CXD%=WiVfZI`l zTGdMjivPa5H%?x*rs?r+Hr%f0onW~kg_7YyIs4W}QpI}{(_?Sn7xjq1DA6vn8Xv86 zTpSEfsjK*$w5ygCyjoz(%69rXx5A8QZF8HTq`6r$(g2fye05tNv1H+Wjq8_LRvc30 z+dJ9rOQ7#eOH&z8?%c4BpIe`+8)5)cn5XCcMq!VmswNSVh|50(q8c991gVJJ-JM;` zl;2e0I1V+~cj1q!g`q+>_@z;d^%T)Ns~?UL3g*2x1$D)}tMiN{nz7{S&8qLPDOcyL zl`W^l`6(cf)569NJB4UX!rtPrdt4$<$LVL(Hqbo00@YG+3UwWs)(TrYxDdUpbP5NE z^O(Tk$gzTXO0HaXbf&1^De*HH!n;ZkEJ<@?^g(7KMdwkaUg4 zJxI}B_{3tEH@O|Ilxhj6C&w}27wE8G*bZhDrN{43ZC~#6|N03Md*3yS__QBkdh()A6ScGsj@r@$b6ibvgly5T%Ej7n4|)|CY&1?I*0 zCMuq%-qC4}TS>bzyERmo@p<98Rwe2SU!_Li-w(C>bOc$D50T?uQgJ!L%M?}gRc2zu z1c=!8vOVcs|0Jm1lVjW3e%xVr>cJw&`wW&bCvDS6POT90DQ}EzU-h&nkmPaEecBF! zJ3^zh%;I3S#9w-~P=IwqUSL>n)M%yKUE$jesf>7?LB0CoLS8M|z(6vA|X zbnwoJ;}2^cI%Pe5t8PzdQ(gTybMc5av%B!*Jh*PSeh`uuJ~A%tKj!g4b`7FPux$2dP+vmM={xx|5=35 zyhTO_{b6x$0u@@sJSO-1aJX@x@U29${`+?DFL0U|3je ziY~u2e{`P-H2^cDxagh@3rc1=<@4=lk*R%>ybb$tkt9^|am{uPCOW3rj!oMA&_=U^ z2sNu?+Mye#M&nZxxjI#F&z;njsF#!s519aXyfUr-!_`-ZMYV@ptB5F}(g=dmFmy{w zN;ktWq;z);h-?vQ0qI6Sa)w5_yQCSAmTqKd5cS)7&biOM-yiY_&%o^Y#hdG0i(a-V zfk{5yx$EeBFm|7KFs{=+4LbeppHS-$y?6KL5BqM*twg|LvNk%`jDxLWv+uX1aeK*3 zB)dZt89HCr0lKO+PWRm-6i_+-mZK%C1xzll)JFDv+>;Y`rVWxYhwzk1Pm>1Aq1AuP z>-hQ@!(w-oj*>+GkfA=8wcIP7cf*kt)4fLeNaGcaXjyB`>G@PKG&3QZVFR&bWh)5@ z0WF79Lyl=e4B%={sdsIM&PFN*-d=E0ssZ^qawVQU#FM+8+uTmsd$uqWpPmW4XGR43THHu)4doqAjI#A}Si!uISm~Q9;7RG6&MMdAzcWRoM=0E4>Axoo-R)62q zBfqM>b{#qS?Q*7T%VoFEWp{(1WKDrP7i_gus01s8Oi)^Z&FuMj2e?JnS{~2G*Uif< zixl#hBUsj$%3lL&1h&3;IiYh%Sf^~;b_J2Irjb4{I;;>#1 zhN5?&%z_%IkFQJn8%|a5(A|&>jeMbAQEI42cA-qT@8YZ({R<9#034odE+rvleV#69 zXxx6ZCL|)toEg;Z+~3cQ;_^J0Pi7Z=i`hX=hK2L6IeUrOgYyeC@csRJjwy~{_~o!D zX_G+_;h5}XsYE%ko6o%JZ{+BV#}wNRdb?|fSX`5ydsTcoB2>fokw#6_CdxT&=skMa zVd%{P4JK($X-=Se<^#cY*20X1y2#`N_2WlT#O8vkwNB|#RH>%-Wjaz9B(Vqc~DJCXMzL88B!6y~V*UCCJP345?0|CgUh!qC} z=*F3PR~YaR2Ok`*t;_qNZoWcbv+Hcx4Wy3$WK|djtU-U`H(R=}&oAgi!{;W~xH5cg zX#cL{Gno=ukaIUN@%N{O%Bkw0z;DHNVz49Ya}H36+mS+Zj-hL{nu6MqS?1{gb3Hfv zK-2-LY?BghX7x^mUNHQ%)-fG3q^CHsyeU^;V`qmE1fMY*dyCj?x#_T_%_UP%MX64_ z1e&_`RLClyi#(q26o|p^GP{~*f~+{^e@xF?&ze3ROQ~4<8I_#JmsY1 zuRR05Zu7KgjTe2J4_@op)}`Oz;NhYCNEz+Se|G8RmG8+y4E<@xkW(NM=uWjQH6cvj z$s;#-rzwo@XgvZE!85mJaRd;bxzkT^zEVZ@dEVAC3YgixZR%0yX-6lKCLTE^BCwdc zJu+MGgGD;8Al>)+HIj3^HTtWIzV_6s_tp0ODZUyL9-cPbyrOYm%O&iw=4g}l5AORk zg|8h)Oq0M$Je#gZ(YDMl%)10P*j7HK6d~BHRFt>&TxOYi<(jm(^m6j}QbRZ(8#!Aa`UJaK27{Ngol6IWLvV32C3 z`<7?A{|i~f4Do(3Ac1Cj01}wNEo-nq1&riJBRV_mif{FHAn=p+mLpx3Sc7D3)yr^8 zAHtEl9NG;cfoax66LBSc+9gy|+HeQ(vy01l6-s^voqToQ@Scjj)zdx9K)?sUf~CPW zHPiX}osw}+O~N%KX4EplcuFpbO4mS)|ILtGQc4#0D+@r5wxHzW7h}K9t74BArGobJ z;$+9s_vJ&OU*2S^`1$eQ3LzdD zg(`$vO9Q4Qd7oF>ALtv8gNU4gCUxa%DDDF?x?i6x?B`Rr+si5=buxRd1?(JsYsu_l z$(RDB(OyZMe+RNGW?vYplsg?Lb=l>aJhfl8|DS&>Hh-J1Q6Q^K~Zp$ z*h2vCCe~EV$PBi9;cCjkpr|fc{%4yG5ab51t3-ecuTu=Oso!WTWjb@DX7kKHVuGxJ z(KsYs!$|Cv%BZttvaW5ZqPD#9Z!H(j6ATTuAE#^F%>U)j99abVC4e z}OgC?<;&TEH04=#GDeBY?o#g7dni$K28NgF3zW_r>r_% zb9EBC;%3~g`OmW&lwj;&OJT^16Yw(UU7S6)T|QosoYyy9w{p~12_q8l18ERhYbj%b z=rZ**r`MLm|1P-x@}G%dEcB#*l}wlWAJ~R1gAks!T1pe`4E>6*pqz^7k9kn9T~~x= zZuoR`^X|b2pqUzd{8K=-hzjgrY#i_{?_K zF?wYw7$7q!jJrb)1x-2ZG)QB;jsddU!TB8ri)VrokEv4lxea}khBal`V^C?wMzpK`id8*!Vyi*EB7MhiqeZsj*dMIgo%uFY~5W1B|k30 z0GzJ{uEJ$BqFLVr@WN%?XV$B*E9s2svYpfOm)%wT=;tso$?BT7ZaVrg3_KXmNWVQj zO$D4mlo*iF1igYPV=uY=qYze!Z=-#zDRG2A5B4akXT=u=b7At9%GZvJ?h3(KZEnVR zi1d_-@sU2Ej_Nkpw!81(iH|P3BlF8fCA#}$O7>|AKGR%Bm_;GSqrLCZ(FEFH$W1SU z0VCe4{=JfrJM{gzG+|r6ZWx`S*JBJ;fvYte-Cp{0>VYn%-mS~YOr8c+2G0inkhENK>PVg(}+z=h0JLOlyK z0j%mJ9CC8v@Ven3>g9)86+VX!O0c4Mkw3P%-W)_EVMklMUiPi_N)pljQb29_zQDf! zYGR*}*=EQIq^ki-ij}AAV6dZ7Gk$%7Dx{r=S=}?ZGdF@SD@_Y<=bn0m6nznpGGAlr z#jbE-{o0(|CC^C|0bDjVyj|0}Hm2{yWVh=9KyfSA3(m~#Xw~*u-CN+Y^BiJcZ!Buns; zF!nOPsOlh`dGsU?IeVe-xkS9s#*X(91+R}EsI~bTpY~!dsfb8=K$%jT$;OfCHI;On4f{U1-lOyvNiI) zyr}3cjIMah=tR+IpG$oD{50|Y_s9n)-Mm<1**8~L%y|+IJwzz(+h>&kF?`N&9z4>-1ycG%{Vv1#h*@XBe~xx8JN&OqeTM3O#oMS?L01RorB| z>>_BBX2+D-ymh)mST}W>QHEGq!{+M0KpWkX6!TFwkZtq`h;XBTz zlvrjZ>Rp7@Q2jxJKCNG&`inX>^Or+v91gVWy|VDM4@dX-J&D=Bdmql%iVEkAZ-F!h zB{N;-!^Na}6m@3a`Q^EAy`6!Go|?o`U_;5e)7%RzUrF{o=b@x}LQ5fnzMBx-Cq-`1 z+x|(G?rQWY8q*V8bv5_Q{9SNG-o&zv%7fdVEqIf+qss});QjVp_{3dbw`PB3x)|_| z&hCKjuJ=Wbwzo1np3K46muf>-wcpu{apdTv+g#|blJvzSf0u>S0 zVv9=V$5+0c?D>I2wUErr{%3I?lVO01rAqWtH%NGWaD9VM`SA)TVVHIOaT+yPUO0ya-E-h1dt5#L zOGlG5$Xnbl?;DS9QRsB~1d5u)|30}`qcXK((1Ki)2>?Gn<{K)I)3T7;-@ON#%HBeo z7qxNb7>(pGL{FhXG|^q#pRY~b{3f4;#QjkG{7IZ5YzJu)SqtnKWn_ay*9fOcYp?6# z?1h-P#zv5$q+OPGG;vaN7HeU9^d-~Ov`pyPsn(sV9C{tC!TXk~dD7s`e}-g?^L19w zZH-oQls^znbXH`2e-C5kkfs)7#sj=E_^_w`zI=7fi^t1^>{Q-gdT)C>%**qRG~x4# zIK?Ef<$8nOI{*%y?}r_Pu=8Bu>iR&e%47S&qRC($$a;4uR@wsZ$fy>hcBOuodzN4v zNPsnFTZxgV^u zo_yIc`ug^V5(!-~hjIe{2HxtY0UP#pbv6<$J9Nd{PyjZ9T^6eaGmUZAduJ%M-tWO| zE_FMvO1#Yj2^N(>2%Frh{}I%QQMY>?s-vo0uzgq8t;0r*jEZ{WiFs$>*xA`jF|{QB zLsli09Of-b;&|CuHFffciNhKNod@z*?d6M$WPAHzyzgmC;rqiBv{bwM_hLSVeEOv~ z|50T}91vfwAoNXY53uo8kKc>FFDHNO$lbm!>Tlu4AUOJjR!}yQr(=zNh7uNPbyf6e zAzp#2!Xk7LRVE}|Oz`enCgrYhN>C|}~k*6gUt=` z-|wEB23OW*dB2Z!bXI4WctQ<43g@LNOc#*m>1pUmo)S`0%^{(9G=wj!Pay2d64!Xw zs4mfeZi#$ElM%+8IfR$ApynQqU3+5{s*?l@ZtYIx* z-YCi+ABKBoQ9}0w=ZbDy=iNe3`ovgfBnD6ZL_s#X+Xk34X<+Ni6?Bu%j0yIUc|>VO z9=&bB?ETIOhi^;=(oy#$aT zg_vBFz%Af!2(d#9vS2iRnsqpO&+1#QRAqo`!Pvi}hGWkyDwsL8#+k{VIOx^8S{*+M zO+=GIW_>C~_6AhlRJu_4FUf~UKzN$sMOv1IWDQit7#_g71g}AV>qvDM_K~%2w)Yxb z=B73lv0>5IIUUe=t%9B;doXybdw+0uVGs$Vs#uY7`$~|{@XqXilXLOoq>;SI_Uz{cMhjiqc@nv2WN&Na;ydZiHbj zbUxt$r@oGiCa_*pQ{O~Ru16J2=(N*|s`T#eyEwr;6^o!? zVeNthdPmk_C1{9=F^7%3qb*~kX!U(sr_<;pdatHyJsp- zI-mDX2k1A(=i_J{7&lwQSVaYVKk7Pt|HHl{&~+gg`{*te(c??V7pJaxmSuC@Pkf~x ze$uuwi4LEESG4`Z63Sxp#2i9Kj&TzWpG!W7rkEL1OQ`+wCX17jd~Y8h_~BVyCZy8B z7))>?r^RY!{cb*0B>VaJ9P#$n`;(K=^4j(Qu-}|(qXe^d(NL(2;YYFsclf^|tJi=F z){D7WTe~2hS%o6tCV7o-IcS*jNk2YRFD7PZ|4@qzWzHXtMP_Z_W=VHm(?(G#thjox{Qb>MmeN#A0H_|nq_Nr5bVM3jhBR|mc z>XWe4dx&`gU-B}HJ8E=SBPMe1{4|(e(@0l6x@necm4^O$PA6xg{zjyucczX|jf~V#ue?ZZ2Rt|Dufp!%a9+1q`{9sHyscrWH=#^ct9fd=eW!dKjT_~PIQx5 zTY|#@0IJ2l4O=A+QyUw~e9tXB9`E~YHY||c4VQ+?pXC*kK5l-INq$I>Ek+*Bir7}san z*w`76wV^$kBjD)2HkXr8Jnw7KI!G`7NrZGBc%N%|mD8h!$aH}toqGPw-&ng~iygP8YRbPqc=`EIHI*7*u*G9P zh~AeuMjB=OQP_wtTdn7yCaOc))=0KbRL+ufaOltvoJ?rcw$MOQd190_Bb65IWBbTp zE)VVRM5|+1?YP&}y){*f3qrO7G?|1dGJd6t*+^>~Rx+QTy=!c|myIxl2@KJbr}%$N z(K(#zBc|$afeC&Vh$f2I#RA^mWY06okWz&a_iK2I%x72`1Rih;z2D1i=x}s2jV)|h zRNzOV{3A^Q4%V*oaej(Xl!g2C57Mu?>Jll^2fEdF*7PVC#0A4E)yl7DKtmSql5S+TEiMI^P)c)%4-t(MHNh|+;wFfxTrB#v45)9Mv*H{zLtyNdN7A}?^*%b$^M)7@}raIWZcY0<~yIlV9r*>Q!VNpE?>5ZT^F%kA8 z?2WPdty}tZMH6{!4R1Z>99dopqm^^ZggO`+Jw#r)y^?=QaWshBNI=hbl!brz(%tcN zU0yfsy@&O_DNv-*ERn}i6emig>`S1>E6{3!hMJYr^XB)_5jUOld2*2!Dk__pBIAToE7Yz&Lq4X-Bp4^cNHEE|kM3S6=J?_dMUGSN z00;MLtAlLtjcW;iBoTDt&5Iqa-~AGH=#H?1n-vr9szE|bZ~VP zdq8zv*GsXAn>8zVf}3RrJGl`TuYG{;FT3xtLRR4Geh1b?PO?ooJes-*pMA5+%S`(P z{u~RBAXGkG=0#gWgxttf)8}W}lt$PIE~f#;eh7!ET-i^)t%QWNg|4UXUWY4L8y(wO zCeTgX)fK31kQEe*{ylZK5S&q*CqYhLk|eNJB zx9;Ll{=TpA)yRxGa)%3#a3prcdVqeKW1*dkJ#vZ_@xC~;;Ig_j>J6;{_I9G$L-KIh z$_N3S^7);dcxJ0a3w91#%x~2uBm?EgBr<<$0cI*N;m+|UU!nx$mY!bH8S6g83$o!h z7Ln7Q9;2~yF8Hx+=qp#*s|^p4H5YN!WG`io%dW8~MDcx_M(e43-(RM|i_6H&{6I+G zYlWJSWp%EPZjE6(E?9%<>&*> zqBQ8Te~={n`f#0|VY>%T8}%0?@4*A&t;PC!^k#KFECp>Si>wKGNW*ly3>wrvusc3* zf%hMXwCfY9H%b45kq1@SmA-w>rOTQx#QqQN_C~)Ih^sTD$XvV7(?4K@wc}Ew`IU?= zO=*GJ+)!qYyj8ftPI`d`Uj>6)Q>U3dQ#hD9X$qB!5M!K731-&3evpbq;tW?Sctp<1 z$*~nU75Sr~?fbZnt2Yr$uFk9=4X51OS3L>8X_l=*l~M;$4Em=B{6={>&5^nMU(qS5 zM>%%#qrCU0$T$*+u&+; z?Qt<}aFBv+ErDR6nwRmzzMfVzk8X8nEyUt?P8sb%2!#1Ykz<451&MOL#n=`w3C=j9p%?=#nNlAq zkJUMarsyouFK+Qa72WUYRgh)g z459bPY0}X9zQX|EVC|{o)`5LfLPZsq0ta@|avQ1!%~6TQ`=)WR>XWkd@%i1&bC zqCeZ2C{9t1Sj!b2C+QSj7__u11!5kDvEBLek@ZT-$uyOJQAR=OlpZ!I8V;cmGQ&_D zx=hr|{=tMi1&X7Pul4zne9RBY{aic>wolr*hh77&(Ye4)%jn?dJJED2$?=!Hq865ow=2FM3wZ`djaKv)K=-q31S# z2^bW=2$%SazPwQ@3?ksPID5(lP}OU?1cjz-YJ2DK70wDSThmXq_rY@>P^H+2zlkSz@GZ7wVCW;xW#(%2$iUmrk?{aRHK}-?eqnWz{u1 z`XPD@p6wn{C}N`3xo}Zo$ zhe29z7)LY*?Tj;~pz7MZ;oBU0bERHNr|#4)67Dabep6>Clr^LVG?EHW!5;gXoyVQZ*w&Fd|f-rBhJXLVV z;hnWy7?;kO(G@UHFT08B*_3Kv@Vep8NxkvLq6(D0w7f+Bks}0TZ`O&+i5>c9nH8#ys4ZATgbEMZZ1Ay zrotfLZgkfCO6#i7bFQm_3y5j4qoz(V3kgOx&6Xlloi=HGdKtzPRml zX7>|F`%-gVIVDo_e!SXusY>G?w(Pzp$)s;zzQs8ve5z;)#sIZN z7sBu}T;;4f4wJhX-t-k+tJ-EB_ogN7+2*vUK^2;2x7XO;QrO8e*g=@brRB>|1FtG9&k%!O8^7-Ubj_q3I-pUN>ktsrqlY2*GuZbE=8Ucf;@h;mYpc`ay`Kv7EBA)*WZ_=;6aii|o zgsr#^loCCm;QT(o|7-MvkYz$09SxTU9ws@Hd%nAc(V#UmVIh&dR5}|fCLusMXdJNc zcCTxD?bTo!!H5UmAPO4?sBAf;tsHfzNPl)_2GMC4U?}Nu5HM=x=D6QvjHk^&*``|E z*!K7Q6&uf^1Z2Ldzc!;SYEm&I`+!R+%!nR1JH~%o3qhLf(|i$c?NS9 zh-JlNkm+J8HrDmBOmzMAW@#%hB$n|(Ea*hKtx%Rv!++_NK)Xgq?c&dRz zUlodQ1wV^5?wi*ME@QGYCuaIu+YtQ+?5NL4^(_cI(Vbc?Z}z67W75C7)MnT2sBU8H zuvNN;>j_W<_lh$K%A@Y}RMix*8>=E)Io%n9%5~fz4rj2fey!)lYh-zT_9nl_oIV=- z_!i-h@~PKP6oPQQTEVQ7wQ9YUTn}neq4oG`{&tB3{Sg|MGgkao{w$Cda59?qWycQ^ z?vNELdaCAp2^)?SNJLY(E3@xDZg^3GwDad6d;oBBJu+x8S>C_sZhn#bB*ch=XskIL z?yWDCslQ0`!HI)Vy%@9!RcwXC1Cw{a=EniiclZP~NG@2i6rNf0_Nqj}9{-gaIv6j4Jq$ou;CU{SuiX3sZLb9<(S zeV@Z_6uOCIfwH^IpT>HOsLF??yTFe9PBa_holDpEgk8>5eU%u|-=yZt#O-i7TP`Ge?%(SNNC1^qZD(b=syCAwVc>XN=90 z+}=J|3;r^jDnqdkf?WE0-gWVusIHFCwU@i__Emp(bY9e^UUdKRQN2Yh$DVd^mbGSB z#$fl9ipSjHx20f9XUpy~>DuW8X1O>OvZJ-zGCCzI*_P~r>=fe+Ww8;xsMpfC6WxOx z(Op$5190*p|B}$q0y}_*79S+wxs_m1Yg)3C06nk}BoU%IFT6Bh2#T!bfcg%a%!5r0 zlz!o1fDu{V7fygnbm#Vu$2LAcbxlb(C1d_RY8~Sr!&BBWWHMrITfb!JDV%dgMy!R4 zhs2uqU1VDwL4P$U%Wib)B+^ryHOky0af#_OW1yJ}>jjD&sv&pKzLpu(Cw;$=rqf{D znk8Bz>Dcz#huQT=o9^YpvRp?yctZDD~YH)BhOiA3o4WDphdu<^nW^_KGAZE(W(WzZ?GiW-Ea4!S$YpW9|)v zWrG$+#KTW~H9RF@YEhd)MkW3(cl{Q|TbxX-q0{k4>k>l$CY?8SXhg4$py4+{yJVv8eT}4k&|<4}oLWFw ze8W57Nc-fIjz%YN*Yc?-p`lu@0Y1g2pfgV*l&dG6AsMLL;_kZ6N{rL5RB+Ok{;7(MGVar=&LkV)6rnE)ir&Z9?!j? z^EeV2Dy#0nl2$Q#`gpAVRZzrQm!$cJ%4eiBzd7oI8uy-BYWE~u*&uQMVfgu5WgAN> z%dcLd>(5UF#8<(_rY^IW*ad}JBjvI%G}$%(Iw27Wt=n2V8hy$yBD@H!%o4z*xQNh} z2}upUMfvk&5eW8xa6-{qicp30hj+KTg#8zm?7CQb-03oDCKn`D9x~diPhEn6%S{fl zp^1a9Q3LrMsF(RtJU?)cb^N?T4Vq&AUV$5hLVH_-Wy#Xi#T&oiwcVAc_(14uWbxMkcKX+?#NxpN~{73=SGdo=L|O4_gBN_DLoV9eK(a*E!{L`Uu#2`MxwJcP}f0EKh~v^ z9+`UEEnSs4`L|?IYH9ZoNz)DYm!YLZm15W<@luwRnK+3CTEgEF{-zf<-UNLGm8M;_ z0RiB}kz^MZicpm18hvrS7+n4(HZi;}Hj(%Z41rgpA`_8|^!19t)2uQJPb@CvbT-;T z9GKB9^8RcC6p~WF9&pfj9$|37cwd8`YqZ}whC|J#4x67OhgBEWTSL5`*4ER!n9S+D4QY?UdE&l; z7Cs=FHA)F&YmVVYzk#7|MTpQCge8P*_EQQMoLTl58Fp#A)l?`Yu*Pk~;~p6aq64x% zat#hzHn=3;r(;^OtG|aKqd&>CL2XK%eg6*3|E>NK+V_3eVc5>+%D;s%2F> zd1C(^n(~L>m1T3$+^|2@1U0XJmAm$Xd%^aA0-$+5D&CMrVk@|p7^IL&)`v9_M^ zJ8!{R&NDWnRde%{cwqB^jp3ayjruC*ke>L!srm?$kk&q2PqEsk2h0ENmL$QSqf>d% zTKKIbXR76EV}%P%ww+iQ4Y3}PD2-nz;xw#LuMJv6pSYCz2}~YV=A8^Tcy)@4xh+E; zkv8-(tkjDkSI&2Dwia8-<51ywm9JTRBDf?hQ&F1&I!wg@+{V4sCeVx(*oD8~B8^@z z!4O7IY~O^Jf2^PkC1Rlnx7R&{fE$UumWbvKSq3$z)~6``_b#r(rhZ!ECda2)mTqLi z6CbFG7(0sp_k8#TB{B%(i#c~>GK{sI)kksl*dx`mDsqSM!=Ng~HnTQ!`Wpm^p| z22i}9@Y~-i=q1oEz`9Kt@x>FZJlUp!U4s9+rMth%#udck&Y!LXKm$MvFklQ;ou?0g zdB!!-{$JNbjxSg3+(n>o!VoGKxItg4n(LEVEo1~*z{&lg!Y|ubB+KPAcP&?ULo?Pw zP0qol?{u|f+mooZq1Q6n9kp}1jxUq7fSv5lJw*!tn4lGdPAWn(fbe@;=`E{|2AEqgGxxWHos4OZf`i7dY^ig#Z%-6Tn zena;~QZjSw0Dle&-WAN+-UkC$7T0IRD9Xt5L6aW3woj)WrXeI^MUq`?R~qDMNwv9A zA^-m)L8-%-MIO@8=#hdKRHh5%li83I`~5;#z^o!l>vMNS;YPyK6<_Y$!Bp2udaK4` zIWenTbtwG{_H-W0C!{NN)j{sSlxyJ@`4Jm3e~k7sW#kIpZg_rp)iQ>Ix|9mz{%9ii zVXQN?_F*m&*aES0Pa?%Ap&9-LZzW($IE=t`SbH!f)F*TYC%Y#F6Ip8=SN&Ve(30 z2+Q36YsCilFUroq&_3>zJBLi1N#h>qheN?|QMUn)Uxde`Yp)c`9vevMlOcaaaQkOI zh$_+`!`)3S1smBFE*!*|J^kc_FhsB;5~eF{3K;4sCh8I4KSEMJx%GG?95Jcz9DP6% z`C_Sp)avx57ZZp>-|lgv(KNl_h8}kKvgU8LTBCB1KGuz`M= zt9CkCLCoF=2>;iL8J{Jm5H8^3zwOLl3Ky z|k|XPv zsz2oCx@V`-WsfPWM7|&p9^*gHkk=Jhc!H~`yyZrE$020aHk~+Z$5+xC2(+GY`KIuU zYcz@>PQyc29FRPoRA`S&q+dy)@%o3z>Bfy`!Jvt-^t`P9>WSxZz3>pz_Qyjm<@QgD zMb?5QqJKDpYYPnuH(Dug=qp=xs;LgPz6iQmpfiA1RVd~p+0aUTvq-nmW)(tp zG2(wzwQt-QehJzvOQT-~pMt&*Kj;A=0XxK?Jq0}xc=}jg=7tvnH z;dsf+6fyttAx842c`p$7fUqnW&RVh|zsS)ie~|uRJtjeNRGqP`+oo1BJF7Qm)#i<1 z+js3Px7wVnP2Srgu$anJQJdm;DSwK)m&e$hl4s`gdOo_^GrfBaq}g)V(f6|jNW^>@ zQX|{7brJ}WdAP>!)KYs-n)MDIAF-j;$4l$PtmbxT$@lcWTb%-l>i>kNJ2+tALn^qJ z(!==39=^ys^r~V`i?bN}t6#u8{I%5tFq3WCVt^WmjFohx3Y&T>1$?1!royGdaxnKrVK`={v1YbJ`+FG=KEEonPW8UeSlhNK6{<_RoM1&&ehX4Dfo!H@N&YRm$*^{lT$Q z|Mdqp;rX^6I>o^AMvtKE1#E(^qx$}aXny!785(VF8?ZC+{ilk6B1j*{hHD}%uVHV4)~vl>87X)6|GNwOaYvAWM6xxp_B&fMEN5( zuz$wfrEUSSO3LHKK_A~`uu|tu^=1JxZWkyGGVtj zx^5XrIel>Lv1>gsgBfkisFSIpv5Bpxy{91D$;R$^G7iVt*~{D$HyEa@EhUaeE~$prn5F& z2-OX*>6jl`Vv7TA^Yr!-a@zdJ`XYZ3o{Ww2Dr)pc(v`k@l~!3Gb=<>o8CuFWpWn#6v&mmck>6F1mkBV07OUFa&i{?fEqYN)UQwo%LH3* zooc=p-(I|jLg+Nj1#rzD;WgZLRG1D--GPxprpBK5`l+PqHuFZ-#l3slCbl0nPDdU_~nElz5~*GT1)Q!}Ym_21VG!nN#2 z*yrL93xC_pH#E+_PAAEuT561&t6$?GyIOEeq-U@Mq(P-80Sw&hmoM_jNatA8x)y)${!G z&EKzYr2nh&{QXvAbB)VE^VO^W^@@M~3qAUM`TN)JT1~==l{@CYfwKd?hA?}hi;Hvj z1M&4m?L~L>`XmzkI}U-{&F}8tycO`!_dCaJBK<9DY3J-9Nokgw(yCiGiEasY=TqVL zeC?t3?z%jYI0`mRjur7Gse|X8%z7q9VTz6yt$k&sK-&ObGM_@>5jg7V-ccK5PRa(pZ)#TZi z%{k`}acQ*{mjn8qRCjLQX`aiTNU3`M!!Pbe{9S#aKOb!5(qf!M#%!$G}TVCngLHGgDHT&WvHZ ze>26wadeij*LAKBo(yuzFE(cT*zq_$v~PER@zoMs-R*4iSYk;!>%w?siU9ocZT8`D zT@xQwy*K8$uv=jIzQLVI-oMI2MpnP6`lvfT@%S!xf8sUx7GJvK<&+bBJmw%lI#6el zhZH(5FCSHH03!1W-ufD>p5I0ZJ1=YRB$diu_|f02+QQ-Sq!e`hz4>Ok-1E<+Im{n_$10r%~2Xy#na z&AiyzxxJ{UEe@&k+DHi2u{`uzO*+0gxu&J5px z(PY<;B#^N4hU$N|YlAzi*6U}_Yn=O(d)H27>>mZJrG7*iJe4+y^{m+TO&GEVSfx^7&=WO>DcFn%CK}h??o5f0kP!M6s!F7dyQ^ z{zLNTtz%0!#0q!xH0rw~xlespZoDm@Rqgk$dEn|V`86JU4t@(8HfsE{Cg8aR?~?(& ze6-{F;*Y@K|3}*8z+mD(E=M9KhZ5Rfhv5$RkYEz;c`uL&Xw%A!-GbI~12 zNh2+dq;xDge`D>vPkhfgpL_1P=iJ}@7ln7dbB;O2GoI%ea|Nz#(vWq;9F?7y7SZ;} z&vUJLzAWTI%Wt5v`SMD<6!Jr&`p_c!XMknb{^&q%bK;$rj%MD&8xyna4tnUnLhRse zSiS1xBpKlzQ~QGRqW5tZ8*7@3bFkZMl{ES|{_Nr0bTjG7f%?j`0Yv&ElgX{#)u?B} zIS(FOwZJ5=IO4)|f>$kuJ`O^M@{ZFhccSO_P*0!I?H%@LB1%r1rzNr;OsoTev~n*XAt2FapIvObD4ju zKC!%kgnH~yMeOvZh*BLe`K%mDwrdx$>!&;1eLb;Iw79jz^QA%8-VqxYceHo-PSbJN zbx8#>h{I(G*vx**kwVx2)`6@F_eB?jmtnzS)wU>>?8(`*xXpgOxz(=S`pw=A`OP6AkUV}UF1F_PVzcJ_4!Z3RJ46{ORaQ@w z-V1GM7h8*aES2hdZZpu|y1dK$_V?+e=}YdybtNLm&$*Q|%LZ0D1!2~km~73GdkQvj z!Wd_9f5!3rgd{I{j{cZfbj8lW=_#>TreSies^a?V0)-C~Q`i}iCiDb zU2j!n^zJXS++pdnEW@H)R!2K?gZY-n92tukhCf|S(@N}!bgVH`Y^GS>+NSY7Ah8+A zLN$E&{^b+P78O60(9=RM^7LgJb;CU;NNV%KPacgvTzz!bhv(D%w4=!WUfnNJji~cJ^N50`YOkkjzxu9E#zhnz4F8Rk4uGlmZZH3 zcY^tLCk(Q-)lAfjt?W`c=w!}J4~MUAR_%y0IpjR_=x`?>FIoJdS$=j)`_;>WnShK8ya)zQA|^_wna1H3tPH zGw0y^;CUrKfaIVNG=FE2-wQwiGAD-nq6~htq4zVQf|6opIJTF?m1^vH2JoN4 zu`hK#2o$E{;XP`8At~FUk+J0Q+Iyd*J9WdPQ&;Inp>M&R7hX-PBnU0HQ5`k4miqZ) ztD!6@`wJXmvRyAK4W`0pODcX>x9c`+T2uDbVArhfZXcRSpdTx?b?Hr09hbZ^&O{~f zv{wr1ojGT7TMNgMhUN`vk?SPZdzzp67W*{_?Y$Hux%b=&_e^xZ@$CD^o!qO_v2{@j zUGT;y{8)#)Jf)b-nvT%x$t@*H$IBDAZFQV7VIM9Qcbdi@h)(LnzTwrkQff{9$Y(Y( zQrQvTsc%%udihJJ{+<1=YQ;i?>7PIDsARauO<&f>+Qc{ZZV&6c!A(x=9kln90i=9_|_AIuB zwnlUks71{M+mK+HNru#ScM1?6uBN@jZT@Cyq~44 zjDmfE35$5F;M|SujC5U0R~i=`6}bl#_M_SMQ)rW`<_QPebavY*zAd_qBzcxcm$NNxd!J_EmN*WcfHRS=*ST3JF!}_cG=^p9$GHlA(G5!UBb0fA> z8wiSg`;0hlF{@Qnq$`(Vbg+Bo4$llrpQJWPiwIf?+HVws12y61L#qC@+k83Z0jCr+ zc-#`LK3T;TkhmSzr{72t>$mqtL8eC%wCum~7^{v16v|X?q1>s&vsAd0UgSw~^i^a8@ z!*cF%Vn_H5VsBktc%6!(oC*52j+|z7%HCd=3``veb{k(g%=x1FhN$J-IbFgUWNA$v z;`M&+(S!UQ@n5r6sC`WW85dbXeVZ8z-cfz`5B)b_;djBVTkdVNj`cAI>;Qq`8ptuv@GO+VJuWvCmYljksvVy>5>J8F zm`X~epKXKjvbUSMx=7kI%*#4>A}}XJHC}y387L_Atbcr*RVA81GU>P$63eg@{@3ds zoxNn}d>2b!@yGL7$6vOUb!xK&2?)#Tx%YTF zQ&Ys5zg{Du<{nYXhi0rJYnOB%yn;1)XN;42hW3PD z;eL#-;NE=gue_-?OSFZd09xInxB9fNfR`nPVLfNGG+EI|dh5fOBA=WkQcObI=yTZo z088$JtbI5LRaIORC8SIZ9wjx^w}DWm7PpsKq)mPyJ?s^7nyRVN=MB*W)#`slb4mGe13o61zMrlpNhS_CoAC9ZMx(=SgTjVcK5u%Wy* zY{=xkpIY#Gza^yh*1AbMR|hTga@U|YYj-!#*z)&grD}(wsM+TAm>G9yB|}}VFCV2Z zN0tI4x>|8iGV|W&cSA9TBFBN1g%(R5Y!HEQr7+{z*eZ!ywsNY+vPZ!jhn@PIR3NS8 zx_bh?>8x|6Xe-r%P);h9<}Hu)f*1)>z(A ztn_g~D%y=k$hm7=NR!NYCr(hd#%{g)RCG}9L(_p~nFb#Ew%8*r93}EaNCtX2_f~am zMp(|{WKPvK`Y~L`K5@Nx?}n7%6(?meWQx??V6n9<{`kZSpif6XIj$OJWDgfpTz~LdW)ewG5$76j zdpdbZL%N2l#3r&+7)7SMASgG9%2t-r(|bh%Hz0nqw2jz_<&!g4pKV{;7&RxjWWVey zsI;Qi!M#VR;p`Yg`g1lcqGklz1VQaoFX7pCm#`?T11ZKmv$&(XW-`$}{%Q+V$93Fk zyc5sga&BQY%i1LE3o2s(nN%o(wR+YN`h?WBC!9FgtyMjzKb%>CR8i(?j=NKn$o$A2 zfkBS`Qvr*W9^}Ke+CG}lG3*I8EL)P;4dQQhSRjx_{OgwNjT@Ng(`FF_RRZ_OgQF9} z1qch!rzTxhpIPd?HE=PsUKqfj<7=mnWUA)~`Sb>@<9a({-hV9DO4FpI;a0r;Ywf9* zeEOqF(IQbEzt)&O*NFOqr-@wNTGTc+(gv#5v$L4^^?U(K^|vwgj`jwaU5^7|iM`qE zp#=hJ0jGMUFJ8zn@##GQ-|$N{%D5A{mZst)m|b__BO$Ke#bjI|)tVSQ>)T2QI3``x z8Hf#Rm_Wsa6yb}}k^V>wq{y4%wCro|+vbd+P$fNhk!3V94WUv=;QN#P)lcG^#;0Gl zp>r>%8KK>XZ7ps)Z2pkdxN)%vr7k-eDSnW~h0rY$L{NFkE#36X+@Eg~l#uo#6CqDi zk`{4qQ7YZ42sB+C;9*41XhZ9p&S}`uC>JMGb)HU&lZ&}QCxDn%Y;uwz`37{iA+y}J zNo5YjW<4AlHfj}-oq)+KdpB6q=Vj&W7 z<#-+Y3-{{J!rk{9$$c|3acjjR>Hs-l)|x5nLk4frWe(lEmeQ~9$Cwqq5JX4X3*3w^ z7zv2m8zbB3XCO6dpKDdW(yx@QE_#%lUt%-Pb;-^Vcvn9Eb%;3-XzBRWty2OT}z`?^t_Ts@z@#2p`rQ=piu^^jy zI{jGQ6eH0Lk!g4J$vuA4(WnDLRcYKi=0*XC^8Q{G?vCR@48Be6nTpi|&wmUB@W%^vfHW~9mFm{Qr8%eNqe}FuY^uEOQfQ+Vg53rM%ZQ>2Z->keBWrM$7WmFY zY7Rop>P=9kKqM&ZjLTM7)kr%lt!2Y7Y-{Y)CXIx1L>@Q%ORyDHzRuN@N(twq7wYK8 z-fNc>+YBGiCw1bwTNbartIjPbLayozz5=jE=&0goZo9et^~PJ#d{iy?e*JcH@5$LU zO$fI#=YA*0aVK|1J)jn*r8+oZ>4W!Ehkynt`~-zwQRLlwo{_}<>*?JAV)`khIt-6x zy+iBCG;Z7=+M!e)W1{-CM4m%*m7jCS+^zUN^e9h3AmeCs{RK6{s`BS+1mLiOej}N5 zB@tE4ovfaQ_xCRa(66tIR*0L9)d~^4XDln5NTApAx4IxLlB~r(HGNKUg6$G+Gud!> zmr*g63zG`f#`kHQ!lZYJYt7Hs*HM-&Uq2p9PdI(c5goeN&QI`5-0bn6Z>aB>a~CPX z5CnvC@K@#nc0piEMg3gAEAb!QQ7l}U%=wrT>PFfbhO`C`I#NXNbefEMZ1GNi4xqdX z9hTJ|c9b$WljDv}|H9Y0AD_J~aqmRvO2jd>-QYb-KNdLZxp`LPW4$)u>pCG;4c1Qv z`y&3~!BKoRwe)_brDf{SypfLJb_#eHqO(H?0Oo{k@B9MR4krxmttvmkTM^r;n~8mF z?2#66^sHx>v+)Rx%SHJUGbaxc$yo5VHXKJjVXWV*3j^P~Xh5UN}XNeXgg}jT| zR(p`|tbQ>Vg>Vg~xJQ%B%;xjaC03z{x&!GiJ5$=ZYl=f|tv}GIof6ujsyK$PQMrej z?a&YT7>O#x$T6#tV!DJITg}6B9-}6-lf>;mPznPXUHy(R*loCa(BN>J^-P72zb)F0 z-)59sKR3%gQ%BNVwOhM-I03C@SXTh2o^_D@x_{~wo9k+gd%CW;I1JHa2(GViVyFdc zm(@A-i3$g8s4wb$bkSAb*(vMsrAP7zqB6ZItC~iy2i(%ti$T%1 z)4!D5=HKH^Nf!|PSU>DK@oCRnwYyulvK|Q8`lL&aL)*(6q34JxIhND*?r*1$`+2GVRE;a*x^Rf2TaCv&PhNWNtO)BQNTJ;rsu}3lL!7Dj zC@(rK_LZ19Q^6)aGrr6NxTy6ApNI#O;Fa7$oZ7wNM5;)5Rj77NOVEnV!K*vos1ov} z!RyR{Y|f2~0d{MaVl0QdX#X7j$+gWS;Bc7IuTe#;RvSDL0d=Ri=?}!QX6T0u6tLDB zjTeGJrg8DvcW$kdbLeTMm21cWK#Hs}wilmGSS-06|7_EsQ_L6lCdS5d5uWD;22RQ& z>v_iIOo!eLa;R%RiS6uY&c39A(!U0ML`d%)Q`Su#(oQmMShbH;#R+!@zkHgMGsD?> zzq|n1B*6QUEfVJ^Wgj-Xai6qP#6PA|ebges46^ID+}bE-s!Mx5v9mo^0A6ahWC8A* zyZIMTr<-g(o;ni9=*ut_n9DeWb|ZcNsilv)|IEzOAIUeqjUQPUvL?{SeVDST^VlpA zR<7mL=M8~V(vVtgdNyYSq6oSwDvO3VZ~S0Y6(j(=T&e`&w@-#&WVX>u$2 zi|u>JCAbvn*B=aT(-37^Zz>Q_P^{XH9EO&eN1)xHSGp7Ok>8b}92ruL$ z+=bRd*NdZ*VO=DT0geUgJm1*2y`|1Mg2Q*!GLwVUqr>-I&Pb;HfF;0V%LLXQDcyZ_ zHUKb9K`M2)pscYQ4*GV@Qf^T3ng3jR%f2qa<=&W821s$CJ3G~#C3lKZAyRy5BH?B% zP4*2OZTgvh z!ETxTIXqGh%^RV!!QHA^I#ZwQD5az;U;4c-aVBR}h~vZX2{IskUN=6Mbwt}EL)7D0A zzuee1h}}e(^WhlJi55|+HEykO6|LkYnpVPE+y`2I+9;mVN$+z()*Q>GLnJH2zRQZ z=T=nTB5scXq&U_bYUMnABZ5j)@D{A*L&kYDEM6O!G-U8DL|95X$Yi|KS~mzf;3AnB z27)!!rfUCDCYNmz3EJ(nAE9fP8x0H9l{-eeX`f?TwSLg+Jym(@t{^*zXHKyn#_D_w z6ivHUF_-N!1r>j!#v<^=iKS;8waGwns~~gM2>s~d3dDN1h5!LZ(4TRu% zYNh*hOE!@UiOBc*NsA2Tx<-}o;b&`Os!cnNK98#=rHDgUd;nD=`rlJdw-akViH{drJ1J#I9eJAF?0 z(eKS4O~ROE)gLoN)VH>DaGlA3_j9;i4T8eXlJGUe4+~OVsK6EV$tAHM;u@zaP*u7} zp2D{f8jx}VYX$lHZ2#Q?P@DkltNh^1$^BEutJUNyRqhE>>16Qun!rm<{tJ4uI>%?C zA@yV+LD-Y$y}h2$QLNe-Q%~l5P-_MPz(}q%foYkrsk2_hs;C-s(gK8EwK(GT>sKC` zzU}yRPOkWsOy;kD7Be>ve@5q`FBnC>;WZY(J@p{1#x7?h-RH9$d?;4!^vw30+HDFD zh7P~x4y~b=2#iz%2*(G zZ?H0g`rZ6`|5|Lh*RM&N2%sD7T!LTLy%ff>S+sPlZjMJ>)QbuMVTPMLnb6Ol&8fGGje_H- zZ+(>VFm_+-IqWoOM$RWAl>qNpU?!uGK28Ao=0U!lnv|~+Qc;{&25=h+nsW}QgwM5^ z*ay70%qfBW(e^=Xr#g1H?V8pKHwo+T?=Y?>@hp9B{u+aK4z~Dlo`XKmLq_Q~^Lc9s8d=F{k|kBT@+* z8>6K~X6l=Jh)oN5%*Ha7aqHkl`+_=`1fiULa?8C6Dky-^>3tVGNbD~5dipibB@Ca^ z33?@1{oKJP5sV>P3bjMwG%B__xMhMM|AwvUBVk~~QXW{C`;Y&aocMY3tO@C~r%tY! z^z(sJ;%--lGqPXuWEGxX#+0nyuB?Z*O&9ci_W<~G!aZs8CgyZ=IA#h+tk}(ucT&56 z*-BT^*ZBzQxq(&8B|iNjtMB>N2X*3yzdTU1@{{R86E}E3A87~F_+eKz{)tb&CaGe~ z(Vo{)W4n$TyLDp&(5h^?9gMe9Udr^+#?gLjk@i= z0R6=zDJ{kJa%FtIDu=JGR=!sX6kz(`RZdh^D{V zZOsJggI0=t7!T$;O)D_`_jy1{f1561pO3YGBt2bfsm3EilnL7esnw8MwTet zgJV3T*FAkNAdC%takk^^Gid*qO*@W7R(ky9^$LFh)v--?$7&$XTT7C~3Oc&@2m7* zYvOpgr2sA(^YOga(hKNmW>bw%fBMf3AA>ZhG-I)ED2E8r@9e4HGb~Ln{CV}RDItG_ z74QsVC)biSfLz0c0UjQMWy3;|?@~QT=wNL4e#ItaZ7=`w+3IQOhbccDD*aV2y3*2Y zKAQZ?2R7aURi-Ub54=>TF#WIiDOU`%Acqa?P&aop(_q)#BpTCmDdHr8=xO0^gN<#C zz0S+>>DSK;V&g2oP~^c ztB7;Fq%!sW`GIjZI=Z2flV?zWtftKrYnb0o0En2?b}vsfoXY_mDK>uG9r)*G#U)&@ zCGbo$fd2}+r~WkoY*9c3+lzZ^aM3$0@4pAfli0X}_}zc{U@f4PY*P9|NiCRVTZ7*y zB4bnxq7~*400DetRC|U+tk`q)=zVlCK!x?a{(Yifa|WSl60U4V~TwWfO2PO z)$qx)?}1$aJB{Fxv~MRr3C=Co`Wy1Q@fgRS-+zXOxBH<})u>-81dk-a{$x%G@8AE}Ah#Z> zn#;O7mos|$)XS9zqg(EGFIqy&b1yU#r#+TLD}yTTpKJB*@C54C^oe9VC-&Indnw*7 z!=jT72;t|`5v>A^@#i3eij7C8T;dm(c=Fqq#KV;6qNY3+oweweSw-bw-^6^QC=ld; ze1Lqr4}i*>mWY*pT_J8?It~m!N4UeBjppv1pAYr9=r`@3=7;mYSYs2-e zv3q$L@AN=%DLR=jh?i<>VbdFAtDTb;d0&_!h$R;*62%(a$@)-Fb=$2p>>0P&(C7C< zl~8$RL)4)9g4qw(KvYgc;ln4PV_uT7>`IBPEcX7!AqKO47@)2eU4@(KfGynIF!_Eq zLFv(C0#dl9HFryRCeHg@#BeQiq?tc=z#-SysTVX!>P1T)U%w0p4T@`oL?Os+@yM78 z&Erq!!6vA=@CDxv-B6(kRzf~~x=dPOAC)oh>0fzbK@p*vmHC>lFgV`pSp8uf4q_0H zv!`n%25O19FA&l_tecar3@O}v_651-&Ua&@{AYTAL3nR*I$__wd^FM7Li(}k^d6KI zZ;c+IYn~|CEk%@}KSYo40d^0}7-6SxXsUpF6!gp2`)29$ieOzb6!ZJuN+>PjA1VSU zYW;IB3kOA)AMTI41`P5jD$+?P&247{Ea37XNhL z4vZfZ-qmcY>GGFdBI+IUh-7rUYTE>{pd&G}hMatG+fN>)Hg&h$1uWXWajWlv@(vVE@HJrbcA%?8-4%Nwqh&HT z&7oPH4?WSTQ!kCwuv2+t`}|ct*jdnKBr*rWFn1>_of=qQz1c;CORh>buMt24719oz+neU;UN-OvTp|-=QZ3hobv8j)Ns~P<`lUh+d+B zE7IWfe^bffcLH{skjpY$M`v9Zo@fRd86%@5Cr>EXnuKk@>>P${DB|)RxjIJIc6P~K zOQybk$`a;%LYH~{g9E%HKU77uoJYVx)=~!zZFf}L-e-`lnhW6kKmDO>p~+_MJtPD! zQchW%PsFoJ0p%<8F#2;_071W+fg@?>7T=GJXn(DQxH~S^r;VOuZFij`hA|0T!ucg~ zSMWY38fjRp`yt@|7@URf0>(pf-jSaf)~U71OkzERwQkD0>!HvJdEo`QkXDmp^ca7R)Br;>7nd_0hC?bKUE8Tn5|xrQ_iQak4--P zQMXKs=_W$96-3SHwnvW&ae?r87(|n5kxtzv=61!BW5R@V)#Z3}%vWp!WprS> z779z3OMpj4_-(V{>cst`t|NLqXm7-SjmZxC4{xjr-l$`*i!#>8vB~_|ZdOq8S`r-M zraUyeX(^20dEli}!V^;~FCPSd1dH#hAt|JzXrcLQ${`l`>FgmFB|~%POPpsX=@>J@ zOUEi;y5Ktd2@7twOw+2A(5gu+eo+m5xTV02mFaN@F z;Y;JebAmVe17G*e%Ykm8KDYM<)Tk?ZlasqcEixL$p7NikJ@ivLB*-kzq(y}yY8{Z& z6{Y3T;f3IZ4SRGpY!;1Corf*m$i%0Jpr>Mns+*_C!MIFTdU!l*LZJ232; z#sJY}fg%;v%m;K(Wb|_~nNODy3l7|cYm5EM!nh>G5L@9=G86wI%_9yxVJRu%%C;G& z(gFo=pa**++ZEIRuPL0sU??-`&1bDni9r-a?*A1wNqLzmTu;{QvLjjspq0@TRRdbE zH509n++4YHjBmW5N^Nl^ah41{>$0O)$bQ21)Y-8U+^5(*sfWyyMIG|n1oYa&r3WZ}0h?vP#a5X15~cgiS0rTv`@Z-l#c#tml$w zk-7(s-~t1Zvtz?O{o!QTc_}MU8vzt}{77dssoPF)8HDiGbLYGdo9kOOZYHjNYf>&4 zq7UWkB@V0DT3|iU9ITU(E_y&5))Q|uJu8ahWY*w%V0`YPNOf^(H)>E1%~UoPF3q6P z87JT_bZh(LJ^~hbt>>V;XTIk44e^tZ`k`v4i+FCTcedE+YDHQ^FLVd5lF+iCPdvlQ z@#KqCy|pkgw1{i**RT`A!eiC6By`KQ<)H$_%j%IX4Gl4F7QPESrbs`h z*V=7$qS~V9c5`8my=Pi^r@-JFB%Row7G!lxS1Iz4=Q3(wS`N|yNZm=(U#@eiUPL;A z-B@0xrnM%5WARCkGxt6^z@%OCQZbEi(-Dxq$q*4&;z~ zEDo4X8PO_yp|o|eF$m8=u5{pG#!Dj!Gx`cRg54~xv7de!Qs|_8tT-ozIf;7{{qBeH zo6kohm`9ACxXmpnG^#00*y}_af#AyuT)mN4?DKlYzxA!QfwdOOdFw!9-C--D5 zV)yl9AEYWX=O4fHZ9V};o*8>%IV;c&nj3WGPKz%XZ=&bA;mzElJky?CVRZc$! zb0Q3tSJ^9^XO}wn?^RQ;M)Th#V#HZ6;+>ryH53D@8AOIIdJVg}&!IM&AQ8xH6}ZoE zU9=l(@w<;^;DgQKtke!!HB;fmIpsn@Fj1v>aDlP*%q>zP-zQw_+9B%EN##ns<~=hF)p zChOPxt7WBN%^EB+jVE*{ly%_qF6-NV`tT3IsP7cV7K{AGdebKaq4hnhEpT#>wAUL| z5hdSRyG(2e0+>1?-MXuL8-%;xLU+ja(!fs|?+c@h2ER6pz=)t``&b7-tJS@Aa#cH; z%9Ed$3W+?_TrzrdL&Ei_LRfZkzL{7z+hESs(>jnitZ1_Vs$?(eyj^cF&H}$nI-L1! zKLvThyB)CW%bv#QRm8bmT=^C+7n0iOB~mSSytT0(Uh!x$ z-4ZFhm7W%$O%wbWgm;aGi!o%FFZ6LP=I^4O_nckcj6=|=KHZ$IjQ*+e20Jj8XTX@K z>);6!X$x#GfSrz)k2d}^dn$YQ3vJ%@I=$wONVFTv=z3SFVigWODj9XGC}jH3SsmpZ zJy7S>or5N_CytkK9f-7E5AdO+#9m<|`uaVpQ2GL%>u!c4+PiQl^CGW!K^<;*;HEPh zk|ob<*b{qYwQhg)b!l_j!>!Y+F29UCxzfJtzqIvqX2iK`UD99p99!#4Mnkvr8AOz$ z=RxczXQ-^VSwhd`9{=RiBTLSV-g-c)sJpK*F~-iys1eYvt+McYKh$ z+PI;=4sN%W7T!)aDcD9icqm3QLPP5Bk`d5k;dF zOr~ZrEtO5N8PmhSa|s;?=1U*Xh~Q>GIDzKxrASz@o#b`8$HZ+4zqFsX3*;!AREhrh z%eD%Wx=_`GzeAhLxK%@aYxnTJzJ4(`RMoMo)|M}kv)C(kkLYSs=qVZeTH>Hd@&hymky|f)4xlI;#l5z zgz1a=P`M_k)*~Yoqt#?ZX3gBo8^0}c6arY_p4I4C=>vdSEY_7kdF#Sg;wQ7o!3D`m8_djZxX$}{*Qb98EI`K9Hkqe=SpV($Wp zDi>%V&XTW)n?;0J_2<8ThrnI_mvQo5GioOd<@&qJkLI-9w0Vz0%fqd26do`!#eqgp z7#9sO!56BoB3-H6y?e4$d_MC<88(Ro_qm|wGd3~KRDIWLi|=br3vyI8QC!XMVZl); z=Pryio@$r|WYSm#L$4V%^9wL3gbEECEooOKRqS)u{A}WjbUjWu4tE;~4pvR+j7hA~ zl5)vk$Z@xjI&4m2X1TiW*&cLdOF8l|p2C=s)j)YY#Ne6wmst9^<%R}g3t#QioKm<$ zQF{c&kuTrw3Qwx@2cPrGgn9!Og3A`Gx87^$a`QQEixfQ=tyS5s)uJ2}&eZPjh%8Zx z%}qUesE*{raau3xthqMu7dTB?Zk_%e#e$Qe{J>q1Rv#E4Fk>8`M9EHRx-#f`je-4W zzdd@PvI1nyLd!=tb4H=^mB${^h}-9D?bdZo!OAOeCRVs+XRqNf!@ZdweO2n#dvjH3 zJzu~X6J3{a^2q>ZP|MsE`E3W048Ar%r1D5=tSOVV{wUU?HzKJ0bqx$QYVBbtmK}eY zOIJ3lre^-IQ2WiadUP-L;>4Hhbud6#1TG87z);9Egs)LH*RS1f`svLT!?14B5lI)m z_SoyrN)LB=JiQbD$ox%woo>tKPmpiYHs7gS-(Mzp%J&8Ep_Wbh9;3QRqEzPU_g1Fn4>I znkAz?jv^RV24bgKOsysD^zX|$9?nwPFoCj7e^d1{OC8?jIsjfnogw)p@{i3 zE##pSO^bA^qQs$-^Ay0Nka%$y6$y5USZ++*Q0mIUV;CDV{Wd_ZQO+`KNy=cYZ*mJ| zIUBRLPd8#n*N`b4zd1&jmTTE5b|h4!it3B~WWC3)&^Mb>;l-=Ms`-ju?>RF3>1uxE zC~Rrph36JES;21iWwon-xP+mbjiB;Vy$~F+iBxLI<>lueMTaONj+E~=srHwW3o3fv zrmznQ96aRE_5VKml~23;X=t^bi$ac2bNgN4;c-pU&bt8ZBOWXo5iZ=Z`fQWQ&hhHC z#>I4tYBRT=lZG6y9JyR(PtMB z|8Lf-JNQQ5OphNJiqT?1HDQpn>@JvsifBH&)CLhM_i`Y53?~F~lg%IQ(ggi#mQnMY z`m3QReKZ+KN$l0jMw#&&h*@`!^b08+o{?&lmum*yTGv?`onBLyUto|r+Pcb*!asJV zszO7&R&8UASvNTa-FDwpK8O|9hw-PMiH(J;KP2@sw;LK1C(8t?i}U{~c9A>A+{aeP zrb564bgGa@fozn2C2ots_Iy91e+dk)oHcrPLX>-An>iE_thzJTBOsHv7y>@jv)WNX zzJgv|1Ne3GRM2tujwh~bq6QD+8&J=)Vsr+jG{6EcW)8+Ypk+6{88Si~OaRM3^+{n` zbbYkcG+0X#*&GNTp_vCVirs%N z9=oXt!w1>Vz)EQn&DFEbT%8TAgf;*kO2f*Y$|A!1z&*6wmLNLVLIP=pug9y2+1`Dk zgr3c&0LVngIk;hKi7K!;Jt)=cHU)guq1|SwPsk)2SnW>Q)wXjT@NTSUsTZugQKr+a z+1rS^2dXZv3P4>bI2~V^$~U;xdcE?}hgr500czar%3o1q#j#@pO)hx;@42KqeAfa7 zyBSe66;Y7u*JBcH2frd=x|ZrgUWZK&=&;$|Rr(ajmc(%fe?)E3-C2SutU>wkN5DI+ z7a0Q!`!M8FTBf0I(A6m{JF^(YO{C!`?*RiVBfny7L~1+p0`DCTw_3>HB}*Ukp1bQ? z#gUP$oe|=nG+{nNjwkZgrufo&?RpU+r9AjX#oTGCKO1g&00*Lqj@NusSjCgq^kd*2 zNXPocj*j;`n(3^a;bpF>G-E#~xRqkEu-cij5Q zstW=~!OVE<1ElT}Cc!?To?Wk8r`;ia#oG|X$+3HL4@cNue>wF`s;fQh2K~Ao{(}o^ zzh9-mt9kIR{-xG3%?f^g{XhLV^7o(m-~NUF;s1~Pzk2ZB&qe;jC9-+=_XVzN*W**0 zvVxd?qrLwhYJ$IsJ^1ha9Qj*Z{BQrE|HHq7{J(ne-_J$<)mi#WX8n&pP|C&Sb^G1)yA)@>aCVjb!7qC~7jHt@sbK9Yi+1zF`L-=aWS-_YnuLQx^!HV4`?;(j zj`Pp-KmW^tGx^D@R!sUXxMkv~YCQP_8JO!voEU=eFSW%shN7bx8#aMW$OEGtv^zt4 zqhp}4?bm`CdmLOoa2-Qlkl8alFW>dc_63(t5#Z5E@)KYZ@FE_ z)HqA#KfV6!R9SpI!Fj?cQP=0(hW#Vg>!eUQ>Z)NS<~w6A{qnSa{`!T_f^@k8l@T|* zl(iHCY(JfdSN+^?XP(Hv!~BE#oc-W)61UrFjd4$lgPl#9ZTdL2!wn-+cabl=J7_o1 zn<>LgjZE5Oc=Y2eprV3-*?JH7yPak6iLUm*QWuG_aPUExUeW)@6~bO)-}vK1Kv^9o@5nSi$0x211pHiJps1}qAi1gzZY$7*VR$57)b$=XQ;Tci z!WwnL3!%$86+VVgBaInAsG&RRLP|?oP~cW&JkmCuo9?$AkrQiD9p;Hgr10K8`?tI7 z76Jk*9tT_r!dULKXdZuN6?lpSLH_~UiSMB84VeE(0=bdy{ehY&ulFpqdj?z>1M_Ty z)rPKsL_iJ?=0lIgrd6OUdvUIA#ar@&NdDI1>wxfn>+cVa!&5~Fwcmn%x zzs|`SKVE5^c`2IPI>jR`*bOF|-4aw}Bv)KhG4g62Qu{jJNI_n&rvyk`c6k{e81iufAagnn>=D>XjULSm1Z;G|)jtA% zJ{-JG`9=qUqrSm3!mgn+a5srHXRzCx&t6|;EjT64oH^IPAQE;0Q>&RrB%eZ_{>!8P zd@}O)qu<8Y%gV{%D0Cxe=NVS$*F84pIa@Igbpir?KJCCgCeU#g1Bzd@Ld%Hwmw2x3 zZ1jS?uAzYu1ZSKpPwd13?-KqL>pue=ayonApUwZ0Uapyc zNSO~drL*QLUc=Yjx22jFpP$7G`W*dwKxt4$M23DHZ|5?je|Ti5sOi{!_Y9bw0lj_5 z!8OmX0VoeQ7ZB6wYYG_rl8kkR0hY>~gDi9KfdF@@lPx`<|*%IZt6aHEC^@ zU0eL>&ODXzX{xH88(j15FS?vb75R8U(!L}BvDjHdf!9#~uNDsZd*z}78N(=@7=%|f zyT%CIvPkXl7Inti+h--m6C>r(R}&_TLRxg@CifJtiVc z)bl{07sjID>Mt1jpB55MtW502hREZloAsgE4I z>Kr?2l8oGB(~i9`z#91Wjda`A-Zy-aZ!Nk?e(tX4vZ^(nX%Q{v7--cAR)O|T9CnK1Zfda?*=_=(pnXpm*dx!XozKz9o&|ah^Web( zK^wTkeMEubu>in>e9uk%hA4!Tm+n#i3zT*jmpRfHMN1r~^w?O)nykFb7F!85uv60s z4Ef_5CgtF8>U7+c$&?UfBuD#ot|Rjc)y@HwC5={I6H9~fIpQB(MG)b{FIza*h0QVE zVX$PQ26!NWM^|U&btF}c3!Q;G?2e&cMuEd!NCyestbxl$LN-A4DFho8c+SqE(rJIc z;sgWx+3#c~w-$tz#$?+fOY9~-{De<#^s}5OT1I)~kmO$~UnO1gZf|9%AL&ZtoSCc; z=R0ot_4=>5y|$gV_6`e9)6SSoY582M28a8}FJw@X6f>8fR!)YgD2Tg{Fs!$=(>>GA zuia(Yzb6;aznYO11q0iFdGimyf214H9ENMN9{uE+68jkVm>sSUD~CHY06$=wi{8Lh|APA=8SmZ$s(Uu@Jo>$5z3%~x*apb9qc01| zPBz?{JF3=3en79Xl9d5+6dvY6d=N%Or3dB{DXyr^;E*1*=n7nfVZ1nyFS38{oiM9a zcct^5Oek7aWs5)qqs?jg817#5_yx?`0-uLe7)&rc7PmQm`xiZdLsoHbR6N408#{h{ z;QEOCqD{$piz?^z4>qkiX4X8`&lgAZj^htT6Hn${rS((Vm$WSy?j_zl(f|L5d+(?y z?{)1z#;8$H6bm9KDovy*2uQahAiYT!rAY4`=7|kNDbl4&??rkamENT@R4D_}hF%7y zy!V)#y_21+-&*JQo^{^+XR^c0^USy2_jP@)I9aP4`{D4baG8q@(@zXus}k!31u@TXV2rO#eRKvj1&ruDI}tFs&y90nOVj z5gjE{(#4)dpYhhj+&$sDIi(CSpIq-;qTeT&^90f8N-m$9uk5+Kh_M&q7iq0v_Pc*d zrmDBgs=%pErYU{sNl_5SwPWrr#nOuk zxka&#^9FXfcSW7~tgH8m*mZ)96HW@UugKq(m@WL~f9;g1RQwZWG}0+DdZ48N)3xT?`Y2paGxxA} z@7J$i#nfeh*PYk=`w)_6;0gsl&Cx1n$&IgI{^Ag31tDP#8@G(?FoE{p16Ax8t1v43 z#g=Bp;{Y9*-HC<<#QMm`)bk?k=(QTw-3_*##O>Vx`v85paOSN~fyY(@enoGIeKfv5 zQKmOj%KK!>AXzC;Jp8UFa>1y-qlxl_tll+o`r~$-g1g88J<{#1yg&wAu5i%utj1Mj z@i-}bbR0eGCV>sFlxe2XV<5&c>19dq;khwQDCCjU$d#t*Oy;rj;?~u@TlCpXiX)3thC@;z*o|%>Em&*!|ZRBmH z_LKUyl#x26W8G*^%#LB(pfR+yyBtdNJw8kQ(@v{sXQnNa@X{p6Z=k|ogP)98EUO&rGX!} z`;bm~_y&_Mue$q6_2r0Vm?%31UKYIVPj}#F9}F4_$VbMwEszD{)L@@IIQs(IqB!>< z8(~WsuSH}BV{bmIDQG$VL7)?6?dGLAiNzq*9`yQ=Ts}cQ&MgdvK_RKQr9i7`t%N^X zSDw>vzC@RI)HNjgTpy_?mWDjLb3FS-?F%l=gqRF7fUGnXzZ&s$RoAFhfAzadX z8*FrNlEfmI*zj;<>ULAu?w{Ufwl3NhR3XrxD>oT?25=?;x71fB7(`LeT@Qn*Bq%k> z7oRS2IO-SGU)9MBAOX1ljABkbGdZpBZ`nWGag`5jcRN>B`Y*Y>B-Tgj$9kZ`-$2du zkWQ-1M9dqH1pOKWyb89+eU%L;xwJyr=<<6J^t@U*K zLr;9p+oi@Y@9)Sv?UT7G>z4~XMe6)~`%%+TEg6uEwJe9oOk``#pZC!y=@i}b?B*O2 zS{nrhFA#gwf~>ZBw0aUqZieHaTbI!tCLH|t^oJXof+acUDoHEirUt5<#3H(cV6q1m z*i@_uV;@>p(mSl1)hS)Ec?W>$+BcrOK#p$g*xt}~>{vdfQeCY7C=K^){z}Ao(pt@1 z^rD+m@g0Rz)q!Z^5AWf11eafyB~_S|RvVMb!aY+e9LtYOjYT0+ZEnsuV=oj%lM{G# z^Ch12mN&K1{(Y^vcniu5$&6&|il%Hz+J(G1Bhf?8n3+kPT zzsSBaz39p!+jq{@A}e}D7{e>i*w*TLN<>h3q~>uuPNN+IomhslaTGrA*kE0@AiH#> z8{U3BJs3+3K5>I|*tqm;Rci_20sgwuXg5g}_4~9mE+Y@kJg`7`8WIv+caG}4Gg5`H zw@{E!4@q#t=UVE^3~>9-<&!Eu6$R|z**8&=|1NJvu_yGn^<{s%8i*ck7qcfy!;z@G zAvp!468-ZIF}3dRqd7bJq6{mei|t9+!a4Ob@WP8Et2Xt;zffBr2nm5_QuXWAe`1v~ zSO?pvU&`>dX9y0&ZV|2~{>23|@w!61TX6?&{}gqg{=B&%S@nMb*xeBy+CwqUcJx-yn0e;XP; zBD(A=cUmGgGs*t?p2C~ec9Qdwl9i`L1XoQ_7r$uITF*Xn5y*Ux8YecCHPIiz=^Z!` z7Nz@6=6VB5RWut9^Nc2p_oT)9mOZDYF(gm!Y1b5-%bgwT3cUrSijYI#r6PY7&#K=x zACz_r#~DSiKhyENJ{}j(qFc1cjmVi z7C2n_CD&_!-UQB>z|4z^*vQWWZ8*N9MZ;`3E7a-5AXr&-sNE$_;8!y(^Mh=UvzcN+ zPx%sr*=2}UTW!)zNv+-cT3L|e^p~b{Ng@}r9O~NQ{_Q=2>hCp!`P+-CC28ByFaSov z@5GdmrW#sIVKd4R3sHpSlw$VDjTtCBM#J&PH|FC~dv&&*?JjSMj2gimEqlB~f&jZpH`*`Mcr{gToF;ft zdiu9<4cN>DW}DV-cVa3Q!^cpYZEI&@!;FG=$R*X`hWG<-6MK-mSU3{xW?$2D%n5R_ zK3v6TuCcI_7;qq`nw`d|ZIvhEw{g3{o!}gDvh()J>-G1w!@82}Eo{WMEa#SYK2lE2 zsMhMe2kN3-sf^sc{1~&(NxYGLXCh=Zc#$fzH%k<1#(;?2V7R^xUJa=KNZpZ;v?dR% z1S@|46r>E2LG0TE@1OF$Fo*9wSZH5MLxnYF>M*VW;W8blGaYeU}`6n{a0XAXZn zJn&`aPn*m|r9oRByh7C%$x(|A^9^m+CBM%a>-J_op6EfEUUXxe^;mRm1!Ihw$(Ic> zj{cm8pdGPuhP{6_*kxZ%!6$?zwlw@5|5Ld_F1&6@9{H?GSwmM^e_gZ{mY04ouD3D zQVe>dDkRdhn>RWdq4H_z)WqdBbkF~i^+`lmvA@n);vu7v9&Wk*)KA|c9YspIUX{Wh zxa9Z!_wG+X*Z6WFnXvrWZw2Y^W0c+|J#H@UZt_$g=*WyHAL*qgjOw#L+Sj-A9E#DG zex7%>>bo-xzj?^LAB`qhi5;eQg4?MQp&n)=yh+v`leIJ+8$_-ay&wAKa#;{?H-(I3)c)coWEf^Mk=-SYO8uB*R4Gk^R=8nU|1M`8eYBtD5@fg_dUP<+Qa5 zP3fRN07Vjj&Y)?JX%2**Rv*CEoTCkc%!E^=u3!`8H*U-B&XWeF(;%{O2FxDfJmVkZ zTdUl+0N@TBbP6)%jF7p2Wxa(xJze!sg}#IqPz*`XN0xdM77pXEU;=h6JUv(Y1i+8yE$gC+;5apxY-vw7<>4fi1Mjw1Y$?N z)X4%F>6B`++l@zG;RHXd@ADb_e#yUyN>>8!7mV}LO(3o3*2=el9tOZQ04{Ay5%{$B zzBWI3`xaa}1J0~{taJxJMY0FDGpCAhcW$U>3f60afvE?G`h|){_b2cN{yqh=kl{99 z4=uyhwS(lLr=4$zm%)6aXz{%P*>-`Z!FP8GaC=&ITY3)A4a)3GOT>OZq~k*oMNOrn z_Ij5G*D?r9KjEObY%QChV$>J}+#fSptzt`X6JJ~1k+W=q=SyzQ56#rg731f0heuG( z2LU0RPJt7S&_UBT&8`UKgZF4VtpDL%VypzY#hE|cTFwhh+@NBrV{P2;{JrO{_@7Eq zM(R+CGU~G)T$q-*R+5NQKa?&4ISD|=0cou}FxZW6>|2vjZRZAwI|0O*rFxSovKm=k zbfr$nWY~%KfMuBv7)w+@I0T(Z3DAFn!yI(*HYhz3AuA`)21OLi1lF!G{9S6JSr*mS z+T7meo}q6C?jjN4wlK;5Xu=p6@oF*?m}(nWaaFrz1+;C!zOB$V>aiZ?V&xu*VHpL` zbO@h$H8Sw%Aqko$hWJ%A^XMwYm<39;Ek|-!!K8f=(DY$(-f$NKd9W_X3nPcE!ClU> zLfHTJf;%YCN7k|Gm~T+lY$k)>L@6fInCFygnbrm%<28MZLDvc{bsqhqu@g1$`Gxca z$*n%YNb2DhD9tvnf==&r7_`8_`L^5JXARhHaA#So%jZNfVE|VWz!EEYLFPB_ALjLc zsi-neI2HhP2F_Vvga`&`)T#{xp5(7Ut_6R12p{zPM>Ku%ZPzsNGkDR1Dd#Ao1uzmE z6hAnWtUPyJk>A93)`htA*YRuGs_S#2U+b!D+wMEMIzc|Jn|KAD?Os^Gy7o$N^9`NNKrU|dExQ;{NxUpbf(1NcL`qS=) zWlmCq(0E^Chi|G>q}5^XyCcAaKzYjE02F8pe_tG6tz~0jE3z1>etbWzhFT5kiO_XS zN=lxm%NfdRvKf0w$LR{77my-@7^71gfHLJZS(FJjFzz)H;JSSe^9jf{*SMC1Y|<(> zyF!1(QzQc*#k9G=rK5kIT`2b!V)GQ%r&9Vo|NIrQhAGSaHOtNv=)pU#Mq$9<5xmGG zWDr!$0=W=ChziZ@eegiW)}GZEH#~5Q`s`J$H;WLyQ#=KtPeTf-y|?DIxzLosTfs#r zZ5Q&{&+rDl0$T}oy8aym1|k2v;_!^y0%X%@&25wZit#WztR%fahu5+iRpDSpdLpbT zl2Z@N8=xjZF4P*V6M!U~Cdsryc>+4}*PagR$Q+>;w1XU@#Ci_`fbbzBpnojxaVPDr zoM~o%&K9WaVHdL8LPmElXNN}z&ADMgWYjBAJhw9p$KecbFugrB`og2DL`87|8395t z{hY|Ij)V!O*_h)W)}i7kHH|uvM5|-wEoc!(a2Y@v&Ed48jLJpEATxzO#IYbl4PVa( zv^eniY9%*=K_OFw%n1?bVE1;W)R5YKld}9C4L$g?07Gr z!I_AAXC4+7JHD3NaiK+BQ19pz*j4!Lvkq@DPh-i$BW@@(ne!mb_Bmf9P( zfnNP^ZzrxypLR8a3Yq0NlpmwBZ>kIkT~>_3l<1%**R7vWRkU~2HTz}OREq9ZALGm$ zc<0!;DyQq)>|hcTrNBZeQrKP?3Gg7z{^SzEE>Z$EYMQj83&>-U@T92_$c`!Jk7)tP z6gYV^mGAe0j|M0P+r-becTAw$VZ;jZ->a3Em(nf4)(u5in@k%DNF=j?q*t5v zco5FaBVTwJPOBDJy@2idthmz`Z`-}kiauNnU`LBZuoxM>o><1j>kl-ryxpwBJeUmT z(3eCAP%>ZQO}Xw7f0;4nUE;Zno29p(2ufV3RKK^~mNFKS3eAJgQ|&}t;QR%vZc`zu z-Fy3jXuj{rL6M$!LFDZw>t(7n^sgq>yLBk8ZtG;*H2S#6{zt2RV~$k2r00{oRDJ(- z_1H>h(HlGI+~7(7FQzdk8V|EbX&EgWp|FlWDPZ^PZ@ zW=nsl!z0V&jWUNdgJRbhc<7V&?!6bXUdqj-rVLrNGbhvQdv{nym?zC{OcQXY89Yj<#`mj;_}xzkokx{~<|x>jrm-4?}N&h4YDZ)Nx(jFfrR_sLnd zl_37uzF3<@D3Uh^`gfRf9D4P~L_u&W(qclvC*3s5I-WP&X(lzkqg9fm;~CiX$O6Ij z7ToMLa12{z@a6dUY^zwEC+#!*3IeVTwv|}|QNS0oedCaYNbJ*xxM_xy&lWI7ZBPi< zA-vsW6JqFJ-Ma!Xyx^52P|o=B&&yZh+TDPR{#Kz)+x618m4|-^GeYwzQO0KK9Vm7z zl8E(|pn9|mtA*sVGLW=E!=ehDq5aa8fS0G3BETI8K-;1X$^lGoV+~Jb<^z2xpaB|= ze-EgamdfH5b0SQEL95Uk`mc@sy1!C|zsk1+(&4Bt!>?JPCr!j$nFZ%*MruY++p!9C zr|2UFy#b3a7VU-NXo}%I-T6MySjZJ+K>0Dw&WK8kDcCQ_?2y+hSmF|zdKkb@eRG2_ z?yMSZOPHiQaKYNJ828pJTJ4%)Wh%GBb$@x`SH&Mt1c4sZ-baE>7I++vdIsfL_y~Mg2DS zToiKAd-7q;DPydJiV01I{RySHuRnBYv9G(5-8FSjVLB3VP$ET@Ezo;s`JtdEfWd|` z*s3|DMDXU^l4~oJ#tT<4jd;B0KD!NVQF0tAyr;tu%FcamecX6`Jx(ferqnAy>M?6>&oE~(FYUU;zuQ&3dH033`S#8ixGxHbej(< zH>8-nM~bY;TXbTfwZVIO_1(N%gg6t^^J{WsE*XBnJ}!fCbh{xZDV*K`xhwg(5z1nw z9WwjE-dyO_KGk;`k&~@x8#H3NDK|pm`||JRFHW*OG%)nqRielYYO9&Wan;ULeeR-d zum3r=85z+a?m(do@$tdY*wmK1l@JZGLo52ULv zGE_U<&BSO@DfE>W8EK3$7bv-d_gn|EHR7@?Cil3&(FODX-REE!u(GB?lgtXXsPM`C zKbsrjsCA6qK^n^1O?hm<#Zx%sZMW9}%Gz^JiZtU**IRV?s!thTV~Ell61z2w)i`V8 zo;ZgQFohKj>CzIb;;?6qEHC$UWrmZc0a0#nUE&pSNkMNs$nQL2OL93&=g*JXaR!mOJrKZ@z`3cdv){k-x$2X)V zgqV!UOP^ZEj5e+~=K!Zz+1PS%btj?xEhYEE@bl{qFx<}h#kX|OtS_6C8N1|Q$gYMm zyaUGu(&&zl2_-I(IxBy8?Hz#wgtN@T|>L zD0&lHxJ#5>bAnyw_BOLMU3s(^*pN>X z1l!_xHR3j)!XLcH*TPHhR^;ScXR*jy74*wy38Z{HgngsggLE4tv%^(%O&}H4*G=c?Y0XVKU&@Uo5o^`I<6z! zenz0q*ylc}%Gq6QZcn=;gg;(y*2r&wl6i#2M2B(u5+H?CJ^Z;q zbb)nWBnsSR?OQhyXngmek3(P4AlSw3>q_5OPH14RxFEGHLnfuC8#1^sjZAnKVO)@EPL7 zp_|^kNDoEPAG^j;#6IxW@xA*@|Ij`i8cr7ujuES_r#H1#bj#b?*$+KtTOoZFZ$0|b=s=ux z@tOKc@rAkU0gdUyPCrK4KKdwnp4<14raYp8q`MWju0|Dj0K#(b#gJWhl{R6`)SzdG z2;E&+@MGtD7-~`!G-GW-sBgj+@>zs=aouLyP%L65VrRMrdK=ZnuTcjXd1SV4sv6#5 zkLs~%x1`8WmWZ#Ev@-wP-S2~aNn2?h66**(prCG4xs3Ft1i3^)y^V4oE(N%**bC_E zpKvMB38+8(OW$*y0QTPNEx_&vUfF+ij{PJq(g`PeD zlA0Qo)dWCNPpq#8we45j!t{bo%BLDe@9^$srH(kaSLPbGHuO*>eeC@#?Qs^ar0#4+ z+eYNP%_p|HL$xH4v1#;0_p-6yhmyYZRz#?dQ7>qc_x5MpMpNGtLC zVLJ4F$W-Yr+HGLTlr#?MdQ06qSA;cU)>8B@u^I_owR_>Y3I{DJ`s1d!cfIm+HzzpJ zJn03Vh2s7fM|RQs2NX6{IBmCY6$~S(9oAPaxZ8&k@856fCVx+fi2!+salWiFzi*T1 zsnZVx=)A9tIW*m+RUmlq-v(Iw{4OCy3yw$R5q^(`GDGpTvsXjlw{A7GNjQ{d;EV4T z*3P-$GxOYad95wNP{5{_PL$CqmtV9)oMzRFko1vypOFsBB~;yr2L-{!;rh4{8<+UZ zw=8-EvqH|q=q%dbvW-XVW<)T^XY)n~Q@&xdlY@wuX3GxY*c_>zFb6vo_>FdWpWI7d=(^@)72~ykJ zD6^B6@?w6eyr}{-PYyATzN@wWEVdoEB%f@#ad@tyYJq=b)_OLXM`XJ#lTKzJ8V(t% zY%N>*9>Um|8YfT(a9d`X%TF|YaO~9u2N=D?@uxu z=4>la44J}gjUwbv1XWeRxZ}p>QCn z7K`YylvV|)3|VwJpV3<60n3+?-}`q#e#)vI?H>d-RYzfO=Mq1fE5~RH5|csM=Ju8w zG1nKdkg>+m$K3VUD^SgVpQ?2P-#QFt&GVF^@=h`W5n z$HaYQD0ra`%H-Z~G3c>QHxCdKEKc8MT)c>DjW&TMb+0(r^a2VSEe>)9dQs_$ulilM zytBP6aYJ`vxJ*v7w7gpaBNZrU-=k+bKXT4?MH;^Pp$-rTc1chl@d8srt59*;Sg9s> z%Z1A}S6+bQ9uZ%9H=bzNw5;@mIu`=4OQ4RfDPi9Jb6o8o%b%KAyVxNC753kRqs3Ez zox+%!Has|2b8s$$5v?%cb7nHPO1xEK09P@QBeHarc?J{b{z_rwTvV*lZtgjQe4S7S zh~CIOME`{BU^ZdoeTY&5npNQR%g;3#p$R}X>R6ugWf0)pE`gz4Bi4n;ZY}U%53DUX z|6{jnJFZl|cF7&AZDjm-UC!IMrJ$f#vCy+}Fp*-alJcZ07xDeH@&h}~Jfd(9BRhY? zBI}5&aCSk}P#S?D2HAG)>D}Ge`XY7aq7PkEG$OqC@;PrRw=pd*=T<~>9C9tf?FCCL z6D6C`^M#ivLBtmi;uPgE)EM^zFY!SYSn0Z`$%E`3pGP%#==n<$7b;DBOPl zamg)__v`WqO=O^^XFhZW{&?L+!7h~8;(Y+cOw@N_y{LQ&(rq7#UxPdhV|Awr{}`ij zpsK9%Qr?R!Vpt|NA6)wElh(WWm83{P6GGU}JgG$|dBN)}X^aPL1KgZaaFxp-~C zDEtP!L34jRTEHvP=q}lRE{fI1MBtB$DU#s8DX2}Bl}X*VdG4Xymk(v9fnSYss(gI9K(944QA8u!zbL?Pxi6+Fnn_sa%UFRQaTGb6b6{Ydle?0ePPk z&JO@DF;4#PZ+yj)C7x0x3+TFEO$uD;piG^rVUm3Y7o|uA1I?6uR=3eSJE}UK}){%7ls0z$rjn_54F+?Rf1eT&DTRZE0w`Gps$q3 zQhI1SltTe^_pT_NRTF~F7|2dD^x>ie`C7*R-u`m)i)vn7qx<4P zD|GZBm7REOh%ISsM=vP88Z~7PbtpXBk-7&H2kFaOzTWlA)c0l?-SFN#_94;=dv9Uw z=A=JC`d7*cKYWze+I{7Gr$n;rkTCCzbeMtOh)@3pa`2j?*4^&|_f57I)mkSXnrORR zyhz*{`9cvtIe7~>mgr>v=Ie<4Es!O4U+0gjvEJJ*c%MREI`|Hn#RihOKMU6|U24AG z98MOvJeXByq5R?!Z`~M@X7uo%wDx=q}98RaLdE6Ky0LofOySvg&2nDjQCmWh6#u>@Zi z5RlxwFTjVOlDq8P1X3vlRwSrPq;M!dZPrL)ciOf5f!Aj^ee*CIYLY%rq*-?iat8T+ zZhavhTI+89Jrrca{Y;)&DCY#aravtUz=?QRWtU$?!$?X8e;M<1E^T|x; z1??VTJOMDUz+OS?UUhNb(oH*sGZ3AwH2}Rajsj>jZd?&sLQG}Mw4i09>9Vjbt>!|J zi^)9!qagXP(f-Z+9 zT`QPDdz)i-}HB^OE*=&|$=O=PtvOD*&zn=7v z$Hk9>rHyvXIc5h7K`h-%J)_*pcqu-HZ`_7)-hvA2XXpyM76<)i?FSKKP1j2|@5S0N zcAE8Zr=Mh5;d=e!8oOp3@;J!O8+8of_9nv$vx(lz+j3;yW_yjHhz_=eb{(Y40C(2$ zj0flop}6CkC8{vg0;vlmYi(V+p^_OGp>SoFAKX-wjeiQhMRxVGGVc^j?oS9OjR>hj zMeuu`FX~3ZL-<=uYDkwOMrG_x(Tu&sC?oS;YR7ps`twcX{G?ydh<=<+fi0_vm?vV; z13QPThvB7U;xHacVWv_U2jSxUyMAc*UCLO7J71r;6Bb+dD{ZSAD6(d}H>oc5(E7yt z){_1u9kLT6CmdYV^fQxMt!t80{zw-7mQP)>?tGh{ItbfhCO#kLA*w7r*ipsJ8FJM! z0=cPS;eS~e+028#iLfZ zVp|rD4G<@G=-enN|_KSy z3HW($s%5+dZlZ|x5b?b?B$9Z7^$~KrW%1BF$E5BtU6+@cTWf0mmuli)q6s!m>R+iv zz(d+mqwPUbrF^})zqY8GCCf3bSqlctQY|L4;CvMJnfVItdmwtRWw(nwF?QODb(FcKVhcC3cAYNxhu$hg z`CpxVMd<@y~?*XphdqhM1*G%HYv1O!64d+{%)AOCK*=$IMjW|PbW8pv*h;$_YrmK_$!QQ2@>InAj63+r=9*NK6vQU5R$pE9;hmr5a@Eg$8@R)W0_ZmmA zS_0iodojzVk_WK5DdA55zB*?G>Hzh8yEYMfX^!JCC;z`cSGsb~3vW6X6+~+-0*u{Ng?@Y6i`;UXXM{gBf1taUj%@rm8}E3Zc-Viu`&6AYFDW@O5DsY< zJEFbk0G@0y1h(NeEYzB3><0UP`MV?n)z=1^;(5R`fY})$*MI+r8Qzyo41T9K0^_HE zqHlx`WC|#MsI6@GM&y7(+-JbrSl!kevi_!c8xPrSMvzdCczT>0eY{#gnJite{yJIU zBg*9`Vu<)kF;S16_g`}QqJJbiY4*ZEIn1gCAmPjX@t}}`lp_u5gW_8)xzi?q%lfkd zJ-;31_p+ua9|?GVUU!E~`2AlBOEzB4jPggN1+dHx4Q9Oe$N_okQqssSHoL5AR# zLROebprrv5q%q{3!7BCOk45y4RSNmTu1}eme>yWM^i-;8Zzv*LZ$PxxtO6o}1)IZ( z4gSF<2M(W&*LQ&s$f8&{8CNR_DiSHdGjo`;6$?uzRg)n^YfaD^BLbW$2v0F;0!f_e zGYG~?x6;f!SI;VD)l-HF)%t9$QWcF)%3xx7|038{K z4iF6F0C5s=2gf+PfSDCq2@nR@ZQjUo`}P8o5hC>`Rir?doe$Y~x(^@_H1vY`uttJ*?;%h+5C~p?2(EkXn~%4#5Eu;bj+Ap5nU7;! zPiztP(?jRbyx-aaU|ly}J#wX_c7c*%#r37^%l}+R{sbcU@3@(N`0xKa{{h9X|3CQu zNB;Yk_5VA=_kZ}kk-ysX{|BG!A0O;*#&P8Tw{!e|#uknIBWd7&&yS7#7rp5Jkpmr} ztct)^_`iDMQ%lB^6A)4oqXg0yI820~RZ=@pz@*@P7q#UunZnIISV)z2l#+o4(hPl{ z*Ib}Q;#?pY&>Tc4nj5O&%BheZAoTPBK?htJfYN|Jb`Er8iqoT2yRZcQQ8l9^;0Qh` zF7u^=gD)>rwt2v4`ym$AREOC<6~XOcUi1!O*RE|MwCy4cOO>hO7#p^>M%-|7r?&c}Uuz%1{rk=IlPI^T4`VtM+kfWzPGC5jNP{wwxLd9f=J|YYl5)OV);K$oDcqF z2Jf_U*q3u>2^`z2st|uSB0b>;g5VS2D-AE60vEZVG)RMsSRqR#_cZMpS7J&r1)r~M zjA=%Cb2K0;L>vONI54T?^Cr;pZI6bu(POG*gS$))%sw+h|L`s?grdS?k11Yo0X6T= zD~QT5d?D&EmvBxHP(cvy3mWSkKH%(!^HDPS>{%m+l$_!6e)gI}ZD3*plpw`@{oDbU z?aGQ=o;d}`B2s{?i%za>cQU8?ER_xrgbz`o<~JIaI#ban{#iLO-v>J#lxq+FUAPFU zL1Sa1nQ8G}-ZB8q#6%mn#F;}&5{%O0Y7pIL=n5nw(8Nwl-$RTG!YtvQ5*8GOlc!yZ zvUZlC+z764k$=Ro;xh!=_0r@whk!!UA4dc(&?b|ZMN7wRXssJzrzin=aySZ!DaZx& z;%}6=w65MZD>#^1EDvrlV9AgOnAWbwPe%p$Fm8)(xU4(;W=LxToF>9^2d&?X%hOsz z8nN;;+&#Ro6kZOVQWb6~u(x9p^Cbc~9Q-uS^Swfx?EP&43t$tJqV0(LyM9saO*sbi zd~l5dk$Y3H?*rFTxItsK!A2V)D-!`%2>4{kT;$a34cA93RcI)~1@BTBQg+&@DNhWt zp~XI(^W0$wJ>8SfZ-bCHgY~jciCOjw z7Co3$06zlhvn_C|Egroi4GZ6<{{9pq2Vr~DtN;A)n&>Dw8F{7Dj@e-Ai*q<}?&K5-sp*H0Q^Js92FWB`GR6wf#Fc zfW$@&)G708!KMb+Am#yAH%eZ4*cQWeRXulPR^}xE?Y2kIBZe3$w(KQ0(n5;HbWL2jX?^pHTwxz-ZUBY0F>)Iqre>V$YuSV8N`9$_`MVq1Z- zGSH29SiPwk%7FEx^h5#$B?jOPA@fTLAD{XVQwpKP1V+{n*o7e1&oi`7R$kh%Y8B4p zb7!<2J*`0c_CrZr$OownX|Dh%62=E=Lsgm>PoB5}3!{P)e_w~VhT14cS*4QKMOgiq z@;^J>3cwx*f9M3_#JV58U+rY=6g+;$& zrK=;T98-`d5`h2GZT?EjQdI}~X`R+b%2p{r4R2lIdgl8=F71_)O>bG#{HtKf*2%SO z?x#t9Si-7=%UZi<(Z}TeavwE%=laO!vLgK$nVo$)v|BVyZ!#O4cVlox8tCL|JCBNi74_X{< zCwWwZrV}m{uxkxM7%yxl?afY=2ac`Lp?H=cZ|i60zUZi}!ZmMkYRM3GNHPj4KOA}b z5CH6;iZcs2aInYcWAzg#>CA_t3csRwG_12Z{w&c&zOYmJ(bYdo^-n-6Da<=R&Jiif z9sjO1x(*fkYV>>1>;nD9C^+Fb<5sj+=LSW4?8$M)B&yS?-O>jie>3wmG^O0waf5oJVa@qq>18Tg(OvbM%b$r5C-h{&~M&DK_2Hpx2myqC|XyG8* zODBc)0!+JNMVQR^h^ev43Q7rqv#b(9ft{W2{b-`ace@>Tw-*VPV{vz?@OKg{e0;6X z_MP(PvyYWlBjCafI}poIJi`T_1K&fxHI74@-p~?aT%*=8h2VIBc;b8Kpjrh zjf2-9=?)T2HL$Q@c=DOP;flL%6zP_xn_veX2QvuF09}9$q;@=RuY3jOD_)?GQP!j> zEVS3c4(;>Lv3#X4Q5BnL9x6;gJb6GgXo*7lAU#g3yn5}DcC&c~ijkv3Fb1W9{)#d7 zKrY-pR1%AIxz6%A&}6Tdep|uGW!w7`p&~z8XADYqac7KmK;EtX0V10*+@z0E?@=*h zv2sD7)LN4cGvC<+TDL7V+&7sox3A=oi3BCNcrW@tWVU99XV22RG`gKa7X0ibgA&Fr zA7FO_j7O7pe~e2N;AUtG`?-Be2sb=@0t_jwAdn7p7%9&<=Q-$qaK1T4rI&I?9K9$V}mir`yL6XfAz@5r`KW(gwab|gceu*psRET8-@ zb6h^`%n_i64c?*%Bj*8_@Npc~R*oV(#Ykq~UFXZq>ph0K& zo1U~^E=tTPL7rF-Ov_CDQi_F$R5ix*mAAFE*{ZkrHsq&0dCXK6Tw8J0u>|z`H*ZV5 zpNRq1PLJ;R4$YbA9eGRW94EjwX6X7@c~5vi=p)cD$iAh85m*c(u-05;F@-=}M(iiG zAvmRsznllE{jFnb_nQO8XrDlS-r9re=aLRI?jg#{yk}TeWX}GpAMU`L*>Z8WJ#%YS z!|6l*Zn5Iu?fWlHZ0`Mk*2E(J62-QRrhaLB zeNdZeuELFumobja|E@AH>oc)KZGc5D?xZsrm>W_&$+InnGvZW?^vAA=tfnvGPr4=w z4hv;TEh4@0!{4;?J-Y6>*tE&tBp_L~2|Zmto5*VBzALEjC3CTrW*~7aCg=~($yf5w zbd0)0(2Y2WXntXx4?i3xq~&@2CNfwlwgC$oPOO;(?Q&&$>Vs-f(&SYbL~iLu#H|FM ztd@|je4^3SLS3E^_wr7)`J!g}r?b-|fp0EQnIpdFl;jcP#eDtntB&qj)e}vPia(=3 z=I6e)bpLpFZufF)$WAqV%Ho+z>nwZO4DvHWUrmdHlhN5{FAhVv1sWqM1kex zgE{i@#+C}-!pN(2mOaclBpx!~DZgst%g}hk%P!ftHi2;@Y5v{TWl6qUyPcmMTg2z4 z7&-wKL=8J0_dFdCk?K;b`IH?~`|Ub&o^^dmoXiBrd-IO18E@$K8bJIf^Wmi<0$66dVy8b&3Btw9z4R&6`7@pZpBmR z7>^foAgOnc2CZZBQ>l6}PmSST>sXly@%ybYg^S}uAgYc4ArmaTtFC^p_e^lx2cwmq~@wTzuw5lk^RP@!UH;gY@sy~q5QgIu_U2NzFQ~eGM zDT)myanieK)8h+HKgfuk2Wu3^>VCCoGWhH>r#lM^uZjt}0Sked0ROsho);*~4E~iVCd}%XQ`I({ zc&_^J+TWRGL1OQ$LO;?ReYsj4WJS{FK>a&;74HP<-~M~P6{upNXBkXVGLC~Nwz4r9 z_v7!2S|kp&fnM56#fspKE2qZq$7;IzaHC_IAy6Rvu2TN3cy!b2%FRUr$A{kA>3eq= zwH_$vcx1GQLq2>?m>t#^|qr>%OmdxL#$^?3T|TsN!9X{26FP4yN# z^F7TMcXC%uHv7cgx0tnWa`$6|5+Z|Cr$OOm3h22O8ZoBv7P|QC+8DhS$BO+jR3Inj zL--1;AQb`V#&7|72%HU~3MDgl)D{3gt7uSwz)}6kuhiub*gE!92iBQ?(f&x8N9=)> zs2THq3Kb&6A1XhS!X z{}LR#ni|M}`RHU|@^BZFz9+|rYxyAopXuiqqXU!dR-Ts{j^rD5;GZj) zdMW&F$Y4E50jTCP;Vm_G_soU`OP4A5?VGwmfl+wJ!I%Zx^o62NwWWhWyf>~nSPCY>e#i5AEH-U5gsE3aqUrEn%GfE z!=guB%i8Ap3-9uxoV&f~SIO(vi!(-^E0a$)RNcblHiPnWL)vV>j16q9P3}fXu+vR*CKwR|hMdTv#ufL96o)(`_+?hj(WLE=P~>c1VVN zHpCcc7!9coaphqn(Z_m2NY3AkJTp~iSTd{YhiE;3nnU3Z7*HH-S)V$K+8l%}SETyQ zPM>EU*Z!E>I+PNY`MJQ3_kz?}wlwd%47!=#a4P9dE$dNu=am>R;hR%L5lm<3ZA7ID zPC)VTkU%*CN2bTL_8TfcH#aT{<+hJ(wQ%oVFZetat|=p+|IsNVDTlr@!K8($v^hS( z!)Zg2bw%~DdZ4w={xpGly2m(Mm*YRu>D4bPH5U*;5&bfKB)LZPe)G*t5nLZ{NKn_w zfL6&7-Nlhx^>-p^2)#;+FKRV#?8(!q#HrqI)CgefcH6JxN*hiwU_-1ILw%5?ll`#oHvvP3Dzt`$=q~?iI}r*g1v(JtMjK zD^IsM***hWgwEL`;I_wXXV zR3OsQ`!|QL29UyyT-b88QW1fSo@?>XC?SUG5rzp2_cU;NSerbfF%mb_`a2pYJ!r(>H*njT+p)f%AKGXiYV8*6c)W7 zYrqscBwEg6 zgUE|HZchHzn>(B%AHx=J*^$S)z;x3qWzJyveIt7FpwNTuV!a_>{#n@EquPy}NSfi( z#^&~j-j)T9b){XWM5FE*@4bM#fQJvhRZ>~HUgOx}$nUdN7qHo4&_mO9cfN>v@ysP| zF_CJmwYvS9WRNIGQ!Vs5e}jm?Ski1(`E#{9V*!CCsSlz!$mUyxYKGF#$GPLMzBikY zBfi^X$u~vzeXx7~(-rnunYOB-_+S}^xiW;GJ@z|9j&n%@BUUcRvSPuzf7wjtIB?DKV1!9mW^VDbTe@GGydk`< z(%|65;CkP6QRBYPC;i<4cCr5UFaqc_h42E5r!zRDRQJGt(2hs%wp{O?**Ikk{p;VO zL!_N}Ui1y9xOVO31wpxE54aW6V(tTD@7W-;yRc7q%$5bQvjGedjkv_!ptMGf+`}PN zU2thV!|ke8$TC{oji33|lVSJD|Do-zqpEthwqXn~0BMj$=@0~@OS%N48 z?wwJA#2>~6fO`^3*?UnNud9lotsNQdw!gP?QF+vEY@8I_*T1f0*2_tJH_uaRm5scT zPia1E>Yd?)Wa`>SEoWqX!TQYzGLiQnmmK9G+^QH3O*RL$&UW2NIKQ-J3UxMX%DW?Z zJBKK@dp{u+C{sYc&;rOcK;;SHxlTLE&fh8mT)fU?{(4U~oe>ex-r7u_djFkjpP=Bg z@a4TVLpLz-f%Rbsm^U#A_VQY;h<}1d(Vp!e;{$-`W<2K-*mk*Vc2jTrgN5J0e08i~ zpjS^rzcWx{NK)u00RDB`eC!pZw+@*RvPD4cZr-Baw+4N<-r$K&6R+ zdfk7$2gEz{=7Q>~>>I_uBGNnF&w9PdQMkPcVx><~xZ6wIzTm&XZGRi`cq@M=_f&Bh zm#-q8T6O#upQkL4d`<2b)4rIZ$UpB+1P?VVv4=28mo@EMF?X8u8w+Btc#>=!>9(sKtazO1_VQKG51q_Y18 z(exaI3P804BK)fqIqc3y^?9^NFbul=9(&FUCJvKVSr^8Q8y2~$V43LIw+eI_auwr# z@|DeF4k-G`HtqB#J1EH3T~#h)=z=j$Z|2g1vg2rFb}{2T-|xk!3GCVIGIV%9`bT+P zD(r$#Gk%Z|pi?KFo+FA^c>&XP*(tg$SMRyNjO!xt`qVQvOK$ zwZns>5iq`Wd=D=OOwEq-zZsfS{JRHipNU-BD;Na>+$`7uQwUUf76AdgIlKr{7QuX6j*%(KrM6*4Lg`aRD|HFY7qAu%_q}Ae zLqSZ&pX@ISR6Y5;Ok!vitOlr*e_JdeNJP7qGkUq}*fwPOgM5ExMdy`9>UM<_*nDH9 zaeXt>v&k~^ELJ*62gpe5yE?L-CI{(P(4`Y(u-6EHz8bS5}bS zW8n_*{k0wK*YmQFpfkbCuEgq!)8AmmWuZ^{6w;`O8_3Yu`Jj_07_Qk|kjrHOIS2kY z?5Xnftmu^-My0lw>vhz{zCyK~&?d7TH>>mM`_RY=T8{UOfJ2Yby)EKX`jK-i%AMnY9-f{pPR1;)7rj__F`m#|i*R{Z z^z>&J7_}RJCSkc? zbp*fcU#Vv1GoE8K*>omoC_INOfS78KvN)GgTtv&pi%9G4U+Ls>CBt-BpSy880pD+m z3ObLT$dCT#sk5Z|k2-EZ_(lLbv4;39UgEXO;3CKx= zQ^*iqs%N?l8@ba(?z1cNs=!puHRi#N>kw~mzYd;7-8f7r;z_{S2NiiZSftwVE`KX| z5^(s3yRL1OG4Bi!M6PQ)2Q7g-!gAD2C*p=!A9MmlZgw`Jb<@qrhqc(hfXf4T~o^{1d;ZhG!iybHz_(sY^f9&BlQ@-xG1 zOrWONR&;^!2b>YZ!PV4IowqLm#=*WCY)_JA( z*`{5>Q#5{%R8470%H&7#RlXpr2;z1=w|&B8RfL7JDcr_KU=aDniwg4rulLpK2Te({YL zm>=(m!t4!|!I~Y_e0VQT?W#c=LHEk$=w^(zc~CqkDLiM|>Y|GZqg%SlFY5s~yT0(0 zywPg5_$ce6pf#`Y)M0iBurn`rj@+xP4QSmoZMg^xk?q22*~r$uS=73;637JME9cP6 zv?UoYh7CQ_c1@O#yEYAacCGiD!>_2_q78bt!7T6a4+ee=M&j*HhM@WO7|eP#v^SR% zP*I?I(=z2zR$oloG1@gTf1Jz z88JJ0c6n-956Q;WWt$FnD@uKqZ>eg2=j^3#0Ior}ekSDe>H#VXZ1tt*e2{9JVF9_??-_(y)P0tDFP zwJZgqXQLNkHGC3mHpP;-SYOp1gcpP11)7EWqpK-|fZ+go)ch{n9)O#xAHzd~badRG zaNSgCaDf_f>ch=@9KlMh@HAf9Nva$EK4l-ESFE81jI2&%9s>ew10@gkn97%SSp=wI z<&AOsG=8s60L7q`gHW7QEWqsnN<&u)#??M2*2C1nyQE^*6ixvm#19vVS|*`ZsrGze zWI4caO~%+ZPOZ~+!MyACgx91MT@RO_++9!Yn~}MtIT**(Dy**SI>R!ZF*=QKBKbn5k-aX-eF*sZ|mW_gXN#+{P|-M+W= zv+0<3JO=NAEi1}z=B7|gHD~BLNK?LlKD64UO|5B-_8RXW^MXgB~#~dH+X(ZtE84U3FvplM@A-c zLH+Y~LLS`K<8fE45B1|xj2+_mU>$qaI+dA%6htG>+_X*o!K}Y z!uR)RNA3&37J0olMED|RsS8RM6k;)%Zv9?;xo{iBjrO_SZw1wtS|}*5@pqn=(~bcjs$J@+ z;PW=Jo64Xaj22L(#93nbsgzW$f(9}16{o-Zlm4XF*9}LxmC%;|RWg~HWxi?bd*5cG zPGamA3JD3Rk&@=b7sJ)f68y%+!j~dvHBBLjRbeJ<_)o6=hfM%~X2QxA!F|DCrCafQ5yI^!?V8ZWD<{oyKA7 zasMk=YAeanR8BRM^*$ZESIB3BGtah7(Z;!6Tsj;%OTi2KhzpS2<#{=m>oWMB&2*`J z498;9TVMfi0@$wKIy(dnFHCTgvE|>Ky%qJJ&YqYUi`Nno9%es*IQ%HfHSe4_&Id-S zbhLLz2}*DTx?aIW*7OP|8XBy6JkB6!r|}N>>gh43A!6E}2Fms_n^HnKBn0YlojlCI z(d&-aRn_#GvtNHulX=&^scPOkFqe5r_glIS#ag?zZON9(Kw~@|7bOfGNE+U2-u|1x zqoSZlA~`sj=>vh>CPs(nE5Q@umUE+a9)+apD}h&i+4%8Vo}6I%); z;WUVG+OHyyx#}uD*C$GdH+*icVf;TF zLKm1%o2$*>a-s43{NEn(BSwP$GZ=uzuwqZ&_xfzPa8f@e&bq_ccvk{PFvI#7>->O} zO3p-JEc__xkApjDV7xka&RuXP!_ZOw#Qxnm-9mY(jOd2C>mJQdgUi*J!ogKj^ot)2 zxhm14Q*~)}BBR{9BvSBA^}=Tk%Ulw$?R@y(y`BtDv70`fL{5r|H-f2veio_|U7AJ8 zi6LU~?s_w5^QM1Y#F~G)|G)X$lVrbWdY z?yh|ojafDF3vKoNUl01Tn~)$rncp*<*YV=+v~p7)S{b}~nwb^SZdtWzDLOLPPAAQi>!2qTPO(J$2_aw7^zrLP#A(;6UJj=?!lTC84Q&0|0LIovo=?NQp3;bh^B`qQ1m)kBSZ z7yX&@H&(mdCm$uQCZBstwDnH6p57~gPr7W!A!MXHq#(jB4I{8Ez(F<5=g#M9yVi<(?%Wv9A5kF9Krwg_N(vjq$0kHU!ACVC%t56j?~e9w zoecVW$okt?i_ZP~Ub(*pcT==1JmJ{76N~ct{=e}h|E=Tx(`li9*!lnOFZpjB_rIO? z#zvuk$4LM0j`nYz4ElGB^#AT?|JKQ%f4+V%25KghIIlck@m@RZ9mT|7HecUod%X$^ zj!TO)?B{rH)fY=f`|x-&X3E4Ofqi&lH={YaP=Q|RkxpcKM7!M+)&~FhgflrkRIH({w3sSHx#sMdD8duMSSWdJvPa+d*NEKw^ChC7u1hH~{bqK#Cgo zL0RF`Cw~fV9>ijPs~8hgc8N;DYU>`kwu|89FcRmNDON1QRG272NYgPVCtG?Qzi#ML zw4sqT&f~)i3-48&{kf!CZB&97EtR9)L}d>mc6Q0!wsD-6eSGlXzdslH7Y`1^-xxt3 z_t((

    =JJ;)xo(z+)Zqj@zbNM+Sqocr*>QY#gO{(6x-ACFP+%|rL=S<~!Xko_d3 zBfBQ~8wm*+LkpYt=iMKMJ+79z2lE5T*zd>x#rcs~>Sa)+l0KMnpM}^1v&q1l5#(lJ zVQ*0TvN!#>Wl&gv)oie5yU7lRj-u8S`3Ad~!dx1=Pt~HOhKoO)^dlG>kZ zYhDqXMptK7B;X!q!M6+F=fu(vbTQ{QcCwXn5tCG1xSh=g(fVo7Af8KI7Zm&K2DfOH ztDB)EiDN_d16BC^G~H^=*;Ap^dj+god&hO;?3nJDTStK=j7?N6jt_yl1E z<$LzO2%t(PWUK>@noJVa&na)q<{HCxw%k7W2$7a;2>i1ynj^gx&#>EK+%M%ErTCU| z^<_F6MW1GAdXg0l9b}2*8@0AK)Ic+5Fk}3)xd@UbBCmV9#w~ER7FjoXNi7CXI6Z&L zWOH305G^`iqMK}M7g z(gJ1cCN%KGuKSUV%VN)!Q!CE&P#?;uzkRBX5%~yFa?f6?t}pD1ytl1aOAPt(esF%D z{8JVoGaqv_SM@A{=?T;yw}ZUG!sMARy|e{oMXQs|a^E=|S+_o|!{Nu7mdPe=9enHV zW$A@&-}Y;>mop!BU&v-zH)7Fm?0i*Ja3vqg?i$>CFWYmw@7BNYGK(*YS`G$QybcSu z*yEhdIU4m6$4o57GQ`!R$+TNCr`3!nb3gU0l=p6+$B}V~aETp%f@pMG3Pv!hCVbu6 zcC;ucDUQ}p0^QFCt1csjoL9W-Qtv?8dWO0mhF!*ApUfek$8vn$Y&(u>a|GgFLiUmr zgZ17~g%$nYF}JJG4R}LM`TF50ZR~V&4kjJb`j~Ckxl<;iWW}%;jEQG-&qho5^4itt z!R1c<6WN5h-5x!;DR5!T;9R8~p1tsCSE2aujP4k*&9`?hZdUjF$YEq=DE^`u;*IoCjHfI~A&ucRZS#(sWp{bugykv|kG)W~ zuqJYy3M%yZL2Bo3-5g0mful_AyQgI*z(j8| z_d{!fcB~{syJY`SwEbspB4M^rm-L#2?8%6?UAI%?nH=e{NQm2uBr+A~_d zwskvljOn2v9~M+;wn~Egon`{3V}E$JYrM9G+vs=j-L|!g@TI11%u1#eP8;Dq{h11V z^|yqC*t!s1bYDa=q%Otir#bXkNb*z{mH0#zdd{}I7RfLCTK2$@4EPG+>cINPgw|&s zmAUiEK4;lmYCrcg4>uPG?o`uCr%9HM>;-szQW9IxyN7hq>t0s%=v@(0XI9GEXWZ!t z2e)3+DqbF6ppIBqf^rRePM8SMyVE!48<#eIZ{b0c^D}bD)XhdKq0b|FVYoBW`#fz5 zrjy6id`B~_^PP}D?1S@J(+3x?d3=jL;1)|eEsSei#3^3)iM%Ffsl?Z;dcYybB^Li# zwRcp@=*Nc_S8FxAp31oj@oGYO(W$%yhrjmnY$0uI`-4`Rxj(~%sx_kC#HR$|SiY<( z_*Y-or`gBGAX}G;a$U5j?@sUkQN90X0vmD0RTQLKOQq#VNThCz1HTGc@F(WjV`eC| zw@6OL;EoqXWFD!vi}^&>tAE^`u;K7^vw1wc*}&DwmhW~laT2K6CS4Lp76RAj97!0E zA)Zj++M`4-;I8ur&h;c_`e@4#8coTS3zBF43WvFGQipIo%dNHkSyDMABSt7^bZ3Pj z>A7DB7m|$4F-rg8+fLqd3m)!BZG3@;6O0c06of6F5vr`O3e@ZNI-%74VV;!79U11% z{39bJRH-srRdM>OIIKwE%i971f4`D;MSOE@gMboT%>>t(GW#D zYFhm4#(5-|-m-8c(eL-h@6xV~0DZr2GEFLI$SPRQRxQ$PRclmpuL(o&-oHp~KoBZe z!h&i)Z!pn5j^ygxEF2Dh{_}uwu8GU8aY^f3*SqZbbPrWGw9I5OHw9{ zZ`}&{fi_J$G)0}MC@NT$+cy1i{awUvt7K^=xR8U=(Qj%pBaT-ju4hZ0D`$|c9T`>& zZseQqn-G!7EOf;?6_EP5@fg+2*+O{S^qLb_Ur2#!otA$czI)rJsI;79V}27@inXGt zSE=BKyca?TZJ+!bwkdx!Mq$jCDnx5{zdoQ^MI0dg**&aq1a17kYn2~5s=dYgk>NG= z=qKvGzRrpZ9HudqDOPSBY+gq*Lm)8BbwDFHM;$?|zHT6!Ng5;aijMy49UUYHO*m=u z2dr@5O+~!sM+hsHia00ZZjWC0Qd1sR;4w0Tm-|F6L9~`?CR=_}6oJ8W z4|%`*tI@)EcjHmQBJh+pPefz=+*V+xF}#-6!MLJ=Oc$s99(e)amKp{_ETMIV15E9I z_yeoAF*G0P`YRn!p|P%56|m-hO!bezKmVhmvfTa*9g7?B?$*El@`E*FWJ+)U1pe~X zyNevFdgKSm#Qb%Pwq^a^31*>`k;BSyle@@A(|_o6dZ***x?dZd_5lMyaP&gMFrBy9 z@IpgZ`bI67JJQVV;nr%H?7c1X(tW~XCytwe1p*R_noHK zmgnZHI;<#%85m1dm%29$Wz&Cq}4;m)o$(Tka|-x)9!$&NShYHz!Lu zeYv?F_Ke2QE!>=q)$?TRxm~8Nu>W@8wmg1|F{e2(2%zRt4)UmS+t0<60)%}K4B_@{ zn^7mG6dzvw;d^-ldEcN){|OERCbu3=3)?AQf}sCZyR(=$L|B((7G{*i5O{pDTXJkB z4PC=nL&{2n64Tg1im`1BH=g?Sm}0}nJYz{irRnv(h7kKIihp{~l>h}vK~vu_X{*1Y zhfR}ip!8Zl?t3#`#vXjC?DtXw0XBih7~<4xq$VwzlC)LfaEYkKiM&O=hY@O)Ua@K3 z398q774#6_cK)?Bc5zMUWOR(M;_T&n=;0UiO!;+O74jBiRf)8N{?aWw(#I|3LKApd z=TixX<{Z@q?N?R=Je^207R_`M>|%|z4AsJetk$a-*k;wz;;cJMdMDOVzPd{X)r{$R zdYd9=XuhJE7cNPBgn?Z3b(Z%N3EYoFadKB4l|fcrSo8zAF3O!{3+nX;Q6-eUP{EorU0F zoj0U*7HSNE#-V9PkO@LRTLvw`QSFEyAAW=vNxm664(R>`mr5D_{6j+*8_rwI_V;xA zuKpc@U$@^E75A7?`X3%z4T8*sP&H%u;&Uh3C%!m{`kMu)FF;1Nwx@$iEaoHIL)iV@ znY;yE$mrW0|7z+i#9rF+EoB9=s+=6IKuB7!osqJN8+g()bMM1T!nS_Y&C(sWu5H#C zy|YgcAmNsp9<`hN^mB{lw#yn9;0#qdTLo1LWsTrmU*PSd*m5d^!hx;EWbr=#)JFtk z=E|GnC0?g(a%jlF(|ZF3mG(v;BE`gLOI2UbArijfQOjZ*jG^8e(AwO{#i@ge$}{}& z616M8WRE;as8@}OXIj~*TSs@oX>k%1@Wj3Yq6udPKe$lMDJMoA1qT*dK4;g+xwms2 zBkUry4ZPgROuO`79O6;SP01-g_6SecjQVOZMQ3f`8tK8>leL|kC0;ZC%XpAA7uMwr zwTLTzl2XwA^%K0qk+hD3lUS5bCNTU9tbeKqdK#EwH3UH_yVBH!Yj6yAYnDFltOf0Go1w1K(OCe?br2Gw7a(i}xrA0g(PD)Jr z!w1t?G))Z@1J~a8KnpNBpo?Ewk8#_cR&}@Z>A7o%@TdWo}^GfUI7%=2L7k zXW1pCJ1C+?UGm;GFE8et(?V*lE@9lhpG@S~pMMG{0NYlWEW>#_FylcnWdR_XpSrd(7y zoP{@Hx!_ZcmZzZrRp31Y#$6SRRhTT_-e5{rQV0}S^hRv9c)8X zQdTVS)TT9o_qyYQTDxxH#Np<&{m*Ybzi4qufA8wmc{u~*)rDN3dhPdGzI{NN@NxaF zt~_KQ96Ot7PT8+a5L*>dyFX*oZ}zK`>!38JX0geyX?-}miLYVZ^j?HpZr z>cYhxR)e~Em+6-&??4eDWT3Cok!8!c^^K&X+G|8}*5|WBXZU$IE9GRCF7DiV0f)mJ zav*l6E{4-h(r8dNauMisUh%pQJ!#6K8-d7*?eas~bk(djNJ*r7Cy}3vH1&mM>i9oA zEh0g0(n@`K48RPb1|u8Z__Y&WGKb z$tk>&ztiyiXtj{!n3+#nJaDl}<7p>zZCEwPJA{Q)q@BO5T#SJ-v-56jav?pn(bb0+ z=3LoD1T$g38!mwVp5T~9Po%c0ZEmYr5{oMjmLNkYSJy3K92nlftW!C-&bo^k5sYqD zAHxL`L2(8yl`5MQrDB8{T)UkYP1jw{Hm)$kcL*&4Uin=OZ^{8gR$= z`$?mhx0EvJo8tmHb8M{=7&Ajt4jk2{T`XZR%kH>fvuNtIpuVyFH*LRc>Ow)F#|sxC zX}A(GFMjNdIUlJzuOKk$9r7)?? zJ;j6<{(U7!ZDE{{IYe(X5R=<%!(%sXIZ|eOjOAH8TVr|s;V0NnP4-8&7#${ir|pI?hX{@zG7m0%9kn8~f~Wx2=hHCp!o>7x!w^qt@lf4v zx^_(%Z^+k*(qbDbU&EiObgY5~j_7Ono1Nz@!Q@rkkz{Z7#u=6#P)_$XX%?rwriaI) zz8ibAAhy1U9QpYGzic1Zbre8G18Zhm3R@<#fx+8FBX_1(kp|rO!oq?D?k|T1jF-0{ zGx%&W^y>J=Dg9;&U+6$+ySmr1&d@D_47Mug{&XZma#t1N8Yb)YRXo;70gTJYU!Y#q zQpVoNcGCO3R`{O5BW89>-Z+-~;9aHlTpSgJuEbZ!R&XuhQ40l&x1SDPim(Y`afa{D?5&INIJy#97j>De|d#*F-kE!I+ zM~ZjGcGE)GR$+Y7Z~$_$?spF~)t^!~Er}8G;UX$Ud;-e%O>~d+`v^RUOdd3qNDrL( zP_|v)2QR*PxNbc_cwFwN9E5{5|8fR@7K)Um@~_AX9W4yUpJtox-}{Ej<3u1DtT29S zpL~V7tG;-Lx9rl_oxg|^{fRC^EB7S$Y0JW>-B~3Gqs}F&mBKYHecklUB}GJZ`gR;- zBW$xX;zV>zW>7(DA7H;cau^!Uim6+4jc9zYREuZ$iqUWshB}(sOXXT>TvDnY@uf%< z(JGLHOLreM0o&Q_M#}cWQ=t08)p2^EOeWZCWlK`f*bf&1#0%C($xRF~dmq>GtJv0t zv!Qd>nV$B7aFGjyGpXrVsV97)v=oW7ue2K7DgWS(s$Q%Qn)^Qtz2#5sXB*m7Kn5uv zclk1C@LNDc$WMBMIKJcNR+oyXP z9-m{{MHKS7g;t!1lxzdOz7Py_{o%6!+|ME@%Vjyz=37bKBP|jodzC%w@Qa5#1}=Jw z6X~;k9bVY6iMiLW0<_LTkb#(>>U8# zTTD|PXr?!HY+8OD@GJXun}ojB2GyNI)AFN{0d-lUDzymDk^(aX>t3V!0cW(Q1I%*O zr$Z74x+HrgBp>i+J?Zkt%nwYx)RzMdBBN_0SK%P;qM(pSggexGY_WA#xz65tJAcz| zewtLwBrDhH2SPBMoF~$og}FHWVitpvvD-K_D6@rcpOBwIG3a0zL`?snvp@zpGLcd% zi!@_w`<^q*7>-_%bVTzSdSs6*HhdKc`kyhW(YohuOt6O!=cL}6dLR~8%f3il#LbEg zuq@f1IQ{fFfVY0Hp$%M_xZbQzK)3Rz$o0;u@PZ$w<}L!v_=~kdlz54W2jbA>wtMf# zB_6E6dB2EIg(j!W+DEmPdFj+o;qeXS2bf`a%Rw@8i0zI^)pgf$%wtDu@1z`SfIm<- z`R1|4c8F+jC#{Wb@o&5;19-)`z?Y9OY&0Z;{=tTb==jGwC?pgu#sdBI6w7k1{M#!g zr>->R&GjkaKc;NFl}&tl7=uvCu(>;ZKRS<^reEI%ea>aVSS`Jr@kJSH_h<4-C5)#a zLM5BtS6U9vX#C_|z!fMxQXd2jZTfs!x;Cp^6Ty3mJ0MRE#T1lW?tk{icYXD_;6n@Q zqlG!Bv^egi3+R2!hjP;sUIEmVHi~aaRi@jtZ7`9PZd_e?9$<1X*}u?tDP<8EyUEDU z@>0CbQeu1I+Kw9I329O79bN#|Pa$r#h0ONt5-i$OI{Dr@ahyU-HuIeD_BJPs`LNk; zg);0%=S^w)ivC`ec@uA+o5mFiM1w)ZtlaakyP|@ijX}i`ru$a8lwqm86c4t!Y%7pV zj!VXo#PLy@eb zk@6JNF*ojLjtKK#!XqRt*6D3s8M2G1v3!Od+JR(np6rq`;O36S?1l`*1!r_pzMr`x z1~;jnoOZyO+z?rYVU+H_{=)=65* z$Hl)XP$=Y0d!>4olV0bL(3{5flVch@VYQv49M5>ql&_ey$ypCc0ASy-4)*zI=96zhYhPoaT`Z#>?cLpd(}AwFmLz#f%3e$fnDXWN!@or^JLNU$ zdP)w3*1CF|=Ee=X>R4|NA75{8eL|>(dVw%rgX!b7b~FadA&cNpY(%UbKV#H2`@H#i z-#ZhvT-``VFprE{PS+|{{L%kbh1QVOb!v*9zvt;P~bL8d@ z(dSB=4W74qDNR3d6=bEu)1cLHGT+ALj0YFt(w^L9S>>OY_+V?&~(~ zaqxnc)_$V7r<;7Q=XnRg5eRP^Ja(O(9kfwVs;n384uC!e6FP=@NIKtHzt23oV9M;x zx4&U?B!fem*Ct%1)tN0nFG<0+^OF1b0`1%}@AAP>#*ljH?Q?+oBQiboLK*?EfX2F$(radAy2>ONJU!K_}@o2aHiBu{>6FRAC$8ul~&4f!u=`ORV&vjsWcKkglFgqctBlZ!hKW;%9Ov=7Pii$}MVua9 zZH2jtoMT2GZ$`QWJvqo=1=jcjvV|WvU zv)EdK=M6yN>%x`f@N-*>F4VPq^qUD)lSG0zcKoeAv#^67G{@_~2z&3rMje&~kTzB? zwCrdI9^RinG$d0>4aFun`rwHEToe#svV5S{t@X;L&)oJxmYr(m#A9)U%4kR>dwQib z({t(PXcw;U%v{13=4_aQm5o~ke14&wl)ffKpGQ{MO!gx~F*>MH1GgK_rt0>qGwN;) ze~ev262?1hZ=f4n1x*RBWqNM*drG)hF$b}3D`O~3j zRzZtz*8ut1w!n(IyH#LN@|A+3ID{(o6})=q*kMxw_V%Jgd{}TsoQLH=>om#R-lZbs zWl=X(Dks}$n5f_=?_bR)05yzN$3L~!Ly7h{npx+<9j8+9Alo#yQ#MVa5(g~?gb``+ z9m*EtddUmd#1=7IwdytIs%9FfJ{|<*6Y1{O&wJ{=s7NXMSMvcg{rgWHQg{22_2>Gb zEN|-TUX<>f@vMxh&3SyHDFZpW$A^rOihY$wliwEk3>$U{#5n?2>YB@~205O~@vfxw z=ooS8YNIhFQet`<^a*7GSZtSZ6E#jDY}Pw*($-|@LC|oo?p?=H;Wh~7!IrtaX_NNZ z!|w_m(2SCF)jpR7Y)o^fxhi4XzZb`b3w{KBL@}Cb6C)8((9z$R)<`K}AC0{{_)f?B zoRr}}_OZSOY zkY3Kq)=Q#37dIbbji`3wW=Sg$a=z6=Cta3SYS-pK`szR%pLtE;fdC!1&Q;l$x}mSnW4h|W~EP*Qm zF22TdgW}7-HK73Ydr1C<^D8hNEbhAGb6BT5r#UYLEpZE&2-rVt%@YXddgQz?lhyl% za>-2=rDAorxcqNSFm?jea9R-`eyM=&IgUHREJWgd4h01p`aGWjpDu66oXshTEd1Ed zogIQ9o4JbCipE(pE=afzcir^wB0(|-t6a22vuU~pP$V!yo77@{ik;xu8sg8e(aEcB zVVB9W-SkA5Co@&&I9nHopIa|Nj|UA2aC)KaF4vD+e5-&(K^yye%iHQMQBiVTc`N^9 zY!#$)k9c)$H4Tx?)7bTWzNEE;2T+B*$&f$oPBHuCUSj=i)UCdEI zaKy(SXJQ~Y;DBSbnlW+fRBZVDtiVqkZd5JaqyMlv$RSL-s6cY3$u6=x;+dGlBI#GrMqn=a(3f@~ReSTO1HsFS#9#iw0wHO zYd^8v@&nqKMFKVR+v-6-i2cF?Cg+Lh{;^F;La)~yMnO2;8{msNYt^9rBu^o`5E}gK z271`~Vxd`!zuIr-Jq{oJezYiLVR(xzKYbo_!W+E^SF)OHni&_Sv8iQ6uU|K0xZdsj z-uH|^jEzmfN-^76nHD4jHc#Yyt|gvGeyuunsZ6>j!N=Oxw%`0%i0fX*XX9wiInax- zxu6fJ7BFis;o+I%F3YW5x=4_)cRcHZX=KWW^K8}T9ZX#TeqP>9jg-IAnK1{YRf<|ka2*S#H|X(S_Vk0UEaHhAJ|9# zWz00Q(Vs7#T?B=b>UxcxM*}WxT&&aOXNExOaMYw$0aL4zRfa@S1R$j=pA9VKPvw(F z!0SK8?jXz5(_QtW5=MI77~8iW8&d*?`}!8LtmBhyHc2un!we=n|Jh`(;EWchrq1`H z^Nb4{%79@wcT-M4o9+%(>OwEcgCo>yX~8qh>2D=%Q2hljQR>8UNvv!TOjrF0D?DQ-6j5 zHfXpPJvNr%jLnl3){|Cfhz-{d4T-FnUU5`y&6(rv`d$=v%|IV$p07POP03f87?imVb6Mkn8ls5mOOQj?`(A>qB$%)=K zVjZh@k>w*Q=$O&YQ={&5$QKn;Cj+h9lJ_(hemu)|tLz;sJaG`H)p2J%0KC!*I#J0u>&j=K@tWo#RCE79Oxmp%3VGmY} z?Rn|9IQYAR z!yK|qyE^#Ipv@)kmUFmof6WsWP~lSO|J1V zV?!^ErxwiB|B)^y=UByva7do?gHDY32h4~`KR1a&fkV5U32%Zc2YfACzy(z03-W!|AS1L_nM(2{S|qxe zn01PD56{K0~y@-2|*HkwzOsp(iT^E;|uuSL9Z5ER(482gXS2p{H5YfdNkWB zH+XWs1HL_ZQ=R)ct2fuX-`LjL&dGDFJ(D*=4%i>6BV?)~w0(hk)Wl9#q}^4OhDp}F zqi_A}*||p!7J=i!2zlH*sD(H<0027xHSOL@19vb!Hu_w2r!mIoIJE_ukT@I!h&azf zP`9NZQbHcX9)E7}1u3&0tYA`H%e8+9zzNa_A_{J=EgdPFe26*i$G zWKi{|8#E02VUfp$eW&YyK(}a``s;%rG!B53gp0;ErK?oOW9*2T|t3=RlWEn&eTKA!VUD17{$;4a;Bc`n4p* zf(aVeRUK8(MQ_&30%?4P!~Nzs`NM#o6#`ah1-uaYyj{7w$SS=*>(?!X!wzbB4~oO! z=|`*{)wIO9VkD~52oj1re=|p(JOI1Cw?Q3`01XhRRPcwZIPRsXysuZo1Wod2?YU!b zla!qtjbLb;anGhn^uw7-BYTeZ!8Qp3gk8lk2Wte7eY{){ z18A%Fu|d+K6p%L2xh)r14vGW$)}Qgld?_-U-x2nVq`D=&INUYcnT=^hmktX>LQS8# zQ$`Wa=ObIQZ*_Z?mxxNjtl9J%JNN9z8>4MW>MsI@^G6D@@2o8Z$6BA<26+g#CrXKa zTQ95!&3O16`UZf57K1~G-W|9p%`Tu-)&5$*RH`cbn%%)kR{29B_3iK8bJ%_NFA8_9r#g^s z3q4=26Tkc4%}oYm#RVSvXuOkdhK6^=Dgf8BriV&2;PGU}+`SPnI!fU;=iY=G^XAO? z3&^q$25KbaWoyR;LAt8#lUc@+(MF4&2teBb#B9(-g}nu8A!UES@2tQG%?Nn!*lMLB@8g2WO^dpEzz(O8e)13p6=?$>;mitL_1Wb492|)f>|}Yoa ztHaDCjZ_>htnOKvk4ZfZG%5r*e2Qj?-2%=+G0}oyU#w{z%cxRmc0Rqce%*b_rM{=@ zgM7%*EWardI-tFphsF{{gekDXhZm>ROQ8Q?iH1Jw7e4Fvnsd2FB6`V*(y}M0?2F0D z71zAPE{)$O9Xb)4@)b8Ze>v%Bb@#GwI zS&G9~5M?XU8?&i)yXSn`yrFU+8xg7Z8W_RfOYXQs(`R+inzj0w+Uv$FQ(p2>uuYHV zMHAEPs8ZL|5T~4F{c*@yMh?h|7~o6W^JG0^6i*dIf7sEa{iKqW1TWfbtBLn&4T`J- zj&x9g_FH`TY%ixQ-g@gNt6za!<>d#|fel2I;WWxO9zp;3W8BX?0= zNL`KI=)icf31x1>iBMc`{X->&1By1FFQIS$AWIO+bbY8}H@mZNB}8|DoSXWy3tIUx zV<~!3*QA8YG8 z*uL;z;=TVOY6ARNK%xaL8iBh`o<$AZ!bY1)vW(i0DfhXLI!I5i%*7<(WK~II(0NS$T_qUDc#*YoxneYP%|qmE@l|j%MDf zX6+MH2#8yF!u)e|dOXJYNB8T^SkA1}pX#qf3)cZ&TK3Pp>VO45w*#fw-!&lZ1U?iJ zxLEe!&ZU|GUxaePRm-PWQ{;{11xSFCF#1tYDDI}-`4=+0c1t~4Q!LMCf!@v1Jhr2L zKY5&ZQhU6Zsn&aBBP|J8-??(L7}j)oS=pU3FFc(|!_&8#72g8#frXzxK|j^5A;Nq0 zlfUF#90kO=PYYn@uByV>cdSl5xuIAqzhHozJZAM^zW*A4-2lQCql_oxG7M*;Vfhss zqX;HTQ9cX2VFv!iw3j+_0|`m&cV9PHFrbwIuRfa6abjaB_!X8$s%oI^OsI@)znrSp zxeJWiuxNR^F$y?zdeoHOg}z59f1um{8&mF?P^)cB)n%WJFfHi*19D`jkb1OA_GXO| zG3fYzy$0Nz-EIc&3ZdROO&iY+HpKtO+gm`@u`TVQEZp7Q-Q6966M|dN;K2zHWZ~`v zhb#yZ+zIX$T!Xv2OYpmL_RhcedHekL{o{>$-x$dp&0Jk`R(-R2c6D`C^|6Lj&W}E_ z!*-f&aO~BUu>ICz#Oma}cpEY7kby0Ftd0+3x0B%ee+8(wKD%g1z+}ag10#IQC0f9b z8eA|^ry=D$Y8&Crnou`E5-o=l2EMB(^4>eu5uqf3(aRREydLKP5C#zcU8V^5$po)& zZ|I2X&;#rUJLc~G{>;W$R|m52erM2AoM@o&elgc^wUcNm-3=W2i-aaz!Is?v1gqPX zSkf6d8Z)y?p+9j(C~Q~mS44R1H_T)MtW$7&<0t-OwJ+>p{jd+qF-*8Spn9=r%wR4@ z0E8aYf2SN^o7BrrXRf_J2q~whAd&J;*c~f^K{YYQ1d1%$lPZ~bJLF7+OMy-J3@BhE zLbm7C^=g)qUEv}R1!3demUgK?(s}Pi(2PU~IHzI!ufS_V`*uTc)#+e~mgmUEfp2V4 zMNUYnv0F16kvv}AH$4y@|2fc3T4nR&$Gmc>%85^Ew37VT$FsJL%x`C1P0h6=fSUJc zbPe;>`fTQru_Mf8Ogl~zEe!Uk8x#KE$C&yo8y!!|r#I#%V8;tMMs8N3#j5~Qfw*n7 zM-&_s0F^>FuHBS}Il)rtBLV@D4)fpPaXJ?MJS%7DG%saI0QR-LB_>*N)4C#fpv41H z&1C4@?|UtA{}`vTu!L(9Sv~`Hcg=-hQ<5L{!Jad|e`)z0zWfoV?Pe+p zYzZ+#Htxlxjg7&bOZu*VsLPH#|CtC0F^%xwsq~WvZ_U7XW#fZQ&(w)!O3j*nKJXX> zPSO$+d4uN(iY%+*U&MGwa0kbtub#zv&$DH6Uczb3J%{^Z2kYB`93HZ=x4@YO$Y>1? zWLuviX?NdPgF{F$V9$9M*p51ka7{jg!{mKx7J9y#Z)vv(ib`VlY+8<1ORZ#(D2HP( zX!e3JGr5uYNX8aXldRp(eyL~&9Ka8U^ZVw%3-PN^#jm{mzvam}6KY%cc7wA^bmWfv zYtqEBhAx)luJU5-XI3=sKXePQCVV?lf*r~P-`AUfJ>cM=NoIq!6D1wdZ7}bT%|6zP zFTg|;JCc8HkR52uy<&39ef`GXG19myMoyQ_T$d+6+VGCNgtlw+3Co57_agz z@FO5NL>d$JoOSWlp6E^64T-l-~ZgsJnuO&a|_DY!*UxVKs{ECsT)wC4#?Y{u)2sn$T*^QH4PCxRF+R$+H3G|*$1aQjomxzt0C*fJJPjz45(caJ!^V7R+6vy zw=?Iw8g^~^D!T{X!Y>y0IiJE{l6}nRh|>r@OZpUb$s63I%WX7DPJ(&W{>YF!+0BaU)@6d}^fOeVh-)b&DB_nT4fOWGp}^pTVDP=t_icrS&+AV#uSTxE`!<71 zAW`ttXL2IzrtO_8UUPDrE)kN9qks$Vh?_zGRVf0@L3n@%IDRi383jqi&fa4{J33fH zL&YSYeIj~WsQSp`9(==y01lBdsx^SK!NA-8YcvfCYt@pN~!MowcQvD>(;y zN|jC*34kZ1v!qoe#SvuysosNc&k`1zpRjia26*&*TK+5_73>7d~OVMGG9l7m6d(VKJk?bR6h`+g$-?0{X2Wqd%a+8S_Z*9uc zQ+&d4PtjoqTx5crFSXbtY~+s7rA>z)i~{Y0or~nA?h3}pV(iXg*4rRG$$0 zSBob4$)P;0=oY0NS51dUo6o1CgAy?mv4eron&)~&eu=L#Ph)_}=8*)^E~B*OE|2yn zXq43>^J$xxW{OeLIg78stKYl?x%t&TkR=H9T_Sq3LqD4`(2lg+F0tO6-<$|qx#|d+ zrW3cv8EK9L$W|2YqNz9&NCZ%}K`hMG;*eNv)FRI@Hj$xjSb{FWBG{&-*2U=fCilHz zO0iA4vMdF`l?iAaCD(K$^OL*)F(xq|8?VEpFm+nvnvV0NhYV%$fHQ0eW9i7EbypC2 zStHCkA{V+I$BxFXSZ$xfk{|mH*9JXPfF*~O9znrkc1Rwhl--o^E0adEt_tErA9p4B z+d_(Q003V&u_u|r*BF*+p1Yna(%(fnvfwBA5QPBGdm3QbQwR1|m1NzV8O@CIE8_Pa zu`A&4Cvt=vkt6IE!TTBbr%wOE-5l~Cii}I$bNMD-wQQjpm{cT*p~<~9rtg?mjYS18yLtr3 zKgRtYsaIP0dRumu@L+n9#+A_>htSsx^W>uKrhP&(Or^u}BTM6Gc1 zxn*^9tqFcF7_A^k%m0w-oZ^W%WkT}tl=erjqd~e>$wV_f`4gr&A1YoswSpygP}dA) z^pgNl#DSregt4PG8cO8dmwufPCRPq%WV~ z70pK(F!9DnNry|kMQdotLSnzsRbL1&y+8mw?%_Om;&r^8<;}6l=z}YoChXo+CbWH3 zcX_$n;!1ro%AI+EqJ8^4CH|xp8y~FYe`-D-C(mEkgFwnT)c`+ewhI|R4iHG8aE0TA z;t}AC<>*ERfE$!w4eGB3?N@^iXy@q00IYiu2ypy48W#^gj{y5$1Ev7-ZrM^g0@jc~ zbKpVAz=LvBUo*8=3S$CTP$31lK&uMi>m65s=bsm%0Pn90kp?(az9@^l{J>O;y2dcz z3DpG=W5?2jWSkutd6HgBKM6Tf&~Ah(Ks6BauD*Wutd8c~Y3D4C8=v@D^pU3n0+t?S z-ZBvjb>+gcXMJ(ETa_$C42^$!w%!Ph9bBxKEVMVSqK(y_aO)7W+*dtv71cSXj7ar%5kz5{q3nFwql{lb&#K~oxBrT?y;BdilOqDPLVye63yzo&_3D zv^^_0^<%%Oz@R+VYCmf8@+cx>LI1dX#_KgRTh|4YS~YXz9Z7(>UBq7ExtcZN3_*sCp6GYm`>;C%X#xG z6uC1Iy(`ENBZ~vgzQ$pc0H-*2&*F(3%lwQCHt465e2X;0$Zw4jGgDqy@=hq0f9%a$APm@4AzPs-=dl-s)3S#VL!0*>qPjal&lyDDm~AI{`7U;4d=Q%KD)plLIBFv75T7CJ1cmNz0bRM~ zNo_v72D}qFCqZ+9Ysw|}Izad^O}nedzK;D9DTVyB+m#>{^@T)nB*@?1;7U0OVB^NrMZ7W*yyBxP;>ZDO8Lp-58 zIJ_t`nUy$qDv%!+()Y_|MC(3?mYEj+x*gk6=-Xcfp zTx2mDPy4~j{HMIGpr@Ws9sHjk`O-jYkXX_~Kw&eG`sM&pQ|x0@I^xe#&ghn1pVP)! zWfAC8Yw|F=bkdH=>)LPL8Sr1;U^p~9V7za+jKk6Z92s$UO4E5`;Sc6mzS>$nE1WmP zsTL|D5Jh=`APB2TiC==lX5ta}eg75U`TKVBA8x-Xs&%)tKpo{+@I~MHpgk<$M@PLY z#pTEDr~MXhZRM zy+1U3SoYqmodT9q+CQAGHUQoCwl23%NgA*_eHK{wF6O69Ei!~z76;;&&&N)>Gk)-2 zzALP85`*G;1kUVr`h4(e%cY*@e)md4czq3iT%7@_Z;Z8LjY4brU0V}bM1^<#@mc@Z z;7Z zy^E+M-atrneeJsC zUY*nKMHg+yBfOR!AEI8tC}bgWoK$U@r7mGF^f#!2LH6GNEM_xJMz3h|VnA*YYI*}G z_v~4`L8-z=t%Q*dsl+i#_{dlh%k~!2EEtQrT@vVXG-0A)E6rZhkBK*F+7w1+_2`kM z?t&ij9XObb_l^*LpaFsob>--bo~#JPvj1ikfpT#VjuVO~szQW7$i4Ka`;qiFS6y07 zgfEq5A$^US{L__DCN|t$d0y|hU-!*_UJj4G&+m~$sGnxb|Be}{eZc1wEQ`TdB+t?Z z!ype7Su?EAe&Ezi3@8XMkx~%UZyb)NV7bfYY@BV{U~2t-s{~uDTw)R!C!OY_Jd3@{ z?Lzdk|*H%!X%1c_p0K(w0{6dakl%TB+_!X>c+tsPQ&k;-|9W)|yr6gjK0G zkRx8$P4;q*LXh{cL^G0yIodV(hEM%S0Q{Nh4j1iWZKR8AP3n7Jd6SrTV{?*`Uy7Y& z( z#_;;qLRD1}WL7x9dd@xlaCxiTYbyCJ39*dnvwj`-wLG-K8x!|RKEnHgbvtxdUm#I) zd7))v_T0>V(c4=11G&qB8PjBjwv{+YB~Dhcin^Js0#Dvt(!1``l7|%^-5h#FYIQwY zkY|C8G?QOAZqP7Dhv>Gu=^g@8)ii`XT1)S}X zS_i32MXa(RNrYTlT_XADd%xnxYM^N7Jx?lQyB#R}6j6S{Z*-<}Fq@lXo8K3KXG1>B z)#{`9E)luQbaP)D$kG$l4=g+ z$egEz%OTbKZYYiC-L?zSQ;+k_a>t)it{jdsyX5UVJ$tqTLxYJAbuSj@Q5+2NN>gd? zj6CLF`?{^uL7R5_vVO>EGfs)~>W|av_B5G#lcQ$HvKx#v1a~Wj3I4=fO3n!kHj2P+ ztCEA8TL2X6NC+TG5oehq0WoS~0vI59*?*aoY$!N3W#{^bvB=BL{a;UQwnXyiZDSRCE*)9r2Ykp-7vBSx zGbAcQX}&J=Q}iH=zI%C|$!)eYS44#@BGWYTxwaEP+G*eK<=-srHnl1JhRZ%N+xM!Gkm-NoH?O)W>s#rsq|0g|3Yl3gmvg6kj>Zr#C)c!oV9d3U0}+IsRgumJqpv9bZ^8N7c;~Y@k%(U>fn( z+ulysICuWOhlGP8b+Gng#qd`Ax)o@3+Kp{fL&>4&%v%2mLD@C({Soimy2}g$mqewFXK7$d6q0|4 zxky;%vxP`sQR ziB6DM?H025fE87c&>DD3bWV0|uD>3uc{x)s&Q4fBf6!{I|Dr|bgym_6N&(9y4N3?1 zAfoee^YQ*QA161+X%Qb_3(3g?asopv1K`Tj+Q4Y~qjp$$3$55bJX`OCcje-QKkL7dW24n_EzR^U%sHLy@R zASJNS3^<&>9s>TImW%xlS`Y>w9N-UP7VwJvViy}!2^LNVR0JM@35SdQpR}BR&g;Jh zMVL|<35^U=-opn_0J#37N89|xH{8ZAzPUL6N&g!su0L>+h6Eq{F|*y)FG>qAJtG3w zZ@54dhhWtKd4RDsPkIgio7>+g4S}K726cle!L$7nC9XeF0&xA(nLjXQ0sMxEZub{4 z<<2jdxc&(f_n$BUxPRSNe=iXCpFpJ)X|*ANn!#u(fqcOOG2n3j6D{sP(E<+v_RA3b zg%>#__aA^^fdatr1>tc26DscCP;vi;3ViSjDlE`CSXaO_zd`y-r?`LX6!+hBiu(_= zut4HqEWu>|#EJViPTYUt#0&|xG5(kibc7EG0P$iF0LVaI;FT~*p@6Rct#v$q0D=X2 zJO-bI!1EggP%J+I0Qb-HO?dt~|F__}r{ME(c>XCk&u_tbehUsh_=A&gXZQerI-Y+D z&htyCUry}5T+O^GYZovCpmKWx07ARpIX-}kgn)=J`W$*fbn8?XArm%-@lNUEu#v zd*0v1*5B9zZ!=&A9NwP{0>S7)(Gl?eg5#GQ0s=gL+s=5o{$#KV3~DgezlQsF22=bP zF0k9}1;D~WLh|zb!DIVZAp!suK#2F3N%scv?@aRk6GPtrfFamPcmad|Cy%ru1b|3X z6yDz;a`EyDfW*K4TIO^xd?cWAMFKz!&cDX_ckXxv+CM1~05}04hEf6mGKdk3AT{Vl znE+r+%==FSd4D4an!qIlV4?gCHNJmCty%@Flf(pkzft4+`|Au|zTc=Nye9zQgBWZH z0L}<}zn0<`cOVKvLI7@i6S%h!074`t{4c(KojxGM_fOFH{s|i2e*lf|FVK)6!AsW+ zRzWtPLS?uHm2&Y=1ocqDyC(UnrDGj%x?T7&zJ~0FL6svX+SYP9AzdLAVy~8(nzVtF zxit9?b{LPK2hxr&3DsOLPi-(TEte_TFZVav z=#paM@Q0yjC%bKRXH`ghMiP1>bJL@(;l;DSGI+JK5ur+#vG}T8BOp^i+=Z}Y$qGK1 zaUdkK$c za52L5B6S6_I1!Yy?qkJc5}%{HmuIYoRm9_K73I+*Ae2a(-*_^&rznqzAdZ8u2iX!( ziqsXc4gdN3D}=nDC3Ws@g*;Br&yu-6_EBULdu?ijF0x>PGlxd-JR^K)@}I@oHMHKU z5tK)0yt1`9BqYp8*Y3q)DLW=9X`U%P+&?~Ct#l%9^c?zjECj1A)lHRaCe%;&;aK*C z&9^*TXduOns%J%_J^b|!&c5Z&ss$4+P&DA-7FTpoSmtDkK5hrLKfs!JO}63c@Ng>1 z-6h?6nR9K!FlHXW+Uon{$3&ti*x-tiW0N4yT4tpjo#(TqH8Ge!grKJ4+|uUjN3>~S zscsTuS^?g&DbF!5=94NXpD6Tgqvh0 zQ&s%g(7mltaBj@54Ck?j#>d%@+ADCeRSl`0&q|K9#LS2EVH*F<$}0s%;EuSjuS%Z>Y~zfss7wPrGNAyx*<>bE`dA&PK*YOP zhM5^@xXR9!@T*>cwI@UZKP!uBDJ_Bj+U9^OY2#sVvv31a!6l@D9@AA^AS#NKzO{^L zTn0(dogWAERD`(pOGhSlJ$2+{vD&jEdl|CpHTYk6I4WKqQIM;qF)9NPiwJh-(;)N} z`RCC~x+(hj0^xH3fxCe~5H~NBnbp|6zX0-50JvTfWJQjyXHjIRslWn-D4h&_Y+OQ6 ze67^WB83~xu6@^-KoGL<8BM&batcRZ*H&RpiksIks$|lM_oA*y$*=U5r%}%9A@X zqYTRY1q2!wAg$A0RP7c~-!EoIK`qeEdRt`}WR3GS;)*YB>A}BGWP*F2Sc0@btIb!d zTrLd$F9Rr-h(l9_NY_MhMlilMmRw_ow@@o$O1*)dBn2)&aq0n)G3Q2?gNnS1Lv}6r zkRLmV$#FVs9pb0vGFe%b&D0y&8xppobnXhdJ7j`<@1f|GSF@dUaQW;$acwbZU^-gd#Z|oBKc^30Yb$ z-hI%?gOWo1qAL!J4Pxgd$a%VexI#21en!xpOwfASvkTj82+=JpG2Q3D!#tGZl9sQ# zZ@ePct*-j)&!$E^BG4x7Y3;?SQX7F>i^aCJvuF&UDK|t3l=cj}Pf$RPIkOgwC-m>v zpxlP|7)KvvJCv8Ln4NdWn<_-AXBFtwDPsk5&@4gKlKlm^HbA~Ef)vp6R-0*BPIe1J z5YV38N!-HJIE}01NwW@sV<_btf@%ZkVBscAaq7?!&-T?P_IZ zOM*C({*AZ{lkc=n@7~IqV-QO2LooNuDNkzq$8^a8r3B$!h2vNQ6$2d0aDEQf`7;cj z7tx5Db7VnO^EeXZz>+Wcbp%f@}C9Cc@u?$ zfOC>yN+$46@BLl3DKqL5GhBII3qdm?PG^&=I;unQ6^RSBqw2l>VyG{++IkHCgE-&)$WIVOnbHY)zabMHs zrcW5R%`Nsw7q_(NE1#d3N@-#x`M}pxAU3;}(|e26&h#`xMN^UVssJ^CX^|5oZ#X^x zsdeV`3=ItJwC6qv)sC7*Hu4*N9b)6vkH}gWR=mQixY3#{({Ar81B?C@54E z(y8zAsO!fKih z?GSI0EaUU$Y?K*6T1|<}6d!Bq%~5Y*Z4VJ6ssM>>t1L|lCECq*AdfHe*_*CrM8Dmj zx*f^V0t8E{4(mvLN;l15`a#aKwKm#TH{W!`Yo)rrZ*-D^!CG(j6=IH~qgp*$%I?OI z9%7ciepNb|{)9bMufnnIhLuPy7hdLI!j@>A+!duZmfxlmfUP8DB!RR0l|C@5k1MY+Kej3%SEe> zlPV%}XBd4P;o`<)_#Y13wFFMDbH|3WGGCmf0`)4A2Oboq%z@>~Ya=4cFW4{`crG7V zIMYL5q~Zl;#l@`kWa>XPJ)#h&xmb;x(sv{m*cnyV|JWdbH7Ss4(235k?TJ-(C%8;Y zxtuN?F7ybjJ8X{Ty*Wf|RWfmB-A)N9B`Kdsc3%Jr6v8i=F z?Hk>hoz}icvJ2FrDP$-+xA`u!?0}%hOfmE*il^%taP$ak-tQNoMy>@pEbS9TPR%UG zctRCHTAvz)k0Th}TVNVYOi(G2kcj3~h7ryVK}SW7VJ?s!1%ti4^t7?AS%TW$;B~9` zN~=upV)Eq1@K_j4jHG$MjqmC0!+yo+(aXX9hlUf7{~_?lE2eLt#oGO)n?Z$hJ^vs# zS3<#i-TTuxoaN;t)Bwac^!`=22)(a0mLyL0mJF+z3?T@R&C_y3qYxf+huIkmdMT3Y z$P;9DVJ&sNiJ2f|dd9K2ShpZlN{8c=`aYfYM3k0O#wwbgg}Mc7ahq_0-XOr^5j1PK zf8<`3WC#S-J1~{OR~S8$JV+z;N;V=-Fe~OqU}{sgymrvD+Rk)IT4L$L zx+*GX4H}h1-#wma9$)8UlAlN;SHT*)R0_u@X$5~7r|wTb(JQko#I@Dr7<2OU{ci2Z zn5`9ok}))xsjmo1sc-@W5SN5YkOd1d5x4Sq32Gh`Ig07o%C2W|8)eGk=%i>Gs8u)J z8(ZHEaqGEGd=lqOQ%85m`kEm8dP+Lmx={qg<0Ulf5IuwHewT6jwB}OuUYRI80Jqh! z@7nu))9qHDaRE)G;M-H-v*FRWvRW0}#jaPaz>qG@B9G;hXZR@|k#0|c)+USN^zY-1 zZFdhhdxkhLt7ci-CEhFa75X~l!l9mGa80TRc|@`(2Si0_V-Qqy&2ne71-t%Fg5!Z7 zm8!6l2UGdKe@hV7{jAVWVTAm7&q1%xV~TSp;}ZsET2i?D1xB+L3YY&w*jp_usv0@Q zBw(><-kTyUPaRq*5lp@DNSokH+zJ1=C&8Rr#5IX>j~FdRy#0)s>=*Yshe!8%hiCV? z(~)G0d*cDl`AK?x{uGbINr(aVFXD9ex^Fwlm}r&sIW4*y%JOqiUpeM68tCRs5eT;o zY*tx$hz<5R_r_jvM$XT4CL^kGRi0MX=K>k8w6wHp$uR}d5t!xTGvw5i(C{qophEU6 z6GR-%M9cOHF9=UQAqGk@rMVEIf~HGOoR@IS;B0fOIQ8b#%@}@O19uwTT+5Yl2 zl{WS$kzr3^WWr9rD-M*Z(5~-lkriQ+cjuf)N*cJNycZG~ENh&EhJXx~??k%6EOI9S zyk6t)xtjvbwe&j=X8nJlWiRNsL6`w&P*dY0unYq+L{zc`m7^tubeEfu*&*?7J1doa zm3~&4pUP0z5mRB3PUsY<**09v4F0qVxUEIzoh~bP-H#q*um9ju?7SJ6IO3M5dP?Y7 z8S{Y&Tk9)N%jQyuzfiq4Ha5xmZRoArJb^NKjieGuDoCWI2BuYWNSgce3pN){Ru4%9JgT*;9nk75V$m$p)E z+QjPGwG;u<4<=;^UmIc_m#eSX8TJgsE}&+SS4>luS{h8PC*K3t`TE7LowZiP>}y}A zKlXjQ?wr6vRkwXH-p)^%+AQi=_$ZpSK$?LVe=WQbk(_$_zT~95w#7G%-SghB#@CD` z2UUsgVAlsSpbhD2<+8(praC7emCEwv6N1Eb80E%AV+4Mn6^4Nz-f+pM2D2c$FR8nH zBIl7cX@ZYsHSHci)2Z2m8{rm_ONtpgpoc1n+xo^Uw)d9HLT?|BpF&?QZe~i94)?(& zw@`Yx02otLUc(8Y+J$gdtZS12A05wUi(re_28Mf)`n+$%O0GDIB%aj6rQGrO#SZSg z?iv=8){3lO!(%tWU5!1)ftsi3UwrC!WJM3!b5@~ zYIZO!lo^N9$#-VA<@=C%$CnNKf7o71O5r+YntyCJ2_76_L?@w5)Pk`7(G%SoT4-cA zm4E*15~%6sMMkFJTMRkX+Fv4>$YROXkX~>8*5uMHWWT(uMD+Scu2&maRYMMx*j$R5 zSvGA^+t2ZULZk05a_q48+Q)_V$DqWZ46T{Y-{#bGBT%^*huW8|t^u;u_VSl?&}ZRuZ4wmBRy}P@vV$d$)zO8JbFYt#vor@;dZpUs%c7#( zw-0cnKcBX9Mr`l52PuJSi)phl#6C|qymeeUg}7T!!fS~}fht^7q{k5hBp;wgD!T+( zDFY}9f%Ud@q;Xls%+j4Y=b2%FHuAz@7`!^2;&_5AElHtTN}_M!0;-f~Eb<|j?zf%S zML_l*uIAm1osP?&U%|ntYVL6KHdO8E@Yk~W_TMFDv$jvJ;I+HiAB+>ZySbMyY~}D- zz-(L(jdec~!>RuC)KQ0)vdRk>7%_!U_Q2~}0Difz=8)__Z`5d@i-pEA{gT2S)cDqKB(E5)IKutN9r(ecmQU^F&c+Hu<#pnhuc%Fl zMNlGUP;J_MgVU+>syz@d;=bRug5F`gqv&bAIF4H+bluPU*vZ>iy)@KECC4AYhC9MZ z9|;`QKKr?z;!wn@%k`t2>GkHc<usg1|;9ukR{wihSRJpGZ^}O0ctf|-ouBbWPyi_4-T@Dq8aw<&l+|t%IGkb4iAtW0!7rG}k zKe8(bJp`)Cc%GSsG2YfW$Dn|CO}TFvE0t{Dn~6x(0~q0${4q(N1ymh zFAP8nxz^ZC1fhRzn@eH?i9(5$8)3e%3Y|iz{bc%vzE#^cb}KR8l~Y}{BX=@Bs5G~ytiy5^}nj$%f4MF2vtm%k$c8fxB%ehFj^*{Y`MlXd>hA$8)du4h z!3vN$x9Ib50#Nlq&^8AWZigA7Tr2MV#+t{U`@;@YEN8ArB0n7~W(u6zER=E)lYe}$ z&8{CSD~o+I8v9kX)VkN<9gaJKq~C5sFd9J`e)u~4=gWwA`~%&!t|tyR0DtWoaCY(| zgovxw)?jkL2`0__bKEUOqd^wLE}o*-MWqH~>AUH%HD4yLHF7%|IlbdEX zwpZoX)Z4Qbl?q3M6~U`CU(k}EB50W@~dpY*HXd+AtSo-nH*+w*cWA26y@ZyY; zGN!7o5OL5vm7EQuMnt|}S5++sft0>P4pT@NHy!JmiJ`Yv%4m01x%OO7f=>P^{d3wO zs{=Zg5@a)hO4ZOzNDlz%PhP!qc`C2Q!$YC(y7@!I(u{5gsbbLqee{SILWsQ1X=GjF zeAiM@FC4z`$J28>G}k_E6Kz($4GyzyhCb`*%dxS9B89)F+i@16gDRJ+IJZCV<7xcGI1qG4lZbH*97r#OT%mj z(RS>Av_i!(TPAOzms~#ri4@EpxHkQ8E z9n=0r{s$rYpH~_$C#nWf3~9DeP|6M|7ah7EgsYy9i;QK|B`#l6iq2?#y3@4r;IA{A z)0&WP2RRt^Dsoqy!~maKC89eWHkS2d?MvszC%qkQYirHC8q9jE!(J)Y<0WS*e>gft z^1cxJ>8DI#l6Ny&SyIqrgT||V?Zrz&N1O0`!$=qZ0{eQS9f160;3H-u3Ae{gqMRG)`C+tkfuw|yqIg5ab4z`&;VtsfK=KRNp*y5*+J~=!Pod3- zhw@P)>gn|LX4V!IL>i0VC<}QVFAfeRk7zGBM5CTbx2Y77ckuakH>}w8Ld(J??{kON zzSYhV6-Dq)sObR5-478TZvu?{`?O{->0cLZ!vuc_r(E)$J7OBo5HSJQjGs~d?47Sw zG|Ghd!;z&cT>!~;hyNbVWF!;k7`7V7nOavKY1<>U{Q&d146yW!y_e^#L4tJH`Q=_5 zE-6s(%Vzc}zGKw4tvO4BtGjGis8gh$a_pluOSG68U-}|}g+XETbFU;Gnp}s~10AwF zwr-7<+O{uW9>s5qd=|Y;^2bcWKg8C@0-s+qI|;Yezue3j9gKL~NP7|aAD}(^+JE10 zxVRy_oMwz2T5!6l3+!)mdga9tE0AkpDN8y0(ACcD{dorh?|TnFjcoIP`6g~X5qppf zd4kH% z;KUOGLD&~!hx==aTmn%rH|1BwY(?*=sRU2hk)SXOz4X)9+26AqZrM@W=WYV8kVU&h z16}1VXmCx)!Zjg$nQpXRWze%Vt~rKJRX0`XNe$V_06qI4le#)Yr|!?7+_jpw?=AxT zCqzuJ=tedyE8Fe&0#TCsA}~fwtL~V;sj-H**x_cuRu>rvnkpo(?-1+UK(<4$kO>Ia zw|_eyAL3g5DZBVtWvmtS4EyZXH{5jiL8SKmVRvHmt`7+n3aBYEis}-OZ@vm?Kzo;< zqR?kD4b&gTL_wW^e6GbdE(+>;hef4VX7Rq?s%C0lc%e!w_eYGjlQ2BWS!sU5jh!*D+>j~2fJ+=#aFP8bnqtg!6+U}_u8B{ke?^7KsARp##t~ReZsR|He&KkQ2>~X#84XXr&3wtR zIw$BEOCS#3+(DL=Z~r+XnkWXW3ui>uwK9JUMObo{>t0I=6ur z>%iU*(S`$iY?uN|j6JK2@G46Rl)l%rL5!w3Piayv{WxT}I27;kG4RgFPl9M- zMkgV2r4Y)?=rlj>Qw$RaK9D&vCK2WRJ4&=Ij42W5Oe;)8zm!6w@-Nk){5HkiI5|M$ zqKfZ^d$o(DxHTMJ*|`{e#SX67oA)jxk>4*Da!FNJo$VBCKb8h@?kD^l+6YHe-sw*F zTRt2gn)ZxeoA`NEHLNFh#$WwPJjT!k8agzY40_@n$HAZrML_!}&tTt}XCZT0Qr8Up z`8R~(y+TK|Yuo}s`hxBmBAsgn5!O1ufs^1cuR)9^{S7_ro_^- zrLNguewegO`hR3y{`oTu{pZ5v&+(WklcZXHm;BQixwGUT^oK92k3XRvwfaLck&>*A z7@O`f&$9`sbkPt4!7pHFZg@4qWXp}6p&3|DHgU2IQZsyXga0JZw&lWf<_G>xLlg$?~|5ekXKZRr*p7rFRlmXY+lq$Gi`Eh#9M& zDv33LIRi?-8G$B~yfbx<^r%P01PGc)=)bG^$}HNwf;yK+i>qeVmD;N}!NVh8!y|!r zq1N^~QrAL{_lC$$sZH3vTFmvCH}X}ALo}ay+5RxgypvJ=W>~dQ+tq4d8#ktTMP6rs z1y#GiCXVBwm0C=B>{Gc94VUl0#;}*F<=9Zo{z?*#j;LbM4p5Q7DzZ1u1c;Q2`l=Sf z=m&q$H+z^L_JQ9n21Em#d-w6QtT?>RWWHW{h!D@a8VFuc#;0qOdH@*8oj?9)P&GR8 z7Ut?br$F=FNGN%o+qDLK?@`z-?-NYCHB(?C|It$Fwj`ZZxW4guRAXk|&(D z_li~GlTPw2kJT~4qtIiFUYe(*$(uFCI$o?{<48nR{n|7pn;Jim1ke}l%mt;1`TmHo zA~Zpf`HP4IH+|GL19Bd9ZxoKSxWwzec!P54YWjVwQ4>a-N}D;-N@E~1QwaV8f>E%J z^_D6V)EhcnaP8260#B6UaIIHe1(dP6mh>B*Njya1EwZ;4OvyW({Gh41E2JL)B8S-_ zZcj~rs*-{j^KV~6m2Qx7p1Vtka+OfGfojvU)xF=vRrcTd_z2wdZFK;(q`LKdliK83 z$9&a0BE-9G?78Cn>(_xJ?5OiNB@zKem>7{_Qbs+yK4v-JpO^o zKL{-_P$%&!`~z8w{M0~SEerVo`UxNWLq3#T8!$;+z8BJD6wtJp z*GF5(fo48Q+YEIBaL+U zvAbXFhx6LGf7PX#lS?Sq7mW)Pef>=-rt*%jtQtG>N5>@ro!|T?i_KjoFoyZAv}dls7GN(Gp0OcN zFDx|3^!Z(C!ZF3@S3ia{(ogCohlPo6>>Ce&9}WfHmq#cHQB~Cf z6Tkr->H0d5loP#$5pQs6HaWluic`Z2e?y2__A`Ao0{XYH6i+5YzxkZBDAzsSPFSPJI9H|!1!UM_wTA*wc zU3Jd&h5Ri4A=>8F!c*t&ok?i2vLTg*hvOOD%xahV^Km`3S3hmleq{F&>JaREC$_o7 zb(&V`1bXLQb}gY3y$w^4&s0xa9*Ez_?~VB`+FCh7vtiMS@abdG*hm_pGK>}%HgAKu z9t2*wt(GwEw@>mNLp6IPpZoD{#Oj+Tb@|2}cMaXtRaO1mRq9dsgj6#JhF`cjFx^SS z9$aP&lZC6=yj|QAJI}|fp6AzXY|IK`92T%iMSvcYnzQ->HTpfn;DXkGZl)mhfuWmb z?H*BY(bWy#+v@SqTAS?~>LI(27t1d0j|Y<-9r;GfPAAKBd_Hx)r)GhHvBxD9tFOwv z4vUcRfbO0iKQB&MS6&|2P|$$;x3^@z$4XugX|t%^b!ErHwvwQ4tlo0KjOFmmLP$5m z9AM|!&PrG%CR&oLWR%7JTyXf&iCzwQo$Wa|mu8DeRJCYKDn_=j$~FIg6?P?HHEnNS zWejDANRlx`oqgtGN~0lEh72K7g;Xe_unooK%9N>YIb1VWhDfF|&t;yY!IVf6kyPJr z?Nd2xo&WQE=eg%<|Mt7qde^(wdZ)GbI{W?#Y;{3-^{xKSJzttd4SU-rD0f@@)Uk82 zK4fQG?KL~|_;vDurQr+8gE9&)?76zWcv6u6fs|Rvj~tC-Ry7=w5SDWuiV2K9Kee86@6Ri}@9{&_Xa zy0zcL-F-UYNzg{GFEJqtxO@9LHTh{`;OSvn zDEjdC^bfy-HtCgj_DO1fyWsxl(LbgqIF;QPd8k*@?!jIs9<;N&zU`jZ;+J`MM<$k@ z-o9bfeuMV)=EZNUz3gd?MQ7wAmc(>yu!ZmKvaIHd4$%WjYiz_eSOez}Bh{;Jqx4UE z_nq2l%=wwTL(7hyorh1lkEYrR zt2WOK*|TO{>(-4=EbM(e`%B)%(+f5mHm^5z$cE8B9ld%f>b}`08G| z?K5{8X=BfaWHxcS_ROb4yO6kl9o_5^yx>t;S*_GP?^NLs9>vrq+>P^0V z*2T>6-rmPGez>)`|K5uQ2c$)bMPIdan}#J=W?D_#}cua%1qz8+@Vpy9&o zdHw3_tJq=M=MfI!+BR;^oTfFFg>}lyoBMs^Fw^mIeA3?c&q{bx@3@MwZg<|l^Iq_! z^rYv=%wJ`7vdvaz{91UyW?Su&a-(l6C!{^lul>xh?tRlD(NdqMN!b0l9oe(g}X+a&+vf&DH9mktWisI^hy!~x*)TMxJIgf|u7Y6Unf6>?f`_e__ZlBubhPOBoU1aOo(s}i^ z2DWW8{_EGh*(;;!utNz;#SC1brif$Ft!M_&& z_u=`OZ%_a5-nD!^mU4*XYgFQxM{v*Vrtcb!5Pg%v$B{d<8rKCh2t>@dlKJ>hwYDgT<@2`vAXo;&W< z=GG_j+aF!J^lAU_{58#Ozq=1`J@((()Mu}!eYUlA<&!ox>K#(+TtB-T!z~;B6m6fh z;D}|r5gu-H9(sLho6us9I!&~@9*fkD2@>|M)Z&C)W$GIsMXw!53XN>7}=)-NzJ z>|I|Ao5b<^t~Ik>C%L#}(-i~Dki#w3Jo+$WOrvl6Tt_zBG_dB_y#~fp^*-i?92qSkq~l%3tUI^Mys7gZ zkHw~4+opHEH)VKW^z%Ay9q*5`Hp~$DZ!mAEKk|g3ncg+PB1X>^y_JY04Q{JDuj&HCt;Gy(MW^$f$whb?texPfN@np6vOAe>QHz@-~lM zm!+SG?`Q70^3&VApo61cg`Zvdz2}oT<@fiUrOQX|n z%C%OPTo1U7jXGVU-^VMVw>Gy)x_tJ{BHn+A$;qzWXU7a!>D3|bZTaf#mX8A-dA}U} z^h42{=J$<1e!|AnaXpLG!;J$rt~>X-U5hU{UNdfHc+Kz}w|&uv?((8Zj;{H>nUgN% zc=+G8ZiAz+Yn>SS@8*fdACsK^i)`{~{eHbZu99v+r)-07CB~%szU|iDPZHGkPPgR; z>)f0i$)Aw_8WJC$F=}V6TC(P0n?s_@`{s*VjLkb(^2Xf#onx^y*SeJ_&l{U3I34u~tJ7XhJZV$T!4pqX%w4}l&--i3#0WmPZl}$0XN}*OE@?Gq=aUIn z)?{Y&emc2Ue5-zWkKwEpX`|Dg%rR*V?b#l3Ap(hKj*kt25-`wefW6Z{z=e%}x`tU~9?(6Di+wPq@xjx|zztA%~ zp#9KOt_z$!7KBDjU3KM2Pm}o@2kqH#Vv3jbse1?8E37B{9_C+MK3{fi)nVT1?Q&J* zliBA(cGg`rJaSHtVe41SSZ!VL#k$Lrh{uD@Hu}A=kIyl+ad8{{H*Y6&;XUfv^W%*- zL|pCcS}QB%_L>hRA-;K6ZFjH!k(qSrcJhE^e~TV53%fXP{n#jMTe;p}2bP{ybZz^7 z&@%PYs{#o3#J2|G!U@_YfAfi78kZYAb#69$hvz+;*vLK2 zy<={+t~KZK>IR&_gby2TZHVTY&2uhs={HAH~#vPU)?scJ?MO1Qe-Nd~I zRxa^taBtt2)hlgEUd}x1yESnCs(`=7$MVk$pH7*abADLQ0~^Mrm9+KTIlSksp8n@o z+I0C~e(3O^2-k!?T~BTc%ds80-`Xwi`IrH@*83lNHwv3qDoIt&%6aJ*`t!-)ZQ%

    {{ site.title | default: site.github.repo {% endif %} diff --git a/docs/README.md b/docs/README.md index 2d2f14741..4db0c10f3 100644 --- a/docs/README.md +++ b/docs/README.md @@ -19,6 +19,9 @@ Malcolm can also easily be deployed locally on an ordinary consumer workstation - [User interface](quickstart.md#UserInterfaceURLs) * [Components](components.md#Components) * [Supported Protocols](protocols.md#Protocols) +* [Downloading Malcolm](download.md#DownloadMalcolm) + - [Docker images](download.md#DownloadDockerImages) + - [Installer ISOs](download.md#DownloadISOs) * [Development](development.md#Development) - [Building from source](development.md#Build) - [Pre-Packaged installation files](development.md#Packager) diff --git a/docs/download.md b/docs/download.md index 3eb34465a..4fcec515f 100644 --- a/docs/download.md +++ b/docs/download.md @@ -1,47 +1,68 @@ -# Downloads +# Downloading Malcolm -## Malcolm +* [Docker images](#DownloadDockerImages) +* [Installer ISOs](#DownloadISOs) + - [Joining split ISOs](#JoinISOs) + - [Warning](#ISOsWarning) -### Docker images +## Docker images -Malcolm operates as a cluster of Docker containers, isolated sandboxes which each serve a dedicated function of the system. Its Docker images can be pulled from [GitHub](https://github.com/orgs/idaholab/packages?repo_name=Malcolm) or built from source by following the instructions in the [Quick Start](quickstart.md#QuickStart) section of the documentation. +Malcolm operates as a cluster of Docker containers, isolated sandboxes which each serve a dedicated function of the system. These Docker images can be pulled from [GitHub](https://github.com/orgs/idaholab/packages?repo_name=Malcolm) by running `docker compose --profile malcolm pull` from within the Malcolm installation directory, or they can be built from source by following the instructions in the [Quick Start](quickstart.md#QuickStart) section of the documentation. -### Installer ISO +## Installer ISOs Malcolm's Docker-based deployment model makes Malcolm able to run on a variety of platforms. However, in some circumstances (for example, as a long-running appliance as part of a security operations center, or inside of a virtual machine) it may be desirable to install Malcolm as a dedicated standalone installation. -Malcolm can be [packaged](malcolm-iso.md#ISOBuild) into an [installer ISO](malcolm-iso.md#ISO) based on the current [stable release](https://wiki.debian.org/DebianStable) of [Debian](https://www.debian.org/). This [customized Debian installation](https://wiki.debian.org/DebianLive) is preconfigured with the bare minimum software needed to run Malcolm. +Malcolm can be packaged into an [installer ISO](malcolm-iso.md#ISO) based on the current [stable release](https://wiki.debian.org/DebianStable) of [Debian](https://www.debian.org/). This [customized Debian installation](https://wiki.debian.org/DebianLive) is preconfigured with the bare minimum software needed to run Malcolm. -While official downloads of the Malcolm installer ISO are not provided, an **unofficial build** of the ISO installer for the [latest stable release]({{ site.github.repository_url }}/releases/latest) is available for download here. +### Joining split ISOs -| ISO | SHA256 | -|---|---| -| [malcolm-24.03.1.iso](/iso/malcolm-24.03.1.iso) (5.1GiB) | [`xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx`](/iso/malcolm-24.03.1.iso.sha256.txt) | +ISOs can be downloaded from [Malcolm's releases page]({{ site.github.repository_url }}/releases/latest) on GitHub. Due to [limits on individual files](https://docs.github.com/en/repositories/releasing-projects-on-github/about-releases#storage-and-bandwidth-quotas) in GitHub releases, these ISO files have been split into 2GB chunks and can be reassembled with scripts provided for both Bash ([release_cleaver.sh]({{ site.github.repository_url }}/blob/{{ site.github.build_revision }}/scripts/release_cleaver.sh)) and PowerShell ([release_cleaver.ps1]({{ site.github.repository_url }}/blob/{{ site.github.build_revision }}/scripts/release_cleaver.ps1)). -## Hedgehog Linux +For example, having downloaded the following files from the GitHub release page for Malcolm, the script will join the component files and check the resulting ISO's SHA256 sum: -### Installer ISO +```bash +$ ls -l +total 5446119424 +-rw-r--r-- 1 user user 2000000000 Mar 14 20:03 malcolm-24.03.0.iso.01 +-rw-r--r-- 1 user user 2000000000 Mar 14 20:03 malcolm-24.03.0.iso.02 +-rw-r--r-- 1 user user 1446103040 Mar 14 20:03 malcolm-24.03.0.iso.03 +-rw-r--r-- 1 user user 86 Mar 14 20:03 malcolm-24.03.0.iso.sha +-rwxr-xr-x 1 user user 3133 Mar 14 20:02 release_cleaver.sh -[Instructions are provided](hedgehog-iso-build.md#HedgehogISOBuild) to generate the Hedgehog Linux ISO from source. While official downloads of the Hedgehog Linux ISO are not provided, an **unofficial build** of the ISO installer for the latest stable release is available for download here. +$ ./release_cleaver.sh malcolm-24.03.0.iso.* +Joining... +malcolm-24.03.0.iso: OK -| ISO | SHA256 | -|---|---| -| [hedgehog-24.03.1.iso](/iso/hedgehog-24.03.1.iso) (2.5GiB) | [`xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx`](/iso/hedgehog-24.03.1.iso.sha256.txt) | +$ ls -l *.iso +-rw-r--r-- 1 user user 5446103040 Mar 14 20:04 malcolm-24.03.0.iso +``` -### Raspberry Pi 4 Image +Similarly, in Microsoft Windows using PowerShell: -[Instructions are provided](hedgehog-raspi-build.md#HedgehogRaspiBuild) to generate the Hedgehog Linux Raspberry Pi image from source. While official downloads of the Hedgehog Linux image are not provided, an **unofficial build** of the image for the latest stable release is available for download here. This image is compatible with Raspberry Pi 4 models. +```powershell +PS C:\Download> dir -| Image | SHA256 | -|---|---| -| [hedgehog-24.03.1_raspi_4.img.xz](/iso/hedgehog-24.03.1_raspi_4.img.xz) (1.4GiB) | [`xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx`](/iso/hedgehog-24.03.1_raspi_4.img.xz.sha256.txt) | +Mode LastWriteTime Length Name +---- ------------- ------ ---- +-a---- 3/14/2024 2:16 PM 2000000000 malcolm-24.03.0.iso.01 +-a---- 3/14/2024 2:16 PM 2000000000 malcolm-24.03.0.iso.02 +-a---- 3/14/2024 2:16 PM 1446103040 malcolm-24.03.0.iso.03 +-a---- 3/14/2024 2:16 PM 176 malcolm-24.03.0.iso.sha +-a---- 3/14/2024 2:00 PM 6806 release_cleaver.ps1 -## Warning -Please check any files you may have downloaded from the links on this page against the SHA256 sums provided to verify the integrity of the downloads. +PS C:\Download> .\release_cleaver.ps1 .\malcolm-24.03.0.iso.* +Joining... +"malcolm-24.03.0.iso" OK -Read carefully the installation documentation for [Malcolm](malcolm-iso.md#ISOInstallation) and/or [Hedgehog Linux](hedgehog-installation.md#HedgehogInstallation). The ISO media boot on systems that support EFI-mode booting. The installer is designed to require as little user input as possible. For this reason, there are NO user prompts and confirmations about partitioning and reformatting hard disks for use by the operating system. The installer assumes that all non-removable storage media (eg., SSD, HDD, NVMe, etc.) are available for use and ⛔🆘😭💀 ***will partition and format them without warning*** 💀😭🆘⛔. +PS C:\Download> dir *.iso + +Mode LastWriteTime Length Name +---- ------------- ------ ---- +-a---- 3/14/2024 2:17 PM 5446103040 malcolm-24.03.0.iso +``` -## Disclaimer +### Warning -The terms of [Malcolm's license]({{ site.github.repository_url }}/blob/{{ site.github.build_revision }}/LICENSE.txt) and [release notice]({{ site.github.repository_url }}/blob/{{ site.github.build_revision }}/NOTICE.txt) also apply to these unofficial builds of the Malcolm and Hedgehog Linux installer ISOs: neither the organizations funding Malcolm's development, its developers nor the maintainer of this site makes any warranty, express or implied, or assumes any legal liability or responsibility for the accuracy, completeness or usefulness of any data, apparatus or process disclosed therein. +Read carefully the installation documentation for [Malcolm](malcolm-iso.md#ISOInstallation) and/or [Hedgehog Linux](hedgehog-installation.md#HedgehogInstallation). The ISO media boot on systems that support EFI-mode booting. The installer is designed to require as little user input as possible. For this reason, there are NO user prompts and confirmations about partitioning and reformatting hard disks for use by the operating system. The installer assumes that all non-removable storage media (eg., SSD, HDD, NVMe, etc.) are available for use and ⛔🆘😭💀 ***will partition and format them without warning*** 💀😭🆘⛔. diff --git a/docs/kubernetes.md b/docs/kubernetes.md index eb7cae6c9..3856f5966 100644 --- a/docs/kubernetes.md +++ b/docs/kubernetes.md @@ -302,7 +302,7 @@ Malcolm's control scripts require the [official Python 3 client library for Kube # Deployment Example -Here is a basic step-by-step example illustrating how to deploy Malcolm with Kubernetes. For the sake of simplicity, this example uses Vagrant (see [kubernetes/vagrant/Vagrantfile]({{ site.github.repository_url }}/blob/{{ site.github.build_revision }}/kubernetes/vagrant/Vagrantfile)) to create a virtualized Kubernetes cluster with one control plane node and two worker nodes. It assumes users have downloaded and extracted the [release tarball]({{ site.github.repository_url }}/releases) or used `./scripts/malcolm_appliance_packager.sh` to package up the files needed to run Malcolm. +Here is a basic step-by-step example illustrating how to deploy Malcolm with Kubernetes. For the sake of simplicity, this example uses Vagrant (see [kubernetes/vagrant/Vagrantfile]({{ site.github.repository_url }}/blob/{{ site.github.build_revision }}/kubernetes/vagrant/Vagrantfile)) to create a virtualized Kubernetes cluster with one control plane node and two worker nodes. It assumes users have downloaded and extracted the [release tarball]({{ site.github.repository_url }}/releases/latest) or used `./scripts/malcolm_appliance_packager.sh` to package up the files needed to run Malcolm. ``` $ ls -l diff --git a/docs/malcolm-hedgehog-e2e-iso-install.md b/docs/malcolm-hedgehog-e2e-iso-install.md index 71a303031..778cd2f55 100644 --- a/docs/malcolm-hedgehog-e2e-iso-install.md +++ b/docs/malcolm-hedgehog-e2e-iso-install.md @@ -34,11 +34,9 @@ In contrast to using the ISO installer, Malcolm can also be installed "natively" ## Obtaining the Installation ISOs -Malcolm can be [packaged](malcolm-iso.md#ISOBuild) into an [installer ISO](malcolm-iso.md#ISO) based on the current [stable release](https://wiki.debian.org/DebianStable) of [Debian](https://www.debian.org/). This [customized Debian installation](https://wiki.debian.org/DebianLive) is preconfigured with the bare minimum software needed to run Malcolm. +Please see [**Downloading Malcolm**](download.md#DownloadMalcolm) for instructions on how to obtain the Malcolm and Hedgehog Linux installation ISOs. -Similar instructions exist for generating the [installer ISO](hedgehog-iso-build.md#HedgehogISOBuild) for [Hedgehog Linux](hedgehog.md), Malcolm's dedicated network sensor appliance OS. - -While official downloads of the Malcolm installer ISO are not provided, an **unofficial build** of the ISO installer for the [latest stable release]({{ site.github.repository_url }}/releases) is available for [download here]({{ site.external_download_url }}). If downloading the unofficial builds, be sure to verify the integrity of ISO files against the SHA256 sums provided on the download page. +As an alternative to the official release ISOs, instructions are provided for building the [Malcolm insaller ISO](malcolm-iso.md#ISOBuild) and [Hedgehog Linux installer ISO](hedgehog-iso-build.md#HedgehogISOBuild) (Malcolm's dedicated [network sensor appliance OS](hedgehog.md)) from scratch. ## "Burning" the Installation ISOs to USB Flash Drive diff --git a/docs/ubuntu-install-example.md b/docs/ubuntu-install-example.md index 297020787..138a3d499 100644 --- a/docs/ubuntu-install-example.md +++ b/docs/ubuntu-install-example.md @@ -6,9 +6,9 @@ For a more in-depth guide convering installing both Malcolm and a [Hedgehog Linu The commands in this example should be executed as a non-root user. -Use `git` to clone Malcolm into a local working copy, or download and extract the artifacts from the [latest release]({{ site.github.repository_url }}/releases). +Use `git` to clone Malcolm into a local working copy, or download and extract the artifacts from the [latest release]({{ site.github.repository_url }}/releases/latest). -To install Malcolm from the latest Malcolm release, browse to the [Malcolm releases page on GitHub]({{ site.github.repository_url }}/releases) and download at a minimum the files ending in `.py` and the `malcolm_YYYYMMDD_HHNNSS_xxxxxxx.tar.gz` file, then navigate to the downloads directory: +To install Malcolm from the latest Malcolm release, browse to the [Malcolm releases page on GitHub]({{ site.github.repository_url }}/releases/latest) and download at a minimum the files ending in `.py` and the `malcolm_YYYYMMDD_HHNNSS_xxxxxxx.tar.gz` file, then navigate to the downloads directory: ``` user@host:~$ cd Downloads/ user@host:~/Downloads$ ls From f676774cd4d32e8854765c15969413d76167f936 Mon Sep 17 00:00:00 2001 From: Seth Grover Date: Thu, 14 Mar 2024 14:42:13 -0600 Subject: [PATCH 27/79] fix misspelling --- docs/malcolm-hedgehog-e2e-iso-install.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/malcolm-hedgehog-e2e-iso-install.md b/docs/malcolm-hedgehog-e2e-iso-install.md index 778cd2f55..a0cc4814b 100644 --- a/docs/malcolm-hedgehog-e2e-iso-install.md +++ b/docs/malcolm-hedgehog-e2e-iso-install.md @@ -36,7 +36,7 @@ In contrast to using the ISO installer, Malcolm can also be installed "natively" Please see [**Downloading Malcolm**](download.md#DownloadMalcolm) for instructions on how to obtain the Malcolm and Hedgehog Linux installation ISOs. -As an alternative to the official release ISOs, instructions are provided for building the [Malcolm insaller ISO](malcolm-iso.md#ISOBuild) and [Hedgehog Linux installer ISO](hedgehog-iso-build.md#HedgehogISOBuild) (Malcolm's dedicated [network sensor appliance OS](hedgehog.md)) from scratch. +As an alternative to the official release ISOs, instructions are provided for building the [Malcolm installer ISO](malcolm-iso.md#ISOBuild) and [Hedgehog Linux installer ISO](hedgehog-iso-build.md#HedgehogISOBuild) (Malcolm's dedicated [network sensor appliance OS](hedgehog.md)) from scratch. ## "Burning" the Installation ISOs to USB Flash Drive From f318cae2f0e406647e3c9ea5c45a1e4b3d7eea43 Mon Sep 17 00:00:00 2001 From: Seth Grover Date: Thu, 14 Mar 2024 14:45:15 -0600 Subject: [PATCH 28/79] doc update --- docs/download.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/download.md b/docs/download.md index 4fcec515f..34df955fc 100644 --- a/docs/download.md +++ b/docs/download.md @@ -11,6 +11,8 @@ Malcolm operates as a cluster of Docker containers, isolated sandboxes which eac ## Installer ISOs +* [Latest release]({{ site.github.repository_url }}/releases/latest) + Malcolm's Docker-based deployment model makes Malcolm able to run on a variety of platforms. However, in some circumstances (for example, as a long-running appliance as part of a security operations center, or inside of a virtual machine) it may be desirable to install Malcolm as a dedicated standalone installation. Malcolm can be packaged into an [installer ISO](malcolm-iso.md#ISO) based on the current [stable release](https://wiki.debian.org/DebianStable) of [Debian](https://www.debian.org/). This [customized Debian installation](https://wiki.debian.org/DebianLive) is preconfigured with the bare minimum software needed to run Malcolm. From d314c802e614dd1a89284073e5a277a601f8a6b8 Mon Sep 17 00:00:00 2001 From: Seth Grover Date: Thu, 14 Mar 2024 14:56:37 -0600 Subject: [PATCH 29/79] doc update --- docs/download.md | 6 +++--- docs/malcolm-hedgehog-e2e-iso-install.md | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/download.md b/docs/download.md index 34df955fc..91ab776ca 100644 --- a/docs/download.md +++ b/docs/download.md @@ -15,13 +15,13 @@ Malcolm operates as a cluster of Docker containers, isolated sandboxes which eac Malcolm's Docker-based deployment model makes Malcolm able to run on a variety of platforms. However, in some circumstances (for example, as a long-running appliance as part of a security operations center, or inside of a virtual machine) it may be desirable to install Malcolm as a dedicated standalone installation. -Malcolm can be packaged into an [installer ISO](malcolm-iso.md#ISO) based on the current [stable release](https://wiki.debian.org/DebianStable) of [Debian](https://www.debian.org/). This [customized Debian installation](https://wiki.debian.org/DebianLive) is preconfigured with the bare minimum software needed to run Malcolm. +Malcolm is also packaged into an [installer ISO](malcolm-iso.md#ISO) based on the current [stable release](https://wiki.debian.org/DebianStable) of [Debian](https://www.debian.org/). This [customized Debian installation](https://wiki.debian.org/DebianLive) is preconfigured with the bare minimum software needed to run Malcolm. ### Joining split ISOs ISOs can be downloaded from [Malcolm's releases page]({{ site.github.repository_url }}/releases/latest) on GitHub. Due to [limits on individual files](https://docs.github.com/en/repositories/releasing-projects-on-github/about-releases#storage-and-bandwidth-quotas) in GitHub releases, these ISO files have been split into 2GB chunks and can be reassembled with scripts provided for both Bash ([release_cleaver.sh]({{ site.github.repository_url }}/blob/{{ site.github.build_revision }}/scripts/release_cleaver.sh)) and PowerShell ([release_cleaver.ps1]({{ site.github.repository_url }}/blob/{{ site.github.build_revision }}/scripts/release_cleaver.ps1)). -For example, having downloaded the following files from the GitHub release page for Malcolm, the script will join the component files and check the resulting ISO's SHA256 sum: +For example, having downloaded the following files from Malcolm's releases page on GitHub, the script will join the component files and check the resulting ISOs SHA256 sum: ```bash $ ls -l @@ -67,4 +67,4 @@ Mode LastWriteTime Length Name ### Warning -Read carefully the installation documentation for [Malcolm](malcolm-iso.md#ISOInstallation) and/or [Hedgehog Linux](hedgehog-installation.md#HedgehogInstallation). The ISO media boot on systems that support EFI-mode booting. The installer is designed to require as little user input as possible. For this reason, there are NO user prompts and confirmations about partitioning and reformatting hard disks for use by the operating system. The installer assumes that all non-removable storage media (eg., SSD, HDD, NVMe, etc.) are available for use and ⛔🆘😭💀 ***will partition and format them without warning*** 💀😭🆘⛔. +Users should carefully read the installation documentation for [Malcolm](malcolm-iso.md#ISOInstallation) and [Hedgehog Linux](hedgehog-installation.md#HedgehogInstallation). The installer is designed to require as little user input as possible. For this reason, there are NO user prompts and confirmations about partitioning and reformatting hard disks for use by the operating system. The installer assumes that all non-removable storage media (eg., SSD, HDD, NVMe, etc.) are available for use and ⛔🆘😭💀 ***will partition and format them without warning*** 💀😭🆘⛔. diff --git a/docs/malcolm-hedgehog-e2e-iso-install.md b/docs/malcolm-hedgehog-e2e-iso-install.md index a0cc4814b..1c0b2a7a9 100644 --- a/docs/malcolm-hedgehog-e2e-iso-install.md +++ b/docs/malcolm-hedgehog-e2e-iso-install.md @@ -58,7 +58,7 @@ Alternatively, the ISO images could be burned to writable optical media (e.g., D ## Booting the Installation Media -The ISO installers boot on systems that support EFI-mode and legacy (BIOS) booting. The procedure for configuring a system's firmware to allow booting from USB or optical media varies from manufacturer to manufacturer. Manufacturers typically provide a "one-time boot" menu upon a specific keypress (e.g., F12 for Dell, F9 for HP, etc.). If needed, consult the documentation provided by the hardware manufacturer on how to access the boot options menu and boot from the newly-burned USB flash media or DVD±R. +The ISO installers are compatible with systems that support EFI-mode and legacy (BIOS) booting. The procedure for configuring a system's firmware to allow booting from USB or optical media varies from manufacturer to manufacturer. Manufacturers typically provide a "one-time boot" menu upon a specific keypress (e.g., F12 for Dell, F9 for HP, etc.). If needed, consult the documentation provided by the hardware manufacturer on how to access the boot options menu and boot from the newly-burned USB flash media or DVD±R. ![EFI Boot Manager](./images/screenshots/iso_install_boot_menu_efi.png) From a7d6dfe5764c004075d0ceebbecf65f004b498b4 Mon Sep 17 00:00:00 2001 From: Seth Grover Date: Thu, 14 Mar 2024 15:48:30 -0600 Subject: [PATCH 30/79] move a bunch of environment variables from logstash.env to netbox-common.env as it makes more sense for them to be there (beginning idaholab/Malcolm#436) --- Dockerfiles/logstash.Dockerfile | 12 ----- Dockerfiles/netbox.Dockerfile | 2 - config/logstash.env.example | 7 --- config/netbox-common.env.example | 18 +++++-- docs/asset-interaction-analysis.md | 8 +-- docs/malcolm-config.md | 6 +-- logstash/pipelines/enrichment/21_netbox.conf | 39 ++++++++------ logstash/ruby/netbox_enrich.rb | 19 +++++-- netbox/scripts/netbox_init.py | 26 --------- netbox/supervisord.conf | 1 - scripts/install.py | 55 ++++++++++---------- 11 files changed, 86 insertions(+), 107 deletions(-) diff --git a/Dockerfiles/logstash.Dockerfile b/Dockerfiles/logstash.Dockerfile index 9e49f9deb..62c972366 100644 --- a/Dockerfiles/logstash.Dockerfile +++ b/Dockerfiles/logstash.Dockerfile @@ -28,24 +28,12 @@ ARG LOGSTASH_PARSE_PIPELINE_ADDRESSES=zeek-parse,suricata-parse,beats-parse ARG LOGSTASH_OPENSEARCH_PIPELINE_ADDRESS_INTERNAL=internal-os ARG LOGSTASH_OPENSEARCH_PIPELINE_ADDRESS_EXTERNAL=external-os ARG LOGSTASH_OPENSEARCH_OUTPUT_PIPELINE_ADDRESSES=internal-os,external-os -ARG LOGSTASH_NETBOX_ENRICHMENT=false -ARG LOGSTASH_NETBOX_ENRICHMENT_VERBOSE=false -ARG LOGSTASH_NETBOX_ENRICHMENT_LOOKUP_SERVICE=true -ARG LOGSTASH_NETBOX_AUTO_POPULATE=false -ARG LOGSTASH_NETBOX_CACHE_SIZE=1000 -ARG LOGSTASH_NETBOX_CACHE_TTL=30 ENV LOGSTASH_ENRICHMENT_PIPELINE $LOGSTASH_ENRICHMENT_PIPELINE ENV LOGSTASH_PARSE_PIPELINE_ADDRESSES $LOGSTASH_PARSE_PIPELINE_ADDRESSES ENV LOGSTASH_OPENSEARCH_PIPELINE_ADDRESS_INTERNAL $LOGSTASH_OPENSEARCH_PIPELINE_ADDRESS_INTERNAL ENV LOGSTASH_OPENSEARCH_PIPELINE_ADDRESS_EXTERNAL $LOGSTASH_OPENSEARCH_PIPELINE_ADDRESS_EXTERNAL ENV LOGSTASH_OPENSEARCH_OUTPUT_PIPELINE_ADDRESSES $LOGSTASH_OPENSEARCH_OUTPUT_PIPELINE_ADDRESSES -ENV LOGSTASH_NETBOX_ENRICHMENT $LOGSTASH_NETBOX_ENRICHMENT -ENV LOGSTASH_NETBOX_ENRICHMENT_VERBOSE $LOGSTASH_NETBOX_ENRICHMENT_VERBOSE -ENV LOGSTASH_NETBOX_ENRICHMENT_LOOKUP_SERVICE $LOGSTASH_NETBOX_ENRICHMENT_LOOKUP_SERVICE -ENV LOGSTASH_NETBOX_AUTO_POPULATE $LOGSTASH_NETBOX_AUTO_POPULATE -ENV LOGSTASH_NETBOX_CACHE_SIZE $LOGSTASH_NETBOX_CACHE_SIZE -ENV LOGSTASH_NETBOX_CACHE_TTL $LOGSTASH_NETBOX_CACHE_TTL USER root diff --git a/Dockerfiles/netbox.Dockerfile b/Dockerfiles/netbox.Dockerfile index e3cce9258..80eae5253 100644 --- a/Dockerfiles/netbox.Dockerfile +++ b/Dockerfiles/netbox.Dockerfile @@ -43,7 +43,6 @@ ARG NETBOX_DEVICETYPE_LIBRARY_IMPORT_PATH="/opt/netbox-devicetype-library-import ARG NETBOX_DEFAULT_SITE=Malcolm ARG NETBOX_CRON=true ARG NETBOX_PRELOAD_PATH="/opt/netbox-preload" -ARG NETBOX_PRELOAD_PREFIXES=false ENV NETBOX_PATH /opt/netbox ENV BASE_PATH netbox @@ -51,7 +50,6 @@ ENV NETBOX_DEVICETYPE_LIBRARY_IMPORT_PATH $NETBOX_DEVICETYPE_LIBRARY_IMPORT_PATH ENV NETBOX_DEFAULT_SITE $NETBOX_DEFAULT_SITE ENV NETBOX_CRON $NETBOX_CRON ENV NETBOX_PRELOAD_PATH $NETBOX_PRELOAD_PATH -ENV NETBOX_PRELOAD_PREFIXES $NETBOX_PRELOAD_PREFIXES ADD netbox/patch/* /tmp/netbox-patches/ diff --git a/config/logstash.env.example b/config/logstash.env.example index f734bf17e..afc5acd4b 100644 --- a/config/logstash.env.example +++ b/config/logstash.env.example @@ -9,15 +9,8 @@ LOGSTASH_OUI_LOOKUP=true LOGSTASH_SEVERITY_SCORING=true # Whether or not Logstash will perform a reverse DNS lookup for external IP addresses LOGSTASH_REVERSE_DNS=false -# Whether or not Logstash will enrich network traffic metadata via NetBox API calls -LOGSTASH_NETBOX_ENRICHMENT=false # Which types of logs will be enriched via NetBox (comma-separated list of provider.dataset, or the string all to enrich all logs) LOGSTASH_NETBOX_ENRICHMENT_DATASETS=suricata.alert,zeek.conn,zeek.known_hosts,zeek.known_services,zeek.notice,zeek.signatures,zeek.software,zeek.weird -# Whether or not unobserved network entities in Logstash data will be used to populate NetBox -LOGSTASH_NETBOX_AUTO_POPULATE=false -# Caching parameters for NetBox's LogStash lookups -LOGSTASH_NETBOX_CACHE_SIZE=1000 -LOGSTASH_NETBOX_CACHE_TTL=30 # Zeek log types that will be ignored (dropped) by LogStash LOGSTASH_ZEEK_IGNORED_LOGS=analyzer,broker,capture_loss,cluster,config,loaded_scripts,packet_filter,png,print,prof,reporter,stats,stderr,stdout # Logstash memory allowance and other Java options diff --git a/config/netbox-common.env.example b/config/netbox-common.env.example index 772a9cc17..6398af2de 100644 --- a/config/netbox-common.env.example +++ b/config/netbox-common.env.example @@ -1,13 +1,21 @@ # Parameters related to NetBox (and supporting tools). Note that other more specific parameters # can also be configured in the env_file files for netbox* services -# The name of the default "site" to be created upon NetBox initialization, and to be queried -# for enrichment (see LOGSTASH_NETBOX_ENRICHMENT) +# Whether or not Logstash will enrich network traffic metadata via NetBox API calls +NETBOX_ENRICHMENT=false +# The name of the default "site" to be created upon NetBox initialization, and to be queried for enrichment NETBOX_DEFAULT_SITE=Malcolm -# Whether or not to create catch-all IP Prefixes for private IP space -NETBOX_PRELOAD_PREFIXES=false -# Customize manufacturer matching/creation with LOGSTASH_NETBOX_AUTO_POPULATE (see logstash.env) +# Whether or not unobserved network entities in Logstash data will be used to populate NetBox +NETBOX_AUTO_POPULATE=false +# Whether or not unobserved network subnets in Logstash data will be created automatically in NetBox +NETBOX_AUTOCREATE_PREFIX=false +# Whether or not services (i.e., destination IP/port) will be looked up during NetBox enrichment +NETBOX_ENRICHMENT_LOOKUP_SERVICE=true +# Customize manufacturer matching/creation with NETBOX_AUTO_POPULATE NETBOX_DEFAULT_AUTOCREATE_MANUFACTURER=true NETBOX_DEFAULT_FUZZY_THRESHOLD=0.95 +# Caching parameters for NetBox's LogStash lookups +NETBOX_CACHE_SIZE=1000 +NETBOX_CACHE_TTL=30 # Whether to disable Malcolm's NetBox instance ('true') or not ('false') NETBOX_DISABLED=true NETBOX_POSTGRES_DISABLED=true diff --git a/docs/asset-interaction-analysis.md b/docs/asset-interaction-analysis.md index ab8e798d1..6f7b451f0 100644 --- a/docs/asset-interaction-analysis.md +++ b/docs/asset-interaction-analysis.md @@ -19,7 +19,7 @@ Please see the [NetBox page on GitHub](https://github.com/netbox-community/netbo ## Enriching network traffic metadata via NetBox lookups -As Zeek logs and Suricata alerts are parsed and enriched (if the `LOGSTASH_NETBOX_ENRICHMENT` [environment variable in `./config/logstash.env`](malcolm-config.md#MalcolmConfigEnvVars) is set to `true`), the NetBox API will be queried for the associated hosts' information. If found, the information retrieved by NetBox will be used to enrich these logs through the creation of the following new fields. See [the NetBox API](https://demo.netbox.dev/api/docs/) documentation and [the NetBox documentation](https://demo.netbox.dev/static/docs/introduction/) for more information. +As Zeek logs and Suricata alerts are parsed and enriched (if the `NETBOX_ENRICHMENT` [environment variable in `./config/netbox-common.env`](malcolm-config.md#MalcolmConfigEnvVars) is set to `true`), the NetBox API will be queried for the associated hosts' information. If found, the information retrieved by NetBox will be used to enrich these logs through the creation of the following new fields. See [the NetBox API](https://demo.netbox.dev/api/docs/) documentation and [the NetBox documentation](https://demo.netbox.dev/static/docs/introduction/) for more information. * `destination.…` - `destination.device.cluster` (`/virtualization/clusters/`) (for [Virtual Machine](https://demo.netbox.dev/static/docs/coe-functionality/virtualization/) device types) @@ -31,13 +31,13 @@ As Zeek logs and Suricata alerts are parsed and enriched (if the `LOGSTASH_NETBO - [`destination.device.service`](https://demo.netbox.dev/static/docs/core-functionality/services/#service-templates) (`/ipam/services/`) - `destination.device.site` (`/dcim/sites/`) - `destination.device.url` (`/dcim/devices/`) - - `destination.device.details` (full JSON object, [only with `LOGSTASH_NETBOX_ENRICHMENT_VERBOSE: 'true'`](malcolm-config.md#MalcolmConfigEnvVars)) + - `destination.device.details` (full JSON object, [only with `NETBOX_ENRICHMENT_VERBOSE: 'true'`](malcolm-config.md#MalcolmConfigEnvVars)) - `destination.segment.id` (`/ipam/prefixes/{id}`) - `destination.segment.name` (`/ipam/prefixes/{description}`) - `destination.segment.site` (`/dcim/sites/`) - `destination.segment.tenant` (`/tenancy/tenants/`) - `destination.segment.url` (`/ipam/prefixes/`) - - `destination.segment.details` (full JSON object, [only with `LOGSTASH_NETBOX_ENRICHMENT_VERBOSE: 'true'`](malcolm-config.md#MalcolmConfigEnvVars)) + - `destination.segment.details` (full JSON object, [only with `NETBOX_ENRICHMENT_VERBOSE: 'true'`](malcolm-config.md#MalcolmConfigEnvVars)) * `source.…` same as `destination.…` * collected as `related` fields (the [same approach](https://www.elastic.co/guide/en/ecs/current/ecs-related.html) used in ECS) - `related.device_type` @@ -94,7 +94,7 @@ The following elements of the NetBox data model are used by Malcolm for Asset In ## Populate NetBox inventory via passively-gathered network traffic metadata -If the `LOGSTASH_NETBOX_AUTO_POPULATE` [environment variable in `./config/logstash.env`](malcolm-config.md#MalcolmConfigEnvVars) is set to `true`, [uninventoried](#NetBoxCompare) devices with private IP addresses (as defined in [RFC 1918](https://datatracker.ietf.org/doc/html/rfc1918) and [RFC 4193](https://datatracker.ietf.org/doc/html/rfc4193)) observed in known network segments will be automatically created in the NetBox inventory based on the information available. This value is set to `true` by answering **Y** to "Should Malcolm automatically populate NetBox inventory based on observed network traffic?" during [configuration](malcolm-config.md#ConfigAndTuning). +If the `NETBOX_AUTO_POPULATE` [environment variable in `./config/netbox-common.env`](malcolm-config.md#MalcolmConfigEnvVars) is set to `true`, [uninventoried](#NetBoxCompare) devices with private IP addresses (as defined in [RFC 1918](https://datatracker.ietf.org/doc/html/rfc1918) and [RFC 4193](https://datatracker.ietf.org/doc/html/rfc4193)) observed in known network segments will be automatically created in the NetBox inventory based on the information available. This value is set to `true` by answering **Y** to "Should Malcolm automatically populate NetBox inventory based on observed network traffic?" during [configuration](malcolm-config.md#ConfigAndTuning). However, careful consideration should be made before enabling this feature: the purpose of an asset management system is to document the intended state of a network: with Malcolm configured to populate NetBox with the live network state, a network misconfiguration fault could result in an **incorrect documented configuration**. diff --git a/docs/malcolm-config.md b/docs/malcolm-config.md index 7922affa7..c1b30a5f1 100644 --- a/docs/malcolm-config.md +++ b/docs/malcolm-config.md @@ -36,8 +36,6 @@ Although the configuration script automates many of the following configuration - `LOGSTASH_OUI_LOOKUP` – if set to `true`, Logstash will map MAC addresses to vendors for all source and destination MAC addresses when analyzing Zeek logs (default `true`) - `LOGSTASH_REVERSE_DNS` – if set to `true`, Logstash will perform a reverse DNS lookup for all external source and destination IP address values when analyzing Zeek logs (default `false`) - `LOGSTASH_SEVERITY_SCORING` - if set to `true`, Logstash will perform [severity scoring](severity.md#Severity) when analyzing Zeek logs (default `true`) - - `LOGSTASH_NETBOX_ENRICHMENT` - if set to `true`, Logstash will [enrich network traffic metadata](asset-interaction-analysis.md#NetBoxEnrichment) via NetBox API calls - - `LOGSTASH_NETBOX_AUTO_POPULATE` - if set to `true`, Logstash will [populate the NetBox inventory](asset-interaction-analysis.md#NetBoxPopPassive) based on observed network traffic - `LS_JAVA_OPTS` - part of LogStash's [JVM settings](https://www.elastic.co/guide/en/logstash/current/jvm-settings.html), the `-Xmx` and `-Xms` values set the size of LogStash's Java heap (we recommend somewhere between `1500m` and `4g`) * `pipeline.workers`, `pipeline.batch.size` and `pipeline.batch.delay` - these settings are used to tune the performance and resource utilization of the the `logstash` container; see [Tuning and Profiling Logstash Performance](https://www.elastic.co/guide/en/logstash/current/tuning-logstash.html), [`logstash.yml`](https://www.elastic.co/guide/en/logstash/current/logstash-settings-file.html) and [Multiple Pipelines](https://www.elastic.co/guide/en/logstash/current/multiple-pipelines.html) * **`lookup-common.env`** - settings for enrichment lookups, including those used for [customizing event severity scoring](severity.md#SeverityConfig) @@ -48,8 +46,10 @@ Although the configuration script automates many of the following configuration - `TOTAL_MEGABYTES_SEVERITY_THRESHOLD` - when [severity scoring](severity.md#Severity) is enabled, this variable indicates the size threshold (in megabytes) for assigning severity to large connections or file transfers (default `1000`) * **`netbox-common.env`**, `netbox.env`, `netbox-secret.env`, `netbox-postgres.env`, `netbox-redis-cache.env` and `netbox-redis.env` - settings related to [NetBox](https://netbox.dev/) and [Asset Interaction Analysis](asset-interaction-analysis.md#AssetInteractionAnalysis) - `NETBOX_DISABLED` - if set to `true`, Malcolm will **not** start and manage a [NetBox](asset-interaction-analysis.md#AssetInteractionAnalysis) instance (default `true`) + - `NETBOX_ENRICHMENT` - if set to `true`, Logstash will [enrich network traffic metadata](asset-interaction-analysis.md#NetBoxEnrichment) via NetBox API calls - `NETBOX_DEFAULT_SITE` - specifies the default NetBox [site name](https://demo.netbox.dev/static/docs/core-functionality/sites-and-racks/) for use when [enriching network traffic metadata via NetBox lookups](asset-interaction-analysis.md#NetBoxEnrichment) (default `Malcolm`) - - `NETBOX_PRELOAD_PREFIXES` - if set to `true`, Malcolm's NetBox initialization will automatically create "catch-all" prefixes for private IP address space (i.e., one each for `10.0.0.0/8`, `172.16.0.0/12`, and `192.168.0.0/16`, respectively) for use when [enriching network traffic metadata via NetBox lookups](asset-interaction-analysis.md#NetBoxEnrichment) + - `NETBOX_AUTO_POPULATE` - if set to `true`, Logstash will [populate the NetBox inventory](asset-interaction-analysis.md#NetBoxPopPassive) based on observed network traffic + - `NETBOX_AUTOCREATE_PREFIX` - if set to `true`, Logstash will automatically create private subnet prefixes in the [NetBox inventory](asset-interaction-analysis.md#NetBoxPopPassive) based on observed network traffic - `NETBOX_DEFAULT_AUTOCREATE_MANUFACTURER` - if set to `true`, new manufacturer entries will be created in the NetBox database when [matching device manufacturers to OUIs](asset-interaction-analysis.md#NetBoxPopPassiveOUIMatch) (default `true`) - `NETBOX_DEFAULT_FUZZY_THRESHOLD` - fuzzy-matching threshold for [matching device manufacturers to OUIs](asset-interaction-analysis.md#NetBoxPopPassiveOUIMatch) (default `0.95`) * **`nginx.env`** - settings specific to Malcolm's nginx reverse proxy diff --git a/logstash/pipelines/enrichment/21_netbox.conf b/logstash/pipelines/enrichment/21_netbox.conf index 88937f796..edfaaaaad 100644 --- a/logstash/pipelines/enrichment/21_netbox.conf +++ b/logstash/pipelines/enrichment/21_netbox.conf @@ -8,8 +8,7 @@ filter { # - source.mac -> source.device # - destination.mac -> destination.device # Which log types get enriched is based on the LOGSTASH_NETBOX_ENRICHMENT_DATASETS env. variable - # The LOGSTASH_NETBOX_ENRICHMENT env. variable is checked inside netbox_enrich.rb - # and will short-circuit unles this feature is enabled. + # Other environment variables' names are passed in via ..._env parameters to netbox_enrich.rb ruby { id => "ruby_determine_netbox_suitability" @@ -35,30 +34,33 @@ filter { id => "ruby_netbox_enrich_source_ip_segment" path => "/usr/share/logstash/malcolm-ruby/netbox_enrich.rb" script_params => { + "enabled_env" => "NETBOX_ENRICHMENT" + "verbose_env" => "NETBOX_ENRICHMENT_VERBOSE" "source" => "[source][ip]" "target" => "[source][segment]" "lookup_type" => "ip_prefix" "lookup_site_env" => "NETBOX_DEFAULT_SITE" - "verbose_env" => "LOGSTASH_NETBOX_ENRICHMENT_VERBOSE" "netbox_token_env" => "SUPERUSER_API_TOKEN" - "cache_size_env" => "LOGSTASH_NETBOX_CACHE_SIZE" - "cache_ttl_env" => "LOGSTASH_NETBOX_CACHE_TTL" + "cache_size_env" => "NETBOX_CACHE_SIZE" + "cache_ttl_env" => "NETBOX_CACHE_TTL" } } ruby { id => "ruby_netbox_enrich_source_ip_device" path => "/usr/share/logstash/malcolm-ruby/netbox_enrich.rb" script_params => { + "enabled_env" => "NETBOX_ENRICHMENT" + "verbose_env" => "NETBOX_ENRICHMENT_VERBOSE" "source" => "[source][ip]" "target" => "[source][device]" "lookup_type" => "ip_device" "lookup_site_env" => "NETBOX_DEFAULT_SITE" "lookup_service" => "false" - "verbose_env" => "LOGSTASH_NETBOX_ENRICHMENT_VERBOSE" "netbox_token_env" => "SUPERUSER_API_TOKEN" - "cache_size_env" => "LOGSTASH_NETBOX_CACHE_SIZE" - "cache_ttl_env" => "LOGSTASH_NETBOX_CACHE_TTL" - "autopopulate_env" => "LOGSTASH_NETBOX_AUTO_POPULATE" + "cache_size_env" => "NETBOX_CACHE_SIZE" + "cache_ttl_env" => "NETBOX_CACHE_TTL" + "autopopulate_env" => "NETBOX_AUTO_POPULATE" + "auto_prefix_env" => "NETBOX_AUTOCREATE_PREFIX" "default_manuf_env" => "NETBOX_DEFAULT_MANUFACTURER" "default_dtype_env" => "NETBOX_DEFAULT_DEVICE_TYPE" "default_role_env" => "NETBOX_DEFAULT_ROLE" @@ -75,31 +77,34 @@ filter { id => "ruby_netbox_enrich_destination_ip_segment" path => "/usr/share/logstash/malcolm-ruby/netbox_enrich.rb" script_params => { + "enabled_env" => "NETBOX_ENRICHMENT" + "verbose_env" => "NETBOX_ENRICHMENT_VERBOSE" "source" => "[destination][ip]" "target" => "[destination][segment]" "lookup_type" => "ip_prefix" "lookup_site_env" => "NETBOX_DEFAULT_SITE" - "verbose_env" => "LOGSTASH_NETBOX_ENRICHMENT_VERBOSE" "netbox_token_env" => "SUPERUSER_API_TOKEN" - "cache_size_env" => "LOGSTASH_NETBOX_CACHE_SIZE" - "cache_ttl_env" => "LOGSTASH_NETBOX_CACHE_TTL" + "cache_size_env" => "NETBOX_CACHE_SIZE" + "cache_ttl_env" => "NETBOX_CACHE_TTL" } } ruby { id => "ruby_netbox_enrich_destination_ip_device" path => "/usr/share/logstash/malcolm-ruby/netbox_enrich.rb" script_params => { + "enabled_env" => "NETBOX_ENRICHMENT" + "verbose_env" => "NETBOX_ENRICHMENT_VERBOSE" "source" => "[destination][ip]" "target" => "[destination][device]" "lookup_type" => "ip_device" "lookup_site_env" => "NETBOX_DEFAULT_SITE" - "lookup_service_env" => "LOGSTASH_NETBOX_ENRICHMENT_LOOKUP_SERVICE" + "lookup_service_env" => "NETBOX_ENRICHMENT_LOOKUP_SERVICE" "lookup_service_port_source" => "[destination][port]" - "verbose_env" => "LOGSTASH_NETBOX_ENRICHMENT_VERBOSE" "netbox_token_env" => "SUPERUSER_API_TOKEN" - "cache_size_env" => "LOGSTASH_NETBOX_CACHE_SIZE" - "cache_ttl_env" => "LOGSTASH_NETBOX_CACHE_TTL" - "autopopulate_env" => "LOGSTASH_NETBOX_AUTO_POPULATE" + "cache_size_env" => "NETBOX_CACHE_SIZE" + "cache_ttl_env" => "NETBOX_CACHE_TTL" + "autopopulate_env" => "NETBOX_AUTO_POPULATE" + "auto_prefix_env" => "NETBOX_AUTOCREATE_PREFIX" "default_manuf_env" => "NETBOX_DEFAULT_MANUFACTURER" "default_dtype_env" => "NETBOX_DEFAULT_DEVICE_TYPE" "default_role_env" => "NETBOX_DEFAULT_ROLE" diff --git a/logstash/ruby/netbox_enrich.rb b/logstash/ruby/netbox_enrich.rb index 77cd68480..8177c65b4 100644 --- a/logstash/ruby/netbox_enrich.rb +++ b/logstash/ruby/netbox_enrich.rb @@ -12,9 +12,14 @@ def register(params) require 'psych' require 'stringex_lite' - # global enable/disable for this plugin based on environment variable(s) - @netbox_enabled = (not [1, true, '1', 'true', 't', 'on', 'enabled'].include?(ENV["NETBOX_DISABLED"].to_s.downcase)) && - [1, true, '1', 'true', 't', 'on', 'enabled'].include?(ENV["LOGSTASH_NETBOX_ENRICHMENT"].to_s.downcase) + # enable/disable based on script parameters and global environment variable + _enabled_str = params["enabled"] + _enabled_env = params["enabled_env"] + if _enabled_str.nil? && !_enabled_env.nil? + _enabled_str = ENV[_enabled_env] + end + @netbox_enabled = [1, true, '1', 'true', 't', 'on', 'enabled'].include?(_enabled_str.to_s.downcase) && + (not [1, true, '1', 'true', 't', 'on', 'enabled'].include?(ENV["NETBOX_DISABLED"].to_s.downcase)) # source field containing lookup value @source = params["source"] @@ -196,6 +201,14 @@ def register(params) end @autopopulate_create_manuf = [1, true, '1', 'true', 't', 'on', 'enabled'].include?(_autopopulate_create_manuf_str.to_s.downcase) + # if the prefix is not found, should we create one? + _autopopulate_create_prefix_str = params["auto_prefix"] + _autopopulate_create_prefix_env = params["auto_prefix_env"] + if _autopopulate_create_prefix_str.nil? && !_autopopulate_create_prefix_env.nil? + _autopopulate_create_prefix_str = ENV[_autopopulate_create_prefix_env] + end + @autopopulate_create_prefix = [1, true, '1', 'true', 't', 'on', 'enabled'].include?(_autopopulate_create_prefix_str.to_s.downcase) + # case-insensitive hash of OUIs (https://standards-oui.ieee.org/) to Manufacturers (https://demo.netbox.dev/static/docs/core-functionality/device-types/) @manuf_hash = LruRedux::TTL::ThreadSafeCache.new(params.fetch("manuf_cache_size", 2048), @cache_ttl) diff --git a/netbox/scripts/netbox_init.py b/netbox/scripts/netbox_init.py index 7684c8b58..8eb33b67f 100755 --- a/netbox/scripts/netbox_init.py +++ b/netbox/scripts/netbox_init.py @@ -245,16 +245,6 @@ def main(): required=False, help="Directory containing netbox-initializers files to preload", ) - parser.add_argument( - '--preload-prefixes', - dest='preloadPrefixes', - type=malcolm_utils.str2bool, - metavar="true|false", - nargs='?', - const=True, - default=malcolm_utils.str2bool(os.getenv('NETBOX_PRELOAD_PREFIXES', default='False')), - help="Preload IPAM IP Prefixes for private IP space", - ) parser.add_argument( '--preload-backup', dest='preloadBackupFile', @@ -847,22 +837,6 @@ def main(): # make a local copy of the YMLs to preload with tempfile.TemporaryDirectory() as tmpPreloadDir: copy_tree(args.preloadDir, tmpPreloadDir) - - # only preload catch-all IP Prefixes if explicitly specified and they don't already exist - if args.preloadPrefixes: - defaultSiteName = next(iter([x for x in args.netboxSites]), None) - for loadType in ('vrfs', 'prefixes'): - defaultFileName = os.path.join(tmpPreloadDir, f'{loadType}_defaults.yml') - loadFileName = os.path.join(tmpPreloadDir, f'{loadType}.yml') - if os.path.isfile(defaultFileName) and (not os.path.isfile(loadFileName)): - try: - with open(defaultFileName, 'r') as infile: - with open(loadFileName, 'w') as outfile: - for line in infile: - outfile.write(line.replace("NETBOX_DEFAULT_SITE", defaultSiteName)) - except Exception: - pass - retcode, output = malcolm_utils.run_process( [ netboxVenvPy, diff --git a/netbox/supervisord.conf b/netbox/supervisord.conf index 2811b23d9..f83ca0647 100644 --- a/netbox/supervisord.conf +++ b/netbox/supervisord.conf @@ -40,7 +40,6 @@ command=/opt/netbox/venv/bin/python /usr/local/bin/netbox_init.py --net-map /usr/local/share/net-map.json --library "%(ENV_NETBOX_DEVICETYPE_LIBRARY_IMPORT_PATH)s" --preload "%(ENV_NETBOX_PRELOAD_PATH)s" - --preload-prefixes %(ENV_NETBOX_PRELOAD_PREFIXES)s --postgres-host "%(ENV_DB_HOST)s" --postgres-db "%(ENV_DB_NAME)s" --postgres-user "%(ENV_DB_USER)s" diff --git a/scripts/install.py b/scripts/install.py index c7e2ddad6..6b80dc0f0 100755 --- a/scripts/install.py +++ b/scripts/install.py @@ -1350,17 +1350,17 @@ def tweak_malcolm_runtime(self, malcolm_install_path): 'Should Malcolm enrich network traffic using NetBox?', default=args.netboxLogstashEnrich, ) - netboxLogstashAutoPopulate = ( + netboxAutoPopulate = ( netboxEnabled and InstallerYesOrNo( 'Should Malcolm automatically populate NetBox inventory based on observed network traffic?', - default=args.netboxLogstashAutoPopulate, + default=args.netboxAutoPopulate, ) and ( args.acceptDefaultsNonInteractive or InstallerYesOrNo( "Autopopulating NetBox's inventory is not recommended. Are you sure?", - default=args.netboxLogstashAutoPopulate, + default=args.netboxAutoPopulate, ) ) ) @@ -1374,9 +1374,9 @@ def tweak_malcolm_runtime(self, malcolm_install_path): ) if len(netboxSiteName) == 0: netboxSiteName = 'Malcolm' - netboxPreloadPrefixes = netboxEnabled and InstallerYesOrNo( - 'Should Malcolm create "catch-all" prefixes for private IP address space?', - default=args.netboxPreloadPrefixes, + netboxLogstashAutoSubnets = netboxLogstashEnrich and InstallerYesOrNo( + 'Should Malcolm automatically create missing NetBox subnet prefixes based on observed network traffic?', + default=args.netboxLogstashAutoSubnets, ) # input packet capture parameters @@ -1676,18 +1676,6 @@ def tweak_malcolm_runtime(self, malcolm_install_path): 'LOGSTASH_OUI_LOOKUP', TrueOrFalseNoQuote(autoOui), ), - # enrich network traffic metadata via NetBox API calls - EnvValue( - os.path.join(args.configDir, 'logstash.env'), - 'LOGSTASH_NETBOX_ENRICHMENT', - TrueOrFalseNoQuote(netboxLogstashEnrich), - ), - # populate the NetBox inventory based on observed network traffic - EnvValue( - os.path.join(args.configDir, 'logstash.env'), - 'LOGSTASH_NETBOX_AUTO_POPULATE', - TrueOrFalseNoQuote(netboxLogstashAutoPopulate), - ), # logstash pipeline workers EnvValue( os.path.join(args.configDir, 'logstash.env'), @@ -1700,6 +1688,24 @@ def tweak_malcolm_runtime(self, malcolm_install_path): 'FREQ_LOOKUP', TrueOrFalseNoQuote(autoFreq), ), + # enrich network traffic metadata via NetBox API calls + EnvValue( + os.path.join(args.configDir, 'netbox-common.env'), + 'NETBOX_ENRICHMENT', + TrueOrFalseNoQuote(netboxLogstashEnrich), + ), + # create missing NetBox subnet prefixes based on observed network traffic + EnvValue( + os.path.join(args.configDir, 'netbox-common.env'), + 'NETBOX_AUTOCREATE_PREFIX', + TrueOrFalseNoQuote(netboxLogstashAutoSubnets), + ), + # populate the NetBox inventory based on observed network traffic + EnvValue( + os.path.join(args.configDir, 'netbox-common.env'), + 'NETBOX_AUTO_POPULATE', + TrueOrFalseNoQuote(netboxAutoPopulate), + ), # NetBox default site name EnvValue( os.path.join(args.configDir, 'netbox-common.env'), @@ -1712,11 +1718,6 @@ def tweak_malcolm_runtime(self, malcolm_install_path): 'NETBOX_DISABLED', TrueOrFalseNoQuote(not netboxEnabled), ), - EnvValue( - os.path.join(args.configDir, 'netbox-common.env'), - 'NETBOX_PRELOAD_PREFIXES', - TrueOrFalseNoQuote(netboxPreloadPrefixes), - ), # enable/disable netbox (postgres) EnvValue( os.path.join(args.configDir, 'netbox-common.env'), @@ -3955,7 +3956,7 @@ def main(): ) netboxArgGroup.add_argument( '--netbox-autopopulate', - dest='netboxLogstashAutoPopulate', + dest='netboxAutoPopulate', type=str2bool, metavar="true|false", nargs='?', @@ -3964,14 +3965,14 @@ def main(): help="Automatically populate NetBox inventory based on observed network traffic", ) netboxArgGroup.add_argument( - '--netbox-preload-prefixes', - dest='netboxPreloadPrefixes', + '--netbox-auto-prefixes', + dest='netboxLogstashAutoSubnets', type=str2bool, metavar="true|false", nargs='?', const=True, default=False, - help="Preload NetBox IPAM IP Prefixes for private IP space", + help="Automatically create missing NetBox subnet prefixes based on observed network traffic", ) netboxArgGroup.add_argument( '--netbox-site-name', From ec9efd2505c1bb880a3fe5c37e933882cda7efa0 Mon Sep 17 00:00:00 2001 From: Seth Grover Date: Thu, 14 Mar 2024 15:51:17 -0600 Subject: [PATCH 31/79] removing preloading catch-all prefixes (idaholab/Malcolm#436) --- netbox/preload/prefixes_defaults.yml | 9 --------- 1 file changed, 9 deletions(-) delete mode 100644 netbox/preload/prefixes_defaults.yml diff --git a/netbox/preload/prefixes_defaults.yml b/netbox/preload/prefixes_defaults.yml deleted file mode 100644 index f95ce589d..000000000 --- a/netbox/preload/prefixes_defaults.yml +++ /dev/null @@ -1,9 +0,0 @@ -- prefix: 10.0.0.0/8 - description: 10.0.0.0/8 - site: NETBOX_DEFAULT_SITE -- prefix: 172.16.0.0/12 - description: 172.16.0.0/12 - site: NETBOX_DEFAULT_SITE -- prefix: 192.168.0.0/16 - description: 192.168.0.0/16 - site: NETBOX_DEFAULT_SITE From 217cdb110454ac5dd37276d2ba4307e17e4c5e02 Mon Sep 17 00:00:00 2001 From: Seth Grover Date: Thu, 14 Mar 2024 16:32:37 -0600 Subject: [PATCH 32/79] work in progress for subnet discovery (idaholab/Malcolm#436) --- logstash/pipelines/enrichment/21_netbox.conf | 4 +-- logstash/ruby/netbox_enrich.rb | 26 +++++++++++++++++++- 2 files changed, 27 insertions(+), 3 deletions(-) diff --git a/logstash/pipelines/enrichment/21_netbox.conf b/logstash/pipelines/enrichment/21_netbox.conf index edfaaaaad..8026510cb 100644 --- a/logstash/pipelines/enrichment/21_netbox.conf +++ b/logstash/pipelines/enrichment/21_netbox.conf @@ -38,6 +38,7 @@ filter { "verbose_env" => "NETBOX_ENRICHMENT_VERBOSE" "source" => "[source][ip]" "target" => "[source][segment]" + "auto_prefix_env" => "NETBOX_AUTOCREATE_PREFIX" "lookup_type" => "ip_prefix" "lookup_site_env" => "NETBOX_DEFAULT_SITE" "netbox_token_env" => "SUPERUSER_API_TOKEN" @@ -60,7 +61,6 @@ filter { "cache_size_env" => "NETBOX_CACHE_SIZE" "cache_ttl_env" => "NETBOX_CACHE_TTL" "autopopulate_env" => "NETBOX_AUTO_POPULATE" - "auto_prefix_env" => "NETBOX_AUTOCREATE_PREFIX" "default_manuf_env" => "NETBOX_DEFAULT_MANUFACTURER" "default_dtype_env" => "NETBOX_DEFAULT_DEVICE_TYPE" "default_role_env" => "NETBOX_DEFAULT_ROLE" @@ -81,6 +81,7 @@ filter { "verbose_env" => "NETBOX_ENRICHMENT_VERBOSE" "source" => "[destination][ip]" "target" => "[destination][segment]" + "auto_prefix_env" => "NETBOX_AUTOCREATE_PREFIX" "lookup_type" => "ip_prefix" "lookup_site_env" => "NETBOX_DEFAULT_SITE" "netbox_token_env" => "SUPERUSER_API_TOKEN" @@ -104,7 +105,6 @@ filter { "cache_size_env" => "NETBOX_CACHE_SIZE" "cache_ttl_env" => "NETBOX_CACHE_TTL" "autopopulate_env" => "NETBOX_AUTO_POPULATE" - "auto_prefix_env" => "NETBOX_AUTOCREATE_PREFIX" "default_manuf_env" => "NETBOX_DEFAULT_MANUFACTURER" "default_dtype_env" => "NETBOX_DEFAULT_DEVICE_TYPE" "default_role_env" => "NETBOX_DEFAULT_ROLE" diff --git a/logstash/ruby/netbox_enrich.rb b/logstash/ruby/netbox_enrich.rb index 8177c65b4..eafe38fb9 100644 --- a/logstash/ruby/netbox_enrich.rb +++ b/logstash/ruby/netbox_enrich.rb @@ -239,7 +239,14 @@ def register(params) /\boo\b/, /\bsa\b/, /\bsr[ol]s?\b/, - /\btech(nolog(y|ie|iya)s?)?\b/ ] + /\btech(nolog(y|ie|iya)s?)?\b/ ].freeze + + @private_ip_subnets = [ + IPAddr.new('10.0.0.0/8'), + IPAddr.new('172.16.0.0/12'), + IPAddr.new('192.168.0.0/16'), + ].freeze + end def filter(event) @@ -270,6 +277,7 @@ def filter(event) _autopopulate_oui = event.get("#{@source_oui}") _autopopulate_fuzzy_threshold = @autopopulate_fuzzy_threshold _autopopulate_create_manuf = @autopopulate_create_manuf && !_autopopulate_oui.nil? && !_autopopulate_oui.empty? + _autopopulate_create_prefix = @autopopulate_create_prefix _result = @cache_hash.getset(_lookup_type){ LruRedux::TTL::ThreadSafeCache.new(_cache_size, _cache_ttl) @@ -724,6 +732,22 @@ def filter(event) # give up aka do nothing _exception_error = true end + if _prefixes.empty? && !_key_ip&.ipv6? && _key_ip&.private? && _autopopulate_create_prefix + # we didn't find a prefix containing this private-space IPv4 address and auto-create prefixes is turned on + # TODO: ipv6? + _private_ip_subnet = @private_ip_subnets.find { |subnet| subnet.include?(_key_ip) } + if !_private_ip_subnet.nil? + _new_subnet_ip = _key_ip.mask([_private_ip_subnet.prefix() + 8, 24].min) + _new_subnet_name = _new_subnet_ip + if !_new_subnet_name.to_s.include?('/') + _new_subnet_name += '/' + newip.prefix().to_s + end + _prefix_data = { :prefix => _new_subnet_name, + :description => _new_subnet_name, + # TODO :site => "", + :status => "active" } + end + end _prefixes = collect_values(crush(_prefixes)) _lookup_result = _prefixes unless (_lookup_type != :ip_prefix) end # _lookup_type == :ip_prefix From 2ab40012a9b868ebd5b985a20aeb2572fa08a4b7 Mon Sep 17 00:00:00 2001 From: Seth Grover Date: Fri, 15 Mar 2024 06:57:56 -0600 Subject: [PATCH 33/79] Bump Zeek to v6.2.0 --- Dockerfiles/zeek.Dockerfile | 2 +- hedgehog-raspi/sensor_install.sh | 2 +- shared/bin/zeek-deb-download.sh | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Dockerfiles/zeek.Dockerfile b/Dockerfiles/zeek.Dockerfile index cdef784bc..88765e104 100644 --- a/Dockerfiles/zeek.Dockerfile +++ b/Dockerfiles/zeek.Dockerfile @@ -38,7 +38,7 @@ ENV SUPERCRONIC_SHA1SUM "cd48d45c4b10f3f0bfdd3a57d054cd05ac96812b" ENV SUPERCRONIC_CRONTAB "/etc/crontab" # for download and install -ARG ZEEK_VERSION=6.1.1-0 +ARG ZEEK_VERSION=6.2.0-0 ENV ZEEK_VERSION $ZEEK_VERSION # put Zeek and Spicy in PATH diff --git a/hedgehog-raspi/sensor_install.sh b/hedgehog-raspi/sensor_install.sh index 5e607bdbf..9b0e269eb 100644 --- a/hedgehog-raspi/sensor_install.sh +++ b/hedgehog-raspi/sensor_install.sh @@ -211,7 +211,7 @@ build_zeek_src() { export PYTHONUNBUFFERED=1 zeek_url=https://github.com/zeek/zeek.git - zeek_version=6.1.0 + zeek_version=6.2.0 zeek_release=1 zeek_dir=/opt/zeek # Zeek's build eats a ton of resources; prevent OOM from the killing build process diff --git a/shared/bin/zeek-deb-download.sh b/shared/bin/zeek-deb-download.sh index d8dc01859..ec86388ea 100755 --- a/shared/bin/zeek-deb-download.sh +++ b/shared/bin/zeek-deb-download.sh @@ -6,7 +6,7 @@ unset VERBOSE command -v dpkg >/dev/null 2>&1 && ARCH="$(dpkg --print-architecture)" || ARCH=amd64 DISTRO=Debian_12 OUTPUT_DIR=/tmp -ZEEK_VERSION=6.1.1-0 +ZEEK_VERSION=6.2.0-0 while getopts a:d:o:vz: opts; do case ${opts} in From df86b97fa69a734749a805d02076f267e8a5cd61 Mon Sep 17 00:00:00 2001 From: Seth Grover Date: Fri, 15 Mar 2024 07:07:06 -0600 Subject: [PATCH 34/79] parsing updates for zeek 6.2.0 --- logstash/pipelines/zeek/11_zeek_parse.conf | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/logstash/pipelines/zeek/11_zeek_parse.conf b/logstash/pipelines/zeek/11_zeek_parse.conf index c539aca21..58e7e7095 100644 --- a/logstash/pipelines/zeek/11_zeek_parse.conf +++ b/logstash/pipelines/zeek/11_zeek_parse.conf @@ -1909,9 +1909,12 @@ filter { mutate { id => "mutate_rename_zeek_json_ldap_fields" rename => { "[zeek_cols][arguments]" => "[zeek_cols][argument]" } + rename => { "[zeek_cols][opcode]" => "[zeek_cols][operation]" } rename => { "[zeek_cols][opcodes]" => "[zeek_cols][operation]" } + rename => { "[zeek_cols][result]" => "[zeek_cols][result_code]" } rename => { "[zeek_cols][results]" => "[zeek_cols][result_code]" } rename => { "[zeek_cols][diagnostic_message]" => "[zeek_cols][result_message]" } + rename => { "[zeek_cols][diagnostic_messages]" => "[zeek_cols][result_message]" } } } else { @@ -1958,12 +1961,13 @@ filter { if ("_jsonparsesuccess" in [tags]) { mutate { id => "mutate_rename_zeek_json_ldap_search_fields" + rename => { "[zeek_cols][base_objects]" => "[zeek_cols][base_object]" } rename => { "[zeek_cols][deref_aliases]" => "[zeek_cols][deref]" } rename => { "[zeek_cols][derefs]" => "[zeek_cols][deref]" } - rename => { "[zeek_cols][base_objects]" => "[zeek_cols][base_object]" } - rename => { "[zeek_cols][results]" => "[zeek_cols][result_code]" } - rename => { "[zeek_cols][result]" => "[zeek_cols][result_code]" } rename => { "[zeek_cols][diagnostic_message]" => "[zeek_cols][result_message]" } + rename => { "[zeek_cols][result]" => "[zeek_cols][result_code]" } + rename => { "[zeek_cols][results]" => "[zeek_cols][result_code]" } + rename => { "[zeek_cols][scopes]" => "[zeek_cols][scope]" } } } else { From e2a84307eaab96716ab1d9b0fdc529d23c5cbab4 Mon Sep 17 00:00:00 2001 From: Seth Grover Date: Fri, 15 Mar 2024 08:16:44 -0600 Subject: [PATCH 35/79] netbox_enrich.rb work in progress for subnet discovery (idaholab/Malcolm#436) --- config/netbox-common.env.example | 2 +- docs/malcolm-config.md | 2 +- logstash/pipelines/enrichment/21_netbox.conf | 4 +- logstash/ruby/netbox_enrich.rb | 115 +++++++++++-------- scripts/install.py | 2 +- 5 files changed, 74 insertions(+), 51 deletions(-) diff --git a/config/netbox-common.env.example b/config/netbox-common.env.example index 6398af2de..4134f8490 100644 --- a/config/netbox-common.env.example +++ b/config/netbox-common.env.example @@ -7,7 +7,7 @@ NETBOX_DEFAULT_SITE=Malcolm # Whether or not unobserved network entities in Logstash data will be used to populate NetBox NETBOX_AUTO_POPULATE=false # Whether or not unobserved network subnets in Logstash data will be created automatically in NetBox -NETBOX_AUTOCREATE_PREFIX=false +NETBOX_AUTO_CREATE_PREFIX=false # Whether or not services (i.e., destination IP/port) will be looked up during NetBox enrichment NETBOX_ENRICHMENT_LOOKUP_SERVICE=true # Customize manufacturer matching/creation with NETBOX_AUTO_POPULATE diff --git a/docs/malcolm-config.md b/docs/malcolm-config.md index c1b30a5f1..22ad45283 100644 --- a/docs/malcolm-config.md +++ b/docs/malcolm-config.md @@ -49,7 +49,7 @@ Although the configuration script automates many of the following configuration - `NETBOX_ENRICHMENT` - if set to `true`, Logstash will [enrich network traffic metadata](asset-interaction-analysis.md#NetBoxEnrichment) via NetBox API calls - `NETBOX_DEFAULT_SITE` - specifies the default NetBox [site name](https://demo.netbox.dev/static/docs/core-functionality/sites-and-racks/) for use when [enriching network traffic metadata via NetBox lookups](asset-interaction-analysis.md#NetBoxEnrichment) (default `Malcolm`) - `NETBOX_AUTO_POPULATE` - if set to `true`, Logstash will [populate the NetBox inventory](asset-interaction-analysis.md#NetBoxPopPassive) based on observed network traffic - - `NETBOX_AUTOCREATE_PREFIX` - if set to `true`, Logstash will automatically create private subnet prefixes in the [NetBox inventory](asset-interaction-analysis.md#NetBoxPopPassive) based on observed network traffic + - `NETBOX_AUTO_CREATE_PREFIX` - if set to `true`, Logstash will automatically create private subnet prefixes in the [NetBox inventory](asset-interaction-analysis.md#NetBoxPopPassive) based on observed network traffic - `NETBOX_DEFAULT_AUTOCREATE_MANUFACTURER` - if set to `true`, new manufacturer entries will be created in the NetBox database when [matching device manufacturers to OUIs](asset-interaction-analysis.md#NetBoxPopPassiveOUIMatch) (default `true`) - `NETBOX_DEFAULT_FUZZY_THRESHOLD` - fuzzy-matching threshold for [matching device manufacturers to OUIs](asset-interaction-analysis.md#NetBoxPopPassiveOUIMatch) (default `0.95`) * **`nginx.env`** - settings specific to Malcolm's nginx reverse proxy diff --git a/logstash/pipelines/enrichment/21_netbox.conf b/logstash/pipelines/enrichment/21_netbox.conf index 8026510cb..38bca294c 100644 --- a/logstash/pipelines/enrichment/21_netbox.conf +++ b/logstash/pipelines/enrichment/21_netbox.conf @@ -38,7 +38,7 @@ filter { "verbose_env" => "NETBOX_ENRICHMENT_VERBOSE" "source" => "[source][ip]" "target" => "[source][segment]" - "auto_prefix_env" => "NETBOX_AUTOCREATE_PREFIX" + "auto_prefix_env" => "NETBOX_AUTO_CREATE_PREFIX" "lookup_type" => "ip_prefix" "lookup_site_env" => "NETBOX_DEFAULT_SITE" "netbox_token_env" => "SUPERUSER_API_TOKEN" @@ -81,7 +81,7 @@ filter { "verbose_env" => "NETBOX_ENRICHMENT_VERBOSE" "source" => "[destination][ip]" "target" => "[destination][segment]" - "auto_prefix_env" => "NETBOX_AUTOCREATE_PREFIX" + "auto_prefix_env" => "NETBOX_AUTO_CREATE_PREFIX" "lookup_type" => "ip_prefix" "lookup_site_env" => "NETBOX_DEFAULT_SITE" "netbox_token_env" => "SUPERUSER_API_TOKEN" diff --git a/logstash/ruby/netbox_enrich.rb b/logstash/ruby/netbox_enrich.rb index eafe38fb9..c0c473430 100644 --- a/logstash/ruby/netbox_enrich.rb +++ b/logstash/ruby/netbox_enrich.rb @@ -478,42 +478,7 @@ def filter(event) # puts('2. %{key}: %{found}' % { key: _autopopulate_oui, found: JSON.generate(_autopopulate_manuf) }) # make sure the site and role exists - - _autopopulate_site = @site_hash.getset(_autopopulate_default_site) { - begin - _site = nil - - # look it up first - _query = { :offset => 0, - :limit => 1, - :name => _autopopulate_default_site } - if (_sites_response = _nb.get('dcim/sites/', _query).body) && - _sites_response.is_a?(Hash) && - (_tmp_sites = _sites_response.fetch(:results, [])) && - (_tmp_sites.length() > 0) - then - _site = _tmp_sites.first - end - - if _site.nil? - # the device site is not found, create it - _site_data = { :name => _autopopulate_default_site, - :slug => _autopopulate_default_site.to_url, - :status => "active" } - if (_site_create_response = _nb.post('dcim/sites/', _site_data.to_json, _nb_headers).body) && - _site_create_response.is_a?(Hash) && - _site_create_response.has_key?(:id) - then - _site = _site_create_response - end - end - - rescue Faraday::Error - # give up aka do nothing - _exception_error = true - end - _site - } + _autopopulate_site = lookup_autopopulate_site(_autopopulate_default_site, _nb, _nb_headers) _autopopulate_role = @role_hash.getset(_autopopulate_default_role) { begin @@ -732,22 +697,43 @@ def filter(event) # give up aka do nothing _exception_error = true end + + # TODO: ipv6? if _prefixes.empty? && !_key_ip&.ipv6? && _key_ip&.private? && _autopopulate_create_prefix - # we didn't find a prefix containing this private-space IPv4 address and auto-create prefixes is turned on - # TODO: ipv6? + # we didn't find a prefix containing this private-space IPv4 address and auto-create is true _private_ip_subnet = @private_ip_subnets.find { |subnet| subnet.include?(_key_ip) } if !_private_ip_subnet.nil? - _new_subnet_ip = _key_ip.mask([_private_ip_subnet.prefix() + 8, 24].min) - _new_subnet_name = _new_subnet_ip - if !_new_subnet_name.to_s.include?('/') - _new_subnet_name += '/' + newip.prefix().to_s + _new_prefix_ip = _key_ip.mask([_private_ip_subnet.prefix() + 8, 24].min) + _new_prefix_name = _new_prefix_ip.to_s + if !_new_prefix_name.to_s.include?('/') + _new_prefix_name += '/' + _new_prefix_ip.prefix().to_s end - _prefix_data = { :prefix => _new_subnet_name, - :description => _new_subnet_name, - # TODO :site => "", + _autopopulate_site = lookup_autopopulate_site(_autopopulate_default_site, _nb, _nb_headers) + _prefix_data = { :prefix => _new_prefix_name, + :description => _new_prefix_name, + :site => _autopopulate_site&.fetch(:id, nil), :status => "active" } + begin + _new_prefix_create_response = _nb.post('ipam/prefixes/', _prefix_data.to_json, _nb_headers).body + if _new_prefix_create_response && + _new_prefix_create_response.is_a?(Hash) && + _new_prefix_create_response.has_key?(:id) + then + _prefixes << { :name => _new_prefix_name, + :id => _new_prefix_create_response.fetch(:id, nil), + :site => ((_site = _new_prefix_create_response.fetch(:site, nil)) && _site&.has_key?(:name)) ? _site[:name] : _site&.fetch(:display, nil), + :tenant => ((_tenant = _new_prefix_create_response.fetch(:tenant, nil)) && _tenant&.has_key?(:name)) ? _tenant[:name] : _tenant&.fetch(:display, nil), + :url => _new_prefix_create_response.fetch(:url, _new_prefix_create_response.fetch(:url, nil)), + :details => _verbose ? _new_prefix_create_response : nil } + end + rescue Faraday::Error + # give up aka do nothing + puts('exception') + _exception_error = true + end end - end + end # if auto-create prefix + _prefixes = collect_values(crush(_prefixes)) _lookup_result = _prefixes unless (_lookup_type != :ip_prefix) end # _lookup_type == :ip_prefix @@ -865,6 +851,43 @@ def clean_manuf_string(val) new_val end +def lookup_autopopulate_site(default_site, nb, nb_headers) + @site_hash.getset(default_site) { + begin + _site = nil + + # look it up first + _query = { :offset => 0, + :limit => 1, + :name => default_site } + if (_sites_response = nb.get('dcim/sites/', _query).body) && + _sites_response.is_a?(Hash) && + (_tmp_sites = _sites_response.fetch(:results, [])) && + (_tmp_sites.length() > 0) + then + _site = _tmp_sites.first + end + + if _site.nil? + # the device site is not found, create it + _site_data = { :name => default_site, + :slug => default_site.to_url, + :status => "active" } + if (_site_create_response = nb.post('dcim/sites/', _site_data.to_json, nb_headers).body) && + _site_create_response.is_a?(Hash) && + _site_create_response.has_key?(:id) + then + _site = _site_create_response + end + end + + rescue Faraday::Error + # give up aka do nothing + end + _site + } +end + ############################################################################### # tests diff --git a/scripts/install.py b/scripts/install.py index 6b80dc0f0..5e22d2870 100755 --- a/scripts/install.py +++ b/scripts/install.py @@ -1697,7 +1697,7 @@ def tweak_malcolm_runtime(self, malcolm_install_path): # create missing NetBox subnet prefixes based on observed network traffic EnvValue( os.path.join(args.configDir, 'netbox-common.env'), - 'NETBOX_AUTOCREATE_PREFIX', + 'NETBOX_AUTO_CREATE_PREFIX', TrueOrFalseNoQuote(netboxLogstashAutoSubnets), ), # populate the NetBox inventory based on observed network traffic From 9aed3b124068959b80cefaefa06a5dad231db637 Mon Sep 17 00:00:00 2001 From: Seth Grover Date: Fri, 15 Mar 2024 13:44:21 -0600 Subject: [PATCH 36/79] netbox_enrich.rb major refactoring while working on idaholab/Malcolm#436 --- logstash/ruby/netbox_enrich.rb | 1051 ++++++++++++++++++-------------- 1 file changed, 579 insertions(+), 472 deletions(-) diff --git a/logstash/ruby/netbox_enrich.rb b/logstash/ruby/netbox_enrich.rb index c0c473430..d5d38d808 100644 --- a/logstash/ruby/netbox_enrich.rb +++ b/logstash/ruby/netbox_enrich.rb @@ -2,7 +2,10 @@ def concurrency :shared end -def register(params) +def register( + params +) + require 'date' require 'faraday' require 'fuzzystringmatch' @@ -247,27 +250,20 @@ def register(params) IPAddr.new('192.168.0.0/16'), ].freeze + @nb_headers = { 'Content-Type': 'application/json' }.freeze + end -def filter(event) +def filter( + event +) _key = event.get("#{@source}") if (not @netbox_enabled) || @lookup_type.nil? || @lookup_type.empty? || _key.nil? || _key.empty? return [event] end _key_ip = IPAddr.new(_key) rescue nil - _url = @netbox_url - _url_base = @netbox_url_base - _url_suffix = @netbox_url_suffix - _token = @netbox_token - _cache_size = @cache_size - _cache_ttl = @cache_ttl - _page_size = @page_size - _verbose = @verbose - _lookup_type = @lookup_type - _lookup_site = @lookup_site _lookup_service_port = (@lookup_service ? event.get("#{@lookup_service_port_source}") : nil).to_i - _autopopulate = @autopopulate _autopopulate_default_manuf = (@default_manuf.nil? || @default_manuf.empty?) ? "Unspecified" : @default_manuf _autopopulate_default_role = (@default_role.nil? || @default_role.empty?) ? "Unspecified" : @default_role _autopopulate_default_dtype = (@default_dtype.nil? || @default_dtype.empty?) ? "Unspecified" : @default_dtype @@ -275,370 +271,58 @@ def filter(event) _autopopulate_hostname = event.get("#{@source_hostname}") _autopopulate_mac = event.get("#{@source_mac}") _autopopulate_oui = event.get("#{@source_oui}") - _autopopulate_fuzzy_threshold = @autopopulate_fuzzy_threshold - _autopopulate_create_manuf = @autopopulate_create_manuf && !_autopopulate_oui.nil? && !_autopopulate_oui.empty? - _autopopulate_create_prefix = @autopopulate_create_prefix - _result = @cache_hash.getset(_lookup_type){ - LruRedux::TTL::ThreadSafeCache.new(_cache_size, _cache_ttl) + _result = @cache_hash.getset(@lookup_type){ + LruRedux::TTL::ThreadSafeCache.new(@cache_size, @cache_ttl) }.getset(_key){ - _nb = Faraday.new(_url) do |conn| - conn.request :authorization, 'Token', _token + _nb = Faraday.new(@netbox_url) do |conn| + conn.request :authorization, 'Token', @netbox_token conn.request :url_encoded conn.response :json, :parser_options => { :symbolize_names => true } end - _nb_headers = { 'Content-Type': 'application/json' } _lookup_result = nil _autopopulate_device = nil _autopopulate_role = nil _autopopulate_dtype = nil - _autopopulate_interface = nil - _autopopulate_ip = nil _autopopulate_manuf = nil _autopopulate_site = nil _prefixes = nil _devices = nil - _exception_error = false # handle :ip_device first, because if we're doing autopopulate we're also going to use # some of the logic from :ip_prefix - if (_lookup_type == :ip_device) + if (@lookup_type == :ip_device) ################################################################################# # retrieve the list of IP addresses where address matches the search key, limited to "assigned" addresses. # then, for those IP addresses, search for devices pertaining to the interfaces assigned to each # IP address (e.g., ipam.ip_address -> dcim.interface -> dcim.device, or # ipam.ip_address -> virtualization.interface -> virtualization.virtual_machine) - _devices = Array.new - _query = { :address => _key, - :offset => 0, - :limit => _page_size } - begin - while true do - if (_ip_addresses_response = _nb.get('ipam/ip-addresses/', _query).body) && - _ip_addresses_response.is_a?(Hash) - then - _tmp_ip_addresses = _ip_addresses_response.fetch(:results, []) - _tmp_ip_addresses.each do |i| - _is_device = nil - if (_obj = i.fetch(:assigned_object, nil)) && - ((_device_obj = _obj.fetch(:device, nil)) || - (_virtualized_obj = _obj.fetch(:virtual_machine, nil))) - then - _is_device = !_device_obj.nil? - _device = _is_device ? _device_obj : _virtualized_obj - # if we can, follow the :assigned_object's "full" device URL to get more information - _device = (_device.has_key?(:url) && (_full_device = _nb.get(_device[:url].delete_prefix(_url_base).delete_prefix(_url_suffix).delete_prefix("/")).body)) ? _full_device : _device - _device_id = _device.fetch(:id, nil) - _device_site = ((_site = _device.fetch(:site, nil)) && _site&.has_key?(:name)) ? _site[:name] : _site&.fetch(:display, nil) - next unless (_device_site.to_s.downcase == _lookup_site.to_s.downcase) || _lookup_site.nil? || _lookup_site.empty? || _device_site.nil? || _device_site.empty? - # look up service if requested (based on device/vm found and service port) - if (_lookup_service_port > 0) - _services = Array.new - _service_query = { (_is_device ? :device_id : :virtual_machine_id) => _device_id, :port => _lookup_service_port, :offset => 0, :limit => _page_size } - while true do - if (_services_response = _nb.get('ipam/services/', _service_query).body) && - _services_response.is_a?(Hash) - then - _tmp_services = _services_response.fetch(:results, []) - _services.unshift(*_tmp_services) unless _tmp_services.nil? || _tmp_services.empty? - _service_query[:offset] += _tmp_services.length() - break unless (_tmp_services.length() >= _page_size) - else - break - end - end - _device[:service] = _services - end - # non-verbose output is flatter with just names { :name => "name", :id => "id", ... } - # if _verbose, include entire object as :details - _devices << { :name => _device.fetch(:name, _device.fetch(:display, nil)), - :id => _device_id, - :url => _device.fetch(:url, nil), - :service => _device.fetch(:service, []).map {|s| s.fetch(:name, s.fetch(:display, nil)) }, - :site => _device_site, - :role => ((_role = _device.fetch(:role, nil)) && _role&.has_key?(:name)) ? _role[:name] : _role&.fetch(:display, nil), - :cluster => ((_cluster = _device.fetch(:cluster, nil)) && _cluster&.has_key?(:name)) ? _cluster[:name] : _cluster&.fetch(:display, nil), - :device_type => ((_dtype = _device.fetch(:device_type, nil)) && _dtype&.has_key?(:name)) ? _dtype[:name] : _dtype&.fetch(:display, nil), - :manufacturer => ((_manuf = _device.dig(:device_type, :manufacturer)) && _manuf&.has_key?(:name)) ? _manuf[:name] : _manuf&.fetch(:display, nil), - :details => _verbose ? _device : nil } - end - end - _query[:offset] += _tmp_ip_addresses.length() - break unless (_tmp_ip_addresses.length() >= _page_size) - else - # weird/bad response, bail - _exception_error = true - break - end - end # while true - rescue Faraday::Error - # give up aka do nothing - _exception_error = true - end - - if _autopopulate && (_query[:offset] == 0) && !_exception_error && _key_ip&.private? + _devices = lookup_devices(_key, @lookup_site, _lookup_service_port, @netbox_url_base, @netbox_url_suffix, _nb) + if @autopopulate && (_devices.nil? || _devices.empty?) && _key_ip&.private? # no results found, autopopulate enabled, private-space IP address... # let's create an entry for this device - - # if MAC is set but OUI is not, do a quick lookup - if (!_autopopulate_mac.nil? && !_autopopulate_mac.empty?) && - (_autopopulate_oui.nil? || _autopopulate_oui.empty?) - then - case _autopopulate_mac - when String - if @macregex.match?(_autopopulate_mac) - _macint = mac_string_to_integer(_autopopulate_mac) - _vendor = @macarray.bsearch{ |_vendormac| (_macint < _vendormac[0]) ? -1 : ((_macint > _vendormac[1]) ? 1 : 0)} - _autopopulate_oui = _vendor[2] unless _vendor.nil? - end # _autopopulate_mac matches @macregex - when Array - _autopopulate_mac.each do |_addr| - if @macregex.match?(_addr) - _macint = mac_string_to_integer(_addr) - _vendor = @macarray.bsearch{ |_vendormac| (_macint < _vendormac[0]) ? -1 : ((_macint > _vendormac[1]) ? 1 : 0)} - if !_vendor.nil? - _autopopulate_oui = _vendor[2] - break - end # !_vendor.nil? - end # _addr matches @macregex - end # _autopopulate_mac.each do - end # case statement _autopopulate_mac String vs. Array - end # MAC is populated but OUI is not - - # match/look up manufacturer based on OUI - if !_autopopulate_oui.nil? && !_autopopulate_oui.empty? - - _autopopulate_oui = _autopopulate_oui.first() unless !_autopopulate_oui.is_a?(Array) - - # does it look like a VM or a regular device? - if @vm_namesarray.include?(_autopopulate_oui.downcase) - # looks like this is probably a virtual machine - _autopopulate_manuf = { :name => _autopopulate_oui, - :match => 1.0, - :vm => true, - :id => nil } - - else - # looks like this is not a virtual machine (or we can't tell) so assume its' a regular device - _autopopulate_manuf = @manuf_hash.getset(_autopopulate_oui) { - _fuzzy_matcher = FuzzyStringMatch::JaroWinkler.create( :pure ) - _autopopulate_oui_cleaned = clean_manuf_string(_autopopulate_oui.to_s) - _manufs = Array.new - # fetch the manufacturers to do the comparison. this is a lot of work - # and not terribly fast but once the hash it populated it shouldn't happen too often - _query = { :offset => 0, - :limit => _page_size } - begin - while true do - if (_manufs_response = _nb.get('dcim/manufacturers/', _query).body) && - _manufs_response.is_a?(Hash) - then - _tmp_manufs = _manufs_response.fetch(:results, []) - _tmp_manufs.each do |_manuf| - _tmp_name = _manuf.fetch(:name, _manuf.fetch(:display, nil)) - _tmp_distance = _fuzzy_matcher.getDistance(clean_manuf_string(_tmp_name.to_s), _autopopulate_oui_cleaned) - if (_tmp_distance >= _autopopulate_fuzzy_threshold) then - _manufs << { :name => _tmp_name, - :id => _manuf.fetch(:id, nil), - :url => _manuf.fetch(:url, nil), - :match => _tmp_distance, - :vm => false - } - end - end - _query[:offset] += _tmp_manufs.length() - break unless (_tmp_manufs.length() >= _page_size) - else - break - end - end - rescue Faraday::Error - # give up aka do nothing - _exception_error = true - end - # return the manuf with the highest match - # puts('0. %{key}: %{matches}' % { key: _autopopulate_oui_cleaned, matches: JSON.generate(_manufs) })-] - !_manufs&.empty? ? _manufs.max_by{|k| k[:match] } : nil - } - end # virtual machine vs. regular device - end # _autopopulate_oui specified - - # puts('1. %{key}: %{found}' % { key: _autopopulate_oui, found: JSON.generate(_autopopulate_manuf) }) - if !_autopopulate_manuf.is_a?(Hash) - # no match was found at ANY match level (empty database or no OUI specified), set default ("unspecified") manufacturer - _autopopulate_manuf = { :name => _autopopulate_create_manuf ? _autopopulate_oui : _autopopulate_default_manuf, - :match => 0.0, - :vm => false, - :id => nil} - end - # puts('2. %{key}: %{found}' % { key: _autopopulate_oui, found: JSON.generate(_autopopulate_manuf) }) - - # make sure the site and role exists - _autopopulate_site = lookup_autopopulate_site(_autopopulate_default_site, _nb, _nb_headers) - - _autopopulate_role = @role_hash.getset(_autopopulate_default_role) { - begin - _role = nil - - # look it up first - _query = { :offset => 0, - :limit => 1, - :name => _autopopulate_default_role } - if (_roles_response = _nb.get('dcim/device-roles/', _query).body) && - _roles_response.is_a?(Hash) && - (_tmp_roles = _roles_response.fetch(:results, [])) && - (_tmp_roles.length() > 0) - then - _role = _tmp_roles.first - end - - if _role.nil? - # the role is not found, create it - _role_data = { :name => _autopopulate_default_role, - :slug => _autopopulate_default_role.to_url, - :color => "d3d3d3" } - if (_role_create_response = _nb.post('dcim/device-roles/', _role_data.to_json, _nb_headers).body) && - _role_create_response.is_a?(Hash) && - _role_create_response.has_key?(:id) - then - _role = _role_create_response - end - end - - rescue Faraday::Error - # give up aka do nothing - _exception_error = true - end - _role - } - - # we should have found or created the autopopulate role and site - begin - if _autopopulate_site&.fetch(:id, nil)&.nonzero? && - _autopopulate_role&.fetch(:id, nil)&.nonzero? - then - - if _autopopulate_manuf[:vm] - # a virtual machine - _device_name = _autopopulate_hostname.to_s.empty? ? "#{_autopopulate_manuf[:name]} @ #{_key}" : "#{_autopopulate_hostname} @ #{_key}" - _device_data = { :name => _device_name, - :site => _autopopulate_site[:id], - :status => "staged" } - if (_device_create_response = _nb.post('virtualization/virtual-machines/', _device_data.to_json, _nb_headers).body) && - _device_create_response.is_a?(Hash) && - _device_create_response.has_key?(:id) - then - _autopopulate_device = _device_create_response - end - - else - # a regular non-vm device - - if !_autopopulate_manuf.fetch(:id, nil)&.nonzero? - # the manufacturer was default (not found) so look it up first - _query = { :offset => 0, - :limit => 1, - :name => _autopopulate_manuf[:name] } - if (_manufs_response = _nb.get('dcim/manufacturers/', _query).body) && - _manufs_response.is_a?(Hash) && - (_tmp_manufs = _manufs_response.fetch(:results, [])) && - (_tmp_manufs.length() > 0) - then - _autopopulate_manuf[:id] = _tmp_manufs.first.fetch(:id, nil) - _autopopulate_manuf[:match] = 1.0 - end - end - # puts('3. %{key}: %{found}' % { key: _autopopulate_oui, found: JSON.generate(_autopopulate_manuf) }) - - if !_autopopulate_manuf.fetch(:id, nil)&.nonzero? - # the manufacturer is still not found, create it - _manuf_data = { :name => _autopopulate_manuf[:name], - :slug => _autopopulate_manuf[:name].to_url } - if (_manuf_create_response = _nb.post('dcim/manufacturers/', _manuf_data.to_json, _nb_headers).body) && - _manuf_create_response.is_a?(Hash) - then - _autopopulate_manuf[:id] = _manuf_create_response.fetch(:id, nil) - _autopopulate_manuf[:match] = 1.0 - end - # puts('4. %{key}: %{created}' % { key: _autopopulate_manuf, created: JSON.generate(_manuf_create_response) }) - end - - # at this point we *must* have the manufacturer ID - if _autopopulate_manuf.fetch(:id, nil)&.nonzero? - - # make sure the desired device type also exists, look it up first - _query = { :offset => 0, - :limit => 1, - :manufacturer_id => _autopopulate_manuf[:id], - :model => _autopopulate_default_dtype } - if (_dtypes_response = _nb.get('dcim/device-types/', _query).body) && - _dtypes_response.is_a?(Hash) && - (_tmp_dtypes = _dtypes_response.fetch(:results, [])) && - (_tmp_dtypes.length() > 0) - then - _autopopulate_dtype = _tmp_dtypes.first - end - - if _autopopulate_dtype.nil? - # the device type is not found, create it - _dtype_data = { :manufacturer => _autopopulate_manuf[:id], - :model => _autopopulate_default_dtype, - :slug => _autopopulate_default_dtype.to_url } - if (_dtype_create_response = _nb.post('dcim/device-types/', _dtype_data.to_json, _nb_headers).body) && - _dtype_create_response.is_a?(Hash) && - _dtype_create_response.has_key?(:id) - then - _autopopulate_dtype = _dtype_create_response - end - end - - # # now we must also have the device type ID - if _autopopulate_dtype&.fetch(:id, nil)&.nonzero? - - # create the device - _device_name = _autopopulate_hostname.to_s.empty? ? "#{_autopopulate_manuf[:name]} @ #{_key}" : "#{_autopopulate_hostname} @ #{_key}" - _device_data = { :name => _device_name, - :device_type => _autopopulate_dtype[:id], - :role => _autopopulate_role[:id], - :site => _autopopulate_site[:id], - :status => "staged" } - if (_device_create_response = _nb.post('dcim/devices/', _device_data.to_json, _nb_headers).body) && - _device_create_response.is_a?(Hash) && - _device_create_response.has_key?(:id) - then - _autopopulate_device = _device_create_response - end - - else - # didn't figure out the device type ID, make sure we're not setting something half-populated - _autopopulate_dtype = nil - end # _autopopulate_dtype[:id] is valid - - else - # didn't figure out the manufacturer ID, make sure we're not setting something half-populated - _autopopulate_manuf = nil - end # _autopopulate_manuf[:id] is valid - - end # virtual machine vs. regular device - - else - # didn't figure out the IDs, make sure we're not setting something half-populated - _autopopulate_site = nil - _autopopulate_role = nil - end # site and role are valid - - rescue Faraday::Error - # give up aka do nothing - _exception_error = true - end - + _autopopulate_device, + _autopopulate_role, + _autopopulate_dtype, + _autopopulate_oui, + _autopopulate_manuf, + _autopopulate_site = autopopulate_devices(_key, + _autopopulate_mac, + _autopopulate_oui, + _autopopulate_default_site, + _autopopulate_default_role, + _autopopulate_default_dtype, + _autopopulate_default_manuf, + _autopopulate_hostname, + _nb) if !_autopopulate_device.nil? - # puts('5. %{key}: %{found}' % { key: _autopopulate_oui, found: JSON.generate(_autopopulate_manuf) }) + # puts('5. %{key}: %{found}' % { key: autopopulate_oui, found: JSON.generate(_autopopulate_manuf) }) # we created a device, so send it back out as the result for the event as well + _devices = Array.new unless _devices.is_a?(Array) _devices << { :name => _autopopulate_device&.fetch(:name, _autopopulate_device&.fetch(:display, nil)), :id => _autopopulate_device&.fetch(:id, nil), :url => _autopopulate_device&.fetch(:url, nil), @@ -646,138 +330,42 @@ def filter(event) :role => _autopopulate_role&.fetch(:name, nil), :device_type => _autopopulate_dtype&.fetch(:name, nil), :manufacturer => _autopopulate_manuf&.fetch(:name, nil), - :details => _verbose ? _autopopulate_device : nil } + :details => @verbose ? _autopopulate_device : nil } end # _autopopulate_device was not nil (i.e., we autocreated a device) - end # _autopopulate turned on and no results found _devices = collect_values(crush(_devices)) _devices.fetch(:service, [])&.flatten!&.uniq! _lookup_result = _devices - end # _lookup_type == :ip_device + end # @lookup_type == :ip_device # this || is because we are going to need to do the prefix lookup if we're autopopulating # as well as if we're specifically requested to do that enrichment - if (_lookup_type == :ip_prefix) || !_autopopulate_device.nil? + if (@lookup_type == :ip_prefix) || !_autopopulate_device.nil? ################################################################################# # retrieve the list of IP address prefixes containing the search key - _prefixes = Array.new - _query = { :contains => _key, - :offset => 0, - :limit => _page_size } - _query[:site_n] = _lookup_site unless _lookup_site.nil? || _lookup_site.empty? - begin - while true do - if (_prefixes_response = _nb.get('ipam/prefixes/', _query).body) && - _prefixes_response.is_a?(Hash) - then - _tmp_prefixes = _prefixes_response.fetch(:results, []) - _tmp_prefixes.each do |p| - # non-verbose output is flatter with just names { :name => "name", :id => "id", ... } - # if _verbose, include entire object as :details - _prefixName = p.fetch(:description, nil) - if _prefixName.nil? || _prefixName.empty? - _prefixName = p.fetch(:display, p.fetch(:prefix, nil)) - end - _prefixes << { :name => _prefixName, - :id => p.fetch(:id, nil), - :site => ((_site = p.fetch(:site, nil)) && _site&.has_key?(:name)) ? _site[:name] : _site&.fetch(:display, nil), - :tenant => ((_tenant = p.fetch(:tenant, nil)) && _tenant&.has_key?(:name)) ? _tenant[:name] : _tenant&.fetch(:display, nil), - :url => p.fetch(:url, p.fetch(:url, nil)), - :details => _verbose ? p : nil } - end - _query[:offset] += _tmp_prefixes.length() - break unless (_tmp_prefixes.length() >= _page_size) - else - break - end - end - rescue Faraday::Error - # give up aka do nothing - _exception_error = true - end + _prefixes = lookup_prefixes(_key, @lookup_site, _nb) - # TODO: ipv6? - if _prefixes.empty? && !_key_ip&.ipv6? && _key_ip&.private? && _autopopulate_create_prefix + # TODO: ipv6? + if (_prefixes.nil? || _prefixes.empty?) && !_key_ip&.ipv6? && _key_ip&.private? && @autopopulate_create_prefix # we didn't find a prefix containing this private-space IPv4 address and auto-create is true - _private_ip_subnet = @private_ip_subnets.find { |subnet| subnet.include?(_key_ip) } - if !_private_ip_subnet.nil? - _new_prefix_ip = _key_ip.mask([_private_ip_subnet.prefix() + 8, 24].min) - _new_prefix_name = _new_prefix_ip.to_s - if !_new_prefix_name.to_s.include?('/') - _new_prefix_name += '/' + _new_prefix_ip.prefix().to_s - end - _autopopulate_site = lookup_autopopulate_site(_autopopulate_default_site, _nb, _nb_headers) - _prefix_data = { :prefix => _new_prefix_name, - :description => _new_prefix_name, - :site => _autopopulate_site&.fetch(:id, nil), - :status => "active" } - begin - _new_prefix_create_response = _nb.post('ipam/prefixes/', _prefix_data.to_json, _nb_headers).body - if _new_prefix_create_response && - _new_prefix_create_response.is_a?(Hash) && - _new_prefix_create_response.has_key?(:id) - then - _prefixes << { :name => _new_prefix_name, - :id => _new_prefix_create_response.fetch(:id, nil), - :site => ((_site = _new_prefix_create_response.fetch(:site, nil)) && _site&.has_key?(:name)) ? _site[:name] : _site&.fetch(:display, nil), - :tenant => ((_tenant = _new_prefix_create_response.fetch(:tenant, nil)) && _tenant&.has_key?(:name)) ? _tenant[:name] : _tenant&.fetch(:display, nil), - :url => _new_prefix_create_response.fetch(:url, _new_prefix_create_response.fetch(:url, nil)), - :details => _verbose ? _new_prefix_create_response : nil } - end - rescue Faraday::Error - # give up aka do nothing - puts('exception') - _exception_error = true - end - end + _prefix_info = autopopulate_prefixes(_key_ip, _autopopulate_default_site, _nb) + _prefixes = Array.new unless _prefixes.is_a?(Array) + _prefixes << _prefix_info end # if auto-create prefix _prefixes = collect_values(crush(_prefixes)) - _lookup_result = _prefixes unless (_lookup_type != :ip_prefix) - end # _lookup_type == :ip_prefix + _lookup_result = _prefixes unless (@lookup_type != :ip_prefix) + end # @lookup_type == :ip_prefix if !_autopopulate_device.nil? && _autopopulate_device.fetch(:id, nil)&.nonzero? # device has been created, we need to create an interface for it - _interface_data = { _autopopulate_manuf[:vm] ? :virtual_machine : :device => _autopopulate_device[:id], - :name => "e0", - :type => "other" } - if !_autopopulate_mac.nil? && !_autopopulate_mac.empty? - _interface_data[:mac_address] = _autopopulate_mac.is_a?(Array) ? _autopopulate_mac.first : _autopopulate_mac - end - if (_interface_create_reponse = _nb.post(_autopopulate_manuf[:vm] ? 'virtualization/interfaces/' : 'dcim/interfaces/', _interface_data.to_json, _nb_headers).body) && - _interface_create_reponse.is_a?(Hash) && - _interface_create_reponse.has_key?(:id) - then - _autopopulate_interface = _interface_create_reponse - end - - if !_autopopulate_interface.nil? && _autopopulate_interface.fetch(:id, nil)&.nonzero? - # interface has been created, we need to create an IP address for it - _ip_data = { :address => "#{_key}/#{_key_ip&.prefix()}", - :assigned_object_type => _autopopulate_manuf[:vm] ? "virtualization.vminterface" : "dcim.interface", - :assigned_object_id => _autopopulate_interface[:id], - :status => "active" } - if (_ip_create_reponse = _nb.post('ipam/ip-addresses/', _ip_data.to_json, _nb_headers).body) && - _ip_create_reponse.is_a?(Hash) && - _ip_create_reponse.has_key?(:id) - then - _autopopulate_ip = _ip_create_reponse - end - end # check if interface was created and has ID - - if !_autopopulate_ip.nil? && _autopopulate_ip.fetch(:id, nil)&.nonzero? - # IP address was created, need to associate it as the primary IP for the device - _primary_ip_data = { _key_ip&.ipv6? ? :primary_ip6 : :primary_ip4 => _autopopulate_ip[:id] } - if (_ip_primary_reponse = _nb.patch("#{_autopopulate_manuf[:vm] ? 'virtualization/virtual-machines' : 'dcim/devices'}/#{_autopopulate_device[:id]}/", _primary_ip_data.to_json, _nb_headers).body) && - _ip_primary_reponse.is_a?(Hash) && - _ip_primary_reponse.has_key?(:id) - then - _autopopulate_device = _ip_create_reponse - end - end # check if the IP address was created and has an ID - + _autopopulate_device = create_device_interface(_key, + _autopopulate_device, + _autopopulate_manuf, + _autopopulate_mac, + _nb) end # check if device was created and has ID # yield return value for cache_hash getset @@ -786,7 +374,7 @@ def filter(event) if !_result.nil? && _result.has_key?(:url) && !_result[:url]&.empty? _result[:url].map! { |u| u.delete_prefix(@netbox_url_base).gsub('/api/', '/') } - if (_lookup_type == :ip_device) && + if (@lookup_type == :ip_device) && (!_result.has_key?(:device_type) || _result[:device_type]&.empty?) && _result[:url].any? { |u| u.include? "virtual-machines" } then @@ -798,11 +386,15 @@ def filter(event) [event] end -def mac_string_to_integer(string) +def mac_string_to_integer( + string +) string.tr('.:-','').to_i(16) end -def psych_load_yaml(filename) +def psych_load_yaml( + filename +) parser = Psych::Parser.new(Psych::TreeBuilder.new) parser.code_point_limit = 64*1024*1024 parser.parse(IO.read(filename, :mode => 'r:bom|utf-8')) @@ -814,12 +406,16 @@ def psych_load_yaml(filename) end end -def collect_values(hashes) +def collect_values( + hashes +) # https://stackoverflow.com/q/5490952 hashes.reduce({}){ |h, pairs| pairs.each { |k,v| (h[k] ||= []) << v}; h } end -def crush(thing) +def crush( + thing +) if thing.is_a?(Array) thing.each_with_object([]) do |v, a| v = crush(v) @@ -835,7 +431,9 @@ def crush(thing) end end -def clean_manuf_string(val) +def clean_manuf_string( + val +) # 0. downcase # 1. replace commas with spaces # 2. remove all punctuation (except parens) @@ -851,15 +449,18 @@ def clean_manuf_string(val) new_val end -def lookup_autopopulate_site(default_site, nb, nb_headers) - @site_hash.getset(default_site) { +def lookup_or_create_site( + site_name, + nb +) + @site_hash.getset(site_name) { begin _site = nil # look it up first _query = { :offset => 0, :limit => 1, - :name => default_site } + :name => site_name } if (_sites_response = nb.get('dcim/sites/', _query).body) && _sites_response.is_a?(Hash) && (_tmp_sites = _sites_response.fetch(:results, [])) && @@ -870,10 +471,10 @@ def lookup_autopopulate_site(default_site, nb, nb_headers) if _site.nil? # the device site is not found, create it - _site_data = { :name => default_site, - :slug => default_site.to_url, + _site_data = { :name => site_name, + :slug => site_name.to_url, :status => "active" } - if (_site_create_response = nb.post('dcim/sites/', _site_data.to_json, nb_headers).body) && + if (_site_create_response = nb.post('dcim/sites/', _site_data.to_json, @nb_headers).body) && _site_create_response.is_a?(Hash) && _site_create_response.has_key?(:id) then @@ -888,6 +489,512 @@ def lookup_autopopulate_site(default_site, nb, nb_headers) } end +def lookup_manuf( + oui, + nb +) + @manuf_hash.getset(oui) { + _fuzzy_matcher = FuzzyStringMatch::JaroWinkler.create( :pure ) + _oui_cleaned = clean_manuf_string(oui.to_s) + _manufs = Array.new + # fetch the manufacturers to do the comparison. this is a lot of work + # and not terribly fast but once the hash it populated it shouldn't happen too often + _query = { :offset => 0, + :limit => @page_size } + begin + while true do + if (_manufs_response = nb.get('dcim/manufacturers/', _query).body) && + _manufs_response.is_a?(Hash) + then + _tmp_manufs = _manufs_response.fetch(:results, []) + _tmp_manufs.each do |_manuf| + _tmp_name = _manuf.fetch(:name, _manuf.fetch(:display, nil)) + _tmp_distance = _fuzzy_matcher.getDistance(clean_manuf_string(_tmp_name.to_s), _oui_cleaned) + if (_tmp_distance >= @autopopulate_fuzzy_threshold) then + _manufs << { :name => _tmp_name, + :id => _manuf.fetch(:id, nil), + :url => _manuf.fetch(:url, nil), + :match => _tmp_distance, + :vm => false + } + end + end + _query[:offset] += _tmp_manufs.length() + break unless (_tmp_manufs.length() >= @page_size) + else + break + end + end + rescue Faraday::Error + # give up aka do nothing + end + # return the manuf with the highest match + # puts('0. %{key}: %{matches}' % { key: _autopopulate_oui_cleaned, matches: JSON.generate(_manufs) })-] + !_manufs&.empty? ? _manufs.max_by{|k| k[:match] } : nil + } +end + +def lookup_prefixes( + ip_str, + lookup_site, + nb +) + prefixes = Array.new + + _query = { :contains => ip_str, + :offset => 0, + :limit => @page_size } + _query[:site_n] = lookup_site unless lookup_site.nil? || lookup_site.empty? + begin + while true do + if (_prefixes_response = nb.get('ipam/prefixes/', _query).body) && + _prefixes_response.is_a?(Hash) + then + _tmp_prefixes = _prefixes_response.fetch(:results, []) + _tmp_prefixes.each do |p| + # non-verbose output is flatter with just names { :name => "name", :id => "id", ... } + # if verbose, include entire object as :details + _prefixName = p.fetch(:description, nil) + if _prefixName.nil? || _prefixName.empty? + _prefixName = p.fetch(:display, p.fetch(:prefix, nil)) + end + prefixes << { :name => _prefixName, + :id => p.fetch(:id, nil), + :site => ((_site = p.fetch(:site, nil)) && _site&.has_key?(:name)) ? _site[:name] : _site&.fetch(:display, nil), + :tenant => ((_tenant = p.fetch(:tenant, nil)) && _tenant&.has_key?(:name)) ? _tenant[:name] : _tenant&.fetch(:display, nil), + :url => p.fetch(:url, p.fetch(:url, nil)), + :details => @verbose ? p : nil } + end + _query[:offset] += _tmp_prefixes.length() + break unless (_tmp_prefixes.length() >= @page_size) + else + break + end + end + rescue Faraday::Error + # give up aka do nothing + end + + prefixes +end + +def lookup_or_create_role( + role_name, + nb +) + @role_hash.getset(role_name) { + begin + _role = nil + + # look it up first + _query = { :offset => 0, + :limit => 1, + :name => role_name } + if (_roles_response = nb.get('dcim/device-roles/', _query).body) && + _roles_response.is_a?(Hash) && + (_tmp_roles = _roles_response.fetch(:results, [])) && + (_tmp_roles.length() > 0) + then + _role = _tmp_roles.first + end + + if _role.nil? + # the role is not found, create it + _role_data = { :name => role_name, + :slug => role_name.to_url, + :color => "d3d3d3" } + if (_role_create_response = nb.post('dcim/device-roles/', _role_data.to_json, @nb_headers).body) && + _role_create_response.is_a?(Hash) && + _role_create_response.has_key?(:id) + then + _role = _role_create_response + end + end + + rescue Faraday::Error + # give up aka do nothing + end + _role + } +end + +def lookup_devices( + ip_str, + lookup_site, + lookup_service_port, + url_base, + url_suffix, + nb +) + _devices = Array.new + _query = { :address => ip_str, + :offset => 0, + :limit => @page_size } + begin + while true do + if (_ip_addresses_response = nb.get('ipam/ip-addresses/', _query).body) && + _ip_addresses_response.is_a?(Hash) + then + _tmp_ip_addresses = _ip_addresses_response.fetch(:results, []) + _tmp_ip_addresses.each do |i| + _is_device = nil + if (_obj = i.fetch(:assigned_object, nil)) && + ((_device_obj = _obj.fetch(:device, nil)) || + (_virtualized_obj = _obj.fetch(:virtual_machine, nil))) + then + _is_device = !_device_obj.nil? + _device = _is_device ? _device_obj : _virtualized_obj + # if we can, follow the :assigned_object's "full" device URL to get more information + _device = (_device.has_key?(:url) && (_full_device = nb.get(_device[:url].delete_prefix(url_base).delete_prefix(url_suffix).delete_prefix("/")).body)) ? _full_device : _device + _device_id = _device.fetch(:id, nil) + _device_site = ((_site = _device.fetch(:site, nil)) && _site&.has_key?(:name)) ? _site[:name] : _site&.fetch(:display, nil) + next unless (_device_site.to_s.downcase == lookup_site.to_s.downcase) || lookup_site.nil? || lookup_site.empty? || _device_site.nil? || _device_site.empty? + # look up service if requested (based on device/vm found and service port) + if (lookup_service_port > 0) + _services = Array.new + _service_query = { (_is_device ? :device_id : :virtual_machine_id) => _device_id, :port => lookup_service_port, :offset => 0, :limit => @page_size } + while true do + if (_services_response = nb.get('ipam/services/', _service_query).body) && + _services_response.is_a?(Hash) + then + _tmp_services = _services_response.fetch(:results, []) + _services.unshift(*_tmp_services) unless _tmp_services.nil? || _tmp_services.empty? + _service_query[:offset] += _tmp_services.length() + break unless (_tmp_services.length() >= @page_size) + else + break + end + end + _device[:service] = _services + end + # non-verbose output is flatter with just names { :name => "name", :id => "id", ... } + # if verbose, include entire object as :details + _devices << { :name => _device.fetch(:name, _device.fetch(:display, nil)), + :id => _device_id, + :url => _device.fetch(:url, nil), + :service => _device.fetch(:service, []).map {|s| s.fetch(:name, s.fetch(:display, nil)) }, + :site => _device_site, + :role => ((_role = _device.fetch(:role, nil)) && _role&.has_key?(:name)) ? _role[:name] : _role&.fetch(:display, nil), + :cluster => ((_cluster = _device.fetch(:cluster, nil)) && _cluster&.has_key?(:name)) ? _cluster[:name] : _cluster&.fetch(:display, nil), + :device_type => ((_dtype = _device.fetch(:device_type, nil)) && _dtype&.has_key?(:name)) ? _dtype[:name] : _dtype&.fetch(:display, nil), + :manufacturer => ((_manuf = _device.dig(:device_type, :manufacturer)) && _manuf&.has_key?(:name)) ? _manuf[:name] : _manuf&.fetch(:display, nil), + :details => @verbose ? _device : nil } + end + end + _query[:offset] += _tmp_ip_addresses.length() + break unless (_tmp_ip_addresses.length() >= @page_size) + else + # weird/bad response, bail + break + end + end # while true + rescue Faraday::Error + # give up aka do nothing + end + _devices +end + +def autopopulate_devices( + ip_str, + autopopulate_mac, + autopopulate_oui, + autopopulate_default_site_name, + autopopulate_default_role_name, + autopopulate_default_dtype, + autopopulate_default_manuf, + autopopulate_hostname, + nb +) + + _autopopulate_device = nil + _autopopulate_role = nil + _autopopulate_dtype = nil + _autopopulate_oui = autopopulate_oui + _autopopulate_manuf = nil + _autopopulate_site = nil + + # if MAC is set but OUI is not, do a quick lookup + if (!autopopulate_mac.nil? && !autopopulate_mac.empty?) && + (_autopopulate_oui.nil? || _autopopulate_oui.empty?) + then + case autopopulate_mac + when String + if @macregex.match?(autopopulate_mac) + _macint = mac_string_to_integer(autopopulate_mac) + _vendor = @macarray.bsearch{ |_vendormac| (_macint < _vendormac[0]) ? -1 : ((_macint > _vendormac[1]) ? 1 : 0)} + _autopopulate_oui = _vendor[2] unless _vendor.nil? + end # autopopulate_mac matches @macregex + when Array + autopopulate_mac.each do |_addr| + if @macregex.match?(_addr) + _macint = mac_string_to_integer(_addr) + _vendor = @macarray.bsearch{ |_vendormac| (_macint < _vendormac[0]) ? -1 : ((_macint > _vendormac[1]) ? 1 : 0)} + if !_vendor.nil? + _autopopulate_oui = _vendor[2] + break + end # !_vendor.nil? + end # _addr matches @macregex + end # autopopulate_mac.each do + end # case statement autopopulate_mac String vs. Array + end # MAC is populated but OUI is not + + # match/look up manufacturer based on OUI + if !_autopopulate_oui.nil? && !_autopopulate_oui.empty? + + _autopopulate_oui = _autopopulate_oui.first() unless !_autopopulate_oui.is_a?(Array) + + # does it look like a VM or a regular device? + if @vm_namesarray.include?(_autopopulate_oui.downcase) + # looks like this is probably a virtual machine + _autopopulate_manuf = { :name => _autopopulate_oui, + :match => 1.0, + :vm => true, + :id => nil } + + else + # looks like this is not a virtual machine (or we can't tell) so assume its' a regular device + _autopopulate_manuf = lookup_manuf(_autopopulate_oui, nb) + end # virtual machine vs. regular device + end # _autopopulate_oui specified + + # puts('1. %{key}: %{found}' % { key: _autopopulate_oui, found: JSON.generate(_autopopulate_manuf) }) + if !_autopopulate_manuf.is_a?(Hash) + # no match was found at ANY match level (empty database or no OUI specified), set default ("unspecified") manufacturer + _autopopulate_manuf = { :name => (@autopopulate_create_manuf && !_autopopulate_oui.nil? && !_autopopulate_oui.empty?) ? _autopopulate_oui : autopopulate_default_manuf, + :match => 0.0, + :vm => false, + :id => nil} + end + # puts('2. %{key}: %{found}' % { key: _autopopulate_oui, found: JSON.generate(_autopopulate_manuf) }) + + # make sure the site and role exists + _autopopulate_site = lookup_or_create_site(autopopulate_default_site_name, nb) + _autopopulate_role = lookup_or_create_role(autopopulate_default_role_name, nb) + + # we should have found or created the autopopulate role and site + begin + if _autopopulate_site&.fetch(:id, nil)&.nonzero? && + _autopopulate_role&.fetch(:id, nil)&.nonzero? + then + + if _autopopulate_manuf[:vm] + # a virtual machine + _device_name = autopopulate_hostname.to_s.empty? ? "#{_autopopulate_manuf[:name]} @ #{ip_str}" : "#{autopopulate_hostname} @ #{ip_str}" + _device_data = { :name => _device_name, + :site => _autopopulate_site[:id], + :status => "staged" } + if (_device_create_response = nb.post('virtualization/virtual-machines/', _device_data.to_json, @nb_headers).body) && + _device_create_response.is_a?(Hash) && + _device_create_response.has_key?(:id) + then + _autopopulate_device = _device_create_response + end + + else + # a regular non-vm device + + if !_autopopulate_manuf.fetch(:id, nil)&.nonzero? + # the manufacturer was default (not found) so look it up first + _query = { :offset => 0, + :limit => 1, + :name => _autopopulate_manuf[:name] } + if (_manufs_response = nb.get('dcim/manufacturers/', _query).body) && + _manufs_response.is_a?(Hash) && + (_tmp_manufs = _manufs_response.fetch(:results, [])) && + (_tmp_manufs.length() > 0) + then + _autopopulate_manuf[:id] = _tmp_manufs.first.fetch(:id, nil) + _autopopulate_manuf[:match] = 1.0 + end + end + # puts('3. %{key}: %{found}' % { key: _autopopulate_oui, found: JSON.generate(_autopopulate_manuf) }) + + if !_autopopulate_manuf.fetch(:id, nil)&.nonzero? + # the manufacturer is still not found, create it + _manuf_data = { :name => _autopopulate_manuf[:name], + :slug => _autopopulate_manuf[:name].to_url } + if (_manuf_create_response = nb.post('dcim/manufacturers/', _manuf_data.to_json, @nb_headers).body) && + _manuf_create_response.is_a?(Hash) + then + _autopopulate_manuf[:id] = _manuf_create_response.fetch(:id, nil) + _autopopulate_manuf[:match] = 1.0 + end + # puts('4. %{key}: %{created}' % { key: _autopopulate_manuf, created: JSON.generate(_manuf_create_response) }) + end + + # at this point we *must* have the manufacturer ID + if _autopopulate_manuf.fetch(:id, nil)&.nonzero? + + # make sure the desired device type also exists, look it up first + _query = { :offset => 0, + :limit => 1, + :manufacturer_id => _autopopulate_manuf[:id], + :model => autopopulate_default_dtype } + if (_dtypes_response = nb.get('dcim/device-types/', _query).body) && + _dtypes_response.is_a?(Hash) && + (_tmp_dtypes = _dtypes_response.fetch(:results, [])) && + (_tmp_dtypes.length() > 0) + then + _autopopulate_dtype = _tmp_dtypes.first + end + + if _autopopulate_dtype.nil? + # the device type is not found, create it + _dtype_data = { :manufacturer => _autopopulate_manuf[:id], + :model => autopopulate_default_dtype, + :slug => autopopulate_default_dtype.to_url } + if (_dtype_create_response = nb.post('dcim/device-types/', _dtype_data.to_json, @nb_headers).body) && + _dtype_create_response.is_a?(Hash) && + _dtype_create_response.has_key?(:id) + then + _autopopulate_dtype = _dtype_create_response + end + end + + # # now we must also have the device type ID + if _autopopulate_dtype&.fetch(:id, nil)&.nonzero? + + # create the device + _device_name = autopopulate_hostname.to_s.empty? ? "#{_autopopulate_manuf[:name]} @ #{ip_str}" : "#{autopopulate_hostname} @ #{ip_str}" + _device_data = { :name => _device_name, + :device_type => _autopopulate_dtype[:id], + :role => _autopopulate_role[:id], + :site => _autopopulate_site[:id], + :status => "staged" } + if (_device_create_response = nb.post('dcim/devices/', _device_data.to_json, @nb_headers).body) && + _device_create_response.is_a?(Hash) && + _device_create_response.has_key?(:id) + then + _autopopulate_device = _device_create_response + end + + else + # didn't figure out the device type ID, make sure we're not setting something half-populated + _autopopulate_dtype = nil + end # _autopopulate_dtype[:id] is valid + + else + # didn't figure out the manufacturer ID, make sure we're not setting something half-populated + _autopopulate_manuf = nil + end # _autopopulate_manuf[:id] is valid + + end # virtual machine vs. regular device + + else + # didn't figure out the IDs, make sure we're not setting something half-populated + _autopopulate_site = nil + _autopopulate_role = nil + end # site and role are valid + + rescue Faraday::Error + # give up aka do nothing + end + + return _autopopulate_device, + _autopopulate_role, + _autopopulate_dtype, + _autopopulate_oui, + _autopopulate_manuf, + _autopopulate_site +end + +def autopopulate_prefixes( + ip_obj, + autopopulate_default_site, + nb +) + _prefix_data = nil + # TODO: IPv6? + _private_ip_subnet = @private_ip_subnets.find { |subnet| subnet.include?(ip_obj) } + if !_private_ip_subnet.nil? + _new_prefix_ip = ip_obj.mask([_private_ip_subnet.prefix() + 8, 24].min) + _new_prefix_name = _new_prefix_ip.to_s + if !_new_prefix_name.to_s.include?('/') + _new_prefix_name += '/' + _new_prefix_ip.prefix().to_s + end + _autopopulate_site = lookup_or_create_site(autopopulate_default_site, nb) + _prefix_post = { :prefix => _new_prefix_name, + :description => _new_prefix_name, + :site => _autopopulate_site&.fetch(:id, nil), + :status => "active" } + begin + _new_prefix_create_response = nb.post('ipam/prefixes/', _prefix_post.to_json, @nb_headers).body + if _new_prefix_create_response && + _new_prefix_create_response.is_a?(Hash) && + _new_prefix_create_response.has_key?(:id) + then + _prefix_data = { :name => _new_prefix_name, + :id => _new_prefix_create_response.fetch(:id, nil), + :site => ((_site = _new_prefix_create_response.fetch(:site, nil)) && _site&.has_key?(:name)) ? _site[:name] : _site&.fetch(:display, nil), + :tenant => ((_tenant = _new_prefix_create_response.fetch(:tenant, nil)) && _tenant&.has_key?(:name)) ? _tenant[:name] : _tenant&.fetch(:display, nil), + :url => _new_prefix_create_response.fetch(:url, _new_prefix_create_response.fetch(:url, nil)), + :details => @verbose ? _new_prefix_create_response : nil } + end + rescue Faraday::Error + # give up aka do nothing + end + end + _prefix_data +end + +def create_device_interface( + ip_str, + autopopulate_device, + autopopulate_manuf, + autopopulate_mac, + nb +) + + _autopopulate_device = autopopulate_device + _autopopulate_interface = nil + _autopopulate_ip = nil + _ip_obj = IPAddr.new(ip_str) rescue nil + + _interface_data = { autopopulate_manuf[:vm] ? :virtual_machine : :device => _autopopulate_device[:id], + :name => "e0", + :type => "other" } + if !autopopulate_mac.nil? && !autopopulate_mac.empty? + _interface_data[:mac_address] = autopopulate_mac.is_a?(Array) ? autopopulate_mac.first : autopopulate_mac + end + if (_interface_create_reponse = nb.post(autopopulate_manuf[:vm] ? 'virtualization/interfaces/' : 'dcim/interfaces/', _interface_data.to_json, @nb_headers).body) && + _interface_create_reponse.is_a?(Hash) && + _interface_create_reponse.has_key?(:id) + then + _autopopulate_interface = _interface_create_reponse + end + + if !_autopopulate_interface.nil? && _autopopulate_interface.fetch(:id, nil)&.nonzero? + # interface has been created, we need to create an IP address for it + _interface_address = ip_str + if !_interface_address.to_s.include?('/') + _interface_address += '/' + (_ip_obj.nil? ? '32' : _ip_obj.prefix().to_s) + end + _ip_data = { :address => _interface_address, + :assigned_object_type => autopopulate_manuf[:vm] ? "virtualization.vminterface" : "dcim.interface", + :assigned_object_id => _autopopulate_interface[:id], + :status => "active" } + if (_ip_create_reponse = nb.post('ipam/ip-addresses/', _ip_data.to_json, @nb_headers).body) && + _ip_create_reponse.is_a?(Hash) && + _ip_create_reponse.has_key?(:id) + then + _autopopulate_ip = _ip_create_reponse + end + end # check if interface was created and has ID + + if !_autopopulate_ip.nil? && _autopopulate_ip.fetch(:id, nil)&.nonzero? + # IP address was created, need to associate it as the primary IP for the device + _primary_ip_data = { _ip_obj&.ipv6? ? :primary_ip6 : :primary_ip4 => _autopopulate_ip[:id] } + if (_ip_primary_reponse = nb.patch("#{autopopulate_manuf[:vm] ? 'virtualization/virtual-machines' : 'dcim/devices'}/#{_autopopulate_device[:id]}/", _primary_ip_data.to_json, @nb_headers).body) && + _ip_primary_reponse.is_a?(Hash) && + _ip_primary_reponse.has_key?(:id) + then + _autopopulate_device = _ip_create_reponse + end + end # check if the IP address was created and has an ID + + _autopopulate_device +end + ############################################################################### # tests From 34d31d7c941b4a2083130417db90354394a33cc7 Mon Sep 17 00:00:00 2001 From: Seth Grover Date: Fri, 15 Mar 2024 14:34:24 -0600 Subject: [PATCH 37/79] minor fixes for zeek v6.2.0 ldap logs --- logstash/pipelines/zeek/11_zeek_parse.conf | 13 ------- logstash/pipelines/zeek/12_zeek_mutate.conf | 39 --------------------- 2 files changed, 52 deletions(-) diff --git a/logstash/pipelines/zeek/11_zeek_parse.conf b/logstash/pipelines/zeek/11_zeek_parse.conf index 58e7e7095..b6159b134 100644 --- a/logstash/pipelines/zeek/11_zeek_parse.conf +++ b/logstash/pipelines/zeek/11_zeek_parse.conf @@ -1937,12 +1937,6 @@ filter { code => "event.set('[zeek_cols]', @zeek_ldap_field_names.zip(event.get('[message]')).to_h)" } } - mutate { id => "mutate_split_zeek_ldap_commas" - split => { "[zeek_cols][operation]" => "," - "[zeek_cols][result_code]" => "," - "[zeek_cols][result_message]" => "," - "[zeek_cols][object]" => "," - "[zeek_cols][argument]" => "," } } } mutate { @@ -1990,13 +1984,6 @@ filter { code => "event.set('[zeek_cols]', @zeek_ldap_search_field_names.zip(event.get('[message]')).to_h)" } } - mutate { id => "mutate_split_zeek_ldap_search_commas" - split => { "[zeek_cols][scope]" => "," - "[zeek_cols][deref]" => "," - "[zeek_cols][attributes]" => "," - "[zeek_cols][base_object]" => "," - "[zeek_cols][result_code]" => "," - "[zeek_cols][result_message]" => "," } } } mutate { diff --git a/logstash/pipelines/zeek/12_zeek_mutate.conf b/logstash/pipelines/zeek/12_zeek_mutate.conf index 06b74ee15..636ed1dab 100644 --- a/logstash/pipelines/zeek/12_zeek_mutate.conf +++ b/logstash/pipelines/zeek/12_zeek_mutate.conf @@ -863,27 +863,6 @@ filter { ############################################################################################################################# # ldap.log specific logic - if ([zeek][ldap][object]) or ([zeek][ldap][argument]) { - ruby { - id => "ruby_zeek_ldap_object_and_arguments_adjustment" - code => " - if (objects = event.get('[zeek][ldap][object]')) and (objects.length > 0) then - objectsAdj = Array.new - objects.each do |val| - objectsAdj.push(val.gsub('\\x2c', ',')) - end - event.set('[zeek][ldap][object]', objectsAdj) - end - if (arguments = event.get('[zeek][ldap][argument]')) and (arguments.length > 0) then - argsAdj = Array.new - arguments.each do |val| - argsAdj.push(val.gsub('\\x2c', ',')) - end - event.set('[zeek][ldap][argument]', argsAdj) - end" - } - } - # map simple bind "object" and "argument" to username and password # and map to Arkime types if ("bind simple" in [zeek][ldap][operation]) { @@ -908,24 +887,6 @@ filter { merge => { "[ldap][authtype]" => "[@metadata][ldapAuthType]" } } } - } else if ([log_source] == "ldap_search") { - ############################################################################################################################# - # ldap_search.log specific logic - - if ([zeek][ldap_search][base_object]) { - ruby { - id => "ruby_zeek_ldap_search_base_object_adjustment" - code => " - if (objects = event.get('[zeek][ldap_search][base_object]')) and (objects.length > 0) then - objectsAdj = Array.new - objects.each do |val| - objectsAdj.push(val.gsub('\\x2c', ',')) - end - event.set('[zeek][ldap_search][base_object]', objectsAdj) - end" - } - } - } else if ([log_source] == "modbus") { ############################################################################################################################# # modbus.log specific logic From 699e75c6256d73d22e1c2f00149cf6fd3fb01a3f Mon Sep 17 00:00:00 2001 From: Seth Grover Date: Mon, 18 Mar 2024 12:23:34 -0600 Subject: [PATCH 38/79] work for idaholab/Malcolm#445, supporting suricata eve.json rotation --- Dockerfiles/filebeat.Dockerfile | 2 +- Dockerfiles/suricata.Dockerfile | 5 +- config/filebeat.env.example | 6 +++ config/upload-common.env.example | 8 +-- filebeat/filebeat.yml | 4 +- ...ed-folder.py => clean-processed-folder.py} | 49 ++++++++++++------- .../interface/sensor_ctl/control_vars.conf | 1 + .../suricata_config_populate.sh | 5 -- shared/bin/suricata_config_populate.py | 13 ++++- suricata/scripts/eve-clean-logs.sh | 47 ------------------ 10 files changed, 55 insertions(+), 85 deletions(-) rename filebeat/scripts/{filebeat-clean-zeeklogs-processed-folder.py => clean-processed-folder.py} (80%) delete mode 100755 suricata/scripts/eve-clean-logs.sh diff --git a/Dockerfiles/filebeat.Dockerfile b/Dockerfiles/filebeat.Dockerfile index 65b75e4e1..fb73e015b 100644 --- a/Dockerfiles/filebeat.Dockerfile +++ b/Dockerfiles/filebeat.Dockerfile @@ -124,7 +124,7 @@ RUN for INPUT in nginx tcp; do \ chmod 770 /usr/share/filebeat-$INPUT/data; \ done; \ chmod 755 /usr/local/bin/*.sh /usr/local/bin/*.py && \ - (echo "* * * * * /usr/local/bin/filebeat-process-zeek-folder.sh\n*/5 * * * * /usr/local/bin/filebeat-clean-zeeklogs-processed-folder.py" > ${SUPERCRONIC_CRONTAB}) + (echo "* * * * * /usr/local/bin/filebeat-process-zeek-folder.sh\n*/5 * * * * /usr/local/bin/clean-processed-folder.py" > ${SUPERCRONIC_CRONTAB}) ENV AUTO_TAG $AUTO_TAG ENV LOG_CLEANUP_MINUTES $LOG_CLEANUP_MINUTES diff --git a/Dockerfiles/suricata.Dockerfile b/Dockerfiles/suricata.Dockerfile index 6defb77fd..45c89d84b 100644 --- a/Dockerfiles/suricata.Dockerfile +++ b/Dockerfiles/suricata.Dockerfile @@ -114,7 +114,7 @@ RUN sed -i "s/main$/main contrib non-free/g" /etc/apt/sources.list.d/debian.sour useradd -M --uid ${DEFAULT_UID} --gid ${DEFAULT_GID} --home /nonexistant ${PUSER} && \ usermod -a -G tty ${PUSER} && \ ln -sfr /usr/local/bin/pcap_processor.py /usr/local/bin/pcap_suricata_processor.py && \ - (echo "*/5 * * * * /usr/local/bin/eve-clean-logs.sh\n0 */6 * * * /bin/bash /usr/local/bin/suricata-update-rules.sh\n" > ${SUPERCRONIC_CRONTAB}) && \ + (echo "0 */6 * * * /bin/bash /usr/local/bin/suricata-update-rules.sh\n" > ${SUPERCRONIC_CRONTAB}) && \ mkdir -p "$SURICATA_CUSTOM_RULES_DIR" "$SURICATA_DEFAULT_RULES_DIR" "$SURICATA_CUSTOM_CONFIG_DIR" && \ chown -R ${PUSER}:${PGROUP} "$SURICATA_CUSTOM_RULES_DIR" "$SURICATA_DEFAULT_RULES_DIR" "$SURICATA_CUSTOM_CONFIG_DIR" && \ cp "$(dpkg -L suricata-update | grep 'update\.yaml$' | head -n 1)" \ @@ -136,7 +136,6 @@ COPY --chmod=755 shared/bin/pcap_processor.py /usr/local/bin/ COPY --chmod=644 scripts/malcolm_utils.py /usr/local/bin/ COPY --chmod=755 shared/bin/suricata_config_populate.py /usr/local/bin/ COPY --chmod=755 suricata/scripts/docker_entrypoint.sh /usr/local/bin/ -COPY --chmod=755 suricata/scripts/eve-clean-logs.sh /usr/local/bin/ COPY --chmod=755 suricata/scripts/suricata-update-rules.sh /usr/local/bin/ COPY --chmod=u=rwX,go=rX suricata/rules-default/ "$SURICATA_DEFAULT_RULES_DIR"/ @@ -148,7 +147,6 @@ ARG SURICATA_CRON=true ARG SURICATA_AUTO_ANALYZE_PCAP_FILES=false ARG SURICATA_CUSTOM_RULES_ONLY=false ARG SURICATA_AUTO_ANALYZE_PCAP_THREADS=1 -ARG LOG_CLEANUP_MINUTES=30 ARG SURICATA_UPDATE_RULES=false ARG SURICATA_UPDATE_DEBUG=false ARG SURICATA_UPDATE_ETOPEN=true @@ -168,7 +166,6 @@ ENV SURICATA_CRON $SURICATA_CRON ENV SURICATA_AUTO_ANALYZE_PCAP_FILES $SURICATA_AUTO_ANALYZE_PCAP_FILES ENV SURICATA_AUTO_ANALYZE_PCAP_THREADS $SURICATA_AUTO_ANALYZE_PCAP_THREADS ENV SURICATA_CUSTOM_RULES_ONLY $SURICATA_CUSTOM_RULES_ONLY -ENV LOG_CLEANUP_MINUTES $LOG_CLEANUP_MINUTES ENV SURICATA_UPDATE_RULES $SURICATA_UPDATE_RULES ENV SURICATA_UPDATE_DEBUG $SURICATA_UPDATE_DEBUG ENV SURICATA_UPDATE_ETOPEN $SURICATA_UPDATE_ETOPEN diff --git a/config/filebeat.env.example b/config/filebeat.env.example index 3091946ef..9b637a4e0 100644 --- a/config/filebeat.env.example +++ b/config/filebeat.env.example @@ -9,6 +9,12 @@ FILEBEAT_CLOSE_RENAMED=true FILEBEAT_CLOSE_REMOVED=true FILEBEAT_CLOSE_EOF=true FILEBEAT_CLEAN_REMOVED=true +# The age (in minutes) at which already-processed log files containing network traffic metadata should +# be pruned from the filesystem +LOG_CLEANUP_MINUTES=360 +# The age (in minutes) at which the compressed archives containing already-processed log files should +# be pruned from the filesystem +ZIP_CLEANUP_MINUTES=720 # Whether or not to use polling vs. native inotify API to watch for files FILEBEAT_WATCHER_POLLING=false # When polling, seconds of inactivity to assume a file is closed and ready for processing diff --git a/config/upload-common.env.example b/config/upload-common.env.example index ad55df213..f4d38211b 100644 --- a/config/upload-common.env.example +++ b/config/upload-common.env.example @@ -14,10 +14,4 @@ PCAP_PIPELINE_POLLING=false PCAP_PIPELINE_POLLING_ASSUME_CLOSED_SEC=10 # 'pcap-monitor' to match the name of the container providing the uploaded/captured PCAP file # monitoring service -PCAP_MONITOR_HOST=pcap-monitor -# The age (in minutes) at which already-processed log files containing network traffic metadata should -# be pruned from the filesystem -LOG_CLEANUP_MINUTES=360 -# The age (in minutes) at which the compressed archives containing already-processed log files should -# be pruned from the filesystem -ZIP_CLEANUP_MINUTES=720 \ No newline at end of file +PCAP_MONITOR_HOST=pcap-monitor \ No newline at end of file diff --git a/filebeat/filebeat.yml b/filebeat/filebeat.yml index 454a443e4..4645b7918 100644 --- a/filebeat/filebeat.yml +++ b/filebeat/filebeat.yml @@ -72,7 +72,7 @@ filebeat.inputs: #-------------------------- Suricata EVE JSON logs ----------------------------- - type: log paths: - - ${FILEBEAT_SURICATA_LOG_PATH:/suricata}/eve-*.json + - ${FILEBEAT_SURICATA_LOG_PATH:/suricata}/eve*.json symlinks: true fields_under_root: true tags: ["_filebeat_suricata_malcolm_upload"] @@ -88,7 +88,7 @@ filebeat.inputs: - type: log paths: - - ${FILEBEAT_SURICATA_LOG_PATH:/suricata}/live/eve.json + - ${FILEBEAT_SURICATA_LOG_PATH:/suricata}/live/eve*.json symlinks: true fields_under_root: true tags: ["_filebeat_suricata_malcolm_live"] diff --git a/filebeat/scripts/filebeat-clean-zeeklogs-processed-folder.py b/filebeat/scripts/clean-processed-folder.py similarity index 80% rename from filebeat/scripts/filebeat-clean-zeeklogs-processed-folder.py rename to filebeat/scripts/clean-processed-folder.py index 2484f9c39..5f72cda50 100755 --- a/filebeat/scripts/filebeat-clean-zeeklogs-processed-folder.py +++ b/filebeat/scripts/clean-processed-folder.py @@ -16,16 +16,20 @@ from subprocess import Popen, PIPE lockFilename = os.path.join(gettempdir(), '{}.lock'.format(os.path.basename(__file__))) -zeekDir = os.path.join(os.getenv('FILEBEAT_ZEEK_DIR', "/zeek/"), '') cleanLogSeconds = int(os.getenv('LOG_CLEANUP_MINUTES', "30")) * 60 cleanZipSeconds = int(os.getenv('ZIP_CLEANUP_MINUTES', "120")) * 60 fbRegFilename = os.getenv('FILEBEAT_REGISTRY_FILE', "/usr/share/filebeat/data/registry/filebeat/data.json") -currentDir = zeekDir + "current/" -processedDir = zeekDir + "processed/" -liveDir = zeekDir + "live/logs/" + +zeekDir = os.path.join(os.getenv('FILEBEAT_ZEEK_DIR', "/zeek/"), '') +zeekLiveDir = zeekDir + "live/logs/" +zeekCurrentDir = zeekDir + "current/" +zeekProcessedDir = zeekDir + "processed/" + +suricataDir = os.path.join(os.getenv('FILEBEAT_SURICATA_LOG_PATH', "/suricata/"), '') +suricataLiveDir = suricataDir + "live/" nowTime = time.time() -logMimeType = "text/plain" +logMimeTypeRegex = re.compile(r"(text/plain|application/(x-nd)?json)") archiveMimeTypeRegex = re.compile( r"(application/gzip|application/x-gzip|application/x-7z-compressed|application/x-bzip2|application/x-cpio|application/x-lzip|application/x-lzma|application/x-rar-compressed|application/x-tar|application/x-xz|application/zip)" ) @@ -74,7 +78,7 @@ def checkFile(filename, filebeatReg=None, checkLogs=True, checkArchives=True): # get the file type fileType = magic.from_file(filename, mime=True) - if (checkLogs is True) and (cleanLogSeconds > 0) and (fileType == logMimeType): + if (checkLogs is True) and (cleanLogSeconds > 0) and logMimeTypeRegex.match(fileType) is not None: cleanSeconds = cleanLogSeconds elif (checkArchives is True) and (cleanZipSeconds > 0) and archiveMimeTypeRegex.match(fileType) is not None: cleanSeconds = cleanZipSeconds @@ -100,14 +104,16 @@ def pruneFiles(): # disabled, don't do anything return - # look for regular files in the processed/ directory - foundFiles = [ - (os.path.join(root, filename)) for root, dirnames, filenames in os.walk(processedDir) for filename in filenames + # look for regular Zeek files in the processed/ directory + zeekFoundFiles = [ + (os.path.join(root, filename)) + for root, dirnames, filenames in os.walk(zeekProcessedDir) + for filename in filenames ] # look for rotated files from live zeek instance - rotatedFiles = [ - (os.path.join(root, filename)) for root, dirnames, filenames in os.walk(liveDir) for filename in filenames + zeekRotatedFiles = [ + (os.path.join(root, filename)) for root, dirnames, filenames in os.walk(zeekLiveDir) for filename in filenames ] # look up the filebeat registry file and try to read it @@ -117,22 +123,22 @@ def pruneFiles(): fbReg = json.load(f) # see if the files we found are in use and old enough to be pruned - for file in foundFiles: + for file in zeekFoundFiles: checkFile(file, filebeatReg=fbReg, checkLogs=True, checkArchives=True) - for file in rotatedFiles: + for file in zeekRotatedFiles: checkFile(file, filebeatReg=None, checkLogs=False, checkArchives=True) - # clean up any broken symlinks in the current/ directory - for current in os.listdir(currentDir): - currentFileSpec = os.path.join(currentDir, current) + # clean up any broken symlinks in the Zeek current/ directory + for current in os.listdir(zeekCurrentDir): + currentFileSpec = os.path.join(zeekCurrentDir, current) if os.path.islink(currentFileSpec) and not os.path.exists(currentFileSpec): print('removing dead symlink "{}"'.format(currentFileSpec)) silentRemove(currentFileSpec) - # clean up any old and empty directories in processed/ directory + # clean up any old and empty directories in Zeek processed/ directory cleanDirSeconds = min(i for i in (cleanLogSeconds, cleanZipSeconds) if i > 0) candidateDirs = [] - for root, dirs, files in os.walk(processedDir, topdown=False): + for root, dirs, files in os.walk(zeekProcessedDir, topdown=False): if root and dirs: candidateDirs += [os.path.join(root, tmpDir) for tmpDir in dirs] candidateDirs = list(set(candidateDirs)) @@ -148,6 +154,13 @@ def pruneFiles(): except OSError: pass + # check the suricata logs (live and otherwise) as well + for surDir in [suricataDir, suricataLiveDir]: + for eve in os.listdir(surDir): + eveFile = os.path.join(surDir, eve) + if os.path.isfile(eveFile): + checkFile(eveFile, filebeatReg=fbReg, checkLogs=True, checkArchives=False) + def main(): with open(lockFilename, 'w') as lock_file: diff --git a/hedgehog-iso/interface/sensor_ctl/control_vars.conf b/hedgehog-iso/interface/sensor_ctl/control_vars.conf index e1c49578e..a3b2c76ac 100644 --- a/hedgehog-iso/interface/sensor_ctl/control_vars.conf +++ b/hedgehog-iso/interface/sensor_ctl/control_vars.conf @@ -96,6 +96,7 @@ export ZEEK_DISABLE_BEST_GUESS_ICS=true export SURICATA_CUSTOM_RULES_ONLY=false export SURICATA_DISABLE_ICS_ALL=false export SURICATA_RUNMODE=workers +export SURICATA_LIVE_CAPTURE=true export SURICATA_AF_PACKET_BLOCK_SIZE=32768 export SURICATA_AF_PACKET_BLOCK_TIMEOUT=10 export SURICATA_AF_PACKET_BUFFER_SIZE=32768 diff --git a/hedgehog-iso/interface/sensor_ctl/supervisor.init/suricata_config_populate.sh b/hedgehog-iso/interface/sensor_ctl/supervisor.init/suricata_config_populate.sh index 63f020636..bd5746d2a 100644 --- a/hedgehog-iso/interface/sensor_ctl/supervisor.init/suricata_config_populate.sh +++ b/hedgehog-iso/interface/sensor_ctl/supervisor.init/suricata_config_populate.sh @@ -2,11 +2,6 @@ if [[ -n $SUPERVISOR_PATH ]] && [[ -r /usr/local/bin/suricata_config_populate.py ]]; then - # if there's a previous eve.json file, rename it prior to starting up - [[ -n $ZEEK_LOG_PATH ]] && [[ -f "$ZEEK_LOG_PATH"/suricata/eve.json ]] && \ - mv -f "$ZEEK_LOG_PATH/suricata/eve.json" \ - "$ZEEK_LOG_PATH/suricata/eve.json.$(date -d @$(stat -c%Y "$ZEEK_LOG_PATH/suricata/eve.json") +'%Y%m%d%H%M%S')" - # if there's no configuration files to modify, start with the defaults [[ ! -f "$SUPERVISOR_PATH"/suricata/suricata.yaml ]] && cp /etc/suricata/suricata.yaml "$SUPERVISOR_PATH"/suricata/suricata.yaml [[ ! -f "$SUPERVISOR_PATH"/suricata/update.yaml ]] && cp "$(dpkg -L suricata-update | grep 'update\.yaml' | head -n 1)" "$SUPERVISOR_PATH"/suricata/update.yaml diff --git a/shared/bin/suricata_config_populate.py b/shared/bin/suricata_config_populate.py index 718d3e19c..a0f42d761 100755 --- a/shared/bin/suricata_config_populate.py +++ b/shared/bin/suricata_config_populate.py @@ -100,6 +100,9 @@ def __call__(self, repr, data): 'ENIP_ENABLED': True, 'ENIP_EVE_ENABLED': False, 'ENIP_PORTS': 44818, + 'EVE_FILENAME_PATTERN': 'eve-%Y%m%d_%H%M%S.json', + 'EVE_ROTATE_INTERVAL': '300s', + 'EVE_THREADED': False, 'EXTERNAL_NET': '!$HOME_NET', 'FILE_DATA_PORTS': "[$HTTP_PORTS,110,143]", 'FILES_ENABLED': True, @@ -134,6 +137,7 @@ def __call__(self, repr, data): 'IMAP_EVE_ENABLED': False, 'KRB5_ENABLED': True, 'KRB5_EVE_ENABLED': False, + 'LIVE_CAPTURE': False, 'MANAGED_RULES_DIR': '/var/lib/suricata/rules', 'MAX_PENDING_PACKETS': 1024, 'MODBUS_ENABLED': True, @@ -719,6 +723,7 @@ def main(): deep_set(cfg, ['vars', 'port-groups', portKey], DEFAULT_VARS[portKey]) # capture parameters + liveCapture = val2bool(DEFAULT_VARS['LIVE_CAPTURE']) for cfgKey in ( ['capture', 'disable-offloading', 'CAPTURE_DISABLE_OFFLOADING'], ['capture', 'checksum-validation', 'CAPTURE_CHECKSUM_VALIDATION'], @@ -776,7 +781,13 @@ def main(): # enable community-id for easier cross-referencing and pcap-file for # tying back to the original PCAP filename cfg['outputs'][outputIdx][name]['community-id'] = True - cfg['outputs'][outputIdx][name]['pcap-file'] = True + + # some options make sense for live capture but not PCAP processing + cfg['outputs'][outputIdx][name]['pcap-file'] = not liveCapture + if liveCapture: + cfg['outputs'][outputIdx][name]['filename'] = DEFAULT_VARS['EVE_FILENAME_PATTERN'] + cfg['outputs'][outputIdx][name]['threaded'] = DEFAULT_VARS['EVE_THREADED'] + cfg['outputs'][outputIdx][name]['rotate-interval'] = DEFAULT_VARS['EVE_ROTATE_INTERVAL'] # configure the various different output types belonging to eve-log if 'types' in cfg['outputs'][outputIdx][name]: diff --git a/suricata/scripts/eve-clean-logs.sh b/suricata/scripts/eve-clean-logs.sh deleted file mode 100755 index 33b0127e0..000000000 --- a/suricata/scripts/eve-clean-logs.sh +++ /dev/null @@ -1,47 +0,0 @@ -#!/bin/bash - -# Copyright (c) 2024 Battelle Energy Alliance, LLC. All rights reserved. - -# Clean up suricata log files that have reached a certain age. If we can -# verify they've been parsed and logged at least one event to the database, -# clean them up. If they haven't logged an event to the database, only clean -# them up if they're even older. - -set -o pipefail - -# for live traffic capture we don't need to do this check -if [[ "${SURICATA_LIVE_CAPTURE:-false}" != "true" ]]; then - - CURRENT_TIME="$(date -u +%s)" - FILE_AGE_MIN=${LOG_CLEANUP_MINUTES:-30} - FILE_AGE_MIN_UNKNOWN=$(( FILE_AGE_MIN * 2 )) - - if (( $FILE_AGE_MIN > 0 )); then - find "${SURICATA_LOG_DIR:-/var/log/suricata}"/ -type f -name "*.json" -mmin +$FILE_AGE_MIN | while read LOGFILE - do - - # query the database to see if any records exist from parsing this log file - DOCUMENT_FOUND=$( - curl -sSL -XPOST \ - -H 'Content-Type: application/json' \ - 'http://api:5000/mapi/document' \ - -d "{\"limit\":1,\"filter\":{\"log.file.path\":\"$(basename $LOGFILE)\"}}" 2>/dev/null \ - | jq '.results | length' 2>/dev/null || echo '0') - - if (( $DOCUMENT_FOUND > 0 )) || (( $(stat --printf='%s' "$LOGFILE" 2>/dev/null || echo -n '1') == 0 )); then - # at least one log document exists in the database (or the file is empty), assume it's safe to clean up now - rm -f "$LOGFILE" - - else - # the document doesn't exist in the database. still clean it up, but only if it's quite a bit older - MODIFY_TIME="$(stat -c %Y "$LOGFILE" 2>/dev/null || echo '0')" - MODIFY_AGE_MINS=$(( (CURRENT_TIME - MODIFY_TIME) / 60)) - if (( $MODIFY_AGE_MINS >= $FILE_AGE_MIN_UNKNOWN )); then - rm -f "$LOGFILE" - fi - fi - - done # loop over found files at least FILE_AGE_MIN old - fi # FILE_AGE_MIN is set (suricata log cleaning is enabled) - -fi \ No newline at end of file From fd6b6056967afdcc67687bba46ebd21fbb74fd1f Mon Sep 17 00:00:00 2001 From: Seth Grover Date: Mon, 18 Mar 2024 14:40:35 -0600 Subject: [PATCH 39/79] try to do install_required_packages earlier in install.py --- scripts/install.py | 85 +++++++++++++++++++++++++-------------- scripts/malcolm_common.py | 22 ++++++---- 2 files changed, 69 insertions(+), 38 deletions(-) diff --git a/scripts/install.py b/scripts/install.py index 5e22d2870..51d9d671e 100755 --- a/scripts/install.py +++ b/scripts/install.py @@ -36,6 +36,7 @@ ChooseMultiple, ChooseOne, DetermineYamlFileFormat, + DialogInit, DisplayMessage, DOCKER_COMPOSE_INSTALL_URLS, DOCKER_INSTALL_URLS, @@ -2492,9 +2493,31 @@ def __init__(self, orchMode, debug=False, configOnly=False): # determine packages required by Malcolm itself (not docker, those will be done later) if (self.distro == PLATFORM_LINUX_UBUNTU) or (self.distro == PLATFORM_LINUX_DEBIAN): - self.requiredPackages.extend(['apache2-utils', 'make', 'openssl', 'python3-dialog', 'xz-utils']) + self.requiredPackages.extend( + [ + 'apache2-utils', + 'make', + 'openssl', + 'python3-dialog', + 'python3-dotenv', + 'python3-requests', + 'python3-yaml', + 'xz-utils', + ] + ) elif (self.distro == PLATFORM_LINUX_FEDORA) or (self.distro == PLATFORM_LINUX_CENTOS): - self.requiredPackages.extend(['httpd-tools', 'make', 'openssl', 'python3-dialog', 'xz']) + self.requiredPackages.extend( + [ + 'httpd-tools', + 'make', + 'openssl', + 'python3-dialog', + 'python3-dotenv', + 'python3-requests', + 'python3-yaml', + 'xz', + ] + ) # on Linux this script requires root, or sudo, unless we're in local configuration-only mode if os.getuid() == 0: @@ -4099,6 +4122,30 @@ def main(): else: sys.tracebacklimit = 0 + orchMode = OrchestrationFramework.UNKNOWN + if args.configFile and os.path.isfile(args.configFile): + if not ( + (orchMode := DetermineYamlFileFormat(args.configFile)) and (orchMode in OrchestrationFrameworksSupported) + ): + raise Exception(f'{args.configFile} must be a docker-compose or kubeconfig YAML file') + else: + orchMode = OrchestrationFramework.DOCKER_COMPOSE + + installPath = None + + installerPlatform = platform.system() + if installerPlatform == PLATFORM_LINUX: + installer = LinuxInstaller(orchMode, debug=args.debug, configOnly=args.configOnly) + elif installerPlatform == PLATFORM_MAC: + installer = MacInstaller(orchMode, debug=args.debug, configOnly=args.configOnly) + elif installerPlatform == PLATFORM_WINDOWS: + raise Exception(f'{ScriptName} is not yet supported on {installerPlatform}') + # installer = WindowsInstaller(orchMode, debug=args.debug, configOnly=args.configOnly) + + if (not args.configOnly) and hasattr(installer, 'install_required_packages'): + installer.install_required_packages() + + DialogInit() requests_imported = RequestsDynamic(debug=args.debug, forceInteraction=(not args.acceptDefaultsNonInteractive)) yaml_imported = YAMLDynamic(debug=args.debug, forceInteraction=(not args.acceptDefaultsNonInteractive)) dotenv_imported = DotEnvDynamic(debug=args.debug, forceInteraction=(not args.acceptDefaultsNonInteractive)) @@ -4109,15 +4156,6 @@ def main(): if (not requests_imported) or (not yaml_imported) or (not dotenv_imported): exit(2) - orchMode = OrchestrationFramework.UNKNOWN - if args.configFile and os.path.isfile(args.configFile): - if not ( - (orchMode := DetermineYamlFileFormat(args.configFile)) and (orchMode in OrchestrationFrameworksSupported) - ): - raise Exception(f'{args.configFile} must be a docker-compose or kubeconfig YAML file') - else: - orchMode = OrchestrationFramework.DOCKER_COMPOSE - # If Malcolm and images tarballs are provided, we will use them. # If they are not provided, look in the pwd first, then in the script directory, to see if we # can locate the most recent tarballs @@ -4151,29 +4189,15 @@ def main(): eprint(f"Malcolm install file: {malcolmFile}") eprint(f"Docker images file: {imageFile}") - installerPlatform = platform.system() - if installerPlatform == PLATFORM_LINUX: - installer = LinuxInstaller(orchMode, debug=args.debug, configOnly=args.configOnly) - elif installerPlatform == PLATFORM_MAC: - installer = MacInstaller(orchMode, debug=args.debug, configOnly=args.configOnly) - elif installerPlatform == PLATFORM_WINDOWS: - raise Exception(f'{ScriptName} is not yet supported on {installerPlatform}') - # installer = WindowsInstaller(orchMode, debug=args.debug, configOnly=args.configOnly) - - success = False - installPath = None - if not args.configOnly: - if hasattr(installer, 'install_required_packages'): - success = installer.install_required_packages() if (orchMode is OrchestrationFramework.DOCKER_COMPOSE) and hasattr(installer, 'install_docker'): - success = installer.install_docker() + installer.install_docker() if (orchMode is OrchestrationFramework.DOCKER_COMPOSE) and hasattr(installer, 'install_docker_compose'): - success = installer.install_docker_compose() + installer.install_docker_compose() if hasattr(installer, 'tweak_system_files'): - success = installer.tweak_system_files() + installer.tweak_system_files() if (orchMode is OrchestrationFramework.DOCKER_COMPOSE) and hasattr(installer, 'install_malcolm_files'): - success, installPath = installer.install_malcolm_files(malcolmFile, args.configDir is None) + _, installPath = installer.install_malcolm_files(malcolmFile, args.configDir is None) # if .env directory is unspecified, use the default ./config directory if args.configDir is None: @@ -4218,7 +4242,6 @@ def main(): installPath = testPath break - success = (installPath is not None) and os.path.isdir(installPath) if args.debug: eprint(f"Malcolm installation detected at {installPath}") @@ -4231,7 +4254,7 @@ def main(): and (orchMode is OrchestrationFramework.DOCKER_COMPOSE) and hasattr(installer, 'install_docker_images') ): - success = installer.install_docker_images(imageFile, installPath) + installer.install_docker_images(imageFile, installPath) InstallerDisplayMessage( f"Malcolm has been installed to {installPath}. See README.md for more information.\nScripts for starting and stopping Malcolm and changing authentication-related settings can be found in {os.path.join(installPath, 'scripts')}." diff --git a/scripts/malcolm_common.py b/scripts/malcolm_common.py index dbb31f605..9dc084b00 100644 --- a/scripts/malcolm_common.py +++ b/scripts/malcolm_common.py @@ -32,13 +32,7 @@ except ImportError: getpwuid = None -try: - from dialog import Dialog - - MainDialog = Dialog(dialog='dialog', autowidgetsize=True) -except ImportError: - Dialog = None - MainDialog = None +MainDialog = None try: from colorama import init as ColoramaInit, Fore, Back, Style @@ -69,6 +63,20 @@ PLATFORM_LINUX_UBUNTU = 'ubuntu' +def DialogInit(): + global MainDialog + try: + from dialog import Dialog + + if not MainDialog: + MainDialog = Dialog(dialog='dialog', autowidgetsize=True) + except ImportError: + MainDialog = None + + +DialogInit() + + class UserInputDefaultsBehavior(IntFlag): DefaultsPrompt = auto() DefaultsAccept = auto() From f3805ea4c4e7d74f39953dbe2e214d18abf5cff9 Mon Sep 17 00:00:00 2001 From: Seth Grover Date: Mon, 18 Mar 2024 14:43:50 -0600 Subject: [PATCH 40/79] try to do install_required_packages earlier in install.py --- scripts/malcolm_common.py | 27 ++++++++++++++++++++++++++- 1 file changed, 26 insertions(+), 1 deletion(-) diff --git a/scripts/malcolm_common.py b/scripts/malcolm_common.py index 9dc084b00..fb2beece9 100644 --- a/scripts/malcolm_common.py +++ b/scripts/malcolm_common.py @@ -32,6 +32,7 @@ except ImportError: getpwuid = None +Dialog = None MainDialog = None try: @@ -64,13 +65,16 @@ def DialogInit(): + global Dialog global MainDialog try: - from dialog import Dialog + if not Dialog: + from dialog import Dialog if not MainDialog: MainDialog = Dialog(dialog='dialog', autowidgetsize=True) except ImportError: + Dialog = none MainDialog = None @@ -190,6 +194,9 @@ def YesOrNo( yesLabel='Yes', noLabel='No', ): + global Dialog + global MainDialog + if (default is not None) and ( (defaultBehavior & UserInputDefaultsBehavior.DefaultsAccept) and (defaultBehavior & UserInputDefaultsBehavior.DefaultsNonInteractive) @@ -258,6 +265,9 @@ def AskForString( uiMode=UserInterfaceMode.InteractionDialog | UserInterfaceMode.InteractionInput, clearScreen=False, ): + global Dialog + global MainDialog + if (default is not None) and ( (defaultBehavior & UserInputDefaultsBehavior.DefaultsAccept) and (defaultBehavior & UserInputDefaultsBehavior.DefaultsNonInteractive) @@ -305,6 +315,9 @@ def AskForPassword( uiMode=UserInterfaceMode.InteractionDialog | UserInterfaceMode.InteractionInput, clearScreen=False, ): + global Dialog + global MainDialog + if (default is not None) and ( (defaultBehavior & UserInputDefaultsBehavior.DefaultsAccept) and (defaultBehavior & UserInputDefaultsBehavior.DefaultsNonInteractive) @@ -341,6 +354,9 @@ def ChooseOne( uiMode=UserInterfaceMode.InteractionDialog | UserInterfaceMode.InteractionInput, clearScreen=False, ): + global Dialog + global MainDialog + validChoices = [x for x in choices if len(x) == 3 and isinstance(x[0], str) and isinstance(x[2], bool)] defaulted = next(iter([x for x in validChoices if x[2] is True]), None) @@ -402,6 +418,9 @@ def ChooseMultiple( uiMode=UserInterfaceMode.InteractionDialog | UserInterfaceMode.InteractionInput, clearScreen=False, ): + global Dialog + global MainDialog + validChoices = [x for x in choices if len(x) == 3 and isinstance(x[0], str) and isinstance(x[2], bool)] defaulted = [x[0] for x in validChoices if x[2] is True] @@ -468,6 +487,9 @@ def DisplayMessage( uiMode=UserInterfaceMode.InteractionDialog | UserInterfaceMode.InteractionInput, clearScreen=False, ): + global Dialog + global MainDialog + reply = False if (defaultBehavior & UserInputDefaultsBehavior.DefaultsAccept) and ( @@ -503,6 +525,9 @@ def DisplayProgramBox( text=None, clearScreen=False, ): + global Dialog + global MainDialog + reply = False if MainDialog is not None: From 12f4802da41a3da67ff1d2ea3766c82ef7b3873c Mon Sep 17 00:00:00 2001 From: Seth Grover Date: Tue, 19 Mar 2024 11:49:07 -0600 Subject: [PATCH 41/79] uniformly increase number of results for table visualizations in Dashboards (idaholab/Malcolm#447) An analyst in the field noted that table visualizations in Dashboards are not always consistent in the number of results that are shown: some show top 20, some show top 100, etc. We should make this consistent by: * setting the `size` parameter for these tables to something consistent (I'm going to choose **100**) - using ripgrep to find them: `rg -o '\\"table\\".*?\\"params\\":\{.*?\\"size\\":\d+' ./dashboards/dashboards/` * making sure `otherBucket` is set to `true` to indicate when there are more than will fit in the top n results --- .../024062a6-48d6-498f-a91a-3bf2da3a3cd3.json | 1220 +++++------ .../03207c00-d07e-11ec-b4a7-d1b4003706b7.json | 766 +++---- .../05e3e000-f118-11e9-acda-83a8e29e1a24.json | 10 +- .../078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b.json | 10 +- .../0a490422-0ce9-44bf-9a2d-19329ddde8c3.json | 6 +- .../0ad3d7c2-3441-485e-9dfe-dbb22e84e576.json | 938 ++++---- .../0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa.json | 14 +- .../11be6381-beef-40a7-bdce-88c5398392fc.json | 4 +- .../11ddd980-e388-11e9-b568-cf17de8e860c.json | 10 +- .../12e3a130-d83b-11eb-a0b0-f328ce09b0b7.json | 680 +++--- .../152f29dc-51a2-4f53-93e9-6e92765567b8.json | 14 +- .../1cc01ff0-5205-11ec-a62c-7bc80e88f3f0.json | 12 +- .../1ce42250-3f99-11e9-a58e-8bdedb0915e8.json | 2 +- .../1fff49f6-0199-4a0f-820b-721aff9ff1f1.json | 560 ++--- .../29a1b290-eb98-11e9-a384-0fcf32210194.json | 1056 ++++----- .../2bec1490-eb94-11e9-a384-0fcf32210194.json | 14 +- .../2cc56240-e460-11ed-a9d5-9f591c284cb4.json | 12 +- .../2cf94cd0-ecab-40a5-95a7-8419f3a39cd9.json | 14 +- .../2d98bb8e-214c-4374-837b-20e1bcd63a5e.json | 12 +- .../32587740-ef88-11e9-b38a-2db3ee640e88.json | 6 +- .../36ed695f-edcc-47c1-b0ec-50d20c93ce0f.json | 914 ++++---- .../37041ee1-79c0-4684-a436-3173b0e89876.json | 16 +- .../39abfe30-3f99-11e9-a58e-8bdedb0915e8.json | 2 +- .../42e831b9-41a9-4f35-8b7d-e1566d368773.json | 16 +- .../432af556-c5c0-4cc3-8166-b274b4e3a406.json | 16 +- .../4a073440-b286-11eb-a4d4-09fa12a6ebd4.json | 8 +- .../4a4bde20-4760-11ea-949c-bbb5a9feecbf.json | 10 +- .../4e5f106e-c60a-4226-8f64-d534abb912ab.json | 8 +- .../50ced171-1b10-4c3f-8b67-2db9635661a6.json | 2 +- .../543118a9-02d7-43fe-b669-b8652177fc37.json | 14 +- .../55e332d0-3f99-11e9-a58e-8bdedb0915e8.json | 2 +- .../5694ca60-cbdf-11ec-a50a-5fedd672f5c5.json | 14 +- .../665d1610-523d-11e9-a30e-e3576242f3ed.json | 626 +++--- .../677ee170-809e-11ed-8d5b-07069f823b6f.json | 20 +- .../76f2f912-80da-44cd-ab66-6a73c8344cc3.json | 10 +- .../77fc9960-3f99-11e9-a58e-8bdedb0915e8.json | 2 +- .../7f41913f-cba8-43f5-82a8-241b7ead03e0.json | 6 +- .../7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb.json | 1420 ++++++------- .../82da3101-2a9c-4ae2-bb61-d447a3fbe673.json | 10 +- .../870a5862-6c26-4a08-99fd-0c06cda85ba3.json | 14 +- .../87a32f90-ef58-11e9-974e-9d600036d105.json | 12 +- .../87d990cc-9e0b-41e5-b8fe-b10ae1da0c85.json | 2 +- .../89d1cc50-974c-11ed-bb6b-3fb06c879b11.json | 12 +- .../92985909-dc29-4533-9e80-d3182a0ecf1d.json | 6 +- .../95479950-41f2-11ea-88fa-7151df485405.json | 14 +- .../9ee51f94-3316-4fc5-bd89-93a52af69714.json | 10 +- .../a16110b0-3f99-11e9-a58e-8bdedb0915e8.json | 2 +- .../a33e0a50-afcd-11ea-993f-b7d8522a8bed.json | 4 +- .../a7514350-eba6-11e9-a384-0fcf32210194.json | 8 +- .../abdd7550-2c7c-40dc-947e-f6d186a158c4.json | 1880 ++++++++--------- .../ae79b7d1-4281-4095-b2f6-fa7eafda9970.json | 10 +- .../af5df620-eeb6-11e9-bdef-65a192b7f586.json | 4 +- .../b9f247c0-3f99-11e9-a58e-8bdedb0915e8.json | 2 +- .../bb827f8e-639e-468c-93c8-9f5bc132eb8f.json | 14 +- .../3768ef70-d819-11ee-820d-dd9fd73a3921.json | 2 +- .../4ca94c70-d7da-11ee-9ed3-e7afff29e59a.json | 4 +- .../79202ee0-d811-11ee-820d-dd9fd73a3921.json | 6 +- .../7a7e0a60-e8e8-11ec-b9d4-4569bb965430.json | 8 +- .../903f42c0-f634-11ec-828d-2fb7a4a26e1f.json | 4 +- .../f6600310-9943-11ee-a029-e973f4774355.json | 4 +- .../bed185a0-ef82-11e9-b38a-2db3ee640e88.json | 4 +- .../bf5efbb0-60f1-11eb-9d60-dbf0411cfc48.json | 6 +- .../c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2.json | 6 +- .../ca5799a0-56b5-11eb-b749-576de068f8ad.json | 10 +- .../caef3ade-d289-4d05-a511-149f3e97f238.json | 16 +- .../d2dd0180-06b1-11ec-8c6b-353266ade330.json | 1374 ++++++------ .../d41fe630-3f98-11e9-a58e-8bdedb0915e8.json | 2 +- .../dd87edd0-796a-11ec-9ce6-b395c1ff58f4.json | 12 +- .../e76d05c0-eb9f-11e9-a384-0fcf32210194.json | 10 +- .../ed8a6640-3f98-11e9-a58e-8bdedb0915e8.json | 2 +- .../f1f09567-fc7f-450b-a341-19d2f2bb468b.json | 1050 ++++----- .../f77bf097-18a8-465c-b634-eb2acc7a4f26.json | 12 +- .../fa141950-ef89-11e9-b38a-2db3ee640e88.json | 6 +- .../fa477130-2b8a-11ec-a9f2-3911c8571bfd.json | 1086 +++++----- 74 files changed, 7047 insertions(+), 7047 deletions(-) diff --git a/dashboards/dashboards/024062a6-48d6-498f-a91a-3bf2da3a3cd3.json b/dashboards/dashboards/024062a6-48d6-498f-a91a-3bf2da3a3cd3.json index 51ce770a4..ff76d6db1 100644 --- a/dashboards/dashboards/024062a6-48d6-498f-a91a-3bf2da3a3cd3.json +++ b/dashboards/dashboards/024062a6-48d6-498f-a91a-3bf2da3a3cd3.json @@ -1,611 +1,611 @@ -{ - "version": "7.10.2", - "objects": [ - { - "id": "024062a6-48d6-498f-a91a-3bf2da3a3cd3", - "type": "dashboard", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-12T18:27:47.478Z", - "version": "Wzg4MywxXQ==", - "attributes": { - "title": "X.509", - "hits": 0, - "description": "", - "panelsJSON": "[{\"version\":\"7.10.2\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":28,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":8,\"y\":8,\"w\":15,\"h\":20,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":0,\"y\":46,\"w\":15,\"h\":20,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":15,\"y\":46,\"w\":19,\"h\":20,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":34,\"y\":8,\"w\":14,\"h\":20,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":23,\"y\":8,\"w\":11,\"h\":20,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":0,\"y\":28,\"w\":12,\"h\":18,\"i\":\"aa7075cb-f9ef-4453-8c5f-90eccc6883c7\"},\"panelIndex\":\"aa7075cb-f9ef-4453-8c5f-90eccc6883c7\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":12,\"y\":28,\"w\":12,\"h\":18,\"i\":\"5e719795-a525-43dd-974c-6145b6e15de1\"},\"panelIndex\":\"5e719795-a525-43dd-974c-6145b6e15de1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":24,\"y\":28,\"w\":12,\"h\":18,\"i\":\"92e238af-672e-4f6d-8ff0-bf9d9a3a2437\"},\"panelIndex\":\"92e238af-672e-4f6d-8ff0-bf9d9a3a2437\",\"embeddableConfig\":{},\"panelRefName\":\"panel_10\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":36,\"y\":28,\"w\":12,\"h\":18,\"i\":\"d4f7644a-5547-4976-a5df-a5a5ae4a5bed\"},\"panelIndex\":\"d4f7644a-5547-4976-a5df-a5a5ae4a5bed\",\"embeddableConfig\":{},\"panelRefName\":\"panel_11\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":34,\"y\":46,\"w\":14,\"h\":20,\"i\":\"cff03ff3-838f-40f1-84b5-f671ff537a6c\"},\"panelIndex\":\"cff03ff3-838f-40f1-84b5-f671ff537a6c\",\"embeddableConfig\":{},\"panelRefName\":\"panel_12\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":0,\"y\":66,\"w\":48,\"h\":39,\"i\":\"2a9de8ad-b593-4bf3-9fc4-703580b95500\"},\"panelIndex\":\"2a9de8ad-b593-4bf3-9fc4-703580b95500\",\"embeddableConfig\":{},\"panelRefName\":\"panel_13\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":0,\"y\":105,\"w\":48,\"h\":24,\"i\":\"4535ecde-ff4e-4121-b783-deb678c5f1ff\"},\"panelIndex\":\"4535ecde-ff4e-4121-b783-deb678c5f1ff\",\"embeddableConfig\":{},\"panelRefName\":\"panel_14\"}]", - "optionsJSON": "{\"useMargins\":true}", - "version": 1, - "timeRestore": false, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\",\"time_zone\":\"America/Boise\"}}},\"filter\":[]}" - } - }, - "references": [ - { - "name": "panel_0", - "type": "visualization", - "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3" - }, - { - "name": "panel_1", - "type": "visualization", - "id": "0ce14883-eb54-4b30-aba0-b8b13021da11" - }, - { - "name": "panel_2", - "type": "visualization", - "id": "23d08a2e-2fa2-42df-bf75-dc5f3e5a79e7" - }, - { - "name": "panel_3", - "type": "visualization", - "id": "d608f7dd-efea-49c4-b61d-a09d2a29148c" - }, - { - "name": "panel_4", - "type": "visualization", - "id": "fabba18b-a1ed-4a90-a27c-bdcfed98eae1" - }, - { - "name": "panel_5", - "type": "visualization", - "id": "193088ad-5112-435f-9e9f-ec9127ff8665" - }, - { - "name": "panel_6", - "type": "visualization", - "id": "34d702ec-63e9-475d-ab0a-07d97ed4bd66" - }, - { - "name": "panel_7", - "type": "visualization", - "id": "AWDHGklsxQT5EBNmq4wG" - }, - { - "name": "panel_8", - "type": "visualization", - "id": "fa696510-4e9b-11ea-b504-97aa449f6abc" - }, - { - "name": "panel_9", - "type": "visualization", - "id": "61410dd0-2b89-11ec-a9f2-3911c8571bfd" - }, - { - "name": "panel_10", - "type": "visualization", - "id": "b1481d20-2b64-11ec-a748-7936240e2919" - }, - { - "name": "panel_11", - "type": "visualization", - "id": "cdd2a1e0-2b64-11ec-a748-7936240e2919" - }, - { - "name": "panel_12", - "type": "visualization", - "id": "e70e3a00-2b75-11ec-b2c0-c162ed55b2ac" - }, - { - "name": "panel_13", - "type": "search", - "id": "858102a3-eec0-4ab3-82bb-a791e4eb364b" - }, - { - "name": "panel_14", - "type": "search", - "id": "9c2ec460-2b88-11ec-a9f2-3911c8571bfd" - } - ], - "migrationVersion": { - "dashboard": "7.9.3" - } - }, - { - "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-12T17:35:08.437Z", - "version": "Wzc0MiwxXQ==", - "attributes": { - "title": "Network Logs", - "visState": "{\"title\":\"Network Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576) \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405) \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf) \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330) \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4) \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed) \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714) \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3) \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85) \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11) \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f) \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b) \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1) \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed) \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5) \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f) \\n[↪ NetBox](/netbox/) \\n[↪ Arkime](/arkime/) \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406) ● [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e) ● [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9) ● [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48) ● [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) ● [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3) ● [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673) ● [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24) ● [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105) ● [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6) ● [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37) ● [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586) ● [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0) ● [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c) ● [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970) ● [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0) ● [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26) ● [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa) ● [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773) ● [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f) ● [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab) ● [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238) ● [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3) ● [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd) ● [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d) ● [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88) ● [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2) ● [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194) ● [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad) ● [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3) ● [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4) ● [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194) ● [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7) ● [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8) ● [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4) ● [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194) ● [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194) ● [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4) ● [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}", - "uiStateJSON": "{}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}" - } - }, - "references": [], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "0ce14883-eb54-4b30-aba0-b8b13021da11", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-12T17:34:03.402Z", - "version": "WzUsMV0=", - "attributes": { - "visState": "{\"title\":\"X.509 - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"histogram\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\" \"}}],\"listeners\":{}}", - "description": "", - "title": "X.509 - Log Count Over Time", - "uiStateJSON": "{}", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "type": "search", - "name": "search_0", - "id": "858102a3-eec0-4ab3-82bb-a791e4eb364b" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "23d08a2e-2fa2-42df-bf75-dc5f3e5a79e7", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-12T17:34:03.402Z", - "version": "WzYsMV0=", - "attributes": { - "title": "X.509 - Certificate Signing Algorithm", - "visState": "{\"title\":\"X.509 - Certificate Signing Algorithm\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Algorithm\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek.x509.certificate_sig_alg\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Algorithm\"}}]}", - "uiStateJSON": "{}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "858102a3-eec0-4ab3-82bb-a791e4eb364b" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "d608f7dd-efea-49c4-b61d-a09d2a29148c", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-12T17:34:03.402Z", - "version": "WzcsMV0=", - "attributes": { - "visState": "{\"title\":\"X.509 - Certificate Subject\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.x509.certificate_subject_full\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Subject\"}}],\"listeners\":{}}", - "description": "", - "title": "X.509 - Certificate Subject", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "type": "search", - "name": "search_0", - "id": "858102a3-eec0-4ab3-82bb-a791e4eb364b" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "fabba18b-a1ed-4a90-a27c-bdcfed98eae1", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-12T17:34:03.402Z", - "version": "WzgsMV0=", - "attributes": { - "visState": "{\"title\":\"X.509 - Certificate Issuer\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.x509.certificate_issuer_full\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Issuer\"}}],\"listeners\":{}}", - "description": "", - "title": "X.509 - Certificate Issuer", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "type": "search", - "name": "search_0", - "id": "858102a3-eec0-4ab3-82bb-a791e4eb364b" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "193088ad-5112-435f-9e9f-ec9127ff8665", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-12T17:34:03.402Z", - "version": "WzksMV0=", - "attributes": { - "title": "X.509 - Certificate Key Length", - "visState": "{\"title\":\"X.509 - Certificate Key Length\",\"type\":\"histogram\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.x509.certificate_key_length\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Key Length\"},\"schema\":\"segment\"}],\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100,\"rotate\":0},\"title\":{\"text\":\"Key Length\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"square root\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"type\":\"histogram\",\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}", - "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "858102a3-eec0-4ab3-82bb-a791e4eb364b" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "34d702ec-63e9-475d-ab0a-07d97ed4bd66", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-12T17:34:03.402Z", - "version": "WzEwLDFd", - "attributes": { - "title": "X.509 - Certificate Key Algorithm", - "visState": "{\"title\":\"X.509 - Certificate Key Algorithm\",\"type\":\"histogram\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.x509.certificate_key_alg\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":7,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Algorithm\"},\"schema\":\"segment\"}],\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"square root\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"type\":\"histogram\",\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}", - "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "858102a3-eec0-4ab3-82bb-a791e4eb364b" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "AWDHGklsxQT5EBNmq4wG", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-12T17:34:03.402Z", - "version": "WzExLDFd", - "attributes": { - "title": "X.509 - Log Count", - "visState": "{\"title\":\"X.509 - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}", - "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "type": "search", - "name": "search_0", - "id": "858102a3-eec0-4ab3-82bb-a791e4eb364b" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "fa696510-4e9b-11ea-b504-97aa449f6abc", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-12T17:34:37.046Z", - "version": "WzM5NywxXQ==", - "attributes": { - "title": "SSL - Relevant Notices", - "visState": "{\"title\":\"SSL - Relevant Notices\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":4,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Notice Category\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Notice Subcategory\",\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"ip\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Source IP\",\"aggType\":\"terms\"},{\"accessor\":3,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"ip\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"1\"}},\"params\":{},\"label\":\"Destination IP\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.category\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Notice Category\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Notice Subcategory\"}}]}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"rule.category:(SSL OR CVE_2020_0601)\",\"language\":\"lucene\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "8f003748-a6f8-4244-9d4e-e38e4a48da4c" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "61410dd0-2b89-11ec-a9f2-3911c8571bfd", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-12T18:22:38.381Z", - "version": "Wzg2MSwxXQ==", - "attributes": { - "title": "OCSP - Certificate Revocation", - "visState": "{\"title\":\"OCSP - Certificate Revocation\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.ocsp.certStatus\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Certificate Status\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.ocsp.revokereason\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Revocation Reason\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"NOT zeek.ocsp.certStatus:good\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "9c2ec460-2b88-11ec-a9f2-3911c8571bfd" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "b1481d20-2b64-11ec-a748-7936240e2919", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-12T17:34:03.402Z", - "version": "WzEzLDFd", - "attributes": { - "title": "X.509 - Is Host Certificate", - "visState": "{\"title\":\"X.509 - Is Host Certificate\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.x509.host_cert\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Host Certificate\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":true,\"values\":true,\"last_level\":true,\"truncate\":100},\"row\":false}}", - "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "858102a3-eec0-4ab3-82bb-a791e4eb364b" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "cdd2a1e0-2b64-11ec-a748-7936240e2919", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-12T17:34:03.402Z", - "version": "WzE0LDFd", - "attributes": { - "title": "X.509 - Is Client Certificate", - "visState": "{\"title\":\"X.509 - Is Client Certificate\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.x509.client_cert\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client Certificate\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":true,\"values\":true,\"last_level\":true,\"truncate\":100}}}", - "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "858102a3-eec0-4ab3-82bb-a791e4eb364b" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "e70e3a00-2b75-11ec-b2c0-c162ed55b2ac", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-12T17:34:03.402Z", - "version": "WzE1LDFd", - "attributes": { - "title": "X.509 - Certificate Fingerprint", - "visState": "{\"title\":\"X.509 - Certificate Fingerprint\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.x509.fingerprint\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":500,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Certificate Fingerprint\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "858102a3-eec0-4ab3-82bb-a791e4eb364b" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "858102a3-eec0-4ab3-82bb-a791e4eb364b", - "type": "search", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-12T17:34:03.402Z", - "version": "WzE2LDFd", - "attributes": { - "title": "X.509 - Logs", - "description": "", - "hits": 0, - "columns": [ - "zeek.x509.certificate_issuer.CN", - "zeek.x509.certificate_subject.CN", - "zeek.x509.host_cert", - "zeek.x509.client_cert", - "zeek.x509.certificate_sig_alg", - "zeek.x509.certificate_version" - ], - "sort": [ - [ - "MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER", - "desc" - ] - ], - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"filter\":[],\"query\":{\"query\":{\"query_string\":{\"query\":\"event.dataset:x509\",\"analyze_wildcard\":true}},\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" - } - }, - "references": [ - { - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern", - "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" - } - ], - "migrationVersion": { - "search": "7.9.3" - } - }, - { - "id": "9c2ec460-2b88-11ec-a9f2-3911c8571bfd", - "type": "search", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-12T18:17:07.749Z", - "version": "WzgyOSwxXQ==", - "attributes": { - "title": "OCSP - Logs", - "description": "", - "hits": 0, - "columns": [ - "zeek.ocsp.thisUpdate", - "zeek.ocsp.nextUpdate", - "zeek.ocsp.certStatus", - "zeek.ocsp.revokereason", - "zeek.ocsp.revoketime", - "zeek.ocsp.serialNumber", - "event.id" - ], - "sort": [], - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"query\":{\"query\":\"event.dataset:ocsp\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" - } - }, - "references": [ - { - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern", - "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" - } - ], - "migrationVersion": { - "search": "7.9.3" - } - }, - { - "id": "8f003748-a6f8-4244-9d4e-e38e4a48da4c", - "type": "search", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-12T17:35:05.414Z", - "version": "WzcxNywxXQ==", - "attributes": { - "title": "Notices - Logs", - "description": "", - "hits": 0, - "columns": [ - "rule.category", - "rule.name", - "zeek.notice.msg", - "source.ip", - "destination.ip", - "event.id" - ], - "sort": [ - [ - "MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER", - "desc" - ] - ], - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"event.provider:zeek AND event.dataset:notice\",\"default_field\":\"*\"}}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" - } - }, - "references": [ - { - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern", - "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" - } - ], - "migrationVersion": { - "search": "7.9.3" - } - } - ] +{ + "version": "7.10.2", + "objects": [ + { + "id": "024062a6-48d6-498f-a91a-3bf2da3a3cd3", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-12T18:27:47.478Z", + "version": "Wzg4MywxXQ==", + "attributes": { + "title": "X.509", + "hits": 0, + "description": "", + "panelsJSON": "[{\"version\":\"7.10.2\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":28,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":8,\"y\":8,\"w\":15,\"h\":20,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":0,\"y\":46,\"w\":15,\"h\":20,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":15,\"y\":46,\"w\":19,\"h\":20,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":34,\"y\":8,\"w\":14,\"h\":20,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":23,\"y\":8,\"w\":11,\"h\":20,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":0,\"y\":28,\"w\":12,\"h\":18,\"i\":\"aa7075cb-f9ef-4453-8c5f-90eccc6883c7\"},\"panelIndex\":\"aa7075cb-f9ef-4453-8c5f-90eccc6883c7\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":12,\"y\":28,\"w\":12,\"h\":18,\"i\":\"5e719795-a525-43dd-974c-6145b6e15de1\"},\"panelIndex\":\"5e719795-a525-43dd-974c-6145b6e15de1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":24,\"y\":28,\"w\":12,\"h\":18,\"i\":\"92e238af-672e-4f6d-8ff0-bf9d9a3a2437\"},\"panelIndex\":\"92e238af-672e-4f6d-8ff0-bf9d9a3a2437\",\"embeddableConfig\":{},\"panelRefName\":\"panel_10\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":36,\"y\":28,\"w\":12,\"h\":18,\"i\":\"d4f7644a-5547-4976-a5df-a5a5ae4a5bed\"},\"panelIndex\":\"d4f7644a-5547-4976-a5df-a5a5ae4a5bed\",\"embeddableConfig\":{},\"panelRefName\":\"panel_11\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":34,\"y\":46,\"w\":14,\"h\":20,\"i\":\"cff03ff3-838f-40f1-84b5-f671ff537a6c\"},\"panelIndex\":\"cff03ff3-838f-40f1-84b5-f671ff537a6c\",\"embeddableConfig\":{},\"panelRefName\":\"panel_12\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":0,\"y\":66,\"w\":48,\"h\":39,\"i\":\"2a9de8ad-b593-4bf3-9fc4-703580b95500\"},\"panelIndex\":\"2a9de8ad-b593-4bf3-9fc4-703580b95500\",\"embeddableConfig\":{},\"panelRefName\":\"panel_13\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":0,\"y\":105,\"w\":48,\"h\":24,\"i\":\"4535ecde-ff4e-4121-b783-deb678c5f1ff\"},\"panelIndex\":\"4535ecde-ff4e-4121-b783-deb678c5f1ff\",\"embeddableConfig\":{},\"panelRefName\":\"panel_14\"}]", + "optionsJSON": "{\"useMargins\":true}", + "version": 1, + "timeRestore": false, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\",\"time_zone\":\"America/Boise\"}}},\"filter\":[]}" + } + }, + "references": [ + { + "name": "panel_0", + "type": "visualization", + "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3" + }, + { + "name": "panel_1", + "type": "visualization", + "id": "0ce14883-eb54-4b30-aba0-b8b13021da11" + }, + { + "name": "panel_2", + "type": "visualization", + "id": "23d08a2e-2fa2-42df-bf75-dc5f3e5a79e7" + }, + { + "name": "panel_3", + "type": "visualization", + "id": "d608f7dd-efea-49c4-b61d-a09d2a29148c" + }, + { + "name": "panel_4", + "type": "visualization", + "id": "fabba18b-a1ed-4a90-a27c-bdcfed98eae1" + }, + { + "name": "panel_5", + "type": "visualization", + "id": "193088ad-5112-435f-9e9f-ec9127ff8665" + }, + { + "name": "panel_6", + "type": "visualization", + "id": "34d702ec-63e9-475d-ab0a-07d97ed4bd66" + }, + { + "name": "panel_7", + "type": "visualization", + "id": "AWDHGklsxQT5EBNmq4wG" + }, + { + "name": "panel_8", + "type": "visualization", + "id": "fa696510-4e9b-11ea-b504-97aa449f6abc" + }, + { + "name": "panel_9", + "type": "visualization", + "id": "61410dd0-2b89-11ec-a9f2-3911c8571bfd" + }, + { + "name": "panel_10", + "type": "visualization", + "id": "b1481d20-2b64-11ec-a748-7936240e2919" + }, + { + "name": "panel_11", + "type": "visualization", + "id": "cdd2a1e0-2b64-11ec-a748-7936240e2919" + }, + { + "name": "panel_12", + "type": "visualization", + "id": "e70e3a00-2b75-11ec-b2c0-c162ed55b2ac" + }, + { + "name": "panel_13", + "type": "search", + "id": "858102a3-eec0-4ab3-82bb-a791e4eb364b" + }, + { + "name": "panel_14", + "type": "search", + "id": "9c2ec460-2b88-11ec-a9f2-3911c8571bfd" + } + ], + "migrationVersion": { + "dashboard": "7.9.3" + } + }, + { + "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-12T17:35:08.437Z", + "version": "Wzc0MiwxXQ==", + "attributes": { + "title": "Network Logs", + "visState": "{\"title\":\"Network Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576) \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405) \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf) \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330) \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4) \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed) \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714) \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3) \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85) \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11) \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f) \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b) \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1) \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed) \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5) \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f) \\n[↪ NetBox](/netbox/) \\n[↪ Arkime](/arkime/) \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406) ● [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e) ● [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9) ● [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48) ● [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) ● [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3) ● [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673) ● [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24) ● [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105) ● [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6) ● [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37) ● [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586) ● [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0) ● [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c) ● [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970) ● [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0) ● [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26) ● [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa) ● [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773) ● [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f) ● [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab) ● [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238) ● [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3) ● [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd) ● [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d) ● [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88) ● [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2) ● [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194) ● [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad) ● [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3) ● [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4) ● [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194) ● [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7) ● [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8) ● [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4) ● [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194) ● [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194) ● [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4) ● [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}", + "uiStateJSON": "{}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}" + } + }, + "references": [], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "0ce14883-eb54-4b30-aba0-b8b13021da11", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-12T17:34:03.402Z", + "version": "WzUsMV0=", + "attributes": { + "visState": "{\"title\":\"X.509 - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"histogram\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\" \"}}],\"listeners\":{}}", + "description": "", + "title": "X.509 - Log Count Over Time", + "uiStateJSON": "{}", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "type": "search", + "name": "search_0", + "id": "858102a3-eec0-4ab3-82bb-a791e4eb364b" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "23d08a2e-2fa2-42df-bf75-dc5f3e5a79e7", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-12T17:34:03.402Z", + "version": "WzYsMV0=", + "attributes": { + "title": "X.509 - Certificate Signing Algorithm", + "visState": "{\"title\":\"X.509 - Certificate Signing Algorithm\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Algorithm\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek.x509.certificate_sig_alg\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Algorithm\"}}]}", + "uiStateJSON": "{}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "858102a3-eec0-4ab3-82bb-a791e4eb364b" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "d608f7dd-efea-49c4-b61d-a09d2a29148c", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-12T17:34:03.402Z", + "version": "WzcsMV0=", + "attributes": { + "visState": "{\"title\":\"X.509 - Certificate Subject\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.x509.certificate_subject_full\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Subject\"}}],\"listeners\":{}}", + "description": "", + "title": "X.509 - Certificate Subject", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "type": "search", + "name": "search_0", + "id": "858102a3-eec0-4ab3-82bb-a791e4eb364b" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "fabba18b-a1ed-4a90-a27c-bdcfed98eae1", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-12T17:34:03.402Z", + "version": "WzgsMV0=", + "attributes": { + "visState": "{\"title\":\"X.509 - Certificate Issuer\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.x509.certificate_issuer_full\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Issuer\"}}],\"listeners\":{}}", + "description": "", + "title": "X.509 - Certificate Issuer", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "type": "search", + "name": "search_0", + "id": "858102a3-eec0-4ab3-82bb-a791e4eb364b" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "193088ad-5112-435f-9e9f-ec9127ff8665", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-12T17:34:03.402Z", + "version": "WzksMV0=", + "attributes": { + "title": "X.509 - Certificate Key Length", + "visState": "{\"title\":\"X.509 - Certificate Key Length\",\"type\":\"histogram\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.x509.certificate_key_length\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Key Length\"},\"schema\":\"segment\"}],\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100,\"rotate\":0},\"title\":{\"text\":\"Key Length\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"square root\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"type\":\"histogram\",\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}", + "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "858102a3-eec0-4ab3-82bb-a791e4eb364b" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "34d702ec-63e9-475d-ab0a-07d97ed4bd66", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-12T17:34:03.402Z", + "version": "WzEwLDFd", + "attributes": { + "title": "X.509 - Certificate Key Algorithm", + "visState": "{\"title\":\"X.509 - Certificate Key Algorithm\",\"type\":\"histogram\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.x509.certificate_key_alg\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":7,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Algorithm\"},\"schema\":\"segment\"}],\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"square root\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"type\":\"histogram\",\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}", + "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "858102a3-eec0-4ab3-82bb-a791e4eb364b" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "AWDHGklsxQT5EBNmq4wG", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-12T17:34:03.402Z", + "version": "WzExLDFd", + "attributes": { + "title": "X.509 - Log Count", + "visState": "{\"title\":\"X.509 - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}", + "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "type": "search", + "name": "search_0", + "id": "858102a3-eec0-4ab3-82bb-a791e4eb364b" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "fa696510-4e9b-11ea-b504-97aa449f6abc", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-12T17:34:37.046Z", + "version": "WzM5NywxXQ==", + "attributes": { + "title": "SSL - Relevant Notices", + "visState": "{\"title\":\"SSL - Relevant Notices\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":4,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Notice Category\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Notice Subcategory\",\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"ip\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Source IP\",\"aggType\":\"terms\"},{\"accessor\":3,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"ip\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"1\"}},\"params\":{},\"label\":\"Destination IP\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.category\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Notice Category\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.name\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Notice Subcategory\"}}]}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"rule.category:(SSL OR CVE_2020_0601)\",\"language\":\"lucene\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "8f003748-a6f8-4244-9d4e-e38e4a48da4c" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "61410dd0-2b89-11ec-a9f2-3911c8571bfd", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-12T18:22:38.381Z", + "version": "Wzg2MSwxXQ==", + "attributes": { + "title": "OCSP - Certificate Revocation", + "visState": "{\"title\":\"OCSP - Certificate Revocation\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.ocsp.certStatus\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Certificate Status\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.ocsp.revokereason\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Revocation Reason\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"NOT zeek.ocsp.certStatus:good\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "9c2ec460-2b88-11ec-a9f2-3911c8571bfd" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "b1481d20-2b64-11ec-a748-7936240e2919", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-12T17:34:03.402Z", + "version": "WzEzLDFd", + "attributes": { + "title": "X.509 - Is Host Certificate", + "visState": "{\"title\":\"X.509 - Is Host Certificate\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.x509.host_cert\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Host Certificate\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":true,\"values\":true,\"last_level\":true,\"truncate\":100},\"row\":false}}", + "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "858102a3-eec0-4ab3-82bb-a791e4eb364b" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "cdd2a1e0-2b64-11ec-a748-7936240e2919", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-12T17:34:03.402Z", + "version": "WzE0LDFd", + "attributes": { + "title": "X.509 - Is Client Certificate", + "visState": "{\"title\":\"X.509 - Is Client Certificate\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.x509.client_cert\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client Certificate\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":true,\"values\":true,\"last_level\":true,\"truncate\":100}}}", + "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "858102a3-eec0-4ab3-82bb-a791e4eb364b" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "e70e3a00-2b75-11ec-b2c0-c162ed55b2ac", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-12T17:34:03.402Z", + "version": "WzE1LDFd", + "attributes": { + "title": "X.509 - Certificate Fingerprint", + "visState": "{\"title\":\"X.509 - Certificate Fingerprint\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.x509.fingerprint\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Certificate Fingerprint\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "858102a3-eec0-4ab3-82bb-a791e4eb364b" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "858102a3-eec0-4ab3-82bb-a791e4eb364b", + "type": "search", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-12T17:34:03.402Z", + "version": "WzE2LDFd", + "attributes": { + "title": "X.509 - Logs", + "description": "", + "hits": 0, + "columns": [ + "zeek.x509.certificate_issuer.CN", + "zeek.x509.certificate_subject.CN", + "zeek.x509.host_cert", + "zeek.x509.client_cert", + "zeek.x509.certificate_sig_alg", + "zeek.x509.certificate_version" + ], + "sort": [ + [ + "MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER", + "desc" + ] + ], + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"filter\":[],\"query\":{\"query\":{\"query_string\":{\"query\":\"event.dataset:x509\",\"analyze_wildcard\":true}},\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" + } + }, + "references": [ + { + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern", + "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" + } + ], + "migrationVersion": { + "search": "7.9.3" + } + }, + { + "id": "9c2ec460-2b88-11ec-a9f2-3911c8571bfd", + "type": "search", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-12T18:17:07.749Z", + "version": "WzgyOSwxXQ==", + "attributes": { + "title": "OCSP - Logs", + "description": "", + "hits": 0, + "columns": [ + "zeek.ocsp.thisUpdate", + "zeek.ocsp.nextUpdate", + "zeek.ocsp.certStatus", + "zeek.ocsp.revokereason", + "zeek.ocsp.revoketime", + "zeek.ocsp.serialNumber", + "event.id" + ], + "sort": [], + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"query\":{\"query\":\"event.dataset:ocsp\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" + } + }, + "references": [ + { + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern", + "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" + } + ], + "migrationVersion": { + "search": "7.9.3" + } + }, + { + "id": "8f003748-a6f8-4244-9d4e-e38e4a48da4c", + "type": "search", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-12T17:35:05.414Z", + "version": "WzcxNywxXQ==", + "attributes": { + "title": "Notices - Logs", + "description": "", + "hits": 0, + "columns": [ + "rule.category", + "rule.name", + "zeek.notice.msg", + "source.ip", + "destination.ip", + "event.id" + ], + "sort": [ + [ + "MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER", + "desc" + ] + ], + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"event.provider:zeek AND event.dataset:notice\",\"default_field\":\"*\"}}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" + } + }, + "references": [ + { + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern", + "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" + } + ], + "migrationVersion": { + "search": "7.9.3" + } + } + ] } \ No newline at end of file diff --git a/dashboards/dashboards/03207c00-d07e-11ec-b4a7-d1b4003706b7.json b/dashboards/dashboards/03207c00-d07e-11ec-b4a7-d1b4003706b7.json index 8784f04c2..d8a072135 100644 --- a/dashboards/dashboards/03207c00-d07e-11ec-b4a7-d1b4003706b7.json +++ b/dashboards/dashboards/03207c00-d07e-11ec-b4a7-d1b4003706b7.json @@ -1,384 +1,384 @@ -{ - "version": "1.3.1", - "objects": [ - { - "id": "03207c00-d07e-11ec-b4a7-d1b4003706b7", - "type": "dashboard", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-10T16:42:42.241Z", - "version": "WzEyMTAsMV0=", - "attributes": { - "title": "GENISYS", - "hits": 0, - "description": "Dashboard for the GENISYS Protocol", - "panelsJSON": "[{\"version\":\"1.3.1\",\"gridData\":{\"h\":28,\"i\":\"1\",\"w\":8,\"x\":0,\"y\":0},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"1.3.1\",\"gridData\":{\"h\":10,\"i\":\"58856fb7-efd0-4246-9dc9-d8b0d5c3fcba\",\"w\":8,\"x\":8,\"y\":0},\"panelIndex\":\"58856fb7-efd0-4246-9dc9-d8b0d5c3fcba\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"1.3.1\",\"gridData\":{\"h\":10,\"i\":\"c078d6a7-456e-4fed-80c6-f36123c3ba82\",\"w\":32,\"x\":16,\"y\":0},\"panelIndex\":\"c078d6a7-456e-4fed-80c6-f36123c3ba82\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"1.3.1\",\"gridData\":{\"h\":18,\"i\":\"c04b22a5-6b7e-4c18-8172-d39ec8549e4a\",\"w\":8,\"x\":8,\"y\":10},\"panelIndex\":\"c04b22a5-6b7e-4c18-8172-d39ec8549e4a\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"1.3.1\",\"gridData\":{\"h\":18,\"i\":\"4da40cc7-ad85-4dd1-88cf-8b207995c932\",\"w\":12,\"x\":16,\"y\":10},\"panelIndex\":\"4da40cc7-ad85-4dd1-88cf-8b207995c932\",\"embeddableConfig\":{\"table\":null,\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}},\"panelRefName\":\"panel_4\"},{\"version\":\"1.3.1\",\"gridData\":{\"h\":18,\"i\":\"74347ef4-7a00-4d8f-a172-120339fd5e30\",\"w\":20,\"x\":28,\"y\":10},\"panelIndex\":\"74347ef4-7a00-4d8f-a172-120339fd5e30\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"1.3.1\",\"gridData\":{\"h\":18,\"i\":\"40ffbd38-1edc-4493-b313-6f65729cbe70\",\"w\":16,\"x\":0,\"y\":28},\"panelIndex\":\"40ffbd38-1edc-4493-b313-6f65729cbe70\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":true}},\"panelRefName\":\"panel_6\"},{\"version\":\"1.3.1\",\"gridData\":{\"h\":18,\"i\":\"2cb13858-f268-4cd4-8207-3932c70dc83a\",\"w\":12,\"x\":16,\"y\":28},\"panelIndex\":\"2cb13858-f268-4cd4-8207-3932c70dc83a\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}},\"table\":null},\"panelRefName\":\"panel_7\"},{\"version\":\"1.3.1\",\"gridData\":{\"h\":18,\"i\":\"7aabaf8b-4a54-48df-ac8e-c732327f420e\",\"w\":20,\"x\":28,\"y\":28},\"panelIndex\":\"7aabaf8b-4a54-48df-ac8e-c732327f420e\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"1.3.1\",\"gridData\":{\"h\":31,\"i\":\"6b987e44-72f1-4e33-9fa3-cb21c7313829\",\"w\":48,\"x\":0,\"y\":46},\"panelIndex\":\"6b987e44-72f1-4e33-9fa3-cb21c7313829\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"}]", - "optionsJSON": "{\"useMargins\":true}", - "version": 1, - "timeRestore": false, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[]}" - } - }, - "references": [ - { - "name": "panel_0", - "type": "visualization", - "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3" - }, - { - "name": "panel_1", - "type": "visualization", - "id": "49c385d0-d07e-11ec-b4a7-d1b4003706b7" - }, - { - "name": "panel_2", - "type": "visualization", - "id": "69d164f0-d07e-11ec-b4a7-d1b4003706b7" - }, - { - "name": "panel_3", - "type": "visualization", - "id": "0a22a770-d07f-11ec-b4a7-d1b4003706b7" - }, - { - "name": "panel_4", - "type": "visualization", - "id": "2e04e720-d07f-11ec-b4a7-d1b4003706b7" - }, - { - "name": "panel_5", - "type": "visualization", - "id": "967c1120-d07f-11ec-b4a7-d1b4003706b7" - }, - { - "name": "panel_6", - "type": "visualization", - "id": "a01ec2f0-d07e-11ec-b4a7-d1b4003706b7" - }, - { - "name": "panel_7", - "type": "visualization", - "id": "5858c780-d07f-11ec-b4a7-d1b4003706b7" - }, - { - "name": "panel_8", - "type": "visualization", - "id": "d81128f0-d07f-11ec-b4a7-d1b4003706b7" - }, - { - "name": "panel_9", - "type": "search", - "id": "f296a0d0-d07d-11ec-b4a7-d1b4003706b7" - } - ], - "migrationVersion": { - "dashboard": "7.9.3" - } - }, - { - "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-10T16:07:16.116Z", - "version": "Wzc5NSwxXQ==", - "attributes": { - "title": "Network Logs", - "visState": "{\"title\":\"Network Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576) \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405) \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf) \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330) \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4) \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed) \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714) \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3) \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85) \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11) \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f) \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b) \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1) \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed) \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5) \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f) \\n[↪ NetBox](/netbox/) \\n[↪ Arkime](/arkime/) \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406) ● [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e) ● [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9) ● [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48) ● [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) ● [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3) ● [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673) ● [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24) ● [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105) ● [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6) ● [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37) ● [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586) ● [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0) ● [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c) ● [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970) ● [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0) ● [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26) ● [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa) ● [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773) ● [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f) ● [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab) ● [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238) ● [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3) ● [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd) ● [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d) ● [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88) ● [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2) ● [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194) ● [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad) ● [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3) ● [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4) ● [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194) ● [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7) ● [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8) ● [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4) ● [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194) ● [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194) ● [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4) ● [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}", - "uiStateJSON": "{}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}" - } - }, - "references": [], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "49c385d0-d07e-11ec-b4a7-d1b4003706b7", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-10T16:28:56.364Z", - "version": "WzEwOTksMV0=", - "attributes": { - "title": "GENISYS - Log Count", - "visState": "{\"title\":\"GENISYS - Log Count\",\"type\":\"metric\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"\"},\"schema\":\"metric\"}],\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":false},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":48}}}}", - "uiStateJSON": "{}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "f296a0d0-d07d-11ec-b4a7-d1b4003706b7" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "69d164f0-d07e-11ec-b4a7-d1b4003706b7", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-10T16:29:50.143Z", - "version": "WzExMDYsMV0=", - "attributes": { - "title": "GENISYS - Log Count Over Time", - "visState": "{\"title\":\"GENISYS - Log Count Over Time\",\"type\":\"histogram\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\" \"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"params\":{\"field\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER\",\"timeRange\":{\"from\":\"now-15y\",\"to\":\"now\"},\"useNormalizedOpenSearchInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\" \"},\"schema\":\"segment\"}],\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\" \"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\" \",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}", - "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "f296a0d0-d07d-11ec-b4a7-d1b4003706b7" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "0a22a770-d07f-11ec-b4a7-d1b4003706b7", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-10T16:34:19.111Z", - "version": "WzExMzQsMV0=", - "attributes": { - "title": "GENISYS - Station Address", - "visState": "{\"title\":\"GENISYS - Station Address\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.genisys.server\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":255,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Station Address\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "f296a0d0-d07d-11ec-b4a7-d1b4003706b7" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "2e04e720-d07f-11ec-b4a7-d1b4003706b7", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-10T16:35:19.314Z", - "version": "WzExNDQsMV0=", - "attributes": { - "title": "GENISYS - Source", - "visState": "{\"title\":\"GENISYS - Source\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "f296a0d0-d07d-11ec-b4a7-d1b4003706b7" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "967c1120-d07f-11ec-b4a7-d1b4003706b7", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-10T16:38:14.578Z", - "version": "WzExNzcsMV0=", - "attributes": { - "title": "GENISYS - Action", - "visState": "{\"title\":\"GENISYS - Action\",\"type\":\"horizontal_bar\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\" \"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Control Character\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\" \"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\" \",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}", - "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "f296a0d0-d07d-11ec-b4a7-d1b4003706b7" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "a01ec2f0-d07e-11ec-b4a7-d1b4003706b7", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-10T16:32:07.893Z", - "version": "WzExMjYsMV0=", - "attributes": { - "title": "GENISYS - Message Direction", - "visState": "{\"title\":\"GENISYS - Message Direction\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.genisys.direction\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Direction\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}", - "uiStateJSON": "{\"vis\":{\"legendOpen\":true}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "f296a0d0-d07d-11ec-b4a7-d1b4003706b7" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "5858c780-d07f-11ec-b4a7-d1b4003706b7", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-10T16:36:30.327Z", - "version": "WzExNTksMV0=", - "attributes": { - "title": "GENISYS - Destination", - "visState": "{\"title\":\"GENISYS - Destination\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Port\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "f296a0d0-d07d-11ec-b4a7-d1b4003706b7" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "d81128f0-d07f-11ec-b4a7-d1b4003706b7", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-10T16:40:04.607Z", - "version": "WzExOTksMV0=", - "attributes": { - "title": "GENISYS - Result", - "visState": "{\"title\":\"GENISYS - Result\",\"type\":\"horizontal_bar\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\" \"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.result\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Control Character\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\" \"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\" \",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}", - "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "f296a0d0-d07d-11ec-b4a7-d1b4003706b7" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "f296a0d0-d07d-11ec-b4a7-d1b4003706b7", - "type": "search", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-10T16:26:30.108Z", - "version": "WzEwMTUsMV0=", - "attributes": { - "title": "GENISYS - Logs", - "description": "", - "hits": 0, - "columns": [ - "source.ip", - "source.port", - "destination.ip", - "destination.port", - "zeek.genisys.server", - "event.action", - "event.result", - "zeek.genisys.payload", - "event.id" - ], - "sort": [], - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"query\":{\"query\":\"event.provider:zeek AND event.dataset:genisys\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" - } - }, - "references": [ - { - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern", - "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" - } - ], - "migrationVersion": { - "search": "7.9.3" - } - } - ] +{ + "version": "1.3.1", + "objects": [ + { + "id": "03207c00-d07e-11ec-b4a7-d1b4003706b7", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-10T16:42:42.241Z", + "version": "WzEyMTAsMV0=", + "attributes": { + "title": "GENISYS", + "hits": 0, + "description": "Dashboard for the GENISYS Protocol", + "panelsJSON": "[{\"version\":\"1.3.1\",\"gridData\":{\"h\":28,\"i\":\"1\",\"w\":8,\"x\":0,\"y\":0},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"1.3.1\",\"gridData\":{\"h\":10,\"i\":\"58856fb7-efd0-4246-9dc9-d8b0d5c3fcba\",\"w\":8,\"x\":8,\"y\":0},\"panelIndex\":\"58856fb7-efd0-4246-9dc9-d8b0d5c3fcba\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"1.3.1\",\"gridData\":{\"h\":10,\"i\":\"c078d6a7-456e-4fed-80c6-f36123c3ba82\",\"w\":32,\"x\":16,\"y\":0},\"panelIndex\":\"c078d6a7-456e-4fed-80c6-f36123c3ba82\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"1.3.1\",\"gridData\":{\"h\":18,\"i\":\"c04b22a5-6b7e-4c18-8172-d39ec8549e4a\",\"w\":8,\"x\":8,\"y\":10},\"panelIndex\":\"c04b22a5-6b7e-4c18-8172-d39ec8549e4a\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"1.3.1\",\"gridData\":{\"h\":18,\"i\":\"4da40cc7-ad85-4dd1-88cf-8b207995c932\",\"w\":12,\"x\":16,\"y\":10},\"panelIndex\":\"4da40cc7-ad85-4dd1-88cf-8b207995c932\",\"embeddableConfig\":{\"table\":null,\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}},\"panelRefName\":\"panel_4\"},{\"version\":\"1.3.1\",\"gridData\":{\"h\":18,\"i\":\"74347ef4-7a00-4d8f-a172-120339fd5e30\",\"w\":20,\"x\":28,\"y\":10},\"panelIndex\":\"74347ef4-7a00-4d8f-a172-120339fd5e30\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"1.3.1\",\"gridData\":{\"h\":18,\"i\":\"40ffbd38-1edc-4493-b313-6f65729cbe70\",\"w\":16,\"x\":0,\"y\":28},\"panelIndex\":\"40ffbd38-1edc-4493-b313-6f65729cbe70\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":true}},\"panelRefName\":\"panel_6\"},{\"version\":\"1.3.1\",\"gridData\":{\"h\":18,\"i\":\"2cb13858-f268-4cd4-8207-3932c70dc83a\",\"w\":12,\"x\":16,\"y\":28},\"panelIndex\":\"2cb13858-f268-4cd4-8207-3932c70dc83a\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}},\"table\":null},\"panelRefName\":\"panel_7\"},{\"version\":\"1.3.1\",\"gridData\":{\"h\":18,\"i\":\"7aabaf8b-4a54-48df-ac8e-c732327f420e\",\"w\":20,\"x\":28,\"y\":28},\"panelIndex\":\"7aabaf8b-4a54-48df-ac8e-c732327f420e\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"1.3.1\",\"gridData\":{\"h\":31,\"i\":\"6b987e44-72f1-4e33-9fa3-cb21c7313829\",\"w\":48,\"x\":0,\"y\":46},\"panelIndex\":\"6b987e44-72f1-4e33-9fa3-cb21c7313829\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"}]", + "optionsJSON": "{\"useMargins\":true}", + "version": 1, + "timeRestore": false, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[]}" + } + }, + "references": [ + { + "name": "panel_0", + "type": "visualization", + "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3" + }, + { + "name": "panel_1", + "type": "visualization", + "id": "49c385d0-d07e-11ec-b4a7-d1b4003706b7" + }, + { + "name": "panel_2", + "type": "visualization", + "id": "69d164f0-d07e-11ec-b4a7-d1b4003706b7" + }, + { + "name": "panel_3", + "type": "visualization", + "id": "0a22a770-d07f-11ec-b4a7-d1b4003706b7" + }, + { + "name": "panel_4", + "type": "visualization", + "id": "2e04e720-d07f-11ec-b4a7-d1b4003706b7" + }, + { + "name": "panel_5", + "type": "visualization", + "id": "967c1120-d07f-11ec-b4a7-d1b4003706b7" + }, + { + "name": "panel_6", + "type": "visualization", + "id": "a01ec2f0-d07e-11ec-b4a7-d1b4003706b7" + }, + { + "name": "panel_7", + "type": "visualization", + "id": "5858c780-d07f-11ec-b4a7-d1b4003706b7" + }, + { + "name": "panel_8", + "type": "visualization", + "id": "d81128f0-d07f-11ec-b4a7-d1b4003706b7" + }, + { + "name": "panel_9", + "type": "search", + "id": "f296a0d0-d07d-11ec-b4a7-d1b4003706b7" + } + ], + "migrationVersion": { + "dashboard": "7.9.3" + } + }, + { + "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-10T16:07:16.116Z", + "version": "Wzc5NSwxXQ==", + "attributes": { + "title": "Network Logs", + "visState": "{\"title\":\"Network Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576) \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405) \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf) \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330) \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4) \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed) \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714) \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3) \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85) \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11) \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f) \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b) \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1) \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed) \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5) \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f) \\n[↪ NetBox](/netbox/) \\n[↪ Arkime](/arkime/) \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406) ● [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e) ● [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9) ● [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48) ● [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) ● [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3) ● [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673) ● [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24) ● [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105) ● [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6) ● [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37) ● [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586) ● [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0) ● [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c) ● [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970) ● [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0) ● [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26) ● [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa) ● [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773) ● [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f) ● [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab) ● [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238) ● [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3) ● [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd) ● [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d) ● [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88) ● [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2) ● [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194) ● [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad) ● [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3) ● [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4) ● [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194) ● [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7) ● [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8) ● [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4) ● [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194) ● [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194) ● [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4) ● [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}", + "uiStateJSON": "{}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}" + } + }, + "references": [], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "49c385d0-d07e-11ec-b4a7-d1b4003706b7", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-10T16:28:56.364Z", + "version": "WzEwOTksMV0=", + "attributes": { + "title": "GENISYS - Log Count", + "visState": "{\"title\":\"GENISYS - Log Count\",\"type\":\"metric\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"\"},\"schema\":\"metric\"}],\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":false},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":48}}}}", + "uiStateJSON": "{}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "f296a0d0-d07d-11ec-b4a7-d1b4003706b7" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "69d164f0-d07e-11ec-b4a7-d1b4003706b7", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-10T16:29:50.143Z", + "version": "WzExMDYsMV0=", + "attributes": { + "title": "GENISYS - Log Count Over Time", + "visState": "{\"title\":\"GENISYS - Log Count Over Time\",\"type\":\"histogram\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\" \"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"params\":{\"field\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER\",\"timeRange\":{\"from\":\"now-15y\",\"to\":\"now\"},\"useNormalizedOpenSearchInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\" \"},\"schema\":\"segment\"}],\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\" \"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\" \",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}", + "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "f296a0d0-d07d-11ec-b4a7-d1b4003706b7" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "0a22a770-d07f-11ec-b4a7-d1b4003706b7", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-10T16:34:19.111Z", + "version": "WzExMzQsMV0=", + "attributes": { + "title": "GENISYS - Station Address", + "visState": "{\"title\":\"GENISYS - Station Address\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.genisys.server\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Station Address\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "f296a0d0-d07d-11ec-b4a7-d1b4003706b7" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "2e04e720-d07f-11ec-b4a7-d1b4003706b7", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-10T16:35:19.314Z", + "version": "WzExNDQsMV0=", + "attributes": { + "title": "GENISYS - Source", + "visState": "{\"title\":\"GENISYS - Source\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "f296a0d0-d07d-11ec-b4a7-d1b4003706b7" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "967c1120-d07f-11ec-b4a7-d1b4003706b7", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-10T16:38:14.578Z", + "version": "WzExNzcsMV0=", + "attributes": { + "title": "GENISYS - Action", + "visState": "{\"title\":\"GENISYS - Action\",\"type\":\"horizontal_bar\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\" \"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Control Character\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\" \"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\" \",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}", + "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "f296a0d0-d07d-11ec-b4a7-d1b4003706b7" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "a01ec2f0-d07e-11ec-b4a7-d1b4003706b7", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-10T16:32:07.893Z", + "version": "WzExMjYsMV0=", + "attributes": { + "title": "GENISYS - Message Direction", + "visState": "{\"title\":\"GENISYS - Message Direction\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.genisys.direction\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Direction\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}", + "uiStateJSON": "{\"vis\":{\"legendOpen\":true}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "f296a0d0-d07d-11ec-b4a7-d1b4003706b7" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "5858c780-d07f-11ec-b4a7-d1b4003706b7", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-10T16:36:30.327Z", + "version": "WzExNTksMV0=", + "attributes": { + "title": "GENISYS - Destination", + "visState": "{\"title\":\"GENISYS - Destination\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Port\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "f296a0d0-d07d-11ec-b4a7-d1b4003706b7" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "d81128f0-d07f-11ec-b4a7-d1b4003706b7", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-10T16:40:04.607Z", + "version": "WzExOTksMV0=", + "attributes": { + "title": "GENISYS - Result", + "visState": "{\"title\":\"GENISYS - Result\",\"type\":\"horizontal_bar\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\" \"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.result\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Control Character\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\" \"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\" \",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}", + "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "f296a0d0-d07d-11ec-b4a7-d1b4003706b7" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "f296a0d0-d07d-11ec-b4a7-d1b4003706b7", + "type": "search", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-10T16:26:30.108Z", + "version": "WzEwMTUsMV0=", + "attributes": { + "title": "GENISYS - Logs", + "description": "", + "hits": 0, + "columns": [ + "source.ip", + "source.port", + "destination.ip", + "destination.port", + "zeek.genisys.server", + "event.action", + "event.result", + "zeek.genisys.payload", + "event.id" + ], + "sort": [], + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"query\":{\"query\":\"event.provider:zeek AND event.dataset:genisys\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" + } + }, + "references": [ + { + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern", + "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" + } + ], + "migrationVersion": { + "search": "7.9.3" + } + } + ] } \ No newline at end of file diff --git a/dashboards/dashboards/05e3e000-f118-11e9-acda-83a8e29e1a24.json b/dashboards/dashboards/05e3e000-f118-11e9-acda-83a8e29e1a24.json index 8c6b70b09..637a75e74 100644 --- a/dashboards/dashboards/05e3e000-f118-11e9-acda-83a8e29e1a24.json +++ b/dashboards/dashboards/05e3e000-f118-11e9-acda-83a8e29e1a24.json @@ -191,7 +191,7 @@ "version": "WzIwMiwxXQ==", "attributes": { "title": "LDAP - Source IP", - "visState": "{\"title\":\"LDAP - Source IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"size\":200,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"}}]}", + "visState": "{\"title\":\"LDAP - Source IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, @@ -221,7 +221,7 @@ "version": "WzExNDEsMV0=", "attributes": { "title": "LDAP - Destination IP", - "visState": "{\"title\":\"LDAP - Destination IP\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Port\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"LDAP - Destination IP\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Port\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -281,7 +281,7 @@ "version": "WzE1MzgsMV0=", "attributes": { "title": "LDAP - Bind", - "visState": "{\"title\":\"LDAP - Bind\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.protocol_version\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Version\"},\"schema\":\"bucket\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Method\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.ldap.object\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Object/Mechanism\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.result\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Result\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"LDAP - Bind\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.protocol_version\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Version\"},\"schema\":\"bucket\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Method\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.ldap.object\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Object/Mechanism\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.result\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Result\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":4,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -341,7 +341,7 @@ "version": "WzEzMzUsMV0=", "attributes": { "title": "LDAP - Result Code", - "visState": "{\"title\":\"LDAP - Result Code\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.result\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"-\",\"customLabel\":\"Result Code\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"LDAP - Result Code\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.result\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"-\",\"customLabel\":\"Result Code\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -371,7 +371,7 @@ "version": "WzEyOTksMV0=", "attributes": { "title": "LDAP - Operation", - "visState": "{\"title\":\"LDAP - Operation\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":199,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Operation\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"LDAP - Operation\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Operation\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b.json b/dashboards/dashboards/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b.json index 51de061f4..5d3134ff7 100644 --- a/dashboards/dashboards/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b.json +++ b/dashboards/dashboards/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b.json @@ -139,7 +139,7 @@ "updated_at": "2021-02-10T21:24:07.693Z", "version": "WzgzLDFd", "attributes": { - "visState": "{\"title\":\"FTP - Argument\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.ftp.arg\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Argument\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"FTP - Argument\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.ftp.arg\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Argument\"}}],\"listeners\":{}}", "description": "", "title": "FTP - Argument", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -170,7 +170,7 @@ "version": "Wzg0LDFd", "attributes": { "title": "FTP - Commands and Replies", - "visState": "{\"title\":\"FTP - Commands and Replies\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":4,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"event.action: Descending\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"zeek.ftp.reply_code: Descending\",\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Reply Message\",\"aggType\":\"terms\"},{\"accessor\":3,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"event.result: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Action\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.ftp.reply_code\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Reply Code\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.ftp.reply_msg\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Reply\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Reply Message\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.result\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Result\"}}]}", + "visState": "{\"title\":\"FTP - Commands and Replies\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":4,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"event.action: Descending\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"zeek.ftp.reply_code: Descending\",\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Reply Message\",\"aggType\":\"terms\"},{\"accessor\":3,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"event.result: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Action\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.ftp.reply_code\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Reply Code\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.ftp.reply_msg\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Reply\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Reply Message\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.result\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Result\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":4,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -230,7 +230,7 @@ "version": "Wzg2LDFd", "attributes": { "title": "FTP - Source", - "visState": "{\"title\":\"FTP - Source\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"}}]}", + "visState": "{\"title\":\"FTP - Source\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, @@ -260,7 +260,7 @@ "version": "Wzg3LDFd", "attributes": { "title": "FTP - Destination", - "visState": "{\"title\":\"FTP - Destination\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"IP Address\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"destination.port: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Port\"}}]}", + "visState": "{\"title\":\"FTP - Destination\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"IP Address\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"destination.port: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Port\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -289,7 +289,7 @@ "updated_at": "2021-02-10T21:24:07.693Z", "version": "Wzg4LDFd", "attributes": { - "visState": "{\"title\":\"FTP - Username\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"related.user\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Username\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"FTP - Username\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"related.user\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Username\"}}],\"listeners\":{}}", "description": "", "title": "FTP - Username", "uiStateJSON": "{\n \"vis\": {\n \"params\": {\n \"sort\": {\n \"columnIndex\": null,\n \"direction\": null\n }\n }\n }\n}", diff --git a/dashboards/dashboards/0a490422-0ce9-44bf-9a2d-19329ddde8c3.json b/dashboards/dashboards/0a490422-0ce9-44bf-9a2d-19329ddde8c3.json index f108ed7e2..8e4a304bf 100644 --- a/dashboards/dashboards/0a490422-0ce9-44bf-9a2d-19329ddde8c3.json +++ b/dashboards/dashboards/0a490422-0ce9-44bf-9a2d-19329ddde8c3.json @@ -200,7 +200,7 @@ "version": "WzEzMjAsMV0=", "attributes": { "title": "PE - Section Name", - "visState": "{\"title\":\"PE - Section Name\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.pe.section_names\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Section Name\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"PE - Section Name\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.pe.section_names\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Section Name\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, @@ -229,7 +229,7 @@ "updated_at": "2021-11-16T20:40:06.406Z", "version": "WzIwOSwxXQ==", "attributes": { - "visState": "{\"title\":\"PE - Machine\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.pe.machine\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Machine\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"PE - Machine\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.pe.machine\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Machine\"}}],\"listeners\":{}}", "description": "", "title": "PE - Machine", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -290,7 +290,7 @@ "version": "WzIxMSwxXQ==", "attributes": { "title": "Capa Signatures", - "visState": "{\"title\":\"Capa Signatures\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"rule.name: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Signature\"}}]}", + "visState": "{\"title\":\"Capa Signatures\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"rule.name: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.name\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Signature\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/0ad3d7c2-3441-485e-9dfe-dbb22e84e576.json b/dashboards/dashboards/0ad3d7c2-3441-485e-9dfe-dbb22e84e576.json index a72287382..843c61a85 100644 --- a/dashboards/dashboards/0ad3d7c2-3441-485e-9dfe-dbb22e84e576.json +++ b/dashboards/dashboards/0ad3d7c2-3441-485e-9dfe-dbb22e84e576.json @@ -1,470 +1,470 @@ -{ - "version": "1.3.1", - "objects": [ - { - "id": "0ad3d7c2-3441-485e-9dfe-dbb22e84e576", - "type": "dashboard", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-04T20:30:33.149Z", - "version": "WzEzNjIsMV0=", - "attributes": { - "title": "Overview", - "hits": 0, - "description": "", - "panelsJSON": "[{\"embeddableConfig\":{},\"gridData\":{\"h\":31,\"i\":\"1\",\"w\":8,\"x\":0,\"y\":0},\"panelIndex\":\"1\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{\"table\":null,\"vis\":{\"legendOpen\":true}},\"gridData\":{\"h\":13,\"i\":\"12\",\"w\":21,\"x\":27,\"y\":0},\"panelIndex\":\"12\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":18,\"i\":\"19\",\"w\":36,\"x\":0,\"y\":31},\"panelIndex\":\"19\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"asc\"}},\"table\":null,\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}},\"gridData\":{\"h\":18,\"i\":\"21\",\"w\":14,\"x\":8,\"y\":13},\"panelIndex\":\"21\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":13,\"i\":\"32\",\"w\":7,\"x\":8,\"y\":0},\"panelIndex\":\"32\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}},\"gridData\":{\"h\":18,\"i\":\"43\",\"w\":12,\"x\":36,\"y\":31},\"panelIndex\":\"43\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{\"table\":null,\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}},\"gridData\":{\"h\":13,\"i\":\"4f869578-b143-4103-8804-f8b59688a5dd\",\"w\":12,\"x\":15,\"y\":0},\"panelIndex\":\"4f869578-b143-4103-8804-f8b59688a5dd\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"asc\"}},\"table\":null,\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}},\"gridData\":{\"h\":18,\"i\":\"2aab2ae5-2520-4b78-9735-04c32b22b71e\",\"w\":11,\"x\":22,\"y\":13},\"panelIndex\":\"2aab2ae5-2520-4b78-9735-04c32b22b71e\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":18,\"i\":\"f92ea81f-8f7e-4a79-abde-e5d8aaf7a39a\",\"w\":15,\"x\":33,\"y\":13},\"panelIndex\":\"f92ea81f-8f7e-4a79-abde-e5d8aaf7a39a\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_8\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":27,\"i\":\"4c077648-488a-4fd8-9fcd-3042ec1bfa4d\",\"w\":48,\"x\":0,\"y\":49},\"panelIndex\":\"4c077648-488a-4fd8-9fcd-3042ec1bfa4d\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_9\"}]", - "optionsJSON": "{\"useMargins\":true}", - "version": 1, - "timeRestore": false, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"*\"},\"filter\":[]}" - } - }, - "references": [ - { - "name": "panel_0", - "type": "visualization", - "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3" - }, - { - "name": "panel_1", - "type": "visualization", - "id": "470c6648-d66f-4fae-99af-061cab27065a" - }, - { - "name": "panel_2", - "type": "visualization", - "id": "3da52536-9455-4f8f-931a-14f4c04c636b" - }, - { - "name": "panel_3", - "type": "visualization", - "id": "f7aba7a6-4b09-4efe-ae42-68d5637212ce" - }, - { - "name": "panel_4", - "type": "visualization", - "id": "AWDGyaGxxQT5EBNmq3K9" - }, - { - "name": "panel_5", - "type": "visualization", - "id": "6ec2abe4-c3b1-4cc1-8674-e80f8aee7ec5" - }, - { - "name": "panel_6", - "type": "visualization", - "id": "74c4f480-c7dc-11ec-8c7e-e93fedca6b87" - }, - { - "name": "panel_7", - "type": "visualization", - "id": "750367f0-41f2-11ea-88fa-7151df485405" - }, - { - "name": "panel_8", - "type": "visualization", - "id": "f38b3bd0-afd3-11ea-adcf-8bc6d9c94a96" - }, - { - "name": "panel_9", - "type": "search", - "id": "c97bc964-5319-41e7-ad22-db28156a2ac1" - } - ], - "migrationVersion": { - "dashboard": "7.9.3" - } - }, - { - "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-04T20:07:16.386Z", - "version": "Wzc5NSwxXQ==", - "attributes": { - "title": "Network Logs", - "visState": "{\"title\":\"Network Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576) \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405) \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf) \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330) \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4) \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed) \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714) \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3) \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85) \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11) \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f) \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b) \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1) \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed) \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5) \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f) \\n[↪ NetBox](/netbox/) \\n[↪ Arkime](/arkime/) \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406) ● [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e) ● [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9) ● [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48) ● [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) ● [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3) ● [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673) ● [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24) ● [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105) ● [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6) ● [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37) ● [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586) ● [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0) ● [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c) ● [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970) ● [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0) ● [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26) ● [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa) ● [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773) ● [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f) ● [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab) ● [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238) ● [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3) ● [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd) ● [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d) ● [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88) ● [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2) ● [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194) ● [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad) ● [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3) ● [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4) ● [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194) ● [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7) ● [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8) ● [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4) ● [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194) ● [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194) ● [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4) ● [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}", - "uiStateJSON": "{}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}" - } - }, - "references": [], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "470c6648-d66f-4fae-99af-061cab27065a", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-04T20:06:10.844Z", - "version": "WzYxLDFd", - "attributes": { - "title": "Total Log Count Over Time", - "visState": "{\"title\":\"Total Log Count Over Time\",\"type\":\"line\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"params\":{\"field\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER\",\"timeRange\":{\"from\":\"now-25y\",\"to\":\"now\"},\"useNormalizedOpenSearchInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\" \"},\"schema\":\"segment\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.provider\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"unknown\"},\"schema\":\"group\"}],\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER per 30 seconds\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"stacked\",\"type\":\"histogram\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"type\":\"histogram\",\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}", - "uiStateJSON": "{\"vis\":{\"legendOpen\":true}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "c97bc964-5319-41e7-ad22-db28156a2ac1" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "3da52536-9455-4f8f-931a-14f4c04c636b", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-04T20:28:37.178Z", - "version": "WzEzNDcsMV0=", - "attributes": { - "title": "Connections - Service By Destination Country", - "visState": "{\"title\":\"Connections - Service By Destination Country\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.geo.country_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":8,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\" \"},\"schema\":\"split\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"},\"schema\":\"segment\"}],\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":3,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"},\"buckets\":[{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}],\"splitColumn\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"row\":false}}", - "uiStateJSON": "{\"vis\":{\"legendOpen\":true}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "f7aba7a6-4b09-4efe-ae42-68d5637212ce", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-04T20:06:10.844Z", - "version": "WzYzLDFd", - "attributes": { - "title": "Log Type", - "visState": "{\"title\":\"Log Type\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.provider\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"unknown\",\"customLabel\":\"Data Source\"},\"schema\":\"bucket\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.dataset\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Log Type\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\"}}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "c97bc964-5319-41e7-ad22-db28156a2ac1" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "AWDGyaGxxQT5EBNmq3K9", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-04T20:06:52.191Z", - "version": "WzUzMCwxXQ==", - "attributes": { - "title": "Total Number of Logs", - "visState": "{\"title\":\"Total Number of Logs\",\"type\":\"metric\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Logs\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.provider\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"unknown\",\"customLabel\":\"Data Source\"},\"schema\":\"group\"}],\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"colorSchema\":\"Green to Red\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":true,\"color\":\"black\"},\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"},\"metricColorMode\":\"None\"}}}", - "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"NOT event.provider:arkime\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" - } - }, - "references": [ - { - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern", - "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "6ec2abe4-c3b1-4cc1-8674-e80f8aee7ec5", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-04T20:06:10.844Z", - "version": "WzY1LDFd", - "attributes": { - "title": "DNS - Queries", - "visState": "{\"title\":\"DNS - Queries\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dns.query\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":250,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Query\"}}]}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "type": "search", - "name": "search_0", - "id": "0b971165-4c39-42ed-b80d-8a8f5658a38e" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "74c4f480-c7dc-11ec-8c7e-e93fedca6b87", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-04T20:06:10.844Z", - "version": "WzY2LDFd", - "attributes": { - "title": "Log Source", - "visState": "{\"title\":\"Log Source\",\"type\":\"table\",\"aggs\":[{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"-\",\"customLabel\":\"Log Source\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"max\",\"params\":{\"field\":\"event.ingested\",\"customLabel\":\"Last Ingested\"},\"schema\":\"metric\"},{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"}],\"params\":{\"perPage\":5,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" - } - }, - "references": [ - { - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern", - "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "750367f0-41f2-11ea-88fa-7151df485405", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-04T20:06:10.844Z", - "version": "WzY3LDFd", - "attributes": { - "title": "Application Protocol", - "visState": "{\"title\":\"Application Protocol\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":0,\"direction\":\"asc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Application Protocol\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Protocol Version\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Application Protocol\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"network.protocol_version\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Protocol Version\"}}]}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" - } - }, - "references": [ - { - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern", - "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "f38b3bd0-afd3-11ea-adcf-8bc6d9c94a96", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-04T20:07:05.320Z", - "version": "WzY5MywxXQ==", - "attributes": { - "title": "Actions and Results", - "visState": "{\"title\":\"Actions and Results\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":3,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Unknown\"}},\"params\":{},\"label\":\"Protocol\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Action\",\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Result\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Protocol\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Action\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.result\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Result\"}}]}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"event.action:* OR event.result:*\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" - } - }, - "references": [ - { - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern", - "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "c97bc964-5319-41e7-ad22-db28156a2ac1", - "type": "search", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-04T20:07:16.386Z", - "version": "WzgwOCwxXQ==", - "attributes": { - "title": "All Logs", - "description": "", - "hits": 0, - "columns": [ - "event.provider", - "event.dataset", - "network.protocol", - "event.action", - "event.result", - "source.ip", - "destination.ip", - "destination.port", - "event.id" - ], - "sort": [ - [ - "MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER", - "desc" - ] - ], - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"filter\":[],\"query\":{\"query\":\"NOT event.provider:arkime\",\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" - } - }, - "references": [ - { - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern", - "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" - } - ], - "migrationVersion": { - "search": "7.9.3" - } - }, - { - "id": "52570870-e9d4-444f-a3df-e44c6757ed9f", - "type": "search", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-04T20:07:13.356Z", - "version": "Wzc3MCwxXQ==", - "attributes": { - "title": "Connections - Logs", - "description": "", - "hits": 0, - "columns": [ - "network.transport", - "network.protocol", - "source.ip", - "source.port", - "destination.ip", - "destination.port", - "network.bytes", - "event.id" - ], - "sort": [ - [ - "MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER", - "desc" - ] - ], - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"filter\":[],\"query\":{\"query\":{\"query_string\":{\"query\":\"(event.provider:zeek AND event.dataset:conn) OR (event.provider:suricata AND event.dataset:flow)\",\"analyze_wildcard\":true}},\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" - } - }, - "references": [ - { - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern", - "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" - } - ], - "migrationVersion": { - "search": "7.9.3" - } - }, - { - "id": "0b971165-4c39-42ed-b80d-8a8f5658a38e", - "type": "search", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-04T20:06:49.169Z", - "version": "WzUwOCwxXQ==", - "attributes": { - "title": "DNS - Logs", - "description": "", - "hits": 0, - "columns": [ - "source.ip", - "destination.ip", - "zeek.dns.query", - "zeek.dns.answers", - "event.id" - ], - "sort": [ - [ - "MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER", - "desc" - ] - ], - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"event.dataset:dns\"}}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" - } - }, - "references": [ - { - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern", - "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" - } - ], - "migrationVersion": { - "search": "7.9.3" - } - } - ] +{ + "version": "1.3.1", + "objects": [ + { + "id": "0ad3d7c2-3441-485e-9dfe-dbb22e84e576", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-04T20:30:33.149Z", + "version": "WzEzNjIsMV0=", + "attributes": { + "title": "Overview", + "hits": 0, + "description": "", + "panelsJSON": "[{\"embeddableConfig\":{},\"gridData\":{\"h\":31,\"i\":\"1\",\"w\":8,\"x\":0,\"y\":0},\"panelIndex\":\"1\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{\"table\":null,\"vis\":{\"legendOpen\":true}},\"gridData\":{\"h\":13,\"i\":\"12\",\"w\":21,\"x\":27,\"y\":0},\"panelIndex\":\"12\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":18,\"i\":\"19\",\"w\":36,\"x\":0,\"y\":31},\"panelIndex\":\"19\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"asc\"}},\"table\":null,\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}},\"gridData\":{\"h\":18,\"i\":\"21\",\"w\":14,\"x\":8,\"y\":13},\"panelIndex\":\"21\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":13,\"i\":\"32\",\"w\":7,\"x\":8,\"y\":0},\"panelIndex\":\"32\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}},\"gridData\":{\"h\":18,\"i\":\"43\",\"w\":12,\"x\":36,\"y\":31},\"panelIndex\":\"43\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{\"table\":null,\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}},\"gridData\":{\"h\":13,\"i\":\"4f869578-b143-4103-8804-f8b59688a5dd\",\"w\":12,\"x\":15,\"y\":0},\"panelIndex\":\"4f869578-b143-4103-8804-f8b59688a5dd\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"asc\"}},\"table\":null,\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}},\"gridData\":{\"h\":18,\"i\":\"2aab2ae5-2520-4b78-9735-04c32b22b71e\",\"w\":11,\"x\":22,\"y\":13},\"panelIndex\":\"2aab2ae5-2520-4b78-9735-04c32b22b71e\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":18,\"i\":\"f92ea81f-8f7e-4a79-abde-e5d8aaf7a39a\",\"w\":15,\"x\":33,\"y\":13},\"panelIndex\":\"f92ea81f-8f7e-4a79-abde-e5d8aaf7a39a\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_8\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":27,\"i\":\"4c077648-488a-4fd8-9fcd-3042ec1bfa4d\",\"w\":48,\"x\":0,\"y\":49},\"panelIndex\":\"4c077648-488a-4fd8-9fcd-3042ec1bfa4d\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_9\"}]", + "optionsJSON": "{\"useMargins\":true}", + "version": 1, + "timeRestore": false, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"*\"},\"filter\":[]}" + } + }, + "references": [ + { + "name": "panel_0", + "type": "visualization", + "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3" + }, + { + "name": "panel_1", + "type": "visualization", + "id": "470c6648-d66f-4fae-99af-061cab27065a" + }, + { + "name": "panel_2", + "type": "visualization", + "id": "3da52536-9455-4f8f-931a-14f4c04c636b" + }, + { + "name": "panel_3", + "type": "visualization", + "id": "f7aba7a6-4b09-4efe-ae42-68d5637212ce" + }, + { + "name": "panel_4", + "type": "visualization", + "id": "AWDGyaGxxQT5EBNmq3K9" + }, + { + "name": "panel_5", + "type": "visualization", + "id": "6ec2abe4-c3b1-4cc1-8674-e80f8aee7ec5" + }, + { + "name": "panel_6", + "type": "visualization", + "id": "74c4f480-c7dc-11ec-8c7e-e93fedca6b87" + }, + { + "name": "panel_7", + "type": "visualization", + "id": "750367f0-41f2-11ea-88fa-7151df485405" + }, + { + "name": "panel_8", + "type": "visualization", + "id": "f38b3bd0-afd3-11ea-adcf-8bc6d9c94a96" + }, + { + "name": "panel_9", + "type": "search", + "id": "c97bc964-5319-41e7-ad22-db28156a2ac1" + } + ], + "migrationVersion": { + "dashboard": "7.9.3" + } + }, + { + "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-04T20:07:16.386Z", + "version": "Wzc5NSwxXQ==", + "attributes": { + "title": "Network Logs", + "visState": "{\"title\":\"Network Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576) \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405) \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf) \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330) \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4) \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed) \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714) \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3) \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85) \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11) \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f) \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b) \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1) \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed) \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5) \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f) \\n[↪ NetBox](/netbox/) \\n[↪ Arkime](/arkime/) \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406) ● [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e) ● [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9) ● [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48) ● [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) ● [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3) ● [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673) ● [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24) ● [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105) ● [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6) ● [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37) ● [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586) ● [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0) ● [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c) ● [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970) ● [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0) ● [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26) ● [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa) ● [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773) ● [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f) ● [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab) ● [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238) ● [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3) ● [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd) ● [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d) ● [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88) ● [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2) ● [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194) ● [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad) ● [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3) ● [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4) ● [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194) ● [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7) ● [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8) ● [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4) ● [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194) ● [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194) ● [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4) ● [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}", + "uiStateJSON": "{}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}" + } + }, + "references": [], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "470c6648-d66f-4fae-99af-061cab27065a", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-04T20:06:10.844Z", + "version": "WzYxLDFd", + "attributes": { + "title": "Total Log Count Over Time", + "visState": "{\"title\":\"Total Log Count Over Time\",\"type\":\"line\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"params\":{\"field\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER\",\"timeRange\":{\"from\":\"now-25y\",\"to\":\"now\"},\"useNormalizedOpenSearchInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\" \"},\"schema\":\"segment\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.provider\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"unknown\"},\"schema\":\"group\"}],\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER per 30 seconds\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"stacked\",\"type\":\"histogram\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"type\":\"histogram\",\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}", + "uiStateJSON": "{\"vis\":{\"legendOpen\":true}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "c97bc964-5319-41e7-ad22-db28156a2ac1" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "3da52536-9455-4f8f-931a-14f4c04c636b", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-04T20:28:37.178Z", + "version": "WzEzNDcsMV0=", + "attributes": { + "title": "Connections - Service By Destination Country", + "visState": "{\"title\":\"Connections - Service By Destination Country\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.geo.country_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":8,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\" \"},\"schema\":\"split\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"},\"schema\":\"segment\"}],\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":3,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"},\"buckets\":[{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}],\"splitColumn\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"row\":false}}", + "uiStateJSON": "{\"vis\":{\"legendOpen\":true}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "f7aba7a6-4b09-4efe-ae42-68d5637212ce", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-04T20:06:10.844Z", + "version": "WzYzLDFd", + "attributes": { + "title": "Log Type", + "visState": "{\"title\":\"Log Type\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.provider\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"unknown\",\"customLabel\":\"Data Source\"},\"schema\":\"bucket\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.dataset\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Log Type\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\"}}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "c97bc964-5319-41e7-ad22-db28156a2ac1" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "AWDGyaGxxQT5EBNmq3K9", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-04T20:06:52.191Z", + "version": "WzUzMCwxXQ==", + "attributes": { + "title": "Total Number of Logs", + "visState": "{\"title\":\"Total Number of Logs\",\"type\":\"metric\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Logs\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.provider\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"unknown\",\"customLabel\":\"Data Source\"},\"schema\":\"group\"}],\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"colorSchema\":\"Green to Red\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":true,\"color\":\"black\"},\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"},\"metricColorMode\":\"None\"}}}", + "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"NOT event.provider:arkime\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" + } + }, + "references": [ + { + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern", + "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "6ec2abe4-c3b1-4cc1-8674-e80f8aee7ec5", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-04T20:06:10.844Z", + "version": "WzY1LDFd", + "attributes": { + "title": "DNS - Queries", + "visState": "{\"title\":\"DNS - Queries\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dns.query\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Query\"}}]}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "type": "search", + "name": "search_0", + "id": "0b971165-4c39-42ed-b80d-8a8f5658a38e" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "74c4f480-c7dc-11ec-8c7e-e93fedca6b87", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-04T20:06:10.844Z", + "version": "WzY2LDFd", + "attributes": { + "title": "Log Source", + "visState": "{\"title\":\"Log Source\",\"type\":\"table\",\"aggs\":[{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"-\",\"customLabel\":\"Log Source\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"max\",\"params\":{\"field\":\"event.ingested\",\"customLabel\":\"Last Ingested\"},\"schema\":\"metric\"},{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"}],\"params\":{\"perPage\":5,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" + } + }, + "references": [ + { + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern", + "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "750367f0-41f2-11ea-88fa-7151df485405", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-04T20:06:10.844Z", + "version": "WzY3LDFd", + "attributes": { + "title": "Application Protocol", + "visState": "{\"title\":\"Application Protocol\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":0,\"direction\":\"asc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Application Protocol\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Protocol Version\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Application Protocol\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"network.protocol_version\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Protocol Version\"}}]}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" + } + }, + "references": [ + { + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern", + "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "f38b3bd0-afd3-11ea-adcf-8bc6d9c94a96", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-04T20:07:05.320Z", + "version": "WzY5MywxXQ==", + "attributes": { + "title": "Actions and Results", + "visState": "{\"title\":\"Actions and Results\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":3,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Unknown\"}},\"params\":{},\"label\":\"Protocol\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Action\",\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Result\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Protocol\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Action\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.result\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Result\"}}]}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"event.action:* OR event.result:*\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" + } + }, + "references": [ + { + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern", + "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "c97bc964-5319-41e7-ad22-db28156a2ac1", + "type": "search", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-04T20:07:16.386Z", + "version": "WzgwOCwxXQ==", + "attributes": { + "title": "All Logs", + "description": "", + "hits": 0, + "columns": [ + "event.provider", + "event.dataset", + "network.protocol", + "event.action", + "event.result", + "source.ip", + "destination.ip", + "destination.port", + "event.id" + ], + "sort": [ + [ + "MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER", + "desc" + ] + ], + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"filter\":[],\"query\":{\"query\":\"NOT event.provider:arkime\",\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" + } + }, + "references": [ + { + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern", + "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" + } + ], + "migrationVersion": { + "search": "7.9.3" + } + }, + { + "id": "52570870-e9d4-444f-a3df-e44c6757ed9f", + "type": "search", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-04T20:07:13.356Z", + "version": "Wzc3MCwxXQ==", + "attributes": { + "title": "Connections - Logs", + "description": "", + "hits": 0, + "columns": [ + "network.transport", + "network.protocol", + "source.ip", + "source.port", + "destination.ip", + "destination.port", + "network.bytes", + "event.id" + ], + "sort": [ + [ + "MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER", + "desc" + ] + ], + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"filter\":[],\"query\":{\"query\":{\"query_string\":{\"query\":\"(event.provider:zeek AND event.dataset:conn) OR (event.provider:suricata AND event.dataset:flow)\",\"analyze_wildcard\":true}},\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" + } + }, + "references": [ + { + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern", + "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" + } + ], + "migrationVersion": { + "search": "7.9.3" + } + }, + { + "id": "0b971165-4c39-42ed-b80d-8a8f5658a38e", + "type": "search", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-04T20:06:49.169Z", + "version": "WzUwOCwxXQ==", + "attributes": { + "title": "DNS - Logs", + "description": "", + "hits": 0, + "columns": [ + "source.ip", + "destination.ip", + "zeek.dns.query", + "zeek.dns.answers", + "event.id" + ], + "sort": [ + [ + "MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER", + "desc" + ] + ], + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"event.dataset:dns\"}}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" + } + }, + "references": [ + { + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern", + "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" + } + ], + "migrationVersion": { + "search": "7.9.3" + } + } + ] } \ No newline at end of file diff --git a/dashboards/dashboards/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa.json b/dashboards/dashboards/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa.json index f633eb1a8..4b091197a 100644 --- a/dashboards/dashboards/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa.json +++ b/dashboards/dashboards/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa.json @@ -159,7 +159,7 @@ "updated_at": "2021-02-10T21:24:11.908Z", "version": "WzE0OCwxXQ==", "attributes": { - "visState": "{\"title\":\"SIP - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"SIP - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", "description": "", "title": "SIP - Source IP Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -189,7 +189,7 @@ "updated_at": "2021-02-10T21:24:11.908Z", "version": "WzE0OSwxXQ==", "attributes": { - "visState": "{\"title\":\"SIP - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"SIP - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", "description": "", "title": "SIP - Destination IP Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -249,7 +249,7 @@ "updated_at": "2021-02-10T21:24:11.908Z", "version": "WzE1MSwxXQ==", "attributes": { - "visState": "{\"title\":\"SIP - Request Path\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.sip.request_path\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Request Path\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"SIP - Request Path\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.sip.request_path\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Request Path\"}}],\"listeners\":{}}", "description": "", "title": "SIP - Request Path", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -279,7 +279,7 @@ "updated_at": "2021-02-10T21:24:11.908Z", "version": "WzE1MiwxXQ==", "attributes": { - "visState": "{\"title\":\"SIP - URI\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.sip.uri\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"URI\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"SIP - URI\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.sip.uri\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"URI\"}}],\"listeners\":{}}", "description": "", "title": "SIP - URI", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -309,7 +309,7 @@ "updated_at": "2021-02-10T21:24:11.908Z", "version": "WzE1MywxXQ==", "attributes": { - "visState": "{\"title\":\"SIP - User Agent\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"user_agent.original\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"User Agent\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"SIP - User Agent\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"user_agent.original\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"User Agent\"}}],\"listeners\":{}}", "description": "", "title": "SIP - User Agent", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -399,7 +399,7 @@ "updated_at": "2021-02-10T21:24:11.908Z", "version": "WzE1NiwxXQ==", "attributes": { - "visState": "{\"title\":\"SIP - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"SIP - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}", "description": "", "title": "SIP - Destination Port", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -460,7 +460,7 @@ "version": "WzE1OCwxXQ==", "attributes": { "title": "SIP - Status", - "visState": "{\"title\":\"SIP - Status\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.sip.status_code\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Code\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.sip.status_msg\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Message\"}}]}", + "visState": "{\"title\":\"SIP - Status\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.sip.status_code\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Code\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.sip.status_msg\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Message\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/11be6381-beef-40a7-bdce-88c5398392fc.json b/dashboards/dashboards/11be6381-beef-40a7-bdce-88c5398392fc.json index ebc8fcfb9..0c64cff0c 100644 --- a/dashboards/dashboards/11be6381-beef-40a7-bdce-88c5398392fc.json +++ b/dashboards/dashboards/11be6381-beef-40a7-bdce-88c5398392fc.json @@ -165,7 +165,7 @@ "version": "WzM3ODAsMV0=", "attributes": { "title": "Tunnels - Destination Address", - "visState": "{\"title\":\"Tunnels - Destination Address\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Port\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Tunnels - Destination Address\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Port\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -194,7 +194,7 @@ "updated_at": "2021-02-10T21:24:12.938Z", "version": "WzE3NSwxXQ==", "attributes": { - "visState": "{\"title\":\"Tunnels - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"Tunnels - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", "description": "", "title": "Tunnels - Source IP Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", diff --git a/dashboards/dashboards/11ddd980-e388-11e9-b568-cf17de8e860c.json b/dashboards/dashboards/11ddd980-e388-11e9-b568-cf17de8e860c.json index 4660534a5..62dc076d0 100644 --- a/dashboards/dashboards/11ddd980-e388-11e9-b568-cf17de8e860c.json +++ b/dashboards/dashboards/11ddd980-e388-11e9-b568-cf17de8e860c.json @@ -212,7 +212,7 @@ "version": "WzE5NiwxXQ==", "attributes": { "title": "QUIC - Source IP Address", - "visState": "{\"title\":\"QUIC - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"size\":500,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"}}]}", + "visState": "{\"title\":\"QUIC - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, @@ -242,7 +242,7 @@ "version": "WzE5NywxXQ==", "attributes": { "title": "QUIC - Destination IP Address", - "visState": "{\"title\":\"QUIC - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"size\":500,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"}}]}", + "visState": "{\"title\":\"QUIC - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, @@ -272,7 +272,7 @@ "version": "WzE5OCwxXQ==", "attributes": { "title": "QUIC - User Agent", - "visState": "{\"title\":\"QUIC - User Agent\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"user_agent.original\",\"size\":500,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"User Agent\"}}]}", + "visState": "{\"title\":\"QUIC - User Agent\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"user_agent.original\",,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"User Agent\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, @@ -302,7 +302,7 @@ "version": "WzE5OSwxXQ==", "attributes": { "title": "QUIC - Server Name", - "visState": "{\"title\":\"QUIC - Server Name\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"quic.host\",\"size\":500,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server Name\"}}]}", + "visState": "{\"title\":\"QUIC - Server Name\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"quic.host\",,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server Name\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, @@ -332,7 +332,7 @@ "version": "WzIwMCwxXQ==", "attributes": { "title": "QUIC - CYU Fingerprint", - "visState": "{\"title\":\"QUIC - CYU Fingerprint\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.gquic.cyutags\",\"size\":500,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"CYU Fingerprint Tags\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.gquic.cyu\",\"size\":500,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"CYU Fingerprint MD5\"}}]}", + "visState": "{\"title\":\"QUIC - CYU Fingerprint\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.gquic.cyutags\",,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"CYU Fingerprint Tags\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.gquic.cyu\",,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"CYU Fingerprint MD5\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/12e3a130-d83b-11eb-a0b0-f328ce09b0b7.json b/dashboards/dashboards/12e3a130-d83b-11eb-a0b0-f328ce09b0b7.json index bdf4ca834..52f140b83 100644 --- a/dashboards/dashboards/12e3a130-d83b-11eb-a0b0-f328ce09b0b7.json +++ b/dashboards/dashboards/12e3a130-d83b-11eb-a0b0-f328ce09b0b7.json @@ -1,341 +1,341 @@ -{ - "version": "7.10.2", - "objects": [ - { - "id": "12e3a130-d83b-11eb-a0b0-f328ce09b0b7", - "type": "dashboard", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-25T21:21:24.534Z", - "version": "WzkwNiwxXQ==", - "attributes": { - "title": "ICS Best Guess", - "hits": 0, - "description": "", - "panelsJSON": "[{\"embeddableConfig\":{},\"gridData\":{\"h\":34,\"i\":\"1\",\"w\":8,\"x\":0,\"y\":0},\"panelIndex\":\"1\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":10,\"i\":\"bcd8c686-5d1e-493c-a9b3-4ff46e43c430\",\"w\":8,\"x\":8,\"y\":0},\"panelIndex\":\"bcd8c686-5d1e-493c-a9b3-4ff46e43c430\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":10,\"i\":\"8ea78bf3-d28f-4e64-9300-acc4974b48ab\",\"w\":32,\"x\":16,\"y\":0},\"panelIndex\":\"8ea78bf3-d28f-4e64-9300-acc4974b48ab\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{\"hidePanelTitles\":true},\"gridData\":{\"h\":6,\"i\":\"8b261ab9-bc3e-431f-9661-7130a3691e59\",\"w\":17,\"x\":8,\"y\":10},\"panelIndex\":\"8b261ab9-bc3e-431f-9661-7130a3691e59\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{\"table\":null,\"vis\":{\"params\":{\"sort\":{\"columnIndex\":4,\"direction\":\"desc\"}}}},\"gridData\":{\"h\":26,\"i\":\"d12b6bb3-e89e-4a92-8234-91bb7e55c20d\",\"w\":23,\"x\":25,\"y\":10},\"panelIndex\":\"d12b6bb3-e89e-4a92-8234-91bb7e55c20d\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{\"table\":null,\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}},\"gridData\":{\"h\":18,\"i\":\"a77da3f0-fda3-4638-bc9e-a492ab4f9999\",\"w\":17,\"x\":8,\"y\":16},\"panelIndex\":\"a77da3f0-fda3-4638-bc9e-a492ab4f9999\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":4,\"direction\":\"desc\"}}}},\"gridData\":{\"h\":26,\"i\":\"ed874588-65d2-458f-a7f5-88e6f7031b80\",\"w\":23,\"x\":25,\"y\":36},\"panelIndex\":\"ed874588-65d2-458f-a7f5-88e6f7031b80\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":28,\"i\":\"a90fa9be-54ba-4f25-ab7b-bf484557a89d\",\"w\":25,\"x\":0,\"y\":34},\"panelIndex\":\"a90fa9be-54ba-4f25-ab7b-bf484557a89d\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":33,\"i\":\"2000008c-f74f-40c3-bbfd-ec6a9acf864c\",\"w\":48,\"x\":0,\"y\":62},\"panelIndex\":\"2000008c-f74f-40c3-bbfd-ec6a9acf864c\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_8\"}]", - "optionsJSON": "{\"useMargins\":true}", - "version": 1, - "timeRestore": false, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[]}" - } - }, - "references": [ - { - "name": "panel_0", - "type": "visualization", - "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3" - }, - { - "name": "panel_1", - "type": "visualization", - "id": "9f878160-d83b-11eb-a0b0-f328ce09b0b7" - }, - { - "name": "panel_2", - "type": "visualization", - "id": "e51375e0-d83b-11eb-a0b0-f328ce09b0b7" - }, - { - "name": "panel_3", - "type": "visualization", - "id": "2a3ce150-d8e7-11eb-8448-8f6f257e0b34" - }, - { - "name": "panel_4", - "type": "visualization", - "id": "d3ec8b90-d8e4-11eb-8448-8f6f257e0b34" - }, - { - "name": "panel_5", - "type": "visualization", - "id": "129f16c0-d83e-11eb-a0b0-f328ce09b0b7" - }, - { - "name": "panel_6", - "type": "visualization", - "id": "8c3695b0-d8e5-11eb-8448-8f6f257e0b34" - }, - { - "name": "panel_7", - "type": "visualization", - "id": "054c4020-d83d-11eb-a0b0-f328ce09b0b7" - }, - { - "name": "panel_8", - "type": "search", - "id": "a4db0f40-d838-11eb-a0b0-f328ce09b0b7" - } - ], - "migrationVersion": { - "dashboard": "7.9.3" - } - }, - { - "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-25T21:05:09.919Z", - "version": "Wzc1NSwxXQ==", - "attributes": { - "title": "Network Logs", - "visState": "{\"title\":\"Network Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576) \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405) \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf) \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330) \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4) \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed) \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714) \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3) \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85) \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11) \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f) \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b) \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1) \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed) \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5) \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f) \\n[↪ NetBox](/netbox/) \\n[↪ Arkime](/arkime/) \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406) ● [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e) ● [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9) ● [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48) ● [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) ● [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3) ● [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673) ● [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24) ● [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105) ● [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6) ● [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37) ● [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586) ● [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0) ● [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c) ● [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970) ● [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0) ● [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26) ● [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa) ● [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773) ● [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f) ● [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab) ● [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238) ● [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3) ● [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd) ● [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d) ● [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88) ● [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2) ● [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194) ● [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad) ● [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3) ● [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4) ● [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194) ● [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7) ● [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8) ● [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4) ● [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194) ● [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194) ● [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4) ● [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}", - "uiStateJSON": "{}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}" - } - }, - "references": [], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "9f878160-d83b-11eb-a0b0-f328ce09b0b7", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-25T21:04:12.181Z", - "version": "WzExMSwxXQ==", - "attributes": { - "title": "Best Guess - Log Count", - "visState": "{\"title\":\"Best Guess - Log Count\",\"type\":\"metric\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"}],\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":false},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":36}}}}", - "uiStateJSON": "{}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "a4db0f40-d838-11eb-a0b0-f328ce09b0b7" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "e51375e0-d83b-11eb-a0b0-f328ce09b0b7", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-25T21:04:12.181Z", - "version": "WzExMiwxXQ==", - "attributes": { - "title": "Best Guess - Log Count Over Time", - "visState": "{\"title\":\"Best Guess - Log Count Over Time\",\"type\":\"line\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"params\":{\"field\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER\",\"timeRange\":{\"from\":\"now-26y\",\"to\":\"now\"},\"useNormalizedEsInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\" \"},\"schema\":\"segment\"}],\"params\":{\"type\":\"line\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"interpolate\":\"linear\",\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}", - "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "a4db0f40-d838-11eb-a0b0-f328ce09b0b7" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "2a3ce150-d8e7-11eb-8448-8f6f257e0b34", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-25T21:04:12.181Z", - "version": "WzExMywxXQ==", - "attributes": { - "title": "Best Guess - Disclaimer", - "visState": "{\"title\":\"Best Guess - Disclaimer\",\"type\":\"markdown\",\"aggs\":[],\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"Note: This dashboard categorizes potential industrial control system traffic using transport protocol, responding port and/or originating port instead of packet payload inspection. As such, these results should be viewed as a \\\"best guess\\\" and are likely to have more false positives than other protocol dashboards.\"}}", - "uiStateJSON": "{}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - } - }, - "references": [], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "d3ec8b90-d8e4-11eb-8448-8f6f257e0b34", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-25T21:18:58.163Z", - "version": "Wzg1NywxXQ==", - "attributes": { - "title": "Best Guess Protocol - Destination", - "visState": "{\"title\":\"Best Guess Protocol - Destination\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.bestguess.category\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Category\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.bestguess.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":500,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Protocol\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"protocol\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Transport\"},\"schema\":\"bucket\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":18,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":4,\"direction\":\"desc\"}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "a4db0f40-d838-11eb-a0b0-f328ce09b0b7" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "129f16c0-d83e-11eb-a0b0-f328ce09b0b7", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-25T21:18:03.746Z", - "version": "WzgzNywxXQ==", - "attributes": { - "title": "Best Guess - Summary", - "visState": "{\"title\":\"Best Guess - Summary\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.transport\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Transport\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.bestguess.category\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Category\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.bestguess.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":500,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Details\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "a4db0f40-d838-11eb-a0b0-f328ce09b0b7" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "8c3695b0-d8e5-11eb-8448-8f6f257e0b34", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-25T21:20:33.748Z", - "version": "Wzg4NSwxXQ==", - "attributes": { - "title": "Best Guess Protocol - Source", - "visState": "{\"title\":\"Best Guess Protocol - Source\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.bestguess.category\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Category\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.bestguess.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":500,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Protocol\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"protocol\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Tranport\"},\"schema\":\"bucket\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":18,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":4,\"direction\":\"desc\"}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "a4db0f40-d838-11eb-a0b0-f328ce09b0b7" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "054c4020-d83d-11eb-a0b0-f328ce09b0b7", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-25T21:04:12.181Z", - "version": "WzExNywxXQ==", - "attributes": { - "title": "Best Guess - Category", - "visState": "{\"title\":\"Best Guess - Category\",\"type\":\"horizontal_bar\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.bestguess.category\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Category\"},\"schema\":\"segment\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.bestguess.category\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":1,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Category\"},\"schema\":\"group\"}],\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"square root\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}", - "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "a4db0f40-d838-11eb-a0b0-f328ce09b0b7" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "a4db0f40-d838-11eb-a0b0-f328ce09b0b7", - "type": "search", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-25T21:04:12.181Z", - "version": "WzExOCwxXQ==", - "attributes": { - "title": "Best Guess - Logs", - "description": "", - "hits": 0, - "columns": [ - "protocol", - "zeek.bestguess.category", - "zeek.bestguess.name", - "source.ip", - "source.port", - "destination.ip", - "destination.port", - "event.id" - ], - "sort": [], - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"query\":{\"query\":\"tags:ics_best_guess\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" - } - }, - "references": [ - { - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern", - "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" - } - ], - "migrationVersion": { - "search": "7.9.3" - } - } - ] +{ + "version": "7.10.2", + "objects": [ + { + "id": "12e3a130-d83b-11eb-a0b0-f328ce09b0b7", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-25T21:21:24.534Z", + "version": "WzkwNiwxXQ==", + "attributes": { + "title": "ICS Best Guess", + "hits": 0, + "description": "", + "panelsJSON": "[{\"embeddableConfig\":{},\"gridData\":{\"h\":34,\"i\":\"1\",\"w\":8,\"x\":0,\"y\":0},\"panelIndex\":\"1\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":10,\"i\":\"bcd8c686-5d1e-493c-a9b3-4ff46e43c430\",\"w\":8,\"x\":8,\"y\":0},\"panelIndex\":\"bcd8c686-5d1e-493c-a9b3-4ff46e43c430\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":10,\"i\":\"8ea78bf3-d28f-4e64-9300-acc4974b48ab\",\"w\":32,\"x\":16,\"y\":0},\"panelIndex\":\"8ea78bf3-d28f-4e64-9300-acc4974b48ab\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{\"hidePanelTitles\":true},\"gridData\":{\"h\":6,\"i\":\"8b261ab9-bc3e-431f-9661-7130a3691e59\",\"w\":17,\"x\":8,\"y\":10},\"panelIndex\":\"8b261ab9-bc3e-431f-9661-7130a3691e59\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{\"table\":null,\"vis\":{\"params\":{\"sort\":{\"columnIndex\":4,\"direction\":\"desc\"}}}},\"gridData\":{\"h\":26,\"i\":\"d12b6bb3-e89e-4a92-8234-91bb7e55c20d\",\"w\":23,\"x\":25,\"y\":10},\"panelIndex\":\"d12b6bb3-e89e-4a92-8234-91bb7e55c20d\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{\"table\":null,\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}},\"gridData\":{\"h\":18,\"i\":\"a77da3f0-fda3-4638-bc9e-a492ab4f9999\",\"w\":17,\"x\":8,\"y\":16},\"panelIndex\":\"a77da3f0-fda3-4638-bc9e-a492ab4f9999\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":4,\"direction\":\"desc\"}}}},\"gridData\":{\"h\":26,\"i\":\"ed874588-65d2-458f-a7f5-88e6f7031b80\",\"w\":23,\"x\":25,\"y\":36},\"panelIndex\":\"ed874588-65d2-458f-a7f5-88e6f7031b80\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":28,\"i\":\"a90fa9be-54ba-4f25-ab7b-bf484557a89d\",\"w\":25,\"x\":0,\"y\":34},\"panelIndex\":\"a90fa9be-54ba-4f25-ab7b-bf484557a89d\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":33,\"i\":\"2000008c-f74f-40c3-bbfd-ec6a9acf864c\",\"w\":48,\"x\":0,\"y\":62},\"panelIndex\":\"2000008c-f74f-40c3-bbfd-ec6a9acf864c\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_8\"}]", + "optionsJSON": "{\"useMargins\":true}", + "version": 1, + "timeRestore": false, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[]}" + } + }, + "references": [ + { + "name": "panel_0", + "type": "visualization", + "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3" + }, + { + "name": "panel_1", + "type": "visualization", + "id": "9f878160-d83b-11eb-a0b0-f328ce09b0b7" + }, + { + "name": "panel_2", + "type": "visualization", + "id": "e51375e0-d83b-11eb-a0b0-f328ce09b0b7" + }, + { + "name": "panel_3", + "type": "visualization", + "id": "2a3ce150-d8e7-11eb-8448-8f6f257e0b34" + }, + { + "name": "panel_4", + "type": "visualization", + "id": "d3ec8b90-d8e4-11eb-8448-8f6f257e0b34" + }, + { + "name": "panel_5", + "type": "visualization", + "id": "129f16c0-d83e-11eb-a0b0-f328ce09b0b7" + }, + { + "name": "panel_6", + "type": "visualization", + "id": "8c3695b0-d8e5-11eb-8448-8f6f257e0b34" + }, + { + "name": "panel_7", + "type": "visualization", + "id": "054c4020-d83d-11eb-a0b0-f328ce09b0b7" + }, + { + "name": "panel_8", + "type": "search", + "id": "a4db0f40-d838-11eb-a0b0-f328ce09b0b7" + } + ], + "migrationVersion": { + "dashboard": "7.9.3" + } + }, + { + "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-25T21:05:09.919Z", + "version": "Wzc1NSwxXQ==", + "attributes": { + "title": "Network Logs", + "visState": "{\"title\":\"Network Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576) \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405) \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf) \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330) \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4) \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed) \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714) \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3) \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85) \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11) \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f) \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b) \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1) \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed) \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5) \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f) \\n[↪ NetBox](/netbox/) \\n[↪ Arkime](/arkime/) \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406) ● [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e) ● [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9) ● [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48) ● [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) ● [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3) ● [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673) ● [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24) ● [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105) ● [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6) ● [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37) ● [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586) ● [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0) ● [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c) ● [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970) ● [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0) ● [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26) ● [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa) ● [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773) ● [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f) ● [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab) ● [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238) ● [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3) ● [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd) ● [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d) ● [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88) ● [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2) ● [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194) ● [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad) ● [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3) ● [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4) ● [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194) ● [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7) ● [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8) ● [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4) ● [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194) ● [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194) ● [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4) ● [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}", + "uiStateJSON": "{}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}" + } + }, + "references": [], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "9f878160-d83b-11eb-a0b0-f328ce09b0b7", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-25T21:04:12.181Z", + "version": "WzExMSwxXQ==", + "attributes": { + "title": "Best Guess - Log Count", + "visState": "{\"title\":\"Best Guess - Log Count\",\"type\":\"metric\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"}],\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":false},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":36}}}}", + "uiStateJSON": "{}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "a4db0f40-d838-11eb-a0b0-f328ce09b0b7" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "e51375e0-d83b-11eb-a0b0-f328ce09b0b7", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-25T21:04:12.181Z", + "version": "WzExMiwxXQ==", + "attributes": { + "title": "Best Guess - Log Count Over Time", + "visState": "{\"title\":\"Best Guess - Log Count Over Time\",\"type\":\"line\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"params\":{\"field\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER\",\"timeRange\":{\"from\":\"now-26y\",\"to\":\"now\"},\"useNormalizedEsInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\" \"},\"schema\":\"segment\"}],\"params\":{\"type\":\"line\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"interpolate\":\"linear\",\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}", + "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "a4db0f40-d838-11eb-a0b0-f328ce09b0b7" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "2a3ce150-d8e7-11eb-8448-8f6f257e0b34", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-25T21:04:12.181Z", + "version": "WzExMywxXQ==", + "attributes": { + "title": "Best Guess - Disclaimer", + "visState": "{\"title\":\"Best Guess - Disclaimer\",\"type\":\"markdown\",\"aggs\":[],\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"Note: This dashboard categorizes potential industrial control system traffic using transport protocol, responding port and/or originating port instead of packet payload inspection. As such, these results should be viewed as a \\\"best guess\\\" and are likely to have more false positives than other protocol dashboards.\"}}", + "uiStateJSON": "{}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + } + }, + "references": [], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "d3ec8b90-d8e4-11eb-8448-8f6f257e0b34", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-25T21:18:58.163Z", + "version": "Wzg1NywxXQ==", + "attributes": { + "title": "Best Guess Protocol - Destination", + "visState": "{\"title\":\"Best Guess Protocol - Destination\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.bestguess.category\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Category\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.bestguess.name\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Protocol\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"protocol\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Transport\"},\"schema\":\"bucket\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":18,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":4,\"direction\":\"desc\"}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "a4db0f40-d838-11eb-a0b0-f328ce09b0b7" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "129f16c0-d83e-11eb-a0b0-f328ce09b0b7", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-25T21:18:03.746Z", + "version": "WzgzNywxXQ==", + "attributes": { + "title": "Best Guess - Summary", + "visState": "{\"title\":\"Best Guess - Summary\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.transport\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Transport\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.bestguess.category\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Category\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.bestguess.name\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Details\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "a4db0f40-d838-11eb-a0b0-f328ce09b0b7" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "8c3695b0-d8e5-11eb-8448-8f6f257e0b34", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-25T21:20:33.748Z", + "version": "Wzg4NSwxXQ==", + "attributes": { + "title": "Best Guess Protocol - Source", + "visState": "{\"title\":\"Best Guess Protocol - Source\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.bestguess.category\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Category\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.bestguess.name\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Protocol\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"protocol\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Tranport\"},\"schema\":\"bucket\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":18,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":4,\"direction\":\"desc\"}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "a4db0f40-d838-11eb-a0b0-f328ce09b0b7" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "054c4020-d83d-11eb-a0b0-f328ce09b0b7", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-25T21:04:12.181Z", + "version": "WzExNywxXQ==", + "attributes": { + "title": "Best Guess - Category", + "visState": "{\"title\":\"Best Guess - Category\",\"type\":\"horizontal_bar\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.bestguess.category\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Category\"},\"schema\":\"segment\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.bestguess.category\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":1,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Category\"},\"schema\":\"group\"}],\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"square root\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}", + "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "a4db0f40-d838-11eb-a0b0-f328ce09b0b7" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "a4db0f40-d838-11eb-a0b0-f328ce09b0b7", + "type": "search", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-25T21:04:12.181Z", + "version": "WzExOCwxXQ==", + "attributes": { + "title": "Best Guess - Logs", + "description": "", + "hits": 0, + "columns": [ + "protocol", + "zeek.bestguess.category", + "zeek.bestguess.name", + "source.ip", + "source.port", + "destination.ip", + "destination.port", + "event.id" + ], + "sort": [], + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"query\":{\"query\":\"tags:ics_best_guess\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" + } + }, + "references": [ + { + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern", + "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" + } + ], + "migrationVersion": { + "search": "7.9.3" + } + } + ] } \ No newline at end of file diff --git a/dashboards/dashboards/152f29dc-51a2-4f53-93e9-6e92765567b8.json b/dashboards/dashboards/152f29dc-51a2-4f53-93e9-6e92765567b8.json index 3fe16806b..b5b00068e 100644 --- a/dashboards/dashboards/152f29dc-51a2-4f53-93e9-6e92765567b8.json +++ b/dashboards/dashboards/152f29dc-51a2-4f53-93e9-6e92765567b8.json @@ -195,7 +195,7 @@ "version": "WzEzNSwxXQ==", "attributes": { "title": "Modbus - Source IP", - "visState": "{\"title\":\"Modbus - Source IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"}}]}", + "visState": "{\"title\":\"Modbus - Source IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "Source IP Addresses from modbus.log", "version": 1, @@ -225,7 +225,7 @@ "version": "WzEzNiwxXQ==", "attributes": { "title": "Modbus - Destination IP", - "visState": "{\"title\":\"Modbus - Destination IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Destination Port\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"}}]}", + "visState": "{\"title\":\"Modbus - Destination IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Destination Port\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", "description": "Destination IP Addresses from modbus.log", "version": 1, @@ -255,7 +255,7 @@ "version": "WzEzNywxXQ==", "attributes": { "title": "Modbus - Observed Clients and Servers", - "visState": "{\"title\":\"Modbus - Observed Clients and Servers\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Times Observed\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.known_modbus.device_type\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Device Type\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"}}]}", + "visState": "{\"title\":\"Modbus - Observed Clients and Servers\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Times Observed\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.known_modbus.device_type\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Device Type\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", "description": "Modbus observed client and server devices", "version": 1, @@ -373,7 +373,7 @@ "version": "WzE0MSwxXQ==", "attributes": { "title": "Modbus - Functions and Exceptions", - "visState": "{\"title\":\"Modbus - Functions and Exceptions\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Function\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.result\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Exception\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Modbus - Functions and Exceptions\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Function\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.result\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Exception\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -433,7 +433,7 @@ "version": "Wzk1NCwxXQ==", "attributes": { "title": "Modbus - Reads", - "visState": "{\"title\":\"Modbus - Reads\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Function\"},\"schema\":\"bucket\"},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.modbus.unit_id\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"-\",\"customLabel\":\"Unit ID\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.modbus_detailed.values\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":false,\"otherBucketLabel\":\"-\",\"missingBucket\":false,\"missingBucketLabel\":\"-\",\"customLabel\":\"Values\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":15,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":5,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Values\",\"aggType\":\"terms\"}]}}}", + "visState": "{\"title\":\"Modbus - Reads\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Function\"},\"schema\":\"bucket\"},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.modbus.unit_id\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"-\",\"customLabel\":\"Unit ID\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.modbus_detailed.values\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"-\",\"missingBucket\":false,\"missingBucketLabel\":\"-\",\"customLabel\":\"Values\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":15,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":5,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Values\",\"aggType\":\"terms\"}]}}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "Modbus read holding registers, input registers, discrete inputs, and coils overview from modbus_detailed.log", "version": 1, @@ -463,7 +463,7 @@ "version": "Wzk1NSwxXQ==", "attributes": { "title": "Modbus - Writes", - "visState": "{\"title\":\"Modbus - Writes\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Function\"},\"schema\":\"bucket\"},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.modbus.unit_id\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"-\",\"customLabel\":\"Unit ID\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.modbus_detailed.address\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":false,\"otherBucketLabel\":\"-\",\"missingBucket\":false,\"missingBucketLabel\":\"-\",\"customLabel\":\"Address\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.modbus_detailed.values\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":false,\"otherBucketLabel\":\"-\",\"missingBucket\":false,\"missingBucketLabel\":\"-\",\"customLabel\":\"Values\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":15,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":3,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Values\",\"aggType\":\"terms\"}]}}}", + "visState": "{\"title\":\"Modbus - Writes\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Function\"},\"schema\":\"bucket\"},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.modbus.unit_id\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"-\",\"customLabel\":\"Unit ID\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.modbus_detailed.address\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"-\",\"missingBucket\":false,\"missingBucketLabel\":\"-\",\"customLabel\":\"Address\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.modbus_detailed.values\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"-\",\"missingBucket\":false,\"missingBucketLabel\":\"-\",\"customLabel\":\"Values\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":15,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":3,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Values\",\"aggType\":\"terms\"}]}}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "Modbus write register and write coil overview from modbus_detailed.log", "version": 1, @@ -523,7 +523,7 @@ "version": "Wzk1NiwxXQ==", "attributes": { "title": "Modbus - Device Identification Objects", - "visState": "{\"title\":\"Modbus - Device Identification Objects\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.modbus_read_device_identification.device_id_code\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Device ID\"},\"schema\":\"bucket\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.modbus_read_device_identification.object_id\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Object ID\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.modbus_read_device_identification.object_value\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Value\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Modbus - Device Identification Objects\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.modbus_read_device_identification.device_id_code\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Device ID\"},\"schema\":\"bucket\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.modbus_read_device_identification.object_id\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Object ID\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.modbus_read_device_identification.object_value\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Value\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"sortColumn\":{\"colIndex\":0,\"direction\":\"asc\"}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0.json b/dashboards/dashboards/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0.json index bcd964578..b949e15cf 100644 --- a/dashboards/dashboards/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0.json +++ b/dashboards/dashboards/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0.json @@ -205,7 +205,7 @@ "version": "WzEyMTcsMV0=", "attributes": { "title": "OSPF - Link State Advertisement", - "visState": "{\"title\":\"OSPF - Link State Advertisement\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.ospf.lsa_type\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"-\",\"customLabel\":\"Link State Advertisement Type\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"OSPF - Link State Advertisement\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.ospf.lsa_type\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"-\",\"customLabel\":\"Link State Advertisement Type\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, @@ -235,7 +235,7 @@ "version": "WzEyMzYsMV0=", "attributes": { "title": "OSPF - Link Type", - "visState": "{\"title\":\"OSPF - Link Type\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.ospf.link_type\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Link Type (Router LSA)\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"OSPF - Link Type\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.ospf.link_type\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Link Type (Router LSA)\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, @@ -265,7 +265,7 @@ "version": "WzEzNTgsMV0=", "attributes": { "title": "OSPF - Area and Router", - "visState": "{\"title\":\"OSPF - Area and Router\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.ospf.area_id\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Area\"},\"schema\":\"bucket\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.ospf.router_id\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Router\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"OSPF - Area and Router\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.ospf.area_id\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Area\"},\"schema\":\"bucket\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.ospf.router_id\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Router\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -295,7 +295,7 @@ "version": "WzEzMDIsMV0=", "attributes": { "title": "OSPF - Source IP", - "visState": "{\"title\":\"OSPF - Source IP\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"OSPF - Source IP\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, @@ -325,7 +325,7 @@ "version": "WzEzMTcsMV0=", "attributes": { "title": "OSPF - Destination IP", - "visState": "{\"title\":\"OSPF - Destination IP\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"OSPF - Destination IP\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, @@ -355,7 +355,7 @@ "version": "WzEzODcsMV0=", "attributes": { "title": "OSPF - All IP Addresses", - "visState": "{\"title\":\"OSPF - All IP Addresses\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"related.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"OSPF - All IP Addresses\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"related.ip\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/1ce42250-3f99-11e9-a58e-8bdedb0915e8.json b/dashboards/dashboards/1ce42250-3f99-11e9-a58e-8bdedb0915e8.json index b8206ee94..239404ce9 100644 --- a/dashboards/dashboards/1ce42250-3f99-11e9-a58e-8bdedb0915e8.json +++ b/dashboards/dashboards/1ce42250-3f99-11e9-a58e-8bdedb0915e8.json @@ -80,7 +80,7 @@ "version": "WzI0MCwxXQ==", "attributes": { "title": "Connections - Source - Sum of Total Bytes (region map)", - "visState": "{\"title\":\"Connections - Source - Sum of Total Bytes (region map)\",\"type\":\"region_map\",\"params\":{\"addTooltip\":true,\"colorSchema\":\"Green to Red\",\"emsHotLink\":null,\"isDisplayWarning\":false,\"legendPosition\":\"bottomright\",\"mapCenter\":[0,0],\"mapZoom\":3,\"outlineWeight\":1,\"selectedJoinField\":{\"description\":\"Country Code\",\"name\":\"ISO_A2\"},\"selectedLayer\":{\"attribution\":\"https://exploratory.io/maps\",\"fields\":[{\"description\":\"Country Code\",\"name\":\"ISO_A2\"},{\"description\":\"Country Code2\",\"name\":\"WB_A2\"},{\"description\":\"Country Name\",\"name\":\"NAME\"}],\"format\":{\"type\":\"geojson\"},\"isEMS\":false,\"layerId\":\"self_hosted.World (offline)\",\"meta\":{\"feature_collection_path\":\"data\"},\"name\":\"World (offline)\",\"url\":\"/world.geojson\"},\"showAllShapes\":true,\"wms\":{\"enabled\":false,\"options\":{\"format\":\"image/png\",\"transparent\":true},\"selectedTmsLayer\":{\"origin\":\"elastic_maps_service\",\"id\":\"road_map\",\"minZoom\":0,\"maxZoom\":10,\"attribution\":\"OpenStreetMap contributors | OpenMapTiles | MapTiler | Elastic Maps Service\"}},\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\",\"params\":{}},\"params\":{},\"label\":\"Total Bytes\",\"aggType\":\"sum\"},\"bucket\":{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Originator Country\",\"aggType\":\"terms\"}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Total Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"source.geo.country_iso_code\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Originator Country\"}}]}", + "visState": "{\"title\":\"Connections - Source - Sum of Total Bytes (region map)\",\"type\":\"region_map\",\"params\":{\"addTooltip\":true,\"colorSchema\":\"Green to Red\",\"emsHotLink\":null,\"isDisplayWarning\":false,\"legendPosition\":\"bottomright\",\"mapCenter\":[0,0],\"mapZoom\":3,\"outlineWeight\":1,\"selectedJoinField\":{\"description\":\"Country Code\",\"name\":\"ISO_A2\"},\"selectedLayer\":{\"attribution\":\"https://exploratory.io/maps\",\"fields\":[{\"description\":\"Country Code\",\"name\":\"ISO_A2\"},{\"description\":\"Country Code2\",\"name\":\"WB_A2\"},{\"description\":\"Country Name\",\"name\":\"NAME\"}],\"format\":{\"type\":\"geojson\"},\"isEMS\":false,\"layerId\":\"self_hosted.World (offline)\",\"meta\":{\"feature_collection_path\":\"data\"},\"name\":\"World (offline)\",\"url\":\"/world.geojson\"},\"showAllShapes\":true,\"wms\":{\"enabled\":false,\"options\":{\"format\":\"image/png\",\"transparent\":true},\"selectedTmsLayer\":{\"origin\":\"elastic_maps_service\",\"id\":\"road_map\",\"minZoom\":0,\"maxZoom\":10,\"attribution\":\"OpenStreetMap contributors | OpenMapTiles | MapTiler | Elastic Maps Service\"}},\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\",\"params\":{}},\"params\":{},\"label\":\"Total Bytes\",\"aggType\":\"sum\"},\"bucket\":{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Originator Country\",\"aggType\":\"terms\"}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Total Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"source.geo.country_iso_code\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Originator Country\"}}]}", "uiStateJSON": "{\"mapCenter\":[37.87063517566466,16.347656250000004],\"mapZoom\":3}", "description": "", "version": 1, diff --git a/dashboards/dashboards/1fff49f6-0199-4a0f-820b-721aff9ff1f1.json b/dashboards/dashboards/1fff49f6-0199-4a0f-820b-721aff9ff1f1.json index a97af6c77..31641954a 100644 --- a/dashboards/dashboards/1fff49f6-0199-4a0f-820b-721aff9ff1f1.json +++ b/dashboards/dashboards/1fff49f6-0199-4a0f-820b-721aff9ff1f1.json @@ -1,281 +1,281 @@ -{ - "version": "1.3.1", - "objects": [ - { - "id": "1fff49f6-0199-4a0f-820b-721aff9ff1f1", - "type": "dashboard", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-04T17:52:19.656Z", - "version": "WzE2MSwxXQ==", - "attributes": { - "title": "Zeek Weird", - "hits": 0, - "description": "", - "panelsJSON": "[{\"version\":\"1.3.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":28,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"1.3.1\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_1\"},{\"version\":\"1.3.1\",\"gridData\":{\"x\":25,\"y\":8,\"w\":10,\"h\":20,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{\"P-5\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"P-6\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"table\":null,\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}},\"panelRefName\":\"panel_2\"},{\"version\":\"1.3.1\",\"gridData\":{\"x\":35,\"y\":8,\"w\":13,\"h\":20,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{\"table\":null,\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}},\"panelRefName\":\"panel_3\"},{\"version\":\"1.3.1\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"13\"},\"panelIndex\":\"13\",\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"panelRefName\":\"panel_4\"},{\"version\":\"1.3.1\",\"gridData\":{\"x\":8,\"y\":8,\"w\":17,\"h\":20,\"i\":\"14\"},\"panelIndex\":\"14\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}},\"panelRefName\":\"panel_5\"},{\"version\":\"1.3.1\",\"gridData\":{\"x\":0,\"y\":28,\"w\":48,\"h\":35,\"i\":\"781c60c8-791a-4f33-9f08-85820f16f4d1\"},\"panelIndex\":\"781c60c8-791a-4f33-9f08-85820f16f4d1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"}]", - "optionsJSON": "{\"useMargins\":true}", - "version": 1, - "timeRestore": false, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\",\"time_zone\":\"America/Denver\"}}},\"filter\":[]}" - } - }, - "references": [ - { - "name": "panel_0", - "type": "visualization", - "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3" - }, - { - "name": "panel_1", - "type": "visualization", - "id": "2789890f-3187-449c-b0d7-a351975cbe13" - }, - { - "name": "panel_2", - "type": "visualization", - "id": "259fa46e-2fde-41bb-b028-063a12cb4621" - }, - { - "name": "panel_3", - "type": "visualization", - "id": "84786f08-b68a-4524-8d2d-d44221f99060" - }, - { - "name": "panel_4", - "type": "visualization", - "id": "AWDHGXk-xQT5EBNmq4uf" - }, - { - "name": "panel_5", - "type": "visualization", - "id": "429d2522-67c6-44f5-aae8-f464d5815195" - }, - { - "name": "panel_6", - "type": "search", - "id": "17236484-ab93-4497-8b85-bc7dfaeb2d71" - } - ], - "migrationVersion": { - "dashboard": "7.9.3" - } - }, - { - "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-04T17:53:15.100Z", - "version": "Wzc4NCwxXQ==", - "attributes": { - "title": "Network Logs", - "visState": "{\"title\":\"Network Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576) \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405) \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf) \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330) \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4) \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed) \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714) \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3) \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85) \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11) \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f) \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b) \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1) \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed) \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5) \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f) \\n[↪ NetBox](/netbox/) \\n[↪ Arkime](/arkime/) \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406) ● [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e) ● [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9) ● [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48) ● [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) ● [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3) ● [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673) ● [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24) ● [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105) ● [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6) ● [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37) ● [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586) ● [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0) ● [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c) ● [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970) ● [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0) ● [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26) ● [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa) ● [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773) ● [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f) ● [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab) ● [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238) ● [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3) ● [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd) ● [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d) ● [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88) ● [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2) ● [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194) ● [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad) ● [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3) ● [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4) ● [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194) ● [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7) ● [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8) ● [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4) ● [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194) ● [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194) ● [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4) ● [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}", - "uiStateJSON": "{}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}" - } - }, - "references": [], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "2789890f-3187-449c-b0d7-a351975cbe13", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-04T17:52:19.656Z", - "version": "WzE2MywxXQ==", - "attributes": { - "title": "Weird - Log Count Over Time", - "visState": "{\"title\":\"Weird - Log Count Over Time\",\"type\":\"histogram\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\" \"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"params\":{\"field\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER\",\"timeRange\":{\"from\":\"now-15y\",\"to\":\"now\"},\"useNormalizedOpenSearchInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\" \"},\"schema\":\"segment\"}],\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER per 12 hours\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\" \"},\"drawLinesBetweenPoints\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"mode\":\"normal\",\"show\":true,\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\" \"},\"type\":\"value\"}],\"type\":\"histogram\",\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}", - "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "17236484-ab93-4497-8b85-bc7dfaeb2d71" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "259fa46e-2fde-41bb-b028-063a12cb4621", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-04T17:52:19.656Z", - "version": "WzE2NCwxXQ==", - "attributes": { - "title": "Weird - Source", - "visState": "{\"title\":\"Weird - Source\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\"}}", - "uiStateJSON": "{\"P-5\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"P-6\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "17236484-ab93-4497-8b85-bc7dfaeb2d71" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "84786f08-b68a-4524-8d2d-d44221f99060", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-04T17:52:19.656Z", - "version": "WzE2NSwxXQ==", - "attributes": { - "title": "Weird - Destination", - "visState": "{\"title\":\"Weird - Destination\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Port\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\"}}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "17236484-ab93-4497-8b85-bc7dfaeb2d71" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "AWDHGXk-xQT5EBNmq4uf", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-04T17:52:19.656Z", - "version": "WzE2NiwxXQ==", - "attributes": { - "title": "Weird - Log Count", - "visState": "{\"title\":\"Weird - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}", - "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "type": "search", - "name": "search_0", - "id": "17236484-ab93-4497-8b85-bc7dfaeb2d71" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "429d2522-67c6-44f5-aae8-f464d5815195", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-04T17:52:19.656Z", - "version": "WzE2NywxXQ==", - "attributes": { - "title": "Weird - Name", - "visState": "{\"title\":\"Weird - Name\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.name\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Name\"}}]}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "type": "search", - "name": "search_0", - "id": "17236484-ab93-4497-8b85-bc7dfaeb2d71" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "17236484-ab93-4497-8b85-bc7dfaeb2d71", - "type": "search", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-04T17:52:19.656Z", - "version": "WzE2OCwxXQ==", - "attributes": { - "title": "Weird - Logs", - "description": "", - "hits": 0, - "columns": [ - "source.ip", - "source.port", - "destination.ip", - "destination.port", - "rule.name", - "event.id" - ], - "sort": [ - [ - "MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER", - "desc" - ] - ], - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"filter\":[],\"query\":{\"query\":{\"query_string\":{\"query\":\"event.dataset:weird\",\"analyze_wildcard\":true}},\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" - } - }, - "references": [ - { - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern", - "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" - } - ], - "migrationVersion": { - "search": "7.9.3" - } - } - ] +{ + "version": "1.3.1", + "objects": [ + { + "id": "1fff49f6-0199-4a0f-820b-721aff9ff1f1", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-04T17:52:19.656Z", + "version": "WzE2MSwxXQ==", + "attributes": { + "title": "Zeek Weird", + "hits": 0, + "description": "", + "panelsJSON": "[{\"version\":\"1.3.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":28,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"1.3.1\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_1\"},{\"version\":\"1.3.1\",\"gridData\":{\"x\":25,\"y\":8,\"w\":10,\"h\":20,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{\"P-5\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"P-6\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"table\":null,\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}},\"panelRefName\":\"panel_2\"},{\"version\":\"1.3.1\",\"gridData\":{\"x\":35,\"y\":8,\"w\":13,\"h\":20,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{\"table\":null,\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}},\"panelRefName\":\"panel_3\"},{\"version\":\"1.3.1\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"13\"},\"panelIndex\":\"13\",\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"panelRefName\":\"panel_4\"},{\"version\":\"1.3.1\",\"gridData\":{\"x\":8,\"y\":8,\"w\":17,\"h\":20,\"i\":\"14\"},\"panelIndex\":\"14\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}},\"panelRefName\":\"panel_5\"},{\"version\":\"1.3.1\",\"gridData\":{\"x\":0,\"y\":28,\"w\":48,\"h\":35,\"i\":\"781c60c8-791a-4f33-9f08-85820f16f4d1\"},\"panelIndex\":\"781c60c8-791a-4f33-9f08-85820f16f4d1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"}]", + "optionsJSON": "{\"useMargins\":true}", + "version": 1, + "timeRestore": false, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\",\"time_zone\":\"America/Denver\"}}},\"filter\":[]}" + } + }, + "references": [ + { + "name": "panel_0", + "type": "visualization", + "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3" + }, + { + "name": "panel_1", + "type": "visualization", + "id": "2789890f-3187-449c-b0d7-a351975cbe13" + }, + { + "name": "panel_2", + "type": "visualization", + "id": "259fa46e-2fde-41bb-b028-063a12cb4621" + }, + { + "name": "panel_3", + "type": "visualization", + "id": "84786f08-b68a-4524-8d2d-d44221f99060" + }, + { + "name": "panel_4", + "type": "visualization", + "id": "AWDHGXk-xQT5EBNmq4uf" + }, + { + "name": "panel_5", + "type": "visualization", + "id": "429d2522-67c6-44f5-aae8-f464d5815195" + }, + { + "name": "panel_6", + "type": "search", + "id": "17236484-ab93-4497-8b85-bc7dfaeb2d71" + } + ], + "migrationVersion": { + "dashboard": "7.9.3" + } + }, + { + "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-04T17:53:15.100Z", + "version": "Wzc4NCwxXQ==", + "attributes": { + "title": "Network Logs", + "visState": "{\"title\":\"Network Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576) \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405) \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf) \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330) \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4) \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed) \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714) \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3) \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85) \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11) \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f) \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b) \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1) \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed) \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5) \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f) \\n[↪ NetBox](/netbox/) \\n[↪ Arkime](/arkime/) \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406) ● [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e) ● [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9) ● [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48) ● [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) ● [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3) ● [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673) ● [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24) ● [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105) ● [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6) ● [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37) ● [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586) ● [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0) ● [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c) ● [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970) ● [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0) ● [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26) ● [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa) ● [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773) ● [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f) ● [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab) ● [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238) ● [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3) ● [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd) ● [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d) ● [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88) ● [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2) ● [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194) ● [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad) ● [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3) ● [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4) ● [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194) ● [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7) ● [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8) ● [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4) ● [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194) ● [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194) ● [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4) ● [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}", + "uiStateJSON": "{}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}" + } + }, + "references": [], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "2789890f-3187-449c-b0d7-a351975cbe13", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-04T17:52:19.656Z", + "version": "WzE2MywxXQ==", + "attributes": { + "title": "Weird - Log Count Over Time", + "visState": "{\"title\":\"Weird - Log Count Over Time\",\"type\":\"histogram\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\" \"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"params\":{\"field\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER\",\"timeRange\":{\"from\":\"now-15y\",\"to\":\"now\"},\"useNormalizedOpenSearchInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\" \"},\"schema\":\"segment\"}],\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER per 12 hours\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\" \"},\"drawLinesBetweenPoints\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"mode\":\"normal\",\"show\":true,\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\" \"},\"type\":\"value\"}],\"type\":\"histogram\",\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}", + "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "17236484-ab93-4497-8b85-bc7dfaeb2d71" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "259fa46e-2fde-41bb-b028-063a12cb4621", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-04T17:52:19.656Z", + "version": "WzE2NCwxXQ==", + "attributes": { + "title": "Weird - Source", + "visState": "{\"title\":\"Weird - Source\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\"}}", + "uiStateJSON": "{\"P-5\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"P-6\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "17236484-ab93-4497-8b85-bc7dfaeb2d71" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "84786f08-b68a-4524-8d2d-d44221f99060", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-04T17:52:19.656Z", + "version": "WzE2NSwxXQ==", + "attributes": { + "title": "Weird - Destination", + "visState": "{\"title\":\"Weird - Destination\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Port\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\"}}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "17236484-ab93-4497-8b85-bc7dfaeb2d71" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "AWDHGXk-xQT5EBNmq4uf", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-04T17:52:19.656Z", + "version": "WzE2NiwxXQ==", + "attributes": { + "title": "Weird - Log Count", + "visState": "{\"title\":\"Weird - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}", + "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "type": "search", + "name": "search_0", + "id": "17236484-ab93-4497-8b85-bc7dfaeb2d71" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "429d2522-67c6-44f5-aae8-f464d5815195", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-04T17:52:19.656Z", + "version": "WzE2NywxXQ==", + "attributes": { + "title": "Weird - Name", + "visState": "{\"title\":\"Weird - Name\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.name\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Name\"}}]}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "type": "search", + "name": "search_0", + "id": "17236484-ab93-4497-8b85-bc7dfaeb2d71" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "17236484-ab93-4497-8b85-bc7dfaeb2d71", + "type": "search", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-04T17:52:19.656Z", + "version": "WzE2OCwxXQ==", + "attributes": { + "title": "Weird - Logs", + "description": "", + "hits": 0, + "columns": [ + "source.ip", + "source.port", + "destination.ip", + "destination.port", + "rule.name", + "event.id" + ], + "sort": [ + [ + "MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER", + "desc" + ] + ], + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"filter\":[],\"query\":{\"query\":{\"query_string\":{\"query\":\"event.dataset:weird\",\"analyze_wildcard\":true}},\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" + } + }, + "references": [ + { + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern", + "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" + } + ], + "migrationVersion": { + "search": "7.9.3" + } + } + ] } \ No newline at end of file diff --git a/dashboards/dashboards/29a1b290-eb98-11e9-a384-0fcf32210194.json b/dashboards/dashboards/29a1b290-eb98-11e9-a384-0fcf32210194.json index 6a831bcda..3b7c559cf 100644 --- a/dashboards/dashboards/29a1b290-eb98-11e9-a384-0fcf32210194.json +++ b/dashboards/dashboards/29a1b290-eb98-11e9-a384-0fcf32210194.json @@ -1,529 +1,529 @@ -{ - "version": "1.2.0", - "objects": [ - { - "id": "29a1b290-eb98-11e9-a384-0fcf32210194", - "type": "dashboard", - "namespaces": [ - "default" - ], - "updated_at": "2022-02-14T15:38:50.396Z", - "version": "WzEwNDMsMV0=", - "attributes": { - "title": "EtherNet/IP", - "hits": 0, - "description": "Dashboard for Ethernet/IP and CIP Protocols", - "panelsJSON": "[{\"version\":\"1.2.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":37,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"1.2.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":9,\"h\":19,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"1.2.0\",\"gridData\":{\"x\":17,\"y\":0,\"w\":31,\"h\":19,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"legendOpen\":false,\"vis\":{\"legendOpen\":true}},\"panelRefName\":\"panel_2\"},{\"version\":\"1.2.0\",\"gridData\":{\"x\":8,\"y\":19,\"w\":28,\"h\":18,\"i\":\"5bbd48d6-a3e7-4b7e-9c1d-9883d519dc76\"},\"panelIndex\":\"5bbd48d6-a3e7-4b7e-9c1d-9883d519dc76\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"1.2.0\",\"gridData\":{\"x\":36,\"y\":19,\"w\":12,\"h\":18,\"i\":\"c25cc903-12d2-43af-9841-89bba26a32a9\"},\"panelIndex\":\"c25cc903-12d2-43af-9841-89bba26a32a9\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}},\"panelRefName\":\"panel_4\"},{\"version\":\"1.2.0\",\"gridData\":{\"x\":0,\"y\":37,\"w\":36,\"h\":18,\"i\":\"a66a1ab3-eeaf-4c7b-a56e-b8663be6ab9f\"},\"panelIndex\":\"a66a1ab3-eeaf-4c7b-a56e-b8663be6ab9f\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":5,\"direction\":\"desc\"}}}},\"panelRefName\":\"panel_5\"},{\"version\":\"1.2.0\",\"gridData\":{\"x\":36,\"y\":37,\"w\":12,\"h\":18,\"i\":\"a73b04d1-99ec-42e7-858d-5edd5c8ae15a\"},\"panelIndex\":\"a73b04d1-99ec-42e7-858d-5edd5c8ae15a\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}},\"panelRefName\":\"panel_6\"},{\"version\":\"1.2.0\",\"gridData\":{\"x\":0,\"y\":55,\"w\":21,\"h\":18,\"i\":\"a38de599-91bf-4ce0-9ba1-fcdacb57c943\"},\"panelIndex\":\"a38de599-91bf-4ce0-9ba1-fcdacb57c943\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}},\"panelRefName\":\"panel_7\"},{\"version\":\"1.2.0\",\"gridData\":{\"x\":21,\"y\":55,\"w\":27,\"h\":18,\"i\":\"7ccb6ae1-5068-4a2d-b147-2baa12a7ac92\"},\"panelIndex\":\"7ccb6ae1-5068-4a2d-b147-2baa12a7ac92\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":5,\"direction\":\"desc\"}}}},\"panelRefName\":\"panel_8\"},{\"version\":\"1.2.0\",\"gridData\":{\"x\":0,\"y\":73,\"w\":48,\"h\":19,\"i\":\"bb66342b-bad1-4592-b5cf-18fbe68ec1a2\"},\"panelIndex\":\"bb66342b-bad1-4592-b5cf-18fbe68ec1a2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"},{\"version\":\"1.2.0\",\"gridData\":{\"x\":0,\"y\":92,\"w\":48,\"h\":13,\"i\":\"faa4d891-2c11-4393-acec-cea800f017e7\"},\"panelIndex\":\"faa4d891-2c11-4393-acec-cea800f017e7\",\"embeddableConfig\":{},\"panelRefName\":\"panel_10\"},{\"version\":\"1.2.0\",\"gridData\":{\"x\":0,\"y\":105,\"w\":48,\"h\":16,\"i\":\"4608eca0-796d-4482-b62a-887c799e423f\"},\"panelIndex\":\"4608eca0-796d-4482-b62a-887c799e423f\",\"embeddableConfig\":{},\"panelRefName\":\"panel_11\"},{\"version\":\"1.2.0\",\"gridData\":{\"x\":0,\"y\":121,\"w\":48,\"h\":16,\"i\":\"9d193b0a-a8d1-48ad-88cc-16a325686f91\"},\"panelIndex\":\"9d193b0a-a8d1-48ad-88cc-16a325686f91\",\"embeddableConfig\":{},\"panelRefName\":\"panel_12\"}]", - "optionsJSON": "{\"useMargins\":true}", - "version": 1, - "timeRestore": false, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"*\"},\"filter\":[]}" - } - }, - "references": [ - { - "name": "panel_0", - "type": "visualization", - "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3" - }, - { - "name": "panel_1", - "type": "visualization", - "id": "b2548270-eb98-11e9-a384-0fcf32210194" - }, - { - "name": "panel_2", - "type": "visualization", - "id": "3c2b11d0-eb99-11e9-a384-0fcf32210194" - }, - { - "name": "panel_3", - "type": "visualization", - "id": "c3b30a40-5682-11eb-a702-bff6ecd13bea" - }, - { - "name": "panel_4", - "type": "visualization", - "id": "378fefe0-cab6-11ea-84cd-4f7b1f416f80" - }, - { - "name": "panel_5", - "type": "visualization", - "id": "6f73cf80-cb7e-11ea-b8b9-778c41cae039" - }, - { - "name": "panel_6", - "type": "visualization", - "id": "4ce6e380-cab6-11ea-84cd-4f7b1f416f80" - }, - { - "name": "panel_7", - "type": "visualization", - "id": "fa86bb10-cab0-11ea-84cd-4f7b1f416f80" - }, - { - "name": "panel_8", - "type": "visualization", - "id": "5f626310-ca96-11ea-8578-f3ff6bdd82b2" - }, - { - "name": "panel_9", - "type": "search", - "id": "ca878ac0-c790-11ea-8578-f3ff6bdd82b2" - }, - { - "name": "panel_10", - "type": "search", - "id": "f75bfb80-c790-11ea-8578-f3ff6bdd82b2" - }, - { - "name": "panel_11", - "type": "search", - "id": "972f9f00-c790-11ea-8578-f3ff6bdd82b2" - }, - { - "name": "panel_12", - "type": "search", - "id": "a2d6d220-caaa-11ea-84cd-4f7b1f416f80" - } - ], - "migrationVersion": { - "dashboard": "7.9.3" - } - }, - { - "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-02-14T15:27:15.763Z", - "version": "Wzc4NSwxXQ==", - "attributes": { - "title": "Network Logs", - "visState": "{\"title\":\"Network Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576) \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405) \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf) \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330) \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4) \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed) \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714) \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3) \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85) \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11) \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f) \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b) \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1) \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed) \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5) \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f) \\n[↪ NetBox](/netbox/) \\n[↪ Arkime](/arkime/) \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406) ● [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e) ● [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9) ● [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48) ● [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) ● [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3) ● [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673) ● [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24) ● [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105) ● [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6) ● [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37) ● [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586) ● [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0) ● [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c) ● [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970) ● [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0) ● [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26) ● [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa) ● [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773) ● [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f) ● [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab) ● [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238) ● [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3) ● [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd) ● [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d) ● [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88) ● [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2) ● [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194) ● [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad) ● [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3) ● [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4) ● [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194) ● [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7) ● [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8) ● [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4) ● [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194) ● [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194) ● [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4) ● [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}", - "uiStateJSON": "{}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}" - } - }, - "references": [], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "b2548270-eb98-11e9-a384-0fcf32210194", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-02-14T15:26:21.141Z", - "version": "WzE3MywxXQ==", - "attributes": { - "title": "EtherNet/IP - Log Count", - "visState": "{\"title\":\"EtherNet/IP - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":36}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Log Count\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"event.dataset\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Log Type\"}}]}", - "uiStateJSON": "{}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"event.dataset:(enip* OR cip*)\",\"language\":\"lucene\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" - } - }, - "references": [ - { - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern", - "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "3c2b11d0-eb99-11e9-a384-0fcf32210194", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-02-14T15:26:21.141Z", - "version": "WzE3NCwxXQ==", - "attributes": { - "title": "EtherNet/IP - Logs Over Time", - "visState": "{\"title\":\"EtherNet/IP - Logs Over Time\",\"type\":\"histogram\",\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"square root\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"times\":[],\"addTimeMarker\":false,\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"dimensions\":{\"x\":{\"accessor\":0,\"format\":{\"id\":\"date\",\"params\":{\"pattern\":\"YYYY\"}},\"params\":{\"date\":true,\"interval\":\"P365D\",\"intervalESValue\":365,\"intervalESUnit\":\"d\",\"format\":\"YYYY\",\"bounds\":{\"min\":\"1971-01-14T16:48:06.557Z\",\"max\":\"2021-01-14T16:48:06.557Z\"}},\"label\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER per 365 days\",\"aggType\":\"date_histogram\"},\"y\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"series\":[{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Log Type\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER\",\"timeRange\":{\"from\":\"now-50y\",\"to\":\"now\"},\"useNormalizedEsInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\" \"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"event.dataset\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Log Type\"}}]}", - "uiStateJSON": "{\"vis\":{\"legendOpen\":true}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"event.dataset:(enip* OR cip*)\",\"language\":\"lucene\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" - } - }, - "references": [ - { - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern", - "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "c3b30a40-5682-11eb-a702-bff6ecd13bea", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-02-14T15:26:21.141Z", - "version": "WzE3NSwxXQ==", - "attributes": { - "title": "Ethernet/IP - Commands", - "visState": "{\"title\":\"Ethernet/IP - Commands\",\"type\":\"horizontal_bar\",\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"square root\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"dimensions\":{\"x\":{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"\"}},\"params\":{},\"label\":\"Command\",\"aggType\":\"terms\"},\"y\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"\",\"customLabel\":\"Command\"}}]}", - "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "972f9f00-c790-11ea-8578-f3ff6bdd82b2" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "378fefe0-cab6-11ea-84cd-4f7b1f416f80", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-02-14T15:26:21.141Z", - "version": "WzE3OCwxXQ==", - "attributes": { - "title": "EtherNet/IP - Source IP", - "visState": "{\"title\":\"EtherNet/IP - Source IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"}}]}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"event.dataset:(\\\"enip\\\" OR \\\"cip\\\" OR \\\"cip_io\\\")\",\"language\":\"lucene\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" - } - }, - "references": [ - { - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern", - "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "6f73cf80-cb7e-11ea-b8b9-778c41cae039", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-02-14T15:26:21.141Z", - "version": "WzE4MCwxXQ==", - "attributes": { - "title": "CIP - Device Identity", - "visState": "{\"title\":\"CIP - Device Identity\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":4,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"N/A\"}},\"params\":{},\"label\":\"Serial Number\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.cip_identity.product_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"N/A\",\"customLabel\":\"Product Name\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.cip_identity.device_type_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"N/A\",\"customLabel\":\"Device Type\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.cip_identity.vendor_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"N/A\",\"customLabel\":\"Vendor Name\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.cip_identity.serial_number\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"N/A\",\"customLabel\":\"Serial Number\"}},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.cip_identity.revision\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"N/A\",\"customLabel\":\"Revision Number\"}}]}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", - "description": "CIP Identity Results", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "f75bfb80-c790-11ea-8578-f3ff6bdd82b2" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "4ce6e380-cab6-11ea-84cd-4f7b1f416f80", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-02-14T15:26:21.141Z", - "version": "WzE3NywxXQ==", - "attributes": { - "title": "EtherNet/IP - Destination IP", - "visState": "{\"title\":\"EtherNet/IP - Destination IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Source IP\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"}}]}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"event.dataset:(\\\"enip\\\" OR \\\"cip\\\" OR \\\"cip_io\\\")\",\"language\":\"lucene\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" - } - }, - "references": [ - { - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern", - "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "fa86bb10-cab0-11ea-84cd-4f7b1f416f80", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-02-14T15:26:21.141Z", - "version": "WzE3NiwxXQ==", - "attributes": { - "title": "CIP - Services", - "visState": "{\"title\":\"CIP - Services\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":3,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Request/Response\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":500,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"CIP Service\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.result\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Status\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.cip.direction\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Request/Response\"}}]}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", - "description": "CIP Services and Status", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "ca878ac0-c790-11ea-8578-f3ff6bdd82b2" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "5f626310-ca96-11ea-8578-f3ff6bdd82b2", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-02-14T15:26:21.141Z", - "version": "WzE3OSwxXQ==", - "attributes": { - "title": "EtherNet/IP - Detailed Information", - "visState": "{\"title\":\"EtherNet/IP - Detailed Information\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":5,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Data Length\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.enip.session_handle\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":500,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Session Identifier\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.enip.sender_context\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Sender Context\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"EtherNet/IP Command\"}},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.enip.length\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Data Length\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.result\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Status\"}}]}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", - "description": "Includes: Session Identifier, Sender Context, EtherNet/IP Command, Data Length, and Status", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "972f9f00-c790-11ea-8578-f3ff6bdd82b2" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "ca878ac0-c790-11ea-8578-f3ff6bdd82b2", - "type": "search", - "namespaces": [ - "default" - ], - "updated_at": "2022-02-14T15:26:21.141Z", - "version": "WzE4MSwxXQ==", - "attributes": { - "title": "CIP - Logs", - "description": "", - "hits": 0, - "columns": [ - "source.ip", - "destination.ip", - "event.action", - "event.result", - "zeek.cip.direction", - "zeek.cip.cip_sequence_count", - "zeek.cip.class_id", - "zeek.cip.class_name", - "zeek.cip.instance_id" - ], - "sort": [ - [ - "MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER", - "desc" - ] - ], - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"filter\":[],\"query\":{\"query\":\"event.dataset:cip\",\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" - } - }, - "references": [ - { - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern", - "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" - } - ], - "migrationVersion": { - "search": "7.9.3" - } - }, - { - "id": "f75bfb80-c790-11ea-8578-f3ff6bdd82b2", - "type": "search", - "namespaces": [ - "default" - ], - "updated_at": "2022-02-14T15:26:21.141Z", - "version": "WzE4MiwxXQ==", - "attributes": { - "title": "CIP - Identity Logs", - "description": "", - "hits": 0, - "columns": [ - "source.ip", - "destination.ip", - "zeek.cip_identity.device_type_name", - "zeek.cip_identity.product_name", - "zeek.cip_identity.vendor_name", - "zeek.cip_identity.revision", - "zeek.cip_identity.serial_number" - ], - "sort": [ - [ - "MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER", - "desc" - ] - ], - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"filter\":[],\"query\":{\"query\":\"event.dataset:cip_identity\",\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" - } - }, - "references": [ - { - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern", - "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" - } - ], - "migrationVersion": { - "search": "7.9.3" - } - }, - { - "id": "972f9f00-c790-11ea-8578-f3ff6bdd82b2", - "type": "search", - "namespaces": [ - "default" - ], - "updated_at": "2022-02-14T15:26:21.141Z", - "version": "WzE4MywxXQ==", - "attributes": { - "title": "Ethernet/IP - Logs", - "description": "", - "hits": 0, - "columns": [ - "source.ip", - "destination.ip", - "event.action", - "event.result", - "zeek.enip.options", - "zeek.enip.sender_context", - "zeek.enip.session_handle", - "event.id" - ], - "sort": [ - [ - "MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER", - "desc" - ] - ], - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"filter\":[],\"query\":{\"query\":\"event.dataset:enip\",\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" - } - }, - "references": [ - { - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern", - "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" - } - ], - "migrationVersion": { - "search": "7.9.3" - } - }, - { - "id": "a2d6d220-caaa-11ea-84cd-4f7b1f416f80", - "type": "search", - "namespaces": [ - "default" - ], - "updated_at": "2022-02-14T15:26:21.141Z", - "version": "WzE4NCwxXQ==", - "attributes": { - "title": "CIP - IO Logs", - "description": "", - "hits": 0, - "columns": [ - "source.ip", - "destination.ip", - "zeek.cip_io.connection_id", - "zeek.cip_io.sequence_number", - "zeek.cip_io.data_length", - "event.id" - ], - "sort": [ - [ - "MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER", - "desc" - ] - ], - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"filter\":[],\"query\":{\"query\":\"event.dataset:cip_io\",\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" - } - }, - "references": [ - { - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern", - "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" - } - ], - "migrationVersion": { - "search": "7.9.3" - } - } - ] +{ + "version": "1.2.0", + "objects": [ + { + "id": "29a1b290-eb98-11e9-a384-0fcf32210194", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-02-14T15:38:50.396Z", + "version": "WzEwNDMsMV0=", + "attributes": { + "title": "EtherNet/IP", + "hits": 0, + "description": "Dashboard for Ethernet/IP and CIP Protocols", + "panelsJSON": "[{\"version\":\"1.2.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":37,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"1.2.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":9,\"h\":19,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"1.2.0\",\"gridData\":{\"x\":17,\"y\":0,\"w\":31,\"h\":19,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"legendOpen\":false,\"vis\":{\"legendOpen\":true}},\"panelRefName\":\"panel_2\"},{\"version\":\"1.2.0\",\"gridData\":{\"x\":8,\"y\":19,\"w\":28,\"h\":18,\"i\":\"5bbd48d6-a3e7-4b7e-9c1d-9883d519dc76\"},\"panelIndex\":\"5bbd48d6-a3e7-4b7e-9c1d-9883d519dc76\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"1.2.0\",\"gridData\":{\"x\":36,\"y\":19,\"w\":12,\"h\":18,\"i\":\"c25cc903-12d2-43af-9841-89bba26a32a9\"},\"panelIndex\":\"c25cc903-12d2-43af-9841-89bba26a32a9\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}},\"panelRefName\":\"panel_4\"},{\"version\":\"1.2.0\",\"gridData\":{\"x\":0,\"y\":37,\"w\":36,\"h\":18,\"i\":\"a66a1ab3-eeaf-4c7b-a56e-b8663be6ab9f\"},\"panelIndex\":\"a66a1ab3-eeaf-4c7b-a56e-b8663be6ab9f\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":5,\"direction\":\"desc\"}}}},\"panelRefName\":\"panel_5\"},{\"version\":\"1.2.0\",\"gridData\":{\"x\":36,\"y\":37,\"w\":12,\"h\":18,\"i\":\"a73b04d1-99ec-42e7-858d-5edd5c8ae15a\"},\"panelIndex\":\"a73b04d1-99ec-42e7-858d-5edd5c8ae15a\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}},\"panelRefName\":\"panel_6\"},{\"version\":\"1.2.0\",\"gridData\":{\"x\":0,\"y\":55,\"w\":21,\"h\":18,\"i\":\"a38de599-91bf-4ce0-9ba1-fcdacb57c943\"},\"panelIndex\":\"a38de599-91bf-4ce0-9ba1-fcdacb57c943\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}},\"panelRefName\":\"panel_7\"},{\"version\":\"1.2.0\",\"gridData\":{\"x\":21,\"y\":55,\"w\":27,\"h\":18,\"i\":\"7ccb6ae1-5068-4a2d-b147-2baa12a7ac92\"},\"panelIndex\":\"7ccb6ae1-5068-4a2d-b147-2baa12a7ac92\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":5,\"direction\":\"desc\"}}}},\"panelRefName\":\"panel_8\"},{\"version\":\"1.2.0\",\"gridData\":{\"x\":0,\"y\":73,\"w\":48,\"h\":19,\"i\":\"bb66342b-bad1-4592-b5cf-18fbe68ec1a2\"},\"panelIndex\":\"bb66342b-bad1-4592-b5cf-18fbe68ec1a2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"},{\"version\":\"1.2.0\",\"gridData\":{\"x\":0,\"y\":92,\"w\":48,\"h\":13,\"i\":\"faa4d891-2c11-4393-acec-cea800f017e7\"},\"panelIndex\":\"faa4d891-2c11-4393-acec-cea800f017e7\",\"embeddableConfig\":{},\"panelRefName\":\"panel_10\"},{\"version\":\"1.2.0\",\"gridData\":{\"x\":0,\"y\":105,\"w\":48,\"h\":16,\"i\":\"4608eca0-796d-4482-b62a-887c799e423f\"},\"panelIndex\":\"4608eca0-796d-4482-b62a-887c799e423f\",\"embeddableConfig\":{},\"panelRefName\":\"panel_11\"},{\"version\":\"1.2.0\",\"gridData\":{\"x\":0,\"y\":121,\"w\":48,\"h\":16,\"i\":\"9d193b0a-a8d1-48ad-88cc-16a325686f91\"},\"panelIndex\":\"9d193b0a-a8d1-48ad-88cc-16a325686f91\",\"embeddableConfig\":{},\"panelRefName\":\"panel_12\"}]", + "optionsJSON": "{\"useMargins\":true}", + "version": 1, + "timeRestore": false, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"*\"},\"filter\":[]}" + } + }, + "references": [ + { + "name": "panel_0", + "type": "visualization", + "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3" + }, + { + "name": "panel_1", + "type": "visualization", + "id": "b2548270-eb98-11e9-a384-0fcf32210194" + }, + { + "name": "panel_2", + "type": "visualization", + "id": "3c2b11d0-eb99-11e9-a384-0fcf32210194" + }, + { + "name": "panel_3", + "type": "visualization", + "id": "c3b30a40-5682-11eb-a702-bff6ecd13bea" + }, + { + "name": "panel_4", + "type": "visualization", + "id": "378fefe0-cab6-11ea-84cd-4f7b1f416f80" + }, + { + "name": "panel_5", + "type": "visualization", + "id": "6f73cf80-cb7e-11ea-b8b9-778c41cae039" + }, + { + "name": "panel_6", + "type": "visualization", + "id": "4ce6e380-cab6-11ea-84cd-4f7b1f416f80" + }, + { + "name": "panel_7", + "type": "visualization", + "id": "fa86bb10-cab0-11ea-84cd-4f7b1f416f80" + }, + { + "name": "panel_8", + "type": "visualization", + "id": "5f626310-ca96-11ea-8578-f3ff6bdd82b2" + }, + { + "name": "panel_9", + "type": "search", + "id": "ca878ac0-c790-11ea-8578-f3ff6bdd82b2" + }, + { + "name": "panel_10", + "type": "search", + "id": "f75bfb80-c790-11ea-8578-f3ff6bdd82b2" + }, + { + "name": "panel_11", + "type": "search", + "id": "972f9f00-c790-11ea-8578-f3ff6bdd82b2" + }, + { + "name": "panel_12", + "type": "search", + "id": "a2d6d220-caaa-11ea-84cd-4f7b1f416f80" + } + ], + "migrationVersion": { + "dashboard": "7.9.3" + } + }, + { + "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-02-14T15:27:15.763Z", + "version": "Wzc4NSwxXQ==", + "attributes": { + "title": "Network Logs", + "visState": "{\"title\":\"Network Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576) \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405) \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf) \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330) \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4) \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed) \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714) \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3) \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85) \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11) \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f) \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b) \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1) \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed) \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5) \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f) \\n[↪ NetBox](/netbox/) \\n[↪ Arkime](/arkime/) \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406) ● [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e) ● [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9) ● [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48) ● [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) ● [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3) ● [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673) ● [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24) ● [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105) ● [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6) ● [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37) ● [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586) ● [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0) ● [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c) ● [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970) ● [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0) ● [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26) ● [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa) ● [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773) ● [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f) ● [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab) ● [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238) ● [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3) ● [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd) ● [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d) ● [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88) ● [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2) ● [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194) ● [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad) ● [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3) ● [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4) ● [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194) ● [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7) ● [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8) ● [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4) ● [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194) ● [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194) ● [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4) ● [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}", + "uiStateJSON": "{}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}" + } + }, + "references": [], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "b2548270-eb98-11e9-a384-0fcf32210194", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-02-14T15:26:21.141Z", + "version": "WzE3MywxXQ==", + "attributes": { + "title": "EtherNet/IP - Log Count", + "visState": "{\"title\":\"EtherNet/IP - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":36}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Log Count\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"event.dataset\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Log Type\"}}]}", + "uiStateJSON": "{}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"event.dataset:(enip* OR cip*)\",\"language\":\"lucene\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" + } + }, + "references": [ + { + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern", + "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "3c2b11d0-eb99-11e9-a384-0fcf32210194", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-02-14T15:26:21.141Z", + "version": "WzE3NCwxXQ==", + "attributes": { + "title": "EtherNet/IP - Logs Over Time", + "visState": "{\"title\":\"EtherNet/IP - Logs Over Time\",\"type\":\"histogram\",\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"square root\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"times\":[],\"addTimeMarker\":false,\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"dimensions\":{\"x\":{\"accessor\":0,\"format\":{\"id\":\"date\",\"params\":{\"pattern\":\"YYYY\"}},\"params\":{\"date\":true,\"interval\":\"P365D\",\"intervalESValue\":365,\"intervalESUnit\":\"d\",\"format\":\"YYYY\",\"bounds\":{\"min\":\"1971-01-14T16:48:06.557Z\",\"max\":\"2021-01-14T16:48:06.557Z\"}},\"label\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER per 365 days\",\"aggType\":\"date_histogram\"},\"y\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"series\":[{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Log Type\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER\",\"timeRange\":{\"from\":\"now-50y\",\"to\":\"now\"},\"useNormalizedEsInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\" \"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"event.dataset\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Log Type\"}}]}", + "uiStateJSON": "{\"vis\":{\"legendOpen\":true}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"event.dataset:(enip* OR cip*)\",\"language\":\"lucene\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" + } + }, + "references": [ + { + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern", + "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "c3b30a40-5682-11eb-a702-bff6ecd13bea", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-02-14T15:26:21.141Z", + "version": "WzE3NSwxXQ==", + "attributes": { + "title": "Ethernet/IP - Commands", + "visState": "{\"title\":\"Ethernet/IP - Commands\",\"type\":\"horizontal_bar\",\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"square root\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"dimensions\":{\"x\":{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"\"}},\"params\":{},\"label\":\"Command\",\"aggType\":\"terms\"},\"y\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"\",\"customLabel\":\"Command\"}}]}", + "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "972f9f00-c790-11ea-8578-f3ff6bdd82b2" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "378fefe0-cab6-11ea-84cd-4f7b1f416f80", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-02-14T15:26:21.141Z", + "version": "WzE3OCwxXQ==", + "attributes": { + "title": "EtherNet/IP - Source IP", + "visState": "{\"title\":\"EtherNet/IP - Source IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"}}]}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"event.dataset:(\\\"enip\\\" OR \\\"cip\\\" OR \\\"cip_io\\\")\",\"language\":\"lucene\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" + } + }, + "references": [ + { + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern", + "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "6f73cf80-cb7e-11ea-b8b9-778c41cae039", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-02-14T15:26:21.141Z", + "version": "WzE4MCwxXQ==", + "attributes": { + "title": "CIP - Device Identity", + "visState": "{\"title\":\"CIP - Device Identity\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":4,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"N/A\"}},\"params\":{},\"label\":\"Serial Number\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.cip_identity.product_name\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"N/A\",\"customLabel\":\"Product Name\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.cip_identity.device_type_name\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"N/A\",\"customLabel\":\"Device Type\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.cip_identity.vendor_name\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"N/A\",\"customLabel\":\"Vendor Name\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.cip_identity.serial_number\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"N/A\",\"customLabel\":\"Serial Number\"}},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.cip_identity.revision\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"N/A\",\"customLabel\":\"Revision Number\"}}]}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "description": "CIP Identity Results", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "f75bfb80-c790-11ea-8578-f3ff6bdd82b2" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "4ce6e380-cab6-11ea-84cd-4f7b1f416f80", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-02-14T15:26:21.141Z", + "version": "WzE3NywxXQ==", + "attributes": { + "title": "EtherNet/IP - Destination IP", + "visState": "{\"title\":\"EtherNet/IP - Destination IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Source IP\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"}}]}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"event.dataset:(\\\"enip\\\" OR \\\"cip\\\" OR \\\"cip_io\\\")\",\"language\":\"lucene\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" + } + }, + "references": [ + { + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern", + "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "fa86bb10-cab0-11ea-84cd-4f7b1f416f80", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-02-14T15:26:21.141Z", + "version": "WzE3NiwxXQ==", + "attributes": { + "title": "CIP - Services", + "visState": "{\"title\":\"CIP - Services\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":3,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Request/Response\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"CIP Service\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.result\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Status\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.cip.direction\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Request/Response\"}}]}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "description": "CIP Services and Status", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "ca878ac0-c790-11ea-8578-f3ff6bdd82b2" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "5f626310-ca96-11ea-8578-f3ff6bdd82b2", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-02-14T15:26:21.141Z", + "version": "WzE3OSwxXQ==", + "attributes": { + "title": "EtherNet/IP - Detailed Information", + "visState": "{\"title\":\"EtherNet/IP - Detailed Information\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":5,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Data Length\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.enip.session_handle\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Session Identifier\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.enip.sender_context\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Sender Context\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"EtherNet/IP Command\"}},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.enip.length\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Data Length\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.result\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Status\"}}]}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "description": "Includes: Session Identifier, Sender Context, EtherNet/IP Command, Data Length, and Status", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "972f9f00-c790-11ea-8578-f3ff6bdd82b2" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "ca878ac0-c790-11ea-8578-f3ff6bdd82b2", + "type": "search", + "namespaces": [ + "default" + ], + "updated_at": "2022-02-14T15:26:21.141Z", + "version": "WzE4MSwxXQ==", + "attributes": { + "title": "CIP - Logs", + "description": "", + "hits": 0, + "columns": [ + "source.ip", + "destination.ip", + "event.action", + "event.result", + "zeek.cip.direction", + "zeek.cip.cip_sequence_count", + "zeek.cip.class_id", + "zeek.cip.class_name", + "zeek.cip.instance_id" + ], + "sort": [ + [ + "MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER", + "desc" + ] + ], + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"filter\":[],\"query\":{\"query\":\"event.dataset:cip\",\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" + } + }, + "references": [ + { + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern", + "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" + } + ], + "migrationVersion": { + "search": "7.9.3" + } + }, + { + "id": "f75bfb80-c790-11ea-8578-f3ff6bdd82b2", + "type": "search", + "namespaces": [ + "default" + ], + "updated_at": "2022-02-14T15:26:21.141Z", + "version": "WzE4MiwxXQ==", + "attributes": { + "title": "CIP - Identity Logs", + "description": "", + "hits": 0, + "columns": [ + "source.ip", + "destination.ip", + "zeek.cip_identity.device_type_name", + "zeek.cip_identity.product_name", + "zeek.cip_identity.vendor_name", + "zeek.cip_identity.revision", + "zeek.cip_identity.serial_number" + ], + "sort": [ + [ + "MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER", + "desc" + ] + ], + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"filter\":[],\"query\":{\"query\":\"event.dataset:cip_identity\",\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" + } + }, + "references": [ + { + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern", + "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" + } + ], + "migrationVersion": { + "search": "7.9.3" + } + }, + { + "id": "972f9f00-c790-11ea-8578-f3ff6bdd82b2", + "type": "search", + "namespaces": [ + "default" + ], + "updated_at": "2022-02-14T15:26:21.141Z", + "version": "WzE4MywxXQ==", + "attributes": { + "title": "Ethernet/IP - Logs", + "description": "", + "hits": 0, + "columns": [ + "source.ip", + "destination.ip", + "event.action", + "event.result", + "zeek.enip.options", + "zeek.enip.sender_context", + "zeek.enip.session_handle", + "event.id" + ], + "sort": [ + [ + "MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER", + "desc" + ] + ], + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"filter\":[],\"query\":{\"query\":\"event.dataset:enip\",\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" + } + }, + "references": [ + { + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern", + "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" + } + ], + "migrationVersion": { + "search": "7.9.3" + } + }, + { + "id": "a2d6d220-caaa-11ea-84cd-4f7b1f416f80", + "type": "search", + "namespaces": [ + "default" + ], + "updated_at": "2022-02-14T15:26:21.141Z", + "version": "WzE4NCwxXQ==", + "attributes": { + "title": "CIP - IO Logs", + "description": "", + "hits": 0, + "columns": [ + "source.ip", + "destination.ip", + "zeek.cip_io.connection_id", + "zeek.cip_io.sequence_number", + "zeek.cip_io.data_length", + "event.id" + ], + "sort": [ + [ + "MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER", + "desc" + ] + ], + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"filter\":[],\"query\":{\"query\":\"event.dataset:cip_io\",\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" + } + }, + "references": [ + { + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern", + "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" + } + ], + "migrationVersion": { + "search": "7.9.3" + } + } + ] } \ No newline at end of file diff --git a/dashboards/dashboards/2bec1490-eb94-11e9-a384-0fcf32210194.json b/dashboards/dashboards/2bec1490-eb94-11e9-a384-0fcf32210194.json index 2efe353b4..088ecb159 100644 --- a/dashboards/dashboards/2bec1490-eb94-11e9-a384-0fcf32210194.json +++ b/dashboards/dashboards/2bec1490-eb94-11e9-a384-0fcf32210194.json @@ -223,7 +223,7 @@ "version": "WzE5NiwxXQ==", "attributes": { "title": "BACnet - BVLC Functions", - "visState": "{\"title\":\"BACnet - BVLC Functions\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.bacnet.bvlc_function\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"BVLC Function\"}}]}", + "visState": "{\"title\":\"BACnet - BVLC Functions\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.bacnet.bvlc_function\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"BVLC Function\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "BACnet Virtual Link Control Functions (Link-Layer Control)", "version": 1, @@ -253,7 +253,7 @@ "version": "WzE5NywxXQ==", "attributes": { "title": "BACnet - Protocol Data Units (PDUs)", - "visState": "{\"title\":\"BACnet - Protocol Data Units (PDUs)\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":0,\"direction\":\"asc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"PDU Service\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.bacnet.pdu_service\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"PDU Service\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.bacnet.pdu_type\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"PDU Type\"}}]}", + "visState": "{\"title\":\"BACnet - Protocol Data Units (PDUs)\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":0,\"direction\":\"asc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"PDU Service\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.bacnet.pdu_service\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"PDU Service\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.bacnet.pdu_type\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"PDU Type\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", "description": "BACnet Application Layer Protocol Data Unit types and services", "version": 1, @@ -283,7 +283,7 @@ "version": "Wzk1NSwxXQ==", "attributes": { "title": "BACnet - Actions and Results", - "visState": "{\"title\":\"BACnet - Actions and Results\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Action\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.result\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Result\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"BACnet - Actions and Results\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Action\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.result\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Result\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"sortColumn\":{\"colIndex\":2,\"direction\":\"desc\"}}}", "description": "", "version": 1, @@ -312,7 +312,7 @@ "version": "WzE5OSwxXQ==", "attributes": { "title": "BACnet - Source IP", - "visState": "{\"title\":\"BACnet - Source IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"}}]}", + "visState": "{\"title\":\"BACnet - Source IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "Source IP Addresses from bacnet.log", "version": 1, @@ -341,7 +341,7 @@ "version": "WzIwMCwxXQ==", "attributes": { "title": "BACnet - Destination IP", - "visState": "{\"title\":\"BACnet - Destination IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Source IP\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"}}]}", + "visState": "{\"title\":\"BACnet - Destination IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Source IP\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "Destination IP Addresses from bacnet.log", "version": 1, @@ -370,7 +370,7 @@ "version": "WzIwMywxXQ==", "attributes": { "title": "BACnet - Device Discovery", - "visState": "{\"title\":\"BACnet - Device Discovery\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":4,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":4,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Vendor\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.bacnet_discovery.object_type\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Object Type\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.bacnet.instance_number\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Identifier\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.bacnet.pdu_service\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"PDU Service\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.bacnet_discovery.vendor\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Vendor\"}}]}", + "visState": "{\"title\":\"BACnet - Device Discovery\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":4,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":4,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Vendor\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.bacnet_discovery.object_type\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Object Type\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.bacnet.instance_number\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Identifier\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.bacnet.pdu_service\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"PDU Service\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.bacnet_discovery.vendor\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Vendor\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":4,\"direction\":\"desc\"}}}}", "description": "Results from BACnet i-am and i-have commands", "version": 1, @@ -400,7 +400,7 @@ "version": "WzIwMiwxXQ==", "attributes": { "title": "BACnet - Read and Write Property ", - "visState": "{\"title\":\"BACnet - Read and Write Property \",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":6,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":6,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Property Value\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.bacnet_property.object_type\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Object Type\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.bacnet.instance_number\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":500,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Object Identifier\"}},{\"id\":\"7\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.bacnet.pdu_service\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"PDU Service\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.bacnet_property.property\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Property Type\"}},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.bacnet_property.value\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Property Value\"}}]}", + "visState": "{\"title\":\"BACnet - Read and Write Property \",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":6,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":6,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Property Value\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.bacnet_property.object_type\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Object Type\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.bacnet.instance_number\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Object Identifier\"}},{\"id\":\"7\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.bacnet.pdu_service\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"PDU Service\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.bacnet_property.property\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Property Type\"}},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.bacnet_property.value\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Property Value\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":6,\"direction\":\"desc\"}}}}", "description": "Results from BACnet Read-Property and Write-Property Commands", "version": 1, diff --git a/dashboards/dashboards/2cc56240-e460-11ed-a9d5-9f591c284cb4.json b/dashboards/dashboards/2cc56240-e460-11ed-a9d5-9f591c284cb4.json index a1f6c52b3..bfaa46e8d 100644 --- a/dashboards/dashboards/2cc56240-e460-11ed-a9d5-9f591c284cb4.json +++ b/dashboards/dashboards/2cc56240-e460-11ed-a9d5-9f591c284cb4.json @@ -205,7 +205,7 @@ "version": "WzIxMSwxXQ==", "attributes": { "title": "Synchrophasor - Source", - "visState": "{\"title\":\"Synchrophasor - Source\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Synchrophasor - Source\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{}", "description": "", "version": 1, @@ -235,7 +235,7 @@ "version": "WzIxMiwxXQ==", "attributes": { "title": "Synchrophasor - Destination", - "visState": "{\"title\":\"Synchrophasor - Destination\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Port\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Synchrophasor - Destination\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Port\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{}", "description": "", "version": 1, @@ -355,7 +355,7 @@ "version": "Wzk0NiwxXQ==", "attributes": { "title": "Synchrophasor - Stations", - "visState": "{\"title\":\"Synchrophasor - Stations\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.synchrophasor_cfg_detail.station_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Station\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Synchrophasor - Stations\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.synchrophasor_cfg_detail.station_name\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Station\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{}", "description": "", "version": 1, @@ -385,7 +385,7 @@ "version": "Wzk0NSwxXQ==", "attributes": { "title": "Synchrophasor - Phasors", - "visState": "{\"title\":\"Synchrophasor - Phasors\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.synchrophasor_cfg_detail.phnam\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Phasor\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Synchrophasor - Phasors\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.synchrophasor_cfg_detail.phnam\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Phasor\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{}", "description": "", "version": 1, @@ -415,7 +415,7 @@ "version": "WzkzNywxXQ==", "attributes": { "title": "Synchrophasor - Analog Channels", - "visState": "{\"title\":\"Synchrophasor - Analog Channels\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.synchrophasor_cfg_detail.annam\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Analog Channel\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Synchrophasor - Analog Channels\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.synchrophasor_cfg_detail.annam\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Analog Channel\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{}", "description": "", "version": 1, @@ -445,7 +445,7 @@ "version": "Wzk0MSwxXQ==", "attributes": { "title": "Synchrophasor - Digital Channels", - "visState": "{\"title\":\"Synchrophasor - Digital Channels\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.synchrophasor_cfg_detail.dgnam\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Digital Channel\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Synchrophasor - Digital Channels\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.synchrophasor_cfg_detail.dgnam\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Digital Channel\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{}", "description": "", "version": 1, diff --git a/dashboards/dashboards/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9.json b/dashboards/dashboards/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9.json index a6934fea2..380f284c7 100644 --- a/dashboards/dashboards/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9.json +++ b/dashboards/dashboards/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9.json @@ -130,7 +130,7 @@ "version": "WzM1MSwxXQ==", "attributes": { "title": "DNS - Server", - "visState": "{\"title\":\"DNS - Server\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"type\":\"table\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Server\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"DNS - Server\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"type\":\"table\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Server\"}}],\"listeners\":{}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, @@ -159,7 +159,7 @@ "updated_at": "2021-05-11T12:24:17.423Z", "version": "WzM1MiwxXQ==", "attributes": { - "visState": "{\"title\":\"DNS - Client\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Client\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"DNS - Client\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Client\"}}],\"listeners\":{}}", "description": "", "title": "DNS - Client", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -219,7 +219,7 @@ "updated_at": "2021-05-11T12:24:17.423Z", "version": "WzM1NCwxXQ==", "attributes": { - "visState": "{\"title\":\"DNS - Query/Answer\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dns.query\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Query\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dns.answers\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Answer\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"DNS - Query/Answer\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dns.query\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Query\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dns.answers\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Answer\"}}],\"listeners\":{}}", "description": "", "title": "DNS - Query/Answer", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -340,7 +340,7 @@ "version": "WzM1OCwxXQ==", "attributes": { "title": "DNS - Answers", - "visState": "{\"title\":\"DNS - Answers\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dns.answers\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Answer\"}}]}", + "visState": "{\"title\":\"DNS - Answers\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dns.answers\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Answer\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, @@ -370,7 +370,7 @@ "version": "WzM1OSwxXQ==", "attributes": { "title": "DNS - Response Code (Name)", - "visState": "{\"title\":\"DNS - Response Code (Name)\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dns.rcode_name\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Response Code (Name)\"}}]}", + "visState": "{\"title\":\"DNS - Response Code (Name)\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dns.rcode_name\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Response Code (Name)\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, @@ -400,7 +400,7 @@ "version": "WzM2MCwxXQ==", "attributes": { "title": "DNS - Query Type", - "visState": "{\"title\":\"DNS - Query Type\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dns.qtype_name\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Query Type\"}}]}", + "visState": "{\"title\":\"DNS - Query Type\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dns.qtype_name\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Query Type\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, @@ -460,7 +460,7 @@ "version": "WzYzMSwxXQ==", "attributes": { "title": "DNS Queries by Randomness", - "visState": "{\"title\":\"DNS Queries by Randomness\",\"type\":\"table\",\"params\":{\"dimensions\":{\"buckets\":[{\"accessor\":0,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\"}},\"params\":{}},{\"accessor\":1,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\"}},\"params\":{}}],\"metrics\":[{\"accessor\":2,\"aggType\":\"count\",\"format\":{\"id\":\"number\"},\"params\":{}}]},\"perPage\":10,\"percentageCol\":\"\",\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":1,\"direction\":\"asc\"},\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dns.host\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":500,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"DNS Query\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.freq_score_v1\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Randomness Score (method 1)\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.freq_score_v2\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Randomness Score (method 2)\"}}]}", + "visState": "{\"title\":\"DNS Queries by Randomness\",\"type\":\"table\",\"params\":{\"dimensions\":{\"buckets\":[{\"accessor\":0,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\"}},\"params\":{}},{\"accessor\":1,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\"}},\"params\":{}}],\"metrics\":[{\"accessor\":2,\"aggType\":\"count\",\"format\":{\"id\":\"number\"},\"params\":{}}]},\"perPage\":10,\"percentageCol\":\"\",\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":1,\"direction\":\"asc\"},\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dns.host\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"DNS Query\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.freq_score_v1\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Randomness Score (method 1)\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.freq_score_v2\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Randomness Score (method 2)\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"asc\"}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/2d98bb8e-214c-4374-837b-20e1bcd63a5e.json b/dashboards/dashboards/2d98bb8e-214c-4374-837b-20e1bcd63a5e.json index 340240a7e..b4f0842b1 100644 --- a/dashboards/dashboards/2d98bb8e-214c-4374-837b-20e1bcd63a5e.json +++ b/dashboards/dashboards/2d98bb8e-214c-4374-837b-20e1bcd63a5e.json @@ -139,7 +139,7 @@ "updated_at": "2021-02-10T21:24:21.144Z", "version": "WzMzMSwxXQ==", "attributes": { - "visState": "{\"title\":\"DHCP - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"DHCP - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", "description": "", "title": "DHCP - Destination IP Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -169,7 +169,7 @@ "updated_at": "2021-02-10T21:24:21.144Z", "version": "WzMzMiwxXQ==", "attributes": { - "visState": "{\"title\":\"DHCP - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"DHCP - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", "description": "", "title": "DHCP - Source IP Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -199,7 +199,7 @@ "updated_at": "2021-02-10T21:24:21.144Z", "version": "WzMzMywxXQ==", "attributes": { - "visState": "{\"title\":\"DHCP - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"DHCP - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}", "description": "", "title": "DHCP - Destination Port", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -260,7 +260,7 @@ "version": "WzMzNSwxXQ==", "attributes": { "title": "DHCP - IP to MAC Assignment", - "visState": "{\"title\":\"DHCP - IP to MAC Assignment\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dhcp.assigned_ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Assigned IP Address\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dhcp.mac\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"MAC Address\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source IP Address\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination IP Address\"}}]}", + "visState": "{\"title\":\"DHCP - IP to MAC Assignment\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dhcp.assigned_ip\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Assigned IP Address\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dhcp.mac\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"MAC Address\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source IP Address\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination IP Address\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, @@ -290,7 +290,7 @@ "version": "WzMzNiwxXQ==", "attributes": { "title": "DHCP - Client Software", - "visState": "{\"title\":\"DHCP - Client Software\",\"type\":\"table\",\"params\":{\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Unknown\"}},\"params\":{},\"label\":\"Client Software\",\"aggType\":\"terms\"}],\"splitColumn\":[{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Unknown\"}},\"params\":{},\"label\":\"Server Software\",\"aggType\":\"terms\"}]},\"perPage\":10,\"percentageCol\":\"\",\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dhcp.client_software\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Client Software\"}}]}", + "visState": "{\"title\":\"DHCP - Client Software\",\"type\":\"table\",\"params\":{\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Unknown\"}},\"params\":{},\"label\":\"Client Software\",\"aggType\":\"terms\"}],\"splitColumn\":[{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Unknown\"}},\"params\":{},\"label\":\"Server Software\",\"aggType\":\"terms\"}]},\"perPage\":10,\"percentageCol\":\"\",\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dhcp.client_software\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Client Software\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, @@ -320,7 +320,7 @@ "version": "WzMzNywxXQ==", "attributes": { "title": "DHCP - Server Software", - "visState": "{\"title\":\"DHCP - Server Software\",\"type\":\"table\",\"params\":{\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Unknown\"}},\"params\":{},\"label\":\"Client Software\",\"aggType\":\"terms\"}]},\"perPage\":10,\"percentageCol\":\"\",\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dhcp.server_software\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Server Software\"}}]}", + "visState": "{\"title\":\"DHCP - Server Software\",\"type\":\"table\",\"params\":{\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Unknown\"}},\"params\":{},\"label\":\"Client Software\",\"aggType\":\"terms\"}]},\"perPage\":10,\"percentageCol\":\"\",\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dhcp.server_software\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Server Software\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/32587740-ef88-11e9-b38a-2db3ee640e88.json b/dashboards/dashboards/32587740-ef88-11e9-b38a-2db3ee640e88.json index 2a8ec6840..2cd8c0427 100644 --- a/dashboards/dashboards/32587740-ef88-11e9-b38a-2db3ee640e88.json +++ b/dashboards/dashboards/32587740-ef88-11e9-b38a-2db3ee640e88.json @@ -197,7 +197,7 @@ "version": "WzM1NywxXQ==", "attributes": { "title": "Tabular Data Stream - RPC Procedure", - "visState": "{\"title\":\"Tabular Data Stream - RPC Procedure\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.tds_rpc.procedure_name\",\"size\":200,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Procedure\"}}]}", + "visState": "{\"title\":\"Tabular Data Stream - RPC Procedure\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.tds_rpc.procedure_name\",,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Procedure\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -227,7 +227,7 @@ "version": "WzM1OCwxXQ==", "attributes": { "title": "Tabular Data Stream - RPC Source IP", - "visState": "{\"title\":\"Tabular Data Stream - RPC Source IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"size\":200,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"}}]}", + "visState": "{\"title\":\"Tabular Data Stream - RPC Source IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, @@ -257,7 +257,7 @@ "version": "WzM1OSwxXQ==", "attributes": { "title": "Tabular Data Stream - RPC Destination IP", - "visState": "{\"title\":\"Tabular Data Stream - RPC Destination IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"size\":200,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Port\"}}]}", + "visState": "{\"title\":\"Tabular Data Stream - RPC Destination IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Port\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/36ed695f-edcc-47c1-b0ec-50d20c93ce0f.json b/dashboards/dashboards/36ed695f-edcc-47c1-b0ec-50d20c93ce0f.json index 123f1f771..41c794735 100644 --- a/dashboards/dashboards/36ed695f-edcc-47c1-b0ec-50d20c93ce0f.json +++ b/dashboards/dashboards/36ed695f-edcc-47c1-b0ec-50d20c93ce0f.json @@ -1,458 +1,458 @@ -{ - "version": "1.2.0", - "objects": [ - { - "id": "36ed695f-edcc-47c1-b0ec-50d20c93ce0f", - "type": "dashboard", - "namespaces": [ - "default" - ], - "updated_at": "2022-01-12T18:32:51.293Z", - "version": "WzEwMjMsMV0=", - "attributes": { - "title": "Zeek Intelligence", - "hits": 0, - "description": "", - "panelsJSON": "[{\"embeddableConfig\":{},\"gridData\":{\"h\":26,\"i\":\"2\",\"w\":8,\"x\":0,\"y\":0},\"panelIndex\":\"2\",\"version\":\"1.2.0\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{\"table\":null,\"vis\":{\"legendOpen\":false}},\"gridData\":{\"h\":8,\"i\":\"3\",\"w\":32,\"x\":16,\"y\":0},\"panelIndex\":\"3\",\"version\":\"1.2.0\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":18,\"i\":\"5\",\"w\":16,\"x\":8,\"y\":8},\"panelIndex\":\"5\",\"version\":\"1.2.0\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}},\"gridData\":{\"h\":18,\"i\":\"6\",\"w\":15,\"x\":33,\"y\":26},\"panelIndex\":\"6\",\"version\":\"1.2.0\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}},\"gridData\":{\"h\":18,\"i\":\"7\",\"w\":13,\"x\":14,\"y\":44},\"panelIndex\":\"7\",\"version\":\"1.2.0\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{\"table\":null,\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}},\"gridData\":{\"h\":18,\"i\":\"8\",\"w\":21,\"x\":27,\"y\":44},\"panelIndex\":\"8\",\"version\":\"1.2.0\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":18,\"i\":\"11\",\"w\":25,\"x\":8,\"y\":26},\"panelIndex\":\"11\",\"version\":\"1.2.0\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":18,\"i\":\"12\",\"w\":14,\"x\":0,\"y\":44},\"panelIndex\":\"12\",\"version\":\"1.2.0\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}},\"gridData\":{\"h\":18,\"i\":\"13\",\"w\":8,\"x\":0,\"y\":26},\"panelIndex\":\"13\",\"version\":\"1.2.0\",\"panelRefName\":\"panel_8\"},{\"embeddableConfig\":{\"columns\":[\"source.ip\",\"destination.ip\",\"destination.port\",\"zeek.intel.seen_indicator\",\"zeek.intel.seen_indicator_type\",\"zeek.intel.sources\",\"zeek.intel.seen_where\",\"event.id\"],\"sort\":[\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER\",\"desc\"]},\"gridData\":{\"h\":24,\"i\":\"14\",\"w\":48,\"x\":0,\"y\":62},\"panelIndex\":\"14\",\"version\":\"1.2.0\",\"panelRefName\":\"panel_9\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":18,\"i\":\"16\",\"w\":24,\"x\":24,\"y\":8},\"panelIndex\":\"16\",\"version\":\"1.2.0\",\"panelRefName\":\"panel_10\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":8,\"i\":\"17\",\"w\":8,\"x\":8,\"y\":0},\"panelIndex\":\"17\",\"version\":\"1.2.0\",\"panelRefName\":\"panel_11\"}]", - "optionsJSON": "{\"useMargins\":true}", - "version": 1, - "timeRestore": false, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"*\"},\"filter\":[]}" - } - }, - "references": [ - { - "name": "panel_0", - "type": "visualization", - "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3" - }, - { - "name": "panel_1", - "type": "visualization", - "id": "2721f49d-4e64-4145-9e81-85e856c20b37" - }, - { - "name": "panel_2", - "type": "visualization", - "id": "ee52f4a1-4232-4c49-abee-accc05ea91aa" - }, - { - "name": "panel_3", - "type": "visualization", - "id": "80cabf50-a849-4e24-a9c7-130cba1a8141" - }, - { - "name": "panel_4", - "type": "visualization", - "id": "cd5ecdc5-e74d-469f-a772-f03562fa2e33" - }, - { - "name": "panel_5", - "type": "visualization", - "id": "8296467e-ce1d-493c-a46c-948ec4fd7c83" - }, - { - "name": "panel_6", - "type": "visualization", - "id": "a2d0a8bb-a6a2-4a1e-826c-0ce3ea8ff074" - }, - { - "name": "panel_7", - "type": "visualization", - "id": "a27464ba-582d-405f-931d-003d8252ff4a" - }, - { - "name": "panel_8", - "type": "visualization", - "id": "2d2f90e4-cac7-47c5-b63d-077b596ba45b" - }, - { - "name": "panel_9", - "type": "search", - "id": "5154d8e9-c83e-4d42-bde3-33ad0c7d1798" - }, - { - "name": "panel_10", - "type": "visualization", - "id": "fa56cc7f-fb00-47fb-becb-1b1fdfea908e" - }, - { - "name": "panel_11", - "type": "visualization", - "id": "AWDG-Qf8xQT5EBNmq4G5" - } - ], - "migrationVersion": { - "dashboard": "7.9.3" - } - }, - { - "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-01-12T18:23:14.699Z", - "version": "Wzc2OSwxXQ==", - "attributes": { - "title": "Network Logs", - "visState": "{\"title\":\"Network Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576) \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405) \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf) \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330) \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4) \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed) \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714) \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3) \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85) \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11) \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f) \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b) \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1) \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed) \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5) \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f) \\n[↪ NetBox](/netbox/) \\n[↪ Arkime](/arkime/) \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406) ● [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e) ● [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9) ● [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48) ● [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) ● [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3) ● [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673) ● [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24) ● [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105) ● [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6) ● [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37) ● [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586) ● [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0) ● [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c) ● [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970) ● [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0) ● [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26) ● [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa) ● [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773) ● [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f) ● [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab) ● [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238) ● [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3) ● [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd) ● [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d) ● [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88) ● [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2) ● [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194) ● [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad) ● [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3) ● [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4) ● [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194) ● [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7) ● [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8) ● [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4) ● [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194) ● [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194) ● [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4) ● [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}", - "uiStateJSON": "{}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}" - } - }, - "references": [], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "2721f49d-4e64-4145-9e81-85e856c20b37", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-01-12T18:32:32.907Z", - "version": "Wzk5OCwxXQ==", - "attributes": { - "title": "Intel - Log Count Over Time", - "visState": "{\"title\":\"Intel - Log Count Over Time\",\"type\":\"line\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"params\":{\"field\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER\",\"timeRange\":{\"from\":\"now-25y\",\"to\":\"now\"},\"useNormalizedOpenSearchInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\" \"},\"schema\":\"segment\"}],\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"histogram\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"type\":\"histogram\",\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}", - "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "5154d8e9-c83e-4d42-bde3-33ad0c7d1798" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "ee52f4a1-4232-4c49-abee-accc05ea91aa", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-01-12T18:22:26.156Z", - "version": "WzIzOCwxXQ==", - "attributes": { - "title": "Intel - Seen", - "visState": "{\"title\":\"Intel - Seen\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.intel.seen_where\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Seen (Where)\"},\"schema\":\"segment\"}],\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}", - "uiStateJSON": "{\"vis\":{\"legendOpen\":true}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "5154d8e9-c83e-4d42-bde3-33ad0c7d1798" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "80cabf50-a849-4e24-a9c7-130cba1a8141", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-01-12T18:22:26.156Z", - "version": "WzIzOSwxXQ==", - "attributes": { - "visState": "{\"title\":\"Intel - Source\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.intel.sources\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source\"}}],\"listeners\":{}}", - "description": "", - "title": "Intel - Source", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "type": "search", - "name": "search_0", - "id": "5154d8e9-c83e-4d42-bde3-33ad0c7d1798" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "cd5ecdc5-e74d-469f-a772-f03562fa2e33", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-01-12T18:22:26.156Z", - "version": "WzI0MCwxXQ==", - "attributes": { - "visState": "{\"title\":\"Intel - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", - "description": "", - "title": "Intel - Source IP Address", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "type": "search", - "name": "search_0", - "id": "5154d8e9-c83e-4d42-bde3-33ad0c7d1798" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "8296467e-ce1d-493c-a46c-948ec4fd7c83", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-01-12T18:22:26.156Z", - "version": "WzI0MSwxXQ==", - "attributes": { - "title": "Intel - Destination IP Address", - "visState": "{\"title\":\"Intel - Destination IP Address\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Port\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\"}}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"event.dataset:intel\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "5154d8e9-c83e-4d42-bde3-33ad0c7d1798" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "a2d0a8bb-a6a2-4a1e-826c-0ce3ea8ff074", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-01-12T18:22:26.156Z", - "version": "WzI0MiwxXQ==", - "attributes": { - "title": "Intel - Indicator", - "visState": "{\"title\":\"Intel - Indicator\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.intel.seen_indicator_type\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Type\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.intel.seen_where\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Seen Where\"},\"schema\":\"bucket\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.intel.seen_indicator\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Indicator\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\"}}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "5154d8e9-c83e-4d42-bde3-33ad0c7d1798" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "a27464ba-582d-405f-931d-003d8252ff4a", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-01-12T18:22:26.156Z", - "version": "WzI0MywxXQ==", - "attributes": { - "visState": "{\"title\":\"Intel - MIME Type\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.intel.file_mime_type\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"MIME Type\"}}],\"listeners\":{}}", - "description": "", - "title": "Intel - MIME Type", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "type": "search", - "name": "search_0", - "id": "5154d8e9-c83e-4d42-bde3-33ad0c7d1798" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "2d2f90e4-cac7-47c5-b63d-077b596ba45b", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-01-12T18:22:26.156Z", - "version": "WzI0NCwxXQ==", - "attributes": { - "visState": "{\"title\":\"Intel - Matched\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.intel.matched\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Type Matched\"}}],\"listeners\":{}}", - "description": "", - "title": "Intel - Matched", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "type": "search", - "name": "search_0", - "id": "5154d8e9-c83e-4d42-bde3-33ad0c7d1798" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "5154d8e9-c83e-4d42-bde3-33ad0c7d1798", - "type": "search", - "namespaces": [ - "default" - ], - "updated_at": "2022-01-12T18:22:26.156Z", - "version": "WzI0NSwxXQ==", - "attributes": { - "sort": [ - [ - "MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER", - "desc" - ] - ], - "hits": 0, - "description": "", - "title": "Intel - Logs", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"filter\":[],\"query\":{\"query\":\"event.dataset:intel\",\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" - }, - "columns": [ - "source.ip", - "destination.ip", - "destination.port", - "zeek.intel.seen_indicator", - "zeek.intel.seen_indicator_type", - "zeek.intel.sources", - "zeek.intel.seen_where", - "event.id" - ] - }, - "references": [ - { - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern", - "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" - } - ], - "migrationVersion": { - "search": "7.9.3" - } - }, - { - "id": "fa56cc7f-fb00-47fb-becb-1b1fdfea908e", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-01-12T18:32:43.892Z", - "version": "WzEwMTIsMV0=", - "attributes": { - "title": "Intel - Indicator Type", - "visState": "{\"title\":\"Intel - Indicator Type\",\"type\":\"histogram\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.intel.seen_indicator_type\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Indicator Type\"},\"schema\":\"segment\"}],\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100,\"rotate\":0},\"title\":{\"text\":\"Indicator Type\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"type\":\"histogram\",\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}", - "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "5154d8e9-c83e-4d42-bde3-33ad0c7d1798" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "AWDG-Qf8xQT5EBNmq4G5", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-01-12T18:22:26.156Z", - "version": "WzI0NywxXQ==", - "attributes": { - "title": "Intel - Log Count", - "visState": "{\"title\":\"Intel - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}", - "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "type": "search", - "name": "search_0", - "id": "5154d8e9-c83e-4d42-bde3-33ad0c7d1798" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - } - ] +{ + "version": "1.2.0", + "objects": [ + { + "id": "36ed695f-edcc-47c1-b0ec-50d20c93ce0f", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-01-12T18:32:51.293Z", + "version": "WzEwMjMsMV0=", + "attributes": { + "title": "Zeek Intelligence", + "hits": 0, + "description": "", + "panelsJSON": "[{\"embeddableConfig\":{},\"gridData\":{\"h\":26,\"i\":\"2\",\"w\":8,\"x\":0,\"y\":0},\"panelIndex\":\"2\",\"version\":\"1.2.0\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{\"table\":null,\"vis\":{\"legendOpen\":false}},\"gridData\":{\"h\":8,\"i\":\"3\",\"w\":32,\"x\":16,\"y\":0},\"panelIndex\":\"3\",\"version\":\"1.2.0\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":18,\"i\":\"5\",\"w\":16,\"x\":8,\"y\":8},\"panelIndex\":\"5\",\"version\":\"1.2.0\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}},\"gridData\":{\"h\":18,\"i\":\"6\",\"w\":15,\"x\":33,\"y\":26},\"panelIndex\":\"6\",\"version\":\"1.2.0\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}},\"gridData\":{\"h\":18,\"i\":\"7\",\"w\":13,\"x\":14,\"y\":44},\"panelIndex\":\"7\",\"version\":\"1.2.0\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{\"table\":null,\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}},\"gridData\":{\"h\":18,\"i\":\"8\",\"w\":21,\"x\":27,\"y\":44},\"panelIndex\":\"8\",\"version\":\"1.2.0\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":18,\"i\":\"11\",\"w\":25,\"x\":8,\"y\":26},\"panelIndex\":\"11\",\"version\":\"1.2.0\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":18,\"i\":\"12\",\"w\":14,\"x\":0,\"y\":44},\"panelIndex\":\"12\",\"version\":\"1.2.0\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}},\"gridData\":{\"h\":18,\"i\":\"13\",\"w\":8,\"x\":0,\"y\":26},\"panelIndex\":\"13\",\"version\":\"1.2.0\",\"panelRefName\":\"panel_8\"},{\"embeddableConfig\":{\"columns\":[\"source.ip\",\"destination.ip\",\"destination.port\",\"zeek.intel.seen_indicator\",\"zeek.intel.seen_indicator_type\",\"zeek.intel.sources\",\"zeek.intel.seen_where\",\"event.id\"],\"sort\":[\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER\",\"desc\"]},\"gridData\":{\"h\":24,\"i\":\"14\",\"w\":48,\"x\":0,\"y\":62},\"panelIndex\":\"14\",\"version\":\"1.2.0\",\"panelRefName\":\"panel_9\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":18,\"i\":\"16\",\"w\":24,\"x\":24,\"y\":8},\"panelIndex\":\"16\",\"version\":\"1.2.0\",\"panelRefName\":\"panel_10\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":8,\"i\":\"17\",\"w\":8,\"x\":8,\"y\":0},\"panelIndex\":\"17\",\"version\":\"1.2.0\",\"panelRefName\":\"panel_11\"}]", + "optionsJSON": "{\"useMargins\":true}", + "version": 1, + "timeRestore": false, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"*\"},\"filter\":[]}" + } + }, + "references": [ + { + "name": "panel_0", + "type": "visualization", + "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3" + }, + { + "name": "panel_1", + "type": "visualization", + "id": "2721f49d-4e64-4145-9e81-85e856c20b37" + }, + { + "name": "panel_2", + "type": "visualization", + "id": "ee52f4a1-4232-4c49-abee-accc05ea91aa" + }, + { + "name": "panel_3", + "type": "visualization", + "id": "80cabf50-a849-4e24-a9c7-130cba1a8141" + }, + { + "name": "panel_4", + "type": "visualization", + "id": "cd5ecdc5-e74d-469f-a772-f03562fa2e33" + }, + { + "name": "panel_5", + "type": "visualization", + "id": "8296467e-ce1d-493c-a46c-948ec4fd7c83" + }, + { + "name": "panel_6", + "type": "visualization", + "id": "a2d0a8bb-a6a2-4a1e-826c-0ce3ea8ff074" + }, + { + "name": "panel_7", + "type": "visualization", + "id": "a27464ba-582d-405f-931d-003d8252ff4a" + }, + { + "name": "panel_8", + "type": "visualization", + "id": "2d2f90e4-cac7-47c5-b63d-077b596ba45b" + }, + { + "name": "panel_9", + "type": "search", + "id": "5154d8e9-c83e-4d42-bde3-33ad0c7d1798" + }, + { + "name": "panel_10", + "type": "visualization", + "id": "fa56cc7f-fb00-47fb-becb-1b1fdfea908e" + }, + { + "name": "panel_11", + "type": "visualization", + "id": "AWDG-Qf8xQT5EBNmq4G5" + } + ], + "migrationVersion": { + "dashboard": "7.9.3" + } + }, + { + "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-01-12T18:23:14.699Z", + "version": "Wzc2OSwxXQ==", + "attributes": { + "title": "Network Logs", + "visState": "{\"title\":\"Network Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576) \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405) \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf) \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330) \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4) \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed) \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714) \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3) \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85) \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11) \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f) \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b) \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1) \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed) \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5) \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f) \\n[↪ NetBox](/netbox/) \\n[↪ Arkime](/arkime/) \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406) ● [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e) ● [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9) ● [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48) ● [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) ● [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3) ● [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673) ● [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24) ● [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105) ● [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6) ● [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37) ● [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586) ● [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0) ● [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c) ● [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970) ● [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0) ● [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26) ● [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa) ● [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773) ● [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f) ● [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab) ● [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238) ● [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3) ● [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd) ● [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d) ● [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88) ● [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2) ● [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194) ● [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad) ● [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3) ● [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4) ● [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194) ● [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7) ● [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8) ● [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4) ● [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194) ● [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194) ● [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4) ● [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}", + "uiStateJSON": "{}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}" + } + }, + "references": [], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "2721f49d-4e64-4145-9e81-85e856c20b37", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-01-12T18:32:32.907Z", + "version": "Wzk5OCwxXQ==", + "attributes": { + "title": "Intel - Log Count Over Time", + "visState": "{\"title\":\"Intel - Log Count Over Time\",\"type\":\"line\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"params\":{\"field\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER\",\"timeRange\":{\"from\":\"now-25y\",\"to\":\"now\"},\"useNormalizedOpenSearchInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\" \"},\"schema\":\"segment\"}],\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"histogram\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"type\":\"histogram\",\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}", + "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "5154d8e9-c83e-4d42-bde3-33ad0c7d1798" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "ee52f4a1-4232-4c49-abee-accc05ea91aa", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-01-12T18:22:26.156Z", + "version": "WzIzOCwxXQ==", + "attributes": { + "title": "Intel - Seen", + "visState": "{\"title\":\"Intel - Seen\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.intel.seen_where\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Seen (Where)\"},\"schema\":\"segment\"}],\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}", + "uiStateJSON": "{\"vis\":{\"legendOpen\":true}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "5154d8e9-c83e-4d42-bde3-33ad0c7d1798" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "80cabf50-a849-4e24-a9c7-130cba1a8141", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-01-12T18:22:26.156Z", + "version": "WzIzOSwxXQ==", + "attributes": { + "visState": "{\"title\":\"Intel - Source\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.intel.sources\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source\"}}],\"listeners\":{}}", + "description": "", + "title": "Intel - Source", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "type": "search", + "name": "search_0", + "id": "5154d8e9-c83e-4d42-bde3-33ad0c7d1798" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "cd5ecdc5-e74d-469f-a772-f03562fa2e33", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-01-12T18:22:26.156Z", + "version": "WzI0MCwxXQ==", + "attributes": { + "visState": "{\"title\":\"Intel - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", + "description": "", + "title": "Intel - Source IP Address", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "type": "search", + "name": "search_0", + "id": "5154d8e9-c83e-4d42-bde3-33ad0c7d1798" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "8296467e-ce1d-493c-a46c-948ec4fd7c83", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-01-12T18:22:26.156Z", + "version": "WzI0MSwxXQ==", + "attributes": { + "title": "Intel - Destination IP Address", + "visState": "{\"title\":\"Intel - Destination IP Address\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Port\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\"}}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"event.dataset:intel\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "5154d8e9-c83e-4d42-bde3-33ad0c7d1798" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "a2d0a8bb-a6a2-4a1e-826c-0ce3ea8ff074", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-01-12T18:22:26.156Z", + "version": "WzI0MiwxXQ==", + "attributes": { + "title": "Intel - Indicator", + "visState": "{\"title\":\"Intel - Indicator\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.intel.seen_indicator_type\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Type\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.intel.seen_where\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Seen Where\"},\"schema\":\"bucket\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.intel.seen_indicator\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Indicator\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\"}}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "5154d8e9-c83e-4d42-bde3-33ad0c7d1798" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "a27464ba-582d-405f-931d-003d8252ff4a", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-01-12T18:22:26.156Z", + "version": "WzI0MywxXQ==", + "attributes": { + "visState": "{\"title\":\"Intel - MIME Type\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.intel.file_mime_type\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"MIME Type\"}}],\"listeners\":{}}", + "description": "", + "title": "Intel - MIME Type", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "type": "search", + "name": "search_0", + "id": "5154d8e9-c83e-4d42-bde3-33ad0c7d1798" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "2d2f90e4-cac7-47c5-b63d-077b596ba45b", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-01-12T18:22:26.156Z", + "version": "WzI0NCwxXQ==", + "attributes": { + "visState": "{\"title\":\"Intel - Matched\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.intel.matched\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Type Matched\"}}],\"listeners\":{}}", + "description": "", + "title": "Intel - Matched", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "type": "search", + "name": "search_0", + "id": "5154d8e9-c83e-4d42-bde3-33ad0c7d1798" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "5154d8e9-c83e-4d42-bde3-33ad0c7d1798", + "type": "search", + "namespaces": [ + "default" + ], + "updated_at": "2022-01-12T18:22:26.156Z", + "version": "WzI0NSwxXQ==", + "attributes": { + "sort": [ + [ + "MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER", + "desc" + ] + ], + "hits": 0, + "description": "", + "title": "Intel - Logs", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"filter\":[],\"query\":{\"query\":\"event.dataset:intel\",\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" + }, + "columns": [ + "source.ip", + "destination.ip", + "destination.port", + "zeek.intel.seen_indicator", + "zeek.intel.seen_indicator_type", + "zeek.intel.sources", + "zeek.intel.seen_where", + "event.id" + ] + }, + "references": [ + { + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern", + "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" + } + ], + "migrationVersion": { + "search": "7.9.3" + } + }, + { + "id": "fa56cc7f-fb00-47fb-becb-1b1fdfea908e", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-01-12T18:32:43.892Z", + "version": "WzEwMTIsMV0=", + "attributes": { + "title": "Intel - Indicator Type", + "visState": "{\"title\":\"Intel - Indicator Type\",\"type\":\"histogram\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.intel.seen_indicator_type\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Indicator Type\"},\"schema\":\"segment\"}],\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100,\"rotate\":0},\"title\":{\"text\":\"Indicator Type\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"type\":\"histogram\",\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}", + "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "5154d8e9-c83e-4d42-bde3-33ad0c7d1798" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "AWDG-Qf8xQT5EBNmq4G5", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-01-12T18:22:26.156Z", + "version": "WzI0NywxXQ==", + "attributes": { + "title": "Intel - Log Count", + "visState": "{\"title\":\"Intel - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}", + "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "type": "search", + "name": "search_0", + "id": "5154d8e9-c83e-4d42-bde3-33ad0c7d1798" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + } + ] } \ No newline at end of file diff --git a/dashboards/dashboards/37041ee1-79c0-4684-a436-3173b0e89876.json b/dashboards/dashboards/37041ee1-79c0-4684-a436-3173b0e89876.json index 6f899ce01..ca4ea536a 100644 --- a/dashboards/dashboards/37041ee1-79c0-4684-a436-3173b0e89876.json +++ b/dashboards/dashboards/37041ee1-79c0-4684-a436-3173b0e89876.json @@ -179,7 +179,7 @@ "updated_at": "2023-11-14T19:18:33.654Z", "version": "WzI3OCwxXQ==", "attributes": { - "visState": "{\"title\":\"HTTP - Sites\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.http.host\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Site\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"HTTP - Sites\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.http.host\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Site\"}}],\"listeners\":{}}", "description": "", "title": "HTTP - Sites", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -210,7 +210,7 @@ "version": "WzI3OSwxXQ==", "attributes": { "title": "HTTP - Sites Hosting EXEs", - "visState": "{\"title\":\"HTTP - Sites Hosting EXEs\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.http.host\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Site\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"HTTP - Sites Hosting EXEs\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.http.host\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Site\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, @@ -238,7 +238,7 @@ "updated_at": "2023-11-14T19:18:33.654Z", "version": "WzI4MCwxXQ==", "attributes": { - "visState": "{\"title\":\"HTTP - URIs\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.http.uri\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"URI\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"HTTP - URIs\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.http.uri\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"URI\"}}],\"listeners\":{}}", "description": "", "title": "HTTP - URIs", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -268,7 +268,7 @@ "updated_at": "2023-11-14T19:18:33.654Z", "version": "WzI4MSwxXQ==", "attributes": { - "visState": "{\"title\":\"HTTP - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"HTTP - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", "description": "", "title": "HTTP - Source IP Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -298,7 +298,7 @@ "updated_at": "2023-11-14T19:18:33.654Z", "version": "WzI4MiwxXQ==", "attributes": { - "visState": "{\"title\":\"HTTP - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"HTTP - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", "description": "", "title": "HTTP - Destination IP Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -328,7 +328,7 @@ "updated_at": "2023-11-14T19:18:33.654Z", "version": "WzI4MywxXQ==", "attributes": { - "visState": "{\"title\":\"HTTP - User Agent\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"user_agent.original\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"User Agent\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"HTTP - User Agent\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"user_agent.original\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"User Agent\"}}],\"listeners\":{}}", "description": "", "title": "HTTP - User Agent", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -358,7 +358,7 @@ "updated_at": "2023-11-14T19:18:33.654Z", "version": "WzI4NCwxXQ==", "attributes": { - "visState": "{\"title\":\"HTTP - Referrer\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.http.referrer\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"HTTP - Referrer\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.http.referrer\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}", "description": "", "title": "HTTP - Referrer", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -479,7 +479,7 @@ "version": "WzI4OCwxXQ==", "attributes": { "title": "HTTP - Status and Method", - "visState": "{\"title\":\"HTTP - Status and Method\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.http.status_msg\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Status Message\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.http.method\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Method\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":20,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"HTTP - Status and Method\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.http.status_msg\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Status Message\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.http.method\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Method\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":20,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/39abfe30-3f99-11e9-a58e-8bdedb0915e8.json b/dashboards/dashboards/39abfe30-3f99-11e9-a58e-8bdedb0915e8.json index 0494646a7..067315121 100644 --- a/dashboards/dashboards/39abfe30-3f99-11e9-a58e-8bdedb0915e8.json +++ b/dashboards/dashboards/39abfe30-3f99-11e9-a58e-8bdedb0915e8.json @@ -80,7 +80,7 @@ "version": "WzQxNiwxXQ==", "attributes": { "title": "Connections - Source - Top Connection Duration (region map)", - "visState": "{\"title\":\"Connections - Source - Top Connection Duration (region map)\",\"type\":\"region_map\",\"params\":{\"addTooltip\":true,\"colorSchema\":\"Green to Red\",\"emsHotLink\":null,\"isDisplayWarning\":false,\"legendPosition\":\"bottomright\",\"mapCenter\":[0,0],\"mapZoom\":3,\"outlineWeight\":1,\"selectedJoinField\":{\"description\":\"Country Code\",\"name\":\"ISO_A2\"},\"selectedLayer\":{\"attribution\":\"https://exploratory.io/maps\",\"fields\":[{\"description\":\"Country Code\",\"name\":\"ISO_A2\"},{\"description\":\"Country Code2\",\"name\":\"WB_A2\"},{\"description\":\"Country Name\",\"name\":\"NAME\"}],\"format\":{\"type\":\"geojson\"},\"isEMS\":false,\"layerId\":\"self_hosted.World (offline)\",\"meta\":{\"feature_collection_path\":\"data\"},\"name\":\"World (offline)\",\"url\":\"/world.geojson\"},\"showAllShapes\":true,\"wms\":{\"enabled\":false,\"options\":{\"format\":\"image/png\",\"transparent\":true},\"selectedTmsLayer\":{\"origin\":\"elastic_maps_service\",\"id\":\"road_map\",\"minZoom\":0,\"maxZoom\":10,\"attribution\":\"OpenStreetMap contributors | OpenMapTiles | MapTiler | Elastic Maps Service\"}},\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\",\"params\":{}},\"params\":{},\"label\":\"Longest Session (seconds)\",\"aggType\":\"max\"},\"bucket\":{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Originator Country\",\"aggType\":\"terms\"}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"event.duration\",\"customLabel\":\"Longest Session (seconds)\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"source.geo.country_iso_code\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Originator Country\"}}]}", + "visState": "{\"title\":\"Connections - Source - Top Connection Duration (region map)\",\"type\":\"region_map\",\"params\":{\"addTooltip\":true,\"colorSchema\":\"Green to Red\",\"emsHotLink\":null,\"isDisplayWarning\":false,\"legendPosition\":\"bottomright\",\"mapCenter\":[0,0],\"mapZoom\":3,\"outlineWeight\":1,\"selectedJoinField\":{\"description\":\"Country Code\",\"name\":\"ISO_A2\"},\"selectedLayer\":{\"attribution\":\"https://exploratory.io/maps\",\"fields\":[{\"description\":\"Country Code\",\"name\":\"ISO_A2\"},{\"description\":\"Country Code2\",\"name\":\"WB_A2\"},{\"description\":\"Country Name\",\"name\":\"NAME\"}],\"format\":{\"type\":\"geojson\"},\"isEMS\":false,\"layerId\":\"self_hosted.World (offline)\",\"meta\":{\"feature_collection_path\":\"data\"},\"name\":\"World (offline)\",\"url\":\"/world.geojson\"},\"showAllShapes\":true,\"wms\":{\"enabled\":false,\"options\":{\"format\":\"image/png\",\"transparent\":true},\"selectedTmsLayer\":{\"origin\":\"elastic_maps_service\",\"id\":\"road_map\",\"minZoom\":0,\"maxZoom\":10,\"attribution\":\"OpenStreetMap contributors | OpenMapTiles | MapTiler | Elastic Maps Service\"}},\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\",\"params\":{}},\"params\":{},\"label\":\"Longest Session (seconds)\",\"aggType\":\"max\"},\"bucket\":{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Originator Country\",\"aggType\":\"terms\"}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"event.duration\",\"customLabel\":\"Longest Session (seconds)\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"source.geo.country_iso_code\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Originator Country\"}}]}", "uiStateJSON": "{\"mapCenter\":[37.17328344112096,15.644531250000002],\"mapZoom\":3}", "description": "", "version": 1, diff --git a/dashboards/dashboards/42e831b9-41a9-4f35-8b7d-e1566d368773.json b/dashboards/dashboards/42e831b9-41a9-4f35-8b7d-e1566d368773.json index 0f8d69764..3f272184f 100644 --- a/dashboards/dashboards/42e831b9-41a9-4f35-8b7d-e1566d368773.json +++ b/dashboards/dashboards/42e831b9-41a9-4f35-8b7d-e1566d368773.json @@ -154,7 +154,7 @@ "updated_at": "2021-11-12T19:32:24.674Z", "version": "WzQ0MywxXQ==", "attributes": { - "visState": "{\"title\":\"SMB - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"SMB - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", "description": "", "title": "SMB - Source IP Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -184,7 +184,7 @@ "updated_at": "2021-11-12T19:32:24.674Z", "version": "WzQ0NCwxXQ==", "attributes": { - "visState": "{\"title\":\"SMB - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"SMB - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", "description": "", "title": "SMB - Destination IP Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -244,7 +244,7 @@ "updated_at": "2021-11-12T19:32:24.674Z", "version": "WzQ0NiwxXQ==", "attributes": { - "visState": "{\"title\":\"SMB - File Path\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.smb_files.path\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"File Path\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"SMB - File Path\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.smb_files.path\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"File Path\"}}],\"listeners\":{}}", "description": "", "title": "SMB - FIle Path", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -274,7 +274,7 @@ "updated_at": "2021-11-12T19:32:24.674Z", "version": "WzQ0NywxXQ==", "attributes": { - "visState": "{\"title\":\"SMB - File Name\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.smb_files.name\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"File Name\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"SMB - File Name\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.smb_files.name\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"File Name\"}}],\"listeners\":{}}", "description": "", "title": "SMB - File Name", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -304,7 +304,7 @@ "updated_at": "2021-11-12T19:32:24.674Z", "version": "WzQ0OCwxXQ==", "attributes": { - "visState": "{\"title\":\"SMB - File/Path Summary\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showMeticsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.smb_files.path\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"File Path\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.smb_files.name\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"_term\",\"customLabel\":\"File Name\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.action\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Action\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source IP Address\"}},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination IP Address\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"SMB - File/Path Summary\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showMeticsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.smb_files.path\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"File Path\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.smb_files.name\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"_term\",\"customLabel\":\"File Name\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.action\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Action\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source IP Address\"}},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination IP Address\"}}],\"listeners\":{}}", "description": "", "title": "SMB - File/Path Summary", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":5,\"direction\":\"desc\"}}}}", @@ -365,7 +365,7 @@ "version": "WzQ1MCwxXQ==", "attributes": { "title": "SMB - Destination Port", - "visState": "{\"title\":\"SMB - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":5,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Port\"}}]}", + "visState": "{\"title\":\"SMB - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":5,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Port\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, @@ -395,7 +395,7 @@ "version": "WzQ1MSwxXQ==", "attributes": { "title": "SMB - Relevant Notices", - "visState": "{\"title\":\"SMB - Relevant Notices\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":4,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Notice Category\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Notice Subcategory\",\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"ip\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Source IP\",\"aggType\":\"terms\"},{\"accessor\":3,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"ip\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"1\"}},\"params\":{},\"label\":\"Destination IP\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.category\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Notice Category\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Notice Subcategory\"}}]}", + "visState": "{\"title\":\"SMB - Relevant Notices\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":4,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Notice Category\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Notice Subcategory\",\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"ip\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Source IP\",\"aggType\":\"terms\"},{\"accessor\":3,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"ip\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"1\"}},\"params\":{},\"label\":\"Destination IP\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.category\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Notice Category\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.name\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Notice Subcategory\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -425,7 +425,7 @@ "version": "WzQ1MiwxXQ==", "attributes": { "title": "SMB Action", - "visState": "{\"title\":\"SMB Action\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"event.action: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}", + "visState": "{\"title\":\"SMB Action\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"event.action: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/432af556-c5c0-4cc3-8166-b274b4e3a406.json b/dashboards/dashboards/432af556-c5c0-4cc3-8166-b274b4e3a406.json index 71e7efefe..7c9b419ef 100644 --- a/dashboards/dashboards/432af556-c5c0-4cc3-8166-b274b4e3a406.json +++ b/dashboards/dashboards/432af556-c5c0-4cc3-8166-b274b4e3a406.json @@ -149,7 +149,7 @@ "updated_at": "2021-02-10T21:24:27.443Z", "version": "WzQzOCwxXQ==", "attributes": { - "visState": "{\"title\":\"DCE/RPC - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"DCE/RPC - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", "description": "", "title": "DCE/RPC - Source IP Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -179,7 +179,7 @@ "updated_at": "2021-02-10T21:24:27.443Z", "version": "WzQzOSwxXQ==", "attributes": { - "visState": "{\"title\":\"DCE/RPC - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"DCE/RPC - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", "description": "", "title": "DCE/RPC - Destination IP Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -209,7 +209,7 @@ "updated_at": "2021-02-10T21:24:27.443Z", "version": "WzQ0MCwxXQ==", "attributes": { - "visState": "{\"title\":\"DCE/RPC - Endpoint\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dce_rpc.endpoint\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Endpoint\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"DCE/RPC - Endpoint\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dce_rpc.endpoint\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Endpoint\"}}],\"listeners\":{}}", "description": "", "title": "DCE/RPC - Endpoint", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -239,7 +239,7 @@ "updated_at": "2021-02-10T21:24:27.443Z", "version": "WzQ0MSwxXQ==", "attributes": { - "visState": "{\"title\":\"DCE/RPC - Named Pipe\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dce_rpc.named_pipe\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Named Pipe\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"DCE/RPC - Named Pipe\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dce_rpc.named_pipe\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Named Pipe\"}}],\"listeners\":{}}", "description": "", "title": "DCE/RPC - Named Pipe", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -269,7 +269,7 @@ "updated_at": "2021-02-10T21:24:27.443Z", "version": "WzQ0MiwxXQ==", "attributes": { - "visState": "{\"title\":\"DCE/RPC - Operation\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dce_rpc.operation\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Operation\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"DCE/RPC - Operation\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dce_rpc.operation\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Operation\"}}],\"listeners\":{}}", "description": "", "title": "DCE/RPC - Operation", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -300,7 +300,7 @@ "version": "WzQ0MywxXQ==", "attributes": { "title": "DCE/RPC - Round Trip Time", - "visState": "{\"title\":\"DCE/RPC - Round Trip Time\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dce_rpc.rtt\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"_term\",\"customLabel\":\"Round Trip Time\"}}]}", + "visState": "{\"title\":\"DCE/RPC - Round Trip Time\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dce_rpc.rtt\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"_term\",\"customLabel\":\"Round Trip Time\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, @@ -360,7 +360,7 @@ "version": "WzQ0NSwxXQ==", "attributes": { "title": "DCE/RPC - Destination Port", - "visState": "{\"title\":\"DCE/RPC - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination Port\"}}]}", + "visState": "{\"title\":\"DCE/RPC - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination Port\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, @@ -390,7 +390,7 @@ "version": "WzQ0NiwxXQ==", "attributes": { "title": "DCE/RPC - Summary", - "visState": "{\"title\":\"DCE/RPC - Summary\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dce_rpc.endpoint\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Endpoint\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dce_rpc.operation\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Operation\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dce_rpc.named_pipe\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Named Pipe\"}}]}", + "visState": "{\"title\":\"DCE/RPC - Summary\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dce_rpc.endpoint\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Endpoint\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dce_rpc.operation\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Operation\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dce_rpc.named_pipe\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Named Pipe\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/4a073440-b286-11eb-a4d4-09fa12a6ebd4.json b/dashboards/dashboards/4a073440-b286-11eb-a4d4-09fa12a6ebd4.json index 07b3051a7..226c566f8 100644 --- a/dashboards/dashboards/4a073440-b286-11eb-a4d4-09fa12a6ebd4.json +++ b/dashboards/dashboards/4a073440-b286-11eb-a4d4-09fa12a6ebd4.json @@ -165,7 +165,7 @@ "version": "WzEyODcsMV0=", "attributes": { "title": "EtherCAT - Source", - "visState": "{\"title\":\"EtherCAT - Source\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.mac\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source MAC\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.oui\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"unknown\",\"customLabel\":\"Source OUI\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"EtherCAT - Source\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.mac\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source MAC\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.oui\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"unknown\",\"customLabel\":\"Source OUI\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -195,7 +195,7 @@ "version": "WzEzMDYsMV0=", "attributes": { "title": "EtherCAT - Destination", - "visState": "{\"title\":\"EtherCAT - Destination\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.mac\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination MAC\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.oui\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"unknown\",\"customLabel\":\"Destination OUI\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"EtherCAT - Destination\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.mac\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination MAC\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.oui\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"unknown\",\"customLabel\":\"Destination OUI\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -225,7 +225,7 @@ "version": "WzE0ODgsMV0=", "attributes": { "title": "EtherCAT - Commands", - "visState": "{\"title\":\"EtherCAT - Commands\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Command\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":15,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"EtherCAT - Commands\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Command\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":15,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -255,7 +255,7 @@ "version": "WzE1NzcsMV0=", "attributes": { "title": "EtherCAT - Register Types and Commands", - "visState": "{\"title\":\"EtherCAT - Register Types and Commands\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.ecat_registers.register_type\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Register Type\"},\"schema\":\"bucket\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Command\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":15,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"EtherCAT - Register Types and Commands\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.ecat_registers.register_type\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Register Type\"},\"schema\":\"bucket\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Command\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":15,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/4a4bde20-4760-11ea-949c-bbb5a9feecbf.json b/dashboards/dashboards/4a4bde20-4760-11ea-949c-bbb5a9feecbf.json index 65b3d609d..733456fe1 100644 --- a/dashboards/dashboards/4a4bde20-4760-11ea-949c-bbb5a9feecbf.json +++ b/dashboards/dashboards/4a4bde20-4760-11ea-949c-bbb5a9feecbf.json @@ -175,7 +175,7 @@ "version": "WzQ1MiwxXQ==", "attributes": { "title": "ICS/IoT External Traffic", - "visState": "{\"title\":\"ICS/IoT External Traffic\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":5,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"ip\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":3,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"ip\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":4,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Destination Country\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Protocol\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":499,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.geo.country_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Source Country\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":500,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"}},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.geo.country_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Destination Country\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Destination Country\"}}]}", + "visState": "{\"title\":\"ICS/IoT External Traffic\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":5,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"ip\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":3,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"ip\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":4,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Destination Country\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Protocol\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.geo.country_name\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Source Country\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"}},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.geo.country_name\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Destination Country\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Destination Country\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, @@ -264,7 +264,7 @@ "version": "WzQ1NSwxXQ==", "attributes": { "title": "ICS/IoT Source IP", - "visState": "{\"title\":\"ICS/IoT Source IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"ip\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":500,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"-\",\"customLabel\":\"Protocol\"}}]}", + "visState": "{\"title\":\"ICS/IoT Source IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"ip\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"-\",\"customLabel\":\"Protocol\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -294,7 +294,7 @@ "version": "WzQ1NiwxXQ==", "attributes": { "title": "ICS/IoT Actions and Results", - "visState": "{\"title\":\"ICS/IoT Actions and Results\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Protocol\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Action\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Protocol\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"-\",\"customLabel\":\"Action\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.result\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Result\"}}]}", + "visState": "{\"title\":\"ICS/IoT Actions and Results\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Protocol\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Action\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Protocol\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"-\",\"customLabel\":\"Action\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.result\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Result\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -324,7 +324,7 @@ "version": "WzQ1NywxXQ==", "attributes": { "title": "ICS/IoT Destination IP", - "visState": "{\"title\":\"ICS/IoT Destination IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"ip\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":500,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"-\",\"customLabel\":\"Protocol\"}}]}", + "visState": "{\"title\":\"ICS/IoT Destination IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"ip\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"-\",\"customLabel\":\"Protocol\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -354,7 +354,7 @@ "version": "WzQ1OCwxXQ==", "attributes": { "title": "File Types by Transport", - "visState": "{\"title\":\"File Types by Transport\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":true,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"file.mime_type\",\"orderBy\":\"_key\",\"order\":\"desc\",\"size\":500,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"File Type\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"file.source\",\"orderBy\":\"_key\",\"order\":\"desc\",\"size\":50,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Transport\"}}]}", + "visState": "{\"title\":\"File Types by Transport\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":true,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"file.mime_type\",\"orderBy\":\"_key\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"File Type\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"file.source\",\"orderBy\":\"_key\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Transport\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/4e5f106e-c60a-4226-8f64-d534abb912ab.json b/dashboards/dashboards/4e5f106e-c60a-4226-8f64-d534abb912ab.json index 0dd1a359e..e828282bf 100644 --- a/dashboards/dashboards/4e5f106e-c60a-4226-8f64-d534abb912ab.json +++ b/dashboards/dashboards/4e5f106e-c60a-4226-8f64-d534abb912ab.json @@ -139,7 +139,7 @@ "updated_at": "2023-11-14T19:18:39.742Z", "version": "WzM1NSwxXQ==", "attributes": { - "visState": "{\"title\":\"SNMP - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"SNMP - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", "description": "", "title": "SNMP - Source IP Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -170,7 +170,7 @@ "version": "WzM1NiwxXQ==", "attributes": { "title": "SNMP - Destination IP Address", - "visState": "{\"title\":\"SNMP - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"IP Address\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Port\"}}]}", + "visState": "{\"title\":\"SNMP - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"IP Address\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Port\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -199,7 +199,7 @@ "updated_at": "2023-11-14T19:18:39.742Z", "version": "WzM1NywxXQ==", "attributes": { - "visState": "{\"title\":\"SNMP - Session Duration\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.snmp.duration\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Duration\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"SNMP - Session Duration\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.snmp.duration\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Duration\"}}],\"listeners\":{}}", "description": "", "title": "SNMP - Session Duration", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -260,7 +260,7 @@ "version": "WzM1OSwxXQ==", "attributes": { "title": "SNMP - Community String", - "visState": "{\"title\":\"SNMP - Community String\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.snmp.community\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Community String\"}}]}", + "visState": "{\"title\":\"SNMP - Community String\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.snmp.community\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Community String\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/50ced171-1b10-4c3f-8b67-2db9635661a6.json b/dashboards/dashboards/50ced171-1b10-4c3f-8b67-2db9635661a6.json index 7c9590cfa..7c14a1caf 100644 --- a/dashboards/dashboards/50ced171-1b10-4c3f-8b67-2db9635661a6.json +++ b/dashboards/dashboards/50ced171-1b10-4c3f-8b67-2db9635661a6.json @@ -180,7 +180,7 @@ "version": "WzQ3NywxXQ==", "attributes": { "title": "MySQL - Commands", - "visState": "{\"title\":\"MySQL - Commands\",\"type\":\"table\",\"params\":{\"perPage\":20,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":4,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Command\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Argument\",\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Response\",\"aggType\":\"terms\"},{\"accessor\":3,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Success\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.mysql.cmd\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Command\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.mysql.arg\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Argument\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.mysql.response\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Response\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.mysql.success\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Success\"}}]}", + "visState": "{\"title\":\"MySQL - Commands\",\"type\":\"table\",\"params\":{\"perPage\":20,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":4,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Command\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Argument\",\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Response\",\"aggType\":\"terms\"},{\"accessor\":3,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Success\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.mysql.cmd\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Command\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.mysql.arg\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Argument\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.mysql.response\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Response\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.mysql.success\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Success\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":4,\"direction\":\"desc\"}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/543118a9-02d7-43fe-b669-b8652177fc37.json b/dashboards/dashboards/543118a9-02d7-43fe-b669-b8652177fc37.json index c1a32a920..bc02dc380 100644 --- a/dashboards/dashboards/543118a9-02d7-43fe-b669-b8652177fc37.json +++ b/dashboards/dashboards/543118a9-02d7-43fe-b669-b8652177fc37.json @@ -150,7 +150,7 @@ "version": "WzQ4MiwxXQ==", "attributes": { "title": "NTLM - Hostname", - "visState": "{\"title\":\"NTLM - Hostname\",\"type\":\"table\",\"params\":{\"perPage\":15,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Hostname\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.ntlm.host\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Hostname\"}}]}", + "visState": "{\"title\":\"NTLM - Hostname\",\"type\":\"table\",\"params\":{\"perPage\":15,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Hostname\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.ntlm.host\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Hostname\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, @@ -179,7 +179,7 @@ "updated_at": "2021-02-10T21:24:31.603Z", "version": "WzQ4MywxXQ==", "attributes": { - "visState": "{\"title\":\"NTLM - Domain Name\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.ntlm.domain\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Domain\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"NTLM - Domain Name\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.ntlm.domain\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Domain\"}}],\"listeners\":{}}", "description": "", "title": "NTLM - Domain Name", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -209,7 +209,7 @@ "updated_at": "2021-02-10T21:24:31.603Z", "version": "WzQ4NCwxXQ==", "attributes": { - "visState": "{\"title\":\"NTLM - Username\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"related.user\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Username\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"NTLM - Username\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"related.user\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Username\"}}],\"listeners\":{}}", "description": "", "title": "NTLM - Username", "uiStateJSON": "{\n \"vis\": {\n \"params\": {\n \"sort\": {\n \"columnIndex\": null,\n \"direction\": null\n }\n }\n }\n}", @@ -239,7 +239,7 @@ "updated_at": "2021-02-10T21:24:31.603Z", "version": "WzQ4NSwxXQ==", "attributes": { - "visState": "{\"title\":\"NTLM - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"NTLM - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", "description": "", "title": "NTLM - Destination IP Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -269,7 +269,7 @@ "updated_at": "2021-02-10T21:24:31.603Z", "version": "WzQ4NiwxXQ==", "attributes": { - "visState": "{\"title\":\"NTLM - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"NTLM - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", "description": "", "title": "NTLM - Source IP Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -299,7 +299,7 @@ "updated_at": "2021-02-10T21:24:31.603Z", "version": "WzQ4NywxXQ==", "attributes": { - "visState": "{\"title\":\"NTLM - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"NTLM - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}", "description": "", "title": "NTLM - Destination Port", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -360,7 +360,7 @@ "version": "WzQ4OSwxXQ==", "attributes": { "title": "NTLM - Hostname to Username", - "visState": "{\"title\":\"NTLM - Hostname to Username\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.ntlm.host\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Hostname\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"related.user\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Username\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.ntlm.domain\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Domain\"}}]}", + "visState": "{\"title\":\"NTLM - Hostname to Username\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.ntlm.host\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Hostname\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"related.user\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Username\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.ntlm.domain\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Domain\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/55e332d0-3f99-11e9-a58e-8bdedb0915e8.json b/dashboards/dashboards/55e332d0-3f99-11e9-a58e-8bdedb0915e8.json index bb8112815..6f99724ce 100644 --- a/dashboards/dashboards/55e332d0-3f99-11e9-a58e-8bdedb0915e8.json +++ b/dashboards/dashboards/55e332d0-3f99-11e9-a58e-8bdedb0915e8.json @@ -70,7 +70,7 @@ "version": "WzQ5NCwxXQ==", "attributes": { "title": "Connections - Destination - Originator Bytes (region map)", - "visState": "{\"title\":\"Connections - Destination - Originator Bytes (region map)\",\"type\":\"region_map\",\"params\":{\"addTooltip\":true,\"colorSchema\":\"Green to Red\",\"emsHotLink\":null,\"isDisplayWarning\":false,\"legendPosition\":\"bottomright\",\"mapCenter\":[0,0],\"mapZoom\":3,\"outlineWeight\":1,\"selectedJoinField\":{\"description\":\"Country Code\",\"name\":\"ISO_A2\"},\"selectedLayer\":{\"attribution\":\"https://exploratory.io/maps\",\"fields\":[{\"description\":\"Country Code\",\"name\":\"ISO_A2\"},{\"description\":\"Country Code2\",\"name\":\"WB_A2\"},{\"description\":\"Country Name\",\"name\":\"NAME\"}],\"format\":{\"type\":\"geojson\"},\"isEMS\":false,\"layerId\":\"self_hosted.World (offline)\",\"meta\":{\"feature_collection_path\":\"data\"},\"name\":\"World (offline)\",\"url\":\"/world.geojson\"},\"showAllShapes\":true,\"wms\":{\"enabled\":false,\"options\":{\"format\":\"image/png\",\"transparent\":true}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"client.bytes\",\"customLabel\":\"Originator Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destination.geo.country_iso_code\",\"size\":250,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Responder Country\"}}]}", + "visState": "{\"title\":\"Connections - Destination - Originator Bytes (region map)\",\"type\":\"region_map\",\"params\":{\"addTooltip\":true,\"colorSchema\":\"Green to Red\",\"emsHotLink\":null,\"isDisplayWarning\":false,\"legendPosition\":\"bottomright\",\"mapCenter\":[0,0],\"mapZoom\":3,\"outlineWeight\":1,\"selectedJoinField\":{\"description\":\"Country Code\",\"name\":\"ISO_A2\"},\"selectedLayer\":{\"attribution\":\"https://exploratory.io/maps\",\"fields\":[{\"description\":\"Country Code\",\"name\":\"ISO_A2\"},{\"description\":\"Country Code2\",\"name\":\"WB_A2\"},{\"description\":\"Country Name\",\"name\":\"NAME\"}],\"format\":{\"type\":\"geojson\"},\"isEMS\":false,\"layerId\":\"self_hosted.World (offline)\",\"meta\":{\"feature_collection_path\":\"data\"},\"name\":\"World (offline)\",\"url\":\"/world.geojson\"},\"showAllShapes\":true,\"wms\":{\"enabled\":false,\"options\":{\"format\":\"image/png\",\"transparent\":true}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"client.bytes\",\"customLabel\":\"Originator Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destination.geo.country_iso_code\",,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Responder Country\"}}]}", "uiStateJSON": "{\"mapCenter\":[0,0],\"mapZoom\":3}", "description": "", "version": 1, diff --git a/dashboards/dashboards/5694ca60-cbdf-11ec-a50a-5fedd672f5c5.json b/dashboards/dashboards/5694ca60-cbdf-11ec-a50a-5fedd672f5c5.json index 292dc28f2..cb81f141d 100644 --- a/dashboards/dashboards/5694ca60-cbdf-11ec-a50a-5fedd672f5c5.json +++ b/dashboards/dashboards/5694ca60-cbdf-11ec-a50a-5fedd672f5c5.json @@ -180,7 +180,7 @@ "version": "Wzk1MCwxXQ==", "attributes": { "title": "Alerts - Tags", - "visState": "{\"title\":\"Alerts - Tags\",\"type\":\"tagcloud\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"tags\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"tags\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"},\"schema\":\"segment\"}],\"params\":{\"scale\":\"square root\",\"orientation\":\"single\",\"minFontSize\":18,\"maxFontSize\":48,\"showLabel\":false}}", + "visState": "{\"title\":\"Alerts - Tags\",\"type\":\"tagcloud\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"tags\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"tags\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"},\"schema\":\"segment\"}],\"params\":{\"scale\":\"square root\",\"orientation\":\"single\",\"minFontSize\":18,\"maxFontSize\":48,\"showLabel\":false}}", "uiStateJSON": "{}", "description": "", "version": 1, @@ -240,7 +240,7 @@ "version": "WzM5MywxXQ==", "attributes": { "title": "Alerts - Target", - "visState": "{\"title\":\"Alerts - Target\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"vulnerability.category\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Target\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Alerts - Target\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"vulnerability.category\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Target\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -270,7 +270,7 @@ "version": "WzM5NCwxXQ==", "attributes": { "title": "Alerts - Name", - "visState": "{\"title\":\"Alerts - Name\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"rule.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Name\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Alerts - Name\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"rule.name\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Name\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -300,7 +300,7 @@ "version": "WzM5NSwxXQ==", "attributes": { "title": "Alerts - Source", - "visState": "{\"title\":\"Alerts - Source\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Alerts - Source\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -330,7 +330,7 @@ "version": "WzM5NiwxXQ==", "attributes": { "title": "Alerts - Destination", - "visState": "{\"title\":\"Alerts - Destination\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Port\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Alerts - Destination\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Port\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -360,7 +360,7 @@ "version": "WzM5NywxXQ==", "attributes": { "title": "Alerts - Destination Country", - "visState": "{\"title\":\"Alerts - Destination Country\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.geo.country_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Country\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Alerts - Destination Country\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.geo.country_name\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Country\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -390,7 +390,7 @@ "version": "WzM5OCwxXQ==", "attributes": { "title": "Alerts - Source Country", - "visState": "{\"title\":\"Alerts - Source Country\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.geo.country_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source Country\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Alerts - Source Country\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.geo.country_name\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source Country\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/665d1610-523d-11e9-a30e-e3576242f3ed.json b/dashboards/dashboards/665d1610-523d-11e9-a30e-e3576242f3ed.json index 625bd0ecf..e7a1b5ec1 100644 --- a/dashboards/dashboards/665d1610-523d-11e9-a30e-e3576242f3ed.json +++ b/dashboards/dashboards/665d1610-523d-11e9-a30e-e3576242f3ed.json @@ -1,314 +1,314 @@ -{ - "version": "1.3.1", - "objects": [ - { - "id": "665d1610-523d-11e9-a30e-e3576242f3ed", - "type": "dashboard", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-04T18:24:09.052Z", - "version": "WzExNTEsMV0=", - "attributes": { - "title": "Signatures", - "hits": 0, - "description": "", - "panelsJSON": "[{\"version\":\"1.3.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":35,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"1.3.1\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_1\"},{\"version\":\"1.3.1\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"1.3.1\",\"gridData\":{\"x\":0,\"y\":62,\"w\":48,\"h\":48,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"1.3.1\",\"gridData\":{\"x\":8,\"y\":8,\"w\":20,\"h\":27,\"i\":\"9670ac8c-687e-4c2f-a286-ce60d1976764\"},\"panelIndex\":\"9670ac8c-687e-4c2f-a286-ce60d1976764\",\"embeddableConfig\":{\"title\":\"Signatures - Engine\",\"hidePanelTitles\":false},\"title\":\"Signatures - Engine\",\"panelRefName\":\"panel_4\"},{\"version\":\"1.3.1\",\"gridData\":{\"x\":28,\"y\":8,\"w\":20,\"h\":27,\"i\":\"9a91a175-49c6-4874-9dd0-1694eb4a4460\"},\"panelIndex\":\"9a91a175-49c6-4874-9dd0-1694eb4a4460\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}},\"panelRefName\":\"panel_5\"},{\"version\":\"1.3.1\",\"gridData\":{\"x\":0,\"y\":35,\"w\":31,\"h\":27,\"i\":\"22d706d6-533a-461b-88f4-aee0cc45b5ce\"},\"panelIndex\":\"22d706d6-533a-461b-88f4-aee0cc45b5ce\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"1.3.1\",\"gridData\":{\"x\":31,\"y\":35,\"w\":17,\"h\":27,\"i\":\"93ed203d-187e-4e7e-9299-c115cba775fd\"},\"panelIndex\":\"93ed203d-187e-4e7e-9299-c115cba775fd\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"}]", - "optionsJSON": "{\"useMargins\":true}", - "version": 1, - "timeRestore": false, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"*\"},\"filter\":[]}" - } - }, - "references": [ - { - "name": "panel_0", - "type": "visualization", - "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3" - }, - { - "name": "panel_1", - "type": "visualization", - "id": "0927a2fa-f94e-4f68-a23b-5054ed2e171a" - }, - { - "name": "panel_2", - "type": "visualization", - "id": "8356c570-523f-11e9-a30e-e3576242f3ed" - }, - { - "name": "panel_3", - "type": "search", - "id": "34dd33c0-523f-11e9-a30e-e3576242f3ed" - }, - { - "name": "panel_4", - "type": "visualization", - "id": "baa9f5b0-cb22-11ec-ae74-a92fc0e09cde" - }, - { - "name": "panel_5", - "type": "visualization", - "id": "02ae9d40-cb21-11ec-ae74-a92fc0e09cde" - }, - { - "name": "panel_6", - "type": "visualization", - "id": "0e9b1a00-525e-11e9-9bd7-13d6d1bafa75" - }, - { - "name": "panel_7", - "type": "visualization", - "id": "2b389b60-cbd7-11ec-a50a-5fedd672f5c5" - } - ], - "migrationVersion": { - "dashboard": "7.9.3" - } - }, - { - "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-04T17:53:15.100Z", - "version": "Wzc4NCwxXQ==", - "attributes": { - "title": "Network Logs", - "visState": "{\"title\":\"Network Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576) \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405) \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf) \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330) \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4) \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed) \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714) \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3) \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85) \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11) \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f) \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b) \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1) \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed) \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5) \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f) \\n[↪ NetBox](/netbox/) \\n[↪ Arkime](/arkime/) \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406) ● [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e) ● [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9) ● [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48) ● [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) ● [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3) ● [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673) ● [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24) ● [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105) ● [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6) ● [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37) ● [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586) ● [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0) ● [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c) ● [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970) ● [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0) ● [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26) ● [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa) ● [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773) ● [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f) ● [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab) ● [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238) ● [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3) ● [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd) ● [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d) ● [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88) ● [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2) ● [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194) ● [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad) ● [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3) ● [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4) ● [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194) ● [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7) ● [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8) ● [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4) ● [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194) ● [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194) ● [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4) ● [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}", - "uiStateJSON": "{}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}" - } - }, - "references": [], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "0927a2fa-f94e-4f68-a23b-5054ed2e171a", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-04T17:52:37.808Z", - "version": "WzM2NSwxXQ==", - "attributes": { - "title": "Signatures - Log Count Over Time", - "visState": "{\"title\":\"Signatures - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"histogram\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"type\":\"histogram\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER\",\"useNormalizedEsInterval\":true,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\" \"}}]}", - "uiStateJSON": "{}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"event.provider:zeek AND event.dataset:signatures\",\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" - } - }, - "references": [ - { - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern", - "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "8356c570-523f-11e9-a30e-e3576242f3ed", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-04T17:52:37.808Z", - "version": "WzM2NiwxXQ==", - "attributes": { - "title": "Signatures - Log Count", - "visState": "{\"title\":\"Signatures - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":false},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"\"}}]}", - "uiStateJSON": "{}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "type": "search", - "name": "search_0", - "id": "34dd33c0-523f-11e9-a30e-e3576242f3ed" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "34dd33c0-523f-11e9-a30e-e3576242f3ed", - "type": "search", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-04T17:52:47.890Z", - "version": "WzQ5NCwxXQ==", - "attributes": { - "title": "Signatures - Logs", - "description": "", - "hits": 0, - "columns": [ - "event.module", - "rule.category", - "rule.name", - "rule.id", - "event.id" - ], - "sort": [ - [ - "MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER", - "desc" - ] - ], - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"event.provider:zeek AND event.dataset:signatures\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" - } - }, - "references": [ - { - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern", - "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" - } - ], - "migrationVersion": { - "search": "7.9.3" - } - }, - { - "id": "baa9f5b0-cb22-11ec-ae74-a92fc0e09cde", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-04T17:52:37.808Z", - "version": "WzM2OCwxXQ==", - "attributes": { - "title": "Signatures - Engine Cloud", - "visState": "{\"title\":\"Signatures - Engine Cloud\",\"type\":\"tagcloud\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.module\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"},\"schema\":\"segment\"}],\"params\":{\"scale\":\"log\",\"orientation\":\"single\",\"minFontSize\":18,\"maxFontSize\":72,\"showLabel\":false}}", - "uiStateJSON": "{}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "34dd33c0-523f-11e9-a30e-e3576242f3ed" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "02ae9d40-cb21-11ec-ae74-a92fc0e09cde", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-04T17:52:37.808Z", - "version": "WzM3MCwxXQ==", - "attributes": { - "title": "Signatures - Name", - "visState": "{\"title\":\"Signatures - Name\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"rule.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":1000,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Signature\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":20,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "34dd33c0-523f-11e9-a30e-e3576242f3ed" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "0e9b1a00-525e-11e9-9bd7-13d6d1bafa75", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-04T18:08:23.728Z", - "version": "WzEwNzksMV0=", - "attributes": { - "title": "Signatures - Category", - "visState": "{\"title\":\"Signatures - Category\",\"type\":\"horizontal_bar\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\" \"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"rule.category\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\" \"},\"schema\":\"segment\"}],\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":40},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"square root\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":20},\"title\":{\"text\":\" \"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\" \",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"times\":[],\"addTimeMarker\":false,\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"dimensions\":{\"x\":{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Signature ID\",\"aggType\":\"terms\"},\"y\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}]}}}", - "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "34dd33c0-523f-11e9-a30e-e3576242f3ed" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "2b389b60-cbd7-11ec-a50a-5fedd672f5c5", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-04T18:22:34.518Z", - "version": "WzExMTEsMV0=", - "attributes": { - "title": "Signatures - Tactic and Technique", - "visState": "{\"title\":\"Signatures - Tactic and Technique\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"threat.tactic.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Tactic\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"threat.technique.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Technique\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":20,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"threat.technique.name:* OR threat.tactic.name:*\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "34dd33c0-523f-11e9-a30e-e3576242f3ed" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - } - ] +{ + "version": "1.3.1", + "objects": [ + { + "id": "665d1610-523d-11e9-a30e-e3576242f3ed", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-04T18:24:09.052Z", + "version": "WzExNTEsMV0=", + "attributes": { + "title": "Signatures", + "hits": 0, + "description": "", + "panelsJSON": "[{\"version\":\"1.3.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":35,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"1.3.1\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_1\"},{\"version\":\"1.3.1\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"1.3.1\",\"gridData\":{\"x\":0,\"y\":62,\"w\":48,\"h\":48,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"1.3.1\",\"gridData\":{\"x\":8,\"y\":8,\"w\":20,\"h\":27,\"i\":\"9670ac8c-687e-4c2f-a286-ce60d1976764\"},\"panelIndex\":\"9670ac8c-687e-4c2f-a286-ce60d1976764\",\"embeddableConfig\":{\"title\":\"Signatures - Engine\",\"hidePanelTitles\":false},\"title\":\"Signatures - Engine\",\"panelRefName\":\"panel_4\"},{\"version\":\"1.3.1\",\"gridData\":{\"x\":28,\"y\":8,\"w\":20,\"h\":27,\"i\":\"9a91a175-49c6-4874-9dd0-1694eb4a4460\"},\"panelIndex\":\"9a91a175-49c6-4874-9dd0-1694eb4a4460\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}},\"panelRefName\":\"panel_5\"},{\"version\":\"1.3.1\",\"gridData\":{\"x\":0,\"y\":35,\"w\":31,\"h\":27,\"i\":\"22d706d6-533a-461b-88f4-aee0cc45b5ce\"},\"panelIndex\":\"22d706d6-533a-461b-88f4-aee0cc45b5ce\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"1.3.1\",\"gridData\":{\"x\":31,\"y\":35,\"w\":17,\"h\":27,\"i\":\"93ed203d-187e-4e7e-9299-c115cba775fd\"},\"panelIndex\":\"93ed203d-187e-4e7e-9299-c115cba775fd\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"}]", + "optionsJSON": "{\"useMargins\":true}", + "version": 1, + "timeRestore": false, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"*\"},\"filter\":[]}" + } + }, + "references": [ + { + "name": "panel_0", + "type": "visualization", + "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3" + }, + { + "name": "panel_1", + "type": "visualization", + "id": "0927a2fa-f94e-4f68-a23b-5054ed2e171a" + }, + { + "name": "panel_2", + "type": "visualization", + "id": "8356c570-523f-11e9-a30e-e3576242f3ed" + }, + { + "name": "panel_3", + "type": "search", + "id": "34dd33c0-523f-11e9-a30e-e3576242f3ed" + }, + { + "name": "panel_4", + "type": "visualization", + "id": "baa9f5b0-cb22-11ec-ae74-a92fc0e09cde" + }, + { + "name": "panel_5", + "type": "visualization", + "id": "02ae9d40-cb21-11ec-ae74-a92fc0e09cde" + }, + { + "name": "panel_6", + "type": "visualization", + "id": "0e9b1a00-525e-11e9-9bd7-13d6d1bafa75" + }, + { + "name": "panel_7", + "type": "visualization", + "id": "2b389b60-cbd7-11ec-a50a-5fedd672f5c5" + } + ], + "migrationVersion": { + "dashboard": "7.9.3" + } + }, + { + "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-04T17:53:15.100Z", + "version": "Wzc4NCwxXQ==", + "attributes": { + "title": "Network Logs", + "visState": "{\"title\":\"Network Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576) \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405) \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf) \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330) \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4) \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed) \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714) \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3) \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85) \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11) \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f) \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b) \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1) \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed) \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5) \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f) \\n[↪ NetBox](/netbox/) \\n[↪ Arkime](/arkime/) \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406) ● [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e) ● [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9) ● [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48) ● [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) ● [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3) ● [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673) ● [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24) ● [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105) ● [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6) ● [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37) ● [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586) ● [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0) ● [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c) ● [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970) ● [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0) ● [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26) ● [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa) ● [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773) ● [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f) ● [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab) ● [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238) ● [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3) ● [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd) ● [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d) ● [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88) ● [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2) ● [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194) ● [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad) ● [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3) ● [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4) ● [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194) ● [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7) ● [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8) ● [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4) ● [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194) ● [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194) ● [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4) ● [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}", + "uiStateJSON": "{}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}" + } + }, + "references": [], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "0927a2fa-f94e-4f68-a23b-5054ed2e171a", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-04T17:52:37.808Z", + "version": "WzM2NSwxXQ==", + "attributes": { + "title": "Signatures - Log Count Over Time", + "visState": "{\"title\":\"Signatures - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"histogram\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"type\":\"histogram\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER\",\"useNormalizedEsInterval\":true,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\" \"}}]}", + "uiStateJSON": "{}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"event.provider:zeek AND event.dataset:signatures\",\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" + } + }, + "references": [ + { + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern", + "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "8356c570-523f-11e9-a30e-e3576242f3ed", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-04T17:52:37.808Z", + "version": "WzM2NiwxXQ==", + "attributes": { + "title": "Signatures - Log Count", + "visState": "{\"title\":\"Signatures - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":false},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"\"}}]}", + "uiStateJSON": "{}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "type": "search", + "name": "search_0", + "id": "34dd33c0-523f-11e9-a30e-e3576242f3ed" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "34dd33c0-523f-11e9-a30e-e3576242f3ed", + "type": "search", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-04T17:52:47.890Z", + "version": "WzQ5NCwxXQ==", + "attributes": { + "title": "Signatures - Logs", + "description": "", + "hits": 0, + "columns": [ + "event.module", + "rule.category", + "rule.name", + "rule.id", + "event.id" + ], + "sort": [ + [ + "MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER", + "desc" + ] + ], + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"event.provider:zeek AND event.dataset:signatures\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" + } + }, + "references": [ + { + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern", + "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" + } + ], + "migrationVersion": { + "search": "7.9.3" + } + }, + { + "id": "baa9f5b0-cb22-11ec-ae74-a92fc0e09cde", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-04T17:52:37.808Z", + "version": "WzM2OCwxXQ==", + "attributes": { + "title": "Signatures - Engine Cloud", + "visState": "{\"title\":\"Signatures - Engine Cloud\",\"type\":\"tagcloud\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.module\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"},\"schema\":\"segment\"}],\"params\":{\"scale\":\"log\",\"orientation\":\"single\",\"minFontSize\":18,\"maxFontSize\":72,\"showLabel\":false}}", + "uiStateJSON": "{}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "34dd33c0-523f-11e9-a30e-e3576242f3ed" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "02ae9d40-cb21-11ec-ae74-a92fc0e09cde", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-04T17:52:37.808Z", + "version": "WzM3MCwxXQ==", + "attributes": { + "title": "Signatures - Name", + "visState": "{\"title\":\"Signatures - Name\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"rule.name\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Signature\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":20,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "34dd33c0-523f-11e9-a30e-e3576242f3ed" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "0e9b1a00-525e-11e9-9bd7-13d6d1bafa75", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-04T18:08:23.728Z", + "version": "WzEwNzksMV0=", + "attributes": { + "title": "Signatures - Category", + "visState": "{\"title\":\"Signatures - Category\",\"type\":\"horizontal_bar\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\" \"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"rule.category\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\" \"},\"schema\":\"segment\"}],\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":40},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"square root\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":20},\"title\":{\"text\":\" \"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\" \",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"times\":[],\"addTimeMarker\":false,\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"dimensions\":{\"x\":{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Signature ID\",\"aggType\":\"terms\"},\"y\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}]}}}", + "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "34dd33c0-523f-11e9-a30e-e3576242f3ed" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "2b389b60-cbd7-11ec-a50a-5fedd672f5c5", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-04T18:22:34.518Z", + "version": "WzExMTEsMV0=", + "attributes": { + "title": "Signatures - Tactic and Technique", + "visState": "{\"title\":\"Signatures - Tactic and Technique\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"threat.tactic.name\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Tactic\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"threat.technique.name\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Technique\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":20,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"threat.technique.name:* OR threat.tactic.name:*\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "34dd33c0-523f-11e9-a30e-e3576242f3ed" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + } + ] } \ No newline at end of file diff --git a/dashboards/dashboards/677ee170-809e-11ed-8d5b-07069f823b6f.json b/dashboards/dashboards/677ee170-809e-11ed-8d5b-07069f823b6f.json index 74a772b37..4e6285f41 100644 --- a/dashboards/dashboards/677ee170-809e-11ed-8d5b-07069f823b6f.json +++ b/dashboards/dashboards/677ee170-809e-11ed-8d5b-07069f823b6f.json @@ -140,7 +140,7 @@ "version": "WzQxNywxXQ==", "attributes": { "title": "Source Device Type", - "visState": "{\"title\":\"Source Device Type\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.device.manufacturer\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Manufacturer\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.device.device_type\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Type\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.device.role\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Role\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Source Device Type\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.device.manufacturer\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Manufacturer\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.device.device_type\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Type\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.device.role\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Role\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -170,7 +170,7 @@ "version": "WzQxOCwxXQ==", "attributes": { "title": "Traffic by Network Segment", - "visState": "{\"title\":\"Traffic by Network Segment\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Log Count\"},\"schema\":\"metric\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"related.site\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Site\"},\"schema\":\"bucket\"},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.direction\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"unknown\",\"customLabel\":\"Direction\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.segment.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Source Segment\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.segment.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Destination Segment\"},\"schema\":\"bucket\"},{\"id\":\"7\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Total Packets\"},\"schema\":\"metric\"},{\"id\":\"8\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Total Bytes\"},\"schema\":\"metric\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Traffic by Network Segment\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Log Count\"},\"schema\":\"metric\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"related.site\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Site\"},\"schema\":\"bucket\"},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.direction\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"unknown\",\"customLabel\":\"Direction\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.segment.name\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Source Segment\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.segment.name\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Destination Segment\"},\"schema\":\"bucket\"},{\"id\":\"7\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Total Packets\"},\"schema\":\"metric\"},{\"id\":\"8\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Total Bytes\"},\"schema\":\"metric\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":6,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -200,7 +200,7 @@ "version": "WzQxOSwxXQ==", "attributes": { "title": "Destination Device Type", - "visState": "{\"title\":\"Destination Device Type\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.device.manufacturer\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Manufacturer\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.device.device_type\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Type\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.device.role\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Role\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Destination Device Type\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.device.manufacturer\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Manufacturer\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.device.device_type\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Type\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.device.role\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Role\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -290,7 +290,7 @@ "version": "Wzk0OSwxXQ==", "attributes": { "title": "Protocol by Network Segment", - "visState": "{\"title\":\"Protocol by Network Segment\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":150,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"-\",\"customLabel\":\"Network Segment\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.type\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Family\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.transport\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":150,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Transport\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Protocol\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Protocol by Network Segment\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.name\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"-\",\"customLabel\":\"Network Segment\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.type\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Family\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.transport\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Transport\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Protocol\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":4,\"direction\":\"desc\"}},\"sortColumn\":{\"colIndex\":4,\"direction\":\"desc\"}}}", "description": "", "version": 1, @@ -320,7 +320,7 @@ "version": "WzQyMywxXQ==", "attributes": { "title": "Notice, Alert and Signature by Network Segment", - "visState": "{\"title\":\"Notice, Alert and Signature by Network Segment\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.provider\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Provider\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.dataset\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Dataset\"},\"schema\":\"bucket\"},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"related.site\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Site\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Network Segment\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"rule.category\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Category\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Notice, Alert and Signature by Network Segment\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.provider\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Provider\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.dataset\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Dataset\"},\"schema\":\"bucket\"},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"related.site\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Site\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.name\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Network Segment\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"rule.category\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Category\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":5,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -350,7 +350,7 @@ "version": "WzQyNCwxXQ==", "attributes": { "title": "Event Severity by Network Segment", - "visState": "{\"title\":\"Event Severity by Network Segment\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"7\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"related.site\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Site\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Network Segment\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.severity_tags\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Severity Tag\"},\"schema\":\"bucket\"},{\"id\":\"6\",\"enabled\":true,\"type\":\"max\",\"params\":{\"field\":\"event.risk_score\",\"customLabel\":\"High Raw Severity\"},\"schema\":\"metric\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Event Severity by Network Segment\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"7\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"related.site\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Site\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.name\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Network Segment\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.severity_tags\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Severity Tag\"},\"schema\":\"bucket\"},{\"id\":\"6\",\"enabled\":true,\"type\":\"max\",\"params\":{\"field\":\"event.risk_score\",\"customLabel\":\"High Raw Severity\"},\"schema\":\"metric\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":4,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -380,7 +380,7 @@ "version": "WzQyNSwxXQ==", "attributes": { "title": "Source Device Log Counts", - "visState": "{\"title\":\"Source Device Log Counts\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Log Count\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.device.manufacturer\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Manufacturer\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.device.device_type\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Type\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.device.role\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Role\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.device.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Name\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":15,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Source Device Log Counts\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Log Count\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.device.manufacturer\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Manufacturer\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.device.device_type\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Type\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.device.role\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Role\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.device.name\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Name\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":15,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":4,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -410,7 +410,7 @@ "version": "WzQyNiwxXQ==", "attributes": { "title": "Destination Device Log Counts", - "visState": "{\"title\":\"Destination Device Log Counts\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Log Count\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.device.manufacturer\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Manufacturer\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.device.device_type\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Type\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.device.role\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Role\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.device.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Name\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":15,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Destination Device Log Counts\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Log Count\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.device.manufacturer\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Manufacturer\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.device.device_type\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Type\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.device.role\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Role\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.device.name\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Name\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":15,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":4,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -440,7 +440,7 @@ "version": "WzQyNywxXQ==", "attributes": { "title": "Uninventoried Internal Source IPs", - "visState": "{\"title\":\"Uninventoried Internal Source IPs\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.segment.site\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Site\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.segment.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Segment\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Uninventoried Internal Source IPs\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.segment.site\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Site\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.segment.name\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Segment\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -470,7 +470,7 @@ "version": "WzQyOCwxXQ==", "attributes": { "title": "Uninventoried Internal Destination IPs", - "visState": "{\"title\":\"Uninventoried Internal Destination IPs\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.segment.site\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Site\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.segment.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Segment\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Uninventoried Internal Destination IPs\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.segment.site\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Site\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.segment.name\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Segment\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/76f2f912-80da-44cd-ab66-6a73c8344cc3.json b/dashboards/dashboards/76f2f912-80da-44cd-ab66-6a73c8344cc3.json index 49b1454f3..ffaa5396a 100644 --- a/dashboards/dashboards/76f2f912-80da-44cd-ab66-6a73c8344cc3.json +++ b/dashboards/dashboards/76f2f912-80da-44cd-ab66-6a73c8344cc3.json @@ -134,7 +134,7 @@ "updated_at": "2021-02-10T21:24:36.060Z", "version": "WzUxMiwxXQ==", "attributes": { - "visState": "{\"title\":\"IRC - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"IRC - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", "description": "", "title": "IRC - Destination IP Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -164,7 +164,7 @@ "updated_at": "2021-02-10T21:24:36.060Z", "version": "WzUxMywxXQ==", "attributes": { - "visState": "{\"title\":\"IRC - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"IRC - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", "description": "", "title": "IRC - Source IP Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -195,7 +195,7 @@ "version": "WzUxNCwxXQ==", "attributes": { "title": "IRC - Destination Port", - "visState": "{\"title\":\"IRC - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination Port\"}}]}", + "visState": "{\"title\":\"IRC - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination Port\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, @@ -255,7 +255,7 @@ "version": "WzUxNiwxXQ==", "attributes": { "title": "IRC - Destination Country", - "visState": "{\"title\":\"IRC - Destination Country\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.geo.country_name\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination Country\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.geo.city_name\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination City\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination IP Address\"}}]}", + "visState": "{\"title\":\"IRC - Destination Country\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.geo.country_name\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination Country\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.geo.city_name\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination City\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination IP Address\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, @@ -285,7 +285,7 @@ "version": "WzUxNywxXQ==", "attributes": { "title": "IRC - Command", - "visState": "{\"title\":\"IRC - Command\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.irc.command\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Command\"}}]}", + "visState": "{\"title\":\"IRC - Command\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.irc.command\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Command\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/77fc9960-3f99-11e9-a58e-8bdedb0915e8.json b/dashboards/dashboards/77fc9960-3f99-11e9-a58e-8bdedb0915e8.json index 0086705a9..419b43429 100644 --- a/dashboards/dashboards/77fc9960-3f99-11e9-a58e-8bdedb0915e8.json +++ b/dashboards/dashboards/77fc9960-3f99-11e9-a58e-8bdedb0915e8.json @@ -80,7 +80,7 @@ "version": "WzUyMSwxXQ==", "attributes": { "title": "Connections - Destination - Responder Bytes (region map)", - "visState": "{\"title\":\"Connections - Destination - Responder Bytes (region map)\",\"type\":\"region_map\",\"params\":{\"addTooltip\":true,\"colorSchema\":\"Green to Red\",\"emsHotLink\":null,\"isDisplayWarning\":false,\"legendPosition\":\"bottomright\",\"mapCenter\":[0,0],\"mapZoom\":3,\"outlineWeight\":1,\"selectedJoinField\":{\"description\":\"Country Code\",\"name\":\"ISO_A2\"},\"selectedLayer\":{\"attribution\":\"https://exploratory.io/maps\",\"fields\":[{\"description\":\"Country Code\",\"name\":\"ISO_A2\"},{\"description\":\"Country Code2\",\"name\":\"WB_A2\"},{\"description\":\"Country Name\",\"name\":\"NAME\"}],\"format\":{\"type\":\"geojson\"},\"isEMS\":false,\"layerId\":\"self_hosted.World (offline)\",\"meta\":{\"feature_collection_path\":\"data\"},\"name\":\"World (offline)\",\"url\":\"/world.geojson\"},\"showAllShapes\":true,\"wms\":{\"enabled\":false,\"options\":{\"format\":\"image/png\",\"transparent\":true}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"server.bytes\",\"customLabel\":\"Responder Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destination.geo.country_iso_code\",\"size\":250,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Responder Country\"}}]}", + "visState": "{\"title\":\"Connections - Destination - Responder Bytes (region map)\",\"type\":\"region_map\",\"params\":{\"addTooltip\":true,\"colorSchema\":\"Green to Red\",\"emsHotLink\":null,\"isDisplayWarning\":false,\"legendPosition\":\"bottomright\",\"mapCenter\":[0,0],\"mapZoom\":3,\"outlineWeight\":1,\"selectedJoinField\":{\"description\":\"Country Code\",\"name\":\"ISO_A2\"},\"selectedLayer\":{\"attribution\":\"https://exploratory.io/maps\",\"fields\":[{\"description\":\"Country Code\",\"name\":\"ISO_A2\"},{\"description\":\"Country Code2\",\"name\":\"WB_A2\"},{\"description\":\"Country Name\",\"name\":\"NAME\"}],\"format\":{\"type\":\"geojson\"},\"isEMS\":false,\"layerId\":\"self_hosted.World (offline)\",\"meta\":{\"feature_collection_path\":\"data\"},\"name\":\"World (offline)\",\"url\":\"/world.geojson\"},\"showAllShapes\":true,\"wms\":{\"enabled\":false,\"options\":{\"format\":\"image/png\",\"transparent\":true}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"server.bytes\",\"customLabel\":\"Responder Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destination.geo.country_iso_code\",,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Responder Country\"}}]}", "uiStateJSON": "{\"mapCenter\":[0,0],\"mapZoom\":3}", "description": "", "version": 1, diff --git a/dashboards/dashboards/7f41913f-cba8-43f5-82a8-241b7ead03e0.json b/dashboards/dashboards/7f41913f-cba8-43f5-82a8-241b7ead03e0.json index e0c944d52..641eeeb02 100644 --- a/dashboards/dashboards/7f41913f-cba8-43f5-82a8-241b7ead03e0.json +++ b/dashboards/dashboards/7f41913f-cba8-43f5-82a8-241b7ead03e0.json @@ -144,7 +144,7 @@ "updated_at": "2021-02-10T21:24:38.098Z", "version": "WzUyOCwxXQ==", "attributes": { - "visState": "{\"title\":\"RDP - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"RDP - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", "description": "", "title": "RDP - Source IP Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -175,7 +175,7 @@ "version": "WzI3NjksMV0=", "attributes": { "title": "RDP - Destination IP Address", - "visState": "{\"title\":\"RDP - Destination IP Address\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Port\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"RDP - Destination IP Address\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Port\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -204,7 +204,7 @@ "updated_at": "2021-02-10T21:24:38.098Z", "version": "WzUzMSwxXQ==", "attributes": { - "visState": "{\"title\":\"RDP - Cookie\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.rdp.cookie\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Cookie\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"RDP - Cookie\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.rdp.cookie\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Cookie\"}}],\"listeners\":{}}", "description": "", "title": "RDP - Cookie", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", diff --git a/dashboards/dashboards/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb.json b/dashboards/dashboards/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb.json index a4bb946bf..13886a332 100644 --- a/dashboards/dashboards/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb.json +++ b/dashboards/dashboards/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb.json @@ -1,711 +1,711 @@ -{ - "version": "7.10.2", - "objects": [ - { - "id": "7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb", - "type": "dashboard", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-12T14:50:34.705Z", - "version": "Wzg4MCwxXQ==", - "attributes": { - "title": "SSL", - "hits": 0, - "description": "", - "panelsJSON": "[{\"version\":\"7.10.2\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":27,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":37,\"y\":8,\"w\":11,\"h\":19,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":0,\"y\":66,\"w\":10,\"h\":18,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":20,\"y\":66,\"w\":7,\"h\":18,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":10,\"y\":66,\"w\":10,\"h\":18,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":23,\"y\":27,\"w\":25,\"h\":18,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{\"table\":null,\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"asc\"}}}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":8,\"y\":8,\"w\":16,\"h\":19,\"i\":\"14\"},\"panelIndex\":\"14\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":12,\"y\":27,\"w\":11,\"h\":18,\"i\":\"19\"},\"panelIndex\":\"19\",\"embeddableConfig\":{\"table\":null,\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"20\"},\"panelIndex\":\"20\",\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"panelRefName\":\"panel_9\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":0,\"y\":45,\"w\":19,\"h\":21,\"i\":\"22\"},\"panelIndex\":\"22\",\"embeddableConfig\":{},\"panelRefName\":\"panel_10\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":19,\"y\":45,\"w\":14,\"h\":21,\"i\":\"23\"},\"panelIndex\":\"23\",\"embeddableConfig\":{},\"panelRefName\":\"panel_11\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":24,\"y\":8,\"w\":13,\"h\":19,\"i\":\"e57b69c8-34a0-4b5a-9146-f81034ce74fe\"},\"panelIndex\":\"e57b69c8-34a0-4b5a-9146-f81034ce74fe\",\"embeddableConfig\":{},\"panelRefName\":\"panel_12\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":0,\"y\":27,\"w\":12,\"h\":18,\"i\":\"078aaedd-22fb-4a22-ad5b-b81403587fde\"},\"panelIndex\":\"078aaedd-22fb-4a22-ad5b-b81403587fde\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_13\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":33,\"y\":45,\"w\":15,\"h\":21,\"i\":\"d8186ab4-1aab-404f-8b9e-a429dda88345\"},\"panelIndex\":\"d8186ab4-1aab-404f-8b9e-a429dda88345\",\"embeddableConfig\":{},\"panelRefName\":\"panel_14\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":27,\"y\":66,\"w\":9,\"h\":18,\"i\":\"cd6004c4-d604-4503-a4a2-d1c38e852279\"},\"panelIndex\":\"cd6004c4-d604-4503-a4a2-d1c38e852279\",\"embeddableConfig\":{},\"panelRefName\":\"panel_15\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":36,\"y\":66,\"w\":12,\"h\":18,\"i\":\"c151c3a5-c079-4d3b-8a31-da338b974e44\"},\"panelIndex\":\"c151c3a5-c079-4d3b-8a31-da338b974e44\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_16\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":0,\"y\":84,\"w\":48,\"h\":43,\"i\":\"bbcebabc-0baf-4b15-ad17-fc7633b9b8b8\"},\"panelIndex\":\"bbcebabc-0baf-4b15-ad17-fc7633b9b8b8\",\"embeddableConfig\":{},\"panelRefName\":\"panel_17\"}]", - "optionsJSON": "{\"useMargins\":true}", - "version": 1, - "timeRestore": false, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\",\"time_zone\":\"America/Boise\"}}},\"filter\":[]}" - } - }, - "references": [ - { - "name": "panel_0", - "type": "visualization", - "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3" - }, - { - "name": "panel_1", - "type": "visualization", - "id": "dc0b1b11-52da-4cc0-bddf-db127bd6cfee" - }, - { - "name": "panel_2", - "type": "visualization", - "id": "20fa1fd0-f204-499d-996f-e41e1ee3d40f" - }, - { - "name": "panel_3", - "type": "visualization", - "id": "df8bd09c-064c-45b3-8d54-9797ccb58d74" - }, - { - "name": "panel_4", - "type": "visualization", - "id": "f81fe18d-c2ff-4757-9de3-8b943a759169" - }, - { - "name": "panel_5", - "type": "visualization", - "id": "b50ee1a8-d83d-46bf-9ba2-419d089d4797" - }, - { - "name": "panel_6", - "type": "visualization", - "id": "8486949c-3592-4831-9020-59bfd968ccfa" - }, - { - "name": "panel_7", - "type": "visualization", - "id": "d7a673bc-4a11-423b-acd3-a446425551c1" - }, - { - "name": "panel_8", - "type": "visualization", - "id": "f821c7fe-0dd3-4c3c-b5df-77b926f4007a" - }, - { - "name": "panel_9", - "type": "visualization", - "id": "AWDHElRWxQT5EBNmq4lz" - }, - { - "name": "panel_10", - "type": "visualization", - "id": "371b06d0-72a1-11e9-b0f3-590266f42743" - }, - { - "name": "panel_11", - "type": "visualization", - "id": "bdda87a0-72a0-11e9-b0f3-590266f42743" - }, - { - "name": "panel_12", - "type": "visualization", - "id": "fa696510-4e9b-11ea-b504-97aa449f6abc" - }, - { - "name": "panel_13", - "type": "visualization", - "id": "41325860-4dd6-11ea-8336-d3388483188b" - }, - { - "name": "panel_14", - "type": "visualization", - "id": "5ae4ec90-2b6b-11ec-8a86-a38b1f4ba0f0" - }, - { - "name": "panel_15", - "type": "visualization", - "id": "f13ba720-4dd6-11ea-8336-d3388483188b" - }, - { - "name": "panel_16", - "type": "visualization", - "id": "9c20d940-4dd6-11ea-8336-d3388483188b" - }, - { - "name": "panel_17", - "type": "search", - "id": "b945a684-0841-4e86-87aa-0f1af6fb6579" - } - ], - "migrationVersion": { - "dashboard": "7.9.3" - } - }, - { - "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-12T14:15:08.441Z", - "version": "WzcyNiwxXQ==", - "attributes": { - "title": "Network Logs", - "visState": "{\"title\":\"Network Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576) \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405) \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf) \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330) \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4) \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed) \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714) \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3) \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85) \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11) \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f) \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b) \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1) \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed) \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5) \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f) \\n[↪ NetBox](/netbox/) \\n[↪ Arkime](/arkime/) \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406) ● [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e) ● [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9) ● [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48) ● [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) ● [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3) ● [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673) ● [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24) ● [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105) ● [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6) ● [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37) ● [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586) ● [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0) ● [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c) ● [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970) ● [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0) ● [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26) ● [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa) ● [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773) ● [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f) ● [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab) ● [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238) ● [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3) ● [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd) ● [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d) ● [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88) ● [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2) ● [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194) ● [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad) ● [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3) ● [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4) ● [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194) ● [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7) ● [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8) ● [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4) ● [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194) ● [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194) ● [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4) ● [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}", - "uiStateJSON": "{}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}" - } - }, - "references": [], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "dc0b1b11-52da-4cc0-bddf-db127bd6cfee", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-12T14:14:37.087Z", - "version": "WzM3MSwxXQ==", - "attributes": { - "visState": "{\"title\":\"SSL - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"histogram\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\" \"}}],\"listeners\":{}}", - "description": "", - "title": "SSL - Log Count Over Time", - "uiStateJSON": "{}", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "type": "search", - "name": "search_0", - "id": "b945a684-0841-4e86-87aa-0f1af6fb6579" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "20fa1fd0-f204-499d-996f-e41e1ee3d40f", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-12T14:14:37.087Z", - "version": "WzM3MiwxXQ==", - "attributes": { - "title": "SSL - Version", - "visState": "{\"title\":\"SSL - Version\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"isDonut\":false,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"zeek.ssl.ssl_version: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek.ssl.ssl_version\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}", - "uiStateJSON": "{}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "b945a684-0841-4e86-87aa-0f1af6fb6579" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "df8bd09c-064c-45b3-8d54-9797ccb58d74", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-12T14:14:37.087Z", - "version": "WzM3MywxXQ==", - "attributes": { - "visState": "{\"title\":\"SSL - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", - "description": "", - "title": "SSL - Source IP Address", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "type": "search", - "name": "search_0", - "id": "b945a684-0841-4e86-87aa-0f1af6fb6579" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "f81fe18d-c2ff-4757-9de3-8b943a759169", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-12T14:14:37.087Z", - "version": "WzM3NCwxXQ==", - "attributes": { - "visState": "{\"title\":\"SSL - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}", - "description": "", - "title": "SSL - Destination Port", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "type": "search", - "name": "search_0", - "id": "b945a684-0841-4e86-87aa-0f1af6fb6579" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "b50ee1a8-d83d-46bf-9ba2-419d089d4797", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-12T14:14:37.087Z", - "version": "WzM3NSwxXQ==", - "attributes": { - "visState": "{\"title\":\"SSL - Destination Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", - "description": "", - "title": "SSL - Destination Address", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "type": "search", - "name": "search_0", - "id": "b945a684-0841-4e86-87aa-0f1af6fb6579" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "8486949c-3592-4831-9020-59bfd968ccfa", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-12T14:14:37.087Z", - "version": "WzM3NiwxXQ==", - "attributes": { - "title": "SSL - Server", - "visState": "{\"title\":\"SSL - Server\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Server\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Randomness Score (method 1)\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.ssl.server_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.freq_score_v1\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Randomness Score (method 1)\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.freq_score_v2\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Randomness Score (method 2)\"}}]}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "b945a684-0841-4e86-87aa-0f1af6fb6579" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "d7a673bc-4a11-423b-acd3-a446425551c1", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-12T14:14:37.087Z", - "version": "WzM3NywxXQ==", - "attributes": { - "title": "SSL - Destination Country", - "visState": "{\"title\":\"SSL - Destination Country\",\"type\":\"histogram\",\"params\":{\"addLegend\":false,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"destination.geo.country_name: Descending\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"drawLinesBetweenPoints\":true,\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Count\"},\"type\":\"value\"}],\"type\":\"histogram\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destination.geo.country_name\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}]}", - "uiStateJSON": "{}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "type": "search", - "name": "search_0", - "id": "b945a684-0841-4e86-87aa-0f1af6fb6579" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "f821c7fe-0dd3-4c3c-b5df-77b926f4007a", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-12T14:14:37.087Z", - "version": "WzM3OCwxXQ==", - "attributes": { - "visState": "{\"title\":\"SSL - Validation Status\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.ssl.validation_status\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Validation Status\"}}],\"listeners\":{}}", - "description": "", - "title": "SSL - Validation Status", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "type": "search", - "name": "search_0", - "id": "b945a684-0841-4e86-87aa-0f1af6fb6579" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "AWDHElRWxQT5EBNmq4lz", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-12T14:14:37.087Z", - "version": "WzM3OSwxXQ==", - "attributes": { - "title": "SSL - Log Count", - "visState": "{\"title\":\"SSL - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}", - "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "type": "search", - "name": "search_0", - "id": "b945a684-0841-4e86-87aa-0f1af6fb6579" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "371b06d0-72a1-11e9-b0f3-590266f42743", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-12T14:14:37.087Z", - "version": "WzM4MCwxXQ==", - "attributes": { - "title": "SSL - Client JA3 Lookup", - "visState": "{\"title\":\"SSL - Client JA3 Lookup\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"tls.client.ja3_description\",\"size\":500,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client JA3 Lookup\"}}]}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "type": "search", - "name": "search_0", - "id": "b945a684-0841-4e86-87aa-0f1af6fb6579" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "bdda87a0-72a0-11e9-b0f3-590266f42743", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-12T14:14:37.087Z", - "version": "WzM4MSwxXQ==", - "attributes": { - "title": "SSL - Server JA3 Lookup", - "visState": "{\"title\":\"SSL - Server JA3 Lookup\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"tls.server.ja3s_description\",\"size\":500,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server JA3 Lookup\"}}]}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "type": "search", - "name": "search_0", - "id": "b945a684-0841-4e86-87aa-0f1af6fb6579" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "fa696510-4e9b-11ea-b504-97aa449f6abc", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-12T14:14:37.087Z", - "version": "WzM4MiwxXQ==", - "attributes": { - "title": "SSL - Relevant Notices", - "visState": "{\"title\":\"SSL - Relevant Notices\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":4,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Notice Category\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Notice Subcategory\",\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"ip\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Source IP\",\"aggType\":\"terms\"},{\"accessor\":3,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"ip\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"1\"}},\"params\":{},\"label\":\"Destination IP\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.category\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Notice Category\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Notice Subcategory\"}}]}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"rule.category:(SSL OR CVE_2020_0601)\",\"language\":\"lucene\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "8f003748-a6f8-4244-9d4e-e38e4a48da4c" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "41325860-4dd6-11ea-8336-d3388483188b", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-12T14:14:37.087Z", - "version": "WzM4MywxXQ==", - "attributes": { - "title": "SSL - Connection Established", - "visState": "{\"title\":\"SSL - Connection Established\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"isDonut\":true,\"labels\":{\"show\":true,\"values\":false,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Established\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek.ssl.established\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Established\"}}]}", - "uiStateJSON": "{}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "b945a684-0841-4e86-87aa-0f1af6fb6579" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "5ae4ec90-2b6b-11ec-8a86-a38b1f4ba0f0", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-12T14:47:42.808Z", - "version": "Wzg0NSwxXQ==", - "attributes": { - "title": "SSL - Certificate Fingerprint", - "visState": "{\"title\":\"SSL - Certificate Fingerprint\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.x509.fingerprint\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":500,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Certificate Fingerprint\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "b945a684-0841-4e86-87aa-0f1af6fb6579" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "f13ba720-4dd6-11ea-8336-d3388483188b", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-12T14:14:37.087Z", - "version": "WzM4NCwxXQ==", - "attributes": { - "title": "SSL - Next Protocol", - "visState": "{\"title\":\"SSL - Next Protocol\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.ssl.next_protocol\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Next Protocol\"}}]}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "b945a684-0841-4e86-87aa-0f1af6fb6579" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "9c20d940-4dd6-11ea-8336-d3388483188b", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-12T14:14:37.087Z", - "version": "WzM4NSwxXQ==", - "attributes": { - "title": "SSL - Elliptic Curve", - "visState": "{\"title\":\"SSL - Elliptic Curve\",\"type\":\"horizontal_bar\",\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"square root\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"dimensions\":{\"x\":{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Elliptic Curve\",\"aggType\":\"terms\"},\"y\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek.ssl.curve\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Elliptic Curve\"}}]}", - "uiStateJSON": "{}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "b945a684-0841-4e86-87aa-0f1af6fb6579" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "b945a684-0841-4e86-87aa-0f1af6fb6579", - "type": "search", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-12T14:14:37.087Z", - "version": "WzM4NiwxXQ==", - "attributes": { - "title": "SSL - Logs", - "description": "", - "hits": 0, - "columns": [ - "source.ip", - "destination.ip", - "destination.port", - "zeek.ssl.server_name", - "zeek.ssl.established", - "zeek.ssl.validation_status", - "zeek.ssl.ssl_history", - "zeek.ssl.sni_matches_cert", - "event.id" - ], - "sort": [ - [ - "MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER", - "desc" - ] - ], - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"filter\":[],\"query\":{\"query\":{\"query_string\":{\"query\":\"event.dataset:ssl\",\"analyze_wildcard\":true}},\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" - } - }, - "references": [ - { - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern", - "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" - } - ], - "migrationVersion": { - "search": "7.9.3" - } - }, - { - "id": "8f003748-a6f8-4244-9d4e-e38e4a48da4c", - "type": "search", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-12T14:15:05.408Z", - "version": "WzcwMSwxXQ==", - "attributes": { - "title": "Notices - Logs", - "description": "", - "hits": 0, - "columns": [ - "rule.category", - "rule.name", - "zeek.notice.msg", - "source.ip", - "destination.ip", - "event.id" - ], - "sort": [ - [ - "MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER", - "desc" - ] - ], - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"event.provider:zeek AND event.dataset:notice\",\"default_field\":\"*\"}}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" - } - }, - "references": [ - { - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern", - "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" - } - ], - "migrationVersion": { - "search": "7.9.3" - } - } - ] +{ + "version": "7.10.2", + "objects": [ + { + "id": "7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-12T14:50:34.705Z", + "version": "Wzg4MCwxXQ==", + "attributes": { + "title": "SSL", + "hits": 0, + "description": "", + "panelsJSON": "[{\"version\":\"7.10.2\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":27,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":37,\"y\":8,\"w\":11,\"h\":19,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":0,\"y\":66,\"w\":10,\"h\":18,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":20,\"y\":66,\"w\":7,\"h\":18,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":10,\"y\":66,\"w\":10,\"h\":18,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":23,\"y\":27,\"w\":25,\"h\":18,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{\"table\":null,\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"asc\"}}}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":8,\"y\":8,\"w\":16,\"h\":19,\"i\":\"14\"},\"panelIndex\":\"14\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":12,\"y\":27,\"w\":11,\"h\":18,\"i\":\"19\"},\"panelIndex\":\"19\",\"embeddableConfig\":{\"table\":null,\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"20\"},\"panelIndex\":\"20\",\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"panelRefName\":\"panel_9\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":0,\"y\":45,\"w\":19,\"h\":21,\"i\":\"22\"},\"panelIndex\":\"22\",\"embeddableConfig\":{},\"panelRefName\":\"panel_10\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":19,\"y\":45,\"w\":14,\"h\":21,\"i\":\"23\"},\"panelIndex\":\"23\",\"embeddableConfig\":{},\"panelRefName\":\"panel_11\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":24,\"y\":8,\"w\":13,\"h\":19,\"i\":\"e57b69c8-34a0-4b5a-9146-f81034ce74fe\"},\"panelIndex\":\"e57b69c8-34a0-4b5a-9146-f81034ce74fe\",\"embeddableConfig\":{},\"panelRefName\":\"panel_12\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":0,\"y\":27,\"w\":12,\"h\":18,\"i\":\"078aaedd-22fb-4a22-ad5b-b81403587fde\"},\"panelIndex\":\"078aaedd-22fb-4a22-ad5b-b81403587fde\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_13\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":33,\"y\":45,\"w\":15,\"h\":21,\"i\":\"d8186ab4-1aab-404f-8b9e-a429dda88345\"},\"panelIndex\":\"d8186ab4-1aab-404f-8b9e-a429dda88345\",\"embeddableConfig\":{},\"panelRefName\":\"panel_14\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":27,\"y\":66,\"w\":9,\"h\":18,\"i\":\"cd6004c4-d604-4503-a4a2-d1c38e852279\"},\"panelIndex\":\"cd6004c4-d604-4503-a4a2-d1c38e852279\",\"embeddableConfig\":{},\"panelRefName\":\"panel_15\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":36,\"y\":66,\"w\":12,\"h\":18,\"i\":\"c151c3a5-c079-4d3b-8a31-da338b974e44\"},\"panelIndex\":\"c151c3a5-c079-4d3b-8a31-da338b974e44\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_16\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":0,\"y\":84,\"w\":48,\"h\":43,\"i\":\"bbcebabc-0baf-4b15-ad17-fc7633b9b8b8\"},\"panelIndex\":\"bbcebabc-0baf-4b15-ad17-fc7633b9b8b8\",\"embeddableConfig\":{},\"panelRefName\":\"panel_17\"}]", + "optionsJSON": "{\"useMargins\":true}", + "version": 1, + "timeRestore": false, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\",\"time_zone\":\"America/Boise\"}}},\"filter\":[]}" + } + }, + "references": [ + { + "name": "panel_0", + "type": "visualization", + "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3" + }, + { + "name": "panel_1", + "type": "visualization", + "id": "dc0b1b11-52da-4cc0-bddf-db127bd6cfee" + }, + { + "name": "panel_2", + "type": "visualization", + "id": "20fa1fd0-f204-499d-996f-e41e1ee3d40f" + }, + { + "name": "panel_3", + "type": "visualization", + "id": "df8bd09c-064c-45b3-8d54-9797ccb58d74" + }, + { + "name": "panel_4", + "type": "visualization", + "id": "f81fe18d-c2ff-4757-9de3-8b943a759169" + }, + { + "name": "panel_5", + "type": "visualization", + "id": "b50ee1a8-d83d-46bf-9ba2-419d089d4797" + }, + { + "name": "panel_6", + "type": "visualization", + "id": "8486949c-3592-4831-9020-59bfd968ccfa" + }, + { + "name": "panel_7", + "type": "visualization", + "id": "d7a673bc-4a11-423b-acd3-a446425551c1" + }, + { + "name": "panel_8", + "type": "visualization", + "id": "f821c7fe-0dd3-4c3c-b5df-77b926f4007a" + }, + { + "name": "panel_9", + "type": "visualization", + "id": "AWDHElRWxQT5EBNmq4lz" + }, + { + "name": "panel_10", + "type": "visualization", + "id": "371b06d0-72a1-11e9-b0f3-590266f42743" + }, + { + "name": "panel_11", + "type": "visualization", + "id": "bdda87a0-72a0-11e9-b0f3-590266f42743" + }, + { + "name": "panel_12", + "type": "visualization", + "id": "fa696510-4e9b-11ea-b504-97aa449f6abc" + }, + { + "name": "panel_13", + "type": "visualization", + "id": "41325860-4dd6-11ea-8336-d3388483188b" + }, + { + "name": "panel_14", + "type": "visualization", + "id": "5ae4ec90-2b6b-11ec-8a86-a38b1f4ba0f0" + }, + { + "name": "panel_15", + "type": "visualization", + "id": "f13ba720-4dd6-11ea-8336-d3388483188b" + }, + { + "name": "panel_16", + "type": "visualization", + "id": "9c20d940-4dd6-11ea-8336-d3388483188b" + }, + { + "name": "panel_17", + "type": "search", + "id": "b945a684-0841-4e86-87aa-0f1af6fb6579" + } + ], + "migrationVersion": { + "dashboard": "7.9.3" + } + }, + { + "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-12T14:15:08.441Z", + "version": "WzcyNiwxXQ==", + "attributes": { + "title": "Network Logs", + "visState": "{\"title\":\"Network Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576) \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405) \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf) \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330) \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4) \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed) \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714) \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3) \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85) \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11) \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f) \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b) \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1) \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed) \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5) \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f) \\n[↪ NetBox](/netbox/) \\n[↪ Arkime](/arkime/) \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406) ● [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e) ● [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9) ● [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48) ● [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) ● [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3) ● [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673) ● [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24) ● [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105) ● [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6) ● [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37) ● [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586) ● [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0) ● [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c) ● [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970) ● [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0) ● [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26) ● [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa) ● [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773) ● [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f) ● [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab) ● [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238) ● [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3) ● [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd) ● [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d) ● [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88) ● [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2) ● [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194) ● [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad) ● [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3) ● [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4) ● [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194) ● [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7) ● [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8) ● [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4) ● [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194) ● [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194) ● [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4) ● [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}", + "uiStateJSON": "{}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}" + } + }, + "references": [], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "dc0b1b11-52da-4cc0-bddf-db127bd6cfee", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-12T14:14:37.087Z", + "version": "WzM3MSwxXQ==", + "attributes": { + "visState": "{\"title\":\"SSL - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"histogram\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\" \"}}],\"listeners\":{}}", + "description": "", + "title": "SSL - Log Count Over Time", + "uiStateJSON": "{}", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "type": "search", + "name": "search_0", + "id": "b945a684-0841-4e86-87aa-0f1af6fb6579" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "20fa1fd0-f204-499d-996f-e41e1ee3d40f", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-12T14:14:37.087Z", + "version": "WzM3MiwxXQ==", + "attributes": { + "title": "SSL - Version", + "visState": "{\"title\":\"SSL - Version\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"isDonut\":false,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"zeek.ssl.ssl_version: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek.ssl.ssl_version\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}", + "uiStateJSON": "{}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "b945a684-0841-4e86-87aa-0f1af6fb6579" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "df8bd09c-064c-45b3-8d54-9797ccb58d74", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-12T14:14:37.087Z", + "version": "WzM3MywxXQ==", + "attributes": { + "visState": "{\"title\":\"SSL - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", + "description": "", + "title": "SSL - Source IP Address", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "type": "search", + "name": "search_0", + "id": "b945a684-0841-4e86-87aa-0f1af6fb6579" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "f81fe18d-c2ff-4757-9de3-8b943a759169", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-12T14:14:37.087Z", + "version": "WzM3NCwxXQ==", + "attributes": { + "visState": "{\"title\":\"SSL - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}", + "description": "", + "title": "SSL - Destination Port", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "type": "search", + "name": "search_0", + "id": "b945a684-0841-4e86-87aa-0f1af6fb6579" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "b50ee1a8-d83d-46bf-9ba2-419d089d4797", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-12T14:14:37.087Z", + "version": "WzM3NSwxXQ==", + "attributes": { + "visState": "{\"title\":\"SSL - Destination Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", + "description": "", + "title": "SSL - Destination Address", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "type": "search", + "name": "search_0", + "id": "b945a684-0841-4e86-87aa-0f1af6fb6579" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "8486949c-3592-4831-9020-59bfd968ccfa", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-12T14:14:37.087Z", + "version": "WzM3NiwxXQ==", + "attributes": { + "title": "SSL - Server", + "visState": "{\"title\":\"SSL - Server\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Server\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Randomness Score (method 1)\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.ssl.server_name\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.freq_score_v1\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Randomness Score (method 1)\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.freq_score_v2\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Randomness Score (method 2)\"}}]}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "b945a684-0841-4e86-87aa-0f1af6fb6579" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "d7a673bc-4a11-423b-acd3-a446425551c1", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-12T14:14:37.087Z", + "version": "WzM3NywxXQ==", + "attributes": { + "title": "SSL - Destination Country", + "visState": "{\"title\":\"SSL - Destination Country\",\"type\":\"histogram\",\"params\":{\"addLegend\":false,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"destination.geo.country_name: Descending\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"drawLinesBetweenPoints\":true,\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Count\"},\"type\":\"value\"}],\"type\":\"histogram\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destination.geo.country_name\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}]}", + "uiStateJSON": "{}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "type": "search", + "name": "search_0", + "id": "b945a684-0841-4e86-87aa-0f1af6fb6579" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "f821c7fe-0dd3-4c3c-b5df-77b926f4007a", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-12T14:14:37.087Z", + "version": "WzM3OCwxXQ==", + "attributes": { + "visState": "{\"title\":\"SSL - Validation Status\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.ssl.validation_status\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Validation Status\"}}],\"listeners\":{}}", + "description": "", + "title": "SSL - Validation Status", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "type": "search", + "name": "search_0", + "id": "b945a684-0841-4e86-87aa-0f1af6fb6579" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "AWDHElRWxQT5EBNmq4lz", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-12T14:14:37.087Z", + "version": "WzM3OSwxXQ==", + "attributes": { + "title": "SSL - Log Count", + "visState": "{\"title\":\"SSL - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}", + "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "type": "search", + "name": "search_0", + "id": "b945a684-0841-4e86-87aa-0f1af6fb6579" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "371b06d0-72a1-11e9-b0f3-590266f42743", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-12T14:14:37.087Z", + "version": "WzM4MCwxXQ==", + "attributes": { + "title": "SSL - Client JA3 Lookup", + "visState": "{\"title\":\"SSL - Client JA3 Lookup\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"tls.client.ja3_description\",,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client JA3 Lookup\"}}]}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "type": "search", + "name": "search_0", + "id": "b945a684-0841-4e86-87aa-0f1af6fb6579" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "bdda87a0-72a0-11e9-b0f3-590266f42743", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-12T14:14:37.087Z", + "version": "WzM4MSwxXQ==", + "attributes": { + "title": "SSL - Server JA3 Lookup", + "visState": "{\"title\":\"SSL - Server JA3 Lookup\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"tls.server.ja3s_description\",,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server JA3 Lookup\"}}]}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "type": "search", + "name": "search_0", + "id": "b945a684-0841-4e86-87aa-0f1af6fb6579" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "fa696510-4e9b-11ea-b504-97aa449f6abc", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-12T14:14:37.087Z", + "version": "WzM4MiwxXQ==", + "attributes": { + "title": "SSL - Relevant Notices", + "visState": "{\"title\":\"SSL - Relevant Notices\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":4,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Notice Category\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Notice Subcategory\",\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"ip\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Source IP\",\"aggType\":\"terms\"},{\"accessor\":3,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"ip\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"1\"}},\"params\":{},\"label\":\"Destination IP\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.category\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Notice Category\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.name\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Notice Subcategory\"}}]}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"rule.category:(SSL OR CVE_2020_0601)\",\"language\":\"lucene\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "8f003748-a6f8-4244-9d4e-e38e4a48da4c" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "41325860-4dd6-11ea-8336-d3388483188b", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-12T14:14:37.087Z", + "version": "WzM4MywxXQ==", + "attributes": { + "title": "SSL - Connection Established", + "visState": "{\"title\":\"SSL - Connection Established\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"isDonut\":true,\"labels\":{\"show\":true,\"values\":false,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Established\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek.ssl.established\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Established\"}}]}", + "uiStateJSON": "{}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "b945a684-0841-4e86-87aa-0f1af6fb6579" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "5ae4ec90-2b6b-11ec-8a86-a38b1f4ba0f0", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-12T14:47:42.808Z", + "version": "Wzg0NSwxXQ==", + "attributes": { + "title": "SSL - Certificate Fingerprint", + "visState": "{\"title\":\"SSL - Certificate Fingerprint\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.x509.fingerprint\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Certificate Fingerprint\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "b945a684-0841-4e86-87aa-0f1af6fb6579" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "f13ba720-4dd6-11ea-8336-d3388483188b", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-12T14:14:37.087Z", + "version": "WzM4NCwxXQ==", + "attributes": { + "title": "SSL - Next Protocol", + "visState": "{\"title\":\"SSL - Next Protocol\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.ssl.next_protocol\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Next Protocol\"}}]}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "b945a684-0841-4e86-87aa-0f1af6fb6579" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "9c20d940-4dd6-11ea-8336-d3388483188b", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-12T14:14:37.087Z", + "version": "WzM4NSwxXQ==", + "attributes": { + "title": "SSL - Elliptic Curve", + "visState": "{\"title\":\"SSL - Elliptic Curve\",\"type\":\"horizontal_bar\",\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"square root\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"dimensions\":{\"x\":{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Elliptic Curve\",\"aggType\":\"terms\"},\"y\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek.ssl.curve\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Elliptic Curve\"}}]}", + "uiStateJSON": "{}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "b945a684-0841-4e86-87aa-0f1af6fb6579" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "b945a684-0841-4e86-87aa-0f1af6fb6579", + "type": "search", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-12T14:14:37.087Z", + "version": "WzM4NiwxXQ==", + "attributes": { + "title": "SSL - Logs", + "description": "", + "hits": 0, + "columns": [ + "source.ip", + "destination.ip", + "destination.port", + "zeek.ssl.server_name", + "zeek.ssl.established", + "zeek.ssl.validation_status", + "zeek.ssl.ssl_history", + "zeek.ssl.sni_matches_cert", + "event.id" + ], + "sort": [ + [ + "MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER", + "desc" + ] + ], + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"filter\":[],\"query\":{\"query\":{\"query_string\":{\"query\":\"event.dataset:ssl\",\"analyze_wildcard\":true}},\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" + } + }, + "references": [ + { + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern", + "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" + } + ], + "migrationVersion": { + "search": "7.9.3" + } + }, + { + "id": "8f003748-a6f8-4244-9d4e-e38e4a48da4c", + "type": "search", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-12T14:15:05.408Z", + "version": "WzcwMSwxXQ==", + "attributes": { + "title": "Notices - Logs", + "description": "", + "hits": 0, + "columns": [ + "rule.category", + "rule.name", + "zeek.notice.msg", + "source.ip", + "destination.ip", + "event.id" + ], + "sort": [ + [ + "MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER", + "desc" + ] + ], + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"event.provider:zeek AND event.dataset:notice\",\"default_field\":\"*\"}}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" + } + }, + "references": [ + { + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern", + "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" + } + ], + "migrationVersion": { + "search": "7.9.3" + } + } + ] } \ No newline at end of file diff --git a/dashboards/dashboards/82da3101-2a9c-4ae2-bb61-d447a3fbe673.json b/dashboards/dashboards/82da3101-2a9c-4ae2-bb61-d447a3fbe673.json index 07e08af3f..e70472725 100644 --- a/dashboards/dashboards/82da3101-2a9c-4ae2-bb61-d447a3fbe673.json +++ b/dashboards/dashboards/82da3101-2a9c-4ae2-bb61-d447a3fbe673.json @@ -159,7 +159,7 @@ "updated_at": "2021-02-10T21:24:40.130Z", "version": "WzU2MiwxXQ==", "attributes": { - "visState": "{\"title\":\"Kerberos - Client\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.kerberos.cname\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Client\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"Kerberos - Client\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.kerberos.cname\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Client\"}}],\"listeners\":{}}", "description": "", "title": "Kerberos - Client", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -219,7 +219,7 @@ "updated_at": "2021-02-10T21:24:40.130Z", "version": "WzU2NCwxXQ==", "attributes": { - "visState": "{\"title\":\"Kerberos - Server\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.kerberos.sname\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Server\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"Kerberos - Server\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.kerberos.sname\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Server\"}}],\"listeners\":{}}", "description": "", "title": "Kerberos - Server", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -279,7 +279,7 @@ "updated_at": "2021-02-10T21:24:40.130Z", "version": "WzU2NiwxXQ==", "attributes": { - "visState": "{\"title\":\"Kerberos - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"Kerberos - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", "description": "", "title": "Kerberos - Source IP Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -309,7 +309,7 @@ "updated_at": "2021-02-10T21:24:40.130Z", "version": "WzU2NywxXQ==", "attributes": { - "visState": "{\"title\":\"Kerberos - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"Kerberos - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", "description": "", "title": "Kerberos - Destination IP Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -340,7 +340,7 @@ "version": "WzU2OCwxXQ==", "attributes": { "title": "Kerberos - Service", - "visState": "{\"title\":\"Kerberos - Service\",\"type\":\"table\",\"params\":{\"perPage\":15,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Service\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.kerberos.sname\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"}}]}", + "visState": "{\"title\":\"Kerberos - Service\",\"type\":\"table\",\"params\":{\"perPage\":15,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Service\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.kerberos.sname\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/870a5862-6c26-4a08-99fd-0c06cda85ba3.json b/dashboards/dashboards/870a5862-6c26-4a08-99fd-0c06cda85ba3.json index f6dc287dc..7bd687638 100644 --- a/dashboards/dashboards/870a5862-6c26-4a08-99fd-0c06cda85ba3.json +++ b/dashboards/dashboards/870a5862-6c26-4a08-99fd-0c06cda85ba3.json @@ -125,7 +125,7 @@ "version": "WzU3NiwxXQ==", "attributes": { "title": "DNP3 - Source IP", - "visState": "{\"title\":\"DNP3 - Source IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"IP Address\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"}}]}", + "visState": "{\"title\":\"DNP3 - Source IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"IP Address\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "Source IP Addresses from dnp3.log", "version": 1, @@ -155,7 +155,7 @@ "version": "WzU3NywxXQ==", "attributes": { "title": "DNP3 - Destination IP", - "visState": "{\"title\":\"DNP3 - Destination IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Port\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"}}]}", + "visState": "{\"title\":\"DNP3 - Destination IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Port\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", "description": "Destination IP Addresses from dnp3.log", "version": 1, @@ -185,7 +185,7 @@ "version": "WzU3OCwxXQ==", "attributes": { "title": "DNP3 - Function Request", - "visState": "{\"title\":\"DNP3 - Function Request\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Request\"}}]}", + "visState": "{\"title\":\"DNP3 - Function Request\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Request\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "DNP3 function in request packet from dnp3.log", "version": 1, @@ -215,7 +215,7 @@ "version": "WzU3OSwxXQ==", "attributes": { "title": "DNP3 - Function Reply", - "visState": "{\"title\":\"DNP3 - Function Reply\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dnp3.fc_reply\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Reply\"}}]}", + "visState": "{\"title\":\"DNP3 - Function Reply\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dnp3.fc_reply\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Reply\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "DNP3 function in reply packet from dnp3.log", "version": 1, @@ -303,7 +303,7 @@ "version": "WzU4MiwxXQ==", "attributes": { "title": "DNP3 - Internal Indicators Overview", - "visState": "{\"title\":\"DNP3 - Internal Indicators Overview\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"isDonut\":true,\"labels\":{\"show\":true,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Internal Indicators\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek.dnp3.iin_flags\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Internal Indicators\"}}]}", + "visState": "{\"title\":\"DNP3 - Internal Indicators Overview\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"isDonut\":true,\"labels\":{\"show\":true,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Internal Indicators\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek.dnp3.iin_flags\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Internal Indicators\"}}]}", "uiStateJSON": "{}", "description": "DNP3 Internal Indicators from dnp3.iin in dnp3.log", "version": 1, @@ -333,7 +333,7 @@ "version": "WzU4MywxXQ==", "attributes": { "title": "DNP3 - Objects Overview", - "visState": "{\"title\":\"DNP3 - Objects Overview\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":3,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":4,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"IP Address\",\"aggType\":\"terms\"}]},\"row\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dnp3_objects.object_type\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Object Type\"}},{\"id\":\"8\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dnp3_objects.object_count\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Object Count\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dnp3_objects.range_low\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"-\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Range Start\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dnp3_objects.range_high\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"-\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Range End\"}},{\"id\":\"7\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"split\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"}}]}", + "visState": "{\"title\":\"DNP3 - Objects Overview\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":3,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":4,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"IP Address\",\"aggType\":\"terms\"}]},\"row\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dnp3_objects.object_type\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Object Type\"}},{\"id\":\"8\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dnp3_objects.object_count\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Object Count\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dnp3_objects.range_low\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"-\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Range Start\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dnp3_objects.range_high\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"-\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Range End\"}},{\"id\":\"7\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"split\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":null}}}}", "description": "Overview of DNP3 objects from READ-RESPONSE messages in dnp3_objects.log", "version": 1, @@ -363,7 +363,7 @@ "version": "WzU4NCwxXQ==", "attributes": { "title": "DNP3 - Control Overview", - "visState": "{\"title\":\"DNP3 - Control Overview\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":5,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Control Code\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dnp3_control.index_number\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Index Number\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Function\"}},{\"id\":\"7\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dnp3_control.block_type\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Block Type\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dnp3_control.operation_type\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Operation Type\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dnp3_control.trip_control_code\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Control Code\"}}]}", + "visState": "{\"title\":\"DNP3 - Control Overview\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":5,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Control Code\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dnp3_control.index_number\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Index Number\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Function\"}},{\"id\":\"7\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dnp3_control.block_type\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Block Type\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dnp3_control.operation_type\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Operation Type\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dnp3_control.trip_control_code\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Control Code\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":5,\"direction\":null}}}}", "description": "Overview of DNP3 control functions from dnp3_control.log", "version": 1, diff --git a/dashboards/dashboards/87a32f90-ef58-11e9-974e-9d600036d105.json b/dashboards/dashboards/87a32f90-ef58-11e9-974e-9d600036d105.json index 6c84e6043..a5b26b74f 100644 --- a/dashboards/dashboards/87a32f90-ef58-11e9-974e-9d600036d105.json +++ b/dashboards/dashboards/87a32f90-ef58-11e9-974e-9d600036d105.json @@ -175,7 +175,7 @@ "version": "WzU5MiwxXQ==", "attributes": { "title": "MQTT - Source IP", - "visState": "{\"title\":\"MQTT - Source IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"size\":200,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"}}]}", + "visState": "{\"title\":\"MQTT - Source IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, @@ -205,7 +205,7 @@ "version": "WzU5MywxXQ==", "attributes": { "title": "MQTT - Destination IP", - "visState": "{\"title\":\"MQTT - Destination IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"size\":200,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Port\"}}]}", + "visState": "{\"title\":\"MQTT - Destination IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Port\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -265,7 +265,7 @@ "version": "WzU5NSwxXQ==", "attributes": { "title": "MQTT - Client ID", - "visState": "{\"title\":\"MQTT - Client ID\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"size\":200,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.mqtt_connect.client_id\",\"size\":200,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Client ID\"}}]}", + "visState": "{\"title\":\"MQTT - Client ID\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.mqtt_connect.client_id\",,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Client ID\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -295,7 +295,7 @@ "version": "WzU5NiwxXQ==", "attributes": { "title": "MQTT - Subscription", - "visState": "{\"title\":\"MQTT - Subscription\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.mqtt_subscribe.topics\",\"size\":200,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Topic\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.mqtt_subscribe.action\",\"size\":200,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Action\"}}]}", + "visState": "{\"title\":\"MQTT - Subscription\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.mqtt_subscribe.topics\",,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Topic\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.mqtt_subscribe.action\",,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Action\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, @@ -325,7 +325,7 @@ "version": "WzU5NywxXQ==", "attributes": { "title": "MQTT - Publish", - "visState": "{\"title\":\"MQTT - Publish\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.mqtt_publish.topic\",\"size\":200,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Topic\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.mqtt_publish.from_client\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"From Client\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.mqtt_publish.status\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Status\"}}]}", + "visState": "{\"title\":\"MQTT - Publish\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.mqtt_publish.topic\",,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Topic\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.mqtt_publish.from_client\",,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"From Client\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.mqtt_publish.status\",,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Status\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -355,7 +355,7 @@ "version": "WzU5OCwxXQ==", "attributes": { "title": "MQTT - Publish Payload", - "visState": "{\"title\":\"MQTT - Publish Payload\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":4,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.mqtt_publish.topic\",\"size\":200,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Topic\"}},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.mqtt_publish.from_client\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"From Client\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.mqtt_publish.payload_len\",\"size\":200,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Length\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.mqtt_publish.payload\",\"size\":200,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Payload\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.mqtt_publish.status\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Status\"}}]}", + "visState": "{\"title\":\"MQTT - Publish Payload\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":4,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.mqtt_publish.topic\",,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Topic\"}},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.mqtt_publish.from_client\",,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"From Client\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.mqtt_publish.payload_len\",,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Length\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.mqtt_publish.payload\",,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Payload\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.mqtt_publish.status\",,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Status\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":5,\"direction\":\"desc\"}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85.json b/dashboards/dashboards/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85.json index 92073bf69..ea4b50c9a 100644 --- a/dashboards/dashboards/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85.json +++ b/dashboards/dashboards/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85.json @@ -144,7 +144,7 @@ "updated_at": "2021-02-10T21:24:43.189Z", "version": "WzYwNywxXQ==", "attributes": { - "visState": "{\"title\":\"Software - Summary\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek.software.software_type\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Type\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek.software.name\",\"otherBucket\":false,\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Name\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek.software.version_major\",\"otherBucket\":false,\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Major Version\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek.software.version_minor\",\"otherBucket\":false,\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Minor Version\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"Software - Summary\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek.software.software_type\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Type\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek.software.name\",\"otherBucket\":false,\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Name\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek.software.version_major\",\"otherBucket\":false,\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Major Version\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek.software.version_minor\",\"otherBucket\":false,\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Minor Version\"}}],\"listeners\":{}}", "description": "", "title": "Software - Summary", "uiStateJSON": "{}", diff --git a/dashboards/dashboards/89d1cc50-974c-11ed-bb6b-3fb06c879b11.json b/dashboards/dashboards/89d1cc50-974c-11ed-bb6b-3fb06c879b11.json index 85dc96edb..b2a11a35c 100644 --- a/dashboards/dashboards/89d1cc50-974c-11ed-bb6b-3fb06c879b11.json +++ b/dashboards/dashboards/89d1cc50-974c-11ed-bb6b-3fb06c879b11.json @@ -155,7 +155,7 @@ "version": "WzUxMiwxXQ==", "attributes": { "title": "Log Source", - "visState": "{\"title\":\"Log Source\",\"type\":\"table\",\"aggs\":[{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"-\",\"customLabel\":\"Log Source\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"max\",\"params\":{\"field\":\"event.ingested\",\"customLabel\":\"Last Ingested\"},\"schema\":\"metric\"},{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"}],\"params\":{\"perPage\":5,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Log Source\",\"type\":\"table\",\"aggs\":[{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"-\",\"customLabel\":\"Log Source\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"max\",\"params\":{\"field\":\"event.ingested\",\"customLabel\":\"Last Ingested\"},\"schema\":\"metric\"},{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"}],\"params\":{\"perPage\":5,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -214,7 +214,7 @@ "version": "WzUxNCwxXQ==", "attributes": { "title": "Observed Device Types", - "visState": "{\"title\":\"Observed Device Types\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"related.manufacturer\",\"orderBy\":\"_key\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Manufacturer\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"related.device_type\",\"orderBy\":\"_key\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Device Type\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":15,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Observed Device Types\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"related.manufacturer\",\"orderBy\":\"_key\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Manufacturer\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"related.device_type\",\"orderBy\":\"_key\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Device Type\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":15,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":0,\"direction\":\"asc\"}}}}", "description": "", "version": 1, @@ -244,7 +244,7 @@ "version": "WzkzOSwxXQ==", "attributes": { "title": "Observed Devices", - "visState": "{\"title\":\"Observed Devices\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"\"},\"schema\":\"metric\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"related.site\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Site\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Network Segment\"},\"schema\":\"bucket\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"related.device_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Device\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"related.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":15,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Observed Devices\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"\"},\"schema\":\"metric\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"related.site\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Site\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.name\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Network Segment\"},\"schema\":\"bucket\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"related.device_name\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Device\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"related.ip\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":15,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":4,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -304,7 +304,7 @@ "version": "WzUxNywxXQ==", "attributes": { "title": "Observed Software", - "visState": "{\"title\":\"Observed Software\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.software.software_type\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Category\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.software.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Name\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"related.device_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Device\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"related.role\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Device Role\"},\"schema\":\"bucket\"},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Network Segment\"},\"schema\":\"bucket\"},{\"id\":\"7\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"related.site\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Site\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Observed Software\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.software.software_type\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Category\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.software.name\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Name\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"related.device_name\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Device\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"related.role\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Device Role\"},\"schema\":\"bucket\"},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.name\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Network Segment\"},\"schema\":\"bucket\"},{\"id\":\"7\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"related.site\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Site\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":0,\"direction\":\"asc\"}}}}", "description": "", "version": 1, @@ -334,7 +334,7 @@ "version": "WzUxOCwxXQ==", "attributes": { "title": "Uninventoried Observed Services", - "visState": "{\"title\":\"Uninventoried Observed Services\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.type\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Family\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.transport\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Transport\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Protocol\"},\"schema\":\"bucket\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"related.device_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Device\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"related.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP\"},\"schema\":\"bucket\"},{\"id\":\"7\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Port\"},\"schema\":\"bucket\"},{\"id\":\"8\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Network Segment\"},\"schema\":\"bucket\"},{\"id\":\"9\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"related.site\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Site\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":15,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Uninventoried Observed Services\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.type\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Family\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.transport\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Transport\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Protocol\"},\"schema\":\"bucket\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"related.device_name\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Device\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"related.ip\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP\"},\"schema\":\"bucket\"},{\"id\":\"7\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Port\"},\"schema\":\"bucket\"},{\"id\":\"8\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.name\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Network Segment\"},\"schema\":\"bucket\"},{\"id\":\"9\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"related.site\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Site\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":15,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":5,\"direction\":\"asc\"}}}}", "description": "", "version": 1, @@ -364,7 +364,7 @@ "version": "WzUxOSwxXQ==", "attributes": { "title": "Uninventoried Observed Hosts", - "visState": "{\"title\":\"Uninventoried Observed Hosts\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"related.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":15,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Uninventoried Observed Hosts\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"related.ip\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":15,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":0,\"direction\":null}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/92985909-dc29-4533-9e80-d3182a0ecf1d.json b/dashboards/dashboards/92985909-dc29-4533-9e80-d3182a0ecf1d.json index 71e242be5..22d7a1e64 100644 --- a/dashboards/dashboards/92985909-dc29-4533-9e80-d3182a0ecf1d.json +++ b/dashboards/dashboards/92985909-dc29-4533-9e80-d3182a0ecf1d.json @@ -139,7 +139,7 @@ "updated_at": "2021-02-10T21:24:44.215Z", "version": "WzYxMiwxXQ==", "attributes": { - "visState": "{\"title\":\"Syslog - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"Syslog - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", "description": "", "title": "Syslog - Source IP Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -169,7 +169,7 @@ "updated_at": "2021-02-10T21:24:44.215Z", "version": "WzYxMywxXQ==", "attributes": { - "visState": "{\"title\":\"Syslog - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"Syslog - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", "description": "", "title": "Syslog - Destination IP Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -200,7 +200,7 @@ "version": "WzYxNCwxXQ==", "attributes": { "title": "Syslog - Destination Port", - "visState": "{\"title\":\"Syslog - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Port\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Port\"}}]}", + "visState": "{\"title\":\"Syslog - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Port\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Port\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/95479950-41f2-11ea-88fa-7151df485405.json b/dashboards/dashboards/95479950-41f2-11ea-88fa-7151df485405.json index 5d977f3c8..d6cdb0ff5 100644 --- a/dashboards/dashboards/95479950-41f2-11ea-88fa-7151df485405.json +++ b/dashboards/dashboards/95479950-41f2-11ea-88fa-7151df485405.json @@ -154,7 +154,7 @@ "version": "WzU1OSwxXQ==", "attributes": { "title": "Notice, Alert and Signature - Summary", - "visState": "{\"title\":\"Notice, Alert, and Signature - Summary\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.provider\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Provider\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.dataset\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Dataset\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"rule.category\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Category\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"rule.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Name\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":20,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Notice, Alert, and Signature - Summary\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.provider\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Provider\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.dataset\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Dataset\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"rule.category\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Category\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"rule.name\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Name\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":20,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":4,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -184,7 +184,7 @@ "version": "WzU2MCwxXQ==", "attributes": { "title": "Outdated/Insecure Application Protocols", - "visState": "{\"title\":\"Outdated/Insecure Application Protocols\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":0,\"direction\":\"asc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Application Protocol\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"network.protocol_version\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Protocol Version\"}}]}", + "visState": "{\"title\":\"Outdated/Insecure Application Protocols\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":0,\"direction\":\"asc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Application Protocol\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"network.protocol_version\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Protocol Version\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":0,\"direction\":\"asc\"}}}}", "description": "", "version": 1, @@ -213,7 +213,7 @@ "version": "WzU2MSwxXQ==", "attributes": { "title": "Vulnerabilities", - "visState": "{\"title\":\"Vulnerabilities\",\"type\":\"table\",\"aggs\":[{\"id\":\"5\",\"enabled\":true,\"type\":\"max\",\"params\":{\"field\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER\",\"customLabel\":\"Last Seen\"},\"schema\":\"metric\"},{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.provider\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Data Source\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.dataset\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Log Type\"},\"schema\":\"bucket\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"vulnerability.id\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Vulnerability ID\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Vulnerabilities\",\"type\":\"table\",\"aggs\":[{\"id\":\"5\",\"enabled\":true,\"type\":\"max\",\"params\":{\"field\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER\",\"customLabel\":\"Last Seen\"},\"schema\":\"metric\"},{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.provider\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Data Source\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.dataset\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Log Type\"},\"schema\":\"bucket\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"vulnerability.id\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Vulnerability ID\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -243,7 +243,7 @@ "version": "WzU2MiwxXQ==", "attributes": { "title": "Clear-text Transmission of Passwords ", - "visState": "{\"title\":\"Clear-text Transmission of Passwords \",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Application Protocol\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"related.user\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":500,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Username\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Unknown\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}}}", + "visState": "{\"title\":\"Clear-text Transmission of Passwords \",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Application Protocol\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"related.user\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Username\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Unknown\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -302,7 +302,7 @@ "version": "WzU2NCwxXQ==", "attributes": { "title": "Outbound Internal Traffic by Country", - "visState": "{\"title\":\"Outbound Internal Traffic by Country\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Unknown\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.geo.country_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Responding Country\"}}]}", + "visState": "{\"title\":\"Outbound Internal Traffic by Country\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Unknown\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.geo.country_name\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Responding Country\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -331,7 +331,7 @@ "version": "WzU2NSwxXQ==", "attributes": { "title": "Inbound External Traffic by Country", - "visState": "{\"title\":\"Inbound External Traffic by Country\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Unknown\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.geo.country_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Originating Country\"}}]}", + "visState": "{\"title\":\"Inbound External Traffic by Country\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Unknown\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.geo.country_name\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Originating Country\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -389,7 +389,7 @@ "version": "WzU2NywxXQ==", "attributes": { "title": "DNS Queries by Randomness", - "visState": "{\"title\":\"DNS Queries by Randomness\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"dns.host\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":500,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"DNS Query\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.freq_score_v1\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Randomness Score (method 1)\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.freq_score_v2\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Randomness Score (method 2)\"},\"schema\":\"bucket\"}],\"params\":{\"dimensions\":{\"buckets\":[{\"accessor\":0,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\"}},\"params\":{}},{\"accessor\":1,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\"}},\"params\":{}}],\"metrics\":[{\"accessor\":2,\"aggType\":\"count\",\"format\":{\"id\":\"number\"},\"params\":{}}]},\"perPage\":20,\"percentageCol\":\"\",\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":1,\"direction\":\"asc\"},\"totalFunc\":\"sum\"}}", + "visState": "{\"title\":\"DNS Queries by Randomness\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"dns.host\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"DNS Query\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.freq_score_v1\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Randomness Score (method 1)\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.freq_score_v2\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Randomness Score (method 2)\"},\"schema\":\"bucket\"}],\"params\":{\"dimensions\":{\"buckets\":[{\"accessor\":0,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\"}},\"params\":{}},{\"accessor\":1,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\"}},\"params\":{}}],\"metrics\":[{\"accessor\":2,\"aggType\":\"count\",\"format\":{\"id\":\"number\"},\"params\":{}}]},\"perPage\":20,\"percentageCol\":\"\",\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":1,\"direction\":\"asc\"},\"totalFunc\":\"sum\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/9ee51f94-3316-4fc5-bd89-93a52af69714.json b/dashboards/dashboards/9ee51f94-3316-4fc5-bd89-93a52af69714.json index 153af4d2f..a60feedd3 100644 --- a/dashboards/dashboards/9ee51f94-3316-4fc5-bd89-93a52af69714.json +++ b/dashboards/dashboards/9ee51f94-3316-4fc5-bd89-93a52af69714.json @@ -145,7 +145,7 @@ "version": "WzU3NywxXQ==", "attributes": { "title": "Files - Files By Size (Bytes)", - "visState": "{\"title\":\"Files - Files By Size (Bytes)\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.files.seen_bytes\",\"orderBy\":\"_key\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Bytes Seen\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":20,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Files - Files By Size (Bytes)\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.files.seen_bytes\",\"orderBy\":\"_key\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Bytes Seen\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":20,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, @@ -174,7 +174,7 @@ "updated_at": "2024-02-05T17:21:00.991Z", "version": "WzU3OCwxXQ==", "attributes": { - "visState": "{\"title\":\"FIles - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"FIles - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", "description": "", "title": "FIles - Destination IP Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -204,7 +204,7 @@ "updated_at": "2024-02-05T17:21:00.991Z", "version": "WzU3OSwxXQ==", "attributes": { - "visState": "{\"title\":\"FIles - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"File IP Address\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"FIles - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"File IP Address\"}}],\"listeners\":{}}", "description": "", "title": "FIles - Source IP Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -318,7 +318,7 @@ "version": "WzU4MiwxXQ==", "attributes": { "title": "Files - MIME Type", - "visState": "{\"title\":\"Files - MIME Type\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"file.mime_type\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":500,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Mime Type\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Files - MIME Type\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"file.mime_type\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Mime Type\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -347,7 +347,7 @@ "version": "WzU4MywxXQ==", "attributes": { "title": "Files - Paths", - "visState": "{\"title\":\"Files - Paths\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.dataset\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Log Type\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Protocol\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"file.path\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":1000,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Path\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":20,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Files - Paths\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.dataset\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Log Type\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Protocol\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"file.path\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Path\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":20,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/a16110b0-3f99-11e9-a58e-8bdedb0915e8.json b/dashboards/dashboards/a16110b0-3f99-11e9-a58e-8bdedb0915e8.json index 76a377638..bf10da16d 100644 --- a/dashboards/dashboards/a16110b0-3f99-11e9-a58e-8bdedb0915e8.json +++ b/dashboards/dashboards/a16110b0-3f99-11e9-a58e-8bdedb0915e8.json @@ -80,7 +80,7 @@ "version": "WzY0OSwxXQ==", "attributes": { "title": "Connections - Destination - Sum of Total Bytes (region map)", - "visState": "{\"title\":\"Connections - Destination - Sum of Total Bytes (region map)\",\"type\":\"region_map\",\"params\":{\"addTooltip\":true,\"colorSchema\":\"Green to Red\",\"emsHotLink\":null,\"isDisplayWarning\":false,\"legendPosition\":\"bottomright\",\"mapCenter\":[0,0],\"mapZoom\":2,\"outlineWeight\":1,\"selectedJoinField\":{\"description\":\"Country Code\",\"name\":\"ISO_A2\"},\"selectedLayer\":{\"attribution\":\"https://exploratory.io/maps\",\"fields\":[{\"description\":\"Country Code\",\"name\":\"ISO_A2\"},{\"description\":\"Country Code2\",\"name\":\"WB_A2\"},{\"description\":\"Country Name\",\"name\":\"NAME\"}],\"format\":{\"type\":\"geojson\"},\"isEMS\":false,\"layerId\":\"self_hosted.World (offline)\",\"meta\":{\"feature_collection_path\":\"data\"},\"name\":\"World (offline)\",\"url\":\"/world.geojson\"},\"showAllShapes\":true,\"wms\":{\"enabled\":false,\"options\":{\"format\":\"image/png\",\"transparent\":true},\"selectedTmsLayer\":{\"origin\":\"elastic_maps_service\",\"id\":\"road_map\",\"minZoom\":0,\"maxZoom\":10,\"attribution\":\"OpenStreetMap contributors | OpenMapTiles | MapTiler | Elastic Maps Service\"}},\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\",\"params\":{}},\"params\":{},\"label\":\"Total Bytes\",\"aggType\":\"sum\"},\"bucket\":{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Responder Country\",\"aggType\":\"terms\"}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Total Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destination.geo.country_iso_code\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Responder Country\"}}]}", + "visState": "{\"title\":\"Connections - Destination - Sum of Total Bytes (region map)\",\"type\":\"region_map\",\"params\":{\"addTooltip\":true,\"colorSchema\":\"Green to Red\",\"emsHotLink\":null,\"isDisplayWarning\":false,\"legendPosition\":\"bottomright\",\"mapCenter\":[0,0],\"mapZoom\":2,\"outlineWeight\":1,\"selectedJoinField\":{\"description\":\"Country Code\",\"name\":\"ISO_A2\"},\"selectedLayer\":{\"attribution\":\"https://exploratory.io/maps\",\"fields\":[{\"description\":\"Country Code\",\"name\":\"ISO_A2\"},{\"description\":\"Country Code2\",\"name\":\"WB_A2\"},{\"description\":\"Country Name\",\"name\":\"NAME\"}],\"format\":{\"type\":\"geojson\"},\"isEMS\":false,\"layerId\":\"self_hosted.World (offline)\",\"meta\":{\"feature_collection_path\":\"data\"},\"name\":\"World (offline)\",\"url\":\"/world.geojson\"},\"showAllShapes\":true,\"wms\":{\"enabled\":false,\"options\":{\"format\":\"image/png\",\"transparent\":true},\"selectedTmsLayer\":{\"origin\":\"elastic_maps_service\",\"id\":\"road_map\",\"minZoom\":0,\"maxZoom\":10,\"attribution\":\"OpenStreetMap contributors | OpenMapTiles | MapTiler | Elastic Maps Service\"}},\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\",\"params\":{}},\"params\":{},\"label\":\"Total Bytes\",\"aggType\":\"sum\"},\"bucket\":{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Responder Country\",\"aggType\":\"terms\"}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Total Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destination.geo.country_iso_code\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Responder Country\"}}]}", "uiStateJSON": "{\"mapCenter\":[38.14774734584061,16.699218750000004],\"mapZoom\":3}", "description": "", "version": 1, diff --git a/dashboards/dashboards/a33e0a50-afcd-11ea-993f-b7d8522a8bed.json b/dashboards/dashboards/a33e0a50-afcd-11ea-993f-b7d8522a8bed.json index 223281735..8d27bb011 100644 --- a/dashboards/dashboards/a33e0a50-afcd-11ea-993f-b7d8522a8bed.json +++ b/dashboards/dashboards/a33e0a50-afcd-11ea-993f-b7d8522a8bed.json @@ -239,7 +239,7 @@ "version": "WzU5NywxXQ==", "attributes": { "title": "Actions", - "visState": "{\"title\":\"Actions\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Unknown\"}},\"params\":{},\"label\":\"Protocol\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Action\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Protocol\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Action\"}}]}", + "visState": "{\"title\":\"Actions\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Unknown\"}},\"params\":{},\"label\":\"Protocol\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Action\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Protocol\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Action\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -268,7 +268,7 @@ "version": "WzU5OCwxXQ==", "attributes": { "title": "Results", - "visState": "{\"title\":\"Results\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Unknown\"}},\"params\":{},\"label\":\"Protocol\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Result\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Protocol\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.result\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Result\"}}]}", + "visState": "{\"title\":\"Results\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Unknown\"}},\"params\":{},\"label\":\"Protocol\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Result\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Protocol\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.result\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Result\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/a7514350-eba6-11e9-a384-0fcf32210194.json b/dashboards/dashboards/a7514350-eba6-11e9-a384-0fcf32210194.json index 84f06730c..f69b21f57 100644 --- a/dashboards/dashboards/a7514350-eba6-11e9-a384-0fcf32210194.json +++ b/dashboards/dashboards/a7514350-eba6-11e9-a384-0fcf32210194.json @@ -178,7 +178,7 @@ "version": "Wzk5MSwxXQ==", "attributes": { "title": "PROFINET - Source IP", - "visState": "{\"title\":\"PROFINET - Source IP\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source Port\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":20,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"PROFINET - Source IP\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.port\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source Port\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":20,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -208,7 +208,7 @@ "version": "Wzk5MiwxXQ==", "attributes": { "title": "PROFINET - Destination IP", - "visState": "{\"title\":\"PROFINET - Destination IP\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Port\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":20,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"PROFINET - Destination IP\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Port\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":20,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -238,7 +238,7 @@ "version": "WzYxMCwxXQ==", "attributes": { "title": "PROFINET - Operation", - "visState": "{\"title\":\"PROFINET - Operation\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":4,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.profinet.operation_type\",\"size\":250,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Operation\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.profinet.index\",\"size\":30,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Index\"}}]}", + "visState": "{\"title\":\"PROFINET - Operation\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":4,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.profinet.operation_type\",,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Operation\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.profinet.index\",,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Index\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -268,7 +268,7 @@ "version": "WzYxMSwxXQ==", "attributes": { "title": "PROFINET - Operation Details", - "visState": "{\"title\":\"PROFINET - Operation Details\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":4,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.profinet.operation_type\",\"size\":250,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Operation\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.profinet.index\",\"size\":30,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Index\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.profinet.slot_number\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Slot\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.profinet.subslot_number\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Subslot\"}}]}", + "visState": "{\"title\":\"PROFINET - Operation Details\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":4,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.profinet.operation_type\",,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Operation\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.profinet.index\",,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Index\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.profinet.slot_number\",,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Slot\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.profinet.subslot_number\",,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Subslot\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":4,\"direction\":\"desc\"}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/abdd7550-2c7c-40dc-947e-f6d186a158c4.json b/dashboards/dashboards/abdd7550-2c7c-40dc-947e-f6d186a158c4.json index 9566a0aa8..42fe54aa7 100644 --- a/dashboards/dashboards/abdd7550-2c7c-40dc-947e-f6d186a158c4.json +++ b/dashboards/dashboards/abdd7550-2c7c-40dc-947e-f6d186a158c4.json @@ -1,941 +1,941 @@ -{ - "version": "1.3.1", - "objects": [ - { - "id": "abdd7550-2c7c-40dc-947e-f6d186a158c4", - "type": "dashboard", - "namespaces": [ - "default" - ], - "updated_at": "2022-04-29T20:10:44.437Z", - "version": "WzEzMjMsMV0=", - "attributes": { - "title": "Connections", - "hits": 0, - "description": "", - "panelsJSON": "[{\"embeddableConfig\":{},\"gridData\":{\"h\":24,\"i\":\"2\",\"w\":8,\"x\":0,\"y\":0},\"panelIndex\":\"2\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"gridData\":{\"h\":8,\"i\":\"3\",\"w\":32,\"x\":16,\"y\":0},\"panelIndex\":\"3\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":22,\"i\":\"5\",\"w\":48,\"x\":0,\"y\":61},\"panelIndex\":\"5\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"h\":21,\"i\":\"8\",\"w\":16,\"x\":0,\"y\":131},\"panelIndex\":\"8\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"h\":21,\"i\":\"9\",\"w\":16,\"x\":16,\"y\":131},\"panelIndex\":\"9\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"h\":20,\"i\":\"11\",\"w\":16,\"x\":0,\"y\":192},\"panelIndex\":\"11\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"h\":20,\"i\":\"12\",\"w\":16,\"x\":16,\"y\":192},\"panelIndex\":\"12\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"h\":20,\"i\":\"13\",\"w\":16,\"x\":32,\"y\":192},\"panelIndex\":\"13\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"h\":25,\"i\":\"19\",\"w\":25,\"x\":23,\"y\":106},\"panelIndex\":\"19\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_8\"},{\"embeddableConfig\":{\"legendOpen\":false,\"vis\":{\"legendOpen\":true}},\"gridData\":{\"h\":29,\"i\":\"21\",\"w\":19,\"x\":29,\"y\":8},\"panelIndex\":\"21\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_9\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":23,\"i\":\"22\",\"w\":17,\"x\":16,\"y\":83},\"panelIndex\":\"22\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_10\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":23,\"i\":\"23\",\"w\":15,\"x\":33,\"y\":83},\"panelIndex\":\"23\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_11\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":23,\"i\":\"24\",\"w\":16,\"x\":0,\"y\":83},\"panelIndex\":\"24\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_12\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":13,\"i\":\"26\",\"w\":8,\"x\":0,\"y\":24},\"panelIndex\":\"26\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_13\"},{\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"gridData\":{\"h\":8,\"i\":\"29\",\"w\":8,\"x\":8,\"y\":0},\"panelIndex\":\"29\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_14\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":25,\"i\":\"30\",\"w\":23,\"x\":0,\"y\":106},\"panelIndex\":\"30\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_15\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":21,\"i\":\"31\",\"w\":16,\"x\":32,\"y\":131},\"panelIndex\":\"31\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_16\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"32\",\"w\":24,\"x\":0,\"y\":172},\"panelIndex\":\"32\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_17\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"33\",\"w\":24,\"x\":24,\"y\":172},\"panelIndex\":\"33\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_18\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"34\",\"w\":24,\"x\":0,\"y\":152},\"panelIndex\":\"34\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_19\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"35\",\"w\":24,\"x\":24,\"y\":152},\"panelIndex\":\"35\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_20\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":24,\"i\":\"36\",\"w\":24,\"x\":0,\"y\":37},\"panelIndex\":\"36\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_21\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":24,\"i\":\"37\",\"w\":24,\"x\":24,\"y\":37},\"panelIndex\":\"37\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_22\"},{\"embeddableConfig\":{\"legendOpen\":true,\"vis\":{\"legendOpen\":false}},\"gridData\":{\"h\":29,\"i\":\"38\",\"w\":12,\"x\":17,\"y\":8},\"panelIndex\":\"38\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_23\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":29,\"i\":\"cbba4b14-342c-4e8e-9afd-f4da9e4b8f00\",\"w\":9,\"x\":8,\"y\":8},\"panelIndex\":\"cbba4b14-342c-4e8e-9afd-f4da9e4b8f00\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_24\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":37,\"i\":\"82da0128-4dcd-4f8b-9275-aad74435296f\",\"w\":48,\"x\":0,\"y\":212},\"panelIndex\":\"82da0128-4dcd-4f8b-9275-aad74435296f\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_25\"}]", - "optionsJSON": "{\"useMargins\":true}", - "version": 1, - "timeRestore": false, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"*\"},\"filter\":[]}" - } - }, - "references": [ - { - "name": "panel_0", - "type": "visualization", - "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3" - }, - { - "name": "panel_1", - "type": "visualization", - "id": "03eba854-72b5-47d0-a92a-b671a0d7ed19" - }, - { - "name": "panel_2", - "type": "visualization", - "id": "52013c7c-c554-450e-9198-dbafdc050459" - }, - { - "name": "panel_3", - "type": "visualization", - "id": "13f8cfbf-7b48-414b-8b34-9fc40d4fc066" - }, - { - "name": "panel_4", - "type": "visualization", - "id": "4ab657d5-88d3-44c0-90fd-4e731e528d60" - }, - { - "name": "panel_5", - "type": "visualization", - "id": "d25f4abc-24af-405e-a6f6-873277fe5771" - }, - { - "name": "panel_6", - "type": "visualization", - "id": "0eb7d869-bd51-4711-8ac3-f3cea41dee37" - }, - { - "name": "panel_7", - "type": "visualization", - "id": "fccf0fdd-7e50-4dce-8b85-74141c404ef3" - }, - { - "name": "panel_8", - "type": "visualization", - "id": "bda3ad0a-aa00-40b6-b0ed-a42b96f3343e" - }, - { - "name": "panel_9", - "type": "visualization", - "id": "73528008-f11d-4faa-8f69-a5bf23507b8f" - }, - { - "name": "panel_10", - "type": "visualization", - "id": "faa08629-0011-4b38-8b74-3ba86b59155f" - }, - { - "name": "panel_11", - "type": "visualization", - "id": "0418f791-97b5-4eb4-b644-bf91c98f9c1d" - }, - { - "name": "panel_12", - "type": "visualization", - "id": "a76bc3ed-bbf7-429a-a936-475e9f9e0c0d" - }, - { - "name": "panel_13", - "type": "visualization", - "id": "4dd65202-bd19-40d6-9e0d-ff41c6d5a4b5" - }, - { - "name": "panel_14", - "type": "visualization", - "id": "AWDG71xFxQT5EBNmq336" - }, - { - "name": "panel_15", - "type": "visualization", - "id": "f7ddb5a7-32d5-4e10-b9d5-01ac0bd694c0" - }, - { - "name": "panel_16", - "type": "visualization", - "id": "568c74ff-3ef3-45ba-a178-0520633697bd" - }, - { - "name": "panel_17", - "type": "visualization", - "id": "73df67e0-1f4b-11e9-b7cf-71e2cd3bde1b" - }, - { - "name": "panel_18", - "type": "visualization", - "id": "b1851d10-1f4b-11e9-b7cf-71e2cd3bde1b" - }, - { - "name": "panel_19", - "type": "visualization", - "id": "cf9a1cf0-1f4c-11e9-b7cf-71e2cd3bde1b" - }, - { - "name": "panel_20", - "type": "visualization", - "id": "b9e4dcb0-1f4c-11e9-b7cf-71e2cd3bde1b" - }, - { - "name": "panel_21", - "type": "visualization", - "id": "c513e8f0-1f4d-11e9-b7cf-71e2cd3bde1b" - }, - { - "name": "panel_22", - "type": "visualization", - "id": "b04c8b20-1f4d-11e9-b7cf-71e2cd3bde1b" - }, - { - "name": "panel_23", - "type": "visualization", - "id": "ede811b0-1f4e-11e9-b7cf-71e2cd3bde1b" - }, - { - "name": "panel_24", - "type": "visualization", - "id": "adc09360-49c7-11ea-812f-2bc51df4ea1e" - }, - { - "name": "panel_25", - "type": "search", - "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" - } - ], - "migrationVersion": { - "dashboard": "7.9.3" - } - }, - { - "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-04-29T19:57:16.086Z", - "version": "Wzc4NiwxXQ==", - "attributes": { - "title": "Network Logs", - "visState": "{\"title\":\"Network Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576) \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405) \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf) \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330) \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4) \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed) \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714) \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3) \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85) \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11) \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f) \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b) \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1) \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed) \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5) \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f) \\n[↪ NetBox](/netbox/) \\n[↪ Arkime](/arkime/) \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406) ● [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e) ● [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9) ● [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48) ● [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) ● [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3) ● [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673) ● [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24) ● [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105) ● [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6) ● [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37) ● [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586) ● [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0) ● [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c) ● [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970) ● [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0) ● [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26) ● [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa) ● [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773) ● [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f) ● [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab) ● [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238) ● [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3) ● [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd) ● [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d) ● [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88) ● [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2) ● [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194) ● [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad) ● [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3) ● [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4) ● [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194) ● [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7) ● [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8) ● [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4) ● [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194) ● [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194) ● [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4) ● [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}", - "uiStateJSON": "{}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}" - } - }, - "references": [], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "03eba854-72b5-47d0-a92a-b671a0d7ed19", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-04-29T20:10:39.465Z", - "version": "WzEzMDIsMV0=", - "attributes": { - "title": "Connections - Log Count Over Time", - "visState": "{\"title\":\"Connections - Log Count Over Time\",\"type\":\"line\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"params\":{\"field\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER\",\"timeRange\":{\"from\":\"now-25y\",\"to\":\"now\"},\"useNormalizedOpenSearchInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\" \"},\"schema\":\"segment\"}],\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"histogram\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"type\":\"histogram\",\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}", - "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "52013c7c-c554-450e-9198-dbafdc050459", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-04-29T19:56:53.664Z", - "version": "WzU0MiwxXQ==", - "attributes": { - "title": "Connections - Service By Destination Country", - "visState": "{\"title\":\"Connections - Service By Destination Country\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"row\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"split\",\"params\":{\"field\":\"destination.geo.country_name\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Country\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"network.protocol\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Service\"}}]}", - "uiStateJSON": "{}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "type": "search", - "name": "search_0", - "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "13f8cfbf-7b48-414b-8b34-9fc40d4fc066", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-04-29T19:56:53.664Z", - "version": "WzU0MywxXQ==", - "attributes": { - "visState": "{\"title\":\"Connections - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", - "description": "", - "title": "Connections - Source IP Address", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "type": "search", - "name": "search_0", - "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "4ab657d5-88d3-44c0-90fd-4e731e528d60", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-04-29T19:56:53.664Z", - "version": "WzU0NCwxXQ==", - "attributes": { - "visState": "{\"title\":\"Connections - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", - "description": "", - "title": "Connections - Destination IP Address", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "type": "search", - "name": "search_0", - "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "d25f4abc-24af-405e-a6f6-873277fe5771", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-04-29T19:56:53.664Z", - "version": "WzU0NSwxXQ==", - "attributes": { - "visState": "{\"title\":\"Connections - Source Country\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.geo.country_code2\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Country\"}}],\"listeners\":{}}", - "description": "", - "title": "Connections - Source Country", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "type": "search", - "name": "search_0", - "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "0eb7d869-bd51-4711-8ac3-f3cea41dee37", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-04-29T19:56:53.664Z", - "version": "WzU0NiwxXQ==", - "attributes": { - "visState": "{\"title\":\"Connections - Responder Bytes\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"server.bytes\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"_term\",\"customLabel\":\"Responder Bytes\"}}],\"listeners\":{}}", - "description": "", - "title": "Connections - Responder Bytes", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "type": "search", - "name": "search_0", - "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "fccf0fdd-7e50-4dce-8b85-74141c404ef3", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-04-29T19:56:53.664Z", - "version": "WzU0NywxXQ==", - "attributes": { - "visState": "{\"title\":\"Connections - Missed Bytes\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.conn.missed_bytes\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"_term\",\"customLabel\":\"Missed Bytes\"}}],\"listeners\":{}}", - "description": "", - "title": "Connections - Missed Bytes", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "type": "search", - "name": "search_0", - "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "bda3ad0a-aa00-40b6-b0ed-a42b96f3343e", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-04-29T19:56:53.664Z", - "version": "WzU0OCwxXQ==", - "attributes": { - "title": "Connections - Connection State", - "visState": "{\"title\":\"Connections - Connection State\",\"type\":\"table\",\"params\":{\"perPage\":15,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Connection State Description\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.conn.conn_state_description\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Connection State Description\"}}]}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "73528008-f11d-4faa-8f69-a5bf23507b8f", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-04-29T19:56:53.664Z", - "version": "WzU0OSwxXQ==", - "attributes": { - "title": "Connections - Top 10 - Total Bytes By Connection", - "visState": "{\"title\":\"Connections - Top 10 - Total Bytes By Connection\",\"type\":\"histogram\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":false,\"truncate\":100,\"rotate\":75},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Connection ID\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"orderBucketsBySum\":false,\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Total Bytes\"},\"drawLinesBetweenPoints\":true,\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"square root\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Total Bytes\"},\"type\":\"value\"}],\"type\":\"histogram\",\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"dimensions\":{\"x\":{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Connection ID\",\"aggType\":\"terms\"},\"y\":[{\"accessor\":2,\"format\":{\"id\":\"number\",\"params\":{}},\"params\":{},\"label\":\"Total Bytes\",\"aggType\":\"max\"}],\"series\":[{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Connection ID\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Total Bytes\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"event.id\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Connection ID\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"event.id\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Connection ID\"}}]}", - "uiStateJSON": "{\"vis\":{\"legendOpen\":true}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "faa08629-0011-4b38-8b74-3ba86b59155f", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-04-29T19:56:53.664Z", - "version": "WzU1MCwxXQ==", - "attributes": { - "title": "Connections - Top 10 - Total Bytes By Destination IP", - "visState": "{\"title\":\"Connections - Top 10 - Total Bytes By Destination IP\",\"type\":\"histogram\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100,\"rotate\":75},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Destination IP Address\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"orderBucketsBySum\":false,\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Total Bytes\"},\"drawLinesBetweenPoints\":true,\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"square root\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Total Bytes\"},\"type\":\"value\"}],\"type\":\"histogram\",\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"dimensions\":{\"x\":{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"ip\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Destination IP Address\",\"aggType\":\"terms\"},\"y\":[{\"accessor\":2,\"format\":{\"id\":\"number\",\"params\":{}},\"params\":{},\"label\":\"Total Bytes\",\"aggType\":\"max\"}],\"series\":[{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"ip\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Destination IP Address\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Total Bytes\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP Address\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP Address\"}}]}", - "uiStateJSON": "{}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "0418f791-97b5-4eb4-b644-bf91c98f9c1d", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-04-29T19:56:53.664Z", - "version": "WzU1MSwxXQ==", - "attributes": { - "title": "Connections - Top 10 - Total Bytes By Destination Port", - "visState": "{\"title\":\"Connections - Top 10 - Total Bytes By Destination Port\",\"type\":\"histogram\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100,\"rotate\":0},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Destination Port\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"orderBucketsBySum\":false,\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Max network.bytes\"},\"drawLinesBetweenPoints\":true,\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"square root\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Total Bytes\"},\"type\":\"value\"}],\"type\":\"histogram\",\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"dimensions\":{\"x\":{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Destination Port\",\"aggType\":\"terms\"},\"y\":[{\"accessor\":2,\"format\":{\"id\":\"number\",\"params\":{}},\"params\":{},\"label\":\"Max network.bytes\",\"aggType\":\"max\"}],\"series\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Destination Port\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"network.bytes\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Port\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Port\"}}]}", - "uiStateJSON": "{}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "a76bc3ed-bbf7-429a-a936-475e9f9e0c0d", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-04-29T19:56:53.664Z", - "version": "WzU1MiwxXQ==", - "attributes": { - "title": "Connections - Top 10 - Total Bytes By Source IP", - "visState": "{\"title\":\"Connections - Top 10 - Total Bytes By Source IP\",\"type\":\"histogram\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100,\"rotate\":75},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Source IP Address\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"left\",\"orderBucketsBySum\":false,\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Total Bytes\"},\"drawLinesBetweenPoints\":true,\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"square root\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Total Bytes\"},\"type\":\"value\"}],\"type\":\"histogram\",\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"dimensions\":{\"x\":{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"ip\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Source IP Address\",\"aggType\":\"terms\"},\"y\":[{\"accessor\":2,\"format\":{\"id\":\"number\",\"params\":{}},\"params\":{},\"label\":\"Total Bytes\",\"aggType\":\"max\"}],\"series\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"ip\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Source IP Address\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Total Bytes\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP Address\"}},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP Address\"}}]}", - "uiStateJSON": "{}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "4dd65202-bd19-40d6-9e0d-ff41c6d5a4b5", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-04-29T19:57:13.041Z", - "version": "Wzc2MCwxXQ==", - "attributes": { - "title": "Connections - Maps", - "visState": "{\"title\":\"Connections - Maps\",\"type\":\"markdown\",\"params\":{\"fontSize\":10,\"markdown\":\"#### Coordinate Maps\\n[Source - Originator Bytes](#/dashboard/b50c8d17-6ed3-4de6-aed4-5181032810b2) ● [Destination - Responder Bytes](#/dashboard/d4fd6afd-15cb-42bf-8a25-03dd8e59b327) ● [Source - Sum of Total Bytes](#/dashboard/f394057d-1b16-4174-b994-7045f423a416) ● [Destination - Sum of Total Bytes](#/dashboard/60d78fbd-471c-4f59-a9e3-189b33a13644) ● [Source - Top Connection Duration](#/dashboard/e09a4b86-29b5-4256-bb3b-802ac9f90404) ● [Destination - Top Connection Duration](#/dashboard/0aed0e23-c8ac-4f2b-9f68-d04b6e7666b0) \\n#### Region Maps\\n[Source - Originator Bytes ](#/dashboard/d41fe630-3f98-11e9-a58e-8bdedb0915e8) ● [Destination - Responder Bytes ](#/dashboard/77fc9960-3f99-11e9-a58e-8bdedb0915e8) ● [Source - Sum of Total Bytes ](#/dashboard/1ce42250-3f99-11e9-a58e-8bdedb0915e8) ● [Destination - Sum of Total Bytes ](#/dashboard/a16110b0-3f99-11e9-a58e-8bdedb0915e8) ● [Source - Top Connection Duration ](#/dashboard/39abfe30-3f99-11e9-a58e-8bdedb0915e8) ● [Destination - Top Connection Duration ](#/dashboard/b9f247c0-3f99-11e9-a58e-8bdedb0915e8)\",\"openLinksInNewTab\":false},\"aggs\":[]}", - "uiStateJSON": "{}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}" - } - }, - "references": [], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "AWDG71xFxQT5EBNmq336", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-04-29T19:56:53.664Z", - "version": "WzU1NCwxXQ==", - "attributes": { - "title": "Connections - Log Count", - "visState": "{\"title\":\"Connections - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}", - "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "type": "search", - "name": "search_0", - "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "f7ddb5a7-32d5-4e10-b9d5-01ac0bd694c0", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-04-29T19:56:53.664Z", - "version": "WzU1NSwxXQ==", - "attributes": { - "title": "Connections - Total Bytes Per Source/Destination IP Pair", - "visState": "{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"4\",\"params\":{\"customLabel\":\"Total Bytes\",\"field\":\"network.bytes\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"_key\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":100},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"customLabel\":\"Source IP\",\"field\":\"source.ip\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderAgg\":{\"enabled\":true,\"id\":\"2-orderAgg\",\"params\":{\"field\":\"network.bytes\"},\"schema\":{\"aggFilter\":[\"!top_hits\",\"!percentiles\",\"!median\",\"!std_dev\",\"!derivative\",\"!moving_avg\",\"!serial_diff\",\"!cumulative_sum\",\"!avg_bucket\",\"!max_bucket\",\"!min_bucket\",\"!sum_bucket\"],\"deprecate\":false,\"editor\":false,\"group\":\"none\",\"hideCustomLabel\":true,\"max\":null,\"min\":0,\"name\":\"orderAgg\",\"params\":[],\"title\":\"Order Agg\"},\"type\":\"cardinality\"},\"orderBy\":\"custom\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":100},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"customLabel\":\"Destination IP\",\"field\":\"destination.ip\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderAgg\":{\"enabled\":true,\"id\":\"3-orderAgg\",\"params\":{\"field\":\"network.bytes\"},\"schema\":{\"aggFilter\":[\"!top_hits\",\"!percentiles\",\"!median\",\"!std_dev\",\"!derivative\",\"!moving_avg\",\"!serial_diff\",\"!cumulative_sum\",\"!avg_bucket\",\"!max_bucket\",\"!min_bucket\",\"!sum_bucket\"],\"deprecate\":false,\"editor\":false,\"group\":\"none\",\"hideCustomLabel\":true,\"max\":null,\"min\":0,\"name\":\"orderAgg\",\"params\":[],\"title\":\"Order Agg\"},\"type\":\"cardinality\"},\"orderBy\":\"custom\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":100},\"schema\":\"bucket\",\"type\":\"terms\"}],\"params\":{\"perPage\":15,\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\"},\"title\":\"Connections - Total Bytes Per Source/Destination IP Pair\",\"type\":\"table\"}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "type": "search", - "name": "search_0", - "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "568c74ff-3ef3-45ba-a178-0520633697bd", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-04-29T19:56:53.664Z", - "version": "WzU1NiwxXQ==", - "attributes": { - "title": "Connections - Destination Port", - "visState": "{\"title\":\"Connections - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination Port\"}}]}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "type": "search", - "name": "search_0", - "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "73df67e0-1f4b-11e9-b7cf-71e2cd3bde1b", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-04-29T19:56:53.664Z", - "version": "WzU1NywxXQ==", - "attributes": { - "title": "Connections - Source MAC OUI", - "visState": "{\"title\":\"Connections - Source MAC OUI\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.oui\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source MAC OUI\"}}]}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "type": "search", - "name": "search_0", - "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "b1851d10-1f4b-11e9-b7cf-71e2cd3bde1b", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-04-29T19:56:53.664Z", - "version": "WzU1OCwxXQ==", - "attributes": { - "title": "Connections - Destination MAC OUI", - "visState": "{\"title\":\"Connections - Destination MAC OUI\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.oui\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination MAC OUI\"}}]}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "type": "search", - "name": "search_0", - "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "cf9a1cf0-1f4c-11e9-b7cf-71e2cd3bde1b", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-04-29T19:56:53.664Z", - "version": "WzU1OSwxXQ==", - "attributes": { - "title": "Connections - Source MAC Address", - "visState": "{\"title\":\"Connections - Source MAC Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.mac\",\"size\":500,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"MAC Address\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.oui\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Organizational Unique Identifier\"}}]}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "type": "search", - "name": "search_0", - "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "b9e4dcb0-1f4c-11e9-b7cf-71e2cd3bde1b", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-04-29T19:56:53.664Z", - "version": "WzU2MCwxXQ==", - "attributes": { - "title": "Connections - Destination MAC Address", - "visState": "{\"title\":\"Connections - Destination MAC Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.mac\",\"size\":500,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"MAC Address\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.oui\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Organizational Unique Identifier\"}}]}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "type": "search", - "name": "search_0", - "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "c513e8f0-1f4d-11e9-b7cf-71e2cd3bde1b", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-04-29T19:56:53.664Z", - "version": "WzU2MSwxXQ==", - "attributes": { - "title": "Connections - Top 10 - Total Bytes By Source MAC OUI", - "visState": "{\"title\":\"Connections - Top 10 - Total Bytes By Source MAC OUI\",\"type\":\"histogram\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":false,\"truncate\":100,\"rotate\":75},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Destination IP Address\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"orderBucketsBySum\":false,\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Total Bytes\"},\"drawLinesBetweenPoints\":true,\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"square root\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Total Bytes\"},\"type\":\"value\"}],\"type\":\"histogram\",\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"dimensions\":{\"x\":{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Source MAC OUI\",\"aggType\":\"terms\"},\"y\":[{\"accessor\":2,\"format\":{\"id\":\"number\",\"params\":{}},\"params\":{},\"label\":\"Total Bytes\",\"aggType\":\"max\"}],\"series\":[{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Source MAC OUI\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Total Bytes\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"source.oui\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source MAC OUI\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"source.oui\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source MAC OUI\"}}]}", - "uiStateJSON": "{}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "b04c8b20-1f4d-11e9-b7cf-71e2cd3bde1b", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-04-29T19:56:53.664Z", - "version": "WzU2MiwxXQ==", - "attributes": { - "title": "Connections - Top 10 - Total Bytes By Destination MAC OUI", - "visState": "{\"title\":\"Connections - Top 10 - Total Bytes By Destination MAC OUI\",\"type\":\"histogram\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":false,\"truncate\":100,\"rotate\":75},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Destination IP Address\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"orderBucketsBySum\":false,\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Total Bytes\"},\"drawLinesBetweenPoints\":true,\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"square root\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Total Bytes\"},\"type\":\"value\"}],\"type\":\"histogram\",\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"dimensions\":{\"x\":{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Destination MAC OUI\",\"aggType\":\"terms\"},\"y\":[{\"accessor\":2,\"format\":{\"id\":\"number\",\"params\":{}},\"params\":{},\"label\":\"Total Bytes\",\"aggType\":\"max\"}],\"series\":[{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Destination MAC OUI\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Total Bytes\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destination.oui\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination MAC OUI\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"destination.oui\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination MAC OUI\"}}]}", - "uiStateJSON": "{}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "ede811b0-1f4e-11e9-b7cf-71e2cd3bde1b", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-04-29T19:56:53.664Z", - "version": "WzU2MywxXQ==", - "attributes": { - "title": "Connections - Protocol", - "visState": "{\"title\":\"Connections - Protocol\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"isDonut\":false,\"labels\":{\"show\":true,\"values\":false,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Protocol\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"network.transport\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Protocol\"}}]}", - "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "adc09360-49c7-11ea-812f-2bc51df4ea1e", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-04-29T19:56:53.664Z", - "version": "WzU2NCwxXQ==", - "attributes": { - "title": "Network Layer", - "visState": "{\"title\":\"Network Layer\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"isDonut\":true,\"labels\":{\"show\":true,\"values\":false,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Network Layer\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"network.type\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Network Layer\"}}]}", - "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "52570870-e9d4-444f-a3df-e44c6757ed9f", - "type": "search", - "namespaces": [ - "default" - ], - "updated_at": "2022-04-29T19:57:13.041Z", - "version": "Wzc2MSwxXQ==", - "attributes": { - "title": "Connections - Logs", - "description": "", - "hits": 0, - "columns": [ - "network.transport", - "network.protocol", - "source.ip", - "source.port", - "destination.ip", - "destination.port", - "network.bytes", - "event.id" - ], - "sort": [ - [ - "MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER", - "desc" - ] - ], - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"filter\":[],\"query\":{\"query\":{\"query_string\":{\"query\":\"(event.provider:zeek AND event.dataset:conn) OR (event.provider:suricata AND event.dataset:flow)\",\"analyze_wildcard\":true}},\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" - } - }, - "references": [ - { - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern", - "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" - } - ], - "migrationVersion": { - "search": "7.9.3" - } - } - ] +{ + "version": "1.3.1", + "objects": [ + { + "id": "abdd7550-2c7c-40dc-947e-f6d186a158c4", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-04-29T20:10:44.437Z", + "version": "WzEzMjMsMV0=", + "attributes": { + "title": "Connections", + "hits": 0, + "description": "", + "panelsJSON": "[{\"embeddableConfig\":{},\"gridData\":{\"h\":24,\"i\":\"2\",\"w\":8,\"x\":0,\"y\":0},\"panelIndex\":\"2\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"gridData\":{\"h\":8,\"i\":\"3\",\"w\":32,\"x\":16,\"y\":0},\"panelIndex\":\"3\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":22,\"i\":\"5\",\"w\":48,\"x\":0,\"y\":61},\"panelIndex\":\"5\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"h\":21,\"i\":\"8\",\"w\":16,\"x\":0,\"y\":131},\"panelIndex\":\"8\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"h\":21,\"i\":\"9\",\"w\":16,\"x\":16,\"y\":131},\"panelIndex\":\"9\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"h\":20,\"i\":\"11\",\"w\":16,\"x\":0,\"y\":192},\"panelIndex\":\"11\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"h\":20,\"i\":\"12\",\"w\":16,\"x\":16,\"y\":192},\"panelIndex\":\"12\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"h\":20,\"i\":\"13\",\"w\":16,\"x\":32,\"y\":192},\"panelIndex\":\"13\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"h\":25,\"i\":\"19\",\"w\":25,\"x\":23,\"y\":106},\"panelIndex\":\"19\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_8\"},{\"embeddableConfig\":{\"legendOpen\":false,\"vis\":{\"legendOpen\":true}},\"gridData\":{\"h\":29,\"i\":\"21\",\"w\":19,\"x\":29,\"y\":8},\"panelIndex\":\"21\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_9\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":23,\"i\":\"22\",\"w\":17,\"x\":16,\"y\":83},\"panelIndex\":\"22\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_10\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":23,\"i\":\"23\",\"w\":15,\"x\":33,\"y\":83},\"panelIndex\":\"23\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_11\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":23,\"i\":\"24\",\"w\":16,\"x\":0,\"y\":83},\"panelIndex\":\"24\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_12\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":13,\"i\":\"26\",\"w\":8,\"x\":0,\"y\":24},\"panelIndex\":\"26\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_13\"},{\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"gridData\":{\"h\":8,\"i\":\"29\",\"w\":8,\"x\":8,\"y\":0},\"panelIndex\":\"29\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_14\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":25,\"i\":\"30\",\"w\":23,\"x\":0,\"y\":106},\"panelIndex\":\"30\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_15\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":21,\"i\":\"31\",\"w\":16,\"x\":32,\"y\":131},\"panelIndex\":\"31\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_16\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"32\",\"w\":24,\"x\":0,\"y\":172},\"panelIndex\":\"32\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_17\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"33\",\"w\":24,\"x\":24,\"y\":172},\"panelIndex\":\"33\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_18\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"34\",\"w\":24,\"x\":0,\"y\":152},\"panelIndex\":\"34\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_19\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"35\",\"w\":24,\"x\":24,\"y\":152},\"panelIndex\":\"35\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_20\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":24,\"i\":\"36\",\"w\":24,\"x\":0,\"y\":37},\"panelIndex\":\"36\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_21\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":24,\"i\":\"37\",\"w\":24,\"x\":24,\"y\":37},\"panelIndex\":\"37\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_22\"},{\"embeddableConfig\":{\"legendOpen\":true,\"vis\":{\"legendOpen\":false}},\"gridData\":{\"h\":29,\"i\":\"38\",\"w\":12,\"x\":17,\"y\":8},\"panelIndex\":\"38\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_23\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":29,\"i\":\"cbba4b14-342c-4e8e-9afd-f4da9e4b8f00\",\"w\":9,\"x\":8,\"y\":8},\"panelIndex\":\"cbba4b14-342c-4e8e-9afd-f4da9e4b8f00\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_24\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":37,\"i\":\"82da0128-4dcd-4f8b-9275-aad74435296f\",\"w\":48,\"x\":0,\"y\":212},\"panelIndex\":\"82da0128-4dcd-4f8b-9275-aad74435296f\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_25\"}]", + "optionsJSON": "{\"useMargins\":true}", + "version": 1, + "timeRestore": false, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"*\"},\"filter\":[]}" + } + }, + "references": [ + { + "name": "panel_0", + "type": "visualization", + "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3" + }, + { + "name": "panel_1", + "type": "visualization", + "id": "03eba854-72b5-47d0-a92a-b671a0d7ed19" + }, + { + "name": "panel_2", + "type": "visualization", + "id": "52013c7c-c554-450e-9198-dbafdc050459" + }, + { + "name": "panel_3", + "type": "visualization", + "id": "13f8cfbf-7b48-414b-8b34-9fc40d4fc066" + }, + { + "name": "panel_4", + "type": "visualization", + "id": "4ab657d5-88d3-44c0-90fd-4e731e528d60" + }, + { + "name": "panel_5", + "type": "visualization", + "id": "d25f4abc-24af-405e-a6f6-873277fe5771" + }, + { + "name": "panel_6", + "type": "visualization", + "id": "0eb7d869-bd51-4711-8ac3-f3cea41dee37" + }, + { + "name": "panel_7", + "type": "visualization", + "id": "fccf0fdd-7e50-4dce-8b85-74141c404ef3" + }, + { + "name": "panel_8", + "type": "visualization", + "id": "bda3ad0a-aa00-40b6-b0ed-a42b96f3343e" + }, + { + "name": "panel_9", + "type": "visualization", + "id": "73528008-f11d-4faa-8f69-a5bf23507b8f" + }, + { + "name": "panel_10", + "type": "visualization", + "id": "faa08629-0011-4b38-8b74-3ba86b59155f" + }, + { + "name": "panel_11", + "type": "visualization", + "id": "0418f791-97b5-4eb4-b644-bf91c98f9c1d" + }, + { + "name": "panel_12", + "type": "visualization", + "id": "a76bc3ed-bbf7-429a-a936-475e9f9e0c0d" + }, + { + "name": "panel_13", + "type": "visualization", + "id": "4dd65202-bd19-40d6-9e0d-ff41c6d5a4b5" + }, + { + "name": "panel_14", + "type": "visualization", + "id": "AWDG71xFxQT5EBNmq336" + }, + { + "name": "panel_15", + "type": "visualization", + "id": "f7ddb5a7-32d5-4e10-b9d5-01ac0bd694c0" + }, + { + "name": "panel_16", + "type": "visualization", + "id": "568c74ff-3ef3-45ba-a178-0520633697bd" + }, + { + "name": "panel_17", + "type": "visualization", + "id": "73df67e0-1f4b-11e9-b7cf-71e2cd3bde1b" + }, + { + "name": "panel_18", + "type": "visualization", + "id": "b1851d10-1f4b-11e9-b7cf-71e2cd3bde1b" + }, + { + "name": "panel_19", + "type": "visualization", + "id": "cf9a1cf0-1f4c-11e9-b7cf-71e2cd3bde1b" + }, + { + "name": "panel_20", + "type": "visualization", + "id": "b9e4dcb0-1f4c-11e9-b7cf-71e2cd3bde1b" + }, + { + "name": "panel_21", + "type": "visualization", + "id": "c513e8f0-1f4d-11e9-b7cf-71e2cd3bde1b" + }, + { + "name": "panel_22", + "type": "visualization", + "id": "b04c8b20-1f4d-11e9-b7cf-71e2cd3bde1b" + }, + { + "name": "panel_23", + "type": "visualization", + "id": "ede811b0-1f4e-11e9-b7cf-71e2cd3bde1b" + }, + { + "name": "panel_24", + "type": "visualization", + "id": "adc09360-49c7-11ea-812f-2bc51df4ea1e" + }, + { + "name": "panel_25", + "type": "search", + "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" + } + ], + "migrationVersion": { + "dashboard": "7.9.3" + } + }, + { + "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-04-29T19:57:16.086Z", + "version": "Wzc4NiwxXQ==", + "attributes": { + "title": "Network Logs", + "visState": "{\"title\":\"Network Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576) \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405) \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf) \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330) \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4) \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed) \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714) \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3) \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85) \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11) \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f) \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b) \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1) \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed) \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5) \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f) \\n[↪ NetBox](/netbox/) \\n[↪ Arkime](/arkime/) \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406) ● [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e) ● [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9) ● [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48) ● [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) ● [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3) ● [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673) ● [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24) ● [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105) ● [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6) ● [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37) ● [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586) ● [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0) ● [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c) ● [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970) ● [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0) ● [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26) ● [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa) ● [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773) ● [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f) ● [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab) ● [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238) ● [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3) ● [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd) ● [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d) ● [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88) ● [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2) ● [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194) ● [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad) ● [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3) ● [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4) ● [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194) ● [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7) ● [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8) ● [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4) ● [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194) ● [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194) ● [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4) ● [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}", + "uiStateJSON": "{}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}" + } + }, + "references": [], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "03eba854-72b5-47d0-a92a-b671a0d7ed19", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-04-29T20:10:39.465Z", + "version": "WzEzMDIsMV0=", + "attributes": { + "title": "Connections - Log Count Over Time", + "visState": "{\"title\":\"Connections - Log Count Over Time\",\"type\":\"line\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"params\":{\"field\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER\",\"timeRange\":{\"from\":\"now-25y\",\"to\":\"now\"},\"useNormalizedOpenSearchInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\" \"},\"schema\":\"segment\"}],\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"histogram\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"type\":\"histogram\",\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}", + "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "52013c7c-c554-450e-9198-dbafdc050459", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-04-29T19:56:53.664Z", + "version": "WzU0MiwxXQ==", + "attributes": { + "title": "Connections - Service By Destination Country", + "visState": "{\"title\":\"Connections - Service By Destination Country\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"row\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"split\",\"params\":{\"field\":\"destination.geo.country_name\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Country\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"network.protocol\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Service\"}}]}", + "uiStateJSON": "{}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "type": "search", + "name": "search_0", + "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "13f8cfbf-7b48-414b-8b34-9fc40d4fc066", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-04-29T19:56:53.664Z", + "version": "WzU0MywxXQ==", + "attributes": { + "visState": "{\"title\":\"Connections - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", + "description": "", + "title": "Connections - Source IP Address", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "type": "search", + "name": "search_0", + "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "4ab657d5-88d3-44c0-90fd-4e731e528d60", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-04-29T19:56:53.664Z", + "version": "WzU0NCwxXQ==", + "attributes": { + "visState": "{\"title\":\"Connections - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", + "description": "", + "title": "Connections - Destination IP Address", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "type": "search", + "name": "search_0", + "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "d25f4abc-24af-405e-a6f6-873277fe5771", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-04-29T19:56:53.664Z", + "version": "WzU0NSwxXQ==", + "attributes": { + "visState": "{\"title\":\"Connections - Source Country\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.geo.country_code2\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Country\"}}],\"listeners\":{}}", + "description": "", + "title": "Connections - Source Country", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "type": "search", + "name": "search_0", + "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "0eb7d869-bd51-4711-8ac3-f3cea41dee37", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-04-29T19:56:53.664Z", + "version": "WzU0NiwxXQ==", + "attributes": { + "visState": "{\"title\":\"Connections - Responder Bytes\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"server.bytes\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"_term\",\"customLabel\":\"Responder Bytes\"}}],\"listeners\":{}}", + "description": "", + "title": "Connections - Responder Bytes", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "type": "search", + "name": "search_0", + "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "fccf0fdd-7e50-4dce-8b85-74141c404ef3", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-04-29T19:56:53.664Z", + "version": "WzU0NywxXQ==", + "attributes": { + "visState": "{\"title\":\"Connections - Missed Bytes\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.conn.missed_bytes\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"_term\",\"customLabel\":\"Missed Bytes\"}}],\"listeners\":{}}", + "description": "", + "title": "Connections - Missed Bytes", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "type": "search", + "name": "search_0", + "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "bda3ad0a-aa00-40b6-b0ed-a42b96f3343e", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-04-29T19:56:53.664Z", + "version": "WzU0OCwxXQ==", + "attributes": { + "title": "Connections - Connection State", + "visState": "{\"title\":\"Connections - Connection State\",\"type\":\"table\",\"params\":{\"perPage\":15,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Connection State Description\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.conn.conn_state_description\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Connection State Description\"}}]}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "73528008-f11d-4faa-8f69-a5bf23507b8f", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-04-29T19:56:53.664Z", + "version": "WzU0OSwxXQ==", + "attributes": { + "title": "Connections - Top 10 - Total Bytes By Connection", + "visState": "{\"title\":\"Connections - Top 10 - Total Bytes By Connection\",\"type\":\"histogram\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":false,\"truncate\":100,\"rotate\":75},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Connection ID\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"orderBucketsBySum\":false,\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Total Bytes\"},\"drawLinesBetweenPoints\":true,\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"square root\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Total Bytes\"},\"type\":\"value\"}],\"type\":\"histogram\",\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"dimensions\":{\"x\":{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Connection ID\",\"aggType\":\"terms\"},\"y\":[{\"accessor\":2,\"format\":{\"id\":\"number\",\"params\":{}},\"params\":{},\"label\":\"Total Bytes\",\"aggType\":\"max\"}],\"series\":[{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Connection ID\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Total Bytes\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"event.id\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Connection ID\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"event.id\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Connection ID\"}}]}", + "uiStateJSON": "{\"vis\":{\"legendOpen\":true}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "faa08629-0011-4b38-8b74-3ba86b59155f", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-04-29T19:56:53.664Z", + "version": "WzU1MCwxXQ==", + "attributes": { + "title": "Connections - Top 10 - Total Bytes By Destination IP", + "visState": "{\"title\":\"Connections - Top 10 - Total Bytes By Destination IP\",\"type\":\"histogram\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100,\"rotate\":75},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Destination IP Address\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"orderBucketsBySum\":false,\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Total Bytes\"},\"drawLinesBetweenPoints\":true,\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"square root\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Total Bytes\"},\"type\":\"value\"}],\"type\":\"histogram\",\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"dimensions\":{\"x\":{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"ip\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Destination IP Address\",\"aggType\":\"terms\"},\"y\":[{\"accessor\":2,\"format\":{\"id\":\"number\",\"params\":{}},\"params\":{},\"label\":\"Total Bytes\",\"aggType\":\"max\"}],\"series\":[{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"ip\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Destination IP Address\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Total Bytes\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP Address\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP Address\"}}]}", + "uiStateJSON": "{}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "0418f791-97b5-4eb4-b644-bf91c98f9c1d", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-04-29T19:56:53.664Z", + "version": "WzU1MSwxXQ==", + "attributes": { + "title": "Connections - Top 10 - Total Bytes By Destination Port", + "visState": "{\"title\":\"Connections - Top 10 - Total Bytes By Destination Port\",\"type\":\"histogram\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100,\"rotate\":0},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Destination Port\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"orderBucketsBySum\":false,\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Max network.bytes\"},\"drawLinesBetweenPoints\":true,\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"square root\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Total Bytes\"},\"type\":\"value\"}],\"type\":\"histogram\",\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"dimensions\":{\"x\":{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Destination Port\",\"aggType\":\"terms\"},\"y\":[{\"accessor\":2,\"format\":{\"id\":\"number\",\"params\":{}},\"params\":{},\"label\":\"Max network.bytes\",\"aggType\":\"max\"}],\"series\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Destination Port\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"network.bytes\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Port\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Port\"}}]}", + "uiStateJSON": "{}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "a76bc3ed-bbf7-429a-a936-475e9f9e0c0d", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-04-29T19:56:53.664Z", + "version": "WzU1MiwxXQ==", + "attributes": { + "title": "Connections - Top 10 - Total Bytes By Source IP", + "visState": "{\"title\":\"Connections - Top 10 - Total Bytes By Source IP\",\"type\":\"histogram\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100,\"rotate\":75},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Source IP Address\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"left\",\"orderBucketsBySum\":false,\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Total Bytes\"},\"drawLinesBetweenPoints\":true,\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"square root\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Total Bytes\"},\"type\":\"value\"}],\"type\":\"histogram\",\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"dimensions\":{\"x\":{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"ip\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Source IP Address\",\"aggType\":\"terms\"},\"y\":[{\"accessor\":2,\"format\":{\"id\":\"number\",\"params\":{}},\"params\":{},\"label\":\"Total Bytes\",\"aggType\":\"max\"}],\"series\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"ip\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Source IP Address\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Total Bytes\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP Address\"}},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP Address\"}}]}", + "uiStateJSON": "{}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "4dd65202-bd19-40d6-9e0d-ff41c6d5a4b5", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-04-29T19:57:13.041Z", + "version": "Wzc2MCwxXQ==", + "attributes": { + "title": "Connections - Maps", + "visState": "{\"title\":\"Connections - Maps\",\"type\":\"markdown\",\"params\":{\"fontSize\":10,\"markdown\":\"#### Coordinate Maps\\n[Source - Originator Bytes](#/dashboard/b50c8d17-6ed3-4de6-aed4-5181032810b2) ● [Destination - Responder Bytes](#/dashboard/d4fd6afd-15cb-42bf-8a25-03dd8e59b327) ● [Source - Sum of Total Bytes](#/dashboard/f394057d-1b16-4174-b994-7045f423a416) ● [Destination - Sum of Total Bytes](#/dashboard/60d78fbd-471c-4f59-a9e3-189b33a13644) ● [Source - Top Connection Duration](#/dashboard/e09a4b86-29b5-4256-bb3b-802ac9f90404) ● [Destination - Top Connection Duration](#/dashboard/0aed0e23-c8ac-4f2b-9f68-d04b6e7666b0) \\n#### Region Maps\\n[Source - Originator Bytes ](#/dashboard/d41fe630-3f98-11e9-a58e-8bdedb0915e8) ● [Destination - Responder Bytes ](#/dashboard/77fc9960-3f99-11e9-a58e-8bdedb0915e8) ● [Source - Sum of Total Bytes ](#/dashboard/1ce42250-3f99-11e9-a58e-8bdedb0915e8) ● [Destination - Sum of Total Bytes ](#/dashboard/a16110b0-3f99-11e9-a58e-8bdedb0915e8) ● [Source - Top Connection Duration ](#/dashboard/39abfe30-3f99-11e9-a58e-8bdedb0915e8) ● [Destination - Top Connection Duration ](#/dashboard/b9f247c0-3f99-11e9-a58e-8bdedb0915e8)\",\"openLinksInNewTab\":false},\"aggs\":[]}", + "uiStateJSON": "{}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}" + } + }, + "references": [], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "AWDG71xFxQT5EBNmq336", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-04-29T19:56:53.664Z", + "version": "WzU1NCwxXQ==", + "attributes": { + "title": "Connections - Log Count", + "visState": "{\"title\":\"Connections - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}", + "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "type": "search", + "name": "search_0", + "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "f7ddb5a7-32d5-4e10-b9d5-01ac0bd694c0", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-04-29T19:56:53.664Z", + "version": "WzU1NSwxXQ==", + "attributes": { + "title": "Connections - Total Bytes Per Source/Destination IP Pair", + "visState": "{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"4\",\"params\":{\"customLabel\":\"Total Bytes\",\"field\":\"network.bytes\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"_key\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"customLabel\":\"Source IP\",\"field\":\"source.ip\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderAgg\":{\"enabled\":true,\"id\":\"2-orderAgg\",\"params\":{\"field\":\"network.bytes\"},\"schema\":{\"aggFilter\":[\"!top_hits\",\"!percentiles\",\"!median\",\"!std_dev\",\"!derivative\",\"!moving_avg\",\"!serial_diff\",\"!cumulative_sum\",\"!avg_bucket\",\"!max_bucket\",\"!min_bucket\",\"!sum_bucket\"],\"deprecate\":false,\"editor\":false,\"group\":\"none\",\"hideCustomLabel\":true,\"max\":null,\"min\":0,\"name\":\"orderAgg\",\"params\":[],\"title\":\"Order Agg\"},\"type\":\"cardinality\"},\"orderBy\":\"custom\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"customLabel\":\"Destination IP\",\"field\":\"destination.ip\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderAgg\":{\"enabled\":true,\"id\":\"3-orderAgg\",\"params\":{\"field\":\"network.bytes\"},\"schema\":{\"aggFilter\":[\"!top_hits\",\"!percentiles\",\"!median\",\"!std_dev\",\"!derivative\",\"!moving_avg\",\"!serial_diff\",\"!cumulative_sum\",\"!avg_bucket\",\"!max_bucket\",\"!min_bucket\",\"!sum_bucket\"],\"deprecate\":false,\"editor\":false,\"group\":\"none\",\"hideCustomLabel\":true,\"max\":null,\"min\":0,\"name\":\"orderAgg\",\"params\":[],\"title\":\"Order Agg\"},\"type\":\"cardinality\"},\"orderBy\":\"custom\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",},\"schema\":\"bucket\",\"type\":\"terms\"}],\"params\":{\"perPage\":15,\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\"},\"title\":\"Connections - Total Bytes Per Source/Destination IP Pair\",\"type\":\"table\"}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "type": "search", + "name": "search_0", + "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "568c74ff-3ef3-45ba-a178-0520633697bd", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-04-29T19:56:53.664Z", + "version": "WzU1NiwxXQ==", + "attributes": { + "title": "Connections - Destination Port", + "visState": "{\"title\":\"Connections - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination Port\"}}]}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "type": "search", + "name": "search_0", + "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "73df67e0-1f4b-11e9-b7cf-71e2cd3bde1b", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-04-29T19:56:53.664Z", + "version": "WzU1NywxXQ==", + "attributes": { + "title": "Connections - Source MAC OUI", + "visState": "{\"title\":\"Connections - Source MAC OUI\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.oui\",,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source MAC OUI\"}}]}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "type": "search", + "name": "search_0", + "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "b1851d10-1f4b-11e9-b7cf-71e2cd3bde1b", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-04-29T19:56:53.664Z", + "version": "WzU1OCwxXQ==", + "attributes": { + "title": "Connections - Destination MAC OUI", + "visState": "{\"title\":\"Connections - Destination MAC OUI\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.oui\",,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination MAC OUI\"}}]}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "type": "search", + "name": "search_0", + "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "cf9a1cf0-1f4c-11e9-b7cf-71e2cd3bde1b", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-04-29T19:56:53.664Z", + "version": "WzU1OSwxXQ==", + "attributes": { + "title": "Connections - Source MAC Address", + "visState": "{\"title\":\"Connections - Source MAC Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.mac\",,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"MAC Address\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.oui\",,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Organizational Unique Identifier\"}}]}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "type": "search", + "name": "search_0", + "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "b9e4dcb0-1f4c-11e9-b7cf-71e2cd3bde1b", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-04-29T19:56:53.664Z", + "version": "WzU2MCwxXQ==", + "attributes": { + "title": "Connections - Destination MAC Address", + "visState": "{\"title\":\"Connections - Destination MAC Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.mac\",,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"MAC Address\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.oui\",,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Organizational Unique Identifier\"}}]}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "type": "search", + "name": "search_0", + "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "c513e8f0-1f4d-11e9-b7cf-71e2cd3bde1b", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-04-29T19:56:53.664Z", + "version": "WzU2MSwxXQ==", + "attributes": { + "title": "Connections - Top 10 - Total Bytes By Source MAC OUI", + "visState": "{\"title\":\"Connections - Top 10 - Total Bytes By Source MAC OUI\",\"type\":\"histogram\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":false,\"truncate\":100,\"rotate\":75},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Destination IP Address\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"orderBucketsBySum\":false,\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Total Bytes\"},\"drawLinesBetweenPoints\":true,\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"square root\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Total Bytes\"},\"type\":\"value\"}],\"type\":\"histogram\",\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"dimensions\":{\"x\":{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Source MAC OUI\",\"aggType\":\"terms\"},\"y\":[{\"accessor\":2,\"format\":{\"id\":\"number\",\"params\":{}},\"params\":{},\"label\":\"Total Bytes\",\"aggType\":\"max\"}],\"series\":[{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Source MAC OUI\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Total Bytes\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"source.oui\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source MAC OUI\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"source.oui\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source MAC OUI\"}}]}", + "uiStateJSON": "{}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "b04c8b20-1f4d-11e9-b7cf-71e2cd3bde1b", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-04-29T19:56:53.664Z", + "version": "WzU2MiwxXQ==", + "attributes": { + "title": "Connections - Top 10 - Total Bytes By Destination MAC OUI", + "visState": "{\"title\":\"Connections - Top 10 - Total Bytes By Destination MAC OUI\",\"type\":\"histogram\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":false,\"truncate\":100,\"rotate\":75},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Destination IP Address\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"orderBucketsBySum\":false,\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Total Bytes\"},\"drawLinesBetweenPoints\":true,\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"square root\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Total Bytes\"},\"type\":\"value\"}],\"type\":\"histogram\",\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"dimensions\":{\"x\":{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Destination MAC OUI\",\"aggType\":\"terms\"},\"y\":[{\"accessor\":2,\"format\":{\"id\":\"number\",\"params\":{}},\"params\":{},\"label\":\"Total Bytes\",\"aggType\":\"max\"}],\"series\":[{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Destination MAC OUI\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Total Bytes\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destination.oui\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination MAC OUI\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"destination.oui\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination MAC OUI\"}}]}", + "uiStateJSON": "{}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "ede811b0-1f4e-11e9-b7cf-71e2cd3bde1b", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-04-29T19:56:53.664Z", + "version": "WzU2MywxXQ==", + "attributes": { + "title": "Connections - Protocol", + "visState": "{\"title\":\"Connections - Protocol\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"isDonut\":false,\"labels\":{\"show\":true,\"values\":false,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Protocol\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"network.transport\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Protocol\"}}]}", + "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "adc09360-49c7-11ea-812f-2bc51df4ea1e", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-04-29T19:56:53.664Z", + "version": "WzU2NCwxXQ==", + "attributes": { + "title": "Network Layer", + "visState": "{\"title\":\"Network Layer\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"isDonut\":true,\"labels\":{\"show\":true,\"values\":false,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Network Layer\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"network.type\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Network Layer\"}}]}", + "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "52570870-e9d4-444f-a3df-e44c6757ed9f", + "type": "search", + "namespaces": [ + "default" + ], + "updated_at": "2022-04-29T19:57:13.041Z", + "version": "Wzc2MSwxXQ==", + "attributes": { + "title": "Connections - Logs", + "description": "", + "hits": 0, + "columns": [ + "network.transport", + "network.protocol", + "source.ip", + "source.port", + "destination.ip", + "destination.port", + "network.bytes", + "event.id" + ], + "sort": [ + [ + "MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER", + "desc" + ] + ], + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"filter\":[],\"query\":{\"query\":{\"query_string\":{\"query\":\"(event.provider:zeek AND event.dataset:conn) OR (event.provider:suricata AND event.dataset:flow)\",\"analyze_wildcard\":true}},\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" + } + }, + "references": [ + { + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern", + "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" + } + ], + "migrationVersion": { + "search": "7.9.3" + } + } + ] } \ No newline at end of file diff --git a/dashboards/dashboards/ae79b7d1-4281-4095-b2f6-fa7eafda9970.json b/dashboards/dashboards/ae79b7d1-4281-4095-b2f6-fa7eafda9970.json index 0c83415c8..645540651 100644 --- a/dashboards/dashboards/ae79b7d1-4281-4095-b2f6-fa7eafda9970.json +++ b/dashboards/dashboards/ae79b7d1-4281-4095-b2f6-fa7eafda9970.json @@ -139,7 +139,7 @@ "updated_at": "2021-11-12T19:32:50.243Z", "version": "WzczNiwxXQ==", "attributes": { - "visState": "{\"title\":\"RADIUS - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"RADIUS - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", "description": "", "title": "RADIUS - Source IP Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -170,7 +170,7 @@ "version": "WzczNywxXQ==", "attributes": { "title": "RADIUS - Destination IP Address", - "visState": "{\"title\":\"RADIUS - Destination IP Address\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Port\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"RADIUS - Destination IP Address\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Port\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -199,7 +199,7 @@ "updated_at": "2021-11-12T19:32:50.243Z", "version": "WzczOCwxXQ==", "attributes": { - "visState": "{\"title\":\"RADIUS - MAC\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.radius.mac\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"MAC Address\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"RADIUS - MAC\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.radius.mac\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"MAC Address\"}}],\"listeners\":{}}", "description": "", "title": "RADIUS - MAC", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -229,7 +229,7 @@ "updated_at": "2021-11-12T19:32:50.243Z", "version": "WzczOSwxXQ==", "attributes": { - "visState": "{\"title\":\"RADIUS - Connection Information\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.radius.connect_info\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Connection Info\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"RADIUS - Connection Information\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.radius.connect_info\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Connection Info\"}}],\"listeners\":{}}", "description": "", "title": "RADIUS - Connection Information", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -290,7 +290,7 @@ "version": "Wzc0MSwxXQ==", "attributes": { "title": "RADIUS - Username", - "visState": "{\"title\":\"RADIUS - Username\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"related.user\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Username\"}}]}", + "visState": "{\"title\":\"RADIUS - Username\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"related.user\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Username\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/af5df620-eeb6-11e9-bdef-65a192b7f586.json b/dashboards/dashboards/af5df620-eeb6-11e9-bdef-65a192b7f586.json index 98870eca5..76aaefef0 100644 --- a/dashboards/dashboards/af5df620-eeb6-11e9-bdef-65a192b7f586.json +++ b/dashboards/dashboards/af5df620-eeb6-11e9-bdef-65a192b7f586.json @@ -334,7 +334,7 @@ "version": "WzcyMiwxXQ==", "attributes": { "title": "NTP - Source IP", - "visState": "{\"title\":\"NTP - Source IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"size\":200,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"}}]}", + "visState": "{\"title\":\"NTP - Source IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -364,7 +364,7 @@ "version": "WzcyMywxXQ==", "attributes": { "title": "NTP - Destination IP", - "visState": "{\"title\":\"NTP - Destination IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"size\":200,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Port\"}}]}", + "visState": "{\"title\":\"NTP - Destination IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Port\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/b9f247c0-3f99-11e9-a58e-8bdedb0915e8.json b/dashboards/dashboards/b9f247c0-3f99-11e9-a58e-8bdedb0915e8.json index 2bb713c01..d677b4034 100644 --- a/dashboards/dashboards/b9f247c0-3f99-11e9-a58e-8bdedb0915e8.json +++ b/dashboards/dashboards/b9f247c0-3f99-11e9-a58e-8bdedb0915e8.json @@ -80,7 +80,7 @@ "version": "WzczMiwxXQ==", "attributes": { "title": "Connections - Destination - Top Connection Duration (region map)", - "visState": "{\"title\":\"Connections - Destination - Top Connection Duration (region map)\",\"type\":\"region_map\",\"params\":{\"addTooltip\":true,\"colorSchema\":\"Green to Red\",\"emsHotLink\":null,\"isDisplayWarning\":false,\"legendPosition\":\"bottomright\",\"mapCenter\":[0,0],\"mapZoom\":3,\"outlineWeight\":1,\"selectedJoinField\":{\"description\":\"Country Code\",\"name\":\"ISO_A2\"},\"selectedLayer\":{\"attribution\":\"https://exploratory.io/maps\",\"fields\":[{\"description\":\"Country Code\",\"name\":\"ISO_A2\"},{\"description\":\"Country Code2\",\"name\":\"WB_A2\"},{\"description\":\"Country Name\",\"name\":\"NAME\"}],\"format\":{\"type\":\"geojson\"},\"isEMS\":false,\"layerId\":\"self_hosted.World (offline)\",\"meta\":{\"feature_collection_path\":\"data\"},\"name\":\"World (offline)\",\"url\":\"/world.geojson\"},\"showAllShapes\":true,\"wms\":{\"enabled\":false,\"options\":{\"format\":\"image/png\",\"transparent\":true},\"selectedTmsLayer\":{\"origin\":\"elastic_maps_service\",\"id\":\"road_map\",\"minZoom\":0,\"maxZoom\":10,\"attribution\":\"OpenStreetMap contributors | OpenMapTiles | MapTiler | Elastic Maps Service\"}},\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\",\"params\":{}},\"params\":{},\"label\":\"Longest Session (seconds)\",\"aggType\":\"max\"},\"bucket\":{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Responder Country\",\"aggType\":\"terms\"}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"event.duration\",\"customLabel\":\"Longest Session (seconds)\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destination.geo.country_iso_code\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Responder Country\"}}]}", + "visState": "{\"title\":\"Connections - Destination - Top Connection Duration (region map)\",\"type\":\"region_map\",\"params\":{\"addTooltip\":true,\"colorSchema\":\"Green to Red\",\"emsHotLink\":null,\"isDisplayWarning\":false,\"legendPosition\":\"bottomright\",\"mapCenter\":[0,0],\"mapZoom\":3,\"outlineWeight\":1,\"selectedJoinField\":{\"description\":\"Country Code\",\"name\":\"ISO_A2\"},\"selectedLayer\":{\"attribution\":\"https://exploratory.io/maps\",\"fields\":[{\"description\":\"Country Code\",\"name\":\"ISO_A2\"},{\"description\":\"Country Code2\",\"name\":\"WB_A2\"},{\"description\":\"Country Name\",\"name\":\"NAME\"}],\"format\":{\"type\":\"geojson\"},\"isEMS\":false,\"layerId\":\"self_hosted.World (offline)\",\"meta\":{\"feature_collection_path\":\"data\"},\"name\":\"World (offline)\",\"url\":\"/world.geojson\"},\"showAllShapes\":true,\"wms\":{\"enabled\":false,\"options\":{\"format\":\"image/png\",\"transparent\":true},\"selectedTmsLayer\":{\"origin\":\"elastic_maps_service\",\"id\":\"road_map\",\"minZoom\":0,\"maxZoom\":10,\"attribution\":\"OpenStreetMap contributors | OpenMapTiles | MapTiler | Elastic Maps Service\"}},\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\",\"params\":{}},\"params\":{},\"label\":\"Longest Session (seconds)\",\"aggType\":\"max\"},\"bucket\":{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Responder Country\",\"aggType\":\"terms\"}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"event.duration\",\"customLabel\":\"Longest Session (seconds)\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destination.geo.country_iso_code\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Responder Country\"}}]}", "uiStateJSON": "{\"mapCenter\":[38.28591031601368,16.875000000000004],\"mapZoom\":3}", "description": "", "version": 1, diff --git a/dashboards/dashboards/bb827f8e-639e-468c-93c8-9f5bc132eb8f.json b/dashboards/dashboards/bb827f8e-639e-468c-93c8-9f5bc132eb8f.json index bd75ad746..08d67b4f3 100644 --- a/dashboards/dashboards/bb827f8e-639e-468c-93c8-9f5bc132eb8f.json +++ b/dashboards/dashboards/bb827f8e-639e-468c-93c8-9f5bc132eb8f.json @@ -159,7 +159,7 @@ "updated_at": "2021-02-10T21:24:55.450Z", "version": "WzczOSwxXQ==", "attributes": { - "visState": "{\"title\":\"SMTP - Subject\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.smtp.subject\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"SMTP\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"SMTP - Subject\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.smtp.subject\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"SMTP\"}}],\"listeners\":{}}", "description": "", "title": "SMTP - Subject", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -219,7 +219,7 @@ "updated_at": "2021-02-10T21:24:55.450Z", "version": "Wzc0MSwxXQ==", "attributes": { - "visState": "{\"title\":\"SMTP - \\\"From\\\" Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.smtp.mailfrom\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"\\\"From\\\" Address\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"SMTP - \\\"From\\\" Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.smtp.mailfrom\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"\\\"From\\\" Address\"}}],\"listeners\":{}}", "description": "", "title": "SMTP - \"From\" Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -249,7 +249,7 @@ "updated_at": "2021-02-10T21:24:55.450Z", "version": "Wzc0MiwxXQ==", "attributes": { - "visState": "{\"title\":\"SMTP - \\\"To\\\" Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.smtp.rcptto\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"\\\"To\\\" Address\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"SMTP - \\\"To\\\" Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.smtp.rcptto\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"\\\"To\\\" Address\"}}],\"listeners\":{}}", "description": "", "title": "SMTP - \"To\" Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -309,7 +309,7 @@ "updated_at": "2021-02-10T21:24:55.450Z", "version": "Wzc0NCwxXQ==", "attributes": { - "visState": "{\"title\":\"SMTP - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"SMTP - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", "description": "", "title": "SMTP - Source IP Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -339,7 +339,7 @@ "updated_at": "2021-02-10T21:24:55.450Z", "version": "Wzc0NSwxXQ==", "attributes": { - "visState": "{\"title\":\"SMTP - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"SMTP - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", "description": "", "title": "SMTP - Destination IP Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -369,7 +369,7 @@ "updated_at": "2021-02-10T21:24:55.450Z", "version": "Wzc0NiwxXQ==", "attributes": { - "visState": "{\"title\":\"SMTP - User Agent\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"user_agent.original\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"SMTP - User Agent\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"user_agent.original\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}", "description": "", "title": "SMTP - User Agent", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -400,7 +400,7 @@ "version": "Wzc0NywxXQ==", "attributes": { "title": "SMTP - Destination Port", - "visState": "{\"title\":\"SMTP - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":5,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Port\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Port\"}}]}", + "visState": "{\"title\":\"SMTP - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":5,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Port\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Port\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/beats/3768ef70-d819-11ee-820d-dd9fd73a3921.json b/dashboards/dashboards/beats/3768ef70-d819-11ee-820d-dd9fd73a3921.json index 21246f26d..311767735 100644 --- a/dashboards/dashboards/beats/3768ef70-d819-11ee-820d-dd9fd73a3921.json +++ b/dashboards/dashboards/beats/3768ef70-d819-11ee-820d-dd9fd73a3921.json @@ -52,7 +52,7 @@ "version": "WzExMDgsMV0=", "attributes": { "title": "Linux Kernel Messages by Host", - "visState": "{\"title\":\"Linux Kernel Messages by Host\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Host\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"top_hits\",\"params\":{\"field\":\"@timestamp\",\"aggregate\":\"concat\",\"size\":1,\"sortField\":\"@timestamp\",\"sortOrder\":\"desc\",\"customLabel\":\"Last Kernel Message\"},\"schema\":\"metric\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Linux Kernel Messages by Host\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Host\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"top_hits\",\"params\":{\"field\":\"@timestamp\",\"aggregate\":\"concat\",\"size\":1,\"sortField\":\"@timestamp\",\"sortOrder\":\"desc\",\"customLabel\":\"Last Kernel Message\"},\"schema\":\"metric\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{}", "description": "", "version": 1, diff --git a/dashboards/dashboards/beats/4ca94c70-d7da-11ee-9ed3-e7afff29e59a.json b/dashboards/dashboards/beats/4ca94c70-d7da-11ee-9ed3-e7afff29e59a.json index 05552edd8..c7ec9540c 100644 --- a/dashboards/dashboards/beats/4ca94c70-d7da-11ee-9ed3-e7afff29e59a.json +++ b/dashboards/dashboards/beats/4ca94c70-d7da-11ee-9ed3-e7afff29e59a.json @@ -112,7 +112,7 @@ "version": "Wzg4NiwxXQ==", "attributes": { "title": "Last Capture Metric Timestamp by Host", - "visState": "{\"title\":\"Last Capture Metric Timestamp by Host\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"top_hits\",\"params\":{\"field\":\"@timestamp\",\"aggregate\":\"concat\",\"size\":1,\"sortField\":\"@timestamp\",\"sortOrder\":\"desc\",\"customLabel\":\"Last Metric Timestamp\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"_key\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Capture Host\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.provider\",\"orderBy\":\"_key\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Other\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Last Capture Metric Timestamp by Host\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"top_hits\",\"params\":{\"field\":\"@timestamp\",\"aggregate\":\"concat\",\"size\":1,\"sortField\":\"@timestamp\",\"sortOrder\":\"desc\",\"customLabel\":\"Last Metric Timestamp\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"_key\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Capture Host\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.provider\",\"orderBy\":\"_key\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Other\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"sortColumn\":{\"colIndex\":2,\"direction\":\"desc\"}}}", "description": "", "version": 1, @@ -399,7 +399,7 @@ "version": "Wzg5NiwxXQ==", "attributes": { "title": "Zeek Analyzer Messages", - "visState": "{\"title\":\"Zeek Analyzer Messages\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.analyzer.cause\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Cause\"},\"schema\":\"bucket\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.analyzer.analyzer_kind\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Class\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.analyzer.analyzer_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Analyzer\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Zeek Analyzer Messages\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.analyzer.cause\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Cause\"},\"schema\":\"bucket\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.analyzer.analyzer_kind\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Class\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.analyzer.analyzer_name\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Analyzer\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{}", "description": "", "version": 1, diff --git a/dashboards/dashboards/beats/79202ee0-d811-11ee-820d-dd9fd73a3921.json b/dashboards/dashboards/beats/79202ee0-d811-11ee-820d-dd9fd73a3921.json index 61b4a9bcb..53f5862c5 100644 --- a/dashboards/dashboards/beats/79202ee0-d811-11ee-820d-dd9fd73a3921.json +++ b/dashboards/dashboards/beats/79202ee0-d811-11ee-820d-dd9fd73a3921.json @@ -82,7 +82,7 @@ "version": "Wzk4MCwxXQ==", "attributes": { "title": "Windows Events by Host", - "visState": "{\"title\":\"Windows Events by Host\",\"type\":\"table\",\"aggs\":[{\"id\":\"4\",\"enabled\":true,\"type\":\"top_hits\",\"params\":{\"field\":\"@timestamp\",\"aggregate\":\"concat\",\"size\":1,\"sortField\":\"@timestamp\",\"sortOrder\":\"desc\",\"customLabel\":\"Last Log\"},\"schema\":\"metric\"},{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Host Forwarder\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"miscbeat.winlog.Computer\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Computer Name\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Windows Events by Host\",\"type\":\"table\",\"aggs\":[{\"id\":\"4\",\"enabled\":true,\"type\":\"top_hits\",\"params\":{\"field\":\"@timestamp\",\"aggregate\":\"concat\",\"size\":1,\"sortField\":\"@timestamp\",\"sortOrder\":\"desc\",\"customLabel\":\"Last Log\"},\"schema\":\"metric\"},{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Host Forwarder\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"miscbeat.winlog.Computer\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Computer Name\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{}", "description": "", "version": 1, @@ -172,7 +172,7 @@ "version": "Wzk4NywxXQ==", "attributes": { "title": "Windows Event Results", - "visState": "{\"title\":\"Windows Event Results\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.result\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Event Result\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Windows Event Results\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.result\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Event Result\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{}", "description": "", "version": 1, @@ -202,7 +202,7 @@ "version": "Wzk4OSwxXQ==", "attributes": { "title": "Windows Event Insertion Strings", - "visState": "{\"title\":\"Windows Event Insertion Strings\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"miscbeat.winlog.StringInserts\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Insertion Strings\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Windows Event Insertion Strings\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"miscbeat.winlog.StringInserts\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Insertion Strings\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"sortColumn\":{\"colIndex\":1,\"direction\":\"desc\"}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/beats/7a7e0a60-e8e8-11ec-b9d4-4569bb965430.json b/dashboards/dashboards/beats/7a7e0a60-e8e8-11ec-b9d4-4569bb965430.json index f815ffdc7..e6200e462 100644 --- a/dashboards/dashboards/beats/7a7e0a60-e8e8-11ec-b9d4-4569bb965430.json +++ b/dashboards/dashboards/beats/7a7e0a60-e8e8-11ec-b9d4-4569bb965430.json @@ -72,7 +72,7 @@ "version": "WzkxOCwxXQ==", "attributes": { "title": "Malcolm Sensor Audit Logs - Host", - "visState": "{\"title\":\"Malcolm Sensor Audit Logs - Host\",\"type\":\"table\",\"aggs\":[{\"id\":\"3\",\"enabled\":true,\"type\":\"max\",\"params\":{\"field\":\"@timestamp\",\"customLabel\":\"Last Audit Log\"},\"schema\":\"metric\"},{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"unknown\",\"customLabel\":\"Host\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Malcolm Sensor Audit Logs - Host\",\"type\":\"table\",\"aggs\":[{\"id\":\"3\",\"enabled\":true,\"type\":\"max\",\"params\":{\"field\":\"@timestamp\",\"customLabel\":\"Last Audit Log\"},\"schema\":\"metric\"},{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"unknown\",\"customLabel\":\"Host\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -102,7 +102,7 @@ "version": "WzkyMiwxXQ==", "attributes": { "title": "Malcolm Sensor Audit Logs - Account", - "visState": "{\"title\":\"Malcolm Sensor Audit Logs - Account\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"miscbeat.auditlog.acct\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Effective Account\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"miscbeat.auditlog.UID\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"UID\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Malcolm Sensor Audit Logs - Account\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"miscbeat.auditlog.acct\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Effective Account\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"miscbeat.auditlog.UID\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"UID\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -185,7 +185,7 @@ "version": "WzkyMCwxXQ==", "attributes": { "title": "Malcolm Sensor Audit Logs - Syscall", - "visState": "{\"title\":\"Malcolm Sensor Audit Logs - Syscall\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"miscbeat.auditlog.SYSCALL\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Syscall\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Malcolm Sensor Audit Logs - Syscall\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"miscbeat.auditlog.SYSCALL\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Syscall\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -215,7 +215,7 @@ "version": "WzkyMSwxXQ==", "attributes": { "title": "Malcolm Sensor Audit Logs - Executable", - "visState": "{\"title\":\"Malcolm Sensor Audit Logs - Executable\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"miscbeat.auditlog.exe\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Executable\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Malcolm Sensor Audit Logs - Executable\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"miscbeat.auditlog.exe\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Executable\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/beats/903f42c0-f634-11ec-828d-2fb7a4a26e1f.json b/dashboards/dashboards/beats/903f42c0-f634-11ec-828d-2fb7a4a26e1f.json index 34cfd2492..2ccc8cbce 100644 --- a/dashboards/dashboards/beats/903f42c0-f634-11ec-828d-2fb7a4a26e1f.json +++ b/dashboards/dashboards/beats/903f42c0-f634-11ec-828d-2fb7a4a26e1f.json @@ -91,7 +91,7 @@ "version": "Wzk0NSwxXQ==", "attributes": { "title": "Malcolm Sensor File/Directory Integrity - Host Check Summary", - "visState": "{\"title\":\"Malcolm Sensor File/Directory Integrity - Host Check Summary\",\"type\":\"table\",\"aggs\":[{\"id\":\"4\",\"enabled\":true,\"type\":\"top_hits\",\"params\":{\"field\":\"miscbeat.aide.number_of_entries.changed\",\"aggregate\":\"concat\",\"size\":1,\"sortField\":\"@timestamp\",\"sortOrder\":\"desc\",\"customLabel\":\"Changes\"},\"schema\":\"metric\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"top_hits\",\"params\":{\"field\":\"miscbeat.aide.number_of_entries.removed\",\"aggregate\":\"concat\",\"size\":1,\"sortField\":\"@timestamp\",\"sortOrder\":\"desc\",\"customLabel\":\"Removals\"},\"schema\":\"metric\"},{\"id\":\"6\",\"enabled\":true,\"type\":\"top_hits\",\"params\":{\"field\":\"miscbeat.aide.number_of_entries.added\",\"aggregate\":\"concat\",\"size\":1,\"sortField\":\"@timestamp\",\"sortOrder\":\"desc\",\"customLabel\":\"Additions\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"top_hits\",\"params\":{\"field\":\"miscbeat.aide.number_of_entries.total\",\"aggregate\":\"max\",\"size\":1,\"sortField\":\"@timestamp\",\"sortOrder\":\"desc\",\"customLabel\":\"Files/Directories Checked\"},\"schema\":\"metric\"},{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"params\":{\"field\":\"@timestamp\",\"customLabel\":\"Last Reported\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"unknown\",\"customLabel\":\"Host\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":5,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Malcolm Sensor File/Directory Integrity - Host Check Summary\",\"type\":\"table\",\"aggs\":[{\"id\":\"4\",\"enabled\":true,\"type\":\"top_hits\",\"params\":{\"field\":\"miscbeat.aide.number_of_entries.changed\",\"aggregate\":\"concat\",\"size\":1,\"sortField\":\"@timestamp\",\"sortOrder\":\"desc\",\"customLabel\":\"Changes\"},\"schema\":\"metric\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"top_hits\",\"params\":{\"field\":\"miscbeat.aide.number_of_entries.removed\",\"aggregate\":\"concat\",\"size\":1,\"sortField\":\"@timestamp\",\"sortOrder\":\"desc\",\"customLabel\":\"Removals\"},\"schema\":\"metric\"},{\"id\":\"6\",\"enabled\":true,\"type\":\"top_hits\",\"params\":{\"field\":\"miscbeat.aide.number_of_entries.added\",\"aggregate\":\"concat\",\"size\":1,\"sortField\":\"@timestamp\",\"sortOrder\":\"desc\",\"customLabel\":\"Additions\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"top_hits\",\"params\":{\"field\":\"miscbeat.aide.number_of_entries.total\",\"aggregate\":\"max\",\"size\":1,\"sortField\":\"@timestamp\",\"sortOrder\":\"desc\",\"customLabel\":\"Files/Directories Checked\"},\"schema\":\"metric\"},{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"params\":{\"field\":\"@timestamp\",\"customLabel\":\"Last Reported\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"unknown\",\"customLabel\":\"Host\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":5,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":5,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -151,7 +151,7 @@ "version": "WzgzNiwxXQ==", "attributes": { "title": "Malcolm Sensor File/Directory Integrity - Path", - "visState": "{\"title\":\"Malcolm Sensor File/Directory Integrity - Path\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"min\",\"params\":{\"field\":\"@timestamp\",\"customLabel\":\"First Reported\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"_key\",\"order\":\"desc\",\"size\":20,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"unknown\",\"customLabel\":\"Host\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"file.path\",\"orderBy\":\"_key\",\"order\":\"desc\",\"size\":50,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Path\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"max\",\"params\":{\"field\":\"@timestamp\",\"customLabel\":\"Last Reported\"},\"schema\":\"metric\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Malcolm Sensor File/Directory Integrity - Path\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"min\",\"params\":{\"field\":\"@timestamp\",\"customLabel\":\"First Reported\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"_key\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"unknown\",\"customLabel\":\"Host\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"file.path\",\"orderBy\":\"_key\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Path\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"max\",\"params\":{\"field\":\"@timestamp\",\"customLabel\":\"Last Reported\"},\"schema\":\"metric\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"asc\"}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/beats/f6600310-9943-11ee-a029-e973f4774355.json b/dashboards/dashboards/beats/f6600310-9943-11ee-a029-e973f4774355.json index 0ce72ec85..1f58376a6 100644 --- a/dashboards/dashboards/beats/f6600310-9943-11ee-a029-e973f4774355.json +++ b/dashboards/dashboards/beats/f6600310-9943-11ee-a029-e973f4774355.json @@ -97,7 +97,7 @@ "version": "Wzk1NSwxXQ==", "attributes": { "title": "Journald - Process UID", - "visState": "{\"title\":\"Journald - Process UID\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"miscbeat.systemd.hostname\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Systemd Host\"},\"schema\":\"bucket\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"process.user.id\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Process UID\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Journald - Process UID\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"miscbeat.systemd.hostname\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Systemd Host\"},\"schema\":\"bucket\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"process.user.id\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Process UID\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"sortColumn\":{\"colIndex\":1,\"direction\":\"desc\"}}}", "description": "", "version": 1, @@ -157,7 +157,7 @@ "version": "Wzk0MiwxXQ==", "attributes": { "title": "Journald - Systemd Unit", - "visState": "{\"title\":\"Journald - Systemd Unit\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"miscbeat.systemd.systemd_unit\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Systemd Unit\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"miscbeat.systemd.systemd_user_unit\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Systemd User Unit\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"miscbeat.systemd.user_unit\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"User Unit\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Journald - Systemd Unit\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"miscbeat.systemd.systemd_unit\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Systemd Unit\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"miscbeat.systemd.systemd_user_unit\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Systemd User Unit\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"miscbeat.systemd.user_unit\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"User Unit\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"sortColumn\":{\"colIndex\":3,\"direction\":\"desc\"}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/bed185a0-ef82-11e9-b38a-2db3ee640e88.json b/dashboards/dashboards/bed185a0-ef82-11e9-b38a-2db3ee640e88.json index 96e640f91..4db665078 100644 --- a/dashboards/dashboards/bed185a0-ef82-11e9-b38a-2db3ee640e88.json +++ b/dashboards/dashboards/bed185a0-ef82-11e9-b38a-2db3ee640e88.json @@ -227,7 +227,7 @@ "version": "Wzc1NywxXQ==", "attributes": { "title": "Tabular Data Stream - Source IP", - "visState": "{\"title\":\"Tabular Data Stream - Source IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"size\":200,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"}}]}", + "visState": "{\"title\":\"Tabular Data Stream - Source IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, @@ -257,7 +257,7 @@ "version": "Wzc1OCwxXQ==", "attributes": { "title": "Tabular Data Stream - Destination IP", - "visState": "{\"title\":\"Tabular Data Stream - Destination IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"size\":200,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Port\"}}]}", + "visState": "{\"title\":\"Tabular Data Stream - Destination IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Port\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48.json b/dashboards/dashboards/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48.json index 1aca51519..7f09d5478 100644 --- a/dashboards/dashboards/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48.json +++ b/dashboards/dashboards/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48.json @@ -165,7 +165,7 @@ "version": "WzU4MCwxXQ==", "attributes": { "title": "TFTP - Filename", - "visState": "{\"title\":\"TFTP - Filename\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"file.path\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}", + "visState": "{\"title\":\"TFTP - Filename\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"file.path\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -195,7 +195,7 @@ "version": "WzU4MSwxXQ==", "attributes": { "title": "TFTP - Source IP", - "visState": "{\"title\":\"TFTP - Source IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Source IP\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"source.port: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"}}]}", + "visState": "{\"title\":\"TFTP - Source IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Source IP\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"source.port: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -225,7 +225,7 @@ "version": "WzU4MiwxXQ==", "attributes": { "title": "TFTP - Destination IP", - "visState": "{\"title\":\"TFTP - Destination IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Destination IP\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Port\"}}]}", + "visState": "{\"title\":\"TFTP - Destination IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Destination IP\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Port\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2.json b/dashboards/dashboards/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2.json index 257200e63..a4ccae737 100644 --- a/dashboards/dashboards/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2.json +++ b/dashboards/dashboards/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2.json @@ -190,7 +190,7 @@ "version": "Wzc3MCwxXQ==", "attributes": { "title": "Telnet, rlogin and rsh - Login Attempts with Cleartext Passwords", - "visState": "{\"title\":\"Telnet, rlogin and rsh - Login Attempts with Cleartext Passwords\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":3,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Protocol\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"User\",\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Unknown\"}},\"params\":{},\"label\":\"Succeeded\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Protocol\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"related.user\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"User\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.login.success\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Success\"}}]}", + "visState": "{\"title\":\"Telnet, rlogin and rsh - Login Attempts with Cleartext Passwords\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":3,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Protocol\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"User\",\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Unknown\"}},\"params\":{},\"label\":\"Succeeded\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Protocol\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"related.user\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"User\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.login.success\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Success\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -220,7 +220,7 @@ "version": "Wzc3MSwxXQ==", "attributes": { "title": "Telnet, rsh and rlogin - Source", - "visState": "{\"title\":\"Telnet, rsh and rlogin - Source\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"ip\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Unknown\"}},\"params\":{},\"label\":\"Source IP\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Unknown\"}},\"params\":{},\"label\":\"Protocol\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Protocol\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Source IP\"}}]}", + "visState": "{\"title\":\"Telnet, rsh and rlogin - Source\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"ip\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Unknown\"}},\"params\":{},\"label\":\"Source IP\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Unknown\"}},\"params\":{},\"label\":\"Protocol\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Protocol\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Source IP\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":null}}}}", "description": "", "version": 1, @@ -250,7 +250,7 @@ "version": "Wzc3MiwxXQ==", "attributes": { "title": "Telnet, rlogin and rsh - Destination", - "visState": "{\"title\":\"Telnet, rlogin and rsh - Destination\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"ip\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Unknown\"}},\"params\":{},\"label\":\"Destination IP\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Unknown\"}},\"params\":{},\"label\":\"Protocol\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Protocol\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Destination IP\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Destination Port\"}}]}", + "visState": "{\"title\":\"Telnet, rlogin and rsh - Destination\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"ip\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Unknown\"}},\"params\":{},\"label\":\"Destination IP\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Unknown\"}},\"params\":{},\"label\":\"Protocol\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Protocol\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Destination IP\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Destination Port\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/ca5799a0-56b5-11eb-b749-576de068f8ad.json b/dashboards/dashboards/ca5799a0-56b5-11eb-b749-576de068f8ad.json index 8bb95c2a7..e3d9b1005 100644 --- a/dashboards/dashboards/ca5799a0-56b5-11eb-b749-576de068f8ad.json +++ b/dashboards/dashboards/ca5799a0-56b5-11eb-b749-576de068f8ad.json @@ -175,7 +175,7 @@ "version": "Wzc3OCwxXQ==", "attributes": { "title": "BSAP - Source IP", - "visState": "{\"title\":\"BSAP - Source IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Source Port\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":500,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Source Port\"}}]}", + "visState": "{\"title\":\"BSAP - Source IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Source Port\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.port\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Source Port\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, @@ -205,7 +205,7 @@ "version": "Wzc3OSwxXQ==", "attributes": { "title": "BSAP IP - Function", - "visState": "{\"title\":\"BSAP IP - Function\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"zeek.bsap_ip_rdb.func_code: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.bsap_ip_rdb.app_func_code\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Application Function\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.bsap_ip_rdb.func_code\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Subfunction\"}}]}", + "visState": "{\"title\":\"BSAP IP - Function\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"zeek.bsap_ip_rdb.func_code: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.bsap_ip_rdb.app_func_code\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Application Function\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.bsap_ip_rdb.func_code\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Subfunction\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -265,7 +265,7 @@ "version": "Wzc4MSwxXQ==", "attributes": { "title": "BSAP Serial - RDB Function", - "visState": "{\"title\":\"BSAP Serial - RDB Function\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"zeek.bsap_serial_rdb.func_code: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.bsap_serial_rdb.func_code\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"RDB Function\"}}]}", + "visState": "{\"title\":\"BSAP Serial - RDB Function\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"zeek.bsap_serial_rdb.func_code: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.bsap_serial_rdb.func_code\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"RDB Function\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -295,7 +295,7 @@ "version": "Wzc4MiwxXQ==", "attributes": { "title": "BSAP Serial - Function", - "visState": "{\"title\":\"BSAP Serial - Function\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":3,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Destination Function\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.bsap_serial_header.type_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Message Type\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.bsap_serial_header.sfun\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Source Function\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.bsap_serial_header.dfun\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Destination Function\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.bsap_serial_header.nsb\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Node Status\"}}]}", + "visState": "{\"title\":\"BSAP Serial - Function\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":3,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Destination Function\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.bsap_serial_header.type_name\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Message Type\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.bsap_serial_header.sfun\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Source Function\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.bsap_serial_header.dfun\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Destination Function\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.bsap_serial_header.nsb\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Node Status\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":4,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -417,7 +417,7 @@ "version": "Wzc4NSwxXQ==", "attributes": { "title": "BSAP - Destination IP", - "visState": "{\"title\":\"BSAP - Destination IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"destination.port: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":500,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Destination Port\"}}]}", + "visState": "{\"title\":\"BSAP - Destination IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"destination.port: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Destination Port\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/caef3ade-d289-4d05-a511-149f3e97f238.json b/dashboards/dashboards/caef3ade-d289-4d05-a511-149f3e97f238.json index 03c186fb4..d7e13cd8b 100644 --- a/dashboards/dashboards/caef3ade-d289-4d05-a511-149f3e97f238.json +++ b/dashboards/dashboards/caef3ade-d289-4d05-a511-149f3e97f238.json @@ -154,7 +154,7 @@ "updated_at": "2021-02-10T21:25:00.506Z", "version": "Wzc5MCwxXQ==", "attributes": { - "visState": "{\"title\":\"SSH - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"SSH - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", "description": "", "title": "SSH - Source IP Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -185,7 +185,7 @@ "version": "WzM0MDEsMV0=", "attributes": { "title": "SSH - Destination IP Address", - "visState": "{\"title\":\"SSH - Destination IP Address\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Port\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"SSH - Destination IP Address\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Port\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -214,7 +214,7 @@ "updated_at": "2021-02-10T21:25:00.506Z", "version": "Wzc5MywxXQ==", "attributes": { - "visState": "{\"title\":\"SSH - Client/Server\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.ssh.client\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Client\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.ssh.server\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Server\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"SSH - Client/Server\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.ssh.client\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Client\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.ssh.server\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Server\"}}],\"listeners\":{}}", "description": "", "title": "SSH - Client/Server", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -275,7 +275,7 @@ "version": "Wzc5NSwxXQ==", "attributes": { "title": "SSH -Server", - "visState": "{\"title\":\"SSH -Server\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.ssh.server\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Server\"}}]}", + "visState": "{\"title\":\"SSH -Server\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.ssh.server\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Server\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, @@ -335,7 +335,7 @@ "version": "Wzc5NywxXQ==", "attributes": { "title": "SSH - Client Algorithms", - "visState": "{\"title\":\"SSH - Client Algorithms\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Algorithms Offered by Server\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.ssh.hasshAlgorithms\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Algorithms Offered by Client\"}}]}", + "visState": "{\"title\":\"SSH - Client Algorithms\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Algorithms Offered by Server\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.ssh.hasshAlgorithms\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Algorithms Offered by Client\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -365,7 +365,7 @@ "version": "WzgwMCwxXQ==", "attributes": { "title": "SSH - HASSH Server Hash", - "visState": "{\"title\":\"SSH - HASSH Server Hash\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"HASSH Client Hash\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.ssh.hasshServer\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"HASSH Server Hash\"}}]}", + "visState": "{\"title\":\"SSH - HASSH Server Hash\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"HASSH Client Hash\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.ssh.hasshServer\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"HASSH Server Hash\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, @@ -395,7 +395,7 @@ "version": "Wzc5OSwxXQ==", "attributes": { "title": "SSH - HASSH Client Hash", - "visState": "{\"title\":\"SSH - HASSH Client Hash\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"HASSH Client Hash\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.ssh.hassh\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"HASSH Client Hash\"}}]}", + "visState": "{\"title\":\"SSH - HASSH Client Hash\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"HASSH Client Hash\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.ssh.hassh\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"HASSH Client Hash\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, @@ -425,7 +425,7 @@ "version": "Wzc5OCwxXQ==", "attributes": { "title": "SSH - Server Algorithms", - "visState": "{\"title\":\"SSH - Server Algorithms\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Algorithms Offered by Client\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.ssh.hasshServerAlgorithms\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Algorithms Offered by Server\"}}]}", + "visState": "{\"title\":\"SSH - Server Algorithms\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Algorithms Offered by Client\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.ssh.hasshServerAlgorithms\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Algorithms Offered by Server\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/d2dd0180-06b1-11ec-8c6b-353266ade330.json b/dashboards/dashboards/d2dd0180-06b1-11ec-8c6b-353266ade330.json index 5f098b3c1..39b75946a 100644 --- a/dashboards/dashboards/d2dd0180-06b1-11ec-8c6b-353266ade330.json +++ b/dashboards/dashboards/d2dd0180-06b1-11ec-8c6b-353266ade330.json @@ -1,688 +1,688 @@ -{ - "version": "7.10.2", - "objects": [ - { - "id": "d2dd0180-06b1-11ec-8c6b-353266ade330", - "type": "dashboard", - "namespaces": [ - "default" - ], - "updated_at": "2021-09-02T18:26:13.166Z", - "version": "WzMwMTksMV0=", - "attributes": { - "title": "Severity", - "hits": 0, - "description": "", - "panelsJSON": "[{\"version\":\"7.10.2\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":27,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":8,\"y\":0,\"w\":14,\"h\":18,\"i\":\"3f76fdd2-3bf6-455e-be92-786b9628ec21\"},\"panelIndex\":\"3f76fdd2-3bf6-455e-be92-786b9628ec21\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":22,\"y\":0,\"w\":26,\"h\":18,\"i\":\"d43fa1a6-517d-4730-8a1f-ba928da6fc13\"},\"panelIndex\":\"d43fa1a6-517d-4730-8a1f-ba928da6fc13\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":8,\"y\":18,\"w\":22,\"h\":18,\"i\":\"30a491bc-d8b2-4555-a3c4-415de7e81c6a\"},\"panelIndex\":\"30a491bc-d8b2-4555-a3c4-415de7e81c6a\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":30,\"y\":18,\"w\":18,\"h\":18,\"i\":\"4c752761-c325-41b6-8216-8827bc219b82\"},\"panelIndex\":\"4c752761-c325-41b6-8216-8827bc219b82\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":0,\"y\":27,\"w\":8,\"h\":9,\"i\":\"a21db3d5-8091-4d59-a566-66ca256fa26c\"},\"panelIndex\":\"a21db3d5-8091-4d59-a566-66ca256fa26c\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":0,\"y\":36,\"w\":18,\"h\":19,\"i\":\"5820b8d7-2dd0-4f45-b7d7-c4c3c5ec554e\"},\"panelIndex\":\"5820b8d7-2dd0-4f45-b7d7-c4c3c5ec554e\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":18,\"y\":36,\"w\":15,\"h\":19,\"i\":\"d07e07fe-600e-433e-997d-8eab20559bad\"},\"panelIndex\":\"d07e07fe-600e-433e-997d-8eab20559bad\",\"embeddableConfig\":{\"hidePanelTitles\":false},\"panelRefName\":\"panel_7\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":33,\"y\":36,\"w\":15,\"h\":19,\"i\":\"a54d94c7-2499-4215-863d-859f5d079a03\"},\"panelIndex\":\"a54d94c7-2499-4215-863d-859f5d079a03\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":0,\"y\":55,\"w\":24,\"h\":21,\"i\":\"8880c848-dfa0-42a3-a0dc-8912f037150c\"},\"panelIndex\":\"8880c848-dfa0-42a3-a0dc-8912f037150c\",\"embeddableConfig\":{\"mapZoom\":2,\"mapCenter\":null},\"panelRefName\":\"panel_9\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":24,\"y\":55,\"w\":24,\"h\":21,\"i\":\"96973e1c-8444-4b47-8eb7-04ad66f86b18\"},\"panelIndex\":\"96973e1c-8444-4b47-8eb7-04ad66f86b18\",\"embeddableConfig\":{\"mapZoom\":2,\"mapCenter\":null},\"panelRefName\":\"panel_10\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":0,\"y\":76,\"w\":15,\"h\":18,\"i\":\"2957f8f6-219a-490e-a396-344010d1b1f3\"},\"panelIndex\":\"2957f8f6-219a-490e-a396-344010d1b1f3\",\"embeddableConfig\":{},\"panelRefName\":\"panel_11\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":15,\"y\":76,\"w\":15,\"h\":18,\"i\":\"6620e0e2-cb5c-4324-ae78-1af02e1033ba\"},\"panelIndex\":\"6620e0e2-cb5c-4324-ae78-1af02e1033ba\",\"embeddableConfig\":{},\"panelRefName\":\"panel_12\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":30,\"y\":76,\"w\":18,\"h\":18,\"i\":\"f8f8bdfb-5722-432e-bcf6-f43c084e8ba4\"},\"panelIndex\":\"f8f8bdfb-5722-432e-bcf6-f43c084e8ba4\",\"embeddableConfig\":{},\"panelRefName\":\"panel_13\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":0,\"y\":94,\"w\":48,\"h\":20,\"i\":\"f57be156-07f3-4b1b-9c8d-96e48405ee1c\"},\"panelIndex\":\"f57be156-07f3-4b1b-9c8d-96e48405ee1c\",\"embeddableConfig\":{},\"panelRefName\":\"panel_14\"}]", - "optionsJSON": "{\"useMargins\":true}", - "version": 1, - "timeRestore": false, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"event.severity:*\"},\"filter\":[]}" - } - }, - "references": [ - { - "name": "panel_0", - "type": "visualization", - "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3" - }, - { - "name": "panel_1", - "type": "visualization", - "id": "bcfa8900-06ac-11ec-8c6b-353266ade330" - }, - { - "name": "panel_2", - "type": "visualization", - "id": "0dc37f60-06a1-11ec-8c6b-353266ade330" - }, - { - "name": "panel_3", - "type": "visualization", - "id": "ae03b470-06ad-11ec-8c6b-353266ade330" - }, - { - "name": "panel_4", - "type": "visualization", - "id": "3b79b1b0-06ae-11ec-8c6b-353266ade330" - }, - { - "name": "panel_5", - "type": "visualization", - "id": "e9b2dbb0-06ab-11ec-8c6b-353266ade330" - }, - { - "name": "panel_6", - "type": "visualization", - "id": "1c681a40-47a2-11ea-86b0-e3b81eb90684" - }, - { - "name": "panel_7", - "type": "visualization", - "id": "5c3b42b0-06a9-11ec-8c6b-353266ade330" - }, - { - "name": "panel_8", - "type": "visualization", - "id": "74d35790-06a9-11ec-8c6b-353266ade330" - }, - { - "name": "panel_9", - "type": "visualization", - "id": "0c4482b0-06b0-11ec-8c6b-353266ade330" - }, - { - "name": "panel_10", - "type": "visualization", - "id": "2c19ecb0-06b0-11ec-8c6b-353266ade330" - }, - { - "name": "panel_11", - "type": "visualization", - "id": "dc7eb0a0-06aa-11ec-8c6b-353266ade330" - }, - { - "name": "panel_12", - "type": "visualization", - "id": "c12558e0-06aa-11ec-8c6b-353266ade330" - }, - { - "name": "panel_13", - "type": "visualization", - "id": "f38b3bd0-afd3-11ea-adcf-8bc6d9c94a96" - }, - { - "name": "panel_14", - "type": "search", - "id": "abd55c60-06a5-11ec-8c6b-353266ade330" - } - ], - "migrationVersion": { - "dashboard": "7.9.3" - } - }, - { - "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-09-02T16:45:09.724Z", - "version": "WzczOSwxXQ==", - "attributes": { - "title": "Network Logs", - "visState": "{\"title\":\"Network Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576) \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405) \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf) \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330) \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4) \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed) \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714) \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3) \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85) \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11) \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f) \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b) \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1) \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed) \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5) \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f) \\n[↪ NetBox](/netbox/) \\n[↪ Arkime](/arkime/) \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406) ● [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e) ● [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9) ● [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48) ● [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) ● [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3) ● [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673) ● [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24) ● [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105) ● [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6) ● [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37) ● [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586) ● [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0) ● [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c) ● [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970) ● [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0) ● [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26) ● [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa) ● [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773) ● [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f) ● [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab) ● [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238) ● [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3) ● [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd) ● [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d) ● [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88) ● [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2) ● [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194) ● [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad) ● [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3) ● [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4) ● [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194) ● [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7) ● [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8) ● [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4) ● [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194) ● [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194) ● [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4) ● [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}", - "uiStateJSON": "{}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}" - } - }, - "references": [], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "bcfa8900-06ac-11ec-8c6b-353266ade330", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-09-02T18:24:13.010Z", - "version": "WzI5NDIsMV0=", - "attributes": { - "title": "Severity Tags", - "visState": "{\"title\":\"Severity Tags\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"max\",\"params\":{\"field\":\"event.risk_score\",\"customLabel\":\"High Raw Severity\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.severity_tags\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Severity Tag\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "abd55c60-06a5-11ec-8c6b-353266ade330" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "0dc37f60-06a1-11ec-8c6b-353266ade330", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-09-02T16:45:00.648Z", - "version": "WzY1MywxXQ==", - "attributes": { - "title": "Severity Score Occurrences", - "visState": "{\"title\":\"Severity Score Occurrences\",\"type\":\"histogram\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Occurrences\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"range\",\"params\":{\"field\":\"event.severity\",\"ranges\":[{\"from\":1,\"to\":10},{\"from\":10,\"to\":20},{\"from\":20,\"to\":30},{\"from\":30,\"to\":40},{\"from\":40,\"to\":50},{\"from\":50,\"to\":60},{\"from\":60,\"to\":70},{\"from\":80,\"to\":90},{\"from\":90,\"to\":100},{\"from\":100}],\"customLabel\":\"Severity Score\"},\"schema\":\"segment\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"histogram\",\"params\":{\"field\":\"event.severity\",\"interval\":10,\"maxBars\":10,\"min_doc_count\":true,\"has_extended_bounds\":true,\"extended_bounds\":{\"max\":101,\"min\":0},\"customLabel\":\"Severity Score\"},\"schema\":\"group\"}],\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"filter\":true,\"rotate\":0,\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{},\"type\":\"category\"}],\"grid\":{\"categoryLines\":false,\"valueAxis\":\"ValueAxis-1\"},\"labels\":{\"show\":true},\"legendPosition\":\"right\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Occurrences\"},\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"mode\":\"stacked\",\"show\":true,\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"thresholdLine\":{\"color\":\"#E7664C\",\"show\":false,\"style\":\"full\",\"value\":10,\"width\":1},\"times\":[],\"type\":\"histogram\",\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"square root\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Occurrences\"},\"type\":\"value\"}]}}", - "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "c97bc964-5319-41e7-ad22-db28156a2ac1" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "ae03b470-06ad-11ec-8c6b-353266ade330", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-09-02T16:45:00.648Z", - "version": "WzY1NCwxXQ==", - "attributes": { - "title": "Severity - Notices", - "visState": "{\"title\":\"Severity - Notices\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.notice.note\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Notice Category\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"max\",\"params\":{\"field\":\"event.risk_score\",\"customLabel\":\"High Raw Severity\"},\"schema\":\"metric\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}}}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "8f003748-a6f8-4244-9d4e-e38e4a48da4c" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "3b79b1b0-06ae-11ec-8c6b-353266ade330", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-09-02T16:45:00.648Z", - "version": "WzY1NSwxXQ==", - "attributes": { - "title": "Severity - Application Protocol", - "visState": "{\"title\":\"Severity - Application Protocol\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Application Protocol\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"max\",\"params\":{\"field\":\"event.risk_score\",\"customLabel\":\"High Raw Severity\"},\"schema\":\"metric\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":0,\"direction\":\"asc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Application Protocol\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Protocol Version\",\"aggType\":\"terms\"}]}}}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"event.severity:*\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" - } - }, - "references": [ - { - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern", - "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "e9b2dbb0-06ab-11ec-8c6b-353266ade330", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-09-02T16:45:00.648Z", - "version": "WzY1NiwxXQ==", - "attributes": { - "title": "Severity - Socket Family", - "visState": "{\"title\":\"Severity - Socket Family\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.type\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"top\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}", - "uiStateJSON": "{}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "abd55c60-06a5-11ec-8c6b-353266ade330" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "1c681a40-47a2-11ea-86b0-e3b81eb90684", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-09-02T16:45:00.648Z", - "version": "WzY1NywxXQ==", - "attributes": { - "title": "File Types by Transport", - "visState": "{\"title\":\"File Types by Transport\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":true,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"file.mime_type\",\"orderBy\":\"_key\",\"order\":\"desc\",\"size\":500,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"File Type\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"file.source\",\"orderBy\":\"_key\",\"order\":\"desc\",\"size\":50,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Transport\"}}]}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "0aca5333-3b1c-4cda-afb4-f7dd86910459" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "5c3b42b0-06a9-11ec-8c6b-353266ade330", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-09-02T16:45:00.648Z", - "version": "WzY1OCwxXQ==", - "attributes": { - "title": "Severity - Source IP", - "visState": "{\"title\":\"Severity - Source IP\",\"type\":\"table\",\"aggs\":[{\"id\":\"3\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"_key\",\"order\":\"desc\",\"size\":255,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"max\",\"params\":{\"field\":\"event.risk_score\",\"customLabel\":\"High Raw Severity\"},\"schema\":\"metric\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "abd55c60-06a5-11ec-8c6b-353266ade330" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "74d35790-06a9-11ec-8c6b-353266ade330", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-09-02T16:45:00.648Z", - "version": "WzY1OSwxXQ==", - "attributes": { - "title": "Severity - Destination IP", - "visState": "{\"title\":\"Severity - Destination IP\",\"type\":\"table\",\"aggs\":[{\"id\":\"3\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"_key\",\"order\":\"desc\",\"size\":255,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"max\",\"params\":{\"field\":\"event.risk_score\",\"customLabel\":\"High Raw Severity\"},\"schema\":\"metric\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "abd55c60-06a5-11ec-8c6b-353266ade330" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "0c4482b0-06b0-11ec-8c6b-353266ade330", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-09-02T16:45:00.648Z", - "version": "WzY2MCwxXQ==", - "attributes": { - "title": "Severity - Originating Country", - "visState": "{\"title\":\"Severity - Originating Country\",\"type\":\"region_map\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"params\":{\"field\":\"event.severity\",\"customLabel\":\"Highest Severity Score\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.geo.country_iso_code\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":300,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Originating Country\"},\"schema\":\"segment\"}],\"params\":{\"legendPosition\":\"bottomright\",\"addTooltip\":true,\"colorSchema\":\"Yellow to Red\",\"emsHotLink\":\"\",\"isDisplayWarning\":false,\"wms\":{\"enabled\":false,\"url\":\"\",\"options\":{\"version\":\"\",\"layers\":\"\",\"format\":\"image/png\",\"transparent\":true,\"attribution\":\"\",\"styles\":\"\"},\"selectedTmsLayer\":{\"origin\":\"elastic_maps_service\",\"id\":\"road_map\",\"minZoom\":0,\"maxZoom\":10,\"attribution\":\"OpenStreetMap contributors | OpenMapTiles | Elastic Maps Service\"}},\"mapZoom\":2,\"mapCenter\":[0,0],\"outlineWeight\":1,\"showAllShapes\":true,\"selectedLayer\":{\"name\":\"World (offline)\",\"url\":\"/world.geojson\",\"attribution\":\"https://exploratory.io/maps\",\"fields\":[{\"name\":\"ISO_A2\",\"description\":\"Country Code\"},{\"name\":\"WB_A2\",\"description\":\"Country Code2\"},{\"name\":\"NAME\",\"description\":\"Country Name\"}],\"format\":{\"type\":\"geojson\"},\"meta\":{\"feature_collection_path\":\"data\"},\"layerId\":\"self_hosted.World (offline)\",\"isEMS\":false},\"selectedJoinField\":{\"name\":\"WB_A2\",\"description\":\"Country Code2\"}}}", - "uiStateJSON": "{\"mapZoom\":2,\"mapCenter\":[0.8788717828324276,-3.5143305082851]}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "abd55c60-06a5-11ec-8c6b-353266ade330" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "2c19ecb0-06b0-11ec-8c6b-353266ade330", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-09-02T16:45:00.648Z", - "version": "WzY2MSwxXQ==", - "attributes": { - "title": "Severity - Responding Country", - "visState": "{\"title\":\"Severity - Responding Country\",\"type\":\"region_map\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"params\":{\"field\":\"event.severity\",\"customLabel\":\"Highest Severity Score\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.geo.country_iso_code\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":300,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Responding Country\"},\"schema\":\"segment\"}],\"params\":{\"legendPosition\":\"bottomright\",\"addTooltip\":true,\"colorSchema\":\"Yellow to Red\",\"emsHotLink\":\"\",\"isDisplayWarning\":false,\"wms\":{\"enabled\":false,\"url\":\"\",\"options\":{\"version\":\"\",\"layers\":\"\",\"format\":\"image/png\",\"transparent\":true,\"attribution\":\"\",\"styles\":\"\"},\"selectedTmsLayer\":{\"origin\":\"elastic_maps_service\",\"id\":\"road_map\",\"minZoom\":0,\"maxZoom\":10,\"attribution\":\"OpenStreetMap contributors | OpenMapTiles | Elastic Maps Service\"}},\"mapZoom\":2,\"mapCenter\":[0,0],\"outlineWeight\":1,\"showAllShapes\":true,\"selectedLayer\":{\"name\":\"World (offline)\",\"url\":\"/world.geojson\",\"attribution\":\"https://exploratory.io/maps\",\"fields\":[{\"name\":\"ISO_A2\",\"description\":\"Country Code\"},{\"name\":\"WB_A2\",\"description\":\"Country Code2\"},{\"name\":\"NAME\",\"description\":\"Country Name\"}],\"format\":{\"type\":\"geojson\"},\"meta\":{\"feature_collection_path\":\"data\"},\"layerId\":\"self_hosted.World (offline)\",\"isEMS\":false},\"selectedJoinField\":{\"name\":\"WB_A2\",\"description\":\"Country Code2\"}}}", - "uiStateJSON": "{\"mapZoom\":2,\"mapCenter\":[0.8788717828324276,-3.5143305082851]}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "abd55c60-06a5-11ec-8c6b-353266ade330" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "dc7eb0a0-06aa-11ec-8c6b-353266ade330", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-09-02T16:45:00.648Z", - "version": "WzY2MiwxXQ==", - "attributes": { - "title": "Severity - Destination OUI", - "visState": "{\"title\":\"Severity - Destination OUI\",\"type\":\"table\",\"aggs\":[{\"id\":\"3\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.oui\",\"orderBy\":\"_key\",\"order\":\"desc\",\"size\":255,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination OUI\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"max\",\"params\":{\"field\":\"event.risk_score\",\"customLabel\":\"High Raw Severity\"},\"schema\":\"metric\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "abd55c60-06a5-11ec-8c6b-353266ade330" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "c12558e0-06aa-11ec-8c6b-353266ade330", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-09-02T16:45:00.648Z", - "version": "WzY2MywxXQ==", - "attributes": { - "title": "Severity - Source OUI", - "visState": "{\"title\":\"Severity - Source OUI\",\"type\":\"table\",\"aggs\":[{\"id\":\"3\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.oui\",\"orderBy\":\"_key\",\"order\":\"desc\",\"size\":255,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source OUI\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"max\",\"params\":{\"field\":\"event.risk_score\",\"customLabel\":\"High Raw Severity\"},\"schema\":\"metric\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "abd55c60-06a5-11ec-8c6b-353266ade330" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "f38b3bd0-afd3-11ea-adcf-8bc6d9c94a96", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-09-02T16:45:00.648Z", - "version": "WzY2NCwxXQ==", - "attributes": { - "title": "Actions and Results", - "visState": "{\"title\":\"Actions and Results\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":3,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Unknown\"}},\"params\":{},\"label\":\"Protocol\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Action\",\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Result\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Protocol\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Action\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.result\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Result\"}}]}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"event.action:* OR event.result:*\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" - } - }, - "references": [ - { - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern", - "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "abd55c60-06a5-11ec-8c6b-353266ade330", - "type": "search", - "namespaces": [ - "default" - ], - "updated_at": "2021-09-02T16:45:00.648Z", - "version": "WzY2NSwxXQ==", - "attributes": { - "title": "Severity-Scored Logs", - "description": "", - "hits": 0, - "columns": [ - "event.dataset", - "network.transport", - "network.protocol", - "source.ip", - "destination.ip", - "destination.port", - "event.action", - "event.result", - "event.severity", - "event.severity_tags", - "event.id" - ], - "sort": [], - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"query\":{\"query\":\"event.severity:*\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" - } - }, - "references": [ - { - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern", - "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" - } - ], - "migrationVersion": { - "search": "7.9.3" - } - }, - { - "id": "c97bc964-5319-41e7-ad22-db28156a2ac1", - "type": "search", - "namespaces": [ - "default" - ], - "updated_at": "2021-09-02T16:45:00.648Z", - "version": "WzY2NiwxXQ==", - "attributes": { - "title": "All Logs", - "description": "", - "hits": 0, - "columns": [ - "event.provider", - "event.dataset", - "network.protocol", - "event.action", - "event.result", - "source.ip", - "destination.ip", - "destination.port", - "event.id" - ], - "sort": [ - [ - "MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER", - "desc" - ] - ], - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"filter\":[],\"query\":{\"query\":\"NOT event.provider:arkime\",\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" - } - }, - "references": [ - { - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern", - "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" - } - ], - "migrationVersion": { - "search": "7.9.3" - } - }, - { - "id": "8f003748-a6f8-4244-9d4e-e38e4a48da4c", - "type": "search", - "namespaces": [ - "default" - ], - "updated_at": "2021-09-02T16:45:06.705Z", - "version": "WzcxNSwxXQ==", - "attributes": { - "title": "Notices - Logs", - "description": "", - "hits": 0, - "columns": [ - "rule.category", - "rule.name", - "zeek.notice.msg", - "source.ip", - "destination.ip", - "event.id" - ], - "sort": [ - [ - "MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER", - "desc" - ] - ], - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"event.provider:zeek AND event.dataset:notice\",\"default_field\":\"*\"}}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" - } - }, - "references": [ - { - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern", - "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" - } - ], - "migrationVersion": { - "search": "7.9.3" - } - }, - { - "id": "0aca5333-3b1c-4cda-afb4-f7dd86910459", - "type": "search", - "namespaces": [ - "default" - ], - "updated_at": "2021-09-02T16:45:00.648Z", - "version": "WzY2OCwxXQ==", - "attributes": { - "title": "Files - Logs", - "description": "", - "hits": 0, - "columns": [ - "source.ip", - "destination.ip", - "file.source", - "file.mime_type", - "file.path", - "event.id" - ], - "sort": [ - [ - "MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER", - "desc" - ] - ], - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"filter\":[],\"query\":{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"event.dataset:files\"}},\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" - } - }, - "references": [ - { - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern", - "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" - } - ], - "migrationVersion": { - "search": "7.9.3" - } - } - ] +{ + "version": "7.10.2", + "objects": [ + { + "id": "d2dd0180-06b1-11ec-8c6b-353266ade330", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2021-09-02T18:26:13.166Z", + "version": "WzMwMTksMV0=", + "attributes": { + "title": "Severity", + "hits": 0, + "description": "", + "panelsJSON": "[{\"version\":\"7.10.2\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":27,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":8,\"y\":0,\"w\":14,\"h\":18,\"i\":\"3f76fdd2-3bf6-455e-be92-786b9628ec21\"},\"panelIndex\":\"3f76fdd2-3bf6-455e-be92-786b9628ec21\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":22,\"y\":0,\"w\":26,\"h\":18,\"i\":\"d43fa1a6-517d-4730-8a1f-ba928da6fc13\"},\"panelIndex\":\"d43fa1a6-517d-4730-8a1f-ba928da6fc13\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":8,\"y\":18,\"w\":22,\"h\":18,\"i\":\"30a491bc-d8b2-4555-a3c4-415de7e81c6a\"},\"panelIndex\":\"30a491bc-d8b2-4555-a3c4-415de7e81c6a\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":30,\"y\":18,\"w\":18,\"h\":18,\"i\":\"4c752761-c325-41b6-8216-8827bc219b82\"},\"panelIndex\":\"4c752761-c325-41b6-8216-8827bc219b82\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":0,\"y\":27,\"w\":8,\"h\":9,\"i\":\"a21db3d5-8091-4d59-a566-66ca256fa26c\"},\"panelIndex\":\"a21db3d5-8091-4d59-a566-66ca256fa26c\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":0,\"y\":36,\"w\":18,\"h\":19,\"i\":\"5820b8d7-2dd0-4f45-b7d7-c4c3c5ec554e\"},\"panelIndex\":\"5820b8d7-2dd0-4f45-b7d7-c4c3c5ec554e\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":18,\"y\":36,\"w\":15,\"h\":19,\"i\":\"d07e07fe-600e-433e-997d-8eab20559bad\"},\"panelIndex\":\"d07e07fe-600e-433e-997d-8eab20559bad\",\"embeddableConfig\":{\"hidePanelTitles\":false},\"panelRefName\":\"panel_7\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":33,\"y\":36,\"w\":15,\"h\":19,\"i\":\"a54d94c7-2499-4215-863d-859f5d079a03\"},\"panelIndex\":\"a54d94c7-2499-4215-863d-859f5d079a03\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":0,\"y\":55,\"w\":24,\"h\":21,\"i\":\"8880c848-dfa0-42a3-a0dc-8912f037150c\"},\"panelIndex\":\"8880c848-dfa0-42a3-a0dc-8912f037150c\",\"embeddableConfig\":{\"mapZoom\":2,\"mapCenter\":null},\"panelRefName\":\"panel_9\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":24,\"y\":55,\"w\":24,\"h\":21,\"i\":\"96973e1c-8444-4b47-8eb7-04ad66f86b18\"},\"panelIndex\":\"96973e1c-8444-4b47-8eb7-04ad66f86b18\",\"embeddableConfig\":{\"mapZoom\":2,\"mapCenter\":null},\"panelRefName\":\"panel_10\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":0,\"y\":76,\"w\":15,\"h\":18,\"i\":\"2957f8f6-219a-490e-a396-344010d1b1f3\"},\"panelIndex\":\"2957f8f6-219a-490e-a396-344010d1b1f3\",\"embeddableConfig\":{},\"panelRefName\":\"panel_11\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":15,\"y\":76,\"w\":15,\"h\":18,\"i\":\"6620e0e2-cb5c-4324-ae78-1af02e1033ba\"},\"panelIndex\":\"6620e0e2-cb5c-4324-ae78-1af02e1033ba\",\"embeddableConfig\":{},\"panelRefName\":\"panel_12\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":30,\"y\":76,\"w\":18,\"h\":18,\"i\":\"f8f8bdfb-5722-432e-bcf6-f43c084e8ba4\"},\"panelIndex\":\"f8f8bdfb-5722-432e-bcf6-f43c084e8ba4\",\"embeddableConfig\":{},\"panelRefName\":\"panel_13\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":0,\"y\":94,\"w\":48,\"h\":20,\"i\":\"f57be156-07f3-4b1b-9c8d-96e48405ee1c\"},\"panelIndex\":\"f57be156-07f3-4b1b-9c8d-96e48405ee1c\",\"embeddableConfig\":{},\"panelRefName\":\"panel_14\"}]", + "optionsJSON": "{\"useMargins\":true}", + "version": 1, + "timeRestore": false, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"event.severity:*\"},\"filter\":[]}" + } + }, + "references": [ + { + "name": "panel_0", + "type": "visualization", + "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3" + }, + { + "name": "panel_1", + "type": "visualization", + "id": "bcfa8900-06ac-11ec-8c6b-353266ade330" + }, + { + "name": "panel_2", + "type": "visualization", + "id": "0dc37f60-06a1-11ec-8c6b-353266ade330" + }, + { + "name": "panel_3", + "type": "visualization", + "id": "ae03b470-06ad-11ec-8c6b-353266ade330" + }, + { + "name": "panel_4", + "type": "visualization", + "id": "3b79b1b0-06ae-11ec-8c6b-353266ade330" + }, + { + "name": "panel_5", + "type": "visualization", + "id": "e9b2dbb0-06ab-11ec-8c6b-353266ade330" + }, + { + "name": "panel_6", + "type": "visualization", + "id": "1c681a40-47a2-11ea-86b0-e3b81eb90684" + }, + { + "name": "panel_7", + "type": "visualization", + "id": "5c3b42b0-06a9-11ec-8c6b-353266ade330" + }, + { + "name": "panel_8", + "type": "visualization", + "id": "74d35790-06a9-11ec-8c6b-353266ade330" + }, + { + "name": "panel_9", + "type": "visualization", + "id": "0c4482b0-06b0-11ec-8c6b-353266ade330" + }, + { + "name": "panel_10", + "type": "visualization", + "id": "2c19ecb0-06b0-11ec-8c6b-353266ade330" + }, + { + "name": "panel_11", + "type": "visualization", + "id": "dc7eb0a0-06aa-11ec-8c6b-353266ade330" + }, + { + "name": "panel_12", + "type": "visualization", + "id": "c12558e0-06aa-11ec-8c6b-353266ade330" + }, + { + "name": "panel_13", + "type": "visualization", + "id": "f38b3bd0-afd3-11ea-adcf-8bc6d9c94a96" + }, + { + "name": "panel_14", + "type": "search", + "id": "abd55c60-06a5-11ec-8c6b-353266ade330" + } + ], + "migrationVersion": { + "dashboard": "7.9.3" + } + }, + { + "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-09-02T16:45:09.724Z", + "version": "WzczOSwxXQ==", + "attributes": { + "title": "Network Logs", + "visState": "{\"title\":\"Network Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576) \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405) \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf) \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330) \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4) \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed) \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714) \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3) \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85) \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11) \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f) \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b) \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1) \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed) \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5) \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f) \\n[↪ NetBox](/netbox/) \\n[↪ Arkime](/arkime/) \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406) ● [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e) ● [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9) ● [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48) ● [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) ● [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3) ● [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673) ● [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24) ● [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105) ● [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6) ● [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37) ● [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586) ● [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0) ● [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c) ● [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970) ● [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0) ● [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26) ● [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa) ● [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773) ● [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f) ● [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab) ● [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238) ● [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3) ● [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd) ● [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d) ● [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88) ● [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2) ● [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194) ● [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad) ● [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3) ● [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4) ● [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194) ● [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7) ● [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8) ● [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4) ● [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194) ● [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194) ● [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4) ● [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}", + "uiStateJSON": "{}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}" + } + }, + "references": [], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "bcfa8900-06ac-11ec-8c6b-353266ade330", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-09-02T18:24:13.010Z", + "version": "WzI5NDIsMV0=", + "attributes": { + "title": "Severity Tags", + "visState": "{\"title\":\"Severity Tags\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"max\",\"params\":{\"field\":\"event.risk_score\",\"customLabel\":\"High Raw Severity\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.severity_tags\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Severity Tag\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "abd55c60-06a5-11ec-8c6b-353266ade330" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "0dc37f60-06a1-11ec-8c6b-353266ade330", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-09-02T16:45:00.648Z", + "version": "WzY1MywxXQ==", + "attributes": { + "title": "Severity Score Occurrences", + "visState": "{\"title\":\"Severity Score Occurrences\",\"type\":\"histogram\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Occurrences\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"range\",\"params\":{\"field\":\"event.severity\",\"ranges\":[{\"from\":1,\"to\":10},{\"from\":10,\"to\":20},{\"from\":20,\"to\":30},{\"from\":30,\"to\":40},{\"from\":40,\"to\":50},{\"from\":50,\"to\":60},{\"from\":60,\"to\":70},{\"from\":80,\"to\":90},{\"from\":90,\"to\":100},{\"from\":100}],\"customLabel\":\"Severity Score\"},\"schema\":\"segment\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"histogram\",\"params\":{\"field\":\"event.severity\",\"interval\":10,\"maxBars\":10,\"min_doc_count\":true,\"has_extended_bounds\":true,\"extended_bounds\":{\"max\":101,\"min\":0},\"customLabel\":\"Severity Score\"},\"schema\":\"group\"}],\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"filter\":true,\"rotate\":0,\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{},\"type\":\"category\"}],\"grid\":{\"categoryLines\":false,\"valueAxis\":\"ValueAxis-1\"},\"labels\":{\"show\":true},\"legendPosition\":\"right\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Occurrences\"},\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"mode\":\"stacked\",\"show\":true,\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"thresholdLine\":{\"color\":\"#E7664C\",\"show\":false,\"style\":\"full\",\"value\":10,\"width\":1},\"times\":[],\"type\":\"histogram\",\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"square root\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Occurrences\"},\"type\":\"value\"}]}}", + "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "c97bc964-5319-41e7-ad22-db28156a2ac1" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "ae03b470-06ad-11ec-8c6b-353266ade330", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-09-02T16:45:00.648Z", + "version": "WzY1NCwxXQ==", + "attributes": { + "title": "Severity - Notices", + "visState": "{\"title\":\"Severity - Notices\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.notice.note\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Notice Category\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"max\",\"params\":{\"field\":\"event.risk_score\",\"customLabel\":\"High Raw Severity\"},\"schema\":\"metric\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}}}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "8f003748-a6f8-4244-9d4e-e38e4a48da4c" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "3b79b1b0-06ae-11ec-8c6b-353266ade330", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-09-02T16:45:00.648Z", + "version": "WzY1NSwxXQ==", + "attributes": { + "title": "Severity - Application Protocol", + "visState": "{\"title\":\"Severity - Application Protocol\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Application Protocol\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"max\",\"params\":{\"field\":\"event.risk_score\",\"customLabel\":\"High Raw Severity\"},\"schema\":\"metric\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":0,\"direction\":\"asc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Application Protocol\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Protocol Version\",\"aggType\":\"terms\"}]}}}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"event.severity:*\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" + } + }, + "references": [ + { + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern", + "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "e9b2dbb0-06ab-11ec-8c6b-353266ade330", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-09-02T16:45:00.648Z", + "version": "WzY1NiwxXQ==", + "attributes": { + "title": "Severity - Socket Family", + "visState": "{\"title\":\"Severity - Socket Family\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.type\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"top\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}", + "uiStateJSON": "{}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "abd55c60-06a5-11ec-8c6b-353266ade330" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "1c681a40-47a2-11ea-86b0-e3b81eb90684", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-09-02T16:45:00.648Z", + "version": "WzY1NywxXQ==", + "attributes": { + "title": "File Types by Transport", + "visState": "{\"title\":\"File Types by Transport\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":true,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"file.mime_type\",\"orderBy\":\"_key\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"File Type\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"file.source\",\"orderBy\":\"_key\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Transport\"}}]}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "0aca5333-3b1c-4cda-afb4-f7dd86910459" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "5c3b42b0-06a9-11ec-8c6b-353266ade330", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-09-02T16:45:00.648Z", + "version": "WzY1OCwxXQ==", + "attributes": { + "title": "Severity - Source IP", + "visState": "{\"title\":\"Severity - Source IP\",\"type\":\"table\",\"aggs\":[{\"id\":\"3\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"_key\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"max\",\"params\":{\"field\":\"event.risk_score\",\"customLabel\":\"High Raw Severity\"},\"schema\":\"metric\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "abd55c60-06a5-11ec-8c6b-353266ade330" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "74d35790-06a9-11ec-8c6b-353266ade330", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-09-02T16:45:00.648Z", + "version": "WzY1OSwxXQ==", + "attributes": { + "title": "Severity - Destination IP", + "visState": "{\"title\":\"Severity - Destination IP\",\"type\":\"table\",\"aggs\":[{\"id\":\"3\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"_key\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"max\",\"params\":{\"field\":\"event.risk_score\",\"customLabel\":\"High Raw Severity\"},\"schema\":\"metric\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "abd55c60-06a5-11ec-8c6b-353266ade330" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "0c4482b0-06b0-11ec-8c6b-353266ade330", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-09-02T16:45:00.648Z", + "version": "WzY2MCwxXQ==", + "attributes": { + "title": "Severity - Originating Country", + "visState": "{\"title\":\"Severity - Originating Country\",\"type\":\"region_map\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"params\":{\"field\":\"event.severity\",\"customLabel\":\"Highest Severity Score\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.geo.country_iso_code\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":300,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Originating Country\"},\"schema\":\"segment\"}],\"params\":{\"legendPosition\":\"bottomright\",\"addTooltip\":true,\"colorSchema\":\"Yellow to Red\",\"emsHotLink\":\"\",\"isDisplayWarning\":false,\"wms\":{\"enabled\":false,\"url\":\"\",\"options\":{\"version\":\"\",\"layers\":\"\",\"format\":\"image/png\",\"transparent\":true,\"attribution\":\"\",\"styles\":\"\"},\"selectedTmsLayer\":{\"origin\":\"elastic_maps_service\",\"id\":\"road_map\",\"minZoom\":0,\"maxZoom\":10,\"attribution\":\"OpenStreetMap contributors | OpenMapTiles | Elastic Maps Service\"}},\"mapZoom\":2,\"mapCenter\":[0,0],\"outlineWeight\":1,\"showAllShapes\":true,\"selectedLayer\":{\"name\":\"World (offline)\",\"url\":\"/world.geojson\",\"attribution\":\"https://exploratory.io/maps\",\"fields\":[{\"name\":\"ISO_A2\",\"description\":\"Country Code\"},{\"name\":\"WB_A2\",\"description\":\"Country Code2\"},{\"name\":\"NAME\",\"description\":\"Country Name\"}],\"format\":{\"type\":\"geojson\"},\"meta\":{\"feature_collection_path\":\"data\"},\"layerId\":\"self_hosted.World (offline)\",\"isEMS\":false},\"selectedJoinField\":{\"name\":\"WB_A2\",\"description\":\"Country Code2\"}}}", + "uiStateJSON": "{\"mapZoom\":2,\"mapCenter\":[0.8788717828324276,-3.5143305082851]}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "abd55c60-06a5-11ec-8c6b-353266ade330" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "2c19ecb0-06b0-11ec-8c6b-353266ade330", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-09-02T16:45:00.648Z", + "version": "WzY2MSwxXQ==", + "attributes": { + "title": "Severity - Responding Country", + "visState": "{\"title\":\"Severity - Responding Country\",\"type\":\"region_map\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"params\":{\"field\":\"event.severity\",\"customLabel\":\"Highest Severity Score\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.geo.country_iso_code\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":300,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Responding Country\"},\"schema\":\"segment\"}],\"params\":{\"legendPosition\":\"bottomright\",\"addTooltip\":true,\"colorSchema\":\"Yellow to Red\",\"emsHotLink\":\"\",\"isDisplayWarning\":false,\"wms\":{\"enabled\":false,\"url\":\"\",\"options\":{\"version\":\"\",\"layers\":\"\",\"format\":\"image/png\",\"transparent\":true,\"attribution\":\"\",\"styles\":\"\"},\"selectedTmsLayer\":{\"origin\":\"elastic_maps_service\",\"id\":\"road_map\",\"minZoom\":0,\"maxZoom\":10,\"attribution\":\"OpenStreetMap contributors | OpenMapTiles | Elastic Maps Service\"}},\"mapZoom\":2,\"mapCenter\":[0,0],\"outlineWeight\":1,\"showAllShapes\":true,\"selectedLayer\":{\"name\":\"World (offline)\",\"url\":\"/world.geojson\",\"attribution\":\"https://exploratory.io/maps\",\"fields\":[{\"name\":\"ISO_A2\",\"description\":\"Country Code\"},{\"name\":\"WB_A2\",\"description\":\"Country Code2\"},{\"name\":\"NAME\",\"description\":\"Country Name\"}],\"format\":{\"type\":\"geojson\"},\"meta\":{\"feature_collection_path\":\"data\"},\"layerId\":\"self_hosted.World (offline)\",\"isEMS\":false},\"selectedJoinField\":{\"name\":\"WB_A2\",\"description\":\"Country Code2\"}}}", + "uiStateJSON": "{\"mapZoom\":2,\"mapCenter\":[0.8788717828324276,-3.5143305082851]}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "abd55c60-06a5-11ec-8c6b-353266ade330" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "dc7eb0a0-06aa-11ec-8c6b-353266ade330", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-09-02T16:45:00.648Z", + "version": "WzY2MiwxXQ==", + "attributes": { + "title": "Severity - Destination OUI", + "visState": "{\"title\":\"Severity - Destination OUI\",\"type\":\"table\",\"aggs\":[{\"id\":\"3\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.oui\",\"orderBy\":\"_key\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination OUI\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"max\",\"params\":{\"field\":\"event.risk_score\",\"customLabel\":\"High Raw Severity\"},\"schema\":\"metric\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "abd55c60-06a5-11ec-8c6b-353266ade330" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "c12558e0-06aa-11ec-8c6b-353266ade330", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-09-02T16:45:00.648Z", + "version": "WzY2MywxXQ==", + "attributes": { + "title": "Severity - Source OUI", + "visState": "{\"title\":\"Severity - Source OUI\",\"type\":\"table\",\"aggs\":[{\"id\":\"3\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.oui\",\"orderBy\":\"_key\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source OUI\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"max\",\"params\":{\"field\":\"event.risk_score\",\"customLabel\":\"High Raw Severity\"},\"schema\":\"metric\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "abd55c60-06a5-11ec-8c6b-353266ade330" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "f38b3bd0-afd3-11ea-adcf-8bc6d9c94a96", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-09-02T16:45:00.648Z", + "version": "WzY2NCwxXQ==", + "attributes": { + "title": "Actions and Results", + "visState": "{\"title\":\"Actions and Results\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":3,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Unknown\"}},\"params\":{},\"label\":\"Protocol\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Action\",\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Result\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Protocol\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Action\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.result\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Result\"}}]}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"event.action:* OR event.result:*\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" + } + }, + "references": [ + { + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern", + "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "abd55c60-06a5-11ec-8c6b-353266ade330", + "type": "search", + "namespaces": [ + "default" + ], + "updated_at": "2021-09-02T16:45:00.648Z", + "version": "WzY2NSwxXQ==", + "attributes": { + "title": "Severity-Scored Logs", + "description": "", + "hits": 0, + "columns": [ + "event.dataset", + "network.transport", + "network.protocol", + "source.ip", + "destination.ip", + "destination.port", + "event.action", + "event.result", + "event.severity", + "event.severity_tags", + "event.id" + ], + "sort": [], + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"query\":{\"query\":\"event.severity:*\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" + } + }, + "references": [ + { + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern", + "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" + } + ], + "migrationVersion": { + "search": "7.9.3" + } + }, + { + "id": "c97bc964-5319-41e7-ad22-db28156a2ac1", + "type": "search", + "namespaces": [ + "default" + ], + "updated_at": "2021-09-02T16:45:00.648Z", + "version": "WzY2NiwxXQ==", + "attributes": { + "title": "All Logs", + "description": "", + "hits": 0, + "columns": [ + "event.provider", + "event.dataset", + "network.protocol", + "event.action", + "event.result", + "source.ip", + "destination.ip", + "destination.port", + "event.id" + ], + "sort": [ + [ + "MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER", + "desc" + ] + ], + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"filter\":[],\"query\":{\"query\":\"NOT event.provider:arkime\",\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" + } + }, + "references": [ + { + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern", + "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" + } + ], + "migrationVersion": { + "search": "7.9.3" + } + }, + { + "id": "8f003748-a6f8-4244-9d4e-e38e4a48da4c", + "type": "search", + "namespaces": [ + "default" + ], + "updated_at": "2021-09-02T16:45:06.705Z", + "version": "WzcxNSwxXQ==", + "attributes": { + "title": "Notices - Logs", + "description": "", + "hits": 0, + "columns": [ + "rule.category", + "rule.name", + "zeek.notice.msg", + "source.ip", + "destination.ip", + "event.id" + ], + "sort": [ + [ + "MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER", + "desc" + ] + ], + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"event.provider:zeek AND event.dataset:notice\",\"default_field\":\"*\"}}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" + } + }, + "references": [ + { + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern", + "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" + } + ], + "migrationVersion": { + "search": "7.9.3" + } + }, + { + "id": "0aca5333-3b1c-4cda-afb4-f7dd86910459", + "type": "search", + "namespaces": [ + "default" + ], + "updated_at": "2021-09-02T16:45:00.648Z", + "version": "WzY2OCwxXQ==", + "attributes": { + "title": "Files - Logs", + "description": "", + "hits": 0, + "columns": [ + "source.ip", + "destination.ip", + "file.source", + "file.mime_type", + "file.path", + "event.id" + ], + "sort": [ + [ + "MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER", + "desc" + ] + ], + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"filter\":[],\"query\":{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"event.dataset:files\"}},\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" + } + }, + "references": [ + { + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern", + "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" + } + ], + "migrationVersion": { + "search": "7.9.3" + } + } + ] } \ No newline at end of file diff --git a/dashboards/dashboards/d41fe630-3f98-11e9-a58e-8bdedb0915e8.json b/dashboards/dashboards/d41fe630-3f98-11e9-a58e-8bdedb0915e8.json index 0c7cbab75..540f1549b 100644 --- a/dashboards/dashboards/d41fe630-3f98-11e9-a58e-8bdedb0915e8.json +++ b/dashboards/dashboards/d41fe630-3f98-11e9-a58e-8bdedb0915e8.json @@ -80,7 +80,7 @@ "version": "WzgwNCwxXQ==", "attributes": { "title": "Connections - Source - Originator Bytes (region map)", - "visState": "{\"title\":\"Connections - Source - Originator Bytes (region map)\",\"type\":\"region_map\",\"params\":{\"addTooltip\":true,\"colorSchema\":\"Green to Red\",\"emsHotLink\":null,\"isDisplayWarning\":false,\"legendPosition\":\"bottomright\",\"mapCenter\":[0,0],\"mapZoom\":2,\"outlineWeight\":1,\"selectedJoinField\":{\"description\":\"Country Code\",\"name\":\"ISO_A2\"},\"selectedLayer\":{\"attribution\":\"https://exploratory.io/maps\",\"fields\":[{\"description\":\"Country Code\",\"name\":\"ISO_A2\"},{\"description\":\"Country Code2\",\"name\":\"WB_A2\"},{\"description\":\"Country Name\",\"name\":\"NAME\"}],\"format\":{\"type\":\"geojson\"},\"isEMS\":false,\"layerId\":\"self_hosted.World (offline)\",\"meta\":{\"feature_collection_path\":\"data\"},\"name\":\"World (offline)\",\"url\":\"/world.geojson\"},\"showAllShapes\":true,\"wms\":{\"enabled\":false,\"options\":{\"format\":\"image/png\",\"transparent\":true},\"selectedTmsLayer\":{\"origin\":\"elastic_maps_service\",\"id\":\"road_map\",\"minZoom\":0,\"maxZoom\":10,\"attribution\":\"OpenStreetMap contributors | OpenMapTiles | MapTiler | Elastic Maps Service\"}},\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Originator Bytes\",\"aggType\":\"cardinality\"},\"bucket\":{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Originator Country\",\"aggType\":\"terms\"}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"client.bytes\",\"customLabel\":\"Originator Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"source.geo.country_iso_code\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Originator Country\"}}]}", + "visState": "{\"title\":\"Connections - Source - Originator Bytes (region map)\",\"type\":\"region_map\",\"params\":{\"addTooltip\":true,\"colorSchema\":\"Green to Red\",\"emsHotLink\":null,\"isDisplayWarning\":false,\"legendPosition\":\"bottomright\",\"mapCenter\":[0,0],\"mapZoom\":2,\"outlineWeight\":1,\"selectedJoinField\":{\"description\":\"Country Code\",\"name\":\"ISO_A2\"},\"selectedLayer\":{\"attribution\":\"https://exploratory.io/maps\",\"fields\":[{\"description\":\"Country Code\",\"name\":\"ISO_A2\"},{\"description\":\"Country Code2\",\"name\":\"WB_A2\"},{\"description\":\"Country Name\",\"name\":\"NAME\"}],\"format\":{\"type\":\"geojson\"},\"isEMS\":false,\"layerId\":\"self_hosted.World (offline)\",\"meta\":{\"feature_collection_path\":\"data\"},\"name\":\"World (offline)\",\"url\":\"/world.geojson\"},\"showAllShapes\":true,\"wms\":{\"enabled\":false,\"options\":{\"format\":\"image/png\",\"transparent\":true},\"selectedTmsLayer\":{\"origin\":\"elastic_maps_service\",\"id\":\"road_map\",\"minZoom\":0,\"maxZoom\":10,\"attribution\":\"OpenStreetMap contributors | OpenMapTiles | MapTiler | Elastic Maps Service\"}},\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Originator Bytes\",\"aggType\":\"cardinality\"},\"bucket\":{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Originator Country\",\"aggType\":\"terms\"}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"client.bytes\",\"customLabel\":\"Originator Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"source.geo.country_iso_code\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Originator Country\"}}]}", "uiStateJSON": "{\"mapCenter\":[37.73168660636539,16.171875000000004],\"mapZoom\":3}", "description": "", "version": 1, diff --git a/dashboards/dashboards/dd87edd0-796a-11ec-9ce6-b395c1ff58f4.json b/dashboards/dashboards/dd87edd0-796a-11ec-9ce6-b395c1ff58f4.json index 811c18868..e527e2f9c 100644 --- a/dashboards/dashboards/dd87edd0-796a-11ec-9ce6-b395c1ff58f4.json +++ b/dashboards/dashboards/dd87edd0-796a-11ec-9ce6-b395c1ff58f4.json @@ -130,7 +130,7 @@ "version": "Wzc1NiwxXQ==", "attributes": { "title": "OPCUA Binary - Log Count", - "visState": "{\"title\":\"OPCUA Binary - Log Count\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.dataset\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Log Type\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":20,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"OPCUA Binary - Log Count\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.dataset\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Log Type\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":20,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -189,7 +189,7 @@ "version": "Wzc1OCwxXQ==", "attributes": { "title": "OPCUA Binary - Actions", - "visState": "{\"title\":\"OPCUA Binary - Actions\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Action\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"OPCUA Binary - Actions\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Action\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -218,7 +218,7 @@ "version": "Wzc1OSwxXQ==", "attributes": { "title": "OPCUA Binary - Results", - "visState": "{\"title\":\"OPCUA Binary - Results\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.result\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Result\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"OPCUA Binary - Results\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.result\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Result\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -247,7 +247,7 @@ "version": "Wzc2MCwxXQ==", "attributes": { "title": "OPCUA Binary - URLs and URIs", - "visState": "{\"title\":\"OPCUA Binary - URLs and URIs\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"url.original\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"URL or URI\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":20,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"OPCUA Binary - URLs and URIs\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"url.original\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"URL or URI\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":20,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -306,7 +306,7 @@ "version": "Wzc2MSwxXQ==", "attributes": { "title": "OPCUA Binary - Source", - "visState": "{\"title\":\"OPCUA Binary - Source\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"OPCUA Binary - Source\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -336,7 +336,7 @@ "version": "Wzc2MiwxXQ==", "attributes": { "title": "OPCUA Binary - Destination", - "visState": "{\"title\":\"OPCUA Binary - Destination\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Port\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"OPCUA Binary - Destination\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Port\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/e76d05c0-eb9f-11e9-a384-0fcf32210194.json b/dashboards/dashboards/e76d05c0-eb9f-11e9-a384-0fcf32210194.json index c8720b392..432296648 100644 --- a/dashboards/dashboards/e76d05c0-eb9f-11e9-a384-0fcf32210194.json +++ b/dashboards/dashboards/e76d05c0-eb9f-11e9-a384-0fcf32210194.json @@ -170,7 +170,7 @@ "version": "Wzc0NCwxXQ==", "attributes": { "title": "S7comm Operations", - "visState": "{\"title\":\"S7comm Operations\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Protocol\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Action\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.result\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Result\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":25,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"S7comm Operations\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Protocol\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Action\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.result\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Result\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":25,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -200,7 +200,7 @@ "version": "Wzc0NSwxXQ==", "attributes": { "title": "S7comm Source IP", - "visState": "{\"title\":\"S7comm Source IP\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Protocol\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"S7comm Source IP\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Protocol\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -230,7 +230,7 @@ "version": "Wzc0NiwxXQ==", "attributes": { "title": "S7comm Destination IP", - "visState": "{\"title\":\"S7comm Destination IP\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Protocol\"},\"schema\":\"bucket\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Port\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"S7comm Destination IP\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Protocol\"},\"schema\":\"bucket\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Port\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -290,7 +290,7 @@ "version": "WzkwNSwxXQ==", "attributes": { "title": "S7comm - Upload/Download File Names", - "visState": "{\"title\":\"S7comm - Upload/Download File Names\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"file.path\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"\",\"customLabel\":\"File Name\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.s7comm_upload_download.destination_filesystem\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Destination Filesystem\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"S7comm - Upload/Download File Names\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"file.path\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"\",\"customLabel\":\"File Name\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.s7comm_upload_download.destination_filesystem\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Destination Filesystem\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -320,7 +320,7 @@ "version": "Wzc0OCwxXQ==", "attributes": { "title": "S7comm Read-SZL", - "visState": "{\"title\":\"S7comm Read-SZL\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.s7comm_read_szl.szl_index\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"SZL Index\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Action\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.result\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Result\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"S7comm Read-SZL\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.s7comm_read_szl.szl_index\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"SZL Index\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Action\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.result\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Result\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/ed8a6640-3f98-11e9-a58e-8bdedb0915e8.json b/dashboards/dashboards/ed8a6640-3f98-11e9-a58e-8bdedb0915e8.json index 0fc1cd719..76c215156 100644 --- a/dashboards/dashboards/ed8a6640-3f98-11e9-a58e-8bdedb0915e8.json +++ b/dashboards/dashboards/ed8a6640-3f98-11e9-a58e-8bdedb0915e8.json @@ -70,7 +70,7 @@ "version": "WzgzNSwxXQ==", "attributes": { "title": "Connections - Source - Responder Bytes (region map)", - "visState": "{\"title\":\"Connections - Source - Responder Bytes (region map)\",\"type\":\"region_map\",\"params\":{\"addTooltip\":true,\"colorSchema\":\"Green to Red\",\"emsHotLink\":null,\"isDisplayWarning\":false,\"legendPosition\":\"bottomright\",\"mapCenter\":[0,0],\"mapZoom\":3,\"outlineWeight\":1,\"selectedJoinField\":{\"description\":\"Country Code\",\"name\":\"ISO_A2\"},\"selectedLayer\":{\"attribution\":\"https://exploratory.io/maps\",\"fields\":[{\"description\":\"Country Code\",\"name\":\"ISO_A2\"},{\"description\":\"Country Code2\",\"name\":\"WB_A2\"},{\"description\":\"Country Name\",\"name\":\"NAME\"}],\"format\":{\"type\":\"geojson\"},\"isEMS\":false,\"layerId\":\"self_hosted.World (offline)\",\"meta\":{\"feature_collection_path\":\"data\"},\"name\":\"World (offline)\",\"url\":\"/world.geojson\"},\"showAllShapes\":true,\"wms\":{\"enabled\":false,\"options\":{\"format\":\"image/png\",\"transparent\":true}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"server.bytes\",\"customLabel\":\"Responder Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"source.geo.country_iso_code\",\"size\":250,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Originator Country\"}}]}", + "visState": "{\"title\":\"Connections - Source - Responder Bytes (region map)\",\"type\":\"region_map\",\"params\":{\"addTooltip\":true,\"colorSchema\":\"Green to Red\",\"emsHotLink\":null,\"isDisplayWarning\":false,\"legendPosition\":\"bottomright\",\"mapCenter\":[0,0],\"mapZoom\":3,\"outlineWeight\":1,\"selectedJoinField\":{\"description\":\"Country Code\",\"name\":\"ISO_A2\"},\"selectedLayer\":{\"attribution\":\"https://exploratory.io/maps\",\"fields\":[{\"description\":\"Country Code\",\"name\":\"ISO_A2\"},{\"description\":\"Country Code2\",\"name\":\"WB_A2\"},{\"description\":\"Country Name\",\"name\":\"NAME\"}],\"format\":{\"type\":\"geojson\"},\"isEMS\":false,\"layerId\":\"self_hosted.World (offline)\",\"meta\":{\"feature_collection_path\":\"data\"},\"name\":\"World (offline)\",\"url\":\"/world.geojson\"},\"showAllShapes\":true,\"wms\":{\"enabled\":false,\"options\":{\"format\":\"image/png\",\"transparent\":true}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"server.bytes\",\"customLabel\":\"Responder Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"source.geo.country_iso_code\",,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Originator Country\"}}]}", "uiStateJSON": "{\"mapCenter\":[0,0],\"mapZoom\":3}", "description": "", "version": 1, diff --git a/dashboards/dashboards/f1f09567-fc7f-450b-a341-19d2f2bb468b.json b/dashboards/dashboards/f1f09567-fc7f-450b-a341-19d2f2bb468b.json index 928d05611..c539eca92 100644 --- a/dashboards/dashboards/f1f09567-fc7f-450b-a341-19d2f2bb468b.json +++ b/dashboards/dashboards/f1f09567-fc7f-450b-a341-19d2f2bb468b.json @@ -1,526 +1,526 @@ -{ - "version": "1.3.1", - "objects": [ - { - "id": "f1f09567-fc7f-450b-a341-19d2f2bb468b", - "type": "dashboard", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-04T17:53:11.078Z", - "version": "WzczOSwxXQ==", - "attributes": { - "title": "Zeek Notices", - "hits": 0, - "description": "", - "panelsJSON": "[{\"embeddableConfig\":{\"legendOpen\":false,\"vis\":{\"legendOpen\":true}},\"gridData\":{\"h\":11,\"i\":\"4\",\"w\":32,\"x\":16,\"y\":0},\"panelIndex\":\"4\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":30,\"i\":\"5\",\"w\":8,\"x\":0,\"y\":0},\"panelIndex\":\"5\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}},\"gridData\":{\"h\":19,\"i\":\"7\",\"w\":13,\"x\":0,\"y\":30},\"panelIndex\":\"7\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}},\"gridData\":{\"h\":19,\"i\":\"8\",\"w\":13,\"x\":13,\"y\":30},\"panelIndex\":\"8\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"11\",\"w\":17,\"x\":8,\"y\":11},\"panelIndex\":\"11\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}},\"gridData\":{\"h\":19,\"i\":\"12\",\"w\":24,\"x\":24,\"y\":68},\"panelIndex\":\"12\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}},\"gridData\":{\"h\":19,\"i\":\"13\",\"w\":24,\"x\":0,\"y\":68},\"panelIndex\":\"13\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"14\",\"w\":23,\"x\":25,\"y\":11},\"panelIndex\":\"14\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"asc\"}},\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}},\"gridData\":{\"h\":19,\"i\":\"15\",\"w\":24,\"x\":0,\"y\":49},\"panelIndex\":\"15\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_8\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":11,\"i\":\"16\",\"w\":8,\"x\":8,\"y\":0},\"panelIndex\":\"16\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_9\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":24,\"i\":\"17\",\"w\":48,\"x\":0,\"y\":87},\"panelIndex\":\"17\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_10\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"18\",\"w\":22,\"x\":26,\"y\":30},\"panelIndex\":\"18\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_11\"},{\"embeddableConfig\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"asc\"}},\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}},\"gridData\":{\"h\":19,\"i\":\"19\",\"w\":12,\"x\":36,\"y\":49},\"panelIndex\":\"19\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_12\"},{\"embeddableConfig\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"asc\"}},\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}},\"gridData\":{\"h\":19,\"i\":\"a26aabd1-b1ab-4c25-afa2-343d10b8c592\",\"w\":12,\"x\":24,\"y\":49},\"panelIndex\":\"a26aabd1-b1ab-4c25-afa2-343d10b8c592\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_13\"}]", - "optionsJSON": "{\"useMargins\":true}", - "version": 1, - "timeRestore": false, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"*\"},\"filter\":[]}" - } - }, - "references": [ - { - "name": "panel_0", - "type": "visualization", - "id": "0455b814-9b8e-4895-985d-c0d484bb025c" - }, - { - "name": "panel_1", - "type": "visualization", - "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3" - }, - { - "name": "panel_2", - "type": "visualization", - "id": "abb2c718-e1f5-4b59-9c3d-54082ee3a407" - }, - { - "name": "panel_3", - "type": "visualization", - "id": "af961658-7f3d-4f88-b35f-76d1b6f49002" - }, - { - "name": "panel_4", - "type": "visualization", - "id": "519823ff-ee5b-4051-9dd5-0467e595ab25" - }, - { - "name": "panel_5", - "type": "visualization", - "id": "8f4a6c67-6833-4c53-b874-4341df5f181d" - }, - { - "name": "panel_6", - "type": "visualization", - "id": "47adad3a-a0d2-46eb-a957-1886abd4472d" - }, - { - "name": "panel_7", - "type": "visualization", - "id": "8a911a83-3962-44b8-be39-b54532f51b46" - }, - { - "name": "panel_8", - "type": "visualization", - "id": "8da041f0-ea80-4841-aabc-ae32c40f20c5" - }, - { - "name": "panel_9", - "type": "visualization", - "id": "AWDG1uC-xQT5EBNmq3dP" - }, - { - "name": "panel_10", - "type": "search", - "id": "8f003748-a6f8-4244-9d4e-e38e4a48da4c" - }, - { - "name": "panel_11", - "type": "visualization", - "id": "cd33ef1d-d5b8-43aa-8ae1-2534f0b79759" - }, - { - "name": "panel_12", - "type": "visualization", - "id": "559cf002-6086-4655-908e-d1f757cd58a9" - }, - { - "name": "panel_13", - "type": "visualization", - "id": "5d805580-0c3e-11ec-af25-f10016947fe0" - } - ], - "migrationVersion": { - "dashboard": "7.9.3" - } - }, - { - "id": "0455b814-9b8e-4895-985d-c0d484bb025c", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-04T17:53:11.078Z", - "version": "Wzc0MCwxXQ==", - "attributes": { - "title": "Notices - Log Count Over Time", - "visState": "{\"title\":\"Notices - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"square root\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"stacked\",\"type\":\"histogram\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"type\":\"histogram\",\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"dimensions\":{\"x\":{\"accessor\":0,\"format\":{\"id\":\"date\",\"params\":{\"pattern\":\"HH:mm:ss\"}},\"params\":{\"date\":true,\"interval\":\"PT1S\",\"intervalESValue\":1,\"intervalESUnit\":\"s\",\"format\":\"HH:mm:ss\",\"bounds\":{\"min\":\"2017-04-16T17:22:12.510Z\",\"max\":\"2017-04-16T17:23:40.195Z\"}},\"label\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER per second\",\"aggType\":\"date_histogram\"},\"y\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"series\":[{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Notice Category\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER\",\"timeRange\":{\"from\":\"2017-04-16T17:22:12.510Z\",\"to\":\"2017-04-16T17:23:40.195Z\"},\"useNormalizedEsInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\" \"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"rule.category\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Notice Category\"}}]}", - "uiStateJSON": "{}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "8f003748-a6f8-4244-9d4e-e38e4a48da4c" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-04T17:53:15.100Z", - "version": "Wzc4NCwxXQ==", - "attributes": { - "title": "Network Logs", - "visState": "{\"title\":\"Network Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576) \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405) \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf) \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330) \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4) \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed) \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714) \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3) \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85) \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11) \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f) \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b) \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1) \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed) \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5) \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f) \\n[↪ NetBox](/netbox/) \\n[↪ Arkime](/arkime/) \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406) ● [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e) ● [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9) ● [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48) ● [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) ● [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3) ● [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673) ● [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24) ● [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105) ● [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6) ● [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37) ● [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586) ● [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0) ● [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c) ● [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970) ● [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0) ● [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26) ● [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa) ● [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773) ● [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f) ● [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab) ● [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238) ● [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3) ● [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd) ● [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d) ● [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88) ● [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2) ● [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194) ● [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad) ● [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3) ● [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4) ● [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194) ● [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7) ● [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8) ● [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4) ● [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194) ● [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194) ● [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4) ● [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}", - "uiStateJSON": "{}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}" - } - }, - "references": [], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "abb2c718-e1f5-4b59-9c3d-54082ee3a407", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-04T17:53:11.078Z", - "version": "Wzc0MiwxXQ==", - "attributes": { - "visState": "{\"title\":\"Notices - Source IP Addresses\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", - "description": "", - "title": "Notices - Source IP Addresses", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "type": "search", - "name": "search_0", - "id": "8f003748-a6f8-4244-9d4e-e38e4a48da4c" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "af961658-7f3d-4f88-b35f-76d1b6f49002", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-04T17:53:11.078Z", - "version": "Wzc0MywxXQ==", - "attributes": { - "visState": "{\"title\":\"Notices - Destination IP Addresses\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", - "description": "", - "title": "Notices - Destination IP Addresses", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "type": "search", - "name": "search_0", - "id": "8f003748-a6f8-4244-9d4e-e38e4a48da4c" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "519823ff-ee5b-4051-9dd5-0467e595ab25", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-04T17:53:11.078Z", - "version": "Wzc0NCwxXQ==", - "attributes": { - "title": "Notices - Notice Type", - "visState": "{\"title\":\"Notices - Notice Type\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Notice Category\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.category\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Notice Category\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Notice Subcategory\"}}]}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "8f003748-a6f8-4244-9d4e-e38e4a48da4c" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "8f4a6c67-6833-4c53-b874-4341df5f181d", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-04T17:53:11.078Z", - "version": "Wzc0NSwxXQ==", - "attributes": { - "visState": "{\"title\":\"Notices - File MIME Type\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.notice.file_mime_type\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"MIME Type\"}}],\"listeners\":{}}", - "description": "", - "title": "Notices - File MIME Type", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "type": "search", - "name": "search_0", - "id": "8f003748-a6f8-4244-9d4e-e38e4a48da4c" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "47adad3a-a0d2-46eb-a957-1886abd4472d", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-04T17:53:11.078Z", - "version": "Wzc0NiwxXQ==", - "attributes": { - "visState": "{\"title\":\"Notices - File Description\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.notice.file_desc\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Description\"}}],\"listeners\":{}}", - "description": "", - "title": "Notices - File Description", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "type": "search", - "name": "search_0", - "id": "8f003748-a6f8-4244-9d4e-e38e4a48da4c" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "8a911a83-3962-44b8-be39-b54532f51b46", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-04T17:53:11.078Z", - "version": "Wzc0NywxXQ==", - "attributes": { - "title": "Notice - Destination Port", - "visState": "{\"title\":\"Notice - Destination Port\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"Port\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"square root\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":false,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"type\":\"histogram\",\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"dimensions\":{\"x\":{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Port\",\"aggType\":\"terms\"},\"y\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Port\"}}]}", - "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "8f003748-a6f8-4244-9d4e-e38e4a48da4c" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "8da041f0-ea80-4841-aabc-ae32c40f20c5", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-04T17:53:11.078Z", - "version": "Wzc0OCwxXQ==", - "attributes": { - "title": "Notice - Message Details", - "visState": "{\"title\":\"Notice - Message Details\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":4,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":4,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Category\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Subcategory\",\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Message\",\"aggType\":\"terms\"},{\"accessor\":3,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Sub-Message\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.category\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Category\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Subcategory\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.notice.msg\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Message\"}}]}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "8f003748-a6f8-4244-9d4e-e38e4a48da4c" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "AWDG1uC-xQT5EBNmq3dP", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-04T17:53:11.078Z", - "version": "Wzc0OSwxXQ==", - "attributes": { - "title": "Notices - Log Count", - "visState": "{\"title\":\"Notices - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}", - "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "type": "search", - "name": "search_0", - "id": "8f003748-a6f8-4244-9d4e-e38e4a48da4c" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "8f003748-a6f8-4244-9d4e-e38e4a48da4c", - "type": "search", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-04T17:53:11.078Z", - "version": "Wzc1MCwxXQ==", - "attributes": { - "title": "Notices - Logs", - "description": "", - "hits": 0, - "columns": [ - "rule.category", - "rule.name", - "zeek.notice.msg", - "source.ip", - "destination.ip", - "event.id" - ], - "sort": [ - [ - "MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER", - "desc" - ] - ], - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"event.provider:zeek AND event.dataset:notice\",\"default_field\":\"*\"}}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" - } - }, - "references": [ - { - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern", - "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" - } - ], - "migrationVersion": { - "search": "7.9.3" - } - }, - { - "id": "cd33ef1d-d5b8-43aa-8ae1-2534f0b79759", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-04T17:53:11.078Z", - "version": "Wzc1MSwxXQ==", - "attributes": { - "title": "Notices - Notice Types by Source and Destination", - "visState": "{\"title\":\"Notices - Notice Types by Source and Destination\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":4,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Note\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"ip\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Source IP Address\",\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"ip\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Destination IP Address\",\"aggType\":\"terms\"},{\"accessor\":3,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Notice Category\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.category\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Notice Category\"}},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Notice Subcategory\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP Address\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP Address\"}}]}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":4,\"direction\":\"desc\"}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "8f003748-a6f8-4244-9d4e-e38e4a48da4c" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "559cf002-6086-4655-908e-d1f757cd58a9", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-04T17:53:11.078Z", - "version": "Wzc1MiwxXQ==", - "attributes": { - "title": "Notices - Destination Country", - "visState": "{\"title\":\"Notices - Destination Country\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Destination Country\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.geo.country_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Country\"}}]}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "8f003748-a6f8-4244-9d4e-e38e4a48da4c" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "5d805580-0c3e-11ec-af25-f10016947fe0", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-04T17:53:11.078Z", - "version": "Wzc1MywxXQ==", - "attributes": { - "title": "Notices - Source Country", - "visState": "{\"title\":\"Notices - Source Country\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.geo.country_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source Country\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Destination Country\",\"aggType\":\"terms\"}]}}}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "8f003748-a6f8-4244-9d4e-e38e4a48da4c" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - } - ] +{ + "version": "1.3.1", + "objects": [ + { + "id": "f1f09567-fc7f-450b-a341-19d2f2bb468b", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-04T17:53:11.078Z", + "version": "WzczOSwxXQ==", + "attributes": { + "title": "Zeek Notices", + "hits": 0, + "description": "", + "panelsJSON": "[{\"embeddableConfig\":{\"legendOpen\":false,\"vis\":{\"legendOpen\":true}},\"gridData\":{\"h\":11,\"i\":\"4\",\"w\":32,\"x\":16,\"y\":0},\"panelIndex\":\"4\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":30,\"i\":\"5\",\"w\":8,\"x\":0,\"y\":0},\"panelIndex\":\"5\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}},\"gridData\":{\"h\":19,\"i\":\"7\",\"w\":13,\"x\":0,\"y\":30},\"panelIndex\":\"7\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}},\"gridData\":{\"h\":19,\"i\":\"8\",\"w\":13,\"x\":13,\"y\":30},\"panelIndex\":\"8\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"11\",\"w\":17,\"x\":8,\"y\":11},\"panelIndex\":\"11\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}},\"gridData\":{\"h\":19,\"i\":\"12\",\"w\":24,\"x\":24,\"y\":68},\"panelIndex\":\"12\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}},\"gridData\":{\"h\":19,\"i\":\"13\",\"w\":24,\"x\":0,\"y\":68},\"panelIndex\":\"13\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"14\",\"w\":23,\"x\":25,\"y\":11},\"panelIndex\":\"14\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"asc\"}},\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}},\"gridData\":{\"h\":19,\"i\":\"15\",\"w\":24,\"x\":0,\"y\":49},\"panelIndex\":\"15\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_8\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":11,\"i\":\"16\",\"w\":8,\"x\":8,\"y\":0},\"panelIndex\":\"16\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_9\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":24,\"i\":\"17\",\"w\":48,\"x\":0,\"y\":87},\"panelIndex\":\"17\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_10\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"18\",\"w\":22,\"x\":26,\"y\":30},\"panelIndex\":\"18\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_11\"},{\"embeddableConfig\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"asc\"}},\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}},\"gridData\":{\"h\":19,\"i\":\"19\",\"w\":12,\"x\":36,\"y\":49},\"panelIndex\":\"19\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_12\"},{\"embeddableConfig\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"asc\"}},\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}},\"gridData\":{\"h\":19,\"i\":\"a26aabd1-b1ab-4c25-afa2-343d10b8c592\",\"w\":12,\"x\":24,\"y\":49},\"panelIndex\":\"a26aabd1-b1ab-4c25-afa2-343d10b8c592\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_13\"}]", + "optionsJSON": "{\"useMargins\":true}", + "version": 1, + "timeRestore": false, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"*\"},\"filter\":[]}" + } + }, + "references": [ + { + "name": "panel_0", + "type": "visualization", + "id": "0455b814-9b8e-4895-985d-c0d484bb025c" + }, + { + "name": "panel_1", + "type": "visualization", + "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3" + }, + { + "name": "panel_2", + "type": "visualization", + "id": "abb2c718-e1f5-4b59-9c3d-54082ee3a407" + }, + { + "name": "panel_3", + "type": "visualization", + "id": "af961658-7f3d-4f88-b35f-76d1b6f49002" + }, + { + "name": "panel_4", + "type": "visualization", + "id": "519823ff-ee5b-4051-9dd5-0467e595ab25" + }, + { + "name": "panel_5", + "type": "visualization", + "id": "8f4a6c67-6833-4c53-b874-4341df5f181d" + }, + { + "name": "panel_6", + "type": "visualization", + "id": "47adad3a-a0d2-46eb-a957-1886abd4472d" + }, + { + "name": "panel_7", + "type": "visualization", + "id": "8a911a83-3962-44b8-be39-b54532f51b46" + }, + { + "name": "panel_8", + "type": "visualization", + "id": "8da041f0-ea80-4841-aabc-ae32c40f20c5" + }, + { + "name": "panel_9", + "type": "visualization", + "id": "AWDG1uC-xQT5EBNmq3dP" + }, + { + "name": "panel_10", + "type": "search", + "id": "8f003748-a6f8-4244-9d4e-e38e4a48da4c" + }, + { + "name": "panel_11", + "type": "visualization", + "id": "cd33ef1d-d5b8-43aa-8ae1-2534f0b79759" + }, + { + "name": "panel_12", + "type": "visualization", + "id": "559cf002-6086-4655-908e-d1f757cd58a9" + }, + { + "name": "panel_13", + "type": "visualization", + "id": "5d805580-0c3e-11ec-af25-f10016947fe0" + } + ], + "migrationVersion": { + "dashboard": "7.9.3" + } + }, + { + "id": "0455b814-9b8e-4895-985d-c0d484bb025c", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-04T17:53:11.078Z", + "version": "Wzc0MCwxXQ==", + "attributes": { + "title": "Notices - Log Count Over Time", + "visState": "{\"title\":\"Notices - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"square root\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"stacked\",\"type\":\"histogram\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"type\":\"histogram\",\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"dimensions\":{\"x\":{\"accessor\":0,\"format\":{\"id\":\"date\",\"params\":{\"pattern\":\"HH:mm:ss\"}},\"params\":{\"date\":true,\"interval\":\"PT1S\",\"intervalESValue\":1,\"intervalESUnit\":\"s\",\"format\":\"HH:mm:ss\",\"bounds\":{\"min\":\"2017-04-16T17:22:12.510Z\",\"max\":\"2017-04-16T17:23:40.195Z\"}},\"label\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER per second\",\"aggType\":\"date_histogram\"},\"y\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"series\":[{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Notice Category\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER\",\"timeRange\":{\"from\":\"2017-04-16T17:22:12.510Z\",\"to\":\"2017-04-16T17:23:40.195Z\"},\"useNormalizedEsInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\" \"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"rule.category\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Notice Category\"}}]}", + "uiStateJSON": "{}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "8f003748-a6f8-4244-9d4e-e38e4a48da4c" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-04T17:53:15.100Z", + "version": "Wzc4NCwxXQ==", + "attributes": { + "title": "Network Logs", + "visState": "{\"title\":\"Network Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576) \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405) \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf) \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330) \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4) \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed) \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714) \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3) \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85) \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11) \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f) \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b) \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1) \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed) \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5) \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f) \\n[↪ NetBox](/netbox/) \\n[↪ Arkime](/arkime/) \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406) ● [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e) ● [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9) ● [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48) ● [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) ● [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3) ● [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673) ● [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24) ● [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105) ● [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6) ● [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37) ● [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586) ● [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0) ● [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c) ● [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970) ● [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0) ● [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26) ● [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa) ● [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773) ● [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f) ● [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab) ● [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238) ● [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3) ● [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd) ● [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d) ● [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88) ● [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2) ● [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194) ● [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad) ● [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3) ● [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4) ● [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194) ● [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7) ● [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8) ● [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4) ● [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194) ● [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194) ● [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4) ● [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}", + "uiStateJSON": "{}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}" + } + }, + "references": [], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "abb2c718-e1f5-4b59-9c3d-54082ee3a407", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-04T17:53:11.078Z", + "version": "Wzc0MiwxXQ==", + "attributes": { + "visState": "{\"title\":\"Notices - Source IP Addresses\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", + "description": "", + "title": "Notices - Source IP Addresses", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "type": "search", + "name": "search_0", + "id": "8f003748-a6f8-4244-9d4e-e38e4a48da4c" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "af961658-7f3d-4f88-b35f-76d1b6f49002", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-04T17:53:11.078Z", + "version": "Wzc0MywxXQ==", + "attributes": { + "visState": "{\"title\":\"Notices - Destination IP Addresses\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", + "description": "", + "title": "Notices - Destination IP Addresses", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "type": "search", + "name": "search_0", + "id": "8f003748-a6f8-4244-9d4e-e38e4a48da4c" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "519823ff-ee5b-4051-9dd5-0467e595ab25", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-04T17:53:11.078Z", + "version": "Wzc0NCwxXQ==", + "attributes": { + "title": "Notices - Notice Type", + "visState": "{\"title\":\"Notices - Notice Type\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Notice Category\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.category\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Notice Category\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.name\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Notice Subcategory\"}}]}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "8f003748-a6f8-4244-9d4e-e38e4a48da4c" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "8f4a6c67-6833-4c53-b874-4341df5f181d", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-04T17:53:11.078Z", + "version": "Wzc0NSwxXQ==", + "attributes": { + "visState": "{\"title\":\"Notices - File MIME Type\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.notice.file_mime_type\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"MIME Type\"}}],\"listeners\":{}}", + "description": "", + "title": "Notices - File MIME Type", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "type": "search", + "name": "search_0", + "id": "8f003748-a6f8-4244-9d4e-e38e4a48da4c" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "47adad3a-a0d2-46eb-a957-1886abd4472d", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-04T17:53:11.078Z", + "version": "Wzc0NiwxXQ==", + "attributes": { + "visState": "{\"title\":\"Notices - File Description\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.notice.file_desc\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Description\"}}],\"listeners\":{}}", + "description": "", + "title": "Notices - File Description", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "type": "search", + "name": "search_0", + "id": "8f003748-a6f8-4244-9d4e-e38e4a48da4c" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "8a911a83-3962-44b8-be39-b54532f51b46", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-04T17:53:11.078Z", + "version": "Wzc0NywxXQ==", + "attributes": { + "title": "Notice - Destination Port", + "visState": "{\"title\":\"Notice - Destination Port\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"Port\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"square root\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":false,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"type\":\"histogram\",\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"dimensions\":{\"x\":{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Port\",\"aggType\":\"terms\"},\"y\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Port\"}}]}", + "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "8f003748-a6f8-4244-9d4e-e38e4a48da4c" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "8da041f0-ea80-4841-aabc-ae32c40f20c5", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-04T17:53:11.078Z", + "version": "Wzc0OCwxXQ==", + "attributes": { + "title": "Notice - Message Details", + "visState": "{\"title\":\"Notice - Message Details\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":4,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":4,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Category\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Subcategory\",\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Message\",\"aggType\":\"terms\"},{\"accessor\":3,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Sub-Message\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.category\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Category\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.name\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Subcategory\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.notice.msg\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Message\"}}]}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "8f003748-a6f8-4244-9d4e-e38e4a48da4c" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "AWDG1uC-xQT5EBNmq3dP", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-04T17:53:11.078Z", + "version": "Wzc0OSwxXQ==", + "attributes": { + "title": "Notices - Log Count", + "visState": "{\"title\":\"Notices - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}", + "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "type": "search", + "name": "search_0", + "id": "8f003748-a6f8-4244-9d4e-e38e4a48da4c" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "8f003748-a6f8-4244-9d4e-e38e4a48da4c", + "type": "search", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-04T17:53:11.078Z", + "version": "Wzc1MCwxXQ==", + "attributes": { + "title": "Notices - Logs", + "description": "", + "hits": 0, + "columns": [ + "rule.category", + "rule.name", + "zeek.notice.msg", + "source.ip", + "destination.ip", + "event.id" + ], + "sort": [ + [ + "MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER", + "desc" + ] + ], + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"event.provider:zeek AND event.dataset:notice\",\"default_field\":\"*\"}}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" + } + }, + "references": [ + { + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern", + "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" + } + ], + "migrationVersion": { + "search": "7.9.3" + } + }, + { + "id": "cd33ef1d-d5b8-43aa-8ae1-2534f0b79759", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-04T17:53:11.078Z", + "version": "Wzc1MSwxXQ==", + "attributes": { + "title": "Notices - Notice Types by Source and Destination", + "visState": "{\"title\":\"Notices - Notice Types by Source and Destination\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":4,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Note\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"ip\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Source IP Address\",\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"ip\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Destination IP Address\",\"aggType\":\"terms\"},{\"accessor\":3,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Notice Category\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.category\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Notice Category\"}},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.name\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Notice Subcategory\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP Address\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP Address\"}}]}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":4,\"direction\":\"desc\"}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "8f003748-a6f8-4244-9d4e-e38e4a48da4c" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "559cf002-6086-4655-908e-d1f757cd58a9", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-04T17:53:11.078Z", + "version": "Wzc1MiwxXQ==", + "attributes": { + "title": "Notices - Destination Country", + "visState": "{\"title\":\"Notices - Destination Country\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Destination Country\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.geo.country_name\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Country\"}}]}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "8f003748-a6f8-4244-9d4e-e38e4a48da4c" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "5d805580-0c3e-11ec-af25-f10016947fe0", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-04T17:53:11.078Z", + "version": "Wzc1MywxXQ==", + "attributes": { + "title": "Notices - Source Country", + "visState": "{\"title\":\"Notices - Source Country\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.geo.country_name\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source Country\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Destination Country\",\"aggType\":\"terms\"}]}}}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "8f003748-a6f8-4244-9d4e-e38e4a48da4c" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + } + ] } \ No newline at end of file diff --git a/dashboards/dashboards/f77bf097-18a8-465c-b634-eb2acc7a4f26.json b/dashboards/dashboards/f77bf097-18a8-465c-b634-eb2acc7a4f26.json index e97f57f71..4b2410e27 100644 --- a/dashboards/dashboards/f77bf097-18a8-465c-b634-eb2acc7a4f26.json +++ b/dashboards/dashboards/f77bf097-18a8-465c-b634-eb2acc7a4f26.json @@ -214,7 +214,7 @@ "updated_at": "2021-02-10T21:25:08.611Z", "version": "Wzg2MiwxXQ==", "attributes": { - "visState": "{\"title\":\"RFB - Desktop Name\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.rfb.desktop_name\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Desktop Name\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"RFB - Desktop Name\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.rfb.desktop_name\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Desktop Name\"}}],\"listeners\":{}}", "description": "", "title": "RFB - Desktop Name", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -244,7 +244,7 @@ "updated_at": "2021-02-10T21:25:08.611Z", "version": "Wzg2MywxXQ==", "attributes": { - "visState": "{\"title\":\"RFB - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"RFB - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", "description": "", "title": "RFB - Source IP Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -274,7 +274,7 @@ "updated_at": "2021-02-10T21:25:08.611Z", "version": "Wzg2NCwxXQ==", "attributes": { - "visState": "{\"title\":\"RFB - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"RFB - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", "description": "", "title": "RFB - Destination IP Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -304,7 +304,7 @@ "updated_at": "2021-02-10T21:25:08.611Z", "version": "Wzg2NSwxXQ==", "attributes": { - "visState": "{\"title\":\"RFB - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"RFB - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}", "description": "", "title": "RFB - Destination Port", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -334,7 +334,7 @@ "updated_at": "2021-02-10T21:25:08.611Z", "version": "Wzg2NiwxXQ==", "attributes": { - "visState": "{\"title\":\"RFB - Server Version\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.rfb.server_major_version\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Major Version\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.rfb.server_minor_version\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Minor Version\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"RFB - Server Version\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.rfb.server_major_version\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Major Version\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.rfb.server_minor_version\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Minor Version\"}}],\"listeners\":{}}", "description": "", "title": "RFB - Server Version", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -364,7 +364,7 @@ "updated_at": "2021-02-10T21:25:08.611Z", "version": "Wzg2NywxXQ==", "attributes": { - "visState": "{\"title\":\"RFB - Client Version\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.rfb.client_major_version\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Major Version\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.rfb.client_minor_version\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Minor Version\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"RFB - Client Version\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.rfb.client_major_version\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Major Version\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.rfb.client_minor_version\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Minor Version\"}}],\"listeners\":{}}", "description": "", "title": "RFB - Client Version", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", diff --git a/dashboards/dashboards/fa141950-ef89-11e9-b38a-2db3ee640e88.json b/dashboards/dashboards/fa141950-ef89-11e9-b38a-2db3ee640e88.json index 6521f41dc..409029f77 100644 --- a/dashboards/dashboards/fa141950-ef89-11e9-b38a-2db3ee640e88.json +++ b/dashboards/dashboards/fa141950-ef89-11e9-b38a-2db3ee640e88.json @@ -232,7 +232,7 @@ "version": "Wzg3NywxXQ==", "attributes": { "title": "Tabular Data Stream - SQL Source IP", - "visState": "{\"title\":\"Tabular Data Stream - SQL Source IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"size\":200,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"}}]}", + "visState": "{\"title\":\"Tabular Data Stream - SQL Source IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, @@ -262,7 +262,7 @@ "version": "Wzg3OCwxXQ==", "attributes": { "title": "Tabular Data Stream - SQL Destination IP", - "visState": "{\"title\":\"Tabular Data Stream - SQL Destination IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"size\":200,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Port\"}}]}", + "visState": "{\"title\":\"Tabular Data Stream - SQL Destination IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Port\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -292,7 +292,7 @@ "version": "Wzg3OSwxXQ==", "attributes": { "title": "Tabular Data Stream - SQL Query", - "visState": "{\"title\":\"Tabular Data Stream - SQL Query\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.tds_sql_batch.query\",\"size\":200,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Query\"}}]}", + "visState": "{\"title\":\"Tabular Data Stream - SQL Query\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.tds_sql_batch.query\",,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Query\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/fa477130-2b8a-11ec-a9f2-3911c8571bfd.json b/dashboards/dashboards/fa477130-2b8a-11ec-a9f2-3911c8571bfd.json index bb04c03aa..b4ac10a83 100644 --- a/dashboards/dashboards/fa477130-2b8a-11ec-a9f2-3911c8571bfd.json +++ b/dashboards/dashboards/fa477130-2b8a-11ec-a9f2-3911c8571bfd.json @@ -1,544 +1,544 @@ -{ - "version": "7.10.2", - "objects": [ - { - "id": "fa477130-2b8a-11ec-a9f2-3911c8571bfd", - "type": "dashboard", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-14T16:32:23.695Z", - "version": "WzEwOTIsMV0=", - "attributes": { - "title": "STUN", - "hits": 0, - "description": "", - "panelsJSON": "[{\"embeddableConfig\":{},\"gridData\":{\"h\":32,\"i\":\"2\",\"w\":8,\"x\":0,\"y\":0},\"panelIndex\":\"2\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":15,\"i\":\"7ed1fdac-1ea6-4012-b9b4-468c5f3e9d58\",\"w\":7,\"x\":8,\"y\":0},\"panelIndex\":\"7ed1fdac-1ea6-4012-b9b4-468c5f3e9d58\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":15,\"i\":\"76a1cc35-d46b-46e3-98de-a9ed7d65b3cf\",\"w\":33,\"x\":15,\"y\":0},\"panelIndex\":\"76a1cc35-d46b-46e3-98de-a9ed7d65b3cf\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":36,\"i\":\"5aeadd77-ebbe-4f41-b7f7-43a84e50fb5e\",\"w\":19,\"x\":8,\"y\":15},\"panelIndex\":\"5aeadd77-ebbe-4f41-b7f7-43a84e50fb5e\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":18,\"i\":\"6d1e4227-cdf8-4849-b6d3-bd3955508fcd\",\"w\":21,\"x\":27,\"y\":15},\"panelIndex\":\"6d1e4227-cdf8-4849-b6d3-bd3955508fcd\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{\"vis\":{\"legendOpen\":true}},\"gridData\":{\"h\":19,\"i\":\"08ac7884-ca98-4fb0-967a-4d1336c1e776\",\"w\":8,\"x\":0,\"y\":32},\"panelIndex\":\"08ac7884-ca98-4fb0-967a-4d1336c1e776\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":18,\"i\":\"fc97c774-444a-4669-9dd5-69d833cf9fb2\",\"w\":21,\"x\":27,\"y\":33},\"panelIndex\":\"fc97c774-444a-4669-9dd5-69d833cf9fb2\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":18,\"i\":\"b517bd06-887a-4e31-8cca-22866362b5ab\",\"w\":11,\"x\":0,\"y\":51},\"panelIndex\":\"b517bd06-887a-4e31-8cca-22866362b5ab\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":18,\"i\":\"2ee9ca1e-8995-498b-afce-ea156e5e3f22\",\"w\":14,\"x\":11,\"y\":51},\"panelIndex\":\"2ee9ca1e-8995-498b-afce-ea156e5e3f22\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_8\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":18,\"i\":\"0b82b3c0-7bb6-4405-a1e3-c9ca2d879abb\",\"w\":11,\"x\":25,\"y\":51},\"panelIndex\":\"0b82b3c0-7bb6-4405-a1e3-c9ca2d879abb\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_9\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":18,\"i\":\"811a8c5e-bc09-495e-afea-06766e23d1a6\",\"w\":12,\"x\":36,\"y\":51},\"panelIndex\":\"811a8c5e-bc09-495e-afea-06766e23d1a6\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_10\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":30,\"i\":\"ae863ed6-ee8a-4db3-86d7-63a7e2c1ee19\",\"w\":48,\"x\":0,\"y\":69},\"panelIndex\":\"ae863ed6-ee8a-4db3-86d7-63a7e2c1ee19\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_11\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":30,\"i\":\"c67fbc68-2531-4b22-8f8f-2858c689ff58\",\"w\":48,\"x\":0,\"y\":99},\"panelIndex\":\"c67fbc68-2531-4b22-8f8f-2858c689ff58\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_12\"}]", - "optionsJSON": "{\"useMargins\":true}", - "version": 1, - "timeRestore": false, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"*\"},\"filter\":[]}" - } - }, - "references": [ - { - "name": "panel_0", - "type": "visualization", - "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3" - }, - { - "name": "panel_1", - "type": "visualization", - "id": "e3b16680-2b8d-11ec-a9f2-3911c8571bfd" - }, - { - "name": "panel_2", - "type": "visualization", - "id": "e0750ac0-2b8e-11ec-a9f2-3911c8571bfd" - }, - { - "name": "panel_3", - "type": "visualization", - "id": "f6f2aea0-2b8f-11ec-a9f2-3911c8571bfd" - }, - { - "name": "panel_4", - "type": "visualization", - "id": "c8949b30-2b90-11ec-a9f2-3911c8571bfd" - }, - { - "name": "panel_5", - "type": "visualization", - "id": "71f0aa60-2b92-11ec-a9f2-3911c8571bfd" - }, - { - "name": "panel_6", - "type": "visualization", - "id": "8a4e1a60-2d0a-11ec-9d3b-819bc1f965f7" - }, - { - "name": "panel_7", - "type": "visualization", - "id": "21ac3930-2b91-11ec-a9f2-3911c8571bfd" - }, - { - "name": "panel_8", - "type": "visualization", - "id": "461f9550-2b91-11ec-a9f2-3911c8571bfd" - }, - { - "name": "panel_9", - "type": "visualization", - "id": "05884900-2b92-11ec-a9f2-3911c8571bfd" - }, - { - "name": "panel_10", - "type": "visualization", - "id": "c9b976b0-2b91-11ec-a9f2-3911c8571bfd" - }, - { - "name": "panel_11", - "type": "search", - "id": "fd1b8350-2b8b-11ec-a9f2-3911c8571bfd" - }, - { - "name": "panel_12", - "type": "search", - "id": "642a43b0-2b8c-11ec-a9f2-3911c8571bfd" - } - ], - "migrationVersion": { - "dashboard": "7.9.3" - } - }, - { - "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-14T15:55:12.655Z", - "version": "WzkzNywxXQ==", - "attributes": { - "title": "Network Logs", - "visState": "{\"title\":\"Network Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576) \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405) \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf) \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330) \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4) \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed) \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714) \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3) \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85) \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11) \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f) \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b) \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1) \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed) \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5) \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f) \\n[↪ NetBox](/netbox/) \\n[↪ Arkime](/arkime/) \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406) ● [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e) ● [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9) ● [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48) ● [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) ● [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3) ● [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673) ● [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24) ● [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105) ● [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6) ● [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37) ● [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586) ● [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0) ● [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c) ● [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970) ● [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0) ● [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26) ● [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa) ● [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773) ● [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f) ● [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab) ● [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238) ● [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3) ● [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd) ● [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d) ● [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88) ● [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2) ● [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194) ● [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad) ● [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3) ● [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4) ● [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194) ● [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7) ● [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8) ● [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4) ● [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194) ● [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194) ● [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4) ● [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}", - "uiStateJSON": "{}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}" - } - }, - "references": [], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "e3b16680-2b8d-11ec-a9f2-3911c8571bfd", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-14T15:55:12.655Z", - "version": "WzkzOCwxXQ==", - "attributes": { - "title": "STUN - Log Count", - "visState": "{\"title\":\"STUN - Log Count\",\"type\":\"metric\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.dataset\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Log Type\"},\"schema\":\"group\"}],\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}}}}", - "uiStateJSON": "{}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"event.dataset:stun*\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "c97bc964-5319-41e7-ad22-db28156a2ac1" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "e0750ac0-2b8e-11ec-a9f2-3911c8571bfd", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-14T15:55:12.655Z", - "version": "WzkzOSwxXQ==", - "attributes": { - "title": "STUN - Log Count Over Time", - "visState": "{\"title\":\"STUN - Log Count Over Time\",\"type\":\"histogram\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"params\":{\"field\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER\",\"timeRange\":{\"from\":\"2021-02-26T20:25:47.478Z\",\"to\":\"2021-03-02T15:19:14.457Z\"},\"useNormalizedEsInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\" \"},\"schema\":\"segment\"}],\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"showCircles\":true,\"interpolate\":\"linear\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}", - "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "fd1b8350-2b8b-11ec-a9f2-3911c8571bfd" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "f6f2aea0-2b8f-11ec-a9f2-3911c8571bfd", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-14T15:55:12.655Z", - "version": "Wzk0MCwxXQ==", - "attributes": { - "title": "STUN - Attribute Type", - "visState": "{\"title\":\"STUN - Attribute Type\",\"type\":\"horizontal_bar\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.stun.attr_type\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Attribute Type\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"square root\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}", - "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "fd1b8350-2b8b-11ec-a9f2-3911c8571bfd" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "c8949b30-2b90-11ec-a9f2-3911c8571bfd", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-14T15:55:12.655Z", - "version": "Wzk0MiwxXQ==", - "attributes": { - "title": "STUN - Method and Class", - "visState": "{\"title\":\"STUN - Method and Class\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.stun.method\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Method\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.stun.attr_type\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Attribute Type\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.stun.class\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Class\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "fd1b8350-2b8b-11ec-a9f2-3911c8571bfd" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "71f0aa60-2b92-11ec-a9f2-3911c8571bfd", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-14T16:26:16.939Z", - "version": "WzEwMzYsMV0=", - "attributes": { - "title": "STUN - Class", - "visState": "{\"title\":\"STUN - Class\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.stun.class\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"STUN Class\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}", - "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "fd1b8350-2b8b-11ec-a9f2-3911c8571bfd" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "8a4e1a60-2d0a-11ec-9d3b-819bc1f965f7", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-14T16:19:43.459Z", - "version": "WzEwMTAsMV0=", - "attributes": { - "title": "STUN - Action and Result", - "visState": "{\"title\":\"STUN - Action and Result\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Action\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.result\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Result\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "fd1b8350-2b8b-11ec-a9f2-3911c8571bfd" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "21ac3930-2b91-11ec-a9f2-3911c8571bfd", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-14T15:55:12.655Z", - "version": "Wzk0MywxXQ==", - "attributes": { - "title": "STUN - Source IP", - "visState": "{\"title\":\"STUN - Source IP\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "fd1b8350-2b8b-11ec-a9f2-3911c8571bfd" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "461f9550-2b91-11ec-a9f2-3911c8571bfd", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-14T15:55:12.655Z", - "version": "Wzk0NCwxXQ==", - "attributes": { - "title": "STUN - Destination IP", - "visState": "{\"title\":\"STUN - Destination IP\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Port\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "fd1b8350-2b8b-11ec-a9f2-3911c8571bfd" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "05884900-2b92-11ec-a9f2-3911c8571bfd", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-14T15:55:12.655Z", - "version": "Wzk0NiwxXQ==", - "attributes": { - "title": "STUN - LAN", - "visState": "{\"title\":\"STUN - LAN\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.stun_nat.lan_addr\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"LAN Address\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "642a43b0-2b8c-11ec-a9f2-3911c8571bfd" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "c9b976b0-2b91-11ec-a9f2-3911c8571bfd", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-14T15:55:12.655Z", - "version": "Wzk0NSwxXQ==", - "attributes": { - "title": "STUN - WAN", - "visState": "{\"title\":\"STUN - WAN\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.stun_nat.wan_addr\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"WAN Address\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.stun_nat.wan_port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"WAN Port\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "642a43b0-2b8c-11ec-a9f2-3911c8571bfd" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "fd1b8350-2b8b-11ec-a9f2-3911c8571bfd", - "type": "search", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-14T15:55:12.655Z", - "version": "Wzk0NywxXQ==", - "attributes": { - "title": "STUN - Logs", - "description": "", - "hits": 0, - "columns": [ - "source.ip", - "source.port", - "destination.ip", - "destination.port", - "network.is_orig", - "zeek.stun.method", - "zeek.stun.class", - "zeek.stun.attr_type", - "event.id" - ], - "sort": [], - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"query\":{\"query\":\"event.dataset:stun\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" - } - }, - "references": [ - { - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern", - "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" - } - ], - "migrationVersion": { - "search": "7.9.3" - } - }, - { - "id": "642a43b0-2b8c-11ec-a9f2-3911c8571bfd", - "type": "search", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-14T15:55:12.655Z", - "version": "Wzk0OCwxXQ==", - "attributes": { - "title": "STUN NAT - Logs", - "description": "", - "hits": 0, - "columns": [ - "source.ip", - "source.port", - "destination.ip", - "destination.port", - "network.is_orig", - "zeek.stun_nat.wan_addr", - "zeek.stun_nat.wan_port", - "zeek.stun_nat.lan_addr", - "event.id" - ], - "sort": [], - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"query\":{\"query\":\"event.dataset:stun_nat\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" - } - }, - "references": [ - { - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern", - "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" - } - ], - "migrationVersion": { - "search": "7.9.3" - } - }, - { - "id": "c97bc964-5319-41e7-ad22-db28156a2ac1", - "type": "search", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-14T15:55:12.655Z", - "version": "Wzk0OSwxXQ==", - "attributes": { - "title": "All Logs", - "description": "", - "hits": 0, - "columns": [ - "event.provider", - "event.dataset", - "network.protocol", - "event.action", - "event.result", - "source.ip", - "destination.ip", - "destination.port", - "event.id" - ], - "sort": [ - [ - "MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER", - "desc" - ] - ], - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"filter\":[],\"query\":{\"query\":\"NOT event.provider:arkime\",\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" - } - }, - "references": [ - { - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern", - "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" - } - ], - "migrationVersion": { - "search": "7.9.3" - } - } - ] +{ + "version": "7.10.2", + "objects": [ + { + "id": "fa477130-2b8a-11ec-a9f2-3911c8571bfd", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-14T16:32:23.695Z", + "version": "WzEwOTIsMV0=", + "attributes": { + "title": "STUN", + "hits": 0, + "description": "", + "panelsJSON": "[{\"embeddableConfig\":{},\"gridData\":{\"h\":32,\"i\":\"2\",\"w\":8,\"x\":0,\"y\":0},\"panelIndex\":\"2\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":15,\"i\":\"7ed1fdac-1ea6-4012-b9b4-468c5f3e9d58\",\"w\":7,\"x\":8,\"y\":0},\"panelIndex\":\"7ed1fdac-1ea6-4012-b9b4-468c5f3e9d58\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":15,\"i\":\"76a1cc35-d46b-46e3-98de-a9ed7d65b3cf\",\"w\":33,\"x\":15,\"y\":0},\"panelIndex\":\"76a1cc35-d46b-46e3-98de-a9ed7d65b3cf\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":36,\"i\":\"5aeadd77-ebbe-4f41-b7f7-43a84e50fb5e\",\"w\":19,\"x\":8,\"y\":15},\"panelIndex\":\"5aeadd77-ebbe-4f41-b7f7-43a84e50fb5e\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":18,\"i\":\"6d1e4227-cdf8-4849-b6d3-bd3955508fcd\",\"w\":21,\"x\":27,\"y\":15},\"panelIndex\":\"6d1e4227-cdf8-4849-b6d3-bd3955508fcd\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{\"vis\":{\"legendOpen\":true}},\"gridData\":{\"h\":19,\"i\":\"08ac7884-ca98-4fb0-967a-4d1336c1e776\",\"w\":8,\"x\":0,\"y\":32},\"panelIndex\":\"08ac7884-ca98-4fb0-967a-4d1336c1e776\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":18,\"i\":\"fc97c774-444a-4669-9dd5-69d833cf9fb2\",\"w\":21,\"x\":27,\"y\":33},\"panelIndex\":\"fc97c774-444a-4669-9dd5-69d833cf9fb2\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":18,\"i\":\"b517bd06-887a-4e31-8cca-22866362b5ab\",\"w\":11,\"x\":0,\"y\":51},\"panelIndex\":\"b517bd06-887a-4e31-8cca-22866362b5ab\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":18,\"i\":\"2ee9ca1e-8995-498b-afce-ea156e5e3f22\",\"w\":14,\"x\":11,\"y\":51},\"panelIndex\":\"2ee9ca1e-8995-498b-afce-ea156e5e3f22\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_8\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":18,\"i\":\"0b82b3c0-7bb6-4405-a1e3-c9ca2d879abb\",\"w\":11,\"x\":25,\"y\":51},\"panelIndex\":\"0b82b3c0-7bb6-4405-a1e3-c9ca2d879abb\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_9\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":18,\"i\":\"811a8c5e-bc09-495e-afea-06766e23d1a6\",\"w\":12,\"x\":36,\"y\":51},\"panelIndex\":\"811a8c5e-bc09-495e-afea-06766e23d1a6\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_10\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":30,\"i\":\"ae863ed6-ee8a-4db3-86d7-63a7e2c1ee19\",\"w\":48,\"x\":0,\"y\":69},\"panelIndex\":\"ae863ed6-ee8a-4db3-86d7-63a7e2c1ee19\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_11\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":30,\"i\":\"c67fbc68-2531-4b22-8f8f-2858c689ff58\",\"w\":48,\"x\":0,\"y\":99},\"panelIndex\":\"c67fbc68-2531-4b22-8f8f-2858c689ff58\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_12\"}]", + "optionsJSON": "{\"useMargins\":true}", + "version": 1, + "timeRestore": false, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"*\"},\"filter\":[]}" + } + }, + "references": [ + { + "name": "panel_0", + "type": "visualization", + "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3" + }, + { + "name": "panel_1", + "type": "visualization", + "id": "e3b16680-2b8d-11ec-a9f2-3911c8571bfd" + }, + { + "name": "panel_2", + "type": "visualization", + "id": "e0750ac0-2b8e-11ec-a9f2-3911c8571bfd" + }, + { + "name": "panel_3", + "type": "visualization", + "id": "f6f2aea0-2b8f-11ec-a9f2-3911c8571bfd" + }, + { + "name": "panel_4", + "type": "visualization", + "id": "c8949b30-2b90-11ec-a9f2-3911c8571bfd" + }, + { + "name": "panel_5", + "type": "visualization", + "id": "71f0aa60-2b92-11ec-a9f2-3911c8571bfd" + }, + { + "name": "panel_6", + "type": "visualization", + "id": "8a4e1a60-2d0a-11ec-9d3b-819bc1f965f7" + }, + { + "name": "panel_7", + "type": "visualization", + "id": "21ac3930-2b91-11ec-a9f2-3911c8571bfd" + }, + { + "name": "panel_8", + "type": "visualization", + "id": "461f9550-2b91-11ec-a9f2-3911c8571bfd" + }, + { + "name": "panel_9", + "type": "visualization", + "id": "05884900-2b92-11ec-a9f2-3911c8571bfd" + }, + { + "name": "panel_10", + "type": "visualization", + "id": "c9b976b0-2b91-11ec-a9f2-3911c8571bfd" + }, + { + "name": "panel_11", + "type": "search", + "id": "fd1b8350-2b8b-11ec-a9f2-3911c8571bfd" + }, + { + "name": "panel_12", + "type": "search", + "id": "642a43b0-2b8c-11ec-a9f2-3911c8571bfd" + } + ], + "migrationVersion": { + "dashboard": "7.9.3" + } + }, + { + "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-14T15:55:12.655Z", + "version": "WzkzNywxXQ==", + "attributes": { + "title": "Network Logs", + "visState": "{\"title\":\"Network Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576) \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405) \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf) \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330) \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4) \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed) \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714) \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3) \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85) \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11) \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f) \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b) \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1) \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed) \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5) \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f) \\n[↪ NetBox](/netbox/) \\n[↪ Arkime](/arkime/) \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406) ● [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e) ● [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9) ● [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48) ● [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) ● [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3) ● [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673) ● [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24) ● [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105) ● [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6) ● [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37) ● [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586) ● [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0) ● [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c) ● [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970) ● [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0) ● [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26) ● [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa) ● [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773) ● [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f) ● [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab) ● [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238) ● [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3) ● [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd) ● [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d) ● [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88) ● [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2) ● [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194) ● [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad) ● [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3) ● [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4) ● [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194) ● [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7) ● [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8) ● [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4) ● [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194) ● [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194) ● [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4) ● [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}", + "uiStateJSON": "{}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}" + } + }, + "references": [], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "e3b16680-2b8d-11ec-a9f2-3911c8571bfd", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-14T15:55:12.655Z", + "version": "WzkzOCwxXQ==", + "attributes": { + "title": "STUN - Log Count", + "visState": "{\"title\":\"STUN - Log Count\",\"type\":\"metric\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.dataset\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Log Type\"},\"schema\":\"group\"}],\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}}}}", + "uiStateJSON": "{}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"event.dataset:stun*\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "c97bc964-5319-41e7-ad22-db28156a2ac1" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "e0750ac0-2b8e-11ec-a9f2-3911c8571bfd", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-14T15:55:12.655Z", + "version": "WzkzOSwxXQ==", + "attributes": { + "title": "STUN - Log Count Over Time", + "visState": "{\"title\":\"STUN - Log Count Over Time\",\"type\":\"histogram\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"params\":{\"field\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER\",\"timeRange\":{\"from\":\"2021-02-26T20:25:47.478Z\",\"to\":\"2021-03-02T15:19:14.457Z\"},\"useNormalizedEsInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\" \"},\"schema\":\"segment\"}],\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"showCircles\":true,\"interpolate\":\"linear\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}", + "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "fd1b8350-2b8b-11ec-a9f2-3911c8571bfd" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "f6f2aea0-2b8f-11ec-a9f2-3911c8571bfd", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-14T15:55:12.655Z", + "version": "Wzk0MCwxXQ==", + "attributes": { + "title": "STUN - Attribute Type", + "visState": "{\"title\":\"STUN - Attribute Type\",\"type\":\"horizontal_bar\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.stun.attr_type\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Attribute Type\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"square root\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}", + "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "fd1b8350-2b8b-11ec-a9f2-3911c8571bfd" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "c8949b30-2b90-11ec-a9f2-3911c8571bfd", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-14T15:55:12.655Z", + "version": "Wzk0MiwxXQ==", + "attributes": { + "title": "STUN - Method and Class", + "visState": "{\"title\":\"STUN - Method and Class\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.stun.method\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Method\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.stun.attr_type\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Attribute Type\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.stun.class\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Class\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "fd1b8350-2b8b-11ec-a9f2-3911c8571bfd" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "71f0aa60-2b92-11ec-a9f2-3911c8571bfd", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-14T16:26:16.939Z", + "version": "WzEwMzYsMV0=", + "attributes": { + "title": "STUN - Class", + "visState": "{\"title\":\"STUN - Class\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.stun.class\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"STUN Class\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}", + "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "fd1b8350-2b8b-11ec-a9f2-3911c8571bfd" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "8a4e1a60-2d0a-11ec-9d3b-819bc1f965f7", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-14T16:19:43.459Z", + "version": "WzEwMTAsMV0=", + "attributes": { + "title": "STUN - Action and Result", + "visState": "{\"title\":\"STUN - Action and Result\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Action\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.result\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Result\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "fd1b8350-2b8b-11ec-a9f2-3911c8571bfd" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "21ac3930-2b91-11ec-a9f2-3911c8571bfd", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-14T15:55:12.655Z", + "version": "Wzk0MywxXQ==", + "attributes": { + "title": "STUN - Source IP", + "visState": "{\"title\":\"STUN - Source IP\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "fd1b8350-2b8b-11ec-a9f2-3911c8571bfd" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "461f9550-2b91-11ec-a9f2-3911c8571bfd", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-14T15:55:12.655Z", + "version": "Wzk0NCwxXQ==", + "attributes": { + "title": "STUN - Destination IP", + "visState": "{\"title\":\"STUN - Destination IP\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Port\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "fd1b8350-2b8b-11ec-a9f2-3911c8571bfd" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "05884900-2b92-11ec-a9f2-3911c8571bfd", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-14T15:55:12.655Z", + "version": "Wzk0NiwxXQ==", + "attributes": { + "title": "STUN - LAN", + "visState": "{\"title\":\"STUN - LAN\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.stun_nat.lan_addr\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"LAN Address\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "642a43b0-2b8c-11ec-a9f2-3911c8571bfd" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "c9b976b0-2b91-11ec-a9f2-3911c8571bfd", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-14T15:55:12.655Z", + "version": "Wzk0NSwxXQ==", + "attributes": { + "title": "STUN - WAN", + "visState": "{\"title\":\"STUN - WAN\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.stun_nat.wan_addr\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"WAN Address\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.stun_nat.wan_port\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"WAN Port\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "642a43b0-2b8c-11ec-a9f2-3911c8571bfd" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "fd1b8350-2b8b-11ec-a9f2-3911c8571bfd", + "type": "search", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-14T15:55:12.655Z", + "version": "Wzk0NywxXQ==", + "attributes": { + "title": "STUN - Logs", + "description": "", + "hits": 0, + "columns": [ + "source.ip", + "source.port", + "destination.ip", + "destination.port", + "network.is_orig", + "zeek.stun.method", + "zeek.stun.class", + "zeek.stun.attr_type", + "event.id" + ], + "sort": [], + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"query\":{\"query\":\"event.dataset:stun\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" + } + }, + "references": [ + { + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern", + "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" + } + ], + "migrationVersion": { + "search": "7.9.3" + } + }, + { + "id": "642a43b0-2b8c-11ec-a9f2-3911c8571bfd", + "type": "search", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-14T15:55:12.655Z", + "version": "Wzk0OCwxXQ==", + "attributes": { + "title": "STUN NAT - Logs", + "description": "", + "hits": 0, + "columns": [ + "source.ip", + "source.port", + "destination.ip", + "destination.port", + "network.is_orig", + "zeek.stun_nat.wan_addr", + "zeek.stun_nat.wan_port", + "zeek.stun_nat.lan_addr", + "event.id" + ], + "sort": [], + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"query\":{\"query\":\"event.dataset:stun_nat\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" + } + }, + "references": [ + { + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern", + "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" + } + ], + "migrationVersion": { + "search": "7.9.3" + } + }, + { + "id": "c97bc964-5319-41e7-ad22-db28156a2ac1", + "type": "search", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-14T15:55:12.655Z", + "version": "Wzk0OSwxXQ==", + "attributes": { + "title": "All Logs", + "description": "", + "hits": 0, + "columns": [ + "event.provider", + "event.dataset", + "network.protocol", + "event.action", + "event.result", + "source.ip", + "destination.ip", + "destination.port", + "event.id" + ], + "sort": [ + [ + "MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER", + "desc" + ] + ], + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"filter\":[],\"query\":{\"query\":\"NOT event.provider:arkime\",\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" + } + }, + "references": [ + { + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern", + "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" + } + ], + "migrationVersion": { + "search": "7.9.3" + } + } + ] } \ No newline at end of file From c441b7fdd1e5324a69f341724417a40d0f6f4328 Mon Sep 17 00:00:00 2001 From: Seth Grover Date: Tue, 19 Mar 2024 11:52:54 -0600 Subject: [PATCH 42/79] change default for suricatal log rotation to 1h (from 5 minutes), idaholab/Malcolm#445 --- shared/bin/suricata_config_populate.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/shared/bin/suricata_config_populate.py b/shared/bin/suricata_config_populate.py index a0f42d761..eee17b65c 100755 --- a/shared/bin/suricata_config_populate.py +++ b/shared/bin/suricata_config_populate.py @@ -101,7 +101,7 @@ def __call__(self, repr, data): 'ENIP_EVE_ENABLED': False, 'ENIP_PORTS': 44818, 'EVE_FILENAME_PATTERN': 'eve-%Y%m%d_%H%M%S.json', - 'EVE_ROTATE_INTERVAL': '300s', + 'EVE_ROTATE_INTERVAL': '1h', 'EVE_THREADED': False, 'EXTERNAL_NET': '!$HOME_NET', 'FILE_DATA_PORTS': "[$HTTP_PORTS,110,143]", From 20fdc989600a38439bf441c739b113296111e607 Mon Sep 17 00:00:00 2001 From: Seth Grover Date: Tue, 19 Mar 2024 11:56:28 -0600 Subject: [PATCH 43/79] don't trigger all workflows for suricata scripts --- .github/workflows/api-build-and-push-ghcr.yml | 1 + .github/workflows/arkime-build-and-push-ghcr.yml | 1 + .github/workflows/dashboards-build-and-push-ghcr.yml | 1 + .github/workflows/dashboards-helper-build-and-push-ghcr.yml | 1 + .github/workflows/file-monitor-build-and-push-ghcr.yml | 1 + .github/workflows/file-upload-build-and-push-ghcr.yml | 1 + .github/workflows/filebeat-build-and-push-ghcr.yml | 1 + .github/workflows/freq-build-and-push-ghcr.yml | 1 + .github/workflows/htadmin-build-and-push-ghcr.yml | 1 + .github/workflows/logstash-build-and-push-ghcr.yml | 1 + .github/workflows/malcolm-iso-build-docker-wrap-push-ghcr.yml | 1 + .github/workflows/netbox-build-and-push-ghcr.yml | 1 + .github/workflows/nginx-build-and-push-ghcr.yml | 1 + .github/workflows/opensearch-build-and-push-ghcr.yml | 1 + .github/workflows/pcap-capture-build-and-push-ghcr.yml | 1 + .github/workflows/pcap-monitor-build-and-push-ghcr.yml | 1 + .github/workflows/postgresql-build-and-push-ghcr.yml | 1 + .github/workflows/redis-build-and-push-ghcr.yml | 1 + .github/workflows/zeek-build-and-push-ghcr.yml | 1 + 19 files changed, 19 insertions(+) diff --git a/.github/workflows/api-build-and-push-ghcr.yml b/.github/workflows/api-build-and-push-ghcr.yml index 2b0113e20..1918a6c05 100644 --- a/.github/workflows/api-build-and-push-ghcr.yml +++ b/.github/workflows/api-build-and-push-ghcr.yml @@ -15,6 +15,7 @@ on: - '!shared/bin/preseed_late_user_config.sh' - '!shared/bin/configure-interfaces.py' - '!shared/bin/configure-capture.py' + - '!shared/bin/suricata*' - '!shared/bin/zeek*' - '.trigger_workflow_build' workflow_dispatch: diff --git a/.github/workflows/arkime-build-and-push-ghcr.yml b/.github/workflows/arkime-build-and-push-ghcr.yml index c8d174d16..cb0be9fcc 100644 --- a/.github/workflows/arkime-build-and-push-ghcr.yml +++ b/.github/workflows/arkime-build-and-push-ghcr.yml @@ -15,6 +15,7 @@ on: - '!shared/bin/preseed_late_user_config.sh' - '!shared/bin/configure-interfaces.py' - '!shared/bin/configure-capture.py' + - '!shared/bin/suricata*' - '!shared/bin/zeek*' - '.trigger_workflow_build' workflow_dispatch: diff --git a/.github/workflows/dashboards-build-and-push-ghcr.yml b/.github/workflows/dashboards-build-and-push-ghcr.yml index f9f1e39a6..11e3d3d52 100644 --- a/.github/workflows/dashboards-build-and-push-ghcr.yml +++ b/.github/workflows/dashboards-build-and-push-ghcr.yml @@ -15,6 +15,7 @@ on: - '!shared/bin/preseed_late_user_config.sh' - '!shared/bin/configure-interfaces.py' - '!shared/bin/configure-capture.py' + - '!shared/bin/suricata*' - '!shared/bin/zeek*' - '.trigger_workflow_build' workflow_dispatch: diff --git a/.github/workflows/dashboards-helper-build-and-push-ghcr.yml b/.github/workflows/dashboards-helper-build-and-push-ghcr.yml index 4ca3c2d8a..b23682e8e 100644 --- a/.github/workflows/dashboards-helper-build-and-push-ghcr.yml +++ b/.github/workflows/dashboards-helper-build-and-push-ghcr.yml @@ -15,6 +15,7 @@ on: - '!shared/bin/preseed_late_user_config.sh' - '!shared/bin/configure-interfaces.py' - '!shared/bin/configure-capture.py' + - '!shared/bin/suricata*' - '!shared/bin/zeek*' - '.trigger_workflow_build' workflow_dispatch: diff --git a/.github/workflows/file-monitor-build-and-push-ghcr.yml b/.github/workflows/file-monitor-build-and-push-ghcr.yml index c5fecc8a5..05827276e 100644 --- a/.github/workflows/file-monitor-build-and-push-ghcr.yml +++ b/.github/workflows/file-monitor-build-and-push-ghcr.yml @@ -15,6 +15,7 @@ on: - '!shared/bin/preseed_late_user_config.sh' - '!shared/bin/configure-interfaces.py' - '!shared/bin/configure-capture.py' + - '!shared/bin/suricata*' - '!shared/bin/zeek*.sh' - '.trigger_workflow_build' workflow_dispatch: diff --git a/.github/workflows/file-upload-build-and-push-ghcr.yml b/.github/workflows/file-upload-build-and-push-ghcr.yml index be51b63ef..ddab381f2 100644 --- a/.github/workflows/file-upload-build-and-push-ghcr.yml +++ b/.github/workflows/file-upload-build-and-push-ghcr.yml @@ -15,6 +15,7 @@ on: - '!shared/bin/preseed_late_user_config.sh' - '!shared/bin/configure-interfaces.py' - '!shared/bin/configure-capture.py' + - '!shared/bin/suricata*' - '!shared/bin/zeek*' - '.trigger_workflow_build' workflow_dispatch: diff --git a/.github/workflows/filebeat-build-and-push-ghcr.yml b/.github/workflows/filebeat-build-and-push-ghcr.yml index 884b91364..b2d1444c3 100644 --- a/.github/workflows/filebeat-build-and-push-ghcr.yml +++ b/.github/workflows/filebeat-build-and-push-ghcr.yml @@ -15,6 +15,7 @@ on: - '!shared/bin/preseed_late_user_config.sh' - '!shared/bin/configure-interfaces.py' - '!shared/bin/configure-capture.py' + - '!shared/bin/suricata*' - '!shared/bin/zeek*' - '.trigger_workflow_build' workflow_dispatch: diff --git a/.github/workflows/freq-build-and-push-ghcr.yml b/.github/workflows/freq-build-and-push-ghcr.yml index 314182cde..a84e3c609 100644 --- a/.github/workflows/freq-build-and-push-ghcr.yml +++ b/.github/workflows/freq-build-and-push-ghcr.yml @@ -15,6 +15,7 @@ on: - '!shared/bin/preseed_late_user_config.sh' - '!shared/bin/configure-interfaces.py' - '!shared/bin/configure-capture.py' + - '!shared/bin/suricata*' - '!shared/bin/zeek*' - '.trigger_workflow_build' workflow_dispatch: diff --git a/.github/workflows/htadmin-build-and-push-ghcr.yml b/.github/workflows/htadmin-build-and-push-ghcr.yml index 0b9db5e1f..78f721cad 100644 --- a/.github/workflows/htadmin-build-and-push-ghcr.yml +++ b/.github/workflows/htadmin-build-and-push-ghcr.yml @@ -15,6 +15,7 @@ on: - '!shared/bin/preseed_late_user_config.sh' - '!shared/bin/configure-interfaces.py' - '!shared/bin/configure-capture.py' + - '!shared/bin/suricata*' - '!shared/bin/zeek*' - '.trigger_workflow_build' workflow_dispatch: diff --git a/.github/workflows/logstash-build-and-push-ghcr.yml b/.github/workflows/logstash-build-and-push-ghcr.yml index 030dbd394..c4a6749bd 100644 --- a/.github/workflows/logstash-build-and-push-ghcr.yml +++ b/.github/workflows/logstash-build-and-push-ghcr.yml @@ -15,6 +15,7 @@ on: - '!shared/bin/preseed_late_user_config.sh' - '!shared/bin/configure-interfaces.py' - '!shared/bin/configure-capture.py' + - '!shared/bin/suricata*' - '!shared/bin/zeek*' - '.trigger_workflow_build' workflow_dispatch: diff --git a/.github/workflows/malcolm-iso-build-docker-wrap-push-ghcr.yml b/.github/workflows/malcolm-iso-build-docker-wrap-push-ghcr.yml index cf6486a42..b648dd8a5 100644 --- a/.github/workflows/malcolm-iso-build-docker-wrap-push-ghcr.yml +++ b/.github/workflows/malcolm-iso-build-docker-wrap-push-ghcr.yml @@ -10,6 +10,7 @@ on: - 'shared/bin/*' - '!shared/bin/configure-capture.py' - '!shared/bin/zeek*' + - '!shared/bin/suricata*' - '.trigger_iso_workflow_build' - '.github/workflows/malcolm-iso-build-docker-wrap-push-ghcr.yml' workflow_dispatch: diff --git a/.github/workflows/netbox-build-and-push-ghcr.yml b/.github/workflows/netbox-build-and-push-ghcr.yml index aa2ca78d1..daf2bd1fb 100644 --- a/.github/workflows/netbox-build-and-push-ghcr.yml +++ b/.github/workflows/netbox-build-and-push-ghcr.yml @@ -16,6 +16,7 @@ on: - '!shared/bin/configure-interfaces.py' - '!shared/bin/configure-capture.py' - '!shared/bin/zeek*' + - '!shared/bin/suricata*' - '.trigger_workflow_build' workflow_dispatch: repository_dispatch: diff --git a/.github/workflows/nginx-build-and-push-ghcr.yml b/.github/workflows/nginx-build-and-push-ghcr.yml index 708d7fdd0..0bb0b87ca 100644 --- a/.github/workflows/nginx-build-and-push-ghcr.yml +++ b/.github/workflows/nginx-build-and-push-ghcr.yml @@ -16,6 +16,7 @@ on: - '!shared/bin/configure-interfaces.py' - '!shared/bin/configure-capture.py' - '!shared/bin/zeek*' + - '!shared/bin/suricata*' - '.trigger_workflow_build' - '_config.yml' - '_includes/**' diff --git a/.github/workflows/opensearch-build-and-push-ghcr.yml b/.github/workflows/opensearch-build-and-push-ghcr.yml index c12913a79..8b0a21a60 100644 --- a/.github/workflows/opensearch-build-and-push-ghcr.yml +++ b/.github/workflows/opensearch-build-and-push-ghcr.yml @@ -15,6 +15,7 @@ on: - '!shared/bin/configure-interfaces.py' - '!shared/bin/configure-capture.py' - '!shared/bin/zeek*' + - '!shared/bin/suricata*' - '.trigger_workflow_build' workflow_dispatch: repository_dispatch: diff --git a/.github/workflows/pcap-capture-build-and-push-ghcr.yml b/.github/workflows/pcap-capture-build-and-push-ghcr.yml index e0cfe4d7d..fd374e5cb 100644 --- a/.github/workflows/pcap-capture-build-and-push-ghcr.yml +++ b/.github/workflows/pcap-capture-build-and-push-ghcr.yml @@ -16,6 +16,7 @@ on: - '!shared/bin/configure-interfaces.py' - '!shared/bin/configure-capture.py' - '!shared/bin/zeek*' + - '!shared/bin/suricata*' - '.trigger_workflow_build' workflow_dispatch: repository_dispatch: diff --git a/.github/workflows/pcap-monitor-build-and-push-ghcr.yml b/.github/workflows/pcap-monitor-build-and-push-ghcr.yml index f8bdc2c33..855ea60c9 100644 --- a/.github/workflows/pcap-monitor-build-and-push-ghcr.yml +++ b/.github/workflows/pcap-monitor-build-and-push-ghcr.yml @@ -16,6 +16,7 @@ on: - '!shared/bin/configure-interfaces.py' - '!shared/bin/configure-capture.py' - '!shared/bin/zeek*' + - '!shared/bin/suricata*' - '.trigger_workflow_build' workflow_dispatch: repository_dispatch: diff --git a/.github/workflows/postgresql-build-and-push-ghcr.yml b/.github/workflows/postgresql-build-and-push-ghcr.yml index dd3908422..4d031e237 100644 --- a/.github/workflows/postgresql-build-and-push-ghcr.yml +++ b/.github/workflows/postgresql-build-and-push-ghcr.yml @@ -15,6 +15,7 @@ on: - '!shared/bin/configure-interfaces.py' - '!shared/bin/configure-capture.py' - '!shared/bin/zeek*' + - '!shared/bin/suricata*' - '.trigger_workflow_build' workflow_dispatch: repository_dispatch: diff --git a/.github/workflows/redis-build-and-push-ghcr.yml b/.github/workflows/redis-build-and-push-ghcr.yml index 881531576..90b3d391d 100644 --- a/.github/workflows/redis-build-and-push-ghcr.yml +++ b/.github/workflows/redis-build-and-push-ghcr.yml @@ -15,6 +15,7 @@ on: - '!shared/bin/configure-interfaces.py' - '!shared/bin/configure-capture.py' - '!shared/bin/zeek*' + - '!shared/bin/suricata*' - '.trigger_workflow_build' workflow_dispatch: repository_dispatch: diff --git a/.github/workflows/zeek-build-and-push-ghcr.yml b/.github/workflows/zeek-build-and-push-ghcr.yml index dd6c44935..906c8d997 100644 --- a/.github/workflows/zeek-build-and-push-ghcr.yml +++ b/.github/workflows/zeek-build-and-push-ghcr.yml @@ -15,6 +15,7 @@ on: - '!shared/bin/preseed_late_user_config.sh' - '!shared/bin/configure-interfaces.py' - '!shared/bin/configure-capture.py' + - '!shared/bin/suricata*' - '.trigger_workflow_build' workflow_dispatch: repository_dispatch: From 936bf157ca8707775512f0753cc3133cbb021fd8 Mon Sep 17 00:00:00 2001 From: Seth Grover Date: Tue, 19 Mar 2024 13:45:17 -0600 Subject: [PATCH 44/79] moved common malcolm fields into another composable component rather than defining it directly in the malcolm_template --- .../composable/component/malcolm_common.json | 80 +++++++++++++++++++ dashboards/templates/malcolm_template.json | 79 +----------------- 2 files changed, 82 insertions(+), 77 deletions(-) create mode 100644 dashboards/templates/composable/component/malcolm_common.json diff --git a/dashboards/templates/composable/component/malcolm_common.json b/dashboards/templates/composable/component/malcolm_common.json new file mode 100644 index 000000000..3fdaecc39 --- /dev/null +++ b/dashboards/templates/composable/component/malcolm_common.json @@ -0,0 +1,80 @@ +{ + "template": { + "mappings": { + "properties": { + "destination.ip_reverse_dns": { "type": "keyword" }, + "destination.oui": { "type": "keyword" }, + "destination.device": { + "properties": { + "cluster": { "type": "keyword" }, + "device_type": { "type": "keyword" }, + "id": { "type": "integer" }, + "manufacturer": { "type": "keyword" }, + "name": { "type": "keyword" }, + "role": { "type": "keyword" }, + "service": { "type": "keyword" }, + "site": { "type": "keyword" }, + "url": { "type": "keyword" }, + "details": { "type": "nested" } + } + }, + "destination.segment": { + "properties": { + "id": { "type": "integer" }, + "name": { "type": "keyword" }, + "site": { "type": "keyword" }, + "tenant": { "type": "keyword" }, + "url": { "type": "keyword" }, + "details": { "type": "nested" } + } + }, + "event.freq_score_v1": { "type": "float" }, + "event.freq_score_v2": { "type": "float" }, + "event.hits": { "type": "long" }, + "event.result": { "type": "keyword" }, + "event.severity_tags": { "type": "keyword" }, + "file.source": { "type": "keyword" }, + "network.is_orig": { "type": "keyword" }, + "network.protocol_version": { "type": "keyword" }, + "related.mac": { "type": "keyword" }, + "related.oui": { "type": "keyword" }, + "related.password": { "type": "keyword", "ignore_above": 256, "fields": { "text": { "type": "text" } } }, + "related.device_id": { "type": "integer" }, + "related.device_name": { "type": "keyword" }, + "related.device_type": { "type": "keyword" }, + "related.manufacturer": { "type": "keyword" }, + "related.role": { "type": "keyword" }, + "related.service": { "type": "keyword" }, + "related.site": { "type": "keyword" }, + "source.ip_reverse_dns": { "type": "keyword" }, + "source.oui": { "type": "keyword" }, + "source.device": { + "properties": { + "cluster": { "type": "keyword" }, + "device_type": { "type": "keyword" }, + "id": { "type": "integer" }, + "manufacturer": { "type": "keyword" }, + "name": { "type": "keyword" }, + "role": { "type": "keyword" }, + "service": { "type": "keyword" }, + "site": { "type": "keyword" }, + "url": { "type": "keyword" }, + "details": { "type": "nested" } + } + }, + "source.segment": { + "properties": { + "id": { "type": "integer" }, + "name": { "type": "keyword" }, + "site": { "type": "keyword" }, + "tenant": { "type": "keyword" }, + "url": { "type": "keyword" }, + "details": { "type": "nested" } + } + }, + "tls.client.ja3_description": { "type": "keyword", "ignore_above": 1024, "fields": { "text": { "type": "text" } } }, + "tls.server.ja3s_description": { "type": "keyword", "ignore_above": 1024, "fields": { "text": { "type": "text" } } } + } + } + } +} \ No newline at end of file diff --git a/dashboards/templates/malcolm_template.json b/dashboards/templates/malcolm_template.json index 09bff2b8d..dee0b4564 100644 --- a/dashboards/templates/malcolm_template.json +++ b/dashboards/templates/malcolm_template.json @@ -25,7 +25,8 @@ "custom_arkime", "custom_suricata", "custom_zeek", - "custom_zeek_ot" + "custom_zeek_ot", + "custom_malcolm_common" ], "template" :{ "settings" : { @@ -34,82 +35,6 @@ "mapping.nested_fields.limit" : "250", "max_docvalue_fields_search" : "200" } - }, - "mappings": { - "properties": { - "destination.ip_reverse_dns": { "type": "keyword" }, - "destination.oui": { "type": "keyword" }, - "destination.device": { - "properties": { - "cluster": { "type": "keyword" }, - "device_type": { "type": "keyword" }, - "id": { "type": "integer" }, - "manufacturer": { "type": "keyword" }, - "name": { "type": "keyword" }, - "role": { "type": "keyword" }, - "service": { "type": "keyword" }, - "site": { "type": "keyword" }, - "url": { "type": "keyword" }, - "details": { "type": "nested" } - } - }, - "destination.segment": { - "properties": { - "id": { "type": "integer" }, - "name": { "type": "keyword" }, - "site": { "type": "keyword" }, - "tenant": { "type": "keyword" }, - "url": { "type": "keyword" }, - "details": { "type": "nested" } - } - }, - "event.freq_score_v1": { "type": "float" }, - "event.freq_score_v2": { "type": "float" }, - "event.hits": { "type": "long" }, - "event.result": { "type": "keyword" }, - "event.severity_tags": { "type": "keyword" }, - "file.source": { "type": "keyword" }, - "network.is_orig": { "type": "keyword" }, - "network.protocol_version": { "type": "keyword" }, - "related.mac": { "type": "keyword" }, - "related.oui": { "type": "keyword" }, - "related.password": { "type": "keyword", "ignore_above": 256, "fields": { "text": { "type": "text" } } }, - "related.device_id": { "type": "integer" }, - "related.device_name": { "type": "keyword" }, - "related.device_type": { "type": "keyword" }, - "related.manufacturer": { "type": "keyword" }, - "related.role": { "type": "keyword" }, - "related.service": { "type": "keyword" }, - "related.site": { "type": "keyword" }, - "source.ip_reverse_dns": { "type": "keyword" }, - "source.oui": { "type": "keyword" }, - "source.device": { - "properties": { - "cluster": { "type": "keyword" }, - "device_type": { "type": "keyword" }, - "id": { "type": "integer" }, - "manufacturer": { "type": "keyword" }, - "name": { "type": "keyword" }, - "role": { "type": "keyword" }, - "service": { "type": "keyword" }, - "site": { "type": "keyword" }, - "url": { "type": "keyword" }, - "details": { "type": "nested" } - } - }, - "source.segment": { - "properties": { - "id": { "type": "integer" }, - "name": { "type": "keyword" }, - "site": { "type": "keyword" }, - "tenant": { "type": "keyword" }, - "url": { "type": "keyword" }, - "details": { "type": "nested" } - } - }, - "tls.client.ja3_description": { "type": "keyword", "ignore_above": 1024, "fields": { "text": { "type": "text" } } }, - "tls.server.ja3s_description": { "type": "keyword", "ignore_above": 1024, "fields": { "text": { "type": "text" } } } - } } } } From ee277a94a206c288ac6505471d5f53564958a41a Mon Sep 17 00:00:00 2001 From: Seth Grover Date: Tue, 19 Mar 2024 14:52:16 -0600 Subject: [PATCH 45/79] Revert "uniformly increase number of results for table visualizations in Dashboards (idaholab/Malcolm#447)" This reverts commit 12f4802da41a3da67ff1d2ea3766c82ef7b3873c. --- .../024062a6-48d6-498f-a91a-3bf2da3a3cd3.json | 1220 +++++------ .../03207c00-d07e-11ec-b4a7-d1b4003706b7.json | 766 +++---- .../05e3e000-f118-11e9-acda-83a8e29e1a24.json | 10 +- .../078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b.json | 10 +- .../0a490422-0ce9-44bf-9a2d-19329ddde8c3.json | 6 +- .../0ad3d7c2-3441-485e-9dfe-dbb22e84e576.json | 938 ++++---- .../0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa.json | 14 +- .../11be6381-beef-40a7-bdce-88c5398392fc.json | 4 +- .../11ddd980-e388-11e9-b568-cf17de8e860c.json | 10 +- .../12e3a130-d83b-11eb-a0b0-f328ce09b0b7.json | 680 +++--- .../152f29dc-51a2-4f53-93e9-6e92765567b8.json | 14 +- .../1cc01ff0-5205-11ec-a62c-7bc80e88f3f0.json | 12 +- .../1ce42250-3f99-11e9-a58e-8bdedb0915e8.json | 2 +- .../1fff49f6-0199-4a0f-820b-721aff9ff1f1.json | 560 ++--- .../29a1b290-eb98-11e9-a384-0fcf32210194.json | 1056 ++++----- .../2bec1490-eb94-11e9-a384-0fcf32210194.json | 14 +- .../2cc56240-e460-11ed-a9d5-9f591c284cb4.json | 12 +- .../2cf94cd0-ecab-40a5-95a7-8419f3a39cd9.json | 14 +- .../2d98bb8e-214c-4374-837b-20e1bcd63a5e.json | 12 +- .../32587740-ef88-11e9-b38a-2db3ee640e88.json | 6 +- .../36ed695f-edcc-47c1-b0ec-50d20c93ce0f.json | 914 ++++---- .../37041ee1-79c0-4684-a436-3173b0e89876.json | 16 +- .../39abfe30-3f99-11e9-a58e-8bdedb0915e8.json | 2 +- .../42e831b9-41a9-4f35-8b7d-e1566d368773.json | 16 +- .../432af556-c5c0-4cc3-8166-b274b4e3a406.json | 16 +- .../4a073440-b286-11eb-a4d4-09fa12a6ebd4.json | 8 +- .../4a4bde20-4760-11ea-949c-bbb5a9feecbf.json | 10 +- .../4e5f106e-c60a-4226-8f64-d534abb912ab.json | 8 +- .../50ced171-1b10-4c3f-8b67-2db9635661a6.json | 2 +- .../543118a9-02d7-43fe-b669-b8652177fc37.json | 14 +- .../55e332d0-3f99-11e9-a58e-8bdedb0915e8.json | 2 +- .../5694ca60-cbdf-11ec-a50a-5fedd672f5c5.json | 14 +- .../665d1610-523d-11e9-a30e-e3576242f3ed.json | 626 +++--- .../677ee170-809e-11ed-8d5b-07069f823b6f.json | 20 +- .../76f2f912-80da-44cd-ab66-6a73c8344cc3.json | 10 +- .../77fc9960-3f99-11e9-a58e-8bdedb0915e8.json | 2 +- .../7f41913f-cba8-43f5-82a8-241b7ead03e0.json | 6 +- .../7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb.json | 1420 ++++++------- .../82da3101-2a9c-4ae2-bb61-d447a3fbe673.json | 10 +- .../870a5862-6c26-4a08-99fd-0c06cda85ba3.json | 14 +- .../87a32f90-ef58-11e9-974e-9d600036d105.json | 12 +- .../87d990cc-9e0b-41e5-b8fe-b10ae1da0c85.json | 2 +- .../89d1cc50-974c-11ed-bb6b-3fb06c879b11.json | 12 +- .../92985909-dc29-4533-9e80-d3182a0ecf1d.json | 6 +- .../95479950-41f2-11ea-88fa-7151df485405.json | 14 +- .../9ee51f94-3316-4fc5-bd89-93a52af69714.json | 10 +- .../a16110b0-3f99-11e9-a58e-8bdedb0915e8.json | 2 +- .../a33e0a50-afcd-11ea-993f-b7d8522a8bed.json | 4 +- .../a7514350-eba6-11e9-a384-0fcf32210194.json | 8 +- .../abdd7550-2c7c-40dc-947e-f6d186a158c4.json | 1880 ++++++++--------- .../ae79b7d1-4281-4095-b2f6-fa7eafda9970.json | 10 +- .../af5df620-eeb6-11e9-bdef-65a192b7f586.json | 4 +- .../b9f247c0-3f99-11e9-a58e-8bdedb0915e8.json | 2 +- .../bb827f8e-639e-468c-93c8-9f5bc132eb8f.json | 14 +- .../3768ef70-d819-11ee-820d-dd9fd73a3921.json | 2 +- .../4ca94c70-d7da-11ee-9ed3-e7afff29e59a.json | 4 +- .../79202ee0-d811-11ee-820d-dd9fd73a3921.json | 6 +- .../7a7e0a60-e8e8-11ec-b9d4-4569bb965430.json | 8 +- .../903f42c0-f634-11ec-828d-2fb7a4a26e1f.json | 4 +- .../f6600310-9943-11ee-a029-e973f4774355.json | 4 +- .../bed185a0-ef82-11e9-b38a-2db3ee640e88.json | 4 +- .../bf5efbb0-60f1-11eb-9d60-dbf0411cfc48.json | 6 +- .../c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2.json | 6 +- .../ca5799a0-56b5-11eb-b749-576de068f8ad.json | 10 +- .../caef3ade-d289-4d05-a511-149f3e97f238.json | 16 +- .../d2dd0180-06b1-11ec-8c6b-353266ade330.json | 1374 ++++++------ .../d41fe630-3f98-11e9-a58e-8bdedb0915e8.json | 2 +- .../dd87edd0-796a-11ec-9ce6-b395c1ff58f4.json | 12 +- .../e76d05c0-eb9f-11e9-a384-0fcf32210194.json | 10 +- .../ed8a6640-3f98-11e9-a58e-8bdedb0915e8.json | 2 +- .../f1f09567-fc7f-450b-a341-19d2f2bb468b.json | 1050 ++++----- .../f77bf097-18a8-465c-b634-eb2acc7a4f26.json | 12 +- .../fa141950-ef89-11e9-b38a-2db3ee640e88.json | 6 +- .../fa477130-2b8a-11ec-a9f2-3911c8571bfd.json | 1086 +++++----- 74 files changed, 7047 insertions(+), 7047 deletions(-) diff --git a/dashboards/dashboards/024062a6-48d6-498f-a91a-3bf2da3a3cd3.json b/dashboards/dashboards/024062a6-48d6-498f-a91a-3bf2da3a3cd3.json index ff76d6db1..51ce770a4 100644 --- a/dashboards/dashboards/024062a6-48d6-498f-a91a-3bf2da3a3cd3.json +++ b/dashboards/dashboards/024062a6-48d6-498f-a91a-3bf2da3a3cd3.json @@ -1,611 +1,611 @@ -{ - "version": "7.10.2", - "objects": [ - { - "id": "024062a6-48d6-498f-a91a-3bf2da3a3cd3", - "type": "dashboard", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-12T18:27:47.478Z", - "version": "Wzg4MywxXQ==", - "attributes": { - "title": "X.509", - "hits": 0, - "description": "", - "panelsJSON": "[{\"version\":\"7.10.2\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":28,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":8,\"y\":8,\"w\":15,\"h\":20,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":0,\"y\":46,\"w\":15,\"h\":20,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":15,\"y\":46,\"w\":19,\"h\":20,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":34,\"y\":8,\"w\":14,\"h\":20,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":23,\"y\":8,\"w\":11,\"h\":20,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":0,\"y\":28,\"w\":12,\"h\":18,\"i\":\"aa7075cb-f9ef-4453-8c5f-90eccc6883c7\"},\"panelIndex\":\"aa7075cb-f9ef-4453-8c5f-90eccc6883c7\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":12,\"y\":28,\"w\":12,\"h\":18,\"i\":\"5e719795-a525-43dd-974c-6145b6e15de1\"},\"panelIndex\":\"5e719795-a525-43dd-974c-6145b6e15de1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":24,\"y\":28,\"w\":12,\"h\":18,\"i\":\"92e238af-672e-4f6d-8ff0-bf9d9a3a2437\"},\"panelIndex\":\"92e238af-672e-4f6d-8ff0-bf9d9a3a2437\",\"embeddableConfig\":{},\"panelRefName\":\"panel_10\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":36,\"y\":28,\"w\":12,\"h\":18,\"i\":\"d4f7644a-5547-4976-a5df-a5a5ae4a5bed\"},\"panelIndex\":\"d4f7644a-5547-4976-a5df-a5a5ae4a5bed\",\"embeddableConfig\":{},\"panelRefName\":\"panel_11\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":34,\"y\":46,\"w\":14,\"h\":20,\"i\":\"cff03ff3-838f-40f1-84b5-f671ff537a6c\"},\"panelIndex\":\"cff03ff3-838f-40f1-84b5-f671ff537a6c\",\"embeddableConfig\":{},\"panelRefName\":\"panel_12\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":0,\"y\":66,\"w\":48,\"h\":39,\"i\":\"2a9de8ad-b593-4bf3-9fc4-703580b95500\"},\"panelIndex\":\"2a9de8ad-b593-4bf3-9fc4-703580b95500\",\"embeddableConfig\":{},\"panelRefName\":\"panel_13\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":0,\"y\":105,\"w\":48,\"h\":24,\"i\":\"4535ecde-ff4e-4121-b783-deb678c5f1ff\"},\"panelIndex\":\"4535ecde-ff4e-4121-b783-deb678c5f1ff\",\"embeddableConfig\":{},\"panelRefName\":\"panel_14\"}]", - "optionsJSON": "{\"useMargins\":true}", - "version": 1, - "timeRestore": false, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\",\"time_zone\":\"America/Boise\"}}},\"filter\":[]}" - } - }, - "references": [ - { - "name": "panel_0", - "type": "visualization", - "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3" - }, - { - "name": "panel_1", - "type": "visualization", - "id": "0ce14883-eb54-4b30-aba0-b8b13021da11" - }, - { - "name": "panel_2", - "type": "visualization", - "id": "23d08a2e-2fa2-42df-bf75-dc5f3e5a79e7" - }, - { - "name": "panel_3", - "type": "visualization", - "id": "d608f7dd-efea-49c4-b61d-a09d2a29148c" - }, - { - "name": "panel_4", - "type": "visualization", - "id": "fabba18b-a1ed-4a90-a27c-bdcfed98eae1" - }, - { - "name": "panel_5", - "type": "visualization", - "id": "193088ad-5112-435f-9e9f-ec9127ff8665" - }, - { - "name": "panel_6", - "type": "visualization", - "id": "34d702ec-63e9-475d-ab0a-07d97ed4bd66" - }, - { - "name": "panel_7", - "type": "visualization", - "id": "AWDHGklsxQT5EBNmq4wG" - }, - { - "name": "panel_8", - "type": "visualization", - "id": "fa696510-4e9b-11ea-b504-97aa449f6abc" - }, - { - "name": "panel_9", - "type": "visualization", - "id": "61410dd0-2b89-11ec-a9f2-3911c8571bfd" - }, - { - "name": "panel_10", - "type": "visualization", - "id": "b1481d20-2b64-11ec-a748-7936240e2919" - }, - { - "name": "panel_11", - "type": "visualization", - "id": "cdd2a1e0-2b64-11ec-a748-7936240e2919" - }, - { - "name": "panel_12", - "type": "visualization", - "id": "e70e3a00-2b75-11ec-b2c0-c162ed55b2ac" - }, - { - "name": "panel_13", - "type": "search", - "id": "858102a3-eec0-4ab3-82bb-a791e4eb364b" - }, - { - "name": "panel_14", - "type": "search", - "id": "9c2ec460-2b88-11ec-a9f2-3911c8571bfd" - } - ], - "migrationVersion": { - "dashboard": "7.9.3" - } - }, - { - "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-12T17:35:08.437Z", - "version": "Wzc0MiwxXQ==", - "attributes": { - "title": "Network Logs", - "visState": "{\"title\":\"Network Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576) \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405) \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf) \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330) \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4) \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed) \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714) \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3) \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85) \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11) \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f) \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b) \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1) \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed) \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5) \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f) \\n[↪ NetBox](/netbox/) \\n[↪ Arkime](/arkime/) \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406) ● [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e) ● [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9) ● [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48) ● [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) ● [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3) ● [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673) ● [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24) ● [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105) ● [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6) ● [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37) ● [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586) ● [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0) ● [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c) ● [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970) ● [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0) ● [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26) ● [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa) ● [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773) ● [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f) ● [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab) ● [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238) ● [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3) ● [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd) ● [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d) ● [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88) ● [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2) ● [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194) ● [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad) ● [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3) ● [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4) ● [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194) ● [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7) ● [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8) ● [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4) ● [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194) ● [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194) ● [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4) ● [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}", - "uiStateJSON": "{}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}" - } - }, - "references": [], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "0ce14883-eb54-4b30-aba0-b8b13021da11", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-12T17:34:03.402Z", - "version": "WzUsMV0=", - "attributes": { - "visState": "{\"title\":\"X.509 - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"histogram\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\" \"}}],\"listeners\":{}}", - "description": "", - "title": "X.509 - Log Count Over Time", - "uiStateJSON": "{}", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "type": "search", - "name": "search_0", - "id": "858102a3-eec0-4ab3-82bb-a791e4eb364b" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "23d08a2e-2fa2-42df-bf75-dc5f3e5a79e7", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-12T17:34:03.402Z", - "version": "WzYsMV0=", - "attributes": { - "title": "X.509 - Certificate Signing Algorithm", - "visState": "{\"title\":\"X.509 - Certificate Signing Algorithm\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Algorithm\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek.x509.certificate_sig_alg\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Algorithm\"}}]}", - "uiStateJSON": "{}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "858102a3-eec0-4ab3-82bb-a791e4eb364b" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "d608f7dd-efea-49c4-b61d-a09d2a29148c", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-12T17:34:03.402Z", - "version": "WzcsMV0=", - "attributes": { - "visState": "{\"title\":\"X.509 - Certificate Subject\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.x509.certificate_subject_full\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Subject\"}}],\"listeners\":{}}", - "description": "", - "title": "X.509 - Certificate Subject", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "type": "search", - "name": "search_0", - "id": "858102a3-eec0-4ab3-82bb-a791e4eb364b" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "fabba18b-a1ed-4a90-a27c-bdcfed98eae1", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-12T17:34:03.402Z", - "version": "WzgsMV0=", - "attributes": { - "visState": "{\"title\":\"X.509 - Certificate Issuer\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.x509.certificate_issuer_full\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Issuer\"}}],\"listeners\":{}}", - "description": "", - "title": "X.509 - Certificate Issuer", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "type": "search", - "name": "search_0", - "id": "858102a3-eec0-4ab3-82bb-a791e4eb364b" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "193088ad-5112-435f-9e9f-ec9127ff8665", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-12T17:34:03.402Z", - "version": "WzksMV0=", - "attributes": { - "title": "X.509 - Certificate Key Length", - "visState": "{\"title\":\"X.509 - Certificate Key Length\",\"type\":\"histogram\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.x509.certificate_key_length\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Key Length\"},\"schema\":\"segment\"}],\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100,\"rotate\":0},\"title\":{\"text\":\"Key Length\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"square root\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"type\":\"histogram\",\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}", - "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "858102a3-eec0-4ab3-82bb-a791e4eb364b" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "34d702ec-63e9-475d-ab0a-07d97ed4bd66", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-12T17:34:03.402Z", - "version": "WzEwLDFd", - "attributes": { - "title": "X.509 - Certificate Key Algorithm", - "visState": "{\"title\":\"X.509 - Certificate Key Algorithm\",\"type\":\"histogram\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.x509.certificate_key_alg\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":7,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Algorithm\"},\"schema\":\"segment\"}],\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"square root\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"type\":\"histogram\",\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}", - "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "858102a3-eec0-4ab3-82bb-a791e4eb364b" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "AWDHGklsxQT5EBNmq4wG", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-12T17:34:03.402Z", - "version": "WzExLDFd", - "attributes": { - "title": "X.509 - Log Count", - "visState": "{\"title\":\"X.509 - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}", - "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "type": "search", - "name": "search_0", - "id": "858102a3-eec0-4ab3-82bb-a791e4eb364b" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "fa696510-4e9b-11ea-b504-97aa449f6abc", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-12T17:34:37.046Z", - "version": "WzM5NywxXQ==", - "attributes": { - "title": "SSL - Relevant Notices", - "visState": "{\"title\":\"SSL - Relevant Notices\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":4,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Notice Category\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Notice Subcategory\",\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"ip\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Source IP\",\"aggType\":\"terms\"},{\"accessor\":3,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"ip\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"1\"}},\"params\":{},\"label\":\"Destination IP\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.category\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Notice Category\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.name\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Notice Subcategory\"}}]}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"rule.category:(SSL OR CVE_2020_0601)\",\"language\":\"lucene\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "8f003748-a6f8-4244-9d4e-e38e4a48da4c" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "61410dd0-2b89-11ec-a9f2-3911c8571bfd", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-12T18:22:38.381Z", - "version": "Wzg2MSwxXQ==", - "attributes": { - "title": "OCSP - Certificate Revocation", - "visState": "{\"title\":\"OCSP - Certificate Revocation\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.ocsp.certStatus\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Certificate Status\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.ocsp.revokereason\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Revocation Reason\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"NOT zeek.ocsp.certStatus:good\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "9c2ec460-2b88-11ec-a9f2-3911c8571bfd" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "b1481d20-2b64-11ec-a748-7936240e2919", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-12T17:34:03.402Z", - "version": "WzEzLDFd", - "attributes": { - "title": "X.509 - Is Host Certificate", - "visState": "{\"title\":\"X.509 - Is Host Certificate\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.x509.host_cert\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Host Certificate\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":true,\"values\":true,\"last_level\":true,\"truncate\":100},\"row\":false}}", - "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "858102a3-eec0-4ab3-82bb-a791e4eb364b" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "cdd2a1e0-2b64-11ec-a748-7936240e2919", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-12T17:34:03.402Z", - "version": "WzE0LDFd", - "attributes": { - "title": "X.509 - Is Client Certificate", - "visState": "{\"title\":\"X.509 - Is Client Certificate\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.x509.client_cert\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client Certificate\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":true,\"values\":true,\"last_level\":true,\"truncate\":100}}}", - "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "858102a3-eec0-4ab3-82bb-a791e4eb364b" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "e70e3a00-2b75-11ec-b2c0-c162ed55b2ac", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-12T17:34:03.402Z", - "version": "WzE1LDFd", - "attributes": { - "title": "X.509 - Certificate Fingerprint", - "visState": "{\"title\":\"X.509 - Certificate Fingerprint\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.x509.fingerprint\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Certificate Fingerprint\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "858102a3-eec0-4ab3-82bb-a791e4eb364b" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "858102a3-eec0-4ab3-82bb-a791e4eb364b", - "type": "search", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-12T17:34:03.402Z", - "version": "WzE2LDFd", - "attributes": { - "title": "X.509 - Logs", - "description": "", - "hits": 0, - "columns": [ - "zeek.x509.certificate_issuer.CN", - "zeek.x509.certificate_subject.CN", - "zeek.x509.host_cert", - "zeek.x509.client_cert", - "zeek.x509.certificate_sig_alg", - "zeek.x509.certificate_version" - ], - "sort": [ - [ - "MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER", - "desc" - ] - ], - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"filter\":[],\"query\":{\"query\":{\"query_string\":{\"query\":\"event.dataset:x509\",\"analyze_wildcard\":true}},\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" - } - }, - "references": [ - { - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern", - "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" - } - ], - "migrationVersion": { - "search": "7.9.3" - } - }, - { - "id": "9c2ec460-2b88-11ec-a9f2-3911c8571bfd", - "type": "search", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-12T18:17:07.749Z", - "version": "WzgyOSwxXQ==", - "attributes": { - "title": "OCSP - Logs", - "description": "", - "hits": 0, - "columns": [ - "zeek.ocsp.thisUpdate", - "zeek.ocsp.nextUpdate", - "zeek.ocsp.certStatus", - "zeek.ocsp.revokereason", - "zeek.ocsp.revoketime", - "zeek.ocsp.serialNumber", - "event.id" - ], - "sort": [], - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"query\":{\"query\":\"event.dataset:ocsp\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" - } - }, - "references": [ - { - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern", - "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" - } - ], - "migrationVersion": { - "search": "7.9.3" - } - }, - { - "id": "8f003748-a6f8-4244-9d4e-e38e4a48da4c", - "type": "search", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-12T17:35:05.414Z", - "version": "WzcxNywxXQ==", - "attributes": { - "title": "Notices - Logs", - "description": "", - "hits": 0, - "columns": [ - "rule.category", - "rule.name", - "zeek.notice.msg", - "source.ip", - "destination.ip", - "event.id" - ], - "sort": [ - [ - "MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER", - "desc" - ] - ], - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"event.provider:zeek AND event.dataset:notice\",\"default_field\":\"*\"}}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" - } - }, - "references": [ - { - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern", - "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" - } - ], - "migrationVersion": { - "search": "7.9.3" - } - } - ] +{ + "version": "7.10.2", + "objects": [ + { + "id": "024062a6-48d6-498f-a91a-3bf2da3a3cd3", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-12T18:27:47.478Z", + "version": "Wzg4MywxXQ==", + "attributes": { + "title": "X.509", + "hits": 0, + "description": "", + "panelsJSON": "[{\"version\":\"7.10.2\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":28,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":8,\"y\":8,\"w\":15,\"h\":20,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":0,\"y\":46,\"w\":15,\"h\":20,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":15,\"y\":46,\"w\":19,\"h\":20,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":34,\"y\":8,\"w\":14,\"h\":20,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":23,\"y\":8,\"w\":11,\"h\":20,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":0,\"y\":28,\"w\":12,\"h\":18,\"i\":\"aa7075cb-f9ef-4453-8c5f-90eccc6883c7\"},\"panelIndex\":\"aa7075cb-f9ef-4453-8c5f-90eccc6883c7\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":12,\"y\":28,\"w\":12,\"h\":18,\"i\":\"5e719795-a525-43dd-974c-6145b6e15de1\"},\"panelIndex\":\"5e719795-a525-43dd-974c-6145b6e15de1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":24,\"y\":28,\"w\":12,\"h\":18,\"i\":\"92e238af-672e-4f6d-8ff0-bf9d9a3a2437\"},\"panelIndex\":\"92e238af-672e-4f6d-8ff0-bf9d9a3a2437\",\"embeddableConfig\":{},\"panelRefName\":\"panel_10\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":36,\"y\":28,\"w\":12,\"h\":18,\"i\":\"d4f7644a-5547-4976-a5df-a5a5ae4a5bed\"},\"panelIndex\":\"d4f7644a-5547-4976-a5df-a5a5ae4a5bed\",\"embeddableConfig\":{},\"panelRefName\":\"panel_11\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":34,\"y\":46,\"w\":14,\"h\":20,\"i\":\"cff03ff3-838f-40f1-84b5-f671ff537a6c\"},\"panelIndex\":\"cff03ff3-838f-40f1-84b5-f671ff537a6c\",\"embeddableConfig\":{},\"panelRefName\":\"panel_12\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":0,\"y\":66,\"w\":48,\"h\":39,\"i\":\"2a9de8ad-b593-4bf3-9fc4-703580b95500\"},\"panelIndex\":\"2a9de8ad-b593-4bf3-9fc4-703580b95500\",\"embeddableConfig\":{},\"panelRefName\":\"panel_13\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":0,\"y\":105,\"w\":48,\"h\":24,\"i\":\"4535ecde-ff4e-4121-b783-deb678c5f1ff\"},\"panelIndex\":\"4535ecde-ff4e-4121-b783-deb678c5f1ff\",\"embeddableConfig\":{},\"panelRefName\":\"panel_14\"}]", + "optionsJSON": "{\"useMargins\":true}", + "version": 1, + "timeRestore": false, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\",\"time_zone\":\"America/Boise\"}}},\"filter\":[]}" + } + }, + "references": [ + { + "name": "panel_0", + "type": "visualization", + "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3" + }, + { + "name": "panel_1", + "type": "visualization", + "id": "0ce14883-eb54-4b30-aba0-b8b13021da11" + }, + { + "name": "panel_2", + "type": "visualization", + "id": "23d08a2e-2fa2-42df-bf75-dc5f3e5a79e7" + }, + { + "name": "panel_3", + "type": "visualization", + "id": "d608f7dd-efea-49c4-b61d-a09d2a29148c" + }, + { + "name": "panel_4", + "type": "visualization", + "id": "fabba18b-a1ed-4a90-a27c-bdcfed98eae1" + }, + { + "name": "panel_5", + "type": "visualization", + "id": "193088ad-5112-435f-9e9f-ec9127ff8665" + }, + { + "name": "panel_6", + "type": "visualization", + "id": "34d702ec-63e9-475d-ab0a-07d97ed4bd66" + }, + { + "name": "panel_7", + "type": "visualization", + "id": "AWDHGklsxQT5EBNmq4wG" + }, + { + "name": "panel_8", + "type": "visualization", + "id": "fa696510-4e9b-11ea-b504-97aa449f6abc" + }, + { + "name": "panel_9", + "type": "visualization", + "id": "61410dd0-2b89-11ec-a9f2-3911c8571bfd" + }, + { + "name": "panel_10", + "type": "visualization", + "id": "b1481d20-2b64-11ec-a748-7936240e2919" + }, + { + "name": "panel_11", + "type": "visualization", + "id": "cdd2a1e0-2b64-11ec-a748-7936240e2919" + }, + { + "name": "panel_12", + "type": "visualization", + "id": "e70e3a00-2b75-11ec-b2c0-c162ed55b2ac" + }, + { + "name": "panel_13", + "type": "search", + "id": "858102a3-eec0-4ab3-82bb-a791e4eb364b" + }, + { + "name": "panel_14", + "type": "search", + "id": "9c2ec460-2b88-11ec-a9f2-3911c8571bfd" + } + ], + "migrationVersion": { + "dashboard": "7.9.3" + } + }, + { + "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-12T17:35:08.437Z", + "version": "Wzc0MiwxXQ==", + "attributes": { + "title": "Network Logs", + "visState": "{\"title\":\"Network Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576) \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405) \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf) \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330) \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4) \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed) \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714) \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3) \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85) \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11) \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f) \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b) \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1) \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed) \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5) \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f) \\n[↪ NetBox](/netbox/) \\n[↪ Arkime](/arkime/) \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406) ● [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e) ● [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9) ● [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48) ● [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) ● [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3) ● [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673) ● [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24) ● [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105) ● [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6) ● [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37) ● [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586) ● [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0) ● [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c) ● [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970) ● [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0) ● [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26) ● [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa) ● [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773) ● [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f) ● [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab) ● [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238) ● [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3) ● [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd) ● [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d) ● [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88) ● [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2) ● [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194) ● [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad) ● [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3) ● [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4) ● [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194) ● [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7) ● [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8) ● [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4) ● [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194) ● [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194) ● [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4) ● [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}", + "uiStateJSON": "{}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}" + } + }, + "references": [], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "0ce14883-eb54-4b30-aba0-b8b13021da11", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-12T17:34:03.402Z", + "version": "WzUsMV0=", + "attributes": { + "visState": "{\"title\":\"X.509 - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"histogram\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\" \"}}],\"listeners\":{}}", + "description": "", + "title": "X.509 - Log Count Over Time", + "uiStateJSON": "{}", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "type": "search", + "name": "search_0", + "id": "858102a3-eec0-4ab3-82bb-a791e4eb364b" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "23d08a2e-2fa2-42df-bf75-dc5f3e5a79e7", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-12T17:34:03.402Z", + "version": "WzYsMV0=", + "attributes": { + "title": "X.509 - Certificate Signing Algorithm", + "visState": "{\"title\":\"X.509 - Certificate Signing Algorithm\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Algorithm\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek.x509.certificate_sig_alg\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Algorithm\"}}]}", + "uiStateJSON": "{}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "858102a3-eec0-4ab3-82bb-a791e4eb364b" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "d608f7dd-efea-49c4-b61d-a09d2a29148c", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-12T17:34:03.402Z", + "version": "WzcsMV0=", + "attributes": { + "visState": "{\"title\":\"X.509 - Certificate Subject\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.x509.certificate_subject_full\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Subject\"}}],\"listeners\":{}}", + "description": "", + "title": "X.509 - Certificate Subject", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "type": "search", + "name": "search_0", + "id": "858102a3-eec0-4ab3-82bb-a791e4eb364b" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "fabba18b-a1ed-4a90-a27c-bdcfed98eae1", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-12T17:34:03.402Z", + "version": "WzgsMV0=", + "attributes": { + "visState": "{\"title\":\"X.509 - Certificate Issuer\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.x509.certificate_issuer_full\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Issuer\"}}],\"listeners\":{}}", + "description": "", + "title": "X.509 - Certificate Issuer", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "type": "search", + "name": "search_0", + "id": "858102a3-eec0-4ab3-82bb-a791e4eb364b" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "193088ad-5112-435f-9e9f-ec9127ff8665", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-12T17:34:03.402Z", + "version": "WzksMV0=", + "attributes": { + "title": "X.509 - Certificate Key Length", + "visState": "{\"title\":\"X.509 - Certificate Key Length\",\"type\":\"histogram\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.x509.certificate_key_length\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Key Length\"},\"schema\":\"segment\"}],\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100,\"rotate\":0},\"title\":{\"text\":\"Key Length\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"square root\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"type\":\"histogram\",\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}", + "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "858102a3-eec0-4ab3-82bb-a791e4eb364b" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "34d702ec-63e9-475d-ab0a-07d97ed4bd66", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-12T17:34:03.402Z", + "version": "WzEwLDFd", + "attributes": { + "title": "X.509 - Certificate Key Algorithm", + "visState": "{\"title\":\"X.509 - Certificate Key Algorithm\",\"type\":\"histogram\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.x509.certificate_key_alg\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":7,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Algorithm\"},\"schema\":\"segment\"}],\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"square root\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"type\":\"histogram\",\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}", + "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "858102a3-eec0-4ab3-82bb-a791e4eb364b" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "AWDHGklsxQT5EBNmq4wG", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-12T17:34:03.402Z", + "version": "WzExLDFd", + "attributes": { + "title": "X.509 - Log Count", + "visState": "{\"title\":\"X.509 - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}", + "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "type": "search", + "name": "search_0", + "id": "858102a3-eec0-4ab3-82bb-a791e4eb364b" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "fa696510-4e9b-11ea-b504-97aa449f6abc", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-12T17:34:37.046Z", + "version": "WzM5NywxXQ==", + "attributes": { + "title": "SSL - Relevant Notices", + "visState": "{\"title\":\"SSL - Relevant Notices\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":4,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Notice Category\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Notice Subcategory\",\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"ip\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Source IP\",\"aggType\":\"terms\"},{\"accessor\":3,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"ip\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"1\"}},\"params\":{},\"label\":\"Destination IP\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.category\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Notice Category\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Notice Subcategory\"}}]}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"rule.category:(SSL OR CVE_2020_0601)\",\"language\":\"lucene\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "8f003748-a6f8-4244-9d4e-e38e4a48da4c" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "61410dd0-2b89-11ec-a9f2-3911c8571bfd", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-12T18:22:38.381Z", + "version": "Wzg2MSwxXQ==", + "attributes": { + "title": "OCSP - Certificate Revocation", + "visState": "{\"title\":\"OCSP - Certificate Revocation\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.ocsp.certStatus\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Certificate Status\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.ocsp.revokereason\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Revocation Reason\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"NOT zeek.ocsp.certStatus:good\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "9c2ec460-2b88-11ec-a9f2-3911c8571bfd" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "b1481d20-2b64-11ec-a748-7936240e2919", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-12T17:34:03.402Z", + "version": "WzEzLDFd", + "attributes": { + "title": "X.509 - Is Host Certificate", + "visState": "{\"title\":\"X.509 - Is Host Certificate\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.x509.host_cert\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Host Certificate\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":true,\"values\":true,\"last_level\":true,\"truncate\":100},\"row\":false}}", + "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "858102a3-eec0-4ab3-82bb-a791e4eb364b" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "cdd2a1e0-2b64-11ec-a748-7936240e2919", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-12T17:34:03.402Z", + "version": "WzE0LDFd", + "attributes": { + "title": "X.509 - Is Client Certificate", + "visState": "{\"title\":\"X.509 - Is Client Certificate\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.x509.client_cert\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client Certificate\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":true,\"values\":true,\"last_level\":true,\"truncate\":100}}}", + "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "858102a3-eec0-4ab3-82bb-a791e4eb364b" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "e70e3a00-2b75-11ec-b2c0-c162ed55b2ac", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-12T17:34:03.402Z", + "version": "WzE1LDFd", + "attributes": { + "title": "X.509 - Certificate Fingerprint", + "visState": "{\"title\":\"X.509 - Certificate Fingerprint\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.x509.fingerprint\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":500,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Certificate Fingerprint\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "858102a3-eec0-4ab3-82bb-a791e4eb364b" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "858102a3-eec0-4ab3-82bb-a791e4eb364b", + "type": "search", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-12T17:34:03.402Z", + "version": "WzE2LDFd", + "attributes": { + "title": "X.509 - Logs", + "description": "", + "hits": 0, + "columns": [ + "zeek.x509.certificate_issuer.CN", + "zeek.x509.certificate_subject.CN", + "zeek.x509.host_cert", + "zeek.x509.client_cert", + "zeek.x509.certificate_sig_alg", + "zeek.x509.certificate_version" + ], + "sort": [ + [ + "MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER", + "desc" + ] + ], + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"filter\":[],\"query\":{\"query\":{\"query_string\":{\"query\":\"event.dataset:x509\",\"analyze_wildcard\":true}},\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" + } + }, + "references": [ + { + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern", + "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" + } + ], + "migrationVersion": { + "search": "7.9.3" + } + }, + { + "id": "9c2ec460-2b88-11ec-a9f2-3911c8571bfd", + "type": "search", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-12T18:17:07.749Z", + "version": "WzgyOSwxXQ==", + "attributes": { + "title": "OCSP - Logs", + "description": "", + "hits": 0, + "columns": [ + "zeek.ocsp.thisUpdate", + "zeek.ocsp.nextUpdate", + "zeek.ocsp.certStatus", + "zeek.ocsp.revokereason", + "zeek.ocsp.revoketime", + "zeek.ocsp.serialNumber", + "event.id" + ], + "sort": [], + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"query\":{\"query\":\"event.dataset:ocsp\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" + } + }, + "references": [ + { + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern", + "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" + } + ], + "migrationVersion": { + "search": "7.9.3" + } + }, + { + "id": "8f003748-a6f8-4244-9d4e-e38e4a48da4c", + "type": "search", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-12T17:35:05.414Z", + "version": "WzcxNywxXQ==", + "attributes": { + "title": "Notices - Logs", + "description": "", + "hits": 0, + "columns": [ + "rule.category", + "rule.name", + "zeek.notice.msg", + "source.ip", + "destination.ip", + "event.id" + ], + "sort": [ + [ + "MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER", + "desc" + ] + ], + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"event.provider:zeek AND event.dataset:notice\",\"default_field\":\"*\"}}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" + } + }, + "references": [ + { + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern", + "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" + } + ], + "migrationVersion": { + "search": "7.9.3" + } + } + ] } \ No newline at end of file diff --git a/dashboards/dashboards/03207c00-d07e-11ec-b4a7-d1b4003706b7.json b/dashboards/dashboards/03207c00-d07e-11ec-b4a7-d1b4003706b7.json index d8a072135..8784f04c2 100644 --- a/dashboards/dashboards/03207c00-d07e-11ec-b4a7-d1b4003706b7.json +++ b/dashboards/dashboards/03207c00-d07e-11ec-b4a7-d1b4003706b7.json @@ -1,384 +1,384 @@ -{ - "version": "1.3.1", - "objects": [ - { - "id": "03207c00-d07e-11ec-b4a7-d1b4003706b7", - "type": "dashboard", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-10T16:42:42.241Z", - "version": "WzEyMTAsMV0=", - "attributes": { - "title": "GENISYS", - "hits": 0, - "description": "Dashboard for the GENISYS Protocol", - "panelsJSON": "[{\"version\":\"1.3.1\",\"gridData\":{\"h\":28,\"i\":\"1\",\"w\":8,\"x\":0,\"y\":0},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"1.3.1\",\"gridData\":{\"h\":10,\"i\":\"58856fb7-efd0-4246-9dc9-d8b0d5c3fcba\",\"w\":8,\"x\":8,\"y\":0},\"panelIndex\":\"58856fb7-efd0-4246-9dc9-d8b0d5c3fcba\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"1.3.1\",\"gridData\":{\"h\":10,\"i\":\"c078d6a7-456e-4fed-80c6-f36123c3ba82\",\"w\":32,\"x\":16,\"y\":0},\"panelIndex\":\"c078d6a7-456e-4fed-80c6-f36123c3ba82\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"1.3.1\",\"gridData\":{\"h\":18,\"i\":\"c04b22a5-6b7e-4c18-8172-d39ec8549e4a\",\"w\":8,\"x\":8,\"y\":10},\"panelIndex\":\"c04b22a5-6b7e-4c18-8172-d39ec8549e4a\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"1.3.1\",\"gridData\":{\"h\":18,\"i\":\"4da40cc7-ad85-4dd1-88cf-8b207995c932\",\"w\":12,\"x\":16,\"y\":10},\"panelIndex\":\"4da40cc7-ad85-4dd1-88cf-8b207995c932\",\"embeddableConfig\":{\"table\":null,\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}},\"panelRefName\":\"panel_4\"},{\"version\":\"1.3.1\",\"gridData\":{\"h\":18,\"i\":\"74347ef4-7a00-4d8f-a172-120339fd5e30\",\"w\":20,\"x\":28,\"y\":10},\"panelIndex\":\"74347ef4-7a00-4d8f-a172-120339fd5e30\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"1.3.1\",\"gridData\":{\"h\":18,\"i\":\"40ffbd38-1edc-4493-b313-6f65729cbe70\",\"w\":16,\"x\":0,\"y\":28},\"panelIndex\":\"40ffbd38-1edc-4493-b313-6f65729cbe70\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":true}},\"panelRefName\":\"panel_6\"},{\"version\":\"1.3.1\",\"gridData\":{\"h\":18,\"i\":\"2cb13858-f268-4cd4-8207-3932c70dc83a\",\"w\":12,\"x\":16,\"y\":28},\"panelIndex\":\"2cb13858-f268-4cd4-8207-3932c70dc83a\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}},\"table\":null},\"panelRefName\":\"panel_7\"},{\"version\":\"1.3.1\",\"gridData\":{\"h\":18,\"i\":\"7aabaf8b-4a54-48df-ac8e-c732327f420e\",\"w\":20,\"x\":28,\"y\":28},\"panelIndex\":\"7aabaf8b-4a54-48df-ac8e-c732327f420e\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"1.3.1\",\"gridData\":{\"h\":31,\"i\":\"6b987e44-72f1-4e33-9fa3-cb21c7313829\",\"w\":48,\"x\":0,\"y\":46},\"panelIndex\":\"6b987e44-72f1-4e33-9fa3-cb21c7313829\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"}]", - "optionsJSON": "{\"useMargins\":true}", - "version": 1, - "timeRestore": false, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[]}" - } - }, - "references": [ - { - "name": "panel_0", - "type": "visualization", - "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3" - }, - { - "name": "panel_1", - "type": "visualization", - "id": "49c385d0-d07e-11ec-b4a7-d1b4003706b7" - }, - { - "name": "panel_2", - "type": "visualization", - "id": "69d164f0-d07e-11ec-b4a7-d1b4003706b7" - }, - { - "name": "panel_3", - "type": "visualization", - "id": "0a22a770-d07f-11ec-b4a7-d1b4003706b7" - }, - { - "name": "panel_4", - "type": "visualization", - "id": "2e04e720-d07f-11ec-b4a7-d1b4003706b7" - }, - { - "name": "panel_5", - "type": "visualization", - "id": "967c1120-d07f-11ec-b4a7-d1b4003706b7" - }, - { - "name": "panel_6", - "type": "visualization", - "id": "a01ec2f0-d07e-11ec-b4a7-d1b4003706b7" - }, - { - "name": "panel_7", - "type": "visualization", - "id": "5858c780-d07f-11ec-b4a7-d1b4003706b7" - }, - { - "name": "panel_8", - "type": "visualization", - "id": "d81128f0-d07f-11ec-b4a7-d1b4003706b7" - }, - { - "name": "panel_9", - "type": "search", - "id": "f296a0d0-d07d-11ec-b4a7-d1b4003706b7" - } - ], - "migrationVersion": { - "dashboard": "7.9.3" - } - }, - { - "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-10T16:07:16.116Z", - "version": "Wzc5NSwxXQ==", - "attributes": { - "title": "Network Logs", - "visState": "{\"title\":\"Network Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576) \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405) \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf) \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330) \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4) \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed) \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714) \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3) \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85) \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11) \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f) \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b) \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1) \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed) \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5) \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f) \\n[↪ NetBox](/netbox/) \\n[↪ Arkime](/arkime/) \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406) ● [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e) ● [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9) ● [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48) ● [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) ● [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3) ● [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673) ● [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24) ● [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105) ● [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6) ● [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37) ● [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586) ● [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0) ● [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c) ● [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970) ● [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0) ● [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26) ● [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa) ● [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773) ● [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f) ● [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab) ● [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238) ● [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3) ● [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd) ● [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d) ● [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88) ● [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2) ● [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194) ● [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad) ● [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3) ● [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4) ● [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194) ● [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7) ● [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8) ● [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4) ● [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194) ● [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194) ● [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4) ● [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}", - "uiStateJSON": "{}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}" - } - }, - "references": [], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "49c385d0-d07e-11ec-b4a7-d1b4003706b7", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-10T16:28:56.364Z", - "version": "WzEwOTksMV0=", - "attributes": { - "title": "GENISYS - Log Count", - "visState": "{\"title\":\"GENISYS - Log Count\",\"type\":\"metric\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"\"},\"schema\":\"metric\"}],\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":false},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":48}}}}", - "uiStateJSON": "{}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "f296a0d0-d07d-11ec-b4a7-d1b4003706b7" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "69d164f0-d07e-11ec-b4a7-d1b4003706b7", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-10T16:29:50.143Z", - "version": "WzExMDYsMV0=", - "attributes": { - "title": "GENISYS - Log Count Over Time", - "visState": "{\"title\":\"GENISYS - Log Count Over Time\",\"type\":\"histogram\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\" \"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"params\":{\"field\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER\",\"timeRange\":{\"from\":\"now-15y\",\"to\":\"now\"},\"useNormalizedOpenSearchInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\" \"},\"schema\":\"segment\"}],\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\" \"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\" \",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}", - "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "f296a0d0-d07d-11ec-b4a7-d1b4003706b7" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "0a22a770-d07f-11ec-b4a7-d1b4003706b7", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-10T16:34:19.111Z", - "version": "WzExMzQsMV0=", - "attributes": { - "title": "GENISYS - Station Address", - "visState": "{\"title\":\"GENISYS - Station Address\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.genisys.server\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Station Address\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "f296a0d0-d07d-11ec-b4a7-d1b4003706b7" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "2e04e720-d07f-11ec-b4a7-d1b4003706b7", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-10T16:35:19.314Z", - "version": "WzExNDQsMV0=", - "attributes": { - "title": "GENISYS - Source", - "visState": "{\"title\":\"GENISYS - Source\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "f296a0d0-d07d-11ec-b4a7-d1b4003706b7" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "967c1120-d07f-11ec-b4a7-d1b4003706b7", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-10T16:38:14.578Z", - "version": "WzExNzcsMV0=", - "attributes": { - "title": "GENISYS - Action", - "visState": "{\"title\":\"GENISYS - Action\",\"type\":\"horizontal_bar\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\" \"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Control Character\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\" \"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\" \",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}", - "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "f296a0d0-d07d-11ec-b4a7-d1b4003706b7" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "a01ec2f0-d07e-11ec-b4a7-d1b4003706b7", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-10T16:32:07.893Z", - "version": "WzExMjYsMV0=", - "attributes": { - "title": "GENISYS - Message Direction", - "visState": "{\"title\":\"GENISYS - Message Direction\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.genisys.direction\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Direction\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}", - "uiStateJSON": "{\"vis\":{\"legendOpen\":true}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "f296a0d0-d07d-11ec-b4a7-d1b4003706b7" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "5858c780-d07f-11ec-b4a7-d1b4003706b7", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-10T16:36:30.327Z", - "version": "WzExNTksMV0=", - "attributes": { - "title": "GENISYS - Destination", - "visState": "{\"title\":\"GENISYS - Destination\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Port\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "f296a0d0-d07d-11ec-b4a7-d1b4003706b7" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "d81128f0-d07f-11ec-b4a7-d1b4003706b7", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-10T16:40:04.607Z", - "version": "WzExOTksMV0=", - "attributes": { - "title": "GENISYS - Result", - "visState": "{\"title\":\"GENISYS - Result\",\"type\":\"horizontal_bar\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\" \"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.result\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Control Character\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\" \"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\" \",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}", - "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "f296a0d0-d07d-11ec-b4a7-d1b4003706b7" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "f296a0d0-d07d-11ec-b4a7-d1b4003706b7", - "type": "search", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-10T16:26:30.108Z", - "version": "WzEwMTUsMV0=", - "attributes": { - "title": "GENISYS - Logs", - "description": "", - "hits": 0, - "columns": [ - "source.ip", - "source.port", - "destination.ip", - "destination.port", - "zeek.genisys.server", - "event.action", - "event.result", - "zeek.genisys.payload", - "event.id" - ], - "sort": [], - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"query\":{\"query\":\"event.provider:zeek AND event.dataset:genisys\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" - } - }, - "references": [ - { - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern", - "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" - } - ], - "migrationVersion": { - "search": "7.9.3" - } - } - ] +{ + "version": "1.3.1", + "objects": [ + { + "id": "03207c00-d07e-11ec-b4a7-d1b4003706b7", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-10T16:42:42.241Z", + "version": "WzEyMTAsMV0=", + "attributes": { + "title": "GENISYS", + "hits": 0, + "description": "Dashboard for the GENISYS Protocol", + "panelsJSON": "[{\"version\":\"1.3.1\",\"gridData\":{\"h\":28,\"i\":\"1\",\"w\":8,\"x\":0,\"y\":0},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"1.3.1\",\"gridData\":{\"h\":10,\"i\":\"58856fb7-efd0-4246-9dc9-d8b0d5c3fcba\",\"w\":8,\"x\":8,\"y\":0},\"panelIndex\":\"58856fb7-efd0-4246-9dc9-d8b0d5c3fcba\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"1.3.1\",\"gridData\":{\"h\":10,\"i\":\"c078d6a7-456e-4fed-80c6-f36123c3ba82\",\"w\":32,\"x\":16,\"y\":0},\"panelIndex\":\"c078d6a7-456e-4fed-80c6-f36123c3ba82\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"1.3.1\",\"gridData\":{\"h\":18,\"i\":\"c04b22a5-6b7e-4c18-8172-d39ec8549e4a\",\"w\":8,\"x\":8,\"y\":10},\"panelIndex\":\"c04b22a5-6b7e-4c18-8172-d39ec8549e4a\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"1.3.1\",\"gridData\":{\"h\":18,\"i\":\"4da40cc7-ad85-4dd1-88cf-8b207995c932\",\"w\":12,\"x\":16,\"y\":10},\"panelIndex\":\"4da40cc7-ad85-4dd1-88cf-8b207995c932\",\"embeddableConfig\":{\"table\":null,\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}},\"panelRefName\":\"panel_4\"},{\"version\":\"1.3.1\",\"gridData\":{\"h\":18,\"i\":\"74347ef4-7a00-4d8f-a172-120339fd5e30\",\"w\":20,\"x\":28,\"y\":10},\"panelIndex\":\"74347ef4-7a00-4d8f-a172-120339fd5e30\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"1.3.1\",\"gridData\":{\"h\":18,\"i\":\"40ffbd38-1edc-4493-b313-6f65729cbe70\",\"w\":16,\"x\":0,\"y\":28},\"panelIndex\":\"40ffbd38-1edc-4493-b313-6f65729cbe70\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":true}},\"panelRefName\":\"panel_6\"},{\"version\":\"1.3.1\",\"gridData\":{\"h\":18,\"i\":\"2cb13858-f268-4cd4-8207-3932c70dc83a\",\"w\":12,\"x\":16,\"y\":28},\"panelIndex\":\"2cb13858-f268-4cd4-8207-3932c70dc83a\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}},\"table\":null},\"panelRefName\":\"panel_7\"},{\"version\":\"1.3.1\",\"gridData\":{\"h\":18,\"i\":\"7aabaf8b-4a54-48df-ac8e-c732327f420e\",\"w\":20,\"x\":28,\"y\":28},\"panelIndex\":\"7aabaf8b-4a54-48df-ac8e-c732327f420e\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"1.3.1\",\"gridData\":{\"h\":31,\"i\":\"6b987e44-72f1-4e33-9fa3-cb21c7313829\",\"w\":48,\"x\":0,\"y\":46},\"panelIndex\":\"6b987e44-72f1-4e33-9fa3-cb21c7313829\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"}]", + "optionsJSON": "{\"useMargins\":true}", + "version": 1, + "timeRestore": false, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[]}" + } + }, + "references": [ + { + "name": "panel_0", + "type": "visualization", + "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3" + }, + { + "name": "panel_1", + "type": "visualization", + "id": "49c385d0-d07e-11ec-b4a7-d1b4003706b7" + }, + { + "name": "panel_2", + "type": "visualization", + "id": "69d164f0-d07e-11ec-b4a7-d1b4003706b7" + }, + { + "name": "panel_3", + "type": "visualization", + "id": "0a22a770-d07f-11ec-b4a7-d1b4003706b7" + }, + { + "name": "panel_4", + "type": "visualization", + "id": "2e04e720-d07f-11ec-b4a7-d1b4003706b7" + }, + { + "name": "panel_5", + "type": "visualization", + "id": "967c1120-d07f-11ec-b4a7-d1b4003706b7" + }, + { + "name": "panel_6", + "type": "visualization", + "id": "a01ec2f0-d07e-11ec-b4a7-d1b4003706b7" + }, + { + "name": "panel_7", + "type": "visualization", + "id": "5858c780-d07f-11ec-b4a7-d1b4003706b7" + }, + { + "name": "panel_8", + "type": "visualization", + "id": "d81128f0-d07f-11ec-b4a7-d1b4003706b7" + }, + { + "name": "panel_9", + "type": "search", + "id": "f296a0d0-d07d-11ec-b4a7-d1b4003706b7" + } + ], + "migrationVersion": { + "dashboard": "7.9.3" + } + }, + { + "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-10T16:07:16.116Z", + "version": "Wzc5NSwxXQ==", + "attributes": { + "title": "Network Logs", + "visState": "{\"title\":\"Network Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576) \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405) \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf) \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330) \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4) \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed) \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714) \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3) \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85) \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11) \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f) \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b) \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1) \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed) \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5) \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f) \\n[↪ NetBox](/netbox/) \\n[↪ Arkime](/arkime/) \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406) ● [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e) ● [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9) ● [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48) ● [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) ● [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3) ● [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673) ● [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24) ● [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105) ● [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6) ● [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37) ● [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586) ● [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0) ● [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c) ● [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970) ● [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0) ● [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26) ● [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa) ● [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773) ● [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f) ● [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab) ● [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238) ● [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3) ● [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd) ● [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d) ● [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88) ● [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2) ● [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194) ● [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad) ● [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3) ● [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4) ● [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194) ● [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7) ● [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8) ● [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4) ● [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194) ● [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194) ● [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4) ● [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}", + "uiStateJSON": "{}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}" + } + }, + "references": [], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "49c385d0-d07e-11ec-b4a7-d1b4003706b7", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-10T16:28:56.364Z", + "version": "WzEwOTksMV0=", + "attributes": { + "title": "GENISYS - Log Count", + "visState": "{\"title\":\"GENISYS - Log Count\",\"type\":\"metric\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"\"},\"schema\":\"metric\"}],\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":false},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":48}}}}", + "uiStateJSON": "{}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "f296a0d0-d07d-11ec-b4a7-d1b4003706b7" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "69d164f0-d07e-11ec-b4a7-d1b4003706b7", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-10T16:29:50.143Z", + "version": "WzExMDYsMV0=", + "attributes": { + "title": "GENISYS - Log Count Over Time", + "visState": "{\"title\":\"GENISYS - Log Count Over Time\",\"type\":\"histogram\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\" \"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"params\":{\"field\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER\",\"timeRange\":{\"from\":\"now-15y\",\"to\":\"now\"},\"useNormalizedOpenSearchInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\" \"},\"schema\":\"segment\"}],\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\" \"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\" \",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}", + "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "f296a0d0-d07d-11ec-b4a7-d1b4003706b7" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "0a22a770-d07f-11ec-b4a7-d1b4003706b7", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-10T16:34:19.111Z", + "version": "WzExMzQsMV0=", + "attributes": { + "title": "GENISYS - Station Address", + "visState": "{\"title\":\"GENISYS - Station Address\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.genisys.server\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":255,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Station Address\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "f296a0d0-d07d-11ec-b4a7-d1b4003706b7" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "2e04e720-d07f-11ec-b4a7-d1b4003706b7", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-10T16:35:19.314Z", + "version": "WzExNDQsMV0=", + "attributes": { + "title": "GENISYS - Source", + "visState": "{\"title\":\"GENISYS - Source\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "f296a0d0-d07d-11ec-b4a7-d1b4003706b7" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "967c1120-d07f-11ec-b4a7-d1b4003706b7", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-10T16:38:14.578Z", + "version": "WzExNzcsMV0=", + "attributes": { + "title": "GENISYS - Action", + "visState": "{\"title\":\"GENISYS - Action\",\"type\":\"horizontal_bar\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\" \"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Control Character\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\" \"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\" \",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}", + "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "f296a0d0-d07d-11ec-b4a7-d1b4003706b7" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "a01ec2f0-d07e-11ec-b4a7-d1b4003706b7", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-10T16:32:07.893Z", + "version": "WzExMjYsMV0=", + "attributes": { + "title": "GENISYS - Message Direction", + "visState": "{\"title\":\"GENISYS - Message Direction\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.genisys.direction\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Direction\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}", + "uiStateJSON": "{\"vis\":{\"legendOpen\":true}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "f296a0d0-d07d-11ec-b4a7-d1b4003706b7" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "5858c780-d07f-11ec-b4a7-d1b4003706b7", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-10T16:36:30.327Z", + "version": "WzExNTksMV0=", + "attributes": { + "title": "GENISYS - Destination", + "visState": "{\"title\":\"GENISYS - Destination\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Port\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "f296a0d0-d07d-11ec-b4a7-d1b4003706b7" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "d81128f0-d07f-11ec-b4a7-d1b4003706b7", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-10T16:40:04.607Z", + "version": "WzExOTksMV0=", + "attributes": { + "title": "GENISYS - Result", + "visState": "{\"title\":\"GENISYS - Result\",\"type\":\"horizontal_bar\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\" \"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.result\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Control Character\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\" \"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\" \",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}", + "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "f296a0d0-d07d-11ec-b4a7-d1b4003706b7" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "f296a0d0-d07d-11ec-b4a7-d1b4003706b7", + "type": "search", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-10T16:26:30.108Z", + "version": "WzEwMTUsMV0=", + "attributes": { + "title": "GENISYS - Logs", + "description": "", + "hits": 0, + "columns": [ + "source.ip", + "source.port", + "destination.ip", + "destination.port", + "zeek.genisys.server", + "event.action", + "event.result", + "zeek.genisys.payload", + "event.id" + ], + "sort": [], + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"query\":{\"query\":\"event.provider:zeek AND event.dataset:genisys\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" + } + }, + "references": [ + { + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern", + "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" + } + ], + "migrationVersion": { + "search": "7.9.3" + } + } + ] } \ No newline at end of file diff --git a/dashboards/dashboards/05e3e000-f118-11e9-acda-83a8e29e1a24.json b/dashboards/dashboards/05e3e000-f118-11e9-acda-83a8e29e1a24.json index 637a75e74..8c6b70b09 100644 --- a/dashboards/dashboards/05e3e000-f118-11e9-acda-83a8e29e1a24.json +++ b/dashboards/dashboards/05e3e000-f118-11e9-acda-83a8e29e1a24.json @@ -191,7 +191,7 @@ "version": "WzIwMiwxXQ==", "attributes": { "title": "LDAP - Source IP", - "visState": "{\"title\":\"LDAP - Source IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"}}]}", + "visState": "{\"title\":\"LDAP - Source IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"size\":200,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, @@ -221,7 +221,7 @@ "version": "WzExNDEsMV0=", "attributes": { "title": "LDAP - Destination IP", - "visState": "{\"title\":\"LDAP - Destination IP\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Port\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"LDAP - Destination IP\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Port\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -281,7 +281,7 @@ "version": "WzE1MzgsMV0=", "attributes": { "title": "LDAP - Bind", - "visState": "{\"title\":\"LDAP - Bind\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.protocol_version\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Version\"},\"schema\":\"bucket\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Method\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.ldap.object\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Object/Mechanism\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.result\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Result\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"LDAP - Bind\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.protocol_version\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Version\"},\"schema\":\"bucket\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Method\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.ldap.object\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Object/Mechanism\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.result\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Result\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":4,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -341,7 +341,7 @@ "version": "WzEzMzUsMV0=", "attributes": { "title": "LDAP - Result Code", - "visState": "{\"title\":\"LDAP - Result Code\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.result\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"-\",\"customLabel\":\"Result Code\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"LDAP - Result Code\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.result\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"-\",\"customLabel\":\"Result Code\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -371,7 +371,7 @@ "version": "WzEyOTksMV0=", "attributes": { "title": "LDAP - Operation", - "visState": "{\"title\":\"LDAP - Operation\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Operation\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"LDAP - Operation\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":199,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Operation\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b.json b/dashboards/dashboards/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b.json index 5d3134ff7..51de061f4 100644 --- a/dashboards/dashboards/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b.json +++ b/dashboards/dashboards/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b.json @@ -139,7 +139,7 @@ "updated_at": "2021-02-10T21:24:07.693Z", "version": "WzgzLDFd", "attributes": { - "visState": "{\"title\":\"FTP - Argument\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.ftp.arg\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Argument\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"FTP - Argument\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.ftp.arg\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Argument\"}}],\"listeners\":{}}", "description": "", "title": "FTP - Argument", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -170,7 +170,7 @@ "version": "Wzg0LDFd", "attributes": { "title": "FTP - Commands and Replies", - "visState": "{\"title\":\"FTP - Commands and Replies\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":4,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"event.action: Descending\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"zeek.ftp.reply_code: Descending\",\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Reply Message\",\"aggType\":\"terms\"},{\"accessor\":3,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"event.result: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Action\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.ftp.reply_code\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Reply Code\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.ftp.reply_msg\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Reply\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Reply Message\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.result\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Result\"}}]}", + "visState": "{\"title\":\"FTP - Commands and Replies\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":4,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"event.action: Descending\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"zeek.ftp.reply_code: Descending\",\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Reply Message\",\"aggType\":\"terms\"},{\"accessor\":3,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"event.result: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Action\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.ftp.reply_code\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Reply Code\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.ftp.reply_msg\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Reply\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Reply Message\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.result\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Result\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":4,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -230,7 +230,7 @@ "version": "Wzg2LDFd", "attributes": { "title": "FTP - Source", - "visState": "{\"title\":\"FTP - Source\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"}}]}", + "visState": "{\"title\":\"FTP - Source\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, @@ -260,7 +260,7 @@ "version": "Wzg3LDFd", "attributes": { "title": "FTP - Destination", - "visState": "{\"title\":\"FTP - Destination\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"IP Address\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"destination.port: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Port\"}}]}", + "visState": "{\"title\":\"FTP - Destination\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"IP Address\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"destination.port: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Port\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -289,7 +289,7 @@ "updated_at": "2021-02-10T21:24:07.693Z", "version": "Wzg4LDFd", "attributes": { - "visState": "{\"title\":\"FTP - Username\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"related.user\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Username\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"FTP - Username\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"related.user\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Username\"}}],\"listeners\":{}}", "description": "", "title": "FTP - Username", "uiStateJSON": "{\n \"vis\": {\n \"params\": {\n \"sort\": {\n \"columnIndex\": null,\n \"direction\": null\n }\n }\n }\n}", diff --git a/dashboards/dashboards/0a490422-0ce9-44bf-9a2d-19329ddde8c3.json b/dashboards/dashboards/0a490422-0ce9-44bf-9a2d-19329ddde8c3.json index 8e4a304bf..f108ed7e2 100644 --- a/dashboards/dashboards/0a490422-0ce9-44bf-9a2d-19329ddde8c3.json +++ b/dashboards/dashboards/0a490422-0ce9-44bf-9a2d-19329ddde8c3.json @@ -200,7 +200,7 @@ "version": "WzEzMjAsMV0=", "attributes": { "title": "PE - Section Name", - "visState": "{\"title\":\"PE - Section Name\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.pe.section_names\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Section Name\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"PE - Section Name\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.pe.section_names\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Section Name\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, @@ -229,7 +229,7 @@ "updated_at": "2021-11-16T20:40:06.406Z", "version": "WzIwOSwxXQ==", "attributes": { - "visState": "{\"title\":\"PE - Machine\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.pe.machine\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Machine\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"PE - Machine\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.pe.machine\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Machine\"}}],\"listeners\":{}}", "description": "", "title": "PE - Machine", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -290,7 +290,7 @@ "version": "WzIxMSwxXQ==", "attributes": { "title": "Capa Signatures", - "visState": "{\"title\":\"Capa Signatures\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"rule.name: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.name\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Signature\"}}]}", + "visState": "{\"title\":\"Capa Signatures\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"rule.name: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Signature\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/0ad3d7c2-3441-485e-9dfe-dbb22e84e576.json b/dashboards/dashboards/0ad3d7c2-3441-485e-9dfe-dbb22e84e576.json index 843c61a85..a72287382 100644 --- a/dashboards/dashboards/0ad3d7c2-3441-485e-9dfe-dbb22e84e576.json +++ b/dashboards/dashboards/0ad3d7c2-3441-485e-9dfe-dbb22e84e576.json @@ -1,470 +1,470 @@ -{ - "version": "1.3.1", - "objects": [ - { - "id": "0ad3d7c2-3441-485e-9dfe-dbb22e84e576", - "type": "dashboard", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-04T20:30:33.149Z", - "version": "WzEzNjIsMV0=", - "attributes": { - "title": "Overview", - "hits": 0, - "description": "", - "panelsJSON": "[{\"embeddableConfig\":{},\"gridData\":{\"h\":31,\"i\":\"1\",\"w\":8,\"x\":0,\"y\":0},\"panelIndex\":\"1\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{\"table\":null,\"vis\":{\"legendOpen\":true}},\"gridData\":{\"h\":13,\"i\":\"12\",\"w\":21,\"x\":27,\"y\":0},\"panelIndex\":\"12\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":18,\"i\":\"19\",\"w\":36,\"x\":0,\"y\":31},\"panelIndex\":\"19\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"asc\"}},\"table\":null,\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}},\"gridData\":{\"h\":18,\"i\":\"21\",\"w\":14,\"x\":8,\"y\":13},\"panelIndex\":\"21\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":13,\"i\":\"32\",\"w\":7,\"x\":8,\"y\":0},\"panelIndex\":\"32\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}},\"gridData\":{\"h\":18,\"i\":\"43\",\"w\":12,\"x\":36,\"y\":31},\"panelIndex\":\"43\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{\"table\":null,\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}},\"gridData\":{\"h\":13,\"i\":\"4f869578-b143-4103-8804-f8b59688a5dd\",\"w\":12,\"x\":15,\"y\":0},\"panelIndex\":\"4f869578-b143-4103-8804-f8b59688a5dd\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"asc\"}},\"table\":null,\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}},\"gridData\":{\"h\":18,\"i\":\"2aab2ae5-2520-4b78-9735-04c32b22b71e\",\"w\":11,\"x\":22,\"y\":13},\"panelIndex\":\"2aab2ae5-2520-4b78-9735-04c32b22b71e\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":18,\"i\":\"f92ea81f-8f7e-4a79-abde-e5d8aaf7a39a\",\"w\":15,\"x\":33,\"y\":13},\"panelIndex\":\"f92ea81f-8f7e-4a79-abde-e5d8aaf7a39a\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_8\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":27,\"i\":\"4c077648-488a-4fd8-9fcd-3042ec1bfa4d\",\"w\":48,\"x\":0,\"y\":49},\"panelIndex\":\"4c077648-488a-4fd8-9fcd-3042ec1bfa4d\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_9\"}]", - "optionsJSON": "{\"useMargins\":true}", - "version": 1, - "timeRestore": false, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"*\"},\"filter\":[]}" - } - }, - "references": [ - { - "name": "panel_0", - "type": "visualization", - "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3" - }, - { - "name": "panel_1", - "type": "visualization", - "id": "470c6648-d66f-4fae-99af-061cab27065a" - }, - { - "name": "panel_2", - "type": "visualization", - "id": "3da52536-9455-4f8f-931a-14f4c04c636b" - }, - { - "name": "panel_3", - "type": "visualization", - "id": "f7aba7a6-4b09-4efe-ae42-68d5637212ce" - }, - { - "name": "panel_4", - "type": "visualization", - "id": "AWDGyaGxxQT5EBNmq3K9" - }, - { - "name": "panel_5", - "type": "visualization", - "id": "6ec2abe4-c3b1-4cc1-8674-e80f8aee7ec5" - }, - { - "name": "panel_6", - "type": "visualization", - "id": "74c4f480-c7dc-11ec-8c7e-e93fedca6b87" - }, - { - "name": "panel_7", - "type": "visualization", - "id": "750367f0-41f2-11ea-88fa-7151df485405" - }, - { - "name": "panel_8", - "type": "visualization", - "id": "f38b3bd0-afd3-11ea-adcf-8bc6d9c94a96" - }, - { - "name": "panel_9", - "type": "search", - "id": "c97bc964-5319-41e7-ad22-db28156a2ac1" - } - ], - "migrationVersion": { - "dashboard": "7.9.3" - } - }, - { - "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-04T20:07:16.386Z", - "version": "Wzc5NSwxXQ==", - "attributes": { - "title": "Network Logs", - "visState": "{\"title\":\"Network Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576) \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405) \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf) \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330) \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4) \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed) \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714) \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3) \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85) \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11) \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f) \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b) \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1) \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed) \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5) \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f) \\n[↪ NetBox](/netbox/) \\n[↪ Arkime](/arkime/) \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406) ● [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e) ● [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9) ● [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48) ● [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) ● [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3) ● [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673) ● [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24) ● [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105) ● [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6) ● [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37) ● [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586) ● [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0) ● [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c) ● [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970) ● [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0) ● [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26) ● [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa) ● [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773) ● [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f) ● [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab) ● [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238) ● [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3) ● [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd) ● [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d) ● [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88) ● [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2) ● [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194) ● [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad) ● [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3) ● [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4) ● [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194) ● [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7) ● [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8) ● [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4) ● [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194) ● [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194) ● [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4) ● [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}", - "uiStateJSON": "{}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}" - } - }, - "references": [], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "470c6648-d66f-4fae-99af-061cab27065a", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-04T20:06:10.844Z", - "version": "WzYxLDFd", - "attributes": { - "title": "Total Log Count Over Time", - "visState": "{\"title\":\"Total Log Count Over Time\",\"type\":\"line\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"params\":{\"field\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER\",\"timeRange\":{\"from\":\"now-25y\",\"to\":\"now\"},\"useNormalizedOpenSearchInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\" \"},\"schema\":\"segment\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.provider\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"unknown\"},\"schema\":\"group\"}],\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER per 30 seconds\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"stacked\",\"type\":\"histogram\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"type\":\"histogram\",\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}", - "uiStateJSON": "{\"vis\":{\"legendOpen\":true}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "c97bc964-5319-41e7-ad22-db28156a2ac1" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "3da52536-9455-4f8f-931a-14f4c04c636b", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-04T20:28:37.178Z", - "version": "WzEzNDcsMV0=", - "attributes": { - "title": "Connections - Service By Destination Country", - "visState": "{\"title\":\"Connections - Service By Destination Country\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.geo.country_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":8,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\" \"},\"schema\":\"split\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"},\"schema\":\"segment\"}],\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":3,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"},\"buckets\":[{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}],\"splitColumn\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"row\":false}}", - "uiStateJSON": "{\"vis\":{\"legendOpen\":true}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "f7aba7a6-4b09-4efe-ae42-68d5637212ce", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-04T20:06:10.844Z", - "version": "WzYzLDFd", - "attributes": { - "title": "Log Type", - "visState": "{\"title\":\"Log Type\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.provider\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"unknown\",\"customLabel\":\"Data Source\"},\"schema\":\"bucket\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.dataset\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Log Type\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\"}}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "c97bc964-5319-41e7-ad22-db28156a2ac1" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "AWDGyaGxxQT5EBNmq3K9", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-04T20:06:52.191Z", - "version": "WzUzMCwxXQ==", - "attributes": { - "title": "Total Number of Logs", - "visState": "{\"title\":\"Total Number of Logs\",\"type\":\"metric\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Logs\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.provider\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"unknown\",\"customLabel\":\"Data Source\"},\"schema\":\"group\"}],\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"colorSchema\":\"Green to Red\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":true,\"color\":\"black\"},\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"},\"metricColorMode\":\"None\"}}}", - "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"NOT event.provider:arkime\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" - } - }, - "references": [ - { - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern", - "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "6ec2abe4-c3b1-4cc1-8674-e80f8aee7ec5", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-04T20:06:10.844Z", - "version": "WzY1LDFd", - "attributes": { - "title": "DNS - Queries", - "visState": "{\"title\":\"DNS - Queries\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dns.query\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Query\"}}]}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "type": "search", - "name": "search_0", - "id": "0b971165-4c39-42ed-b80d-8a8f5658a38e" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "74c4f480-c7dc-11ec-8c7e-e93fedca6b87", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-04T20:06:10.844Z", - "version": "WzY2LDFd", - "attributes": { - "title": "Log Source", - "visState": "{\"title\":\"Log Source\",\"type\":\"table\",\"aggs\":[{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"-\",\"customLabel\":\"Log Source\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"max\",\"params\":{\"field\":\"event.ingested\",\"customLabel\":\"Last Ingested\"},\"schema\":\"metric\"},{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"}],\"params\":{\"perPage\":5,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" - } - }, - "references": [ - { - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern", - "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "750367f0-41f2-11ea-88fa-7151df485405", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-04T20:06:10.844Z", - "version": "WzY3LDFd", - "attributes": { - "title": "Application Protocol", - "visState": "{\"title\":\"Application Protocol\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":0,\"direction\":\"asc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Application Protocol\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Protocol Version\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Application Protocol\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"network.protocol_version\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Protocol Version\"}}]}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" - } - }, - "references": [ - { - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern", - "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "f38b3bd0-afd3-11ea-adcf-8bc6d9c94a96", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-04T20:07:05.320Z", - "version": "WzY5MywxXQ==", - "attributes": { - "title": "Actions and Results", - "visState": "{\"title\":\"Actions and Results\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":3,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Unknown\"}},\"params\":{},\"label\":\"Protocol\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Action\",\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Result\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Protocol\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Action\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.result\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Result\"}}]}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"event.action:* OR event.result:*\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" - } - }, - "references": [ - { - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern", - "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "c97bc964-5319-41e7-ad22-db28156a2ac1", - "type": "search", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-04T20:07:16.386Z", - "version": "WzgwOCwxXQ==", - "attributes": { - "title": "All Logs", - "description": "", - "hits": 0, - "columns": [ - "event.provider", - "event.dataset", - "network.protocol", - "event.action", - "event.result", - "source.ip", - "destination.ip", - "destination.port", - "event.id" - ], - "sort": [ - [ - "MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER", - "desc" - ] - ], - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"filter\":[],\"query\":{\"query\":\"NOT event.provider:arkime\",\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" - } - }, - "references": [ - { - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern", - "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" - } - ], - "migrationVersion": { - "search": "7.9.3" - } - }, - { - "id": "52570870-e9d4-444f-a3df-e44c6757ed9f", - "type": "search", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-04T20:07:13.356Z", - "version": "Wzc3MCwxXQ==", - "attributes": { - "title": "Connections - Logs", - "description": "", - "hits": 0, - "columns": [ - "network.transport", - "network.protocol", - "source.ip", - "source.port", - "destination.ip", - "destination.port", - "network.bytes", - "event.id" - ], - "sort": [ - [ - "MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER", - "desc" - ] - ], - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"filter\":[],\"query\":{\"query\":{\"query_string\":{\"query\":\"(event.provider:zeek AND event.dataset:conn) OR (event.provider:suricata AND event.dataset:flow)\",\"analyze_wildcard\":true}},\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" - } - }, - "references": [ - { - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern", - "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" - } - ], - "migrationVersion": { - "search": "7.9.3" - } - }, - { - "id": "0b971165-4c39-42ed-b80d-8a8f5658a38e", - "type": "search", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-04T20:06:49.169Z", - "version": "WzUwOCwxXQ==", - "attributes": { - "title": "DNS - Logs", - "description": "", - "hits": 0, - "columns": [ - "source.ip", - "destination.ip", - "zeek.dns.query", - "zeek.dns.answers", - "event.id" - ], - "sort": [ - [ - "MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER", - "desc" - ] - ], - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"event.dataset:dns\"}}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" - } - }, - "references": [ - { - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern", - "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" - } - ], - "migrationVersion": { - "search": "7.9.3" - } - } - ] +{ + "version": "1.3.1", + "objects": [ + { + "id": "0ad3d7c2-3441-485e-9dfe-dbb22e84e576", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-04T20:30:33.149Z", + "version": "WzEzNjIsMV0=", + "attributes": { + "title": "Overview", + "hits": 0, + "description": "", + "panelsJSON": "[{\"embeddableConfig\":{},\"gridData\":{\"h\":31,\"i\":\"1\",\"w\":8,\"x\":0,\"y\":0},\"panelIndex\":\"1\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{\"table\":null,\"vis\":{\"legendOpen\":true}},\"gridData\":{\"h\":13,\"i\":\"12\",\"w\":21,\"x\":27,\"y\":0},\"panelIndex\":\"12\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":18,\"i\":\"19\",\"w\":36,\"x\":0,\"y\":31},\"panelIndex\":\"19\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"asc\"}},\"table\":null,\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}},\"gridData\":{\"h\":18,\"i\":\"21\",\"w\":14,\"x\":8,\"y\":13},\"panelIndex\":\"21\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":13,\"i\":\"32\",\"w\":7,\"x\":8,\"y\":0},\"panelIndex\":\"32\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}},\"gridData\":{\"h\":18,\"i\":\"43\",\"w\":12,\"x\":36,\"y\":31},\"panelIndex\":\"43\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{\"table\":null,\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}},\"gridData\":{\"h\":13,\"i\":\"4f869578-b143-4103-8804-f8b59688a5dd\",\"w\":12,\"x\":15,\"y\":0},\"panelIndex\":\"4f869578-b143-4103-8804-f8b59688a5dd\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"asc\"}},\"table\":null,\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}},\"gridData\":{\"h\":18,\"i\":\"2aab2ae5-2520-4b78-9735-04c32b22b71e\",\"w\":11,\"x\":22,\"y\":13},\"panelIndex\":\"2aab2ae5-2520-4b78-9735-04c32b22b71e\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":18,\"i\":\"f92ea81f-8f7e-4a79-abde-e5d8aaf7a39a\",\"w\":15,\"x\":33,\"y\":13},\"panelIndex\":\"f92ea81f-8f7e-4a79-abde-e5d8aaf7a39a\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_8\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":27,\"i\":\"4c077648-488a-4fd8-9fcd-3042ec1bfa4d\",\"w\":48,\"x\":0,\"y\":49},\"panelIndex\":\"4c077648-488a-4fd8-9fcd-3042ec1bfa4d\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_9\"}]", + "optionsJSON": "{\"useMargins\":true}", + "version": 1, + "timeRestore": false, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"*\"},\"filter\":[]}" + } + }, + "references": [ + { + "name": "panel_0", + "type": "visualization", + "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3" + }, + { + "name": "panel_1", + "type": "visualization", + "id": "470c6648-d66f-4fae-99af-061cab27065a" + }, + { + "name": "panel_2", + "type": "visualization", + "id": "3da52536-9455-4f8f-931a-14f4c04c636b" + }, + { + "name": "panel_3", + "type": "visualization", + "id": "f7aba7a6-4b09-4efe-ae42-68d5637212ce" + }, + { + "name": "panel_4", + "type": "visualization", + "id": "AWDGyaGxxQT5EBNmq3K9" + }, + { + "name": "panel_5", + "type": "visualization", + "id": "6ec2abe4-c3b1-4cc1-8674-e80f8aee7ec5" + }, + { + "name": "panel_6", + "type": "visualization", + "id": "74c4f480-c7dc-11ec-8c7e-e93fedca6b87" + }, + { + "name": "panel_7", + "type": "visualization", + "id": "750367f0-41f2-11ea-88fa-7151df485405" + }, + { + "name": "panel_8", + "type": "visualization", + "id": "f38b3bd0-afd3-11ea-adcf-8bc6d9c94a96" + }, + { + "name": "panel_9", + "type": "search", + "id": "c97bc964-5319-41e7-ad22-db28156a2ac1" + } + ], + "migrationVersion": { + "dashboard": "7.9.3" + } + }, + { + "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-04T20:07:16.386Z", + "version": "Wzc5NSwxXQ==", + "attributes": { + "title": "Network Logs", + "visState": "{\"title\":\"Network Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576) \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405) \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf) \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330) \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4) \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed) \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714) \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3) \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85) \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11) \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f) \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b) \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1) \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed) \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5) \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f) \\n[↪ NetBox](/netbox/) \\n[↪ Arkime](/arkime/) \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406) ● [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e) ● [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9) ● [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48) ● [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) ● [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3) ● [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673) ● [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24) ● [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105) ● [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6) ● [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37) ● [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586) ● [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0) ● [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c) ● [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970) ● [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0) ● [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26) ● [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa) ● [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773) ● [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f) ● [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab) ● [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238) ● [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3) ● [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd) ● [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d) ● [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88) ● [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2) ● [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194) ● [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad) ● [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3) ● [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4) ● [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194) ● [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7) ● [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8) ● [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4) ● [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194) ● [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194) ● [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4) ● [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}", + "uiStateJSON": "{}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}" + } + }, + "references": [], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "470c6648-d66f-4fae-99af-061cab27065a", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-04T20:06:10.844Z", + "version": "WzYxLDFd", + "attributes": { + "title": "Total Log Count Over Time", + "visState": "{\"title\":\"Total Log Count Over Time\",\"type\":\"line\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"params\":{\"field\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER\",\"timeRange\":{\"from\":\"now-25y\",\"to\":\"now\"},\"useNormalizedOpenSearchInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\" \"},\"schema\":\"segment\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.provider\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"unknown\"},\"schema\":\"group\"}],\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER per 30 seconds\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"stacked\",\"type\":\"histogram\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"type\":\"histogram\",\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}", + "uiStateJSON": "{\"vis\":{\"legendOpen\":true}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "c97bc964-5319-41e7-ad22-db28156a2ac1" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "3da52536-9455-4f8f-931a-14f4c04c636b", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-04T20:28:37.178Z", + "version": "WzEzNDcsMV0=", + "attributes": { + "title": "Connections - Service By Destination Country", + "visState": "{\"title\":\"Connections - Service By Destination Country\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.geo.country_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":8,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\" \"},\"schema\":\"split\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"},\"schema\":\"segment\"}],\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":3,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"},\"buckets\":[{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}],\"splitColumn\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"row\":false}}", + "uiStateJSON": "{\"vis\":{\"legendOpen\":true}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "f7aba7a6-4b09-4efe-ae42-68d5637212ce", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-04T20:06:10.844Z", + "version": "WzYzLDFd", + "attributes": { + "title": "Log Type", + "visState": "{\"title\":\"Log Type\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.provider\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"unknown\",\"customLabel\":\"Data Source\"},\"schema\":\"bucket\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.dataset\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Log Type\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\"}}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "c97bc964-5319-41e7-ad22-db28156a2ac1" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "AWDGyaGxxQT5EBNmq3K9", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-04T20:06:52.191Z", + "version": "WzUzMCwxXQ==", + "attributes": { + "title": "Total Number of Logs", + "visState": "{\"title\":\"Total Number of Logs\",\"type\":\"metric\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Logs\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.provider\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"unknown\",\"customLabel\":\"Data Source\"},\"schema\":\"group\"}],\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"colorSchema\":\"Green to Red\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":true,\"color\":\"black\"},\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"},\"metricColorMode\":\"None\"}}}", + "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"NOT event.provider:arkime\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" + } + }, + "references": [ + { + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern", + "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "6ec2abe4-c3b1-4cc1-8674-e80f8aee7ec5", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-04T20:06:10.844Z", + "version": "WzY1LDFd", + "attributes": { + "title": "DNS - Queries", + "visState": "{\"title\":\"DNS - Queries\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dns.query\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":250,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Query\"}}]}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "type": "search", + "name": "search_0", + "id": "0b971165-4c39-42ed-b80d-8a8f5658a38e" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "74c4f480-c7dc-11ec-8c7e-e93fedca6b87", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-04T20:06:10.844Z", + "version": "WzY2LDFd", + "attributes": { + "title": "Log Source", + "visState": "{\"title\":\"Log Source\",\"type\":\"table\",\"aggs\":[{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"-\",\"customLabel\":\"Log Source\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"max\",\"params\":{\"field\":\"event.ingested\",\"customLabel\":\"Last Ingested\"},\"schema\":\"metric\"},{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"}],\"params\":{\"perPage\":5,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" + } + }, + "references": [ + { + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern", + "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "750367f0-41f2-11ea-88fa-7151df485405", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-04T20:06:10.844Z", + "version": "WzY3LDFd", + "attributes": { + "title": "Application Protocol", + "visState": "{\"title\":\"Application Protocol\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":0,\"direction\":\"asc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Application Protocol\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Protocol Version\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Application Protocol\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"network.protocol_version\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Protocol Version\"}}]}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" + } + }, + "references": [ + { + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern", + "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "f38b3bd0-afd3-11ea-adcf-8bc6d9c94a96", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-04T20:07:05.320Z", + "version": "WzY5MywxXQ==", + "attributes": { + "title": "Actions and Results", + "visState": "{\"title\":\"Actions and Results\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":3,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Unknown\"}},\"params\":{},\"label\":\"Protocol\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Action\",\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Result\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Protocol\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Action\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.result\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Result\"}}]}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"event.action:* OR event.result:*\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" + } + }, + "references": [ + { + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern", + "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "c97bc964-5319-41e7-ad22-db28156a2ac1", + "type": "search", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-04T20:07:16.386Z", + "version": "WzgwOCwxXQ==", + "attributes": { + "title": "All Logs", + "description": "", + "hits": 0, + "columns": [ + "event.provider", + "event.dataset", + "network.protocol", + "event.action", + "event.result", + "source.ip", + "destination.ip", + "destination.port", + "event.id" + ], + "sort": [ + [ + "MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER", + "desc" + ] + ], + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"filter\":[],\"query\":{\"query\":\"NOT event.provider:arkime\",\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" + } + }, + "references": [ + { + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern", + "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" + } + ], + "migrationVersion": { + "search": "7.9.3" + } + }, + { + "id": "52570870-e9d4-444f-a3df-e44c6757ed9f", + "type": "search", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-04T20:07:13.356Z", + "version": "Wzc3MCwxXQ==", + "attributes": { + "title": "Connections - Logs", + "description": "", + "hits": 0, + "columns": [ + "network.transport", + "network.protocol", + "source.ip", + "source.port", + "destination.ip", + "destination.port", + "network.bytes", + "event.id" + ], + "sort": [ + [ + "MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER", + "desc" + ] + ], + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"filter\":[],\"query\":{\"query\":{\"query_string\":{\"query\":\"(event.provider:zeek AND event.dataset:conn) OR (event.provider:suricata AND event.dataset:flow)\",\"analyze_wildcard\":true}},\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" + } + }, + "references": [ + { + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern", + "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" + } + ], + "migrationVersion": { + "search": "7.9.3" + } + }, + { + "id": "0b971165-4c39-42ed-b80d-8a8f5658a38e", + "type": "search", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-04T20:06:49.169Z", + "version": "WzUwOCwxXQ==", + "attributes": { + "title": "DNS - Logs", + "description": "", + "hits": 0, + "columns": [ + "source.ip", + "destination.ip", + "zeek.dns.query", + "zeek.dns.answers", + "event.id" + ], + "sort": [ + [ + "MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER", + "desc" + ] + ], + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"event.dataset:dns\"}}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" + } + }, + "references": [ + { + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern", + "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" + } + ], + "migrationVersion": { + "search": "7.9.3" + } + } + ] } \ No newline at end of file diff --git a/dashboards/dashboards/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa.json b/dashboards/dashboards/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa.json index 4b091197a..f633eb1a8 100644 --- a/dashboards/dashboards/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa.json +++ b/dashboards/dashboards/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa.json @@ -159,7 +159,7 @@ "updated_at": "2021-02-10T21:24:11.908Z", "version": "WzE0OCwxXQ==", "attributes": { - "visState": "{\"title\":\"SIP - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"SIP - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", "description": "", "title": "SIP - Source IP Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -189,7 +189,7 @@ "updated_at": "2021-02-10T21:24:11.908Z", "version": "WzE0OSwxXQ==", "attributes": { - "visState": "{\"title\":\"SIP - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"SIP - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", "description": "", "title": "SIP - Destination IP Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -249,7 +249,7 @@ "updated_at": "2021-02-10T21:24:11.908Z", "version": "WzE1MSwxXQ==", "attributes": { - "visState": "{\"title\":\"SIP - Request Path\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.sip.request_path\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Request Path\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"SIP - Request Path\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.sip.request_path\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Request Path\"}}],\"listeners\":{}}", "description": "", "title": "SIP - Request Path", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -279,7 +279,7 @@ "updated_at": "2021-02-10T21:24:11.908Z", "version": "WzE1MiwxXQ==", "attributes": { - "visState": "{\"title\":\"SIP - URI\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.sip.uri\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"URI\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"SIP - URI\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.sip.uri\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"URI\"}}],\"listeners\":{}}", "description": "", "title": "SIP - URI", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -309,7 +309,7 @@ "updated_at": "2021-02-10T21:24:11.908Z", "version": "WzE1MywxXQ==", "attributes": { - "visState": "{\"title\":\"SIP - User Agent\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"user_agent.original\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"User Agent\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"SIP - User Agent\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"user_agent.original\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"User Agent\"}}],\"listeners\":{}}", "description": "", "title": "SIP - User Agent", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -399,7 +399,7 @@ "updated_at": "2021-02-10T21:24:11.908Z", "version": "WzE1NiwxXQ==", "attributes": { - "visState": "{\"title\":\"SIP - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"SIP - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}", "description": "", "title": "SIP - Destination Port", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -460,7 +460,7 @@ "version": "WzE1OCwxXQ==", "attributes": { "title": "SIP - Status", - "visState": "{\"title\":\"SIP - Status\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.sip.status_code\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Code\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.sip.status_msg\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Message\"}}]}", + "visState": "{\"title\":\"SIP - Status\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.sip.status_code\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Code\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.sip.status_msg\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Message\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/11be6381-beef-40a7-bdce-88c5398392fc.json b/dashboards/dashboards/11be6381-beef-40a7-bdce-88c5398392fc.json index 0c64cff0c..ebc8fcfb9 100644 --- a/dashboards/dashboards/11be6381-beef-40a7-bdce-88c5398392fc.json +++ b/dashboards/dashboards/11be6381-beef-40a7-bdce-88c5398392fc.json @@ -165,7 +165,7 @@ "version": "WzM3ODAsMV0=", "attributes": { "title": "Tunnels - Destination Address", - "visState": "{\"title\":\"Tunnels - Destination Address\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Port\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Tunnels - Destination Address\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Port\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -194,7 +194,7 @@ "updated_at": "2021-02-10T21:24:12.938Z", "version": "WzE3NSwxXQ==", "attributes": { - "visState": "{\"title\":\"Tunnels - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"Tunnels - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", "description": "", "title": "Tunnels - Source IP Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", diff --git a/dashboards/dashboards/11ddd980-e388-11e9-b568-cf17de8e860c.json b/dashboards/dashboards/11ddd980-e388-11e9-b568-cf17de8e860c.json index 62dc076d0..4660534a5 100644 --- a/dashboards/dashboards/11ddd980-e388-11e9-b568-cf17de8e860c.json +++ b/dashboards/dashboards/11ddd980-e388-11e9-b568-cf17de8e860c.json @@ -212,7 +212,7 @@ "version": "WzE5NiwxXQ==", "attributes": { "title": "QUIC - Source IP Address", - "visState": "{\"title\":\"QUIC - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"}}]}", + "visState": "{\"title\":\"QUIC - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"size\":500,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, @@ -242,7 +242,7 @@ "version": "WzE5NywxXQ==", "attributes": { "title": "QUIC - Destination IP Address", - "visState": "{\"title\":\"QUIC - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"}}]}", + "visState": "{\"title\":\"QUIC - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"size\":500,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, @@ -272,7 +272,7 @@ "version": "WzE5OCwxXQ==", "attributes": { "title": "QUIC - User Agent", - "visState": "{\"title\":\"QUIC - User Agent\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"user_agent.original\",,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"User Agent\"}}]}", + "visState": "{\"title\":\"QUIC - User Agent\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"user_agent.original\",\"size\":500,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"User Agent\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, @@ -302,7 +302,7 @@ "version": "WzE5OSwxXQ==", "attributes": { "title": "QUIC - Server Name", - "visState": "{\"title\":\"QUIC - Server Name\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"quic.host\",,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server Name\"}}]}", + "visState": "{\"title\":\"QUIC - Server Name\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"quic.host\",\"size\":500,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server Name\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, @@ -332,7 +332,7 @@ "version": "WzIwMCwxXQ==", "attributes": { "title": "QUIC - CYU Fingerprint", - "visState": "{\"title\":\"QUIC - CYU Fingerprint\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.gquic.cyutags\",,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"CYU Fingerprint Tags\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.gquic.cyu\",,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"CYU Fingerprint MD5\"}}]}", + "visState": "{\"title\":\"QUIC - CYU Fingerprint\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.gquic.cyutags\",\"size\":500,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"CYU Fingerprint Tags\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.gquic.cyu\",\"size\":500,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"CYU Fingerprint MD5\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/12e3a130-d83b-11eb-a0b0-f328ce09b0b7.json b/dashboards/dashboards/12e3a130-d83b-11eb-a0b0-f328ce09b0b7.json index 52f140b83..bdf4ca834 100644 --- a/dashboards/dashboards/12e3a130-d83b-11eb-a0b0-f328ce09b0b7.json +++ b/dashboards/dashboards/12e3a130-d83b-11eb-a0b0-f328ce09b0b7.json @@ -1,341 +1,341 @@ -{ - "version": "7.10.2", - "objects": [ - { - "id": "12e3a130-d83b-11eb-a0b0-f328ce09b0b7", - "type": "dashboard", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-25T21:21:24.534Z", - "version": "WzkwNiwxXQ==", - "attributes": { - "title": "ICS Best Guess", - "hits": 0, - "description": "", - "panelsJSON": "[{\"embeddableConfig\":{},\"gridData\":{\"h\":34,\"i\":\"1\",\"w\":8,\"x\":0,\"y\":0},\"panelIndex\":\"1\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":10,\"i\":\"bcd8c686-5d1e-493c-a9b3-4ff46e43c430\",\"w\":8,\"x\":8,\"y\":0},\"panelIndex\":\"bcd8c686-5d1e-493c-a9b3-4ff46e43c430\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":10,\"i\":\"8ea78bf3-d28f-4e64-9300-acc4974b48ab\",\"w\":32,\"x\":16,\"y\":0},\"panelIndex\":\"8ea78bf3-d28f-4e64-9300-acc4974b48ab\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{\"hidePanelTitles\":true},\"gridData\":{\"h\":6,\"i\":\"8b261ab9-bc3e-431f-9661-7130a3691e59\",\"w\":17,\"x\":8,\"y\":10},\"panelIndex\":\"8b261ab9-bc3e-431f-9661-7130a3691e59\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{\"table\":null,\"vis\":{\"params\":{\"sort\":{\"columnIndex\":4,\"direction\":\"desc\"}}}},\"gridData\":{\"h\":26,\"i\":\"d12b6bb3-e89e-4a92-8234-91bb7e55c20d\",\"w\":23,\"x\":25,\"y\":10},\"panelIndex\":\"d12b6bb3-e89e-4a92-8234-91bb7e55c20d\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{\"table\":null,\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}},\"gridData\":{\"h\":18,\"i\":\"a77da3f0-fda3-4638-bc9e-a492ab4f9999\",\"w\":17,\"x\":8,\"y\":16},\"panelIndex\":\"a77da3f0-fda3-4638-bc9e-a492ab4f9999\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":4,\"direction\":\"desc\"}}}},\"gridData\":{\"h\":26,\"i\":\"ed874588-65d2-458f-a7f5-88e6f7031b80\",\"w\":23,\"x\":25,\"y\":36},\"panelIndex\":\"ed874588-65d2-458f-a7f5-88e6f7031b80\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":28,\"i\":\"a90fa9be-54ba-4f25-ab7b-bf484557a89d\",\"w\":25,\"x\":0,\"y\":34},\"panelIndex\":\"a90fa9be-54ba-4f25-ab7b-bf484557a89d\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":33,\"i\":\"2000008c-f74f-40c3-bbfd-ec6a9acf864c\",\"w\":48,\"x\":0,\"y\":62},\"panelIndex\":\"2000008c-f74f-40c3-bbfd-ec6a9acf864c\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_8\"}]", - "optionsJSON": "{\"useMargins\":true}", - "version": 1, - "timeRestore": false, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[]}" - } - }, - "references": [ - { - "name": "panel_0", - "type": "visualization", - "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3" - }, - { - "name": "panel_1", - "type": "visualization", - "id": "9f878160-d83b-11eb-a0b0-f328ce09b0b7" - }, - { - "name": "panel_2", - "type": "visualization", - "id": "e51375e0-d83b-11eb-a0b0-f328ce09b0b7" - }, - { - "name": "panel_3", - "type": "visualization", - "id": "2a3ce150-d8e7-11eb-8448-8f6f257e0b34" - }, - { - "name": "panel_4", - "type": "visualization", - "id": "d3ec8b90-d8e4-11eb-8448-8f6f257e0b34" - }, - { - "name": "panel_5", - "type": "visualization", - "id": "129f16c0-d83e-11eb-a0b0-f328ce09b0b7" - }, - { - "name": "panel_6", - "type": "visualization", - "id": "8c3695b0-d8e5-11eb-8448-8f6f257e0b34" - }, - { - "name": "panel_7", - "type": "visualization", - "id": "054c4020-d83d-11eb-a0b0-f328ce09b0b7" - }, - { - "name": "panel_8", - "type": "search", - "id": "a4db0f40-d838-11eb-a0b0-f328ce09b0b7" - } - ], - "migrationVersion": { - "dashboard": "7.9.3" - } - }, - { - "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-25T21:05:09.919Z", - "version": "Wzc1NSwxXQ==", - "attributes": { - "title": "Network Logs", - "visState": "{\"title\":\"Network Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576) \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405) \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf) \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330) \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4) \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed) \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714) \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3) \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85) \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11) \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f) \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b) \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1) \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed) \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5) \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f) \\n[↪ NetBox](/netbox/) \\n[↪ Arkime](/arkime/) \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406) ● [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e) ● [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9) ● [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48) ● [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) ● [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3) ● [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673) ● [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24) ● [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105) ● [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6) ● [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37) ● [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586) ● [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0) ● [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c) ● [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970) ● [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0) ● [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26) ● [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa) ● [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773) ● [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f) ● [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab) ● [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238) ● [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3) ● [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd) ● [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d) ● [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88) ● [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2) ● [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194) ● [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad) ● [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3) ● [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4) ● [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194) ● [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7) ● [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8) ● [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4) ● [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194) ● [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194) ● [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4) ● [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}", - "uiStateJSON": "{}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}" - } - }, - "references": [], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "9f878160-d83b-11eb-a0b0-f328ce09b0b7", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-25T21:04:12.181Z", - "version": "WzExMSwxXQ==", - "attributes": { - "title": "Best Guess - Log Count", - "visState": "{\"title\":\"Best Guess - Log Count\",\"type\":\"metric\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"}],\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":false},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":36}}}}", - "uiStateJSON": "{}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "a4db0f40-d838-11eb-a0b0-f328ce09b0b7" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "e51375e0-d83b-11eb-a0b0-f328ce09b0b7", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-25T21:04:12.181Z", - "version": "WzExMiwxXQ==", - "attributes": { - "title": "Best Guess - Log Count Over Time", - "visState": "{\"title\":\"Best Guess - Log Count Over Time\",\"type\":\"line\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"params\":{\"field\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER\",\"timeRange\":{\"from\":\"now-26y\",\"to\":\"now\"},\"useNormalizedEsInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\" \"},\"schema\":\"segment\"}],\"params\":{\"type\":\"line\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"interpolate\":\"linear\",\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}", - "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "a4db0f40-d838-11eb-a0b0-f328ce09b0b7" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "2a3ce150-d8e7-11eb-8448-8f6f257e0b34", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-25T21:04:12.181Z", - "version": "WzExMywxXQ==", - "attributes": { - "title": "Best Guess - Disclaimer", - "visState": "{\"title\":\"Best Guess - Disclaimer\",\"type\":\"markdown\",\"aggs\":[],\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"Note: This dashboard categorizes potential industrial control system traffic using transport protocol, responding port and/or originating port instead of packet payload inspection. As such, these results should be viewed as a \\\"best guess\\\" and are likely to have more false positives than other protocol dashboards.\"}}", - "uiStateJSON": "{}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - } - }, - "references": [], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "d3ec8b90-d8e4-11eb-8448-8f6f257e0b34", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-25T21:18:58.163Z", - "version": "Wzg1NywxXQ==", - "attributes": { - "title": "Best Guess Protocol - Destination", - "visState": "{\"title\":\"Best Guess Protocol - Destination\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.bestguess.category\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Category\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.bestguess.name\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Protocol\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"protocol\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Transport\"},\"schema\":\"bucket\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":18,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":4,\"direction\":\"desc\"}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "a4db0f40-d838-11eb-a0b0-f328ce09b0b7" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "129f16c0-d83e-11eb-a0b0-f328ce09b0b7", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-25T21:18:03.746Z", - "version": "WzgzNywxXQ==", - "attributes": { - "title": "Best Guess - Summary", - "visState": "{\"title\":\"Best Guess - Summary\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.transport\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Transport\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.bestguess.category\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Category\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.bestguess.name\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Details\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "a4db0f40-d838-11eb-a0b0-f328ce09b0b7" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "8c3695b0-d8e5-11eb-8448-8f6f257e0b34", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-25T21:20:33.748Z", - "version": "Wzg4NSwxXQ==", - "attributes": { - "title": "Best Guess Protocol - Source", - "visState": "{\"title\":\"Best Guess Protocol - Source\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.bestguess.category\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Category\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.bestguess.name\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Protocol\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"protocol\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Tranport\"},\"schema\":\"bucket\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":18,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":4,\"direction\":\"desc\"}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "a4db0f40-d838-11eb-a0b0-f328ce09b0b7" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "054c4020-d83d-11eb-a0b0-f328ce09b0b7", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-25T21:04:12.181Z", - "version": "WzExNywxXQ==", - "attributes": { - "title": "Best Guess - Category", - "visState": "{\"title\":\"Best Guess - Category\",\"type\":\"horizontal_bar\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.bestguess.category\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Category\"},\"schema\":\"segment\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.bestguess.category\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":1,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Category\"},\"schema\":\"group\"}],\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"square root\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}", - "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "a4db0f40-d838-11eb-a0b0-f328ce09b0b7" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "a4db0f40-d838-11eb-a0b0-f328ce09b0b7", - "type": "search", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-25T21:04:12.181Z", - "version": "WzExOCwxXQ==", - "attributes": { - "title": "Best Guess - Logs", - "description": "", - "hits": 0, - "columns": [ - "protocol", - "zeek.bestguess.category", - "zeek.bestguess.name", - "source.ip", - "source.port", - "destination.ip", - "destination.port", - "event.id" - ], - "sort": [], - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"query\":{\"query\":\"tags:ics_best_guess\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" - } - }, - "references": [ - { - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern", - "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" - } - ], - "migrationVersion": { - "search": "7.9.3" - } - } - ] +{ + "version": "7.10.2", + "objects": [ + { + "id": "12e3a130-d83b-11eb-a0b0-f328ce09b0b7", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-25T21:21:24.534Z", + "version": "WzkwNiwxXQ==", + "attributes": { + "title": "ICS Best Guess", + "hits": 0, + "description": "", + "panelsJSON": "[{\"embeddableConfig\":{},\"gridData\":{\"h\":34,\"i\":\"1\",\"w\":8,\"x\":0,\"y\":0},\"panelIndex\":\"1\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":10,\"i\":\"bcd8c686-5d1e-493c-a9b3-4ff46e43c430\",\"w\":8,\"x\":8,\"y\":0},\"panelIndex\":\"bcd8c686-5d1e-493c-a9b3-4ff46e43c430\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":10,\"i\":\"8ea78bf3-d28f-4e64-9300-acc4974b48ab\",\"w\":32,\"x\":16,\"y\":0},\"panelIndex\":\"8ea78bf3-d28f-4e64-9300-acc4974b48ab\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{\"hidePanelTitles\":true},\"gridData\":{\"h\":6,\"i\":\"8b261ab9-bc3e-431f-9661-7130a3691e59\",\"w\":17,\"x\":8,\"y\":10},\"panelIndex\":\"8b261ab9-bc3e-431f-9661-7130a3691e59\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{\"table\":null,\"vis\":{\"params\":{\"sort\":{\"columnIndex\":4,\"direction\":\"desc\"}}}},\"gridData\":{\"h\":26,\"i\":\"d12b6bb3-e89e-4a92-8234-91bb7e55c20d\",\"w\":23,\"x\":25,\"y\":10},\"panelIndex\":\"d12b6bb3-e89e-4a92-8234-91bb7e55c20d\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{\"table\":null,\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}},\"gridData\":{\"h\":18,\"i\":\"a77da3f0-fda3-4638-bc9e-a492ab4f9999\",\"w\":17,\"x\":8,\"y\":16},\"panelIndex\":\"a77da3f0-fda3-4638-bc9e-a492ab4f9999\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":4,\"direction\":\"desc\"}}}},\"gridData\":{\"h\":26,\"i\":\"ed874588-65d2-458f-a7f5-88e6f7031b80\",\"w\":23,\"x\":25,\"y\":36},\"panelIndex\":\"ed874588-65d2-458f-a7f5-88e6f7031b80\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":28,\"i\":\"a90fa9be-54ba-4f25-ab7b-bf484557a89d\",\"w\":25,\"x\":0,\"y\":34},\"panelIndex\":\"a90fa9be-54ba-4f25-ab7b-bf484557a89d\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":33,\"i\":\"2000008c-f74f-40c3-bbfd-ec6a9acf864c\",\"w\":48,\"x\":0,\"y\":62},\"panelIndex\":\"2000008c-f74f-40c3-bbfd-ec6a9acf864c\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_8\"}]", + "optionsJSON": "{\"useMargins\":true}", + "version": 1, + "timeRestore": false, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[]}" + } + }, + "references": [ + { + "name": "panel_0", + "type": "visualization", + "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3" + }, + { + "name": "panel_1", + "type": "visualization", + "id": "9f878160-d83b-11eb-a0b0-f328ce09b0b7" + }, + { + "name": "panel_2", + "type": "visualization", + "id": "e51375e0-d83b-11eb-a0b0-f328ce09b0b7" + }, + { + "name": "panel_3", + "type": "visualization", + "id": "2a3ce150-d8e7-11eb-8448-8f6f257e0b34" + }, + { + "name": "panel_4", + "type": "visualization", + "id": "d3ec8b90-d8e4-11eb-8448-8f6f257e0b34" + }, + { + "name": "panel_5", + "type": "visualization", + "id": "129f16c0-d83e-11eb-a0b0-f328ce09b0b7" + }, + { + "name": "panel_6", + "type": "visualization", + "id": "8c3695b0-d8e5-11eb-8448-8f6f257e0b34" + }, + { + "name": "panel_7", + "type": "visualization", + "id": "054c4020-d83d-11eb-a0b0-f328ce09b0b7" + }, + { + "name": "panel_8", + "type": "search", + "id": "a4db0f40-d838-11eb-a0b0-f328ce09b0b7" + } + ], + "migrationVersion": { + "dashboard": "7.9.3" + } + }, + { + "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-25T21:05:09.919Z", + "version": "Wzc1NSwxXQ==", + "attributes": { + "title": "Network Logs", + "visState": "{\"title\":\"Network Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576) \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405) \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf) \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330) \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4) \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed) \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714) \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3) \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85) \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11) \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f) \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b) \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1) \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed) \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5) \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f) \\n[↪ NetBox](/netbox/) \\n[↪ Arkime](/arkime/) \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406) ● [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e) ● [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9) ● [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48) ● [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) ● [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3) ● [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673) ● [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24) ● [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105) ● [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6) ● [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37) ● [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586) ● [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0) ● [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c) ● [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970) ● [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0) ● [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26) ● [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa) ● [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773) ● [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f) ● [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab) ● [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238) ● [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3) ● [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd) ● [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d) ● [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88) ● [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2) ● [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194) ● [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad) ● [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3) ● [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4) ● [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194) ● [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7) ● [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8) ● [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4) ● [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194) ● [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194) ● [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4) ● [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}", + "uiStateJSON": "{}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}" + } + }, + "references": [], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "9f878160-d83b-11eb-a0b0-f328ce09b0b7", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-25T21:04:12.181Z", + "version": "WzExMSwxXQ==", + "attributes": { + "title": "Best Guess - Log Count", + "visState": "{\"title\":\"Best Guess - Log Count\",\"type\":\"metric\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"}],\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":false},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":36}}}}", + "uiStateJSON": "{}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "a4db0f40-d838-11eb-a0b0-f328ce09b0b7" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "e51375e0-d83b-11eb-a0b0-f328ce09b0b7", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-25T21:04:12.181Z", + "version": "WzExMiwxXQ==", + "attributes": { + "title": "Best Guess - Log Count Over Time", + "visState": "{\"title\":\"Best Guess - Log Count Over Time\",\"type\":\"line\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"params\":{\"field\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER\",\"timeRange\":{\"from\":\"now-26y\",\"to\":\"now\"},\"useNormalizedEsInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\" \"},\"schema\":\"segment\"}],\"params\":{\"type\":\"line\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"interpolate\":\"linear\",\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}", + "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "a4db0f40-d838-11eb-a0b0-f328ce09b0b7" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "2a3ce150-d8e7-11eb-8448-8f6f257e0b34", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-25T21:04:12.181Z", + "version": "WzExMywxXQ==", + "attributes": { + "title": "Best Guess - Disclaimer", + "visState": "{\"title\":\"Best Guess - Disclaimer\",\"type\":\"markdown\",\"aggs\":[],\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"Note: This dashboard categorizes potential industrial control system traffic using transport protocol, responding port and/or originating port instead of packet payload inspection. As such, these results should be viewed as a \\\"best guess\\\" and are likely to have more false positives than other protocol dashboards.\"}}", + "uiStateJSON": "{}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + } + }, + "references": [], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "d3ec8b90-d8e4-11eb-8448-8f6f257e0b34", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-25T21:18:58.163Z", + "version": "Wzg1NywxXQ==", + "attributes": { + "title": "Best Guess Protocol - Destination", + "visState": "{\"title\":\"Best Guess Protocol - Destination\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.bestguess.category\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Category\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.bestguess.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":500,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Protocol\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"protocol\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Transport\"},\"schema\":\"bucket\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":18,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":4,\"direction\":\"desc\"}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "a4db0f40-d838-11eb-a0b0-f328ce09b0b7" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "129f16c0-d83e-11eb-a0b0-f328ce09b0b7", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-25T21:18:03.746Z", + "version": "WzgzNywxXQ==", + "attributes": { + "title": "Best Guess - Summary", + "visState": "{\"title\":\"Best Guess - Summary\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.transport\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Transport\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.bestguess.category\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Category\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.bestguess.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":500,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Details\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "a4db0f40-d838-11eb-a0b0-f328ce09b0b7" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "8c3695b0-d8e5-11eb-8448-8f6f257e0b34", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-25T21:20:33.748Z", + "version": "Wzg4NSwxXQ==", + "attributes": { + "title": "Best Guess Protocol - Source", + "visState": "{\"title\":\"Best Guess Protocol - Source\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.bestguess.category\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Category\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.bestguess.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":500,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Protocol\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"protocol\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Tranport\"},\"schema\":\"bucket\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":18,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":4,\"direction\":\"desc\"}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "a4db0f40-d838-11eb-a0b0-f328ce09b0b7" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "054c4020-d83d-11eb-a0b0-f328ce09b0b7", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-25T21:04:12.181Z", + "version": "WzExNywxXQ==", + "attributes": { + "title": "Best Guess - Category", + "visState": "{\"title\":\"Best Guess - Category\",\"type\":\"horizontal_bar\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.bestguess.category\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Category\"},\"schema\":\"segment\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.bestguess.category\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":1,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Category\"},\"schema\":\"group\"}],\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"square root\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}", + "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "a4db0f40-d838-11eb-a0b0-f328ce09b0b7" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "a4db0f40-d838-11eb-a0b0-f328ce09b0b7", + "type": "search", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-25T21:04:12.181Z", + "version": "WzExOCwxXQ==", + "attributes": { + "title": "Best Guess - Logs", + "description": "", + "hits": 0, + "columns": [ + "protocol", + "zeek.bestguess.category", + "zeek.bestguess.name", + "source.ip", + "source.port", + "destination.ip", + "destination.port", + "event.id" + ], + "sort": [], + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"query\":{\"query\":\"tags:ics_best_guess\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" + } + }, + "references": [ + { + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern", + "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" + } + ], + "migrationVersion": { + "search": "7.9.3" + } + } + ] } \ No newline at end of file diff --git a/dashboards/dashboards/152f29dc-51a2-4f53-93e9-6e92765567b8.json b/dashboards/dashboards/152f29dc-51a2-4f53-93e9-6e92765567b8.json index b5b00068e..3fe16806b 100644 --- a/dashboards/dashboards/152f29dc-51a2-4f53-93e9-6e92765567b8.json +++ b/dashboards/dashboards/152f29dc-51a2-4f53-93e9-6e92765567b8.json @@ -195,7 +195,7 @@ "version": "WzEzNSwxXQ==", "attributes": { "title": "Modbus - Source IP", - "visState": "{\"title\":\"Modbus - Source IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"}}]}", + "visState": "{\"title\":\"Modbus - Source IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "Source IP Addresses from modbus.log", "version": 1, @@ -225,7 +225,7 @@ "version": "WzEzNiwxXQ==", "attributes": { "title": "Modbus - Destination IP", - "visState": "{\"title\":\"Modbus - Destination IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Destination Port\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"}}]}", + "visState": "{\"title\":\"Modbus - Destination IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Destination Port\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", "description": "Destination IP Addresses from modbus.log", "version": 1, @@ -255,7 +255,7 @@ "version": "WzEzNywxXQ==", "attributes": { "title": "Modbus - Observed Clients and Servers", - "visState": "{\"title\":\"Modbus - Observed Clients and Servers\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Times Observed\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.known_modbus.device_type\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Device Type\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"}}]}", + "visState": "{\"title\":\"Modbus - Observed Clients and Servers\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Times Observed\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.known_modbus.device_type\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Device Type\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", "description": "Modbus observed client and server devices", "version": 1, @@ -373,7 +373,7 @@ "version": "WzE0MSwxXQ==", "attributes": { "title": "Modbus - Functions and Exceptions", - "visState": "{\"title\":\"Modbus - Functions and Exceptions\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Function\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.result\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Exception\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Modbus - Functions and Exceptions\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Function\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.result\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Exception\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -433,7 +433,7 @@ "version": "Wzk1NCwxXQ==", "attributes": { "title": "Modbus - Reads", - "visState": "{\"title\":\"Modbus - Reads\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Function\"},\"schema\":\"bucket\"},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.modbus.unit_id\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"-\",\"customLabel\":\"Unit ID\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.modbus_detailed.values\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"-\",\"missingBucket\":false,\"missingBucketLabel\":\"-\",\"customLabel\":\"Values\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":15,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":5,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Values\",\"aggType\":\"terms\"}]}}}", + "visState": "{\"title\":\"Modbus - Reads\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Function\"},\"schema\":\"bucket\"},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.modbus.unit_id\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"-\",\"customLabel\":\"Unit ID\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.modbus_detailed.values\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":false,\"otherBucketLabel\":\"-\",\"missingBucket\":false,\"missingBucketLabel\":\"-\",\"customLabel\":\"Values\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":15,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":5,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Values\",\"aggType\":\"terms\"}]}}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "Modbus read holding registers, input registers, discrete inputs, and coils overview from modbus_detailed.log", "version": 1, @@ -463,7 +463,7 @@ "version": "Wzk1NSwxXQ==", "attributes": { "title": "Modbus - Writes", - "visState": "{\"title\":\"Modbus - Writes\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Function\"},\"schema\":\"bucket\"},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.modbus.unit_id\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"-\",\"customLabel\":\"Unit ID\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.modbus_detailed.address\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"-\",\"missingBucket\":false,\"missingBucketLabel\":\"-\",\"customLabel\":\"Address\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.modbus_detailed.values\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"-\",\"missingBucket\":false,\"missingBucketLabel\":\"-\",\"customLabel\":\"Values\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":15,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":3,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Values\",\"aggType\":\"terms\"}]}}}", + "visState": "{\"title\":\"Modbus - Writes\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Function\"},\"schema\":\"bucket\"},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.modbus.unit_id\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"-\",\"customLabel\":\"Unit ID\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.modbus_detailed.address\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":false,\"otherBucketLabel\":\"-\",\"missingBucket\":false,\"missingBucketLabel\":\"-\",\"customLabel\":\"Address\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.modbus_detailed.values\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":false,\"otherBucketLabel\":\"-\",\"missingBucket\":false,\"missingBucketLabel\":\"-\",\"customLabel\":\"Values\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":15,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":3,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Values\",\"aggType\":\"terms\"}]}}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "Modbus write register and write coil overview from modbus_detailed.log", "version": 1, @@ -523,7 +523,7 @@ "version": "Wzk1NiwxXQ==", "attributes": { "title": "Modbus - Device Identification Objects", - "visState": "{\"title\":\"Modbus - Device Identification Objects\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.modbus_read_device_identification.device_id_code\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Device ID\"},\"schema\":\"bucket\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.modbus_read_device_identification.object_id\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Object ID\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.modbus_read_device_identification.object_value\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Value\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Modbus - Device Identification Objects\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.modbus_read_device_identification.device_id_code\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Device ID\"},\"schema\":\"bucket\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.modbus_read_device_identification.object_id\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Object ID\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.modbus_read_device_identification.object_value\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Value\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"sortColumn\":{\"colIndex\":0,\"direction\":\"asc\"}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0.json b/dashboards/dashboards/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0.json index b949e15cf..bcd964578 100644 --- a/dashboards/dashboards/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0.json +++ b/dashboards/dashboards/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0.json @@ -205,7 +205,7 @@ "version": "WzEyMTcsMV0=", "attributes": { "title": "OSPF - Link State Advertisement", - "visState": "{\"title\":\"OSPF - Link State Advertisement\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.ospf.lsa_type\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"-\",\"customLabel\":\"Link State Advertisement Type\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"OSPF - Link State Advertisement\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.ospf.lsa_type\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"-\",\"customLabel\":\"Link State Advertisement Type\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, @@ -235,7 +235,7 @@ "version": "WzEyMzYsMV0=", "attributes": { "title": "OSPF - Link Type", - "visState": "{\"title\":\"OSPF - Link Type\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.ospf.link_type\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Link Type (Router LSA)\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"OSPF - Link Type\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.ospf.link_type\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Link Type (Router LSA)\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, @@ -265,7 +265,7 @@ "version": "WzEzNTgsMV0=", "attributes": { "title": "OSPF - Area and Router", - "visState": "{\"title\":\"OSPF - Area and Router\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.ospf.area_id\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Area\"},\"schema\":\"bucket\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.ospf.router_id\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Router\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"OSPF - Area and Router\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.ospf.area_id\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Area\"},\"schema\":\"bucket\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.ospf.router_id\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Router\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -295,7 +295,7 @@ "version": "WzEzMDIsMV0=", "attributes": { "title": "OSPF - Source IP", - "visState": "{\"title\":\"OSPF - Source IP\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"OSPF - Source IP\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, @@ -325,7 +325,7 @@ "version": "WzEzMTcsMV0=", "attributes": { "title": "OSPF - Destination IP", - "visState": "{\"title\":\"OSPF - Destination IP\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"OSPF - Destination IP\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, @@ -355,7 +355,7 @@ "version": "WzEzODcsMV0=", "attributes": { "title": "OSPF - All IP Addresses", - "visState": "{\"title\":\"OSPF - All IP Addresses\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"related.ip\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"OSPF - All IP Addresses\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"related.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/1ce42250-3f99-11e9-a58e-8bdedb0915e8.json b/dashboards/dashboards/1ce42250-3f99-11e9-a58e-8bdedb0915e8.json index 239404ce9..b8206ee94 100644 --- a/dashboards/dashboards/1ce42250-3f99-11e9-a58e-8bdedb0915e8.json +++ b/dashboards/dashboards/1ce42250-3f99-11e9-a58e-8bdedb0915e8.json @@ -80,7 +80,7 @@ "version": "WzI0MCwxXQ==", "attributes": { "title": "Connections - Source - Sum of Total Bytes (region map)", - "visState": "{\"title\":\"Connections - Source - Sum of Total Bytes (region map)\",\"type\":\"region_map\",\"params\":{\"addTooltip\":true,\"colorSchema\":\"Green to Red\",\"emsHotLink\":null,\"isDisplayWarning\":false,\"legendPosition\":\"bottomright\",\"mapCenter\":[0,0],\"mapZoom\":3,\"outlineWeight\":1,\"selectedJoinField\":{\"description\":\"Country Code\",\"name\":\"ISO_A2\"},\"selectedLayer\":{\"attribution\":\"https://exploratory.io/maps\",\"fields\":[{\"description\":\"Country Code\",\"name\":\"ISO_A2\"},{\"description\":\"Country Code2\",\"name\":\"WB_A2\"},{\"description\":\"Country Name\",\"name\":\"NAME\"}],\"format\":{\"type\":\"geojson\"},\"isEMS\":false,\"layerId\":\"self_hosted.World (offline)\",\"meta\":{\"feature_collection_path\":\"data\"},\"name\":\"World (offline)\",\"url\":\"/world.geojson\"},\"showAllShapes\":true,\"wms\":{\"enabled\":false,\"options\":{\"format\":\"image/png\",\"transparent\":true},\"selectedTmsLayer\":{\"origin\":\"elastic_maps_service\",\"id\":\"road_map\",\"minZoom\":0,\"maxZoom\":10,\"attribution\":\"OpenStreetMap contributors | OpenMapTiles | MapTiler | Elastic Maps Service\"}},\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\",\"params\":{}},\"params\":{},\"label\":\"Total Bytes\",\"aggType\":\"sum\"},\"bucket\":{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Originator Country\",\"aggType\":\"terms\"}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Total Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"source.geo.country_iso_code\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Originator Country\"}}]}", + "visState": "{\"title\":\"Connections - Source - Sum of Total Bytes (region map)\",\"type\":\"region_map\",\"params\":{\"addTooltip\":true,\"colorSchema\":\"Green to Red\",\"emsHotLink\":null,\"isDisplayWarning\":false,\"legendPosition\":\"bottomright\",\"mapCenter\":[0,0],\"mapZoom\":3,\"outlineWeight\":1,\"selectedJoinField\":{\"description\":\"Country Code\",\"name\":\"ISO_A2\"},\"selectedLayer\":{\"attribution\":\"https://exploratory.io/maps\",\"fields\":[{\"description\":\"Country Code\",\"name\":\"ISO_A2\"},{\"description\":\"Country Code2\",\"name\":\"WB_A2\"},{\"description\":\"Country Name\",\"name\":\"NAME\"}],\"format\":{\"type\":\"geojson\"},\"isEMS\":false,\"layerId\":\"self_hosted.World (offline)\",\"meta\":{\"feature_collection_path\":\"data\"},\"name\":\"World (offline)\",\"url\":\"/world.geojson\"},\"showAllShapes\":true,\"wms\":{\"enabled\":false,\"options\":{\"format\":\"image/png\",\"transparent\":true},\"selectedTmsLayer\":{\"origin\":\"elastic_maps_service\",\"id\":\"road_map\",\"minZoom\":0,\"maxZoom\":10,\"attribution\":\"OpenStreetMap contributors | OpenMapTiles | MapTiler | Elastic Maps Service\"}},\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\",\"params\":{}},\"params\":{},\"label\":\"Total Bytes\",\"aggType\":\"sum\"},\"bucket\":{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Originator Country\",\"aggType\":\"terms\"}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Total Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"source.geo.country_iso_code\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Originator Country\"}}]}", "uiStateJSON": "{\"mapCenter\":[37.87063517566466,16.347656250000004],\"mapZoom\":3}", "description": "", "version": 1, diff --git a/dashboards/dashboards/1fff49f6-0199-4a0f-820b-721aff9ff1f1.json b/dashboards/dashboards/1fff49f6-0199-4a0f-820b-721aff9ff1f1.json index 31641954a..a97af6c77 100644 --- a/dashboards/dashboards/1fff49f6-0199-4a0f-820b-721aff9ff1f1.json +++ b/dashboards/dashboards/1fff49f6-0199-4a0f-820b-721aff9ff1f1.json @@ -1,281 +1,281 @@ -{ - "version": "1.3.1", - "objects": [ - { - "id": "1fff49f6-0199-4a0f-820b-721aff9ff1f1", - "type": "dashboard", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-04T17:52:19.656Z", - "version": "WzE2MSwxXQ==", - "attributes": { - "title": "Zeek Weird", - "hits": 0, - "description": "", - "panelsJSON": "[{\"version\":\"1.3.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":28,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"1.3.1\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_1\"},{\"version\":\"1.3.1\",\"gridData\":{\"x\":25,\"y\":8,\"w\":10,\"h\":20,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{\"P-5\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"P-6\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"table\":null,\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}},\"panelRefName\":\"panel_2\"},{\"version\":\"1.3.1\",\"gridData\":{\"x\":35,\"y\":8,\"w\":13,\"h\":20,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{\"table\":null,\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}},\"panelRefName\":\"panel_3\"},{\"version\":\"1.3.1\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"13\"},\"panelIndex\":\"13\",\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"panelRefName\":\"panel_4\"},{\"version\":\"1.3.1\",\"gridData\":{\"x\":8,\"y\":8,\"w\":17,\"h\":20,\"i\":\"14\"},\"panelIndex\":\"14\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}},\"panelRefName\":\"panel_5\"},{\"version\":\"1.3.1\",\"gridData\":{\"x\":0,\"y\":28,\"w\":48,\"h\":35,\"i\":\"781c60c8-791a-4f33-9f08-85820f16f4d1\"},\"panelIndex\":\"781c60c8-791a-4f33-9f08-85820f16f4d1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"}]", - "optionsJSON": "{\"useMargins\":true}", - "version": 1, - "timeRestore": false, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\",\"time_zone\":\"America/Denver\"}}},\"filter\":[]}" - } - }, - "references": [ - { - "name": "panel_0", - "type": "visualization", - "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3" - }, - { - "name": "panel_1", - "type": "visualization", - "id": "2789890f-3187-449c-b0d7-a351975cbe13" - }, - { - "name": "panel_2", - "type": "visualization", - "id": "259fa46e-2fde-41bb-b028-063a12cb4621" - }, - { - "name": "panel_3", - "type": "visualization", - "id": "84786f08-b68a-4524-8d2d-d44221f99060" - }, - { - "name": "panel_4", - "type": "visualization", - "id": "AWDHGXk-xQT5EBNmq4uf" - }, - { - "name": "panel_5", - "type": "visualization", - "id": "429d2522-67c6-44f5-aae8-f464d5815195" - }, - { - "name": "panel_6", - "type": "search", - "id": "17236484-ab93-4497-8b85-bc7dfaeb2d71" - } - ], - "migrationVersion": { - "dashboard": "7.9.3" - } - }, - { - "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-04T17:53:15.100Z", - "version": "Wzc4NCwxXQ==", - "attributes": { - "title": "Network Logs", - "visState": "{\"title\":\"Network Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576) \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405) \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf) \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330) \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4) \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed) \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714) \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3) \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85) \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11) \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f) \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b) \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1) \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed) \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5) \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f) \\n[↪ NetBox](/netbox/) \\n[↪ Arkime](/arkime/) \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406) ● [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e) ● [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9) ● [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48) ● [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) ● [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3) ● [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673) ● [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24) ● [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105) ● [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6) ● [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37) ● [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586) ● [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0) ● [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c) ● [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970) ● [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0) ● [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26) ● [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa) ● [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773) ● [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f) ● [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab) ● [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238) ● [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3) ● [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd) ● [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d) ● [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88) ● [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2) ● [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194) ● [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad) ● [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3) ● [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4) ● [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194) ● [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7) ● [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8) ● [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4) ● [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194) ● [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194) ● [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4) ● [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}", - "uiStateJSON": "{}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}" - } - }, - "references": [], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "2789890f-3187-449c-b0d7-a351975cbe13", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-04T17:52:19.656Z", - "version": "WzE2MywxXQ==", - "attributes": { - "title": "Weird - Log Count Over Time", - "visState": "{\"title\":\"Weird - Log Count Over Time\",\"type\":\"histogram\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\" \"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"params\":{\"field\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER\",\"timeRange\":{\"from\":\"now-15y\",\"to\":\"now\"},\"useNormalizedOpenSearchInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\" \"},\"schema\":\"segment\"}],\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER per 12 hours\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\" \"},\"drawLinesBetweenPoints\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"mode\":\"normal\",\"show\":true,\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\" \"},\"type\":\"value\"}],\"type\":\"histogram\",\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}", - "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "17236484-ab93-4497-8b85-bc7dfaeb2d71" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "259fa46e-2fde-41bb-b028-063a12cb4621", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-04T17:52:19.656Z", - "version": "WzE2NCwxXQ==", - "attributes": { - "title": "Weird - Source", - "visState": "{\"title\":\"Weird - Source\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\"}}", - "uiStateJSON": "{\"P-5\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"P-6\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "17236484-ab93-4497-8b85-bc7dfaeb2d71" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "84786f08-b68a-4524-8d2d-d44221f99060", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-04T17:52:19.656Z", - "version": "WzE2NSwxXQ==", - "attributes": { - "title": "Weird - Destination", - "visState": "{\"title\":\"Weird - Destination\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Port\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\"}}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "17236484-ab93-4497-8b85-bc7dfaeb2d71" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "AWDHGXk-xQT5EBNmq4uf", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-04T17:52:19.656Z", - "version": "WzE2NiwxXQ==", - "attributes": { - "title": "Weird - Log Count", - "visState": "{\"title\":\"Weird - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}", - "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "type": "search", - "name": "search_0", - "id": "17236484-ab93-4497-8b85-bc7dfaeb2d71" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "429d2522-67c6-44f5-aae8-f464d5815195", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-04T17:52:19.656Z", - "version": "WzE2NywxXQ==", - "attributes": { - "title": "Weird - Name", - "visState": "{\"title\":\"Weird - Name\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.name\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Name\"}}]}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "type": "search", - "name": "search_0", - "id": "17236484-ab93-4497-8b85-bc7dfaeb2d71" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "17236484-ab93-4497-8b85-bc7dfaeb2d71", - "type": "search", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-04T17:52:19.656Z", - "version": "WzE2OCwxXQ==", - "attributes": { - "title": "Weird - Logs", - "description": "", - "hits": 0, - "columns": [ - "source.ip", - "source.port", - "destination.ip", - "destination.port", - "rule.name", - "event.id" - ], - "sort": [ - [ - "MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER", - "desc" - ] - ], - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"filter\":[],\"query\":{\"query\":{\"query_string\":{\"query\":\"event.dataset:weird\",\"analyze_wildcard\":true}},\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" - } - }, - "references": [ - { - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern", - "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" - } - ], - "migrationVersion": { - "search": "7.9.3" - } - } - ] +{ + "version": "1.3.1", + "objects": [ + { + "id": "1fff49f6-0199-4a0f-820b-721aff9ff1f1", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-04T17:52:19.656Z", + "version": "WzE2MSwxXQ==", + "attributes": { + "title": "Zeek Weird", + "hits": 0, + "description": "", + "panelsJSON": "[{\"version\":\"1.3.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":28,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"1.3.1\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_1\"},{\"version\":\"1.3.1\",\"gridData\":{\"x\":25,\"y\":8,\"w\":10,\"h\":20,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{\"P-5\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"P-6\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"table\":null,\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}},\"panelRefName\":\"panel_2\"},{\"version\":\"1.3.1\",\"gridData\":{\"x\":35,\"y\":8,\"w\":13,\"h\":20,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{\"table\":null,\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}},\"panelRefName\":\"panel_3\"},{\"version\":\"1.3.1\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"13\"},\"panelIndex\":\"13\",\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"panelRefName\":\"panel_4\"},{\"version\":\"1.3.1\",\"gridData\":{\"x\":8,\"y\":8,\"w\":17,\"h\":20,\"i\":\"14\"},\"panelIndex\":\"14\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}},\"panelRefName\":\"panel_5\"},{\"version\":\"1.3.1\",\"gridData\":{\"x\":0,\"y\":28,\"w\":48,\"h\":35,\"i\":\"781c60c8-791a-4f33-9f08-85820f16f4d1\"},\"panelIndex\":\"781c60c8-791a-4f33-9f08-85820f16f4d1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"}]", + "optionsJSON": "{\"useMargins\":true}", + "version": 1, + "timeRestore": false, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\",\"time_zone\":\"America/Denver\"}}},\"filter\":[]}" + } + }, + "references": [ + { + "name": "panel_0", + "type": "visualization", + "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3" + }, + { + "name": "panel_1", + "type": "visualization", + "id": "2789890f-3187-449c-b0d7-a351975cbe13" + }, + { + "name": "panel_2", + "type": "visualization", + "id": "259fa46e-2fde-41bb-b028-063a12cb4621" + }, + { + "name": "panel_3", + "type": "visualization", + "id": "84786f08-b68a-4524-8d2d-d44221f99060" + }, + { + "name": "panel_4", + "type": "visualization", + "id": "AWDHGXk-xQT5EBNmq4uf" + }, + { + "name": "panel_5", + "type": "visualization", + "id": "429d2522-67c6-44f5-aae8-f464d5815195" + }, + { + "name": "panel_6", + "type": "search", + "id": "17236484-ab93-4497-8b85-bc7dfaeb2d71" + } + ], + "migrationVersion": { + "dashboard": "7.9.3" + } + }, + { + "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-04T17:53:15.100Z", + "version": "Wzc4NCwxXQ==", + "attributes": { + "title": "Network Logs", + "visState": "{\"title\":\"Network Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576) \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405) \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf) \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330) \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4) \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed) \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714) \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3) \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85) \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11) \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f) \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b) \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1) \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed) \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5) \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f) \\n[↪ NetBox](/netbox/) \\n[↪ Arkime](/arkime/) \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406) ● [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e) ● [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9) ● [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48) ● [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) ● [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3) ● [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673) ● [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24) ● [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105) ● [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6) ● [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37) ● [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586) ● [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0) ● [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c) ● [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970) ● [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0) ● [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26) ● [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa) ● [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773) ● [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f) ● [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab) ● [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238) ● [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3) ● [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd) ● [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d) ● [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88) ● [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2) ● [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194) ● [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad) ● [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3) ● [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4) ● [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194) ● [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7) ● [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8) ● [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4) ● [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194) ● [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194) ● [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4) ● [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}", + "uiStateJSON": "{}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}" + } + }, + "references": [], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "2789890f-3187-449c-b0d7-a351975cbe13", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-04T17:52:19.656Z", + "version": "WzE2MywxXQ==", + "attributes": { + "title": "Weird - Log Count Over Time", + "visState": "{\"title\":\"Weird - Log Count Over Time\",\"type\":\"histogram\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\" \"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"params\":{\"field\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER\",\"timeRange\":{\"from\":\"now-15y\",\"to\":\"now\"},\"useNormalizedOpenSearchInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\" \"},\"schema\":\"segment\"}],\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER per 12 hours\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\" \"},\"drawLinesBetweenPoints\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"mode\":\"normal\",\"show\":true,\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\" \"},\"type\":\"value\"}],\"type\":\"histogram\",\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}", + "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "17236484-ab93-4497-8b85-bc7dfaeb2d71" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "259fa46e-2fde-41bb-b028-063a12cb4621", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-04T17:52:19.656Z", + "version": "WzE2NCwxXQ==", + "attributes": { + "title": "Weird - Source", + "visState": "{\"title\":\"Weird - Source\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\"}}", + "uiStateJSON": "{\"P-5\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"P-6\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "17236484-ab93-4497-8b85-bc7dfaeb2d71" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "84786f08-b68a-4524-8d2d-d44221f99060", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-04T17:52:19.656Z", + "version": "WzE2NSwxXQ==", + "attributes": { + "title": "Weird - Destination", + "visState": "{\"title\":\"Weird - Destination\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Port\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\"}}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "17236484-ab93-4497-8b85-bc7dfaeb2d71" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "AWDHGXk-xQT5EBNmq4uf", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-04T17:52:19.656Z", + "version": "WzE2NiwxXQ==", + "attributes": { + "title": "Weird - Log Count", + "visState": "{\"title\":\"Weird - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}", + "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "type": "search", + "name": "search_0", + "id": "17236484-ab93-4497-8b85-bc7dfaeb2d71" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "429d2522-67c6-44f5-aae8-f464d5815195", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-04T17:52:19.656Z", + "version": "WzE2NywxXQ==", + "attributes": { + "title": "Weird - Name", + "visState": "{\"title\":\"Weird - Name\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.name\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Name\"}}]}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "type": "search", + "name": "search_0", + "id": "17236484-ab93-4497-8b85-bc7dfaeb2d71" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "17236484-ab93-4497-8b85-bc7dfaeb2d71", + "type": "search", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-04T17:52:19.656Z", + "version": "WzE2OCwxXQ==", + "attributes": { + "title": "Weird - Logs", + "description": "", + "hits": 0, + "columns": [ + "source.ip", + "source.port", + "destination.ip", + "destination.port", + "rule.name", + "event.id" + ], + "sort": [ + [ + "MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER", + "desc" + ] + ], + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"filter\":[],\"query\":{\"query\":{\"query_string\":{\"query\":\"event.dataset:weird\",\"analyze_wildcard\":true}},\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" + } + }, + "references": [ + { + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern", + "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" + } + ], + "migrationVersion": { + "search": "7.9.3" + } + } + ] } \ No newline at end of file diff --git a/dashboards/dashboards/29a1b290-eb98-11e9-a384-0fcf32210194.json b/dashboards/dashboards/29a1b290-eb98-11e9-a384-0fcf32210194.json index 3b7c559cf..6a831bcda 100644 --- a/dashboards/dashboards/29a1b290-eb98-11e9-a384-0fcf32210194.json +++ b/dashboards/dashboards/29a1b290-eb98-11e9-a384-0fcf32210194.json @@ -1,529 +1,529 @@ -{ - "version": "1.2.0", - "objects": [ - { - "id": "29a1b290-eb98-11e9-a384-0fcf32210194", - "type": "dashboard", - "namespaces": [ - "default" - ], - "updated_at": "2022-02-14T15:38:50.396Z", - "version": "WzEwNDMsMV0=", - "attributes": { - "title": "EtherNet/IP", - "hits": 0, - "description": "Dashboard for Ethernet/IP and CIP Protocols", - "panelsJSON": "[{\"version\":\"1.2.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":37,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"1.2.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":9,\"h\":19,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"1.2.0\",\"gridData\":{\"x\":17,\"y\":0,\"w\":31,\"h\":19,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"legendOpen\":false,\"vis\":{\"legendOpen\":true}},\"panelRefName\":\"panel_2\"},{\"version\":\"1.2.0\",\"gridData\":{\"x\":8,\"y\":19,\"w\":28,\"h\":18,\"i\":\"5bbd48d6-a3e7-4b7e-9c1d-9883d519dc76\"},\"panelIndex\":\"5bbd48d6-a3e7-4b7e-9c1d-9883d519dc76\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"1.2.0\",\"gridData\":{\"x\":36,\"y\":19,\"w\":12,\"h\":18,\"i\":\"c25cc903-12d2-43af-9841-89bba26a32a9\"},\"panelIndex\":\"c25cc903-12d2-43af-9841-89bba26a32a9\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}},\"panelRefName\":\"panel_4\"},{\"version\":\"1.2.0\",\"gridData\":{\"x\":0,\"y\":37,\"w\":36,\"h\":18,\"i\":\"a66a1ab3-eeaf-4c7b-a56e-b8663be6ab9f\"},\"panelIndex\":\"a66a1ab3-eeaf-4c7b-a56e-b8663be6ab9f\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":5,\"direction\":\"desc\"}}}},\"panelRefName\":\"panel_5\"},{\"version\":\"1.2.0\",\"gridData\":{\"x\":36,\"y\":37,\"w\":12,\"h\":18,\"i\":\"a73b04d1-99ec-42e7-858d-5edd5c8ae15a\"},\"panelIndex\":\"a73b04d1-99ec-42e7-858d-5edd5c8ae15a\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}},\"panelRefName\":\"panel_6\"},{\"version\":\"1.2.0\",\"gridData\":{\"x\":0,\"y\":55,\"w\":21,\"h\":18,\"i\":\"a38de599-91bf-4ce0-9ba1-fcdacb57c943\"},\"panelIndex\":\"a38de599-91bf-4ce0-9ba1-fcdacb57c943\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}},\"panelRefName\":\"panel_7\"},{\"version\":\"1.2.0\",\"gridData\":{\"x\":21,\"y\":55,\"w\":27,\"h\":18,\"i\":\"7ccb6ae1-5068-4a2d-b147-2baa12a7ac92\"},\"panelIndex\":\"7ccb6ae1-5068-4a2d-b147-2baa12a7ac92\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":5,\"direction\":\"desc\"}}}},\"panelRefName\":\"panel_8\"},{\"version\":\"1.2.0\",\"gridData\":{\"x\":0,\"y\":73,\"w\":48,\"h\":19,\"i\":\"bb66342b-bad1-4592-b5cf-18fbe68ec1a2\"},\"panelIndex\":\"bb66342b-bad1-4592-b5cf-18fbe68ec1a2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"},{\"version\":\"1.2.0\",\"gridData\":{\"x\":0,\"y\":92,\"w\":48,\"h\":13,\"i\":\"faa4d891-2c11-4393-acec-cea800f017e7\"},\"panelIndex\":\"faa4d891-2c11-4393-acec-cea800f017e7\",\"embeddableConfig\":{},\"panelRefName\":\"panel_10\"},{\"version\":\"1.2.0\",\"gridData\":{\"x\":0,\"y\":105,\"w\":48,\"h\":16,\"i\":\"4608eca0-796d-4482-b62a-887c799e423f\"},\"panelIndex\":\"4608eca0-796d-4482-b62a-887c799e423f\",\"embeddableConfig\":{},\"panelRefName\":\"panel_11\"},{\"version\":\"1.2.0\",\"gridData\":{\"x\":0,\"y\":121,\"w\":48,\"h\":16,\"i\":\"9d193b0a-a8d1-48ad-88cc-16a325686f91\"},\"panelIndex\":\"9d193b0a-a8d1-48ad-88cc-16a325686f91\",\"embeddableConfig\":{},\"panelRefName\":\"panel_12\"}]", - "optionsJSON": "{\"useMargins\":true}", - "version": 1, - "timeRestore": false, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"*\"},\"filter\":[]}" - } - }, - "references": [ - { - "name": "panel_0", - "type": "visualization", - "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3" - }, - { - "name": "panel_1", - "type": "visualization", - "id": "b2548270-eb98-11e9-a384-0fcf32210194" - }, - { - "name": "panel_2", - "type": "visualization", - "id": "3c2b11d0-eb99-11e9-a384-0fcf32210194" - }, - { - "name": "panel_3", - "type": "visualization", - "id": "c3b30a40-5682-11eb-a702-bff6ecd13bea" - }, - { - "name": "panel_4", - "type": "visualization", - "id": "378fefe0-cab6-11ea-84cd-4f7b1f416f80" - }, - { - "name": "panel_5", - "type": "visualization", - "id": "6f73cf80-cb7e-11ea-b8b9-778c41cae039" - }, - { - "name": "panel_6", - "type": "visualization", - "id": "4ce6e380-cab6-11ea-84cd-4f7b1f416f80" - }, - { - "name": "panel_7", - "type": "visualization", - "id": "fa86bb10-cab0-11ea-84cd-4f7b1f416f80" - }, - { - "name": "panel_8", - "type": "visualization", - "id": "5f626310-ca96-11ea-8578-f3ff6bdd82b2" - }, - { - "name": "panel_9", - "type": "search", - "id": "ca878ac0-c790-11ea-8578-f3ff6bdd82b2" - }, - { - "name": "panel_10", - "type": "search", - "id": "f75bfb80-c790-11ea-8578-f3ff6bdd82b2" - }, - { - "name": "panel_11", - "type": "search", - "id": "972f9f00-c790-11ea-8578-f3ff6bdd82b2" - }, - { - "name": "panel_12", - "type": "search", - "id": "a2d6d220-caaa-11ea-84cd-4f7b1f416f80" - } - ], - "migrationVersion": { - "dashboard": "7.9.3" - } - }, - { - "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-02-14T15:27:15.763Z", - "version": "Wzc4NSwxXQ==", - "attributes": { - "title": "Network Logs", - "visState": "{\"title\":\"Network Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576) \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405) \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf) \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330) \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4) \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed) \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714) \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3) \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85) \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11) \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f) \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b) \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1) \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed) \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5) \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f) \\n[↪ NetBox](/netbox/) \\n[↪ Arkime](/arkime/) \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406) ● [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e) ● [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9) ● [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48) ● [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) ● [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3) ● [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673) ● [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24) ● [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105) ● [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6) ● [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37) ● [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586) ● [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0) ● [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c) ● [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970) ● [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0) ● [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26) ● [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa) ● [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773) ● [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f) ● [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab) ● [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238) ● [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3) ● [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd) ● [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d) ● [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88) ● [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2) ● [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194) ● [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad) ● [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3) ● [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4) ● [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194) ● [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7) ● [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8) ● [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4) ● [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194) ● [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194) ● [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4) ● [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}", - "uiStateJSON": "{}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}" - } - }, - "references": [], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "b2548270-eb98-11e9-a384-0fcf32210194", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-02-14T15:26:21.141Z", - "version": "WzE3MywxXQ==", - "attributes": { - "title": "EtherNet/IP - Log Count", - "visState": "{\"title\":\"EtherNet/IP - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":36}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Log Count\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"event.dataset\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Log Type\"}}]}", - "uiStateJSON": "{}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"event.dataset:(enip* OR cip*)\",\"language\":\"lucene\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" - } - }, - "references": [ - { - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern", - "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "3c2b11d0-eb99-11e9-a384-0fcf32210194", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-02-14T15:26:21.141Z", - "version": "WzE3NCwxXQ==", - "attributes": { - "title": "EtherNet/IP - Logs Over Time", - "visState": "{\"title\":\"EtherNet/IP - Logs Over Time\",\"type\":\"histogram\",\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"square root\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"times\":[],\"addTimeMarker\":false,\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"dimensions\":{\"x\":{\"accessor\":0,\"format\":{\"id\":\"date\",\"params\":{\"pattern\":\"YYYY\"}},\"params\":{\"date\":true,\"interval\":\"P365D\",\"intervalESValue\":365,\"intervalESUnit\":\"d\",\"format\":\"YYYY\",\"bounds\":{\"min\":\"1971-01-14T16:48:06.557Z\",\"max\":\"2021-01-14T16:48:06.557Z\"}},\"label\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER per 365 days\",\"aggType\":\"date_histogram\"},\"y\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"series\":[{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Log Type\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER\",\"timeRange\":{\"from\":\"now-50y\",\"to\":\"now\"},\"useNormalizedEsInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\" \"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"event.dataset\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Log Type\"}}]}", - "uiStateJSON": "{\"vis\":{\"legendOpen\":true}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"event.dataset:(enip* OR cip*)\",\"language\":\"lucene\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" - } - }, - "references": [ - { - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern", - "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "c3b30a40-5682-11eb-a702-bff6ecd13bea", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-02-14T15:26:21.141Z", - "version": "WzE3NSwxXQ==", - "attributes": { - "title": "Ethernet/IP - Commands", - "visState": "{\"title\":\"Ethernet/IP - Commands\",\"type\":\"horizontal_bar\",\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"square root\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"dimensions\":{\"x\":{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"\"}},\"params\":{},\"label\":\"Command\",\"aggType\":\"terms\"},\"y\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"\",\"customLabel\":\"Command\"}}]}", - "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "972f9f00-c790-11ea-8578-f3ff6bdd82b2" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "378fefe0-cab6-11ea-84cd-4f7b1f416f80", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-02-14T15:26:21.141Z", - "version": "WzE3OCwxXQ==", - "attributes": { - "title": "EtherNet/IP - Source IP", - "visState": "{\"title\":\"EtherNet/IP - Source IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"}}]}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"event.dataset:(\\\"enip\\\" OR \\\"cip\\\" OR \\\"cip_io\\\")\",\"language\":\"lucene\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" - } - }, - "references": [ - { - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern", - "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "6f73cf80-cb7e-11ea-b8b9-778c41cae039", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-02-14T15:26:21.141Z", - "version": "WzE4MCwxXQ==", - "attributes": { - "title": "CIP - Device Identity", - "visState": "{\"title\":\"CIP - Device Identity\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":4,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"N/A\"}},\"params\":{},\"label\":\"Serial Number\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.cip_identity.product_name\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"N/A\",\"customLabel\":\"Product Name\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.cip_identity.device_type_name\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"N/A\",\"customLabel\":\"Device Type\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.cip_identity.vendor_name\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"N/A\",\"customLabel\":\"Vendor Name\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.cip_identity.serial_number\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"N/A\",\"customLabel\":\"Serial Number\"}},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.cip_identity.revision\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"N/A\",\"customLabel\":\"Revision Number\"}}]}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", - "description": "CIP Identity Results", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "f75bfb80-c790-11ea-8578-f3ff6bdd82b2" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "4ce6e380-cab6-11ea-84cd-4f7b1f416f80", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-02-14T15:26:21.141Z", - "version": "WzE3NywxXQ==", - "attributes": { - "title": "EtherNet/IP - Destination IP", - "visState": "{\"title\":\"EtherNet/IP - Destination IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Source IP\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"}}]}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"event.dataset:(\\\"enip\\\" OR \\\"cip\\\" OR \\\"cip_io\\\")\",\"language\":\"lucene\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" - } - }, - "references": [ - { - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern", - "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "fa86bb10-cab0-11ea-84cd-4f7b1f416f80", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-02-14T15:26:21.141Z", - "version": "WzE3NiwxXQ==", - "attributes": { - "title": "CIP - Services", - "visState": "{\"title\":\"CIP - Services\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":3,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Request/Response\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"CIP Service\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.result\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Status\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.cip.direction\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Request/Response\"}}]}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", - "description": "CIP Services and Status", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "ca878ac0-c790-11ea-8578-f3ff6bdd82b2" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "5f626310-ca96-11ea-8578-f3ff6bdd82b2", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-02-14T15:26:21.141Z", - "version": "WzE3OSwxXQ==", - "attributes": { - "title": "EtherNet/IP - Detailed Information", - "visState": "{\"title\":\"EtherNet/IP - Detailed Information\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":5,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Data Length\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.enip.session_handle\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Session Identifier\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.enip.sender_context\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Sender Context\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"EtherNet/IP Command\"}},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.enip.length\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Data Length\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.result\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Status\"}}]}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", - "description": "Includes: Session Identifier, Sender Context, EtherNet/IP Command, Data Length, and Status", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "972f9f00-c790-11ea-8578-f3ff6bdd82b2" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "ca878ac0-c790-11ea-8578-f3ff6bdd82b2", - "type": "search", - "namespaces": [ - "default" - ], - "updated_at": "2022-02-14T15:26:21.141Z", - "version": "WzE4MSwxXQ==", - "attributes": { - "title": "CIP - Logs", - "description": "", - "hits": 0, - "columns": [ - "source.ip", - "destination.ip", - "event.action", - "event.result", - "zeek.cip.direction", - "zeek.cip.cip_sequence_count", - "zeek.cip.class_id", - "zeek.cip.class_name", - "zeek.cip.instance_id" - ], - "sort": [ - [ - "MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER", - "desc" - ] - ], - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"filter\":[],\"query\":{\"query\":\"event.dataset:cip\",\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" - } - }, - "references": [ - { - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern", - "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" - } - ], - "migrationVersion": { - "search": "7.9.3" - } - }, - { - "id": "f75bfb80-c790-11ea-8578-f3ff6bdd82b2", - "type": "search", - "namespaces": [ - "default" - ], - "updated_at": "2022-02-14T15:26:21.141Z", - "version": "WzE4MiwxXQ==", - "attributes": { - "title": "CIP - Identity Logs", - "description": "", - "hits": 0, - "columns": [ - "source.ip", - "destination.ip", - "zeek.cip_identity.device_type_name", - "zeek.cip_identity.product_name", - "zeek.cip_identity.vendor_name", - "zeek.cip_identity.revision", - "zeek.cip_identity.serial_number" - ], - "sort": [ - [ - "MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER", - "desc" - ] - ], - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"filter\":[],\"query\":{\"query\":\"event.dataset:cip_identity\",\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" - } - }, - "references": [ - { - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern", - "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" - } - ], - "migrationVersion": { - "search": "7.9.3" - } - }, - { - "id": "972f9f00-c790-11ea-8578-f3ff6bdd82b2", - "type": "search", - "namespaces": [ - "default" - ], - "updated_at": "2022-02-14T15:26:21.141Z", - "version": "WzE4MywxXQ==", - "attributes": { - "title": "Ethernet/IP - Logs", - "description": "", - "hits": 0, - "columns": [ - "source.ip", - "destination.ip", - "event.action", - "event.result", - "zeek.enip.options", - "zeek.enip.sender_context", - "zeek.enip.session_handle", - "event.id" - ], - "sort": [ - [ - "MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER", - "desc" - ] - ], - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"filter\":[],\"query\":{\"query\":\"event.dataset:enip\",\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" - } - }, - "references": [ - { - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern", - "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" - } - ], - "migrationVersion": { - "search": "7.9.3" - } - }, - { - "id": "a2d6d220-caaa-11ea-84cd-4f7b1f416f80", - "type": "search", - "namespaces": [ - "default" - ], - "updated_at": "2022-02-14T15:26:21.141Z", - "version": "WzE4NCwxXQ==", - "attributes": { - "title": "CIP - IO Logs", - "description": "", - "hits": 0, - "columns": [ - "source.ip", - "destination.ip", - "zeek.cip_io.connection_id", - "zeek.cip_io.sequence_number", - "zeek.cip_io.data_length", - "event.id" - ], - "sort": [ - [ - "MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER", - "desc" - ] - ], - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"filter\":[],\"query\":{\"query\":\"event.dataset:cip_io\",\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" - } - }, - "references": [ - { - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern", - "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" - } - ], - "migrationVersion": { - "search": "7.9.3" - } - } - ] +{ + "version": "1.2.0", + "objects": [ + { + "id": "29a1b290-eb98-11e9-a384-0fcf32210194", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-02-14T15:38:50.396Z", + "version": "WzEwNDMsMV0=", + "attributes": { + "title": "EtherNet/IP", + "hits": 0, + "description": "Dashboard for Ethernet/IP and CIP Protocols", + "panelsJSON": "[{\"version\":\"1.2.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":37,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"1.2.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":9,\"h\":19,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"1.2.0\",\"gridData\":{\"x\":17,\"y\":0,\"w\":31,\"h\":19,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"legendOpen\":false,\"vis\":{\"legendOpen\":true}},\"panelRefName\":\"panel_2\"},{\"version\":\"1.2.0\",\"gridData\":{\"x\":8,\"y\":19,\"w\":28,\"h\":18,\"i\":\"5bbd48d6-a3e7-4b7e-9c1d-9883d519dc76\"},\"panelIndex\":\"5bbd48d6-a3e7-4b7e-9c1d-9883d519dc76\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"1.2.0\",\"gridData\":{\"x\":36,\"y\":19,\"w\":12,\"h\":18,\"i\":\"c25cc903-12d2-43af-9841-89bba26a32a9\"},\"panelIndex\":\"c25cc903-12d2-43af-9841-89bba26a32a9\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}},\"panelRefName\":\"panel_4\"},{\"version\":\"1.2.0\",\"gridData\":{\"x\":0,\"y\":37,\"w\":36,\"h\":18,\"i\":\"a66a1ab3-eeaf-4c7b-a56e-b8663be6ab9f\"},\"panelIndex\":\"a66a1ab3-eeaf-4c7b-a56e-b8663be6ab9f\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":5,\"direction\":\"desc\"}}}},\"panelRefName\":\"panel_5\"},{\"version\":\"1.2.0\",\"gridData\":{\"x\":36,\"y\":37,\"w\":12,\"h\":18,\"i\":\"a73b04d1-99ec-42e7-858d-5edd5c8ae15a\"},\"panelIndex\":\"a73b04d1-99ec-42e7-858d-5edd5c8ae15a\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}},\"panelRefName\":\"panel_6\"},{\"version\":\"1.2.0\",\"gridData\":{\"x\":0,\"y\":55,\"w\":21,\"h\":18,\"i\":\"a38de599-91bf-4ce0-9ba1-fcdacb57c943\"},\"panelIndex\":\"a38de599-91bf-4ce0-9ba1-fcdacb57c943\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}},\"panelRefName\":\"panel_7\"},{\"version\":\"1.2.0\",\"gridData\":{\"x\":21,\"y\":55,\"w\":27,\"h\":18,\"i\":\"7ccb6ae1-5068-4a2d-b147-2baa12a7ac92\"},\"panelIndex\":\"7ccb6ae1-5068-4a2d-b147-2baa12a7ac92\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":5,\"direction\":\"desc\"}}}},\"panelRefName\":\"panel_8\"},{\"version\":\"1.2.0\",\"gridData\":{\"x\":0,\"y\":73,\"w\":48,\"h\":19,\"i\":\"bb66342b-bad1-4592-b5cf-18fbe68ec1a2\"},\"panelIndex\":\"bb66342b-bad1-4592-b5cf-18fbe68ec1a2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"},{\"version\":\"1.2.0\",\"gridData\":{\"x\":0,\"y\":92,\"w\":48,\"h\":13,\"i\":\"faa4d891-2c11-4393-acec-cea800f017e7\"},\"panelIndex\":\"faa4d891-2c11-4393-acec-cea800f017e7\",\"embeddableConfig\":{},\"panelRefName\":\"panel_10\"},{\"version\":\"1.2.0\",\"gridData\":{\"x\":0,\"y\":105,\"w\":48,\"h\":16,\"i\":\"4608eca0-796d-4482-b62a-887c799e423f\"},\"panelIndex\":\"4608eca0-796d-4482-b62a-887c799e423f\",\"embeddableConfig\":{},\"panelRefName\":\"panel_11\"},{\"version\":\"1.2.0\",\"gridData\":{\"x\":0,\"y\":121,\"w\":48,\"h\":16,\"i\":\"9d193b0a-a8d1-48ad-88cc-16a325686f91\"},\"panelIndex\":\"9d193b0a-a8d1-48ad-88cc-16a325686f91\",\"embeddableConfig\":{},\"panelRefName\":\"panel_12\"}]", + "optionsJSON": "{\"useMargins\":true}", + "version": 1, + "timeRestore": false, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"*\"},\"filter\":[]}" + } + }, + "references": [ + { + "name": "panel_0", + "type": "visualization", + "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3" + }, + { + "name": "panel_1", + "type": "visualization", + "id": "b2548270-eb98-11e9-a384-0fcf32210194" + }, + { + "name": "panel_2", + "type": "visualization", + "id": "3c2b11d0-eb99-11e9-a384-0fcf32210194" + }, + { + "name": "panel_3", + "type": "visualization", + "id": "c3b30a40-5682-11eb-a702-bff6ecd13bea" + }, + { + "name": "panel_4", + "type": "visualization", + "id": "378fefe0-cab6-11ea-84cd-4f7b1f416f80" + }, + { + "name": "panel_5", + "type": "visualization", + "id": "6f73cf80-cb7e-11ea-b8b9-778c41cae039" + }, + { + "name": "panel_6", + "type": "visualization", + "id": "4ce6e380-cab6-11ea-84cd-4f7b1f416f80" + }, + { + "name": "panel_7", + "type": "visualization", + "id": "fa86bb10-cab0-11ea-84cd-4f7b1f416f80" + }, + { + "name": "panel_8", + "type": "visualization", + "id": "5f626310-ca96-11ea-8578-f3ff6bdd82b2" + }, + { + "name": "panel_9", + "type": "search", + "id": "ca878ac0-c790-11ea-8578-f3ff6bdd82b2" + }, + { + "name": "panel_10", + "type": "search", + "id": "f75bfb80-c790-11ea-8578-f3ff6bdd82b2" + }, + { + "name": "panel_11", + "type": "search", + "id": "972f9f00-c790-11ea-8578-f3ff6bdd82b2" + }, + { + "name": "panel_12", + "type": "search", + "id": "a2d6d220-caaa-11ea-84cd-4f7b1f416f80" + } + ], + "migrationVersion": { + "dashboard": "7.9.3" + } + }, + { + "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-02-14T15:27:15.763Z", + "version": "Wzc4NSwxXQ==", + "attributes": { + "title": "Network Logs", + "visState": "{\"title\":\"Network Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576) \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405) \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf) \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330) \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4) \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed) \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714) \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3) \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85) \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11) \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f) \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b) \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1) \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed) \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5) \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f) \\n[↪ NetBox](/netbox/) \\n[↪ Arkime](/arkime/) \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406) ● [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e) ● [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9) ● [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48) ● [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) ● [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3) ● [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673) ● [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24) ● [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105) ● [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6) ● [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37) ● [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586) ● [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0) ● [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c) ● [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970) ● [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0) ● [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26) ● [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa) ● [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773) ● [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f) ● [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab) ● [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238) ● [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3) ● [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd) ● [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d) ● [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88) ● [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2) ● [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194) ● [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad) ● [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3) ● [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4) ● [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194) ● [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7) ● [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8) ● [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4) ● [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194) ● [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194) ● [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4) ● [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}", + "uiStateJSON": "{}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}" + } + }, + "references": [], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "b2548270-eb98-11e9-a384-0fcf32210194", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-02-14T15:26:21.141Z", + "version": "WzE3MywxXQ==", + "attributes": { + "title": "EtherNet/IP - Log Count", + "visState": "{\"title\":\"EtherNet/IP - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":36}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Log Count\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"event.dataset\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Log Type\"}}]}", + "uiStateJSON": "{}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"event.dataset:(enip* OR cip*)\",\"language\":\"lucene\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" + } + }, + "references": [ + { + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern", + "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "3c2b11d0-eb99-11e9-a384-0fcf32210194", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-02-14T15:26:21.141Z", + "version": "WzE3NCwxXQ==", + "attributes": { + "title": "EtherNet/IP - Logs Over Time", + "visState": "{\"title\":\"EtherNet/IP - Logs Over Time\",\"type\":\"histogram\",\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"square root\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"times\":[],\"addTimeMarker\":false,\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"dimensions\":{\"x\":{\"accessor\":0,\"format\":{\"id\":\"date\",\"params\":{\"pattern\":\"YYYY\"}},\"params\":{\"date\":true,\"interval\":\"P365D\",\"intervalESValue\":365,\"intervalESUnit\":\"d\",\"format\":\"YYYY\",\"bounds\":{\"min\":\"1971-01-14T16:48:06.557Z\",\"max\":\"2021-01-14T16:48:06.557Z\"}},\"label\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER per 365 days\",\"aggType\":\"date_histogram\"},\"y\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"series\":[{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Log Type\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER\",\"timeRange\":{\"from\":\"now-50y\",\"to\":\"now\"},\"useNormalizedEsInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\" \"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"event.dataset\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Log Type\"}}]}", + "uiStateJSON": "{\"vis\":{\"legendOpen\":true}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"event.dataset:(enip* OR cip*)\",\"language\":\"lucene\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" + } + }, + "references": [ + { + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern", + "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "c3b30a40-5682-11eb-a702-bff6ecd13bea", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-02-14T15:26:21.141Z", + "version": "WzE3NSwxXQ==", + "attributes": { + "title": "Ethernet/IP - Commands", + "visState": "{\"title\":\"Ethernet/IP - Commands\",\"type\":\"horizontal_bar\",\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"square root\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"dimensions\":{\"x\":{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"\"}},\"params\":{},\"label\":\"Command\",\"aggType\":\"terms\"},\"y\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"\",\"customLabel\":\"Command\"}}]}", + "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "972f9f00-c790-11ea-8578-f3ff6bdd82b2" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "378fefe0-cab6-11ea-84cd-4f7b1f416f80", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-02-14T15:26:21.141Z", + "version": "WzE3OCwxXQ==", + "attributes": { + "title": "EtherNet/IP - Source IP", + "visState": "{\"title\":\"EtherNet/IP - Source IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"}}]}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"event.dataset:(\\\"enip\\\" OR \\\"cip\\\" OR \\\"cip_io\\\")\",\"language\":\"lucene\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" + } + }, + "references": [ + { + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern", + "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "6f73cf80-cb7e-11ea-b8b9-778c41cae039", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-02-14T15:26:21.141Z", + "version": "WzE4MCwxXQ==", + "attributes": { + "title": "CIP - Device Identity", + "visState": "{\"title\":\"CIP - Device Identity\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":4,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"N/A\"}},\"params\":{},\"label\":\"Serial Number\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.cip_identity.product_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"N/A\",\"customLabel\":\"Product Name\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.cip_identity.device_type_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"N/A\",\"customLabel\":\"Device Type\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.cip_identity.vendor_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"N/A\",\"customLabel\":\"Vendor Name\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.cip_identity.serial_number\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"N/A\",\"customLabel\":\"Serial Number\"}},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.cip_identity.revision\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"N/A\",\"customLabel\":\"Revision Number\"}}]}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "description": "CIP Identity Results", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "f75bfb80-c790-11ea-8578-f3ff6bdd82b2" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "4ce6e380-cab6-11ea-84cd-4f7b1f416f80", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-02-14T15:26:21.141Z", + "version": "WzE3NywxXQ==", + "attributes": { + "title": "EtherNet/IP - Destination IP", + "visState": "{\"title\":\"EtherNet/IP - Destination IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Source IP\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"}}]}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"event.dataset:(\\\"enip\\\" OR \\\"cip\\\" OR \\\"cip_io\\\")\",\"language\":\"lucene\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" + } + }, + "references": [ + { + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern", + "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "fa86bb10-cab0-11ea-84cd-4f7b1f416f80", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-02-14T15:26:21.141Z", + "version": "WzE3NiwxXQ==", + "attributes": { + "title": "CIP - Services", + "visState": "{\"title\":\"CIP - Services\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":3,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Request/Response\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":500,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"CIP Service\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.result\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Status\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.cip.direction\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Request/Response\"}}]}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "description": "CIP Services and Status", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "ca878ac0-c790-11ea-8578-f3ff6bdd82b2" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "5f626310-ca96-11ea-8578-f3ff6bdd82b2", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-02-14T15:26:21.141Z", + "version": "WzE3OSwxXQ==", + "attributes": { + "title": "EtherNet/IP - Detailed Information", + "visState": "{\"title\":\"EtherNet/IP - Detailed Information\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":5,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Data Length\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.enip.session_handle\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":500,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Session Identifier\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.enip.sender_context\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Sender Context\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"EtherNet/IP Command\"}},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.enip.length\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Data Length\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.result\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Status\"}}]}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "description": "Includes: Session Identifier, Sender Context, EtherNet/IP Command, Data Length, and Status", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "972f9f00-c790-11ea-8578-f3ff6bdd82b2" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "ca878ac0-c790-11ea-8578-f3ff6bdd82b2", + "type": "search", + "namespaces": [ + "default" + ], + "updated_at": "2022-02-14T15:26:21.141Z", + "version": "WzE4MSwxXQ==", + "attributes": { + "title": "CIP - Logs", + "description": "", + "hits": 0, + "columns": [ + "source.ip", + "destination.ip", + "event.action", + "event.result", + "zeek.cip.direction", + "zeek.cip.cip_sequence_count", + "zeek.cip.class_id", + "zeek.cip.class_name", + "zeek.cip.instance_id" + ], + "sort": [ + [ + "MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER", + "desc" + ] + ], + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"filter\":[],\"query\":{\"query\":\"event.dataset:cip\",\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" + } + }, + "references": [ + { + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern", + "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" + } + ], + "migrationVersion": { + "search": "7.9.3" + } + }, + { + "id": "f75bfb80-c790-11ea-8578-f3ff6bdd82b2", + "type": "search", + "namespaces": [ + "default" + ], + "updated_at": "2022-02-14T15:26:21.141Z", + "version": "WzE4MiwxXQ==", + "attributes": { + "title": "CIP - Identity Logs", + "description": "", + "hits": 0, + "columns": [ + "source.ip", + "destination.ip", + "zeek.cip_identity.device_type_name", + "zeek.cip_identity.product_name", + "zeek.cip_identity.vendor_name", + "zeek.cip_identity.revision", + "zeek.cip_identity.serial_number" + ], + "sort": [ + [ + "MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER", + "desc" + ] + ], + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"filter\":[],\"query\":{\"query\":\"event.dataset:cip_identity\",\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" + } + }, + "references": [ + { + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern", + "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" + } + ], + "migrationVersion": { + "search": "7.9.3" + } + }, + { + "id": "972f9f00-c790-11ea-8578-f3ff6bdd82b2", + "type": "search", + "namespaces": [ + "default" + ], + "updated_at": "2022-02-14T15:26:21.141Z", + "version": "WzE4MywxXQ==", + "attributes": { + "title": "Ethernet/IP - Logs", + "description": "", + "hits": 0, + "columns": [ + "source.ip", + "destination.ip", + "event.action", + "event.result", + "zeek.enip.options", + "zeek.enip.sender_context", + "zeek.enip.session_handle", + "event.id" + ], + "sort": [ + [ + "MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER", + "desc" + ] + ], + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"filter\":[],\"query\":{\"query\":\"event.dataset:enip\",\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" + } + }, + "references": [ + { + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern", + "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" + } + ], + "migrationVersion": { + "search": "7.9.3" + } + }, + { + "id": "a2d6d220-caaa-11ea-84cd-4f7b1f416f80", + "type": "search", + "namespaces": [ + "default" + ], + "updated_at": "2022-02-14T15:26:21.141Z", + "version": "WzE4NCwxXQ==", + "attributes": { + "title": "CIP - IO Logs", + "description": "", + "hits": 0, + "columns": [ + "source.ip", + "destination.ip", + "zeek.cip_io.connection_id", + "zeek.cip_io.sequence_number", + "zeek.cip_io.data_length", + "event.id" + ], + "sort": [ + [ + "MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER", + "desc" + ] + ], + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"filter\":[],\"query\":{\"query\":\"event.dataset:cip_io\",\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" + } + }, + "references": [ + { + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern", + "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" + } + ], + "migrationVersion": { + "search": "7.9.3" + } + } + ] } \ No newline at end of file diff --git a/dashboards/dashboards/2bec1490-eb94-11e9-a384-0fcf32210194.json b/dashboards/dashboards/2bec1490-eb94-11e9-a384-0fcf32210194.json index 088ecb159..2efe353b4 100644 --- a/dashboards/dashboards/2bec1490-eb94-11e9-a384-0fcf32210194.json +++ b/dashboards/dashboards/2bec1490-eb94-11e9-a384-0fcf32210194.json @@ -223,7 +223,7 @@ "version": "WzE5NiwxXQ==", "attributes": { "title": "BACnet - BVLC Functions", - "visState": "{\"title\":\"BACnet - BVLC Functions\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.bacnet.bvlc_function\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"BVLC Function\"}}]}", + "visState": "{\"title\":\"BACnet - BVLC Functions\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.bacnet.bvlc_function\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"BVLC Function\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "BACnet Virtual Link Control Functions (Link-Layer Control)", "version": 1, @@ -253,7 +253,7 @@ "version": "WzE5NywxXQ==", "attributes": { "title": "BACnet - Protocol Data Units (PDUs)", - "visState": "{\"title\":\"BACnet - Protocol Data Units (PDUs)\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":0,\"direction\":\"asc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"PDU Service\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.bacnet.pdu_service\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"PDU Service\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.bacnet.pdu_type\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"PDU Type\"}}]}", + "visState": "{\"title\":\"BACnet - Protocol Data Units (PDUs)\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":0,\"direction\":\"asc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"PDU Service\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.bacnet.pdu_service\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"PDU Service\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.bacnet.pdu_type\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"PDU Type\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", "description": "BACnet Application Layer Protocol Data Unit types and services", "version": 1, @@ -283,7 +283,7 @@ "version": "Wzk1NSwxXQ==", "attributes": { "title": "BACnet - Actions and Results", - "visState": "{\"title\":\"BACnet - Actions and Results\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Action\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.result\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Result\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"BACnet - Actions and Results\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Action\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.result\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Result\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"sortColumn\":{\"colIndex\":2,\"direction\":\"desc\"}}}", "description": "", "version": 1, @@ -312,7 +312,7 @@ "version": "WzE5OSwxXQ==", "attributes": { "title": "BACnet - Source IP", - "visState": "{\"title\":\"BACnet - Source IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"}}]}", + "visState": "{\"title\":\"BACnet - Source IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "Source IP Addresses from bacnet.log", "version": 1, @@ -341,7 +341,7 @@ "version": "WzIwMCwxXQ==", "attributes": { "title": "BACnet - Destination IP", - "visState": "{\"title\":\"BACnet - Destination IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Source IP\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"}}]}", + "visState": "{\"title\":\"BACnet - Destination IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Source IP\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "Destination IP Addresses from bacnet.log", "version": 1, @@ -370,7 +370,7 @@ "version": "WzIwMywxXQ==", "attributes": { "title": "BACnet - Device Discovery", - "visState": "{\"title\":\"BACnet - Device Discovery\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":4,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":4,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Vendor\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.bacnet_discovery.object_type\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Object Type\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.bacnet.instance_number\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Identifier\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.bacnet.pdu_service\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"PDU Service\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.bacnet_discovery.vendor\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Vendor\"}}]}", + "visState": "{\"title\":\"BACnet - Device Discovery\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":4,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":4,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Vendor\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.bacnet_discovery.object_type\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Object Type\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.bacnet.instance_number\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Identifier\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.bacnet.pdu_service\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"PDU Service\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.bacnet_discovery.vendor\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Vendor\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":4,\"direction\":\"desc\"}}}}", "description": "Results from BACnet i-am and i-have commands", "version": 1, @@ -400,7 +400,7 @@ "version": "WzIwMiwxXQ==", "attributes": { "title": "BACnet - Read and Write Property ", - "visState": "{\"title\":\"BACnet - Read and Write Property \",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":6,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":6,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Property Value\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.bacnet_property.object_type\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Object Type\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.bacnet.instance_number\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Object Identifier\"}},{\"id\":\"7\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.bacnet.pdu_service\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"PDU Service\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.bacnet_property.property\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Property Type\"}},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.bacnet_property.value\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Property Value\"}}]}", + "visState": "{\"title\":\"BACnet - Read and Write Property \",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":6,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":6,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Property Value\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.bacnet_property.object_type\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Object Type\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.bacnet.instance_number\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":500,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Object Identifier\"}},{\"id\":\"7\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.bacnet.pdu_service\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"PDU Service\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.bacnet_property.property\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Property Type\"}},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.bacnet_property.value\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Property Value\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":6,\"direction\":\"desc\"}}}}", "description": "Results from BACnet Read-Property and Write-Property Commands", "version": 1, diff --git a/dashboards/dashboards/2cc56240-e460-11ed-a9d5-9f591c284cb4.json b/dashboards/dashboards/2cc56240-e460-11ed-a9d5-9f591c284cb4.json index bfaa46e8d..a1f6c52b3 100644 --- a/dashboards/dashboards/2cc56240-e460-11ed-a9d5-9f591c284cb4.json +++ b/dashboards/dashboards/2cc56240-e460-11ed-a9d5-9f591c284cb4.json @@ -205,7 +205,7 @@ "version": "WzIxMSwxXQ==", "attributes": { "title": "Synchrophasor - Source", - "visState": "{\"title\":\"Synchrophasor - Source\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Synchrophasor - Source\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{}", "description": "", "version": 1, @@ -235,7 +235,7 @@ "version": "WzIxMiwxXQ==", "attributes": { "title": "Synchrophasor - Destination", - "visState": "{\"title\":\"Synchrophasor - Destination\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Port\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Synchrophasor - Destination\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Port\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{}", "description": "", "version": 1, @@ -355,7 +355,7 @@ "version": "Wzk0NiwxXQ==", "attributes": { "title": "Synchrophasor - Stations", - "visState": "{\"title\":\"Synchrophasor - Stations\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.synchrophasor_cfg_detail.station_name\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Station\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Synchrophasor - Stations\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.synchrophasor_cfg_detail.station_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Station\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{}", "description": "", "version": 1, @@ -385,7 +385,7 @@ "version": "Wzk0NSwxXQ==", "attributes": { "title": "Synchrophasor - Phasors", - "visState": "{\"title\":\"Synchrophasor - Phasors\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.synchrophasor_cfg_detail.phnam\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Phasor\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Synchrophasor - Phasors\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.synchrophasor_cfg_detail.phnam\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Phasor\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{}", "description": "", "version": 1, @@ -415,7 +415,7 @@ "version": "WzkzNywxXQ==", "attributes": { "title": "Synchrophasor - Analog Channels", - "visState": "{\"title\":\"Synchrophasor - Analog Channels\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.synchrophasor_cfg_detail.annam\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Analog Channel\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Synchrophasor - Analog Channels\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.synchrophasor_cfg_detail.annam\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Analog Channel\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{}", "description": "", "version": 1, @@ -445,7 +445,7 @@ "version": "Wzk0MSwxXQ==", "attributes": { "title": "Synchrophasor - Digital Channels", - "visState": "{\"title\":\"Synchrophasor - Digital Channels\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.synchrophasor_cfg_detail.dgnam\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Digital Channel\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Synchrophasor - Digital Channels\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.synchrophasor_cfg_detail.dgnam\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Digital Channel\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{}", "description": "", "version": 1, diff --git a/dashboards/dashboards/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9.json b/dashboards/dashboards/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9.json index 380f284c7..a6934fea2 100644 --- a/dashboards/dashboards/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9.json +++ b/dashboards/dashboards/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9.json @@ -130,7 +130,7 @@ "version": "WzM1MSwxXQ==", "attributes": { "title": "DNS - Server", - "visState": "{\"title\":\"DNS - Server\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"type\":\"table\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Server\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"DNS - Server\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"type\":\"table\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Server\"}}],\"listeners\":{}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, @@ -159,7 +159,7 @@ "updated_at": "2021-05-11T12:24:17.423Z", "version": "WzM1MiwxXQ==", "attributes": { - "visState": "{\"title\":\"DNS - Client\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Client\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"DNS - Client\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Client\"}}],\"listeners\":{}}", "description": "", "title": "DNS - Client", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -219,7 +219,7 @@ "updated_at": "2021-05-11T12:24:17.423Z", "version": "WzM1NCwxXQ==", "attributes": { - "visState": "{\"title\":\"DNS - Query/Answer\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dns.query\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Query\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dns.answers\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Answer\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"DNS - Query/Answer\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dns.query\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Query\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dns.answers\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Answer\"}}],\"listeners\":{}}", "description": "", "title": "DNS - Query/Answer", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -340,7 +340,7 @@ "version": "WzM1OCwxXQ==", "attributes": { "title": "DNS - Answers", - "visState": "{\"title\":\"DNS - Answers\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dns.answers\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Answer\"}}]}", + "visState": "{\"title\":\"DNS - Answers\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dns.answers\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Answer\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, @@ -370,7 +370,7 @@ "version": "WzM1OSwxXQ==", "attributes": { "title": "DNS - Response Code (Name)", - "visState": "{\"title\":\"DNS - Response Code (Name)\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dns.rcode_name\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Response Code (Name)\"}}]}", + "visState": "{\"title\":\"DNS - Response Code (Name)\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dns.rcode_name\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Response Code (Name)\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, @@ -400,7 +400,7 @@ "version": "WzM2MCwxXQ==", "attributes": { "title": "DNS - Query Type", - "visState": "{\"title\":\"DNS - Query Type\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dns.qtype_name\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Query Type\"}}]}", + "visState": "{\"title\":\"DNS - Query Type\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dns.qtype_name\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Query Type\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, @@ -460,7 +460,7 @@ "version": "WzYzMSwxXQ==", "attributes": { "title": "DNS Queries by Randomness", - "visState": "{\"title\":\"DNS Queries by Randomness\",\"type\":\"table\",\"params\":{\"dimensions\":{\"buckets\":[{\"accessor\":0,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\"}},\"params\":{}},{\"accessor\":1,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\"}},\"params\":{}}],\"metrics\":[{\"accessor\":2,\"aggType\":\"count\",\"format\":{\"id\":\"number\"},\"params\":{}}]},\"perPage\":10,\"percentageCol\":\"\",\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":1,\"direction\":\"asc\"},\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dns.host\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"DNS Query\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.freq_score_v1\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Randomness Score (method 1)\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.freq_score_v2\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Randomness Score (method 2)\"}}]}", + "visState": "{\"title\":\"DNS Queries by Randomness\",\"type\":\"table\",\"params\":{\"dimensions\":{\"buckets\":[{\"accessor\":0,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\"}},\"params\":{}},{\"accessor\":1,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\"}},\"params\":{}}],\"metrics\":[{\"accessor\":2,\"aggType\":\"count\",\"format\":{\"id\":\"number\"},\"params\":{}}]},\"perPage\":10,\"percentageCol\":\"\",\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":1,\"direction\":\"asc\"},\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dns.host\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":500,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"DNS Query\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.freq_score_v1\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Randomness Score (method 1)\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.freq_score_v2\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Randomness Score (method 2)\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"asc\"}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/2d98bb8e-214c-4374-837b-20e1bcd63a5e.json b/dashboards/dashboards/2d98bb8e-214c-4374-837b-20e1bcd63a5e.json index b4f0842b1..340240a7e 100644 --- a/dashboards/dashboards/2d98bb8e-214c-4374-837b-20e1bcd63a5e.json +++ b/dashboards/dashboards/2d98bb8e-214c-4374-837b-20e1bcd63a5e.json @@ -139,7 +139,7 @@ "updated_at": "2021-02-10T21:24:21.144Z", "version": "WzMzMSwxXQ==", "attributes": { - "visState": "{\"title\":\"DHCP - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"DHCP - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", "description": "", "title": "DHCP - Destination IP Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -169,7 +169,7 @@ "updated_at": "2021-02-10T21:24:21.144Z", "version": "WzMzMiwxXQ==", "attributes": { - "visState": "{\"title\":\"DHCP - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"DHCP - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", "description": "", "title": "DHCP - Source IP Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -199,7 +199,7 @@ "updated_at": "2021-02-10T21:24:21.144Z", "version": "WzMzMywxXQ==", "attributes": { - "visState": "{\"title\":\"DHCP - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"DHCP - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}", "description": "", "title": "DHCP - Destination Port", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -260,7 +260,7 @@ "version": "WzMzNSwxXQ==", "attributes": { "title": "DHCP - IP to MAC Assignment", - "visState": "{\"title\":\"DHCP - IP to MAC Assignment\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dhcp.assigned_ip\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Assigned IP Address\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dhcp.mac\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"MAC Address\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source IP Address\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination IP Address\"}}]}", + "visState": "{\"title\":\"DHCP - IP to MAC Assignment\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dhcp.assigned_ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Assigned IP Address\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dhcp.mac\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"MAC Address\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source IP Address\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination IP Address\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, @@ -290,7 +290,7 @@ "version": "WzMzNiwxXQ==", "attributes": { "title": "DHCP - Client Software", - "visState": "{\"title\":\"DHCP - Client Software\",\"type\":\"table\",\"params\":{\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Unknown\"}},\"params\":{},\"label\":\"Client Software\",\"aggType\":\"terms\"}],\"splitColumn\":[{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Unknown\"}},\"params\":{},\"label\":\"Server Software\",\"aggType\":\"terms\"}]},\"perPage\":10,\"percentageCol\":\"\",\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dhcp.client_software\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Client Software\"}}]}", + "visState": "{\"title\":\"DHCP - Client Software\",\"type\":\"table\",\"params\":{\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Unknown\"}},\"params\":{},\"label\":\"Client Software\",\"aggType\":\"terms\"}],\"splitColumn\":[{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Unknown\"}},\"params\":{},\"label\":\"Server Software\",\"aggType\":\"terms\"}]},\"perPage\":10,\"percentageCol\":\"\",\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dhcp.client_software\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Client Software\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, @@ -320,7 +320,7 @@ "version": "WzMzNywxXQ==", "attributes": { "title": "DHCP - Server Software", - "visState": "{\"title\":\"DHCP - Server Software\",\"type\":\"table\",\"params\":{\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Unknown\"}},\"params\":{},\"label\":\"Client Software\",\"aggType\":\"terms\"}]},\"perPage\":10,\"percentageCol\":\"\",\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dhcp.server_software\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Server Software\"}}]}", + "visState": "{\"title\":\"DHCP - Server Software\",\"type\":\"table\",\"params\":{\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Unknown\"}},\"params\":{},\"label\":\"Client Software\",\"aggType\":\"terms\"}]},\"perPage\":10,\"percentageCol\":\"\",\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dhcp.server_software\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Server Software\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/32587740-ef88-11e9-b38a-2db3ee640e88.json b/dashboards/dashboards/32587740-ef88-11e9-b38a-2db3ee640e88.json index 2cd8c0427..2a8ec6840 100644 --- a/dashboards/dashboards/32587740-ef88-11e9-b38a-2db3ee640e88.json +++ b/dashboards/dashboards/32587740-ef88-11e9-b38a-2db3ee640e88.json @@ -197,7 +197,7 @@ "version": "WzM1NywxXQ==", "attributes": { "title": "Tabular Data Stream - RPC Procedure", - "visState": "{\"title\":\"Tabular Data Stream - RPC Procedure\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.tds_rpc.procedure_name\",,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Procedure\"}}]}", + "visState": "{\"title\":\"Tabular Data Stream - RPC Procedure\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.tds_rpc.procedure_name\",\"size\":200,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Procedure\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -227,7 +227,7 @@ "version": "WzM1OCwxXQ==", "attributes": { "title": "Tabular Data Stream - RPC Source IP", - "visState": "{\"title\":\"Tabular Data Stream - RPC Source IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"}}]}", + "visState": "{\"title\":\"Tabular Data Stream - RPC Source IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"size\":200,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, @@ -257,7 +257,7 @@ "version": "WzM1OSwxXQ==", "attributes": { "title": "Tabular Data Stream - RPC Destination IP", - "visState": "{\"title\":\"Tabular Data Stream - RPC Destination IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Port\"}}]}", + "visState": "{\"title\":\"Tabular Data Stream - RPC Destination IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"size\":200,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Port\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/36ed695f-edcc-47c1-b0ec-50d20c93ce0f.json b/dashboards/dashboards/36ed695f-edcc-47c1-b0ec-50d20c93ce0f.json index 41c794735..123f1f771 100644 --- a/dashboards/dashboards/36ed695f-edcc-47c1-b0ec-50d20c93ce0f.json +++ b/dashboards/dashboards/36ed695f-edcc-47c1-b0ec-50d20c93ce0f.json @@ -1,458 +1,458 @@ -{ - "version": "1.2.0", - "objects": [ - { - "id": "36ed695f-edcc-47c1-b0ec-50d20c93ce0f", - "type": "dashboard", - "namespaces": [ - "default" - ], - "updated_at": "2022-01-12T18:32:51.293Z", - "version": "WzEwMjMsMV0=", - "attributes": { - "title": "Zeek Intelligence", - "hits": 0, - "description": "", - "panelsJSON": "[{\"embeddableConfig\":{},\"gridData\":{\"h\":26,\"i\":\"2\",\"w\":8,\"x\":0,\"y\":0},\"panelIndex\":\"2\",\"version\":\"1.2.0\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{\"table\":null,\"vis\":{\"legendOpen\":false}},\"gridData\":{\"h\":8,\"i\":\"3\",\"w\":32,\"x\":16,\"y\":0},\"panelIndex\":\"3\",\"version\":\"1.2.0\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":18,\"i\":\"5\",\"w\":16,\"x\":8,\"y\":8},\"panelIndex\":\"5\",\"version\":\"1.2.0\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}},\"gridData\":{\"h\":18,\"i\":\"6\",\"w\":15,\"x\":33,\"y\":26},\"panelIndex\":\"6\",\"version\":\"1.2.0\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}},\"gridData\":{\"h\":18,\"i\":\"7\",\"w\":13,\"x\":14,\"y\":44},\"panelIndex\":\"7\",\"version\":\"1.2.0\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{\"table\":null,\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}},\"gridData\":{\"h\":18,\"i\":\"8\",\"w\":21,\"x\":27,\"y\":44},\"panelIndex\":\"8\",\"version\":\"1.2.0\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":18,\"i\":\"11\",\"w\":25,\"x\":8,\"y\":26},\"panelIndex\":\"11\",\"version\":\"1.2.0\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":18,\"i\":\"12\",\"w\":14,\"x\":0,\"y\":44},\"panelIndex\":\"12\",\"version\":\"1.2.0\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}},\"gridData\":{\"h\":18,\"i\":\"13\",\"w\":8,\"x\":0,\"y\":26},\"panelIndex\":\"13\",\"version\":\"1.2.0\",\"panelRefName\":\"panel_8\"},{\"embeddableConfig\":{\"columns\":[\"source.ip\",\"destination.ip\",\"destination.port\",\"zeek.intel.seen_indicator\",\"zeek.intel.seen_indicator_type\",\"zeek.intel.sources\",\"zeek.intel.seen_where\",\"event.id\"],\"sort\":[\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER\",\"desc\"]},\"gridData\":{\"h\":24,\"i\":\"14\",\"w\":48,\"x\":0,\"y\":62},\"panelIndex\":\"14\",\"version\":\"1.2.0\",\"panelRefName\":\"panel_9\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":18,\"i\":\"16\",\"w\":24,\"x\":24,\"y\":8},\"panelIndex\":\"16\",\"version\":\"1.2.0\",\"panelRefName\":\"panel_10\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":8,\"i\":\"17\",\"w\":8,\"x\":8,\"y\":0},\"panelIndex\":\"17\",\"version\":\"1.2.0\",\"panelRefName\":\"panel_11\"}]", - "optionsJSON": "{\"useMargins\":true}", - "version": 1, - "timeRestore": false, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"*\"},\"filter\":[]}" - } - }, - "references": [ - { - "name": "panel_0", - "type": "visualization", - "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3" - }, - { - "name": "panel_1", - "type": "visualization", - "id": "2721f49d-4e64-4145-9e81-85e856c20b37" - }, - { - "name": "panel_2", - "type": "visualization", - "id": "ee52f4a1-4232-4c49-abee-accc05ea91aa" - }, - { - "name": "panel_3", - "type": "visualization", - "id": "80cabf50-a849-4e24-a9c7-130cba1a8141" - }, - { - "name": "panel_4", - "type": "visualization", - "id": "cd5ecdc5-e74d-469f-a772-f03562fa2e33" - }, - { - "name": "panel_5", - "type": "visualization", - "id": "8296467e-ce1d-493c-a46c-948ec4fd7c83" - }, - { - "name": "panel_6", - "type": "visualization", - "id": "a2d0a8bb-a6a2-4a1e-826c-0ce3ea8ff074" - }, - { - "name": "panel_7", - "type": "visualization", - "id": "a27464ba-582d-405f-931d-003d8252ff4a" - }, - { - "name": "panel_8", - "type": "visualization", - "id": "2d2f90e4-cac7-47c5-b63d-077b596ba45b" - }, - { - "name": "panel_9", - "type": "search", - "id": "5154d8e9-c83e-4d42-bde3-33ad0c7d1798" - }, - { - "name": "panel_10", - "type": "visualization", - "id": "fa56cc7f-fb00-47fb-becb-1b1fdfea908e" - }, - { - "name": "panel_11", - "type": "visualization", - "id": "AWDG-Qf8xQT5EBNmq4G5" - } - ], - "migrationVersion": { - "dashboard": "7.9.3" - } - }, - { - "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-01-12T18:23:14.699Z", - "version": "Wzc2OSwxXQ==", - "attributes": { - "title": "Network Logs", - "visState": "{\"title\":\"Network Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576) \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405) \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf) \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330) \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4) \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed) \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714) \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3) \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85) \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11) \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f) \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b) \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1) \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed) \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5) \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f) \\n[↪ NetBox](/netbox/) \\n[↪ Arkime](/arkime/) \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406) ● [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e) ● [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9) ● [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48) ● [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) ● [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3) ● [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673) ● [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24) ● [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105) ● [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6) ● [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37) ● [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586) ● [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0) ● [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c) ● [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970) ● [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0) ● [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26) ● [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa) ● [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773) ● [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f) ● [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab) ● [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238) ● [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3) ● [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd) ● [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d) ● [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88) ● [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2) ● [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194) ● [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad) ● [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3) ● [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4) ● [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194) ● [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7) ● [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8) ● [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4) ● [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194) ● [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194) ● [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4) ● [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}", - "uiStateJSON": "{}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}" - } - }, - "references": [], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "2721f49d-4e64-4145-9e81-85e856c20b37", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-01-12T18:32:32.907Z", - "version": "Wzk5OCwxXQ==", - "attributes": { - "title": "Intel - Log Count Over Time", - "visState": "{\"title\":\"Intel - Log Count Over Time\",\"type\":\"line\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"params\":{\"field\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER\",\"timeRange\":{\"from\":\"now-25y\",\"to\":\"now\"},\"useNormalizedOpenSearchInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\" \"},\"schema\":\"segment\"}],\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"histogram\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"type\":\"histogram\",\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}", - "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "5154d8e9-c83e-4d42-bde3-33ad0c7d1798" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "ee52f4a1-4232-4c49-abee-accc05ea91aa", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-01-12T18:22:26.156Z", - "version": "WzIzOCwxXQ==", - "attributes": { - "title": "Intel - Seen", - "visState": "{\"title\":\"Intel - Seen\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.intel.seen_where\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Seen (Where)\"},\"schema\":\"segment\"}],\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}", - "uiStateJSON": "{\"vis\":{\"legendOpen\":true}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "5154d8e9-c83e-4d42-bde3-33ad0c7d1798" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "80cabf50-a849-4e24-a9c7-130cba1a8141", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-01-12T18:22:26.156Z", - "version": "WzIzOSwxXQ==", - "attributes": { - "visState": "{\"title\":\"Intel - Source\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.intel.sources\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source\"}}],\"listeners\":{}}", - "description": "", - "title": "Intel - Source", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "type": "search", - "name": "search_0", - "id": "5154d8e9-c83e-4d42-bde3-33ad0c7d1798" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "cd5ecdc5-e74d-469f-a772-f03562fa2e33", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-01-12T18:22:26.156Z", - "version": "WzI0MCwxXQ==", - "attributes": { - "visState": "{\"title\":\"Intel - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", - "description": "", - "title": "Intel - Source IP Address", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "type": "search", - "name": "search_0", - "id": "5154d8e9-c83e-4d42-bde3-33ad0c7d1798" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "8296467e-ce1d-493c-a46c-948ec4fd7c83", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-01-12T18:22:26.156Z", - "version": "WzI0MSwxXQ==", - "attributes": { - "title": "Intel - Destination IP Address", - "visState": "{\"title\":\"Intel - Destination IP Address\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Port\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\"}}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"event.dataset:intel\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "5154d8e9-c83e-4d42-bde3-33ad0c7d1798" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "a2d0a8bb-a6a2-4a1e-826c-0ce3ea8ff074", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-01-12T18:22:26.156Z", - "version": "WzI0MiwxXQ==", - "attributes": { - "title": "Intel - Indicator", - "visState": "{\"title\":\"Intel - Indicator\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.intel.seen_indicator_type\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Type\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.intel.seen_where\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Seen Where\"},\"schema\":\"bucket\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.intel.seen_indicator\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Indicator\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\"}}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "5154d8e9-c83e-4d42-bde3-33ad0c7d1798" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "a27464ba-582d-405f-931d-003d8252ff4a", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-01-12T18:22:26.156Z", - "version": "WzI0MywxXQ==", - "attributes": { - "visState": "{\"title\":\"Intel - MIME Type\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.intel.file_mime_type\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"MIME Type\"}}],\"listeners\":{}}", - "description": "", - "title": "Intel - MIME Type", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "type": "search", - "name": "search_0", - "id": "5154d8e9-c83e-4d42-bde3-33ad0c7d1798" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "2d2f90e4-cac7-47c5-b63d-077b596ba45b", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-01-12T18:22:26.156Z", - "version": "WzI0NCwxXQ==", - "attributes": { - "visState": "{\"title\":\"Intel - Matched\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.intel.matched\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Type Matched\"}}],\"listeners\":{}}", - "description": "", - "title": "Intel - Matched", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "type": "search", - "name": "search_0", - "id": "5154d8e9-c83e-4d42-bde3-33ad0c7d1798" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "5154d8e9-c83e-4d42-bde3-33ad0c7d1798", - "type": "search", - "namespaces": [ - "default" - ], - "updated_at": "2022-01-12T18:22:26.156Z", - "version": "WzI0NSwxXQ==", - "attributes": { - "sort": [ - [ - "MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER", - "desc" - ] - ], - "hits": 0, - "description": "", - "title": "Intel - Logs", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"filter\":[],\"query\":{\"query\":\"event.dataset:intel\",\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" - }, - "columns": [ - "source.ip", - "destination.ip", - "destination.port", - "zeek.intel.seen_indicator", - "zeek.intel.seen_indicator_type", - "zeek.intel.sources", - "zeek.intel.seen_where", - "event.id" - ] - }, - "references": [ - { - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern", - "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" - } - ], - "migrationVersion": { - "search": "7.9.3" - } - }, - { - "id": "fa56cc7f-fb00-47fb-becb-1b1fdfea908e", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-01-12T18:32:43.892Z", - "version": "WzEwMTIsMV0=", - "attributes": { - "title": "Intel - Indicator Type", - "visState": "{\"title\":\"Intel - Indicator Type\",\"type\":\"histogram\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.intel.seen_indicator_type\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Indicator Type\"},\"schema\":\"segment\"}],\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100,\"rotate\":0},\"title\":{\"text\":\"Indicator Type\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"type\":\"histogram\",\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}", - "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "5154d8e9-c83e-4d42-bde3-33ad0c7d1798" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "AWDG-Qf8xQT5EBNmq4G5", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-01-12T18:22:26.156Z", - "version": "WzI0NywxXQ==", - "attributes": { - "title": "Intel - Log Count", - "visState": "{\"title\":\"Intel - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}", - "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "type": "search", - "name": "search_0", - "id": "5154d8e9-c83e-4d42-bde3-33ad0c7d1798" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - } - ] +{ + "version": "1.2.0", + "objects": [ + { + "id": "36ed695f-edcc-47c1-b0ec-50d20c93ce0f", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-01-12T18:32:51.293Z", + "version": "WzEwMjMsMV0=", + "attributes": { + "title": "Zeek Intelligence", + "hits": 0, + "description": "", + "panelsJSON": "[{\"embeddableConfig\":{},\"gridData\":{\"h\":26,\"i\":\"2\",\"w\":8,\"x\":0,\"y\":0},\"panelIndex\":\"2\",\"version\":\"1.2.0\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{\"table\":null,\"vis\":{\"legendOpen\":false}},\"gridData\":{\"h\":8,\"i\":\"3\",\"w\":32,\"x\":16,\"y\":0},\"panelIndex\":\"3\",\"version\":\"1.2.0\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":18,\"i\":\"5\",\"w\":16,\"x\":8,\"y\":8},\"panelIndex\":\"5\",\"version\":\"1.2.0\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}},\"gridData\":{\"h\":18,\"i\":\"6\",\"w\":15,\"x\":33,\"y\":26},\"panelIndex\":\"6\",\"version\":\"1.2.0\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}},\"gridData\":{\"h\":18,\"i\":\"7\",\"w\":13,\"x\":14,\"y\":44},\"panelIndex\":\"7\",\"version\":\"1.2.0\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{\"table\":null,\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}},\"gridData\":{\"h\":18,\"i\":\"8\",\"w\":21,\"x\":27,\"y\":44},\"panelIndex\":\"8\",\"version\":\"1.2.0\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":18,\"i\":\"11\",\"w\":25,\"x\":8,\"y\":26},\"panelIndex\":\"11\",\"version\":\"1.2.0\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":18,\"i\":\"12\",\"w\":14,\"x\":0,\"y\":44},\"panelIndex\":\"12\",\"version\":\"1.2.0\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}},\"gridData\":{\"h\":18,\"i\":\"13\",\"w\":8,\"x\":0,\"y\":26},\"panelIndex\":\"13\",\"version\":\"1.2.0\",\"panelRefName\":\"panel_8\"},{\"embeddableConfig\":{\"columns\":[\"source.ip\",\"destination.ip\",\"destination.port\",\"zeek.intel.seen_indicator\",\"zeek.intel.seen_indicator_type\",\"zeek.intel.sources\",\"zeek.intel.seen_where\",\"event.id\"],\"sort\":[\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER\",\"desc\"]},\"gridData\":{\"h\":24,\"i\":\"14\",\"w\":48,\"x\":0,\"y\":62},\"panelIndex\":\"14\",\"version\":\"1.2.0\",\"panelRefName\":\"panel_9\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":18,\"i\":\"16\",\"w\":24,\"x\":24,\"y\":8},\"panelIndex\":\"16\",\"version\":\"1.2.0\",\"panelRefName\":\"panel_10\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":8,\"i\":\"17\",\"w\":8,\"x\":8,\"y\":0},\"panelIndex\":\"17\",\"version\":\"1.2.0\",\"panelRefName\":\"panel_11\"}]", + "optionsJSON": "{\"useMargins\":true}", + "version": 1, + "timeRestore": false, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"*\"},\"filter\":[]}" + } + }, + "references": [ + { + "name": "panel_0", + "type": "visualization", + "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3" + }, + { + "name": "panel_1", + "type": "visualization", + "id": "2721f49d-4e64-4145-9e81-85e856c20b37" + }, + { + "name": "panel_2", + "type": "visualization", + "id": "ee52f4a1-4232-4c49-abee-accc05ea91aa" + }, + { + "name": "panel_3", + "type": "visualization", + "id": "80cabf50-a849-4e24-a9c7-130cba1a8141" + }, + { + "name": "panel_4", + "type": "visualization", + "id": "cd5ecdc5-e74d-469f-a772-f03562fa2e33" + }, + { + "name": "panel_5", + "type": "visualization", + "id": "8296467e-ce1d-493c-a46c-948ec4fd7c83" + }, + { + "name": "panel_6", + "type": "visualization", + "id": "a2d0a8bb-a6a2-4a1e-826c-0ce3ea8ff074" + }, + { + "name": "panel_7", + "type": "visualization", + "id": "a27464ba-582d-405f-931d-003d8252ff4a" + }, + { + "name": "panel_8", + "type": "visualization", + "id": "2d2f90e4-cac7-47c5-b63d-077b596ba45b" + }, + { + "name": "panel_9", + "type": "search", + "id": "5154d8e9-c83e-4d42-bde3-33ad0c7d1798" + }, + { + "name": "panel_10", + "type": "visualization", + "id": "fa56cc7f-fb00-47fb-becb-1b1fdfea908e" + }, + { + "name": "panel_11", + "type": "visualization", + "id": "AWDG-Qf8xQT5EBNmq4G5" + } + ], + "migrationVersion": { + "dashboard": "7.9.3" + } + }, + { + "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-01-12T18:23:14.699Z", + "version": "Wzc2OSwxXQ==", + "attributes": { + "title": "Network Logs", + "visState": "{\"title\":\"Network Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576) \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405) \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf) \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330) \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4) \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed) \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714) \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3) \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85) \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11) \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f) \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b) \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1) \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed) \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5) \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f) \\n[↪ NetBox](/netbox/) \\n[↪ Arkime](/arkime/) \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406) ● [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e) ● [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9) ● [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48) ● [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) ● [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3) ● [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673) ● [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24) ● [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105) ● [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6) ● [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37) ● [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586) ● [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0) ● [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c) ● [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970) ● [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0) ● [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26) ● [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa) ● [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773) ● [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f) ● [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab) ● [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238) ● [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3) ● [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd) ● [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d) ● [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88) ● [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2) ● [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194) ● [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad) ● [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3) ● [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4) ● [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194) ● [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7) ● [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8) ● [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4) ● [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194) ● [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194) ● [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4) ● [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}", + "uiStateJSON": "{}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}" + } + }, + "references": [], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "2721f49d-4e64-4145-9e81-85e856c20b37", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-01-12T18:32:32.907Z", + "version": "Wzk5OCwxXQ==", + "attributes": { + "title": "Intel - Log Count Over Time", + "visState": "{\"title\":\"Intel - Log Count Over Time\",\"type\":\"line\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"params\":{\"field\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER\",\"timeRange\":{\"from\":\"now-25y\",\"to\":\"now\"},\"useNormalizedOpenSearchInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\" \"},\"schema\":\"segment\"}],\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"histogram\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"type\":\"histogram\",\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}", + "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "5154d8e9-c83e-4d42-bde3-33ad0c7d1798" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "ee52f4a1-4232-4c49-abee-accc05ea91aa", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-01-12T18:22:26.156Z", + "version": "WzIzOCwxXQ==", + "attributes": { + "title": "Intel - Seen", + "visState": "{\"title\":\"Intel - Seen\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.intel.seen_where\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Seen (Where)\"},\"schema\":\"segment\"}],\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}", + "uiStateJSON": "{\"vis\":{\"legendOpen\":true}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "5154d8e9-c83e-4d42-bde3-33ad0c7d1798" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "80cabf50-a849-4e24-a9c7-130cba1a8141", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-01-12T18:22:26.156Z", + "version": "WzIzOSwxXQ==", + "attributes": { + "visState": "{\"title\":\"Intel - Source\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.intel.sources\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source\"}}],\"listeners\":{}}", + "description": "", + "title": "Intel - Source", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "type": "search", + "name": "search_0", + "id": "5154d8e9-c83e-4d42-bde3-33ad0c7d1798" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "cd5ecdc5-e74d-469f-a772-f03562fa2e33", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-01-12T18:22:26.156Z", + "version": "WzI0MCwxXQ==", + "attributes": { + "visState": "{\"title\":\"Intel - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", + "description": "", + "title": "Intel - Source IP Address", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "type": "search", + "name": "search_0", + "id": "5154d8e9-c83e-4d42-bde3-33ad0c7d1798" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "8296467e-ce1d-493c-a46c-948ec4fd7c83", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-01-12T18:22:26.156Z", + "version": "WzI0MSwxXQ==", + "attributes": { + "title": "Intel - Destination IP Address", + "visState": "{\"title\":\"Intel - Destination IP Address\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Port\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\"}}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"event.dataset:intel\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "5154d8e9-c83e-4d42-bde3-33ad0c7d1798" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "a2d0a8bb-a6a2-4a1e-826c-0ce3ea8ff074", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-01-12T18:22:26.156Z", + "version": "WzI0MiwxXQ==", + "attributes": { + "title": "Intel - Indicator", + "visState": "{\"title\":\"Intel - Indicator\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.intel.seen_indicator_type\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Type\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.intel.seen_where\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Seen Where\"},\"schema\":\"bucket\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.intel.seen_indicator\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Indicator\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\"}}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "5154d8e9-c83e-4d42-bde3-33ad0c7d1798" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "a27464ba-582d-405f-931d-003d8252ff4a", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-01-12T18:22:26.156Z", + "version": "WzI0MywxXQ==", + "attributes": { + "visState": "{\"title\":\"Intel - MIME Type\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.intel.file_mime_type\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"MIME Type\"}}],\"listeners\":{}}", + "description": "", + "title": "Intel - MIME Type", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "type": "search", + "name": "search_0", + "id": "5154d8e9-c83e-4d42-bde3-33ad0c7d1798" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "2d2f90e4-cac7-47c5-b63d-077b596ba45b", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-01-12T18:22:26.156Z", + "version": "WzI0NCwxXQ==", + "attributes": { + "visState": "{\"title\":\"Intel - Matched\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.intel.matched\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Type Matched\"}}],\"listeners\":{}}", + "description": "", + "title": "Intel - Matched", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "type": "search", + "name": "search_0", + "id": "5154d8e9-c83e-4d42-bde3-33ad0c7d1798" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "5154d8e9-c83e-4d42-bde3-33ad0c7d1798", + "type": "search", + "namespaces": [ + "default" + ], + "updated_at": "2022-01-12T18:22:26.156Z", + "version": "WzI0NSwxXQ==", + "attributes": { + "sort": [ + [ + "MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER", + "desc" + ] + ], + "hits": 0, + "description": "", + "title": "Intel - Logs", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"filter\":[],\"query\":{\"query\":\"event.dataset:intel\",\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" + }, + "columns": [ + "source.ip", + "destination.ip", + "destination.port", + "zeek.intel.seen_indicator", + "zeek.intel.seen_indicator_type", + "zeek.intel.sources", + "zeek.intel.seen_where", + "event.id" + ] + }, + "references": [ + { + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern", + "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" + } + ], + "migrationVersion": { + "search": "7.9.3" + } + }, + { + "id": "fa56cc7f-fb00-47fb-becb-1b1fdfea908e", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-01-12T18:32:43.892Z", + "version": "WzEwMTIsMV0=", + "attributes": { + "title": "Intel - Indicator Type", + "visState": "{\"title\":\"Intel - Indicator Type\",\"type\":\"histogram\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.intel.seen_indicator_type\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Indicator Type\"},\"schema\":\"segment\"}],\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100,\"rotate\":0},\"title\":{\"text\":\"Indicator Type\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"type\":\"histogram\",\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}", + "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "5154d8e9-c83e-4d42-bde3-33ad0c7d1798" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "AWDG-Qf8xQT5EBNmq4G5", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-01-12T18:22:26.156Z", + "version": "WzI0NywxXQ==", + "attributes": { + "title": "Intel - Log Count", + "visState": "{\"title\":\"Intel - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}", + "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "type": "search", + "name": "search_0", + "id": "5154d8e9-c83e-4d42-bde3-33ad0c7d1798" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + } + ] } \ No newline at end of file diff --git a/dashboards/dashboards/37041ee1-79c0-4684-a436-3173b0e89876.json b/dashboards/dashboards/37041ee1-79c0-4684-a436-3173b0e89876.json index ca4ea536a..6f899ce01 100644 --- a/dashboards/dashboards/37041ee1-79c0-4684-a436-3173b0e89876.json +++ b/dashboards/dashboards/37041ee1-79c0-4684-a436-3173b0e89876.json @@ -179,7 +179,7 @@ "updated_at": "2023-11-14T19:18:33.654Z", "version": "WzI3OCwxXQ==", "attributes": { - "visState": "{\"title\":\"HTTP - Sites\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.http.host\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Site\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"HTTP - Sites\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.http.host\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Site\"}}],\"listeners\":{}}", "description": "", "title": "HTTP - Sites", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -210,7 +210,7 @@ "version": "WzI3OSwxXQ==", "attributes": { "title": "HTTP - Sites Hosting EXEs", - "visState": "{\"title\":\"HTTP - Sites Hosting EXEs\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.http.host\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Site\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"HTTP - Sites Hosting EXEs\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.http.host\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Site\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, @@ -238,7 +238,7 @@ "updated_at": "2023-11-14T19:18:33.654Z", "version": "WzI4MCwxXQ==", "attributes": { - "visState": "{\"title\":\"HTTP - URIs\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.http.uri\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"URI\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"HTTP - URIs\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.http.uri\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"URI\"}}],\"listeners\":{}}", "description": "", "title": "HTTP - URIs", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -268,7 +268,7 @@ "updated_at": "2023-11-14T19:18:33.654Z", "version": "WzI4MSwxXQ==", "attributes": { - "visState": "{\"title\":\"HTTP - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"HTTP - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", "description": "", "title": "HTTP - Source IP Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -298,7 +298,7 @@ "updated_at": "2023-11-14T19:18:33.654Z", "version": "WzI4MiwxXQ==", "attributes": { - "visState": "{\"title\":\"HTTP - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"HTTP - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", "description": "", "title": "HTTP - Destination IP Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -328,7 +328,7 @@ "updated_at": "2023-11-14T19:18:33.654Z", "version": "WzI4MywxXQ==", "attributes": { - "visState": "{\"title\":\"HTTP - User Agent\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"user_agent.original\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"User Agent\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"HTTP - User Agent\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"user_agent.original\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"User Agent\"}}],\"listeners\":{}}", "description": "", "title": "HTTP - User Agent", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -358,7 +358,7 @@ "updated_at": "2023-11-14T19:18:33.654Z", "version": "WzI4NCwxXQ==", "attributes": { - "visState": "{\"title\":\"HTTP - Referrer\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.http.referrer\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"HTTP - Referrer\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.http.referrer\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}", "description": "", "title": "HTTP - Referrer", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -479,7 +479,7 @@ "version": "WzI4OCwxXQ==", "attributes": { "title": "HTTP - Status and Method", - "visState": "{\"title\":\"HTTP - Status and Method\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.http.status_msg\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Status Message\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.http.method\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Method\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":20,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"HTTP - Status and Method\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.http.status_msg\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Status Message\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.http.method\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Method\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":20,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/39abfe30-3f99-11e9-a58e-8bdedb0915e8.json b/dashboards/dashboards/39abfe30-3f99-11e9-a58e-8bdedb0915e8.json index 067315121..0494646a7 100644 --- a/dashboards/dashboards/39abfe30-3f99-11e9-a58e-8bdedb0915e8.json +++ b/dashboards/dashboards/39abfe30-3f99-11e9-a58e-8bdedb0915e8.json @@ -80,7 +80,7 @@ "version": "WzQxNiwxXQ==", "attributes": { "title": "Connections - Source - Top Connection Duration (region map)", - "visState": "{\"title\":\"Connections - Source - Top Connection Duration (region map)\",\"type\":\"region_map\",\"params\":{\"addTooltip\":true,\"colorSchema\":\"Green to Red\",\"emsHotLink\":null,\"isDisplayWarning\":false,\"legendPosition\":\"bottomright\",\"mapCenter\":[0,0],\"mapZoom\":3,\"outlineWeight\":1,\"selectedJoinField\":{\"description\":\"Country Code\",\"name\":\"ISO_A2\"},\"selectedLayer\":{\"attribution\":\"https://exploratory.io/maps\",\"fields\":[{\"description\":\"Country Code\",\"name\":\"ISO_A2\"},{\"description\":\"Country Code2\",\"name\":\"WB_A2\"},{\"description\":\"Country Name\",\"name\":\"NAME\"}],\"format\":{\"type\":\"geojson\"},\"isEMS\":false,\"layerId\":\"self_hosted.World (offline)\",\"meta\":{\"feature_collection_path\":\"data\"},\"name\":\"World (offline)\",\"url\":\"/world.geojson\"},\"showAllShapes\":true,\"wms\":{\"enabled\":false,\"options\":{\"format\":\"image/png\",\"transparent\":true},\"selectedTmsLayer\":{\"origin\":\"elastic_maps_service\",\"id\":\"road_map\",\"minZoom\":0,\"maxZoom\":10,\"attribution\":\"OpenStreetMap contributors | OpenMapTiles | MapTiler | Elastic Maps Service\"}},\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\",\"params\":{}},\"params\":{},\"label\":\"Longest Session (seconds)\",\"aggType\":\"max\"},\"bucket\":{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Originator Country\",\"aggType\":\"terms\"}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"event.duration\",\"customLabel\":\"Longest Session (seconds)\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"source.geo.country_iso_code\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Originator Country\"}}]}", + "visState": "{\"title\":\"Connections - Source - Top Connection Duration (region map)\",\"type\":\"region_map\",\"params\":{\"addTooltip\":true,\"colorSchema\":\"Green to Red\",\"emsHotLink\":null,\"isDisplayWarning\":false,\"legendPosition\":\"bottomright\",\"mapCenter\":[0,0],\"mapZoom\":3,\"outlineWeight\":1,\"selectedJoinField\":{\"description\":\"Country Code\",\"name\":\"ISO_A2\"},\"selectedLayer\":{\"attribution\":\"https://exploratory.io/maps\",\"fields\":[{\"description\":\"Country Code\",\"name\":\"ISO_A2\"},{\"description\":\"Country Code2\",\"name\":\"WB_A2\"},{\"description\":\"Country Name\",\"name\":\"NAME\"}],\"format\":{\"type\":\"geojson\"},\"isEMS\":false,\"layerId\":\"self_hosted.World (offline)\",\"meta\":{\"feature_collection_path\":\"data\"},\"name\":\"World (offline)\",\"url\":\"/world.geojson\"},\"showAllShapes\":true,\"wms\":{\"enabled\":false,\"options\":{\"format\":\"image/png\",\"transparent\":true},\"selectedTmsLayer\":{\"origin\":\"elastic_maps_service\",\"id\":\"road_map\",\"minZoom\":0,\"maxZoom\":10,\"attribution\":\"OpenStreetMap contributors | OpenMapTiles | MapTiler | Elastic Maps Service\"}},\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\",\"params\":{}},\"params\":{},\"label\":\"Longest Session (seconds)\",\"aggType\":\"max\"},\"bucket\":{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Originator Country\",\"aggType\":\"terms\"}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"event.duration\",\"customLabel\":\"Longest Session (seconds)\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"source.geo.country_iso_code\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Originator Country\"}}]}", "uiStateJSON": "{\"mapCenter\":[37.17328344112096,15.644531250000002],\"mapZoom\":3}", "description": "", "version": 1, diff --git a/dashboards/dashboards/42e831b9-41a9-4f35-8b7d-e1566d368773.json b/dashboards/dashboards/42e831b9-41a9-4f35-8b7d-e1566d368773.json index 3f272184f..0f8d69764 100644 --- a/dashboards/dashboards/42e831b9-41a9-4f35-8b7d-e1566d368773.json +++ b/dashboards/dashboards/42e831b9-41a9-4f35-8b7d-e1566d368773.json @@ -154,7 +154,7 @@ "updated_at": "2021-11-12T19:32:24.674Z", "version": "WzQ0MywxXQ==", "attributes": { - "visState": "{\"title\":\"SMB - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"SMB - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", "description": "", "title": "SMB - Source IP Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -184,7 +184,7 @@ "updated_at": "2021-11-12T19:32:24.674Z", "version": "WzQ0NCwxXQ==", "attributes": { - "visState": "{\"title\":\"SMB - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"SMB - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", "description": "", "title": "SMB - Destination IP Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -244,7 +244,7 @@ "updated_at": "2021-11-12T19:32:24.674Z", "version": "WzQ0NiwxXQ==", "attributes": { - "visState": "{\"title\":\"SMB - File Path\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.smb_files.path\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"File Path\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"SMB - File Path\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.smb_files.path\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"File Path\"}}],\"listeners\":{}}", "description": "", "title": "SMB - FIle Path", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -274,7 +274,7 @@ "updated_at": "2021-11-12T19:32:24.674Z", "version": "WzQ0NywxXQ==", "attributes": { - "visState": "{\"title\":\"SMB - File Name\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.smb_files.name\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"File Name\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"SMB - File Name\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.smb_files.name\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"File Name\"}}],\"listeners\":{}}", "description": "", "title": "SMB - File Name", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -304,7 +304,7 @@ "updated_at": "2021-11-12T19:32:24.674Z", "version": "WzQ0OCwxXQ==", "attributes": { - "visState": "{\"title\":\"SMB - File/Path Summary\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showMeticsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.smb_files.path\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"File Path\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.smb_files.name\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"_term\",\"customLabel\":\"File Name\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.action\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Action\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source IP Address\"}},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination IP Address\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"SMB - File/Path Summary\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showMeticsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.smb_files.path\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"File Path\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.smb_files.name\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"_term\",\"customLabel\":\"File Name\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.action\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Action\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source IP Address\"}},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination IP Address\"}}],\"listeners\":{}}", "description": "", "title": "SMB - File/Path Summary", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":5,\"direction\":\"desc\"}}}}", @@ -365,7 +365,7 @@ "version": "WzQ1MCwxXQ==", "attributes": { "title": "SMB - Destination Port", - "visState": "{\"title\":\"SMB - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":5,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Port\"}}]}", + "visState": "{\"title\":\"SMB - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":5,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Port\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, @@ -395,7 +395,7 @@ "version": "WzQ1MSwxXQ==", "attributes": { "title": "SMB - Relevant Notices", - "visState": "{\"title\":\"SMB - Relevant Notices\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":4,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Notice Category\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Notice Subcategory\",\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"ip\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Source IP\",\"aggType\":\"terms\"},{\"accessor\":3,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"ip\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"1\"}},\"params\":{},\"label\":\"Destination IP\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.category\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Notice Category\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.name\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Notice Subcategory\"}}]}", + "visState": "{\"title\":\"SMB - Relevant Notices\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":4,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Notice Category\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Notice Subcategory\",\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"ip\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Source IP\",\"aggType\":\"terms\"},{\"accessor\":3,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"ip\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"1\"}},\"params\":{},\"label\":\"Destination IP\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.category\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Notice Category\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Notice Subcategory\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -425,7 +425,7 @@ "version": "WzQ1MiwxXQ==", "attributes": { "title": "SMB Action", - "visState": "{\"title\":\"SMB Action\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"event.action: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}", + "visState": "{\"title\":\"SMB Action\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"event.action: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/432af556-c5c0-4cc3-8166-b274b4e3a406.json b/dashboards/dashboards/432af556-c5c0-4cc3-8166-b274b4e3a406.json index 7c9b419ef..71e7efefe 100644 --- a/dashboards/dashboards/432af556-c5c0-4cc3-8166-b274b4e3a406.json +++ b/dashboards/dashboards/432af556-c5c0-4cc3-8166-b274b4e3a406.json @@ -149,7 +149,7 @@ "updated_at": "2021-02-10T21:24:27.443Z", "version": "WzQzOCwxXQ==", "attributes": { - "visState": "{\"title\":\"DCE/RPC - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"DCE/RPC - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", "description": "", "title": "DCE/RPC - Source IP Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -179,7 +179,7 @@ "updated_at": "2021-02-10T21:24:27.443Z", "version": "WzQzOSwxXQ==", "attributes": { - "visState": "{\"title\":\"DCE/RPC - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"DCE/RPC - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", "description": "", "title": "DCE/RPC - Destination IP Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -209,7 +209,7 @@ "updated_at": "2021-02-10T21:24:27.443Z", "version": "WzQ0MCwxXQ==", "attributes": { - "visState": "{\"title\":\"DCE/RPC - Endpoint\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dce_rpc.endpoint\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Endpoint\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"DCE/RPC - Endpoint\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dce_rpc.endpoint\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Endpoint\"}}],\"listeners\":{}}", "description": "", "title": "DCE/RPC - Endpoint", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -239,7 +239,7 @@ "updated_at": "2021-02-10T21:24:27.443Z", "version": "WzQ0MSwxXQ==", "attributes": { - "visState": "{\"title\":\"DCE/RPC - Named Pipe\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dce_rpc.named_pipe\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Named Pipe\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"DCE/RPC - Named Pipe\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dce_rpc.named_pipe\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Named Pipe\"}}],\"listeners\":{}}", "description": "", "title": "DCE/RPC - Named Pipe", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -269,7 +269,7 @@ "updated_at": "2021-02-10T21:24:27.443Z", "version": "WzQ0MiwxXQ==", "attributes": { - "visState": "{\"title\":\"DCE/RPC - Operation\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dce_rpc.operation\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Operation\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"DCE/RPC - Operation\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dce_rpc.operation\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Operation\"}}],\"listeners\":{}}", "description": "", "title": "DCE/RPC - Operation", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -300,7 +300,7 @@ "version": "WzQ0MywxXQ==", "attributes": { "title": "DCE/RPC - Round Trip Time", - "visState": "{\"title\":\"DCE/RPC - Round Trip Time\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dce_rpc.rtt\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"_term\",\"customLabel\":\"Round Trip Time\"}}]}", + "visState": "{\"title\":\"DCE/RPC - Round Trip Time\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dce_rpc.rtt\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"_term\",\"customLabel\":\"Round Trip Time\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, @@ -360,7 +360,7 @@ "version": "WzQ0NSwxXQ==", "attributes": { "title": "DCE/RPC - Destination Port", - "visState": "{\"title\":\"DCE/RPC - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination Port\"}}]}", + "visState": "{\"title\":\"DCE/RPC - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination Port\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, @@ -390,7 +390,7 @@ "version": "WzQ0NiwxXQ==", "attributes": { "title": "DCE/RPC - Summary", - "visState": "{\"title\":\"DCE/RPC - Summary\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dce_rpc.endpoint\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Endpoint\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dce_rpc.operation\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Operation\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dce_rpc.named_pipe\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Named Pipe\"}}]}", + "visState": "{\"title\":\"DCE/RPC - Summary\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dce_rpc.endpoint\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Endpoint\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dce_rpc.operation\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Operation\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dce_rpc.named_pipe\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Named Pipe\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/4a073440-b286-11eb-a4d4-09fa12a6ebd4.json b/dashboards/dashboards/4a073440-b286-11eb-a4d4-09fa12a6ebd4.json index 226c566f8..07b3051a7 100644 --- a/dashboards/dashboards/4a073440-b286-11eb-a4d4-09fa12a6ebd4.json +++ b/dashboards/dashboards/4a073440-b286-11eb-a4d4-09fa12a6ebd4.json @@ -165,7 +165,7 @@ "version": "WzEyODcsMV0=", "attributes": { "title": "EtherCAT - Source", - "visState": "{\"title\":\"EtherCAT - Source\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.mac\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source MAC\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.oui\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"unknown\",\"customLabel\":\"Source OUI\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"EtherCAT - Source\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.mac\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source MAC\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.oui\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"unknown\",\"customLabel\":\"Source OUI\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -195,7 +195,7 @@ "version": "WzEzMDYsMV0=", "attributes": { "title": "EtherCAT - Destination", - "visState": "{\"title\":\"EtherCAT - Destination\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.mac\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination MAC\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.oui\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"unknown\",\"customLabel\":\"Destination OUI\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"EtherCAT - Destination\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.mac\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination MAC\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.oui\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"unknown\",\"customLabel\":\"Destination OUI\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -225,7 +225,7 @@ "version": "WzE0ODgsMV0=", "attributes": { "title": "EtherCAT - Commands", - "visState": "{\"title\":\"EtherCAT - Commands\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Command\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":15,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"EtherCAT - Commands\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Command\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":15,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -255,7 +255,7 @@ "version": "WzE1NzcsMV0=", "attributes": { "title": "EtherCAT - Register Types and Commands", - "visState": "{\"title\":\"EtherCAT - Register Types and Commands\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.ecat_registers.register_type\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Register Type\"},\"schema\":\"bucket\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Command\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":15,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"EtherCAT - Register Types and Commands\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.ecat_registers.register_type\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Register Type\"},\"schema\":\"bucket\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Command\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":15,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/4a4bde20-4760-11ea-949c-bbb5a9feecbf.json b/dashboards/dashboards/4a4bde20-4760-11ea-949c-bbb5a9feecbf.json index 733456fe1..65b3d609d 100644 --- a/dashboards/dashboards/4a4bde20-4760-11ea-949c-bbb5a9feecbf.json +++ b/dashboards/dashboards/4a4bde20-4760-11ea-949c-bbb5a9feecbf.json @@ -175,7 +175,7 @@ "version": "WzQ1MiwxXQ==", "attributes": { "title": "ICS/IoT External Traffic", - "visState": "{\"title\":\"ICS/IoT External Traffic\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":5,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"ip\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":3,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"ip\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":4,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Destination Country\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Protocol\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.geo.country_name\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Source Country\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"}},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.geo.country_name\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Destination Country\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Destination Country\"}}]}", + "visState": "{\"title\":\"ICS/IoT External Traffic\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":5,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"ip\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":3,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"ip\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":4,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Destination Country\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Protocol\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":499,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.geo.country_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Source Country\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":500,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"}},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.geo.country_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Destination Country\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Destination Country\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, @@ -264,7 +264,7 @@ "version": "WzQ1NSwxXQ==", "attributes": { "title": "ICS/IoT Source IP", - "visState": "{\"title\":\"ICS/IoT Source IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"ip\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"-\",\"customLabel\":\"Protocol\"}}]}", + "visState": "{\"title\":\"ICS/IoT Source IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"ip\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":500,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"-\",\"customLabel\":\"Protocol\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -294,7 +294,7 @@ "version": "WzQ1NiwxXQ==", "attributes": { "title": "ICS/IoT Actions and Results", - "visState": "{\"title\":\"ICS/IoT Actions and Results\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Protocol\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Action\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Protocol\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"-\",\"customLabel\":\"Action\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.result\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Result\"}}]}", + "visState": "{\"title\":\"ICS/IoT Actions and Results\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Protocol\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Action\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Protocol\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"-\",\"customLabel\":\"Action\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.result\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Result\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -324,7 +324,7 @@ "version": "WzQ1NywxXQ==", "attributes": { "title": "ICS/IoT Destination IP", - "visState": "{\"title\":\"ICS/IoT Destination IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"ip\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"-\",\"customLabel\":\"Protocol\"}}]}", + "visState": "{\"title\":\"ICS/IoT Destination IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"ip\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":500,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"-\",\"customLabel\":\"Protocol\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -354,7 +354,7 @@ "version": "WzQ1OCwxXQ==", "attributes": { "title": "File Types by Transport", - "visState": "{\"title\":\"File Types by Transport\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":true,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"file.mime_type\",\"orderBy\":\"_key\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"File Type\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"file.source\",\"orderBy\":\"_key\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Transport\"}}]}", + "visState": "{\"title\":\"File Types by Transport\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":true,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"file.mime_type\",\"orderBy\":\"_key\",\"order\":\"desc\",\"size\":500,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"File Type\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"file.source\",\"orderBy\":\"_key\",\"order\":\"desc\",\"size\":50,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Transport\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/4e5f106e-c60a-4226-8f64-d534abb912ab.json b/dashboards/dashboards/4e5f106e-c60a-4226-8f64-d534abb912ab.json index e828282bf..0dd1a359e 100644 --- a/dashboards/dashboards/4e5f106e-c60a-4226-8f64-d534abb912ab.json +++ b/dashboards/dashboards/4e5f106e-c60a-4226-8f64-d534abb912ab.json @@ -139,7 +139,7 @@ "updated_at": "2023-11-14T19:18:39.742Z", "version": "WzM1NSwxXQ==", "attributes": { - "visState": "{\"title\":\"SNMP - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"SNMP - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", "description": "", "title": "SNMP - Source IP Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -170,7 +170,7 @@ "version": "WzM1NiwxXQ==", "attributes": { "title": "SNMP - Destination IP Address", - "visState": "{\"title\":\"SNMP - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"IP Address\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Port\"}}]}", + "visState": "{\"title\":\"SNMP - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"IP Address\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Port\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -199,7 +199,7 @@ "updated_at": "2023-11-14T19:18:39.742Z", "version": "WzM1NywxXQ==", "attributes": { - "visState": "{\"title\":\"SNMP - Session Duration\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.snmp.duration\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Duration\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"SNMP - Session Duration\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.snmp.duration\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Duration\"}}],\"listeners\":{}}", "description": "", "title": "SNMP - Session Duration", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -260,7 +260,7 @@ "version": "WzM1OSwxXQ==", "attributes": { "title": "SNMP - Community String", - "visState": "{\"title\":\"SNMP - Community String\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.snmp.community\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Community String\"}}]}", + "visState": "{\"title\":\"SNMP - Community String\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.snmp.community\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Community String\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/50ced171-1b10-4c3f-8b67-2db9635661a6.json b/dashboards/dashboards/50ced171-1b10-4c3f-8b67-2db9635661a6.json index 7c14a1caf..7c9590cfa 100644 --- a/dashboards/dashboards/50ced171-1b10-4c3f-8b67-2db9635661a6.json +++ b/dashboards/dashboards/50ced171-1b10-4c3f-8b67-2db9635661a6.json @@ -180,7 +180,7 @@ "version": "WzQ3NywxXQ==", "attributes": { "title": "MySQL - Commands", - "visState": "{\"title\":\"MySQL - Commands\",\"type\":\"table\",\"params\":{\"perPage\":20,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":4,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Command\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Argument\",\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Response\",\"aggType\":\"terms\"},{\"accessor\":3,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Success\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.mysql.cmd\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Command\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.mysql.arg\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Argument\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.mysql.response\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Response\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.mysql.success\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Success\"}}]}", + "visState": "{\"title\":\"MySQL - Commands\",\"type\":\"table\",\"params\":{\"perPage\":20,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":4,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Command\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Argument\",\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Response\",\"aggType\":\"terms\"},{\"accessor\":3,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Success\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.mysql.cmd\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Command\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.mysql.arg\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Argument\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.mysql.response\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Response\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.mysql.success\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Success\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":4,\"direction\":\"desc\"}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/543118a9-02d7-43fe-b669-b8652177fc37.json b/dashboards/dashboards/543118a9-02d7-43fe-b669-b8652177fc37.json index bc02dc380..c1a32a920 100644 --- a/dashboards/dashboards/543118a9-02d7-43fe-b669-b8652177fc37.json +++ b/dashboards/dashboards/543118a9-02d7-43fe-b669-b8652177fc37.json @@ -150,7 +150,7 @@ "version": "WzQ4MiwxXQ==", "attributes": { "title": "NTLM - Hostname", - "visState": "{\"title\":\"NTLM - Hostname\",\"type\":\"table\",\"params\":{\"perPage\":15,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Hostname\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.ntlm.host\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Hostname\"}}]}", + "visState": "{\"title\":\"NTLM - Hostname\",\"type\":\"table\",\"params\":{\"perPage\":15,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Hostname\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.ntlm.host\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Hostname\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, @@ -179,7 +179,7 @@ "updated_at": "2021-02-10T21:24:31.603Z", "version": "WzQ4MywxXQ==", "attributes": { - "visState": "{\"title\":\"NTLM - Domain Name\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.ntlm.domain\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Domain\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"NTLM - Domain Name\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.ntlm.domain\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Domain\"}}],\"listeners\":{}}", "description": "", "title": "NTLM - Domain Name", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -209,7 +209,7 @@ "updated_at": "2021-02-10T21:24:31.603Z", "version": "WzQ4NCwxXQ==", "attributes": { - "visState": "{\"title\":\"NTLM - Username\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"related.user\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Username\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"NTLM - Username\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"related.user\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Username\"}}],\"listeners\":{}}", "description": "", "title": "NTLM - Username", "uiStateJSON": "{\n \"vis\": {\n \"params\": {\n \"sort\": {\n \"columnIndex\": null,\n \"direction\": null\n }\n }\n }\n}", @@ -239,7 +239,7 @@ "updated_at": "2021-02-10T21:24:31.603Z", "version": "WzQ4NSwxXQ==", "attributes": { - "visState": "{\"title\":\"NTLM - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"NTLM - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", "description": "", "title": "NTLM - Destination IP Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -269,7 +269,7 @@ "updated_at": "2021-02-10T21:24:31.603Z", "version": "WzQ4NiwxXQ==", "attributes": { - "visState": "{\"title\":\"NTLM - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"NTLM - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", "description": "", "title": "NTLM - Source IP Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -299,7 +299,7 @@ "updated_at": "2021-02-10T21:24:31.603Z", "version": "WzQ4NywxXQ==", "attributes": { - "visState": "{\"title\":\"NTLM - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"NTLM - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}", "description": "", "title": "NTLM - Destination Port", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -360,7 +360,7 @@ "version": "WzQ4OSwxXQ==", "attributes": { "title": "NTLM - Hostname to Username", - "visState": "{\"title\":\"NTLM - Hostname to Username\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.ntlm.host\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Hostname\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"related.user\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Username\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.ntlm.domain\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Domain\"}}]}", + "visState": "{\"title\":\"NTLM - Hostname to Username\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.ntlm.host\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Hostname\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"related.user\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Username\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.ntlm.domain\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Domain\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/55e332d0-3f99-11e9-a58e-8bdedb0915e8.json b/dashboards/dashboards/55e332d0-3f99-11e9-a58e-8bdedb0915e8.json index 6f99724ce..bb8112815 100644 --- a/dashboards/dashboards/55e332d0-3f99-11e9-a58e-8bdedb0915e8.json +++ b/dashboards/dashboards/55e332d0-3f99-11e9-a58e-8bdedb0915e8.json @@ -70,7 +70,7 @@ "version": "WzQ5NCwxXQ==", "attributes": { "title": "Connections - Destination - Originator Bytes (region map)", - "visState": "{\"title\":\"Connections - Destination - Originator Bytes (region map)\",\"type\":\"region_map\",\"params\":{\"addTooltip\":true,\"colorSchema\":\"Green to Red\",\"emsHotLink\":null,\"isDisplayWarning\":false,\"legendPosition\":\"bottomright\",\"mapCenter\":[0,0],\"mapZoom\":3,\"outlineWeight\":1,\"selectedJoinField\":{\"description\":\"Country Code\",\"name\":\"ISO_A2\"},\"selectedLayer\":{\"attribution\":\"https://exploratory.io/maps\",\"fields\":[{\"description\":\"Country Code\",\"name\":\"ISO_A2\"},{\"description\":\"Country Code2\",\"name\":\"WB_A2\"},{\"description\":\"Country Name\",\"name\":\"NAME\"}],\"format\":{\"type\":\"geojson\"},\"isEMS\":false,\"layerId\":\"self_hosted.World (offline)\",\"meta\":{\"feature_collection_path\":\"data\"},\"name\":\"World (offline)\",\"url\":\"/world.geojson\"},\"showAllShapes\":true,\"wms\":{\"enabled\":false,\"options\":{\"format\":\"image/png\",\"transparent\":true}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"client.bytes\",\"customLabel\":\"Originator Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destination.geo.country_iso_code\",,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Responder Country\"}}]}", + "visState": "{\"title\":\"Connections - Destination - Originator Bytes (region map)\",\"type\":\"region_map\",\"params\":{\"addTooltip\":true,\"colorSchema\":\"Green to Red\",\"emsHotLink\":null,\"isDisplayWarning\":false,\"legendPosition\":\"bottomright\",\"mapCenter\":[0,0],\"mapZoom\":3,\"outlineWeight\":1,\"selectedJoinField\":{\"description\":\"Country Code\",\"name\":\"ISO_A2\"},\"selectedLayer\":{\"attribution\":\"https://exploratory.io/maps\",\"fields\":[{\"description\":\"Country Code\",\"name\":\"ISO_A2\"},{\"description\":\"Country Code2\",\"name\":\"WB_A2\"},{\"description\":\"Country Name\",\"name\":\"NAME\"}],\"format\":{\"type\":\"geojson\"},\"isEMS\":false,\"layerId\":\"self_hosted.World (offline)\",\"meta\":{\"feature_collection_path\":\"data\"},\"name\":\"World (offline)\",\"url\":\"/world.geojson\"},\"showAllShapes\":true,\"wms\":{\"enabled\":false,\"options\":{\"format\":\"image/png\",\"transparent\":true}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"client.bytes\",\"customLabel\":\"Originator Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destination.geo.country_iso_code\",\"size\":250,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Responder Country\"}}]}", "uiStateJSON": "{\"mapCenter\":[0,0],\"mapZoom\":3}", "description": "", "version": 1, diff --git a/dashboards/dashboards/5694ca60-cbdf-11ec-a50a-5fedd672f5c5.json b/dashboards/dashboards/5694ca60-cbdf-11ec-a50a-5fedd672f5c5.json index cb81f141d..292dc28f2 100644 --- a/dashboards/dashboards/5694ca60-cbdf-11ec-a50a-5fedd672f5c5.json +++ b/dashboards/dashboards/5694ca60-cbdf-11ec-a50a-5fedd672f5c5.json @@ -180,7 +180,7 @@ "version": "Wzk1MCwxXQ==", "attributes": { "title": "Alerts - Tags", - "visState": "{\"title\":\"Alerts - Tags\",\"type\":\"tagcloud\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"tags\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"tags\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"},\"schema\":\"segment\"}],\"params\":{\"scale\":\"square root\",\"orientation\":\"single\",\"minFontSize\":18,\"maxFontSize\":48,\"showLabel\":false}}", + "visState": "{\"title\":\"Alerts - Tags\",\"type\":\"tagcloud\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"tags\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"tags\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"},\"schema\":\"segment\"}],\"params\":{\"scale\":\"square root\",\"orientation\":\"single\",\"minFontSize\":18,\"maxFontSize\":48,\"showLabel\":false}}", "uiStateJSON": "{}", "description": "", "version": 1, @@ -240,7 +240,7 @@ "version": "WzM5MywxXQ==", "attributes": { "title": "Alerts - Target", - "visState": "{\"title\":\"Alerts - Target\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"vulnerability.category\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Target\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Alerts - Target\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"vulnerability.category\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Target\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -270,7 +270,7 @@ "version": "WzM5NCwxXQ==", "attributes": { "title": "Alerts - Name", - "visState": "{\"title\":\"Alerts - Name\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"rule.name\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Name\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Alerts - Name\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"rule.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Name\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -300,7 +300,7 @@ "version": "WzM5NSwxXQ==", "attributes": { "title": "Alerts - Source", - "visState": "{\"title\":\"Alerts - Source\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Alerts - Source\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -330,7 +330,7 @@ "version": "WzM5NiwxXQ==", "attributes": { "title": "Alerts - Destination", - "visState": "{\"title\":\"Alerts - Destination\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Port\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Alerts - Destination\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Port\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -360,7 +360,7 @@ "version": "WzM5NywxXQ==", "attributes": { "title": "Alerts - Destination Country", - "visState": "{\"title\":\"Alerts - Destination Country\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.geo.country_name\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Country\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Alerts - Destination Country\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.geo.country_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Country\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -390,7 +390,7 @@ "version": "WzM5OCwxXQ==", "attributes": { "title": "Alerts - Source Country", - "visState": "{\"title\":\"Alerts - Source Country\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.geo.country_name\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source Country\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Alerts - Source Country\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.geo.country_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source Country\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/665d1610-523d-11e9-a30e-e3576242f3ed.json b/dashboards/dashboards/665d1610-523d-11e9-a30e-e3576242f3ed.json index e7a1b5ec1..625bd0ecf 100644 --- a/dashboards/dashboards/665d1610-523d-11e9-a30e-e3576242f3ed.json +++ b/dashboards/dashboards/665d1610-523d-11e9-a30e-e3576242f3ed.json @@ -1,314 +1,314 @@ -{ - "version": "1.3.1", - "objects": [ - { - "id": "665d1610-523d-11e9-a30e-e3576242f3ed", - "type": "dashboard", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-04T18:24:09.052Z", - "version": "WzExNTEsMV0=", - "attributes": { - "title": "Signatures", - "hits": 0, - "description": "", - "panelsJSON": "[{\"version\":\"1.3.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":35,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"1.3.1\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_1\"},{\"version\":\"1.3.1\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"1.3.1\",\"gridData\":{\"x\":0,\"y\":62,\"w\":48,\"h\":48,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"1.3.1\",\"gridData\":{\"x\":8,\"y\":8,\"w\":20,\"h\":27,\"i\":\"9670ac8c-687e-4c2f-a286-ce60d1976764\"},\"panelIndex\":\"9670ac8c-687e-4c2f-a286-ce60d1976764\",\"embeddableConfig\":{\"title\":\"Signatures - Engine\",\"hidePanelTitles\":false},\"title\":\"Signatures - Engine\",\"panelRefName\":\"panel_4\"},{\"version\":\"1.3.1\",\"gridData\":{\"x\":28,\"y\":8,\"w\":20,\"h\":27,\"i\":\"9a91a175-49c6-4874-9dd0-1694eb4a4460\"},\"panelIndex\":\"9a91a175-49c6-4874-9dd0-1694eb4a4460\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}},\"panelRefName\":\"panel_5\"},{\"version\":\"1.3.1\",\"gridData\":{\"x\":0,\"y\":35,\"w\":31,\"h\":27,\"i\":\"22d706d6-533a-461b-88f4-aee0cc45b5ce\"},\"panelIndex\":\"22d706d6-533a-461b-88f4-aee0cc45b5ce\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"1.3.1\",\"gridData\":{\"x\":31,\"y\":35,\"w\":17,\"h\":27,\"i\":\"93ed203d-187e-4e7e-9299-c115cba775fd\"},\"panelIndex\":\"93ed203d-187e-4e7e-9299-c115cba775fd\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"}]", - "optionsJSON": "{\"useMargins\":true}", - "version": 1, - "timeRestore": false, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"*\"},\"filter\":[]}" - } - }, - "references": [ - { - "name": "panel_0", - "type": "visualization", - "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3" - }, - { - "name": "panel_1", - "type": "visualization", - "id": "0927a2fa-f94e-4f68-a23b-5054ed2e171a" - }, - { - "name": "panel_2", - "type": "visualization", - "id": "8356c570-523f-11e9-a30e-e3576242f3ed" - }, - { - "name": "panel_3", - "type": "search", - "id": "34dd33c0-523f-11e9-a30e-e3576242f3ed" - }, - { - "name": "panel_4", - "type": "visualization", - "id": "baa9f5b0-cb22-11ec-ae74-a92fc0e09cde" - }, - { - "name": "panel_5", - "type": "visualization", - "id": "02ae9d40-cb21-11ec-ae74-a92fc0e09cde" - }, - { - "name": "panel_6", - "type": "visualization", - "id": "0e9b1a00-525e-11e9-9bd7-13d6d1bafa75" - }, - { - "name": "panel_7", - "type": "visualization", - "id": "2b389b60-cbd7-11ec-a50a-5fedd672f5c5" - } - ], - "migrationVersion": { - "dashboard": "7.9.3" - } - }, - { - "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-04T17:53:15.100Z", - "version": "Wzc4NCwxXQ==", - "attributes": { - "title": "Network Logs", - "visState": "{\"title\":\"Network Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576) \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405) \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf) \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330) \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4) \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed) \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714) \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3) \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85) \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11) \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f) \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b) \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1) \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed) \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5) \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f) \\n[↪ NetBox](/netbox/) \\n[↪ Arkime](/arkime/) \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406) ● [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e) ● [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9) ● [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48) ● [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) ● [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3) ● [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673) ● [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24) ● [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105) ● [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6) ● [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37) ● [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586) ● [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0) ● [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c) ● [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970) ● [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0) ● [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26) ● [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa) ● [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773) ● [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f) ● [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab) ● [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238) ● [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3) ● [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd) ● [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d) ● [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88) ● [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2) ● [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194) ● [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad) ● [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3) ● [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4) ● [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194) ● [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7) ● [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8) ● [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4) ● [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194) ● [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194) ● [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4) ● [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}", - "uiStateJSON": "{}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}" - } - }, - "references": [], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "0927a2fa-f94e-4f68-a23b-5054ed2e171a", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-04T17:52:37.808Z", - "version": "WzM2NSwxXQ==", - "attributes": { - "title": "Signatures - Log Count Over Time", - "visState": "{\"title\":\"Signatures - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"histogram\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"type\":\"histogram\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER\",\"useNormalizedEsInterval\":true,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\" \"}}]}", - "uiStateJSON": "{}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"event.provider:zeek AND event.dataset:signatures\",\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" - } - }, - "references": [ - { - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern", - "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "8356c570-523f-11e9-a30e-e3576242f3ed", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-04T17:52:37.808Z", - "version": "WzM2NiwxXQ==", - "attributes": { - "title": "Signatures - Log Count", - "visState": "{\"title\":\"Signatures - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":false},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"\"}}]}", - "uiStateJSON": "{}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "type": "search", - "name": "search_0", - "id": "34dd33c0-523f-11e9-a30e-e3576242f3ed" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "34dd33c0-523f-11e9-a30e-e3576242f3ed", - "type": "search", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-04T17:52:47.890Z", - "version": "WzQ5NCwxXQ==", - "attributes": { - "title": "Signatures - Logs", - "description": "", - "hits": 0, - "columns": [ - "event.module", - "rule.category", - "rule.name", - "rule.id", - "event.id" - ], - "sort": [ - [ - "MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER", - "desc" - ] - ], - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"event.provider:zeek AND event.dataset:signatures\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" - } - }, - "references": [ - { - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern", - "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" - } - ], - "migrationVersion": { - "search": "7.9.3" - } - }, - { - "id": "baa9f5b0-cb22-11ec-ae74-a92fc0e09cde", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-04T17:52:37.808Z", - "version": "WzM2OCwxXQ==", - "attributes": { - "title": "Signatures - Engine Cloud", - "visState": "{\"title\":\"Signatures - Engine Cloud\",\"type\":\"tagcloud\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.module\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"},\"schema\":\"segment\"}],\"params\":{\"scale\":\"log\",\"orientation\":\"single\",\"minFontSize\":18,\"maxFontSize\":72,\"showLabel\":false}}", - "uiStateJSON": "{}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "34dd33c0-523f-11e9-a30e-e3576242f3ed" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "02ae9d40-cb21-11ec-ae74-a92fc0e09cde", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-04T17:52:37.808Z", - "version": "WzM3MCwxXQ==", - "attributes": { - "title": "Signatures - Name", - "visState": "{\"title\":\"Signatures - Name\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"rule.name\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Signature\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":20,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "34dd33c0-523f-11e9-a30e-e3576242f3ed" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "0e9b1a00-525e-11e9-9bd7-13d6d1bafa75", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-04T18:08:23.728Z", - "version": "WzEwNzksMV0=", - "attributes": { - "title": "Signatures - Category", - "visState": "{\"title\":\"Signatures - Category\",\"type\":\"horizontal_bar\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\" \"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"rule.category\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\" \"},\"schema\":\"segment\"}],\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":40},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"square root\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":20},\"title\":{\"text\":\" \"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\" \",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"times\":[],\"addTimeMarker\":false,\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"dimensions\":{\"x\":{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Signature ID\",\"aggType\":\"terms\"},\"y\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}]}}}", - "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "34dd33c0-523f-11e9-a30e-e3576242f3ed" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "2b389b60-cbd7-11ec-a50a-5fedd672f5c5", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-04T18:22:34.518Z", - "version": "WzExMTEsMV0=", - "attributes": { - "title": "Signatures - Tactic and Technique", - "visState": "{\"title\":\"Signatures - Tactic and Technique\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"threat.tactic.name\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Tactic\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"threat.technique.name\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Technique\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":20,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"threat.technique.name:* OR threat.tactic.name:*\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "34dd33c0-523f-11e9-a30e-e3576242f3ed" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - } - ] +{ + "version": "1.3.1", + "objects": [ + { + "id": "665d1610-523d-11e9-a30e-e3576242f3ed", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-04T18:24:09.052Z", + "version": "WzExNTEsMV0=", + "attributes": { + "title": "Signatures", + "hits": 0, + "description": "", + "panelsJSON": "[{\"version\":\"1.3.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":35,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"1.3.1\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_1\"},{\"version\":\"1.3.1\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"1.3.1\",\"gridData\":{\"x\":0,\"y\":62,\"w\":48,\"h\":48,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"1.3.1\",\"gridData\":{\"x\":8,\"y\":8,\"w\":20,\"h\":27,\"i\":\"9670ac8c-687e-4c2f-a286-ce60d1976764\"},\"panelIndex\":\"9670ac8c-687e-4c2f-a286-ce60d1976764\",\"embeddableConfig\":{\"title\":\"Signatures - Engine\",\"hidePanelTitles\":false},\"title\":\"Signatures - Engine\",\"panelRefName\":\"panel_4\"},{\"version\":\"1.3.1\",\"gridData\":{\"x\":28,\"y\":8,\"w\":20,\"h\":27,\"i\":\"9a91a175-49c6-4874-9dd0-1694eb4a4460\"},\"panelIndex\":\"9a91a175-49c6-4874-9dd0-1694eb4a4460\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}},\"panelRefName\":\"panel_5\"},{\"version\":\"1.3.1\",\"gridData\":{\"x\":0,\"y\":35,\"w\":31,\"h\":27,\"i\":\"22d706d6-533a-461b-88f4-aee0cc45b5ce\"},\"panelIndex\":\"22d706d6-533a-461b-88f4-aee0cc45b5ce\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"1.3.1\",\"gridData\":{\"x\":31,\"y\":35,\"w\":17,\"h\":27,\"i\":\"93ed203d-187e-4e7e-9299-c115cba775fd\"},\"panelIndex\":\"93ed203d-187e-4e7e-9299-c115cba775fd\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"}]", + "optionsJSON": "{\"useMargins\":true}", + "version": 1, + "timeRestore": false, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"*\"},\"filter\":[]}" + } + }, + "references": [ + { + "name": "panel_0", + "type": "visualization", + "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3" + }, + { + "name": "panel_1", + "type": "visualization", + "id": "0927a2fa-f94e-4f68-a23b-5054ed2e171a" + }, + { + "name": "panel_2", + "type": "visualization", + "id": "8356c570-523f-11e9-a30e-e3576242f3ed" + }, + { + "name": "panel_3", + "type": "search", + "id": "34dd33c0-523f-11e9-a30e-e3576242f3ed" + }, + { + "name": "panel_4", + "type": "visualization", + "id": "baa9f5b0-cb22-11ec-ae74-a92fc0e09cde" + }, + { + "name": "panel_5", + "type": "visualization", + "id": "02ae9d40-cb21-11ec-ae74-a92fc0e09cde" + }, + { + "name": "panel_6", + "type": "visualization", + "id": "0e9b1a00-525e-11e9-9bd7-13d6d1bafa75" + }, + { + "name": "panel_7", + "type": "visualization", + "id": "2b389b60-cbd7-11ec-a50a-5fedd672f5c5" + } + ], + "migrationVersion": { + "dashboard": "7.9.3" + } + }, + { + "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-04T17:53:15.100Z", + "version": "Wzc4NCwxXQ==", + "attributes": { + "title": "Network Logs", + "visState": "{\"title\":\"Network Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576) \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405) \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf) \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330) \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4) \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed) \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714) \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3) \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85) \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11) \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f) \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b) \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1) \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed) \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5) \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f) \\n[↪ NetBox](/netbox/) \\n[↪ Arkime](/arkime/) \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406) ● [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e) ● [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9) ● [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48) ● [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) ● [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3) ● [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673) ● [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24) ● [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105) ● [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6) ● [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37) ● [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586) ● [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0) ● [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c) ● [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970) ● [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0) ● [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26) ● [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa) ● [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773) ● [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f) ● [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab) ● [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238) ● [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3) ● [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd) ● [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d) ● [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88) ● [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2) ● [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194) ● [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad) ● [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3) ● [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4) ● [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194) ● [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7) ● [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8) ● [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4) ● [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194) ● [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194) ● [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4) ● [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}", + "uiStateJSON": "{}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}" + } + }, + "references": [], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "0927a2fa-f94e-4f68-a23b-5054ed2e171a", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-04T17:52:37.808Z", + "version": "WzM2NSwxXQ==", + "attributes": { + "title": "Signatures - Log Count Over Time", + "visState": "{\"title\":\"Signatures - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"histogram\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"type\":\"histogram\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER\",\"useNormalizedEsInterval\":true,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\" \"}}]}", + "uiStateJSON": "{}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"event.provider:zeek AND event.dataset:signatures\",\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" + } + }, + "references": [ + { + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern", + "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "8356c570-523f-11e9-a30e-e3576242f3ed", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-04T17:52:37.808Z", + "version": "WzM2NiwxXQ==", + "attributes": { + "title": "Signatures - Log Count", + "visState": "{\"title\":\"Signatures - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":false},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"\"}}]}", + "uiStateJSON": "{}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "type": "search", + "name": "search_0", + "id": "34dd33c0-523f-11e9-a30e-e3576242f3ed" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "34dd33c0-523f-11e9-a30e-e3576242f3ed", + "type": "search", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-04T17:52:47.890Z", + "version": "WzQ5NCwxXQ==", + "attributes": { + "title": "Signatures - Logs", + "description": "", + "hits": 0, + "columns": [ + "event.module", + "rule.category", + "rule.name", + "rule.id", + "event.id" + ], + "sort": [ + [ + "MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER", + "desc" + ] + ], + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"event.provider:zeek AND event.dataset:signatures\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" + } + }, + "references": [ + { + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern", + "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" + } + ], + "migrationVersion": { + "search": "7.9.3" + } + }, + { + "id": "baa9f5b0-cb22-11ec-ae74-a92fc0e09cde", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-04T17:52:37.808Z", + "version": "WzM2OCwxXQ==", + "attributes": { + "title": "Signatures - Engine Cloud", + "visState": "{\"title\":\"Signatures - Engine Cloud\",\"type\":\"tagcloud\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.module\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"},\"schema\":\"segment\"}],\"params\":{\"scale\":\"log\",\"orientation\":\"single\",\"minFontSize\":18,\"maxFontSize\":72,\"showLabel\":false}}", + "uiStateJSON": "{}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "34dd33c0-523f-11e9-a30e-e3576242f3ed" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "02ae9d40-cb21-11ec-ae74-a92fc0e09cde", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-04T17:52:37.808Z", + "version": "WzM3MCwxXQ==", + "attributes": { + "title": "Signatures - Name", + "visState": "{\"title\":\"Signatures - Name\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"rule.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":1000,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Signature\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":20,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "34dd33c0-523f-11e9-a30e-e3576242f3ed" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "0e9b1a00-525e-11e9-9bd7-13d6d1bafa75", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-04T18:08:23.728Z", + "version": "WzEwNzksMV0=", + "attributes": { + "title": "Signatures - Category", + "visState": "{\"title\":\"Signatures - Category\",\"type\":\"horizontal_bar\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\" \"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"rule.category\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\" \"},\"schema\":\"segment\"}],\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":40},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"square root\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":20},\"title\":{\"text\":\" \"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\" \",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"times\":[],\"addTimeMarker\":false,\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"dimensions\":{\"x\":{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Signature ID\",\"aggType\":\"terms\"},\"y\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}]}}}", + "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "34dd33c0-523f-11e9-a30e-e3576242f3ed" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "2b389b60-cbd7-11ec-a50a-5fedd672f5c5", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-04T18:22:34.518Z", + "version": "WzExMTEsMV0=", + "attributes": { + "title": "Signatures - Tactic and Technique", + "visState": "{\"title\":\"Signatures - Tactic and Technique\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"threat.tactic.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Tactic\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"threat.technique.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Technique\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":20,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"threat.technique.name:* OR threat.tactic.name:*\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "34dd33c0-523f-11e9-a30e-e3576242f3ed" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + } + ] } \ No newline at end of file diff --git a/dashboards/dashboards/677ee170-809e-11ed-8d5b-07069f823b6f.json b/dashboards/dashboards/677ee170-809e-11ed-8d5b-07069f823b6f.json index 4e6285f41..74a772b37 100644 --- a/dashboards/dashboards/677ee170-809e-11ed-8d5b-07069f823b6f.json +++ b/dashboards/dashboards/677ee170-809e-11ed-8d5b-07069f823b6f.json @@ -140,7 +140,7 @@ "version": "WzQxNywxXQ==", "attributes": { "title": "Source Device Type", - "visState": "{\"title\":\"Source Device Type\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.device.manufacturer\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Manufacturer\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.device.device_type\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Type\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.device.role\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Role\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Source Device Type\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.device.manufacturer\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Manufacturer\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.device.device_type\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Type\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.device.role\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Role\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -170,7 +170,7 @@ "version": "WzQxOCwxXQ==", "attributes": { "title": "Traffic by Network Segment", - "visState": "{\"title\":\"Traffic by Network Segment\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Log Count\"},\"schema\":\"metric\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"related.site\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Site\"},\"schema\":\"bucket\"},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.direction\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"unknown\",\"customLabel\":\"Direction\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.segment.name\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Source Segment\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.segment.name\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Destination Segment\"},\"schema\":\"bucket\"},{\"id\":\"7\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Total Packets\"},\"schema\":\"metric\"},{\"id\":\"8\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Total Bytes\"},\"schema\":\"metric\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Traffic by Network Segment\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Log Count\"},\"schema\":\"metric\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"related.site\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Site\"},\"schema\":\"bucket\"},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.direction\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"unknown\",\"customLabel\":\"Direction\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.segment.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Source Segment\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.segment.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Destination Segment\"},\"schema\":\"bucket\"},{\"id\":\"7\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Total Packets\"},\"schema\":\"metric\"},{\"id\":\"8\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Total Bytes\"},\"schema\":\"metric\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":6,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -200,7 +200,7 @@ "version": "WzQxOSwxXQ==", "attributes": { "title": "Destination Device Type", - "visState": "{\"title\":\"Destination Device Type\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.device.manufacturer\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Manufacturer\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.device.device_type\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Type\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.device.role\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Role\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Destination Device Type\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.device.manufacturer\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Manufacturer\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.device.device_type\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Type\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.device.role\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Role\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -290,7 +290,7 @@ "version": "Wzk0OSwxXQ==", "attributes": { "title": "Protocol by Network Segment", - "visState": "{\"title\":\"Protocol by Network Segment\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.name\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"-\",\"customLabel\":\"Network Segment\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.type\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Family\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.transport\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Transport\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Protocol\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Protocol by Network Segment\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":150,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"-\",\"customLabel\":\"Network Segment\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.type\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Family\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.transport\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":150,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Transport\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Protocol\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":4,\"direction\":\"desc\"}},\"sortColumn\":{\"colIndex\":4,\"direction\":\"desc\"}}}", "description": "", "version": 1, @@ -320,7 +320,7 @@ "version": "WzQyMywxXQ==", "attributes": { "title": "Notice, Alert and Signature by Network Segment", - "visState": "{\"title\":\"Notice, Alert and Signature by Network Segment\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.provider\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Provider\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.dataset\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Dataset\"},\"schema\":\"bucket\"},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"related.site\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Site\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.name\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Network Segment\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"rule.category\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Category\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Notice, Alert and Signature by Network Segment\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.provider\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Provider\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.dataset\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Dataset\"},\"schema\":\"bucket\"},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"related.site\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Site\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Network Segment\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"rule.category\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Category\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":5,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -350,7 +350,7 @@ "version": "WzQyNCwxXQ==", "attributes": { "title": "Event Severity by Network Segment", - "visState": "{\"title\":\"Event Severity by Network Segment\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"7\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"related.site\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Site\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.name\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Network Segment\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.severity_tags\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Severity Tag\"},\"schema\":\"bucket\"},{\"id\":\"6\",\"enabled\":true,\"type\":\"max\",\"params\":{\"field\":\"event.risk_score\",\"customLabel\":\"High Raw Severity\"},\"schema\":\"metric\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Event Severity by Network Segment\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"7\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"related.site\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Site\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Network Segment\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.severity_tags\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Severity Tag\"},\"schema\":\"bucket\"},{\"id\":\"6\",\"enabled\":true,\"type\":\"max\",\"params\":{\"field\":\"event.risk_score\",\"customLabel\":\"High Raw Severity\"},\"schema\":\"metric\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":4,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -380,7 +380,7 @@ "version": "WzQyNSwxXQ==", "attributes": { "title": "Source Device Log Counts", - "visState": "{\"title\":\"Source Device Log Counts\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Log Count\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.device.manufacturer\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Manufacturer\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.device.device_type\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Type\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.device.role\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Role\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.device.name\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Name\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":15,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Source Device Log Counts\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Log Count\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.device.manufacturer\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Manufacturer\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.device.device_type\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Type\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.device.role\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Role\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.device.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Name\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":15,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":4,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -410,7 +410,7 @@ "version": "WzQyNiwxXQ==", "attributes": { "title": "Destination Device Log Counts", - "visState": "{\"title\":\"Destination Device Log Counts\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Log Count\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.device.manufacturer\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Manufacturer\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.device.device_type\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Type\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.device.role\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Role\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.device.name\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Name\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":15,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Destination Device Log Counts\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Log Count\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.device.manufacturer\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Manufacturer\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.device.device_type\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Type\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.device.role\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Role\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.device.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Name\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":15,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":4,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -440,7 +440,7 @@ "version": "WzQyNywxXQ==", "attributes": { "title": "Uninventoried Internal Source IPs", - "visState": "{\"title\":\"Uninventoried Internal Source IPs\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.segment.site\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Site\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.segment.name\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Segment\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Uninventoried Internal Source IPs\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.segment.site\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Site\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.segment.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Segment\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -470,7 +470,7 @@ "version": "WzQyOCwxXQ==", "attributes": { "title": "Uninventoried Internal Destination IPs", - "visState": "{\"title\":\"Uninventoried Internal Destination IPs\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.segment.site\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Site\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.segment.name\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Segment\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Uninventoried Internal Destination IPs\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.segment.site\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Site\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.segment.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Segment\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/76f2f912-80da-44cd-ab66-6a73c8344cc3.json b/dashboards/dashboards/76f2f912-80da-44cd-ab66-6a73c8344cc3.json index ffaa5396a..49b1454f3 100644 --- a/dashboards/dashboards/76f2f912-80da-44cd-ab66-6a73c8344cc3.json +++ b/dashboards/dashboards/76f2f912-80da-44cd-ab66-6a73c8344cc3.json @@ -134,7 +134,7 @@ "updated_at": "2021-02-10T21:24:36.060Z", "version": "WzUxMiwxXQ==", "attributes": { - "visState": "{\"title\":\"IRC - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"IRC - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", "description": "", "title": "IRC - Destination IP Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -164,7 +164,7 @@ "updated_at": "2021-02-10T21:24:36.060Z", "version": "WzUxMywxXQ==", "attributes": { - "visState": "{\"title\":\"IRC - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"IRC - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", "description": "", "title": "IRC - Source IP Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -195,7 +195,7 @@ "version": "WzUxNCwxXQ==", "attributes": { "title": "IRC - Destination Port", - "visState": "{\"title\":\"IRC - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination Port\"}}]}", + "visState": "{\"title\":\"IRC - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination Port\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, @@ -255,7 +255,7 @@ "version": "WzUxNiwxXQ==", "attributes": { "title": "IRC - Destination Country", - "visState": "{\"title\":\"IRC - Destination Country\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.geo.country_name\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination Country\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.geo.city_name\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination City\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination IP Address\"}}]}", + "visState": "{\"title\":\"IRC - Destination Country\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.geo.country_name\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination Country\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.geo.city_name\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination City\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination IP Address\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, @@ -285,7 +285,7 @@ "version": "WzUxNywxXQ==", "attributes": { "title": "IRC - Command", - "visState": "{\"title\":\"IRC - Command\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.irc.command\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Command\"}}]}", + "visState": "{\"title\":\"IRC - Command\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.irc.command\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Command\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/77fc9960-3f99-11e9-a58e-8bdedb0915e8.json b/dashboards/dashboards/77fc9960-3f99-11e9-a58e-8bdedb0915e8.json index 419b43429..0086705a9 100644 --- a/dashboards/dashboards/77fc9960-3f99-11e9-a58e-8bdedb0915e8.json +++ b/dashboards/dashboards/77fc9960-3f99-11e9-a58e-8bdedb0915e8.json @@ -80,7 +80,7 @@ "version": "WzUyMSwxXQ==", "attributes": { "title": "Connections - Destination - Responder Bytes (region map)", - "visState": "{\"title\":\"Connections - Destination - Responder Bytes (region map)\",\"type\":\"region_map\",\"params\":{\"addTooltip\":true,\"colorSchema\":\"Green to Red\",\"emsHotLink\":null,\"isDisplayWarning\":false,\"legendPosition\":\"bottomright\",\"mapCenter\":[0,0],\"mapZoom\":3,\"outlineWeight\":1,\"selectedJoinField\":{\"description\":\"Country Code\",\"name\":\"ISO_A2\"},\"selectedLayer\":{\"attribution\":\"https://exploratory.io/maps\",\"fields\":[{\"description\":\"Country Code\",\"name\":\"ISO_A2\"},{\"description\":\"Country Code2\",\"name\":\"WB_A2\"},{\"description\":\"Country Name\",\"name\":\"NAME\"}],\"format\":{\"type\":\"geojson\"},\"isEMS\":false,\"layerId\":\"self_hosted.World (offline)\",\"meta\":{\"feature_collection_path\":\"data\"},\"name\":\"World (offline)\",\"url\":\"/world.geojson\"},\"showAllShapes\":true,\"wms\":{\"enabled\":false,\"options\":{\"format\":\"image/png\",\"transparent\":true}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"server.bytes\",\"customLabel\":\"Responder Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destination.geo.country_iso_code\",,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Responder Country\"}}]}", + "visState": "{\"title\":\"Connections - Destination - Responder Bytes (region map)\",\"type\":\"region_map\",\"params\":{\"addTooltip\":true,\"colorSchema\":\"Green to Red\",\"emsHotLink\":null,\"isDisplayWarning\":false,\"legendPosition\":\"bottomright\",\"mapCenter\":[0,0],\"mapZoom\":3,\"outlineWeight\":1,\"selectedJoinField\":{\"description\":\"Country Code\",\"name\":\"ISO_A2\"},\"selectedLayer\":{\"attribution\":\"https://exploratory.io/maps\",\"fields\":[{\"description\":\"Country Code\",\"name\":\"ISO_A2\"},{\"description\":\"Country Code2\",\"name\":\"WB_A2\"},{\"description\":\"Country Name\",\"name\":\"NAME\"}],\"format\":{\"type\":\"geojson\"},\"isEMS\":false,\"layerId\":\"self_hosted.World (offline)\",\"meta\":{\"feature_collection_path\":\"data\"},\"name\":\"World (offline)\",\"url\":\"/world.geojson\"},\"showAllShapes\":true,\"wms\":{\"enabled\":false,\"options\":{\"format\":\"image/png\",\"transparent\":true}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"server.bytes\",\"customLabel\":\"Responder Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destination.geo.country_iso_code\",\"size\":250,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Responder Country\"}}]}", "uiStateJSON": "{\"mapCenter\":[0,0],\"mapZoom\":3}", "description": "", "version": 1, diff --git a/dashboards/dashboards/7f41913f-cba8-43f5-82a8-241b7ead03e0.json b/dashboards/dashboards/7f41913f-cba8-43f5-82a8-241b7ead03e0.json index 641eeeb02..e0c944d52 100644 --- a/dashboards/dashboards/7f41913f-cba8-43f5-82a8-241b7ead03e0.json +++ b/dashboards/dashboards/7f41913f-cba8-43f5-82a8-241b7ead03e0.json @@ -144,7 +144,7 @@ "updated_at": "2021-02-10T21:24:38.098Z", "version": "WzUyOCwxXQ==", "attributes": { - "visState": "{\"title\":\"RDP - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"RDP - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", "description": "", "title": "RDP - Source IP Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -175,7 +175,7 @@ "version": "WzI3NjksMV0=", "attributes": { "title": "RDP - Destination IP Address", - "visState": "{\"title\":\"RDP - Destination IP Address\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Port\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"RDP - Destination IP Address\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Port\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -204,7 +204,7 @@ "updated_at": "2021-02-10T21:24:38.098Z", "version": "WzUzMSwxXQ==", "attributes": { - "visState": "{\"title\":\"RDP - Cookie\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.rdp.cookie\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Cookie\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"RDP - Cookie\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.rdp.cookie\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Cookie\"}}],\"listeners\":{}}", "description": "", "title": "RDP - Cookie", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", diff --git a/dashboards/dashboards/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb.json b/dashboards/dashboards/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb.json index 13886a332..a4bb946bf 100644 --- a/dashboards/dashboards/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb.json +++ b/dashboards/dashboards/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb.json @@ -1,711 +1,711 @@ -{ - "version": "7.10.2", - "objects": [ - { - "id": "7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb", - "type": "dashboard", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-12T14:50:34.705Z", - "version": "Wzg4MCwxXQ==", - "attributes": { - "title": "SSL", - "hits": 0, - "description": "", - "panelsJSON": "[{\"version\":\"7.10.2\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":27,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":37,\"y\":8,\"w\":11,\"h\":19,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":0,\"y\":66,\"w\":10,\"h\":18,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":20,\"y\":66,\"w\":7,\"h\":18,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":10,\"y\":66,\"w\":10,\"h\":18,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":23,\"y\":27,\"w\":25,\"h\":18,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{\"table\":null,\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"asc\"}}}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":8,\"y\":8,\"w\":16,\"h\":19,\"i\":\"14\"},\"panelIndex\":\"14\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":12,\"y\":27,\"w\":11,\"h\":18,\"i\":\"19\"},\"panelIndex\":\"19\",\"embeddableConfig\":{\"table\":null,\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"20\"},\"panelIndex\":\"20\",\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"panelRefName\":\"panel_9\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":0,\"y\":45,\"w\":19,\"h\":21,\"i\":\"22\"},\"panelIndex\":\"22\",\"embeddableConfig\":{},\"panelRefName\":\"panel_10\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":19,\"y\":45,\"w\":14,\"h\":21,\"i\":\"23\"},\"panelIndex\":\"23\",\"embeddableConfig\":{},\"panelRefName\":\"panel_11\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":24,\"y\":8,\"w\":13,\"h\":19,\"i\":\"e57b69c8-34a0-4b5a-9146-f81034ce74fe\"},\"panelIndex\":\"e57b69c8-34a0-4b5a-9146-f81034ce74fe\",\"embeddableConfig\":{},\"panelRefName\":\"panel_12\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":0,\"y\":27,\"w\":12,\"h\":18,\"i\":\"078aaedd-22fb-4a22-ad5b-b81403587fde\"},\"panelIndex\":\"078aaedd-22fb-4a22-ad5b-b81403587fde\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_13\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":33,\"y\":45,\"w\":15,\"h\":21,\"i\":\"d8186ab4-1aab-404f-8b9e-a429dda88345\"},\"panelIndex\":\"d8186ab4-1aab-404f-8b9e-a429dda88345\",\"embeddableConfig\":{},\"panelRefName\":\"panel_14\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":27,\"y\":66,\"w\":9,\"h\":18,\"i\":\"cd6004c4-d604-4503-a4a2-d1c38e852279\"},\"panelIndex\":\"cd6004c4-d604-4503-a4a2-d1c38e852279\",\"embeddableConfig\":{},\"panelRefName\":\"panel_15\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":36,\"y\":66,\"w\":12,\"h\":18,\"i\":\"c151c3a5-c079-4d3b-8a31-da338b974e44\"},\"panelIndex\":\"c151c3a5-c079-4d3b-8a31-da338b974e44\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_16\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":0,\"y\":84,\"w\":48,\"h\":43,\"i\":\"bbcebabc-0baf-4b15-ad17-fc7633b9b8b8\"},\"panelIndex\":\"bbcebabc-0baf-4b15-ad17-fc7633b9b8b8\",\"embeddableConfig\":{},\"panelRefName\":\"panel_17\"}]", - "optionsJSON": "{\"useMargins\":true}", - "version": 1, - "timeRestore": false, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\",\"time_zone\":\"America/Boise\"}}},\"filter\":[]}" - } - }, - "references": [ - { - "name": "panel_0", - "type": "visualization", - "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3" - }, - { - "name": "panel_1", - "type": "visualization", - "id": "dc0b1b11-52da-4cc0-bddf-db127bd6cfee" - }, - { - "name": "panel_2", - "type": "visualization", - "id": "20fa1fd0-f204-499d-996f-e41e1ee3d40f" - }, - { - "name": "panel_3", - "type": "visualization", - "id": "df8bd09c-064c-45b3-8d54-9797ccb58d74" - }, - { - "name": "panel_4", - "type": "visualization", - "id": "f81fe18d-c2ff-4757-9de3-8b943a759169" - }, - { - "name": "panel_5", - "type": "visualization", - "id": "b50ee1a8-d83d-46bf-9ba2-419d089d4797" - }, - { - "name": "panel_6", - "type": "visualization", - "id": "8486949c-3592-4831-9020-59bfd968ccfa" - }, - { - "name": "panel_7", - "type": "visualization", - "id": "d7a673bc-4a11-423b-acd3-a446425551c1" - }, - { - "name": "panel_8", - "type": "visualization", - "id": "f821c7fe-0dd3-4c3c-b5df-77b926f4007a" - }, - { - "name": "panel_9", - "type": "visualization", - "id": "AWDHElRWxQT5EBNmq4lz" - }, - { - "name": "panel_10", - "type": "visualization", - "id": "371b06d0-72a1-11e9-b0f3-590266f42743" - }, - { - "name": "panel_11", - "type": "visualization", - "id": "bdda87a0-72a0-11e9-b0f3-590266f42743" - }, - { - "name": "panel_12", - "type": "visualization", - "id": "fa696510-4e9b-11ea-b504-97aa449f6abc" - }, - { - "name": "panel_13", - "type": "visualization", - "id": "41325860-4dd6-11ea-8336-d3388483188b" - }, - { - "name": "panel_14", - "type": "visualization", - "id": "5ae4ec90-2b6b-11ec-8a86-a38b1f4ba0f0" - }, - { - "name": "panel_15", - "type": "visualization", - "id": "f13ba720-4dd6-11ea-8336-d3388483188b" - }, - { - "name": "panel_16", - "type": "visualization", - "id": "9c20d940-4dd6-11ea-8336-d3388483188b" - }, - { - "name": "panel_17", - "type": "search", - "id": "b945a684-0841-4e86-87aa-0f1af6fb6579" - } - ], - "migrationVersion": { - "dashboard": "7.9.3" - } - }, - { - "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-12T14:15:08.441Z", - "version": "WzcyNiwxXQ==", - "attributes": { - "title": "Network Logs", - "visState": "{\"title\":\"Network Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576) \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405) \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf) \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330) \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4) \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed) \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714) \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3) \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85) \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11) \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f) \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b) \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1) \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed) \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5) \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f) \\n[↪ NetBox](/netbox/) \\n[↪ Arkime](/arkime/) \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406) ● [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e) ● [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9) ● [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48) ● [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) ● [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3) ● [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673) ● [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24) ● [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105) ● [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6) ● [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37) ● [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586) ● [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0) ● [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c) ● [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970) ● [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0) ● [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26) ● [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa) ● [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773) ● [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f) ● [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab) ● [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238) ● [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3) ● [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd) ● [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d) ● [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88) ● [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2) ● [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194) ● [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad) ● [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3) ● [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4) ● [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194) ● [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7) ● [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8) ● [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4) ● [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194) ● [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194) ● [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4) ● [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}", - "uiStateJSON": "{}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}" - } - }, - "references": [], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "dc0b1b11-52da-4cc0-bddf-db127bd6cfee", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-12T14:14:37.087Z", - "version": "WzM3MSwxXQ==", - "attributes": { - "visState": "{\"title\":\"SSL - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"histogram\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\" \"}}],\"listeners\":{}}", - "description": "", - "title": "SSL - Log Count Over Time", - "uiStateJSON": "{}", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "type": "search", - "name": "search_0", - "id": "b945a684-0841-4e86-87aa-0f1af6fb6579" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "20fa1fd0-f204-499d-996f-e41e1ee3d40f", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-12T14:14:37.087Z", - "version": "WzM3MiwxXQ==", - "attributes": { - "title": "SSL - Version", - "visState": "{\"title\":\"SSL - Version\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"isDonut\":false,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"zeek.ssl.ssl_version: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek.ssl.ssl_version\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}", - "uiStateJSON": "{}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "b945a684-0841-4e86-87aa-0f1af6fb6579" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "df8bd09c-064c-45b3-8d54-9797ccb58d74", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-12T14:14:37.087Z", - "version": "WzM3MywxXQ==", - "attributes": { - "visState": "{\"title\":\"SSL - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", - "description": "", - "title": "SSL - Source IP Address", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "type": "search", - "name": "search_0", - "id": "b945a684-0841-4e86-87aa-0f1af6fb6579" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "f81fe18d-c2ff-4757-9de3-8b943a759169", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-12T14:14:37.087Z", - "version": "WzM3NCwxXQ==", - "attributes": { - "visState": "{\"title\":\"SSL - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}", - "description": "", - "title": "SSL - Destination Port", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "type": "search", - "name": "search_0", - "id": "b945a684-0841-4e86-87aa-0f1af6fb6579" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "b50ee1a8-d83d-46bf-9ba2-419d089d4797", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-12T14:14:37.087Z", - "version": "WzM3NSwxXQ==", - "attributes": { - "visState": "{\"title\":\"SSL - Destination Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", - "description": "", - "title": "SSL - Destination Address", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "type": "search", - "name": "search_0", - "id": "b945a684-0841-4e86-87aa-0f1af6fb6579" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "8486949c-3592-4831-9020-59bfd968ccfa", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-12T14:14:37.087Z", - "version": "WzM3NiwxXQ==", - "attributes": { - "title": "SSL - Server", - "visState": "{\"title\":\"SSL - Server\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Server\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Randomness Score (method 1)\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.ssl.server_name\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.freq_score_v1\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Randomness Score (method 1)\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.freq_score_v2\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Randomness Score (method 2)\"}}]}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "b945a684-0841-4e86-87aa-0f1af6fb6579" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "d7a673bc-4a11-423b-acd3-a446425551c1", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-12T14:14:37.087Z", - "version": "WzM3NywxXQ==", - "attributes": { - "title": "SSL - Destination Country", - "visState": "{\"title\":\"SSL - Destination Country\",\"type\":\"histogram\",\"params\":{\"addLegend\":false,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"destination.geo.country_name: Descending\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"drawLinesBetweenPoints\":true,\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Count\"},\"type\":\"value\"}],\"type\":\"histogram\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destination.geo.country_name\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}]}", - "uiStateJSON": "{}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "type": "search", - "name": "search_0", - "id": "b945a684-0841-4e86-87aa-0f1af6fb6579" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "f821c7fe-0dd3-4c3c-b5df-77b926f4007a", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-12T14:14:37.087Z", - "version": "WzM3OCwxXQ==", - "attributes": { - "visState": "{\"title\":\"SSL - Validation Status\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.ssl.validation_status\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Validation Status\"}}],\"listeners\":{}}", - "description": "", - "title": "SSL - Validation Status", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "type": "search", - "name": "search_0", - "id": "b945a684-0841-4e86-87aa-0f1af6fb6579" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "AWDHElRWxQT5EBNmq4lz", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-12T14:14:37.087Z", - "version": "WzM3OSwxXQ==", - "attributes": { - "title": "SSL - Log Count", - "visState": "{\"title\":\"SSL - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}", - "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "type": "search", - "name": "search_0", - "id": "b945a684-0841-4e86-87aa-0f1af6fb6579" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "371b06d0-72a1-11e9-b0f3-590266f42743", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-12T14:14:37.087Z", - "version": "WzM4MCwxXQ==", - "attributes": { - "title": "SSL - Client JA3 Lookup", - "visState": "{\"title\":\"SSL - Client JA3 Lookup\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"tls.client.ja3_description\",,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client JA3 Lookup\"}}]}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "type": "search", - "name": "search_0", - "id": "b945a684-0841-4e86-87aa-0f1af6fb6579" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "bdda87a0-72a0-11e9-b0f3-590266f42743", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-12T14:14:37.087Z", - "version": "WzM4MSwxXQ==", - "attributes": { - "title": "SSL - Server JA3 Lookup", - "visState": "{\"title\":\"SSL - Server JA3 Lookup\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"tls.server.ja3s_description\",,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server JA3 Lookup\"}}]}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "type": "search", - "name": "search_0", - "id": "b945a684-0841-4e86-87aa-0f1af6fb6579" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "fa696510-4e9b-11ea-b504-97aa449f6abc", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-12T14:14:37.087Z", - "version": "WzM4MiwxXQ==", - "attributes": { - "title": "SSL - Relevant Notices", - "visState": "{\"title\":\"SSL - Relevant Notices\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":4,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Notice Category\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Notice Subcategory\",\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"ip\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Source IP\",\"aggType\":\"terms\"},{\"accessor\":3,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"ip\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"1\"}},\"params\":{},\"label\":\"Destination IP\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.category\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Notice Category\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.name\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Notice Subcategory\"}}]}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"rule.category:(SSL OR CVE_2020_0601)\",\"language\":\"lucene\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "8f003748-a6f8-4244-9d4e-e38e4a48da4c" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "41325860-4dd6-11ea-8336-d3388483188b", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-12T14:14:37.087Z", - "version": "WzM4MywxXQ==", - "attributes": { - "title": "SSL - Connection Established", - "visState": "{\"title\":\"SSL - Connection Established\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"isDonut\":true,\"labels\":{\"show\":true,\"values\":false,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Established\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek.ssl.established\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Established\"}}]}", - "uiStateJSON": "{}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "b945a684-0841-4e86-87aa-0f1af6fb6579" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "5ae4ec90-2b6b-11ec-8a86-a38b1f4ba0f0", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-12T14:47:42.808Z", - "version": "Wzg0NSwxXQ==", - "attributes": { - "title": "SSL - Certificate Fingerprint", - "visState": "{\"title\":\"SSL - Certificate Fingerprint\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.x509.fingerprint\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Certificate Fingerprint\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "b945a684-0841-4e86-87aa-0f1af6fb6579" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "f13ba720-4dd6-11ea-8336-d3388483188b", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-12T14:14:37.087Z", - "version": "WzM4NCwxXQ==", - "attributes": { - "title": "SSL - Next Protocol", - "visState": "{\"title\":\"SSL - Next Protocol\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.ssl.next_protocol\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Next Protocol\"}}]}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "b945a684-0841-4e86-87aa-0f1af6fb6579" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "9c20d940-4dd6-11ea-8336-d3388483188b", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-12T14:14:37.087Z", - "version": "WzM4NSwxXQ==", - "attributes": { - "title": "SSL - Elliptic Curve", - "visState": "{\"title\":\"SSL - Elliptic Curve\",\"type\":\"horizontal_bar\",\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"square root\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"dimensions\":{\"x\":{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Elliptic Curve\",\"aggType\":\"terms\"},\"y\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek.ssl.curve\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Elliptic Curve\"}}]}", - "uiStateJSON": "{}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "b945a684-0841-4e86-87aa-0f1af6fb6579" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "b945a684-0841-4e86-87aa-0f1af6fb6579", - "type": "search", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-12T14:14:37.087Z", - "version": "WzM4NiwxXQ==", - "attributes": { - "title": "SSL - Logs", - "description": "", - "hits": 0, - "columns": [ - "source.ip", - "destination.ip", - "destination.port", - "zeek.ssl.server_name", - "zeek.ssl.established", - "zeek.ssl.validation_status", - "zeek.ssl.ssl_history", - "zeek.ssl.sni_matches_cert", - "event.id" - ], - "sort": [ - [ - "MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER", - "desc" - ] - ], - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"filter\":[],\"query\":{\"query\":{\"query_string\":{\"query\":\"event.dataset:ssl\",\"analyze_wildcard\":true}},\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" - } - }, - "references": [ - { - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern", - "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" - } - ], - "migrationVersion": { - "search": "7.9.3" - } - }, - { - "id": "8f003748-a6f8-4244-9d4e-e38e4a48da4c", - "type": "search", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-12T14:15:05.408Z", - "version": "WzcwMSwxXQ==", - "attributes": { - "title": "Notices - Logs", - "description": "", - "hits": 0, - "columns": [ - "rule.category", - "rule.name", - "zeek.notice.msg", - "source.ip", - "destination.ip", - "event.id" - ], - "sort": [ - [ - "MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER", - "desc" - ] - ], - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"event.provider:zeek AND event.dataset:notice\",\"default_field\":\"*\"}}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" - } - }, - "references": [ - { - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern", - "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" - } - ], - "migrationVersion": { - "search": "7.9.3" - } - } - ] +{ + "version": "7.10.2", + "objects": [ + { + "id": "7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-12T14:50:34.705Z", + "version": "Wzg4MCwxXQ==", + "attributes": { + "title": "SSL", + "hits": 0, + "description": "", + "panelsJSON": "[{\"version\":\"7.10.2\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":27,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":37,\"y\":8,\"w\":11,\"h\":19,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":0,\"y\":66,\"w\":10,\"h\":18,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":20,\"y\":66,\"w\":7,\"h\":18,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":10,\"y\":66,\"w\":10,\"h\":18,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":23,\"y\":27,\"w\":25,\"h\":18,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{\"table\":null,\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"asc\"}}}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":8,\"y\":8,\"w\":16,\"h\":19,\"i\":\"14\"},\"panelIndex\":\"14\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":12,\"y\":27,\"w\":11,\"h\":18,\"i\":\"19\"},\"panelIndex\":\"19\",\"embeddableConfig\":{\"table\":null,\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"20\"},\"panelIndex\":\"20\",\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"panelRefName\":\"panel_9\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":0,\"y\":45,\"w\":19,\"h\":21,\"i\":\"22\"},\"panelIndex\":\"22\",\"embeddableConfig\":{},\"panelRefName\":\"panel_10\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":19,\"y\":45,\"w\":14,\"h\":21,\"i\":\"23\"},\"panelIndex\":\"23\",\"embeddableConfig\":{},\"panelRefName\":\"panel_11\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":24,\"y\":8,\"w\":13,\"h\":19,\"i\":\"e57b69c8-34a0-4b5a-9146-f81034ce74fe\"},\"panelIndex\":\"e57b69c8-34a0-4b5a-9146-f81034ce74fe\",\"embeddableConfig\":{},\"panelRefName\":\"panel_12\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":0,\"y\":27,\"w\":12,\"h\":18,\"i\":\"078aaedd-22fb-4a22-ad5b-b81403587fde\"},\"panelIndex\":\"078aaedd-22fb-4a22-ad5b-b81403587fde\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_13\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":33,\"y\":45,\"w\":15,\"h\":21,\"i\":\"d8186ab4-1aab-404f-8b9e-a429dda88345\"},\"panelIndex\":\"d8186ab4-1aab-404f-8b9e-a429dda88345\",\"embeddableConfig\":{},\"panelRefName\":\"panel_14\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":27,\"y\":66,\"w\":9,\"h\":18,\"i\":\"cd6004c4-d604-4503-a4a2-d1c38e852279\"},\"panelIndex\":\"cd6004c4-d604-4503-a4a2-d1c38e852279\",\"embeddableConfig\":{},\"panelRefName\":\"panel_15\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":36,\"y\":66,\"w\":12,\"h\":18,\"i\":\"c151c3a5-c079-4d3b-8a31-da338b974e44\"},\"panelIndex\":\"c151c3a5-c079-4d3b-8a31-da338b974e44\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_16\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":0,\"y\":84,\"w\":48,\"h\":43,\"i\":\"bbcebabc-0baf-4b15-ad17-fc7633b9b8b8\"},\"panelIndex\":\"bbcebabc-0baf-4b15-ad17-fc7633b9b8b8\",\"embeddableConfig\":{},\"panelRefName\":\"panel_17\"}]", + "optionsJSON": "{\"useMargins\":true}", + "version": 1, + "timeRestore": false, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\",\"time_zone\":\"America/Boise\"}}},\"filter\":[]}" + } + }, + "references": [ + { + "name": "panel_0", + "type": "visualization", + "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3" + }, + { + "name": "panel_1", + "type": "visualization", + "id": "dc0b1b11-52da-4cc0-bddf-db127bd6cfee" + }, + { + "name": "panel_2", + "type": "visualization", + "id": "20fa1fd0-f204-499d-996f-e41e1ee3d40f" + }, + { + "name": "panel_3", + "type": "visualization", + "id": "df8bd09c-064c-45b3-8d54-9797ccb58d74" + }, + { + "name": "panel_4", + "type": "visualization", + "id": "f81fe18d-c2ff-4757-9de3-8b943a759169" + }, + { + "name": "panel_5", + "type": "visualization", + "id": "b50ee1a8-d83d-46bf-9ba2-419d089d4797" + }, + { + "name": "panel_6", + "type": "visualization", + "id": "8486949c-3592-4831-9020-59bfd968ccfa" + }, + { + "name": "panel_7", + "type": "visualization", + "id": "d7a673bc-4a11-423b-acd3-a446425551c1" + }, + { + "name": "panel_8", + "type": "visualization", + "id": "f821c7fe-0dd3-4c3c-b5df-77b926f4007a" + }, + { + "name": "panel_9", + "type": "visualization", + "id": "AWDHElRWxQT5EBNmq4lz" + }, + { + "name": "panel_10", + "type": "visualization", + "id": "371b06d0-72a1-11e9-b0f3-590266f42743" + }, + { + "name": "panel_11", + "type": "visualization", + "id": "bdda87a0-72a0-11e9-b0f3-590266f42743" + }, + { + "name": "panel_12", + "type": "visualization", + "id": "fa696510-4e9b-11ea-b504-97aa449f6abc" + }, + { + "name": "panel_13", + "type": "visualization", + "id": "41325860-4dd6-11ea-8336-d3388483188b" + }, + { + "name": "panel_14", + "type": "visualization", + "id": "5ae4ec90-2b6b-11ec-8a86-a38b1f4ba0f0" + }, + { + "name": "panel_15", + "type": "visualization", + "id": "f13ba720-4dd6-11ea-8336-d3388483188b" + }, + { + "name": "panel_16", + "type": "visualization", + "id": "9c20d940-4dd6-11ea-8336-d3388483188b" + }, + { + "name": "panel_17", + "type": "search", + "id": "b945a684-0841-4e86-87aa-0f1af6fb6579" + } + ], + "migrationVersion": { + "dashboard": "7.9.3" + } + }, + { + "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-12T14:15:08.441Z", + "version": "WzcyNiwxXQ==", + "attributes": { + "title": "Network Logs", + "visState": "{\"title\":\"Network Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576) \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405) \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf) \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330) \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4) \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed) \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714) \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3) \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85) \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11) \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f) \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b) \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1) \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed) \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5) \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f) \\n[↪ NetBox](/netbox/) \\n[↪ Arkime](/arkime/) \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406) ● [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e) ● [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9) ● [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48) ● [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) ● [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3) ● [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673) ● [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24) ● [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105) ● [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6) ● [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37) ● [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586) ● [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0) ● [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c) ● [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970) ● [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0) ● [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26) ● [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa) ● [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773) ● [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f) ● [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab) ● [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238) ● [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3) ● [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd) ● [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d) ● [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88) ● [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2) ● [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194) ● [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad) ● [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3) ● [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4) ● [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194) ● [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7) ● [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8) ● [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4) ● [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194) ● [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194) ● [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4) ● [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}", + "uiStateJSON": "{}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}" + } + }, + "references": [], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "dc0b1b11-52da-4cc0-bddf-db127bd6cfee", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-12T14:14:37.087Z", + "version": "WzM3MSwxXQ==", + "attributes": { + "visState": "{\"title\":\"SSL - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"histogram\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\" \"}}],\"listeners\":{}}", + "description": "", + "title": "SSL - Log Count Over Time", + "uiStateJSON": "{}", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "type": "search", + "name": "search_0", + "id": "b945a684-0841-4e86-87aa-0f1af6fb6579" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "20fa1fd0-f204-499d-996f-e41e1ee3d40f", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-12T14:14:37.087Z", + "version": "WzM3MiwxXQ==", + "attributes": { + "title": "SSL - Version", + "visState": "{\"title\":\"SSL - Version\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"isDonut\":false,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"zeek.ssl.ssl_version: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek.ssl.ssl_version\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}", + "uiStateJSON": "{}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "b945a684-0841-4e86-87aa-0f1af6fb6579" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "df8bd09c-064c-45b3-8d54-9797ccb58d74", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-12T14:14:37.087Z", + "version": "WzM3MywxXQ==", + "attributes": { + "visState": "{\"title\":\"SSL - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", + "description": "", + "title": "SSL - Source IP Address", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "type": "search", + "name": "search_0", + "id": "b945a684-0841-4e86-87aa-0f1af6fb6579" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "f81fe18d-c2ff-4757-9de3-8b943a759169", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-12T14:14:37.087Z", + "version": "WzM3NCwxXQ==", + "attributes": { + "visState": "{\"title\":\"SSL - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}", + "description": "", + "title": "SSL - Destination Port", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "type": "search", + "name": "search_0", + "id": "b945a684-0841-4e86-87aa-0f1af6fb6579" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "b50ee1a8-d83d-46bf-9ba2-419d089d4797", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-12T14:14:37.087Z", + "version": "WzM3NSwxXQ==", + "attributes": { + "visState": "{\"title\":\"SSL - Destination Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", + "description": "", + "title": "SSL - Destination Address", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "type": "search", + "name": "search_0", + "id": "b945a684-0841-4e86-87aa-0f1af6fb6579" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "8486949c-3592-4831-9020-59bfd968ccfa", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-12T14:14:37.087Z", + "version": "WzM3NiwxXQ==", + "attributes": { + "title": "SSL - Server", + "visState": "{\"title\":\"SSL - Server\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Server\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Randomness Score (method 1)\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.ssl.server_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.freq_score_v1\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Randomness Score (method 1)\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.freq_score_v2\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Randomness Score (method 2)\"}}]}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "b945a684-0841-4e86-87aa-0f1af6fb6579" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "d7a673bc-4a11-423b-acd3-a446425551c1", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-12T14:14:37.087Z", + "version": "WzM3NywxXQ==", + "attributes": { + "title": "SSL - Destination Country", + "visState": "{\"title\":\"SSL - Destination Country\",\"type\":\"histogram\",\"params\":{\"addLegend\":false,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"destination.geo.country_name: Descending\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"drawLinesBetweenPoints\":true,\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Count\"},\"type\":\"value\"}],\"type\":\"histogram\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destination.geo.country_name\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}]}", + "uiStateJSON": "{}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "type": "search", + "name": "search_0", + "id": "b945a684-0841-4e86-87aa-0f1af6fb6579" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "f821c7fe-0dd3-4c3c-b5df-77b926f4007a", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-12T14:14:37.087Z", + "version": "WzM3OCwxXQ==", + "attributes": { + "visState": "{\"title\":\"SSL - Validation Status\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.ssl.validation_status\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Validation Status\"}}],\"listeners\":{}}", + "description": "", + "title": "SSL - Validation Status", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "type": "search", + "name": "search_0", + "id": "b945a684-0841-4e86-87aa-0f1af6fb6579" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "AWDHElRWxQT5EBNmq4lz", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-12T14:14:37.087Z", + "version": "WzM3OSwxXQ==", + "attributes": { + "title": "SSL - Log Count", + "visState": "{\"title\":\"SSL - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}", + "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "type": "search", + "name": "search_0", + "id": "b945a684-0841-4e86-87aa-0f1af6fb6579" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "371b06d0-72a1-11e9-b0f3-590266f42743", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-12T14:14:37.087Z", + "version": "WzM4MCwxXQ==", + "attributes": { + "title": "SSL - Client JA3 Lookup", + "visState": "{\"title\":\"SSL - Client JA3 Lookup\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"tls.client.ja3_description\",\"size\":500,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client JA3 Lookup\"}}]}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "type": "search", + "name": "search_0", + "id": "b945a684-0841-4e86-87aa-0f1af6fb6579" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "bdda87a0-72a0-11e9-b0f3-590266f42743", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-12T14:14:37.087Z", + "version": "WzM4MSwxXQ==", + "attributes": { + "title": "SSL - Server JA3 Lookup", + "visState": "{\"title\":\"SSL - Server JA3 Lookup\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"tls.server.ja3s_description\",\"size\":500,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server JA3 Lookup\"}}]}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "type": "search", + "name": "search_0", + "id": "b945a684-0841-4e86-87aa-0f1af6fb6579" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "fa696510-4e9b-11ea-b504-97aa449f6abc", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-12T14:14:37.087Z", + "version": "WzM4MiwxXQ==", + "attributes": { + "title": "SSL - Relevant Notices", + "visState": "{\"title\":\"SSL - Relevant Notices\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":4,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Notice Category\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Notice Subcategory\",\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"ip\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Source IP\",\"aggType\":\"terms\"},{\"accessor\":3,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"ip\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"1\"}},\"params\":{},\"label\":\"Destination IP\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.category\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Notice Category\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Notice Subcategory\"}}]}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"rule.category:(SSL OR CVE_2020_0601)\",\"language\":\"lucene\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "8f003748-a6f8-4244-9d4e-e38e4a48da4c" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "41325860-4dd6-11ea-8336-d3388483188b", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-12T14:14:37.087Z", + "version": "WzM4MywxXQ==", + "attributes": { + "title": "SSL - Connection Established", + "visState": "{\"title\":\"SSL - Connection Established\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"isDonut\":true,\"labels\":{\"show\":true,\"values\":false,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Established\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek.ssl.established\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Established\"}}]}", + "uiStateJSON": "{}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "b945a684-0841-4e86-87aa-0f1af6fb6579" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "5ae4ec90-2b6b-11ec-8a86-a38b1f4ba0f0", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-12T14:47:42.808Z", + "version": "Wzg0NSwxXQ==", + "attributes": { + "title": "SSL - Certificate Fingerprint", + "visState": "{\"title\":\"SSL - Certificate Fingerprint\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.x509.fingerprint\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":500,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Certificate Fingerprint\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "b945a684-0841-4e86-87aa-0f1af6fb6579" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "f13ba720-4dd6-11ea-8336-d3388483188b", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-12T14:14:37.087Z", + "version": "WzM4NCwxXQ==", + "attributes": { + "title": "SSL - Next Protocol", + "visState": "{\"title\":\"SSL - Next Protocol\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.ssl.next_protocol\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Next Protocol\"}}]}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "b945a684-0841-4e86-87aa-0f1af6fb6579" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "9c20d940-4dd6-11ea-8336-d3388483188b", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-12T14:14:37.087Z", + "version": "WzM4NSwxXQ==", + "attributes": { + "title": "SSL - Elliptic Curve", + "visState": "{\"title\":\"SSL - Elliptic Curve\",\"type\":\"horizontal_bar\",\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"square root\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"dimensions\":{\"x\":{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Elliptic Curve\",\"aggType\":\"terms\"},\"y\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek.ssl.curve\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Elliptic Curve\"}}]}", + "uiStateJSON": "{}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "b945a684-0841-4e86-87aa-0f1af6fb6579" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "b945a684-0841-4e86-87aa-0f1af6fb6579", + "type": "search", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-12T14:14:37.087Z", + "version": "WzM4NiwxXQ==", + "attributes": { + "title": "SSL - Logs", + "description": "", + "hits": 0, + "columns": [ + "source.ip", + "destination.ip", + "destination.port", + "zeek.ssl.server_name", + "zeek.ssl.established", + "zeek.ssl.validation_status", + "zeek.ssl.ssl_history", + "zeek.ssl.sni_matches_cert", + "event.id" + ], + "sort": [ + [ + "MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER", + "desc" + ] + ], + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"filter\":[],\"query\":{\"query\":{\"query_string\":{\"query\":\"event.dataset:ssl\",\"analyze_wildcard\":true}},\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" + } + }, + "references": [ + { + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern", + "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" + } + ], + "migrationVersion": { + "search": "7.9.3" + } + }, + { + "id": "8f003748-a6f8-4244-9d4e-e38e4a48da4c", + "type": "search", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-12T14:15:05.408Z", + "version": "WzcwMSwxXQ==", + "attributes": { + "title": "Notices - Logs", + "description": "", + "hits": 0, + "columns": [ + "rule.category", + "rule.name", + "zeek.notice.msg", + "source.ip", + "destination.ip", + "event.id" + ], + "sort": [ + [ + "MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER", + "desc" + ] + ], + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"event.provider:zeek AND event.dataset:notice\",\"default_field\":\"*\"}}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" + } + }, + "references": [ + { + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern", + "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" + } + ], + "migrationVersion": { + "search": "7.9.3" + } + } + ] } \ No newline at end of file diff --git a/dashboards/dashboards/82da3101-2a9c-4ae2-bb61-d447a3fbe673.json b/dashboards/dashboards/82da3101-2a9c-4ae2-bb61-d447a3fbe673.json index e70472725..07e08af3f 100644 --- a/dashboards/dashboards/82da3101-2a9c-4ae2-bb61-d447a3fbe673.json +++ b/dashboards/dashboards/82da3101-2a9c-4ae2-bb61-d447a3fbe673.json @@ -159,7 +159,7 @@ "updated_at": "2021-02-10T21:24:40.130Z", "version": "WzU2MiwxXQ==", "attributes": { - "visState": "{\"title\":\"Kerberos - Client\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.kerberos.cname\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Client\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"Kerberos - Client\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.kerberos.cname\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Client\"}}],\"listeners\":{}}", "description": "", "title": "Kerberos - Client", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -219,7 +219,7 @@ "updated_at": "2021-02-10T21:24:40.130Z", "version": "WzU2NCwxXQ==", "attributes": { - "visState": "{\"title\":\"Kerberos - Server\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.kerberos.sname\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Server\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"Kerberos - Server\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.kerberos.sname\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Server\"}}],\"listeners\":{}}", "description": "", "title": "Kerberos - Server", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -279,7 +279,7 @@ "updated_at": "2021-02-10T21:24:40.130Z", "version": "WzU2NiwxXQ==", "attributes": { - "visState": "{\"title\":\"Kerberos - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"Kerberos - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", "description": "", "title": "Kerberos - Source IP Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -309,7 +309,7 @@ "updated_at": "2021-02-10T21:24:40.130Z", "version": "WzU2NywxXQ==", "attributes": { - "visState": "{\"title\":\"Kerberos - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"Kerberos - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", "description": "", "title": "Kerberos - Destination IP Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -340,7 +340,7 @@ "version": "WzU2OCwxXQ==", "attributes": { "title": "Kerberos - Service", - "visState": "{\"title\":\"Kerberos - Service\",\"type\":\"table\",\"params\":{\"perPage\":15,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Service\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.kerberos.sname\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"}}]}", + "visState": "{\"title\":\"Kerberos - Service\",\"type\":\"table\",\"params\":{\"perPage\":15,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Service\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.kerberos.sname\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/870a5862-6c26-4a08-99fd-0c06cda85ba3.json b/dashboards/dashboards/870a5862-6c26-4a08-99fd-0c06cda85ba3.json index 7bd687638..f6dc287dc 100644 --- a/dashboards/dashboards/870a5862-6c26-4a08-99fd-0c06cda85ba3.json +++ b/dashboards/dashboards/870a5862-6c26-4a08-99fd-0c06cda85ba3.json @@ -125,7 +125,7 @@ "version": "WzU3NiwxXQ==", "attributes": { "title": "DNP3 - Source IP", - "visState": "{\"title\":\"DNP3 - Source IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"IP Address\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"}}]}", + "visState": "{\"title\":\"DNP3 - Source IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"IP Address\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "Source IP Addresses from dnp3.log", "version": 1, @@ -155,7 +155,7 @@ "version": "WzU3NywxXQ==", "attributes": { "title": "DNP3 - Destination IP", - "visState": "{\"title\":\"DNP3 - Destination IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Port\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"}}]}", + "visState": "{\"title\":\"DNP3 - Destination IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Port\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", "description": "Destination IP Addresses from dnp3.log", "version": 1, @@ -185,7 +185,7 @@ "version": "WzU3OCwxXQ==", "attributes": { "title": "DNP3 - Function Request", - "visState": "{\"title\":\"DNP3 - Function Request\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Request\"}}]}", + "visState": "{\"title\":\"DNP3 - Function Request\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Request\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "DNP3 function in request packet from dnp3.log", "version": 1, @@ -215,7 +215,7 @@ "version": "WzU3OSwxXQ==", "attributes": { "title": "DNP3 - Function Reply", - "visState": "{\"title\":\"DNP3 - Function Reply\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dnp3.fc_reply\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Reply\"}}]}", + "visState": "{\"title\":\"DNP3 - Function Reply\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dnp3.fc_reply\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Reply\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "DNP3 function in reply packet from dnp3.log", "version": 1, @@ -303,7 +303,7 @@ "version": "WzU4MiwxXQ==", "attributes": { "title": "DNP3 - Internal Indicators Overview", - "visState": "{\"title\":\"DNP3 - Internal Indicators Overview\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"isDonut\":true,\"labels\":{\"show\":true,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Internal Indicators\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek.dnp3.iin_flags\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Internal Indicators\"}}]}", + "visState": "{\"title\":\"DNP3 - Internal Indicators Overview\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"isDonut\":true,\"labels\":{\"show\":true,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Internal Indicators\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek.dnp3.iin_flags\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Internal Indicators\"}}]}", "uiStateJSON": "{}", "description": "DNP3 Internal Indicators from dnp3.iin in dnp3.log", "version": 1, @@ -333,7 +333,7 @@ "version": "WzU4MywxXQ==", "attributes": { "title": "DNP3 - Objects Overview", - "visState": "{\"title\":\"DNP3 - Objects Overview\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":3,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":4,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"IP Address\",\"aggType\":\"terms\"}]},\"row\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dnp3_objects.object_type\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Object Type\"}},{\"id\":\"8\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dnp3_objects.object_count\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Object Count\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dnp3_objects.range_low\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"-\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Range Start\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dnp3_objects.range_high\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"-\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Range End\"}},{\"id\":\"7\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"split\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"}}]}", + "visState": "{\"title\":\"DNP3 - Objects Overview\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":3,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":4,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"IP Address\",\"aggType\":\"terms\"}]},\"row\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dnp3_objects.object_type\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Object Type\"}},{\"id\":\"8\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dnp3_objects.object_count\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Object Count\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dnp3_objects.range_low\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"-\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Range Start\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dnp3_objects.range_high\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"-\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Range End\"}},{\"id\":\"7\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"split\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":null}}}}", "description": "Overview of DNP3 objects from READ-RESPONSE messages in dnp3_objects.log", "version": 1, @@ -363,7 +363,7 @@ "version": "WzU4NCwxXQ==", "attributes": { "title": "DNP3 - Control Overview", - "visState": "{\"title\":\"DNP3 - Control Overview\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":5,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Control Code\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dnp3_control.index_number\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Index Number\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Function\"}},{\"id\":\"7\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dnp3_control.block_type\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Block Type\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dnp3_control.operation_type\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Operation Type\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dnp3_control.trip_control_code\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Control Code\"}}]}", + "visState": "{\"title\":\"DNP3 - Control Overview\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":5,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Control Code\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dnp3_control.index_number\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Index Number\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Function\"}},{\"id\":\"7\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dnp3_control.block_type\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Block Type\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dnp3_control.operation_type\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Operation Type\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dnp3_control.trip_control_code\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Control Code\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":5,\"direction\":null}}}}", "description": "Overview of DNP3 control functions from dnp3_control.log", "version": 1, diff --git a/dashboards/dashboards/87a32f90-ef58-11e9-974e-9d600036d105.json b/dashboards/dashboards/87a32f90-ef58-11e9-974e-9d600036d105.json index a5b26b74f..6c84e6043 100644 --- a/dashboards/dashboards/87a32f90-ef58-11e9-974e-9d600036d105.json +++ b/dashboards/dashboards/87a32f90-ef58-11e9-974e-9d600036d105.json @@ -175,7 +175,7 @@ "version": "WzU5MiwxXQ==", "attributes": { "title": "MQTT - Source IP", - "visState": "{\"title\":\"MQTT - Source IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"}}]}", + "visState": "{\"title\":\"MQTT - Source IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"size\":200,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, @@ -205,7 +205,7 @@ "version": "WzU5MywxXQ==", "attributes": { "title": "MQTT - Destination IP", - "visState": "{\"title\":\"MQTT - Destination IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Port\"}}]}", + "visState": "{\"title\":\"MQTT - Destination IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"size\":200,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Port\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -265,7 +265,7 @@ "version": "WzU5NSwxXQ==", "attributes": { "title": "MQTT - Client ID", - "visState": "{\"title\":\"MQTT - Client ID\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.mqtt_connect.client_id\",,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Client ID\"}}]}", + "visState": "{\"title\":\"MQTT - Client ID\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"size\":200,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.mqtt_connect.client_id\",\"size\":200,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Client ID\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -295,7 +295,7 @@ "version": "WzU5NiwxXQ==", "attributes": { "title": "MQTT - Subscription", - "visState": "{\"title\":\"MQTT - Subscription\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.mqtt_subscribe.topics\",,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Topic\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.mqtt_subscribe.action\",,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Action\"}}]}", + "visState": "{\"title\":\"MQTT - Subscription\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.mqtt_subscribe.topics\",\"size\":200,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Topic\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.mqtt_subscribe.action\",\"size\":200,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Action\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, @@ -325,7 +325,7 @@ "version": "WzU5NywxXQ==", "attributes": { "title": "MQTT - Publish", - "visState": "{\"title\":\"MQTT - Publish\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.mqtt_publish.topic\",,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Topic\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.mqtt_publish.from_client\",,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"From Client\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.mqtt_publish.status\",,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Status\"}}]}", + "visState": "{\"title\":\"MQTT - Publish\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.mqtt_publish.topic\",\"size\":200,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Topic\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.mqtt_publish.from_client\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"From Client\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.mqtt_publish.status\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Status\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -355,7 +355,7 @@ "version": "WzU5OCwxXQ==", "attributes": { "title": "MQTT - Publish Payload", - "visState": "{\"title\":\"MQTT - Publish Payload\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":4,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.mqtt_publish.topic\",,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Topic\"}},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.mqtt_publish.from_client\",,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"From Client\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.mqtt_publish.payload_len\",,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Length\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.mqtt_publish.payload\",,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Payload\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.mqtt_publish.status\",,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Status\"}}]}", + "visState": "{\"title\":\"MQTT - Publish Payload\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":4,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.mqtt_publish.topic\",\"size\":200,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Topic\"}},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.mqtt_publish.from_client\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"From Client\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.mqtt_publish.payload_len\",\"size\":200,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Length\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.mqtt_publish.payload\",\"size\":200,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Payload\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.mqtt_publish.status\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Status\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":5,\"direction\":\"desc\"}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85.json b/dashboards/dashboards/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85.json index ea4b50c9a..92073bf69 100644 --- a/dashboards/dashboards/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85.json +++ b/dashboards/dashboards/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85.json @@ -144,7 +144,7 @@ "updated_at": "2021-02-10T21:24:43.189Z", "version": "WzYwNywxXQ==", "attributes": { - "visState": "{\"title\":\"Software - Summary\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek.software.software_type\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Type\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek.software.name\",\"otherBucket\":false,\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Name\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek.software.version_major\",\"otherBucket\":false,\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Major Version\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek.software.version_minor\",\"otherBucket\":false,\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Minor Version\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"Software - Summary\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek.software.software_type\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Type\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek.software.name\",\"otherBucket\":false,\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Name\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek.software.version_major\",\"otherBucket\":false,\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Major Version\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek.software.version_minor\",\"otherBucket\":false,\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Minor Version\"}}],\"listeners\":{}}", "description": "", "title": "Software - Summary", "uiStateJSON": "{}", diff --git a/dashboards/dashboards/89d1cc50-974c-11ed-bb6b-3fb06c879b11.json b/dashboards/dashboards/89d1cc50-974c-11ed-bb6b-3fb06c879b11.json index b2a11a35c..85dc96edb 100644 --- a/dashboards/dashboards/89d1cc50-974c-11ed-bb6b-3fb06c879b11.json +++ b/dashboards/dashboards/89d1cc50-974c-11ed-bb6b-3fb06c879b11.json @@ -155,7 +155,7 @@ "version": "WzUxMiwxXQ==", "attributes": { "title": "Log Source", - "visState": "{\"title\":\"Log Source\",\"type\":\"table\",\"aggs\":[{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"-\",\"customLabel\":\"Log Source\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"max\",\"params\":{\"field\":\"event.ingested\",\"customLabel\":\"Last Ingested\"},\"schema\":\"metric\"},{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"}],\"params\":{\"perPage\":5,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Log Source\",\"type\":\"table\",\"aggs\":[{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"-\",\"customLabel\":\"Log Source\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"max\",\"params\":{\"field\":\"event.ingested\",\"customLabel\":\"Last Ingested\"},\"schema\":\"metric\"},{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"}],\"params\":{\"perPage\":5,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -214,7 +214,7 @@ "version": "WzUxNCwxXQ==", "attributes": { "title": "Observed Device Types", - "visState": "{\"title\":\"Observed Device Types\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"related.manufacturer\",\"orderBy\":\"_key\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Manufacturer\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"related.device_type\",\"orderBy\":\"_key\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Device Type\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":15,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Observed Device Types\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"related.manufacturer\",\"orderBy\":\"_key\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Manufacturer\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"related.device_type\",\"orderBy\":\"_key\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Device Type\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":15,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":0,\"direction\":\"asc\"}}}}", "description": "", "version": 1, @@ -244,7 +244,7 @@ "version": "WzkzOSwxXQ==", "attributes": { "title": "Observed Devices", - "visState": "{\"title\":\"Observed Devices\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"\"},\"schema\":\"metric\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"related.site\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Site\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.name\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Network Segment\"},\"schema\":\"bucket\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"related.device_name\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Device\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"related.ip\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":15,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Observed Devices\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"\"},\"schema\":\"metric\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"related.site\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Site\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Network Segment\"},\"schema\":\"bucket\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"related.device_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Device\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"related.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":15,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":4,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -304,7 +304,7 @@ "version": "WzUxNywxXQ==", "attributes": { "title": "Observed Software", - "visState": "{\"title\":\"Observed Software\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.software.software_type\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Category\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.software.name\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Name\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"related.device_name\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Device\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"related.role\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Device Role\"},\"schema\":\"bucket\"},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.name\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Network Segment\"},\"schema\":\"bucket\"},{\"id\":\"7\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"related.site\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Site\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Observed Software\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.software.software_type\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Category\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.software.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Name\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"related.device_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Device\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"related.role\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Device Role\"},\"schema\":\"bucket\"},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Network Segment\"},\"schema\":\"bucket\"},{\"id\":\"7\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"related.site\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Site\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":0,\"direction\":\"asc\"}}}}", "description": "", "version": 1, @@ -334,7 +334,7 @@ "version": "WzUxOCwxXQ==", "attributes": { "title": "Uninventoried Observed Services", - "visState": "{\"title\":\"Uninventoried Observed Services\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.type\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Family\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.transport\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Transport\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Protocol\"},\"schema\":\"bucket\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"related.device_name\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Device\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"related.ip\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP\"},\"schema\":\"bucket\"},{\"id\":\"7\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Port\"},\"schema\":\"bucket\"},{\"id\":\"8\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.name\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Network Segment\"},\"schema\":\"bucket\"},{\"id\":\"9\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"related.site\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Site\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":15,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Uninventoried Observed Services\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.type\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Family\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.transport\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Transport\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Protocol\"},\"schema\":\"bucket\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"related.device_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Device\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"related.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP\"},\"schema\":\"bucket\"},{\"id\":\"7\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Port\"},\"schema\":\"bucket\"},{\"id\":\"8\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Network Segment\"},\"schema\":\"bucket\"},{\"id\":\"9\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"related.site\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Site\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":15,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":5,\"direction\":\"asc\"}}}}", "description": "", "version": 1, @@ -364,7 +364,7 @@ "version": "WzUxOSwxXQ==", "attributes": { "title": "Uninventoried Observed Hosts", - "visState": "{\"title\":\"Uninventoried Observed Hosts\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"related.ip\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":15,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Uninventoried Observed Hosts\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"related.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":15,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":0,\"direction\":null}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/92985909-dc29-4533-9e80-d3182a0ecf1d.json b/dashboards/dashboards/92985909-dc29-4533-9e80-d3182a0ecf1d.json index 22d7a1e64..71e242be5 100644 --- a/dashboards/dashboards/92985909-dc29-4533-9e80-d3182a0ecf1d.json +++ b/dashboards/dashboards/92985909-dc29-4533-9e80-d3182a0ecf1d.json @@ -139,7 +139,7 @@ "updated_at": "2021-02-10T21:24:44.215Z", "version": "WzYxMiwxXQ==", "attributes": { - "visState": "{\"title\":\"Syslog - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"Syslog - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", "description": "", "title": "Syslog - Source IP Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -169,7 +169,7 @@ "updated_at": "2021-02-10T21:24:44.215Z", "version": "WzYxMywxXQ==", "attributes": { - "visState": "{\"title\":\"Syslog - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"Syslog - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", "description": "", "title": "Syslog - Destination IP Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -200,7 +200,7 @@ "version": "WzYxNCwxXQ==", "attributes": { "title": "Syslog - Destination Port", - "visState": "{\"title\":\"Syslog - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Port\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Port\"}}]}", + "visState": "{\"title\":\"Syslog - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Port\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Port\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/95479950-41f2-11ea-88fa-7151df485405.json b/dashboards/dashboards/95479950-41f2-11ea-88fa-7151df485405.json index d6cdb0ff5..5d977f3c8 100644 --- a/dashboards/dashboards/95479950-41f2-11ea-88fa-7151df485405.json +++ b/dashboards/dashboards/95479950-41f2-11ea-88fa-7151df485405.json @@ -154,7 +154,7 @@ "version": "WzU1OSwxXQ==", "attributes": { "title": "Notice, Alert and Signature - Summary", - "visState": "{\"title\":\"Notice, Alert, and Signature - Summary\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.provider\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Provider\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.dataset\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Dataset\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"rule.category\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Category\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"rule.name\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Name\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":20,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Notice, Alert, and Signature - Summary\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.provider\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Provider\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.dataset\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Dataset\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"rule.category\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Category\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"rule.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Name\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":20,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":4,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -184,7 +184,7 @@ "version": "WzU2MCwxXQ==", "attributes": { "title": "Outdated/Insecure Application Protocols", - "visState": "{\"title\":\"Outdated/Insecure Application Protocols\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":0,\"direction\":\"asc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Application Protocol\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"network.protocol_version\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Protocol Version\"}}]}", + "visState": "{\"title\":\"Outdated/Insecure Application Protocols\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":0,\"direction\":\"asc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Application Protocol\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"network.protocol_version\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Protocol Version\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":0,\"direction\":\"asc\"}}}}", "description": "", "version": 1, @@ -213,7 +213,7 @@ "version": "WzU2MSwxXQ==", "attributes": { "title": "Vulnerabilities", - "visState": "{\"title\":\"Vulnerabilities\",\"type\":\"table\",\"aggs\":[{\"id\":\"5\",\"enabled\":true,\"type\":\"max\",\"params\":{\"field\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER\",\"customLabel\":\"Last Seen\"},\"schema\":\"metric\"},{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.provider\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Data Source\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.dataset\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Log Type\"},\"schema\":\"bucket\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"vulnerability.id\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Vulnerability ID\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Vulnerabilities\",\"type\":\"table\",\"aggs\":[{\"id\":\"5\",\"enabled\":true,\"type\":\"max\",\"params\":{\"field\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER\",\"customLabel\":\"Last Seen\"},\"schema\":\"metric\"},{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.provider\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Data Source\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.dataset\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Log Type\"},\"schema\":\"bucket\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"vulnerability.id\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Vulnerability ID\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -243,7 +243,7 @@ "version": "WzU2MiwxXQ==", "attributes": { "title": "Clear-text Transmission of Passwords ", - "visState": "{\"title\":\"Clear-text Transmission of Passwords \",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Application Protocol\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"related.user\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Username\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Unknown\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}}}", + "visState": "{\"title\":\"Clear-text Transmission of Passwords \",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Application Protocol\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"related.user\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":500,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Username\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Unknown\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -302,7 +302,7 @@ "version": "WzU2NCwxXQ==", "attributes": { "title": "Outbound Internal Traffic by Country", - "visState": "{\"title\":\"Outbound Internal Traffic by Country\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Unknown\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.geo.country_name\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Responding Country\"}}]}", + "visState": "{\"title\":\"Outbound Internal Traffic by Country\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Unknown\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.geo.country_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Responding Country\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -331,7 +331,7 @@ "version": "WzU2NSwxXQ==", "attributes": { "title": "Inbound External Traffic by Country", - "visState": "{\"title\":\"Inbound External Traffic by Country\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Unknown\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.geo.country_name\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Originating Country\"}}]}", + "visState": "{\"title\":\"Inbound External Traffic by Country\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Unknown\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.geo.country_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Originating Country\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -389,7 +389,7 @@ "version": "WzU2NywxXQ==", "attributes": { "title": "DNS Queries by Randomness", - "visState": "{\"title\":\"DNS Queries by Randomness\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"dns.host\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"DNS Query\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.freq_score_v1\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Randomness Score (method 1)\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.freq_score_v2\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Randomness Score (method 2)\"},\"schema\":\"bucket\"}],\"params\":{\"dimensions\":{\"buckets\":[{\"accessor\":0,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\"}},\"params\":{}},{\"accessor\":1,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\"}},\"params\":{}}],\"metrics\":[{\"accessor\":2,\"aggType\":\"count\",\"format\":{\"id\":\"number\"},\"params\":{}}]},\"perPage\":20,\"percentageCol\":\"\",\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":1,\"direction\":\"asc\"},\"totalFunc\":\"sum\"}}", + "visState": "{\"title\":\"DNS Queries by Randomness\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"dns.host\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":500,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"DNS Query\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.freq_score_v1\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Randomness Score (method 1)\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.freq_score_v2\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Randomness Score (method 2)\"},\"schema\":\"bucket\"}],\"params\":{\"dimensions\":{\"buckets\":[{\"accessor\":0,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\"}},\"params\":{}},{\"accessor\":1,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\"}},\"params\":{}}],\"metrics\":[{\"accessor\":2,\"aggType\":\"count\",\"format\":{\"id\":\"number\"},\"params\":{}}]},\"perPage\":20,\"percentageCol\":\"\",\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":1,\"direction\":\"asc\"},\"totalFunc\":\"sum\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/9ee51f94-3316-4fc5-bd89-93a52af69714.json b/dashboards/dashboards/9ee51f94-3316-4fc5-bd89-93a52af69714.json index a60feedd3..153af4d2f 100644 --- a/dashboards/dashboards/9ee51f94-3316-4fc5-bd89-93a52af69714.json +++ b/dashboards/dashboards/9ee51f94-3316-4fc5-bd89-93a52af69714.json @@ -145,7 +145,7 @@ "version": "WzU3NywxXQ==", "attributes": { "title": "Files - Files By Size (Bytes)", - "visState": "{\"title\":\"Files - Files By Size (Bytes)\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.files.seen_bytes\",\"orderBy\":\"_key\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Bytes Seen\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":20,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Files - Files By Size (Bytes)\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.files.seen_bytes\",\"orderBy\":\"_key\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Bytes Seen\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":20,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, @@ -174,7 +174,7 @@ "updated_at": "2024-02-05T17:21:00.991Z", "version": "WzU3OCwxXQ==", "attributes": { - "visState": "{\"title\":\"FIles - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"FIles - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", "description": "", "title": "FIles - Destination IP Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -204,7 +204,7 @@ "updated_at": "2024-02-05T17:21:00.991Z", "version": "WzU3OSwxXQ==", "attributes": { - "visState": "{\"title\":\"FIles - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"File IP Address\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"FIles - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"File IP Address\"}}],\"listeners\":{}}", "description": "", "title": "FIles - Source IP Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -318,7 +318,7 @@ "version": "WzU4MiwxXQ==", "attributes": { "title": "Files - MIME Type", - "visState": "{\"title\":\"Files - MIME Type\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"file.mime_type\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Mime Type\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Files - MIME Type\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"file.mime_type\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":500,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Mime Type\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -347,7 +347,7 @@ "version": "WzU4MywxXQ==", "attributes": { "title": "Files - Paths", - "visState": "{\"title\":\"Files - Paths\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.dataset\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Log Type\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Protocol\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"file.path\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Path\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":20,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Files - Paths\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.dataset\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Log Type\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Protocol\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"file.path\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":1000,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Path\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":20,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/a16110b0-3f99-11e9-a58e-8bdedb0915e8.json b/dashboards/dashboards/a16110b0-3f99-11e9-a58e-8bdedb0915e8.json index bf10da16d..76a377638 100644 --- a/dashboards/dashboards/a16110b0-3f99-11e9-a58e-8bdedb0915e8.json +++ b/dashboards/dashboards/a16110b0-3f99-11e9-a58e-8bdedb0915e8.json @@ -80,7 +80,7 @@ "version": "WzY0OSwxXQ==", "attributes": { "title": "Connections - Destination - Sum of Total Bytes (region map)", - "visState": "{\"title\":\"Connections - Destination - Sum of Total Bytes (region map)\",\"type\":\"region_map\",\"params\":{\"addTooltip\":true,\"colorSchema\":\"Green to Red\",\"emsHotLink\":null,\"isDisplayWarning\":false,\"legendPosition\":\"bottomright\",\"mapCenter\":[0,0],\"mapZoom\":2,\"outlineWeight\":1,\"selectedJoinField\":{\"description\":\"Country Code\",\"name\":\"ISO_A2\"},\"selectedLayer\":{\"attribution\":\"https://exploratory.io/maps\",\"fields\":[{\"description\":\"Country Code\",\"name\":\"ISO_A2\"},{\"description\":\"Country Code2\",\"name\":\"WB_A2\"},{\"description\":\"Country Name\",\"name\":\"NAME\"}],\"format\":{\"type\":\"geojson\"},\"isEMS\":false,\"layerId\":\"self_hosted.World (offline)\",\"meta\":{\"feature_collection_path\":\"data\"},\"name\":\"World (offline)\",\"url\":\"/world.geojson\"},\"showAllShapes\":true,\"wms\":{\"enabled\":false,\"options\":{\"format\":\"image/png\",\"transparent\":true},\"selectedTmsLayer\":{\"origin\":\"elastic_maps_service\",\"id\":\"road_map\",\"minZoom\":0,\"maxZoom\":10,\"attribution\":\"OpenStreetMap contributors | OpenMapTiles | MapTiler | Elastic Maps Service\"}},\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\",\"params\":{}},\"params\":{},\"label\":\"Total Bytes\",\"aggType\":\"sum\"},\"bucket\":{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Responder Country\",\"aggType\":\"terms\"}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Total Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destination.geo.country_iso_code\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Responder Country\"}}]}", + "visState": "{\"title\":\"Connections - Destination - Sum of Total Bytes (region map)\",\"type\":\"region_map\",\"params\":{\"addTooltip\":true,\"colorSchema\":\"Green to Red\",\"emsHotLink\":null,\"isDisplayWarning\":false,\"legendPosition\":\"bottomright\",\"mapCenter\":[0,0],\"mapZoom\":2,\"outlineWeight\":1,\"selectedJoinField\":{\"description\":\"Country Code\",\"name\":\"ISO_A2\"},\"selectedLayer\":{\"attribution\":\"https://exploratory.io/maps\",\"fields\":[{\"description\":\"Country Code\",\"name\":\"ISO_A2\"},{\"description\":\"Country Code2\",\"name\":\"WB_A2\"},{\"description\":\"Country Name\",\"name\":\"NAME\"}],\"format\":{\"type\":\"geojson\"},\"isEMS\":false,\"layerId\":\"self_hosted.World (offline)\",\"meta\":{\"feature_collection_path\":\"data\"},\"name\":\"World (offline)\",\"url\":\"/world.geojson\"},\"showAllShapes\":true,\"wms\":{\"enabled\":false,\"options\":{\"format\":\"image/png\",\"transparent\":true},\"selectedTmsLayer\":{\"origin\":\"elastic_maps_service\",\"id\":\"road_map\",\"minZoom\":0,\"maxZoom\":10,\"attribution\":\"OpenStreetMap contributors | OpenMapTiles | MapTiler | Elastic Maps Service\"}},\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\",\"params\":{}},\"params\":{},\"label\":\"Total Bytes\",\"aggType\":\"sum\"},\"bucket\":{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Responder Country\",\"aggType\":\"terms\"}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Total Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destination.geo.country_iso_code\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Responder Country\"}}]}", "uiStateJSON": "{\"mapCenter\":[38.14774734584061,16.699218750000004],\"mapZoom\":3}", "description": "", "version": 1, diff --git a/dashboards/dashboards/a33e0a50-afcd-11ea-993f-b7d8522a8bed.json b/dashboards/dashboards/a33e0a50-afcd-11ea-993f-b7d8522a8bed.json index 8d27bb011..223281735 100644 --- a/dashboards/dashboards/a33e0a50-afcd-11ea-993f-b7d8522a8bed.json +++ b/dashboards/dashboards/a33e0a50-afcd-11ea-993f-b7d8522a8bed.json @@ -239,7 +239,7 @@ "version": "WzU5NywxXQ==", "attributes": { "title": "Actions", - "visState": "{\"title\":\"Actions\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Unknown\"}},\"params\":{},\"label\":\"Protocol\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Action\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Protocol\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Action\"}}]}", + "visState": "{\"title\":\"Actions\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Unknown\"}},\"params\":{},\"label\":\"Protocol\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Action\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Protocol\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Action\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -268,7 +268,7 @@ "version": "WzU5OCwxXQ==", "attributes": { "title": "Results", - "visState": "{\"title\":\"Results\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Unknown\"}},\"params\":{},\"label\":\"Protocol\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Result\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Protocol\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.result\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Result\"}}]}", + "visState": "{\"title\":\"Results\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Unknown\"}},\"params\":{},\"label\":\"Protocol\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Result\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Protocol\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.result\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Result\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/a7514350-eba6-11e9-a384-0fcf32210194.json b/dashboards/dashboards/a7514350-eba6-11e9-a384-0fcf32210194.json index f69b21f57..84f06730c 100644 --- a/dashboards/dashboards/a7514350-eba6-11e9-a384-0fcf32210194.json +++ b/dashboards/dashboards/a7514350-eba6-11e9-a384-0fcf32210194.json @@ -178,7 +178,7 @@ "version": "Wzk5MSwxXQ==", "attributes": { "title": "PROFINET - Source IP", - "visState": "{\"title\":\"PROFINET - Source IP\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.port\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source Port\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":20,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"PROFINET - Source IP\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source Port\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":20,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -208,7 +208,7 @@ "version": "Wzk5MiwxXQ==", "attributes": { "title": "PROFINET - Destination IP", - "visState": "{\"title\":\"PROFINET - Destination IP\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Port\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":20,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"PROFINET - Destination IP\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Port\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":20,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -238,7 +238,7 @@ "version": "WzYxMCwxXQ==", "attributes": { "title": "PROFINET - Operation", - "visState": "{\"title\":\"PROFINET - Operation\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":4,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.profinet.operation_type\",,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Operation\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.profinet.index\",,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Index\"}}]}", + "visState": "{\"title\":\"PROFINET - Operation\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":4,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.profinet.operation_type\",\"size\":250,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Operation\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.profinet.index\",\"size\":30,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Index\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -268,7 +268,7 @@ "version": "WzYxMSwxXQ==", "attributes": { "title": "PROFINET - Operation Details", - "visState": "{\"title\":\"PROFINET - Operation Details\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":4,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.profinet.operation_type\",,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Operation\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.profinet.index\",,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Index\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.profinet.slot_number\",,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Slot\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.profinet.subslot_number\",,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Subslot\"}}]}", + "visState": "{\"title\":\"PROFINET - Operation Details\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":4,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.profinet.operation_type\",\"size\":250,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Operation\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.profinet.index\",\"size\":30,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Index\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.profinet.slot_number\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Slot\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.profinet.subslot_number\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Subslot\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":4,\"direction\":\"desc\"}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/abdd7550-2c7c-40dc-947e-f6d186a158c4.json b/dashboards/dashboards/abdd7550-2c7c-40dc-947e-f6d186a158c4.json index 42fe54aa7..9566a0aa8 100644 --- a/dashboards/dashboards/abdd7550-2c7c-40dc-947e-f6d186a158c4.json +++ b/dashboards/dashboards/abdd7550-2c7c-40dc-947e-f6d186a158c4.json @@ -1,941 +1,941 @@ -{ - "version": "1.3.1", - "objects": [ - { - "id": "abdd7550-2c7c-40dc-947e-f6d186a158c4", - "type": "dashboard", - "namespaces": [ - "default" - ], - "updated_at": "2022-04-29T20:10:44.437Z", - "version": "WzEzMjMsMV0=", - "attributes": { - "title": "Connections", - "hits": 0, - "description": "", - "panelsJSON": "[{\"embeddableConfig\":{},\"gridData\":{\"h\":24,\"i\":\"2\",\"w\":8,\"x\":0,\"y\":0},\"panelIndex\":\"2\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"gridData\":{\"h\":8,\"i\":\"3\",\"w\":32,\"x\":16,\"y\":0},\"panelIndex\":\"3\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":22,\"i\":\"5\",\"w\":48,\"x\":0,\"y\":61},\"panelIndex\":\"5\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"h\":21,\"i\":\"8\",\"w\":16,\"x\":0,\"y\":131},\"panelIndex\":\"8\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"h\":21,\"i\":\"9\",\"w\":16,\"x\":16,\"y\":131},\"panelIndex\":\"9\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"h\":20,\"i\":\"11\",\"w\":16,\"x\":0,\"y\":192},\"panelIndex\":\"11\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"h\":20,\"i\":\"12\",\"w\":16,\"x\":16,\"y\":192},\"panelIndex\":\"12\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"h\":20,\"i\":\"13\",\"w\":16,\"x\":32,\"y\":192},\"panelIndex\":\"13\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"h\":25,\"i\":\"19\",\"w\":25,\"x\":23,\"y\":106},\"panelIndex\":\"19\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_8\"},{\"embeddableConfig\":{\"legendOpen\":false,\"vis\":{\"legendOpen\":true}},\"gridData\":{\"h\":29,\"i\":\"21\",\"w\":19,\"x\":29,\"y\":8},\"panelIndex\":\"21\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_9\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":23,\"i\":\"22\",\"w\":17,\"x\":16,\"y\":83},\"panelIndex\":\"22\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_10\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":23,\"i\":\"23\",\"w\":15,\"x\":33,\"y\":83},\"panelIndex\":\"23\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_11\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":23,\"i\":\"24\",\"w\":16,\"x\":0,\"y\":83},\"panelIndex\":\"24\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_12\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":13,\"i\":\"26\",\"w\":8,\"x\":0,\"y\":24},\"panelIndex\":\"26\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_13\"},{\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"gridData\":{\"h\":8,\"i\":\"29\",\"w\":8,\"x\":8,\"y\":0},\"panelIndex\":\"29\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_14\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":25,\"i\":\"30\",\"w\":23,\"x\":0,\"y\":106},\"panelIndex\":\"30\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_15\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":21,\"i\":\"31\",\"w\":16,\"x\":32,\"y\":131},\"panelIndex\":\"31\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_16\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"32\",\"w\":24,\"x\":0,\"y\":172},\"panelIndex\":\"32\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_17\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"33\",\"w\":24,\"x\":24,\"y\":172},\"panelIndex\":\"33\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_18\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"34\",\"w\":24,\"x\":0,\"y\":152},\"panelIndex\":\"34\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_19\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"35\",\"w\":24,\"x\":24,\"y\":152},\"panelIndex\":\"35\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_20\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":24,\"i\":\"36\",\"w\":24,\"x\":0,\"y\":37},\"panelIndex\":\"36\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_21\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":24,\"i\":\"37\",\"w\":24,\"x\":24,\"y\":37},\"panelIndex\":\"37\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_22\"},{\"embeddableConfig\":{\"legendOpen\":true,\"vis\":{\"legendOpen\":false}},\"gridData\":{\"h\":29,\"i\":\"38\",\"w\":12,\"x\":17,\"y\":8},\"panelIndex\":\"38\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_23\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":29,\"i\":\"cbba4b14-342c-4e8e-9afd-f4da9e4b8f00\",\"w\":9,\"x\":8,\"y\":8},\"panelIndex\":\"cbba4b14-342c-4e8e-9afd-f4da9e4b8f00\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_24\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":37,\"i\":\"82da0128-4dcd-4f8b-9275-aad74435296f\",\"w\":48,\"x\":0,\"y\":212},\"panelIndex\":\"82da0128-4dcd-4f8b-9275-aad74435296f\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_25\"}]", - "optionsJSON": "{\"useMargins\":true}", - "version": 1, - "timeRestore": false, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"*\"},\"filter\":[]}" - } - }, - "references": [ - { - "name": "panel_0", - "type": "visualization", - "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3" - }, - { - "name": "panel_1", - "type": "visualization", - "id": "03eba854-72b5-47d0-a92a-b671a0d7ed19" - }, - { - "name": "panel_2", - "type": "visualization", - "id": "52013c7c-c554-450e-9198-dbafdc050459" - }, - { - "name": "panel_3", - "type": "visualization", - "id": "13f8cfbf-7b48-414b-8b34-9fc40d4fc066" - }, - { - "name": "panel_4", - "type": "visualization", - "id": "4ab657d5-88d3-44c0-90fd-4e731e528d60" - }, - { - "name": "panel_5", - "type": "visualization", - "id": "d25f4abc-24af-405e-a6f6-873277fe5771" - }, - { - "name": "panel_6", - "type": "visualization", - "id": "0eb7d869-bd51-4711-8ac3-f3cea41dee37" - }, - { - "name": "panel_7", - "type": "visualization", - "id": "fccf0fdd-7e50-4dce-8b85-74141c404ef3" - }, - { - "name": "panel_8", - "type": "visualization", - "id": "bda3ad0a-aa00-40b6-b0ed-a42b96f3343e" - }, - { - "name": "panel_9", - "type": "visualization", - "id": "73528008-f11d-4faa-8f69-a5bf23507b8f" - }, - { - "name": "panel_10", - "type": "visualization", - "id": "faa08629-0011-4b38-8b74-3ba86b59155f" - }, - { - "name": "panel_11", - "type": "visualization", - "id": "0418f791-97b5-4eb4-b644-bf91c98f9c1d" - }, - { - "name": "panel_12", - "type": "visualization", - "id": "a76bc3ed-bbf7-429a-a936-475e9f9e0c0d" - }, - { - "name": "panel_13", - "type": "visualization", - "id": "4dd65202-bd19-40d6-9e0d-ff41c6d5a4b5" - }, - { - "name": "panel_14", - "type": "visualization", - "id": "AWDG71xFxQT5EBNmq336" - }, - { - "name": "panel_15", - "type": "visualization", - "id": "f7ddb5a7-32d5-4e10-b9d5-01ac0bd694c0" - }, - { - "name": "panel_16", - "type": "visualization", - "id": "568c74ff-3ef3-45ba-a178-0520633697bd" - }, - { - "name": "panel_17", - "type": "visualization", - "id": "73df67e0-1f4b-11e9-b7cf-71e2cd3bde1b" - }, - { - "name": "panel_18", - "type": "visualization", - "id": "b1851d10-1f4b-11e9-b7cf-71e2cd3bde1b" - }, - { - "name": "panel_19", - "type": "visualization", - "id": "cf9a1cf0-1f4c-11e9-b7cf-71e2cd3bde1b" - }, - { - "name": "panel_20", - "type": "visualization", - "id": "b9e4dcb0-1f4c-11e9-b7cf-71e2cd3bde1b" - }, - { - "name": "panel_21", - "type": "visualization", - "id": "c513e8f0-1f4d-11e9-b7cf-71e2cd3bde1b" - }, - { - "name": "panel_22", - "type": "visualization", - "id": "b04c8b20-1f4d-11e9-b7cf-71e2cd3bde1b" - }, - { - "name": "panel_23", - "type": "visualization", - "id": "ede811b0-1f4e-11e9-b7cf-71e2cd3bde1b" - }, - { - "name": "panel_24", - "type": "visualization", - "id": "adc09360-49c7-11ea-812f-2bc51df4ea1e" - }, - { - "name": "panel_25", - "type": "search", - "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" - } - ], - "migrationVersion": { - "dashboard": "7.9.3" - } - }, - { - "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-04-29T19:57:16.086Z", - "version": "Wzc4NiwxXQ==", - "attributes": { - "title": "Network Logs", - "visState": "{\"title\":\"Network Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576) \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405) \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf) \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330) \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4) \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed) \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714) \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3) \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85) \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11) \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f) \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b) \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1) \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed) \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5) \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f) \\n[↪ NetBox](/netbox/) \\n[↪ Arkime](/arkime/) \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406) ● [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e) ● [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9) ● [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48) ● [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) ● [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3) ● [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673) ● [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24) ● [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105) ● [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6) ● [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37) ● [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586) ● [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0) ● [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c) ● [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970) ● [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0) ● [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26) ● [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa) ● [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773) ● [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f) ● [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab) ● [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238) ● [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3) ● [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd) ● [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d) ● [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88) ● [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2) ● [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194) ● [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad) ● [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3) ● [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4) ● [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194) ● [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7) ● [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8) ● [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4) ● [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194) ● [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194) ● [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4) ● [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}", - "uiStateJSON": "{}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}" - } - }, - "references": [], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "03eba854-72b5-47d0-a92a-b671a0d7ed19", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-04-29T20:10:39.465Z", - "version": "WzEzMDIsMV0=", - "attributes": { - "title": "Connections - Log Count Over Time", - "visState": "{\"title\":\"Connections - Log Count Over Time\",\"type\":\"line\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"params\":{\"field\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER\",\"timeRange\":{\"from\":\"now-25y\",\"to\":\"now\"},\"useNormalizedOpenSearchInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\" \"},\"schema\":\"segment\"}],\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"histogram\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"type\":\"histogram\",\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}", - "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "52013c7c-c554-450e-9198-dbafdc050459", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-04-29T19:56:53.664Z", - "version": "WzU0MiwxXQ==", - "attributes": { - "title": "Connections - Service By Destination Country", - "visState": "{\"title\":\"Connections - Service By Destination Country\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"row\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"split\",\"params\":{\"field\":\"destination.geo.country_name\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Country\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"network.protocol\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Service\"}}]}", - "uiStateJSON": "{}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "type": "search", - "name": "search_0", - "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "13f8cfbf-7b48-414b-8b34-9fc40d4fc066", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-04-29T19:56:53.664Z", - "version": "WzU0MywxXQ==", - "attributes": { - "visState": "{\"title\":\"Connections - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", - "description": "", - "title": "Connections - Source IP Address", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "type": "search", - "name": "search_0", - "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "4ab657d5-88d3-44c0-90fd-4e731e528d60", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-04-29T19:56:53.664Z", - "version": "WzU0NCwxXQ==", - "attributes": { - "visState": "{\"title\":\"Connections - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", - "description": "", - "title": "Connections - Destination IP Address", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "type": "search", - "name": "search_0", - "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "d25f4abc-24af-405e-a6f6-873277fe5771", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-04-29T19:56:53.664Z", - "version": "WzU0NSwxXQ==", - "attributes": { - "visState": "{\"title\":\"Connections - Source Country\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.geo.country_code2\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Country\"}}],\"listeners\":{}}", - "description": "", - "title": "Connections - Source Country", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "type": "search", - "name": "search_0", - "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "0eb7d869-bd51-4711-8ac3-f3cea41dee37", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-04-29T19:56:53.664Z", - "version": "WzU0NiwxXQ==", - "attributes": { - "visState": "{\"title\":\"Connections - Responder Bytes\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"server.bytes\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"_term\",\"customLabel\":\"Responder Bytes\"}}],\"listeners\":{}}", - "description": "", - "title": "Connections - Responder Bytes", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "type": "search", - "name": "search_0", - "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "fccf0fdd-7e50-4dce-8b85-74141c404ef3", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-04-29T19:56:53.664Z", - "version": "WzU0NywxXQ==", - "attributes": { - "visState": "{\"title\":\"Connections - Missed Bytes\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.conn.missed_bytes\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"_term\",\"customLabel\":\"Missed Bytes\"}}],\"listeners\":{}}", - "description": "", - "title": "Connections - Missed Bytes", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "type": "search", - "name": "search_0", - "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "bda3ad0a-aa00-40b6-b0ed-a42b96f3343e", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-04-29T19:56:53.664Z", - "version": "WzU0OCwxXQ==", - "attributes": { - "title": "Connections - Connection State", - "visState": "{\"title\":\"Connections - Connection State\",\"type\":\"table\",\"params\":{\"perPage\":15,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Connection State Description\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.conn.conn_state_description\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Connection State Description\"}}]}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "73528008-f11d-4faa-8f69-a5bf23507b8f", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-04-29T19:56:53.664Z", - "version": "WzU0OSwxXQ==", - "attributes": { - "title": "Connections - Top 10 - Total Bytes By Connection", - "visState": "{\"title\":\"Connections - Top 10 - Total Bytes By Connection\",\"type\":\"histogram\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":false,\"truncate\":100,\"rotate\":75},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Connection ID\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"orderBucketsBySum\":false,\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Total Bytes\"},\"drawLinesBetweenPoints\":true,\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"square root\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Total Bytes\"},\"type\":\"value\"}],\"type\":\"histogram\",\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"dimensions\":{\"x\":{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Connection ID\",\"aggType\":\"terms\"},\"y\":[{\"accessor\":2,\"format\":{\"id\":\"number\",\"params\":{}},\"params\":{},\"label\":\"Total Bytes\",\"aggType\":\"max\"}],\"series\":[{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Connection ID\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Total Bytes\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"event.id\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Connection ID\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"event.id\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Connection ID\"}}]}", - "uiStateJSON": "{\"vis\":{\"legendOpen\":true}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "faa08629-0011-4b38-8b74-3ba86b59155f", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-04-29T19:56:53.664Z", - "version": "WzU1MCwxXQ==", - "attributes": { - "title": "Connections - Top 10 - Total Bytes By Destination IP", - "visState": "{\"title\":\"Connections - Top 10 - Total Bytes By Destination IP\",\"type\":\"histogram\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100,\"rotate\":75},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Destination IP Address\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"orderBucketsBySum\":false,\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Total Bytes\"},\"drawLinesBetweenPoints\":true,\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"square root\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Total Bytes\"},\"type\":\"value\"}],\"type\":\"histogram\",\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"dimensions\":{\"x\":{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"ip\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Destination IP Address\",\"aggType\":\"terms\"},\"y\":[{\"accessor\":2,\"format\":{\"id\":\"number\",\"params\":{}},\"params\":{},\"label\":\"Total Bytes\",\"aggType\":\"max\"}],\"series\":[{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"ip\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Destination IP Address\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Total Bytes\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP Address\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP Address\"}}]}", - "uiStateJSON": "{}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "0418f791-97b5-4eb4-b644-bf91c98f9c1d", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-04-29T19:56:53.664Z", - "version": "WzU1MSwxXQ==", - "attributes": { - "title": "Connections - Top 10 - Total Bytes By Destination Port", - "visState": "{\"title\":\"Connections - Top 10 - Total Bytes By Destination Port\",\"type\":\"histogram\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100,\"rotate\":0},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Destination Port\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"orderBucketsBySum\":false,\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Max network.bytes\"},\"drawLinesBetweenPoints\":true,\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"square root\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Total Bytes\"},\"type\":\"value\"}],\"type\":\"histogram\",\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"dimensions\":{\"x\":{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Destination Port\",\"aggType\":\"terms\"},\"y\":[{\"accessor\":2,\"format\":{\"id\":\"number\",\"params\":{}},\"params\":{},\"label\":\"Max network.bytes\",\"aggType\":\"max\"}],\"series\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Destination Port\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"network.bytes\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Port\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Port\"}}]}", - "uiStateJSON": "{}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "a76bc3ed-bbf7-429a-a936-475e9f9e0c0d", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-04-29T19:56:53.664Z", - "version": "WzU1MiwxXQ==", - "attributes": { - "title": "Connections - Top 10 - Total Bytes By Source IP", - "visState": "{\"title\":\"Connections - Top 10 - Total Bytes By Source IP\",\"type\":\"histogram\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100,\"rotate\":75},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Source IP Address\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"left\",\"orderBucketsBySum\":false,\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Total Bytes\"},\"drawLinesBetweenPoints\":true,\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"square root\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Total Bytes\"},\"type\":\"value\"}],\"type\":\"histogram\",\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"dimensions\":{\"x\":{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"ip\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Source IP Address\",\"aggType\":\"terms\"},\"y\":[{\"accessor\":2,\"format\":{\"id\":\"number\",\"params\":{}},\"params\":{},\"label\":\"Total Bytes\",\"aggType\":\"max\"}],\"series\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"ip\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Source IP Address\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Total Bytes\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP Address\"}},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP Address\"}}]}", - "uiStateJSON": "{}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "4dd65202-bd19-40d6-9e0d-ff41c6d5a4b5", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-04-29T19:57:13.041Z", - "version": "Wzc2MCwxXQ==", - "attributes": { - "title": "Connections - Maps", - "visState": "{\"title\":\"Connections - Maps\",\"type\":\"markdown\",\"params\":{\"fontSize\":10,\"markdown\":\"#### Coordinate Maps\\n[Source - Originator Bytes](#/dashboard/b50c8d17-6ed3-4de6-aed4-5181032810b2) ● [Destination - Responder Bytes](#/dashboard/d4fd6afd-15cb-42bf-8a25-03dd8e59b327) ● [Source - Sum of Total Bytes](#/dashboard/f394057d-1b16-4174-b994-7045f423a416) ● [Destination - Sum of Total Bytes](#/dashboard/60d78fbd-471c-4f59-a9e3-189b33a13644) ● [Source - Top Connection Duration](#/dashboard/e09a4b86-29b5-4256-bb3b-802ac9f90404) ● [Destination - Top Connection Duration](#/dashboard/0aed0e23-c8ac-4f2b-9f68-d04b6e7666b0) \\n#### Region Maps\\n[Source - Originator Bytes ](#/dashboard/d41fe630-3f98-11e9-a58e-8bdedb0915e8) ● [Destination - Responder Bytes ](#/dashboard/77fc9960-3f99-11e9-a58e-8bdedb0915e8) ● [Source - Sum of Total Bytes ](#/dashboard/1ce42250-3f99-11e9-a58e-8bdedb0915e8) ● [Destination - Sum of Total Bytes ](#/dashboard/a16110b0-3f99-11e9-a58e-8bdedb0915e8) ● [Source - Top Connection Duration ](#/dashboard/39abfe30-3f99-11e9-a58e-8bdedb0915e8) ● [Destination - Top Connection Duration ](#/dashboard/b9f247c0-3f99-11e9-a58e-8bdedb0915e8)\",\"openLinksInNewTab\":false},\"aggs\":[]}", - "uiStateJSON": "{}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}" - } - }, - "references": [], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "AWDG71xFxQT5EBNmq336", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-04-29T19:56:53.664Z", - "version": "WzU1NCwxXQ==", - "attributes": { - "title": "Connections - Log Count", - "visState": "{\"title\":\"Connections - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}", - "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "type": "search", - "name": "search_0", - "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "f7ddb5a7-32d5-4e10-b9d5-01ac0bd694c0", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-04-29T19:56:53.664Z", - "version": "WzU1NSwxXQ==", - "attributes": { - "title": "Connections - Total Bytes Per Source/Destination IP Pair", - "visState": "{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"4\",\"params\":{\"customLabel\":\"Total Bytes\",\"field\":\"network.bytes\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"_key\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"customLabel\":\"Source IP\",\"field\":\"source.ip\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderAgg\":{\"enabled\":true,\"id\":\"2-orderAgg\",\"params\":{\"field\":\"network.bytes\"},\"schema\":{\"aggFilter\":[\"!top_hits\",\"!percentiles\",\"!median\",\"!std_dev\",\"!derivative\",\"!moving_avg\",\"!serial_diff\",\"!cumulative_sum\",\"!avg_bucket\",\"!max_bucket\",\"!min_bucket\",\"!sum_bucket\"],\"deprecate\":false,\"editor\":false,\"group\":\"none\",\"hideCustomLabel\":true,\"max\":null,\"min\":0,\"name\":\"orderAgg\",\"params\":[],\"title\":\"Order Agg\"},\"type\":\"cardinality\"},\"orderBy\":\"custom\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"customLabel\":\"Destination IP\",\"field\":\"destination.ip\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderAgg\":{\"enabled\":true,\"id\":\"3-orderAgg\",\"params\":{\"field\":\"network.bytes\"},\"schema\":{\"aggFilter\":[\"!top_hits\",\"!percentiles\",\"!median\",\"!std_dev\",\"!derivative\",\"!moving_avg\",\"!serial_diff\",\"!cumulative_sum\",\"!avg_bucket\",\"!max_bucket\",\"!min_bucket\",\"!sum_bucket\"],\"deprecate\":false,\"editor\":false,\"group\":\"none\",\"hideCustomLabel\":true,\"max\":null,\"min\":0,\"name\":\"orderAgg\",\"params\":[],\"title\":\"Order Agg\"},\"type\":\"cardinality\"},\"orderBy\":\"custom\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",},\"schema\":\"bucket\",\"type\":\"terms\"}],\"params\":{\"perPage\":15,\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\"},\"title\":\"Connections - Total Bytes Per Source/Destination IP Pair\",\"type\":\"table\"}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "type": "search", - "name": "search_0", - "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "568c74ff-3ef3-45ba-a178-0520633697bd", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-04-29T19:56:53.664Z", - "version": "WzU1NiwxXQ==", - "attributes": { - "title": "Connections - Destination Port", - "visState": "{\"title\":\"Connections - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination Port\"}}]}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "type": "search", - "name": "search_0", - "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "73df67e0-1f4b-11e9-b7cf-71e2cd3bde1b", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-04-29T19:56:53.664Z", - "version": "WzU1NywxXQ==", - "attributes": { - "title": "Connections - Source MAC OUI", - "visState": "{\"title\":\"Connections - Source MAC OUI\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.oui\",,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source MAC OUI\"}}]}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "type": "search", - "name": "search_0", - "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "b1851d10-1f4b-11e9-b7cf-71e2cd3bde1b", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-04-29T19:56:53.664Z", - "version": "WzU1OCwxXQ==", - "attributes": { - "title": "Connections - Destination MAC OUI", - "visState": "{\"title\":\"Connections - Destination MAC OUI\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.oui\",,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination MAC OUI\"}}]}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "type": "search", - "name": "search_0", - "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "cf9a1cf0-1f4c-11e9-b7cf-71e2cd3bde1b", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-04-29T19:56:53.664Z", - "version": "WzU1OSwxXQ==", - "attributes": { - "title": "Connections - Source MAC Address", - "visState": "{\"title\":\"Connections - Source MAC Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.mac\",,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"MAC Address\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.oui\",,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Organizational Unique Identifier\"}}]}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "type": "search", - "name": "search_0", - "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "b9e4dcb0-1f4c-11e9-b7cf-71e2cd3bde1b", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-04-29T19:56:53.664Z", - "version": "WzU2MCwxXQ==", - "attributes": { - "title": "Connections - Destination MAC Address", - "visState": "{\"title\":\"Connections - Destination MAC Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.mac\",,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"MAC Address\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.oui\",,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Organizational Unique Identifier\"}}]}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "type": "search", - "name": "search_0", - "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "c513e8f0-1f4d-11e9-b7cf-71e2cd3bde1b", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-04-29T19:56:53.664Z", - "version": "WzU2MSwxXQ==", - "attributes": { - "title": "Connections - Top 10 - Total Bytes By Source MAC OUI", - "visState": "{\"title\":\"Connections - Top 10 - Total Bytes By Source MAC OUI\",\"type\":\"histogram\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":false,\"truncate\":100,\"rotate\":75},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Destination IP Address\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"orderBucketsBySum\":false,\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Total Bytes\"},\"drawLinesBetweenPoints\":true,\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"square root\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Total Bytes\"},\"type\":\"value\"}],\"type\":\"histogram\",\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"dimensions\":{\"x\":{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Source MAC OUI\",\"aggType\":\"terms\"},\"y\":[{\"accessor\":2,\"format\":{\"id\":\"number\",\"params\":{}},\"params\":{},\"label\":\"Total Bytes\",\"aggType\":\"max\"}],\"series\":[{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Source MAC OUI\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Total Bytes\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"source.oui\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source MAC OUI\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"source.oui\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source MAC OUI\"}}]}", - "uiStateJSON": "{}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "b04c8b20-1f4d-11e9-b7cf-71e2cd3bde1b", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-04-29T19:56:53.664Z", - "version": "WzU2MiwxXQ==", - "attributes": { - "title": "Connections - Top 10 - Total Bytes By Destination MAC OUI", - "visState": "{\"title\":\"Connections - Top 10 - Total Bytes By Destination MAC OUI\",\"type\":\"histogram\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":false,\"truncate\":100,\"rotate\":75},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Destination IP Address\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"orderBucketsBySum\":false,\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Total Bytes\"},\"drawLinesBetweenPoints\":true,\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"square root\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Total Bytes\"},\"type\":\"value\"}],\"type\":\"histogram\",\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"dimensions\":{\"x\":{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Destination MAC OUI\",\"aggType\":\"terms\"},\"y\":[{\"accessor\":2,\"format\":{\"id\":\"number\",\"params\":{}},\"params\":{},\"label\":\"Total Bytes\",\"aggType\":\"max\"}],\"series\":[{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Destination MAC OUI\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Total Bytes\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destination.oui\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination MAC OUI\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"destination.oui\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination MAC OUI\"}}]}", - "uiStateJSON": "{}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "ede811b0-1f4e-11e9-b7cf-71e2cd3bde1b", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-04-29T19:56:53.664Z", - "version": "WzU2MywxXQ==", - "attributes": { - "title": "Connections - Protocol", - "visState": "{\"title\":\"Connections - Protocol\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"isDonut\":false,\"labels\":{\"show\":true,\"values\":false,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Protocol\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"network.transport\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Protocol\"}}]}", - "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "adc09360-49c7-11ea-812f-2bc51df4ea1e", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-04-29T19:56:53.664Z", - "version": "WzU2NCwxXQ==", - "attributes": { - "title": "Network Layer", - "visState": "{\"title\":\"Network Layer\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"isDonut\":true,\"labels\":{\"show\":true,\"values\":false,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Network Layer\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"network.type\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Network Layer\"}}]}", - "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "52570870-e9d4-444f-a3df-e44c6757ed9f", - "type": "search", - "namespaces": [ - "default" - ], - "updated_at": "2022-04-29T19:57:13.041Z", - "version": "Wzc2MSwxXQ==", - "attributes": { - "title": "Connections - Logs", - "description": "", - "hits": 0, - "columns": [ - "network.transport", - "network.protocol", - "source.ip", - "source.port", - "destination.ip", - "destination.port", - "network.bytes", - "event.id" - ], - "sort": [ - [ - "MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER", - "desc" - ] - ], - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"filter\":[],\"query\":{\"query\":{\"query_string\":{\"query\":\"(event.provider:zeek AND event.dataset:conn) OR (event.provider:suricata AND event.dataset:flow)\",\"analyze_wildcard\":true}},\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" - } - }, - "references": [ - { - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern", - "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" - } - ], - "migrationVersion": { - "search": "7.9.3" - } - } - ] +{ + "version": "1.3.1", + "objects": [ + { + "id": "abdd7550-2c7c-40dc-947e-f6d186a158c4", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-04-29T20:10:44.437Z", + "version": "WzEzMjMsMV0=", + "attributes": { + "title": "Connections", + "hits": 0, + "description": "", + "panelsJSON": "[{\"embeddableConfig\":{},\"gridData\":{\"h\":24,\"i\":\"2\",\"w\":8,\"x\":0,\"y\":0},\"panelIndex\":\"2\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"gridData\":{\"h\":8,\"i\":\"3\",\"w\":32,\"x\":16,\"y\":0},\"panelIndex\":\"3\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":22,\"i\":\"5\",\"w\":48,\"x\":0,\"y\":61},\"panelIndex\":\"5\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"h\":21,\"i\":\"8\",\"w\":16,\"x\":0,\"y\":131},\"panelIndex\":\"8\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"h\":21,\"i\":\"9\",\"w\":16,\"x\":16,\"y\":131},\"panelIndex\":\"9\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"h\":20,\"i\":\"11\",\"w\":16,\"x\":0,\"y\":192},\"panelIndex\":\"11\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"h\":20,\"i\":\"12\",\"w\":16,\"x\":16,\"y\":192},\"panelIndex\":\"12\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"h\":20,\"i\":\"13\",\"w\":16,\"x\":32,\"y\":192},\"panelIndex\":\"13\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"h\":25,\"i\":\"19\",\"w\":25,\"x\":23,\"y\":106},\"panelIndex\":\"19\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_8\"},{\"embeddableConfig\":{\"legendOpen\":false,\"vis\":{\"legendOpen\":true}},\"gridData\":{\"h\":29,\"i\":\"21\",\"w\":19,\"x\":29,\"y\":8},\"panelIndex\":\"21\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_9\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":23,\"i\":\"22\",\"w\":17,\"x\":16,\"y\":83},\"panelIndex\":\"22\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_10\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":23,\"i\":\"23\",\"w\":15,\"x\":33,\"y\":83},\"panelIndex\":\"23\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_11\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":23,\"i\":\"24\",\"w\":16,\"x\":0,\"y\":83},\"panelIndex\":\"24\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_12\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":13,\"i\":\"26\",\"w\":8,\"x\":0,\"y\":24},\"panelIndex\":\"26\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_13\"},{\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"gridData\":{\"h\":8,\"i\":\"29\",\"w\":8,\"x\":8,\"y\":0},\"panelIndex\":\"29\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_14\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":25,\"i\":\"30\",\"w\":23,\"x\":0,\"y\":106},\"panelIndex\":\"30\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_15\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":21,\"i\":\"31\",\"w\":16,\"x\":32,\"y\":131},\"panelIndex\":\"31\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_16\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"32\",\"w\":24,\"x\":0,\"y\":172},\"panelIndex\":\"32\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_17\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"33\",\"w\":24,\"x\":24,\"y\":172},\"panelIndex\":\"33\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_18\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"34\",\"w\":24,\"x\":0,\"y\":152},\"panelIndex\":\"34\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_19\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"35\",\"w\":24,\"x\":24,\"y\":152},\"panelIndex\":\"35\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_20\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":24,\"i\":\"36\",\"w\":24,\"x\":0,\"y\":37},\"panelIndex\":\"36\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_21\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":24,\"i\":\"37\",\"w\":24,\"x\":24,\"y\":37},\"panelIndex\":\"37\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_22\"},{\"embeddableConfig\":{\"legendOpen\":true,\"vis\":{\"legendOpen\":false}},\"gridData\":{\"h\":29,\"i\":\"38\",\"w\":12,\"x\":17,\"y\":8},\"panelIndex\":\"38\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_23\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":29,\"i\":\"cbba4b14-342c-4e8e-9afd-f4da9e4b8f00\",\"w\":9,\"x\":8,\"y\":8},\"panelIndex\":\"cbba4b14-342c-4e8e-9afd-f4da9e4b8f00\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_24\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":37,\"i\":\"82da0128-4dcd-4f8b-9275-aad74435296f\",\"w\":48,\"x\":0,\"y\":212},\"panelIndex\":\"82da0128-4dcd-4f8b-9275-aad74435296f\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_25\"}]", + "optionsJSON": "{\"useMargins\":true}", + "version": 1, + "timeRestore": false, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"*\"},\"filter\":[]}" + } + }, + "references": [ + { + "name": "panel_0", + "type": "visualization", + "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3" + }, + { + "name": "panel_1", + "type": "visualization", + "id": "03eba854-72b5-47d0-a92a-b671a0d7ed19" + }, + { + "name": "panel_2", + "type": "visualization", + "id": "52013c7c-c554-450e-9198-dbafdc050459" + }, + { + "name": "panel_3", + "type": "visualization", + "id": "13f8cfbf-7b48-414b-8b34-9fc40d4fc066" + }, + { + "name": "panel_4", + "type": "visualization", + "id": "4ab657d5-88d3-44c0-90fd-4e731e528d60" + }, + { + "name": "panel_5", + "type": "visualization", + "id": "d25f4abc-24af-405e-a6f6-873277fe5771" + }, + { + "name": "panel_6", + "type": "visualization", + "id": "0eb7d869-bd51-4711-8ac3-f3cea41dee37" + }, + { + "name": "panel_7", + "type": "visualization", + "id": "fccf0fdd-7e50-4dce-8b85-74141c404ef3" + }, + { + "name": "panel_8", + "type": "visualization", + "id": "bda3ad0a-aa00-40b6-b0ed-a42b96f3343e" + }, + { + "name": "panel_9", + "type": "visualization", + "id": "73528008-f11d-4faa-8f69-a5bf23507b8f" + }, + { + "name": "panel_10", + "type": "visualization", + "id": "faa08629-0011-4b38-8b74-3ba86b59155f" + }, + { + "name": "panel_11", + "type": "visualization", + "id": "0418f791-97b5-4eb4-b644-bf91c98f9c1d" + }, + { + "name": "panel_12", + "type": "visualization", + "id": "a76bc3ed-bbf7-429a-a936-475e9f9e0c0d" + }, + { + "name": "panel_13", + "type": "visualization", + "id": "4dd65202-bd19-40d6-9e0d-ff41c6d5a4b5" + }, + { + "name": "panel_14", + "type": "visualization", + "id": "AWDG71xFxQT5EBNmq336" + }, + { + "name": "panel_15", + "type": "visualization", + "id": "f7ddb5a7-32d5-4e10-b9d5-01ac0bd694c0" + }, + { + "name": "panel_16", + "type": "visualization", + "id": "568c74ff-3ef3-45ba-a178-0520633697bd" + }, + { + "name": "panel_17", + "type": "visualization", + "id": "73df67e0-1f4b-11e9-b7cf-71e2cd3bde1b" + }, + { + "name": "panel_18", + "type": "visualization", + "id": "b1851d10-1f4b-11e9-b7cf-71e2cd3bde1b" + }, + { + "name": "panel_19", + "type": "visualization", + "id": "cf9a1cf0-1f4c-11e9-b7cf-71e2cd3bde1b" + }, + { + "name": "panel_20", + "type": "visualization", + "id": "b9e4dcb0-1f4c-11e9-b7cf-71e2cd3bde1b" + }, + { + "name": "panel_21", + "type": "visualization", + "id": "c513e8f0-1f4d-11e9-b7cf-71e2cd3bde1b" + }, + { + "name": "panel_22", + "type": "visualization", + "id": "b04c8b20-1f4d-11e9-b7cf-71e2cd3bde1b" + }, + { + "name": "panel_23", + "type": "visualization", + "id": "ede811b0-1f4e-11e9-b7cf-71e2cd3bde1b" + }, + { + "name": "panel_24", + "type": "visualization", + "id": "adc09360-49c7-11ea-812f-2bc51df4ea1e" + }, + { + "name": "panel_25", + "type": "search", + "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" + } + ], + "migrationVersion": { + "dashboard": "7.9.3" + } + }, + { + "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-04-29T19:57:16.086Z", + "version": "Wzc4NiwxXQ==", + "attributes": { + "title": "Network Logs", + "visState": "{\"title\":\"Network Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576) \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405) \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf) \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330) \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4) \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed) \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714) \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3) \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85) \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11) \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f) \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b) \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1) \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed) \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5) \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f) \\n[↪ NetBox](/netbox/) \\n[↪ Arkime](/arkime/) \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406) ● [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e) ● [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9) ● [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48) ● [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) ● [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3) ● [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673) ● [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24) ● [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105) ● [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6) ● [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37) ● [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586) ● [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0) ● [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c) ● [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970) ● [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0) ● [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26) ● [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa) ● [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773) ● [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f) ● [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab) ● [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238) ● [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3) ● [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd) ● [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d) ● [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88) ● [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2) ● [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194) ● [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad) ● [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3) ● [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4) ● [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194) ● [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7) ● [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8) ● [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4) ● [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194) ● [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194) ● [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4) ● [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}", + "uiStateJSON": "{}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}" + } + }, + "references": [], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "03eba854-72b5-47d0-a92a-b671a0d7ed19", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-04-29T20:10:39.465Z", + "version": "WzEzMDIsMV0=", + "attributes": { + "title": "Connections - Log Count Over Time", + "visState": "{\"title\":\"Connections - Log Count Over Time\",\"type\":\"line\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"params\":{\"field\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER\",\"timeRange\":{\"from\":\"now-25y\",\"to\":\"now\"},\"useNormalizedOpenSearchInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\" \"},\"schema\":\"segment\"}],\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"histogram\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"type\":\"histogram\",\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}", + "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "52013c7c-c554-450e-9198-dbafdc050459", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-04-29T19:56:53.664Z", + "version": "WzU0MiwxXQ==", + "attributes": { + "title": "Connections - Service By Destination Country", + "visState": "{\"title\":\"Connections - Service By Destination Country\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"row\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"split\",\"params\":{\"field\":\"destination.geo.country_name\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Country\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"network.protocol\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Service\"}}]}", + "uiStateJSON": "{}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "type": "search", + "name": "search_0", + "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "13f8cfbf-7b48-414b-8b34-9fc40d4fc066", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-04-29T19:56:53.664Z", + "version": "WzU0MywxXQ==", + "attributes": { + "visState": "{\"title\":\"Connections - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", + "description": "", + "title": "Connections - Source IP Address", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "type": "search", + "name": "search_0", + "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "4ab657d5-88d3-44c0-90fd-4e731e528d60", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-04-29T19:56:53.664Z", + "version": "WzU0NCwxXQ==", + "attributes": { + "visState": "{\"title\":\"Connections - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", + "description": "", + "title": "Connections - Destination IP Address", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "type": "search", + "name": "search_0", + "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "d25f4abc-24af-405e-a6f6-873277fe5771", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-04-29T19:56:53.664Z", + "version": "WzU0NSwxXQ==", + "attributes": { + "visState": "{\"title\":\"Connections - Source Country\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.geo.country_code2\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Country\"}}],\"listeners\":{}}", + "description": "", + "title": "Connections - Source Country", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "type": "search", + "name": "search_0", + "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "0eb7d869-bd51-4711-8ac3-f3cea41dee37", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-04-29T19:56:53.664Z", + "version": "WzU0NiwxXQ==", + "attributes": { + "visState": "{\"title\":\"Connections - Responder Bytes\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"server.bytes\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"_term\",\"customLabel\":\"Responder Bytes\"}}],\"listeners\":{}}", + "description": "", + "title": "Connections - Responder Bytes", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "type": "search", + "name": "search_0", + "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "fccf0fdd-7e50-4dce-8b85-74141c404ef3", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-04-29T19:56:53.664Z", + "version": "WzU0NywxXQ==", + "attributes": { + "visState": "{\"title\":\"Connections - Missed Bytes\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.conn.missed_bytes\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"_term\",\"customLabel\":\"Missed Bytes\"}}],\"listeners\":{}}", + "description": "", + "title": "Connections - Missed Bytes", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "type": "search", + "name": "search_0", + "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "bda3ad0a-aa00-40b6-b0ed-a42b96f3343e", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-04-29T19:56:53.664Z", + "version": "WzU0OCwxXQ==", + "attributes": { + "title": "Connections - Connection State", + "visState": "{\"title\":\"Connections - Connection State\",\"type\":\"table\",\"params\":{\"perPage\":15,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Connection State Description\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.conn.conn_state_description\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Connection State Description\"}}]}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "73528008-f11d-4faa-8f69-a5bf23507b8f", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-04-29T19:56:53.664Z", + "version": "WzU0OSwxXQ==", + "attributes": { + "title": "Connections - Top 10 - Total Bytes By Connection", + "visState": "{\"title\":\"Connections - Top 10 - Total Bytes By Connection\",\"type\":\"histogram\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":false,\"truncate\":100,\"rotate\":75},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Connection ID\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"orderBucketsBySum\":false,\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Total Bytes\"},\"drawLinesBetweenPoints\":true,\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"square root\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Total Bytes\"},\"type\":\"value\"}],\"type\":\"histogram\",\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"dimensions\":{\"x\":{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Connection ID\",\"aggType\":\"terms\"},\"y\":[{\"accessor\":2,\"format\":{\"id\":\"number\",\"params\":{}},\"params\":{},\"label\":\"Total Bytes\",\"aggType\":\"max\"}],\"series\":[{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Connection ID\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Total Bytes\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"event.id\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Connection ID\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"event.id\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Connection ID\"}}]}", + "uiStateJSON": "{\"vis\":{\"legendOpen\":true}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "faa08629-0011-4b38-8b74-3ba86b59155f", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-04-29T19:56:53.664Z", + "version": "WzU1MCwxXQ==", + "attributes": { + "title": "Connections - Top 10 - Total Bytes By Destination IP", + "visState": "{\"title\":\"Connections - Top 10 - Total Bytes By Destination IP\",\"type\":\"histogram\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100,\"rotate\":75},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Destination IP Address\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"orderBucketsBySum\":false,\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Total Bytes\"},\"drawLinesBetweenPoints\":true,\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"square root\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Total Bytes\"},\"type\":\"value\"}],\"type\":\"histogram\",\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"dimensions\":{\"x\":{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"ip\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Destination IP Address\",\"aggType\":\"terms\"},\"y\":[{\"accessor\":2,\"format\":{\"id\":\"number\",\"params\":{}},\"params\":{},\"label\":\"Total Bytes\",\"aggType\":\"max\"}],\"series\":[{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"ip\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Destination IP Address\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Total Bytes\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP Address\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP Address\"}}]}", + "uiStateJSON": "{}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "0418f791-97b5-4eb4-b644-bf91c98f9c1d", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-04-29T19:56:53.664Z", + "version": "WzU1MSwxXQ==", + "attributes": { + "title": "Connections - Top 10 - Total Bytes By Destination Port", + "visState": "{\"title\":\"Connections - Top 10 - Total Bytes By Destination Port\",\"type\":\"histogram\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100,\"rotate\":0},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Destination Port\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"orderBucketsBySum\":false,\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Max network.bytes\"},\"drawLinesBetweenPoints\":true,\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"square root\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Total Bytes\"},\"type\":\"value\"}],\"type\":\"histogram\",\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"dimensions\":{\"x\":{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Destination Port\",\"aggType\":\"terms\"},\"y\":[{\"accessor\":2,\"format\":{\"id\":\"number\",\"params\":{}},\"params\":{},\"label\":\"Max network.bytes\",\"aggType\":\"max\"}],\"series\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Destination Port\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"network.bytes\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Port\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Port\"}}]}", + "uiStateJSON": "{}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "a76bc3ed-bbf7-429a-a936-475e9f9e0c0d", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-04-29T19:56:53.664Z", + "version": "WzU1MiwxXQ==", + "attributes": { + "title": "Connections - Top 10 - Total Bytes By Source IP", + "visState": "{\"title\":\"Connections - Top 10 - Total Bytes By Source IP\",\"type\":\"histogram\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100,\"rotate\":75},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Source IP Address\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"left\",\"orderBucketsBySum\":false,\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Total Bytes\"},\"drawLinesBetweenPoints\":true,\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"square root\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Total Bytes\"},\"type\":\"value\"}],\"type\":\"histogram\",\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"dimensions\":{\"x\":{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"ip\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Source IP Address\",\"aggType\":\"terms\"},\"y\":[{\"accessor\":2,\"format\":{\"id\":\"number\",\"params\":{}},\"params\":{},\"label\":\"Total Bytes\",\"aggType\":\"max\"}],\"series\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"ip\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Source IP Address\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Total Bytes\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP Address\"}},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP Address\"}}]}", + "uiStateJSON": "{}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "4dd65202-bd19-40d6-9e0d-ff41c6d5a4b5", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-04-29T19:57:13.041Z", + "version": "Wzc2MCwxXQ==", + "attributes": { + "title": "Connections - Maps", + "visState": "{\"title\":\"Connections - Maps\",\"type\":\"markdown\",\"params\":{\"fontSize\":10,\"markdown\":\"#### Coordinate Maps\\n[Source - Originator Bytes](#/dashboard/b50c8d17-6ed3-4de6-aed4-5181032810b2) ● [Destination - Responder Bytes](#/dashboard/d4fd6afd-15cb-42bf-8a25-03dd8e59b327) ● [Source - Sum of Total Bytes](#/dashboard/f394057d-1b16-4174-b994-7045f423a416) ● [Destination - Sum of Total Bytes](#/dashboard/60d78fbd-471c-4f59-a9e3-189b33a13644) ● [Source - Top Connection Duration](#/dashboard/e09a4b86-29b5-4256-bb3b-802ac9f90404) ● [Destination - Top Connection Duration](#/dashboard/0aed0e23-c8ac-4f2b-9f68-d04b6e7666b0) \\n#### Region Maps\\n[Source - Originator Bytes ](#/dashboard/d41fe630-3f98-11e9-a58e-8bdedb0915e8) ● [Destination - Responder Bytes ](#/dashboard/77fc9960-3f99-11e9-a58e-8bdedb0915e8) ● [Source - Sum of Total Bytes ](#/dashboard/1ce42250-3f99-11e9-a58e-8bdedb0915e8) ● [Destination - Sum of Total Bytes ](#/dashboard/a16110b0-3f99-11e9-a58e-8bdedb0915e8) ● [Source - Top Connection Duration ](#/dashboard/39abfe30-3f99-11e9-a58e-8bdedb0915e8) ● [Destination - Top Connection Duration ](#/dashboard/b9f247c0-3f99-11e9-a58e-8bdedb0915e8)\",\"openLinksInNewTab\":false},\"aggs\":[]}", + "uiStateJSON": "{}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}" + } + }, + "references": [], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "AWDG71xFxQT5EBNmq336", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-04-29T19:56:53.664Z", + "version": "WzU1NCwxXQ==", + "attributes": { + "title": "Connections - Log Count", + "visState": "{\"title\":\"Connections - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}", + "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "type": "search", + "name": "search_0", + "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "f7ddb5a7-32d5-4e10-b9d5-01ac0bd694c0", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-04-29T19:56:53.664Z", + "version": "WzU1NSwxXQ==", + "attributes": { + "title": "Connections - Total Bytes Per Source/Destination IP Pair", + "visState": "{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"4\",\"params\":{\"customLabel\":\"Total Bytes\",\"field\":\"network.bytes\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"_key\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":100},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"customLabel\":\"Source IP\",\"field\":\"source.ip\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderAgg\":{\"enabled\":true,\"id\":\"2-orderAgg\",\"params\":{\"field\":\"network.bytes\"},\"schema\":{\"aggFilter\":[\"!top_hits\",\"!percentiles\",\"!median\",\"!std_dev\",\"!derivative\",\"!moving_avg\",\"!serial_diff\",\"!cumulative_sum\",\"!avg_bucket\",\"!max_bucket\",\"!min_bucket\",\"!sum_bucket\"],\"deprecate\":false,\"editor\":false,\"group\":\"none\",\"hideCustomLabel\":true,\"max\":null,\"min\":0,\"name\":\"orderAgg\",\"params\":[],\"title\":\"Order Agg\"},\"type\":\"cardinality\"},\"orderBy\":\"custom\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":100},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"customLabel\":\"Destination IP\",\"field\":\"destination.ip\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderAgg\":{\"enabled\":true,\"id\":\"3-orderAgg\",\"params\":{\"field\":\"network.bytes\"},\"schema\":{\"aggFilter\":[\"!top_hits\",\"!percentiles\",\"!median\",\"!std_dev\",\"!derivative\",\"!moving_avg\",\"!serial_diff\",\"!cumulative_sum\",\"!avg_bucket\",\"!max_bucket\",\"!min_bucket\",\"!sum_bucket\"],\"deprecate\":false,\"editor\":false,\"group\":\"none\",\"hideCustomLabel\":true,\"max\":null,\"min\":0,\"name\":\"orderAgg\",\"params\":[],\"title\":\"Order Agg\"},\"type\":\"cardinality\"},\"orderBy\":\"custom\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":100},\"schema\":\"bucket\",\"type\":\"terms\"}],\"params\":{\"perPage\":15,\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\"},\"title\":\"Connections - Total Bytes Per Source/Destination IP Pair\",\"type\":\"table\"}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "type": "search", + "name": "search_0", + "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "568c74ff-3ef3-45ba-a178-0520633697bd", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-04-29T19:56:53.664Z", + "version": "WzU1NiwxXQ==", + "attributes": { + "title": "Connections - Destination Port", + "visState": "{\"title\":\"Connections - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination Port\"}}]}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "type": "search", + "name": "search_0", + "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "73df67e0-1f4b-11e9-b7cf-71e2cd3bde1b", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-04-29T19:56:53.664Z", + "version": "WzU1NywxXQ==", + "attributes": { + "title": "Connections - Source MAC OUI", + "visState": "{\"title\":\"Connections - Source MAC OUI\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.oui\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source MAC OUI\"}}]}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "type": "search", + "name": "search_0", + "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "b1851d10-1f4b-11e9-b7cf-71e2cd3bde1b", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-04-29T19:56:53.664Z", + "version": "WzU1OCwxXQ==", + "attributes": { + "title": "Connections - Destination MAC OUI", + "visState": "{\"title\":\"Connections - Destination MAC OUI\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.oui\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination MAC OUI\"}}]}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "type": "search", + "name": "search_0", + "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "cf9a1cf0-1f4c-11e9-b7cf-71e2cd3bde1b", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-04-29T19:56:53.664Z", + "version": "WzU1OSwxXQ==", + "attributes": { + "title": "Connections - Source MAC Address", + "visState": "{\"title\":\"Connections - Source MAC Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.mac\",\"size\":500,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"MAC Address\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.oui\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Organizational Unique Identifier\"}}]}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "type": "search", + "name": "search_0", + "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "b9e4dcb0-1f4c-11e9-b7cf-71e2cd3bde1b", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-04-29T19:56:53.664Z", + "version": "WzU2MCwxXQ==", + "attributes": { + "title": "Connections - Destination MAC Address", + "visState": "{\"title\":\"Connections - Destination MAC Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.mac\",\"size\":500,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"MAC Address\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.oui\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Organizational Unique Identifier\"}}]}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "type": "search", + "name": "search_0", + "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "c513e8f0-1f4d-11e9-b7cf-71e2cd3bde1b", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-04-29T19:56:53.664Z", + "version": "WzU2MSwxXQ==", + "attributes": { + "title": "Connections - Top 10 - Total Bytes By Source MAC OUI", + "visState": "{\"title\":\"Connections - Top 10 - Total Bytes By Source MAC OUI\",\"type\":\"histogram\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":false,\"truncate\":100,\"rotate\":75},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Destination IP Address\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"orderBucketsBySum\":false,\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Total Bytes\"},\"drawLinesBetweenPoints\":true,\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"square root\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Total Bytes\"},\"type\":\"value\"}],\"type\":\"histogram\",\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"dimensions\":{\"x\":{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Source MAC OUI\",\"aggType\":\"terms\"},\"y\":[{\"accessor\":2,\"format\":{\"id\":\"number\",\"params\":{}},\"params\":{},\"label\":\"Total Bytes\",\"aggType\":\"max\"}],\"series\":[{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Source MAC OUI\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Total Bytes\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"source.oui\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source MAC OUI\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"source.oui\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source MAC OUI\"}}]}", + "uiStateJSON": "{}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "b04c8b20-1f4d-11e9-b7cf-71e2cd3bde1b", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-04-29T19:56:53.664Z", + "version": "WzU2MiwxXQ==", + "attributes": { + "title": "Connections - Top 10 - Total Bytes By Destination MAC OUI", + "visState": "{\"title\":\"Connections - Top 10 - Total Bytes By Destination MAC OUI\",\"type\":\"histogram\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":false,\"truncate\":100,\"rotate\":75},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Destination IP Address\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"orderBucketsBySum\":false,\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Total Bytes\"},\"drawLinesBetweenPoints\":true,\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"square root\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Total Bytes\"},\"type\":\"value\"}],\"type\":\"histogram\",\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"dimensions\":{\"x\":{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Destination MAC OUI\",\"aggType\":\"terms\"},\"y\":[{\"accessor\":2,\"format\":{\"id\":\"number\",\"params\":{}},\"params\":{},\"label\":\"Total Bytes\",\"aggType\":\"max\"}],\"series\":[{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Destination MAC OUI\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Total Bytes\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destination.oui\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination MAC OUI\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"destination.oui\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination MAC OUI\"}}]}", + "uiStateJSON": "{}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "ede811b0-1f4e-11e9-b7cf-71e2cd3bde1b", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-04-29T19:56:53.664Z", + "version": "WzU2MywxXQ==", + "attributes": { + "title": "Connections - Protocol", + "visState": "{\"title\":\"Connections - Protocol\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"isDonut\":false,\"labels\":{\"show\":true,\"values\":false,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Protocol\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"network.transport\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Protocol\"}}]}", + "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "adc09360-49c7-11ea-812f-2bc51df4ea1e", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-04-29T19:56:53.664Z", + "version": "WzU2NCwxXQ==", + "attributes": { + "title": "Network Layer", + "visState": "{\"title\":\"Network Layer\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"isDonut\":true,\"labels\":{\"show\":true,\"values\":false,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Network Layer\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"network.type\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Network Layer\"}}]}", + "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "52570870-e9d4-444f-a3df-e44c6757ed9f", + "type": "search", + "namespaces": [ + "default" + ], + "updated_at": "2022-04-29T19:57:13.041Z", + "version": "Wzc2MSwxXQ==", + "attributes": { + "title": "Connections - Logs", + "description": "", + "hits": 0, + "columns": [ + "network.transport", + "network.protocol", + "source.ip", + "source.port", + "destination.ip", + "destination.port", + "network.bytes", + "event.id" + ], + "sort": [ + [ + "MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER", + "desc" + ] + ], + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"filter\":[],\"query\":{\"query\":{\"query_string\":{\"query\":\"(event.provider:zeek AND event.dataset:conn) OR (event.provider:suricata AND event.dataset:flow)\",\"analyze_wildcard\":true}},\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" + } + }, + "references": [ + { + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern", + "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" + } + ], + "migrationVersion": { + "search": "7.9.3" + } + } + ] } \ No newline at end of file diff --git a/dashboards/dashboards/ae79b7d1-4281-4095-b2f6-fa7eafda9970.json b/dashboards/dashboards/ae79b7d1-4281-4095-b2f6-fa7eafda9970.json index 645540651..0c83415c8 100644 --- a/dashboards/dashboards/ae79b7d1-4281-4095-b2f6-fa7eafda9970.json +++ b/dashboards/dashboards/ae79b7d1-4281-4095-b2f6-fa7eafda9970.json @@ -139,7 +139,7 @@ "updated_at": "2021-11-12T19:32:50.243Z", "version": "WzczNiwxXQ==", "attributes": { - "visState": "{\"title\":\"RADIUS - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"RADIUS - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", "description": "", "title": "RADIUS - Source IP Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -170,7 +170,7 @@ "version": "WzczNywxXQ==", "attributes": { "title": "RADIUS - Destination IP Address", - "visState": "{\"title\":\"RADIUS - Destination IP Address\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Port\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"RADIUS - Destination IP Address\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Port\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -199,7 +199,7 @@ "updated_at": "2021-11-12T19:32:50.243Z", "version": "WzczOCwxXQ==", "attributes": { - "visState": "{\"title\":\"RADIUS - MAC\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.radius.mac\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"MAC Address\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"RADIUS - MAC\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.radius.mac\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"MAC Address\"}}],\"listeners\":{}}", "description": "", "title": "RADIUS - MAC", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -229,7 +229,7 @@ "updated_at": "2021-11-12T19:32:50.243Z", "version": "WzczOSwxXQ==", "attributes": { - "visState": "{\"title\":\"RADIUS - Connection Information\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.radius.connect_info\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Connection Info\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"RADIUS - Connection Information\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.radius.connect_info\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Connection Info\"}}],\"listeners\":{}}", "description": "", "title": "RADIUS - Connection Information", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -290,7 +290,7 @@ "version": "Wzc0MSwxXQ==", "attributes": { "title": "RADIUS - Username", - "visState": "{\"title\":\"RADIUS - Username\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"related.user\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Username\"}}]}", + "visState": "{\"title\":\"RADIUS - Username\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"related.user\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Username\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/af5df620-eeb6-11e9-bdef-65a192b7f586.json b/dashboards/dashboards/af5df620-eeb6-11e9-bdef-65a192b7f586.json index 76aaefef0..98870eca5 100644 --- a/dashboards/dashboards/af5df620-eeb6-11e9-bdef-65a192b7f586.json +++ b/dashboards/dashboards/af5df620-eeb6-11e9-bdef-65a192b7f586.json @@ -334,7 +334,7 @@ "version": "WzcyMiwxXQ==", "attributes": { "title": "NTP - Source IP", - "visState": "{\"title\":\"NTP - Source IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"}}]}", + "visState": "{\"title\":\"NTP - Source IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"size\":200,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -364,7 +364,7 @@ "version": "WzcyMywxXQ==", "attributes": { "title": "NTP - Destination IP", - "visState": "{\"title\":\"NTP - Destination IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Port\"}}]}", + "visState": "{\"title\":\"NTP - Destination IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"size\":200,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Port\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/b9f247c0-3f99-11e9-a58e-8bdedb0915e8.json b/dashboards/dashboards/b9f247c0-3f99-11e9-a58e-8bdedb0915e8.json index d677b4034..2bb713c01 100644 --- a/dashboards/dashboards/b9f247c0-3f99-11e9-a58e-8bdedb0915e8.json +++ b/dashboards/dashboards/b9f247c0-3f99-11e9-a58e-8bdedb0915e8.json @@ -80,7 +80,7 @@ "version": "WzczMiwxXQ==", "attributes": { "title": "Connections - Destination - Top Connection Duration (region map)", - "visState": "{\"title\":\"Connections - Destination - Top Connection Duration (region map)\",\"type\":\"region_map\",\"params\":{\"addTooltip\":true,\"colorSchema\":\"Green to Red\",\"emsHotLink\":null,\"isDisplayWarning\":false,\"legendPosition\":\"bottomright\",\"mapCenter\":[0,0],\"mapZoom\":3,\"outlineWeight\":1,\"selectedJoinField\":{\"description\":\"Country Code\",\"name\":\"ISO_A2\"},\"selectedLayer\":{\"attribution\":\"https://exploratory.io/maps\",\"fields\":[{\"description\":\"Country Code\",\"name\":\"ISO_A2\"},{\"description\":\"Country Code2\",\"name\":\"WB_A2\"},{\"description\":\"Country Name\",\"name\":\"NAME\"}],\"format\":{\"type\":\"geojson\"},\"isEMS\":false,\"layerId\":\"self_hosted.World (offline)\",\"meta\":{\"feature_collection_path\":\"data\"},\"name\":\"World (offline)\",\"url\":\"/world.geojson\"},\"showAllShapes\":true,\"wms\":{\"enabled\":false,\"options\":{\"format\":\"image/png\",\"transparent\":true},\"selectedTmsLayer\":{\"origin\":\"elastic_maps_service\",\"id\":\"road_map\",\"minZoom\":0,\"maxZoom\":10,\"attribution\":\"OpenStreetMap contributors | OpenMapTiles | MapTiler | Elastic Maps Service\"}},\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\",\"params\":{}},\"params\":{},\"label\":\"Longest Session (seconds)\",\"aggType\":\"max\"},\"bucket\":{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Responder Country\",\"aggType\":\"terms\"}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"event.duration\",\"customLabel\":\"Longest Session (seconds)\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destination.geo.country_iso_code\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Responder Country\"}}]}", + "visState": "{\"title\":\"Connections - Destination - Top Connection Duration (region map)\",\"type\":\"region_map\",\"params\":{\"addTooltip\":true,\"colorSchema\":\"Green to Red\",\"emsHotLink\":null,\"isDisplayWarning\":false,\"legendPosition\":\"bottomright\",\"mapCenter\":[0,0],\"mapZoom\":3,\"outlineWeight\":1,\"selectedJoinField\":{\"description\":\"Country Code\",\"name\":\"ISO_A2\"},\"selectedLayer\":{\"attribution\":\"https://exploratory.io/maps\",\"fields\":[{\"description\":\"Country Code\",\"name\":\"ISO_A2\"},{\"description\":\"Country Code2\",\"name\":\"WB_A2\"},{\"description\":\"Country Name\",\"name\":\"NAME\"}],\"format\":{\"type\":\"geojson\"},\"isEMS\":false,\"layerId\":\"self_hosted.World (offline)\",\"meta\":{\"feature_collection_path\":\"data\"},\"name\":\"World (offline)\",\"url\":\"/world.geojson\"},\"showAllShapes\":true,\"wms\":{\"enabled\":false,\"options\":{\"format\":\"image/png\",\"transparent\":true},\"selectedTmsLayer\":{\"origin\":\"elastic_maps_service\",\"id\":\"road_map\",\"minZoom\":0,\"maxZoom\":10,\"attribution\":\"OpenStreetMap contributors | OpenMapTiles | MapTiler | Elastic Maps Service\"}},\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\",\"params\":{}},\"params\":{},\"label\":\"Longest Session (seconds)\",\"aggType\":\"max\"},\"bucket\":{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Responder Country\",\"aggType\":\"terms\"}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"event.duration\",\"customLabel\":\"Longest Session (seconds)\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destination.geo.country_iso_code\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Responder Country\"}}]}", "uiStateJSON": "{\"mapCenter\":[38.28591031601368,16.875000000000004],\"mapZoom\":3}", "description": "", "version": 1, diff --git a/dashboards/dashboards/bb827f8e-639e-468c-93c8-9f5bc132eb8f.json b/dashboards/dashboards/bb827f8e-639e-468c-93c8-9f5bc132eb8f.json index 08d67b4f3..bd75ad746 100644 --- a/dashboards/dashboards/bb827f8e-639e-468c-93c8-9f5bc132eb8f.json +++ b/dashboards/dashboards/bb827f8e-639e-468c-93c8-9f5bc132eb8f.json @@ -159,7 +159,7 @@ "updated_at": "2021-02-10T21:24:55.450Z", "version": "WzczOSwxXQ==", "attributes": { - "visState": "{\"title\":\"SMTP - Subject\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.smtp.subject\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"SMTP\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"SMTP - Subject\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.smtp.subject\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"SMTP\"}}],\"listeners\":{}}", "description": "", "title": "SMTP - Subject", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -219,7 +219,7 @@ "updated_at": "2021-02-10T21:24:55.450Z", "version": "Wzc0MSwxXQ==", "attributes": { - "visState": "{\"title\":\"SMTP - \\\"From\\\" Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.smtp.mailfrom\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"\\\"From\\\" Address\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"SMTP - \\\"From\\\" Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.smtp.mailfrom\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"\\\"From\\\" Address\"}}],\"listeners\":{}}", "description": "", "title": "SMTP - \"From\" Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -249,7 +249,7 @@ "updated_at": "2021-02-10T21:24:55.450Z", "version": "Wzc0MiwxXQ==", "attributes": { - "visState": "{\"title\":\"SMTP - \\\"To\\\" Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.smtp.rcptto\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"\\\"To\\\" Address\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"SMTP - \\\"To\\\" Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.smtp.rcptto\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"\\\"To\\\" Address\"}}],\"listeners\":{}}", "description": "", "title": "SMTP - \"To\" Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -309,7 +309,7 @@ "updated_at": "2021-02-10T21:24:55.450Z", "version": "Wzc0NCwxXQ==", "attributes": { - "visState": "{\"title\":\"SMTP - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"SMTP - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", "description": "", "title": "SMTP - Source IP Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -339,7 +339,7 @@ "updated_at": "2021-02-10T21:24:55.450Z", "version": "Wzc0NSwxXQ==", "attributes": { - "visState": "{\"title\":\"SMTP - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"SMTP - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", "description": "", "title": "SMTP - Destination IP Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -369,7 +369,7 @@ "updated_at": "2021-02-10T21:24:55.450Z", "version": "Wzc0NiwxXQ==", "attributes": { - "visState": "{\"title\":\"SMTP - User Agent\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"user_agent.original\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"SMTP - User Agent\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"user_agent.original\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}", "description": "", "title": "SMTP - User Agent", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -400,7 +400,7 @@ "version": "Wzc0NywxXQ==", "attributes": { "title": "SMTP - Destination Port", - "visState": "{\"title\":\"SMTP - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":5,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Port\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Port\"}}]}", + "visState": "{\"title\":\"SMTP - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":5,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Port\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Port\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/beats/3768ef70-d819-11ee-820d-dd9fd73a3921.json b/dashboards/dashboards/beats/3768ef70-d819-11ee-820d-dd9fd73a3921.json index 311767735..21246f26d 100644 --- a/dashboards/dashboards/beats/3768ef70-d819-11ee-820d-dd9fd73a3921.json +++ b/dashboards/dashboards/beats/3768ef70-d819-11ee-820d-dd9fd73a3921.json @@ -52,7 +52,7 @@ "version": "WzExMDgsMV0=", "attributes": { "title": "Linux Kernel Messages by Host", - "visState": "{\"title\":\"Linux Kernel Messages by Host\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Host\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"top_hits\",\"params\":{\"field\":\"@timestamp\",\"aggregate\":\"concat\",\"size\":1,\"sortField\":\"@timestamp\",\"sortOrder\":\"desc\",\"customLabel\":\"Last Kernel Message\"},\"schema\":\"metric\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Linux Kernel Messages by Host\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Host\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"top_hits\",\"params\":{\"field\":\"@timestamp\",\"aggregate\":\"concat\",\"size\":1,\"sortField\":\"@timestamp\",\"sortOrder\":\"desc\",\"customLabel\":\"Last Kernel Message\"},\"schema\":\"metric\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{}", "description": "", "version": 1, diff --git a/dashboards/dashboards/beats/4ca94c70-d7da-11ee-9ed3-e7afff29e59a.json b/dashboards/dashboards/beats/4ca94c70-d7da-11ee-9ed3-e7afff29e59a.json index c7ec9540c..05552edd8 100644 --- a/dashboards/dashboards/beats/4ca94c70-d7da-11ee-9ed3-e7afff29e59a.json +++ b/dashboards/dashboards/beats/4ca94c70-d7da-11ee-9ed3-e7afff29e59a.json @@ -112,7 +112,7 @@ "version": "Wzg4NiwxXQ==", "attributes": { "title": "Last Capture Metric Timestamp by Host", - "visState": "{\"title\":\"Last Capture Metric Timestamp by Host\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"top_hits\",\"params\":{\"field\":\"@timestamp\",\"aggregate\":\"concat\",\"size\":1,\"sortField\":\"@timestamp\",\"sortOrder\":\"desc\",\"customLabel\":\"Last Metric Timestamp\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"_key\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Capture Host\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.provider\",\"orderBy\":\"_key\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Other\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Last Capture Metric Timestamp by Host\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"top_hits\",\"params\":{\"field\":\"@timestamp\",\"aggregate\":\"concat\",\"size\":1,\"sortField\":\"@timestamp\",\"sortOrder\":\"desc\",\"customLabel\":\"Last Metric Timestamp\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"_key\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Capture Host\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.provider\",\"orderBy\":\"_key\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Other\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"sortColumn\":{\"colIndex\":2,\"direction\":\"desc\"}}}", "description": "", "version": 1, @@ -399,7 +399,7 @@ "version": "Wzg5NiwxXQ==", "attributes": { "title": "Zeek Analyzer Messages", - "visState": "{\"title\":\"Zeek Analyzer Messages\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.analyzer.cause\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Cause\"},\"schema\":\"bucket\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.analyzer.analyzer_kind\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Class\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.analyzer.analyzer_name\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Analyzer\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Zeek Analyzer Messages\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.analyzer.cause\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Cause\"},\"schema\":\"bucket\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.analyzer.analyzer_kind\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Class\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.analyzer.analyzer_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Analyzer\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{}", "description": "", "version": 1, diff --git a/dashboards/dashboards/beats/79202ee0-d811-11ee-820d-dd9fd73a3921.json b/dashboards/dashboards/beats/79202ee0-d811-11ee-820d-dd9fd73a3921.json index 53f5862c5..61b4a9bcb 100644 --- a/dashboards/dashboards/beats/79202ee0-d811-11ee-820d-dd9fd73a3921.json +++ b/dashboards/dashboards/beats/79202ee0-d811-11ee-820d-dd9fd73a3921.json @@ -82,7 +82,7 @@ "version": "Wzk4MCwxXQ==", "attributes": { "title": "Windows Events by Host", - "visState": "{\"title\":\"Windows Events by Host\",\"type\":\"table\",\"aggs\":[{\"id\":\"4\",\"enabled\":true,\"type\":\"top_hits\",\"params\":{\"field\":\"@timestamp\",\"aggregate\":\"concat\",\"size\":1,\"sortField\":\"@timestamp\",\"sortOrder\":\"desc\",\"customLabel\":\"Last Log\"},\"schema\":\"metric\"},{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Host Forwarder\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"miscbeat.winlog.Computer\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Computer Name\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Windows Events by Host\",\"type\":\"table\",\"aggs\":[{\"id\":\"4\",\"enabled\":true,\"type\":\"top_hits\",\"params\":{\"field\":\"@timestamp\",\"aggregate\":\"concat\",\"size\":1,\"sortField\":\"@timestamp\",\"sortOrder\":\"desc\",\"customLabel\":\"Last Log\"},\"schema\":\"metric\"},{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Host Forwarder\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"miscbeat.winlog.Computer\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Computer Name\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{}", "description": "", "version": 1, @@ -172,7 +172,7 @@ "version": "Wzk4NywxXQ==", "attributes": { "title": "Windows Event Results", - "visState": "{\"title\":\"Windows Event Results\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.result\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Event Result\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Windows Event Results\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.result\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Event Result\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{}", "description": "", "version": 1, @@ -202,7 +202,7 @@ "version": "Wzk4OSwxXQ==", "attributes": { "title": "Windows Event Insertion Strings", - "visState": "{\"title\":\"Windows Event Insertion Strings\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"miscbeat.winlog.StringInserts\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Insertion Strings\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Windows Event Insertion Strings\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"miscbeat.winlog.StringInserts\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Insertion Strings\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"sortColumn\":{\"colIndex\":1,\"direction\":\"desc\"}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/beats/7a7e0a60-e8e8-11ec-b9d4-4569bb965430.json b/dashboards/dashboards/beats/7a7e0a60-e8e8-11ec-b9d4-4569bb965430.json index e6200e462..f815ffdc7 100644 --- a/dashboards/dashboards/beats/7a7e0a60-e8e8-11ec-b9d4-4569bb965430.json +++ b/dashboards/dashboards/beats/7a7e0a60-e8e8-11ec-b9d4-4569bb965430.json @@ -72,7 +72,7 @@ "version": "WzkxOCwxXQ==", "attributes": { "title": "Malcolm Sensor Audit Logs - Host", - "visState": "{\"title\":\"Malcolm Sensor Audit Logs - Host\",\"type\":\"table\",\"aggs\":[{\"id\":\"3\",\"enabled\":true,\"type\":\"max\",\"params\":{\"field\":\"@timestamp\",\"customLabel\":\"Last Audit Log\"},\"schema\":\"metric\"},{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"unknown\",\"customLabel\":\"Host\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Malcolm Sensor Audit Logs - Host\",\"type\":\"table\",\"aggs\":[{\"id\":\"3\",\"enabled\":true,\"type\":\"max\",\"params\":{\"field\":\"@timestamp\",\"customLabel\":\"Last Audit Log\"},\"schema\":\"metric\"},{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"unknown\",\"customLabel\":\"Host\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -102,7 +102,7 @@ "version": "WzkyMiwxXQ==", "attributes": { "title": "Malcolm Sensor Audit Logs - Account", - "visState": "{\"title\":\"Malcolm Sensor Audit Logs - Account\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"miscbeat.auditlog.acct\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Effective Account\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"miscbeat.auditlog.UID\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"UID\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Malcolm Sensor Audit Logs - Account\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"miscbeat.auditlog.acct\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Effective Account\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"miscbeat.auditlog.UID\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"UID\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -185,7 +185,7 @@ "version": "WzkyMCwxXQ==", "attributes": { "title": "Malcolm Sensor Audit Logs - Syscall", - "visState": "{\"title\":\"Malcolm Sensor Audit Logs - Syscall\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"miscbeat.auditlog.SYSCALL\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Syscall\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Malcolm Sensor Audit Logs - Syscall\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"miscbeat.auditlog.SYSCALL\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Syscall\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -215,7 +215,7 @@ "version": "WzkyMSwxXQ==", "attributes": { "title": "Malcolm Sensor Audit Logs - Executable", - "visState": "{\"title\":\"Malcolm Sensor Audit Logs - Executable\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"miscbeat.auditlog.exe\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Executable\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Malcolm Sensor Audit Logs - Executable\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"miscbeat.auditlog.exe\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Executable\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/beats/903f42c0-f634-11ec-828d-2fb7a4a26e1f.json b/dashboards/dashboards/beats/903f42c0-f634-11ec-828d-2fb7a4a26e1f.json index 2ccc8cbce..34cfd2492 100644 --- a/dashboards/dashboards/beats/903f42c0-f634-11ec-828d-2fb7a4a26e1f.json +++ b/dashboards/dashboards/beats/903f42c0-f634-11ec-828d-2fb7a4a26e1f.json @@ -91,7 +91,7 @@ "version": "Wzk0NSwxXQ==", "attributes": { "title": "Malcolm Sensor File/Directory Integrity - Host Check Summary", - "visState": "{\"title\":\"Malcolm Sensor File/Directory Integrity - Host Check Summary\",\"type\":\"table\",\"aggs\":[{\"id\":\"4\",\"enabled\":true,\"type\":\"top_hits\",\"params\":{\"field\":\"miscbeat.aide.number_of_entries.changed\",\"aggregate\":\"concat\",\"size\":1,\"sortField\":\"@timestamp\",\"sortOrder\":\"desc\",\"customLabel\":\"Changes\"},\"schema\":\"metric\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"top_hits\",\"params\":{\"field\":\"miscbeat.aide.number_of_entries.removed\",\"aggregate\":\"concat\",\"size\":1,\"sortField\":\"@timestamp\",\"sortOrder\":\"desc\",\"customLabel\":\"Removals\"},\"schema\":\"metric\"},{\"id\":\"6\",\"enabled\":true,\"type\":\"top_hits\",\"params\":{\"field\":\"miscbeat.aide.number_of_entries.added\",\"aggregate\":\"concat\",\"size\":1,\"sortField\":\"@timestamp\",\"sortOrder\":\"desc\",\"customLabel\":\"Additions\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"top_hits\",\"params\":{\"field\":\"miscbeat.aide.number_of_entries.total\",\"aggregate\":\"max\",\"size\":1,\"sortField\":\"@timestamp\",\"sortOrder\":\"desc\",\"customLabel\":\"Files/Directories Checked\"},\"schema\":\"metric\"},{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"params\":{\"field\":\"@timestamp\",\"customLabel\":\"Last Reported\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"unknown\",\"customLabel\":\"Host\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":5,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Malcolm Sensor File/Directory Integrity - Host Check Summary\",\"type\":\"table\",\"aggs\":[{\"id\":\"4\",\"enabled\":true,\"type\":\"top_hits\",\"params\":{\"field\":\"miscbeat.aide.number_of_entries.changed\",\"aggregate\":\"concat\",\"size\":1,\"sortField\":\"@timestamp\",\"sortOrder\":\"desc\",\"customLabel\":\"Changes\"},\"schema\":\"metric\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"top_hits\",\"params\":{\"field\":\"miscbeat.aide.number_of_entries.removed\",\"aggregate\":\"concat\",\"size\":1,\"sortField\":\"@timestamp\",\"sortOrder\":\"desc\",\"customLabel\":\"Removals\"},\"schema\":\"metric\"},{\"id\":\"6\",\"enabled\":true,\"type\":\"top_hits\",\"params\":{\"field\":\"miscbeat.aide.number_of_entries.added\",\"aggregate\":\"concat\",\"size\":1,\"sortField\":\"@timestamp\",\"sortOrder\":\"desc\",\"customLabel\":\"Additions\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"top_hits\",\"params\":{\"field\":\"miscbeat.aide.number_of_entries.total\",\"aggregate\":\"max\",\"size\":1,\"sortField\":\"@timestamp\",\"sortOrder\":\"desc\",\"customLabel\":\"Files/Directories Checked\"},\"schema\":\"metric\"},{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"params\":{\"field\":\"@timestamp\",\"customLabel\":\"Last Reported\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"unknown\",\"customLabel\":\"Host\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":5,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":5,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -151,7 +151,7 @@ "version": "WzgzNiwxXQ==", "attributes": { "title": "Malcolm Sensor File/Directory Integrity - Path", - "visState": "{\"title\":\"Malcolm Sensor File/Directory Integrity - Path\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"min\",\"params\":{\"field\":\"@timestamp\",\"customLabel\":\"First Reported\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"_key\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"unknown\",\"customLabel\":\"Host\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"file.path\",\"orderBy\":\"_key\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Path\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"max\",\"params\":{\"field\":\"@timestamp\",\"customLabel\":\"Last Reported\"},\"schema\":\"metric\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Malcolm Sensor File/Directory Integrity - Path\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"min\",\"params\":{\"field\":\"@timestamp\",\"customLabel\":\"First Reported\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"_key\",\"order\":\"desc\",\"size\":20,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"unknown\",\"customLabel\":\"Host\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"file.path\",\"orderBy\":\"_key\",\"order\":\"desc\",\"size\":50,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Path\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"max\",\"params\":{\"field\":\"@timestamp\",\"customLabel\":\"Last Reported\"},\"schema\":\"metric\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"asc\"}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/beats/f6600310-9943-11ee-a029-e973f4774355.json b/dashboards/dashboards/beats/f6600310-9943-11ee-a029-e973f4774355.json index 1f58376a6..0ce72ec85 100644 --- a/dashboards/dashboards/beats/f6600310-9943-11ee-a029-e973f4774355.json +++ b/dashboards/dashboards/beats/f6600310-9943-11ee-a029-e973f4774355.json @@ -97,7 +97,7 @@ "version": "Wzk1NSwxXQ==", "attributes": { "title": "Journald - Process UID", - "visState": "{\"title\":\"Journald - Process UID\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"miscbeat.systemd.hostname\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Systemd Host\"},\"schema\":\"bucket\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"process.user.id\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Process UID\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Journald - Process UID\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"miscbeat.systemd.hostname\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Systemd Host\"},\"schema\":\"bucket\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"process.user.id\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Process UID\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"sortColumn\":{\"colIndex\":1,\"direction\":\"desc\"}}}", "description": "", "version": 1, @@ -157,7 +157,7 @@ "version": "Wzk0MiwxXQ==", "attributes": { "title": "Journald - Systemd Unit", - "visState": "{\"title\":\"Journald - Systemd Unit\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"miscbeat.systemd.systemd_unit\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Systemd Unit\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"miscbeat.systemd.systemd_user_unit\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Systemd User Unit\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"miscbeat.systemd.user_unit\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"User Unit\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Journald - Systemd Unit\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"miscbeat.systemd.systemd_unit\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Systemd Unit\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"miscbeat.systemd.systemd_user_unit\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Systemd User Unit\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"miscbeat.systemd.user_unit\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"User Unit\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"sortColumn\":{\"colIndex\":3,\"direction\":\"desc\"}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/bed185a0-ef82-11e9-b38a-2db3ee640e88.json b/dashboards/dashboards/bed185a0-ef82-11e9-b38a-2db3ee640e88.json index 4db665078..96e640f91 100644 --- a/dashboards/dashboards/bed185a0-ef82-11e9-b38a-2db3ee640e88.json +++ b/dashboards/dashboards/bed185a0-ef82-11e9-b38a-2db3ee640e88.json @@ -227,7 +227,7 @@ "version": "Wzc1NywxXQ==", "attributes": { "title": "Tabular Data Stream - Source IP", - "visState": "{\"title\":\"Tabular Data Stream - Source IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"}}]}", + "visState": "{\"title\":\"Tabular Data Stream - Source IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"size\":200,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, @@ -257,7 +257,7 @@ "version": "Wzc1OCwxXQ==", "attributes": { "title": "Tabular Data Stream - Destination IP", - "visState": "{\"title\":\"Tabular Data Stream - Destination IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Port\"}}]}", + "visState": "{\"title\":\"Tabular Data Stream - Destination IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"size\":200,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Port\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48.json b/dashboards/dashboards/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48.json index 7f09d5478..1aca51519 100644 --- a/dashboards/dashboards/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48.json +++ b/dashboards/dashboards/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48.json @@ -165,7 +165,7 @@ "version": "WzU4MCwxXQ==", "attributes": { "title": "TFTP - Filename", - "visState": "{\"title\":\"TFTP - Filename\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"file.path\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}", + "visState": "{\"title\":\"TFTP - Filename\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"file.path\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -195,7 +195,7 @@ "version": "WzU4MSwxXQ==", "attributes": { "title": "TFTP - Source IP", - "visState": "{\"title\":\"TFTP - Source IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Source IP\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"source.port: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"}}]}", + "visState": "{\"title\":\"TFTP - Source IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Source IP\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"source.port: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -225,7 +225,7 @@ "version": "WzU4MiwxXQ==", "attributes": { "title": "TFTP - Destination IP", - "visState": "{\"title\":\"TFTP - Destination IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Destination IP\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Port\"}}]}", + "visState": "{\"title\":\"TFTP - Destination IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Destination IP\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Port\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2.json b/dashboards/dashboards/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2.json index a4ccae737..257200e63 100644 --- a/dashboards/dashboards/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2.json +++ b/dashboards/dashboards/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2.json @@ -190,7 +190,7 @@ "version": "Wzc3MCwxXQ==", "attributes": { "title": "Telnet, rlogin and rsh - Login Attempts with Cleartext Passwords", - "visState": "{\"title\":\"Telnet, rlogin and rsh - Login Attempts with Cleartext Passwords\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":3,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Protocol\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"User\",\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Unknown\"}},\"params\":{},\"label\":\"Succeeded\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Protocol\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"related.user\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"User\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.login.success\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Success\"}}]}", + "visState": "{\"title\":\"Telnet, rlogin and rsh - Login Attempts with Cleartext Passwords\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":3,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Protocol\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"User\",\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Unknown\"}},\"params\":{},\"label\":\"Succeeded\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Protocol\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"related.user\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"User\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.login.success\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Success\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -220,7 +220,7 @@ "version": "Wzc3MSwxXQ==", "attributes": { "title": "Telnet, rsh and rlogin - Source", - "visState": "{\"title\":\"Telnet, rsh and rlogin - Source\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"ip\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Unknown\"}},\"params\":{},\"label\":\"Source IP\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Unknown\"}},\"params\":{},\"label\":\"Protocol\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Protocol\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Source IP\"}}]}", + "visState": "{\"title\":\"Telnet, rsh and rlogin - Source\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"ip\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Unknown\"}},\"params\":{},\"label\":\"Source IP\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Unknown\"}},\"params\":{},\"label\":\"Protocol\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Protocol\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Source IP\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":null}}}}", "description": "", "version": 1, @@ -250,7 +250,7 @@ "version": "Wzc3MiwxXQ==", "attributes": { "title": "Telnet, rlogin and rsh - Destination", - "visState": "{\"title\":\"Telnet, rlogin and rsh - Destination\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"ip\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Unknown\"}},\"params\":{},\"label\":\"Destination IP\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Unknown\"}},\"params\":{},\"label\":\"Protocol\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Protocol\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Destination IP\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Destination Port\"}}]}", + "visState": "{\"title\":\"Telnet, rlogin and rsh - Destination\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"ip\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Unknown\"}},\"params\":{},\"label\":\"Destination IP\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Unknown\"}},\"params\":{},\"label\":\"Protocol\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Protocol\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Destination IP\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Destination Port\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/ca5799a0-56b5-11eb-b749-576de068f8ad.json b/dashboards/dashboards/ca5799a0-56b5-11eb-b749-576de068f8ad.json index e3d9b1005..8bb95c2a7 100644 --- a/dashboards/dashboards/ca5799a0-56b5-11eb-b749-576de068f8ad.json +++ b/dashboards/dashboards/ca5799a0-56b5-11eb-b749-576de068f8ad.json @@ -175,7 +175,7 @@ "version": "Wzc3OCwxXQ==", "attributes": { "title": "BSAP - Source IP", - "visState": "{\"title\":\"BSAP - Source IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Source Port\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.port\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Source Port\"}}]}", + "visState": "{\"title\":\"BSAP - Source IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Source Port\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":500,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Source Port\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, @@ -205,7 +205,7 @@ "version": "Wzc3OSwxXQ==", "attributes": { "title": "BSAP IP - Function", - "visState": "{\"title\":\"BSAP IP - Function\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"zeek.bsap_ip_rdb.func_code: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.bsap_ip_rdb.app_func_code\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Application Function\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.bsap_ip_rdb.func_code\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Subfunction\"}}]}", + "visState": "{\"title\":\"BSAP IP - Function\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"zeek.bsap_ip_rdb.func_code: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.bsap_ip_rdb.app_func_code\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Application Function\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.bsap_ip_rdb.func_code\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Subfunction\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -265,7 +265,7 @@ "version": "Wzc4MSwxXQ==", "attributes": { "title": "BSAP Serial - RDB Function", - "visState": "{\"title\":\"BSAP Serial - RDB Function\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"zeek.bsap_serial_rdb.func_code: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.bsap_serial_rdb.func_code\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"RDB Function\"}}]}", + "visState": "{\"title\":\"BSAP Serial - RDB Function\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"zeek.bsap_serial_rdb.func_code: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.bsap_serial_rdb.func_code\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"RDB Function\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -295,7 +295,7 @@ "version": "Wzc4MiwxXQ==", "attributes": { "title": "BSAP Serial - Function", - "visState": "{\"title\":\"BSAP Serial - Function\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":3,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Destination Function\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.bsap_serial_header.type_name\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Message Type\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.bsap_serial_header.sfun\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Source Function\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.bsap_serial_header.dfun\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Destination Function\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.bsap_serial_header.nsb\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Node Status\"}}]}", + "visState": "{\"title\":\"BSAP Serial - Function\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":3,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Destination Function\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.bsap_serial_header.type_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Message Type\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.bsap_serial_header.sfun\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Source Function\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.bsap_serial_header.dfun\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Destination Function\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.bsap_serial_header.nsb\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Node Status\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":4,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -417,7 +417,7 @@ "version": "Wzc4NSwxXQ==", "attributes": { "title": "BSAP - Destination IP", - "visState": "{\"title\":\"BSAP - Destination IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"destination.port: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Destination Port\"}}]}", + "visState": "{\"title\":\"BSAP - Destination IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"destination.port: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":500,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Destination Port\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/caef3ade-d289-4d05-a511-149f3e97f238.json b/dashboards/dashboards/caef3ade-d289-4d05-a511-149f3e97f238.json index d7e13cd8b..03c186fb4 100644 --- a/dashboards/dashboards/caef3ade-d289-4d05-a511-149f3e97f238.json +++ b/dashboards/dashboards/caef3ade-d289-4d05-a511-149f3e97f238.json @@ -154,7 +154,7 @@ "updated_at": "2021-02-10T21:25:00.506Z", "version": "Wzc5MCwxXQ==", "attributes": { - "visState": "{\"title\":\"SSH - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"SSH - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", "description": "", "title": "SSH - Source IP Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -185,7 +185,7 @@ "version": "WzM0MDEsMV0=", "attributes": { "title": "SSH - Destination IP Address", - "visState": "{\"title\":\"SSH - Destination IP Address\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Port\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"SSH - Destination IP Address\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Port\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -214,7 +214,7 @@ "updated_at": "2021-02-10T21:25:00.506Z", "version": "Wzc5MywxXQ==", "attributes": { - "visState": "{\"title\":\"SSH - Client/Server\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.ssh.client\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Client\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.ssh.server\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Server\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"SSH - Client/Server\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.ssh.client\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Client\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.ssh.server\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Server\"}}],\"listeners\":{}}", "description": "", "title": "SSH - Client/Server", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -275,7 +275,7 @@ "version": "Wzc5NSwxXQ==", "attributes": { "title": "SSH -Server", - "visState": "{\"title\":\"SSH -Server\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.ssh.server\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Server\"}}]}", + "visState": "{\"title\":\"SSH -Server\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.ssh.server\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Server\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, @@ -335,7 +335,7 @@ "version": "Wzc5NywxXQ==", "attributes": { "title": "SSH - Client Algorithms", - "visState": "{\"title\":\"SSH - Client Algorithms\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Algorithms Offered by Server\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.ssh.hasshAlgorithms\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Algorithms Offered by Client\"}}]}", + "visState": "{\"title\":\"SSH - Client Algorithms\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Algorithms Offered by Server\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.ssh.hasshAlgorithms\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Algorithms Offered by Client\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -365,7 +365,7 @@ "version": "WzgwMCwxXQ==", "attributes": { "title": "SSH - HASSH Server Hash", - "visState": "{\"title\":\"SSH - HASSH Server Hash\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"HASSH Client Hash\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.ssh.hasshServer\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"HASSH Server Hash\"}}]}", + "visState": "{\"title\":\"SSH - HASSH Server Hash\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"HASSH Client Hash\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.ssh.hasshServer\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"HASSH Server Hash\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, @@ -395,7 +395,7 @@ "version": "Wzc5OSwxXQ==", "attributes": { "title": "SSH - HASSH Client Hash", - "visState": "{\"title\":\"SSH - HASSH Client Hash\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"HASSH Client Hash\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.ssh.hassh\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"HASSH Client Hash\"}}]}", + "visState": "{\"title\":\"SSH - HASSH Client Hash\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"HASSH Client Hash\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.ssh.hassh\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"HASSH Client Hash\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, @@ -425,7 +425,7 @@ "version": "Wzc5OCwxXQ==", "attributes": { "title": "SSH - Server Algorithms", - "visState": "{\"title\":\"SSH - Server Algorithms\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Algorithms Offered by Client\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.ssh.hasshServerAlgorithms\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Algorithms Offered by Server\"}}]}", + "visState": "{\"title\":\"SSH - Server Algorithms\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Algorithms Offered by Client\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.ssh.hasshServerAlgorithms\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Algorithms Offered by Server\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/d2dd0180-06b1-11ec-8c6b-353266ade330.json b/dashboards/dashboards/d2dd0180-06b1-11ec-8c6b-353266ade330.json index 39b75946a..5f098b3c1 100644 --- a/dashboards/dashboards/d2dd0180-06b1-11ec-8c6b-353266ade330.json +++ b/dashboards/dashboards/d2dd0180-06b1-11ec-8c6b-353266ade330.json @@ -1,688 +1,688 @@ -{ - "version": "7.10.2", - "objects": [ - { - "id": "d2dd0180-06b1-11ec-8c6b-353266ade330", - "type": "dashboard", - "namespaces": [ - "default" - ], - "updated_at": "2021-09-02T18:26:13.166Z", - "version": "WzMwMTksMV0=", - "attributes": { - "title": "Severity", - "hits": 0, - "description": "", - "panelsJSON": "[{\"version\":\"7.10.2\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":27,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":8,\"y\":0,\"w\":14,\"h\":18,\"i\":\"3f76fdd2-3bf6-455e-be92-786b9628ec21\"},\"panelIndex\":\"3f76fdd2-3bf6-455e-be92-786b9628ec21\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":22,\"y\":0,\"w\":26,\"h\":18,\"i\":\"d43fa1a6-517d-4730-8a1f-ba928da6fc13\"},\"panelIndex\":\"d43fa1a6-517d-4730-8a1f-ba928da6fc13\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":8,\"y\":18,\"w\":22,\"h\":18,\"i\":\"30a491bc-d8b2-4555-a3c4-415de7e81c6a\"},\"panelIndex\":\"30a491bc-d8b2-4555-a3c4-415de7e81c6a\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":30,\"y\":18,\"w\":18,\"h\":18,\"i\":\"4c752761-c325-41b6-8216-8827bc219b82\"},\"panelIndex\":\"4c752761-c325-41b6-8216-8827bc219b82\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":0,\"y\":27,\"w\":8,\"h\":9,\"i\":\"a21db3d5-8091-4d59-a566-66ca256fa26c\"},\"panelIndex\":\"a21db3d5-8091-4d59-a566-66ca256fa26c\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":0,\"y\":36,\"w\":18,\"h\":19,\"i\":\"5820b8d7-2dd0-4f45-b7d7-c4c3c5ec554e\"},\"panelIndex\":\"5820b8d7-2dd0-4f45-b7d7-c4c3c5ec554e\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":18,\"y\":36,\"w\":15,\"h\":19,\"i\":\"d07e07fe-600e-433e-997d-8eab20559bad\"},\"panelIndex\":\"d07e07fe-600e-433e-997d-8eab20559bad\",\"embeddableConfig\":{\"hidePanelTitles\":false},\"panelRefName\":\"panel_7\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":33,\"y\":36,\"w\":15,\"h\":19,\"i\":\"a54d94c7-2499-4215-863d-859f5d079a03\"},\"panelIndex\":\"a54d94c7-2499-4215-863d-859f5d079a03\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":0,\"y\":55,\"w\":24,\"h\":21,\"i\":\"8880c848-dfa0-42a3-a0dc-8912f037150c\"},\"panelIndex\":\"8880c848-dfa0-42a3-a0dc-8912f037150c\",\"embeddableConfig\":{\"mapZoom\":2,\"mapCenter\":null},\"panelRefName\":\"panel_9\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":24,\"y\":55,\"w\":24,\"h\":21,\"i\":\"96973e1c-8444-4b47-8eb7-04ad66f86b18\"},\"panelIndex\":\"96973e1c-8444-4b47-8eb7-04ad66f86b18\",\"embeddableConfig\":{\"mapZoom\":2,\"mapCenter\":null},\"panelRefName\":\"panel_10\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":0,\"y\":76,\"w\":15,\"h\":18,\"i\":\"2957f8f6-219a-490e-a396-344010d1b1f3\"},\"panelIndex\":\"2957f8f6-219a-490e-a396-344010d1b1f3\",\"embeddableConfig\":{},\"panelRefName\":\"panel_11\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":15,\"y\":76,\"w\":15,\"h\":18,\"i\":\"6620e0e2-cb5c-4324-ae78-1af02e1033ba\"},\"panelIndex\":\"6620e0e2-cb5c-4324-ae78-1af02e1033ba\",\"embeddableConfig\":{},\"panelRefName\":\"panel_12\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":30,\"y\":76,\"w\":18,\"h\":18,\"i\":\"f8f8bdfb-5722-432e-bcf6-f43c084e8ba4\"},\"panelIndex\":\"f8f8bdfb-5722-432e-bcf6-f43c084e8ba4\",\"embeddableConfig\":{},\"panelRefName\":\"panel_13\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":0,\"y\":94,\"w\":48,\"h\":20,\"i\":\"f57be156-07f3-4b1b-9c8d-96e48405ee1c\"},\"panelIndex\":\"f57be156-07f3-4b1b-9c8d-96e48405ee1c\",\"embeddableConfig\":{},\"panelRefName\":\"panel_14\"}]", - "optionsJSON": "{\"useMargins\":true}", - "version": 1, - "timeRestore": false, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"event.severity:*\"},\"filter\":[]}" - } - }, - "references": [ - { - "name": "panel_0", - "type": "visualization", - "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3" - }, - { - "name": "panel_1", - "type": "visualization", - "id": "bcfa8900-06ac-11ec-8c6b-353266ade330" - }, - { - "name": "panel_2", - "type": "visualization", - "id": "0dc37f60-06a1-11ec-8c6b-353266ade330" - }, - { - "name": "panel_3", - "type": "visualization", - "id": "ae03b470-06ad-11ec-8c6b-353266ade330" - }, - { - "name": "panel_4", - "type": "visualization", - "id": "3b79b1b0-06ae-11ec-8c6b-353266ade330" - }, - { - "name": "panel_5", - "type": "visualization", - "id": "e9b2dbb0-06ab-11ec-8c6b-353266ade330" - }, - { - "name": "panel_6", - "type": "visualization", - "id": "1c681a40-47a2-11ea-86b0-e3b81eb90684" - }, - { - "name": "panel_7", - "type": "visualization", - "id": "5c3b42b0-06a9-11ec-8c6b-353266ade330" - }, - { - "name": "panel_8", - "type": "visualization", - "id": "74d35790-06a9-11ec-8c6b-353266ade330" - }, - { - "name": "panel_9", - "type": "visualization", - "id": "0c4482b0-06b0-11ec-8c6b-353266ade330" - }, - { - "name": "panel_10", - "type": "visualization", - "id": "2c19ecb0-06b0-11ec-8c6b-353266ade330" - }, - { - "name": "panel_11", - "type": "visualization", - "id": "dc7eb0a0-06aa-11ec-8c6b-353266ade330" - }, - { - "name": "panel_12", - "type": "visualization", - "id": "c12558e0-06aa-11ec-8c6b-353266ade330" - }, - { - "name": "panel_13", - "type": "visualization", - "id": "f38b3bd0-afd3-11ea-adcf-8bc6d9c94a96" - }, - { - "name": "panel_14", - "type": "search", - "id": "abd55c60-06a5-11ec-8c6b-353266ade330" - } - ], - "migrationVersion": { - "dashboard": "7.9.3" - } - }, - { - "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-09-02T16:45:09.724Z", - "version": "WzczOSwxXQ==", - "attributes": { - "title": "Network Logs", - "visState": "{\"title\":\"Network Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576) \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405) \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf) \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330) \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4) \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed) \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714) \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3) \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85) \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11) \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f) \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b) \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1) \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed) \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5) \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f) \\n[↪ NetBox](/netbox/) \\n[↪ Arkime](/arkime/) \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406) ● [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e) ● [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9) ● [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48) ● [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) ● [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3) ● [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673) ● [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24) ● [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105) ● [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6) ● [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37) ● [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586) ● [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0) ● [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c) ● [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970) ● [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0) ● [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26) ● [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa) ● [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773) ● [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f) ● [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab) ● [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238) ● [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3) ● [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd) ● [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d) ● [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88) ● [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2) ● [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194) ● [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad) ● [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3) ● [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4) ● [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194) ● [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7) ● [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8) ● [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4) ● [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194) ● [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194) ● [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4) ● [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}", - "uiStateJSON": "{}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}" - } - }, - "references": [], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "bcfa8900-06ac-11ec-8c6b-353266ade330", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-09-02T18:24:13.010Z", - "version": "WzI5NDIsMV0=", - "attributes": { - "title": "Severity Tags", - "visState": "{\"title\":\"Severity Tags\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"max\",\"params\":{\"field\":\"event.risk_score\",\"customLabel\":\"High Raw Severity\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.severity_tags\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Severity Tag\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "abd55c60-06a5-11ec-8c6b-353266ade330" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "0dc37f60-06a1-11ec-8c6b-353266ade330", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-09-02T16:45:00.648Z", - "version": "WzY1MywxXQ==", - "attributes": { - "title": "Severity Score Occurrences", - "visState": "{\"title\":\"Severity Score Occurrences\",\"type\":\"histogram\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Occurrences\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"range\",\"params\":{\"field\":\"event.severity\",\"ranges\":[{\"from\":1,\"to\":10},{\"from\":10,\"to\":20},{\"from\":20,\"to\":30},{\"from\":30,\"to\":40},{\"from\":40,\"to\":50},{\"from\":50,\"to\":60},{\"from\":60,\"to\":70},{\"from\":80,\"to\":90},{\"from\":90,\"to\":100},{\"from\":100}],\"customLabel\":\"Severity Score\"},\"schema\":\"segment\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"histogram\",\"params\":{\"field\":\"event.severity\",\"interval\":10,\"maxBars\":10,\"min_doc_count\":true,\"has_extended_bounds\":true,\"extended_bounds\":{\"max\":101,\"min\":0},\"customLabel\":\"Severity Score\"},\"schema\":\"group\"}],\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"filter\":true,\"rotate\":0,\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{},\"type\":\"category\"}],\"grid\":{\"categoryLines\":false,\"valueAxis\":\"ValueAxis-1\"},\"labels\":{\"show\":true},\"legendPosition\":\"right\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Occurrences\"},\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"mode\":\"stacked\",\"show\":true,\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"thresholdLine\":{\"color\":\"#E7664C\",\"show\":false,\"style\":\"full\",\"value\":10,\"width\":1},\"times\":[],\"type\":\"histogram\",\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"square root\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Occurrences\"},\"type\":\"value\"}]}}", - "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "c97bc964-5319-41e7-ad22-db28156a2ac1" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "ae03b470-06ad-11ec-8c6b-353266ade330", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-09-02T16:45:00.648Z", - "version": "WzY1NCwxXQ==", - "attributes": { - "title": "Severity - Notices", - "visState": "{\"title\":\"Severity - Notices\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.notice.note\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Notice Category\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"max\",\"params\":{\"field\":\"event.risk_score\",\"customLabel\":\"High Raw Severity\"},\"schema\":\"metric\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}}}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "8f003748-a6f8-4244-9d4e-e38e4a48da4c" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "3b79b1b0-06ae-11ec-8c6b-353266ade330", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-09-02T16:45:00.648Z", - "version": "WzY1NSwxXQ==", - "attributes": { - "title": "Severity - Application Protocol", - "visState": "{\"title\":\"Severity - Application Protocol\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Application Protocol\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"max\",\"params\":{\"field\":\"event.risk_score\",\"customLabel\":\"High Raw Severity\"},\"schema\":\"metric\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":0,\"direction\":\"asc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Application Protocol\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Protocol Version\",\"aggType\":\"terms\"}]}}}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"event.severity:*\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" - } - }, - "references": [ - { - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern", - "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "e9b2dbb0-06ab-11ec-8c6b-353266ade330", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-09-02T16:45:00.648Z", - "version": "WzY1NiwxXQ==", - "attributes": { - "title": "Severity - Socket Family", - "visState": "{\"title\":\"Severity - Socket Family\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.type\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"top\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}", - "uiStateJSON": "{}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "abd55c60-06a5-11ec-8c6b-353266ade330" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "1c681a40-47a2-11ea-86b0-e3b81eb90684", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-09-02T16:45:00.648Z", - "version": "WzY1NywxXQ==", - "attributes": { - "title": "File Types by Transport", - "visState": "{\"title\":\"File Types by Transport\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":true,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"file.mime_type\",\"orderBy\":\"_key\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"File Type\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"file.source\",\"orderBy\":\"_key\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Transport\"}}]}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "0aca5333-3b1c-4cda-afb4-f7dd86910459" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "5c3b42b0-06a9-11ec-8c6b-353266ade330", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-09-02T16:45:00.648Z", - "version": "WzY1OCwxXQ==", - "attributes": { - "title": "Severity - Source IP", - "visState": "{\"title\":\"Severity - Source IP\",\"type\":\"table\",\"aggs\":[{\"id\":\"3\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"_key\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"max\",\"params\":{\"field\":\"event.risk_score\",\"customLabel\":\"High Raw Severity\"},\"schema\":\"metric\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "abd55c60-06a5-11ec-8c6b-353266ade330" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "74d35790-06a9-11ec-8c6b-353266ade330", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-09-02T16:45:00.648Z", - "version": "WzY1OSwxXQ==", - "attributes": { - "title": "Severity - Destination IP", - "visState": "{\"title\":\"Severity - Destination IP\",\"type\":\"table\",\"aggs\":[{\"id\":\"3\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"_key\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"max\",\"params\":{\"field\":\"event.risk_score\",\"customLabel\":\"High Raw Severity\"},\"schema\":\"metric\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "abd55c60-06a5-11ec-8c6b-353266ade330" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "0c4482b0-06b0-11ec-8c6b-353266ade330", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-09-02T16:45:00.648Z", - "version": "WzY2MCwxXQ==", - "attributes": { - "title": "Severity - Originating Country", - "visState": "{\"title\":\"Severity - Originating Country\",\"type\":\"region_map\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"params\":{\"field\":\"event.severity\",\"customLabel\":\"Highest Severity Score\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.geo.country_iso_code\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":300,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Originating Country\"},\"schema\":\"segment\"}],\"params\":{\"legendPosition\":\"bottomright\",\"addTooltip\":true,\"colorSchema\":\"Yellow to Red\",\"emsHotLink\":\"\",\"isDisplayWarning\":false,\"wms\":{\"enabled\":false,\"url\":\"\",\"options\":{\"version\":\"\",\"layers\":\"\",\"format\":\"image/png\",\"transparent\":true,\"attribution\":\"\",\"styles\":\"\"},\"selectedTmsLayer\":{\"origin\":\"elastic_maps_service\",\"id\":\"road_map\",\"minZoom\":0,\"maxZoom\":10,\"attribution\":\"OpenStreetMap contributors | OpenMapTiles | Elastic Maps Service\"}},\"mapZoom\":2,\"mapCenter\":[0,0],\"outlineWeight\":1,\"showAllShapes\":true,\"selectedLayer\":{\"name\":\"World (offline)\",\"url\":\"/world.geojson\",\"attribution\":\"https://exploratory.io/maps\",\"fields\":[{\"name\":\"ISO_A2\",\"description\":\"Country Code\"},{\"name\":\"WB_A2\",\"description\":\"Country Code2\"},{\"name\":\"NAME\",\"description\":\"Country Name\"}],\"format\":{\"type\":\"geojson\"},\"meta\":{\"feature_collection_path\":\"data\"},\"layerId\":\"self_hosted.World (offline)\",\"isEMS\":false},\"selectedJoinField\":{\"name\":\"WB_A2\",\"description\":\"Country Code2\"}}}", - "uiStateJSON": "{\"mapZoom\":2,\"mapCenter\":[0.8788717828324276,-3.5143305082851]}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "abd55c60-06a5-11ec-8c6b-353266ade330" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "2c19ecb0-06b0-11ec-8c6b-353266ade330", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-09-02T16:45:00.648Z", - "version": "WzY2MSwxXQ==", - "attributes": { - "title": "Severity - Responding Country", - "visState": "{\"title\":\"Severity - Responding Country\",\"type\":\"region_map\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"params\":{\"field\":\"event.severity\",\"customLabel\":\"Highest Severity Score\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.geo.country_iso_code\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":300,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Responding Country\"},\"schema\":\"segment\"}],\"params\":{\"legendPosition\":\"bottomright\",\"addTooltip\":true,\"colorSchema\":\"Yellow to Red\",\"emsHotLink\":\"\",\"isDisplayWarning\":false,\"wms\":{\"enabled\":false,\"url\":\"\",\"options\":{\"version\":\"\",\"layers\":\"\",\"format\":\"image/png\",\"transparent\":true,\"attribution\":\"\",\"styles\":\"\"},\"selectedTmsLayer\":{\"origin\":\"elastic_maps_service\",\"id\":\"road_map\",\"minZoom\":0,\"maxZoom\":10,\"attribution\":\"OpenStreetMap contributors | OpenMapTiles | Elastic Maps Service\"}},\"mapZoom\":2,\"mapCenter\":[0,0],\"outlineWeight\":1,\"showAllShapes\":true,\"selectedLayer\":{\"name\":\"World (offline)\",\"url\":\"/world.geojson\",\"attribution\":\"https://exploratory.io/maps\",\"fields\":[{\"name\":\"ISO_A2\",\"description\":\"Country Code\"},{\"name\":\"WB_A2\",\"description\":\"Country Code2\"},{\"name\":\"NAME\",\"description\":\"Country Name\"}],\"format\":{\"type\":\"geojson\"},\"meta\":{\"feature_collection_path\":\"data\"},\"layerId\":\"self_hosted.World (offline)\",\"isEMS\":false},\"selectedJoinField\":{\"name\":\"WB_A2\",\"description\":\"Country Code2\"}}}", - "uiStateJSON": "{\"mapZoom\":2,\"mapCenter\":[0.8788717828324276,-3.5143305082851]}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "abd55c60-06a5-11ec-8c6b-353266ade330" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "dc7eb0a0-06aa-11ec-8c6b-353266ade330", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-09-02T16:45:00.648Z", - "version": "WzY2MiwxXQ==", - "attributes": { - "title": "Severity - Destination OUI", - "visState": "{\"title\":\"Severity - Destination OUI\",\"type\":\"table\",\"aggs\":[{\"id\":\"3\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.oui\",\"orderBy\":\"_key\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination OUI\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"max\",\"params\":{\"field\":\"event.risk_score\",\"customLabel\":\"High Raw Severity\"},\"schema\":\"metric\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "abd55c60-06a5-11ec-8c6b-353266ade330" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "c12558e0-06aa-11ec-8c6b-353266ade330", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-09-02T16:45:00.648Z", - "version": "WzY2MywxXQ==", - "attributes": { - "title": "Severity - Source OUI", - "visState": "{\"title\":\"Severity - Source OUI\",\"type\":\"table\",\"aggs\":[{\"id\":\"3\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.oui\",\"orderBy\":\"_key\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source OUI\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"max\",\"params\":{\"field\":\"event.risk_score\",\"customLabel\":\"High Raw Severity\"},\"schema\":\"metric\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "abd55c60-06a5-11ec-8c6b-353266ade330" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "f38b3bd0-afd3-11ea-adcf-8bc6d9c94a96", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-09-02T16:45:00.648Z", - "version": "WzY2NCwxXQ==", - "attributes": { - "title": "Actions and Results", - "visState": "{\"title\":\"Actions and Results\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":3,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Unknown\"}},\"params\":{},\"label\":\"Protocol\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Action\",\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Result\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Protocol\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Action\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.result\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Result\"}}]}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"event.action:* OR event.result:*\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" - } - }, - "references": [ - { - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern", - "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "abd55c60-06a5-11ec-8c6b-353266ade330", - "type": "search", - "namespaces": [ - "default" - ], - "updated_at": "2021-09-02T16:45:00.648Z", - "version": "WzY2NSwxXQ==", - "attributes": { - "title": "Severity-Scored Logs", - "description": "", - "hits": 0, - "columns": [ - "event.dataset", - "network.transport", - "network.protocol", - "source.ip", - "destination.ip", - "destination.port", - "event.action", - "event.result", - "event.severity", - "event.severity_tags", - "event.id" - ], - "sort": [], - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"query\":{\"query\":\"event.severity:*\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" - } - }, - "references": [ - { - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern", - "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" - } - ], - "migrationVersion": { - "search": "7.9.3" - } - }, - { - "id": "c97bc964-5319-41e7-ad22-db28156a2ac1", - "type": "search", - "namespaces": [ - "default" - ], - "updated_at": "2021-09-02T16:45:00.648Z", - "version": "WzY2NiwxXQ==", - "attributes": { - "title": "All Logs", - "description": "", - "hits": 0, - "columns": [ - "event.provider", - "event.dataset", - "network.protocol", - "event.action", - "event.result", - "source.ip", - "destination.ip", - "destination.port", - "event.id" - ], - "sort": [ - [ - "MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER", - "desc" - ] - ], - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"filter\":[],\"query\":{\"query\":\"NOT event.provider:arkime\",\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" - } - }, - "references": [ - { - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern", - "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" - } - ], - "migrationVersion": { - "search": "7.9.3" - } - }, - { - "id": "8f003748-a6f8-4244-9d4e-e38e4a48da4c", - "type": "search", - "namespaces": [ - "default" - ], - "updated_at": "2021-09-02T16:45:06.705Z", - "version": "WzcxNSwxXQ==", - "attributes": { - "title": "Notices - Logs", - "description": "", - "hits": 0, - "columns": [ - "rule.category", - "rule.name", - "zeek.notice.msg", - "source.ip", - "destination.ip", - "event.id" - ], - "sort": [ - [ - "MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER", - "desc" - ] - ], - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"event.provider:zeek AND event.dataset:notice\",\"default_field\":\"*\"}}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" - } - }, - "references": [ - { - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern", - "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" - } - ], - "migrationVersion": { - "search": "7.9.3" - } - }, - { - "id": "0aca5333-3b1c-4cda-afb4-f7dd86910459", - "type": "search", - "namespaces": [ - "default" - ], - "updated_at": "2021-09-02T16:45:00.648Z", - "version": "WzY2OCwxXQ==", - "attributes": { - "title": "Files - Logs", - "description": "", - "hits": 0, - "columns": [ - "source.ip", - "destination.ip", - "file.source", - "file.mime_type", - "file.path", - "event.id" - ], - "sort": [ - [ - "MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER", - "desc" - ] - ], - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"filter\":[],\"query\":{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"event.dataset:files\"}},\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" - } - }, - "references": [ - { - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern", - "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" - } - ], - "migrationVersion": { - "search": "7.9.3" - } - } - ] +{ + "version": "7.10.2", + "objects": [ + { + "id": "d2dd0180-06b1-11ec-8c6b-353266ade330", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2021-09-02T18:26:13.166Z", + "version": "WzMwMTksMV0=", + "attributes": { + "title": "Severity", + "hits": 0, + "description": "", + "panelsJSON": "[{\"version\":\"7.10.2\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":27,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":8,\"y\":0,\"w\":14,\"h\":18,\"i\":\"3f76fdd2-3bf6-455e-be92-786b9628ec21\"},\"panelIndex\":\"3f76fdd2-3bf6-455e-be92-786b9628ec21\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":22,\"y\":0,\"w\":26,\"h\":18,\"i\":\"d43fa1a6-517d-4730-8a1f-ba928da6fc13\"},\"panelIndex\":\"d43fa1a6-517d-4730-8a1f-ba928da6fc13\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":8,\"y\":18,\"w\":22,\"h\":18,\"i\":\"30a491bc-d8b2-4555-a3c4-415de7e81c6a\"},\"panelIndex\":\"30a491bc-d8b2-4555-a3c4-415de7e81c6a\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":30,\"y\":18,\"w\":18,\"h\":18,\"i\":\"4c752761-c325-41b6-8216-8827bc219b82\"},\"panelIndex\":\"4c752761-c325-41b6-8216-8827bc219b82\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":0,\"y\":27,\"w\":8,\"h\":9,\"i\":\"a21db3d5-8091-4d59-a566-66ca256fa26c\"},\"panelIndex\":\"a21db3d5-8091-4d59-a566-66ca256fa26c\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":0,\"y\":36,\"w\":18,\"h\":19,\"i\":\"5820b8d7-2dd0-4f45-b7d7-c4c3c5ec554e\"},\"panelIndex\":\"5820b8d7-2dd0-4f45-b7d7-c4c3c5ec554e\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":18,\"y\":36,\"w\":15,\"h\":19,\"i\":\"d07e07fe-600e-433e-997d-8eab20559bad\"},\"panelIndex\":\"d07e07fe-600e-433e-997d-8eab20559bad\",\"embeddableConfig\":{\"hidePanelTitles\":false},\"panelRefName\":\"panel_7\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":33,\"y\":36,\"w\":15,\"h\":19,\"i\":\"a54d94c7-2499-4215-863d-859f5d079a03\"},\"panelIndex\":\"a54d94c7-2499-4215-863d-859f5d079a03\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":0,\"y\":55,\"w\":24,\"h\":21,\"i\":\"8880c848-dfa0-42a3-a0dc-8912f037150c\"},\"panelIndex\":\"8880c848-dfa0-42a3-a0dc-8912f037150c\",\"embeddableConfig\":{\"mapZoom\":2,\"mapCenter\":null},\"panelRefName\":\"panel_9\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":24,\"y\":55,\"w\":24,\"h\":21,\"i\":\"96973e1c-8444-4b47-8eb7-04ad66f86b18\"},\"panelIndex\":\"96973e1c-8444-4b47-8eb7-04ad66f86b18\",\"embeddableConfig\":{\"mapZoom\":2,\"mapCenter\":null},\"panelRefName\":\"panel_10\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":0,\"y\":76,\"w\":15,\"h\":18,\"i\":\"2957f8f6-219a-490e-a396-344010d1b1f3\"},\"panelIndex\":\"2957f8f6-219a-490e-a396-344010d1b1f3\",\"embeddableConfig\":{},\"panelRefName\":\"panel_11\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":15,\"y\":76,\"w\":15,\"h\":18,\"i\":\"6620e0e2-cb5c-4324-ae78-1af02e1033ba\"},\"panelIndex\":\"6620e0e2-cb5c-4324-ae78-1af02e1033ba\",\"embeddableConfig\":{},\"panelRefName\":\"panel_12\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":30,\"y\":76,\"w\":18,\"h\":18,\"i\":\"f8f8bdfb-5722-432e-bcf6-f43c084e8ba4\"},\"panelIndex\":\"f8f8bdfb-5722-432e-bcf6-f43c084e8ba4\",\"embeddableConfig\":{},\"panelRefName\":\"panel_13\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":0,\"y\":94,\"w\":48,\"h\":20,\"i\":\"f57be156-07f3-4b1b-9c8d-96e48405ee1c\"},\"panelIndex\":\"f57be156-07f3-4b1b-9c8d-96e48405ee1c\",\"embeddableConfig\":{},\"panelRefName\":\"panel_14\"}]", + "optionsJSON": "{\"useMargins\":true}", + "version": 1, + "timeRestore": false, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"event.severity:*\"},\"filter\":[]}" + } + }, + "references": [ + { + "name": "panel_0", + "type": "visualization", + "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3" + }, + { + "name": "panel_1", + "type": "visualization", + "id": "bcfa8900-06ac-11ec-8c6b-353266ade330" + }, + { + "name": "panel_2", + "type": "visualization", + "id": "0dc37f60-06a1-11ec-8c6b-353266ade330" + }, + { + "name": "panel_3", + "type": "visualization", + "id": "ae03b470-06ad-11ec-8c6b-353266ade330" + }, + { + "name": "panel_4", + "type": "visualization", + "id": "3b79b1b0-06ae-11ec-8c6b-353266ade330" + }, + { + "name": "panel_5", + "type": "visualization", + "id": "e9b2dbb0-06ab-11ec-8c6b-353266ade330" + }, + { + "name": "panel_6", + "type": "visualization", + "id": "1c681a40-47a2-11ea-86b0-e3b81eb90684" + }, + { + "name": "panel_7", + "type": "visualization", + "id": "5c3b42b0-06a9-11ec-8c6b-353266ade330" + }, + { + "name": "panel_8", + "type": "visualization", + "id": "74d35790-06a9-11ec-8c6b-353266ade330" + }, + { + "name": "panel_9", + "type": "visualization", + "id": "0c4482b0-06b0-11ec-8c6b-353266ade330" + }, + { + "name": "panel_10", + "type": "visualization", + "id": "2c19ecb0-06b0-11ec-8c6b-353266ade330" + }, + { + "name": "panel_11", + "type": "visualization", + "id": "dc7eb0a0-06aa-11ec-8c6b-353266ade330" + }, + { + "name": "panel_12", + "type": "visualization", + "id": "c12558e0-06aa-11ec-8c6b-353266ade330" + }, + { + "name": "panel_13", + "type": "visualization", + "id": "f38b3bd0-afd3-11ea-adcf-8bc6d9c94a96" + }, + { + "name": "panel_14", + "type": "search", + "id": "abd55c60-06a5-11ec-8c6b-353266ade330" + } + ], + "migrationVersion": { + "dashboard": "7.9.3" + } + }, + { + "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-09-02T16:45:09.724Z", + "version": "WzczOSwxXQ==", + "attributes": { + "title": "Network Logs", + "visState": "{\"title\":\"Network Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576) \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405) \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf) \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330) \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4) \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed) \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714) \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3) \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85) \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11) \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f) \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b) \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1) \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed) \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5) \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f) \\n[↪ NetBox](/netbox/) \\n[↪ Arkime](/arkime/) \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406) ● [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e) ● [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9) ● [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48) ● [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) ● [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3) ● [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673) ● [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24) ● [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105) ● [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6) ● [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37) ● [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586) ● [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0) ● [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c) ● [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970) ● [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0) ● [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26) ● [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa) ● [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773) ● [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f) ● [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab) ● [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238) ● [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3) ● [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd) ● [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d) ● [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88) ● [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2) ● [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194) ● [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad) ● [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3) ● [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4) ● [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194) ● [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7) ● [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8) ● [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4) ● [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194) ● [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194) ● [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4) ● [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}", + "uiStateJSON": "{}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}" + } + }, + "references": [], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "bcfa8900-06ac-11ec-8c6b-353266ade330", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-09-02T18:24:13.010Z", + "version": "WzI5NDIsMV0=", + "attributes": { + "title": "Severity Tags", + "visState": "{\"title\":\"Severity Tags\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"max\",\"params\":{\"field\":\"event.risk_score\",\"customLabel\":\"High Raw Severity\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.severity_tags\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Severity Tag\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "abd55c60-06a5-11ec-8c6b-353266ade330" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "0dc37f60-06a1-11ec-8c6b-353266ade330", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-09-02T16:45:00.648Z", + "version": "WzY1MywxXQ==", + "attributes": { + "title": "Severity Score Occurrences", + "visState": "{\"title\":\"Severity Score Occurrences\",\"type\":\"histogram\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Occurrences\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"range\",\"params\":{\"field\":\"event.severity\",\"ranges\":[{\"from\":1,\"to\":10},{\"from\":10,\"to\":20},{\"from\":20,\"to\":30},{\"from\":30,\"to\":40},{\"from\":40,\"to\":50},{\"from\":50,\"to\":60},{\"from\":60,\"to\":70},{\"from\":80,\"to\":90},{\"from\":90,\"to\":100},{\"from\":100}],\"customLabel\":\"Severity Score\"},\"schema\":\"segment\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"histogram\",\"params\":{\"field\":\"event.severity\",\"interval\":10,\"maxBars\":10,\"min_doc_count\":true,\"has_extended_bounds\":true,\"extended_bounds\":{\"max\":101,\"min\":0},\"customLabel\":\"Severity Score\"},\"schema\":\"group\"}],\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"filter\":true,\"rotate\":0,\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{},\"type\":\"category\"}],\"grid\":{\"categoryLines\":false,\"valueAxis\":\"ValueAxis-1\"},\"labels\":{\"show\":true},\"legendPosition\":\"right\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Occurrences\"},\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"mode\":\"stacked\",\"show\":true,\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"thresholdLine\":{\"color\":\"#E7664C\",\"show\":false,\"style\":\"full\",\"value\":10,\"width\":1},\"times\":[],\"type\":\"histogram\",\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"square root\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Occurrences\"},\"type\":\"value\"}]}}", + "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "c97bc964-5319-41e7-ad22-db28156a2ac1" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "ae03b470-06ad-11ec-8c6b-353266ade330", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-09-02T16:45:00.648Z", + "version": "WzY1NCwxXQ==", + "attributes": { + "title": "Severity - Notices", + "visState": "{\"title\":\"Severity - Notices\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.notice.note\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Notice Category\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"max\",\"params\":{\"field\":\"event.risk_score\",\"customLabel\":\"High Raw Severity\"},\"schema\":\"metric\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}}}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "8f003748-a6f8-4244-9d4e-e38e4a48da4c" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "3b79b1b0-06ae-11ec-8c6b-353266ade330", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-09-02T16:45:00.648Z", + "version": "WzY1NSwxXQ==", + "attributes": { + "title": "Severity - Application Protocol", + "visState": "{\"title\":\"Severity - Application Protocol\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Application Protocol\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"max\",\"params\":{\"field\":\"event.risk_score\",\"customLabel\":\"High Raw Severity\"},\"schema\":\"metric\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":0,\"direction\":\"asc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Application Protocol\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Protocol Version\",\"aggType\":\"terms\"}]}}}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"event.severity:*\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" + } + }, + "references": [ + { + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern", + "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "e9b2dbb0-06ab-11ec-8c6b-353266ade330", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-09-02T16:45:00.648Z", + "version": "WzY1NiwxXQ==", + "attributes": { + "title": "Severity - Socket Family", + "visState": "{\"title\":\"Severity - Socket Family\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.type\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"top\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}", + "uiStateJSON": "{}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "abd55c60-06a5-11ec-8c6b-353266ade330" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "1c681a40-47a2-11ea-86b0-e3b81eb90684", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-09-02T16:45:00.648Z", + "version": "WzY1NywxXQ==", + "attributes": { + "title": "File Types by Transport", + "visState": "{\"title\":\"File Types by Transport\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":true,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"file.mime_type\",\"orderBy\":\"_key\",\"order\":\"desc\",\"size\":500,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"File Type\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"file.source\",\"orderBy\":\"_key\",\"order\":\"desc\",\"size\":50,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Transport\"}}]}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "0aca5333-3b1c-4cda-afb4-f7dd86910459" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "5c3b42b0-06a9-11ec-8c6b-353266ade330", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-09-02T16:45:00.648Z", + "version": "WzY1OCwxXQ==", + "attributes": { + "title": "Severity - Source IP", + "visState": "{\"title\":\"Severity - Source IP\",\"type\":\"table\",\"aggs\":[{\"id\":\"3\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"_key\",\"order\":\"desc\",\"size\":255,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"max\",\"params\":{\"field\":\"event.risk_score\",\"customLabel\":\"High Raw Severity\"},\"schema\":\"metric\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "abd55c60-06a5-11ec-8c6b-353266ade330" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "74d35790-06a9-11ec-8c6b-353266ade330", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-09-02T16:45:00.648Z", + "version": "WzY1OSwxXQ==", + "attributes": { + "title": "Severity - Destination IP", + "visState": "{\"title\":\"Severity - Destination IP\",\"type\":\"table\",\"aggs\":[{\"id\":\"3\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"_key\",\"order\":\"desc\",\"size\":255,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"max\",\"params\":{\"field\":\"event.risk_score\",\"customLabel\":\"High Raw Severity\"},\"schema\":\"metric\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "abd55c60-06a5-11ec-8c6b-353266ade330" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "0c4482b0-06b0-11ec-8c6b-353266ade330", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-09-02T16:45:00.648Z", + "version": "WzY2MCwxXQ==", + "attributes": { + "title": "Severity - Originating Country", + "visState": "{\"title\":\"Severity - Originating Country\",\"type\":\"region_map\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"params\":{\"field\":\"event.severity\",\"customLabel\":\"Highest Severity Score\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.geo.country_iso_code\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":300,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Originating Country\"},\"schema\":\"segment\"}],\"params\":{\"legendPosition\":\"bottomright\",\"addTooltip\":true,\"colorSchema\":\"Yellow to Red\",\"emsHotLink\":\"\",\"isDisplayWarning\":false,\"wms\":{\"enabled\":false,\"url\":\"\",\"options\":{\"version\":\"\",\"layers\":\"\",\"format\":\"image/png\",\"transparent\":true,\"attribution\":\"\",\"styles\":\"\"},\"selectedTmsLayer\":{\"origin\":\"elastic_maps_service\",\"id\":\"road_map\",\"minZoom\":0,\"maxZoom\":10,\"attribution\":\"OpenStreetMap contributors | OpenMapTiles | Elastic Maps Service\"}},\"mapZoom\":2,\"mapCenter\":[0,0],\"outlineWeight\":1,\"showAllShapes\":true,\"selectedLayer\":{\"name\":\"World (offline)\",\"url\":\"/world.geojson\",\"attribution\":\"https://exploratory.io/maps\",\"fields\":[{\"name\":\"ISO_A2\",\"description\":\"Country Code\"},{\"name\":\"WB_A2\",\"description\":\"Country Code2\"},{\"name\":\"NAME\",\"description\":\"Country Name\"}],\"format\":{\"type\":\"geojson\"},\"meta\":{\"feature_collection_path\":\"data\"},\"layerId\":\"self_hosted.World (offline)\",\"isEMS\":false},\"selectedJoinField\":{\"name\":\"WB_A2\",\"description\":\"Country Code2\"}}}", + "uiStateJSON": "{\"mapZoom\":2,\"mapCenter\":[0.8788717828324276,-3.5143305082851]}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "abd55c60-06a5-11ec-8c6b-353266ade330" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "2c19ecb0-06b0-11ec-8c6b-353266ade330", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-09-02T16:45:00.648Z", + "version": "WzY2MSwxXQ==", + "attributes": { + "title": "Severity - Responding Country", + "visState": "{\"title\":\"Severity - Responding Country\",\"type\":\"region_map\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"params\":{\"field\":\"event.severity\",\"customLabel\":\"Highest Severity Score\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.geo.country_iso_code\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":300,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Responding Country\"},\"schema\":\"segment\"}],\"params\":{\"legendPosition\":\"bottomright\",\"addTooltip\":true,\"colorSchema\":\"Yellow to Red\",\"emsHotLink\":\"\",\"isDisplayWarning\":false,\"wms\":{\"enabled\":false,\"url\":\"\",\"options\":{\"version\":\"\",\"layers\":\"\",\"format\":\"image/png\",\"transparent\":true,\"attribution\":\"\",\"styles\":\"\"},\"selectedTmsLayer\":{\"origin\":\"elastic_maps_service\",\"id\":\"road_map\",\"minZoom\":0,\"maxZoom\":10,\"attribution\":\"OpenStreetMap contributors | OpenMapTiles | Elastic Maps Service\"}},\"mapZoom\":2,\"mapCenter\":[0,0],\"outlineWeight\":1,\"showAllShapes\":true,\"selectedLayer\":{\"name\":\"World (offline)\",\"url\":\"/world.geojson\",\"attribution\":\"https://exploratory.io/maps\",\"fields\":[{\"name\":\"ISO_A2\",\"description\":\"Country Code\"},{\"name\":\"WB_A2\",\"description\":\"Country Code2\"},{\"name\":\"NAME\",\"description\":\"Country Name\"}],\"format\":{\"type\":\"geojson\"},\"meta\":{\"feature_collection_path\":\"data\"},\"layerId\":\"self_hosted.World (offline)\",\"isEMS\":false},\"selectedJoinField\":{\"name\":\"WB_A2\",\"description\":\"Country Code2\"}}}", + "uiStateJSON": "{\"mapZoom\":2,\"mapCenter\":[0.8788717828324276,-3.5143305082851]}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "abd55c60-06a5-11ec-8c6b-353266ade330" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "dc7eb0a0-06aa-11ec-8c6b-353266ade330", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-09-02T16:45:00.648Z", + "version": "WzY2MiwxXQ==", + "attributes": { + "title": "Severity - Destination OUI", + "visState": "{\"title\":\"Severity - Destination OUI\",\"type\":\"table\",\"aggs\":[{\"id\":\"3\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.oui\",\"orderBy\":\"_key\",\"order\":\"desc\",\"size\":255,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination OUI\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"max\",\"params\":{\"field\":\"event.risk_score\",\"customLabel\":\"High Raw Severity\"},\"schema\":\"metric\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "abd55c60-06a5-11ec-8c6b-353266ade330" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "c12558e0-06aa-11ec-8c6b-353266ade330", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-09-02T16:45:00.648Z", + "version": "WzY2MywxXQ==", + "attributes": { + "title": "Severity - Source OUI", + "visState": "{\"title\":\"Severity - Source OUI\",\"type\":\"table\",\"aggs\":[{\"id\":\"3\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.oui\",\"orderBy\":\"_key\",\"order\":\"desc\",\"size\":255,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source OUI\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"max\",\"params\":{\"field\":\"event.risk_score\",\"customLabel\":\"High Raw Severity\"},\"schema\":\"metric\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "abd55c60-06a5-11ec-8c6b-353266ade330" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "f38b3bd0-afd3-11ea-adcf-8bc6d9c94a96", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-09-02T16:45:00.648Z", + "version": "WzY2NCwxXQ==", + "attributes": { + "title": "Actions and Results", + "visState": "{\"title\":\"Actions and Results\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":3,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Unknown\"}},\"params\":{},\"label\":\"Protocol\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Action\",\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Result\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Protocol\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Action\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.result\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Result\"}}]}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"event.action:* OR event.result:*\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" + } + }, + "references": [ + { + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern", + "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "abd55c60-06a5-11ec-8c6b-353266ade330", + "type": "search", + "namespaces": [ + "default" + ], + "updated_at": "2021-09-02T16:45:00.648Z", + "version": "WzY2NSwxXQ==", + "attributes": { + "title": "Severity-Scored Logs", + "description": "", + "hits": 0, + "columns": [ + "event.dataset", + "network.transport", + "network.protocol", + "source.ip", + "destination.ip", + "destination.port", + "event.action", + "event.result", + "event.severity", + "event.severity_tags", + "event.id" + ], + "sort": [], + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"query\":{\"query\":\"event.severity:*\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" + } + }, + "references": [ + { + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern", + "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" + } + ], + "migrationVersion": { + "search": "7.9.3" + } + }, + { + "id": "c97bc964-5319-41e7-ad22-db28156a2ac1", + "type": "search", + "namespaces": [ + "default" + ], + "updated_at": "2021-09-02T16:45:00.648Z", + "version": "WzY2NiwxXQ==", + "attributes": { + "title": "All Logs", + "description": "", + "hits": 0, + "columns": [ + "event.provider", + "event.dataset", + "network.protocol", + "event.action", + "event.result", + "source.ip", + "destination.ip", + "destination.port", + "event.id" + ], + "sort": [ + [ + "MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER", + "desc" + ] + ], + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"filter\":[],\"query\":{\"query\":\"NOT event.provider:arkime\",\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" + } + }, + "references": [ + { + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern", + "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" + } + ], + "migrationVersion": { + "search": "7.9.3" + } + }, + { + "id": "8f003748-a6f8-4244-9d4e-e38e4a48da4c", + "type": "search", + "namespaces": [ + "default" + ], + "updated_at": "2021-09-02T16:45:06.705Z", + "version": "WzcxNSwxXQ==", + "attributes": { + "title": "Notices - Logs", + "description": "", + "hits": 0, + "columns": [ + "rule.category", + "rule.name", + "zeek.notice.msg", + "source.ip", + "destination.ip", + "event.id" + ], + "sort": [ + [ + "MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER", + "desc" + ] + ], + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"event.provider:zeek AND event.dataset:notice\",\"default_field\":\"*\"}}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" + } + }, + "references": [ + { + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern", + "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" + } + ], + "migrationVersion": { + "search": "7.9.3" + } + }, + { + "id": "0aca5333-3b1c-4cda-afb4-f7dd86910459", + "type": "search", + "namespaces": [ + "default" + ], + "updated_at": "2021-09-02T16:45:00.648Z", + "version": "WzY2OCwxXQ==", + "attributes": { + "title": "Files - Logs", + "description": "", + "hits": 0, + "columns": [ + "source.ip", + "destination.ip", + "file.source", + "file.mime_type", + "file.path", + "event.id" + ], + "sort": [ + [ + "MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER", + "desc" + ] + ], + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"filter\":[],\"query\":{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"event.dataset:files\"}},\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" + } + }, + "references": [ + { + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern", + "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" + } + ], + "migrationVersion": { + "search": "7.9.3" + } + } + ] } \ No newline at end of file diff --git a/dashboards/dashboards/d41fe630-3f98-11e9-a58e-8bdedb0915e8.json b/dashboards/dashboards/d41fe630-3f98-11e9-a58e-8bdedb0915e8.json index 540f1549b..0c7cbab75 100644 --- a/dashboards/dashboards/d41fe630-3f98-11e9-a58e-8bdedb0915e8.json +++ b/dashboards/dashboards/d41fe630-3f98-11e9-a58e-8bdedb0915e8.json @@ -80,7 +80,7 @@ "version": "WzgwNCwxXQ==", "attributes": { "title": "Connections - Source - Originator Bytes (region map)", - "visState": "{\"title\":\"Connections - Source - Originator Bytes (region map)\",\"type\":\"region_map\",\"params\":{\"addTooltip\":true,\"colorSchema\":\"Green to Red\",\"emsHotLink\":null,\"isDisplayWarning\":false,\"legendPosition\":\"bottomright\",\"mapCenter\":[0,0],\"mapZoom\":2,\"outlineWeight\":1,\"selectedJoinField\":{\"description\":\"Country Code\",\"name\":\"ISO_A2\"},\"selectedLayer\":{\"attribution\":\"https://exploratory.io/maps\",\"fields\":[{\"description\":\"Country Code\",\"name\":\"ISO_A2\"},{\"description\":\"Country Code2\",\"name\":\"WB_A2\"},{\"description\":\"Country Name\",\"name\":\"NAME\"}],\"format\":{\"type\":\"geojson\"},\"isEMS\":false,\"layerId\":\"self_hosted.World (offline)\",\"meta\":{\"feature_collection_path\":\"data\"},\"name\":\"World (offline)\",\"url\":\"/world.geojson\"},\"showAllShapes\":true,\"wms\":{\"enabled\":false,\"options\":{\"format\":\"image/png\",\"transparent\":true},\"selectedTmsLayer\":{\"origin\":\"elastic_maps_service\",\"id\":\"road_map\",\"minZoom\":0,\"maxZoom\":10,\"attribution\":\"OpenStreetMap contributors | OpenMapTiles | MapTiler | Elastic Maps Service\"}},\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Originator Bytes\",\"aggType\":\"cardinality\"},\"bucket\":{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Originator Country\",\"aggType\":\"terms\"}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"client.bytes\",\"customLabel\":\"Originator Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"source.geo.country_iso_code\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Originator Country\"}}]}", + "visState": "{\"title\":\"Connections - Source - Originator Bytes (region map)\",\"type\":\"region_map\",\"params\":{\"addTooltip\":true,\"colorSchema\":\"Green to Red\",\"emsHotLink\":null,\"isDisplayWarning\":false,\"legendPosition\":\"bottomright\",\"mapCenter\":[0,0],\"mapZoom\":2,\"outlineWeight\":1,\"selectedJoinField\":{\"description\":\"Country Code\",\"name\":\"ISO_A2\"},\"selectedLayer\":{\"attribution\":\"https://exploratory.io/maps\",\"fields\":[{\"description\":\"Country Code\",\"name\":\"ISO_A2\"},{\"description\":\"Country Code2\",\"name\":\"WB_A2\"},{\"description\":\"Country Name\",\"name\":\"NAME\"}],\"format\":{\"type\":\"geojson\"},\"isEMS\":false,\"layerId\":\"self_hosted.World (offline)\",\"meta\":{\"feature_collection_path\":\"data\"},\"name\":\"World (offline)\",\"url\":\"/world.geojson\"},\"showAllShapes\":true,\"wms\":{\"enabled\":false,\"options\":{\"format\":\"image/png\",\"transparent\":true},\"selectedTmsLayer\":{\"origin\":\"elastic_maps_service\",\"id\":\"road_map\",\"minZoom\":0,\"maxZoom\":10,\"attribution\":\"OpenStreetMap contributors | OpenMapTiles | MapTiler | Elastic Maps Service\"}},\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Originator Bytes\",\"aggType\":\"cardinality\"},\"bucket\":{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Originator Country\",\"aggType\":\"terms\"}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"client.bytes\",\"customLabel\":\"Originator Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"source.geo.country_iso_code\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Originator Country\"}}]}", "uiStateJSON": "{\"mapCenter\":[37.73168660636539,16.171875000000004],\"mapZoom\":3}", "description": "", "version": 1, diff --git a/dashboards/dashboards/dd87edd0-796a-11ec-9ce6-b395c1ff58f4.json b/dashboards/dashboards/dd87edd0-796a-11ec-9ce6-b395c1ff58f4.json index e527e2f9c..811c18868 100644 --- a/dashboards/dashboards/dd87edd0-796a-11ec-9ce6-b395c1ff58f4.json +++ b/dashboards/dashboards/dd87edd0-796a-11ec-9ce6-b395c1ff58f4.json @@ -130,7 +130,7 @@ "version": "Wzc1NiwxXQ==", "attributes": { "title": "OPCUA Binary - Log Count", - "visState": "{\"title\":\"OPCUA Binary - Log Count\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.dataset\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Log Type\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":20,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"OPCUA Binary - Log Count\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.dataset\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Log Type\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":20,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -189,7 +189,7 @@ "version": "Wzc1OCwxXQ==", "attributes": { "title": "OPCUA Binary - Actions", - "visState": "{\"title\":\"OPCUA Binary - Actions\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Action\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"OPCUA Binary - Actions\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Action\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -218,7 +218,7 @@ "version": "Wzc1OSwxXQ==", "attributes": { "title": "OPCUA Binary - Results", - "visState": "{\"title\":\"OPCUA Binary - Results\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.result\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Result\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"OPCUA Binary - Results\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.result\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Result\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -247,7 +247,7 @@ "version": "Wzc2MCwxXQ==", "attributes": { "title": "OPCUA Binary - URLs and URIs", - "visState": "{\"title\":\"OPCUA Binary - URLs and URIs\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"url.original\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"URL or URI\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":20,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"OPCUA Binary - URLs and URIs\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"url.original\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"URL or URI\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":20,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -306,7 +306,7 @@ "version": "Wzc2MSwxXQ==", "attributes": { "title": "OPCUA Binary - Source", - "visState": "{\"title\":\"OPCUA Binary - Source\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"OPCUA Binary - Source\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -336,7 +336,7 @@ "version": "Wzc2MiwxXQ==", "attributes": { "title": "OPCUA Binary - Destination", - "visState": "{\"title\":\"OPCUA Binary - Destination\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Port\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"OPCUA Binary - Destination\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Port\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/e76d05c0-eb9f-11e9-a384-0fcf32210194.json b/dashboards/dashboards/e76d05c0-eb9f-11e9-a384-0fcf32210194.json index 432296648..c8720b392 100644 --- a/dashboards/dashboards/e76d05c0-eb9f-11e9-a384-0fcf32210194.json +++ b/dashboards/dashboards/e76d05c0-eb9f-11e9-a384-0fcf32210194.json @@ -170,7 +170,7 @@ "version": "Wzc0NCwxXQ==", "attributes": { "title": "S7comm Operations", - "visState": "{\"title\":\"S7comm Operations\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Protocol\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Action\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.result\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Result\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":25,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"S7comm Operations\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Protocol\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Action\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.result\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Result\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":25,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -200,7 +200,7 @@ "version": "Wzc0NSwxXQ==", "attributes": { "title": "S7comm Source IP", - "visState": "{\"title\":\"S7comm Source IP\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Protocol\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"S7comm Source IP\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Protocol\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -230,7 +230,7 @@ "version": "Wzc0NiwxXQ==", "attributes": { "title": "S7comm Destination IP", - "visState": "{\"title\":\"S7comm Destination IP\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Protocol\"},\"schema\":\"bucket\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Port\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"S7comm Destination IP\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Protocol\"},\"schema\":\"bucket\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Port\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -290,7 +290,7 @@ "version": "WzkwNSwxXQ==", "attributes": { "title": "S7comm - Upload/Download File Names", - "visState": "{\"title\":\"S7comm - Upload/Download File Names\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"file.path\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"\",\"customLabel\":\"File Name\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.s7comm_upload_download.destination_filesystem\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Destination Filesystem\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"S7comm - Upload/Download File Names\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"file.path\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"\",\"customLabel\":\"File Name\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.s7comm_upload_download.destination_filesystem\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Destination Filesystem\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -320,7 +320,7 @@ "version": "Wzc0OCwxXQ==", "attributes": { "title": "S7comm Read-SZL", - "visState": "{\"title\":\"S7comm Read-SZL\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.s7comm_read_szl.szl_index\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"SZL Index\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Action\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.result\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Result\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"S7comm Read-SZL\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.s7comm_read_szl.szl_index\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"SZL Index\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Action\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.result\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Result\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/ed8a6640-3f98-11e9-a58e-8bdedb0915e8.json b/dashboards/dashboards/ed8a6640-3f98-11e9-a58e-8bdedb0915e8.json index 76c215156..0fc1cd719 100644 --- a/dashboards/dashboards/ed8a6640-3f98-11e9-a58e-8bdedb0915e8.json +++ b/dashboards/dashboards/ed8a6640-3f98-11e9-a58e-8bdedb0915e8.json @@ -70,7 +70,7 @@ "version": "WzgzNSwxXQ==", "attributes": { "title": "Connections - Source - Responder Bytes (region map)", - "visState": "{\"title\":\"Connections - Source - Responder Bytes (region map)\",\"type\":\"region_map\",\"params\":{\"addTooltip\":true,\"colorSchema\":\"Green to Red\",\"emsHotLink\":null,\"isDisplayWarning\":false,\"legendPosition\":\"bottomright\",\"mapCenter\":[0,0],\"mapZoom\":3,\"outlineWeight\":1,\"selectedJoinField\":{\"description\":\"Country Code\",\"name\":\"ISO_A2\"},\"selectedLayer\":{\"attribution\":\"https://exploratory.io/maps\",\"fields\":[{\"description\":\"Country Code\",\"name\":\"ISO_A2\"},{\"description\":\"Country Code2\",\"name\":\"WB_A2\"},{\"description\":\"Country Name\",\"name\":\"NAME\"}],\"format\":{\"type\":\"geojson\"},\"isEMS\":false,\"layerId\":\"self_hosted.World (offline)\",\"meta\":{\"feature_collection_path\":\"data\"},\"name\":\"World (offline)\",\"url\":\"/world.geojson\"},\"showAllShapes\":true,\"wms\":{\"enabled\":false,\"options\":{\"format\":\"image/png\",\"transparent\":true}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"server.bytes\",\"customLabel\":\"Responder Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"source.geo.country_iso_code\",,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Originator Country\"}}]}", + "visState": "{\"title\":\"Connections - Source - Responder Bytes (region map)\",\"type\":\"region_map\",\"params\":{\"addTooltip\":true,\"colorSchema\":\"Green to Red\",\"emsHotLink\":null,\"isDisplayWarning\":false,\"legendPosition\":\"bottomright\",\"mapCenter\":[0,0],\"mapZoom\":3,\"outlineWeight\":1,\"selectedJoinField\":{\"description\":\"Country Code\",\"name\":\"ISO_A2\"},\"selectedLayer\":{\"attribution\":\"https://exploratory.io/maps\",\"fields\":[{\"description\":\"Country Code\",\"name\":\"ISO_A2\"},{\"description\":\"Country Code2\",\"name\":\"WB_A2\"},{\"description\":\"Country Name\",\"name\":\"NAME\"}],\"format\":{\"type\":\"geojson\"},\"isEMS\":false,\"layerId\":\"self_hosted.World (offline)\",\"meta\":{\"feature_collection_path\":\"data\"},\"name\":\"World (offline)\",\"url\":\"/world.geojson\"},\"showAllShapes\":true,\"wms\":{\"enabled\":false,\"options\":{\"format\":\"image/png\",\"transparent\":true}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"server.bytes\",\"customLabel\":\"Responder Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"source.geo.country_iso_code\",\"size\":250,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Originator Country\"}}]}", "uiStateJSON": "{\"mapCenter\":[0,0],\"mapZoom\":3}", "description": "", "version": 1, diff --git a/dashboards/dashboards/f1f09567-fc7f-450b-a341-19d2f2bb468b.json b/dashboards/dashboards/f1f09567-fc7f-450b-a341-19d2f2bb468b.json index c539eca92..928d05611 100644 --- a/dashboards/dashboards/f1f09567-fc7f-450b-a341-19d2f2bb468b.json +++ b/dashboards/dashboards/f1f09567-fc7f-450b-a341-19d2f2bb468b.json @@ -1,526 +1,526 @@ -{ - "version": "1.3.1", - "objects": [ - { - "id": "f1f09567-fc7f-450b-a341-19d2f2bb468b", - "type": "dashboard", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-04T17:53:11.078Z", - "version": "WzczOSwxXQ==", - "attributes": { - "title": "Zeek Notices", - "hits": 0, - "description": "", - "panelsJSON": "[{\"embeddableConfig\":{\"legendOpen\":false,\"vis\":{\"legendOpen\":true}},\"gridData\":{\"h\":11,\"i\":\"4\",\"w\":32,\"x\":16,\"y\":0},\"panelIndex\":\"4\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":30,\"i\":\"5\",\"w\":8,\"x\":0,\"y\":0},\"panelIndex\":\"5\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}},\"gridData\":{\"h\":19,\"i\":\"7\",\"w\":13,\"x\":0,\"y\":30},\"panelIndex\":\"7\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}},\"gridData\":{\"h\":19,\"i\":\"8\",\"w\":13,\"x\":13,\"y\":30},\"panelIndex\":\"8\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"11\",\"w\":17,\"x\":8,\"y\":11},\"panelIndex\":\"11\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}},\"gridData\":{\"h\":19,\"i\":\"12\",\"w\":24,\"x\":24,\"y\":68},\"panelIndex\":\"12\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}},\"gridData\":{\"h\":19,\"i\":\"13\",\"w\":24,\"x\":0,\"y\":68},\"panelIndex\":\"13\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"14\",\"w\":23,\"x\":25,\"y\":11},\"panelIndex\":\"14\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"asc\"}},\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}},\"gridData\":{\"h\":19,\"i\":\"15\",\"w\":24,\"x\":0,\"y\":49},\"panelIndex\":\"15\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_8\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":11,\"i\":\"16\",\"w\":8,\"x\":8,\"y\":0},\"panelIndex\":\"16\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_9\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":24,\"i\":\"17\",\"w\":48,\"x\":0,\"y\":87},\"panelIndex\":\"17\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_10\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"18\",\"w\":22,\"x\":26,\"y\":30},\"panelIndex\":\"18\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_11\"},{\"embeddableConfig\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"asc\"}},\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}},\"gridData\":{\"h\":19,\"i\":\"19\",\"w\":12,\"x\":36,\"y\":49},\"panelIndex\":\"19\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_12\"},{\"embeddableConfig\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"asc\"}},\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}},\"gridData\":{\"h\":19,\"i\":\"a26aabd1-b1ab-4c25-afa2-343d10b8c592\",\"w\":12,\"x\":24,\"y\":49},\"panelIndex\":\"a26aabd1-b1ab-4c25-afa2-343d10b8c592\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_13\"}]", - "optionsJSON": "{\"useMargins\":true}", - "version": 1, - "timeRestore": false, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"*\"},\"filter\":[]}" - } - }, - "references": [ - { - "name": "panel_0", - "type": "visualization", - "id": "0455b814-9b8e-4895-985d-c0d484bb025c" - }, - { - "name": "panel_1", - "type": "visualization", - "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3" - }, - { - "name": "panel_2", - "type": "visualization", - "id": "abb2c718-e1f5-4b59-9c3d-54082ee3a407" - }, - { - "name": "panel_3", - "type": "visualization", - "id": "af961658-7f3d-4f88-b35f-76d1b6f49002" - }, - { - "name": "panel_4", - "type": "visualization", - "id": "519823ff-ee5b-4051-9dd5-0467e595ab25" - }, - { - "name": "panel_5", - "type": "visualization", - "id": "8f4a6c67-6833-4c53-b874-4341df5f181d" - }, - { - "name": "panel_6", - "type": "visualization", - "id": "47adad3a-a0d2-46eb-a957-1886abd4472d" - }, - { - "name": "panel_7", - "type": "visualization", - "id": "8a911a83-3962-44b8-be39-b54532f51b46" - }, - { - "name": "panel_8", - "type": "visualization", - "id": "8da041f0-ea80-4841-aabc-ae32c40f20c5" - }, - { - "name": "panel_9", - "type": "visualization", - "id": "AWDG1uC-xQT5EBNmq3dP" - }, - { - "name": "panel_10", - "type": "search", - "id": "8f003748-a6f8-4244-9d4e-e38e4a48da4c" - }, - { - "name": "panel_11", - "type": "visualization", - "id": "cd33ef1d-d5b8-43aa-8ae1-2534f0b79759" - }, - { - "name": "panel_12", - "type": "visualization", - "id": "559cf002-6086-4655-908e-d1f757cd58a9" - }, - { - "name": "panel_13", - "type": "visualization", - "id": "5d805580-0c3e-11ec-af25-f10016947fe0" - } - ], - "migrationVersion": { - "dashboard": "7.9.3" - } - }, - { - "id": "0455b814-9b8e-4895-985d-c0d484bb025c", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-04T17:53:11.078Z", - "version": "Wzc0MCwxXQ==", - "attributes": { - "title": "Notices - Log Count Over Time", - "visState": "{\"title\":\"Notices - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"square root\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"stacked\",\"type\":\"histogram\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"type\":\"histogram\",\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"dimensions\":{\"x\":{\"accessor\":0,\"format\":{\"id\":\"date\",\"params\":{\"pattern\":\"HH:mm:ss\"}},\"params\":{\"date\":true,\"interval\":\"PT1S\",\"intervalESValue\":1,\"intervalESUnit\":\"s\",\"format\":\"HH:mm:ss\",\"bounds\":{\"min\":\"2017-04-16T17:22:12.510Z\",\"max\":\"2017-04-16T17:23:40.195Z\"}},\"label\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER per second\",\"aggType\":\"date_histogram\"},\"y\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"series\":[{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Notice Category\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER\",\"timeRange\":{\"from\":\"2017-04-16T17:22:12.510Z\",\"to\":\"2017-04-16T17:23:40.195Z\"},\"useNormalizedEsInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\" \"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"rule.category\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Notice Category\"}}]}", - "uiStateJSON": "{}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "8f003748-a6f8-4244-9d4e-e38e4a48da4c" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-04T17:53:15.100Z", - "version": "Wzc4NCwxXQ==", - "attributes": { - "title": "Network Logs", - "visState": "{\"title\":\"Network Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576) \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405) \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf) \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330) \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4) \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed) \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714) \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3) \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85) \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11) \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f) \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b) \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1) \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed) \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5) \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f) \\n[↪ NetBox](/netbox/) \\n[↪ Arkime](/arkime/) \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406) ● [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e) ● [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9) ● [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48) ● [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) ● [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3) ● [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673) ● [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24) ● [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105) ● [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6) ● [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37) ● [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586) ● [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0) ● [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c) ● [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970) ● [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0) ● [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26) ● [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa) ● [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773) ● [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f) ● [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab) ● [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238) ● [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3) ● [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd) ● [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d) ● [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88) ● [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2) ● [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194) ● [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad) ● [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3) ● [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4) ● [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194) ● [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7) ● [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8) ● [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4) ● [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194) ● [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194) ● [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4) ● [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}", - "uiStateJSON": "{}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}" - } - }, - "references": [], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "abb2c718-e1f5-4b59-9c3d-54082ee3a407", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-04T17:53:11.078Z", - "version": "Wzc0MiwxXQ==", - "attributes": { - "visState": "{\"title\":\"Notices - Source IP Addresses\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", - "description": "", - "title": "Notices - Source IP Addresses", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "type": "search", - "name": "search_0", - "id": "8f003748-a6f8-4244-9d4e-e38e4a48da4c" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "af961658-7f3d-4f88-b35f-76d1b6f49002", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-04T17:53:11.078Z", - "version": "Wzc0MywxXQ==", - "attributes": { - "visState": "{\"title\":\"Notices - Destination IP Addresses\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", - "description": "", - "title": "Notices - Destination IP Addresses", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "type": "search", - "name": "search_0", - "id": "8f003748-a6f8-4244-9d4e-e38e4a48da4c" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "519823ff-ee5b-4051-9dd5-0467e595ab25", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-04T17:53:11.078Z", - "version": "Wzc0NCwxXQ==", - "attributes": { - "title": "Notices - Notice Type", - "visState": "{\"title\":\"Notices - Notice Type\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Notice Category\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.category\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Notice Category\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.name\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Notice Subcategory\"}}]}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "8f003748-a6f8-4244-9d4e-e38e4a48da4c" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "8f4a6c67-6833-4c53-b874-4341df5f181d", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-04T17:53:11.078Z", - "version": "Wzc0NSwxXQ==", - "attributes": { - "visState": "{\"title\":\"Notices - File MIME Type\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.notice.file_mime_type\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"MIME Type\"}}],\"listeners\":{}}", - "description": "", - "title": "Notices - File MIME Type", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "type": "search", - "name": "search_0", - "id": "8f003748-a6f8-4244-9d4e-e38e4a48da4c" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "47adad3a-a0d2-46eb-a957-1886abd4472d", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-04T17:53:11.078Z", - "version": "Wzc0NiwxXQ==", - "attributes": { - "visState": "{\"title\":\"Notices - File Description\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.notice.file_desc\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Description\"}}],\"listeners\":{}}", - "description": "", - "title": "Notices - File Description", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "type": "search", - "name": "search_0", - "id": "8f003748-a6f8-4244-9d4e-e38e4a48da4c" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "8a911a83-3962-44b8-be39-b54532f51b46", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-04T17:53:11.078Z", - "version": "Wzc0NywxXQ==", - "attributes": { - "title": "Notice - Destination Port", - "visState": "{\"title\":\"Notice - Destination Port\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"Port\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"square root\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":false,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"type\":\"histogram\",\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"dimensions\":{\"x\":{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Port\",\"aggType\":\"terms\"},\"y\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Port\"}}]}", - "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "8f003748-a6f8-4244-9d4e-e38e4a48da4c" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "8da041f0-ea80-4841-aabc-ae32c40f20c5", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-04T17:53:11.078Z", - "version": "Wzc0OCwxXQ==", - "attributes": { - "title": "Notice - Message Details", - "visState": "{\"title\":\"Notice - Message Details\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":4,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":4,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Category\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Subcategory\",\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Message\",\"aggType\":\"terms\"},{\"accessor\":3,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Sub-Message\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.category\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Category\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.name\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Subcategory\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.notice.msg\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Message\"}}]}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "8f003748-a6f8-4244-9d4e-e38e4a48da4c" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "AWDG1uC-xQT5EBNmq3dP", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-04T17:53:11.078Z", - "version": "Wzc0OSwxXQ==", - "attributes": { - "title": "Notices - Log Count", - "visState": "{\"title\":\"Notices - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}", - "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "type": "search", - "name": "search_0", - "id": "8f003748-a6f8-4244-9d4e-e38e4a48da4c" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "8f003748-a6f8-4244-9d4e-e38e4a48da4c", - "type": "search", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-04T17:53:11.078Z", - "version": "Wzc1MCwxXQ==", - "attributes": { - "title": "Notices - Logs", - "description": "", - "hits": 0, - "columns": [ - "rule.category", - "rule.name", - "zeek.notice.msg", - "source.ip", - "destination.ip", - "event.id" - ], - "sort": [ - [ - "MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER", - "desc" - ] - ], - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"event.provider:zeek AND event.dataset:notice\",\"default_field\":\"*\"}}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" - } - }, - "references": [ - { - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern", - "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" - } - ], - "migrationVersion": { - "search": "7.9.3" - } - }, - { - "id": "cd33ef1d-d5b8-43aa-8ae1-2534f0b79759", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-04T17:53:11.078Z", - "version": "Wzc1MSwxXQ==", - "attributes": { - "title": "Notices - Notice Types by Source and Destination", - "visState": "{\"title\":\"Notices - Notice Types by Source and Destination\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":4,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Note\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"ip\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Source IP Address\",\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"ip\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Destination IP Address\",\"aggType\":\"terms\"},{\"accessor\":3,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Notice Category\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.category\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Notice Category\"}},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.name\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Notice Subcategory\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP Address\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP Address\"}}]}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":4,\"direction\":\"desc\"}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "8f003748-a6f8-4244-9d4e-e38e4a48da4c" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "559cf002-6086-4655-908e-d1f757cd58a9", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-04T17:53:11.078Z", - "version": "Wzc1MiwxXQ==", - "attributes": { - "title": "Notices - Destination Country", - "visState": "{\"title\":\"Notices - Destination Country\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Destination Country\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.geo.country_name\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Country\"}}]}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "8f003748-a6f8-4244-9d4e-e38e4a48da4c" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "5d805580-0c3e-11ec-af25-f10016947fe0", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-04T17:53:11.078Z", - "version": "Wzc1MywxXQ==", - "attributes": { - "title": "Notices - Source Country", - "visState": "{\"title\":\"Notices - Source Country\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.geo.country_name\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source Country\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Destination Country\",\"aggType\":\"terms\"}]}}}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "8f003748-a6f8-4244-9d4e-e38e4a48da4c" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - } - ] +{ + "version": "1.3.1", + "objects": [ + { + "id": "f1f09567-fc7f-450b-a341-19d2f2bb468b", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-04T17:53:11.078Z", + "version": "WzczOSwxXQ==", + "attributes": { + "title": "Zeek Notices", + "hits": 0, + "description": "", + "panelsJSON": "[{\"embeddableConfig\":{\"legendOpen\":false,\"vis\":{\"legendOpen\":true}},\"gridData\":{\"h\":11,\"i\":\"4\",\"w\":32,\"x\":16,\"y\":0},\"panelIndex\":\"4\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":30,\"i\":\"5\",\"w\":8,\"x\":0,\"y\":0},\"panelIndex\":\"5\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}},\"gridData\":{\"h\":19,\"i\":\"7\",\"w\":13,\"x\":0,\"y\":30},\"panelIndex\":\"7\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}},\"gridData\":{\"h\":19,\"i\":\"8\",\"w\":13,\"x\":13,\"y\":30},\"panelIndex\":\"8\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"11\",\"w\":17,\"x\":8,\"y\":11},\"panelIndex\":\"11\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}},\"gridData\":{\"h\":19,\"i\":\"12\",\"w\":24,\"x\":24,\"y\":68},\"panelIndex\":\"12\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}},\"gridData\":{\"h\":19,\"i\":\"13\",\"w\":24,\"x\":0,\"y\":68},\"panelIndex\":\"13\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"14\",\"w\":23,\"x\":25,\"y\":11},\"panelIndex\":\"14\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"asc\"}},\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}},\"gridData\":{\"h\":19,\"i\":\"15\",\"w\":24,\"x\":0,\"y\":49},\"panelIndex\":\"15\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_8\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":11,\"i\":\"16\",\"w\":8,\"x\":8,\"y\":0},\"panelIndex\":\"16\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_9\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":24,\"i\":\"17\",\"w\":48,\"x\":0,\"y\":87},\"panelIndex\":\"17\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_10\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"18\",\"w\":22,\"x\":26,\"y\":30},\"panelIndex\":\"18\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_11\"},{\"embeddableConfig\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"asc\"}},\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}},\"gridData\":{\"h\":19,\"i\":\"19\",\"w\":12,\"x\":36,\"y\":49},\"panelIndex\":\"19\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_12\"},{\"embeddableConfig\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"asc\"}},\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}},\"gridData\":{\"h\":19,\"i\":\"a26aabd1-b1ab-4c25-afa2-343d10b8c592\",\"w\":12,\"x\":24,\"y\":49},\"panelIndex\":\"a26aabd1-b1ab-4c25-afa2-343d10b8c592\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_13\"}]", + "optionsJSON": "{\"useMargins\":true}", + "version": 1, + "timeRestore": false, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"*\"},\"filter\":[]}" + } + }, + "references": [ + { + "name": "panel_0", + "type": "visualization", + "id": "0455b814-9b8e-4895-985d-c0d484bb025c" + }, + { + "name": "panel_1", + "type": "visualization", + "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3" + }, + { + "name": "panel_2", + "type": "visualization", + "id": "abb2c718-e1f5-4b59-9c3d-54082ee3a407" + }, + { + "name": "panel_3", + "type": "visualization", + "id": "af961658-7f3d-4f88-b35f-76d1b6f49002" + }, + { + "name": "panel_4", + "type": "visualization", + "id": "519823ff-ee5b-4051-9dd5-0467e595ab25" + }, + { + "name": "panel_5", + "type": "visualization", + "id": "8f4a6c67-6833-4c53-b874-4341df5f181d" + }, + { + "name": "panel_6", + "type": "visualization", + "id": "47adad3a-a0d2-46eb-a957-1886abd4472d" + }, + { + "name": "panel_7", + "type": "visualization", + "id": "8a911a83-3962-44b8-be39-b54532f51b46" + }, + { + "name": "panel_8", + "type": "visualization", + "id": "8da041f0-ea80-4841-aabc-ae32c40f20c5" + }, + { + "name": "panel_9", + "type": "visualization", + "id": "AWDG1uC-xQT5EBNmq3dP" + }, + { + "name": "panel_10", + "type": "search", + "id": "8f003748-a6f8-4244-9d4e-e38e4a48da4c" + }, + { + "name": "panel_11", + "type": "visualization", + "id": "cd33ef1d-d5b8-43aa-8ae1-2534f0b79759" + }, + { + "name": "panel_12", + "type": "visualization", + "id": "559cf002-6086-4655-908e-d1f757cd58a9" + }, + { + "name": "panel_13", + "type": "visualization", + "id": "5d805580-0c3e-11ec-af25-f10016947fe0" + } + ], + "migrationVersion": { + "dashboard": "7.9.3" + } + }, + { + "id": "0455b814-9b8e-4895-985d-c0d484bb025c", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-04T17:53:11.078Z", + "version": "Wzc0MCwxXQ==", + "attributes": { + "title": "Notices - Log Count Over Time", + "visState": "{\"title\":\"Notices - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"square root\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"stacked\",\"type\":\"histogram\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"type\":\"histogram\",\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"dimensions\":{\"x\":{\"accessor\":0,\"format\":{\"id\":\"date\",\"params\":{\"pattern\":\"HH:mm:ss\"}},\"params\":{\"date\":true,\"interval\":\"PT1S\",\"intervalESValue\":1,\"intervalESUnit\":\"s\",\"format\":\"HH:mm:ss\",\"bounds\":{\"min\":\"2017-04-16T17:22:12.510Z\",\"max\":\"2017-04-16T17:23:40.195Z\"}},\"label\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER per second\",\"aggType\":\"date_histogram\"},\"y\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"series\":[{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Notice Category\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER\",\"timeRange\":{\"from\":\"2017-04-16T17:22:12.510Z\",\"to\":\"2017-04-16T17:23:40.195Z\"},\"useNormalizedEsInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\" \"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"rule.category\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Notice Category\"}}]}", + "uiStateJSON": "{}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "8f003748-a6f8-4244-9d4e-e38e4a48da4c" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-04T17:53:15.100Z", + "version": "Wzc4NCwxXQ==", + "attributes": { + "title": "Network Logs", + "visState": "{\"title\":\"Network Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576) \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405) \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf) \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330) \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4) \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed) \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714) \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3) \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85) \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11) \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f) \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b) \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1) \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed) \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5) \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f) \\n[↪ NetBox](/netbox/) \\n[↪ Arkime](/arkime/) \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406) ● [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e) ● [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9) ● [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48) ● [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) ● [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3) ● [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673) ● [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24) ● [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105) ● [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6) ● [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37) ● [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586) ● [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0) ● [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c) ● [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970) ● [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0) ● [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26) ● [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa) ● [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773) ● [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f) ● [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab) ● [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238) ● [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3) ● [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd) ● [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d) ● [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88) ● [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2) ● [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194) ● [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad) ● [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3) ● [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4) ● [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194) ● [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7) ● [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8) ● [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4) ● [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194) ● [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194) ● [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4) ● [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}", + "uiStateJSON": "{}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}" + } + }, + "references": [], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "abb2c718-e1f5-4b59-9c3d-54082ee3a407", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-04T17:53:11.078Z", + "version": "Wzc0MiwxXQ==", + "attributes": { + "visState": "{\"title\":\"Notices - Source IP Addresses\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", + "description": "", + "title": "Notices - Source IP Addresses", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "type": "search", + "name": "search_0", + "id": "8f003748-a6f8-4244-9d4e-e38e4a48da4c" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "af961658-7f3d-4f88-b35f-76d1b6f49002", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-04T17:53:11.078Z", + "version": "Wzc0MywxXQ==", + "attributes": { + "visState": "{\"title\":\"Notices - Destination IP Addresses\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", + "description": "", + "title": "Notices - Destination IP Addresses", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "type": "search", + "name": "search_0", + "id": "8f003748-a6f8-4244-9d4e-e38e4a48da4c" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "519823ff-ee5b-4051-9dd5-0467e595ab25", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-04T17:53:11.078Z", + "version": "Wzc0NCwxXQ==", + "attributes": { + "title": "Notices - Notice Type", + "visState": "{\"title\":\"Notices - Notice Type\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Notice Category\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.category\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Notice Category\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Notice Subcategory\"}}]}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "8f003748-a6f8-4244-9d4e-e38e4a48da4c" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "8f4a6c67-6833-4c53-b874-4341df5f181d", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-04T17:53:11.078Z", + "version": "Wzc0NSwxXQ==", + "attributes": { + "visState": "{\"title\":\"Notices - File MIME Type\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.notice.file_mime_type\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"MIME Type\"}}],\"listeners\":{}}", + "description": "", + "title": "Notices - File MIME Type", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "type": "search", + "name": "search_0", + "id": "8f003748-a6f8-4244-9d4e-e38e4a48da4c" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "47adad3a-a0d2-46eb-a957-1886abd4472d", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-04T17:53:11.078Z", + "version": "Wzc0NiwxXQ==", + "attributes": { + "visState": "{\"title\":\"Notices - File Description\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.notice.file_desc\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Description\"}}],\"listeners\":{}}", + "description": "", + "title": "Notices - File Description", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "type": "search", + "name": "search_0", + "id": "8f003748-a6f8-4244-9d4e-e38e4a48da4c" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "8a911a83-3962-44b8-be39-b54532f51b46", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-04T17:53:11.078Z", + "version": "Wzc0NywxXQ==", + "attributes": { + "title": "Notice - Destination Port", + "visState": "{\"title\":\"Notice - Destination Port\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"Port\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"square root\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":false,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"type\":\"histogram\",\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"dimensions\":{\"x\":{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Port\",\"aggType\":\"terms\"},\"y\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Port\"}}]}", + "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "8f003748-a6f8-4244-9d4e-e38e4a48da4c" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "8da041f0-ea80-4841-aabc-ae32c40f20c5", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-04T17:53:11.078Z", + "version": "Wzc0OCwxXQ==", + "attributes": { + "title": "Notice - Message Details", + "visState": "{\"title\":\"Notice - Message Details\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":4,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":4,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Category\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Subcategory\",\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Message\",\"aggType\":\"terms\"},{\"accessor\":3,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Sub-Message\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.category\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Category\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Subcategory\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.notice.msg\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Message\"}}]}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "8f003748-a6f8-4244-9d4e-e38e4a48da4c" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "AWDG1uC-xQT5EBNmq3dP", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-04T17:53:11.078Z", + "version": "Wzc0OSwxXQ==", + "attributes": { + "title": "Notices - Log Count", + "visState": "{\"title\":\"Notices - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}", + "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "type": "search", + "name": "search_0", + "id": "8f003748-a6f8-4244-9d4e-e38e4a48da4c" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "8f003748-a6f8-4244-9d4e-e38e4a48da4c", + "type": "search", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-04T17:53:11.078Z", + "version": "Wzc1MCwxXQ==", + "attributes": { + "title": "Notices - Logs", + "description": "", + "hits": 0, + "columns": [ + "rule.category", + "rule.name", + "zeek.notice.msg", + "source.ip", + "destination.ip", + "event.id" + ], + "sort": [ + [ + "MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER", + "desc" + ] + ], + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"event.provider:zeek AND event.dataset:notice\",\"default_field\":\"*\"}}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" + } + }, + "references": [ + { + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern", + "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" + } + ], + "migrationVersion": { + "search": "7.9.3" + } + }, + { + "id": "cd33ef1d-d5b8-43aa-8ae1-2534f0b79759", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-04T17:53:11.078Z", + "version": "Wzc1MSwxXQ==", + "attributes": { + "title": "Notices - Notice Types by Source and Destination", + "visState": "{\"title\":\"Notices - Notice Types by Source and Destination\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":4,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Note\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"ip\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Source IP Address\",\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"ip\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Destination IP Address\",\"aggType\":\"terms\"},{\"accessor\":3,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Notice Category\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.category\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Notice Category\"}},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Notice Subcategory\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP Address\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP Address\"}}]}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":4,\"direction\":\"desc\"}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "8f003748-a6f8-4244-9d4e-e38e4a48da4c" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "559cf002-6086-4655-908e-d1f757cd58a9", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-04T17:53:11.078Z", + "version": "Wzc1MiwxXQ==", + "attributes": { + "title": "Notices - Destination Country", + "visState": "{\"title\":\"Notices - Destination Country\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Destination Country\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.geo.country_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Country\"}}]}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "8f003748-a6f8-4244-9d4e-e38e4a48da4c" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "5d805580-0c3e-11ec-af25-f10016947fe0", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-04T17:53:11.078Z", + "version": "Wzc1MywxXQ==", + "attributes": { + "title": "Notices - Source Country", + "visState": "{\"title\":\"Notices - Source Country\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.geo.country_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source Country\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Destination Country\",\"aggType\":\"terms\"}]}}}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "8f003748-a6f8-4244-9d4e-e38e4a48da4c" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + } + ] } \ No newline at end of file diff --git a/dashboards/dashboards/f77bf097-18a8-465c-b634-eb2acc7a4f26.json b/dashboards/dashboards/f77bf097-18a8-465c-b634-eb2acc7a4f26.json index 4b2410e27..e97f57f71 100644 --- a/dashboards/dashboards/f77bf097-18a8-465c-b634-eb2acc7a4f26.json +++ b/dashboards/dashboards/f77bf097-18a8-465c-b634-eb2acc7a4f26.json @@ -214,7 +214,7 @@ "updated_at": "2021-02-10T21:25:08.611Z", "version": "Wzg2MiwxXQ==", "attributes": { - "visState": "{\"title\":\"RFB - Desktop Name\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.rfb.desktop_name\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Desktop Name\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"RFB - Desktop Name\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.rfb.desktop_name\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Desktop Name\"}}],\"listeners\":{}}", "description": "", "title": "RFB - Desktop Name", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -244,7 +244,7 @@ "updated_at": "2021-02-10T21:25:08.611Z", "version": "Wzg2MywxXQ==", "attributes": { - "visState": "{\"title\":\"RFB - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"RFB - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", "description": "", "title": "RFB - Source IP Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -274,7 +274,7 @@ "updated_at": "2021-02-10T21:25:08.611Z", "version": "Wzg2NCwxXQ==", "attributes": { - "visState": "{\"title\":\"RFB - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"RFB - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", "description": "", "title": "RFB - Destination IP Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -304,7 +304,7 @@ "updated_at": "2021-02-10T21:25:08.611Z", "version": "Wzg2NSwxXQ==", "attributes": { - "visState": "{\"title\":\"RFB - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"RFB - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}", "description": "", "title": "RFB - Destination Port", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -334,7 +334,7 @@ "updated_at": "2021-02-10T21:25:08.611Z", "version": "Wzg2NiwxXQ==", "attributes": { - "visState": "{\"title\":\"RFB - Server Version\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.rfb.server_major_version\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Major Version\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.rfb.server_minor_version\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Minor Version\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"RFB - Server Version\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.rfb.server_major_version\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Major Version\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.rfb.server_minor_version\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Minor Version\"}}],\"listeners\":{}}", "description": "", "title": "RFB - Server Version", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -364,7 +364,7 @@ "updated_at": "2021-02-10T21:25:08.611Z", "version": "Wzg2NywxXQ==", "attributes": { - "visState": "{\"title\":\"RFB - Client Version\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.rfb.client_major_version\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Major Version\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.rfb.client_minor_version\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Minor Version\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"RFB - Client Version\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.rfb.client_major_version\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Major Version\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.rfb.client_minor_version\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Minor Version\"}}],\"listeners\":{}}", "description": "", "title": "RFB - Client Version", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", diff --git a/dashboards/dashboards/fa141950-ef89-11e9-b38a-2db3ee640e88.json b/dashboards/dashboards/fa141950-ef89-11e9-b38a-2db3ee640e88.json index 409029f77..6521f41dc 100644 --- a/dashboards/dashboards/fa141950-ef89-11e9-b38a-2db3ee640e88.json +++ b/dashboards/dashboards/fa141950-ef89-11e9-b38a-2db3ee640e88.json @@ -232,7 +232,7 @@ "version": "Wzg3NywxXQ==", "attributes": { "title": "Tabular Data Stream - SQL Source IP", - "visState": "{\"title\":\"Tabular Data Stream - SQL Source IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"}}]}", + "visState": "{\"title\":\"Tabular Data Stream - SQL Source IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"size\":200,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, @@ -262,7 +262,7 @@ "version": "Wzg3OCwxXQ==", "attributes": { "title": "Tabular Data Stream - SQL Destination IP", - "visState": "{\"title\":\"Tabular Data Stream - SQL Destination IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Port\"}}]}", + "visState": "{\"title\":\"Tabular Data Stream - SQL Destination IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"size\":200,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Port\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -292,7 +292,7 @@ "version": "Wzg3OSwxXQ==", "attributes": { "title": "Tabular Data Stream - SQL Query", - "visState": "{\"title\":\"Tabular Data Stream - SQL Query\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.tds_sql_batch.query\",,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Query\"}}]}", + "visState": "{\"title\":\"Tabular Data Stream - SQL Query\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.tds_sql_batch.query\",\"size\":200,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Query\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/fa477130-2b8a-11ec-a9f2-3911c8571bfd.json b/dashboards/dashboards/fa477130-2b8a-11ec-a9f2-3911c8571bfd.json index b4ac10a83..bb04c03aa 100644 --- a/dashboards/dashboards/fa477130-2b8a-11ec-a9f2-3911c8571bfd.json +++ b/dashboards/dashboards/fa477130-2b8a-11ec-a9f2-3911c8571bfd.json @@ -1,544 +1,544 @@ -{ - "version": "7.10.2", - "objects": [ - { - "id": "fa477130-2b8a-11ec-a9f2-3911c8571bfd", - "type": "dashboard", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-14T16:32:23.695Z", - "version": "WzEwOTIsMV0=", - "attributes": { - "title": "STUN", - "hits": 0, - "description": "", - "panelsJSON": "[{\"embeddableConfig\":{},\"gridData\":{\"h\":32,\"i\":\"2\",\"w\":8,\"x\":0,\"y\":0},\"panelIndex\":\"2\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":15,\"i\":\"7ed1fdac-1ea6-4012-b9b4-468c5f3e9d58\",\"w\":7,\"x\":8,\"y\":0},\"panelIndex\":\"7ed1fdac-1ea6-4012-b9b4-468c5f3e9d58\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":15,\"i\":\"76a1cc35-d46b-46e3-98de-a9ed7d65b3cf\",\"w\":33,\"x\":15,\"y\":0},\"panelIndex\":\"76a1cc35-d46b-46e3-98de-a9ed7d65b3cf\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":36,\"i\":\"5aeadd77-ebbe-4f41-b7f7-43a84e50fb5e\",\"w\":19,\"x\":8,\"y\":15},\"panelIndex\":\"5aeadd77-ebbe-4f41-b7f7-43a84e50fb5e\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":18,\"i\":\"6d1e4227-cdf8-4849-b6d3-bd3955508fcd\",\"w\":21,\"x\":27,\"y\":15},\"panelIndex\":\"6d1e4227-cdf8-4849-b6d3-bd3955508fcd\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{\"vis\":{\"legendOpen\":true}},\"gridData\":{\"h\":19,\"i\":\"08ac7884-ca98-4fb0-967a-4d1336c1e776\",\"w\":8,\"x\":0,\"y\":32},\"panelIndex\":\"08ac7884-ca98-4fb0-967a-4d1336c1e776\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":18,\"i\":\"fc97c774-444a-4669-9dd5-69d833cf9fb2\",\"w\":21,\"x\":27,\"y\":33},\"panelIndex\":\"fc97c774-444a-4669-9dd5-69d833cf9fb2\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":18,\"i\":\"b517bd06-887a-4e31-8cca-22866362b5ab\",\"w\":11,\"x\":0,\"y\":51},\"panelIndex\":\"b517bd06-887a-4e31-8cca-22866362b5ab\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":18,\"i\":\"2ee9ca1e-8995-498b-afce-ea156e5e3f22\",\"w\":14,\"x\":11,\"y\":51},\"panelIndex\":\"2ee9ca1e-8995-498b-afce-ea156e5e3f22\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_8\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":18,\"i\":\"0b82b3c0-7bb6-4405-a1e3-c9ca2d879abb\",\"w\":11,\"x\":25,\"y\":51},\"panelIndex\":\"0b82b3c0-7bb6-4405-a1e3-c9ca2d879abb\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_9\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":18,\"i\":\"811a8c5e-bc09-495e-afea-06766e23d1a6\",\"w\":12,\"x\":36,\"y\":51},\"panelIndex\":\"811a8c5e-bc09-495e-afea-06766e23d1a6\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_10\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":30,\"i\":\"ae863ed6-ee8a-4db3-86d7-63a7e2c1ee19\",\"w\":48,\"x\":0,\"y\":69},\"panelIndex\":\"ae863ed6-ee8a-4db3-86d7-63a7e2c1ee19\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_11\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":30,\"i\":\"c67fbc68-2531-4b22-8f8f-2858c689ff58\",\"w\":48,\"x\":0,\"y\":99},\"panelIndex\":\"c67fbc68-2531-4b22-8f8f-2858c689ff58\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_12\"}]", - "optionsJSON": "{\"useMargins\":true}", - "version": 1, - "timeRestore": false, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"*\"},\"filter\":[]}" - } - }, - "references": [ - { - "name": "panel_0", - "type": "visualization", - "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3" - }, - { - "name": "panel_1", - "type": "visualization", - "id": "e3b16680-2b8d-11ec-a9f2-3911c8571bfd" - }, - { - "name": "panel_2", - "type": "visualization", - "id": "e0750ac0-2b8e-11ec-a9f2-3911c8571bfd" - }, - { - "name": "panel_3", - "type": "visualization", - "id": "f6f2aea0-2b8f-11ec-a9f2-3911c8571bfd" - }, - { - "name": "panel_4", - "type": "visualization", - "id": "c8949b30-2b90-11ec-a9f2-3911c8571bfd" - }, - { - "name": "panel_5", - "type": "visualization", - "id": "71f0aa60-2b92-11ec-a9f2-3911c8571bfd" - }, - { - "name": "panel_6", - "type": "visualization", - "id": "8a4e1a60-2d0a-11ec-9d3b-819bc1f965f7" - }, - { - "name": "panel_7", - "type": "visualization", - "id": "21ac3930-2b91-11ec-a9f2-3911c8571bfd" - }, - { - "name": "panel_8", - "type": "visualization", - "id": "461f9550-2b91-11ec-a9f2-3911c8571bfd" - }, - { - "name": "panel_9", - "type": "visualization", - "id": "05884900-2b92-11ec-a9f2-3911c8571bfd" - }, - { - "name": "panel_10", - "type": "visualization", - "id": "c9b976b0-2b91-11ec-a9f2-3911c8571bfd" - }, - { - "name": "panel_11", - "type": "search", - "id": "fd1b8350-2b8b-11ec-a9f2-3911c8571bfd" - }, - { - "name": "panel_12", - "type": "search", - "id": "642a43b0-2b8c-11ec-a9f2-3911c8571bfd" - } - ], - "migrationVersion": { - "dashboard": "7.9.3" - } - }, - { - "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-14T15:55:12.655Z", - "version": "WzkzNywxXQ==", - "attributes": { - "title": "Network Logs", - "visState": "{\"title\":\"Network Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576) \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405) \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf) \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330) \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4) \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed) \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714) \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3) \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85) \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11) \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f) \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b) \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1) \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed) \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5) \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f) \\n[↪ NetBox](/netbox/) \\n[↪ Arkime](/arkime/) \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406) ● [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e) ● [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9) ● [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48) ● [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) ● [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3) ● [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673) ● [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24) ● [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105) ● [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6) ● [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37) ● [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586) ● [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0) ● [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c) ● [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970) ● [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0) ● [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26) ● [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa) ● [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773) ● [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f) ● [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab) ● [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238) ● [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3) ● [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd) ● [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d) ● [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88) ● [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2) ● [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194) ● [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad) ● [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3) ● [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4) ● [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194) ● [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7) ● [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8) ● [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4) ● [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194) ● [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194) ● [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4) ● [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}", - "uiStateJSON": "{}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}" - } - }, - "references": [], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "e3b16680-2b8d-11ec-a9f2-3911c8571bfd", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-14T15:55:12.655Z", - "version": "WzkzOCwxXQ==", - "attributes": { - "title": "STUN - Log Count", - "visState": "{\"title\":\"STUN - Log Count\",\"type\":\"metric\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.dataset\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Log Type\"},\"schema\":\"group\"}],\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}}}}", - "uiStateJSON": "{}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"event.dataset:stun*\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "c97bc964-5319-41e7-ad22-db28156a2ac1" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "e0750ac0-2b8e-11ec-a9f2-3911c8571bfd", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-14T15:55:12.655Z", - "version": "WzkzOSwxXQ==", - "attributes": { - "title": "STUN - Log Count Over Time", - "visState": "{\"title\":\"STUN - Log Count Over Time\",\"type\":\"histogram\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"params\":{\"field\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER\",\"timeRange\":{\"from\":\"2021-02-26T20:25:47.478Z\",\"to\":\"2021-03-02T15:19:14.457Z\"},\"useNormalizedEsInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\" \"},\"schema\":\"segment\"}],\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"showCircles\":true,\"interpolate\":\"linear\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}", - "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "fd1b8350-2b8b-11ec-a9f2-3911c8571bfd" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "f6f2aea0-2b8f-11ec-a9f2-3911c8571bfd", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-14T15:55:12.655Z", - "version": "Wzk0MCwxXQ==", - "attributes": { - "title": "STUN - Attribute Type", - "visState": "{\"title\":\"STUN - Attribute Type\",\"type\":\"horizontal_bar\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.stun.attr_type\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Attribute Type\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"square root\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}", - "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "fd1b8350-2b8b-11ec-a9f2-3911c8571bfd" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "c8949b30-2b90-11ec-a9f2-3911c8571bfd", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-14T15:55:12.655Z", - "version": "Wzk0MiwxXQ==", - "attributes": { - "title": "STUN - Method and Class", - "visState": "{\"title\":\"STUN - Method and Class\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.stun.method\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Method\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.stun.attr_type\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Attribute Type\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.stun.class\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Class\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "fd1b8350-2b8b-11ec-a9f2-3911c8571bfd" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "71f0aa60-2b92-11ec-a9f2-3911c8571bfd", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-14T16:26:16.939Z", - "version": "WzEwMzYsMV0=", - "attributes": { - "title": "STUN - Class", - "visState": "{\"title\":\"STUN - Class\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.stun.class\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"STUN Class\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}", - "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "fd1b8350-2b8b-11ec-a9f2-3911c8571bfd" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "8a4e1a60-2d0a-11ec-9d3b-819bc1f965f7", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-14T16:19:43.459Z", - "version": "WzEwMTAsMV0=", - "attributes": { - "title": "STUN - Action and Result", - "visState": "{\"title\":\"STUN - Action and Result\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Action\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.result\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Result\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "fd1b8350-2b8b-11ec-a9f2-3911c8571bfd" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "21ac3930-2b91-11ec-a9f2-3911c8571bfd", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-14T15:55:12.655Z", - "version": "Wzk0MywxXQ==", - "attributes": { - "title": "STUN - Source IP", - "visState": "{\"title\":\"STUN - Source IP\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "fd1b8350-2b8b-11ec-a9f2-3911c8571bfd" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "461f9550-2b91-11ec-a9f2-3911c8571bfd", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-14T15:55:12.655Z", - "version": "Wzk0NCwxXQ==", - "attributes": { - "title": "STUN - Destination IP", - "visState": "{\"title\":\"STUN - Destination IP\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Port\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "fd1b8350-2b8b-11ec-a9f2-3911c8571bfd" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "05884900-2b92-11ec-a9f2-3911c8571bfd", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-14T15:55:12.655Z", - "version": "Wzk0NiwxXQ==", - "attributes": { - "title": "STUN - LAN", - "visState": "{\"title\":\"STUN - LAN\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.stun_nat.lan_addr\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"LAN Address\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "642a43b0-2b8c-11ec-a9f2-3911c8571bfd" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "c9b976b0-2b91-11ec-a9f2-3911c8571bfd", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-14T15:55:12.655Z", - "version": "Wzk0NSwxXQ==", - "attributes": { - "title": "STUN - WAN", - "visState": "{\"title\":\"STUN - WAN\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.stun_nat.wan_addr\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"WAN Address\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.stun_nat.wan_port\",\"orderBy\":\"1\",\"order\":\"desc\",,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"WAN Port\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "642a43b0-2b8c-11ec-a9f2-3911c8571bfd" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "fd1b8350-2b8b-11ec-a9f2-3911c8571bfd", - "type": "search", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-14T15:55:12.655Z", - "version": "Wzk0NywxXQ==", - "attributes": { - "title": "STUN - Logs", - "description": "", - "hits": 0, - "columns": [ - "source.ip", - "source.port", - "destination.ip", - "destination.port", - "network.is_orig", - "zeek.stun.method", - "zeek.stun.class", - "zeek.stun.attr_type", - "event.id" - ], - "sort": [], - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"query\":{\"query\":\"event.dataset:stun\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" - } - }, - "references": [ - { - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern", - "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" - } - ], - "migrationVersion": { - "search": "7.9.3" - } - }, - { - "id": "642a43b0-2b8c-11ec-a9f2-3911c8571bfd", - "type": "search", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-14T15:55:12.655Z", - "version": "Wzk0OCwxXQ==", - "attributes": { - "title": "STUN NAT - Logs", - "description": "", - "hits": 0, - "columns": [ - "source.ip", - "source.port", - "destination.ip", - "destination.port", - "network.is_orig", - "zeek.stun_nat.wan_addr", - "zeek.stun_nat.wan_port", - "zeek.stun_nat.lan_addr", - "event.id" - ], - "sort": [], - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"query\":{\"query\":\"event.dataset:stun_nat\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" - } - }, - "references": [ - { - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern", - "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" - } - ], - "migrationVersion": { - "search": "7.9.3" - } - }, - { - "id": "c97bc964-5319-41e7-ad22-db28156a2ac1", - "type": "search", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-14T15:55:12.655Z", - "version": "Wzk0OSwxXQ==", - "attributes": { - "title": "All Logs", - "description": "", - "hits": 0, - "columns": [ - "event.provider", - "event.dataset", - "network.protocol", - "event.action", - "event.result", - "source.ip", - "destination.ip", - "destination.port", - "event.id" - ], - "sort": [ - [ - "MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER", - "desc" - ] - ], - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"filter\":[],\"query\":{\"query\":\"NOT event.provider:arkime\",\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" - } - }, - "references": [ - { - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern", - "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" - } - ], - "migrationVersion": { - "search": "7.9.3" - } - } - ] +{ + "version": "7.10.2", + "objects": [ + { + "id": "fa477130-2b8a-11ec-a9f2-3911c8571bfd", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-14T16:32:23.695Z", + "version": "WzEwOTIsMV0=", + "attributes": { + "title": "STUN", + "hits": 0, + "description": "", + "panelsJSON": "[{\"embeddableConfig\":{},\"gridData\":{\"h\":32,\"i\":\"2\",\"w\":8,\"x\":0,\"y\":0},\"panelIndex\":\"2\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":15,\"i\":\"7ed1fdac-1ea6-4012-b9b4-468c5f3e9d58\",\"w\":7,\"x\":8,\"y\":0},\"panelIndex\":\"7ed1fdac-1ea6-4012-b9b4-468c5f3e9d58\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":15,\"i\":\"76a1cc35-d46b-46e3-98de-a9ed7d65b3cf\",\"w\":33,\"x\":15,\"y\":0},\"panelIndex\":\"76a1cc35-d46b-46e3-98de-a9ed7d65b3cf\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":36,\"i\":\"5aeadd77-ebbe-4f41-b7f7-43a84e50fb5e\",\"w\":19,\"x\":8,\"y\":15},\"panelIndex\":\"5aeadd77-ebbe-4f41-b7f7-43a84e50fb5e\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":18,\"i\":\"6d1e4227-cdf8-4849-b6d3-bd3955508fcd\",\"w\":21,\"x\":27,\"y\":15},\"panelIndex\":\"6d1e4227-cdf8-4849-b6d3-bd3955508fcd\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{\"vis\":{\"legendOpen\":true}},\"gridData\":{\"h\":19,\"i\":\"08ac7884-ca98-4fb0-967a-4d1336c1e776\",\"w\":8,\"x\":0,\"y\":32},\"panelIndex\":\"08ac7884-ca98-4fb0-967a-4d1336c1e776\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":18,\"i\":\"fc97c774-444a-4669-9dd5-69d833cf9fb2\",\"w\":21,\"x\":27,\"y\":33},\"panelIndex\":\"fc97c774-444a-4669-9dd5-69d833cf9fb2\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":18,\"i\":\"b517bd06-887a-4e31-8cca-22866362b5ab\",\"w\":11,\"x\":0,\"y\":51},\"panelIndex\":\"b517bd06-887a-4e31-8cca-22866362b5ab\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":18,\"i\":\"2ee9ca1e-8995-498b-afce-ea156e5e3f22\",\"w\":14,\"x\":11,\"y\":51},\"panelIndex\":\"2ee9ca1e-8995-498b-afce-ea156e5e3f22\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_8\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":18,\"i\":\"0b82b3c0-7bb6-4405-a1e3-c9ca2d879abb\",\"w\":11,\"x\":25,\"y\":51},\"panelIndex\":\"0b82b3c0-7bb6-4405-a1e3-c9ca2d879abb\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_9\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":18,\"i\":\"811a8c5e-bc09-495e-afea-06766e23d1a6\",\"w\":12,\"x\":36,\"y\":51},\"panelIndex\":\"811a8c5e-bc09-495e-afea-06766e23d1a6\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_10\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":30,\"i\":\"ae863ed6-ee8a-4db3-86d7-63a7e2c1ee19\",\"w\":48,\"x\":0,\"y\":69},\"panelIndex\":\"ae863ed6-ee8a-4db3-86d7-63a7e2c1ee19\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_11\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":30,\"i\":\"c67fbc68-2531-4b22-8f8f-2858c689ff58\",\"w\":48,\"x\":0,\"y\":99},\"panelIndex\":\"c67fbc68-2531-4b22-8f8f-2858c689ff58\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_12\"}]", + "optionsJSON": "{\"useMargins\":true}", + "version": 1, + "timeRestore": false, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"*\"},\"filter\":[]}" + } + }, + "references": [ + { + "name": "panel_0", + "type": "visualization", + "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3" + }, + { + "name": "panel_1", + "type": "visualization", + "id": "e3b16680-2b8d-11ec-a9f2-3911c8571bfd" + }, + { + "name": "panel_2", + "type": "visualization", + "id": "e0750ac0-2b8e-11ec-a9f2-3911c8571bfd" + }, + { + "name": "panel_3", + "type": "visualization", + "id": "f6f2aea0-2b8f-11ec-a9f2-3911c8571bfd" + }, + { + "name": "panel_4", + "type": "visualization", + "id": "c8949b30-2b90-11ec-a9f2-3911c8571bfd" + }, + { + "name": "panel_5", + "type": "visualization", + "id": "71f0aa60-2b92-11ec-a9f2-3911c8571bfd" + }, + { + "name": "panel_6", + "type": "visualization", + "id": "8a4e1a60-2d0a-11ec-9d3b-819bc1f965f7" + }, + { + "name": "panel_7", + "type": "visualization", + "id": "21ac3930-2b91-11ec-a9f2-3911c8571bfd" + }, + { + "name": "panel_8", + "type": "visualization", + "id": "461f9550-2b91-11ec-a9f2-3911c8571bfd" + }, + { + "name": "panel_9", + "type": "visualization", + "id": "05884900-2b92-11ec-a9f2-3911c8571bfd" + }, + { + "name": "panel_10", + "type": "visualization", + "id": "c9b976b0-2b91-11ec-a9f2-3911c8571bfd" + }, + { + "name": "panel_11", + "type": "search", + "id": "fd1b8350-2b8b-11ec-a9f2-3911c8571bfd" + }, + { + "name": "panel_12", + "type": "search", + "id": "642a43b0-2b8c-11ec-a9f2-3911c8571bfd" + } + ], + "migrationVersion": { + "dashboard": "7.9.3" + } + }, + { + "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-14T15:55:12.655Z", + "version": "WzkzNywxXQ==", + "attributes": { + "title": "Network Logs", + "visState": "{\"title\":\"Network Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576) \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405) \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf) \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330) \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4) \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed) \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714) \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3) \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85) \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11) \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f) \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b) \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1) \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed) \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5) \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f) \\n[↪ NetBox](/netbox/) \\n[↪ Arkime](/arkime/) \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406) ● [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e) ● [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9) ● [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48) ● [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) ● [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3) ● [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673) ● [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24) ● [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105) ● [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6) ● [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37) ● [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586) ● [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0) ● [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c) ● [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970) ● [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0) ● [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26) ● [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa) ● [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773) ● [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f) ● [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab) ● [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238) ● [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3) ● [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd) ● [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d) ● [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88) ● [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2) ● [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194) ● [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad) ● [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3) ● [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4) ● [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194) ● [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7) ● [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8) ● [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4) ● [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194) ● [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194) ● [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4) ● [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}", + "uiStateJSON": "{}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}" + } + }, + "references": [], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "e3b16680-2b8d-11ec-a9f2-3911c8571bfd", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-14T15:55:12.655Z", + "version": "WzkzOCwxXQ==", + "attributes": { + "title": "STUN - Log Count", + "visState": "{\"title\":\"STUN - Log Count\",\"type\":\"metric\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.dataset\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Log Type\"},\"schema\":\"group\"}],\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}}}}", + "uiStateJSON": "{}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"event.dataset:stun*\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "c97bc964-5319-41e7-ad22-db28156a2ac1" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "e0750ac0-2b8e-11ec-a9f2-3911c8571bfd", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-14T15:55:12.655Z", + "version": "WzkzOSwxXQ==", + "attributes": { + "title": "STUN - Log Count Over Time", + "visState": "{\"title\":\"STUN - Log Count Over Time\",\"type\":\"histogram\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"params\":{\"field\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER\",\"timeRange\":{\"from\":\"2021-02-26T20:25:47.478Z\",\"to\":\"2021-03-02T15:19:14.457Z\"},\"useNormalizedEsInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\" \"},\"schema\":\"segment\"}],\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"showCircles\":true,\"interpolate\":\"linear\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}", + "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "fd1b8350-2b8b-11ec-a9f2-3911c8571bfd" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "f6f2aea0-2b8f-11ec-a9f2-3911c8571bfd", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-14T15:55:12.655Z", + "version": "Wzk0MCwxXQ==", + "attributes": { + "title": "STUN - Attribute Type", + "visState": "{\"title\":\"STUN - Attribute Type\",\"type\":\"horizontal_bar\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.stun.attr_type\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Attribute Type\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"square root\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}", + "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "fd1b8350-2b8b-11ec-a9f2-3911c8571bfd" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "c8949b30-2b90-11ec-a9f2-3911c8571bfd", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-14T15:55:12.655Z", + "version": "Wzk0MiwxXQ==", + "attributes": { + "title": "STUN - Method and Class", + "visState": "{\"title\":\"STUN - Method and Class\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.stun.method\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Method\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.stun.attr_type\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Attribute Type\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.stun.class\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Class\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "fd1b8350-2b8b-11ec-a9f2-3911c8571bfd" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "71f0aa60-2b92-11ec-a9f2-3911c8571bfd", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-14T16:26:16.939Z", + "version": "WzEwMzYsMV0=", + "attributes": { + "title": "STUN - Class", + "visState": "{\"title\":\"STUN - Class\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.stun.class\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"STUN Class\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}", + "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "fd1b8350-2b8b-11ec-a9f2-3911c8571bfd" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "8a4e1a60-2d0a-11ec-9d3b-819bc1f965f7", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-14T16:19:43.459Z", + "version": "WzEwMTAsMV0=", + "attributes": { + "title": "STUN - Action and Result", + "visState": "{\"title\":\"STUN - Action and Result\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Action\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.result\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Result\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "fd1b8350-2b8b-11ec-a9f2-3911c8571bfd" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "21ac3930-2b91-11ec-a9f2-3911c8571bfd", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-14T15:55:12.655Z", + "version": "Wzk0MywxXQ==", + "attributes": { + "title": "STUN - Source IP", + "visState": "{\"title\":\"STUN - Source IP\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "fd1b8350-2b8b-11ec-a9f2-3911c8571bfd" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "461f9550-2b91-11ec-a9f2-3911c8571bfd", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-14T15:55:12.655Z", + "version": "Wzk0NCwxXQ==", + "attributes": { + "title": "STUN - Destination IP", + "visState": "{\"title\":\"STUN - Destination IP\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Port\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "fd1b8350-2b8b-11ec-a9f2-3911c8571bfd" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "05884900-2b92-11ec-a9f2-3911c8571bfd", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-14T15:55:12.655Z", + "version": "Wzk0NiwxXQ==", + "attributes": { + "title": "STUN - LAN", + "visState": "{\"title\":\"STUN - LAN\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.stun_nat.lan_addr\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"LAN Address\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "642a43b0-2b8c-11ec-a9f2-3911c8571bfd" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "c9b976b0-2b91-11ec-a9f2-3911c8571bfd", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-14T15:55:12.655Z", + "version": "Wzk0NSwxXQ==", + "attributes": { + "title": "STUN - WAN", + "visState": "{\"title\":\"STUN - WAN\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.stun_nat.wan_addr\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"WAN Address\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.stun_nat.wan_port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"WAN Port\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "642a43b0-2b8c-11ec-a9f2-3911c8571bfd" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "fd1b8350-2b8b-11ec-a9f2-3911c8571bfd", + "type": "search", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-14T15:55:12.655Z", + "version": "Wzk0NywxXQ==", + "attributes": { + "title": "STUN - Logs", + "description": "", + "hits": 0, + "columns": [ + "source.ip", + "source.port", + "destination.ip", + "destination.port", + "network.is_orig", + "zeek.stun.method", + "zeek.stun.class", + "zeek.stun.attr_type", + "event.id" + ], + "sort": [], + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"query\":{\"query\":\"event.dataset:stun\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" + } + }, + "references": [ + { + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern", + "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" + } + ], + "migrationVersion": { + "search": "7.9.3" + } + }, + { + "id": "642a43b0-2b8c-11ec-a9f2-3911c8571bfd", + "type": "search", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-14T15:55:12.655Z", + "version": "Wzk0OCwxXQ==", + "attributes": { + "title": "STUN NAT - Logs", + "description": "", + "hits": 0, + "columns": [ + "source.ip", + "source.port", + "destination.ip", + "destination.port", + "network.is_orig", + "zeek.stun_nat.wan_addr", + "zeek.stun_nat.wan_port", + "zeek.stun_nat.lan_addr", + "event.id" + ], + "sort": [], + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"query\":{\"query\":\"event.dataset:stun_nat\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" + } + }, + "references": [ + { + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern", + "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" + } + ], + "migrationVersion": { + "search": "7.9.3" + } + }, + { + "id": "c97bc964-5319-41e7-ad22-db28156a2ac1", + "type": "search", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-14T15:55:12.655Z", + "version": "Wzk0OSwxXQ==", + "attributes": { + "title": "All Logs", + "description": "", + "hits": 0, + "columns": [ + "event.provider", + "event.dataset", + "network.protocol", + "event.action", + "event.result", + "source.ip", + "destination.ip", + "destination.port", + "event.id" + ], + "sort": [ + [ + "MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER", + "desc" + ] + ], + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"filter\":[],\"query\":{\"query\":\"NOT event.provider:arkime\",\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" + } + }, + "references": [ + { + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern", + "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" + } + ], + "migrationVersion": { + "search": "7.9.3" + } + } + ] } \ No newline at end of file From 46666e0c6f42ff4ff95fcb8a96b4f3857a6a9508 Mon Sep 17 00:00:00 2001 From: Seth Grover Date: Tue, 19 Mar 2024 14:58:55 -0600 Subject: [PATCH 46/79] adjust some dashbaords line endings --- .../024062a6-48d6-498f-a91a-3bf2da3a3cd3.json | 1220 +++++------ .../03207c00-d07e-11ec-b4a7-d1b4003706b7.json | 766 +++---- .../0ad3d7c2-3441-485e-9dfe-dbb22e84e576.json | 938 ++++---- .../12e3a130-d83b-11eb-a0b0-f328ce09b0b7.json | 680 +++--- .../1fff49f6-0199-4a0f-820b-721aff9ff1f1.json | 560 ++--- .../29a1b290-eb98-11e9-a384-0fcf32210194.json | 1056 ++++----- .../36ed695f-edcc-47c1-b0ec-50d20c93ce0f.json | 914 ++++---- .../665d1610-523d-11e9-a30e-e3576242f3ed.json | 626 +++--- .../7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb.json | 1420 ++++++------- .../abdd7550-2c7c-40dc-947e-f6d186a158c4.json | 1880 ++++++++--------- .../d2dd0180-06b1-11ec-8c6b-353266ade330.json | 1374 ++++++------ .../f1f09567-fc7f-450b-a341-19d2f2bb468b.json | 1050 ++++----- .../fa477130-2b8a-11ec-a9f2-3911c8571bfd.json | 1086 +++++----- 13 files changed, 6785 insertions(+), 6785 deletions(-) diff --git a/dashboards/dashboards/024062a6-48d6-498f-a91a-3bf2da3a3cd3.json b/dashboards/dashboards/024062a6-48d6-498f-a91a-3bf2da3a3cd3.json index 51ce770a4..e705f1da5 100644 --- a/dashboards/dashboards/024062a6-48d6-498f-a91a-3bf2da3a3cd3.json +++ b/dashboards/dashboards/024062a6-48d6-498f-a91a-3bf2da3a3cd3.json @@ -1,611 +1,611 @@ -{ - "version": "7.10.2", - "objects": [ - { - "id": "024062a6-48d6-498f-a91a-3bf2da3a3cd3", - "type": "dashboard", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-12T18:27:47.478Z", - "version": "Wzg4MywxXQ==", - "attributes": { - "title": "X.509", - "hits": 0, - "description": "", - "panelsJSON": "[{\"version\":\"7.10.2\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":28,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":8,\"y\":8,\"w\":15,\"h\":20,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":0,\"y\":46,\"w\":15,\"h\":20,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":15,\"y\":46,\"w\":19,\"h\":20,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":34,\"y\":8,\"w\":14,\"h\":20,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":23,\"y\":8,\"w\":11,\"h\":20,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":0,\"y\":28,\"w\":12,\"h\":18,\"i\":\"aa7075cb-f9ef-4453-8c5f-90eccc6883c7\"},\"panelIndex\":\"aa7075cb-f9ef-4453-8c5f-90eccc6883c7\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":12,\"y\":28,\"w\":12,\"h\":18,\"i\":\"5e719795-a525-43dd-974c-6145b6e15de1\"},\"panelIndex\":\"5e719795-a525-43dd-974c-6145b6e15de1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":24,\"y\":28,\"w\":12,\"h\":18,\"i\":\"92e238af-672e-4f6d-8ff0-bf9d9a3a2437\"},\"panelIndex\":\"92e238af-672e-4f6d-8ff0-bf9d9a3a2437\",\"embeddableConfig\":{},\"panelRefName\":\"panel_10\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":36,\"y\":28,\"w\":12,\"h\":18,\"i\":\"d4f7644a-5547-4976-a5df-a5a5ae4a5bed\"},\"panelIndex\":\"d4f7644a-5547-4976-a5df-a5a5ae4a5bed\",\"embeddableConfig\":{},\"panelRefName\":\"panel_11\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":34,\"y\":46,\"w\":14,\"h\":20,\"i\":\"cff03ff3-838f-40f1-84b5-f671ff537a6c\"},\"panelIndex\":\"cff03ff3-838f-40f1-84b5-f671ff537a6c\",\"embeddableConfig\":{},\"panelRefName\":\"panel_12\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":0,\"y\":66,\"w\":48,\"h\":39,\"i\":\"2a9de8ad-b593-4bf3-9fc4-703580b95500\"},\"panelIndex\":\"2a9de8ad-b593-4bf3-9fc4-703580b95500\",\"embeddableConfig\":{},\"panelRefName\":\"panel_13\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":0,\"y\":105,\"w\":48,\"h\":24,\"i\":\"4535ecde-ff4e-4121-b783-deb678c5f1ff\"},\"panelIndex\":\"4535ecde-ff4e-4121-b783-deb678c5f1ff\",\"embeddableConfig\":{},\"panelRefName\":\"panel_14\"}]", - "optionsJSON": "{\"useMargins\":true}", - "version": 1, - "timeRestore": false, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\",\"time_zone\":\"America/Boise\"}}},\"filter\":[]}" - } - }, - "references": [ - { - "name": "panel_0", - "type": "visualization", - "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3" - }, - { - "name": "panel_1", - "type": "visualization", - "id": "0ce14883-eb54-4b30-aba0-b8b13021da11" - }, - { - "name": "panel_2", - "type": "visualization", - "id": "23d08a2e-2fa2-42df-bf75-dc5f3e5a79e7" - }, - { - "name": "panel_3", - "type": "visualization", - "id": "d608f7dd-efea-49c4-b61d-a09d2a29148c" - }, - { - "name": "panel_4", - "type": "visualization", - "id": "fabba18b-a1ed-4a90-a27c-bdcfed98eae1" - }, - { - "name": "panel_5", - "type": "visualization", - "id": "193088ad-5112-435f-9e9f-ec9127ff8665" - }, - { - "name": "panel_6", - "type": "visualization", - "id": "34d702ec-63e9-475d-ab0a-07d97ed4bd66" - }, - { - "name": "panel_7", - "type": "visualization", - "id": "AWDHGklsxQT5EBNmq4wG" - }, - { - "name": "panel_8", - "type": "visualization", - "id": "fa696510-4e9b-11ea-b504-97aa449f6abc" - }, - { - "name": "panel_9", - "type": "visualization", - "id": "61410dd0-2b89-11ec-a9f2-3911c8571bfd" - }, - { - "name": "panel_10", - "type": "visualization", - "id": "b1481d20-2b64-11ec-a748-7936240e2919" - }, - { - "name": "panel_11", - "type": "visualization", - "id": "cdd2a1e0-2b64-11ec-a748-7936240e2919" - }, - { - "name": "panel_12", - "type": "visualization", - "id": "e70e3a00-2b75-11ec-b2c0-c162ed55b2ac" - }, - { - "name": "panel_13", - "type": "search", - "id": "858102a3-eec0-4ab3-82bb-a791e4eb364b" - }, - { - "name": "panel_14", - "type": "search", - "id": "9c2ec460-2b88-11ec-a9f2-3911c8571bfd" - } - ], - "migrationVersion": { - "dashboard": "7.9.3" - } - }, - { - "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-12T17:35:08.437Z", - "version": "Wzc0MiwxXQ==", - "attributes": { - "title": "Network Logs", - "visState": "{\"title\":\"Network Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576) \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405) \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf) \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330) \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4) \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed) \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714) \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3) \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85) \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11) \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f) \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b) \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1) \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed) \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5) \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f) \\n[↪ NetBox](/netbox/) \\n[↪ Arkime](/arkime/) \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406) ● [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e) ● [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9) ● [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48) ● [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) ● [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3) ● [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673) ● [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24) ● [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105) ● [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6) ● [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37) ● [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586) ● [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0) ● [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c) ● [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970) ● [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0) ● [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26) ● [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa) ● [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773) ● [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f) ● [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab) ● [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238) ● [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3) ● [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd) ● [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d) ● [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88) ● [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2) ● [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194) ● [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad) ● [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3) ● [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4) ● [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194) ● [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7) ● [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8) ● [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4) ● [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194) ● [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194) ● [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4) ● [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}", - "uiStateJSON": "{}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}" - } - }, - "references": [], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "0ce14883-eb54-4b30-aba0-b8b13021da11", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-12T17:34:03.402Z", - "version": "WzUsMV0=", - "attributes": { - "visState": "{\"title\":\"X.509 - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"histogram\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\" \"}}],\"listeners\":{}}", - "description": "", - "title": "X.509 - Log Count Over Time", - "uiStateJSON": "{}", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "type": "search", - "name": "search_0", - "id": "858102a3-eec0-4ab3-82bb-a791e4eb364b" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "23d08a2e-2fa2-42df-bf75-dc5f3e5a79e7", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-12T17:34:03.402Z", - "version": "WzYsMV0=", - "attributes": { - "title": "X.509 - Certificate Signing Algorithm", - "visState": "{\"title\":\"X.509 - Certificate Signing Algorithm\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Algorithm\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek.x509.certificate_sig_alg\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Algorithm\"}}]}", - "uiStateJSON": "{}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "858102a3-eec0-4ab3-82bb-a791e4eb364b" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "d608f7dd-efea-49c4-b61d-a09d2a29148c", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-12T17:34:03.402Z", - "version": "WzcsMV0=", - "attributes": { - "visState": "{\"title\":\"X.509 - Certificate Subject\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.x509.certificate_subject_full\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Subject\"}}],\"listeners\":{}}", - "description": "", - "title": "X.509 - Certificate Subject", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "type": "search", - "name": "search_0", - "id": "858102a3-eec0-4ab3-82bb-a791e4eb364b" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "fabba18b-a1ed-4a90-a27c-bdcfed98eae1", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-12T17:34:03.402Z", - "version": "WzgsMV0=", - "attributes": { - "visState": "{\"title\":\"X.509 - Certificate Issuer\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.x509.certificate_issuer_full\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Issuer\"}}],\"listeners\":{}}", - "description": "", - "title": "X.509 - Certificate Issuer", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "type": "search", - "name": "search_0", - "id": "858102a3-eec0-4ab3-82bb-a791e4eb364b" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "193088ad-5112-435f-9e9f-ec9127ff8665", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-12T17:34:03.402Z", - "version": "WzksMV0=", - "attributes": { - "title": "X.509 - Certificate Key Length", - "visState": "{\"title\":\"X.509 - Certificate Key Length\",\"type\":\"histogram\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.x509.certificate_key_length\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Key Length\"},\"schema\":\"segment\"}],\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100,\"rotate\":0},\"title\":{\"text\":\"Key Length\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"square root\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"type\":\"histogram\",\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}", - "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "858102a3-eec0-4ab3-82bb-a791e4eb364b" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "34d702ec-63e9-475d-ab0a-07d97ed4bd66", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-12T17:34:03.402Z", - "version": "WzEwLDFd", - "attributes": { - "title": "X.509 - Certificate Key Algorithm", - "visState": "{\"title\":\"X.509 - Certificate Key Algorithm\",\"type\":\"histogram\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.x509.certificate_key_alg\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":7,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Algorithm\"},\"schema\":\"segment\"}],\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"square root\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"type\":\"histogram\",\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}", - "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "858102a3-eec0-4ab3-82bb-a791e4eb364b" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "AWDHGklsxQT5EBNmq4wG", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-12T17:34:03.402Z", - "version": "WzExLDFd", - "attributes": { - "title": "X.509 - Log Count", - "visState": "{\"title\":\"X.509 - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}", - "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "type": "search", - "name": "search_0", - "id": "858102a3-eec0-4ab3-82bb-a791e4eb364b" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "fa696510-4e9b-11ea-b504-97aa449f6abc", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-12T17:34:37.046Z", - "version": "WzM5NywxXQ==", - "attributes": { - "title": "SSL - Relevant Notices", - "visState": "{\"title\":\"SSL - Relevant Notices\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":4,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Notice Category\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Notice Subcategory\",\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"ip\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Source IP\",\"aggType\":\"terms\"},{\"accessor\":3,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"ip\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"1\"}},\"params\":{},\"label\":\"Destination IP\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.category\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Notice Category\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Notice Subcategory\"}}]}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"rule.category:(SSL OR CVE_2020_0601)\",\"language\":\"lucene\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "8f003748-a6f8-4244-9d4e-e38e4a48da4c" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "61410dd0-2b89-11ec-a9f2-3911c8571bfd", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-12T18:22:38.381Z", - "version": "Wzg2MSwxXQ==", - "attributes": { - "title": "OCSP - Certificate Revocation", - "visState": "{\"title\":\"OCSP - Certificate Revocation\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.ocsp.certStatus\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Certificate Status\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.ocsp.revokereason\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Revocation Reason\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"NOT zeek.ocsp.certStatus:good\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "9c2ec460-2b88-11ec-a9f2-3911c8571bfd" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "b1481d20-2b64-11ec-a748-7936240e2919", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-12T17:34:03.402Z", - "version": "WzEzLDFd", - "attributes": { - "title": "X.509 - Is Host Certificate", - "visState": "{\"title\":\"X.509 - Is Host Certificate\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.x509.host_cert\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Host Certificate\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":true,\"values\":true,\"last_level\":true,\"truncate\":100},\"row\":false}}", - "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "858102a3-eec0-4ab3-82bb-a791e4eb364b" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "cdd2a1e0-2b64-11ec-a748-7936240e2919", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-12T17:34:03.402Z", - "version": "WzE0LDFd", - "attributes": { - "title": "X.509 - Is Client Certificate", - "visState": "{\"title\":\"X.509 - Is Client Certificate\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.x509.client_cert\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client Certificate\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":true,\"values\":true,\"last_level\":true,\"truncate\":100}}}", - "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "858102a3-eec0-4ab3-82bb-a791e4eb364b" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "e70e3a00-2b75-11ec-b2c0-c162ed55b2ac", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-12T17:34:03.402Z", - "version": "WzE1LDFd", - "attributes": { - "title": "X.509 - Certificate Fingerprint", - "visState": "{\"title\":\"X.509 - Certificate Fingerprint\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.x509.fingerprint\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":500,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Certificate Fingerprint\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "858102a3-eec0-4ab3-82bb-a791e4eb364b" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "858102a3-eec0-4ab3-82bb-a791e4eb364b", - "type": "search", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-12T17:34:03.402Z", - "version": "WzE2LDFd", - "attributes": { - "title": "X.509 - Logs", - "description": "", - "hits": 0, - "columns": [ - "zeek.x509.certificate_issuer.CN", - "zeek.x509.certificate_subject.CN", - "zeek.x509.host_cert", - "zeek.x509.client_cert", - "zeek.x509.certificate_sig_alg", - "zeek.x509.certificate_version" - ], - "sort": [ - [ - "MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER", - "desc" - ] - ], - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"filter\":[],\"query\":{\"query\":{\"query_string\":{\"query\":\"event.dataset:x509\",\"analyze_wildcard\":true}},\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" - } - }, - "references": [ - { - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern", - "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" - } - ], - "migrationVersion": { - "search": "7.9.3" - } - }, - { - "id": "9c2ec460-2b88-11ec-a9f2-3911c8571bfd", - "type": "search", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-12T18:17:07.749Z", - "version": "WzgyOSwxXQ==", - "attributes": { - "title": "OCSP - Logs", - "description": "", - "hits": 0, - "columns": [ - "zeek.ocsp.thisUpdate", - "zeek.ocsp.nextUpdate", - "zeek.ocsp.certStatus", - "zeek.ocsp.revokereason", - "zeek.ocsp.revoketime", - "zeek.ocsp.serialNumber", - "event.id" - ], - "sort": [], - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"query\":{\"query\":\"event.dataset:ocsp\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" - } - }, - "references": [ - { - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern", - "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" - } - ], - "migrationVersion": { - "search": "7.9.3" - } - }, - { - "id": "8f003748-a6f8-4244-9d4e-e38e4a48da4c", - "type": "search", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-12T17:35:05.414Z", - "version": "WzcxNywxXQ==", - "attributes": { - "title": "Notices - Logs", - "description": "", - "hits": 0, - "columns": [ - "rule.category", - "rule.name", - "zeek.notice.msg", - "source.ip", - "destination.ip", - "event.id" - ], - "sort": [ - [ - "MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER", - "desc" - ] - ], - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"event.provider:zeek AND event.dataset:notice\",\"default_field\":\"*\"}}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" - } - }, - "references": [ - { - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern", - "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" - } - ], - "migrationVersion": { - "search": "7.9.3" - } - } - ] +{ + "version": "7.10.2", + "objects": [ + { + "id": "024062a6-48d6-498f-a91a-3bf2da3a3cd3", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-12T18:27:47.478Z", + "version": "Wzg4MywxXQ==", + "attributes": { + "title": "X.509", + "hits": 0, + "description": "", + "panelsJSON": "[{\"version\":\"7.10.2\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":28,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":8,\"y\":8,\"w\":15,\"h\":20,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":0,\"y\":46,\"w\":15,\"h\":20,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":15,\"y\":46,\"w\":19,\"h\":20,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":34,\"y\":8,\"w\":14,\"h\":20,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":23,\"y\":8,\"w\":11,\"h\":20,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":0,\"y\":28,\"w\":12,\"h\":18,\"i\":\"aa7075cb-f9ef-4453-8c5f-90eccc6883c7\"},\"panelIndex\":\"aa7075cb-f9ef-4453-8c5f-90eccc6883c7\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":12,\"y\":28,\"w\":12,\"h\":18,\"i\":\"5e719795-a525-43dd-974c-6145b6e15de1\"},\"panelIndex\":\"5e719795-a525-43dd-974c-6145b6e15de1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":24,\"y\":28,\"w\":12,\"h\":18,\"i\":\"92e238af-672e-4f6d-8ff0-bf9d9a3a2437\"},\"panelIndex\":\"92e238af-672e-4f6d-8ff0-bf9d9a3a2437\",\"embeddableConfig\":{},\"panelRefName\":\"panel_10\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":36,\"y\":28,\"w\":12,\"h\":18,\"i\":\"d4f7644a-5547-4976-a5df-a5a5ae4a5bed\"},\"panelIndex\":\"d4f7644a-5547-4976-a5df-a5a5ae4a5bed\",\"embeddableConfig\":{},\"panelRefName\":\"panel_11\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":34,\"y\":46,\"w\":14,\"h\":20,\"i\":\"cff03ff3-838f-40f1-84b5-f671ff537a6c\"},\"panelIndex\":\"cff03ff3-838f-40f1-84b5-f671ff537a6c\",\"embeddableConfig\":{},\"panelRefName\":\"panel_12\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":0,\"y\":66,\"w\":48,\"h\":39,\"i\":\"2a9de8ad-b593-4bf3-9fc4-703580b95500\"},\"panelIndex\":\"2a9de8ad-b593-4bf3-9fc4-703580b95500\",\"embeddableConfig\":{},\"panelRefName\":\"panel_13\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":0,\"y\":105,\"w\":48,\"h\":24,\"i\":\"4535ecde-ff4e-4121-b783-deb678c5f1ff\"},\"panelIndex\":\"4535ecde-ff4e-4121-b783-deb678c5f1ff\",\"embeddableConfig\":{},\"panelRefName\":\"panel_14\"}]", + "optionsJSON": "{\"useMargins\":true}", + "version": 1, + "timeRestore": false, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\",\"time_zone\":\"America/Boise\"}}},\"filter\":[]}" + } + }, + "references": [ + { + "name": "panel_0", + "type": "visualization", + "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3" + }, + { + "name": "panel_1", + "type": "visualization", + "id": "0ce14883-eb54-4b30-aba0-b8b13021da11" + }, + { + "name": "panel_2", + "type": "visualization", + "id": "23d08a2e-2fa2-42df-bf75-dc5f3e5a79e7" + }, + { + "name": "panel_3", + "type": "visualization", + "id": "d608f7dd-efea-49c4-b61d-a09d2a29148c" + }, + { + "name": "panel_4", + "type": "visualization", + "id": "fabba18b-a1ed-4a90-a27c-bdcfed98eae1" + }, + { + "name": "panel_5", + "type": "visualization", + "id": "193088ad-5112-435f-9e9f-ec9127ff8665" + }, + { + "name": "panel_6", + "type": "visualization", + "id": "34d702ec-63e9-475d-ab0a-07d97ed4bd66" + }, + { + "name": "panel_7", + "type": "visualization", + "id": "AWDHGklsxQT5EBNmq4wG" + }, + { + "name": "panel_8", + "type": "visualization", + "id": "fa696510-4e9b-11ea-b504-97aa449f6abc" + }, + { + "name": "panel_9", + "type": "visualization", + "id": "61410dd0-2b89-11ec-a9f2-3911c8571bfd" + }, + { + "name": "panel_10", + "type": "visualization", + "id": "b1481d20-2b64-11ec-a748-7936240e2919" + }, + { + "name": "panel_11", + "type": "visualization", + "id": "cdd2a1e0-2b64-11ec-a748-7936240e2919" + }, + { + "name": "panel_12", + "type": "visualization", + "id": "e70e3a00-2b75-11ec-b2c0-c162ed55b2ac" + }, + { + "name": "panel_13", + "type": "search", + "id": "858102a3-eec0-4ab3-82bb-a791e4eb364b" + }, + { + "name": "panel_14", + "type": "search", + "id": "9c2ec460-2b88-11ec-a9f2-3911c8571bfd" + } + ], + "migrationVersion": { + "dashboard": "7.9.3" + } + }, + { + "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-12T17:35:08.437Z", + "version": "Wzc0MiwxXQ==", + "attributes": { + "title": "Network Logs", + "visState": "{\"title\":\"Network Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576) \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405) \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf) \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330) \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4) \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed) \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714) \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3) \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85) \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11) \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f) \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b) \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1) \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed) \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5) \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f) \\n[↪ NetBox](/netbox/) \\n[↪ Arkime](/arkime/) \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406) ● [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e) ● [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9) ● [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48) ● [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) ● [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3) ● [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673) ● [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24) ● [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105) ● [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6) ● [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37) ● [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586) ● [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0) ● [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c) ● [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970) ● [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0) ● [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26) ● [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa) ● [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773) ● [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f) ● [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab) ● [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238) ● [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3) ● [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd) ● [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d) ● [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88) ● [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2) ● [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194) ● [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad) ● [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3) ● [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4) ● [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194) ● [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7) ● [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8) ● [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4) ● [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194) ● [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194) ● [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4) ● [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}", + "uiStateJSON": "{}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}" + } + }, + "references": [], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "0ce14883-eb54-4b30-aba0-b8b13021da11", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-12T17:34:03.402Z", + "version": "WzUsMV0=", + "attributes": { + "visState": "{\"title\":\"X.509 - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"histogram\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\" \"}}],\"listeners\":{}}", + "description": "", + "title": "X.509 - Log Count Over Time", + "uiStateJSON": "{}", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "type": "search", + "name": "search_0", + "id": "858102a3-eec0-4ab3-82bb-a791e4eb364b" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "23d08a2e-2fa2-42df-bf75-dc5f3e5a79e7", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-12T17:34:03.402Z", + "version": "WzYsMV0=", + "attributes": { + "title": "X.509 - Certificate Signing Algorithm", + "visState": "{\"title\":\"X.509 - Certificate Signing Algorithm\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Algorithm\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek.x509.certificate_sig_alg\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Algorithm\"}}]}", + "uiStateJSON": "{}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "858102a3-eec0-4ab3-82bb-a791e4eb364b" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "d608f7dd-efea-49c4-b61d-a09d2a29148c", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-12T17:34:03.402Z", + "version": "WzcsMV0=", + "attributes": { + "visState": "{\"title\":\"X.509 - Certificate Subject\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.x509.certificate_subject_full\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Subject\"}}],\"listeners\":{}}", + "description": "", + "title": "X.509 - Certificate Subject", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "type": "search", + "name": "search_0", + "id": "858102a3-eec0-4ab3-82bb-a791e4eb364b" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "fabba18b-a1ed-4a90-a27c-bdcfed98eae1", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-12T17:34:03.402Z", + "version": "WzgsMV0=", + "attributes": { + "visState": "{\"title\":\"X.509 - Certificate Issuer\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.x509.certificate_issuer_full\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Issuer\"}}],\"listeners\":{}}", + "description": "", + "title": "X.509 - Certificate Issuer", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "type": "search", + "name": "search_0", + "id": "858102a3-eec0-4ab3-82bb-a791e4eb364b" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "193088ad-5112-435f-9e9f-ec9127ff8665", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-12T17:34:03.402Z", + "version": "WzksMV0=", + "attributes": { + "title": "X.509 - Certificate Key Length", + "visState": "{\"title\":\"X.509 - Certificate Key Length\",\"type\":\"histogram\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.x509.certificate_key_length\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Key Length\"},\"schema\":\"segment\"}],\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100,\"rotate\":0},\"title\":{\"text\":\"Key Length\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"square root\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"type\":\"histogram\",\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}", + "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "858102a3-eec0-4ab3-82bb-a791e4eb364b" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "34d702ec-63e9-475d-ab0a-07d97ed4bd66", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-12T17:34:03.402Z", + "version": "WzEwLDFd", + "attributes": { + "title": "X.509 - Certificate Key Algorithm", + "visState": "{\"title\":\"X.509 - Certificate Key Algorithm\",\"type\":\"histogram\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.x509.certificate_key_alg\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":7,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Algorithm\"},\"schema\":\"segment\"}],\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"square root\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"type\":\"histogram\",\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}", + "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "858102a3-eec0-4ab3-82bb-a791e4eb364b" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "AWDHGklsxQT5EBNmq4wG", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-12T17:34:03.402Z", + "version": "WzExLDFd", + "attributes": { + "title": "X.509 - Log Count", + "visState": "{\"title\":\"X.509 - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}", + "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "type": "search", + "name": "search_0", + "id": "858102a3-eec0-4ab3-82bb-a791e4eb364b" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "fa696510-4e9b-11ea-b504-97aa449f6abc", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-12T17:34:37.046Z", + "version": "WzM5NywxXQ==", + "attributes": { + "title": "SSL - Relevant Notices", + "visState": "{\"title\":\"SSL - Relevant Notices\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":4,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Notice Category\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Notice Subcategory\",\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"ip\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Source IP\",\"aggType\":\"terms\"},{\"accessor\":3,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"ip\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"1\"}},\"params\":{},\"label\":\"Destination IP\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.category\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Notice Category\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Notice Subcategory\"}}]}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"rule.category:(SSL OR CVE_2020_0601)\",\"language\":\"lucene\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "8f003748-a6f8-4244-9d4e-e38e4a48da4c" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "61410dd0-2b89-11ec-a9f2-3911c8571bfd", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-12T18:22:38.381Z", + "version": "Wzg2MSwxXQ==", + "attributes": { + "title": "OCSP - Certificate Revocation", + "visState": "{\"title\":\"OCSP - Certificate Revocation\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.ocsp.certStatus\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Certificate Status\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.ocsp.revokereason\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Revocation Reason\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"NOT zeek.ocsp.certStatus:good\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "9c2ec460-2b88-11ec-a9f2-3911c8571bfd" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "b1481d20-2b64-11ec-a748-7936240e2919", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-12T17:34:03.402Z", + "version": "WzEzLDFd", + "attributes": { + "title": "X.509 - Is Host Certificate", + "visState": "{\"title\":\"X.509 - Is Host Certificate\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.x509.host_cert\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Host Certificate\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":true,\"values\":true,\"last_level\":true,\"truncate\":100},\"row\":false}}", + "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "858102a3-eec0-4ab3-82bb-a791e4eb364b" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "cdd2a1e0-2b64-11ec-a748-7936240e2919", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-12T17:34:03.402Z", + "version": "WzE0LDFd", + "attributes": { + "title": "X.509 - Is Client Certificate", + "visState": "{\"title\":\"X.509 - Is Client Certificate\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.x509.client_cert\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client Certificate\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":true,\"values\":true,\"last_level\":true,\"truncate\":100}}}", + "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "858102a3-eec0-4ab3-82bb-a791e4eb364b" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "e70e3a00-2b75-11ec-b2c0-c162ed55b2ac", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-12T17:34:03.402Z", + "version": "WzE1LDFd", + "attributes": { + "title": "X.509 - Certificate Fingerprint", + "visState": "{\"title\":\"X.509 - Certificate Fingerprint\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.x509.fingerprint\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":500,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Certificate Fingerprint\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "858102a3-eec0-4ab3-82bb-a791e4eb364b" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "858102a3-eec0-4ab3-82bb-a791e4eb364b", + "type": "search", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-12T17:34:03.402Z", + "version": "WzE2LDFd", + "attributes": { + "title": "X.509 - Logs", + "description": "", + "hits": 0, + "columns": [ + "zeek.x509.certificate_issuer.CN", + "zeek.x509.certificate_subject.CN", + "zeek.x509.host_cert", + "zeek.x509.client_cert", + "zeek.x509.certificate_sig_alg", + "zeek.x509.certificate_version" + ], + "sort": [ + [ + "MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER", + "desc" + ] + ], + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"filter\":[],\"query\":{\"query\":{\"query_string\":{\"query\":\"event.dataset:x509\",\"analyze_wildcard\":true}},\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" + } + }, + "references": [ + { + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern", + "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" + } + ], + "migrationVersion": { + "search": "7.9.3" + } + }, + { + "id": "9c2ec460-2b88-11ec-a9f2-3911c8571bfd", + "type": "search", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-12T18:17:07.749Z", + "version": "WzgyOSwxXQ==", + "attributes": { + "title": "OCSP - Logs", + "description": "", + "hits": 0, + "columns": [ + "zeek.ocsp.thisUpdate", + "zeek.ocsp.nextUpdate", + "zeek.ocsp.certStatus", + "zeek.ocsp.revokereason", + "zeek.ocsp.revoketime", + "zeek.ocsp.serialNumber", + "event.id" + ], + "sort": [], + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"query\":{\"query\":\"event.dataset:ocsp\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" + } + }, + "references": [ + { + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern", + "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" + } + ], + "migrationVersion": { + "search": "7.9.3" + } + }, + { + "id": "8f003748-a6f8-4244-9d4e-e38e4a48da4c", + "type": "search", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-12T17:35:05.414Z", + "version": "WzcxNywxXQ==", + "attributes": { + "title": "Notices - Logs", + "description": "", + "hits": 0, + "columns": [ + "rule.category", + "rule.name", + "zeek.notice.msg", + "source.ip", + "destination.ip", + "event.id" + ], + "sort": [ + [ + "MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER", + "desc" + ] + ], + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"event.provider:zeek AND event.dataset:notice\",\"default_field\":\"*\"}}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" + } + }, + "references": [ + { + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern", + "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" + } + ], + "migrationVersion": { + "search": "7.9.3" + } + } + ] } \ No newline at end of file diff --git a/dashboards/dashboards/03207c00-d07e-11ec-b4a7-d1b4003706b7.json b/dashboards/dashboards/03207c00-d07e-11ec-b4a7-d1b4003706b7.json index 8784f04c2..d6a03d547 100644 --- a/dashboards/dashboards/03207c00-d07e-11ec-b4a7-d1b4003706b7.json +++ b/dashboards/dashboards/03207c00-d07e-11ec-b4a7-d1b4003706b7.json @@ -1,384 +1,384 @@ -{ - "version": "1.3.1", - "objects": [ - { - "id": "03207c00-d07e-11ec-b4a7-d1b4003706b7", - "type": "dashboard", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-10T16:42:42.241Z", - "version": "WzEyMTAsMV0=", - "attributes": { - "title": "GENISYS", - "hits": 0, - "description": "Dashboard for the GENISYS Protocol", - "panelsJSON": "[{\"version\":\"1.3.1\",\"gridData\":{\"h\":28,\"i\":\"1\",\"w\":8,\"x\":0,\"y\":0},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"1.3.1\",\"gridData\":{\"h\":10,\"i\":\"58856fb7-efd0-4246-9dc9-d8b0d5c3fcba\",\"w\":8,\"x\":8,\"y\":0},\"panelIndex\":\"58856fb7-efd0-4246-9dc9-d8b0d5c3fcba\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"1.3.1\",\"gridData\":{\"h\":10,\"i\":\"c078d6a7-456e-4fed-80c6-f36123c3ba82\",\"w\":32,\"x\":16,\"y\":0},\"panelIndex\":\"c078d6a7-456e-4fed-80c6-f36123c3ba82\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"1.3.1\",\"gridData\":{\"h\":18,\"i\":\"c04b22a5-6b7e-4c18-8172-d39ec8549e4a\",\"w\":8,\"x\":8,\"y\":10},\"panelIndex\":\"c04b22a5-6b7e-4c18-8172-d39ec8549e4a\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"1.3.1\",\"gridData\":{\"h\":18,\"i\":\"4da40cc7-ad85-4dd1-88cf-8b207995c932\",\"w\":12,\"x\":16,\"y\":10},\"panelIndex\":\"4da40cc7-ad85-4dd1-88cf-8b207995c932\",\"embeddableConfig\":{\"table\":null,\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}},\"panelRefName\":\"panel_4\"},{\"version\":\"1.3.1\",\"gridData\":{\"h\":18,\"i\":\"74347ef4-7a00-4d8f-a172-120339fd5e30\",\"w\":20,\"x\":28,\"y\":10},\"panelIndex\":\"74347ef4-7a00-4d8f-a172-120339fd5e30\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"1.3.1\",\"gridData\":{\"h\":18,\"i\":\"40ffbd38-1edc-4493-b313-6f65729cbe70\",\"w\":16,\"x\":0,\"y\":28},\"panelIndex\":\"40ffbd38-1edc-4493-b313-6f65729cbe70\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":true}},\"panelRefName\":\"panel_6\"},{\"version\":\"1.3.1\",\"gridData\":{\"h\":18,\"i\":\"2cb13858-f268-4cd4-8207-3932c70dc83a\",\"w\":12,\"x\":16,\"y\":28},\"panelIndex\":\"2cb13858-f268-4cd4-8207-3932c70dc83a\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}},\"table\":null},\"panelRefName\":\"panel_7\"},{\"version\":\"1.3.1\",\"gridData\":{\"h\":18,\"i\":\"7aabaf8b-4a54-48df-ac8e-c732327f420e\",\"w\":20,\"x\":28,\"y\":28},\"panelIndex\":\"7aabaf8b-4a54-48df-ac8e-c732327f420e\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"1.3.1\",\"gridData\":{\"h\":31,\"i\":\"6b987e44-72f1-4e33-9fa3-cb21c7313829\",\"w\":48,\"x\":0,\"y\":46},\"panelIndex\":\"6b987e44-72f1-4e33-9fa3-cb21c7313829\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"}]", - "optionsJSON": "{\"useMargins\":true}", - "version": 1, - "timeRestore": false, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[]}" - } - }, - "references": [ - { - "name": "panel_0", - "type": "visualization", - "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3" - }, - { - "name": "panel_1", - "type": "visualization", - "id": "49c385d0-d07e-11ec-b4a7-d1b4003706b7" - }, - { - "name": "panel_2", - "type": "visualization", - "id": "69d164f0-d07e-11ec-b4a7-d1b4003706b7" - }, - { - "name": "panel_3", - "type": "visualization", - "id": "0a22a770-d07f-11ec-b4a7-d1b4003706b7" - }, - { - "name": "panel_4", - "type": "visualization", - "id": "2e04e720-d07f-11ec-b4a7-d1b4003706b7" - }, - { - "name": "panel_5", - "type": "visualization", - "id": "967c1120-d07f-11ec-b4a7-d1b4003706b7" - }, - { - "name": "panel_6", - "type": "visualization", - "id": "a01ec2f0-d07e-11ec-b4a7-d1b4003706b7" - }, - { - "name": "panel_7", - "type": "visualization", - "id": "5858c780-d07f-11ec-b4a7-d1b4003706b7" - }, - { - "name": "panel_8", - "type": "visualization", - "id": "d81128f0-d07f-11ec-b4a7-d1b4003706b7" - }, - { - "name": "panel_9", - "type": "search", - "id": "f296a0d0-d07d-11ec-b4a7-d1b4003706b7" - } - ], - "migrationVersion": { - "dashboard": "7.9.3" - } - }, - { - "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-10T16:07:16.116Z", - "version": "Wzc5NSwxXQ==", - "attributes": { - "title": "Network Logs", - "visState": "{\"title\":\"Network Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576) \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405) \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf) \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330) \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4) \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed) \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714) \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3) \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85) \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11) \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f) \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b) \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1) \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed) \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5) \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f) \\n[↪ NetBox](/netbox/) \\n[↪ Arkime](/arkime/) \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406) ● [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e) ● [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9) ● [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48) ● [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) ● [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3) ● [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673) ● [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24) ● [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105) ● [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6) ● [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37) ● [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586) ● [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0) ● [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c) ● [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970) ● [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0) ● [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26) ● [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa) ● [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773) ● [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f) ● [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab) ● [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238) ● [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3) ● [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd) ● [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d) ● [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88) ● [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2) ● [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194) ● [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad) ● [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3) ● [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4) ● [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194) ● [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7) ● [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8) ● [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4) ● [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194) ● [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194) ● [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4) ● [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}", - "uiStateJSON": "{}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}" - } - }, - "references": [], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "49c385d0-d07e-11ec-b4a7-d1b4003706b7", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-10T16:28:56.364Z", - "version": "WzEwOTksMV0=", - "attributes": { - "title": "GENISYS - Log Count", - "visState": "{\"title\":\"GENISYS - Log Count\",\"type\":\"metric\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"\"},\"schema\":\"metric\"}],\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":false},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":48}}}}", - "uiStateJSON": "{}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "f296a0d0-d07d-11ec-b4a7-d1b4003706b7" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "69d164f0-d07e-11ec-b4a7-d1b4003706b7", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-10T16:29:50.143Z", - "version": "WzExMDYsMV0=", - "attributes": { - "title": "GENISYS - Log Count Over Time", - "visState": "{\"title\":\"GENISYS - Log Count Over Time\",\"type\":\"histogram\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\" \"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"params\":{\"field\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER\",\"timeRange\":{\"from\":\"now-15y\",\"to\":\"now\"},\"useNormalizedOpenSearchInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\" \"},\"schema\":\"segment\"}],\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\" \"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\" \",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}", - "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "f296a0d0-d07d-11ec-b4a7-d1b4003706b7" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "0a22a770-d07f-11ec-b4a7-d1b4003706b7", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-10T16:34:19.111Z", - "version": "WzExMzQsMV0=", - "attributes": { - "title": "GENISYS - Station Address", - "visState": "{\"title\":\"GENISYS - Station Address\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.genisys.server\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":255,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Station Address\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "f296a0d0-d07d-11ec-b4a7-d1b4003706b7" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "2e04e720-d07f-11ec-b4a7-d1b4003706b7", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-10T16:35:19.314Z", - "version": "WzExNDQsMV0=", - "attributes": { - "title": "GENISYS - Source", - "visState": "{\"title\":\"GENISYS - Source\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "f296a0d0-d07d-11ec-b4a7-d1b4003706b7" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "967c1120-d07f-11ec-b4a7-d1b4003706b7", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-10T16:38:14.578Z", - "version": "WzExNzcsMV0=", - "attributes": { - "title": "GENISYS - Action", - "visState": "{\"title\":\"GENISYS - Action\",\"type\":\"horizontal_bar\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\" \"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Control Character\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\" \"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\" \",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}", - "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "f296a0d0-d07d-11ec-b4a7-d1b4003706b7" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "a01ec2f0-d07e-11ec-b4a7-d1b4003706b7", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-10T16:32:07.893Z", - "version": "WzExMjYsMV0=", - "attributes": { - "title": "GENISYS - Message Direction", - "visState": "{\"title\":\"GENISYS - Message Direction\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.genisys.direction\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Direction\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}", - "uiStateJSON": "{\"vis\":{\"legendOpen\":true}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "f296a0d0-d07d-11ec-b4a7-d1b4003706b7" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "5858c780-d07f-11ec-b4a7-d1b4003706b7", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-10T16:36:30.327Z", - "version": "WzExNTksMV0=", - "attributes": { - "title": "GENISYS - Destination", - "visState": "{\"title\":\"GENISYS - Destination\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Port\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "f296a0d0-d07d-11ec-b4a7-d1b4003706b7" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "d81128f0-d07f-11ec-b4a7-d1b4003706b7", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-10T16:40:04.607Z", - "version": "WzExOTksMV0=", - "attributes": { - "title": "GENISYS - Result", - "visState": "{\"title\":\"GENISYS - Result\",\"type\":\"horizontal_bar\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\" \"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.result\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Control Character\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\" \"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\" \",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}", - "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "f296a0d0-d07d-11ec-b4a7-d1b4003706b7" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "f296a0d0-d07d-11ec-b4a7-d1b4003706b7", - "type": "search", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-10T16:26:30.108Z", - "version": "WzEwMTUsMV0=", - "attributes": { - "title": "GENISYS - Logs", - "description": "", - "hits": 0, - "columns": [ - "source.ip", - "source.port", - "destination.ip", - "destination.port", - "zeek.genisys.server", - "event.action", - "event.result", - "zeek.genisys.payload", - "event.id" - ], - "sort": [], - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"query\":{\"query\":\"event.provider:zeek AND event.dataset:genisys\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" - } - }, - "references": [ - { - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern", - "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" - } - ], - "migrationVersion": { - "search": "7.9.3" - } - } - ] +{ + "version": "1.3.1", + "objects": [ + { + "id": "03207c00-d07e-11ec-b4a7-d1b4003706b7", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-10T16:42:42.241Z", + "version": "WzEyMTAsMV0=", + "attributes": { + "title": "GENISYS", + "hits": 0, + "description": "Dashboard for the GENISYS Protocol", + "panelsJSON": "[{\"version\":\"1.3.1\",\"gridData\":{\"h\":28,\"i\":\"1\",\"w\":8,\"x\":0,\"y\":0},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"1.3.1\",\"gridData\":{\"h\":10,\"i\":\"58856fb7-efd0-4246-9dc9-d8b0d5c3fcba\",\"w\":8,\"x\":8,\"y\":0},\"panelIndex\":\"58856fb7-efd0-4246-9dc9-d8b0d5c3fcba\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"1.3.1\",\"gridData\":{\"h\":10,\"i\":\"c078d6a7-456e-4fed-80c6-f36123c3ba82\",\"w\":32,\"x\":16,\"y\":0},\"panelIndex\":\"c078d6a7-456e-4fed-80c6-f36123c3ba82\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"1.3.1\",\"gridData\":{\"h\":18,\"i\":\"c04b22a5-6b7e-4c18-8172-d39ec8549e4a\",\"w\":8,\"x\":8,\"y\":10},\"panelIndex\":\"c04b22a5-6b7e-4c18-8172-d39ec8549e4a\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"1.3.1\",\"gridData\":{\"h\":18,\"i\":\"4da40cc7-ad85-4dd1-88cf-8b207995c932\",\"w\":12,\"x\":16,\"y\":10},\"panelIndex\":\"4da40cc7-ad85-4dd1-88cf-8b207995c932\",\"embeddableConfig\":{\"table\":null,\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}},\"panelRefName\":\"panel_4\"},{\"version\":\"1.3.1\",\"gridData\":{\"h\":18,\"i\":\"74347ef4-7a00-4d8f-a172-120339fd5e30\",\"w\":20,\"x\":28,\"y\":10},\"panelIndex\":\"74347ef4-7a00-4d8f-a172-120339fd5e30\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"1.3.1\",\"gridData\":{\"h\":18,\"i\":\"40ffbd38-1edc-4493-b313-6f65729cbe70\",\"w\":16,\"x\":0,\"y\":28},\"panelIndex\":\"40ffbd38-1edc-4493-b313-6f65729cbe70\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":true}},\"panelRefName\":\"panel_6\"},{\"version\":\"1.3.1\",\"gridData\":{\"h\":18,\"i\":\"2cb13858-f268-4cd4-8207-3932c70dc83a\",\"w\":12,\"x\":16,\"y\":28},\"panelIndex\":\"2cb13858-f268-4cd4-8207-3932c70dc83a\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}},\"table\":null},\"panelRefName\":\"panel_7\"},{\"version\":\"1.3.1\",\"gridData\":{\"h\":18,\"i\":\"7aabaf8b-4a54-48df-ac8e-c732327f420e\",\"w\":20,\"x\":28,\"y\":28},\"panelIndex\":\"7aabaf8b-4a54-48df-ac8e-c732327f420e\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"1.3.1\",\"gridData\":{\"h\":31,\"i\":\"6b987e44-72f1-4e33-9fa3-cb21c7313829\",\"w\":48,\"x\":0,\"y\":46},\"panelIndex\":\"6b987e44-72f1-4e33-9fa3-cb21c7313829\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"}]", + "optionsJSON": "{\"useMargins\":true}", + "version": 1, + "timeRestore": false, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[]}" + } + }, + "references": [ + { + "name": "panel_0", + "type": "visualization", + "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3" + }, + { + "name": "panel_1", + "type": "visualization", + "id": "49c385d0-d07e-11ec-b4a7-d1b4003706b7" + }, + { + "name": "panel_2", + "type": "visualization", + "id": "69d164f0-d07e-11ec-b4a7-d1b4003706b7" + }, + { + "name": "panel_3", + "type": "visualization", + "id": "0a22a770-d07f-11ec-b4a7-d1b4003706b7" + }, + { + "name": "panel_4", + "type": "visualization", + "id": "2e04e720-d07f-11ec-b4a7-d1b4003706b7" + }, + { + "name": "panel_5", + "type": "visualization", + "id": "967c1120-d07f-11ec-b4a7-d1b4003706b7" + }, + { + "name": "panel_6", + "type": "visualization", + "id": "a01ec2f0-d07e-11ec-b4a7-d1b4003706b7" + }, + { + "name": "panel_7", + "type": "visualization", + "id": "5858c780-d07f-11ec-b4a7-d1b4003706b7" + }, + { + "name": "panel_8", + "type": "visualization", + "id": "d81128f0-d07f-11ec-b4a7-d1b4003706b7" + }, + { + "name": "panel_9", + "type": "search", + "id": "f296a0d0-d07d-11ec-b4a7-d1b4003706b7" + } + ], + "migrationVersion": { + "dashboard": "7.9.3" + } + }, + { + "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-10T16:07:16.116Z", + "version": "Wzc5NSwxXQ==", + "attributes": { + "title": "Network Logs", + "visState": "{\"title\":\"Network Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576) \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405) \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf) \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330) \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4) \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed) \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714) \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3) \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85) \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11) \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f) \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b) \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1) \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed) \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5) \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f) \\n[↪ NetBox](/netbox/) \\n[↪ Arkime](/arkime/) \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406) ● [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e) ● [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9) ● [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48) ● [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) ● [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3) ● [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673) ● [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24) ● [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105) ● [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6) ● [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37) ● [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586) ● [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0) ● [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c) ● [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970) ● [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0) ● [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26) ● [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa) ● [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773) ● [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f) ● [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab) ● [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238) ● [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3) ● [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd) ● [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d) ● [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88) ● [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2) ● [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194) ● [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad) ● [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3) ● [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4) ● [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194) ● [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7) ● [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8) ● [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4) ● [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194) ● [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194) ● [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4) ● [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}", + "uiStateJSON": "{}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}" + } + }, + "references": [], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "49c385d0-d07e-11ec-b4a7-d1b4003706b7", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-10T16:28:56.364Z", + "version": "WzEwOTksMV0=", + "attributes": { + "title": "GENISYS - Log Count", + "visState": "{\"title\":\"GENISYS - Log Count\",\"type\":\"metric\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"\"},\"schema\":\"metric\"}],\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":false},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":48}}}}", + "uiStateJSON": "{}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "f296a0d0-d07d-11ec-b4a7-d1b4003706b7" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "69d164f0-d07e-11ec-b4a7-d1b4003706b7", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-10T16:29:50.143Z", + "version": "WzExMDYsMV0=", + "attributes": { + "title": "GENISYS - Log Count Over Time", + "visState": "{\"title\":\"GENISYS - Log Count Over Time\",\"type\":\"histogram\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\" \"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"params\":{\"field\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER\",\"timeRange\":{\"from\":\"now-15y\",\"to\":\"now\"},\"useNormalizedOpenSearchInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\" \"},\"schema\":\"segment\"}],\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\" \"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\" \",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}", + "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "f296a0d0-d07d-11ec-b4a7-d1b4003706b7" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "0a22a770-d07f-11ec-b4a7-d1b4003706b7", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-10T16:34:19.111Z", + "version": "WzExMzQsMV0=", + "attributes": { + "title": "GENISYS - Station Address", + "visState": "{\"title\":\"GENISYS - Station Address\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.genisys.server\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":255,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Station Address\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "f296a0d0-d07d-11ec-b4a7-d1b4003706b7" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "2e04e720-d07f-11ec-b4a7-d1b4003706b7", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-10T16:35:19.314Z", + "version": "WzExNDQsMV0=", + "attributes": { + "title": "GENISYS - Source", + "visState": "{\"title\":\"GENISYS - Source\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "f296a0d0-d07d-11ec-b4a7-d1b4003706b7" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "967c1120-d07f-11ec-b4a7-d1b4003706b7", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-10T16:38:14.578Z", + "version": "WzExNzcsMV0=", + "attributes": { + "title": "GENISYS - Action", + "visState": "{\"title\":\"GENISYS - Action\",\"type\":\"horizontal_bar\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\" \"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Control Character\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\" \"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\" \",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}", + "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "f296a0d0-d07d-11ec-b4a7-d1b4003706b7" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "a01ec2f0-d07e-11ec-b4a7-d1b4003706b7", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-10T16:32:07.893Z", + "version": "WzExMjYsMV0=", + "attributes": { + "title": "GENISYS - Message Direction", + "visState": "{\"title\":\"GENISYS - Message Direction\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.genisys.direction\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Direction\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}", + "uiStateJSON": "{\"vis\":{\"legendOpen\":true}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "f296a0d0-d07d-11ec-b4a7-d1b4003706b7" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "5858c780-d07f-11ec-b4a7-d1b4003706b7", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-10T16:36:30.327Z", + "version": "WzExNTksMV0=", + "attributes": { + "title": "GENISYS - Destination", + "visState": "{\"title\":\"GENISYS - Destination\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Port\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "f296a0d0-d07d-11ec-b4a7-d1b4003706b7" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "d81128f0-d07f-11ec-b4a7-d1b4003706b7", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-10T16:40:04.607Z", + "version": "WzExOTksMV0=", + "attributes": { + "title": "GENISYS - Result", + "visState": "{\"title\":\"GENISYS - Result\",\"type\":\"horizontal_bar\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\" \"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.result\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Control Character\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\" \"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\" \",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}", + "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "f296a0d0-d07d-11ec-b4a7-d1b4003706b7" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "f296a0d0-d07d-11ec-b4a7-d1b4003706b7", + "type": "search", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-10T16:26:30.108Z", + "version": "WzEwMTUsMV0=", + "attributes": { + "title": "GENISYS - Logs", + "description": "", + "hits": 0, + "columns": [ + "source.ip", + "source.port", + "destination.ip", + "destination.port", + "zeek.genisys.server", + "event.action", + "event.result", + "zeek.genisys.payload", + "event.id" + ], + "sort": [], + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"query\":{\"query\":\"event.provider:zeek AND event.dataset:genisys\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" + } + }, + "references": [ + { + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern", + "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" + } + ], + "migrationVersion": { + "search": "7.9.3" + } + } + ] } \ No newline at end of file diff --git a/dashboards/dashboards/0ad3d7c2-3441-485e-9dfe-dbb22e84e576.json b/dashboards/dashboards/0ad3d7c2-3441-485e-9dfe-dbb22e84e576.json index a72287382..c26964161 100644 --- a/dashboards/dashboards/0ad3d7c2-3441-485e-9dfe-dbb22e84e576.json +++ b/dashboards/dashboards/0ad3d7c2-3441-485e-9dfe-dbb22e84e576.json @@ -1,470 +1,470 @@ -{ - "version": "1.3.1", - "objects": [ - { - "id": "0ad3d7c2-3441-485e-9dfe-dbb22e84e576", - "type": "dashboard", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-04T20:30:33.149Z", - "version": "WzEzNjIsMV0=", - "attributes": { - "title": "Overview", - "hits": 0, - "description": "", - "panelsJSON": "[{\"embeddableConfig\":{},\"gridData\":{\"h\":31,\"i\":\"1\",\"w\":8,\"x\":0,\"y\":0},\"panelIndex\":\"1\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{\"table\":null,\"vis\":{\"legendOpen\":true}},\"gridData\":{\"h\":13,\"i\":\"12\",\"w\":21,\"x\":27,\"y\":0},\"panelIndex\":\"12\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":18,\"i\":\"19\",\"w\":36,\"x\":0,\"y\":31},\"panelIndex\":\"19\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"asc\"}},\"table\":null,\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}},\"gridData\":{\"h\":18,\"i\":\"21\",\"w\":14,\"x\":8,\"y\":13},\"panelIndex\":\"21\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":13,\"i\":\"32\",\"w\":7,\"x\":8,\"y\":0},\"panelIndex\":\"32\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}},\"gridData\":{\"h\":18,\"i\":\"43\",\"w\":12,\"x\":36,\"y\":31},\"panelIndex\":\"43\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{\"table\":null,\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}},\"gridData\":{\"h\":13,\"i\":\"4f869578-b143-4103-8804-f8b59688a5dd\",\"w\":12,\"x\":15,\"y\":0},\"panelIndex\":\"4f869578-b143-4103-8804-f8b59688a5dd\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"asc\"}},\"table\":null,\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}},\"gridData\":{\"h\":18,\"i\":\"2aab2ae5-2520-4b78-9735-04c32b22b71e\",\"w\":11,\"x\":22,\"y\":13},\"panelIndex\":\"2aab2ae5-2520-4b78-9735-04c32b22b71e\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":18,\"i\":\"f92ea81f-8f7e-4a79-abde-e5d8aaf7a39a\",\"w\":15,\"x\":33,\"y\":13},\"panelIndex\":\"f92ea81f-8f7e-4a79-abde-e5d8aaf7a39a\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_8\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":27,\"i\":\"4c077648-488a-4fd8-9fcd-3042ec1bfa4d\",\"w\":48,\"x\":0,\"y\":49},\"panelIndex\":\"4c077648-488a-4fd8-9fcd-3042ec1bfa4d\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_9\"}]", - "optionsJSON": "{\"useMargins\":true}", - "version": 1, - "timeRestore": false, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"*\"},\"filter\":[]}" - } - }, - "references": [ - { - "name": "panel_0", - "type": "visualization", - "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3" - }, - { - "name": "panel_1", - "type": "visualization", - "id": "470c6648-d66f-4fae-99af-061cab27065a" - }, - { - "name": "panel_2", - "type": "visualization", - "id": "3da52536-9455-4f8f-931a-14f4c04c636b" - }, - { - "name": "panel_3", - "type": "visualization", - "id": "f7aba7a6-4b09-4efe-ae42-68d5637212ce" - }, - { - "name": "panel_4", - "type": "visualization", - "id": "AWDGyaGxxQT5EBNmq3K9" - }, - { - "name": "panel_5", - "type": "visualization", - "id": "6ec2abe4-c3b1-4cc1-8674-e80f8aee7ec5" - }, - { - "name": "panel_6", - "type": "visualization", - "id": "74c4f480-c7dc-11ec-8c7e-e93fedca6b87" - }, - { - "name": "panel_7", - "type": "visualization", - "id": "750367f0-41f2-11ea-88fa-7151df485405" - }, - { - "name": "panel_8", - "type": "visualization", - "id": "f38b3bd0-afd3-11ea-adcf-8bc6d9c94a96" - }, - { - "name": "panel_9", - "type": "search", - "id": "c97bc964-5319-41e7-ad22-db28156a2ac1" - } - ], - "migrationVersion": { - "dashboard": "7.9.3" - } - }, - { - "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-04T20:07:16.386Z", - "version": "Wzc5NSwxXQ==", - "attributes": { - "title": "Network Logs", - "visState": "{\"title\":\"Network Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576) \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405) \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf) \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330) \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4) \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed) \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714) \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3) \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85) \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11) \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f) \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b) \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1) \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed) \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5) \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f) \\n[↪ NetBox](/netbox/) \\n[↪ Arkime](/arkime/) \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406) ● [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e) ● [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9) ● [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48) ● [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) ● [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3) ● [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673) ● [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24) ● [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105) ● [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6) ● [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37) ● [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586) ● [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0) ● [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c) ● [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970) ● [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0) ● [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26) ● [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa) ● [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773) ● [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f) ● [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab) ● [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238) ● [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3) ● [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd) ● [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d) ● [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88) ● [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2) ● [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194) ● [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad) ● [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3) ● [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4) ● [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194) ● [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7) ● [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8) ● [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4) ● [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194) ● [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194) ● [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4) ● [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}", - "uiStateJSON": "{}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}" - } - }, - "references": [], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "470c6648-d66f-4fae-99af-061cab27065a", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-04T20:06:10.844Z", - "version": "WzYxLDFd", - "attributes": { - "title": "Total Log Count Over Time", - "visState": "{\"title\":\"Total Log Count Over Time\",\"type\":\"line\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"params\":{\"field\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER\",\"timeRange\":{\"from\":\"now-25y\",\"to\":\"now\"},\"useNormalizedOpenSearchInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\" \"},\"schema\":\"segment\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.provider\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"unknown\"},\"schema\":\"group\"}],\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER per 30 seconds\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"stacked\",\"type\":\"histogram\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"type\":\"histogram\",\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}", - "uiStateJSON": "{\"vis\":{\"legendOpen\":true}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "c97bc964-5319-41e7-ad22-db28156a2ac1" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "3da52536-9455-4f8f-931a-14f4c04c636b", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-04T20:28:37.178Z", - "version": "WzEzNDcsMV0=", - "attributes": { - "title": "Connections - Service By Destination Country", - "visState": "{\"title\":\"Connections - Service By Destination Country\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.geo.country_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":8,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\" \"},\"schema\":\"split\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"},\"schema\":\"segment\"}],\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":3,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"},\"buckets\":[{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}],\"splitColumn\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"row\":false}}", - "uiStateJSON": "{\"vis\":{\"legendOpen\":true}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "f7aba7a6-4b09-4efe-ae42-68d5637212ce", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-04T20:06:10.844Z", - "version": "WzYzLDFd", - "attributes": { - "title": "Log Type", - "visState": "{\"title\":\"Log Type\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.provider\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"unknown\",\"customLabel\":\"Data Source\"},\"schema\":\"bucket\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.dataset\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Log Type\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\"}}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "c97bc964-5319-41e7-ad22-db28156a2ac1" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "AWDGyaGxxQT5EBNmq3K9", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-04T20:06:52.191Z", - "version": "WzUzMCwxXQ==", - "attributes": { - "title": "Total Number of Logs", - "visState": "{\"title\":\"Total Number of Logs\",\"type\":\"metric\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Logs\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.provider\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"unknown\",\"customLabel\":\"Data Source\"},\"schema\":\"group\"}],\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"colorSchema\":\"Green to Red\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":true,\"color\":\"black\"},\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"},\"metricColorMode\":\"None\"}}}", - "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"NOT event.provider:arkime\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" - } - }, - "references": [ - { - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern", - "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "6ec2abe4-c3b1-4cc1-8674-e80f8aee7ec5", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-04T20:06:10.844Z", - "version": "WzY1LDFd", - "attributes": { - "title": "DNS - Queries", - "visState": "{\"title\":\"DNS - Queries\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dns.query\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":250,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Query\"}}]}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "type": "search", - "name": "search_0", - "id": "0b971165-4c39-42ed-b80d-8a8f5658a38e" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "74c4f480-c7dc-11ec-8c7e-e93fedca6b87", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-04T20:06:10.844Z", - "version": "WzY2LDFd", - "attributes": { - "title": "Log Source", - "visState": "{\"title\":\"Log Source\",\"type\":\"table\",\"aggs\":[{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"-\",\"customLabel\":\"Log Source\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"max\",\"params\":{\"field\":\"event.ingested\",\"customLabel\":\"Last Ingested\"},\"schema\":\"metric\"},{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"}],\"params\":{\"perPage\":5,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" - } - }, - "references": [ - { - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern", - "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "750367f0-41f2-11ea-88fa-7151df485405", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-04T20:06:10.844Z", - "version": "WzY3LDFd", - "attributes": { - "title": "Application Protocol", - "visState": "{\"title\":\"Application Protocol\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":0,\"direction\":\"asc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Application Protocol\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Protocol Version\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Application Protocol\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"network.protocol_version\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Protocol Version\"}}]}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" - } - }, - "references": [ - { - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern", - "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "f38b3bd0-afd3-11ea-adcf-8bc6d9c94a96", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-04T20:07:05.320Z", - "version": "WzY5MywxXQ==", - "attributes": { - "title": "Actions and Results", - "visState": "{\"title\":\"Actions and Results\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":3,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Unknown\"}},\"params\":{},\"label\":\"Protocol\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Action\",\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Result\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Protocol\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Action\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.result\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Result\"}}]}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"event.action:* OR event.result:*\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" - } - }, - "references": [ - { - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern", - "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "c97bc964-5319-41e7-ad22-db28156a2ac1", - "type": "search", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-04T20:07:16.386Z", - "version": "WzgwOCwxXQ==", - "attributes": { - "title": "All Logs", - "description": "", - "hits": 0, - "columns": [ - "event.provider", - "event.dataset", - "network.protocol", - "event.action", - "event.result", - "source.ip", - "destination.ip", - "destination.port", - "event.id" - ], - "sort": [ - [ - "MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER", - "desc" - ] - ], - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"filter\":[],\"query\":{\"query\":\"NOT event.provider:arkime\",\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" - } - }, - "references": [ - { - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern", - "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" - } - ], - "migrationVersion": { - "search": "7.9.3" - } - }, - { - "id": "52570870-e9d4-444f-a3df-e44c6757ed9f", - "type": "search", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-04T20:07:13.356Z", - "version": "Wzc3MCwxXQ==", - "attributes": { - "title": "Connections - Logs", - "description": "", - "hits": 0, - "columns": [ - "network.transport", - "network.protocol", - "source.ip", - "source.port", - "destination.ip", - "destination.port", - "network.bytes", - "event.id" - ], - "sort": [ - [ - "MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER", - "desc" - ] - ], - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"filter\":[],\"query\":{\"query\":{\"query_string\":{\"query\":\"(event.provider:zeek AND event.dataset:conn) OR (event.provider:suricata AND event.dataset:flow)\",\"analyze_wildcard\":true}},\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" - } - }, - "references": [ - { - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern", - "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" - } - ], - "migrationVersion": { - "search": "7.9.3" - } - }, - { - "id": "0b971165-4c39-42ed-b80d-8a8f5658a38e", - "type": "search", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-04T20:06:49.169Z", - "version": "WzUwOCwxXQ==", - "attributes": { - "title": "DNS - Logs", - "description": "", - "hits": 0, - "columns": [ - "source.ip", - "destination.ip", - "zeek.dns.query", - "zeek.dns.answers", - "event.id" - ], - "sort": [ - [ - "MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER", - "desc" - ] - ], - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"event.dataset:dns\"}}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" - } - }, - "references": [ - { - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern", - "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" - } - ], - "migrationVersion": { - "search": "7.9.3" - } - } - ] +{ + "version": "1.3.1", + "objects": [ + { + "id": "0ad3d7c2-3441-485e-9dfe-dbb22e84e576", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-04T20:30:33.149Z", + "version": "WzEzNjIsMV0=", + "attributes": { + "title": "Overview", + "hits": 0, + "description": "", + "panelsJSON": "[{\"embeddableConfig\":{},\"gridData\":{\"h\":31,\"i\":\"1\",\"w\":8,\"x\":0,\"y\":0},\"panelIndex\":\"1\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{\"table\":null,\"vis\":{\"legendOpen\":true}},\"gridData\":{\"h\":13,\"i\":\"12\",\"w\":21,\"x\":27,\"y\":0},\"panelIndex\":\"12\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":18,\"i\":\"19\",\"w\":36,\"x\":0,\"y\":31},\"panelIndex\":\"19\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"asc\"}},\"table\":null,\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}},\"gridData\":{\"h\":18,\"i\":\"21\",\"w\":14,\"x\":8,\"y\":13},\"panelIndex\":\"21\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":13,\"i\":\"32\",\"w\":7,\"x\":8,\"y\":0},\"panelIndex\":\"32\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}},\"gridData\":{\"h\":18,\"i\":\"43\",\"w\":12,\"x\":36,\"y\":31},\"panelIndex\":\"43\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{\"table\":null,\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}},\"gridData\":{\"h\":13,\"i\":\"4f869578-b143-4103-8804-f8b59688a5dd\",\"w\":12,\"x\":15,\"y\":0},\"panelIndex\":\"4f869578-b143-4103-8804-f8b59688a5dd\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"asc\"}},\"table\":null,\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}},\"gridData\":{\"h\":18,\"i\":\"2aab2ae5-2520-4b78-9735-04c32b22b71e\",\"w\":11,\"x\":22,\"y\":13},\"panelIndex\":\"2aab2ae5-2520-4b78-9735-04c32b22b71e\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":18,\"i\":\"f92ea81f-8f7e-4a79-abde-e5d8aaf7a39a\",\"w\":15,\"x\":33,\"y\":13},\"panelIndex\":\"f92ea81f-8f7e-4a79-abde-e5d8aaf7a39a\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_8\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":27,\"i\":\"4c077648-488a-4fd8-9fcd-3042ec1bfa4d\",\"w\":48,\"x\":0,\"y\":49},\"panelIndex\":\"4c077648-488a-4fd8-9fcd-3042ec1bfa4d\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_9\"}]", + "optionsJSON": "{\"useMargins\":true}", + "version": 1, + "timeRestore": false, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"*\"},\"filter\":[]}" + } + }, + "references": [ + { + "name": "panel_0", + "type": "visualization", + "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3" + }, + { + "name": "panel_1", + "type": "visualization", + "id": "470c6648-d66f-4fae-99af-061cab27065a" + }, + { + "name": "panel_2", + "type": "visualization", + "id": "3da52536-9455-4f8f-931a-14f4c04c636b" + }, + { + "name": "panel_3", + "type": "visualization", + "id": "f7aba7a6-4b09-4efe-ae42-68d5637212ce" + }, + { + "name": "panel_4", + "type": "visualization", + "id": "AWDGyaGxxQT5EBNmq3K9" + }, + { + "name": "panel_5", + "type": "visualization", + "id": "6ec2abe4-c3b1-4cc1-8674-e80f8aee7ec5" + }, + { + "name": "panel_6", + "type": "visualization", + "id": "74c4f480-c7dc-11ec-8c7e-e93fedca6b87" + }, + { + "name": "panel_7", + "type": "visualization", + "id": "750367f0-41f2-11ea-88fa-7151df485405" + }, + { + "name": "panel_8", + "type": "visualization", + "id": "f38b3bd0-afd3-11ea-adcf-8bc6d9c94a96" + }, + { + "name": "panel_9", + "type": "search", + "id": "c97bc964-5319-41e7-ad22-db28156a2ac1" + } + ], + "migrationVersion": { + "dashboard": "7.9.3" + } + }, + { + "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-04T20:07:16.386Z", + "version": "Wzc5NSwxXQ==", + "attributes": { + "title": "Network Logs", + "visState": "{\"title\":\"Network Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576) \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405) \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf) \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330) \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4) \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed) \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714) \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3) \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85) \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11) \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f) \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b) \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1) \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed) \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5) \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f) \\n[↪ NetBox](/netbox/) \\n[↪ Arkime](/arkime/) \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406) ● [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e) ● [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9) ● [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48) ● [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) ● [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3) ● [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673) ● [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24) ● [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105) ● [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6) ● [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37) ● [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586) ● [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0) ● [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c) ● [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970) ● [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0) ● [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26) ● [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa) ● [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773) ● [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f) ● [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab) ● [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238) ● [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3) ● [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd) ● [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d) ● [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88) ● [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2) ● [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194) ● [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad) ● [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3) ● [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4) ● [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194) ● [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7) ● [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8) ● [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4) ● [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194) ● [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194) ● [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4) ● [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}", + "uiStateJSON": "{}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}" + } + }, + "references": [], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "470c6648-d66f-4fae-99af-061cab27065a", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-04T20:06:10.844Z", + "version": "WzYxLDFd", + "attributes": { + "title": "Total Log Count Over Time", + "visState": "{\"title\":\"Total Log Count Over Time\",\"type\":\"line\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"params\":{\"field\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER\",\"timeRange\":{\"from\":\"now-25y\",\"to\":\"now\"},\"useNormalizedOpenSearchInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\" \"},\"schema\":\"segment\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.provider\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"unknown\"},\"schema\":\"group\"}],\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER per 30 seconds\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"stacked\",\"type\":\"histogram\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"type\":\"histogram\",\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}", + "uiStateJSON": "{\"vis\":{\"legendOpen\":true}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "c97bc964-5319-41e7-ad22-db28156a2ac1" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "3da52536-9455-4f8f-931a-14f4c04c636b", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-04T20:28:37.178Z", + "version": "WzEzNDcsMV0=", + "attributes": { + "title": "Connections - Service By Destination Country", + "visState": "{\"title\":\"Connections - Service By Destination Country\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.geo.country_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":8,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\" \"},\"schema\":\"split\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"},\"schema\":\"segment\"}],\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":3,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"},\"buckets\":[{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}],\"splitColumn\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"row\":false}}", + "uiStateJSON": "{\"vis\":{\"legendOpen\":true}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "f7aba7a6-4b09-4efe-ae42-68d5637212ce", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-04T20:06:10.844Z", + "version": "WzYzLDFd", + "attributes": { + "title": "Log Type", + "visState": "{\"title\":\"Log Type\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.provider\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"unknown\",\"customLabel\":\"Data Source\"},\"schema\":\"bucket\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.dataset\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Log Type\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\"}}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "c97bc964-5319-41e7-ad22-db28156a2ac1" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "AWDGyaGxxQT5EBNmq3K9", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-04T20:06:52.191Z", + "version": "WzUzMCwxXQ==", + "attributes": { + "title": "Total Number of Logs", + "visState": "{\"title\":\"Total Number of Logs\",\"type\":\"metric\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Logs\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.provider\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"unknown\",\"customLabel\":\"Data Source\"},\"schema\":\"group\"}],\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"colorSchema\":\"Green to Red\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":true,\"color\":\"black\"},\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"},\"metricColorMode\":\"None\"}}}", + "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"NOT event.provider:arkime\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" + } + }, + "references": [ + { + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern", + "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "6ec2abe4-c3b1-4cc1-8674-e80f8aee7ec5", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-04T20:06:10.844Z", + "version": "WzY1LDFd", + "attributes": { + "title": "DNS - Queries", + "visState": "{\"title\":\"DNS - Queries\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dns.query\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":250,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Query\"}}]}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "type": "search", + "name": "search_0", + "id": "0b971165-4c39-42ed-b80d-8a8f5658a38e" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "74c4f480-c7dc-11ec-8c7e-e93fedca6b87", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-04T20:06:10.844Z", + "version": "WzY2LDFd", + "attributes": { + "title": "Log Source", + "visState": "{\"title\":\"Log Source\",\"type\":\"table\",\"aggs\":[{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"-\",\"customLabel\":\"Log Source\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"max\",\"params\":{\"field\":\"event.ingested\",\"customLabel\":\"Last Ingested\"},\"schema\":\"metric\"},{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"}],\"params\":{\"perPage\":5,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" + } + }, + "references": [ + { + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern", + "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "750367f0-41f2-11ea-88fa-7151df485405", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-04T20:06:10.844Z", + "version": "WzY3LDFd", + "attributes": { + "title": "Application Protocol", + "visState": "{\"title\":\"Application Protocol\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":0,\"direction\":\"asc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Application Protocol\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Protocol Version\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Application Protocol\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"network.protocol_version\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Protocol Version\"}}]}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" + } + }, + "references": [ + { + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern", + "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "f38b3bd0-afd3-11ea-adcf-8bc6d9c94a96", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-04T20:07:05.320Z", + "version": "WzY5MywxXQ==", + "attributes": { + "title": "Actions and Results", + "visState": "{\"title\":\"Actions and Results\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":3,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Unknown\"}},\"params\":{},\"label\":\"Protocol\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Action\",\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Result\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Protocol\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Action\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.result\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Result\"}}]}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"event.action:* OR event.result:*\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" + } + }, + "references": [ + { + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern", + "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "c97bc964-5319-41e7-ad22-db28156a2ac1", + "type": "search", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-04T20:07:16.386Z", + "version": "WzgwOCwxXQ==", + "attributes": { + "title": "All Logs", + "description": "", + "hits": 0, + "columns": [ + "event.provider", + "event.dataset", + "network.protocol", + "event.action", + "event.result", + "source.ip", + "destination.ip", + "destination.port", + "event.id" + ], + "sort": [ + [ + "MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER", + "desc" + ] + ], + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"filter\":[],\"query\":{\"query\":\"NOT event.provider:arkime\",\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" + } + }, + "references": [ + { + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern", + "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" + } + ], + "migrationVersion": { + "search": "7.9.3" + } + }, + { + "id": "52570870-e9d4-444f-a3df-e44c6757ed9f", + "type": "search", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-04T20:07:13.356Z", + "version": "Wzc3MCwxXQ==", + "attributes": { + "title": "Connections - Logs", + "description": "", + "hits": 0, + "columns": [ + "network.transport", + "network.protocol", + "source.ip", + "source.port", + "destination.ip", + "destination.port", + "network.bytes", + "event.id" + ], + "sort": [ + [ + "MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER", + "desc" + ] + ], + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"filter\":[],\"query\":{\"query\":{\"query_string\":{\"query\":\"(event.provider:zeek AND event.dataset:conn) OR (event.provider:suricata AND event.dataset:flow)\",\"analyze_wildcard\":true}},\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" + } + }, + "references": [ + { + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern", + "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" + } + ], + "migrationVersion": { + "search": "7.9.3" + } + }, + { + "id": "0b971165-4c39-42ed-b80d-8a8f5658a38e", + "type": "search", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-04T20:06:49.169Z", + "version": "WzUwOCwxXQ==", + "attributes": { + "title": "DNS - Logs", + "description": "", + "hits": 0, + "columns": [ + "source.ip", + "destination.ip", + "zeek.dns.query", + "zeek.dns.answers", + "event.id" + ], + "sort": [ + [ + "MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER", + "desc" + ] + ], + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"event.dataset:dns\"}}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" + } + }, + "references": [ + { + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern", + "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" + } + ], + "migrationVersion": { + "search": "7.9.3" + } + } + ] } \ No newline at end of file diff --git a/dashboards/dashboards/12e3a130-d83b-11eb-a0b0-f328ce09b0b7.json b/dashboards/dashboards/12e3a130-d83b-11eb-a0b0-f328ce09b0b7.json index bdf4ca834..4f1d9e09e 100644 --- a/dashboards/dashboards/12e3a130-d83b-11eb-a0b0-f328ce09b0b7.json +++ b/dashboards/dashboards/12e3a130-d83b-11eb-a0b0-f328ce09b0b7.json @@ -1,341 +1,341 @@ -{ - "version": "7.10.2", - "objects": [ - { - "id": "12e3a130-d83b-11eb-a0b0-f328ce09b0b7", - "type": "dashboard", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-25T21:21:24.534Z", - "version": "WzkwNiwxXQ==", - "attributes": { - "title": "ICS Best Guess", - "hits": 0, - "description": "", - "panelsJSON": "[{\"embeddableConfig\":{},\"gridData\":{\"h\":34,\"i\":\"1\",\"w\":8,\"x\":0,\"y\":0},\"panelIndex\":\"1\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":10,\"i\":\"bcd8c686-5d1e-493c-a9b3-4ff46e43c430\",\"w\":8,\"x\":8,\"y\":0},\"panelIndex\":\"bcd8c686-5d1e-493c-a9b3-4ff46e43c430\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":10,\"i\":\"8ea78bf3-d28f-4e64-9300-acc4974b48ab\",\"w\":32,\"x\":16,\"y\":0},\"panelIndex\":\"8ea78bf3-d28f-4e64-9300-acc4974b48ab\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{\"hidePanelTitles\":true},\"gridData\":{\"h\":6,\"i\":\"8b261ab9-bc3e-431f-9661-7130a3691e59\",\"w\":17,\"x\":8,\"y\":10},\"panelIndex\":\"8b261ab9-bc3e-431f-9661-7130a3691e59\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{\"table\":null,\"vis\":{\"params\":{\"sort\":{\"columnIndex\":4,\"direction\":\"desc\"}}}},\"gridData\":{\"h\":26,\"i\":\"d12b6bb3-e89e-4a92-8234-91bb7e55c20d\",\"w\":23,\"x\":25,\"y\":10},\"panelIndex\":\"d12b6bb3-e89e-4a92-8234-91bb7e55c20d\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{\"table\":null,\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}},\"gridData\":{\"h\":18,\"i\":\"a77da3f0-fda3-4638-bc9e-a492ab4f9999\",\"w\":17,\"x\":8,\"y\":16},\"panelIndex\":\"a77da3f0-fda3-4638-bc9e-a492ab4f9999\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":4,\"direction\":\"desc\"}}}},\"gridData\":{\"h\":26,\"i\":\"ed874588-65d2-458f-a7f5-88e6f7031b80\",\"w\":23,\"x\":25,\"y\":36},\"panelIndex\":\"ed874588-65d2-458f-a7f5-88e6f7031b80\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":28,\"i\":\"a90fa9be-54ba-4f25-ab7b-bf484557a89d\",\"w\":25,\"x\":0,\"y\":34},\"panelIndex\":\"a90fa9be-54ba-4f25-ab7b-bf484557a89d\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":33,\"i\":\"2000008c-f74f-40c3-bbfd-ec6a9acf864c\",\"w\":48,\"x\":0,\"y\":62},\"panelIndex\":\"2000008c-f74f-40c3-bbfd-ec6a9acf864c\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_8\"}]", - "optionsJSON": "{\"useMargins\":true}", - "version": 1, - "timeRestore": false, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[]}" - } - }, - "references": [ - { - "name": "panel_0", - "type": "visualization", - "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3" - }, - { - "name": "panel_1", - "type": "visualization", - "id": "9f878160-d83b-11eb-a0b0-f328ce09b0b7" - }, - { - "name": "panel_2", - "type": "visualization", - "id": "e51375e0-d83b-11eb-a0b0-f328ce09b0b7" - }, - { - "name": "panel_3", - "type": "visualization", - "id": "2a3ce150-d8e7-11eb-8448-8f6f257e0b34" - }, - { - "name": "panel_4", - "type": "visualization", - "id": "d3ec8b90-d8e4-11eb-8448-8f6f257e0b34" - }, - { - "name": "panel_5", - "type": "visualization", - "id": "129f16c0-d83e-11eb-a0b0-f328ce09b0b7" - }, - { - "name": "panel_6", - "type": "visualization", - "id": "8c3695b0-d8e5-11eb-8448-8f6f257e0b34" - }, - { - "name": "panel_7", - "type": "visualization", - "id": "054c4020-d83d-11eb-a0b0-f328ce09b0b7" - }, - { - "name": "panel_8", - "type": "search", - "id": "a4db0f40-d838-11eb-a0b0-f328ce09b0b7" - } - ], - "migrationVersion": { - "dashboard": "7.9.3" - } - }, - { - "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-25T21:05:09.919Z", - "version": "Wzc1NSwxXQ==", - "attributes": { - "title": "Network Logs", - "visState": "{\"title\":\"Network Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576) \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405) \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf) \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330) \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4) \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed) \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714) \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3) \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85) \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11) \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f) \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b) \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1) \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed) \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5) \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f) \\n[↪ NetBox](/netbox/) \\n[↪ Arkime](/arkime/) \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406) ● [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e) ● [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9) ● [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48) ● [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) ● [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3) ● [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673) ● [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24) ● [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105) ● [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6) ● [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37) ● [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586) ● [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0) ● [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c) ● [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970) ● [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0) ● [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26) ● [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa) ● [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773) ● [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f) ● [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab) ● [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238) ● [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3) ● [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd) ● [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d) ● [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88) ● [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2) ● [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194) ● [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad) ● [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3) ● [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4) ● [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194) ● [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7) ● [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8) ● [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4) ● [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194) ● [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194) ● [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4) ● [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}", - "uiStateJSON": "{}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}" - } - }, - "references": [], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "9f878160-d83b-11eb-a0b0-f328ce09b0b7", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-25T21:04:12.181Z", - "version": "WzExMSwxXQ==", - "attributes": { - "title": "Best Guess - Log Count", - "visState": "{\"title\":\"Best Guess - Log Count\",\"type\":\"metric\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"}],\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":false},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":36}}}}", - "uiStateJSON": "{}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "a4db0f40-d838-11eb-a0b0-f328ce09b0b7" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "e51375e0-d83b-11eb-a0b0-f328ce09b0b7", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-25T21:04:12.181Z", - "version": "WzExMiwxXQ==", - "attributes": { - "title": "Best Guess - Log Count Over Time", - "visState": "{\"title\":\"Best Guess - Log Count Over Time\",\"type\":\"line\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"params\":{\"field\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER\",\"timeRange\":{\"from\":\"now-26y\",\"to\":\"now\"},\"useNormalizedEsInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\" \"},\"schema\":\"segment\"}],\"params\":{\"type\":\"line\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"interpolate\":\"linear\",\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}", - "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "a4db0f40-d838-11eb-a0b0-f328ce09b0b7" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "2a3ce150-d8e7-11eb-8448-8f6f257e0b34", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-25T21:04:12.181Z", - "version": "WzExMywxXQ==", - "attributes": { - "title": "Best Guess - Disclaimer", - "visState": "{\"title\":\"Best Guess - Disclaimer\",\"type\":\"markdown\",\"aggs\":[],\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"Note: This dashboard categorizes potential industrial control system traffic using transport protocol, responding port and/or originating port instead of packet payload inspection. As such, these results should be viewed as a \\\"best guess\\\" and are likely to have more false positives than other protocol dashboards.\"}}", - "uiStateJSON": "{}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - } - }, - "references": [], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "d3ec8b90-d8e4-11eb-8448-8f6f257e0b34", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-25T21:18:58.163Z", - "version": "Wzg1NywxXQ==", - "attributes": { - "title": "Best Guess Protocol - Destination", - "visState": "{\"title\":\"Best Guess Protocol - Destination\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.bestguess.category\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Category\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.bestguess.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":500,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Protocol\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"protocol\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Transport\"},\"schema\":\"bucket\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":18,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":4,\"direction\":\"desc\"}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "a4db0f40-d838-11eb-a0b0-f328ce09b0b7" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "129f16c0-d83e-11eb-a0b0-f328ce09b0b7", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-25T21:18:03.746Z", - "version": "WzgzNywxXQ==", - "attributes": { - "title": "Best Guess - Summary", - "visState": "{\"title\":\"Best Guess - Summary\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.transport\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Transport\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.bestguess.category\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Category\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.bestguess.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":500,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Details\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "a4db0f40-d838-11eb-a0b0-f328ce09b0b7" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "8c3695b0-d8e5-11eb-8448-8f6f257e0b34", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-25T21:20:33.748Z", - "version": "Wzg4NSwxXQ==", - "attributes": { - "title": "Best Guess Protocol - Source", - "visState": "{\"title\":\"Best Guess Protocol - Source\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.bestguess.category\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Category\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.bestguess.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":500,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Protocol\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"protocol\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Tranport\"},\"schema\":\"bucket\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":18,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":4,\"direction\":\"desc\"}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "a4db0f40-d838-11eb-a0b0-f328ce09b0b7" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "054c4020-d83d-11eb-a0b0-f328ce09b0b7", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-25T21:04:12.181Z", - "version": "WzExNywxXQ==", - "attributes": { - "title": "Best Guess - Category", - "visState": "{\"title\":\"Best Guess - Category\",\"type\":\"horizontal_bar\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.bestguess.category\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Category\"},\"schema\":\"segment\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.bestguess.category\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":1,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Category\"},\"schema\":\"group\"}],\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"square root\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}", - "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "a4db0f40-d838-11eb-a0b0-f328ce09b0b7" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "a4db0f40-d838-11eb-a0b0-f328ce09b0b7", - "type": "search", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-25T21:04:12.181Z", - "version": "WzExOCwxXQ==", - "attributes": { - "title": "Best Guess - Logs", - "description": "", - "hits": 0, - "columns": [ - "protocol", - "zeek.bestguess.category", - "zeek.bestguess.name", - "source.ip", - "source.port", - "destination.ip", - "destination.port", - "event.id" - ], - "sort": [], - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"query\":{\"query\":\"tags:ics_best_guess\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" - } - }, - "references": [ - { - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern", - "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" - } - ], - "migrationVersion": { - "search": "7.9.3" - } - } - ] +{ + "version": "7.10.2", + "objects": [ + { + "id": "12e3a130-d83b-11eb-a0b0-f328ce09b0b7", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-25T21:21:24.534Z", + "version": "WzkwNiwxXQ==", + "attributes": { + "title": "ICS Best Guess", + "hits": 0, + "description": "", + "panelsJSON": "[{\"embeddableConfig\":{},\"gridData\":{\"h\":34,\"i\":\"1\",\"w\":8,\"x\":0,\"y\":0},\"panelIndex\":\"1\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":10,\"i\":\"bcd8c686-5d1e-493c-a9b3-4ff46e43c430\",\"w\":8,\"x\":8,\"y\":0},\"panelIndex\":\"bcd8c686-5d1e-493c-a9b3-4ff46e43c430\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":10,\"i\":\"8ea78bf3-d28f-4e64-9300-acc4974b48ab\",\"w\":32,\"x\":16,\"y\":0},\"panelIndex\":\"8ea78bf3-d28f-4e64-9300-acc4974b48ab\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{\"hidePanelTitles\":true},\"gridData\":{\"h\":6,\"i\":\"8b261ab9-bc3e-431f-9661-7130a3691e59\",\"w\":17,\"x\":8,\"y\":10},\"panelIndex\":\"8b261ab9-bc3e-431f-9661-7130a3691e59\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{\"table\":null,\"vis\":{\"params\":{\"sort\":{\"columnIndex\":4,\"direction\":\"desc\"}}}},\"gridData\":{\"h\":26,\"i\":\"d12b6bb3-e89e-4a92-8234-91bb7e55c20d\",\"w\":23,\"x\":25,\"y\":10},\"panelIndex\":\"d12b6bb3-e89e-4a92-8234-91bb7e55c20d\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{\"table\":null,\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}},\"gridData\":{\"h\":18,\"i\":\"a77da3f0-fda3-4638-bc9e-a492ab4f9999\",\"w\":17,\"x\":8,\"y\":16},\"panelIndex\":\"a77da3f0-fda3-4638-bc9e-a492ab4f9999\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":4,\"direction\":\"desc\"}}}},\"gridData\":{\"h\":26,\"i\":\"ed874588-65d2-458f-a7f5-88e6f7031b80\",\"w\":23,\"x\":25,\"y\":36},\"panelIndex\":\"ed874588-65d2-458f-a7f5-88e6f7031b80\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":28,\"i\":\"a90fa9be-54ba-4f25-ab7b-bf484557a89d\",\"w\":25,\"x\":0,\"y\":34},\"panelIndex\":\"a90fa9be-54ba-4f25-ab7b-bf484557a89d\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":33,\"i\":\"2000008c-f74f-40c3-bbfd-ec6a9acf864c\",\"w\":48,\"x\":0,\"y\":62},\"panelIndex\":\"2000008c-f74f-40c3-bbfd-ec6a9acf864c\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_8\"}]", + "optionsJSON": "{\"useMargins\":true}", + "version": 1, + "timeRestore": false, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[]}" + } + }, + "references": [ + { + "name": "panel_0", + "type": "visualization", + "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3" + }, + { + "name": "panel_1", + "type": "visualization", + "id": "9f878160-d83b-11eb-a0b0-f328ce09b0b7" + }, + { + "name": "panel_2", + "type": "visualization", + "id": "e51375e0-d83b-11eb-a0b0-f328ce09b0b7" + }, + { + "name": "panel_3", + "type": "visualization", + "id": "2a3ce150-d8e7-11eb-8448-8f6f257e0b34" + }, + { + "name": "panel_4", + "type": "visualization", + "id": "d3ec8b90-d8e4-11eb-8448-8f6f257e0b34" + }, + { + "name": "panel_5", + "type": "visualization", + "id": "129f16c0-d83e-11eb-a0b0-f328ce09b0b7" + }, + { + "name": "panel_6", + "type": "visualization", + "id": "8c3695b0-d8e5-11eb-8448-8f6f257e0b34" + }, + { + "name": "panel_7", + "type": "visualization", + "id": "054c4020-d83d-11eb-a0b0-f328ce09b0b7" + }, + { + "name": "panel_8", + "type": "search", + "id": "a4db0f40-d838-11eb-a0b0-f328ce09b0b7" + } + ], + "migrationVersion": { + "dashboard": "7.9.3" + } + }, + { + "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-25T21:05:09.919Z", + "version": "Wzc1NSwxXQ==", + "attributes": { + "title": "Network Logs", + "visState": "{\"title\":\"Network Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576) \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405) \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf) \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330) \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4) \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed) \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714) \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3) \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85) \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11) \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f) \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b) \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1) \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed) \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5) \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f) \\n[↪ NetBox](/netbox/) \\n[↪ Arkime](/arkime/) \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406) ● [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e) ● [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9) ● [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48) ● [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) ● [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3) ● [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673) ● [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24) ● [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105) ● [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6) ● [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37) ● [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586) ● [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0) ● [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c) ● [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970) ● [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0) ● [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26) ● [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa) ● [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773) ● [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f) ● [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab) ● [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238) ● [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3) ● [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd) ● [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d) ● [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88) ● [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2) ● [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194) ● [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad) ● [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3) ● [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4) ● [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194) ● [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7) ● [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8) ● [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4) ● [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194) ● [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194) ● [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4) ● [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}", + "uiStateJSON": "{}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}" + } + }, + "references": [], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "9f878160-d83b-11eb-a0b0-f328ce09b0b7", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-25T21:04:12.181Z", + "version": "WzExMSwxXQ==", + "attributes": { + "title": "Best Guess - Log Count", + "visState": "{\"title\":\"Best Guess - Log Count\",\"type\":\"metric\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"}],\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":false},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":36}}}}", + "uiStateJSON": "{}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "a4db0f40-d838-11eb-a0b0-f328ce09b0b7" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "e51375e0-d83b-11eb-a0b0-f328ce09b0b7", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-25T21:04:12.181Z", + "version": "WzExMiwxXQ==", + "attributes": { + "title": "Best Guess - Log Count Over Time", + "visState": "{\"title\":\"Best Guess - Log Count Over Time\",\"type\":\"line\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"params\":{\"field\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER\",\"timeRange\":{\"from\":\"now-26y\",\"to\":\"now\"},\"useNormalizedEsInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\" \"},\"schema\":\"segment\"}],\"params\":{\"type\":\"line\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"interpolate\":\"linear\",\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}", + "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "a4db0f40-d838-11eb-a0b0-f328ce09b0b7" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "2a3ce150-d8e7-11eb-8448-8f6f257e0b34", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-25T21:04:12.181Z", + "version": "WzExMywxXQ==", + "attributes": { + "title": "Best Guess - Disclaimer", + "visState": "{\"title\":\"Best Guess - Disclaimer\",\"type\":\"markdown\",\"aggs\":[],\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"Note: This dashboard categorizes potential industrial control system traffic using transport protocol, responding port and/or originating port instead of packet payload inspection. As such, these results should be viewed as a \\\"best guess\\\" and are likely to have more false positives than other protocol dashboards.\"}}", + "uiStateJSON": "{}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + } + }, + "references": [], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "d3ec8b90-d8e4-11eb-8448-8f6f257e0b34", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-25T21:18:58.163Z", + "version": "Wzg1NywxXQ==", + "attributes": { + "title": "Best Guess Protocol - Destination", + "visState": "{\"title\":\"Best Guess Protocol - Destination\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.bestguess.category\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Category\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.bestguess.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":500,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Protocol\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"protocol\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Transport\"},\"schema\":\"bucket\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":18,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":4,\"direction\":\"desc\"}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "a4db0f40-d838-11eb-a0b0-f328ce09b0b7" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "129f16c0-d83e-11eb-a0b0-f328ce09b0b7", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-25T21:18:03.746Z", + "version": "WzgzNywxXQ==", + "attributes": { + "title": "Best Guess - Summary", + "visState": "{\"title\":\"Best Guess - Summary\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.transport\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Transport\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.bestguess.category\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Category\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.bestguess.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":500,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Details\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "a4db0f40-d838-11eb-a0b0-f328ce09b0b7" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "8c3695b0-d8e5-11eb-8448-8f6f257e0b34", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-25T21:20:33.748Z", + "version": "Wzg4NSwxXQ==", + "attributes": { + "title": "Best Guess Protocol - Source", + "visState": "{\"title\":\"Best Guess Protocol - Source\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.bestguess.category\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Category\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.bestguess.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":500,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Protocol\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"protocol\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Tranport\"},\"schema\":\"bucket\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":18,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":4,\"direction\":\"desc\"}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "a4db0f40-d838-11eb-a0b0-f328ce09b0b7" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "054c4020-d83d-11eb-a0b0-f328ce09b0b7", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-25T21:04:12.181Z", + "version": "WzExNywxXQ==", + "attributes": { + "title": "Best Guess - Category", + "visState": "{\"title\":\"Best Guess - Category\",\"type\":\"horizontal_bar\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.bestguess.category\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Category\"},\"schema\":\"segment\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.bestguess.category\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":1,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Category\"},\"schema\":\"group\"}],\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"square root\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}", + "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "a4db0f40-d838-11eb-a0b0-f328ce09b0b7" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "a4db0f40-d838-11eb-a0b0-f328ce09b0b7", + "type": "search", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-25T21:04:12.181Z", + "version": "WzExOCwxXQ==", + "attributes": { + "title": "Best Guess - Logs", + "description": "", + "hits": 0, + "columns": [ + "protocol", + "zeek.bestguess.category", + "zeek.bestguess.name", + "source.ip", + "source.port", + "destination.ip", + "destination.port", + "event.id" + ], + "sort": [], + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"query\":{\"query\":\"tags:ics_best_guess\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" + } + }, + "references": [ + { + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern", + "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" + } + ], + "migrationVersion": { + "search": "7.9.3" + } + } + ] } \ No newline at end of file diff --git a/dashboards/dashboards/1fff49f6-0199-4a0f-820b-721aff9ff1f1.json b/dashboards/dashboards/1fff49f6-0199-4a0f-820b-721aff9ff1f1.json index a97af6c77..24042da8f 100644 --- a/dashboards/dashboards/1fff49f6-0199-4a0f-820b-721aff9ff1f1.json +++ b/dashboards/dashboards/1fff49f6-0199-4a0f-820b-721aff9ff1f1.json @@ -1,281 +1,281 @@ -{ - "version": "1.3.1", - "objects": [ - { - "id": "1fff49f6-0199-4a0f-820b-721aff9ff1f1", - "type": "dashboard", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-04T17:52:19.656Z", - "version": "WzE2MSwxXQ==", - "attributes": { - "title": "Zeek Weird", - "hits": 0, - "description": "", - "panelsJSON": "[{\"version\":\"1.3.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":28,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"1.3.1\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_1\"},{\"version\":\"1.3.1\",\"gridData\":{\"x\":25,\"y\":8,\"w\":10,\"h\":20,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{\"P-5\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"P-6\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"table\":null,\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}},\"panelRefName\":\"panel_2\"},{\"version\":\"1.3.1\",\"gridData\":{\"x\":35,\"y\":8,\"w\":13,\"h\":20,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{\"table\":null,\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}},\"panelRefName\":\"panel_3\"},{\"version\":\"1.3.1\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"13\"},\"panelIndex\":\"13\",\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"panelRefName\":\"panel_4\"},{\"version\":\"1.3.1\",\"gridData\":{\"x\":8,\"y\":8,\"w\":17,\"h\":20,\"i\":\"14\"},\"panelIndex\":\"14\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}},\"panelRefName\":\"panel_5\"},{\"version\":\"1.3.1\",\"gridData\":{\"x\":0,\"y\":28,\"w\":48,\"h\":35,\"i\":\"781c60c8-791a-4f33-9f08-85820f16f4d1\"},\"panelIndex\":\"781c60c8-791a-4f33-9f08-85820f16f4d1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"}]", - "optionsJSON": "{\"useMargins\":true}", - "version": 1, - "timeRestore": false, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\",\"time_zone\":\"America/Denver\"}}},\"filter\":[]}" - } - }, - "references": [ - { - "name": "panel_0", - "type": "visualization", - "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3" - }, - { - "name": "panel_1", - "type": "visualization", - "id": "2789890f-3187-449c-b0d7-a351975cbe13" - }, - { - "name": "panel_2", - "type": "visualization", - "id": "259fa46e-2fde-41bb-b028-063a12cb4621" - }, - { - "name": "panel_3", - "type": "visualization", - "id": "84786f08-b68a-4524-8d2d-d44221f99060" - }, - { - "name": "panel_4", - "type": "visualization", - "id": "AWDHGXk-xQT5EBNmq4uf" - }, - { - "name": "panel_5", - "type": "visualization", - "id": "429d2522-67c6-44f5-aae8-f464d5815195" - }, - { - "name": "panel_6", - "type": "search", - "id": "17236484-ab93-4497-8b85-bc7dfaeb2d71" - } - ], - "migrationVersion": { - "dashboard": "7.9.3" - } - }, - { - "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-04T17:53:15.100Z", - "version": "Wzc4NCwxXQ==", - "attributes": { - "title": "Network Logs", - "visState": "{\"title\":\"Network Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576) \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405) \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf) \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330) \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4) \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed) \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714) \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3) \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85) \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11) \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f) \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b) \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1) \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed) \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5) \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f) \\n[↪ NetBox](/netbox/) \\n[↪ Arkime](/arkime/) \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406) ● [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e) ● [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9) ● [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48) ● [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) ● [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3) ● [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673) ● [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24) ● [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105) ● [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6) ● [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37) ● [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586) ● [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0) ● [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c) ● [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970) ● [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0) ● [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26) ● [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa) ● [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773) ● [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f) ● [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab) ● [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238) ● [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3) ● [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd) ● [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d) ● [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88) ● [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2) ● [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194) ● [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad) ● [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3) ● [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4) ● [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194) ● [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7) ● [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8) ● [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4) ● [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194) ● [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194) ● [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4) ● [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}", - "uiStateJSON": "{}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}" - } - }, - "references": [], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "2789890f-3187-449c-b0d7-a351975cbe13", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-04T17:52:19.656Z", - "version": "WzE2MywxXQ==", - "attributes": { - "title": "Weird - Log Count Over Time", - "visState": "{\"title\":\"Weird - Log Count Over Time\",\"type\":\"histogram\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\" \"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"params\":{\"field\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER\",\"timeRange\":{\"from\":\"now-15y\",\"to\":\"now\"},\"useNormalizedOpenSearchInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\" \"},\"schema\":\"segment\"}],\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER per 12 hours\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\" \"},\"drawLinesBetweenPoints\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"mode\":\"normal\",\"show\":true,\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\" \"},\"type\":\"value\"}],\"type\":\"histogram\",\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}", - "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "17236484-ab93-4497-8b85-bc7dfaeb2d71" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "259fa46e-2fde-41bb-b028-063a12cb4621", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-04T17:52:19.656Z", - "version": "WzE2NCwxXQ==", - "attributes": { - "title": "Weird - Source", - "visState": "{\"title\":\"Weird - Source\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\"}}", - "uiStateJSON": "{\"P-5\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"P-6\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "17236484-ab93-4497-8b85-bc7dfaeb2d71" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "84786f08-b68a-4524-8d2d-d44221f99060", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-04T17:52:19.656Z", - "version": "WzE2NSwxXQ==", - "attributes": { - "title": "Weird - Destination", - "visState": "{\"title\":\"Weird - Destination\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Port\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\"}}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "17236484-ab93-4497-8b85-bc7dfaeb2d71" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "AWDHGXk-xQT5EBNmq4uf", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-04T17:52:19.656Z", - "version": "WzE2NiwxXQ==", - "attributes": { - "title": "Weird - Log Count", - "visState": "{\"title\":\"Weird - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}", - "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "type": "search", - "name": "search_0", - "id": "17236484-ab93-4497-8b85-bc7dfaeb2d71" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "429d2522-67c6-44f5-aae8-f464d5815195", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-04T17:52:19.656Z", - "version": "WzE2NywxXQ==", - "attributes": { - "title": "Weird - Name", - "visState": "{\"title\":\"Weird - Name\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.name\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Name\"}}]}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "type": "search", - "name": "search_0", - "id": "17236484-ab93-4497-8b85-bc7dfaeb2d71" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "17236484-ab93-4497-8b85-bc7dfaeb2d71", - "type": "search", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-04T17:52:19.656Z", - "version": "WzE2OCwxXQ==", - "attributes": { - "title": "Weird - Logs", - "description": "", - "hits": 0, - "columns": [ - "source.ip", - "source.port", - "destination.ip", - "destination.port", - "rule.name", - "event.id" - ], - "sort": [ - [ - "MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER", - "desc" - ] - ], - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"filter\":[],\"query\":{\"query\":{\"query_string\":{\"query\":\"event.dataset:weird\",\"analyze_wildcard\":true}},\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" - } - }, - "references": [ - { - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern", - "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" - } - ], - "migrationVersion": { - "search": "7.9.3" - } - } - ] +{ + "version": "1.3.1", + "objects": [ + { + "id": "1fff49f6-0199-4a0f-820b-721aff9ff1f1", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-04T17:52:19.656Z", + "version": "WzE2MSwxXQ==", + "attributes": { + "title": "Zeek Weird", + "hits": 0, + "description": "", + "panelsJSON": "[{\"version\":\"1.3.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":28,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"1.3.1\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_1\"},{\"version\":\"1.3.1\",\"gridData\":{\"x\":25,\"y\":8,\"w\":10,\"h\":20,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{\"P-5\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"P-6\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"table\":null,\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}},\"panelRefName\":\"panel_2\"},{\"version\":\"1.3.1\",\"gridData\":{\"x\":35,\"y\":8,\"w\":13,\"h\":20,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{\"table\":null,\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}},\"panelRefName\":\"panel_3\"},{\"version\":\"1.3.1\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"13\"},\"panelIndex\":\"13\",\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"panelRefName\":\"panel_4\"},{\"version\":\"1.3.1\",\"gridData\":{\"x\":8,\"y\":8,\"w\":17,\"h\":20,\"i\":\"14\"},\"panelIndex\":\"14\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}},\"panelRefName\":\"panel_5\"},{\"version\":\"1.3.1\",\"gridData\":{\"x\":0,\"y\":28,\"w\":48,\"h\":35,\"i\":\"781c60c8-791a-4f33-9f08-85820f16f4d1\"},\"panelIndex\":\"781c60c8-791a-4f33-9f08-85820f16f4d1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"}]", + "optionsJSON": "{\"useMargins\":true}", + "version": 1, + "timeRestore": false, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\",\"time_zone\":\"America/Denver\"}}},\"filter\":[]}" + } + }, + "references": [ + { + "name": "panel_0", + "type": "visualization", + "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3" + }, + { + "name": "panel_1", + "type": "visualization", + "id": "2789890f-3187-449c-b0d7-a351975cbe13" + }, + { + "name": "panel_2", + "type": "visualization", + "id": "259fa46e-2fde-41bb-b028-063a12cb4621" + }, + { + "name": "panel_3", + "type": "visualization", + "id": "84786f08-b68a-4524-8d2d-d44221f99060" + }, + { + "name": "panel_4", + "type": "visualization", + "id": "AWDHGXk-xQT5EBNmq4uf" + }, + { + "name": "panel_5", + "type": "visualization", + "id": "429d2522-67c6-44f5-aae8-f464d5815195" + }, + { + "name": "panel_6", + "type": "search", + "id": "17236484-ab93-4497-8b85-bc7dfaeb2d71" + } + ], + "migrationVersion": { + "dashboard": "7.9.3" + } + }, + { + "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-04T17:53:15.100Z", + "version": "Wzc4NCwxXQ==", + "attributes": { + "title": "Network Logs", + "visState": "{\"title\":\"Network Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576) \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405) \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf) \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330) \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4) \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed) \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714) \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3) \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85) \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11) \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f) \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b) \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1) \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed) \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5) \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f) \\n[↪ NetBox](/netbox/) \\n[↪ Arkime](/arkime/) \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406) ● [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e) ● [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9) ● [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48) ● [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) ● [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3) ● [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673) ● [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24) ● [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105) ● [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6) ● [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37) ● [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586) ● [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0) ● [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c) ● [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970) ● [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0) ● [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26) ● [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa) ● [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773) ● [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f) ● [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab) ● [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238) ● [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3) ● [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd) ● [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d) ● [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88) ● [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2) ● [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194) ● [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad) ● [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3) ● [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4) ● [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194) ● [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7) ● [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8) ● [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4) ● [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194) ● [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194) ● [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4) ● [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}", + "uiStateJSON": "{}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}" + } + }, + "references": [], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "2789890f-3187-449c-b0d7-a351975cbe13", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-04T17:52:19.656Z", + "version": "WzE2MywxXQ==", + "attributes": { + "title": "Weird - Log Count Over Time", + "visState": "{\"title\":\"Weird - Log Count Over Time\",\"type\":\"histogram\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\" \"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"params\":{\"field\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER\",\"timeRange\":{\"from\":\"now-15y\",\"to\":\"now\"},\"useNormalizedOpenSearchInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\" \"},\"schema\":\"segment\"}],\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER per 12 hours\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\" \"},\"drawLinesBetweenPoints\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"mode\":\"normal\",\"show\":true,\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\" \"},\"type\":\"value\"}],\"type\":\"histogram\",\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}", + "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "17236484-ab93-4497-8b85-bc7dfaeb2d71" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "259fa46e-2fde-41bb-b028-063a12cb4621", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-04T17:52:19.656Z", + "version": "WzE2NCwxXQ==", + "attributes": { + "title": "Weird - Source", + "visState": "{\"title\":\"Weird - Source\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\"}}", + "uiStateJSON": "{\"P-5\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"P-6\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "17236484-ab93-4497-8b85-bc7dfaeb2d71" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "84786f08-b68a-4524-8d2d-d44221f99060", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-04T17:52:19.656Z", + "version": "WzE2NSwxXQ==", + "attributes": { + "title": "Weird - Destination", + "visState": "{\"title\":\"Weird - Destination\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Port\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\"}}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "17236484-ab93-4497-8b85-bc7dfaeb2d71" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "AWDHGXk-xQT5EBNmq4uf", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-04T17:52:19.656Z", + "version": "WzE2NiwxXQ==", + "attributes": { + "title": "Weird - Log Count", + "visState": "{\"title\":\"Weird - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}", + "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "type": "search", + "name": "search_0", + "id": "17236484-ab93-4497-8b85-bc7dfaeb2d71" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "429d2522-67c6-44f5-aae8-f464d5815195", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-04T17:52:19.656Z", + "version": "WzE2NywxXQ==", + "attributes": { + "title": "Weird - Name", + "visState": "{\"title\":\"Weird - Name\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.name\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Name\"}}]}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "type": "search", + "name": "search_0", + "id": "17236484-ab93-4497-8b85-bc7dfaeb2d71" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "17236484-ab93-4497-8b85-bc7dfaeb2d71", + "type": "search", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-04T17:52:19.656Z", + "version": "WzE2OCwxXQ==", + "attributes": { + "title": "Weird - Logs", + "description": "", + "hits": 0, + "columns": [ + "source.ip", + "source.port", + "destination.ip", + "destination.port", + "rule.name", + "event.id" + ], + "sort": [ + [ + "MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER", + "desc" + ] + ], + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"filter\":[],\"query\":{\"query\":{\"query_string\":{\"query\":\"event.dataset:weird\",\"analyze_wildcard\":true}},\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" + } + }, + "references": [ + { + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern", + "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" + } + ], + "migrationVersion": { + "search": "7.9.3" + } + } + ] } \ No newline at end of file diff --git a/dashboards/dashboards/29a1b290-eb98-11e9-a384-0fcf32210194.json b/dashboards/dashboards/29a1b290-eb98-11e9-a384-0fcf32210194.json index 6a831bcda..57ba23e4d 100644 --- a/dashboards/dashboards/29a1b290-eb98-11e9-a384-0fcf32210194.json +++ b/dashboards/dashboards/29a1b290-eb98-11e9-a384-0fcf32210194.json @@ -1,529 +1,529 @@ -{ - "version": "1.2.0", - "objects": [ - { - "id": "29a1b290-eb98-11e9-a384-0fcf32210194", - "type": "dashboard", - "namespaces": [ - "default" - ], - "updated_at": "2022-02-14T15:38:50.396Z", - "version": "WzEwNDMsMV0=", - "attributes": { - "title": "EtherNet/IP", - "hits": 0, - "description": "Dashboard for Ethernet/IP and CIP Protocols", - "panelsJSON": "[{\"version\":\"1.2.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":37,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"1.2.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":9,\"h\":19,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"1.2.0\",\"gridData\":{\"x\":17,\"y\":0,\"w\":31,\"h\":19,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"legendOpen\":false,\"vis\":{\"legendOpen\":true}},\"panelRefName\":\"panel_2\"},{\"version\":\"1.2.0\",\"gridData\":{\"x\":8,\"y\":19,\"w\":28,\"h\":18,\"i\":\"5bbd48d6-a3e7-4b7e-9c1d-9883d519dc76\"},\"panelIndex\":\"5bbd48d6-a3e7-4b7e-9c1d-9883d519dc76\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"1.2.0\",\"gridData\":{\"x\":36,\"y\":19,\"w\":12,\"h\":18,\"i\":\"c25cc903-12d2-43af-9841-89bba26a32a9\"},\"panelIndex\":\"c25cc903-12d2-43af-9841-89bba26a32a9\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}},\"panelRefName\":\"panel_4\"},{\"version\":\"1.2.0\",\"gridData\":{\"x\":0,\"y\":37,\"w\":36,\"h\":18,\"i\":\"a66a1ab3-eeaf-4c7b-a56e-b8663be6ab9f\"},\"panelIndex\":\"a66a1ab3-eeaf-4c7b-a56e-b8663be6ab9f\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":5,\"direction\":\"desc\"}}}},\"panelRefName\":\"panel_5\"},{\"version\":\"1.2.0\",\"gridData\":{\"x\":36,\"y\":37,\"w\":12,\"h\":18,\"i\":\"a73b04d1-99ec-42e7-858d-5edd5c8ae15a\"},\"panelIndex\":\"a73b04d1-99ec-42e7-858d-5edd5c8ae15a\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}},\"panelRefName\":\"panel_6\"},{\"version\":\"1.2.0\",\"gridData\":{\"x\":0,\"y\":55,\"w\":21,\"h\":18,\"i\":\"a38de599-91bf-4ce0-9ba1-fcdacb57c943\"},\"panelIndex\":\"a38de599-91bf-4ce0-9ba1-fcdacb57c943\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}},\"panelRefName\":\"panel_7\"},{\"version\":\"1.2.0\",\"gridData\":{\"x\":21,\"y\":55,\"w\":27,\"h\":18,\"i\":\"7ccb6ae1-5068-4a2d-b147-2baa12a7ac92\"},\"panelIndex\":\"7ccb6ae1-5068-4a2d-b147-2baa12a7ac92\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":5,\"direction\":\"desc\"}}}},\"panelRefName\":\"panel_8\"},{\"version\":\"1.2.0\",\"gridData\":{\"x\":0,\"y\":73,\"w\":48,\"h\":19,\"i\":\"bb66342b-bad1-4592-b5cf-18fbe68ec1a2\"},\"panelIndex\":\"bb66342b-bad1-4592-b5cf-18fbe68ec1a2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"},{\"version\":\"1.2.0\",\"gridData\":{\"x\":0,\"y\":92,\"w\":48,\"h\":13,\"i\":\"faa4d891-2c11-4393-acec-cea800f017e7\"},\"panelIndex\":\"faa4d891-2c11-4393-acec-cea800f017e7\",\"embeddableConfig\":{},\"panelRefName\":\"panel_10\"},{\"version\":\"1.2.0\",\"gridData\":{\"x\":0,\"y\":105,\"w\":48,\"h\":16,\"i\":\"4608eca0-796d-4482-b62a-887c799e423f\"},\"panelIndex\":\"4608eca0-796d-4482-b62a-887c799e423f\",\"embeddableConfig\":{},\"panelRefName\":\"panel_11\"},{\"version\":\"1.2.0\",\"gridData\":{\"x\":0,\"y\":121,\"w\":48,\"h\":16,\"i\":\"9d193b0a-a8d1-48ad-88cc-16a325686f91\"},\"panelIndex\":\"9d193b0a-a8d1-48ad-88cc-16a325686f91\",\"embeddableConfig\":{},\"panelRefName\":\"panel_12\"}]", - "optionsJSON": "{\"useMargins\":true}", - "version": 1, - "timeRestore": false, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"*\"},\"filter\":[]}" - } - }, - "references": [ - { - "name": "panel_0", - "type": "visualization", - "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3" - }, - { - "name": "panel_1", - "type": "visualization", - "id": "b2548270-eb98-11e9-a384-0fcf32210194" - }, - { - "name": "panel_2", - "type": "visualization", - "id": "3c2b11d0-eb99-11e9-a384-0fcf32210194" - }, - { - "name": "panel_3", - "type": "visualization", - "id": "c3b30a40-5682-11eb-a702-bff6ecd13bea" - }, - { - "name": "panel_4", - "type": "visualization", - "id": "378fefe0-cab6-11ea-84cd-4f7b1f416f80" - }, - { - "name": "panel_5", - "type": "visualization", - "id": "6f73cf80-cb7e-11ea-b8b9-778c41cae039" - }, - { - "name": "panel_6", - "type": "visualization", - "id": "4ce6e380-cab6-11ea-84cd-4f7b1f416f80" - }, - { - "name": "panel_7", - "type": "visualization", - "id": "fa86bb10-cab0-11ea-84cd-4f7b1f416f80" - }, - { - "name": "panel_8", - "type": "visualization", - "id": "5f626310-ca96-11ea-8578-f3ff6bdd82b2" - }, - { - "name": "panel_9", - "type": "search", - "id": "ca878ac0-c790-11ea-8578-f3ff6bdd82b2" - }, - { - "name": "panel_10", - "type": "search", - "id": "f75bfb80-c790-11ea-8578-f3ff6bdd82b2" - }, - { - "name": "panel_11", - "type": "search", - "id": "972f9f00-c790-11ea-8578-f3ff6bdd82b2" - }, - { - "name": "panel_12", - "type": "search", - "id": "a2d6d220-caaa-11ea-84cd-4f7b1f416f80" - } - ], - "migrationVersion": { - "dashboard": "7.9.3" - } - }, - { - "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-02-14T15:27:15.763Z", - "version": "Wzc4NSwxXQ==", - "attributes": { - "title": "Network Logs", - "visState": "{\"title\":\"Network Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576) \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405) \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf) \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330) \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4) \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed) \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714) \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3) \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85) \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11) \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f) \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b) \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1) \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed) \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5) \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f) \\n[↪ NetBox](/netbox/) \\n[↪ Arkime](/arkime/) \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406) ● [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e) ● [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9) ● [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48) ● [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) ● [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3) ● [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673) ● [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24) ● [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105) ● [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6) ● [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37) ● [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586) ● [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0) ● [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c) ● [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970) ● [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0) ● [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26) ● [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa) ● [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773) ● [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f) ● [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab) ● [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238) ● [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3) ● [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd) ● [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d) ● [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88) ● [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2) ● [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194) ● [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad) ● [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3) ● [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4) ● [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194) ● [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7) ● [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8) ● [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4) ● [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194) ● [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194) ● [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4) ● [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}", - "uiStateJSON": "{}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}" - } - }, - "references": [], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "b2548270-eb98-11e9-a384-0fcf32210194", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-02-14T15:26:21.141Z", - "version": "WzE3MywxXQ==", - "attributes": { - "title": "EtherNet/IP - Log Count", - "visState": "{\"title\":\"EtherNet/IP - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":36}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Log Count\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"event.dataset\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Log Type\"}}]}", - "uiStateJSON": "{}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"event.dataset:(enip* OR cip*)\",\"language\":\"lucene\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" - } - }, - "references": [ - { - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern", - "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "3c2b11d0-eb99-11e9-a384-0fcf32210194", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-02-14T15:26:21.141Z", - "version": "WzE3NCwxXQ==", - "attributes": { - "title": "EtherNet/IP - Logs Over Time", - "visState": "{\"title\":\"EtherNet/IP - Logs Over Time\",\"type\":\"histogram\",\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"square root\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"times\":[],\"addTimeMarker\":false,\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"dimensions\":{\"x\":{\"accessor\":0,\"format\":{\"id\":\"date\",\"params\":{\"pattern\":\"YYYY\"}},\"params\":{\"date\":true,\"interval\":\"P365D\",\"intervalESValue\":365,\"intervalESUnit\":\"d\",\"format\":\"YYYY\",\"bounds\":{\"min\":\"1971-01-14T16:48:06.557Z\",\"max\":\"2021-01-14T16:48:06.557Z\"}},\"label\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER per 365 days\",\"aggType\":\"date_histogram\"},\"y\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"series\":[{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Log Type\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER\",\"timeRange\":{\"from\":\"now-50y\",\"to\":\"now\"},\"useNormalizedEsInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\" \"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"event.dataset\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Log Type\"}}]}", - "uiStateJSON": "{\"vis\":{\"legendOpen\":true}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"event.dataset:(enip* OR cip*)\",\"language\":\"lucene\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" - } - }, - "references": [ - { - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern", - "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "c3b30a40-5682-11eb-a702-bff6ecd13bea", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-02-14T15:26:21.141Z", - "version": "WzE3NSwxXQ==", - "attributes": { - "title": "Ethernet/IP - Commands", - "visState": "{\"title\":\"Ethernet/IP - Commands\",\"type\":\"horizontal_bar\",\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"square root\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"dimensions\":{\"x\":{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"\"}},\"params\":{},\"label\":\"Command\",\"aggType\":\"terms\"},\"y\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"\",\"customLabel\":\"Command\"}}]}", - "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "972f9f00-c790-11ea-8578-f3ff6bdd82b2" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "378fefe0-cab6-11ea-84cd-4f7b1f416f80", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-02-14T15:26:21.141Z", - "version": "WzE3OCwxXQ==", - "attributes": { - "title": "EtherNet/IP - Source IP", - "visState": "{\"title\":\"EtherNet/IP - Source IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"}}]}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"event.dataset:(\\\"enip\\\" OR \\\"cip\\\" OR \\\"cip_io\\\")\",\"language\":\"lucene\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" - } - }, - "references": [ - { - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern", - "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "6f73cf80-cb7e-11ea-b8b9-778c41cae039", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-02-14T15:26:21.141Z", - "version": "WzE4MCwxXQ==", - "attributes": { - "title": "CIP - Device Identity", - "visState": "{\"title\":\"CIP - Device Identity\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":4,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"N/A\"}},\"params\":{},\"label\":\"Serial Number\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.cip_identity.product_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"N/A\",\"customLabel\":\"Product Name\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.cip_identity.device_type_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"N/A\",\"customLabel\":\"Device Type\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.cip_identity.vendor_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"N/A\",\"customLabel\":\"Vendor Name\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.cip_identity.serial_number\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"N/A\",\"customLabel\":\"Serial Number\"}},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.cip_identity.revision\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"N/A\",\"customLabel\":\"Revision Number\"}}]}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", - "description": "CIP Identity Results", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "f75bfb80-c790-11ea-8578-f3ff6bdd82b2" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "4ce6e380-cab6-11ea-84cd-4f7b1f416f80", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-02-14T15:26:21.141Z", - "version": "WzE3NywxXQ==", - "attributes": { - "title": "EtherNet/IP - Destination IP", - "visState": "{\"title\":\"EtherNet/IP - Destination IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Source IP\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"}}]}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"event.dataset:(\\\"enip\\\" OR \\\"cip\\\" OR \\\"cip_io\\\")\",\"language\":\"lucene\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" - } - }, - "references": [ - { - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern", - "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "fa86bb10-cab0-11ea-84cd-4f7b1f416f80", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-02-14T15:26:21.141Z", - "version": "WzE3NiwxXQ==", - "attributes": { - "title": "CIP - Services", - "visState": "{\"title\":\"CIP - Services\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":3,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Request/Response\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":500,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"CIP Service\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.result\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Status\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.cip.direction\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Request/Response\"}}]}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", - "description": "CIP Services and Status", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "ca878ac0-c790-11ea-8578-f3ff6bdd82b2" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "5f626310-ca96-11ea-8578-f3ff6bdd82b2", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-02-14T15:26:21.141Z", - "version": "WzE3OSwxXQ==", - "attributes": { - "title": "EtherNet/IP - Detailed Information", - "visState": "{\"title\":\"EtherNet/IP - Detailed Information\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":5,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Data Length\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.enip.session_handle\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":500,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Session Identifier\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.enip.sender_context\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Sender Context\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"EtherNet/IP Command\"}},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.enip.length\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Data Length\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.result\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Status\"}}]}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", - "description": "Includes: Session Identifier, Sender Context, EtherNet/IP Command, Data Length, and Status", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "972f9f00-c790-11ea-8578-f3ff6bdd82b2" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "ca878ac0-c790-11ea-8578-f3ff6bdd82b2", - "type": "search", - "namespaces": [ - "default" - ], - "updated_at": "2022-02-14T15:26:21.141Z", - "version": "WzE4MSwxXQ==", - "attributes": { - "title": "CIP - Logs", - "description": "", - "hits": 0, - "columns": [ - "source.ip", - "destination.ip", - "event.action", - "event.result", - "zeek.cip.direction", - "zeek.cip.cip_sequence_count", - "zeek.cip.class_id", - "zeek.cip.class_name", - "zeek.cip.instance_id" - ], - "sort": [ - [ - "MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER", - "desc" - ] - ], - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"filter\":[],\"query\":{\"query\":\"event.dataset:cip\",\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" - } - }, - "references": [ - { - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern", - "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" - } - ], - "migrationVersion": { - "search": "7.9.3" - } - }, - { - "id": "f75bfb80-c790-11ea-8578-f3ff6bdd82b2", - "type": "search", - "namespaces": [ - "default" - ], - "updated_at": "2022-02-14T15:26:21.141Z", - "version": "WzE4MiwxXQ==", - "attributes": { - "title": "CIP - Identity Logs", - "description": "", - "hits": 0, - "columns": [ - "source.ip", - "destination.ip", - "zeek.cip_identity.device_type_name", - "zeek.cip_identity.product_name", - "zeek.cip_identity.vendor_name", - "zeek.cip_identity.revision", - "zeek.cip_identity.serial_number" - ], - "sort": [ - [ - "MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER", - "desc" - ] - ], - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"filter\":[],\"query\":{\"query\":\"event.dataset:cip_identity\",\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" - } - }, - "references": [ - { - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern", - "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" - } - ], - "migrationVersion": { - "search": "7.9.3" - } - }, - { - "id": "972f9f00-c790-11ea-8578-f3ff6bdd82b2", - "type": "search", - "namespaces": [ - "default" - ], - "updated_at": "2022-02-14T15:26:21.141Z", - "version": "WzE4MywxXQ==", - "attributes": { - "title": "Ethernet/IP - Logs", - "description": "", - "hits": 0, - "columns": [ - "source.ip", - "destination.ip", - "event.action", - "event.result", - "zeek.enip.options", - "zeek.enip.sender_context", - "zeek.enip.session_handle", - "event.id" - ], - "sort": [ - [ - "MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER", - "desc" - ] - ], - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"filter\":[],\"query\":{\"query\":\"event.dataset:enip\",\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" - } - }, - "references": [ - { - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern", - "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" - } - ], - "migrationVersion": { - "search": "7.9.3" - } - }, - { - "id": "a2d6d220-caaa-11ea-84cd-4f7b1f416f80", - "type": "search", - "namespaces": [ - "default" - ], - "updated_at": "2022-02-14T15:26:21.141Z", - "version": "WzE4NCwxXQ==", - "attributes": { - "title": "CIP - IO Logs", - "description": "", - "hits": 0, - "columns": [ - "source.ip", - "destination.ip", - "zeek.cip_io.connection_id", - "zeek.cip_io.sequence_number", - "zeek.cip_io.data_length", - "event.id" - ], - "sort": [ - [ - "MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER", - "desc" - ] - ], - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"filter\":[],\"query\":{\"query\":\"event.dataset:cip_io\",\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" - } - }, - "references": [ - { - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern", - "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" - } - ], - "migrationVersion": { - "search": "7.9.3" - } - } - ] +{ + "version": "1.2.0", + "objects": [ + { + "id": "29a1b290-eb98-11e9-a384-0fcf32210194", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-02-14T15:38:50.396Z", + "version": "WzEwNDMsMV0=", + "attributes": { + "title": "EtherNet/IP", + "hits": 0, + "description": "Dashboard for Ethernet/IP and CIP Protocols", + "panelsJSON": "[{\"version\":\"1.2.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":37,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"1.2.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":9,\"h\":19,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"1.2.0\",\"gridData\":{\"x\":17,\"y\":0,\"w\":31,\"h\":19,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"legendOpen\":false,\"vis\":{\"legendOpen\":true}},\"panelRefName\":\"panel_2\"},{\"version\":\"1.2.0\",\"gridData\":{\"x\":8,\"y\":19,\"w\":28,\"h\":18,\"i\":\"5bbd48d6-a3e7-4b7e-9c1d-9883d519dc76\"},\"panelIndex\":\"5bbd48d6-a3e7-4b7e-9c1d-9883d519dc76\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"1.2.0\",\"gridData\":{\"x\":36,\"y\":19,\"w\":12,\"h\":18,\"i\":\"c25cc903-12d2-43af-9841-89bba26a32a9\"},\"panelIndex\":\"c25cc903-12d2-43af-9841-89bba26a32a9\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}},\"panelRefName\":\"panel_4\"},{\"version\":\"1.2.0\",\"gridData\":{\"x\":0,\"y\":37,\"w\":36,\"h\":18,\"i\":\"a66a1ab3-eeaf-4c7b-a56e-b8663be6ab9f\"},\"panelIndex\":\"a66a1ab3-eeaf-4c7b-a56e-b8663be6ab9f\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":5,\"direction\":\"desc\"}}}},\"panelRefName\":\"panel_5\"},{\"version\":\"1.2.0\",\"gridData\":{\"x\":36,\"y\":37,\"w\":12,\"h\":18,\"i\":\"a73b04d1-99ec-42e7-858d-5edd5c8ae15a\"},\"panelIndex\":\"a73b04d1-99ec-42e7-858d-5edd5c8ae15a\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}},\"panelRefName\":\"panel_6\"},{\"version\":\"1.2.0\",\"gridData\":{\"x\":0,\"y\":55,\"w\":21,\"h\":18,\"i\":\"a38de599-91bf-4ce0-9ba1-fcdacb57c943\"},\"panelIndex\":\"a38de599-91bf-4ce0-9ba1-fcdacb57c943\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}},\"panelRefName\":\"panel_7\"},{\"version\":\"1.2.0\",\"gridData\":{\"x\":21,\"y\":55,\"w\":27,\"h\":18,\"i\":\"7ccb6ae1-5068-4a2d-b147-2baa12a7ac92\"},\"panelIndex\":\"7ccb6ae1-5068-4a2d-b147-2baa12a7ac92\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":5,\"direction\":\"desc\"}}}},\"panelRefName\":\"panel_8\"},{\"version\":\"1.2.0\",\"gridData\":{\"x\":0,\"y\":73,\"w\":48,\"h\":19,\"i\":\"bb66342b-bad1-4592-b5cf-18fbe68ec1a2\"},\"panelIndex\":\"bb66342b-bad1-4592-b5cf-18fbe68ec1a2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"},{\"version\":\"1.2.0\",\"gridData\":{\"x\":0,\"y\":92,\"w\":48,\"h\":13,\"i\":\"faa4d891-2c11-4393-acec-cea800f017e7\"},\"panelIndex\":\"faa4d891-2c11-4393-acec-cea800f017e7\",\"embeddableConfig\":{},\"panelRefName\":\"panel_10\"},{\"version\":\"1.2.0\",\"gridData\":{\"x\":0,\"y\":105,\"w\":48,\"h\":16,\"i\":\"4608eca0-796d-4482-b62a-887c799e423f\"},\"panelIndex\":\"4608eca0-796d-4482-b62a-887c799e423f\",\"embeddableConfig\":{},\"panelRefName\":\"panel_11\"},{\"version\":\"1.2.0\",\"gridData\":{\"x\":0,\"y\":121,\"w\":48,\"h\":16,\"i\":\"9d193b0a-a8d1-48ad-88cc-16a325686f91\"},\"panelIndex\":\"9d193b0a-a8d1-48ad-88cc-16a325686f91\",\"embeddableConfig\":{},\"panelRefName\":\"panel_12\"}]", + "optionsJSON": "{\"useMargins\":true}", + "version": 1, + "timeRestore": false, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"*\"},\"filter\":[]}" + } + }, + "references": [ + { + "name": "panel_0", + "type": "visualization", + "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3" + }, + { + "name": "panel_1", + "type": "visualization", + "id": "b2548270-eb98-11e9-a384-0fcf32210194" + }, + { + "name": "panel_2", + "type": "visualization", + "id": "3c2b11d0-eb99-11e9-a384-0fcf32210194" + }, + { + "name": "panel_3", + "type": "visualization", + "id": "c3b30a40-5682-11eb-a702-bff6ecd13bea" + }, + { + "name": "panel_4", + "type": "visualization", + "id": "378fefe0-cab6-11ea-84cd-4f7b1f416f80" + }, + { + "name": "panel_5", + "type": "visualization", + "id": "6f73cf80-cb7e-11ea-b8b9-778c41cae039" + }, + { + "name": "panel_6", + "type": "visualization", + "id": "4ce6e380-cab6-11ea-84cd-4f7b1f416f80" + }, + { + "name": "panel_7", + "type": "visualization", + "id": "fa86bb10-cab0-11ea-84cd-4f7b1f416f80" + }, + { + "name": "panel_8", + "type": "visualization", + "id": "5f626310-ca96-11ea-8578-f3ff6bdd82b2" + }, + { + "name": "panel_9", + "type": "search", + "id": "ca878ac0-c790-11ea-8578-f3ff6bdd82b2" + }, + { + "name": "panel_10", + "type": "search", + "id": "f75bfb80-c790-11ea-8578-f3ff6bdd82b2" + }, + { + "name": "panel_11", + "type": "search", + "id": "972f9f00-c790-11ea-8578-f3ff6bdd82b2" + }, + { + "name": "panel_12", + "type": "search", + "id": "a2d6d220-caaa-11ea-84cd-4f7b1f416f80" + } + ], + "migrationVersion": { + "dashboard": "7.9.3" + } + }, + { + "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-02-14T15:27:15.763Z", + "version": "Wzc4NSwxXQ==", + "attributes": { + "title": "Network Logs", + "visState": "{\"title\":\"Network Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576) \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405) \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf) \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330) \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4) \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed) \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714) \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3) \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85) \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11) \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f) \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b) \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1) \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed) \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5) \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f) \\n[↪ NetBox](/netbox/) \\n[↪ Arkime](/arkime/) \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406) ● [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e) ● [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9) ● [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48) ● [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) ● [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3) ● [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673) ● [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24) ● [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105) ● [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6) ● [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37) ● [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586) ● [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0) ● [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c) ● [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970) ● [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0) ● [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26) ● [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa) ● [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773) ● [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f) ● [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab) ● [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238) ● [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3) ● [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd) ● [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d) ● [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88) ● [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2) ● [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194) ● [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad) ● [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3) ● [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4) ● [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194) ● [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7) ● [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8) ● [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4) ● [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194) ● [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194) ● [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4) ● [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}", + "uiStateJSON": "{}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}" + } + }, + "references": [], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "b2548270-eb98-11e9-a384-0fcf32210194", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-02-14T15:26:21.141Z", + "version": "WzE3MywxXQ==", + "attributes": { + "title": "EtherNet/IP - Log Count", + "visState": "{\"title\":\"EtherNet/IP - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":36}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Log Count\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"event.dataset\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Log Type\"}}]}", + "uiStateJSON": "{}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"event.dataset:(enip* OR cip*)\",\"language\":\"lucene\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" + } + }, + "references": [ + { + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern", + "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "3c2b11d0-eb99-11e9-a384-0fcf32210194", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-02-14T15:26:21.141Z", + "version": "WzE3NCwxXQ==", + "attributes": { + "title": "EtherNet/IP - Logs Over Time", + "visState": "{\"title\":\"EtherNet/IP - Logs Over Time\",\"type\":\"histogram\",\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"square root\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"times\":[],\"addTimeMarker\":false,\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"dimensions\":{\"x\":{\"accessor\":0,\"format\":{\"id\":\"date\",\"params\":{\"pattern\":\"YYYY\"}},\"params\":{\"date\":true,\"interval\":\"P365D\",\"intervalESValue\":365,\"intervalESUnit\":\"d\",\"format\":\"YYYY\",\"bounds\":{\"min\":\"1971-01-14T16:48:06.557Z\",\"max\":\"2021-01-14T16:48:06.557Z\"}},\"label\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER per 365 days\",\"aggType\":\"date_histogram\"},\"y\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"series\":[{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Log Type\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER\",\"timeRange\":{\"from\":\"now-50y\",\"to\":\"now\"},\"useNormalizedEsInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\" \"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"event.dataset\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Log Type\"}}]}", + "uiStateJSON": "{\"vis\":{\"legendOpen\":true}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"event.dataset:(enip* OR cip*)\",\"language\":\"lucene\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" + } + }, + "references": [ + { + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern", + "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "c3b30a40-5682-11eb-a702-bff6ecd13bea", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-02-14T15:26:21.141Z", + "version": "WzE3NSwxXQ==", + "attributes": { + "title": "Ethernet/IP - Commands", + "visState": "{\"title\":\"Ethernet/IP - Commands\",\"type\":\"horizontal_bar\",\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"square root\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"dimensions\":{\"x\":{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"\"}},\"params\":{},\"label\":\"Command\",\"aggType\":\"terms\"},\"y\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"\",\"customLabel\":\"Command\"}}]}", + "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "972f9f00-c790-11ea-8578-f3ff6bdd82b2" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "378fefe0-cab6-11ea-84cd-4f7b1f416f80", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-02-14T15:26:21.141Z", + "version": "WzE3OCwxXQ==", + "attributes": { + "title": "EtherNet/IP - Source IP", + "visState": "{\"title\":\"EtherNet/IP - Source IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"}}]}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"event.dataset:(\\\"enip\\\" OR \\\"cip\\\" OR \\\"cip_io\\\")\",\"language\":\"lucene\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" + } + }, + "references": [ + { + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern", + "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "6f73cf80-cb7e-11ea-b8b9-778c41cae039", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-02-14T15:26:21.141Z", + "version": "WzE4MCwxXQ==", + "attributes": { + "title": "CIP - Device Identity", + "visState": "{\"title\":\"CIP - Device Identity\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":4,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"N/A\"}},\"params\":{},\"label\":\"Serial Number\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.cip_identity.product_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"N/A\",\"customLabel\":\"Product Name\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.cip_identity.device_type_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"N/A\",\"customLabel\":\"Device Type\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.cip_identity.vendor_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"N/A\",\"customLabel\":\"Vendor Name\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.cip_identity.serial_number\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"N/A\",\"customLabel\":\"Serial Number\"}},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.cip_identity.revision\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"N/A\",\"customLabel\":\"Revision Number\"}}]}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "description": "CIP Identity Results", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "f75bfb80-c790-11ea-8578-f3ff6bdd82b2" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "4ce6e380-cab6-11ea-84cd-4f7b1f416f80", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-02-14T15:26:21.141Z", + "version": "WzE3NywxXQ==", + "attributes": { + "title": "EtherNet/IP - Destination IP", + "visState": "{\"title\":\"EtherNet/IP - Destination IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Source IP\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"}}]}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"event.dataset:(\\\"enip\\\" OR \\\"cip\\\" OR \\\"cip_io\\\")\",\"language\":\"lucene\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" + } + }, + "references": [ + { + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern", + "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "fa86bb10-cab0-11ea-84cd-4f7b1f416f80", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-02-14T15:26:21.141Z", + "version": "WzE3NiwxXQ==", + "attributes": { + "title": "CIP - Services", + "visState": "{\"title\":\"CIP - Services\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":3,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Request/Response\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":500,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"CIP Service\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.result\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Status\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.cip.direction\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Request/Response\"}}]}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "description": "CIP Services and Status", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "ca878ac0-c790-11ea-8578-f3ff6bdd82b2" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "5f626310-ca96-11ea-8578-f3ff6bdd82b2", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-02-14T15:26:21.141Z", + "version": "WzE3OSwxXQ==", + "attributes": { + "title": "EtherNet/IP - Detailed Information", + "visState": "{\"title\":\"EtherNet/IP - Detailed Information\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":5,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Data Length\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.enip.session_handle\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":500,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Session Identifier\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.enip.sender_context\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Sender Context\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"EtherNet/IP Command\"}},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.enip.length\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Data Length\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.result\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Status\"}}]}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "description": "Includes: Session Identifier, Sender Context, EtherNet/IP Command, Data Length, and Status", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "972f9f00-c790-11ea-8578-f3ff6bdd82b2" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "ca878ac0-c790-11ea-8578-f3ff6bdd82b2", + "type": "search", + "namespaces": [ + "default" + ], + "updated_at": "2022-02-14T15:26:21.141Z", + "version": "WzE4MSwxXQ==", + "attributes": { + "title": "CIP - Logs", + "description": "", + "hits": 0, + "columns": [ + "source.ip", + "destination.ip", + "event.action", + "event.result", + "zeek.cip.direction", + "zeek.cip.cip_sequence_count", + "zeek.cip.class_id", + "zeek.cip.class_name", + "zeek.cip.instance_id" + ], + "sort": [ + [ + "MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER", + "desc" + ] + ], + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"filter\":[],\"query\":{\"query\":\"event.dataset:cip\",\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" + } + }, + "references": [ + { + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern", + "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" + } + ], + "migrationVersion": { + "search": "7.9.3" + } + }, + { + "id": "f75bfb80-c790-11ea-8578-f3ff6bdd82b2", + "type": "search", + "namespaces": [ + "default" + ], + "updated_at": "2022-02-14T15:26:21.141Z", + "version": "WzE4MiwxXQ==", + "attributes": { + "title": "CIP - Identity Logs", + "description": "", + "hits": 0, + "columns": [ + "source.ip", + "destination.ip", + "zeek.cip_identity.device_type_name", + "zeek.cip_identity.product_name", + "zeek.cip_identity.vendor_name", + "zeek.cip_identity.revision", + "zeek.cip_identity.serial_number" + ], + "sort": [ + [ + "MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER", + "desc" + ] + ], + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"filter\":[],\"query\":{\"query\":\"event.dataset:cip_identity\",\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" + } + }, + "references": [ + { + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern", + "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" + } + ], + "migrationVersion": { + "search": "7.9.3" + } + }, + { + "id": "972f9f00-c790-11ea-8578-f3ff6bdd82b2", + "type": "search", + "namespaces": [ + "default" + ], + "updated_at": "2022-02-14T15:26:21.141Z", + "version": "WzE4MywxXQ==", + "attributes": { + "title": "Ethernet/IP - Logs", + "description": "", + "hits": 0, + "columns": [ + "source.ip", + "destination.ip", + "event.action", + "event.result", + "zeek.enip.options", + "zeek.enip.sender_context", + "zeek.enip.session_handle", + "event.id" + ], + "sort": [ + [ + "MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER", + "desc" + ] + ], + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"filter\":[],\"query\":{\"query\":\"event.dataset:enip\",\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" + } + }, + "references": [ + { + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern", + "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" + } + ], + "migrationVersion": { + "search": "7.9.3" + } + }, + { + "id": "a2d6d220-caaa-11ea-84cd-4f7b1f416f80", + "type": "search", + "namespaces": [ + "default" + ], + "updated_at": "2022-02-14T15:26:21.141Z", + "version": "WzE4NCwxXQ==", + "attributes": { + "title": "CIP - IO Logs", + "description": "", + "hits": 0, + "columns": [ + "source.ip", + "destination.ip", + "zeek.cip_io.connection_id", + "zeek.cip_io.sequence_number", + "zeek.cip_io.data_length", + "event.id" + ], + "sort": [ + [ + "MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER", + "desc" + ] + ], + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"filter\":[],\"query\":{\"query\":\"event.dataset:cip_io\",\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" + } + }, + "references": [ + { + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern", + "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" + } + ], + "migrationVersion": { + "search": "7.9.3" + } + } + ] } \ No newline at end of file diff --git a/dashboards/dashboards/36ed695f-edcc-47c1-b0ec-50d20c93ce0f.json b/dashboards/dashboards/36ed695f-edcc-47c1-b0ec-50d20c93ce0f.json index 123f1f771..bb252e3eb 100644 --- a/dashboards/dashboards/36ed695f-edcc-47c1-b0ec-50d20c93ce0f.json +++ b/dashboards/dashboards/36ed695f-edcc-47c1-b0ec-50d20c93ce0f.json @@ -1,458 +1,458 @@ -{ - "version": "1.2.0", - "objects": [ - { - "id": "36ed695f-edcc-47c1-b0ec-50d20c93ce0f", - "type": "dashboard", - "namespaces": [ - "default" - ], - "updated_at": "2022-01-12T18:32:51.293Z", - "version": "WzEwMjMsMV0=", - "attributes": { - "title": "Zeek Intelligence", - "hits": 0, - "description": "", - "panelsJSON": "[{\"embeddableConfig\":{},\"gridData\":{\"h\":26,\"i\":\"2\",\"w\":8,\"x\":0,\"y\":0},\"panelIndex\":\"2\",\"version\":\"1.2.0\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{\"table\":null,\"vis\":{\"legendOpen\":false}},\"gridData\":{\"h\":8,\"i\":\"3\",\"w\":32,\"x\":16,\"y\":0},\"panelIndex\":\"3\",\"version\":\"1.2.0\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":18,\"i\":\"5\",\"w\":16,\"x\":8,\"y\":8},\"panelIndex\":\"5\",\"version\":\"1.2.0\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}},\"gridData\":{\"h\":18,\"i\":\"6\",\"w\":15,\"x\":33,\"y\":26},\"panelIndex\":\"6\",\"version\":\"1.2.0\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}},\"gridData\":{\"h\":18,\"i\":\"7\",\"w\":13,\"x\":14,\"y\":44},\"panelIndex\":\"7\",\"version\":\"1.2.0\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{\"table\":null,\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}},\"gridData\":{\"h\":18,\"i\":\"8\",\"w\":21,\"x\":27,\"y\":44},\"panelIndex\":\"8\",\"version\":\"1.2.0\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":18,\"i\":\"11\",\"w\":25,\"x\":8,\"y\":26},\"panelIndex\":\"11\",\"version\":\"1.2.0\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":18,\"i\":\"12\",\"w\":14,\"x\":0,\"y\":44},\"panelIndex\":\"12\",\"version\":\"1.2.0\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}},\"gridData\":{\"h\":18,\"i\":\"13\",\"w\":8,\"x\":0,\"y\":26},\"panelIndex\":\"13\",\"version\":\"1.2.0\",\"panelRefName\":\"panel_8\"},{\"embeddableConfig\":{\"columns\":[\"source.ip\",\"destination.ip\",\"destination.port\",\"zeek.intel.seen_indicator\",\"zeek.intel.seen_indicator_type\",\"zeek.intel.sources\",\"zeek.intel.seen_where\",\"event.id\"],\"sort\":[\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER\",\"desc\"]},\"gridData\":{\"h\":24,\"i\":\"14\",\"w\":48,\"x\":0,\"y\":62},\"panelIndex\":\"14\",\"version\":\"1.2.0\",\"panelRefName\":\"panel_9\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":18,\"i\":\"16\",\"w\":24,\"x\":24,\"y\":8},\"panelIndex\":\"16\",\"version\":\"1.2.0\",\"panelRefName\":\"panel_10\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":8,\"i\":\"17\",\"w\":8,\"x\":8,\"y\":0},\"panelIndex\":\"17\",\"version\":\"1.2.0\",\"panelRefName\":\"panel_11\"}]", - "optionsJSON": "{\"useMargins\":true}", - "version": 1, - "timeRestore": false, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"*\"},\"filter\":[]}" - } - }, - "references": [ - { - "name": "panel_0", - "type": "visualization", - "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3" - }, - { - "name": "panel_1", - "type": "visualization", - "id": "2721f49d-4e64-4145-9e81-85e856c20b37" - }, - { - "name": "panel_2", - "type": "visualization", - "id": "ee52f4a1-4232-4c49-abee-accc05ea91aa" - }, - { - "name": "panel_3", - "type": "visualization", - "id": "80cabf50-a849-4e24-a9c7-130cba1a8141" - }, - { - "name": "panel_4", - "type": "visualization", - "id": "cd5ecdc5-e74d-469f-a772-f03562fa2e33" - }, - { - "name": "panel_5", - "type": "visualization", - "id": "8296467e-ce1d-493c-a46c-948ec4fd7c83" - }, - { - "name": "panel_6", - "type": "visualization", - "id": "a2d0a8bb-a6a2-4a1e-826c-0ce3ea8ff074" - }, - { - "name": "panel_7", - "type": "visualization", - "id": "a27464ba-582d-405f-931d-003d8252ff4a" - }, - { - "name": "panel_8", - "type": "visualization", - "id": "2d2f90e4-cac7-47c5-b63d-077b596ba45b" - }, - { - "name": "panel_9", - "type": "search", - "id": "5154d8e9-c83e-4d42-bde3-33ad0c7d1798" - }, - { - "name": "panel_10", - "type": "visualization", - "id": "fa56cc7f-fb00-47fb-becb-1b1fdfea908e" - }, - { - "name": "panel_11", - "type": "visualization", - "id": "AWDG-Qf8xQT5EBNmq4G5" - } - ], - "migrationVersion": { - "dashboard": "7.9.3" - } - }, - { - "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-01-12T18:23:14.699Z", - "version": "Wzc2OSwxXQ==", - "attributes": { - "title": "Network Logs", - "visState": "{\"title\":\"Network Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576) \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405) \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf) \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330) \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4) \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed) \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714) \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3) \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85) \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11) \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f) \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b) \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1) \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed) \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5) \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f) \\n[↪ NetBox](/netbox/) \\n[↪ Arkime](/arkime/) \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406) ● [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e) ● [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9) ● [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48) ● [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) ● [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3) ● [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673) ● [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24) ● [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105) ● [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6) ● [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37) ● [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586) ● [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0) ● [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c) ● [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970) ● [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0) ● [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26) ● [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa) ● [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773) ● [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f) ● [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab) ● [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238) ● [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3) ● [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd) ● [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d) ● [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88) ● [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2) ● [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194) ● [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad) ● [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3) ● [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4) ● [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194) ● [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7) ● [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8) ● [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4) ● [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194) ● [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194) ● [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4) ● [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}", - "uiStateJSON": "{}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}" - } - }, - "references": [], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "2721f49d-4e64-4145-9e81-85e856c20b37", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-01-12T18:32:32.907Z", - "version": "Wzk5OCwxXQ==", - "attributes": { - "title": "Intel - Log Count Over Time", - "visState": "{\"title\":\"Intel - Log Count Over Time\",\"type\":\"line\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"params\":{\"field\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER\",\"timeRange\":{\"from\":\"now-25y\",\"to\":\"now\"},\"useNormalizedOpenSearchInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\" \"},\"schema\":\"segment\"}],\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"histogram\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"type\":\"histogram\",\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}", - "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "5154d8e9-c83e-4d42-bde3-33ad0c7d1798" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "ee52f4a1-4232-4c49-abee-accc05ea91aa", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-01-12T18:22:26.156Z", - "version": "WzIzOCwxXQ==", - "attributes": { - "title": "Intel - Seen", - "visState": "{\"title\":\"Intel - Seen\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.intel.seen_where\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Seen (Where)\"},\"schema\":\"segment\"}],\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}", - "uiStateJSON": "{\"vis\":{\"legendOpen\":true}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "5154d8e9-c83e-4d42-bde3-33ad0c7d1798" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "80cabf50-a849-4e24-a9c7-130cba1a8141", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-01-12T18:22:26.156Z", - "version": "WzIzOSwxXQ==", - "attributes": { - "visState": "{\"title\":\"Intel - Source\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.intel.sources\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source\"}}],\"listeners\":{}}", - "description": "", - "title": "Intel - Source", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "type": "search", - "name": "search_0", - "id": "5154d8e9-c83e-4d42-bde3-33ad0c7d1798" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "cd5ecdc5-e74d-469f-a772-f03562fa2e33", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-01-12T18:22:26.156Z", - "version": "WzI0MCwxXQ==", - "attributes": { - "visState": "{\"title\":\"Intel - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", - "description": "", - "title": "Intel - Source IP Address", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "type": "search", - "name": "search_0", - "id": "5154d8e9-c83e-4d42-bde3-33ad0c7d1798" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "8296467e-ce1d-493c-a46c-948ec4fd7c83", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-01-12T18:22:26.156Z", - "version": "WzI0MSwxXQ==", - "attributes": { - "title": "Intel - Destination IP Address", - "visState": "{\"title\":\"Intel - Destination IP Address\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Port\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\"}}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"event.dataset:intel\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "5154d8e9-c83e-4d42-bde3-33ad0c7d1798" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "a2d0a8bb-a6a2-4a1e-826c-0ce3ea8ff074", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-01-12T18:22:26.156Z", - "version": "WzI0MiwxXQ==", - "attributes": { - "title": "Intel - Indicator", - "visState": "{\"title\":\"Intel - Indicator\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.intel.seen_indicator_type\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Type\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.intel.seen_where\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Seen Where\"},\"schema\":\"bucket\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.intel.seen_indicator\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Indicator\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\"}}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "5154d8e9-c83e-4d42-bde3-33ad0c7d1798" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "a27464ba-582d-405f-931d-003d8252ff4a", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-01-12T18:22:26.156Z", - "version": "WzI0MywxXQ==", - "attributes": { - "visState": "{\"title\":\"Intel - MIME Type\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.intel.file_mime_type\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"MIME Type\"}}],\"listeners\":{}}", - "description": "", - "title": "Intel - MIME Type", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "type": "search", - "name": "search_0", - "id": "5154d8e9-c83e-4d42-bde3-33ad0c7d1798" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "2d2f90e4-cac7-47c5-b63d-077b596ba45b", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-01-12T18:22:26.156Z", - "version": "WzI0NCwxXQ==", - "attributes": { - "visState": "{\"title\":\"Intel - Matched\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.intel.matched\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Type Matched\"}}],\"listeners\":{}}", - "description": "", - "title": "Intel - Matched", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "type": "search", - "name": "search_0", - "id": "5154d8e9-c83e-4d42-bde3-33ad0c7d1798" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "5154d8e9-c83e-4d42-bde3-33ad0c7d1798", - "type": "search", - "namespaces": [ - "default" - ], - "updated_at": "2022-01-12T18:22:26.156Z", - "version": "WzI0NSwxXQ==", - "attributes": { - "sort": [ - [ - "MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER", - "desc" - ] - ], - "hits": 0, - "description": "", - "title": "Intel - Logs", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"filter\":[],\"query\":{\"query\":\"event.dataset:intel\",\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" - }, - "columns": [ - "source.ip", - "destination.ip", - "destination.port", - "zeek.intel.seen_indicator", - "zeek.intel.seen_indicator_type", - "zeek.intel.sources", - "zeek.intel.seen_where", - "event.id" - ] - }, - "references": [ - { - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern", - "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" - } - ], - "migrationVersion": { - "search": "7.9.3" - } - }, - { - "id": "fa56cc7f-fb00-47fb-becb-1b1fdfea908e", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-01-12T18:32:43.892Z", - "version": "WzEwMTIsMV0=", - "attributes": { - "title": "Intel - Indicator Type", - "visState": "{\"title\":\"Intel - Indicator Type\",\"type\":\"histogram\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.intel.seen_indicator_type\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Indicator Type\"},\"schema\":\"segment\"}],\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100,\"rotate\":0},\"title\":{\"text\":\"Indicator Type\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"type\":\"histogram\",\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}", - "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "5154d8e9-c83e-4d42-bde3-33ad0c7d1798" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "AWDG-Qf8xQT5EBNmq4G5", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-01-12T18:22:26.156Z", - "version": "WzI0NywxXQ==", - "attributes": { - "title": "Intel - Log Count", - "visState": "{\"title\":\"Intel - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}", - "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "type": "search", - "name": "search_0", - "id": "5154d8e9-c83e-4d42-bde3-33ad0c7d1798" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - } - ] +{ + "version": "1.2.0", + "objects": [ + { + "id": "36ed695f-edcc-47c1-b0ec-50d20c93ce0f", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-01-12T18:32:51.293Z", + "version": "WzEwMjMsMV0=", + "attributes": { + "title": "Zeek Intelligence", + "hits": 0, + "description": "", + "panelsJSON": "[{\"embeddableConfig\":{},\"gridData\":{\"h\":26,\"i\":\"2\",\"w\":8,\"x\":0,\"y\":0},\"panelIndex\":\"2\",\"version\":\"1.2.0\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{\"table\":null,\"vis\":{\"legendOpen\":false}},\"gridData\":{\"h\":8,\"i\":\"3\",\"w\":32,\"x\":16,\"y\":0},\"panelIndex\":\"3\",\"version\":\"1.2.0\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":18,\"i\":\"5\",\"w\":16,\"x\":8,\"y\":8},\"panelIndex\":\"5\",\"version\":\"1.2.0\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}},\"gridData\":{\"h\":18,\"i\":\"6\",\"w\":15,\"x\":33,\"y\":26},\"panelIndex\":\"6\",\"version\":\"1.2.0\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}},\"gridData\":{\"h\":18,\"i\":\"7\",\"w\":13,\"x\":14,\"y\":44},\"panelIndex\":\"7\",\"version\":\"1.2.0\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{\"table\":null,\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}},\"gridData\":{\"h\":18,\"i\":\"8\",\"w\":21,\"x\":27,\"y\":44},\"panelIndex\":\"8\",\"version\":\"1.2.0\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":18,\"i\":\"11\",\"w\":25,\"x\":8,\"y\":26},\"panelIndex\":\"11\",\"version\":\"1.2.0\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":18,\"i\":\"12\",\"w\":14,\"x\":0,\"y\":44},\"panelIndex\":\"12\",\"version\":\"1.2.0\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}},\"gridData\":{\"h\":18,\"i\":\"13\",\"w\":8,\"x\":0,\"y\":26},\"panelIndex\":\"13\",\"version\":\"1.2.0\",\"panelRefName\":\"panel_8\"},{\"embeddableConfig\":{\"columns\":[\"source.ip\",\"destination.ip\",\"destination.port\",\"zeek.intel.seen_indicator\",\"zeek.intel.seen_indicator_type\",\"zeek.intel.sources\",\"zeek.intel.seen_where\",\"event.id\"],\"sort\":[\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER\",\"desc\"]},\"gridData\":{\"h\":24,\"i\":\"14\",\"w\":48,\"x\":0,\"y\":62},\"panelIndex\":\"14\",\"version\":\"1.2.0\",\"panelRefName\":\"panel_9\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":18,\"i\":\"16\",\"w\":24,\"x\":24,\"y\":8},\"panelIndex\":\"16\",\"version\":\"1.2.0\",\"panelRefName\":\"panel_10\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":8,\"i\":\"17\",\"w\":8,\"x\":8,\"y\":0},\"panelIndex\":\"17\",\"version\":\"1.2.0\",\"panelRefName\":\"panel_11\"}]", + "optionsJSON": "{\"useMargins\":true}", + "version": 1, + "timeRestore": false, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"*\"},\"filter\":[]}" + } + }, + "references": [ + { + "name": "panel_0", + "type": "visualization", + "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3" + }, + { + "name": "panel_1", + "type": "visualization", + "id": "2721f49d-4e64-4145-9e81-85e856c20b37" + }, + { + "name": "panel_2", + "type": "visualization", + "id": "ee52f4a1-4232-4c49-abee-accc05ea91aa" + }, + { + "name": "panel_3", + "type": "visualization", + "id": "80cabf50-a849-4e24-a9c7-130cba1a8141" + }, + { + "name": "panel_4", + "type": "visualization", + "id": "cd5ecdc5-e74d-469f-a772-f03562fa2e33" + }, + { + "name": "panel_5", + "type": "visualization", + "id": "8296467e-ce1d-493c-a46c-948ec4fd7c83" + }, + { + "name": "panel_6", + "type": "visualization", + "id": "a2d0a8bb-a6a2-4a1e-826c-0ce3ea8ff074" + }, + { + "name": "panel_7", + "type": "visualization", + "id": "a27464ba-582d-405f-931d-003d8252ff4a" + }, + { + "name": "panel_8", + "type": "visualization", + "id": "2d2f90e4-cac7-47c5-b63d-077b596ba45b" + }, + { + "name": "panel_9", + "type": "search", + "id": "5154d8e9-c83e-4d42-bde3-33ad0c7d1798" + }, + { + "name": "panel_10", + "type": "visualization", + "id": "fa56cc7f-fb00-47fb-becb-1b1fdfea908e" + }, + { + "name": "panel_11", + "type": "visualization", + "id": "AWDG-Qf8xQT5EBNmq4G5" + } + ], + "migrationVersion": { + "dashboard": "7.9.3" + } + }, + { + "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-01-12T18:23:14.699Z", + "version": "Wzc2OSwxXQ==", + "attributes": { + "title": "Network Logs", + "visState": "{\"title\":\"Network Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576) \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405) \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf) \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330) \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4) \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed) \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714) \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3) \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85) \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11) \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f) \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b) \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1) \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed) \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5) \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f) \\n[↪ NetBox](/netbox/) \\n[↪ Arkime](/arkime/) \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406) ● [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e) ● [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9) ● [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48) ● [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) ● [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3) ● [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673) ● [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24) ● [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105) ● [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6) ● [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37) ● [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586) ● [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0) ● [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c) ● [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970) ● [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0) ● [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26) ● [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa) ● [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773) ● [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f) ● [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab) ● [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238) ● [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3) ● [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd) ● [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d) ● [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88) ● [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2) ● [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194) ● [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad) ● [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3) ● [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4) ● [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194) ● [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7) ● [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8) ● [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4) ● [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194) ● [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194) ● [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4) ● [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}", + "uiStateJSON": "{}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}" + } + }, + "references": [], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "2721f49d-4e64-4145-9e81-85e856c20b37", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-01-12T18:32:32.907Z", + "version": "Wzk5OCwxXQ==", + "attributes": { + "title": "Intel - Log Count Over Time", + "visState": "{\"title\":\"Intel - Log Count Over Time\",\"type\":\"line\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"params\":{\"field\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER\",\"timeRange\":{\"from\":\"now-25y\",\"to\":\"now\"},\"useNormalizedOpenSearchInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\" \"},\"schema\":\"segment\"}],\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"histogram\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"type\":\"histogram\",\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}", + "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "5154d8e9-c83e-4d42-bde3-33ad0c7d1798" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "ee52f4a1-4232-4c49-abee-accc05ea91aa", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-01-12T18:22:26.156Z", + "version": "WzIzOCwxXQ==", + "attributes": { + "title": "Intel - Seen", + "visState": "{\"title\":\"Intel - Seen\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.intel.seen_where\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Seen (Where)\"},\"schema\":\"segment\"}],\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}", + "uiStateJSON": "{\"vis\":{\"legendOpen\":true}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "5154d8e9-c83e-4d42-bde3-33ad0c7d1798" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "80cabf50-a849-4e24-a9c7-130cba1a8141", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-01-12T18:22:26.156Z", + "version": "WzIzOSwxXQ==", + "attributes": { + "visState": "{\"title\":\"Intel - Source\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.intel.sources\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source\"}}],\"listeners\":{}}", + "description": "", + "title": "Intel - Source", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "type": "search", + "name": "search_0", + "id": "5154d8e9-c83e-4d42-bde3-33ad0c7d1798" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "cd5ecdc5-e74d-469f-a772-f03562fa2e33", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-01-12T18:22:26.156Z", + "version": "WzI0MCwxXQ==", + "attributes": { + "visState": "{\"title\":\"Intel - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", + "description": "", + "title": "Intel - Source IP Address", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "type": "search", + "name": "search_0", + "id": "5154d8e9-c83e-4d42-bde3-33ad0c7d1798" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "8296467e-ce1d-493c-a46c-948ec4fd7c83", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-01-12T18:22:26.156Z", + "version": "WzI0MSwxXQ==", + "attributes": { + "title": "Intel - Destination IP Address", + "visState": "{\"title\":\"Intel - Destination IP Address\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Port\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\"}}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"event.dataset:intel\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "5154d8e9-c83e-4d42-bde3-33ad0c7d1798" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "a2d0a8bb-a6a2-4a1e-826c-0ce3ea8ff074", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-01-12T18:22:26.156Z", + "version": "WzI0MiwxXQ==", + "attributes": { + "title": "Intel - Indicator", + "visState": "{\"title\":\"Intel - Indicator\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.intel.seen_indicator_type\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Type\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.intel.seen_where\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Seen Where\"},\"schema\":\"bucket\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.intel.seen_indicator\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Indicator\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\"}}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "5154d8e9-c83e-4d42-bde3-33ad0c7d1798" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "a27464ba-582d-405f-931d-003d8252ff4a", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-01-12T18:22:26.156Z", + "version": "WzI0MywxXQ==", + "attributes": { + "visState": "{\"title\":\"Intel - MIME Type\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.intel.file_mime_type\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"MIME Type\"}}],\"listeners\":{}}", + "description": "", + "title": "Intel - MIME Type", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "type": "search", + "name": "search_0", + "id": "5154d8e9-c83e-4d42-bde3-33ad0c7d1798" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "2d2f90e4-cac7-47c5-b63d-077b596ba45b", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-01-12T18:22:26.156Z", + "version": "WzI0NCwxXQ==", + "attributes": { + "visState": "{\"title\":\"Intel - Matched\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.intel.matched\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Type Matched\"}}],\"listeners\":{}}", + "description": "", + "title": "Intel - Matched", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "type": "search", + "name": "search_0", + "id": "5154d8e9-c83e-4d42-bde3-33ad0c7d1798" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "5154d8e9-c83e-4d42-bde3-33ad0c7d1798", + "type": "search", + "namespaces": [ + "default" + ], + "updated_at": "2022-01-12T18:22:26.156Z", + "version": "WzI0NSwxXQ==", + "attributes": { + "sort": [ + [ + "MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER", + "desc" + ] + ], + "hits": 0, + "description": "", + "title": "Intel - Logs", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"filter\":[],\"query\":{\"query\":\"event.dataset:intel\",\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" + }, + "columns": [ + "source.ip", + "destination.ip", + "destination.port", + "zeek.intel.seen_indicator", + "zeek.intel.seen_indicator_type", + "zeek.intel.sources", + "zeek.intel.seen_where", + "event.id" + ] + }, + "references": [ + { + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern", + "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" + } + ], + "migrationVersion": { + "search": "7.9.3" + } + }, + { + "id": "fa56cc7f-fb00-47fb-becb-1b1fdfea908e", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-01-12T18:32:43.892Z", + "version": "WzEwMTIsMV0=", + "attributes": { + "title": "Intel - Indicator Type", + "visState": "{\"title\":\"Intel - Indicator Type\",\"type\":\"histogram\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.intel.seen_indicator_type\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Indicator Type\"},\"schema\":\"segment\"}],\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100,\"rotate\":0},\"title\":{\"text\":\"Indicator Type\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"type\":\"histogram\",\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}", + "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "5154d8e9-c83e-4d42-bde3-33ad0c7d1798" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "AWDG-Qf8xQT5EBNmq4G5", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-01-12T18:22:26.156Z", + "version": "WzI0NywxXQ==", + "attributes": { + "title": "Intel - Log Count", + "visState": "{\"title\":\"Intel - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}", + "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "type": "search", + "name": "search_0", + "id": "5154d8e9-c83e-4d42-bde3-33ad0c7d1798" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + } + ] } \ No newline at end of file diff --git a/dashboards/dashboards/665d1610-523d-11e9-a30e-e3576242f3ed.json b/dashboards/dashboards/665d1610-523d-11e9-a30e-e3576242f3ed.json index 625bd0ecf..75ef20f18 100644 --- a/dashboards/dashboards/665d1610-523d-11e9-a30e-e3576242f3ed.json +++ b/dashboards/dashboards/665d1610-523d-11e9-a30e-e3576242f3ed.json @@ -1,314 +1,314 @@ -{ - "version": "1.3.1", - "objects": [ - { - "id": "665d1610-523d-11e9-a30e-e3576242f3ed", - "type": "dashboard", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-04T18:24:09.052Z", - "version": "WzExNTEsMV0=", - "attributes": { - "title": "Signatures", - "hits": 0, - "description": "", - "panelsJSON": "[{\"version\":\"1.3.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":35,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"1.3.1\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_1\"},{\"version\":\"1.3.1\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"1.3.1\",\"gridData\":{\"x\":0,\"y\":62,\"w\":48,\"h\":48,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"1.3.1\",\"gridData\":{\"x\":8,\"y\":8,\"w\":20,\"h\":27,\"i\":\"9670ac8c-687e-4c2f-a286-ce60d1976764\"},\"panelIndex\":\"9670ac8c-687e-4c2f-a286-ce60d1976764\",\"embeddableConfig\":{\"title\":\"Signatures - Engine\",\"hidePanelTitles\":false},\"title\":\"Signatures - Engine\",\"panelRefName\":\"panel_4\"},{\"version\":\"1.3.1\",\"gridData\":{\"x\":28,\"y\":8,\"w\":20,\"h\":27,\"i\":\"9a91a175-49c6-4874-9dd0-1694eb4a4460\"},\"panelIndex\":\"9a91a175-49c6-4874-9dd0-1694eb4a4460\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}},\"panelRefName\":\"panel_5\"},{\"version\":\"1.3.1\",\"gridData\":{\"x\":0,\"y\":35,\"w\":31,\"h\":27,\"i\":\"22d706d6-533a-461b-88f4-aee0cc45b5ce\"},\"panelIndex\":\"22d706d6-533a-461b-88f4-aee0cc45b5ce\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"1.3.1\",\"gridData\":{\"x\":31,\"y\":35,\"w\":17,\"h\":27,\"i\":\"93ed203d-187e-4e7e-9299-c115cba775fd\"},\"panelIndex\":\"93ed203d-187e-4e7e-9299-c115cba775fd\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"}]", - "optionsJSON": "{\"useMargins\":true}", - "version": 1, - "timeRestore": false, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"*\"},\"filter\":[]}" - } - }, - "references": [ - { - "name": "panel_0", - "type": "visualization", - "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3" - }, - { - "name": "panel_1", - "type": "visualization", - "id": "0927a2fa-f94e-4f68-a23b-5054ed2e171a" - }, - { - "name": "panel_2", - "type": "visualization", - "id": "8356c570-523f-11e9-a30e-e3576242f3ed" - }, - { - "name": "panel_3", - "type": "search", - "id": "34dd33c0-523f-11e9-a30e-e3576242f3ed" - }, - { - "name": "panel_4", - "type": "visualization", - "id": "baa9f5b0-cb22-11ec-ae74-a92fc0e09cde" - }, - { - "name": "panel_5", - "type": "visualization", - "id": "02ae9d40-cb21-11ec-ae74-a92fc0e09cde" - }, - { - "name": "panel_6", - "type": "visualization", - "id": "0e9b1a00-525e-11e9-9bd7-13d6d1bafa75" - }, - { - "name": "panel_7", - "type": "visualization", - "id": "2b389b60-cbd7-11ec-a50a-5fedd672f5c5" - } - ], - "migrationVersion": { - "dashboard": "7.9.3" - } - }, - { - "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-04T17:53:15.100Z", - "version": "Wzc4NCwxXQ==", - "attributes": { - "title": "Network Logs", - "visState": "{\"title\":\"Network Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576) \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405) \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf) \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330) \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4) \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed) \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714) \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3) \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85) \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11) \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f) \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b) \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1) \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed) \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5) \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f) \\n[↪ NetBox](/netbox/) \\n[↪ Arkime](/arkime/) \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406) ● [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e) ● [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9) ● [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48) ● [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) ● [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3) ● [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673) ● [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24) ● [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105) ● [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6) ● [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37) ● [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586) ● [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0) ● [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c) ● [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970) ● [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0) ● [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26) ● [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa) ● [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773) ● [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f) ● [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab) ● [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238) ● [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3) ● [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd) ● [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d) ● [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88) ● [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2) ● [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194) ● [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad) ● [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3) ● [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4) ● [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194) ● [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7) ● [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8) ● [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4) ● [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194) ● [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194) ● [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4) ● [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}", - "uiStateJSON": "{}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}" - } - }, - "references": [], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "0927a2fa-f94e-4f68-a23b-5054ed2e171a", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-04T17:52:37.808Z", - "version": "WzM2NSwxXQ==", - "attributes": { - "title": "Signatures - Log Count Over Time", - "visState": "{\"title\":\"Signatures - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"histogram\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"type\":\"histogram\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER\",\"useNormalizedEsInterval\":true,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\" \"}}]}", - "uiStateJSON": "{}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"event.provider:zeek AND event.dataset:signatures\",\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" - } - }, - "references": [ - { - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern", - "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "8356c570-523f-11e9-a30e-e3576242f3ed", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-04T17:52:37.808Z", - "version": "WzM2NiwxXQ==", - "attributes": { - "title": "Signatures - Log Count", - "visState": "{\"title\":\"Signatures - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":false},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"\"}}]}", - "uiStateJSON": "{}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "type": "search", - "name": "search_0", - "id": "34dd33c0-523f-11e9-a30e-e3576242f3ed" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "34dd33c0-523f-11e9-a30e-e3576242f3ed", - "type": "search", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-04T17:52:47.890Z", - "version": "WzQ5NCwxXQ==", - "attributes": { - "title": "Signatures - Logs", - "description": "", - "hits": 0, - "columns": [ - "event.module", - "rule.category", - "rule.name", - "rule.id", - "event.id" - ], - "sort": [ - [ - "MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER", - "desc" - ] - ], - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"event.provider:zeek AND event.dataset:signatures\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" - } - }, - "references": [ - { - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern", - "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" - } - ], - "migrationVersion": { - "search": "7.9.3" - } - }, - { - "id": "baa9f5b0-cb22-11ec-ae74-a92fc0e09cde", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-04T17:52:37.808Z", - "version": "WzM2OCwxXQ==", - "attributes": { - "title": "Signatures - Engine Cloud", - "visState": "{\"title\":\"Signatures - Engine Cloud\",\"type\":\"tagcloud\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.module\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"},\"schema\":\"segment\"}],\"params\":{\"scale\":\"log\",\"orientation\":\"single\",\"minFontSize\":18,\"maxFontSize\":72,\"showLabel\":false}}", - "uiStateJSON": "{}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "34dd33c0-523f-11e9-a30e-e3576242f3ed" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "02ae9d40-cb21-11ec-ae74-a92fc0e09cde", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-04T17:52:37.808Z", - "version": "WzM3MCwxXQ==", - "attributes": { - "title": "Signatures - Name", - "visState": "{\"title\":\"Signatures - Name\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"rule.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":1000,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Signature\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":20,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "34dd33c0-523f-11e9-a30e-e3576242f3ed" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "0e9b1a00-525e-11e9-9bd7-13d6d1bafa75", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-04T18:08:23.728Z", - "version": "WzEwNzksMV0=", - "attributes": { - "title": "Signatures - Category", - "visState": "{\"title\":\"Signatures - Category\",\"type\":\"horizontal_bar\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\" \"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"rule.category\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\" \"},\"schema\":\"segment\"}],\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":40},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"square root\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":20},\"title\":{\"text\":\" \"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\" \",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"times\":[],\"addTimeMarker\":false,\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"dimensions\":{\"x\":{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Signature ID\",\"aggType\":\"terms\"},\"y\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}]}}}", - "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "34dd33c0-523f-11e9-a30e-e3576242f3ed" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "2b389b60-cbd7-11ec-a50a-5fedd672f5c5", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-04T18:22:34.518Z", - "version": "WzExMTEsMV0=", - "attributes": { - "title": "Signatures - Tactic and Technique", - "visState": "{\"title\":\"Signatures - Tactic and Technique\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"threat.tactic.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Tactic\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"threat.technique.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Technique\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":20,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"threat.technique.name:* OR threat.tactic.name:*\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "34dd33c0-523f-11e9-a30e-e3576242f3ed" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - } - ] +{ + "version": "1.3.1", + "objects": [ + { + "id": "665d1610-523d-11e9-a30e-e3576242f3ed", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-04T18:24:09.052Z", + "version": "WzExNTEsMV0=", + "attributes": { + "title": "Signatures", + "hits": 0, + "description": "", + "panelsJSON": "[{\"version\":\"1.3.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":35,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"1.3.1\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_1\"},{\"version\":\"1.3.1\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"1.3.1\",\"gridData\":{\"x\":0,\"y\":62,\"w\":48,\"h\":48,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"1.3.1\",\"gridData\":{\"x\":8,\"y\":8,\"w\":20,\"h\":27,\"i\":\"9670ac8c-687e-4c2f-a286-ce60d1976764\"},\"panelIndex\":\"9670ac8c-687e-4c2f-a286-ce60d1976764\",\"embeddableConfig\":{\"title\":\"Signatures - Engine\",\"hidePanelTitles\":false},\"title\":\"Signatures - Engine\",\"panelRefName\":\"panel_4\"},{\"version\":\"1.3.1\",\"gridData\":{\"x\":28,\"y\":8,\"w\":20,\"h\":27,\"i\":\"9a91a175-49c6-4874-9dd0-1694eb4a4460\"},\"panelIndex\":\"9a91a175-49c6-4874-9dd0-1694eb4a4460\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}},\"panelRefName\":\"panel_5\"},{\"version\":\"1.3.1\",\"gridData\":{\"x\":0,\"y\":35,\"w\":31,\"h\":27,\"i\":\"22d706d6-533a-461b-88f4-aee0cc45b5ce\"},\"panelIndex\":\"22d706d6-533a-461b-88f4-aee0cc45b5ce\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"1.3.1\",\"gridData\":{\"x\":31,\"y\":35,\"w\":17,\"h\":27,\"i\":\"93ed203d-187e-4e7e-9299-c115cba775fd\"},\"panelIndex\":\"93ed203d-187e-4e7e-9299-c115cba775fd\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"}]", + "optionsJSON": "{\"useMargins\":true}", + "version": 1, + "timeRestore": false, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"*\"},\"filter\":[]}" + } + }, + "references": [ + { + "name": "panel_0", + "type": "visualization", + "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3" + }, + { + "name": "panel_1", + "type": "visualization", + "id": "0927a2fa-f94e-4f68-a23b-5054ed2e171a" + }, + { + "name": "panel_2", + "type": "visualization", + "id": "8356c570-523f-11e9-a30e-e3576242f3ed" + }, + { + "name": "panel_3", + "type": "search", + "id": "34dd33c0-523f-11e9-a30e-e3576242f3ed" + }, + { + "name": "panel_4", + "type": "visualization", + "id": "baa9f5b0-cb22-11ec-ae74-a92fc0e09cde" + }, + { + "name": "panel_5", + "type": "visualization", + "id": "02ae9d40-cb21-11ec-ae74-a92fc0e09cde" + }, + { + "name": "panel_6", + "type": "visualization", + "id": "0e9b1a00-525e-11e9-9bd7-13d6d1bafa75" + }, + { + "name": "panel_7", + "type": "visualization", + "id": "2b389b60-cbd7-11ec-a50a-5fedd672f5c5" + } + ], + "migrationVersion": { + "dashboard": "7.9.3" + } + }, + { + "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-04T17:53:15.100Z", + "version": "Wzc4NCwxXQ==", + "attributes": { + "title": "Network Logs", + "visState": "{\"title\":\"Network Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576) \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405) \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf) \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330) \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4) \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed) \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714) \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3) \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85) \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11) \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f) \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b) \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1) \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed) \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5) \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f) \\n[↪ NetBox](/netbox/) \\n[↪ Arkime](/arkime/) \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406) ● [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e) ● [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9) ● [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48) ● [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) ● [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3) ● [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673) ● [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24) ● [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105) ● [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6) ● [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37) ● [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586) ● [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0) ● [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c) ● [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970) ● [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0) ● [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26) ● [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa) ● [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773) ● [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f) ● [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab) ● [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238) ● [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3) ● [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd) ● [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d) ● [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88) ● [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2) ● [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194) ● [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad) ● [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3) ● [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4) ● [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194) ● [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7) ● [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8) ● [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4) ● [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194) ● [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194) ● [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4) ● [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}", + "uiStateJSON": "{}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}" + } + }, + "references": [], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "0927a2fa-f94e-4f68-a23b-5054ed2e171a", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-04T17:52:37.808Z", + "version": "WzM2NSwxXQ==", + "attributes": { + "title": "Signatures - Log Count Over Time", + "visState": "{\"title\":\"Signatures - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"histogram\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"type\":\"histogram\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER\",\"useNormalizedEsInterval\":true,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\" \"}}]}", + "uiStateJSON": "{}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"event.provider:zeek AND event.dataset:signatures\",\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" + } + }, + "references": [ + { + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern", + "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "8356c570-523f-11e9-a30e-e3576242f3ed", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-04T17:52:37.808Z", + "version": "WzM2NiwxXQ==", + "attributes": { + "title": "Signatures - Log Count", + "visState": "{\"title\":\"Signatures - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":false},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"\"}}]}", + "uiStateJSON": "{}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "type": "search", + "name": "search_0", + "id": "34dd33c0-523f-11e9-a30e-e3576242f3ed" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "34dd33c0-523f-11e9-a30e-e3576242f3ed", + "type": "search", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-04T17:52:47.890Z", + "version": "WzQ5NCwxXQ==", + "attributes": { + "title": "Signatures - Logs", + "description": "", + "hits": 0, + "columns": [ + "event.module", + "rule.category", + "rule.name", + "rule.id", + "event.id" + ], + "sort": [ + [ + "MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER", + "desc" + ] + ], + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"event.provider:zeek AND event.dataset:signatures\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" + } + }, + "references": [ + { + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern", + "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" + } + ], + "migrationVersion": { + "search": "7.9.3" + } + }, + { + "id": "baa9f5b0-cb22-11ec-ae74-a92fc0e09cde", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-04T17:52:37.808Z", + "version": "WzM2OCwxXQ==", + "attributes": { + "title": "Signatures - Engine Cloud", + "visState": "{\"title\":\"Signatures - Engine Cloud\",\"type\":\"tagcloud\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.module\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"},\"schema\":\"segment\"}],\"params\":{\"scale\":\"log\",\"orientation\":\"single\",\"minFontSize\":18,\"maxFontSize\":72,\"showLabel\":false}}", + "uiStateJSON": "{}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "34dd33c0-523f-11e9-a30e-e3576242f3ed" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "02ae9d40-cb21-11ec-ae74-a92fc0e09cde", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-04T17:52:37.808Z", + "version": "WzM3MCwxXQ==", + "attributes": { + "title": "Signatures - Name", + "visState": "{\"title\":\"Signatures - Name\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"rule.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":1000,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Signature\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":20,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "34dd33c0-523f-11e9-a30e-e3576242f3ed" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "0e9b1a00-525e-11e9-9bd7-13d6d1bafa75", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-04T18:08:23.728Z", + "version": "WzEwNzksMV0=", + "attributes": { + "title": "Signatures - Category", + "visState": "{\"title\":\"Signatures - Category\",\"type\":\"horizontal_bar\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\" \"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"rule.category\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\" \"},\"schema\":\"segment\"}],\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":40},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"square root\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":20},\"title\":{\"text\":\" \"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\" \",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"times\":[],\"addTimeMarker\":false,\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"dimensions\":{\"x\":{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Signature ID\",\"aggType\":\"terms\"},\"y\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}]}}}", + "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "34dd33c0-523f-11e9-a30e-e3576242f3ed" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "2b389b60-cbd7-11ec-a50a-5fedd672f5c5", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-04T18:22:34.518Z", + "version": "WzExMTEsMV0=", + "attributes": { + "title": "Signatures - Tactic and Technique", + "visState": "{\"title\":\"Signatures - Tactic and Technique\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"threat.tactic.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Tactic\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"threat.technique.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Technique\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":20,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"threat.technique.name:* OR threat.tactic.name:*\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "34dd33c0-523f-11e9-a30e-e3576242f3ed" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + } + ] } \ No newline at end of file diff --git a/dashboards/dashboards/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb.json b/dashboards/dashboards/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb.json index a4bb946bf..f33623de5 100644 --- a/dashboards/dashboards/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb.json +++ b/dashboards/dashboards/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb.json @@ -1,711 +1,711 @@ -{ - "version": "7.10.2", - "objects": [ - { - "id": "7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb", - "type": "dashboard", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-12T14:50:34.705Z", - "version": "Wzg4MCwxXQ==", - "attributes": { - "title": "SSL", - "hits": 0, - "description": "", - "panelsJSON": "[{\"version\":\"7.10.2\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":27,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":37,\"y\":8,\"w\":11,\"h\":19,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":0,\"y\":66,\"w\":10,\"h\":18,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":20,\"y\":66,\"w\":7,\"h\":18,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":10,\"y\":66,\"w\":10,\"h\":18,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":23,\"y\":27,\"w\":25,\"h\":18,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{\"table\":null,\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"asc\"}}}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":8,\"y\":8,\"w\":16,\"h\":19,\"i\":\"14\"},\"panelIndex\":\"14\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":12,\"y\":27,\"w\":11,\"h\":18,\"i\":\"19\"},\"panelIndex\":\"19\",\"embeddableConfig\":{\"table\":null,\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"20\"},\"panelIndex\":\"20\",\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"panelRefName\":\"panel_9\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":0,\"y\":45,\"w\":19,\"h\":21,\"i\":\"22\"},\"panelIndex\":\"22\",\"embeddableConfig\":{},\"panelRefName\":\"panel_10\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":19,\"y\":45,\"w\":14,\"h\":21,\"i\":\"23\"},\"panelIndex\":\"23\",\"embeddableConfig\":{},\"panelRefName\":\"panel_11\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":24,\"y\":8,\"w\":13,\"h\":19,\"i\":\"e57b69c8-34a0-4b5a-9146-f81034ce74fe\"},\"panelIndex\":\"e57b69c8-34a0-4b5a-9146-f81034ce74fe\",\"embeddableConfig\":{},\"panelRefName\":\"panel_12\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":0,\"y\":27,\"w\":12,\"h\":18,\"i\":\"078aaedd-22fb-4a22-ad5b-b81403587fde\"},\"panelIndex\":\"078aaedd-22fb-4a22-ad5b-b81403587fde\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_13\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":33,\"y\":45,\"w\":15,\"h\":21,\"i\":\"d8186ab4-1aab-404f-8b9e-a429dda88345\"},\"panelIndex\":\"d8186ab4-1aab-404f-8b9e-a429dda88345\",\"embeddableConfig\":{},\"panelRefName\":\"panel_14\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":27,\"y\":66,\"w\":9,\"h\":18,\"i\":\"cd6004c4-d604-4503-a4a2-d1c38e852279\"},\"panelIndex\":\"cd6004c4-d604-4503-a4a2-d1c38e852279\",\"embeddableConfig\":{},\"panelRefName\":\"panel_15\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":36,\"y\":66,\"w\":12,\"h\":18,\"i\":\"c151c3a5-c079-4d3b-8a31-da338b974e44\"},\"panelIndex\":\"c151c3a5-c079-4d3b-8a31-da338b974e44\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_16\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":0,\"y\":84,\"w\":48,\"h\":43,\"i\":\"bbcebabc-0baf-4b15-ad17-fc7633b9b8b8\"},\"panelIndex\":\"bbcebabc-0baf-4b15-ad17-fc7633b9b8b8\",\"embeddableConfig\":{},\"panelRefName\":\"panel_17\"}]", - "optionsJSON": "{\"useMargins\":true}", - "version": 1, - "timeRestore": false, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\",\"time_zone\":\"America/Boise\"}}},\"filter\":[]}" - } - }, - "references": [ - { - "name": "panel_0", - "type": "visualization", - "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3" - }, - { - "name": "panel_1", - "type": "visualization", - "id": "dc0b1b11-52da-4cc0-bddf-db127bd6cfee" - }, - { - "name": "panel_2", - "type": "visualization", - "id": "20fa1fd0-f204-499d-996f-e41e1ee3d40f" - }, - { - "name": "panel_3", - "type": "visualization", - "id": "df8bd09c-064c-45b3-8d54-9797ccb58d74" - }, - { - "name": "panel_4", - "type": "visualization", - "id": "f81fe18d-c2ff-4757-9de3-8b943a759169" - }, - { - "name": "panel_5", - "type": "visualization", - "id": "b50ee1a8-d83d-46bf-9ba2-419d089d4797" - }, - { - "name": "panel_6", - "type": "visualization", - "id": "8486949c-3592-4831-9020-59bfd968ccfa" - }, - { - "name": "panel_7", - "type": "visualization", - "id": "d7a673bc-4a11-423b-acd3-a446425551c1" - }, - { - "name": "panel_8", - "type": "visualization", - "id": "f821c7fe-0dd3-4c3c-b5df-77b926f4007a" - }, - { - "name": "panel_9", - "type": "visualization", - "id": "AWDHElRWxQT5EBNmq4lz" - }, - { - "name": "panel_10", - "type": "visualization", - "id": "371b06d0-72a1-11e9-b0f3-590266f42743" - }, - { - "name": "panel_11", - "type": "visualization", - "id": "bdda87a0-72a0-11e9-b0f3-590266f42743" - }, - { - "name": "panel_12", - "type": "visualization", - "id": "fa696510-4e9b-11ea-b504-97aa449f6abc" - }, - { - "name": "panel_13", - "type": "visualization", - "id": "41325860-4dd6-11ea-8336-d3388483188b" - }, - { - "name": "panel_14", - "type": "visualization", - "id": "5ae4ec90-2b6b-11ec-8a86-a38b1f4ba0f0" - }, - { - "name": "panel_15", - "type": "visualization", - "id": "f13ba720-4dd6-11ea-8336-d3388483188b" - }, - { - "name": "panel_16", - "type": "visualization", - "id": "9c20d940-4dd6-11ea-8336-d3388483188b" - }, - { - "name": "panel_17", - "type": "search", - "id": "b945a684-0841-4e86-87aa-0f1af6fb6579" - } - ], - "migrationVersion": { - "dashboard": "7.9.3" - } - }, - { - "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-12T14:15:08.441Z", - "version": "WzcyNiwxXQ==", - "attributes": { - "title": "Network Logs", - "visState": "{\"title\":\"Network Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576) \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405) \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf) \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330) \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4) \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed) \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714) \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3) \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85) \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11) \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f) \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b) \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1) \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed) \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5) \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f) \\n[↪ NetBox](/netbox/) \\n[↪ Arkime](/arkime/) \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406) ● [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e) ● [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9) ● [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48) ● [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) ● [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3) ● [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673) ● [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24) ● [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105) ● [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6) ● [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37) ● [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586) ● [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0) ● [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c) ● [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970) ● [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0) ● [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26) ● [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa) ● [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773) ● [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f) ● [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab) ● [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238) ● [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3) ● [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd) ● [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d) ● [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88) ● [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2) ● [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194) ● [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad) ● [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3) ● [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4) ● [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194) ● [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7) ● [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8) ● [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4) ● [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194) ● [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194) ● [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4) ● [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}", - "uiStateJSON": "{}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}" - } - }, - "references": [], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "dc0b1b11-52da-4cc0-bddf-db127bd6cfee", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-12T14:14:37.087Z", - "version": "WzM3MSwxXQ==", - "attributes": { - "visState": "{\"title\":\"SSL - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"histogram\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\" \"}}],\"listeners\":{}}", - "description": "", - "title": "SSL - Log Count Over Time", - "uiStateJSON": "{}", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "type": "search", - "name": "search_0", - "id": "b945a684-0841-4e86-87aa-0f1af6fb6579" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "20fa1fd0-f204-499d-996f-e41e1ee3d40f", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-12T14:14:37.087Z", - "version": "WzM3MiwxXQ==", - "attributes": { - "title": "SSL - Version", - "visState": "{\"title\":\"SSL - Version\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"isDonut\":false,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"zeek.ssl.ssl_version: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek.ssl.ssl_version\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}", - "uiStateJSON": "{}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "b945a684-0841-4e86-87aa-0f1af6fb6579" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "df8bd09c-064c-45b3-8d54-9797ccb58d74", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-12T14:14:37.087Z", - "version": "WzM3MywxXQ==", - "attributes": { - "visState": "{\"title\":\"SSL - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", - "description": "", - "title": "SSL - Source IP Address", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "type": "search", - "name": "search_0", - "id": "b945a684-0841-4e86-87aa-0f1af6fb6579" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "f81fe18d-c2ff-4757-9de3-8b943a759169", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-12T14:14:37.087Z", - "version": "WzM3NCwxXQ==", - "attributes": { - "visState": "{\"title\":\"SSL - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}", - "description": "", - "title": "SSL - Destination Port", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "type": "search", - "name": "search_0", - "id": "b945a684-0841-4e86-87aa-0f1af6fb6579" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "b50ee1a8-d83d-46bf-9ba2-419d089d4797", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-12T14:14:37.087Z", - "version": "WzM3NSwxXQ==", - "attributes": { - "visState": "{\"title\":\"SSL - Destination Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", - "description": "", - "title": "SSL - Destination Address", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "type": "search", - "name": "search_0", - "id": "b945a684-0841-4e86-87aa-0f1af6fb6579" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "8486949c-3592-4831-9020-59bfd968ccfa", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-12T14:14:37.087Z", - "version": "WzM3NiwxXQ==", - "attributes": { - "title": "SSL - Server", - "visState": "{\"title\":\"SSL - Server\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Server\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Randomness Score (method 1)\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.ssl.server_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.freq_score_v1\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Randomness Score (method 1)\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.freq_score_v2\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Randomness Score (method 2)\"}}]}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "b945a684-0841-4e86-87aa-0f1af6fb6579" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "d7a673bc-4a11-423b-acd3-a446425551c1", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-12T14:14:37.087Z", - "version": "WzM3NywxXQ==", - "attributes": { - "title": "SSL - Destination Country", - "visState": "{\"title\":\"SSL - Destination Country\",\"type\":\"histogram\",\"params\":{\"addLegend\":false,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"destination.geo.country_name: Descending\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"drawLinesBetweenPoints\":true,\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Count\"},\"type\":\"value\"}],\"type\":\"histogram\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destination.geo.country_name\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}]}", - "uiStateJSON": "{}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "type": "search", - "name": "search_0", - "id": "b945a684-0841-4e86-87aa-0f1af6fb6579" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "f821c7fe-0dd3-4c3c-b5df-77b926f4007a", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-12T14:14:37.087Z", - "version": "WzM3OCwxXQ==", - "attributes": { - "visState": "{\"title\":\"SSL - Validation Status\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.ssl.validation_status\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Validation Status\"}}],\"listeners\":{}}", - "description": "", - "title": "SSL - Validation Status", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "type": "search", - "name": "search_0", - "id": "b945a684-0841-4e86-87aa-0f1af6fb6579" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "AWDHElRWxQT5EBNmq4lz", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-12T14:14:37.087Z", - "version": "WzM3OSwxXQ==", - "attributes": { - "title": "SSL - Log Count", - "visState": "{\"title\":\"SSL - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}", - "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "type": "search", - "name": "search_0", - "id": "b945a684-0841-4e86-87aa-0f1af6fb6579" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "371b06d0-72a1-11e9-b0f3-590266f42743", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-12T14:14:37.087Z", - "version": "WzM4MCwxXQ==", - "attributes": { - "title": "SSL - Client JA3 Lookup", - "visState": "{\"title\":\"SSL - Client JA3 Lookup\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"tls.client.ja3_description\",\"size\":500,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client JA3 Lookup\"}}]}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "type": "search", - "name": "search_0", - "id": "b945a684-0841-4e86-87aa-0f1af6fb6579" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "bdda87a0-72a0-11e9-b0f3-590266f42743", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-12T14:14:37.087Z", - "version": "WzM4MSwxXQ==", - "attributes": { - "title": "SSL - Server JA3 Lookup", - "visState": "{\"title\":\"SSL - Server JA3 Lookup\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"tls.server.ja3s_description\",\"size\":500,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server JA3 Lookup\"}}]}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "type": "search", - "name": "search_0", - "id": "b945a684-0841-4e86-87aa-0f1af6fb6579" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "fa696510-4e9b-11ea-b504-97aa449f6abc", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-12T14:14:37.087Z", - "version": "WzM4MiwxXQ==", - "attributes": { - "title": "SSL - Relevant Notices", - "visState": "{\"title\":\"SSL - Relevant Notices\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":4,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Notice Category\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Notice Subcategory\",\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"ip\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Source IP\",\"aggType\":\"terms\"},{\"accessor\":3,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"ip\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"1\"}},\"params\":{},\"label\":\"Destination IP\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.category\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Notice Category\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Notice Subcategory\"}}]}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"rule.category:(SSL OR CVE_2020_0601)\",\"language\":\"lucene\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "8f003748-a6f8-4244-9d4e-e38e4a48da4c" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "41325860-4dd6-11ea-8336-d3388483188b", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-12T14:14:37.087Z", - "version": "WzM4MywxXQ==", - "attributes": { - "title": "SSL - Connection Established", - "visState": "{\"title\":\"SSL - Connection Established\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"isDonut\":true,\"labels\":{\"show\":true,\"values\":false,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Established\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek.ssl.established\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Established\"}}]}", - "uiStateJSON": "{}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "b945a684-0841-4e86-87aa-0f1af6fb6579" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "5ae4ec90-2b6b-11ec-8a86-a38b1f4ba0f0", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-12T14:47:42.808Z", - "version": "Wzg0NSwxXQ==", - "attributes": { - "title": "SSL - Certificate Fingerprint", - "visState": "{\"title\":\"SSL - Certificate Fingerprint\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.x509.fingerprint\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":500,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Certificate Fingerprint\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "b945a684-0841-4e86-87aa-0f1af6fb6579" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "f13ba720-4dd6-11ea-8336-d3388483188b", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-12T14:14:37.087Z", - "version": "WzM4NCwxXQ==", - "attributes": { - "title": "SSL - Next Protocol", - "visState": "{\"title\":\"SSL - Next Protocol\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.ssl.next_protocol\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Next Protocol\"}}]}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "b945a684-0841-4e86-87aa-0f1af6fb6579" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "9c20d940-4dd6-11ea-8336-d3388483188b", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-12T14:14:37.087Z", - "version": "WzM4NSwxXQ==", - "attributes": { - "title": "SSL - Elliptic Curve", - "visState": "{\"title\":\"SSL - Elliptic Curve\",\"type\":\"horizontal_bar\",\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"square root\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"dimensions\":{\"x\":{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Elliptic Curve\",\"aggType\":\"terms\"},\"y\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek.ssl.curve\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Elliptic Curve\"}}]}", - "uiStateJSON": "{}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "b945a684-0841-4e86-87aa-0f1af6fb6579" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "b945a684-0841-4e86-87aa-0f1af6fb6579", - "type": "search", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-12T14:14:37.087Z", - "version": "WzM4NiwxXQ==", - "attributes": { - "title": "SSL - Logs", - "description": "", - "hits": 0, - "columns": [ - "source.ip", - "destination.ip", - "destination.port", - "zeek.ssl.server_name", - "zeek.ssl.established", - "zeek.ssl.validation_status", - "zeek.ssl.ssl_history", - "zeek.ssl.sni_matches_cert", - "event.id" - ], - "sort": [ - [ - "MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER", - "desc" - ] - ], - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"filter\":[],\"query\":{\"query\":{\"query_string\":{\"query\":\"event.dataset:ssl\",\"analyze_wildcard\":true}},\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" - } - }, - "references": [ - { - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern", - "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" - } - ], - "migrationVersion": { - "search": "7.9.3" - } - }, - { - "id": "8f003748-a6f8-4244-9d4e-e38e4a48da4c", - "type": "search", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-12T14:15:05.408Z", - "version": "WzcwMSwxXQ==", - "attributes": { - "title": "Notices - Logs", - "description": "", - "hits": 0, - "columns": [ - "rule.category", - "rule.name", - "zeek.notice.msg", - "source.ip", - "destination.ip", - "event.id" - ], - "sort": [ - [ - "MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER", - "desc" - ] - ], - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"event.provider:zeek AND event.dataset:notice\",\"default_field\":\"*\"}}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" - } - }, - "references": [ - { - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern", - "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" - } - ], - "migrationVersion": { - "search": "7.9.3" - } - } - ] +{ + "version": "7.10.2", + "objects": [ + { + "id": "7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-12T14:50:34.705Z", + "version": "Wzg4MCwxXQ==", + "attributes": { + "title": "SSL", + "hits": 0, + "description": "", + "panelsJSON": "[{\"version\":\"7.10.2\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":27,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":37,\"y\":8,\"w\":11,\"h\":19,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":0,\"y\":66,\"w\":10,\"h\":18,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":20,\"y\":66,\"w\":7,\"h\":18,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":10,\"y\":66,\"w\":10,\"h\":18,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":23,\"y\":27,\"w\":25,\"h\":18,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{\"table\":null,\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"asc\"}}}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":8,\"y\":8,\"w\":16,\"h\":19,\"i\":\"14\"},\"panelIndex\":\"14\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":12,\"y\":27,\"w\":11,\"h\":18,\"i\":\"19\"},\"panelIndex\":\"19\",\"embeddableConfig\":{\"table\":null,\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"20\"},\"panelIndex\":\"20\",\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"panelRefName\":\"panel_9\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":0,\"y\":45,\"w\":19,\"h\":21,\"i\":\"22\"},\"panelIndex\":\"22\",\"embeddableConfig\":{},\"panelRefName\":\"panel_10\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":19,\"y\":45,\"w\":14,\"h\":21,\"i\":\"23\"},\"panelIndex\":\"23\",\"embeddableConfig\":{},\"panelRefName\":\"panel_11\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":24,\"y\":8,\"w\":13,\"h\":19,\"i\":\"e57b69c8-34a0-4b5a-9146-f81034ce74fe\"},\"panelIndex\":\"e57b69c8-34a0-4b5a-9146-f81034ce74fe\",\"embeddableConfig\":{},\"panelRefName\":\"panel_12\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":0,\"y\":27,\"w\":12,\"h\":18,\"i\":\"078aaedd-22fb-4a22-ad5b-b81403587fde\"},\"panelIndex\":\"078aaedd-22fb-4a22-ad5b-b81403587fde\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_13\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":33,\"y\":45,\"w\":15,\"h\":21,\"i\":\"d8186ab4-1aab-404f-8b9e-a429dda88345\"},\"panelIndex\":\"d8186ab4-1aab-404f-8b9e-a429dda88345\",\"embeddableConfig\":{},\"panelRefName\":\"panel_14\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":27,\"y\":66,\"w\":9,\"h\":18,\"i\":\"cd6004c4-d604-4503-a4a2-d1c38e852279\"},\"panelIndex\":\"cd6004c4-d604-4503-a4a2-d1c38e852279\",\"embeddableConfig\":{},\"panelRefName\":\"panel_15\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":36,\"y\":66,\"w\":12,\"h\":18,\"i\":\"c151c3a5-c079-4d3b-8a31-da338b974e44\"},\"panelIndex\":\"c151c3a5-c079-4d3b-8a31-da338b974e44\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_16\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":0,\"y\":84,\"w\":48,\"h\":43,\"i\":\"bbcebabc-0baf-4b15-ad17-fc7633b9b8b8\"},\"panelIndex\":\"bbcebabc-0baf-4b15-ad17-fc7633b9b8b8\",\"embeddableConfig\":{},\"panelRefName\":\"panel_17\"}]", + "optionsJSON": "{\"useMargins\":true}", + "version": 1, + "timeRestore": false, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\",\"time_zone\":\"America/Boise\"}}},\"filter\":[]}" + } + }, + "references": [ + { + "name": "panel_0", + "type": "visualization", + "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3" + }, + { + "name": "panel_1", + "type": "visualization", + "id": "dc0b1b11-52da-4cc0-bddf-db127bd6cfee" + }, + { + "name": "panel_2", + "type": "visualization", + "id": "20fa1fd0-f204-499d-996f-e41e1ee3d40f" + }, + { + "name": "panel_3", + "type": "visualization", + "id": "df8bd09c-064c-45b3-8d54-9797ccb58d74" + }, + { + "name": "panel_4", + "type": "visualization", + "id": "f81fe18d-c2ff-4757-9de3-8b943a759169" + }, + { + "name": "panel_5", + "type": "visualization", + "id": "b50ee1a8-d83d-46bf-9ba2-419d089d4797" + }, + { + "name": "panel_6", + "type": "visualization", + "id": "8486949c-3592-4831-9020-59bfd968ccfa" + }, + { + "name": "panel_7", + "type": "visualization", + "id": "d7a673bc-4a11-423b-acd3-a446425551c1" + }, + { + "name": "panel_8", + "type": "visualization", + "id": "f821c7fe-0dd3-4c3c-b5df-77b926f4007a" + }, + { + "name": "panel_9", + "type": "visualization", + "id": "AWDHElRWxQT5EBNmq4lz" + }, + { + "name": "panel_10", + "type": "visualization", + "id": "371b06d0-72a1-11e9-b0f3-590266f42743" + }, + { + "name": "panel_11", + "type": "visualization", + "id": "bdda87a0-72a0-11e9-b0f3-590266f42743" + }, + { + "name": "panel_12", + "type": "visualization", + "id": "fa696510-4e9b-11ea-b504-97aa449f6abc" + }, + { + "name": "panel_13", + "type": "visualization", + "id": "41325860-4dd6-11ea-8336-d3388483188b" + }, + { + "name": "panel_14", + "type": "visualization", + "id": "5ae4ec90-2b6b-11ec-8a86-a38b1f4ba0f0" + }, + { + "name": "panel_15", + "type": "visualization", + "id": "f13ba720-4dd6-11ea-8336-d3388483188b" + }, + { + "name": "panel_16", + "type": "visualization", + "id": "9c20d940-4dd6-11ea-8336-d3388483188b" + }, + { + "name": "panel_17", + "type": "search", + "id": "b945a684-0841-4e86-87aa-0f1af6fb6579" + } + ], + "migrationVersion": { + "dashboard": "7.9.3" + } + }, + { + "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-12T14:15:08.441Z", + "version": "WzcyNiwxXQ==", + "attributes": { + "title": "Network Logs", + "visState": "{\"title\":\"Network Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576) \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405) \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf) \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330) \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4) \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed) \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714) \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3) \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85) \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11) \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f) \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b) \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1) \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed) \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5) \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f) \\n[↪ NetBox](/netbox/) \\n[↪ Arkime](/arkime/) \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406) ● [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e) ● [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9) ● [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48) ● [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) ● [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3) ● [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673) ● [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24) ● [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105) ● [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6) ● [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37) ● [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586) ● [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0) ● [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c) ● [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970) ● [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0) ● [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26) ● [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa) ● [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773) ● [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f) ● [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab) ● [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238) ● [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3) ● [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd) ● [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d) ● [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88) ● [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2) ● [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194) ● [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad) ● [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3) ● [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4) ● [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194) ● [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7) ● [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8) ● [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4) ● [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194) ● [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194) ● [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4) ● [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}", + "uiStateJSON": "{}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}" + } + }, + "references": [], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "dc0b1b11-52da-4cc0-bddf-db127bd6cfee", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-12T14:14:37.087Z", + "version": "WzM3MSwxXQ==", + "attributes": { + "visState": "{\"title\":\"SSL - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"histogram\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\" \"}}],\"listeners\":{}}", + "description": "", + "title": "SSL - Log Count Over Time", + "uiStateJSON": "{}", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "type": "search", + "name": "search_0", + "id": "b945a684-0841-4e86-87aa-0f1af6fb6579" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "20fa1fd0-f204-499d-996f-e41e1ee3d40f", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-12T14:14:37.087Z", + "version": "WzM3MiwxXQ==", + "attributes": { + "title": "SSL - Version", + "visState": "{\"title\":\"SSL - Version\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"isDonut\":false,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"zeek.ssl.ssl_version: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek.ssl.ssl_version\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}", + "uiStateJSON": "{}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "b945a684-0841-4e86-87aa-0f1af6fb6579" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "df8bd09c-064c-45b3-8d54-9797ccb58d74", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-12T14:14:37.087Z", + "version": "WzM3MywxXQ==", + "attributes": { + "visState": "{\"title\":\"SSL - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", + "description": "", + "title": "SSL - Source IP Address", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "type": "search", + "name": "search_0", + "id": "b945a684-0841-4e86-87aa-0f1af6fb6579" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "f81fe18d-c2ff-4757-9de3-8b943a759169", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-12T14:14:37.087Z", + "version": "WzM3NCwxXQ==", + "attributes": { + "visState": "{\"title\":\"SSL - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}", + "description": "", + "title": "SSL - Destination Port", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "type": "search", + "name": "search_0", + "id": "b945a684-0841-4e86-87aa-0f1af6fb6579" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "b50ee1a8-d83d-46bf-9ba2-419d089d4797", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-12T14:14:37.087Z", + "version": "WzM3NSwxXQ==", + "attributes": { + "visState": "{\"title\":\"SSL - Destination Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", + "description": "", + "title": "SSL - Destination Address", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "type": "search", + "name": "search_0", + "id": "b945a684-0841-4e86-87aa-0f1af6fb6579" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "8486949c-3592-4831-9020-59bfd968ccfa", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-12T14:14:37.087Z", + "version": "WzM3NiwxXQ==", + "attributes": { + "title": "SSL - Server", + "visState": "{\"title\":\"SSL - Server\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Server\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Randomness Score (method 1)\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.ssl.server_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.freq_score_v1\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Randomness Score (method 1)\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.freq_score_v2\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Randomness Score (method 2)\"}}]}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "b945a684-0841-4e86-87aa-0f1af6fb6579" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "d7a673bc-4a11-423b-acd3-a446425551c1", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-12T14:14:37.087Z", + "version": "WzM3NywxXQ==", + "attributes": { + "title": "SSL - Destination Country", + "visState": "{\"title\":\"SSL - Destination Country\",\"type\":\"histogram\",\"params\":{\"addLegend\":false,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"destination.geo.country_name: Descending\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"drawLinesBetweenPoints\":true,\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Count\"},\"type\":\"value\"}],\"type\":\"histogram\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destination.geo.country_name\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}]}", + "uiStateJSON": "{}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "type": "search", + "name": "search_0", + "id": "b945a684-0841-4e86-87aa-0f1af6fb6579" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "f821c7fe-0dd3-4c3c-b5df-77b926f4007a", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-12T14:14:37.087Z", + "version": "WzM3OCwxXQ==", + "attributes": { + "visState": "{\"title\":\"SSL - Validation Status\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.ssl.validation_status\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Validation Status\"}}],\"listeners\":{}}", + "description": "", + "title": "SSL - Validation Status", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "type": "search", + "name": "search_0", + "id": "b945a684-0841-4e86-87aa-0f1af6fb6579" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "AWDHElRWxQT5EBNmq4lz", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-12T14:14:37.087Z", + "version": "WzM3OSwxXQ==", + "attributes": { + "title": "SSL - Log Count", + "visState": "{\"title\":\"SSL - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}", + "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "type": "search", + "name": "search_0", + "id": "b945a684-0841-4e86-87aa-0f1af6fb6579" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "371b06d0-72a1-11e9-b0f3-590266f42743", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-12T14:14:37.087Z", + "version": "WzM4MCwxXQ==", + "attributes": { + "title": "SSL - Client JA3 Lookup", + "visState": "{\"title\":\"SSL - Client JA3 Lookup\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"tls.client.ja3_description\",\"size\":500,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client JA3 Lookup\"}}]}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "type": "search", + "name": "search_0", + "id": "b945a684-0841-4e86-87aa-0f1af6fb6579" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "bdda87a0-72a0-11e9-b0f3-590266f42743", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-12T14:14:37.087Z", + "version": "WzM4MSwxXQ==", + "attributes": { + "title": "SSL - Server JA3 Lookup", + "visState": "{\"title\":\"SSL - Server JA3 Lookup\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"tls.server.ja3s_description\",\"size\":500,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server JA3 Lookup\"}}]}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "type": "search", + "name": "search_0", + "id": "b945a684-0841-4e86-87aa-0f1af6fb6579" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "fa696510-4e9b-11ea-b504-97aa449f6abc", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-12T14:14:37.087Z", + "version": "WzM4MiwxXQ==", + "attributes": { + "title": "SSL - Relevant Notices", + "visState": "{\"title\":\"SSL - Relevant Notices\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":4,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Notice Category\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Notice Subcategory\",\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"ip\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Source IP\",\"aggType\":\"terms\"},{\"accessor\":3,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"ip\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"1\"}},\"params\":{},\"label\":\"Destination IP\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.category\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Notice Category\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Notice Subcategory\"}}]}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"rule.category:(SSL OR CVE_2020_0601)\",\"language\":\"lucene\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "8f003748-a6f8-4244-9d4e-e38e4a48da4c" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "41325860-4dd6-11ea-8336-d3388483188b", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-12T14:14:37.087Z", + "version": "WzM4MywxXQ==", + "attributes": { + "title": "SSL - Connection Established", + "visState": "{\"title\":\"SSL - Connection Established\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"isDonut\":true,\"labels\":{\"show\":true,\"values\":false,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Established\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek.ssl.established\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Established\"}}]}", + "uiStateJSON": "{}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "b945a684-0841-4e86-87aa-0f1af6fb6579" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "5ae4ec90-2b6b-11ec-8a86-a38b1f4ba0f0", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-12T14:47:42.808Z", + "version": "Wzg0NSwxXQ==", + "attributes": { + "title": "SSL - Certificate Fingerprint", + "visState": "{\"title\":\"SSL - Certificate Fingerprint\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.x509.fingerprint\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":500,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Certificate Fingerprint\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "b945a684-0841-4e86-87aa-0f1af6fb6579" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "f13ba720-4dd6-11ea-8336-d3388483188b", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-12T14:14:37.087Z", + "version": "WzM4NCwxXQ==", + "attributes": { + "title": "SSL - Next Protocol", + "visState": "{\"title\":\"SSL - Next Protocol\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.ssl.next_protocol\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Next Protocol\"}}]}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "b945a684-0841-4e86-87aa-0f1af6fb6579" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "9c20d940-4dd6-11ea-8336-d3388483188b", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-12T14:14:37.087Z", + "version": "WzM4NSwxXQ==", + "attributes": { + "title": "SSL - Elliptic Curve", + "visState": "{\"title\":\"SSL - Elliptic Curve\",\"type\":\"horizontal_bar\",\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"square root\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"dimensions\":{\"x\":{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Elliptic Curve\",\"aggType\":\"terms\"},\"y\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek.ssl.curve\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Elliptic Curve\"}}]}", + "uiStateJSON": "{}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "b945a684-0841-4e86-87aa-0f1af6fb6579" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "b945a684-0841-4e86-87aa-0f1af6fb6579", + "type": "search", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-12T14:14:37.087Z", + "version": "WzM4NiwxXQ==", + "attributes": { + "title": "SSL - Logs", + "description": "", + "hits": 0, + "columns": [ + "source.ip", + "destination.ip", + "destination.port", + "zeek.ssl.server_name", + "zeek.ssl.established", + "zeek.ssl.validation_status", + "zeek.ssl.ssl_history", + "zeek.ssl.sni_matches_cert", + "event.id" + ], + "sort": [ + [ + "MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER", + "desc" + ] + ], + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"filter\":[],\"query\":{\"query\":{\"query_string\":{\"query\":\"event.dataset:ssl\",\"analyze_wildcard\":true}},\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" + } + }, + "references": [ + { + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern", + "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" + } + ], + "migrationVersion": { + "search": "7.9.3" + } + }, + { + "id": "8f003748-a6f8-4244-9d4e-e38e4a48da4c", + "type": "search", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-12T14:15:05.408Z", + "version": "WzcwMSwxXQ==", + "attributes": { + "title": "Notices - Logs", + "description": "", + "hits": 0, + "columns": [ + "rule.category", + "rule.name", + "zeek.notice.msg", + "source.ip", + "destination.ip", + "event.id" + ], + "sort": [ + [ + "MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER", + "desc" + ] + ], + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"event.provider:zeek AND event.dataset:notice\",\"default_field\":\"*\"}}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" + } + }, + "references": [ + { + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern", + "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" + } + ], + "migrationVersion": { + "search": "7.9.3" + } + } + ] } \ No newline at end of file diff --git a/dashboards/dashboards/abdd7550-2c7c-40dc-947e-f6d186a158c4.json b/dashboards/dashboards/abdd7550-2c7c-40dc-947e-f6d186a158c4.json index 9566a0aa8..e459ae253 100644 --- a/dashboards/dashboards/abdd7550-2c7c-40dc-947e-f6d186a158c4.json +++ b/dashboards/dashboards/abdd7550-2c7c-40dc-947e-f6d186a158c4.json @@ -1,941 +1,941 @@ -{ - "version": "1.3.1", - "objects": [ - { - "id": "abdd7550-2c7c-40dc-947e-f6d186a158c4", - "type": "dashboard", - "namespaces": [ - "default" - ], - "updated_at": "2022-04-29T20:10:44.437Z", - "version": "WzEzMjMsMV0=", - "attributes": { - "title": "Connections", - "hits": 0, - "description": "", - "panelsJSON": "[{\"embeddableConfig\":{},\"gridData\":{\"h\":24,\"i\":\"2\",\"w\":8,\"x\":0,\"y\":0},\"panelIndex\":\"2\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"gridData\":{\"h\":8,\"i\":\"3\",\"w\":32,\"x\":16,\"y\":0},\"panelIndex\":\"3\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":22,\"i\":\"5\",\"w\":48,\"x\":0,\"y\":61},\"panelIndex\":\"5\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"h\":21,\"i\":\"8\",\"w\":16,\"x\":0,\"y\":131},\"panelIndex\":\"8\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"h\":21,\"i\":\"9\",\"w\":16,\"x\":16,\"y\":131},\"panelIndex\":\"9\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"h\":20,\"i\":\"11\",\"w\":16,\"x\":0,\"y\":192},\"panelIndex\":\"11\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"h\":20,\"i\":\"12\",\"w\":16,\"x\":16,\"y\":192},\"panelIndex\":\"12\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"h\":20,\"i\":\"13\",\"w\":16,\"x\":32,\"y\":192},\"panelIndex\":\"13\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"h\":25,\"i\":\"19\",\"w\":25,\"x\":23,\"y\":106},\"panelIndex\":\"19\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_8\"},{\"embeddableConfig\":{\"legendOpen\":false,\"vis\":{\"legendOpen\":true}},\"gridData\":{\"h\":29,\"i\":\"21\",\"w\":19,\"x\":29,\"y\":8},\"panelIndex\":\"21\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_9\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":23,\"i\":\"22\",\"w\":17,\"x\":16,\"y\":83},\"panelIndex\":\"22\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_10\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":23,\"i\":\"23\",\"w\":15,\"x\":33,\"y\":83},\"panelIndex\":\"23\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_11\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":23,\"i\":\"24\",\"w\":16,\"x\":0,\"y\":83},\"panelIndex\":\"24\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_12\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":13,\"i\":\"26\",\"w\":8,\"x\":0,\"y\":24},\"panelIndex\":\"26\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_13\"},{\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"gridData\":{\"h\":8,\"i\":\"29\",\"w\":8,\"x\":8,\"y\":0},\"panelIndex\":\"29\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_14\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":25,\"i\":\"30\",\"w\":23,\"x\":0,\"y\":106},\"panelIndex\":\"30\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_15\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":21,\"i\":\"31\",\"w\":16,\"x\":32,\"y\":131},\"panelIndex\":\"31\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_16\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"32\",\"w\":24,\"x\":0,\"y\":172},\"panelIndex\":\"32\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_17\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"33\",\"w\":24,\"x\":24,\"y\":172},\"panelIndex\":\"33\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_18\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"34\",\"w\":24,\"x\":0,\"y\":152},\"panelIndex\":\"34\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_19\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"35\",\"w\":24,\"x\":24,\"y\":152},\"panelIndex\":\"35\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_20\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":24,\"i\":\"36\",\"w\":24,\"x\":0,\"y\":37},\"panelIndex\":\"36\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_21\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":24,\"i\":\"37\",\"w\":24,\"x\":24,\"y\":37},\"panelIndex\":\"37\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_22\"},{\"embeddableConfig\":{\"legendOpen\":true,\"vis\":{\"legendOpen\":false}},\"gridData\":{\"h\":29,\"i\":\"38\",\"w\":12,\"x\":17,\"y\":8},\"panelIndex\":\"38\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_23\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":29,\"i\":\"cbba4b14-342c-4e8e-9afd-f4da9e4b8f00\",\"w\":9,\"x\":8,\"y\":8},\"panelIndex\":\"cbba4b14-342c-4e8e-9afd-f4da9e4b8f00\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_24\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":37,\"i\":\"82da0128-4dcd-4f8b-9275-aad74435296f\",\"w\":48,\"x\":0,\"y\":212},\"panelIndex\":\"82da0128-4dcd-4f8b-9275-aad74435296f\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_25\"}]", - "optionsJSON": "{\"useMargins\":true}", - "version": 1, - "timeRestore": false, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"*\"},\"filter\":[]}" - } - }, - "references": [ - { - "name": "panel_0", - "type": "visualization", - "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3" - }, - { - "name": "panel_1", - "type": "visualization", - "id": "03eba854-72b5-47d0-a92a-b671a0d7ed19" - }, - { - "name": "panel_2", - "type": "visualization", - "id": "52013c7c-c554-450e-9198-dbafdc050459" - }, - { - "name": "panel_3", - "type": "visualization", - "id": "13f8cfbf-7b48-414b-8b34-9fc40d4fc066" - }, - { - "name": "panel_4", - "type": "visualization", - "id": "4ab657d5-88d3-44c0-90fd-4e731e528d60" - }, - { - "name": "panel_5", - "type": "visualization", - "id": "d25f4abc-24af-405e-a6f6-873277fe5771" - }, - { - "name": "panel_6", - "type": "visualization", - "id": "0eb7d869-bd51-4711-8ac3-f3cea41dee37" - }, - { - "name": "panel_7", - "type": "visualization", - "id": "fccf0fdd-7e50-4dce-8b85-74141c404ef3" - }, - { - "name": "panel_8", - "type": "visualization", - "id": "bda3ad0a-aa00-40b6-b0ed-a42b96f3343e" - }, - { - "name": "panel_9", - "type": "visualization", - "id": "73528008-f11d-4faa-8f69-a5bf23507b8f" - }, - { - "name": "panel_10", - "type": "visualization", - "id": "faa08629-0011-4b38-8b74-3ba86b59155f" - }, - { - "name": "panel_11", - "type": "visualization", - "id": "0418f791-97b5-4eb4-b644-bf91c98f9c1d" - }, - { - "name": "panel_12", - "type": "visualization", - "id": "a76bc3ed-bbf7-429a-a936-475e9f9e0c0d" - }, - { - "name": "panel_13", - "type": "visualization", - "id": "4dd65202-bd19-40d6-9e0d-ff41c6d5a4b5" - }, - { - "name": "panel_14", - "type": "visualization", - "id": "AWDG71xFxQT5EBNmq336" - }, - { - "name": "panel_15", - "type": "visualization", - "id": "f7ddb5a7-32d5-4e10-b9d5-01ac0bd694c0" - }, - { - "name": "panel_16", - "type": "visualization", - "id": "568c74ff-3ef3-45ba-a178-0520633697bd" - }, - { - "name": "panel_17", - "type": "visualization", - "id": "73df67e0-1f4b-11e9-b7cf-71e2cd3bde1b" - }, - { - "name": "panel_18", - "type": "visualization", - "id": "b1851d10-1f4b-11e9-b7cf-71e2cd3bde1b" - }, - { - "name": "panel_19", - "type": "visualization", - "id": "cf9a1cf0-1f4c-11e9-b7cf-71e2cd3bde1b" - }, - { - "name": "panel_20", - "type": "visualization", - "id": "b9e4dcb0-1f4c-11e9-b7cf-71e2cd3bde1b" - }, - { - "name": "panel_21", - "type": "visualization", - "id": "c513e8f0-1f4d-11e9-b7cf-71e2cd3bde1b" - }, - { - "name": "panel_22", - "type": "visualization", - "id": "b04c8b20-1f4d-11e9-b7cf-71e2cd3bde1b" - }, - { - "name": "panel_23", - "type": "visualization", - "id": "ede811b0-1f4e-11e9-b7cf-71e2cd3bde1b" - }, - { - "name": "panel_24", - "type": "visualization", - "id": "adc09360-49c7-11ea-812f-2bc51df4ea1e" - }, - { - "name": "panel_25", - "type": "search", - "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" - } - ], - "migrationVersion": { - "dashboard": "7.9.3" - } - }, - { - "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-04-29T19:57:16.086Z", - "version": "Wzc4NiwxXQ==", - "attributes": { - "title": "Network Logs", - "visState": "{\"title\":\"Network Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576) \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405) \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf) \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330) \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4) \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed) \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714) \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3) \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85) \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11) \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f) \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b) \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1) \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed) \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5) \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f) \\n[↪ NetBox](/netbox/) \\n[↪ Arkime](/arkime/) \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406) ● [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e) ● [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9) ● [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48) ● [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) ● [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3) ● [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673) ● [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24) ● [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105) ● [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6) ● [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37) ● [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586) ● [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0) ● [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c) ● [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970) ● [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0) ● [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26) ● [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa) ● [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773) ● [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f) ● [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab) ● [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238) ● [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3) ● [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd) ● [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d) ● [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88) ● [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2) ● [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194) ● [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad) ● [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3) ● [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4) ● [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194) ● [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7) ● [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8) ● [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4) ● [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194) ● [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194) ● [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4) ● [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}", - "uiStateJSON": "{}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}" - } - }, - "references": [], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "03eba854-72b5-47d0-a92a-b671a0d7ed19", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-04-29T20:10:39.465Z", - "version": "WzEzMDIsMV0=", - "attributes": { - "title": "Connections - Log Count Over Time", - "visState": "{\"title\":\"Connections - Log Count Over Time\",\"type\":\"line\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"params\":{\"field\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER\",\"timeRange\":{\"from\":\"now-25y\",\"to\":\"now\"},\"useNormalizedOpenSearchInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\" \"},\"schema\":\"segment\"}],\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"histogram\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"type\":\"histogram\",\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}", - "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "52013c7c-c554-450e-9198-dbafdc050459", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-04-29T19:56:53.664Z", - "version": "WzU0MiwxXQ==", - "attributes": { - "title": "Connections - Service By Destination Country", - "visState": "{\"title\":\"Connections - Service By Destination Country\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"row\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"split\",\"params\":{\"field\":\"destination.geo.country_name\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Country\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"network.protocol\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Service\"}}]}", - "uiStateJSON": "{}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "type": "search", - "name": "search_0", - "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "13f8cfbf-7b48-414b-8b34-9fc40d4fc066", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-04-29T19:56:53.664Z", - "version": "WzU0MywxXQ==", - "attributes": { - "visState": "{\"title\":\"Connections - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", - "description": "", - "title": "Connections - Source IP Address", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "type": "search", - "name": "search_0", - "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "4ab657d5-88d3-44c0-90fd-4e731e528d60", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-04-29T19:56:53.664Z", - "version": "WzU0NCwxXQ==", - "attributes": { - "visState": "{\"title\":\"Connections - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", - "description": "", - "title": "Connections - Destination IP Address", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "type": "search", - "name": "search_0", - "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "d25f4abc-24af-405e-a6f6-873277fe5771", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-04-29T19:56:53.664Z", - "version": "WzU0NSwxXQ==", - "attributes": { - "visState": "{\"title\":\"Connections - Source Country\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.geo.country_code2\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Country\"}}],\"listeners\":{}}", - "description": "", - "title": "Connections - Source Country", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "type": "search", - "name": "search_0", - "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "0eb7d869-bd51-4711-8ac3-f3cea41dee37", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-04-29T19:56:53.664Z", - "version": "WzU0NiwxXQ==", - "attributes": { - "visState": "{\"title\":\"Connections - Responder Bytes\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"server.bytes\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"_term\",\"customLabel\":\"Responder Bytes\"}}],\"listeners\":{}}", - "description": "", - "title": "Connections - Responder Bytes", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "type": "search", - "name": "search_0", - "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "fccf0fdd-7e50-4dce-8b85-74141c404ef3", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-04-29T19:56:53.664Z", - "version": "WzU0NywxXQ==", - "attributes": { - "visState": "{\"title\":\"Connections - Missed Bytes\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.conn.missed_bytes\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"_term\",\"customLabel\":\"Missed Bytes\"}}],\"listeners\":{}}", - "description": "", - "title": "Connections - Missed Bytes", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "type": "search", - "name": "search_0", - "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "bda3ad0a-aa00-40b6-b0ed-a42b96f3343e", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-04-29T19:56:53.664Z", - "version": "WzU0OCwxXQ==", - "attributes": { - "title": "Connections - Connection State", - "visState": "{\"title\":\"Connections - Connection State\",\"type\":\"table\",\"params\":{\"perPage\":15,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Connection State Description\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.conn.conn_state_description\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Connection State Description\"}}]}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "73528008-f11d-4faa-8f69-a5bf23507b8f", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-04-29T19:56:53.664Z", - "version": "WzU0OSwxXQ==", - "attributes": { - "title": "Connections - Top 10 - Total Bytes By Connection", - "visState": "{\"title\":\"Connections - Top 10 - Total Bytes By Connection\",\"type\":\"histogram\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":false,\"truncate\":100,\"rotate\":75},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Connection ID\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"orderBucketsBySum\":false,\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Total Bytes\"},\"drawLinesBetweenPoints\":true,\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"square root\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Total Bytes\"},\"type\":\"value\"}],\"type\":\"histogram\",\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"dimensions\":{\"x\":{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Connection ID\",\"aggType\":\"terms\"},\"y\":[{\"accessor\":2,\"format\":{\"id\":\"number\",\"params\":{}},\"params\":{},\"label\":\"Total Bytes\",\"aggType\":\"max\"}],\"series\":[{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Connection ID\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Total Bytes\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"event.id\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Connection ID\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"event.id\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Connection ID\"}}]}", - "uiStateJSON": "{\"vis\":{\"legendOpen\":true}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "faa08629-0011-4b38-8b74-3ba86b59155f", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-04-29T19:56:53.664Z", - "version": "WzU1MCwxXQ==", - "attributes": { - "title": "Connections - Top 10 - Total Bytes By Destination IP", - "visState": "{\"title\":\"Connections - Top 10 - Total Bytes By Destination IP\",\"type\":\"histogram\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100,\"rotate\":75},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Destination IP Address\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"orderBucketsBySum\":false,\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Total Bytes\"},\"drawLinesBetweenPoints\":true,\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"square root\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Total Bytes\"},\"type\":\"value\"}],\"type\":\"histogram\",\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"dimensions\":{\"x\":{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"ip\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Destination IP Address\",\"aggType\":\"terms\"},\"y\":[{\"accessor\":2,\"format\":{\"id\":\"number\",\"params\":{}},\"params\":{},\"label\":\"Total Bytes\",\"aggType\":\"max\"}],\"series\":[{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"ip\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Destination IP Address\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Total Bytes\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP Address\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP Address\"}}]}", - "uiStateJSON": "{}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "0418f791-97b5-4eb4-b644-bf91c98f9c1d", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-04-29T19:56:53.664Z", - "version": "WzU1MSwxXQ==", - "attributes": { - "title": "Connections - Top 10 - Total Bytes By Destination Port", - "visState": "{\"title\":\"Connections - Top 10 - Total Bytes By Destination Port\",\"type\":\"histogram\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100,\"rotate\":0},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Destination Port\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"orderBucketsBySum\":false,\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Max network.bytes\"},\"drawLinesBetweenPoints\":true,\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"square root\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Total Bytes\"},\"type\":\"value\"}],\"type\":\"histogram\",\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"dimensions\":{\"x\":{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Destination Port\",\"aggType\":\"terms\"},\"y\":[{\"accessor\":2,\"format\":{\"id\":\"number\",\"params\":{}},\"params\":{},\"label\":\"Max network.bytes\",\"aggType\":\"max\"}],\"series\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Destination Port\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"network.bytes\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Port\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Port\"}}]}", - "uiStateJSON": "{}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "a76bc3ed-bbf7-429a-a936-475e9f9e0c0d", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-04-29T19:56:53.664Z", - "version": "WzU1MiwxXQ==", - "attributes": { - "title": "Connections - Top 10 - Total Bytes By Source IP", - "visState": "{\"title\":\"Connections - Top 10 - Total Bytes By Source IP\",\"type\":\"histogram\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100,\"rotate\":75},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Source IP Address\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"left\",\"orderBucketsBySum\":false,\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Total Bytes\"},\"drawLinesBetweenPoints\":true,\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"square root\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Total Bytes\"},\"type\":\"value\"}],\"type\":\"histogram\",\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"dimensions\":{\"x\":{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"ip\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Source IP Address\",\"aggType\":\"terms\"},\"y\":[{\"accessor\":2,\"format\":{\"id\":\"number\",\"params\":{}},\"params\":{},\"label\":\"Total Bytes\",\"aggType\":\"max\"}],\"series\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"ip\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Source IP Address\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Total Bytes\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP Address\"}},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP Address\"}}]}", - "uiStateJSON": "{}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "4dd65202-bd19-40d6-9e0d-ff41c6d5a4b5", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-04-29T19:57:13.041Z", - "version": "Wzc2MCwxXQ==", - "attributes": { - "title": "Connections - Maps", - "visState": "{\"title\":\"Connections - Maps\",\"type\":\"markdown\",\"params\":{\"fontSize\":10,\"markdown\":\"#### Coordinate Maps\\n[Source - Originator Bytes](#/dashboard/b50c8d17-6ed3-4de6-aed4-5181032810b2) ● [Destination - Responder Bytes](#/dashboard/d4fd6afd-15cb-42bf-8a25-03dd8e59b327) ● [Source - Sum of Total Bytes](#/dashboard/f394057d-1b16-4174-b994-7045f423a416) ● [Destination - Sum of Total Bytes](#/dashboard/60d78fbd-471c-4f59-a9e3-189b33a13644) ● [Source - Top Connection Duration](#/dashboard/e09a4b86-29b5-4256-bb3b-802ac9f90404) ● [Destination - Top Connection Duration](#/dashboard/0aed0e23-c8ac-4f2b-9f68-d04b6e7666b0) \\n#### Region Maps\\n[Source - Originator Bytes ](#/dashboard/d41fe630-3f98-11e9-a58e-8bdedb0915e8) ● [Destination - Responder Bytes ](#/dashboard/77fc9960-3f99-11e9-a58e-8bdedb0915e8) ● [Source - Sum of Total Bytes ](#/dashboard/1ce42250-3f99-11e9-a58e-8bdedb0915e8) ● [Destination - Sum of Total Bytes ](#/dashboard/a16110b0-3f99-11e9-a58e-8bdedb0915e8) ● [Source - Top Connection Duration ](#/dashboard/39abfe30-3f99-11e9-a58e-8bdedb0915e8) ● [Destination - Top Connection Duration ](#/dashboard/b9f247c0-3f99-11e9-a58e-8bdedb0915e8)\",\"openLinksInNewTab\":false},\"aggs\":[]}", - "uiStateJSON": "{}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}" - } - }, - "references": [], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "AWDG71xFxQT5EBNmq336", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-04-29T19:56:53.664Z", - "version": "WzU1NCwxXQ==", - "attributes": { - "title": "Connections - Log Count", - "visState": "{\"title\":\"Connections - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}", - "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "type": "search", - "name": "search_0", - "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "f7ddb5a7-32d5-4e10-b9d5-01ac0bd694c0", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-04-29T19:56:53.664Z", - "version": "WzU1NSwxXQ==", - "attributes": { - "title": "Connections - Total Bytes Per Source/Destination IP Pair", - "visState": "{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"4\",\"params\":{\"customLabel\":\"Total Bytes\",\"field\":\"network.bytes\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"_key\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":100},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"customLabel\":\"Source IP\",\"field\":\"source.ip\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderAgg\":{\"enabled\":true,\"id\":\"2-orderAgg\",\"params\":{\"field\":\"network.bytes\"},\"schema\":{\"aggFilter\":[\"!top_hits\",\"!percentiles\",\"!median\",\"!std_dev\",\"!derivative\",\"!moving_avg\",\"!serial_diff\",\"!cumulative_sum\",\"!avg_bucket\",\"!max_bucket\",\"!min_bucket\",\"!sum_bucket\"],\"deprecate\":false,\"editor\":false,\"group\":\"none\",\"hideCustomLabel\":true,\"max\":null,\"min\":0,\"name\":\"orderAgg\",\"params\":[],\"title\":\"Order Agg\"},\"type\":\"cardinality\"},\"orderBy\":\"custom\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":100},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"customLabel\":\"Destination IP\",\"field\":\"destination.ip\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderAgg\":{\"enabled\":true,\"id\":\"3-orderAgg\",\"params\":{\"field\":\"network.bytes\"},\"schema\":{\"aggFilter\":[\"!top_hits\",\"!percentiles\",\"!median\",\"!std_dev\",\"!derivative\",\"!moving_avg\",\"!serial_diff\",\"!cumulative_sum\",\"!avg_bucket\",\"!max_bucket\",\"!min_bucket\",\"!sum_bucket\"],\"deprecate\":false,\"editor\":false,\"group\":\"none\",\"hideCustomLabel\":true,\"max\":null,\"min\":0,\"name\":\"orderAgg\",\"params\":[],\"title\":\"Order Agg\"},\"type\":\"cardinality\"},\"orderBy\":\"custom\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":100},\"schema\":\"bucket\",\"type\":\"terms\"}],\"params\":{\"perPage\":15,\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\"},\"title\":\"Connections - Total Bytes Per Source/Destination IP Pair\",\"type\":\"table\"}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "type": "search", - "name": "search_0", - "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "568c74ff-3ef3-45ba-a178-0520633697bd", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-04-29T19:56:53.664Z", - "version": "WzU1NiwxXQ==", - "attributes": { - "title": "Connections - Destination Port", - "visState": "{\"title\":\"Connections - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination Port\"}}]}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "type": "search", - "name": "search_0", - "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "73df67e0-1f4b-11e9-b7cf-71e2cd3bde1b", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-04-29T19:56:53.664Z", - "version": "WzU1NywxXQ==", - "attributes": { - "title": "Connections - Source MAC OUI", - "visState": "{\"title\":\"Connections - Source MAC OUI\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.oui\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source MAC OUI\"}}]}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "type": "search", - "name": "search_0", - "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "b1851d10-1f4b-11e9-b7cf-71e2cd3bde1b", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-04-29T19:56:53.664Z", - "version": "WzU1OCwxXQ==", - "attributes": { - "title": "Connections - Destination MAC OUI", - "visState": "{\"title\":\"Connections - Destination MAC OUI\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.oui\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination MAC OUI\"}}]}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "type": "search", - "name": "search_0", - "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "cf9a1cf0-1f4c-11e9-b7cf-71e2cd3bde1b", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-04-29T19:56:53.664Z", - "version": "WzU1OSwxXQ==", - "attributes": { - "title": "Connections - Source MAC Address", - "visState": "{\"title\":\"Connections - Source MAC Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.mac\",\"size\":500,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"MAC Address\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.oui\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Organizational Unique Identifier\"}}]}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "type": "search", - "name": "search_0", - "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "b9e4dcb0-1f4c-11e9-b7cf-71e2cd3bde1b", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-04-29T19:56:53.664Z", - "version": "WzU2MCwxXQ==", - "attributes": { - "title": "Connections - Destination MAC Address", - "visState": "{\"title\":\"Connections - Destination MAC Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.mac\",\"size\":500,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"MAC Address\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.oui\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Organizational Unique Identifier\"}}]}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "type": "search", - "name": "search_0", - "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "c513e8f0-1f4d-11e9-b7cf-71e2cd3bde1b", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-04-29T19:56:53.664Z", - "version": "WzU2MSwxXQ==", - "attributes": { - "title": "Connections - Top 10 - Total Bytes By Source MAC OUI", - "visState": "{\"title\":\"Connections - Top 10 - Total Bytes By Source MAC OUI\",\"type\":\"histogram\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":false,\"truncate\":100,\"rotate\":75},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Destination IP Address\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"orderBucketsBySum\":false,\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Total Bytes\"},\"drawLinesBetweenPoints\":true,\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"square root\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Total Bytes\"},\"type\":\"value\"}],\"type\":\"histogram\",\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"dimensions\":{\"x\":{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Source MAC OUI\",\"aggType\":\"terms\"},\"y\":[{\"accessor\":2,\"format\":{\"id\":\"number\",\"params\":{}},\"params\":{},\"label\":\"Total Bytes\",\"aggType\":\"max\"}],\"series\":[{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Source MAC OUI\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Total Bytes\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"source.oui\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source MAC OUI\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"source.oui\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source MAC OUI\"}}]}", - "uiStateJSON": "{}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "b04c8b20-1f4d-11e9-b7cf-71e2cd3bde1b", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-04-29T19:56:53.664Z", - "version": "WzU2MiwxXQ==", - "attributes": { - "title": "Connections - Top 10 - Total Bytes By Destination MAC OUI", - "visState": "{\"title\":\"Connections - Top 10 - Total Bytes By Destination MAC OUI\",\"type\":\"histogram\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":false,\"truncate\":100,\"rotate\":75},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Destination IP Address\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"orderBucketsBySum\":false,\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Total Bytes\"},\"drawLinesBetweenPoints\":true,\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"square root\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Total Bytes\"},\"type\":\"value\"}],\"type\":\"histogram\",\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"dimensions\":{\"x\":{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Destination MAC OUI\",\"aggType\":\"terms\"},\"y\":[{\"accessor\":2,\"format\":{\"id\":\"number\",\"params\":{}},\"params\":{},\"label\":\"Total Bytes\",\"aggType\":\"max\"}],\"series\":[{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Destination MAC OUI\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Total Bytes\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destination.oui\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination MAC OUI\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"destination.oui\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination MAC OUI\"}}]}", - "uiStateJSON": "{}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "ede811b0-1f4e-11e9-b7cf-71e2cd3bde1b", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-04-29T19:56:53.664Z", - "version": "WzU2MywxXQ==", - "attributes": { - "title": "Connections - Protocol", - "visState": "{\"title\":\"Connections - Protocol\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"isDonut\":false,\"labels\":{\"show\":true,\"values\":false,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Protocol\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"network.transport\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Protocol\"}}]}", - "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "adc09360-49c7-11ea-812f-2bc51df4ea1e", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-04-29T19:56:53.664Z", - "version": "WzU2NCwxXQ==", - "attributes": { - "title": "Network Layer", - "visState": "{\"title\":\"Network Layer\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"isDonut\":true,\"labels\":{\"show\":true,\"values\":false,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Network Layer\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"network.type\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Network Layer\"}}]}", - "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "52570870-e9d4-444f-a3df-e44c6757ed9f", - "type": "search", - "namespaces": [ - "default" - ], - "updated_at": "2022-04-29T19:57:13.041Z", - "version": "Wzc2MSwxXQ==", - "attributes": { - "title": "Connections - Logs", - "description": "", - "hits": 0, - "columns": [ - "network.transport", - "network.protocol", - "source.ip", - "source.port", - "destination.ip", - "destination.port", - "network.bytes", - "event.id" - ], - "sort": [ - [ - "MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER", - "desc" - ] - ], - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"filter\":[],\"query\":{\"query\":{\"query_string\":{\"query\":\"(event.provider:zeek AND event.dataset:conn) OR (event.provider:suricata AND event.dataset:flow)\",\"analyze_wildcard\":true}},\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" - } - }, - "references": [ - { - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern", - "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" - } - ], - "migrationVersion": { - "search": "7.9.3" - } - } - ] +{ + "version": "1.3.1", + "objects": [ + { + "id": "abdd7550-2c7c-40dc-947e-f6d186a158c4", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-04-29T20:10:44.437Z", + "version": "WzEzMjMsMV0=", + "attributes": { + "title": "Connections", + "hits": 0, + "description": "", + "panelsJSON": "[{\"embeddableConfig\":{},\"gridData\":{\"h\":24,\"i\":\"2\",\"w\":8,\"x\":0,\"y\":0},\"panelIndex\":\"2\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"gridData\":{\"h\":8,\"i\":\"3\",\"w\":32,\"x\":16,\"y\":0},\"panelIndex\":\"3\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":22,\"i\":\"5\",\"w\":48,\"x\":0,\"y\":61},\"panelIndex\":\"5\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"h\":21,\"i\":\"8\",\"w\":16,\"x\":0,\"y\":131},\"panelIndex\":\"8\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"h\":21,\"i\":\"9\",\"w\":16,\"x\":16,\"y\":131},\"panelIndex\":\"9\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"h\":20,\"i\":\"11\",\"w\":16,\"x\":0,\"y\":192},\"panelIndex\":\"11\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"h\":20,\"i\":\"12\",\"w\":16,\"x\":16,\"y\":192},\"panelIndex\":\"12\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"h\":20,\"i\":\"13\",\"w\":16,\"x\":32,\"y\":192},\"panelIndex\":\"13\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"h\":25,\"i\":\"19\",\"w\":25,\"x\":23,\"y\":106},\"panelIndex\":\"19\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_8\"},{\"embeddableConfig\":{\"legendOpen\":false,\"vis\":{\"legendOpen\":true}},\"gridData\":{\"h\":29,\"i\":\"21\",\"w\":19,\"x\":29,\"y\":8},\"panelIndex\":\"21\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_9\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":23,\"i\":\"22\",\"w\":17,\"x\":16,\"y\":83},\"panelIndex\":\"22\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_10\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":23,\"i\":\"23\",\"w\":15,\"x\":33,\"y\":83},\"panelIndex\":\"23\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_11\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":23,\"i\":\"24\",\"w\":16,\"x\":0,\"y\":83},\"panelIndex\":\"24\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_12\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":13,\"i\":\"26\",\"w\":8,\"x\":0,\"y\":24},\"panelIndex\":\"26\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_13\"},{\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"gridData\":{\"h\":8,\"i\":\"29\",\"w\":8,\"x\":8,\"y\":0},\"panelIndex\":\"29\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_14\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":25,\"i\":\"30\",\"w\":23,\"x\":0,\"y\":106},\"panelIndex\":\"30\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_15\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":21,\"i\":\"31\",\"w\":16,\"x\":32,\"y\":131},\"panelIndex\":\"31\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_16\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"32\",\"w\":24,\"x\":0,\"y\":172},\"panelIndex\":\"32\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_17\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"33\",\"w\":24,\"x\":24,\"y\":172},\"panelIndex\":\"33\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_18\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"34\",\"w\":24,\"x\":0,\"y\":152},\"panelIndex\":\"34\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_19\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"35\",\"w\":24,\"x\":24,\"y\":152},\"panelIndex\":\"35\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_20\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":24,\"i\":\"36\",\"w\":24,\"x\":0,\"y\":37},\"panelIndex\":\"36\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_21\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":24,\"i\":\"37\",\"w\":24,\"x\":24,\"y\":37},\"panelIndex\":\"37\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_22\"},{\"embeddableConfig\":{\"legendOpen\":true,\"vis\":{\"legendOpen\":false}},\"gridData\":{\"h\":29,\"i\":\"38\",\"w\":12,\"x\":17,\"y\":8},\"panelIndex\":\"38\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_23\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":29,\"i\":\"cbba4b14-342c-4e8e-9afd-f4da9e4b8f00\",\"w\":9,\"x\":8,\"y\":8},\"panelIndex\":\"cbba4b14-342c-4e8e-9afd-f4da9e4b8f00\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_24\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":37,\"i\":\"82da0128-4dcd-4f8b-9275-aad74435296f\",\"w\":48,\"x\":0,\"y\":212},\"panelIndex\":\"82da0128-4dcd-4f8b-9275-aad74435296f\",\"version\":\"1.3.1\",\"panelRefName\":\"panel_25\"}]", + "optionsJSON": "{\"useMargins\":true}", + "version": 1, + "timeRestore": false, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"*\"},\"filter\":[]}" + } + }, + "references": [ + { + "name": "panel_0", + "type": "visualization", + "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3" + }, + { + "name": "panel_1", + "type": "visualization", + "id": "03eba854-72b5-47d0-a92a-b671a0d7ed19" + }, + { + "name": "panel_2", + "type": "visualization", + "id": "52013c7c-c554-450e-9198-dbafdc050459" + }, + { + "name": "panel_3", + "type": "visualization", + "id": "13f8cfbf-7b48-414b-8b34-9fc40d4fc066" + }, + { + "name": "panel_4", + "type": "visualization", + "id": "4ab657d5-88d3-44c0-90fd-4e731e528d60" + }, + { + "name": "panel_5", + "type": "visualization", + "id": "d25f4abc-24af-405e-a6f6-873277fe5771" + }, + { + "name": "panel_6", + "type": "visualization", + "id": "0eb7d869-bd51-4711-8ac3-f3cea41dee37" + }, + { + "name": "panel_7", + "type": "visualization", + "id": "fccf0fdd-7e50-4dce-8b85-74141c404ef3" + }, + { + "name": "panel_8", + "type": "visualization", + "id": "bda3ad0a-aa00-40b6-b0ed-a42b96f3343e" + }, + { + "name": "panel_9", + "type": "visualization", + "id": "73528008-f11d-4faa-8f69-a5bf23507b8f" + }, + { + "name": "panel_10", + "type": "visualization", + "id": "faa08629-0011-4b38-8b74-3ba86b59155f" + }, + { + "name": "panel_11", + "type": "visualization", + "id": "0418f791-97b5-4eb4-b644-bf91c98f9c1d" + }, + { + "name": "panel_12", + "type": "visualization", + "id": "a76bc3ed-bbf7-429a-a936-475e9f9e0c0d" + }, + { + "name": "panel_13", + "type": "visualization", + "id": "4dd65202-bd19-40d6-9e0d-ff41c6d5a4b5" + }, + { + "name": "panel_14", + "type": "visualization", + "id": "AWDG71xFxQT5EBNmq336" + }, + { + "name": "panel_15", + "type": "visualization", + "id": "f7ddb5a7-32d5-4e10-b9d5-01ac0bd694c0" + }, + { + "name": "panel_16", + "type": "visualization", + "id": "568c74ff-3ef3-45ba-a178-0520633697bd" + }, + { + "name": "panel_17", + "type": "visualization", + "id": "73df67e0-1f4b-11e9-b7cf-71e2cd3bde1b" + }, + { + "name": "panel_18", + "type": "visualization", + "id": "b1851d10-1f4b-11e9-b7cf-71e2cd3bde1b" + }, + { + "name": "panel_19", + "type": "visualization", + "id": "cf9a1cf0-1f4c-11e9-b7cf-71e2cd3bde1b" + }, + { + "name": "panel_20", + "type": "visualization", + "id": "b9e4dcb0-1f4c-11e9-b7cf-71e2cd3bde1b" + }, + { + "name": "panel_21", + "type": "visualization", + "id": "c513e8f0-1f4d-11e9-b7cf-71e2cd3bde1b" + }, + { + "name": "panel_22", + "type": "visualization", + "id": "b04c8b20-1f4d-11e9-b7cf-71e2cd3bde1b" + }, + { + "name": "panel_23", + "type": "visualization", + "id": "ede811b0-1f4e-11e9-b7cf-71e2cd3bde1b" + }, + { + "name": "panel_24", + "type": "visualization", + "id": "adc09360-49c7-11ea-812f-2bc51df4ea1e" + }, + { + "name": "panel_25", + "type": "search", + "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" + } + ], + "migrationVersion": { + "dashboard": "7.9.3" + } + }, + { + "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-04-29T19:57:16.086Z", + "version": "Wzc4NiwxXQ==", + "attributes": { + "title": "Network Logs", + "visState": "{\"title\":\"Network Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576) \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405) \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf) \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330) \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4) \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed) \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714) \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3) \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85) \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11) \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f) \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b) \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1) \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed) \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5) \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f) \\n[↪ NetBox](/netbox/) \\n[↪ Arkime](/arkime/) \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406) ● [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e) ● [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9) ● [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48) ● [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) ● [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3) ● [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673) ● [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24) ● [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105) ● [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6) ● [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37) ● [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586) ● [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0) ● [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c) ● [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970) ● [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0) ● [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26) ● [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa) ● [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773) ● [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f) ● [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab) ● [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238) ● [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3) ● [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd) ● [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d) ● [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88) ● [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2) ● [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194) ● [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad) ● [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3) ● [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4) ● [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194) ● [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7) ● [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8) ● [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4) ● [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194) ● [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194) ● [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4) ● [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}", + "uiStateJSON": "{}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}" + } + }, + "references": [], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "03eba854-72b5-47d0-a92a-b671a0d7ed19", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-04-29T20:10:39.465Z", + "version": "WzEzMDIsMV0=", + "attributes": { + "title": "Connections - Log Count Over Time", + "visState": "{\"title\":\"Connections - Log Count Over Time\",\"type\":\"line\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"params\":{\"field\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER\",\"timeRange\":{\"from\":\"now-25y\",\"to\":\"now\"},\"useNormalizedOpenSearchInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\" \"},\"schema\":\"segment\"}],\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"histogram\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"type\":\"histogram\",\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}", + "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "52013c7c-c554-450e-9198-dbafdc050459", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-04-29T19:56:53.664Z", + "version": "WzU0MiwxXQ==", + "attributes": { + "title": "Connections - Service By Destination Country", + "visState": "{\"title\":\"Connections - Service By Destination Country\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"row\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"split\",\"params\":{\"field\":\"destination.geo.country_name\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Country\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"network.protocol\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Service\"}}]}", + "uiStateJSON": "{}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "type": "search", + "name": "search_0", + "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "13f8cfbf-7b48-414b-8b34-9fc40d4fc066", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-04-29T19:56:53.664Z", + "version": "WzU0MywxXQ==", + "attributes": { + "visState": "{\"title\":\"Connections - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", + "description": "", + "title": "Connections - Source IP Address", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "type": "search", + "name": "search_0", + "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "4ab657d5-88d3-44c0-90fd-4e731e528d60", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-04-29T19:56:53.664Z", + "version": "WzU0NCwxXQ==", + "attributes": { + "visState": "{\"title\":\"Connections - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", + "description": "", + "title": "Connections - Destination IP Address", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "type": "search", + "name": "search_0", + "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "d25f4abc-24af-405e-a6f6-873277fe5771", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-04-29T19:56:53.664Z", + "version": "WzU0NSwxXQ==", + "attributes": { + "visState": "{\"title\":\"Connections - Source Country\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.geo.country_code2\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Country\"}}],\"listeners\":{}}", + "description": "", + "title": "Connections - Source Country", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "type": "search", + "name": "search_0", + "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "0eb7d869-bd51-4711-8ac3-f3cea41dee37", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-04-29T19:56:53.664Z", + "version": "WzU0NiwxXQ==", + "attributes": { + "visState": "{\"title\":\"Connections - Responder Bytes\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"server.bytes\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"_term\",\"customLabel\":\"Responder Bytes\"}}],\"listeners\":{}}", + "description": "", + "title": "Connections - Responder Bytes", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "type": "search", + "name": "search_0", + "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "fccf0fdd-7e50-4dce-8b85-74141c404ef3", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-04-29T19:56:53.664Z", + "version": "WzU0NywxXQ==", + "attributes": { + "visState": "{\"title\":\"Connections - Missed Bytes\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.conn.missed_bytes\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"_term\",\"customLabel\":\"Missed Bytes\"}}],\"listeners\":{}}", + "description": "", + "title": "Connections - Missed Bytes", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "type": "search", + "name": "search_0", + "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "bda3ad0a-aa00-40b6-b0ed-a42b96f3343e", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-04-29T19:56:53.664Z", + "version": "WzU0OCwxXQ==", + "attributes": { + "title": "Connections - Connection State", + "visState": "{\"title\":\"Connections - Connection State\",\"type\":\"table\",\"params\":{\"perPage\":15,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Connection State Description\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.conn.conn_state_description\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Connection State Description\"}}]}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "73528008-f11d-4faa-8f69-a5bf23507b8f", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-04-29T19:56:53.664Z", + "version": "WzU0OSwxXQ==", + "attributes": { + "title": "Connections - Top 10 - Total Bytes By Connection", + "visState": "{\"title\":\"Connections - Top 10 - Total Bytes By Connection\",\"type\":\"histogram\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":false,\"truncate\":100,\"rotate\":75},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Connection ID\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"orderBucketsBySum\":false,\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Total Bytes\"},\"drawLinesBetweenPoints\":true,\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"square root\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Total Bytes\"},\"type\":\"value\"}],\"type\":\"histogram\",\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"dimensions\":{\"x\":{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Connection ID\",\"aggType\":\"terms\"},\"y\":[{\"accessor\":2,\"format\":{\"id\":\"number\",\"params\":{}},\"params\":{},\"label\":\"Total Bytes\",\"aggType\":\"max\"}],\"series\":[{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Connection ID\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Total Bytes\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"event.id\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Connection ID\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"event.id\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Connection ID\"}}]}", + "uiStateJSON": "{\"vis\":{\"legendOpen\":true}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "faa08629-0011-4b38-8b74-3ba86b59155f", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-04-29T19:56:53.664Z", + "version": "WzU1MCwxXQ==", + "attributes": { + "title": "Connections - Top 10 - Total Bytes By Destination IP", + "visState": "{\"title\":\"Connections - Top 10 - Total Bytes By Destination IP\",\"type\":\"histogram\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100,\"rotate\":75},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Destination IP Address\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"orderBucketsBySum\":false,\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Total Bytes\"},\"drawLinesBetweenPoints\":true,\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"square root\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Total Bytes\"},\"type\":\"value\"}],\"type\":\"histogram\",\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"dimensions\":{\"x\":{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"ip\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Destination IP Address\",\"aggType\":\"terms\"},\"y\":[{\"accessor\":2,\"format\":{\"id\":\"number\",\"params\":{}},\"params\":{},\"label\":\"Total Bytes\",\"aggType\":\"max\"}],\"series\":[{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"ip\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Destination IP Address\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Total Bytes\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP Address\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP Address\"}}]}", + "uiStateJSON": "{}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "0418f791-97b5-4eb4-b644-bf91c98f9c1d", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-04-29T19:56:53.664Z", + "version": "WzU1MSwxXQ==", + "attributes": { + "title": "Connections - Top 10 - Total Bytes By Destination Port", + "visState": "{\"title\":\"Connections - Top 10 - Total Bytes By Destination Port\",\"type\":\"histogram\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100,\"rotate\":0},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Destination Port\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"orderBucketsBySum\":false,\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Max network.bytes\"},\"drawLinesBetweenPoints\":true,\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"square root\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Total Bytes\"},\"type\":\"value\"}],\"type\":\"histogram\",\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"dimensions\":{\"x\":{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Destination Port\",\"aggType\":\"terms\"},\"y\":[{\"accessor\":2,\"format\":{\"id\":\"number\",\"params\":{}},\"params\":{},\"label\":\"Max network.bytes\",\"aggType\":\"max\"}],\"series\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Destination Port\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"network.bytes\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Port\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Port\"}}]}", + "uiStateJSON": "{}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "a76bc3ed-bbf7-429a-a936-475e9f9e0c0d", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-04-29T19:56:53.664Z", + "version": "WzU1MiwxXQ==", + "attributes": { + "title": "Connections - Top 10 - Total Bytes By Source IP", + "visState": "{\"title\":\"Connections - Top 10 - Total Bytes By Source IP\",\"type\":\"histogram\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100,\"rotate\":75},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Source IP Address\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"left\",\"orderBucketsBySum\":false,\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Total Bytes\"},\"drawLinesBetweenPoints\":true,\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"square root\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Total Bytes\"},\"type\":\"value\"}],\"type\":\"histogram\",\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"dimensions\":{\"x\":{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"ip\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Source IP Address\",\"aggType\":\"terms\"},\"y\":[{\"accessor\":2,\"format\":{\"id\":\"number\",\"params\":{}},\"params\":{},\"label\":\"Total Bytes\",\"aggType\":\"max\"}],\"series\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"ip\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Source IP Address\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Total Bytes\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP Address\"}},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP Address\"}}]}", + "uiStateJSON": "{}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "4dd65202-bd19-40d6-9e0d-ff41c6d5a4b5", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-04-29T19:57:13.041Z", + "version": "Wzc2MCwxXQ==", + "attributes": { + "title": "Connections - Maps", + "visState": "{\"title\":\"Connections - Maps\",\"type\":\"markdown\",\"params\":{\"fontSize\":10,\"markdown\":\"#### Coordinate Maps\\n[Source - Originator Bytes](#/dashboard/b50c8d17-6ed3-4de6-aed4-5181032810b2) ● [Destination - Responder Bytes](#/dashboard/d4fd6afd-15cb-42bf-8a25-03dd8e59b327) ● [Source - Sum of Total Bytes](#/dashboard/f394057d-1b16-4174-b994-7045f423a416) ● [Destination - Sum of Total Bytes](#/dashboard/60d78fbd-471c-4f59-a9e3-189b33a13644) ● [Source - Top Connection Duration](#/dashboard/e09a4b86-29b5-4256-bb3b-802ac9f90404) ● [Destination - Top Connection Duration](#/dashboard/0aed0e23-c8ac-4f2b-9f68-d04b6e7666b0) \\n#### Region Maps\\n[Source - Originator Bytes ](#/dashboard/d41fe630-3f98-11e9-a58e-8bdedb0915e8) ● [Destination - Responder Bytes ](#/dashboard/77fc9960-3f99-11e9-a58e-8bdedb0915e8) ● [Source - Sum of Total Bytes ](#/dashboard/1ce42250-3f99-11e9-a58e-8bdedb0915e8) ● [Destination - Sum of Total Bytes ](#/dashboard/a16110b0-3f99-11e9-a58e-8bdedb0915e8) ● [Source - Top Connection Duration ](#/dashboard/39abfe30-3f99-11e9-a58e-8bdedb0915e8) ● [Destination - Top Connection Duration ](#/dashboard/b9f247c0-3f99-11e9-a58e-8bdedb0915e8)\",\"openLinksInNewTab\":false},\"aggs\":[]}", + "uiStateJSON": "{}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}" + } + }, + "references": [], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "AWDG71xFxQT5EBNmq336", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-04-29T19:56:53.664Z", + "version": "WzU1NCwxXQ==", + "attributes": { + "title": "Connections - Log Count", + "visState": "{\"title\":\"Connections - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}", + "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "type": "search", + "name": "search_0", + "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "f7ddb5a7-32d5-4e10-b9d5-01ac0bd694c0", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-04-29T19:56:53.664Z", + "version": "WzU1NSwxXQ==", + "attributes": { + "title": "Connections - Total Bytes Per Source/Destination IP Pair", + "visState": "{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"4\",\"params\":{\"customLabel\":\"Total Bytes\",\"field\":\"network.bytes\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"_key\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":100},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"customLabel\":\"Source IP\",\"field\":\"source.ip\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderAgg\":{\"enabled\":true,\"id\":\"2-orderAgg\",\"params\":{\"field\":\"network.bytes\"},\"schema\":{\"aggFilter\":[\"!top_hits\",\"!percentiles\",\"!median\",\"!std_dev\",\"!derivative\",\"!moving_avg\",\"!serial_diff\",\"!cumulative_sum\",\"!avg_bucket\",\"!max_bucket\",\"!min_bucket\",\"!sum_bucket\"],\"deprecate\":false,\"editor\":false,\"group\":\"none\",\"hideCustomLabel\":true,\"max\":null,\"min\":0,\"name\":\"orderAgg\",\"params\":[],\"title\":\"Order Agg\"},\"type\":\"cardinality\"},\"orderBy\":\"custom\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":100},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"customLabel\":\"Destination IP\",\"field\":\"destination.ip\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderAgg\":{\"enabled\":true,\"id\":\"3-orderAgg\",\"params\":{\"field\":\"network.bytes\"},\"schema\":{\"aggFilter\":[\"!top_hits\",\"!percentiles\",\"!median\",\"!std_dev\",\"!derivative\",\"!moving_avg\",\"!serial_diff\",\"!cumulative_sum\",\"!avg_bucket\",\"!max_bucket\",\"!min_bucket\",\"!sum_bucket\"],\"deprecate\":false,\"editor\":false,\"group\":\"none\",\"hideCustomLabel\":true,\"max\":null,\"min\":0,\"name\":\"orderAgg\",\"params\":[],\"title\":\"Order Agg\"},\"type\":\"cardinality\"},\"orderBy\":\"custom\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":100},\"schema\":\"bucket\",\"type\":\"terms\"}],\"params\":{\"perPage\":15,\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\"},\"title\":\"Connections - Total Bytes Per Source/Destination IP Pair\",\"type\":\"table\"}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "type": "search", + "name": "search_0", + "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "568c74ff-3ef3-45ba-a178-0520633697bd", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-04-29T19:56:53.664Z", + "version": "WzU1NiwxXQ==", + "attributes": { + "title": "Connections - Destination Port", + "visState": "{\"title\":\"Connections - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination Port\"}}]}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "type": "search", + "name": "search_0", + "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "73df67e0-1f4b-11e9-b7cf-71e2cd3bde1b", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-04-29T19:56:53.664Z", + "version": "WzU1NywxXQ==", + "attributes": { + "title": "Connections - Source MAC OUI", + "visState": "{\"title\":\"Connections - Source MAC OUI\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.oui\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source MAC OUI\"}}]}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "type": "search", + "name": "search_0", + "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "b1851d10-1f4b-11e9-b7cf-71e2cd3bde1b", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-04-29T19:56:53.664Z", + "version": "WzU1OCwxXQ==", + "attributes": { + "title": "Connections - Destination MAC OUI", + "visState": "{\"title\":\"Connections - Destination MAC OUI\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.oui\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination MAC OUI\"}}]}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "type": "search", + "name": "search_0", + "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "cf9a1cf0-1f4c-11e9-b7cf-71e2cd3bde1b", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-04-29T19:56:53.664Z", + "version": "WzU1OSwxXQ==", + "attributes": { + "title": "Connections - Source MAC Address", + "visState": "{\"title\":\"Connections - Source MAC Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.mac\",\"size\":500,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"MAC Address\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.oui\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Organizational Unique Identifier\"}}]}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "type": "search", + "name": "search_0", + "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "b9e4dcb0-1f4c-11e9-b7cf-71e2cd3bde1b", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-04-29T19:56:53.664Z", + "version": "WzU2MCwxXQ==", + "attributes": { + "title": "Connections - Destination MAC Address", + "visState": "{\"title\":\"Connections - Destination MAC Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.mac\",\"size\":500,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"MAC Address\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.oui\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Organizational Unique Identifier\"}}]}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "type": "search", + "name": "search_0", + "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "c513e8f0-1f4d-11e9-b7cf-71e2cd3bde1b", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-04-29T19:56:53.664Z", + "version": "WzU2MSwxXQ==", + "attributes": { + "title": "Connections - Top 10 - Total Bytes By Source MAC OUI", + "visState": "{\"title\":\"Connections - Top 10 - Total Bytes By Source MAC OUI\",\"type\":\"histogram\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":false,\"truncate\":100,\"rotate\":75},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Destination IP Address\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"orderBucketsBySum\":false,\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Total Bytes\"},\"drawLinesBetweenPoints\":true,\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"square root\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Total Bytes\"},\"type\":\"value\"}],\"type\":\"histogram\",\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"dimensions\":{\"x\":{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Source MAC OUI\",\"aggType\":\"terms\"},\"y\":[{\"accessor\":2,\"format\":{\"id\":\"number\",\"params\":{}},\"params\":{},\"label\":\"Total Bytes\",\"aggType\":\"max\"}],\"series\":[{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Source MAC OUI\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Total Bytes\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"source.oui\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source MAC OUI\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"source.oui\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source MAC OUI\"}}]}", + "uiStateJSON": "{}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "b04c8b20-1f4d-11e9-b7cf-71e2cd3bde1b", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-04-29T19:56:53.664Z", + "version": "WzU2MiwxXQ==", + "attributes": { + "title": "Connections - Top 10 - Total Bytes By Destination MAC OUI", + "visState": "{\"title\":\"Connections - Top 10 - Total Bytes By Destination MAC OUI\",\"type\":\"histogram\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":false,\"truncate\":100,\"rotate\":75},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Destination IP Address\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"orderBucketsBySum\":false,\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Total Bytes\"},\"drawLinesBetweenPoints\":true,\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"square root\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Total Bytes\"},\"type\":\"value\"}],\"type\":\"histogram\",\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"dimensions\":{\"x\":{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Destination MAC OUI\",\"aggType\":\"terms\"},\"y\":[{\"accessor\":2,\"format\":{\"id\":\"number\",\"params\":{}},\"params\":{},\"label\":\"Total Bytes\",\"aggType\":\"max\"}],\"series\":[{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Destination MAC OUI\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Total Bytes\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destination.oui\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination MAC OUI\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"destination.oui\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination MAC OUI\"}}]}", + "uiStateJSON": "{}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "ede811b0-1f4e-11e9-b7cf-71e2cd3bde1b", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-04-29T19:56:53.664Z", + "version": "WzU2MywxXQ==", + "attributes": { + "title": "Connections - Protocol", + "visState": "{\"title\":\"Connections - Protocol\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"isDonut\":false,\"labels\":{\"show\":true,\"values\":false,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Protocol\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"network.transport\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Protocol\"}}]}", + "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "adc09360-49c7-11ea-812f-2bc51df4ea1e", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-04-29T19:56:53.664Z", + "version": "WzU2NCwxXQ==", + "attributes": { + "title": "Network Layer", + "visState": "{\"title\":\"Network Layer\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"isDonut\":true,\"labels\":{\"show\":true,\"values\":false,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Network Layer\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"network.type\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Network Layer\"}}]}", + "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "52570870-e9d4-444f-a3df-e44c6757ed9f", + "type": "search", + "namespaces": [ + "default" + ], + "updated_at": "2022-04-29T19:57:13.041Z", + "version": "Wzc2MSwxXQ==", + "attributes": { + "title": "Connections - Logs", + "description": "", + "hits": 0, + "columns": [ + "network.transport", + "network.protocol", + "source.ip", + "source.port", + "destination.ip", + "destination.port", + "network.bytes", + "event.id" + ], + "sort": [ + [ + "MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER", + "desc" + ] + ], + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"filter\":[],\"query\":{\"query\":{\"query_string\":{\"query\":\"(event.provider:zeek AND event.dataset:conn) OR (event.provider:suricata AND event.dataset:flow)\",\"analyze_wildcard\":true}},\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" + } + }, + "references": [ + { + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern", + "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" + } + ], + "migrationVersion": { + "search": "7.9.3" + } + } + ] } \ No newline at end of file diff --git a/dashboards/dashboards/d2dd0180-06b1-11ec-8c6b-353266ade330.json b/dashboards/dashboards/d2dd0180-06b1-11ec-8c6b-353266ade330.json index 5f098b3c1..de71d7fa3 100644 --- a/dashboards/dashboards/d2dd0180-06b1-11ec-8c6b-353266ade330.json +++ b/dashboards/dashboards/d2dd0180-06b1-11ec-8c6b-353266ade330.json @@ -1,688 +1,688 @@ -{ - "version": "7.10.2", - "objects": [ - { - "id": "d2dd0180-06b1-11ec-8c6b-353266ade330", - "type": "dashboard", - "namespaces": [ - "default" - ], - "updated_at": "2021-09-02T18:26:13.166Z", - "version": "WzMwMTksMV0=", - "attributes": { - "title": "Severity", - "hits": 0, - "description": "", - "panelsJSON": "[{\"version\":\"7.10.2\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":27,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":8,\"y\":0,\"w\":14,\"h\":18,\"i\":\"3f76fdd2-3bf6-455e-be92-786b9628ec21\"},\"panelIndex\":\"3f76fdd2-3bf6-455e-be92-786b9628ec21\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":22,\"y\":0,\"w\":26,\"h\":18,\"i\":\"d43fa1a6-517d-4730-8a1f-ba928da6fc13\"},\"panelIndex\":\"d43fa1a6-517d-4730-8a1f-ba928da6fc13\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":8,\"y\":18,\"w\":22,\"h\":18,\"i\":\"30a491bc-d8b2-4555-a3c4-415de7e81c6a\"},\"panelIndex\":\"30a491bc-d8b2-4555-a3c4-415de7e81c6a\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":30,\"y\":18,\"w\":18,\"h\":18,\"i\":\"4c752761-c325-41b6-8216-8827bc219b82\"},\"panelIndex\":\"4c752761-c325-41b6-8216-8827bc219b82\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":0,\"y\":27,\"w\":8,\"h\":9,\"i\":\"a21db3d5-8091-4d59-a566-66ca256fa26c\"},\"panelIndex\":\"a21db3d5-8091-4d59-a566-66ca256fa26c\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":0,\"y\":36,\"w\":18,\"h\":19,\"i\":\"5820b8d7-2dd0-4f45-b7d7-c4c3c5ec554e\"},\"panelIndex\":\"5820b8d7-2dd0-4f45-b7d7-c4c3c5ec554e\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":18,\"y\":36,\"w\":15,\"h\":19,\"i\":\"d07e07fe-600e-433e-997d-8eab20559bad\"},\"panelIndex\":\"d07e07fe-600e-433e-997d-8eab20559bad\",\"embeddableConfig\":{\"hidePanelTitles\":false},\"panelRefName\":\"panel_7\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":33,\"y\":36,\"w\":15,\"h\":19,\"i\":\"a54d94c7-2499-4215-863d-859f5d079a03\"},\"panelIndex\":\"a54d94c7-2499-4215-863d-859f5d079a03\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":0,\"y\":55,\"w\":24,\"h\":21,\"i\":\"8880c848-dfa0-42a3-a0dc-8912f037150c\"},\"panelIndex\":\"8880c848-dfa0-42a3-a0dc-8912f037150c\",\"embeddableConfig\":{\"mapZoom\":2,\"mapCenter\":null},\"panelRefName\":\"panel_9\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":24,\"y\":55,\"w\":24,\"h\":21,\"i\":\"96973e1c-8444-4b47-8eb7-04ad66f86b18\"},\"panelIndex\":\"96973e1c-8444-4b47-8eb7-04ad66f86b18\",\"embeddableConfig\":{\"mapZoom\":2,\"mapCenter\":null},\"panelRefName\":\"panel_10\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":0,\"y\":76,\"w\":15,\"h\":18,\"i\":\"2957f8f6-219a-490e-a396-344010d1b1f3\"},\"panelIndex\":\"2957f8f6-219a-490e-a396-344010d1b1f3\",\"embeddableConfig\":{},\"panelRefName\":\"panel_11\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":15,\"y\":76,\"w\":15,\"h\":18,\"i\":\"6620e0e2-cb5c-4324-ae78-1af02e1033ba\"},\"panelIndex\":\"6620e0e2-cb5c-4324-ae78-1af02e1033ba\",\"embeddableConfig\":{},\"panelRefName\":\"panel_12\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":30,\"y\":76,\"w\":18,\"h\":18,\"i\":\"f8f8bdfb-5722-432e-bcf6-f43c084e8ba4\"},\"panelIndex\":\"f8f8bdfb-5722-432e-bcf6-f43c084e8ba4\",\"embeddableConfig\":{},\"panelRefName\":\"panel_13\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":0,\"y\":94,\"w\":48,\"h\":20,\"i\":\"f57be156-07f3-4b1b-9c8d-96e48405ee1c\"},\"panelIndex\":\"f57be156-07f3-4b1b-9c8d-96e48405ee1c\",\"embeddableConfig\":{},\"panelRefName\":\"panel_14\"}]", - "optionsJSON": "{\"useMargins\":true}", - "version": 1, - "timeRestore": false, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"event.severity:*\"},\"filter\":[]}" - } - }, - "references": [ - { - "name": "panel_0", - "type": "visualization", - "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3" - }, - { - "name": "panel_1", - "type": "visualization", - "id": "bcfa8900-06ac-11ec-8c6b-353266ade330" - }, - { - "name": "panel_2", - "type": "visualization", - "id": "0dc37f60-06a1-11ec-8c6b-353266ade330" - }, - { - "name": "panel_3", - "type": "visualization", - "id": "ae03b470-06ad-11ec-8c6b-353266ade330" - }, - { - "name": "panel_4", - "type": "visualization", - "id": "3b79b1b0-06ae-11ec-8c6b-353266ade330" - }, - { - "name": "panel_5", - "type": "visualization", - "id": "e9b2dbb0-06ab-11ec-8c6b-353266ade330" - }, - { - "name": "panel_6", - "type": "visualization", - "id": "1c681a40-47a2-11ea-86b0-e3b81eb90684" - }, - { - "name": "panel_7", - "type": "visualization", - "id": "5c3b42b0-06a9-11ec-8c6b-353266ade330" - }, - { - "name": "panel_8", - "type": "visualization", - "id": "74d35790-06a9-11ec-8c6b-353266ade330" - }, - { - "name": "panel_9", - "type": "visualization", - "id": "0c4482b0-06b0-11ec-8c6b-353266ade330" - }, - { - "name": "panel_10", - "type": "visualization", - "id": "2c19ecb0-06b0-11ec-8c6b-353266ade330" - }, - { - "name": "panel_11", - "type": "visualization", - "id": "dc7eb0a0-06aa-11ec-8c6b-353266ade330" - }, - { - "name": "panel_12", - "type": "visualization", - "id": "c12558e0-06aa-11ec-8c6b-353266ade330" - }, - { - "name": "panel_13", - "type": "visualization", - "id": "f38b3bd0-afd3-11ea-adcf-8bc6d9c94a96" - }, - { - "name": "panel_14", - "type": "search", - "id": "abd55c60-06a5-11ec-8c6b-353266ade330" - } - ], - "migrationVersion": { - "dashboard": "7.9.3" - } - }, - { - "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-09-02T16:45:09.724Z", - "version": "WzczOSwxXQ==", - "attributes": { - "title": "Network Logs", - "visState": "{\"title\":\"Network Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576) \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405) \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf) \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330) \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4) \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed) \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714) \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3) \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85) \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11) \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f) \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b) \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1) \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed) \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5) \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f) \\n[↪ NetBox](/netbox/) \\n[↪ Arkime](/arkime/) \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406) ● [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e) ● [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9) ● [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48) ● [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) ● [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3) ● [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673) ● [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24) ● [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105) ● [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6) ● [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37) ● [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586) ● [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0) ● [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c) ● [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970) ● [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0) ● [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26) ● [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa) ● [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773) ● [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f) ● [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab) ● [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238) ● [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3) ● [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd) ● [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d) ● [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88) ● [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2) ● [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194) ● [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad) ● [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3) ● [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4) ● [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194) ● [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7) ● [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8) ● [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4) ● [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194) ● [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194) ● [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4) ● [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}", - "uiStateJSON": "{}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}" - } - }, - "references": [], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "bcfa8900-06ac-11ec-8c6b-353266ade330", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-09-02T18:24:13.010Z", - "version": "WzI5NDIsMV0=", - "attributes": { - "title": "Severity Tags", - "visState": "{\"title\":\"Severity Tags\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"max\",\"params\":{\"field\":\"event.risk_score\",\"customLabel\":\"High Raw Severity\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.severity_tags\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Severity Tag\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "abd55c60-06a5-11ec-8c6b-353266ade330" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "0dc37f60-06a1-11ec-8c6b-353266ade330", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-09-02T16:45:00.648Z", - "version": "WzY1MywxXQ==", - "attributes": { - "title": "Severity Score Occurrences", - "visState": "{\"title\":\"Severity Score Occurrences\",\"type\":\"histogram\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Occurrences\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"range\",\"params\":{\"field\":\"event.severity\",\"ranges\":[{\"from\":1,\"to\":10},{\"from\":10,\"to\":20},{\"from\":20,\"to\":30},{\"from\":30,\"to\":40},{\"from\":40,\"to\":50},{\"from\":50,\"to\":60},{\"from\":60,\"to\":70},{\"from\":80,\"to\":90},{\"from\":90,\"to\":100},{\"from\":100}],\"customLabel\":\"Severity Score\"},\"schema\":\"segment\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"histogram\",\"params\":{\"field\":\"event.severity\",\"interval\":10,\"maxBars\":10,\"min_doc_count\":true,\"has_extended_bounds\":true,\"extended_bounds\":{\"max\":101,\"min\":0},\"customLabel\":\"Severity Score\"},\"schema\":\"group\"}],\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"filter\":true,\"rotate\":0,\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{},\"type\":\"category\"}],\"grid\":{\"categoryLines\":false,\"valueAxis\":\"ValueAxis-1\"},\"labels\":{\"show\":true},\"legendPosition\":\"right\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Occurrences\"},\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"mode\":\"stacked\",\"show\":true,\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"thresholdLine\":{\"color\":\"#E7664C\",\"show\":false,\"style\":\"full\",\"value\":10,\"width\":1},\"times\":[],\"type\":\"histogram\",\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"square root\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Occurrences\"},\"type\":\"value\"}]}}", - "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "c97bc964-5319-41e7-ad22-db28156a2ac1" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "ae03b470-06ad-11ec-8c6b-353266ade330", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-09-02T16:45:00.648Z", - "version": "WzY1NCwxXQ==", - "attributes": { - "title": "Severity - Notices", - "visState": "{\"title\":\"Severity - Notices\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.notice.note\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Notice Category\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"max\",\"params\":{\"field\":\"event.risk_score\",\"customLabel\":\"High Raw Severity\"},\"schema\":\"metric\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}}}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "8f003748-a6f8-4244-9d4e-e38e4a48da4c" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "3b79b1b0-06ae-11ec-8c6b-353266ade330", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-09-02T16:45:00.648Z", - "version": "WzY1NSwxXQ==", - "attributes": { - "title": "Severity - Application Protocol", - "visState": "{\"title\":\"Severity - Application Protocol\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Application Protocol\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"max\",\"params\":{\"field\":\"event.risk_score\",\"customLabel\":\"High Raw Severity\"},\"schema\":\"metric\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":0,\"direction\":\"asc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Application Protocol\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Protocol Version\",\"aggType\":\"terms\"}]}}}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"event.severity:*\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" - } - }, - "references": [ - { - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern", - "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "e9b2dbb0-06ab-11ec-8c6b-353266ade330", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-09-02T16:45:00.648Z", - "version": "WzY1NiwxXQ==", - "attributes": { - "title": "Severity - Socket Family", - "visState": "{\"title\":\"Severity - Socket Family\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.type\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"top\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}", - "uiStateJSON": "{}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "abd55c60-06a5-11ec-8c6b-353266ade330" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "1c681a40-47a2-11ea-86b0-e3b81eb90684", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-09-02T16:45:00.648Z", - "version": "WzY1NywxXQ==", - "attributes": { - "title": "File Types by Transport", - "visState": "{\"title\":\"File Types by Transport\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":true,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"file.mime_type\",\"orderBy\":\"_key\",\"order\":\"desc\",\"size\":500,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"File Type\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"file.source\",\"orderBy\":\"_key\",\"order\":\"desc\",\"size\":50,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Transport\"}}]}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "0aca5333-3b1c-4cda-afb4-f7dd86910459" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "5c3b42b0-06a9-11ec-8c6b-353266ade330", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-09-02T16:45:00.648Z", - "version": "WzY1OCwxXQ==", - "attributes": { - "title": "Severity - Source IP", - "visState": "{\"title\":\"Severity - Source IP\",\"type\":\"table\",\"aggs\":[{\"id\":\"3\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"_key\",\"order\":\"desc\",\"size\":255,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"max\",\"params\":{\"field\":\"event.risk_score\",\"customLabel\":\"High Raw Severity\"},\"schema\":\"metric\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "abd55c60-06a5-11ec-8c6b-353266ade330" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "74d35790-06a9-11ec-8c6b-353266ade330", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-09-02T16:45:00.648Z", - "version": "WzY1OSwxXQ==", - "attributes": { - "title": "Severity - Destination IP", - "visState": "{\"title\":\"Severity - Destination IP\",\"type\":\"table\",\"aggs\":[{\"id\":\"3\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"_key\",\"order\":\"desc\",\"size\":255,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"max\",\"params\":{\"field\":\"event.risk_score\",\"customLabel\":\"High Raw Severity\"},\"schema\":\"metric\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "abd55c60-06a5-11ec-8c6b-353266ade330" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "0c4482b0-06b0-11ec-8c6b-353266ade330", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-09-02T16:45:00.648Z", - "version": "WzY2MCwxXQ==", - "attributes": { - "title": "Severity - Originating Country", - "visState": "{\"title\":\"Severity - Originating Country\",\"type\":\"region_map\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"params\":{\"field\":\"event.severity\",\"customLabel\":\"Highest Severity Score\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.geo.country_iso_code\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":300,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Originating Country\"},\"schema\":\"segment\"}],\"params\":{\"legendPosition\":\"bottomright\",\"addTooltip\":true,\"colorSchema\":\"Yellow to Red\",\"emsHotLink\":\"\",\"isDisplayWarning\":false,\"wms\":{\"enabled\":false,\"url\":\"\",\"options\":{\"version\":\"\",\"layers\":\"\",\"format\":\"image/png\",\"transparent\":true,\"attribution\":\"\",\"styles\":\"\"},\"selectedTmsLayer\":{\"origin\":\"elastic_maps_service\",\"id\":\"road_map\",\"minZoom\":0,\"maxZoom\":10,\"attribution\":\"OpenStreetMap contributors | OpenMapTiles | Elastic Maps Service\"}},\"mapZoom\":2,\"mapCenter\":[0,0],\"outlineWeight\":1,\"showAllShapes\":true,\"selectedLayer\":{\"name\":\"World (offline)\",\"url\":\"/world.geojson\",\"attribution\":\"https://exploratory.io/maps\",\"fields\":[{\"name\":\"ISO_A2\",\"description\":\"Country Code\"},{\"name\":\"WB_A2\",\"description\":\"Country Code2\"},{\"name\":\"NAME\",\"description\":\"Country Name\"}],\"format\":{\"type\":\"geojson\"},\"meta\":{\"feature_collection_path\":\"data\"},\"layerId\":\"self_hosted.World (offline)\",\"isEMS\":false},\"selectedJoinField\":{\"name\":\"WB_A2\",\"description\":\"Country Code2\"}}}", - "uiStateJSON": "{\"mapZoom\":2,\"mapCenter\":[0.8788717828324276,-3.5143305082851]}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "abd55c60-06a5-11ec-8c6b-353266ade330" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "2c19ecb0-06b0-11ec-8c6b-353266ade330", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-09-02T16:45:00.648Z", - "version": "WzY2MSwxXQ==", - "attributes": { - "title": "Severity - Responding Country", - "visState": "{\"title\":\"Severity - Responding Country\",\"type\":\"region_map\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"params\":{\"field\":\"event.severity\",\"customLabel\":\"Highest Severity Score\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.geo.country_iso_code\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":300,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Responding Country\"},\"schema\":\"segment\"}],\"params\":{\"legendPosition\":\"bottomright\",\"addTooltip\":true,\"colorSchema\":\"Yellow to Red\",\"emsHotLink\":\"\",\"isDisplayWarning\":false,\"wms\":{\"enabled\":false,\"url\":\"\",\"options\":{\"version\":\"\",\"layers\":\"\",\"format\":\"image/png\",\"transparent\":true,\"attribution\":\"\",\"styles\":\"\"},\"selectedTmsLayer\":{\"origin\":\"elastic_maps_service\",\"id\":\"road_map\",\"minZoom\":0,\"maxZoom\":10,\"attribution\":\"OpenStreetMap contributors | OpenMapTiles | Elastic Maps Service\"}},\"mapZoom\":2,\"mapCenter\":[0,0],\"outlineWeight\":1,\"showAllShapes\":true,\"selectedLayer\":{\"name\":\"World (offline)\",\"url\":\"/world.geojson\",\"attribution\":\"https://exploratory.io/maps\",\"fields\":[{\"name\":\"ISO_A2\",\"description\":\"Country Code\"},{\"name\":\"WB_A2\",\"description\":\"Country Code2\"},{\"name\":\"NAME\",\"description\":\"Country Name\"}],\"format\":{\"type\":\"geojson\"},\"meta\":{\"feature_collection_path\":\"data\"},\"layerId\":\"self_hosted.World (offline)\",\"isEMS\":false},\"selectedJoinField\":{\"name\":\"WB_A2\",\"description\":\"Country Code2\"}}}", - "uiStateJSON": "{\"mapZoom\":2,\"mapCenter\":[0.8788717828324276,-3.5143305082851]}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "abd55c60-06a5-11ec-8c6b-353266ade330" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "dc7eb0a0-06aa-11ec-8c6b-353266ade330", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-09-02T16:45:00.648Z", - "version": "WzY2MiwxXQ==", - "attributes": { - "title": "Severity - Destination OUI", - "visState": "{\"title\":\"Severity - Destination OUI\",\"type\":\"table\",\"aggs\":[{\"id\":\"3\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.oui\",\"orderBy\":\"_key\",\"order\":\"desc\",\"size\":255,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination OUI\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"max\",\"params\":{\"field\":\"event.risk_score\",\"customLabel\":\"High Raw Severity\"},\"schema\":\"metric\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "abd55c60-06a5-11ec-8c6b-353266ade330" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "c12558e0-06aa-11ec-8c6b-353266ade330", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-09-02T16:45:00.648Z", - "version": "WzY2MywxXQ==", - "attributes": { - "title": "Severity - Source OUI", - "visState": "{\"title\":\"Severity - Source OUI\",\"type\":\"table\",\"aggs\":[{\"id\":\"3\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.oui\",\"orderBy\":\"_key\",\"order\":\"desc\",\"size\":255,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source OUI\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"max\",\"params\":{\"field\":\"event.risk_score\",\"customLabel\":\"High Raw Severity\"},\"schema\":\"metric\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "abd55c60-06a5-11ec-8c6b-353266ade330" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "f38b3bd0-afd3-11ea-adcf-8bc6d9c94a96", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-09-02T16:45:00.648Z", - "version": "WzY2NCwxXQ==", - "attributes": { - "title": "Actions and Results", - "visState": "{\"title\":\"Actions and Results\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":3,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Unknown\"}},\"params\":{},\"label\":\"Protocol\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Action\",\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Result\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Protocol\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Action\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.result\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Result\"}}]}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"event.action:* OR event.result:*\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" - } - }, - "references": [ - { - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern", - "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "abd55c60-06a5-11ec-8c6b-353266ade330", - "type": "search", - "namespaces": [ - "default" - ], - "updated_at": "2021-09-02T16:45:00.648Z", - "version": "WzY2NSwxXQ==", - "attributes": { - "title": "Severity-Scored Logs", - "description": "", - "hits": 0, - "columns": [ - "event.dataset", - "network.transport", - "network.protocol", - "source.ip", - "destination.ip", - "destination.port", - "event.action", - "event.result", - "event.severity", - "event.severity_tags", - "event.id" - ], - "sort": [], - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"query\":{\"query\":\"event.severity:*\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" - } - }, - "references": [ - { - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern", - "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" - } - ], - "migrationVersion": { - "search": "7.9.3" - } - }, - { - "id": "c97bc964-5319-41e7-ad22-db28156a2ac1", - "type": "search", - "namespaces": [ - "default" - ], - "updated_at": "2021-09-02T16:45:00.648Z", - "version": "WzY2NiwxXQ==", - "attributes": { - "title": "All Logs", - "description": "", - "hits": 0, - "columns": [ - "event.provider", - "event.dataset", - "network.protocol", - "event.action", - "event.result", - "source.ip", - "destination.ip", - "destination.port", - "event.id" - ], - "sort": [ - [ - "MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER", - "desc" - ] - ], - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"filter\":[],\"query\":{\"query\":\"NOT event.provider:arkime\",\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" - } - }, - "references": [ - { - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern", - "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" - } - ], - "migrationVersion": { - "search": "7.9.3" - } - }, - { - "id": "8f003748-a6f8-4244-9d4e-e38e4a48da4c", - "type": "search", - "namespaces": [ - "default" - ], - "updated_at": "2021-09-02T16:45:06.705Z", - "version": "WzcxNSwxXQ==", - "attributes": { - "title": "Notices - Logs", - "description": "", - "hits": 0, - "columns": [ - "rule.category", - "rule.name", - "zeek.notice.msg", - "source.ip", - "destination.ip", - "event.id" - ], - "sort": [ - [ - "MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER", - "desc" - ] - ], - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"event.provider:zeek AND event.dataset:notice\",\"default_field\":\"*\"}}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" - } - }, - "references": [ - { - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern", - "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" - } - ], - "migrationVersion": { - "search": "7.9.3" - } - }, - { - "id": "0aca5333-3b1c-4cda-afb4-f7dd86910459", - "type": "search", - "namespaces": [ - "default" - ], - "updated_at": "2021-09-02T16:45:00.648Z", - "version": "WzY2OCwxXQ==", - "attributes": { - "title": "Files - Logs", - "description": "", - "hits": 0, - "columns": [ - "source.ip", - "destination.ip", - "file.source", - "file.mime_type", - "file.path", - "event.id" - ], - "sort": [ - [ - "MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER", - "desc" - ] - ], - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"filter\":[],\"query\":{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"event.dataset:files\"}},\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" - } - }, - "references": [ - { - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern", - "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" - } - ], - "migrationVersion": { - "search": "7.9.3" - } - } - ] +{ + "version": "7.10.2", + "objects": [ + { + "id": "d2dd0180-06b1-11ec-8c6b-353266ade330", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2021-09-02T18:26:13.166Z", + "version": "WzMwMTksMV0=", + "attributes": { + "title": "Severity", + "hits": 0, + "description": "", + "panelsJSON": "[{\"version\":\"7.10.2\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":27,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":8,\"y\":0,\"w\":14,\"h\":18,\"i\":\"3f76fdd2-3bf6-455e-be92-786b9628ec21\"},\"panelIndex\":\"3f76fdd2-3bf6-455e-be92-786b9628ec21\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":22,\"y\":0,\"w\":26,\"h\":18,\"i\":\"d43fa1a6-517d-4730-8a1f-ba928da6fc13\"},\"panelIndex\":\"d43fa1a6-517d-4730-8a1f-ba928da6fc13\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":8,\"y\":18,\"w\":22,\"h\":18,\"i\":\"30a491bc-d8b2-4555-a3c4-415de7e81c6a\"},\"panelIndex\":\"30a491bc-d8b2-4555-a3c4-415de7e81c6a\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":30,\"y\":18,\"w\":18,\"h\":18,\"i\":\"4c752761-c325-41b6-8216-8827bc219b82\"},\"panelIndex\":\"4c752761-c325-41b6-8216-8827bc219b82\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":0,\"y\":27,\"w\":8,\"h\":9,\"i\":\"a21db3d5-8091-4d59-a566-66ca256fa26c\"},\"panelIndex\":\"a21db3d5-8091-4d59-a566-66ca256fa26c\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":0,\"y\":36,\"w\":18,\"h\":19,\"i\":\"5820b8d7-2dd0-4f45-b7d7-c4c3c5ec554e\"},\"panelIndex\":\"5820b8d7-2dd0-4f45-b7d7-c4c3c5ec554e\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":18,\"y\":36,\"w\":15,\"h\":19,\"i\":\"d07e07fe-600e-433e-997d-8eab20559bad\"},\"panelIndex\":\"d07e07fe-600e-433e-997d-8eab20559bad\",\"embeddableConfig\":{\"hidePanelTitles\":false},\"panelRefName\":\"panel_7\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":33,\"y\":36,\"w\":15,\"h\":19,\"i\":\"a54d94c7-2499-4215-863d-859f5d079a03\"},\"panelIndex\":\"a54d94c7-2499-4215-863d-859f5d079a03\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":0,\"y\":55,\"w\":24,\"h\":21,\"i\":\"8880c848-dfa0-42a3-a0dc-8912f037150c\"},\"panelIndex\":\"8880c848-dfa0-42a3-a0dc-8912f037150c\",\"embeddableConfig\":{\"mapZoom\":2,\"mapCenter\":null},\"panelRefName\":\"panel_9\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":24,\"y\":55,\"w\":24,\"h\":21,\"i\":\"96973e1c-8444-4b47-8eb7-04ad66f86b18\"},\"panelIndex\":\"96973e1c-8444-4b47-8eb7-04ad66f86b18\",\"embeddableConfig\":{\"mapZoom\":2,\"mapCenter\":null},\"panelRefName\":\"panel_10\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":0,\"y\":76,\"w\":15,\"h\":18,\"i\":\"2957f8f6-219a-490e-a396-344010d1b1f3\"},\"panelIndex\":\"2957f8f6-219a-490e-a396-344010d1b1f3\",\"embeddableConfig\":{},\"panelRefName\":\"panel_11\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":15,\"y\":76,\"w\":15,\"h\":18,\"i\":\"6620e0e2-cb5c-4324-ae78-1af02e1033ba\"},\"panelIndex\":\"6620e0e2-cb5c-4324-ae78-1af02e1033ba\",\"embeddableConfig\":{},\"panelRefName\":\"panel_12\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":30,\"y\":76,\"w\":18,\"h\":18,\"i\":\"f8f8bdfb-5722-432e-bcf6-f43c084e8ba4\"},\"panelIndex\":\"f8f8bdfb-5722-432e-bcf6-f43c084e8ba4\",\"embeddableConfig\":{},\"panelRefName\":\"panel_13\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":0,\"y\":94,\"w\":48,\"h\":20,\"i\":\"f57be156-07f3-4b1b-9c8d-96e48405ee1c\"},\"panelIndex\":\"f57be156-07f3-4b1b-9c8d-96e48405ee1c\",\"embeddableConfig\":{},\"panelRefName\":\"panel_14\"}]", + "optionsJSON": "{\"useMargins\":true}", + "version": 1, + "timeRestore": false, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"event.severity:*\"},\"filter\":[]}" + } + }, + "references": [ + { + "name": "panel_0", + "type": "visualization", + "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3" + }, + { + "name": "panel_1", + "type": "visualization", + "id": "bcfa8900-06ac-11ec-8c6b-353266ade330" + }, + { + "name": "panel_2", + "type": "visualization", + "id": "0dc37f60-06a1-11ec-8c6b-353266ade330" + }, + { + "name": "panel_3", + "type": "visualization", + "id": "ae03b470-06ad-11ec-8c6b-353266ade330" + }, + { + "name": "panel_4", + "type": "visualization", + "id": "3b79b1b0-06ae-11ec-8c6b-353266ade330" + }, + { + "name": "panel_5", + "type": "visualization", + "id": "e9b2dbb0-06ab-11ec-8c6b-353266ade330" + }, + { + "name": "panel_6", + "type": "visualization", + "id": "1c681a40-47a2-11ea-86b0-e3b81eb90684" + }, + { + "name": "panel_7", + "type": "visualization", + "id": "5c3b42b0-06a9-11ec-8c6b-353266ade330" + }, + { + "name": "panel_8", + "type": "visualization", + "id": "74d35790-06a9-11ec-8c6b-353266ade330" + }, + { + "name": "panel_9", + "type": "visualization", + "id": "0c4482b0-06b0-11ec-8c6b-353266ade330" + }, + { + "name": "panel_10", + "type": "visualization", + "id": "2c19ecb0-06b0-11ec-8c6b-353266ade330" + }, + { + "name": "panel_11", + "type": "visualization", + "id": "dc7eb0a0-06aa-11ec-8c6b-353266ade330" + }, + { + "name": "panel_12", + "type": "visualization", + "id": "c12558e0-06aa-11ec-8c6b-353266ade330" + }, + { + "name": "panel_13", + "type": "visualization", + "id": "f38b3bd0-afd3-11ea-adcf-8bc6d9c94a96" + }, + { + "name": "panel_14", + "type": "search", + "id": "abd55c60-06a5-11ec-8c6b-353266ade330" + } + ], + "migrationVersion": { + "dashboard": "7.9.3" + } + }, + { + "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-09-02T16:45:09.724Z", + "version": "WzczOSwxXQ==", + "attributes": { + "title": "Network Logs", + "visState": "{\"title\":\"Network Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576) \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405) \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf) \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330) \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4) \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed) \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714) \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3) \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85) \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11) \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f) \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b) \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1) \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed) \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5) \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f) \\n[↪ NetBox](/netbox/) \\n[↪ Arkime](/arkime/) \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406) ● [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e) ● [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9) ● [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48) ● [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) ● [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3) ● [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673) ● [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24) ● [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105) ● [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6) ● [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37) ● [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586) ● [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0) ● [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c) ● [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970) ● [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0) ● [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26) ● [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa) ● [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773) ● [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f) ● [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab) ● [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238) ● [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3) ● [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd) ● [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d) ● [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88) ● [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2) ● [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194) ● [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad) ● [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3) ● [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4) ● [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194) ● [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7) ● [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8) ● [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4) ● [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194) ● [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194) ● [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4) ● [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}", + "uiStateJSON": "{}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}" + } + }, + "references": [], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "bcfa8900-06ac-11ec-8c6b-353266ade330", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-09-02T18:24:13.010Z", + "version": "WzI5NDIsMV0=", + "attributes": { + "title": "Severity Tags", + "visState": "{\"title\":\"Severity Tags\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"max\",\"params\":{\"field\":\"event.risk_score\",\"customLabel\":\"High Raw Severity\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.severity_tags\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Severity Tag\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "abd55c60-06a5-11ec-8c6b-353266ade330" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "0dc37f60-06a1-11ec-8c6b-353266ade330", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-09-02T16:45:00.648Z", + "version": "WzY1MywxXQ==", + "attributes": { + "title": "Severity Score Occurrences", + "visState": "{\"title\":\"Severity Score Occurrences\",\"type\":\"histogram\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Occurrences\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"range\",\"params\":{\"field\":\"event.severity\",\"ranges\":[{\"from\":1,\"to\":10},{\"from\":10,\"to\":20},{\"from\":20,\"to\":30},{\"from\":30,\"to\":40},{\"from\":40,\"to\":50},{\"from\":50,\"to\":60},{\"from\":60,\"to\":70},{\"from\":80,\"to\":90},{\"from\":90,\"to\":100},{\"from\":100}],\"customLabel\":\"Severity Score\"},\"schema\":\"segment\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"histogram\",\"params\":{\"field\":\"event.severity\",\"interval\":10,\"maxBars\":10,\"min_doc_count\":true,\"has_extended_bounds\":true,\"extended_bounds\":{\"max\":101,\"min\":0},\"customLabel\":\"Severity Score\"},\"schema\":\"group\"}],\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"filter\":true,\"rotate\":0,\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{},\"type\":\"category\"}],\"grid\":{\"categoryLines\":false,\"valueAxis\":\"ValueAxis-1\"},\"labels\":{\"show\":true},\"legendPosition\":\"right\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Occurrences\"},\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"mode\":\"stacked\",\"show\":true,\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"thresholdLine\":{\"color\":\"#E7664C\",\"show\":false,\"style\":\"full\",\"value\":10,\"width\":1},\"times\":[],\"type\":\"histogram\",\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"square root\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Occurrences\"},\"type\":\"value\"}]}}", + "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "c97bc964-5319-41e7-ad22-db28156a2ac1" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "ae03b470-06ad-11ec-8c6b-353266ade330", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-09-02T16:45:00.648Z", + "version": "WzY1NCwxXQ==", + "attributes": { + "title": "Severity - Notices", + "visState": "{\"title\":\"Severity - Notices\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.notice.note\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Notice Category\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"max\",\"params\":{\"field\":\"event.risk_score\",\"customLabel\":\"High Raw Severity\"},\"schema\":\"metric\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}}}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "8f003748-a6f8-4244-9d4e-e38e4a48da4c" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "3b79b1b0-06ae-11ec-8c6b-353266ade330", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-09-02T16:45:00.648Z", + "version": "WzY1NSwxXQ==", + "attributes": { + "title": "Severity - Application Protocol", + "visState": "{\"title\":\"Severity - Application Protocol\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Application Protocol\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"max\",\"params\":{\"field\":\"event.risk_score\",\"customLabel\":\"High Raw Severity\"},\"schema\":\"metric\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":0,\"direction\":\"asc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Application Protocol\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Protocol Version\",\"aggType\":\"terms\"}]}}}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"event.severity:*\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" + } + }, + "references": [ + { + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern", + "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "e9b2dbb0-06ab-11ec-8c6b-353266ade330", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-09-02T16:45:00.648Z", + "version": "WzY1NiwxXQ==", + "attributes": { + "title": "Severity - Socket Family", + "visState": "{\"title\":\"Severity - Socket Family\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.type\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"top\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}", + "uiStateJSON": "{}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "abd55c60-06a5-11ec-8c6b-353266ade330" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "1c681a40-47a2-11ea-86b0-e3b81eb90684", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-09-02T16:45:00.648Z", + "version": "WzY1NywxXQ==", + "attributes": { + "title": "File Types by Transport", + "visState": "{\"title\":\"File Types by Transport\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":true,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"file.mime_type\",\"orderBy\":\"_key\",\"order\":\"desc\",\"size\":500,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"File Type\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"file.source\",\"orderBy\":\"_key\",\"order\":\"desc\",\"size\":50,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Transport\"}}]}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "0aca5333-3b1c-4cda-afb4-f7dd86910459" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "5c3b42b0-06a9-11ec-8c6b-353266ade330", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-09-02T16:45:00.648Z", + "version": "WzY1OCwxXQ==", + "attributes": { + "title": "Severity - Source IP", + "visState": "{\"title\":\"Severity - Source IP\",\"type\":\"table\",\"aggs\":[{\"id\":\"3\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"_key\",\"order\":\"desc\",\"size\":255,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"max\",\"params\":{\"field\":\"event.risk_score\",\"customLabel\":\"High Raw Severity\"},\"schema\":\"metric\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "abd55c60-06a5-11ec-8c6b-353266ade330" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "74d35790-06a9-11ec-8c6b-353266ade330", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-09-02T16:45:00.648Z", + "version": "WzY1OSwxXQ==", + "attributes": { + "title": "Severity - Destination IP", + "visState": "{\"title\":\"Severity - Destination IP\",\"type\":\"table\",\"aggs\":[{\"id\":\"3\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"_key\",\"order\":\"desc\",\"size\":255,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"max\",\"params\":{\"field\":\"event.risk_score\",\"customLabel\":\"High Raw Severity\"},\"schema\":\"metric\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "abd55c60-06a5-11ec-8c6b-353266ade330" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "0c4482b0-06b0-11ec-8c6b-353266ade330", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-09-02T16:45:00.648Z", + "version": "WzY2MCwxXQ==", + "attributes": { + "title": "Severity - Originating Country", + "visState": "{\"title\":\"Severity - Originating Country\",\"type\":\"region_map\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"params\":{\"field\":\"event.severity\",\"customLabel\":\"Highest Severity Score\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.geo.country_iso_code\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":300,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Originating Country\"},\"schema\":\"segment\"}],\"params\":{\"legendPosition\":\"bottomright\",\"addTooltip\":true,\"colorSchema\":\"Yellow to Red\",\"emsHotLink\":\"\",\"isDisplayWarning\":false,\"wms\":{\"enabled\":false,\"url\":\"\",\"options\":{\"version\":\"\",\"layers\":\"\",\"format\":\"image/png\",\"transparent\":true,\"attribution\":\"\",\"styles\":\"\"},\"selectedTmsLayer\":{\"origin\":\"elastic_maps_service\",\"id\":\"road_map\",\"minZoom\":0,\"maxZoom\":10,\"attribution\":\"OpenStreetMap contributors | OpenMapTiles | Elastic Maps Service\"}},\"mapZoom\":2,\"mapCenter\":[0,0],\"outlineWeight\":1,\"showAllShapes\":true,\"selectedLayer\":{\"name\":\"World (offline)\",\"url\":\"/world.geojson\",\"attribution\":\"https://exploratory.io/maps\",\"fields\":[{\"name\":\"ISO_A2\",\"description\":\"Country Code\"},{\"name\":\"WB_A2\",\"description\":\"Country Code2\"},{\"name\":\"NAME\",\"description\":\"Country Name\"}],\"format\":{\"type\":\"geojson\"},\"meta\":{\"feature_collection_path\":\"data\"},\"layerId\":\"self_hosted.World (offline)\",\"isEMS\":false},\"selectedJoinField\":{\"name\":\"WB_A2\",\"description\":\"Country Code2\"}}}", + "uiStateJSON": "{\"mapZoom\":2,\"mapCenter\":[0.8788717828324276,-3.5143305082851]}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "abd55c60-06a5-11ec-8c6b-353266ade330" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "2c19ecb0-06b0-11ec-8c6b-353266ade330", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-09-02T16:45:00.648Z", + "version": "WzY2MSwxXQ==", + "attributes": { + "title": "Severity - Responding Country", + "visState": "{\"title\":\"Severity - Responding Country\",\"type\":\"region_map\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"params\":{\"field\":\"event.severity\",\"customLabel\":\"Highest Severity Score\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.geo.country_iso_code\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":300,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Responding Country\"},\"schema\":\"segment\"}],\"params\":{\"legendPosition\":\"bottomright\",\"addTooltip\":true,\"colorSchema\":\"Yellow to Red\",\"emsHotLink\":\"\",\"isDisplayWarning\":false,\"wms\":{\"enabled\":false,\"url\":\"\",\"options\":{\"version\":\"\",\"layers\":\"\",\"format\":\"image/png\",\"transparent\":true,\"attribution\":\"\",\"styles\":\"\"},\"selectedTmsLayer\":{\"origin\":\"elastic_maps_service\",\"id\":\"road_map\",\"minZoom\":0,\"maxZoom\":10,\"attribution\":\"OpenStreetMap contributors | OpenMapTiles | Elastic Maps Service\"}},\"mapZoom\":2,\"mapCenter\":[0,0],\"outlineWeight\":1,\"showAllShapes\":true,\"selectedLayer\":{\"name\":\"World (offline)\",\"url\":\"/world.geojson\",\"attribution\":\"https://exploratory.io/maps\",\"fields\":[{\"name\":\"ISO_A2\",\"description\":\"Country Code\"},{\"name\":\"WB_A2\",\"description\":\"Country Code2\"},{\"name\":\"NAME\",\"description\":\"Country Name\"}],\"format\":{\"type\":\"geojson\"},\"meta\":{\"feature_collection_path\":\"data\"},\"layerId\":\"self_hosted.World (offline)\",\"isEMS\":false},\"selectedJoinField\":{\"name\":\"WB_A2\",\"description\":\"Country Code2\"}}}", + "uiStateJSON": "{\"mapZoom\":2,\"mapCenter\":[0.8788717828324276,-3.5143305082851]}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "abd55c60-06a5-11ec-8c6b-353266ade330" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "dc7eb0a0-06aa-11ec-8c6b-353266ade330", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-09-02T16:45:00.648Z", + "version": "WzY2MiwxXQ==", + "attributes": { + "title": "Severity - Destination OUI", + "visState": "{\"title\":\"Severity - Destination OUI\",\"type\":\"table\",\"aggs\":[{\"id\":\"3\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.oui\",\"orderBy\":\"_key\",\"order\":\"desc\",\"size\":255,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination OUI\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"max\",\"params\":{\"field\":\"event.risk_score\",\"customLabel\":\"High Raw Severity\"},\"schema\":\"metric\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "abd55c60-06a5-11ec-8c6b-353266ade330" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "c12558e0-06aa-11ec-8c6b-353266ade330", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-09-02T16:45:00.648Z", + "version": "WzY2MywxXQ==", + "attributes": { + "title": "Severity - Source OUI", + "visState": "{\"title\":\"Severity - Source OUI\",\"type\":\"table\",\"aggs\":[{\"id\":\"3\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.oui\",\"orderBy\":\"_key\",\"order\":\"desc\",\"size\":255,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source OUI\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"max\",\"params\":{\"field\":\"event.risk_score\",\"customLabel\":\"High Raw Severity\"},\"schema\":\"metric\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "abd55c60-06a5-11ec-8c6b-353266ade330" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "f38b3bd0-afd3-11ea-adcf-8bc6d9c94a96", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-09-02T16:45:00.648Z", + "version": "WzY2NCwxXQ==", + "attributes": { + "title": "Actions and Results", + "visState": "{\"title\":\"Actions and Results\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":3,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Unknown\"}},\"params\":{},\"label\":\"Protocol\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Action\",\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Result\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Protocol\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Action\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.result\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Result\"}}]}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"event.action:* OR event.result:*\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" + } + }, + "references": [ + { + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern", + "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "abd55c60-06a5-11ec-8c6b-353266ade330", + "type": "search", + "namespaces": [ + "default" + ], + "updated_at": "2021-09-02T16:45:00.648Z", + "version": "WzY2NSwxXQ==", + "attributes": { + "title": "Severity-Scored Logs", + "description": "", + "hits": 0, + "columns": [ + "event.dataset", + "network.transport", + "network.protocol", + "source.ip", + "destination.ip", + "destination.port", + "event.action", + "event.result", + "event.severity", + "event.severity_tags", + "event.id" + ], + "sort": [], + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"query\":{\"query\":\"event.severity:*\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" + } + }, + "references": [ + { + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern", + "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" + } + ], + "migrationVersion": { + "search": "7.9.3" + } + }, + { + "id": "c97bc964-5319-41e7-ad22-db28156a2ac1", + "type": "search", + "namespaces": [ + "default" + ], + "updated_at": "2021-09-02T16:45:00.648Z", + "version": "WzY2NiwxXQ==", + "attributes": { + "title": "All Logs", + "description": "", + "hits": 0, + "columns": [ + "event.provider", + "event.dataset", + "network.protocol", + "event.action", + "event.result", + "source.ip", + "destination.ip", + "destination.port", + "event.id" + ], + "sort": [ + [ + "MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER", + "desc" + ] + ], + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"filter\":[],\"query\":{\"query\":\"NOT event.provider:arkime\",\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" + } + }, + "references": [ + { + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern", + "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" + } + ], + "migrationVersion": { + "search": "7.9.3" + } + }, + { + "id": "8f003748-a6f8-4244-9d4e-e38e4a48da4c", + "type": "search", + "namespaces": [ + "default" + ], + "updated_at": "2021-09-02T16:45:06.705Z", + "version": "WzcxNSwxXQ==", + "attributes": { + "title": "Notices - Logs", + "description": "", + "hits": 0, + "columns": [ + "rule.category", + "rule.name", + "zeek.notice.msg", + "source.ip", + "destination.ip", + "event.id" + ], + "sort": [ + [ + "MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER", + "desc" + ] + ], + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"event.provider:zeek AND event.dataset:notice\",\"default_field\":\"*\"}}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" + } + }, + "references": [ + { + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern", + "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" + } + ], + "migrationVersion": { + "search": "7.9.3" + } + }, + { + "id": "0aca5333-3b1c-4cda-afb4-f7dd86910459", + "type": "search", + "namespaces": [ + "default" + ], + "updated_at": "2021-09-02T16:45:00.648Z", + "version": "WzY2OCwxXQ==", + "attributes": { + "title": "Files - Logs", + "description": "", + "hits": 0, + "columns": [ + "source.ip", + "destination.ip", + "file.source", + "file.mime_type", + "file.path", + "event.id" + ], + "sort": [ + [ + "MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER", + "desc" + ] + ], + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"filter\":[],\"query\":{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"event.dataset:files\"}},\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" + } + }, + "references": [ + { + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern", + "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" + } + ], + "migrationVersion": { + "search": "7.9.3" + } + } + ] } \ No newline at end of file diff --git a/dashboards/dashboards/f1f09567-fc7f-450b-a341-19d2f2bb468b.json b/dashboards/dashboards/f1f09567-fc7f-450b-a341-19d2f2bb468b.json index 928d05611..3617c226c 100644 --- a/dashboards/dashboards/f1f09567-fc7f-450b-a341-19d2f2bb468b.json +++ b/dashboards/dashboards/f1f09567-fc7f-450b-a341-19d2f2bb468b.json @@ -1,526 +1,526 @@ -{ - "version": "1.3.1", - "objects": [ - { - "id": "f1f09567-fc7f-450b-a341-19d2f2bb468b", - "type": "dashboard", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-04T17:53:11.078Z", - "version": "WzczOSwxXQ==", - "attributes": { - "title": "Zeek Notices", - "hits": 0, - "description": "", - "panelsJSON": "[{\"embeddableConfig\":{\"legendOpen\":false,\"vis\":{\"legendOpen\":true}},\"gridData\":{\"h\":11,\"i\":\"4\",\"w\":32,\"x\":16,\"y\":0},\"panelIndex\":\"4\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":30,\"i\":\"5\",\"w\":8,\"x\":0,\"y\":0},\"panelIndex\":\"5\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}},\"gridData\":{\"h\":19,\"i\":\"7\",\"w\":13,\"x\":0,\"y\":30},\"panelIndex\":\"7\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}},\"gridData\":{\"h\":19,\"i\":\"8\",\"w\":13,\"x\":13,\"y\":30},\"panelIndex\":\"8\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"11\",\"w\":17,\"x\":8,\"y\":11},\"panelIndex\":\"11\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}},\"gridData\":{\"h\":19,\"i\":\"12\",\"w\":24,\"x\":24,\"y\":68},\"panelIndex\":\"12\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}},\"gridData\":{\"h\":19,\"i\":\"13\",\"w\":24,\"x\":0,\"y\":68},\"panelIndex\":\"13\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"14\",\"w\":23,\"x\":25,\"y\":11},\"panelIndex\":\"14\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"asc\"}},\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}},\"gridData\":{\"h\":19,\"i\":\"15\",\"w\":24,\"x\":0,\"y\":49},\"panelIndex\":\"15\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_8\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":11,\"i\":\"16\",\"w\":8,\"x\":8,\"y\":0},\"panelIndex\":\"16\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_9\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":24,\"i\":\"17\",\"w\":48,\"x\":0,\"y\":87},\"panelIndex\":\"17\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_10\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"18\",\"w\":22,\"x\":26,\"y\":30},\"panelIndex\":\"18\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_11\"},{\"embeddableConfig\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"asc\"}},\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}},\"gridData\":{\"h\":19,\"i\":\"19\",\"w\":12,\"x\":36,\"y\":49},\"panelIndex\":\"19\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_12\"},{\"embeddableConfig\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"asc\"}},\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}},\"gridData\":{\"h\":19,\"i\":\"a26aabd1-b1ab-4c25-afa2-343d10b8c592\",\"w\":12,\"x\":24,\"y\":49},\"panelIndex\":\"a26aabd1-b1ab-4c25-afa2-343d10b8c592\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_13\"}]", - "optionsJSON": "{\"useMargins\":true}", - "version": 1, - "timeRestore": false, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"*\"},\"filter\":[]}" - } - }, - "references": [ - { - "name": "panel_0", - "type": "visualization", - "id": "0455b814-9b8e-4895-985d-c0d484bb025c" - }, - { - "name": "panel_1", - "type": "visualization", - "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3" - }, - { - "name": "panel_2", - "type": "visualization", - "id": "abb2c718-e1f5-4b59-9c3d-54082ee3a407" - }, - { - "name": "panel_3", - "type": "visualization", - "id": "af961658-7f3d-4f88-b35f-76d1b6f49002" - }, - { - "name": "panel_4", - "type": "visualization", - "id": "519823ff-ee5b-4051-9dd5-0467e595ab25" - }, - { - "name": "panel_5", - "type": "visualization", - "id": "8f4a6c67-6833-4c53-b874-4341df5f181d" - }, - { - "name": "panel_6", - "type": "visualization", - "id": "47adad3a-a0d2-46eb-a957-1886abd4472d" - }, - { - "name": "panel_7", - "type": "visualization", - "id": "8a911a83-3962-44b8-be39-b54532f51b46" - }, - { - "name": "panel_8", - "type": "visualization", - "id": "8da041f0-ea80-4841-aabc-ae32c40f20c5" - }, - { - "name": "panel_9", - "type": "visualization", - "id": "AWDG1uC-xQT5EBNmq3dP" - }, - { - "name": "panel_10", - "type": "search", - "id": "8f003748-a6f8-4244-9d4e-e38e4a48da4c" - }, - { - "name": "panel_11", - "type": "visualization", - "id": "cd33ef1d-d5b8-43aa-8ae1-2534f0b79759" - }, - { - "name": "panel_12", - "type": "visualization", - "id": "559cf002-6086-4655-908e-d1f757cd58a9" - }, - { - "name": "panel_13", - "type": "visualization", - "id": "5d805580-0c3e-11ec-af25-f10016947fe0" - } - ], - "migrationVersion": { - "dashboard": "7.9.3" - } - }, - { - "id": "0455b814-9b8e-4895-985d-c0d484bb025c", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-04T17:53:11.078Z", - "version": "Wzc0MCwxXQ==", - "attributes": { - "title": "Notices - Log Count Over Time", - "visState": "{\"title\":\"Notices - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"square root\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"stacked\",\"type\":\"histogram\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"type\":\"histogram\",\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"dimensions\":{\"x\":{\"accessor\":0,\"format\":{\"id\":\"date\",\"params\":{\"pattern\":\"HH:mm:ss\"}},\"params\":{\"date\":true,\"interval\":\"PT1S\",\"intervalESValue\":1,\"intervalESUnit\":\"s\",\"format\":\"HH:mm:ss\",\"bounds\":{\"min\":\"2017-04-16T17:22:12.510Z\",\"max\":\"2017-04-16T17:23:40.195Z\"}},\"label\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER per second\",\"aggType\":\"date_histogram\"},\"y\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"series\":[{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Notice Category\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER\",\"timeRange\":{\"from\":\"2017-04-16T17:22:12.510Z\",\"to\":\"2017-04-16T17:23:40.195Z\"},\"useNormalizedEsInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\" \"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"rule.category\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Notice Category\"}}]}", - "uiStateJSON": "{}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "8f003748-a6f8-4244-9d4e-e38e4a48da4c" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-04T17:53:15.100Z", - "version": "Wzc4NCwxXQ==", - "attributes": { - "title": "Network Logs", - "visState": "{\"title\":\"Network Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576) \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405) \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf) \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330) \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4) \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed) \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714) \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3) \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85) \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11) \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f) \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b) \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1) \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed) \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5) \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f) \\n[↪ NetBox](/netbox/) \\n[↪ Arkime](/arkime/) \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406) ● [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e) ● [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9) ● [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48) ● [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) ● [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3) ● [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673) ● [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24) ● [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105) ● [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6) ● [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37) ● [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586) ● [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0) ● [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c) ● [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970) ● [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0) ● [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26) ● [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa) ● [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773) ● [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f) ● [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab) ● [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238) ● [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3) ● [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd) ● [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d) ● [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88) ● [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2) ● [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194) ● [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad) ● [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3) ● [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4) ● [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194) ● [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7) ● [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8) ● [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4) ● [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194) ● [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194) ● [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4) ● [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}", - "uiStateJSON": "{}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}" - } - }, - "references": [], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "abb2c718-e1f5-4b59-9c3d-54082ee3a407", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-04T17:53:11.078Z", - "version": "Wzc0MiwxXQ==", - "attributes": { - "visState": "{\"title\":\"Notices - Source IP Addresses\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", - "description": "", - "title": "Notices - Source IP Addresses", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "type": "search", - "name": "search_0", - "id": "8f003748-a6f8-4244-9d4e-e38e4a48da4c" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "af961658-7f3d-4f88-b35f-76d1b6f49002", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-04T17:53:11.078Z", - "version": "Wzc0MywxXQ==", - "attributes": { - "visState": "{\"title\":\"Notices - Destination IP Addresses\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", - "description": "", - "title": "Notices - Destination IP Addresses", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "type": "search", - "name": "search_0", - "id": "8f003748-a6f8-4244-9d4e-e38e4a48da4c" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "519823ff-ee5b-4051-9dd5-0467e595ab25", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-04T17:53:11.078Z", - "version": "Wzc0NCwxXQ==", - "attributes": { - "title": "Notices - Notice Type", - "visState": "{\"title\":\"Notices - Notice Type\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Notice Category\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.category\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Notice Category\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Notice Subcategory\"}}]}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "8f003748-a6f8-4244-9d4e-e38e4a48da4c" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "8f4a6c67-6833-4c53-b874-4341df5f181d", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-04T17:53:11.078Z", - "version": "Wzc0NSwxXQ==", - "attributes": { - "visState": "{\"title\":\"Notices - File MIME Type\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.notice.file_mime_type\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"MIME Type\"}}],\"listeners\":{}}", - "description": "", - "title": "Notices - File MIME Type", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "type": "search", - "name": "search_0", - "id": "8f003748-a6f8-4244-9d4e-e38e4a48da4c" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "47adad3a-a0d2-46eb-a957-1886abd4472d", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-04T17:53:11.078Z", - "version": "Wzc0NiwxXQ==", - "attributes": { - "visState": "{\"title\":\"Notices - File Description\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.notice.file_desc\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Description\"}}],\"listeners\":{}}", - "description": "", - "title": "Notices - File Description", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "type": "search", - "name": "search_0", - "id": "8f003748-a6f8-4244-9d4e-e38e4a48da4c" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "8a911a83-3962-44b8-be39-b54532f51b46", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-04T17:53:11.078Z", - "version": "Wzc0NywxXQ==", - "attributes": { - "title": "Notice - Destination Port", - "visState": "{\"title\":\"Notice - Destination Port\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"Port\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"square root\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":false,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"type\":\"histogram\",\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"dimensions\":{\"x\":{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Port\",\"aggType\":\"terms\"},\"y\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Port\"}}]}", - "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "8f003748-a6f8-4244-9d4e-e38e4a48da4c" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "8da041f0-ea80-4841-aabc-ae32c40f20c5", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-04T17:53:11.078Z", - "version": "Wzc0OCwxXQ==", - "attributes": { - "title": "Notice - Message Details", - "visState": "{\"title\":\"Notice - Message Details\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":4,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":4,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Category\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Subcategory\",\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Message\",\"aggType\":\"terms\"},{\"accessor\":3,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Sub-Message\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.category\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Category\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Subcategory\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.notice.msg\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Message\"}}]}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "8f003748-a6f8-4244-9d4e-e38e4a48da4c" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "AWDG1uC-xQT5EBNmq3dP", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-04T17:53:11.078Z", - "version": "Wzc0OSwxXQ==", - "attributes": { - "title": "Notices - Log Count", - "visState": "{\"title\":\"Notices - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}", - "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "type": "search", - "name": "search_0", - "id": "8f003748-a6f8-4244-9d4e-e38e4a48da4c" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "8f003748-a6f8-4244-9d4e-e38e4a48da4c", - "type": "search", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-04T17:53:11.078Z", - "version": "Wzc1MCwxXQ==", - "attributes": { - "title": "Notices - Logs", - "description": "", - "hits": 0, - "columns": [ - "rule.category", - "rule.name", - "zeek.notice.msg", - "source.ip", - "destination.ip", - "event.id" - ], - "sort": [ - [ - "MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER", - "desc" - ] - ], - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"event.provider:zeek AND event.dataset:notice\",\"default_field\":\"*\"}}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" - } - }, - "references": [ - { - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern", - "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" - } - ], - "migrationVersion": { - "search": "7.9.3" - } - }, - { - "id": "cd33ef1d-d5b8-43aa-8ae1-2534f0b79759", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-04T17:53:11.078Z", - "version": "Wzc1MSwxXQ==", - "attributes": { - "title": "Notices - Notice Types by Source and Destination", - "visState": "{\"title\":\"Notices - Notice Types by Source and Destination\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":4,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Note\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"ip\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Source IP Address\",\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"ip\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Destination IP Address\",\"aggType\":\"terms\"},{\"accessor\":3,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Notice Category\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.category\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Notice Category\"}},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Notice Subcategory\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP Address\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP Address\"}}]}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":4,\"direction\":\"desc\"}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "8f003748-a6f8-4244-9d4e-e38e4a48da4c" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "559cf002-6086-4655-908e-d1f757cd58a9", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-04T17:53:11.078Z", - "version": "Wzc1MiwxXQ==", - "attributes": { - "title": "Notices - Destination Country", - "visState": "{\"title\":\"Notices - Destination Country\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Destination Country\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.geo.country_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Country\"}}]}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "8f003748-a6f8-4244-9d4e-e38e4a48da4c" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "5d805580-0c3e-11ec-af25-f10016947fe0", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-04T17:53:11.078Z", - "version": "Wzc1MywxXQ==", - "attributes": { - "title": "Notices - Source Country", - "visState": "{\"title\":\"Notices - Source Country\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.geo.country_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source Country\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Destination Country\",\"aggType\":\"terms\"}]}}}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "8f003748-a6f8-4244-9d4e-e38e4a48da4c" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - } - ] +{ + "version": "1.3.1", + "objects": [ + { + "id": "f1f09567-fc7f-450b-a341-19d2f2bb468b", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-04T17:53:11.078Z", + "version": "WzczOSwxXQ==", + "attributes": { + "title": "Zeek Notices", + "hits": 0, + "description": "", + "panelsJSON": "[{\"embeddableConfig\":{\"legendOpen\":false,\"vis\":{\"legendOpen\":true}},\"gridData\":{\"h\":11,\"i\":\"4\",\"w\":32,\"x\":16,\"y\":0},\"panelIndex\":\"4\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":30,\"i\":\"5\",\"w\":8,\"x\":0,\"y\":0},\"panelIndex\":\"5\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}},\"gridData\":{\"h\":19,\"i\":\"7\",\"w\":13,\"x\":0,\"y\":30},\"panelIndex\":\"7\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}},\"gridData\":{\"h\":19,\"i\":\"8\",\"w\":13,\"x\":13,\"y\":30},\"panelIndex\":\"8\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"11\",\"w\":17,\"x\":8,\"y\":11},\"panelIndex\":\"11\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}},\"gridData\":{\"h\":19,\"i\":\"12\",\"w\":24,\"x\":24,\"y\":68},\"panelIndex\":\"12\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}},\"gridData\":{\"h\":19,\"i\":\"13\",\"w\":24,\"x\":0,\"y\":68},\"panelIndex\":\"13\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"14\",\"w\":23,\"x\":25,\"y\":11},\"panelIndex\":\"14\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"asc\"}},\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}},\"gridData\":{\"h\":19,\"i\":\"15\",\"w\":24,\"x\":0,\"y\":49},\"panelIndex\":\"15\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_8\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":11,\"i\":\"16\",\"w\":8,\"x\":8,\"y\":0},\"panelIndex\":\"16\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_9\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":24,\"i\":\"17\",\"w\":48,\"x\":0,\"y\":87},\"panelIndex\":\"17\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_10\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"18\",\"w\":22,\"x\":26,\"y\":30},\"panelIndex\":\"18\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_11\"},{\"embeddableConfig\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"asc\"}},\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}},\"gridData\":{\"h\":19,\"i\":\"19\",\"w\":12,\"x\":36,\"y\":49},\"panelIndex\":\"19\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_12\"},{\"embeddableConfig\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"asc\"}},\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}},\"gridData\":{\"h\":19,\"i\":\"a26aabd1-b1ab-4c25-afa2-343d10b8c592\",\"w\":12,\"x\":24,\"y\":49},\"panelIndex\":\"a26aabd1-b1ab-4c25-afa2-343d10b8c592\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_13\"}]", + "optionsJSON": "{\"useMargins\":true}", + "version": 1, + "timeRestore": false, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"*\"},\"filter\":[]}" + } + }, + "references": [ + { + "name": "panel_0", + "type": "visualization", + "id": "0455b814-9b8e-4895-985d-c0d484bb025c" + }, + { + "name": "panel_1", + "type": "visualization", + "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3" + }, + { + "name": "panel_2", + "type": "visualization", + "id": "abb2c718-e1f5-4b59-9c3d-54082ee3a407" + }, + { + "name": "panel_3", + "type": "visualization", + "id": "af961658-7f3d-4f88-b35f-76d1b6f49002" + }, + { + "name": "panel_4", + "type": "visualization", + "id": "519823ff-ee5b-4051-9dd5-0467e595ab25" + }, + { + "name": "panel_5", + "type": "visualization", + "id": "8f4a6c67-6833-4c53-b874-4341df5f181d" + }, + { + "name": "panel_6", + "type": "visualization", + "id": "47adad3a-a0d2-46eb-a957-1886abd4472d" + }, + { + "name": "panel_7", + "type": "visualization", + "id": "8a911a83-3962-44b8-be39-b54532f51b46" + }, + { + "name": "panel_8", + "type": "visualization", + "id": "8da041f0-ea80-4841-aabc-ae32c40f20c5" + }, + { + "name": "panel_9", + "type": "visualization", + "id": "AWDG1uC-xQT5EBNmq3dP" + }, + { + "name": "panel_10", + "type": "search", + "id": "8f003748-a6f8-4244-9d4e-e38e4a48da4c" + }, + { + "name": "panel_11", + "type": "visualization", + "id": "cd33ef1d-d5b8-43aa-8ae1-2534f0b79759" + }, + { + "name": "panel_12", + "type": "visualization", + "id": "559cf002-6086-4655-908e-d1f757cd58a9" + }, + { + "name": "panel_13", + "type": "visualization", + "id": "5d805580-0c3e-11ec-af25-f10016947fe0" + } + ], + "migrationVersion": { + "dashboard": "7.9.3" + } + }, + { + "id": "0455b814-9b8e-4895-985d-c0d484bb025c", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-04T17:53:11.078Z", + "version": "Wzc0MCwxXQ==", + "attributes": { + "title": "Notices - Log Count Over Time", + "visState": "{\"title\":\"Notices - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"square root\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"stacked\",\"type\":\"histogram\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"type\":\"histogram\",\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"dimensions\":{\"x\":{\"accessor\":0,\"format\":{\"id\":\"date\",\"params\":{\"pattern\":\"HH:mm:ss\"}},\"params\":{\"date\":true,\"interval\":\"PT1S\",\"intervalESValue\":1,\"intervalESUnit\":\"s\",\"format\":\"HH:mm:ss\",\"bounds\":{\"min\":\"2017-04-16T17:22:12.510Z\",\"max\":\"2017-04-16T17:23:40.195Z\"}},\"label\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER per second\",\"aggType\":\"date_histogram\"},\"y\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"series\":[{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Notice Category\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER\",\"timeRange\":{\"from\":\"2017-04-16T17:22:12.510Z\",\"to\":\"2017-04-16T17:23:40.195Z\"},\"useNormalizedEsInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\" \"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"rule.category\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Notice Category\"}}]}", + "uiStateJSON": "{}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "8f003748-a6f8-4244-9d4e-e38e4a48da4c" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-04T17:53:15.100Z", + "version": "Wzc4NCwxXQ==", + "attributes": { + "title": "Network Logs", + "visState": "{\"title\":\"Network Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576) \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405) \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf) \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330) \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4) \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed) \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714) \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3) \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85) \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11) \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f) \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b) \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1) \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed) \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5) \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f) \\n[↪ NetBox](/netbox/) \\n[↪ Arkime](/arkime/) \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406) ● [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e) ● [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9) ● [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48) ● [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) ● [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3) ● [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673) ● [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24) ● [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105) ● [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6) ● [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37) ● [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586) ● [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0) ● [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c) ● [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970) ● [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0) ● [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26) ● [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa) ● [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773) ● [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f) ● [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab) ● [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238) ● [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3) ● [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd) ● [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d) ● [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88) ● [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2) ● [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194) ● [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad) ● [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3) ● [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4) ● [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194) ● [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7) ● [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8) ● [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4) ● [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194) ● [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194) ● [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4) ● [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}", + "uiStateJSON": "{}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}" + } + }, + "references": [], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "abb2c718-e1f5-4b59-9c3d-54082ee3a407", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-04T17:53:11.078Z", + "version": "Wzc0MiwxXQ==", + "attributes": { + "visState": "{\"title\":\"Notices - Source IP Addresses\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", + "description": "", + "title": "Notices - Source IP Addresses", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "type": "search", + "name": "search_0", + "id": "8f003748-a6f8-4244-9d4e-e38e4a48da4c" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "af961658-7f3d-4f88-b35f-76d1b6f49002", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-04T17:53:11.078Z", + "version": "Wzc0MywxXQ==", + "attributes": { + "visState": "{\"title\":\"Notices - Destination IP Addresses\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", + "description": "", + "title": "Notices - Destination IP Addresses", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "type": "search", + "name": "search_0", + "id": "8f003748-a6f8-4244-9d4e-e38e4a48da4c" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "519823ff-ee5b-4051-9dd5-0467e595ab25", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-04T17:53:11.078Z", + "version": "Wzc0NCwxXQ==", + "attributes": { + "title": "Notices - Notice Type", + "visState": "{\"title\":\"Notices - Notice Type\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Notice Category\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.category\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Notice Category\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Notice Subcategory\"}}]}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "8f003748-a6f8-4244-9d4e-e38e4a48da4c" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "8f4a6c67-6833-4c53-b874-4341df5f181d", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-04T17:53:11.078Z", + "version": "Wzc0NSwxXQ==", + "attributes": { + "visState": "{\"title\":\"Notices - File MIME Type\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.notice.file_mime_type\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"MIME Type\"}}],\"listeners\":{}}", + "description": "", + "title": "Notices - File MIME Type", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "type": "search", + "name": "search_0", + "id": "8f003748-a6f8-4244-9d4e-e38e4a48da4c" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "47adad3a-a0d2-46eb-a957-1886abd4472d", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-04T17:53:11.078Z", + "version": "Wzc0NiwxXQ==", + "attributes": { + "visState": "{\"title\":\"Notices - File Description\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.notice.file_desc\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Description\"}}],\"listeners\":{}}", + "description": "", + "title": "Notices - File Description", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "type": "search", + "name": "search_0", + "id": "8f003748-a6f8-4244-9d4e-e38e4a48da4c" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "8a911a83-3962-44b8-be39-b54532f51b46", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-04T17:53:11.078Z", + "version": "Wzc0NywxXQ==", + "attributes": { + "title": "Notice - Destination Port", + "visState": "{\"title\":\"Notice - Destination Port\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"Port\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"square root\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":false,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"type\":\"histogram\",\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"dimensions\":{\"x\":{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Port\",\"aggType\":\"terms\"},\"y\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Port\"}}]}", + "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "8f003748-a6f8-4244-9d4e-e38e4a48da4c" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "8da041f0-ea80-4841-aabc-ae32c40f20c5", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-04T17:53:11.078Z", + "version": "Wzc0OCwxXQ==", + "attributes": { + "title": "Notice - Message Details", + "visState": "{\"title\":\"Notice - Message Details\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":4,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":4,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Category\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Subcategory\",\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Message\",\"aggType\":\"terms\"},{\"accessor\":3,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Sub-Message\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.category\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Category\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Subcategory\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.notice.msg\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Message\"}}]}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "8f003748-a6f8-4244-9d4e-e38e4a48da4c" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "AWDG1uC-xQT5EBNmq3dP", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-04T17:53:11.078Z", + "version": "Wzc0OSwxXQ==", + "attributes": { + "title": "Notices - Log Count", + "visState": "{\"title\":\"Notices - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}", + "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "type": "search", + "name": "search_0", + "id": "8f003748-a6f8-4244-9d4e-e38e4a48da4c" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "8f003748-a6f8-4244-9d4e-e38e4a48da4c", + "type": "search", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-04T17:53:11.078Z", + "version": "Wzc1MCwxXQ==", + "attributes": { + "title": "Notices - Logs", + "description": "", + "hits": 0, + "columns": [ + "rule.category", + "rule.name", + "zeek.notice.msg", + "source.ip", + "destination.ip", + "event.id" + ], + "sort": [ + [ + "MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER", + "desc" + ] + ], + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"event.provider:zeek AND event.dataset:notice\",\"default_field\":\"*\"}}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" + } + }, + "references": [ + { + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern", + "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" + } + ], + "migrationVersion": { + "search": "7.9.3" + } + }, + { + "id": "cd33ef1d-d5b8-43aa-8ae1-2534f0b79759", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-04T17:53:11.078Z", + "version": "Wzc1MSwxXQ==", + "attributes": { + "title": "Notices - Notice Types by Source and Destination", + "visState": "{\"title\":\"Notices - Notice Types by Source and Destination\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":4,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Note\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"ip\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Source IP Address\",\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"ip\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Destination IP Address\",\"aggType\":\"terms\"},{\"accessor\":3,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Notice Category\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.category\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Notice Category\"}},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Notice Subcategory\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP Address\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP Address\"}}]}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":4,\"direction\":\"desc\"}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "8f003748-a6f8-4244-9d4e-e38e4a48da4c" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "559cf002-6086-4655-908e-d1f757cd58a9", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-04T17:53:11.078Z", + "version": "Wzc1MiwxXQ==", + "attributes": { + "title": "Notices - Destination Country", + "visState": "{\"title\":\"Notices - Destination Country\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Destination Country\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.geo.country_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Country\"}}]}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "8f003748-a6f8-4244-9d4e-e38e4a48da4c" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "5d805580-0c3e-11ec-af25-f10016947fe0", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2022-05-04T17:53:11.078Z", + "version": "Wzc1MywxXQ==", + "attributes": { + "title": "Notices - Source Country", + "visState": "{\"title\":\"Notices - Source Country\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.geo.country_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source Country\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Destination Country\",\"aggType\":\"terms\"}]}}}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "8f003748-a6f8-4244-9d4e-e38e4a48da4c" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + } + ] } \ No newline at end of file diff --git a/dashboards/dashboards/fa477130-2b8a-11ec-a9f2-3911c8571bfd.json b/dashboards/dashboards/fa477130-2b8a-11ec-a9f2-3911c8571bfd.json index bb04c03aa..9b7d4d979 100644 --- a/dashboards/dashboards/fa477130-2b8a-11ec-a9f2-3911c8571bfd.json +++ b/dashboards/dashboards/fa477130-2b8a-11ec-a9f2-3911c8571bfd.json @@ -1,544 +1,544 @@ -{ - "version": "7.10.2", - "objects": [ - { - "id": "fa477130-2b8a-11ec-a9f2-3911c8571bfd", - "type": "dashboard", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-14T16:32:23.695Z", - "version": "WzEwOTIsMV0=", - "attributes": { - "title": "STUN", - "hits": 0, - "description": "", - "panelsJSON": "[{\"embeddableConfig\":{},\"gridData\":{\"h\":32,\"i\":\"2\",\"w\":8,\"x\":0,\"y\":0},\"panelIndex\":\"2\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":15,\"i\":\"7ed1fdac-1ea6-4012-b9b4-468c5f3e9d58\",\"w\":7,\"x\":8,\"y\":0},\"panelIndex\":\"7ed1fdac-1ea6-4012-b9b4-468c5f3e9d58\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":15,\"i\":\"76a1cc35-d46b-46e3-98de-a9ed7d65b3cf\",\"w\":33,\"x\":15,\"y\":0},\"panelIndex\":\"76a1cc35-d46b-46e3-98de-a9ed7d65b3cf\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":36,\"i\":\"5aeadd77-ebbe-4f41-b7f7-43a84e50fb5e\",\"w\":19,\"x\":8,\"y\":15},\"panelIndex\":\"5aeadd77-ebbe-4f41-b7f7-43a84e50fb5e\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":18,\"i\":\"6d1e4227-cdf8-4849-b6d3-bd3955508fcd\",\"w\":21,\"x\":27,\"y\":15},\"panelIndex\":\"6d1e4227-cdf8-4849-b6d3-bd3955508fcd\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{\"vis\":{\"legendOpen\":true}},\"gridData\":{\"h\":19,\"i\":\"08ac7884-ca98-4fb0-967a-4d1336c1e776\",\"w\":8,\"x\":0,\"y\":32},\"panelIndex\":\"08ac7884-ca98-4fb0-967a-4d1336c1e776\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":18,\"i\":\"fc97c774-444a-4669-9dd5-69d833cf9fb2\",\"w\":21,\"x\":27,\"y\":33},\"panelIndex\":\"fc97c774-444a-4669-9dd5-69d833cf9fb2\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":18,\"i\":\"b517bd06-887a-4e31-8cca-22866362b5ab\",\"w\":11,\"x\":0,\"y\":51},\"panelIndex\":\"b517bd06-887a-4e31-8cca-22866362b5ab\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":18,\"i\":\"2ee9ca1e-8995-498b-afce-ea156e5e3f22\",\"w\":14,\"x\":11,\"y\":51},\"panelIndex\":\"2ee9ca1e-8995-498b-afce-ea156e5e3f22\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_8\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":18,\"i\":\"0b82b3c0-7bb6-4405-a1e3-c9ca2d879abb\",\"w\":11,\"x\":25,\"y\":51},\"panelIndex\":\"0b82b3c0-7bb6-4405-a1e3-c9ca2d879abb\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_9\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":18,\"i\":\"811a8c5e-bc09-495e-afea-06766e23d1a6\",\"w\":12,\"x\":36,\"y\":51},\"panelIndex\":\"811a8c5e-bc09-495e-afea-06766e23d1a6\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_10\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":30,\"i\":\"ae863ed6-ee8a-4db3-86d7-63a7e2c1ee19\",\"w\":48,\"x\":0,\"y\":69},\"panelIndex\":\"ae863ed6-ee8a-4db3-86d7-63a7e2c1ee19\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_11\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":30,\"i\":\"c67fbc68-2531-4b22-8f8f-2858c689ff58\",\"w\":48,\"x\":0,\"y\":99},\"panelIndex\":\"c67fbc68-2531-4b22-8f8f-2858c689ff58\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_12\"}]", - "optionsJSON": "{\"useMargins\":true}", - "version": 1, - "timeRestore": false, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"*\"},\"filter\":[]}" - } - }, - "references": [ - { - "name": "panel_0", - "type": "visualization", - "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3" - }, - { - "name": "panel_1", - "type": "visualization", - "id": "e3b16680-2b8d-11ec-a9f2-3911c8571bfd" - }, - { - "name": "panel_2", - "type": "visualization", - "id": "e0750ac0-2b8e-11ec-a9f2-3911c8571bfd" - }, - { - "name": "panel_3", - "type": "visualization", - "id": "f6f2aea0-2b8f-11ec-a9f2-3911c8571bfd" - }, - { - "name": "panel_4", - "type": "visualization", - "id": "c8949b30-2b90-11ec-a9f2-3911c8571bfd" - }, - { - "name": "panel_5", - "type": "visualization", - "id": "71f0aa60-2b92-11ec-a9f2-3911c8571bfd" - }, - { - "name": "panel_6", - "type": "visualization", - "id": "8a4e1a60-2d0a-11ec-9d3b-819bc1f965f7" - }, - { - "name": "panel_7", - "type": "visualization", - "id": "21ac3930-2b91-11ec-a9f2-3911c8571bfd" - }, - { - "name": "panel_8", - "type": "visualization", - "id": "461f9550-2b91-11ec-a9f2-3911c8571bfd" - }, - { - "name": "panel_9", - "type": "visualization", - "id": "05884900-2b92-11ec-a9f2-3911c8571bfd" - }, - { - "name": "panel_10", - "type": "visualization", - "id": "c9b976b0-2b91-11ec-a9f2-3911c8571bfd" - }, - { - "name": "panel_11", - "type": "search", - "id": "fd1b8350-2b8b-11ec-a9f2-3911c8571bfd" - }, - { - "name": "panel_12", - "type": "search", - "id": "642a43b0-2b8c-11ec-a9f2-3911c8571bfd" - } - ], - "migrationVersion": { - "dashboard": "7.9.3" - } - }, - { - "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-14T15:55:12.655Z", - "version": "WzkzNywxXQ==", - "attributes": { - "title": "Network Logs", - "visState": "{\"title\":\"Network Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576) \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405) \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf) \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330) \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4) \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed) \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714) \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3) \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85) \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11) \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f) \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b) \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1) \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed) \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5) \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f) \\n[↪ NetBox](/netbox/) \\n[↪ Arkime](/arkime/) \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406) ● [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e) ● [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9) ● [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48) ● [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) ● [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3) ● [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673) ● [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24) ● [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105) ● [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6) ● [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37) ● [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586) ● [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0) ● [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c) ● [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970) ● [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0) ● [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26) ● [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa) ● [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773) ● [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f) ● [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab) ● [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238) ● [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3) ● [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd) ● [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d) ● [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88) ● [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2) ● [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194) ● [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad) ● [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3) ● [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4) ● [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194) ● [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7) ● [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8) ● [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4) ● [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194) ● [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194) ● [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4) ● [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}", - "uiStateJSON": "{}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}" - } - }, - "references": [], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "e3b16680-2b8d-11ec-a9f2-3911c8571bfd", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-14T15:55:12.655Z", - "version": "WzkzOCwxXQ==", - "attributes": { - "title": "STUN - Log Count", - "visState": "{\"title\":\"STUN - Log Count\",\"type\":\"metric\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.dataset\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Log Type\"},\"schema\":\"group\"}],\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}}}}", - "uiStateJSON": "{}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"event.dataset:stun*\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "c97bc964-5319-41e7-ad22-db28156a2ac1" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "e0750ac0-2b8e-11ec-a9f2-3911c8571bfd", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-14T15:55:12.655Z", - "version": "WzkzOSwxXQ==", - "attributes": { - "title": "STUN - Log Count Over Time", - "visState": "{\"title\":\"STUN - Log Count Over Time\",\"type\":\"histogram\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"params\":{\"field\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER\",\"timeRange\":{\"from\":\"2021-02-26T20:25:47.478Z\",\"to\":\"2021-03-02T15:19:14.457Z\"},\"useNormalizedEsInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\" \"},\"schema\":\"segment\"}],\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"showCircles\":true,\"interpolate\":\"linear\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}", - "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "fd1b8350-2b8b-11ec-a9f2-3911c8571bfd" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "f6f2aea0-2b8f-11ec-a9f2-3911c8571bfd", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-14T15:55:12.655Z", - "version": "Wzk0MCwxXQ==", - "attributes": { - "title": "STUN - Attribute Type", - "visState": "{\"title\":\"STUN - Attribute Type\",\"type\":\"horizontal_bar\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.stun.attr_type\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Attribute Type\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"square root\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}", - "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "fd1b8350-2b8b-11ec-a9f2-3911c8571bfd" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "c8949b30-2b90-11ec-a9f2-3911c8571bfd", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-14T15:55:12.655Z", - "version": "Wzk0MiwxXQ==", - "attributes": { - "title": "STUN - Method and Class", - "visState": "{\"title\":\"STUN - Method and Class\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.stun.method\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Method\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.stun.attr_type\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Attribute Type\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.stun.class\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Class\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "fd1b8350-2b8b-11ec-a9f2-3911c8571bfd" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "71f0aa60-2b92-11ec-a9f2-3911c8571bfd", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-14T16:26:16.939Z", - "version": "WzEwMzYsMV0=", - "attributes": { - "title": "STUN - Class", - "visState": "{\"title\":\"STUN - Class\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.stun.class\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"STUN Class\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}", - "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "fd1b8350-2b8b-11ec-a9f2-3911c8571bfd" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "8a4e1a60-2d0a-11ec-9d3b-819bc1f965f7", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-14T16:19:43.459Z", - "version": "WzEwMTAsMV0=", - "attributes": { - "title": "STUN - Action and Result", - "visState": "{\"title\":\"STUN - Action and Result\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Action\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.result\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Result\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "fd1b8350-2b8b-11ec-a9f2-3911c8571bfd" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "21ac3930-2b91-11ec-a9f2-3911c8571bfd", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-14T15:55:12.655Z", - "version": "Wzk0MywxXQ==", - "attributes": { - "title": "STUN - Source IP", - "visState": "{\"title\":\"STUN - Source IP\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "fd1b8350-2b8b-11ec-a9f2-3911c8571bfd" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "461f9550-2b91-11ec-a9f2-3911c8571bfd", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-14T15:55:12.655Z", - "version": "Wzk0NCwxXQ==", - "attributes": { - "title": "STUN - Destination IP", - "visState": "{\"title\":\"STUN - Destination IP\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Port\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "fd1b8350-2b8b-11ec-a9f2-3911c8571bfd" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "05884900-2b92-11ec-a9f2-3911c8571bfd", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-14T15:55:12.655Z", - "version": "Wzk0NiwxXQ==", - "attributes": { - "title": "STUN - LAN", - "visState": "{\"title\":\"STUN - LAN\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.stun_nat.lan_addr\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"LAN Address\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "642a43b0-2b8c-11ec-a9f2-3911c8571bfd" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "c9b976b0-2b91-11ec-a9f2-3911c8571bfd", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-14T15:55:12.655Z", - "version": "Wzk0NSwxXQ==", - "attributes": { - "title": "STUN - WAN", - "visState": "{\"title\":\"STUN - WAN\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.stun_nat.wan_addr\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"WAN Address\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.stun_nat.wan_port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"WAN Port\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "642a43b0-2b8c-11ec-a9f2-3911c8571bfd" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "fd1b8350-2b8b-11ec-a9f2-3911c8571bfd", - "type": "search", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-14T15:55:12.655Z", - "version": "Wzk0NywxXQ==", - "attributes": { - "title": "STUN - Logs", - "description": "", - "hits": 0, - "columns": [ - "source.ip", - "source.port", - "destination.ip", - "destination.port", - "network.is_orig", - "zeek.stun.method", - "zeek.stun.class", - "zeek.stun.attr_type", - "event.id" - ], - "sort": [], - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"query\":{\"query\":\"event.dataset:stun\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" - } - }, - "references": [ - { - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern", - "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" - } - ], - "migrationVersion": { - "search": "7.9.3" - } - }, - { - "id": "642a43b0-2b8c-11ec-a9f2-3911c8571bfd", - "type": "search", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-14T15:55:12.655Z", - "version": "Wzk0OCwxXQ==", - "attributes": { - "title": "STUN NAT - Logs", - "description": "", - "hits": 0, - "columns": [ - "source.ip", - "source.port", - "destination.ip", - "destination.port", - "network.is_orig", - "zeek.stun_nat.wan_addr", - "zeek.stun_nat.wan_port", - "zeek.stun_nat.lan_addr", - "event.id" - ], - "sort": [], - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"query\":{\"query\":\"event.dataset:stun_nat\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" - } - }, - "references": [ - { - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern", - "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" - } - ], - "migrationVersion": { - "search": "7.9.3" - } - }, - { - "id": "c97bc964-5319-41e7-ad22-db28156a2ac1", - "type": "search", - "namespaces": [ - "default" - ], - "updated_at": "2021-10-14T15:55:12.655Z", - "version": "Wzk0OSwxXQ==", - "attributes": { - "title": "All Logs", - "description": "", - "hits": 0, - "columns": [ - "event.provider", - "event.dataset", - "network.protocol", - "event.action", - "event.result", - "source.ip", - "destination.ip", - "destination.port", - "event.id" - ], - "sort": [ - [ - "MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER", - "desc" - ] - ], - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"filter\":[],\"query\":{\"query\":\"NOT event.provider:arkime\",\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" - } - }, - "references": [ - { - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern", - "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" - } - ], - "migrationVersion": { - "search": "7.9.3" - } - } - ] +{ + "version": "7.10.2", + "objects": [ + { + "id": "fa477130-2b8a-11ec-a9f2-3911c8571bfd", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-14T16:32:23.695Z", + "version": "WzEwOTIsMV0=", + "attributes": { + "title": "STUN", + "hits": 0, + "description": "", + "panelsJSON": "[{\"embeddableConfig\":{},\"gridData\":{\"h\":32,\"i\":\"2\",\"w\":8,\"x\":0,\"y\":0},\"panelIndex\":\"2\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":15,\"i\":\"7ed1fdac-1ea6-4012-b9b4-468c5f3e9d58\",\"w\":7,\"x\":8,\"y\":0},\"panelIndex\":\"7ed1fdac-1ea6-4012-b9b4-468c5f3e9d58\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":15,\"i\":\"76a1cc35-d46b-46e3-98de-a9ed7d65b3cf\",\"w\":33,\"x\":15,\"y\":0},\"panelIndex\":\"76a1cc35-d46b-46e3-98de-a9ed7d65b3cf\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":36,\"i\":\"5aeadd77-ebbe-4f41-b7f7-43a84e50fb5e\",\"w\":19,\"x\":8,\"y\":15},\"panelIndex\":\"5aeadd77-ebbe-4f41-b7f7-43a84e50fb5e\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":18,\"i\":\"6d1e4227-cdf8-4849-b6d3-bd3955508fcd\",\"w\":21,\"x\":27,\"y\":15},\"panelIndex\":\"6d1e4227-cdf8-4849-b6d3-bd3955508fcd\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{\"vis\":{\"legendOpen\":true}},\"gridData\":{\"h\":19,\"i\":\"08ac7884-ca98-4fb0-967a-4d1336c1e776\",\"w\":8,\"x\":0,\"y\":32},\"panelIndex\":\"08ac7884-ca98-4fb0-967a-4d1336c1e776\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":18,\"i\":\"fc97c774-444a-4669-9dd5-69d833cf9fb2\",\"w\":21,\"x\":27,\"y\":33},\"panelIndex\":\"fc97c774-444a-4669-9dd5-69d833cf9fb2\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":18,\"i\":\"b517bd06-887a-4e31-8cca-22866362b5ab\",\"w\":11,\"x\":0,\"y\":51},\"panelIndex\":\"b517bd06-887a-4e31-8cca-22866362b5ab\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":18,\"i\":\"2ee9ca1e-8995-498b-afce-ea156e5e3f22\",\"w\":14,\"x\":11,\"y\":51},\"panelIndex\":\"2ee9ca1e-8995-498b-afce-ea156e5e3f22\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_8\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":18,\"i\":\"0b82b3c0-7bb6-4405-a1e3-c9ca2d879abb\",\"w\":11,\"x\":25,\"y\":51},\"panelIndex\":\"0b82b3c0-7bb6-4405-a1e3-c9ca2d879abb\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_9\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":18,\"i\":\"811a8c5e-bc09-495e-afea-06766e23d1a6\",\"w\":12,\"x\":36,\"y\":51},\"panelIndex\":\"811a8c5e-bc09-495e-afea-06766e23d1a6\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_10\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":30,\"i\":\"ae863ed6-ee8a-4db3-86d7-63a7e2c1ee19\",\"w\":48,\"x\":0,\"y\":69},\"panelIndex\":\"ae863ed6-ee8a-4db3-86d7-63a7e2c1ee19\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_11\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":30,\"i\":\"c67fbc68-2531-4b22-8f8f-2858c689ff58\",\"w\":48,\"x\":0,\"y\":99},\"panelIndex\":\"c67fbc68-2531-4b22-8f8f-2858c689ff58\",\"version\":\"7.10.2\",\"panelRefName\":\"panel_12\"}]", + "optionsJSON": "{\"useMargins\":true}", + "version": 1, + "timeRestore": false, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"*\"},\"filter\":[]}" + } + }, + "references": [ + { + "name": "panel_0", + "type": "visualization", + "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3" + }, + { + "name": "panel_1", + "type": "visualization", + "id": "e3b16680-2b8d-11ec-a9f2-3911c8571bfd" + }, + { + "name": "panel_2", + "type": "visualization", + "id": "e0750ac0-2b8e-11ec-a9f2-3911c8571bfd" + }, + { + "name": "panel_3", + "type": "visualization", + "id": "f6f2aea0-2b8f-11ec-a9f2-3911c8571bfd" + }, + { + "name": "panel_4", + "type": "visualization", + "id": "c8949b30-2b90-11ec-a9f2-3911c8571bfd" + }, + { + "name": "panel_5", + "type": "visualization", + "id": "71f0aa60-2b92-11ec-a9f2-3911c8571bfd" + }, + { + "name": "panel_6", + "type": "visualization", + "id": "8a4e1a60-2d0a-11ec-9d3b-819bc1f965f7" + }, + { + "name": "panel_7", + "type": "visualization", + "id": "21ac3930-2b91-11ec-a9f2-3911c8571bfd" + }, + { + "name": "panel_8", + "type": "visualization", + "id": "461f9550-2b91-11ec-a9f2-3911c8571bfd" + }, + { + "name": "panel_9", + "type": "visualization", + "id": "05884900-2b92-11ec-a9f2-3911c8571bfd" + }, + { + "name": "panel_10", + "type": "visualization", + "id": "c9b976b0-2b91-11ec-a9f2-3911c8571bfd" + }, + { + "name": "panel_11", + "type": "search", + "id": "fd1b8350-2b8b-11ec-a9f2-3911c8571bfd" + }, + { + "name": "panel_12", + "type": "search", + "id": "642a43b0-2b8c-11ec-a9f2-3911c8571bfd" + } + ], + "migrationVersion": { + "dashboard": "7.9.3" + } + }, + { + "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-14T15:55:12.655Z", + "version": "WzkzNywxXQ==", + "attributes": { + "title": "Network Logs", + "visState": "{\"title\":\"Network Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576) \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405) \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf) \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330) \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4) \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed) \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714) \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3) \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85) \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11) \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f) \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b) \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1) \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed) \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5) \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f) \\n[↪ NetBox](/netbox/) \\n[↪ Arkime](/arkime/) \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406) ● [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e) ● [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9) ● [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48) ● [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) ● [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3) ● [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673) ● [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24) ● [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105) ● [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6) ● [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37) ● [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586) ● [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0) ● [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c) ● [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970) ● [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0) ● [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26) ● [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa) ● [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773) ● [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f) ● [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab) ● [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238) ● [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3) ● [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd) ● [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d) ● [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88) ● [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2) ● [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194) ● [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad) ● [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3) ● [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4) ● [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194) ● [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7) ● [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8) ● [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4) ● [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194) ● [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194) ● [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4) ● [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}", + "uiStateJSON": "{}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}" + } + }, + "references": [], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "e3b16680-2b8d-11ec-a9f2-3911c8571bfd", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-14T15:55:12.655Z", + "version": "WzkzOCwxXQ==", + "attributes": { + "title": "STUN - Log Count", + "visState": "{\"title\":\"STUN - Log Count\",\"type\":\"metric\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.dataset\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Log Type\"},\"schema\":\"group\"}],\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}}}}", + "uiStateJSON": "{}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"event.dataset:stun*\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "c97bc964-5319-41e7-ad22-db28156a2ac1" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "e0750ac0-2b8e-11ec-a9f2-3911c8571bfd", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-14T15:55:12.655Z", + "version": "WzkzOSwxXQ==", + "attributes": { + "title": "STUN - Log Count Over Time", + "visState": "{\"title\":\"STUN - Log Count Over Time\",\"type\":\"histogram\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"params\":{\"field\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER\",\"timeRange\":{\"from\":\"2021-02-26T20:25:47.478Z\",\"to\":\"2021-03-02T15:19:14.457Z\"},\"useNormalizedEsInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\" \"},\"schema\":\"segment\"}],\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"showCircles\":true,\"interpolate\":\"linear\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}", + "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "fd1b8350-2b8b-11ec-a9f2-3911c8571bfd" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "f6f2aea0-2b8f-11ec-a9f2-3911c8571bfd", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-14T15:55:12.655Z", + "version": "Wzk0MCwxXQ==", + "attributes": { + "title": "STUN - Attribute Type", + "visState": "{\"title\":\"STUN - Attribute Type\",\"type\":\"horizontal_bar\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.stun.attr_type\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Attribute Type\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"square root\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}", + "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "fd1b8350-2b8b-11ec-a9f2-3911c8571bfd" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "c8949b30-2b90-11ec-a9f2-3911c8571bfd", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-14T15:55:12.655Z", + "version": "Wzk0MiwxXQ==", + "attributes": { + "title": "STUN - Method and Class", + "visState": "{\"title\":\"STUN - Method and Class\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.stun.method\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Method\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.stun.attr_type\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Attribute Type\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.stun.class\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Class\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "fd1b8350-2b8b-11ec-a9f2-3911c8571bfd" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "71f0aa60-2b92-11ec-a9f2-3911c8571bfd", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-14T16:26:16.939Z", + "version": "WzEwMzYsMV0=", + "attributes": { + "title": "STUN - Class", + "visState": "{\"title\":\"STUN - Class\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.stun.class\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"STUN Class\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}", + "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "fd1b8350-2b8b-11ec-a9f2-3911c8571bfd" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "8a4e1a60-2d0a-11ec-9d3b-819bc1f965f7", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-14T16:19:43.459Z", + "version": "WzEwMTAsMV0=", + "attributes": { + "title": "STUN - Action and Result", + "visState": "{\"title\":\"STUN - Action and Result\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Action\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.result\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Result\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "fd1b8350-2b8b-11ec-a9f2-3911c8571bfd" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "21ac3930-2b91-11ec-a9f2-3911c8571bfd", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-14T15:55:12.655Z", + "version": "Wzk0MywxXQ==", + "attributes": { + "title": "STUN - Source IP", + "visState": "{\"title\":\"STUN - Source IP\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "fd1b8350-2b8b-11ec-a9f2-3911c8571bfd" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "461f9550-2b91-11ec-a9f2-3911c8571bfd", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-14T15:55:12.655Z", + "version": "Wzk0NCwxXQ==", + "attributes": { + "title": "STUN - Destination IP", + "visState": "{\"title\":\"STUN - Destination IP\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Port\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "fd1b8350-2b8b-11ec-a9f2-3911c8571bfd" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "05884900-2b92-11ec-a9f2-3911c8571bfd", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-14T15:55:12.655Z", + "version": "Wzk0NiwxXQ==", + "attributes": { + "title": "STUN - LAN", + "visState": "{\"title\":\"STUN - LAN\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.stun_nat.lan_addr\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"LAN Address\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "642a43b0-2b8c-11ec-a9f2-3911c8571bfd" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "c9b976b0-2b91-11ec-a9f2-3911c8571bfd", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-14T15:55:12.655Z", + "version": "Wzk0NSwxXQ==", + "attributes": { + "title": "STUN - WAN", + "visState": "{\"title\":\"STUN - WAN\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.stun_nat.wan_addr\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"WAN Address\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.stun_nat.wan_port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"WAN Port\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "642a43b0-2b8c-11ec-a9f2-3911c8571bfd" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "fd1b8350-2b8b-11ec-a9f2-3911c8571bfd", + "type": "search", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-14T15:55:12.655Z", + "version": "Wzk0NywxXQ==", + "attributes": { + "title": "STUN - Logs", + "description": "", + "hits": 0, + "columns": [ + "source.ip", + "source.port", + "destination.ip", + "destination.port", + "network.is_orig", + "zeek.stun.method", + "zeek.stun.class", + "zeek.stun.attr_type", + "event.id" + ], + "sort": [], + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"query\":{\"query\":\"event.dataset:stun\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" + } + }, + "references": [ + { + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern", + "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" + } + ], + "migrationVersion": { + "search": "7.9.3" + } + }, + { + "id": "642a43b0-2b8c-11ec-a9f2-3911c8571bfd", + "type": "search", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-14T15:55:12.655Z", + "version": "Wzk0OCwxXQ==", + "attributes": { + "title": "STUN NAT - Logs", + "description": "", + "hits": 0, + "columns": [ + "source.ip", + "source.port", + "destination.ip", + "destination.port", + "network.is_orig", + "zeek.stun_nat.wan_addr", + "zeek.stun_nat.wan_port", + "zeek.stun_nat.lan_addr", + "event.id" + ], + "sort": [], + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"query\":{\"query\":\"event.dataset:stun_nat\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" + } + }, + "references": [ + { + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern", + "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" + } + ], + "migrationVersion": { + "search": "7.9.3" + } + }, + { + "id": "c97bc964-5319-41e7-ad22-db28156a2ac1", + "type": "search", + "namespaces": [ + "default" + ], + "updated_at": "2021-10-14T15:55:12.655Z", + "version": "Wzk0OSwxXQ==", + "attributes": { + "title": "All Logs", + "description": "", + "hits": 0, + "columns": [ + "event.provider", + "event.dataset", + "network.protocol", + "event.action", + "event.result", + "source.ip", + "destination.ip", + "destination.port", + "event.id" + ], + "sort": [ + [ + "MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER", + "desc" + ] + ], + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"filter\":[],\"query\":{\"query\":\"NOT event.provider:arkime\",\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" + } + }, + "references": [ + { + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern", + "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" + } + ], + "migrationVersion": { + "search": "7.9.3" + } + } + ] } \ No newline at end of file From b748390e0900bef1f36af3a853982043ecc60717 Mon Sep 17 00:00:00 2001 From: Seth Grover Date: Tue, 19 Mar 2024 15:02:04 -0600 Subject: [PATCH 47/79] idaholab/Malcolm#447, make sure otherBuckets is set to true for all tables --- .../024062a6-48d6-498f-a91a-3bf2da3a3cd3.json | 6 +++--- .../05e3e000-f118-11e9-acda-83a8e29e1a24.json | 2 +- .../078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b.json | 4 ++-- .../0a490422-0ce9-44bf-9a2d-19329ddde8c3.json | 4 ++-- .../0ad3d7c2-3441-485e-9dfe-dbb22e84e576.json | 6 +++--- .../0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa.json | 14 +++++++------- .../11be6381-beef-40a7-bdce-88c5398392fc.json | 2 +- .../11ddd980-e388-11e9-b568-cf17de8e860c.json | 10 +++++----- .../12e3a130-d83b-11eb-a0b0-f328ce09b0b7.json | 2 +- .../152f29dc-51a2-4f53-93e9-6e92765567b8.json | 4 ++-- .../1cc01ff0-5205-11ec-a62c-7bc80e88f3f0.json | 4 ++-- .../1fff49f6-0199-4a0f-820b-721aff9ff1f1.json | 2 +- .../2cf94cd0-ecab-40a5-95a7-8419f3a39cd9.json | 14 +++++++------- .../2d98bb8e-214c-4374-837b-20e1bcd63a5e.json | 8 ++++---- .../36ed695f-edcc-47c1-b0ec-50d20c93ce0f.json | 12 ++++++------ .../37041ee1-79c0-4684-a436-3173b0e89876.json | 16 ++++++++-------- .../42e831b9-41a9-4f35-8b7d-e1566d368773.json | 12 ++++++------ .../432af556-c5c0-4cc3-8166-b274b4e3a406.json | 16 ++++++++-------- .../4a4bde20-4760-11ea-949c-bbb5a9feecbf.json | 2 +- .../4e5f106e-c60a-4226-8f64-d534abb912ab.json | 6 +++--- .../50ced171-1b10-4c3f-8b67-2db9635661a6.json | 2 +- .../543118a9-02d7-43fe-b669-b8652177fc37.json | 12 ++++++------ .../5694ca60-cbdf-11ec-a50a-5fedd672f5c5.json | 6 +++--- .../677ee170-809e-11ed-8d5b-07069f823b6f.json | 4 ++-- .../76f2f912-80da-44cd-ab66-6a73c8344cc3.json | 10 +++++----- .../7f41913f-cba8-43f5-82a8-241b7ead03e0.json | 6 +++--- .../7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb.json | 10 +++++----- .../82da3101-2a9c-4ae2-bb61-d447a3fbe673.json | 10 +++++----- .../870a5862-6c26-4a08-99fd-0c06cda85ba3.json | 12 ++++++------ .../87a32f90-ef58-11e9-974e-9d600036d105.json | 4 ++-- .../89d1cc50-974c-11ed-bb6b-3fb06c879b11.json | 2 +- .../92985909-dc29-4533-9e80-d3182a0ecf1d.json | 4 ++-- .../95479950-41f2-11ea-88fa-7151df485405.json | 8 ++++---- .../9ee51f94-3316-4fc5-bd89-93a52af69714.json | 8 ++++---- .../abdd7550-2c7c-40dc-947e-f6d186a158c4.json | 18 +++++++++--------- .../ae79b7d1-4281-4095-b2f6-fa7eafda9970.json | 8 ++++---- .../bb827f8e-639e-468c-93c8-9f5bc132eb8f.json | 14 +++++++------- .../4ca94c70-d7da-11ee-9ed3-e7afff29e59a.json | 2 +- .../c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2.json | 4 ++-- .../ca5799a0-56b5-11eb-b749-576de068f8ad.json | 4 ++-- .../caef3ade-d289-4d05-a511-149f3e97f238.json | 8 ++++---- .../d2dd0180-06b1-11ec-8c6b-353266ade330.json | 4 ++-- .../dd87edd0-796a-11ec-9ce6-b395c1ff58f4.json | 4 ++-- .../f1f09567-fc7f-450b-a341-19d2f2bb468b.json | 12 ++++++------ .../f77bf097-18a8-465c-b634-eb2acc7a4f26.json | 12 ++++++------ .../fa477130-2b8a-11ec-a9f2-3911c8571bfd.json | 4 ++-- 46 files changed, 169 insertions(+), 169 deletions(-) diff --git a/dashboards/dashboards/024062a6-48d6-498f-a91a-3bf2da3a3cd3.json b/dashboards/dashboards/024062a6-48d6-498f-a91a-3bf2da3a3cd3.json index e705f1da5..05d1f52b6 100644 --- a/dashboards/dashboards/024062a6-48d6-498f-a91a-3bf2da3a3cd3.json +++ b/dashboards/dashboards/024062a6-48d6-498f-a91a-3bf2da3a3cd3.json @@ -194,7 +194,7 @@ "updated_at": "2021-10-12T17:34:03.402Z", "version": "WzcsMV0=", "attributes": { - "visState": "{\"title\":\"X.509 - Certificate Subject\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.x509.certificate_subject_full\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Subject\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"X.509 - Certificate Subject\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.x509.certificate_subject_full\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Subject\"}}],\"listeners\":{}}", "description": "", "title": "X.509 - Certificate Subject", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -224,7 +224,7 @@ "updated_at": "2021-10-12T17:34:03.402Z", "version": "WzgsMV0=", "attributes": { - "visState": "{\"title\":\"X.509 - Certificate Issuer\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.x509.certificate_issuer_full\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Issuer\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"X.509 - Certificate Issuer\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.x509.certificate_issuer_full\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Issuer\"}}],\"listeners\":{}}", "description": "", "title": "X.509 - Certificate Issuer", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -375,7 +375,7 @@ "version": "Wzg2MSwxXQ==", "attributes": { "title": "OCSP - Certificate Revocation", - "visState": "{\"title\":\"OCSP - Certificate Revocation\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.ocsp.certStatus\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Certificate Status\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.ocsp.revokereason\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Revocation Reason\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"OCSP - Certificate Revocation\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.ocsp.certStatus\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Certificate Status\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.ocsp.revokereason\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Revocation Reason\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/05e3e000-f118-11e9-acda-83a8e29e1a24.json b/dashboards/dashboards/05e3e000-f118-11e9-acda-83a8e29e1a24.json index 8c6b70b09..82deacaab 100644 --- a/dashboards/dashboards/05e3e000-f118-11e9-acda-83a8e29e1a24.json +++ b/dashboards/dashboards/05e3e000-f118-11e9-acda-83a8e29e1a24.json @@ -281,7 +281,7 @@ "version": "WzE1MzgsMV0=", "attributes": { "title": "LDAP - Bind", - "visState": "{\"title\":\"LDAP - Bind\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.protocol_version\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Version\"},\"schema\":\"bucket\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Method\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.ldap.object\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Object/Mechanism\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.result\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Result\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"LDAP - Bind\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.protocol_version\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Version\"},\"schema\":\"bucket\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Method\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.ldap.object\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Object/Mechanism\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.result\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Result\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":4,\"direction\":\"desc\"}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b.json b/dashboards/dashboards/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b.json index 51de061f4..5f58138a1 100644 --- a/dashboards/dashboards/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b.json +++ b/dashboards/dashboards/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b.json @@ -139,7 +139,7 @@ "updated_at": "2021-02-10T21:24:07.693Z", "version": "WzgzLDFd", "attributes": { - "visState": "{\"title\":\"FTP - Argument\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.ftp.arg\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Argument\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"FTP - Argument\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.ftp.arg\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Argument\"}}],\"listeners\":{}}", "description": "", "title": "FTP - Argument", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -230,7 +230,7 @@ "version": "Wzg2LDFd", "attributes": { "title": "FTP - Source", - "visState": "{\"title\":\"FTP - Source\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"}}]}", + "visState": "{\"title\":\"FTP - Source\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/0a490422-0ce9-44bf-9a2d-19329ddde8c3.json b/dashboards/dashboards/0a490422-0ce9-44bf-9a2d-19329ddde8c3.json index f108ed7e2..2a6bfa266 100644 --- a/dashboards/dashboards/0a490422-0ce9-44bf-9a2d-19329ddde8c3.json +++ b/dashboards/dashboards/0a490422-0ce9-44bf-9a2d-19329ddde8c3.json @@ -200,7 +200,7 @@ "version": "WzEzMjAsMV0=", "attributes": { "title": "PE - Section Name", - "visState": "{\"title\":\"PE - Section Name\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.pe.section_names\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Section Name\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"PE - Section Name\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.pe.section_names\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Section Name\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, @@ -229,7 +229,7 @@ "updated_at": "2021-11-16T20:40:06.406Z", "version": "WzIwOSwxXQ==", "attributes": { - "visState": "{\"title\":\"PE - Machine\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.pe.machine\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Machine\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"PE - Machine\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.pe.machine\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Machine\"}}],\"listeners\":{}}", "description": "", "title": "PE - Machine", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", diff --git a/dashboards/dashboards/0ad3d7c2-3441-485e-9dfe-dbb22e84e576.json b/dashboards/dashboards/0ad3d7c2-3441-485e-9dfe-dbb22e84e576.json index c26964161..1800bf8ac 100644 --- a/dashboards/dashboards/0ad3d7c2-3441-485e-9dfe-dbb22e84e576.json +++ b/dashboards/dashboards/0ad3d7c2-3441-485e-9dfe-dbb22e84e576.json @@ -170,7 +170,7 @@ "version": "WzYzLDFd", "attributes": { "title": "Log Type", - "visState": "{\"title\":\"Log Type\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.provider\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"unknown\",\"customLabel\":\"Data Source\"},\"schema\":\"bucket\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.dataset\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Log Type\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Log Type\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.provider\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"unknown\",\"customLabel\":\"Data Source\"},\"schema\":\"bucket\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.dataset\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Log Type\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -229,7 +229,7 @@ "version": "WzY1LDFd", "attributes": { "title": "DNS - Queries", - "visState": "{\"title\":\"DNS - Queries\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dns.query\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":250,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Query\"}}]}", + "visState": "{\"title\":\"DNS - Queries\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dns.query\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":250,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Query\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, @@ -288,7 +288,7 @@ "version": "WzY3LDFd", "attributes": { "title": "Application Protocol", - "visState": "{\"title\":\"Application Protocol\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":0,\"direction\":\"asc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Application Protocol\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Protocol Version\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Application Protocol\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"network.protocol_version\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Protocol Version\"}}]}", + "visState": "{\"title\":\"Application Protocol\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":0,\"direction\":\"asc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Application Protocol\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Protocol Version\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Application Protocol\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"network.protocol_version\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Protocol Version\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa.json b/dashboards/dashboards/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa.json index f633eb1a8..6ba74a3f1 100644 --- a/dashboards/dashboards/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa.json +++ b/dashboards/dashboards/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa.json @@ -159,7 +159,7 @@ "updated_at": "2021-02-10T21:24:11.908Z", "version": "WzE0OCwxXQ==", "attributes": { - "visState": "{\"title\":\"SIP - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"SIP - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", "description": "", "title": "SIP - Source IP Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -189,7 +189,7 @@ "updated_at": "2021-02-10T21:24:11.908Z", "version": "WzE0OSwxXQ==", "attributes": { - "visState": "{\"title\":\"SIP - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"SIP - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", "description": "", "title": "SIP - Destination IP Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -249,7 +249,7 @@ "updated_at": "2021-02-10T21:24:11.908Z", "version": "WzE1MSwxXQ==", "attributes": { - "visState": "{\"title\":\"SIP - Request Path\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.sip.request_path\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Request Path\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"SIP - Request Path\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.sip.request_path\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Request Path\"}}],\"listeners\":{}}", "description": "", "title": "SIP - Request Path", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -279,7 +279,7 @@ "updated_at": "2021-02-10T21:24:11.908Z", "version": "WzE1MiwxXQ==", "attributes": { - "visState": "{\"title\":\"SIP - URI\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.sip.uri\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"URI\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"SIP - URI\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.sip.uri\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"URI\"}}],\"listeners\":{}}", "description": "", "title": "SIP - URI", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -309,7 +309,7 @@ "updated_at": "2021-02-10T21:24:11.908Z", "version": "WzE1MywxXQ==", "attributes": { - "visState": "{\"title\":\"SIP - User Agent\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"user_agent.original\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"User Agent\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"SIP - User Agent\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"user_agent.original\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"User Agent\"}}],\"listeners\":{}}", "description": "", "title": "SIP - User Agent", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -399,7 +399,7 @@ "updated_at": "2021-02-10T21:24:11.908Z", "version": "WzE1NiwxXQ==", "attributes": { - "visState": "{\"title\":\"SIP - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"SIP - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}", "description": "", "title": "SIP - Destination Port", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -460,7 +460,7 @@ "version": "WzE1OCwxXQ==", "attributes": { "title": "SIP - Status", - "visState": "{\"title\":\"SIP - Status\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.sip.status_code\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Code\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.sip.status_msg\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Message\"}}]}", + "visState": "{\"title\":\"SIP - Status\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.sip.status_code\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Code\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.sip.status_msg\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Message\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/11be6381-beef-40a7-bdce-88c5398392fc.json b/dashboards/dashboards/11be6381-beef-40a7-bdce-88c5398392fc.json index ebc8fcfb9..082509f0b 100644 --- a/dashboards/dashboards/11be6381-beef-40a7-bdce-88c5398392fc.json +++ b/dashboards/dashboards/11be6381-beef-40a7-bdce-88c5398392fc.json @@ -194,7 +194,7 @@ "updated_at": "2021-02-10T21:24:12.938Z", "version": "WzE3NSwxXQ==", "attributes": { - "visState": "{\"title\":\"Tunnels - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"Tunnels - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", "description": "", "title": "Tunnels - Source IP Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", diff --git a/dashboards/dashboards/11ddd980-e388-11e9-b568-cf17de8e860c.json b/dashboards/dashboards/11ddd980-e388-11e9-b568-cf17de8e860c.json index 4660534a5..c251e3f0a 100644 --- a/dashboards/dashboards/11ddd980-e388-11e9-b568-cf17de8e860c.json +++ b/dashboards/dashboards/11ddd980-e388-11e9-b568-cf17de8e860c.json @@ -212,7 +212,7 @@ "version": "WzE5NiwxXQ==", "attributes": { "title": "QUIC - Source IP Address", - "visState": "{\"title\":\"QUIC - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"size\":500,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"}}]}", + "visState": "{\"title\":\"QUIC - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"size\":500,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, @@ -242,7 +242,7 @@ "version": "WzE5NywxXQ==", "attributes": { "title": "QUIC - Destination IP Address", - "visState": "{\"title\":\"QUIC - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"size\":500,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"}}]}", + "visState": "{\"title\":\"QUIC - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"size\":500,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, @@ -272,7 +272,7 @@ "version": "WzE5OCwxXQ==", "attributes": { "title": "QUIC - User Agent", - "visState": "{\"title\":\"QUIC - User Agent\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"user_agent.original\",\"size\":500,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"User Agent\"}}]}", + "visState": "{\"title\":\"QUIC - User Agent\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"user_agent.original\",\"size\":500,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"User Agent\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, @@ -302,7 +302,7 @@ "version": "WzE5OSwxXQ==", "attributes": { "title": "QUIC - Server Name", - "visState": "{\"title\":\"QUIC - Server Name\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"quic.host\",\"size\":500,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server Name\"}}]}", + "visState": "{\"title\":\"QUIC - Server Name\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"quic.host\",\"size\":500,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server Name\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, @@ -332,7 +332,7 @@ "version": "WzIwMCwxXQ==", "attributes": { "title": "QUIC - CYU Fingerprint", - "visState": "{\"title\":\"QUIC - CYU Fingerprint\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.gquic.cyutags\",\"size\":500,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"CYU Fingerprint Tags\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.gquic.cyu\",\"size\":500,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"CYU Fingerprint MD5\"}}]}", + "visState": "{\"title\":\"QUIC - CYU Fingerprint\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.gquic.cyutags\",\"size\":500,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"CYU Fingerprint Tags\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.gquic.cyu\",\"size\":500,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"CYU Fingerprint MD5\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/12e3a130-d83b-11eb-a0b0-f328ce09b0b7.json b/dashboards/dashboards/12e3a130-d83b-11eb-a0b0-f328ce09b0b7.json index 4f1d9e09e..3cf49b5fd 100644 --- a/dashboards/dashboards/12e3a130-d83b-11eb-a0b0-f328ce09b0b7.json +++ b/dashboards/dashboards/12e3a130-d83b-11eb-a0b0-f328ce09b0b7.json @@ -218,7 +218,7 @@ "version": "WzgzNywxXQ==", "attributes": { "title": "Best Guess - Summary", - "visState": "{\"title\":\"Best Guess - Summary\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.transport\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Transport\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.bestguess.category\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Category\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.bestguess.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":500,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Details\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Best Guess - Summary\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.transport\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Transport\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.bestguess.category\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Category\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.bestguess.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":500,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Details\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/152f29dc-51a2-4f53-93e9-6e92765567b8.json b/dashboards/dashboards/152f29dc-51a2-4f53-93e9-6e92765567b8.json index 3fe16806b..874a65cd2 100644 --- a/dashboards/dashboards/152f29dc-51a2-4f53-93e9-6e92765567b8.json +++ b/dashboards/dashboards/152f29dc-51a2-4f53-93e9-6e92765567b8.json @@ -433,7 +433,7 @@ "version": "Wzk1NCwxXQ==", "attributes": { "title": "Modbus - Reads", - "visState": "{\"title\":\"Modbus - Reads\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Function\"},\"schema\":\"bucket\"},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.modbus.unit_id\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"-\",\"customLabel\":\"Unit ID\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.modbus_detailed.values\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":false,\"otherBucketLabel\":\"-\",\"missingBucket\":false,\"missingBucketLabel\":\"-\",\"customLabel\":\"Values\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":15,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":5,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Values\",\"aggType\":\"terms\"}]}}}", + "visState": "{\"title\":\"Modbus - Reads\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Function\"},\"schema\":\"bucket\"},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.modbus.unit_id\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"-\",\"customLabel\":\"Unit ID\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.modbus_detailed.values\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"-\",\"missingBucket\":false,\"missingBucketLabel\":\"-\",\"customLabel\":\"Values\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":15,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":5,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Values\",\"aggType\":\"terms\"}]}}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "Modbus read holding registers, input registers, discrete inputs, and coils overview from modbus_detailed.log", "version": 1, @@ -463,7 +463,7 @@ "version": "Wzk1NSwxXQ==", "attributes": { "title": "Modbus - Writes", - "visState": "{\"title\":\"Modbus - Writes\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Function\"},\"schema\":\"bucket\"},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.modbus.unit_id\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"-\",\"customLabel\":\"Unit ID\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.modbus_detailed.address\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":false,\"otherBucketLabel\":\"-\",\"missingBucket\":false,\"missingBucketLabel\":\"-\",\"customLabel\":\"Address\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.modbus_detailed.values\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":false,\"otherBucketLabel\":\"-\",\"missingBucket\":false,\"missingBucketLabel\":\"-\",\"customLabel\":\"Values\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":15,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":3,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Values\",\"aggType\":\"terms\"}]}}}", + "visState": "{\"title\":\"Modbus - Writes\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Function\"},\"schema\":\"bucket\"},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.modbus.unit_id\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"-\",\"customLabel\":\"Unit ID\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.modbus_detailed.address\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"-\",\"missingBucket\":false,\"missingBucketLabel\":\"-\",\"customLabel\":\"Address\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.modbus_detailed.values\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"-\",\"missingBucket\":false,\"missingBucketLabel\":\"-\",\"customLabel\":\"Values\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":15,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":3,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Values\",\"aggType\":\"terms\"}]}}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "Modbus write register and write coil overview from modbus_detailed.log", "version": 1, diff --git a/dashboards/dashboards/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0.json b/dashboards/dashboards/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0.json index bcd964578..bd16f7b34 100644 --- a/dashboards/dashboards/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0.json +++ b/dashboards/dashboards/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0.json @@ -295,7 +295,7 @@ "version": "WzEzMDIsMV0=", "attributes": { "title": "OSPF - Source IP", - "visState": "{\"title\":\"OSPF - Source IP\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"OSPF - Source IP\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, @@ -355,7 +355,7 @@ "version": "WzEzODcsMV0=", "attributes": { "title": "OSPF - All IP Addresses", - "visState": "{\"title\":\"OSPF - All IP Addresses\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"related.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"OSPF - All IP Addresses\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"related.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/1fff49f6-0199-4a0f-820b-721aff9ff1f1.json b/dashboards/dashboards/1fff49f6-0199-4a0f-820b-721aff9ff1f1.json index 24042da8f..61ff91f69 100644 --- a/dashboards/dashboards/1fff49f6-0199-4a0f-820b-721aff9ff1f1.json +++ b/dashboards/dashboards/1fff49f6-0199-4a0f-820b-721aff9ff1f1.json @@ -215,7 +215,7 @@ "version": "WzE2NywxXQ==", "attributes": { "title": "Weird - Name", - "visState": "{\"title\":\"Weird - Name\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.name\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Name\"}}]}", + "visState": "{\"title\":\"Weird - Name\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.name\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Name\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9.json b/dashboards/dashboards/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9.json index a6934fea2..67c62af0b 100644 --- a/dashboards/dashboards/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9.json +++ b/dashboards/dashboards/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9.json @@ -130,7 +130,7 @@ "version": "WzM1MSwxXQ==", "attributes": { "title": "DNS - Server", - "visState": "{\"title\":\"DNS - Server\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"type\":\"table\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Server\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"DNS - Server\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"type\":\"table\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Server\"}}],\"listeners\":{}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, @@ -159,7 +159,7 @@ "updated_at": "2021-05-11T12:24:17.423Z", "version": "WzM1MiwxXQ==", "attributes": { - "visState": "{\"title\":\"DNS - Client\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Client\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"DNS - Client\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Client\"}}],\"listeners\":{}}", "description": "", "title": "DNS - Client", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -219,7 +219,7 @@ "updated_at": "2021-05-11T12:24:17.423Z", "version": "WzM1NCwxXQ==", "attributes": { - "visState": "{\"title\":\"DNS - Query/Answer\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dns.query\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Query\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dns.answers\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Answer\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"DNS - Query/Answer\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dns.query\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Query\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dns.answers\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Answer\"}}],\"listeners\":{}}", "description": "", "title": "DNS - Query/Answer", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -340,7 +340,7 @@ "version": "WzM1OCwxXQ==", "attributes": { "title": "DNS - Answers", - "visState": "{\"title\":\"DNS - Answers\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dns.answers\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Answer\"}}]}", + "visState": "{\"title\":\"DNS - Answers\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dns.answers\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Answer\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, @@ -370,7 +370,7 @@ "version": "WzM1OSwxXQ==", "attributes": { "title": "DNS - Response Code (Name)", - "visState": "{\"title\":\"DNS - Response Code (Name)\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dns.rcode_name\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Response Code (Name)\"}}]}", + "visState": "{\"title\":\"DNS - Response Code (Name)\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dns.rcode_name\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Response Code (Name)\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, @@ -400,7 +400,7 @@ "version": "WzM2MCwxXQ==", "attributes": { "title": "DNS - Query Type", - "visState": "{\"title\":\"DNS - Query Type\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dns.qtype_name\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Query Type\"}}]}", + "visState": "{\"title\":\"DNS - Query Type\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dns.qtype_name\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Query Type\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, @@ -460,7 +460,7 @@ "version": "WzYzMSwxXQ==", "attributes": { "title": "DNS Queries by Randomness", - "visState": "{\"title\":\"DNS Queries by Randomness\",\"type\":\"table\",\"params\":{\"dimensions\":{\"buckets\":[{\"accessor\":0,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\"}},\"params\":{}},{\"accessor\":1,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\"}},\"params\":{}}],\"metrics\":[{\"accessor\":2,\"aggType\":\"count\",\"format\":{\"id\":\"number\"},\"params\":{}}]},\"perPage\":10,\"percentageCol\":\"\",\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":1,\"direction\":\"asc\"},\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dns.host\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":500,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"DNS Query\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.freq_score_v1\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Randomness Score (method 1)\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.freq_score_v2\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Randomness Score (method 2)\"}}]}", + "visState": "{\"title\":\"DNS Queries by Randomness\",\"type\":\"table\",\"params\":{\"dimensions\":{\"buckets\":[{\"accessor\":0,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\"}},\"params\":{}},{\"accessor\":1,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\"}},\"params\":{}}],\"metrics\":[{\"accessor\":2,\"aggType\":\"count\",\"format\":{\"id\":\"number\"},\"params\":{}}]},\"perPage\":10,\"percentageCol\":\"\",\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":1,\"direction\":\"asc\"},\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dns.host\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":500,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"DNS Query\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.freq_score_v1\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Randomness Score (method 1)\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.freq_score_v2\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Randomness Score (method 2)\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"asc\"}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/2d98bb8e-214c-4374-837b-20e1bcd63a5e.json b/dashboards/dashboards/2d98bb8e-214c-4374-837b-20e1bcd63a5e.json index 340240a7e..9f42c444d 100644 --- a/dashboards/dashboards/2d98bb8e-214c-4374-837b-20e1bcd63a5e.json +++ b/dashboards/dashboards/2d98bb8e-214c-4374-837b-20e1bcd63a5e.json @@ -139,7 +139,7 @@ "updated_at": "2021-02-10T21:24:21.144Z", "version": "WzMzMSwxXQ==", "attributes": { - "visState": "{\"title\":\"DHCP - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"DHCP - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", "description": "", "title": "DHCP - Destination IP Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -169,7 +169,7 @@ "updated_at": "2021-02-10T21:24:21.144Z", "version": "WzMzMiwxXQ==", "attributes": { - "visState": "{\"title\":\"DHCP - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"DHCP - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", "description": "", "title": "DHCP - Source IP Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -199,7 +199,7 @@ "updated_at": "2021-02-10T21:24:21.144Z", "version": "WzMzMywxXQ==", "attributes": { - "visState": "{\"title\":\"DHCP - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"DHCP - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}", "description": "", "title": "DHCP - Destination Port", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -260,7 +260,7 @@ "version": "WzMzNSwxXQ==", "attributes": { "title": "DHCP - IP to MAC Assignment", - "visState": "{\"title\":\"DHCP - IP to MAC Assignment\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dhcp.assigned_ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Assigned IP Address\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dhcp.mac\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"MAC Address\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source IP Address\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination IP Address\"}}]}", + "visState": "{\"title\":\"DHCP - IP to MAC Assignment\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dhcp.assigned_ip\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Assigned IP Address\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dhcp.mac\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"MAC Address\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source IP Address\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination IP Address\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/36ed695f-edcc-47c1-b0ec-50d20c93ce0f.json b/dashboards/dashboards/36ed695f-edcc-47c1-b0ec-50d20c93ce0f.json index bb252e3eb..13b692273 100644 --- a/dashboards/dashboards/36ed695f-edcc-47c1-b0ec-50d20c93ce0f.json +++ b/dashboards/dashboards/36ed695f-edcc-47c1-b0ec-50d20c93ce0f.json @@ -179,7 +179,7 @@ "updated_at": "2022-01-12T18:22:26.156Z", "version": "WzIzOSwxXQ==", "attributes": { - "visState": "{\"title\":\"Intel - Source\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.intel.sources\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"Intel - Source\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.intel.sources\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source\"}}],\"listeners\":{}}", "description": "", "title": "Intel - Source", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -209,7 +209,7 @@ "updated_at": "2022-01-12T18:22:26.156Z", "version": "WzI0MCwxXQ==", "attributes": { - "visState": "{\"title\":\"Intel - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"Intel - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", "description": "", "title": "Intel - Source IP Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -240,7 +240,7 @@ "version": "WzI0MSwxXQ==", "attributes": { "title": "Intel - Destination IP Address", - "visState": "{\"title\":\"Intel - Destination IP Address\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Port\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Intel - Destination IP Address\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Port\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -270,7 +270,7 @@ "version": "WzI0MiwxXQ==", "attributes": { "title": "Intel - Indicator", - "visState": "{\"title\":\"Intel - Indicator\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.intel.seen_indicator_type\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Type\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.intel.seen_where\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Seen Where\"},\"schema\":\"bucket\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.intel.seen_indicator\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Indicator\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Intel - Indicator\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.intel.seen_indicator_type\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Type\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.intel.seen_where\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Seen Where\"},\"schema\":\"bucket\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.intel.seen_indicator\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Indicator\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -299,7 +299,7 @@ "updated_at": "2022-01-12T18:22:26.156Z", "version": "WzI0MywxXQ==", "attributes": { - "visState": "{\"title\":\"Intel - MIME Type\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.intel.file_mime_type\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"MIME Type\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"Intel - MIME Type\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.intel.file_mime_type\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"MIME Type\"}}],\"listeners\":{}}", "description": "", "title": "Intel - MIME Type", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -329,7 +329,7 @@ "updated_at": "2022-01-12T18:22:26.156Z", "version": "WzI0NCwxXQ==", "attributes": { - "visState": "{\"title\":\"Intel - Matched\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.intel.matched\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Type Matched\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"Intel - Matched\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.intel.matched\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Type Matched\"}}],\"listeners\":{}}", "description": "", "title": "Intel - Matched", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", diff --git a/dashboards/dashboards/37041ee1-79c0-4684-a436-3173b0e89876.json b/dashboards/dashboards/37041ee1-79c0-4684-a436-3173b0e89876.json index 6f899ce01..7bcce0a43 100644 --- a/dashboards/dashboards/37041ee1-79c0-4684-a436-3173b0e89876.json +++ b/dashboards/dashboards/37041ee1-79c0-4684-a436-3173b0e89876.json @@ -179,7 +179,7 @@ "updated_at": "2023-11-14T19:18:33.654Z", "version": "WzI3OCwxXQ==", "attributes": { - "visState": "{\"title\":\"HTTP - Sites\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.http.host\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Site\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"HTTP - Sites\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.http.host\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Site\"}}],\"listeners\":{}}", "description": "", "title": "HTTP - Sites", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -210,7 +210,7 @@ "version": "WzI3OSwxXQ==", "attributes": { "title": "HTTP - Sites Hosting EXEs", - "visState": "{\"title\":\"HTTP - Sites Hosting EXEs\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.http.host\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Site\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"HTTP - Sites Hosting EXEs\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.http.host\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Site\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, @@ -238,7 +238,7 @@ "updated_at": "2023-11-14T19:18:33.654Z", "version": "WzI4MCwxXQ==", "attributes": { - "visState": "{\"title\":\"HTTP - URIs\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.http.uri\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"URI\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"HTTP - URIs\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.http.uri\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"URI\"}}],\"listeners\":{}}", "description": "", "title": "HTTP - URIs", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -268,7 +268,7 @@ "updated_at": "2023-11-14T19:18:33.654Z", "version": "WzI4MSwxXQ==", "attributes": { - "visState": "{\"title\":\"HTTP - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"HTTP - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", "description": "", "title": "HTTP - Source IP Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -298,7 +298,7 @@ "updated_at": "2023-11-14T19:18:33.654Z", "version": "WzI4MiwxXQ==", "attributes": { - "visState": "{\"title\":\"HTTP - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"HTTP - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", "description": "", "title": "HTTP - Destination IP Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -328,7 +328,7 @@ "updated_at": "2023-11-14T19:18:33.654Z", "version": "WzI4MywxXQ==", "attributes": { - "visState": "{\"title\":\"HTTP - User Agent\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"user_agent.original\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"User Agent\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"HTTP - User Agent\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"user_agent.original\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"User Agent\"}}],\"listeners\":{}}", "description": "", "title": "HTTP - User Agent", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -358,7 +358,7 @@ "updated_at": "2023-11-14T19:18:33.654Z", "version": "WzI4NCwxXQ==", "attributes": { - "visState": "{\"title\":\"HTTP - Referrer\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.http.referrer\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"HTTP - Referrer\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.http.referrer\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}", "description": "", "title": "HTTP - Referrer", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -479,7 +479,7 @@ "version": "WzI4OCwxXQ==", "attributes": { "title": "HTTP - Status and Method", - "visState": "{\"title\":\"HTTP - Status and Method\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.http.status_msg\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Status Message\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.http.method\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Method\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":20,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"HTTP - Status and Method\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.http.status_msg\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Status Message\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.http.method\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Method\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":20,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/42e831b9-41a9-4f35-8b7d-e1566d368773.json b/dashboards/dashboards/42e831b9-41a9-4f35-8b7d-e1566d368773.json index 0f8d69764..256ee1395 100644 --- a/dashboards/dashboards/42e831b9-41a9-4f35-8b7d-e1566d368773.json +++ b/dashboards/dashboards/42e831b9-41a9-4f35-8b7d-e1566d368773.json @@ -154,7 +154,7 @@ "updated_at": "2021-11-12T19:32:24.674Z", "version": "WzQ0MywxXQ==", "attributes": { - "visState": "{\"title\":\"SMB - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"SMB - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", "description": "", "title": "SMB - Source IP Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -184,7 +184,7 @@ "updated_at": "2021-11-12T19:32:24.674Z", "version": "WzQ0NCwxXQ==", "attributes": { - "visState": "{\"title\":\"SMB - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"SMB - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", "description": "", "title": "SMB - Destination IP Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -244,7 +244,7 @@ "updated_at": "2021-11-12T19:32:24.674Z", "version": "WzQ0NiwxXQ==", "attributes": { - "visState": "{\"title\":\"SMB - File Path\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.smb_files.path\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"File Path\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"SMB - File Path\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.smb_files.path\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"File Path\"}}],\"listeners\":{}}", "description": "", "title": "SMB - FIle Path", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -274,7 +274,7 @@ "updated_at": "2021-11-12T19:32:24.674Z", "version": "WzQ0NywxXQ==", "attributes": { - "visState": "{\"title\":\"SMB - File Name\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.smb_files.name\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"File Name\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"SMB - File Name\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.smb_files.name\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"File Name\"}}],\"listeners\":{}}", "description": "", "title": "SMB - File Name", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -304,7 +304,7 @@ "updated_at": "2021-11-12T19:32:24.674Z", "version": "WzQ0OCwxXQ==", "attributes": { - "visState": "{\"title\":\"SMB - File/Path Summary\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showMeticsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.smb_files.path\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"File Path\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.smb_files.name\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"_term\",\"customLabel\":\"File Name\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.action\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Action\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source IP Address\"}},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination IP Address\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"SMB - File/Path Summary\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showMeticsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.smb_files.path\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"File Path\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.smb_files.name\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"_term\",\"customLabel\":\"File Name\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.action\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Action\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source IP Address\"}},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination IP Address\"}}],\"listeners\":{}}", "description": "", "title": "SMB - File/Path Summary", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":5,\"direction\":\"desc\"}}}}", @@ -365,7 +365,7 @@ "version": "WzQ1MCwxXQ==", "attributes": { "title": "SMB - Destination Port", - "visState": "{\"title\":\"SMB - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":5,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Port\"}}]}", + "visState": "{\"title\":\"SMB - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":5,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Port\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/432af556-c5c0-4cc3-8166-b274b4e3a406.json b/dashboards/dashboards/432af556-c5c0-4cc3-8166-b274b4e3a406.json index 71e7efefe..edadcaa8b 100644 --- a/dashboards/dashboards/432af556-c5c0-4cc3-8166-b274b4e3a406.json +++ b/dashboards/dashboards/432af556-c5c0-4cc3-8166-b274b4e3a406.json @@ -149,7 +149,7 @@ "updated_at": "2021-02-10T21:24:27.443Z", "version": "WzQzOCwxXQ==", "attributes": { - "visState": "{\"title\":\"DCE/RPC - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"DCE/RPC - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", "description": "", "title": "DCE/RPC - Source IP Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -179,7 +179,7 @@ "updated_at": "2021-02-10T21:24:27.443Z", "version": "WzQzOSwxXQ==", "attributes": { - "visState": "{\"title\":\"DCE/RPC - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"DCE/RPC - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", "description": "", "title": "DCE/RPC - Destination IP Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -209,7 +209,7 @@ "updated_at": "2021-02-10T21:24:27.443Z", "version": "WzQ0MCwxXQ==", "attributes": { - "visState": "{\"title\":\"DCE/RPC - Endpoint\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dce_rpc.endpoint\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Endpoint\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"DCE/RPC - Endpoint\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dce_rpc.endpoint\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Endpoint\"}}],\"listeners\":{}}", "description": "", "title": "DCE/RPC - Endpoint", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -239,7 +239,7 @@ "updated_at": "2021-02-10T21:24:27.443Z", "version": "WzQ0MSwxXQ==", "attributes": { - "visState": "{\"title\":\"DCE/RPC - Named Pipe\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dce_rpc.named_pipe\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Named Pipe\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"DCE/RPC - Named Pipe\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dce_rpc.named_pipe\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Named Pipe\"}}],\"listeners\":{}}", "description": "", "title": "DCE/RPC - Named Pipe", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -269,7 +269,7 @@ "updated_at": "2021-02-10T21:24:27.443Z", "version": "WzQ0MiwxXQ==", "attributes": { - "visState": "{\"title\":\"DCE/RPC - Operation\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dce_rpc.operation\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Operation\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"DCE/RPC - Operation\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dce_rpc.operation\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Operation\"}}],\"listeners\":{}}", "description": "", "title": "DCE/RPC - Operation", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -300,7 +300,7 @@ "version": "WzQ0MywxXQ==", "attributes": { "title": "DCE/RPC - Round Trip Time", - "visState": "{\"title\":\"DCE/RPC - Round Trip Time\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dce_rpc.rtt\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"_term\",\"customLabel\":\"Round Trip Time\"}}]}", + "visState": "{\"title\":\"DCE/RPC - Round Trip Time\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dce_rpc.rtt\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"_term\",\"customLabel\":\"Round Trip Time\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, @@ -360,7 +360,7 @@ "version": "WzQ0NSwxXQ==", "attributes": { "title": "DCE/RPC - Destination Port", - "visState": "{\"title\":\"DCE/RPC - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination Port\"}}]}", + "visState": "{\"title\":\"DCE/RPC - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination Port\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, @@ -390,7 +390,7 @@ "version": "WzQ0NiwxXQ==", "attributes": { "title": "DCE/RPC - Summary", - "visState": "{\"title\":\"DCE/RPC - Summary\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dce_rpc.endpoint\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Endpoint\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dce_rpc.operation\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Operation\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dce_rpc.named_pipe\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Named Pipe\"}}]}", + "visState": "{\"title\":\"DCE/RPC - Summary\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dce_rpc.endpoint\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Endpoint\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dce_rpc.operation\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Operation\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dce_rpc.named_pipe\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Named Pipe\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/4a4bde20-4760-11ea-949c-bbb5a9feecbf.json b/dashboards/dashboards/4a4bde20-4760-11ea-949c-bbb5a9feecbf.json index 65b3d609d..01a8ca434 100644 --- a/dashboards/dashboards/4a4bde20-4760-11ea-949c-bbb5a9feecbf.json +++ b/dashboards/dashboards/4a4bde20-4760-11ea-949c-bbb5a9feecbf.json @@ -294,7 +294,7 @@ "version": "WzQ1NiwxXQ==", "attributes": { "title": "ICS/IoT Actions and Results", - "visState": "{\"title\":\"ICS/IoT Actions and Results\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Protocol\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Action\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Protocol\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"-\",\"customLabel\":\"Action\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.result\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Result\"}}]}", + "visState": "{\"title\":\"ICS/IoT Actions and Results\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Protocol\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Action\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Protocol\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"-\",\"customLabel\":\"Action\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.result\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Result\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/4e5f106e-c60a-4226-8f64-d534abb912ab.json b/dashboards/dashboards/4e5f106e-c60a-4226-8f64-d534abb912ab.json index 0dd1a359e..b83017c24 100644 --- a/dashboards/dashboards/4e5f106e-c60a-4226-8f64-d534abb912ab.json +++ b/dashboards/dashboards/4e5f106e-c60a-4226-8f64-d534abb912ab.json @@ -139,7 +139,7 @@ "updated_at": "2023-11-14T19:18:39.742Z", "version": "WzM1NSwxXQ==", "attributes": { - "visState": "{\"title\":\"SNMP - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"SNMP - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", "description": "", "title": "SNMP - Source IP Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -199,7 +199,7 @@ "updated_at": "2023-11-14T19:18:39.742Z", "version": "WzM1NywxXQ==", "attributes": { - "visState": "{\"title\":\"SNMP - Session Duration\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.snmp.duration\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Duration\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"SNMP - Session Duration\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.snmp.duration\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Duration\"}}],\"listeners\":{}}", "description": "", "title": "SNMP - Session Duration", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -260,7 +260,7 @@ "version": "WzM1OSwxXQ==", "attributes": { "title": "SNMP - Community String", - "visState": "{\"title\":\"SNMP - Community String\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.snmp.community\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Community String\"}}]}", + "visState": "{\"title\":\"SNMP - Community String\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.snmp.community\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Community String\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/50ced171-1b10-4c3f-8b67-2db9635661a6.json b/dashboards/dashboards/50ced171-1b10-4c3f-8b67-2db9635661a6.json index 7c9590cfa..f14731856 100644 --- a/dashboards/dashboards/50ced171-1b10-4c3f-8b67-2db9635661a6.json +++ b/dashboards/dashboards/50ced171-1b10-4c3f-8b67-2db9635661a6.json @@ -180,7 +180,7 @@ "version": "WzQ3NywxXQ==", "attributes": { "title": "MySQL - Commands", - "visState": "{\"title\":\"MySQL - Commands\",\"type\":\"table\",\"params\":{\"perPage\":20,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":4,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Command\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Argument\",\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Response\",\"aggType\":\"terms\"},{\"accessor\":3,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Success\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.mysql.cmd\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Command\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.mysql.arg\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Argument\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.mysql.response\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Response\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.mysql.success\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Success\"}}]}", + "visState": "{\"title\":\"MySQL - Commands\",\"type\":\"table\",\"params\":{\"perPage\":20,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":4,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Command\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Argument\",\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Response\",\"aggType\":\"terms\"},{\"accessor\":3,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Success\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.mysql.cmd\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Command\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.mysql.arg\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Argument\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.mysql.response\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Response\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.mysql.success\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Success\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":4,\"direction\":\"desc\"}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/543118a9-02d7-43fe-b669-b8652177fc37.json b/dashboards/dashboards/543118a9-02d7-43fe-b669-b8652177fc37.json index c1a32a920..8665f1ee9 100644 --- a/dashboards/dashboards/543118a9-02d7-43fe-b669-b8652177fc37.json +++ b/dashboards/dashboards/543118a9-02d7-43fe-b669-b8652177fc37.json @@ -150,7 +150,7 @@ "version": "WzQ4MiwxXQ==", "attributes": { "title": "NTLM - Hostname", - "visState": "{\"title\":\"NTLM - Hostname\",\"type\":\"table\",\"params\":{\"perPage\":15,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Hostname\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.ntlm.host\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Hostname\"}}]}", + "visState": "{\"title\":\"NTLM - Hostname\",\"type\":\"table\",\"params\":{\"perPage\":15,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Hostname\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.ntlm.host\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Hostname\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, @@ -179,7 +179,7 @@ "updated_at": "2021-02-10T21:24:31.603Z", "version": "WzQ4MywxXQ==", "attributes": { - "visState": "{\"title\":\"NTLM - Domain Name\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.ntlm.domain\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Domain\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"NTLM - Domain Name\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.ntlm.domain\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Domain\"}}],\"listeners\":{}}", "description": "", "title": "NTLM - Domain Name", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -239,7 +239,7 @@ "updated_at": "2021-02-10T21:24:31.603Z", "version": "WzQ4NSwxXQ==", "attributes": { - "visState": "{\"title\":\"NTLM - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"NTLM - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", "description": "", "title": "NTLM - Destination IP Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -269,7 +269,7 @@ "updated_at": "2021-02-10T21:24:31.603Z", "version": "WzQ4NiwxXQ==", "attributes": { - "visState": "{\"title\":\"NTLM - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"NTLM - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", "description": "", "title": "NTLM - Source IP Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -299,7 +299,7 @@ "updated_at": "2021-02-10T21:24:31.603Z", "version": "WzQ4NywxXQ==", "attributes": { - "visState": "{\"title\":\"NTLM - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"NTLM - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}", "description": "", "title": "NTLM - Destination Port", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -360,7 +360,7 @@ "version": "WzQ4OSwxXQ==", "attributes": { "title": "NTLM - Hostname to Username", - "visState": "{\"title\":\"NTLM - Hostname to Username\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.ntlm.host\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Hostname\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"related.user\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Username\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.ntlm.domain\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Domain\"}}]}", + "visState": "{\"title\":\"NTLM - Hostname to Username\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.ntlm.host\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Hostname\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"related.user\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Username\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.ntlm.domain\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Domain\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/5694ca60-cbdf-11ec-a50a-5fedd672f5c5.json b/dashboards/dashboards/5694ca60-cbdf-11ec-a50a-5fedd672f5c5.json index 292dc28f2..58d04d697 100644 --- a/dashboards/dashboards/5694ca60-cbdf-11ec-a50a-5fedd672f5c5.json +++ b/dashboards/dashboards/5694ca60-cbdf-11ec-a50a-5fedd672f5c5.json @@ -270,7 +270,7 @@ "version": "WzM5NCwxXQ==", "attributes": { "title": "Alerts - Name", - "visState": "{\"title\":\"Alerts - Name\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"rule.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Name\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Alerts - Name\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"rule.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Name\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -360,7 +360,7 @@ "version": "WzM5NywxXQ==", "attributes": { "title": "Alerts - Destination Country", - "visState": "{\"title\":\"Alerts - Destination Country\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.geo.country_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Country\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Alerts - Destination Country\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.geo.country_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Country\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -390,7 +390,7 @@ "version": "WzM5OCwxXQ==", "attributes": { "title": "Alerts - Source Country", - "visState": "{\"title\":\"Alerts - Source Country\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.geo.country_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source Country\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Alerts - Source Country\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.geo.country_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source Country\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/677ee170-809e-11ed-8d5b-07069f823b6f.json b/dashboards/dashboards/677ee170-809e-11ed-8d5b-07069f823b6f.json index 74a772b37..edf5d0f59 100644 --- a/dashboards/dashboards/677ee170-809e-11ed-8d5b-07069f823b6f.json +++ b/dashboards/dashboards/677ee170-809e-11ed-8d5b-07069f823b6f.json @@ -170,7 +170,7 @@ "version": "WzQxOCwxXQ==", "attributes": { "title": "Traffic by Network Segment", - "visState": "{\"title\":\"Traffic by Network Segment\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Log Count\"},\"schema\":\"metric\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"related.site\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Site\"},\"schema\":\"bucket\"},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.direction\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"unknown\",\"customLabel\":\"Direction\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.segment.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Source Segment\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.segment.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Destination Segment\"},\"schema\":\"bucket\"},{\"id\":\"7\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Total Packets\"},\"schema\":\"metric\"},{\"id\":\"8\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Total Bytes\"},\"schema\":\"metric\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Traffic by Network Segment\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Log Count\"},\"schema\":\"metric\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"related.site\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Site\"},\"schema\":\"bucket\"},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.direction\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"unknown\",\"customLabel\":\"Direction\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.segment.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Source Segment\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.segment.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Destination Segment\"},\"schema\":\"bucket\"},{\"id\":\"7\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Total Packets\"},\"schema\":\"metric\"},{\"id\":\"8\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Total Bytes\"},\"schema\":\"metric\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":6,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -320,7 +320,7 @@ "version": "WzQyMywxXQ==", "attributes": { "title": "Notice, Alert and Signature by Network Segment", - "visState": "{\"title\":\"Notice, Alert and Signature by Network Segment\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.provider\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Provider\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.dataset\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Dataset\"},\"schema\":\"bucket\"},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"related.site\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Site\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Network Segment\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"rule.category\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Category\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Notice, Alert and Signature by Network Segment\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.provider\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Provider\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.dataset\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Dataset\"},\"schema\":\"bucket\"},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"related.site\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Site\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Network Segment\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"rule.category\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Category\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":5,\"direction\":\"desc\"}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/76f2f912-80da-44cd-ab66-6a73c8344cc3.json b/dashboards/dashboards/76f2f912-80da-44cd-ab66-6a73c8344cc3.json index 49b1454f3..e7e158f77 100644 --- a/dashboards/dashboards/76f2f912-80da-44cd-ab66-6a73c8344cc3.json +++ b/dashboards/dashboards/76f2f912-80da-44cd-ab66-6a73c8344cc3.json @@ -134,7 +134,7 @@ "updated_at": "2021-02-10T21:24:36.060Z", "version": "WzUxMiwxXQ==", "attributes": { - "visState": "{\"title\":\"IRC - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"IRC - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", "description": "", "title": "IRC - Destination IP Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -164,7 +164,7 @@ "updated_at": "2021-02-10T21:24:36.060Z", "version": "WzUxMywxXQ==", "attributes": { - "visState": "{\"title\":\"IRC - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"IRC - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", "description": "", "title": "IRC - Source IP Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -195,7 +195,7 @@ "version": "WzUxNCwxXQ==", "attributes": { "title": "IRC - Destination Port", - "visState": "{\"title\":\"IRC - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination Port\"}}]}", + "visState": "{\"title\":\"IRC - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination Port\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, @@ -255,7 +255,7 @@ "version": "WzUxNiwxXQ==", "attributes": { "title": "IRC - Destination Country", - "visState": "{\"title\":\"IRC - Destination Country\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.geo.country_name\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination Country\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.geo.city_name\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination City\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination IP Address\"}}]}", + "visState": "{\"title\":\"IRC - Destination Country\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.geo.country_name\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination Country\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.geo.city_name\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination City\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination IP Address\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, @@ -285,7 +285,7 @@ "version": "WzUxNywxXQ==", "attributes": { "title": "IRC - Command", - "visState": "{\"title\":\"IRC - Command\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.irc.command\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Command\"}}]}", + "visState": "{\"title\":\"IRC - Command\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.irc.command\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Command\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/7f41913f-cba8-43f5-82a8-241b7ead03e0.json b/dashboards/dashboards/7f41913f-cba8-43f5-82a8-241b7ead03e0.json index e0c944d52..734148662 100644 --- a/dashboards/dashboards/7f41913f-cba8-43f5-82a8-241b7ead03e0.json +++ b/dashboards/dashboards/7f41913f-cba8-43f5-82a8-241b7ead03e0.json @@ -144,7 +144,7 @@ "updated_at": "2021-02-10T21:24:38.098Z", "version": "WzUyOCwxXQ==", "attributes": { - "visState": "{\"title\":\"RDP - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"RDP - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", "description": "", "title": "RDP - Source IP Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -175,7 +175,7 @@ "version": "WzI3NjksMV0=", "attributes": { "title": "RDP - Destination IP Address", - "visState": "{\"title\":\"RDP - Destination IP Address\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Port\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"RDP - Destination IP Address\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Port\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -204,7 +204,7 @@ "updated_at": "2021-02-10T21:24:38.098Z", "version": "WzUzMSwxXQ==", "attributes": { - "visState": "{\"title\":\"RDP - Cookie\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.rdp.cookie\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Cookie\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"RDP - Cookie\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.rdp.cookie\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Cookie\"}}],\"listeners\":{}}", "description": "", "title": "RDP - Cookie", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", diff --git a/dashboards/dashboards/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb.json b/dashboards/dashboards/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb.json index f33623de5..2c6e017f9 100644 --- a/dashboards/dashboards/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb.json +++ b/dashboards/dashboards/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb.json @@ -209,7 +209,7 @@ "updated_at": "2021-10-12T14:14:37.087Z", "version": "WzM3MywxXQ==", "attributes": { - "visState": "{\"title\":\"SSL - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"SSL - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", "description": "", "title": "SSL - Source IP Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -239,7 +239,7 @@ "updated_at": "2021-10-12T14:14:37.087Z", "version": "WzM3NCwxXQ==", "attributes": { - "visState": "{\"title\":\"SSL - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"SSL - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}", "description": "", "title": "SSL - Destination Port", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -269,7 +269,7 @@ "updated_at": "2021-10-12T14:14:37.087Z", "version": "WzM3NSwxXQ==", "attributes": { - "visState": "{\"title\":\"SSL - Destination Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"SSL - Destination Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", "description": "", "title": "SSL - Destination Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -300,7 +300,7 @@ "version": "WzM3NiwxXQ==", "attributes": { "title": "SSL - Server", - "visState": "{\"title\":\"SSL - Server\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Server\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Randomness Score (method 1)\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.ssl.server_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.freq_score_v1\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Randomness Score (method 1)\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.freq_score_v2\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Randomness Score (method 2)\"}}]}", + "visState": "{\"title\":\"SSL - Server\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Server\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Randomness Score (method 1)\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.ssl.server_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.freq_score_v1\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Randomness Score (method 1)\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.freq_score_v2\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Randomness Score (method 2)\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -359,7 +359,7 @@ "updated_at": "2021-10-12T14:14:37.087Z", "version": "WzM3OCwxXQ==", "attributes": { - "visState": "{\"title\":\"SSL - Validation Status\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.ssl.validation_status\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Validation Status\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"SSL - Validation Status\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.ssl.validation_status\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Validation Status\"}}],\"listeners\":{}}", "description": "", "title": "SSL - Validation Status", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", diff --git a/dashboards/dashboards/82da3101-2a9c-4ae2-bb61-d447a3fbe673.json b/dashboards/dashboards/82da3101-2a9c-4ae2-bb61-d447a3fbe673.json index 07e08af3f..59a13edb6 100644 --- a/dashboards/dashboards/82da3101-2a9c-4ae2-bb61-d447a3fbe673.json +++ b/dashboards/dashboards/82da3101-2a9c-4ae2-bb61-d447a3fbe673.json @@ -159,7 +159,7 @@ "updated_at": "2021-02-10T21:24:40.130Z", "version": "WzU2MiwxXQ==", "attributes": { - "visState": "{\"title\":\"Kerberos - Client\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.kerberos.cname\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Client\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"Kerberos - Client\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.kerberos.cname\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Client\"}}],\"listeners\":{}}", "description": "", "title": "Kerberos - Client", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -219,7 +219,7 @@ "updated_at": "2021-02-10T21:24:40.130Z", "version": "WzU2NCwxXQ==", "attributes": { - "visState": "{\"title\":\"Kerberos - Server\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.kerberos.sname\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Server\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"Kerberos - Server\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.kerberos.sname\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Server\"}}],\"listeners\":{}}", "description": "", "title": "Kerberos - Server", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -279,7 +279,7 @@ "updated_at": "2021-02-10T21:24:40.130Z", "version": "WzU2NiwxXQ==", "attributes": { - "visState": "{\"title\":\"Kerberos - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"Kerberos - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", "description": "", "title": "Kerberos - Source IP Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -309,7 +309,7 @@ "updated_at": "2021-02-10T21:24:40.130Z", "version": "WzU2NywxXQ==", "attributes": { - "visState": "{\"title\":\"Kerberos - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"Kerberos - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", "description": "", "title": "Kerberos - Destination IP Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -340,7 +340,7 @@ "version": "WzU2OCwxXQ==", "attributes": { "title": "Kerberos - Service", - "visState": "{\"title\":\"Kerberos - Service\",\"type\":\"table\",\"params\":{\"perPage\":15,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Service\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.kerberos.sname\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"}}]}", + "visState": "{\"title\":\"Kerberos - Service\",\"type\":\"table\",\"params\":{\"perPage\":15,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Service\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.kerberos.sname\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/870a5862-6c26-4a08-99fd-0c06cda85ba3.json b/dashboards/dashboards/870a5862-6c26-4a08-99fd-0c06cda85ba3.json index f6dc287dc..98d5ff339 100644 --- a/dashboards/dashboards/870a5862-6c26-4a08-99fd-0c06cda85ba3.json +++ b/dashboards/dashboards/870a5862-6c26-4a08-99fd-0c06cda85ba3.json @@ -125,7 +125,7 @@ "version": "WzU3NiwxXQ==", "attributes": { "title": "DNP3 - Source IP", - "visState": "{\"title\":\"DNP3 - Source IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"IP Address\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"}}]}", + "visState": "{\"title\":\"DNP3 - Source IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"IP Address\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "Source IP Addresses from dnp3.log", "version": 1, @@ -155,7 +155,7 @@ "version": "WzU3NywxXQ==", "attributes": { "title": "DNP3 - Destination IP", - "visState": "{\"title\":\"DNP3 - Destination IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Port\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"}}]}", + "visState": "{\"title\":\"DNP3 - Destination IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Port\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", "description": "Destination IP Addresses from dnp3.log", "version": 1, @@ -185,7 +185,7 @@ "version": "WzU3OCwxXQ==", "attributes": { "title": "DNP3 - Function Request", - "visState": "{\"title\":\"DNP3 - Function Request\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Request\"}}]}", + "visState": "{\"title\":\"DNP3 - Function Request\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Request\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "DNP3 function in request packet from dnp3.log", "version": 1, @@ -215,7 +215,7 @@ "version": "WzU3OSwxXQ==", "attributes": { "title": "DNP3 - Function Reply", - "visState": "{\"title\":\"DNP3 - Function Reply\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dnp3.fc_reply\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Reply\"}}]}", + "visState": "{\"title\":\"DNP3 - Function Reply\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dnp3.fc_reply\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Reply\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "DNP3 function in reply packet from dnp3.log", "version": 1, @@ -333,7 +333,7 @@ "version": "WzU4MywxXQ==", "attributes": { "title": "DNP3 - Objects Overview", - "visState": "{\"title\":\"DNP3 - Objects Overview\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":3,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":4,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"IP Address\",\"aggType\":\"terms\"}]},\"row\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dnp3_objects.object_type\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Object Type\"}},{\"id\":\"8\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dnp3_objects.object_count\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Object Count\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dnp3_objects.range_low\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"-\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Range Start\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dnp3_objects.range_high\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"-\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Range End\"}},{\"id\":\"7\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"split\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"}}]}", + "visState": "{\"title\":\"DNP3 - Objects Overview\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":3,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":4,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"IP Address\",\"aggType\":\"terms\"}]},\"row\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dnp3_objects.object_type\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Object Type\"}},{\"id\":\"8\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dnp3_objects.object_count\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Object Count\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dnp3_objects.range_low\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"-\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Range Start\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dnp3_objects.range_high\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"-\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Range End\"}},{\"id\":\"7\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"split\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":null}}}}", "description": "Overview of DNP3 objects from READ-RESPONSE messages in dnp3_objects.log", "version": 1, @@ -363,7 +363,7 @@ "version": "WzU4NCwxXQ==", "attributes": { "title": "DNP3 - Control Overview", - "visState": "{\"title\":\"DNP3 - Control Overview\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":5,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Control Code\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dnp3_control.index_number\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Index Number\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Function\"}},{\"id\":\"7\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dnp3_control.block_type\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Block Type\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dnp3_control.operation_type\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Operation Type\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dnp3_control.trip_control_code\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Control Code\"}}]}", + "visState": "{\"title\":\"DNP3 - Control Overview\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":5,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Control Code\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dnp3_control.index_number\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Index Number\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Function\"}},{\"id\":\"7\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dnp3_control.block_type\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Block Type\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dnp3_control.operation_type\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Operation Type\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dnp3_control.trip_control_code\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Control Code\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":5,\"direction\":null}}}}", "description": "Overview of DNP3 control functions from dnp3_control.log", "version": 1, diff --git a/dashboards/dashboards/87a32f90-ef58-11e9-974e-9d600036d105.json b/dashboards/dashboards/87a32f90-ef58-11e9-974e-9d600036d105.json index 6c84e6043..dcef71690 100644 --- a/dashboards/dashboards/87a32f90-ef58-11e9-974e-9d600036d105.json +++ b/dashboards/dashboards/87a32f90-ef58-11e9-974e-9d600036d105.json @@ -325,7 +325,7 @@ "version": "WzU5NywxXQ==", "attributes": { "title": "MQTT - Publish", - "visState": "{\"title\":\"MQTT - Publish\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.mqtt_publish.topic\",\"size\":200,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Topic\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.mqtt_publish.from_client\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"From Client\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.mqtt_publish.status\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Status\"}}]}", + "visState": "{\"title\":\"MQTT - Publish\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.mqtt_publish.topic\",\"size\":200,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Topic\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.mqtt_publish.from_client\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"From Client\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.mqtt_publish.status\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Status\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -355,7 +355,7 @@ "version": "WzU5OCwxXQ==", "attributes": { "title": "MQTT - Publish Payload", - "visState": "{\"title\":\"MQTT - Publish Payload\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":4,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.mqtt_publish.topic\",\"size\":200,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Topic\"}},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.mqtt_publish.from_client\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"From Client\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.mqtt_publish.payload_len\",\"size\":200,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Length\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.mqtt_publish.payload\",\"size\":200,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Payload\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.mqtt_publish.status\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Status\"}}]}", + "visState": "{\"title\":\"MQTT - Publish Payload\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":4,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.mqtt_publish.topic\",\"size\":200,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Topic\"}},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.mqtt_publish.from_client\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"From Client\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.mqtt_publish.payload_len\",\"size\":200,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Length\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.mqtt_publish.payload\",\"size\":200,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Payload\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.mqtt_publish.status\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Status\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":5,\"direction\":\"desc\"}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/89d1cc50-974c-11ed-bb6b-3fb06c879b11.json b/dashboards/dashboards/89d1cc50-974c-11ed-bb6b-3fb06c879b11.json index 85dc96edb..c8398f0e7 100644 --- a/dashboards/dashboards/89d1cc50-974c-11ed-bb6b-3fb06c879b11.json +++ b/dashboards/dashboards/89d1cc50-974c-11ed-bb6b-3fb06c879b11.json @@ -244,7 +244,7 @@ "version": "WzkzOSwxXQ==", "attributes": { "title": "Observed Devices", - "visState": "{\"title\":\"Observed Devices\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"\"},\"schema\":\"metric\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"related.site\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Site\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Network Segment\"},\"schema\":\"bucket\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"related.device_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Device\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"related.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":15,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Observed Devices\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"\"},\"schema\":\"metric\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"related.site\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Site\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Network Segment\"},\"schema\":\"bucket\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"related.device_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Device\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"related.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":15,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":4,\"direction\":\"desc\"}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/92985909-dc29-4533-9e80-d3182a0ecf1d.json b/dashboards/dashboards/92985909-dc29-4533-9e80-d3182a0ecf1d.json index 71e242be5..76ebf9b3b 100644 --- a/dashboards/dashboards/92985909-dc29-4533-9e80-d3182a0ecf1d.json +++ b/dashboards/dashboards/92985909-dc29-4533-9e80-d3182a0ecf1d.json @@ -139,7 +139,7 @@ "updated_at": "2021-02-10T21:24:44.215Z", "version": "WzYxMiwxXQ==", "attributes": { - "visState": "{\"title\":\"Syslog - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"Syslog - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", "description": "", "title": "Syslog - Source IP Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -169,7 +169,7 @@ "updated_at": "2021-02-10T21:24:44.215Z", "version": "WzYxMywxXQ==", "attributes": { - "visState": "{\"title\":\"Syslog - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"Syslog - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", "description": "", "title": "Syslog - Destination IP Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", diff --git a/dashboards/dashboards/95479950-41f2-11ea-88fa-7151df485405.json b/dashboards/dashboards/95479950-41f2-11ea-88fa-7151df485405.json index 5d977f3c8..f38bc9d9d 100644 --- a/dashboards/dashboards/95479950-41f2-11ea-88fa-7151df485405.json +++ b/dashboards/dashboards/95479950-41f2-11ea-88fa-7151df485405.json @@ -154,7 +154,7 @@ "version": "WzU1OSwxXQ==", "attributes": { "title": "Notice, Alert and Signature - Summary", - "visState": "{\"title\":\"Notice, Alert, and Signature - Summary\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.provider\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Provider\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.dataset\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Dataset\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"rule.category\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Category\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"rule.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Name\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":20,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Notice, Alert, and Signature - Summary\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.provider\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Provider\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.dataset\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Dataset\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"rule.category\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Category\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"rule.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Name\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":20,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":4,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -184,7 +184,7 @@ "version": "WzU2MCwxXQ==", "attributes": { "title": "Outdated/Insecure Application Protocols", - "visState": "{\"title\":\"Outdated/Insecure Application Protocols\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":0,\"direction\":\"asc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Application Protocol\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"network.protocol_version\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Protocol Version\"}}]}", + "visState": "{\"title\":\"Outdated/Insecure Application Protocols\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":0,\"direction\":\"asc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Application Protocol\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"network.protocol_version\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Protocol Version\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":0,\"direction\":\"asc\"}}}}", "description": "", "version": 1, @@ -213,7 +213,7 @@ "version": "WzU2MSwxXQ==", "attributes": { "title": "Vulnerabilities", - "visState": "{\"title\":\"Vulnerabilities\",\"type\":\"table\",\"aggs\":[{\"id\":\"5\",\"enabled\":true,\"type\":\"max\",\"params\":{\"field\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER\",\"customLabel\":\"Last Seen\"},\"schema\":\"metric\"},{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.provider\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Data Source\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.dataset\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Log Type\"},\"schema\":\"bucket\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"vulnerability.id\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Vulnerability ID\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Vulnerabilities\",\"type\":\"table\",\"aggs\":[{\"id\":\"5\",\"enabled\":true,\"type\":\"max\",\"params\":{\"field\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER\",\"customLabel\":\"Last Seen\"},\"schema\":\"metric\"},{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.provider\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Data Source\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.dataset\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Log Type\"},\"schema\":\"bucket\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"vulnerability.id\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Vulnerability ID\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -389,7 +389,7 @@ "version": "WzU2NywxXQ==", "attributes": { "title": "DNS Queries by Randomness", - "visState": "{\"title\":\"DNS Queries by Randomness\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"dns.host\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":500,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"DNS Query\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.freq_score_v1\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Randomness Score (method 1)\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.freq_score_v2\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Randomness Score (method 2)\"},\"schema\":\"bucket\"}],\"params\":{\"dimensions\":{\"buckets\":[{\"accessor\":0,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\"}},\"params\":{}},{\"accessor\":1,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\"}},\"params\":{}}],\"metrics\":[{\"accessor\":2,\"aggType\":\"count\",\"format\":{\"id\":\"number\"},\"params\":{}}]},\"perPage\":20,\"percentageCol\":\"\",\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":1,\"direction\":\"asc\"},\"totalFunc\":\"sum\"}}", + "visState": "{\"title\":\"DNS Queries by Randomness\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"dns.host\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":500,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"DNS Query\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.freq_score_v1\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Randomness Score (method 1)\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.freq_score_v2\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Randomness Score (method 2)\"},\"schema\":\"bucket\"}],\"params\":{\"dimensions\":{\"buckets\":[{\"accessor\":0,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\"}},\"params\":{}},{\"accessor\":1,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\"}},\"params\":{}}],\"metrics\":[{\"accessor\":2,\"aggType\":\"count\",\"format\":{\"id\":\"number\"},\"params\":{}}]},\"perPage\":20,\"percentageCol\":\"\",\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":1,\"direction\":\"asc\"},\"totalFunc\":\"sum\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/9ee51f94-3316-4fc5-bd89-93a52af69714.json b/dashboards/dashboards/9ee51f94-3316-4fc5-bd89-93a52af69714.json index 153af4d2f..5e656ec72 100644 --- a/dashboards/dashboards/9ee51f94-3316-4fc5-bd89-93a52af69714.json +++ b/dashboards/dashboards/9ee51f94-3316-4fc5-bd89-93a52af69714.json @@ -145,7 +145,7 @@ "version": "WzU3NywxXQ==", "attributes": { "title": "Files - Files By Size (Bytes)", - "visState": "{\"title\":\"Files - Files By Size (Bytes)\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.files.seen_bytes\",\"orderBy\":\"_key\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Bytes Seen\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":20,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Files - Files By Size (Bytes)\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.files.seen_bytes\",\"orderBy\":\"_key\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Bytes Seen\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":20,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, @@ -174,7 +174,7 @@ "updated_at": "2024-02-05T17:21:00.991Z", "version": "WzU3OCwxXQ==", "attributes": { - "visState": "{\"title\":\"FIles - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"FIles - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", "description": "", "title": "FIles - Destination IP Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -204,7 +204,7 @@ "updated_at": "2024-02-05T17:21:00.991Z", "version": "WzU3OSwxXQ==", "attributes": { - "visState": "{\"title\":\"FIles - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"File IP Address\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"FIles - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"File IP Address\"}}],\"listeners\":{}}", "description": "", "title": "FIles - Source IP Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -347,7 +347,7 @@ "version": "WzU4MywxXQ==", "attributes": { "title": "Files - Paths", - "visState": "{\"title\":\"Files - Paths\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.dataset\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Log Type\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Protocol\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"file.path\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":1000,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Path\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":20,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Files - Paths\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.dataset\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Log Type\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Protocol\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"file.path\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":1000,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Path\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":20,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/abdd7550-2c7c-40dc-947e-f6d186a158c4.json b/dashboards/dashboards/abdd7550-2c7c-40dc-947e-f6d186a158c4.json index e459ae253..38b4001b1 100644 --- a/dashboards/dashboards/abdd7550-2c7c-40dc-947e-f6d186a158c4.json +++ b/dashboards/dashboards/abdd7550-2c7c-40dc-947e-f6d186a158c4.json @@ -249,7 +249,7 @@ "updated_at": "2022-04-29T19:56:53.664Z", "version": "WzU0MywxXQ==", "attributes": { - "visState": "{\"title\":\"Connections - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"Connections - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", "description": "", "title": "Connections - Source IP Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -279,7 +279,7 @@ "updated_at": "2022-04-29T19:56:53.664Z", "version": "WzU0NCwxXQ==", "attributes": { - "visState": "{\"title\":\"Connections - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"Connections - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", "description": "", "title": "Connections - Destination IP Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -309,7 +309,7 @@ "updated_at": "2022-04-29T19:56:53.664Z", "version": "WzU0NSwxXQ==", "attributes": { - "visState": "{\"title\":\"Connections - Source Country\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.geo.country_code2\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Country\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"Connections - Source Country\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.geo.country_code2\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Country\"}}],\"listeners\":{}}", "description": "", "title": "Connections - Source Country", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -339,7 +339,7 @@ "updated_at": "2022-04-29T19:56:53.664Z", "version": "WzU0NiwxXQ==", "attributes": { - "visState": "{\"title\":\"Connections - Responder Bytes\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"server.bytes\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"_term\",\"customLabel\":\"Responder Bytes\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"Connections - Responder Bytes\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"server.bytes\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"_term\",\"customLabel\":\"Responder Bytes\"}}],\"listeners\":{}}", "description": "", "title": "Connections - Responder Bytes", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -369,7 +369,7 @@ "updated_at": "2022-04-29T19:56:53.664Z", "version": "WzU0NywxXQ==", "attributes": { - "visState": "{\"title\":\"Connections - Missed Bytes\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.conn.missed_bytes\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"_term\",\"customLabel\":\"Missed Bytes\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"Connections - Missed Bytes\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.conn.missed_bytes\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"_term\",\"customLabel\":\"Missed Bytes\"}}],\"listeners\":{}}", "description": "", "title": "Connections - Missed Bytes", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -400,7 +400,7 @@ "version": "WzU0OCwxXQ==", "attributes": { "title": "Connections - Connection State", - "visState": "{\"title\":\"Connections - Connection State\",\"type\":\"table\",\"params\":{\"perPage\":15,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Connection State Description\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.conn.conn_state_description\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Connection State Description\"}}]}", + "visState": "{\"title\":\"Connections - Connection State\",\"type\":\"table\",\"params\":{\"perPage\":15,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Connection State Description\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.conn.conn_state_description\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Connection State Description\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, @@ -633,7 +633,7 @@ "version": "WzU1NiwxXQ==", "attributes": { "title": "Connections - Destination Port", - "visState": "{\"title\":\"Connections - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination Port\"}}]}", + "visState": "{\"title\":\"Connections - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination Port\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, @@ -723,7 +723,7 @@ "version": "WzU1OSwxXQ==", "attributes": { "title": "Connections - Source MAC Address", - "visState": "{\"title\":\"Connections - Source MAC Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.mac\",\"size\":500,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"MAC Address\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.oui\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Organizational Unique Identifier\"}}]}", + "visState": "{\"title\":\"Connections - Source MAC Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.mac\",\"size\":500,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"MAC Address\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.oui\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Organizational Unique Identifier\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, @@ -753,7 +753,7 @@ "version": "WzU2MCwxXQ==", "attributes": { "title": "Connections - Destination MAC Address", - "visState": "{\"title\":\"Connections - Destination MAC Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.mac\",\"size\":500,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"MAC Address\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.oui\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Organizational Unique Identifier\"}}]}", + "visState": "{\"title\":\"Connections - Destination MAC Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.mac\",\"size\":500,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"MAC Address\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.oui\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Organizational Unique Identifier\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/ae79b7d1-4281-4095-b2f6-fa7eafda9970.json b/dashboards/dashboards/ae79b7d1-4281-4095-b2f6-fa7eafda9970.json index 0c83415c8..d5fe73b05 100644 --- a/dashboards/dashboards/ae79b7d1-4281-4095-b2f6-fa7eafda9970.json +++ b/dashboards/dashboards/ae79b7d1-4281-4095-b2f6-fa7eafda9970.json @@ -139,7 +139,7 @@ "updated_at": "2021-11-12T19:32:50.243Z", "version": "WzczNiwxXQ==", "attributes": { - "visState": "{\"title\":\"RADIUS - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"RADIUS - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", "description": "", "title": "RADIUS - Source IP Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -199,7 +199,7 @@ "updated_at": "2021-11-12T19:32:50.243Z", "version": "WzczOCwxXQ==", "attributes": { - "visState": "{\"title\":\"RADIUS - MAC\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.radius.mac\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"MAC Address\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"RADIUS - MAC\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.radius.mac\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"MAC Address\"}}],\"listeners\":{}}", "description": "", "title": "RADIUS - MAC", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -229,7 +229,7 @@ "updated_at": "2021-11-12T19:32:50.243Z", "version": "WzczOSwxXQ==", "attributes": { - "visState": "{\"title\":\"RADIUS - Connection Information\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.radius.connect_info\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Connection Info\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"RADIUS - Connection Information\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.radius.connect_info\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Connection Info\"}}],\"listeners\":{}}", "description": "", "title": "RADIUS - Connection Information", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -290,7 +290,7 @@ "version": "Wzc0MSwxXQ==", "attributes": { "title": "RADIUS - Username", - "visState": "{\"title\":\"RADIUS - Username\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"related.user\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Username\"}}]}", + "visState": "{\"title\":\"RADIUS - Username\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"related.user\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Username\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/bb827f8e-639e-468c-93c8-9f5bc132eb8f.json b/dashboards/dashboards/bb827f8e-639e-468c-93c8-9f5bc132eb8f.json index bd75ad746..8f22599b9 100644 --- a/dashboards/dashboards/bb827f8e-639e-468c-93c8-9f5bc132eb8f.json +++ b/dashboards/dashboards/bb827f8e-639e-468c-93c8-9f5bc132eb8f.json @@ -159,7 +159,7 @@ "updated_at": "2021-02-10T21:24:55.450Z", "version": "WzczOSwxXQ==", "attributes": { - "visState": "{\"title\":\"SMTP - Subject\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.smtp.subject\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"SMTP\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"SMTP - Subject\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.smtp.subject\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"SMTP\"}}],\"listeners\":{}}", "description": "", "title": "SMTP - Subject", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -219,7 +219,7 @@ "updated_at": "2021-02-10T21:24:55.450Z", "version": "Wzc0MSwxXQ==", "attributes": { - "visState": "{\"title\":\"SMTP - \\\"From\\\" Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.smtp.mailfrom\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"\\\"From\\\" Address\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"SMTP - \\\"From\\\" Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.smtp.mailfrom\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"\\\"From\\\" Address\"}}],\"listeners\":{}}", "description": "", "title": "SMTP - \"From\" Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -249,7 +249,7 @@ "updated_at": "2021-02-10T21:24:55.450Z", "version": "Wzc0MiwxXQ==", "attributes": { - "visState": "{\"title\":\"SMTP - \\\"To\\\" Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.smtp.rcptto\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"\\\"To\\\" Address\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"SMTP - \\\"To\\\" Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.smtp.rcptto\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"\\\"To\\\" Address\"}}],\"listeners\":{}}", "description": "", "title": "SMTP - \"To\" Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -309,7 +309,7 @@ "updated_at": "2021-02-10T21:24:55.450Z", "version": "Wzc0NCwxXQ==", "attributes": { - "visState": "{\"title\":\"SMTP - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"SMTP - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", "description": "", "title": "SMTP - Source IP Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -339,7 +339,7 @@ "updated_at": "2021-02-10T21:24:55.450Z", "version": "Wzc0NSwxXQ==", "attributes": { - "visState": "{\"title\":\"SMTP - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"SMTP - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", "description": "", "title": "SMTP - Destination IP Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -369,7 +369,7 @@ "updated_at": "2021-02-10T21:24:55.450Z", "version": "Wzc0NiwxXQ==", "attributes": { - "visState": "{\"title\":\"SMTP - User Agent\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"user_agent.original\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"SMTP - User Agent\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"user_agent.original\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}", "description": "", "title": "SMTP - User Agent", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -400,7 +400,7 @@ "version": "Wzc0NywxXQ==", "attributes": { "title": "SMTP - Destination Port", - "visState": "{\"title\":\"SMTP - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":5,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Port\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Port\"}}]}", + "visState": "{\"title\":\"SMTP - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":5,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Port\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Port\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/beats/4ca94c70-d7da-11ee-9ed3-e7afff29e59a.json b/dashboards/dashboards/beats/4ca94c70-d7da-11ee-9ed3-e7afff29e59a.json index 05552edd8..aefc678ef 100644 --- a/dashboards/dashboards/beats/4ca94c70-d7da-11ee-9ed3-e7afff29e59a.json +++ b/dashboards/dashboards/beats/4ca94c70-d7da-11ee-9ed3-e7afff29e59a.json @@ -112,7 +112,7 @@ "version": "Wzg4NiwxXQ==", "attributes": { "title": "Last Capture Metric Timestamp by Host", - "visState": "{\"title\":\"Last Capture Metric Timestamp by Host\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"top_hits\",\"params\":{\"field\":\"@timestamp\",\"aggregate\":\"concat\",\"size\":1,\"sortField\":\"@timestamp\",\"sortOrder\":\"desc\",\"customLabel\":\"Last Metric Timestamp\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"_key\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Capture Host\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.provider\",\"orderBy\":\"_key\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Other\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Last Capture Metric Timestamp by Host\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"top_hits\",\"params\":{\"field\":\"@timestamp\",\"aggregate\":\"concat\",\"size\":1,\"sortField\":\"@timestamp\",\"sortOrder\":\"desc\",\"customLabel\":\"Last Metric Timestamp\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"_key\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Capture Host\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.provider\",\"orderBy\":\"_key\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Other\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"sortColumn\":{\"colIndex\":2,\"direction\":\"desc\"}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2.json b/dashboards/dashboards/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2.json index 257200e63..5bb44abf3 100644 --- a/dashboards/dashboards/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2.json +++ b/dashboards/dashboards/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2.json @@ -190,7 +190,7 @@ "version": "Wzc3MCwxXQ==", "attributes": { "title": "Telnet, rlogin and rsh - Login Attempts with Cleartext Passwords", - "visState": "{\"title\":\"Telnet, rlogin and rsh - Login Attempts with Cleartext Passwords\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":3,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Protocol\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"User\",\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Unknown\"}},\"params\":{},\"label\":\"Succeeded\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Protocol\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"related.user\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"User\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.login.success\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Success\"}}]}", + "visState": "{\"title\":\"Telnet, rlogin and rsh - Login Attempts with Cleartext Passwords\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":3,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Protocol\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"User\",\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Unknown\"}},\"params\":{},\"label\":\"Succeeded\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Protocol\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"related.user\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"User\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.login.success\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Success\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -250,7 +250,7 @@ "version": "Wzc3MiwxXQ==", "attributes": { "title": "Telnet, rlogin and rsh - Destination", - "visState": "{\"title\":\"Telnet, rlogin and rsh - Destination\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"ip\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Unknown\"}},\"params\":{},\"label\":\"Destination IP\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Unknown\"}},\"params\":{},\"label\":\"Protocol\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Protocol\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Destination IP\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Destination Port\"}}]}", + "visState": "{\"title\":\"Telnet, rlogin and rsh - Destination\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"ip\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Unknown\"}},\"params\":{},\"label\":\"Destination IP\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Unknown\"}},\"params\":{},\"label\":\"Protocol\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Protocol\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Destination IP\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Destination Port\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/ca5799a0-56b5-11eb-b749-576de068f8ad.json b/dashboards/dashboards/ca5799a0-56b5-11eb-b749-576de068f8ad.json index 8bb95c2a7..7e45222f9 100644 --- a/dashboards/dashboards/ca5799a0-56b5-11eb-b749-576de068f8ad.json +++ b/dashboards/dashboards/ca5799a0-56b5-11eb-b749-576de068f8ad.json @@ -175,7 +175,7 @@ "version": "Wzc3OCwxXQ==", "attributes": { "title": "BSAP - Source IP", - "visState": "{\"title\":\"BSAP - Source IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Source Port\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":500,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Source Port\"}}]}", + "visState": "{\"title\":\"BSAP - Source IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Source Port\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":500,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Source Port\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, @@ -417,7 +417,7 @@ "version": "Wzc4NSwxXQ==", "attributes": { "title": "BSAP - Destination IP", - "visState": "{\"title\":\"BSAP - Destination IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"destination.port: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":500,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Destination Port\"}}]}", + "visState": "{\"title\":\"BSAP - Destination IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"destination.port: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":500,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Destination Port\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/caef3ade-d289-4d05-a511-149f3e97f238.json b/dashboards/dashboards/caef3ade-d289-4d05-a511-149f3e97f238.json index 03c186fb4..cc0537e6a 100644 --- a/dashboards/dashboards/caef3ade-d289-4d05-a511-149f3e97f238.json +++ b/dashboards/dashboards/caef3ade-d289-4d05-a511-149f3e97f238.json @@ -154,7 +154,7 @@ "updated_at": "2021-02-10T21:25:00.506Z", "version": "Wzc5MCwxXQ==", "attributes": { - "visState": "{\"title\":\"SSH - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"SSH - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", "description": "", "title": "SSH - Source IP Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -185,7 +185,7 @@ "version": "WzM0MDEsMV0=", "attributes": { "title": "SSH - Destination IP Address", - "visState": "{\"title\":\"SSH - Destination IP Address\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Port\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"SSH - Destination IP Address\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Port\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -214,7 +214,7 @@ "updated_at": "2021-02-10T21:25:00.506Z", "version": "Wzc5MywxXQ==", "attributes": { - "visState": "{\"title\":\"SSH - Client/Server\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.ssh.client\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Client\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.ssh.server\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Server\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"SSH - Client/Server\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.ssh.client\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Client\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.ssh.server\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Server\"}}],\"listeners\":{}}", "description": "", "title": "SSH - Client/Server", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -275,7 +275,7 @@ "version": "Wzc5NSwxXQ==", "attributes": { "title": "SSH -Server", - "visState": "{\"title\":\"SSH -Server\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.ssh.server\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Server\"}}]}", + "visState": "{\"title\":\"SSH -Server\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.ssh.server\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Server\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/d2dd0180-06b1-11ec-8c6b-353266ade330.json b/dashboards/dashboards/d2dd0180-06b1-11ec-8c6b-353266ade330.json index de71d7fa3..63b20ad7e 100644 --- a/dashboards/dashboards/d2dd0180-06b1-11ec-8c6b-353266ade330.json +++ b/dashboards/dashboards/d2dd0180-06b1-11ec-8c6b-353266ade330.json @@ -135,7 +135,7 @@ "version": "WzI5NDIsMV0=", "attributes": { "title": "Severity Tags", - "visState": "{\"title\":\"Severity Tags\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"max\",\"params\":{\"field\":\"event.risk_score\",\"customLabel\":\"High Raw Severity\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.severity_tags\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Severity Tag\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Severity Tags\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"max\",\"params\":{\"field\":\"event.risk_score\",\"customLabel\":\"High Raw Severity\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.severity_tags\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Severity Tag\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -225,7 +225,7 @@ "version": "WzY1NSwxXQ==", "attributes": { "title": "Severity - Application Protocol", - "visState": "{\"title\":\"Severity - Application Protocol\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Application Protocol\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"max\",\"params\":{\"field\":\"event.risk_score\",\"customLabel\":\"High Raw Severity\"},\"schema\":\"metric\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":0,\"direction\":\"asc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Application Protocol\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Protocol Version\",\"aggType\":\"terms\"}]}}}", + "visState": "{\"title\":\"Severity - Application Protocol\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Application Protocol\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"max\",\"params\":{\"field\":\"event.risk_score\",\"customLabel\":\"High Raw Severity\"},\"schema\":\"metric\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":0,\"direction\":\"asc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Application Protocol\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Protocol Version\",\"aggType\":\"terms\"}]}}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/dd87edd0-796a-11ec-9ce6-b395c1ff58f4.json b/dashboards/dashboards/dd87edd0-796a-11ec-9ce6-b395c1ff58f4.json index 811c18868..86281e6fb 100644 --- a/dashboards/dashboards/dd87edd0-796a-11ec-9ce6-b395c1ff58f4.json +++ b/dashboards/dashboards/dd87edd0-796a-11ec-9ce6-b395c1ff58f4.json @@ -306,7 +306,7 @@ "version": "Wzc2MSwxXQ==", "attributes": { "title": "OPCUA Binary - Source", - "visState": "{\"title\":\"OPCUA Binary - Source\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"OPCUA Binary - Source\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -336,7 +336,7 @@ "version": "Wzc2MiwxXQ==", "attributes": { "title": "OPCUA Binary - Destination", - "visState": "{\"title\":\"OPCUA Binary - Destination\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Port\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"OPCUA Binary - Destination\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Port\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/f1f09567-fc7f-450b-a341-19d2f2bb468b.json b/dashboards/dashboards/f1f09567-fc7f-450b-a341-19d2f2bb468b.json index 3617c226c..30177d9dd 100644 --- a/dashboards/dashboards/f1f09567-fc7f-450b-a341-19d2f2bb468b.json +++ b/dashboards/dashboards/f1f09567-fc7f-450b-a341-19d2f2bb468b.json @@ -159,7 +159,7 @@ "updated_at": "2022-05-04T17:53:11.078Z", "version": "Wzc0MiwxXQ==", "attributes": { - "visState": "{\"title\":\"Notices - Source IP Addresses\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"Notices - Source IP Addresses\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", "description": "", "title": "Notices - Source IP Addresses", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -189,7 +189,7 @@ "updated_at": "2022-05-04T17:53:11.078Z", "version": "Wzc0MywxXQ==", "attributes": { - "visState": "{\"title\":\"Notices - Destination IP Addresses\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"Notices - Destination IP Addresses\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", "description": "", "title": "Notices - Destination IP Addresses", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -249,7 +249,7 @@ "updated_at": "2022-05-04T17:53:11.078Z", "version": "Wzc0NSwxXQ==", "attributes": { - "visState": "{\"title\":\"Notices - File MIME Type\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.notice.file_mime_type\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"MIME Type\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"Notices - File MIME Type\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.notice.file_mime_type\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"MIME Type\"}}],\"listeners\":{}}", "description": "", "title": "Notices - File MIME Type", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -279,7 +279,7 @@ "updated_at": "2022-05-04T17:53:11.078Z", "version": "Wzc0NiwxXQ==", "attributes": { - "visState": "{\"title\":\"Notices - File Description\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.notice.file_desc\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Description\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"Notices - File Description\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.notice.file_desc\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Description\"}}],\"listeners\":{}}", "description": "", "title": "Notices - File Description", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -340,7 +340,7 @@ "version": "Wzc0OCwxXQ==", "attributes": { "title": "Notice - Message Details", - "visState": "{\"title\":\"Notice - Message Details\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":4,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":4,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Category\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Subcategory\",\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Message\",\"aggType\":\"terms\"},{\"accessor\":3,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Sub-Message\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.category\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Category\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Subcategory\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.notice.msg\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Message\"}}]}", + "visState": "{\"title\":\"Notice - Message Details\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":4,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":4,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Category\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Subcategory\",\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Message\",\"aggType\":\"terms\"},{\"accessor\":3,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Sub-Message\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.category\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Category\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Subcategory\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.notice.msg\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Message\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -442,7 +442,7 @@ "version": "Wzc1MSwxXQ==", "attributes": { "title": "Notices - Notice Types by Source and Destination", - "visState": "{\"title\":\"Notices - Notice Types by Source and Destination\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":4,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Note\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"ip\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Source IP Address\",\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"ip\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Destination IP Address\",\"aggType\":\"terms\"},{\"accessor\":3,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Notice Category\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.category\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Notice Category\"}},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Notice Subcategory\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP Address\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP Address\"}}]}", + "visState": "{\"title\":\"Notices - Notice Types by Source and Destination\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":4,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Note\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"ip\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Source IP Address\",\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"ip\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Destination IP Address\",\"aggType\":\"terms\"},{\"accessor\":3,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Notice Category\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.category\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Notice Category\"}},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Notice Subcategory\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP Address\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP Address\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":4,\"direction\":\"desc\"}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/f77bf097-18a8-465c-b634-eb2acc7a4f26.json b/dashboards/dashboards/f77bf097-18a8-465c-b634-eb2acc7a4f26.json index e97f57f71..a5c2b2a0e 100644 --- a/dashboards/dashboards/f77bf097-18a8-465c-b634-eb2acc7a4f26.json +++ b/dashboards/dashboards/f77bf097-18a8-465c-b634-eb2acc7a4f26.json @@ -214,7 +214,7 @@ "updated_at": "2021-02-10T21:25:08.611Z", "version": "Wzg2MiwxXQ==", "attributes": { - "visState": "{\"title\":\"RFB - Desktop Name\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.rfb.desktop_name\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Desktop Name\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"RFB - Desktop Name\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.rfb.desktop_name\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Desktop Name\"}}],\"listeners\":{}}", "description": "", "title": "RFB - Desktop Name", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -244,7 +244,7 @@ "updated_at": "2021-02-10T21:25:08.611Z", "version": "Wzg2MywxXQ==", "attributes": { - "visState": "{\"title\":\"RFB - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"RFB - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", "description": "", "title": "RFB - Source IP Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -274,7 +274,7 @@ "updated_at": "2021-02-10T21:25:08.611Z", "version": "Wzg2NCwxXQ==", "attributes": { - "visState": "{\"title\":\"RFB - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"RFB - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", "description": "", "title": "RFB - Destination IP Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -304,7 +304,7 @@ "updated_at": "2021-02-10T21:25:08.611Z", "version": "Wzg2NSwxXQ==", "attributes": { - "visState": "{\"title\":\"RFB - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"RFB - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}", "description": "", "title": "RFB - Destination Port", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -334,7 +334,7 @@ "updated_at": "2021-02-10T21:25:08.611Z", "version": "Wzg2NiwxXQ==", "attributes": { - "visState": "{\"title\":\"RFB - Server Version\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.rfb.server_major_version\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Major Version\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.rfb.server_minor_version\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Minor Version\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"RFB - Server Version\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.rfb.server_major_version\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Major Version\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.rfb.server_minor_version\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Minor Version\"}}],\"listeners\":{}}", "description": "", "title": "RFB - Server Version", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -364,7 +364,7 @@ "updated_at": "2021-02-10T21:25:08.611Z", "version": "Wzg2NywxXQ==", "attributes": { - "visState": "{\"title\":\"RFB - Client Version\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.rfb.client_major_version\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Major Version\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.rfb.client_minor_version\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Minor Version\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"RFB - Client Version\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.rfb.client_major_version\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Major Version\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.rfb.client_minor_version\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Minor Version\"}}],\"listeners\":{}}", "description": "", "title": "RFB - Client Version", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", diff --git a/dashboards/dashboards/fa477130-2b8a-11ec-a9f2-3911c8571bfd.json b/dashboards/dashboards/fa477130-2b8a-11ec-a9f2-3911c8571bfd.json index 9b7d4d979..9151a8a35 100644 --- a/dashboards/dashboards/fa477130-2b8a-11ec-a9f2-3911c8571bfd.json +++ b/dashboards/dashboards/fa477130-2b8a-11ec-a9f2-3911c8571bfd.json @@ -215,7 +215,7 @@ "version": "Wzk0MiwxXQ==", "attributes": { "title": "STUN - Method and Class", - "visState": "{\"title\":\"STUN - Method and Class\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.stun.method\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Method\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.stun.attr_type\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Attribute Type\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.stun.class\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Class\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"STUN - Method and Class\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.stun.method\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Method\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.stun.attr_type\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Attribute Type\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.stun.class\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Class\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -275,7 +275,7 @@ "version": "WzEwMTAsMV0=", "attributes": { "title": "STUN - Action and Result", - "visState": "{\"title\":\"STUN - Action and Result\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Action\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.result\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Result\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"STUN - Action and Result\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Action\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.result\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Result\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", "description": "", "version": 1, From 78c7b6d37de90b3422f5ce29096a41a9161976fb Mon Sep 17 00:00:00 2001 From: Seth Grover Date: Tue, 19 Mar 2024 15:24:26 -0600 Subject: [PATCH 48/79] idaholab/Malcolm#447, set size:100 for dashboards table --- .../024062a6-48d6-498f-a91a-3bf2da3a3cd3.json | 2 +- .../03207c00-d07e-11ec-b4a7-d1b4003706b7.json | 6 +++--- .../05e3e000-f118-11e9-acda-83a8e29e1a24.json | 10 +++++----- .../0ad3d7c2-3441-485e-9dfe-dbb22e84e576.json | 8 ++++---- .../0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa.json | 2 +- .../11be6381-beef-40a7-bdce-88c5398392fc.json | 2 +- .../11ddd980-e388-11e9-b568-cf17de8e860c.json | 10 +++++----- .../12e3a130-d83b-11eb-a0b0-f328ce09b0b7.json | 6 +++--- .../152f29dc-51a2-4f53-93e9-6e92765567b8.json | 12 +++++------ .../1cc01ff0-5205-11ec-a62c-7bc80e88f3f0.json | 8 ++++---- .../1fff49f6-0199-4a0f-820b-721aff9ff1f1.json | 4 ++-- .../29a1b290-eb98-11e9-a384-0fcf32210194.json | 10 +++++----- .../2bec1490-eb94-11e9-a384-0fcf32210194.json | 14 ++++++------- .../2cc56240-e460-11ed-a9d5-9f591c284cb4.json | 12 +++++------ .../2cf94cd0-ecab-40a5-95a7-8419f3a39cd9.json | 8 ++++---- .../2d98bb8e-214c-4374-837b-20e1bcd63a5e.json | 2 +- .../32587740-ef88-11e9-b38a-2db3ee640e88.json | 6 +++--- .../36ed695f-edcc-47c1-b0ec-50d20c93ce0f.json | 6 +++--- .../42e831b9-41a9-4f35-8b7d-e1566d368773.json | 2 +- .../432af556-c5c0-4cc3-8166-b274b4e3a406.json | 2 +- .../4a073440-b286-11eb-a4d4-09fa12a6ebd4.json | 4 ++-- .../4a4bde20-4760-11ea-949c-bbb5a9feecbf.json | 8 ++++---- .../4e5f106e-c60a-4226-8f64-d534abb912ab.json | 2 +- .../50ced171-1b10-4c3f-8b67-2db9635661a6.json | 2 +- .../543118a9-02d7-43fe-b669-b8652177fc37.json | 2 +- .../5694ca60-cbdf-11ec-a50a-5fedd672f5c5.json | 12 +++++------ .../665d1610-523d-11e9-a30e-e3576242f3ed.json | 2 +- .../677ee170-809e-11ed-8d5b-07069f823b6f.json | 20 +++++++++---------- .../76f2f912-80da-44cd-ab66-6a73c8344cc3.json | 10 +++++----- .../7f41913f-cba8-43f5-82a8-241b7ead03e0.json | 2 +- .../7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb.json | 8 ++++---- .../82da3101-2a9c-4ae2-bb61-d447a3fbe673.json | 4 ++-- .../870a5862-6c26-4a08-99fd-0c06cda85ba3.json | 4 ++-- .../87a32f90-ef58-11e9-974e-9d600036d105.json | 12 +++++------ .../89d1cc50-974c-11ed-bb6b-3fb06c879b11.json | 12 +++++------ .../95479950-41f2-11ea-88fa-7151df485405.json | 12 +++++------ .../9ee51f94-3316-4fc5-bd89-93a52af69714.json | 4 ++-- .../a33e0a50-afcd-11ea-993f-b7d8522a8bed.json | 4 ++-- .../a7514350-eba6-11e9-a384-0fcf32210194.json | 8 ++++---- .../abdd7550-2c7c-40dc-947e-f6d186a158c4.json | 6 +++--- .../ae79b7d1-4281-4095-b2f6-fa7eafda9970.json | 2 +- .../af5df620-eeb6-11e9-bdef-65a192b7f586.json | 4 ++-- .../bb827f8e-639e-468c-93c8-9f5bc132eb8f.json | 4 ++-- .../3768ef70-d819-11ee-820d-dd9fd73a3921.json | 2 +- .../4ca94c70-d7da-11ee-9ed3-e7afff29e59a.json | 4 ++-- .../79202ee0-d811-11ee-820d-dd9fd73a3921.json | 4 ++-- .../7a7e0a60-e8e8-11ec-b9d4-4569bb965430.json | 4 ++-- .../903f42c0-f634-11ec-828d-2fb7a4a26e1f.json | 4 ++-- .../bed185a0-ef82-11e9-b38a-2db3ee640e88.json | 4 ++-- .../bf5efbb0-60f1-11eb-9d60-dbf0411cfc48.json | 2 +- .../c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2.json | 6 +++--- .../ca5799a0-56b5-11eb-b749-576de068f8ad.json | 6 +++--- .../caef3ade-d289-4d05-a511-149f3e97f238.json | 12 +++++------ .../d2dd0180-06b1-11ec-8c6b-353266ade330.json | 16 +++++++-------- .../dd87edd0-796a-11ec-9ce6-b395c1ff58f4.json | 10 +++++----- .../e76d05c0-eb9f-11e9-a384-0fcf32210194.json | 10 +++++----- .../f1f09567-fc7f-450b-a341-19d2f2bb468b.json | 8 ++++---- .../f77bf097-18a8-465c-b634-eb2acc7a4f26.json | 4 ++-- .../fa141950-ef89-11e9-b38a-2db3ee640e88.json | 6 +++--- 59 files changed, 191 insertions(+), 191 deletions(-) diff --git a/dashboards/dashboards/024062a6-48d6-498f-a91a-3bf2da3a3cd3.json b/dashboards/dashboards/024062a6-48d6-498f-a91a-3bf2da3a3cd3.json index 05d1f52b6..8c6ea75d6 100644 --- a/dashboards/dashboards/024062a6-48d6-498f-a91a-3bf2da3a3cd3.json +++ b/dashboards/dashboards/024062a6-48d6-498f-a91a-3bf2da3a3cd3.json @@ -465,7 +465,7 @@ "version": "WzE1LDFd", "attributes": { "title": "X.509 - Certificate Fingerprint", - "visState": "{\"title\":\"X.509 - Certificate Fingerprint\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.x509.fingerprint\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":500,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Certificate Fingerprint\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"X.509 - Certificate Fingerprint\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.x509.fingerprint\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Certificate Fingerprint\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/03207c00-d07e-11ec-b4a7-d1b4003706b7.json b/dashboards/dashboards/03207c00-d07e-11ec-b4a7-d1b4003706b7.json index d6a03d547..830b701bf 100644 --- a/dashboards/dashboards/03207c00-d07e-11ec-b4a7-d1b4003706b7.json +++ b/dashboards/dashboards/03207c00-d07e-11ec-b4a7-d1b4003706b7.json @@ -170,7 +170,7 @@ "version": "WzExMzQsMV0=", "attributes": { "title": "GENISYS - Station Address", - "visState": "{\"title\":\"GENISYS - Station Address\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.genisys.server\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":255,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Station Address\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"GENISYS - Station Address\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.genisys.server\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Station Address\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -200,7 +200,7 @@ "version": "WzExNDQsMV0=", "attributes": { "title": "GENISYS - Source", - "visState": "{\"title\":\"GENISYS - Source\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"GENISYS - Source\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -290,7 +290,7 @@ "version": "WzExNTksMV0=", "attributes": { "title": "GENISYS - Destination", - "visState": "{\"title\":\"GENISYS - Destination\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Port\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"GENISYS - Destination\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Port\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/05e3e000-f118-11e9-acda-83a8e29e1a24.json b/dashboards/dashboards/05e3e000-f118-11e9-acda-83a8e29e1a24.json index 82deacaab..d7f067053 100644 --- a/dashboards/dashboards/05e3e000-f118-11e9-acda-83a8e29e1a24.json +++ b/dashboards/dashboards/05e3e000-f118-11e9-acda-83a8e29e1a24.json @@ -191,7 +191,7 @@ "version": "WzIwMiwxXQ==", "attributes": { "title": "LDAP - Source IP", - "visState": "{\"title\":\"LDAP - Source IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"size\":200,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"}}]}", + "visState": "{\"title\":\"LDAP - Source IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, @@ -221,7 +221,7 @@ "version": "WzExNDEsMV0=", "attributes": { "title": "LDAP - Destination IP", - "visState": "{\"title\":\"LDAP - Destination IP\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Port\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"LDAP - Destination IP\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Port\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -281,7 +281,7 @@ "version": "WzE1MzgsMV0=", "attributes": { "title": "LDAP - Bind", - "visState": "{\"title\":\"LDAP - Bind\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.protocol_version\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Version\"},\"schema\":\"bucket\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Method\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.ldap.object\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Object/Mechanism\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.result\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Result\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"LDAP - Bind\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.protocol_version\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Version\"},\"schema\":\"bucket\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Method\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.ldap.object\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Object/Mechanism\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.result\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Result\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":4,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -341,7 +341,7 @@ "version": "WzEzMzUsMV0=", "attributes": { "title": "LDAP - Result Code", - "visState": "{\"title\":\"LDAP - Result Code\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.result\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"-\",\"customLabel\":\"Result Code\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"LDAP - Result Code\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.result\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"-\",\"customLabel\":\"Result Code\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -371,7 +371,7 @@ "version": "WzEyOTksMV0=", "attributes": { "title": "LDAP - Operation", - "visState": "{\"title\":\"LDAP - Operation\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":199,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Operation\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"LDAP - Operation\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Operation\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/0ad3d7c2-3441-485e-9dfe-dbb22e84e576.json b/dashboards/dashboards/0ad3d7c2-3441-485e-9dfe-dbb22e84e576.json index 1800bf8ac..75ddb6bdd 100644 --- a/dashboards/dashboards/0ad3d7c2-3441-485e-9dfe-dbb22e84e576.json +++ b/dashboards/dashboards/0ad3d7c2-3441-485e-9dfe-dbb22e84e576.json @@ -170,7 +170,7 @@ "version": "WzYzLDFd", "attributes": { "title": "Log Type", - "visState": "{\"title\":\"Log Type\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.provider\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"unknown\",\"customLabel\":\"Data Source\"},\"schema\":\"bucket\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.dataset\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Log Type\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Log Type\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.provider\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"unknown\",\"customLabel\":\"Data Source\"},\"schema\":\"bucket\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.dataset\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Log Type\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -229,7 +229,7 @@ "version": "WzY1LDFd", "attributes": { "title": "DNS - Queries", - "visState": "{\"title\":\"DNS - Queries\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dns.query\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":250,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Query\"}}]}", + "visState": "{\"title\":\"DNS - Queries\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dns.query\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Query\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, @@ -259,7 +259,7 @@ "version": "WzY2LDFd", "attributes": { "title": "Log Source", - "visState": "{\"title\":\"Log Source\",\"type\":\"table\",\"aggs\":[{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"-\",\"customLabel\":\"Log Source\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"max\",\"params\":{\"field\":\"event.ingested\",\"customLabel\":\"Last Ingested\"},\"schema\":\"metric\"},{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"}],\"params\":{\"perPage\":5,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Log Source\",\"type\":\"table\",\"aggs\":[{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"-\",\"customLabel\":\"Log Source\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"max\",\"params\":{\"field\":\"event.ingested\",\"customLabel\":\"Last Ingested\"},\"schema\":\"metric\"},{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"}],\"params\":{\"perPage\":5,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -317,7 +317,7 @@ "version": "WzY5MywxXQ==", "attributes": { "title": "Actions and Results", - "visState": "{\"title\":\"Actions and Results\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":3,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Unknown\"}},\"params\":{},\"label\":\"Protocol\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Action\",\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Result\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Protocol\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Action\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.result\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Result\"}}]}", + "visState": "{\"title\":\"Actions and Results\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":3,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Unknown\"}},\"params\":{},\"label\":\"Protocol\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Action\",\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Result\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Protocol\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Action\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.result\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Result\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa.json b/dashboards/dashboards/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa.json index 6ba74a3f1..11c0cffac 100644 --- a/dashboards/dashboards/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa.json +++ b/dashboards/dashboards/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa.json @@ -399,7 +399,7 @@ "updated_at": "2021-02-10T21:24:11.908Z", "version": "WzE1NiwxXQ==", "attributes": { - "visState": "{\"title\":\"SIP - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"SIP - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}", "description": "", "title": "SIP - Destination Port", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", diff --git a/dashboards/dashboards/11be6381-beef-40a7-bdce-88c5398392fc.json b/dashboards/dashboards/11be6381-beef-40a7-bdce-88c5398392fc.json index 082509f0b..b9a5a8126 100644 --- a/dashboards/dashboards/11be6381-beef-40a7-bdce-88c5398392fc.json +++ b/dashboards/dashboards/11be6381-beef-40a7-bdce-88c5398392fc.json @@ -165,7 +165,7 @@ "version": "WzM3ODAsMV0=", "attributes": { "title": "Tunnels - Destination Address", - "visState": "{\"title\":\"Tunnels - Destination Address\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Port\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Tunnels - Destination Address\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Port\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/11ddd980-e388-11e9-b568-cf17de8e860c.json b/dashboards/dashboards/11ddd980-e388-11e9-b568-cf17de8e860c.json index c251e3f0a..b277bfedb 100644 --- a/dashboards/dashboards/11ddd980-e388-11e9-b568-cf17de8e860c.json +++ b/dashboards/dashboards/11ddd980-e388-11e9-b568-cf17de8e860c.json @@ -212,7 +212,7 @@ "version": "WzE5NiwxXQ==", "attributes": { "title": "QUIC - Source IP Address", - "visState": "{\"title\":\"QUIC - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"size\":500,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"}}]}", + "visState": "{\"title\":\"QUIC - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, @@ -242,7 +242,7 @@ "version": "WzE5NywxXQ==", "attributes": { "title": "QUIC - Destination IP Address", - "visState": "{\"title\":\"QUIC - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"size\":500,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"}}]}", + "visState": "{\"title\":\"QUIC - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, @@ -272,7 +272,7 @@ "version": "WzE5OCwxXQ==", "attributes": { "title": "QUIC - User Agent", - "visState": "{\"title\":\"QUIC - User Agent\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"user_agent.original\",\"size\":500,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"User Agent\"}}]}", + "visState": "{\"title\":\"QUIC - User Agent\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"user_agent.original\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"User Agent\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, @@ -302,7 +302,7 @@ "version": "WzE5OSwxXQ==", "attributes": { "title": "QUIC - Server Name", - "visState": "{\"title\":\"QUIC - Server Name\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"quic.host\",\"size\":500,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server Name\"}}]}", + "visState": "{\"title\":\"QUIC - Server Name\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"quic.host\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server Name\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, @@ -332,7 +332,7 @@ "version": "WzIwMCwxXQ==", "attributes": { "title": "QUIC - CYU Fingerprint", - "visState": "{\"title\":\"QUIC - CYU Fingerprint\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.gquic.cyutags\",\"size\":500,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"CYU Fingerprint Tags\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.gquic.cyu\",\"size\":500,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"CYU Fingerprint MD5\"}}]}", + "visState": "{\"title\":\"QUIC - CYU Fingerprint\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.gquic.cyutags\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"CYU Fingerprint Tags\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.gquic.cyu\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"CYU Fingerprint MD5\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/12e3a130-d83b-11eb-a0b0-f328ce09b0b7.json b/dashboards/dashboards/12e3a130-d83b-11eb-a0b0-f328ce09b0b7.json index 3cf49b5fd..ebed9bfb7 100644 --- a/dashboards/dashboards/12e3a130-d83b-11eb-a0b0-f328ce09b0b7.json +++ b/dashboards/dashboards/12e3a130-d83b-11eb-a0b0-f328ce09b0b7.json @@ -188,7 +188,7 @@ "version": "Wzg1NywxXQ==", "attributes": { "title": "Best Guess Protocol - Destination", - "visState": "{\"title\":\"Best Guess Protocol - Destination\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.bestguess.category\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Category\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.bestguess.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":500,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Protocol\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"protocol\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Transport\"},\"schema\":\"bucket\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":18,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Best Guess Protocol - Destination\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.bestguess.category\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Category\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.bestguess.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Protocol\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"protocol\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Transport\"},\"schema\":\"bucket\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":18,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":4,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -218,7 +218,7 @@ "version": "WzgzNywxXQ==", "attributes": { "title": "Best Guess - Summary", - "visState": "{\"title\":\"Best Guess - Summary\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.transport\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Transport\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.bestguess.category\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Category\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.bestguess.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":500,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Details\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Best Guess - Summary\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.transport\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Transport\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.bestguess.category\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Category\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.bestguess.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Details\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -248,7 +248,7 @@ "version": "Wzg4NSwxXQ==", "attributes": { "title": "Best Guess Protocol - Source", - "visState": "{\"title\":\"Best Guess Protocol - Source\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.bestguess.category\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Category\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.bestguess.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":500,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Protocol\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"protocol\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Tranport\"},\"schema\":\"bucket\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":18,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Best Guess Protocol - Source\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.bestguess.category\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Category\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.bestguess.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Protocol\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"protocol\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Tranport\"},\"schema\":\"bucket\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":18,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":4,\"direction\":\"desc\"}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/152f29dc-51a2-4f53-93e9-6e92765567b8.json b/dashboards/dashboards/152f29dc-51a2-4f53-93e9-6e92765567b8.json index 874a65cd2..09deb82f8 100644 --- a/dashboards/dashboards/152f29dc-51a2-4f53-93e9-6e92765567b8.json +++ b/dashboards/dashboards/152f29dc-51a2-4f53-93e9-6e92765567b8.json @@ -195,7 +195,7 @@ "version": "WzEzNSwxXQ==", "attributes": { "title": "Modbus - Source IP", - "visState": "{\"title\":\"Modbus - Source IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"}}]}", + "visState": "{\"title\":\"Modbus - Source IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "Source IP Addresses from modbus.log", "version": 1, @@ -225,7 +225,7 @@ "version": "WzEzNiwxXQ==", "attributes": { "title": "Modbus - Destination IP", - "visState": "{\"title\":\"Modbus - Destination IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Destination Port\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"}}]}", + "visState": "{\"title\":\"Modbus - Destination IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Destination Port\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", "description": "Destination IP Addresses from modbus.log", "version": 1, @@ -255,7 +255,7 @@ "version": "WzEzNywxXQ==", "attributes": { "title": "Modbus - Observed Clients and Servers", - "visState": "{\"title\":\"Modbus - Observed Clients and Servers\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Times Observed\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.known_modbus.device_type\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Device Type\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"}}]}", + "visState": "{\"title\":\"Modbus - Observed Clients and Servers\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Times Observed\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.known_modbus.device_type\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Device Type\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", "description": "Modbus observed client and server devices", "version": 1, @@ -373,7 +373,7 @@ "version": "WzE0MSwxXQ==", "attributes": { "title": "Modbus - Functions and Exceptions", - "visState": "{\"title\":\"Modbus - Functions and Exceptions\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Function\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.result\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Exception\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Modbus - Functions and Exceptions\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Function\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.result\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Exception\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -433,7 +433,7 @@ "version": "Wzk1NCwxXQ==", "attributes": { "title": "Modbus - Reads", - "visState": "{\"title\":\"Modbus - Reads\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Function\"},\"schema\":\"bucket\"},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.modbus.unit_id\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"-\",\"customLabel\":\"Unit ID\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.modbus_detailed.values\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"-\",\"missingBucket\":false,\"missingBucketLabel\":\"-\",\"customLabel\":\"Values\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":15,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":5,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Values\",\"aggType\":\"terms\"}]}}}", + "visState": "{\"title\":\"Modbus - Reads\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Function\"},\"schema\":\"bucket\"},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.modbus.unit_id\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"-\",\"customLabel\":\"Unit ID\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.modbus_detailed.values\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"-\",\"missingBucket\":false,\"missingBucketLabel\":\"-\",\"customLabel\":\"Values\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":15,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":5,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Values\",\"aggType\":\"terms\"}]}}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "Modbus read holding registers, input registers, discrete inputs, and coils overview from modbus_detailed.log", "version": 1, @@ -463,7 +463,7 @@ "version": "Wzk1NSwxXQ==", "attributes": { "title": "Modbus - Writes", - "visState": "{\"title\":\"Modbus - Writes\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Function\"},\"schema\":\"bucket\"},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.modbus.unit_id\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"-\",\"customLabel\":\"Unit ID\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.modbus_detailed.address\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"-\",\"missingBucket\":false,\"missingBucketLabel\":\"-\",\"customLabel\":\"Address\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.modbus_detailed.values\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"-\",\"missingBucket\":false,\"missingBucketLabel\":\"-\",\"customLabel\":\"Values\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":15,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":3,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Values\",\"aggType\":\"terms\"}]}}}", + "visState": "{\"title\":\"Modbus - Writes\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Function\"},\"schema\":\"bucket\"},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.modbus.unit_id\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"-\",\"customLabel\":\"Unit ID\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.modbus_detailed.address\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"-\",\"missingBucket\":false,\"missingBucketLabel\":\"-\",\"customLabel\":\"Address\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.modbus_detailed.values\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"-\",\"missingBucket\":false,\"missingBucketLabel\":\"-\",\"customLabel\":\"Values\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":15,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":3,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Values\",\"aggType\":\"terms\"}]}}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "Modbus write register and write coil overview from modbus_detailed.log", "version": 1, diff --git a/dashboards/dashboards/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0.json b/dashboards/dashboards/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0.json index bd16f7b34..81b246aa5 100644 --- a/dashboards/dashboards/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0.json +++ b/dashboards/dashboards/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0.json @@ -265,7 +265,7 @@ "version": "WzEzNTgsMV0=", "attributes": { "title": "OSPF - Area and Router", - "visState": "{\"title\":\"OSPF - Area and Router\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.ospf.area_id\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Area\"},\"schema\":\"bucket\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.ospf.router_id\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Router\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"OSPF - Area and Router\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.ospf.area_id\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Area\"},\"schema\":\"bucket\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.ospf.router_id\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Router\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -295,7 +295,7 @@ "version": "WzEzMDIsMV0=", "attributes": { "title": "OSPF - Source IP", - "visState": "{\"title\":\"OSPF - Source IP\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"OSPF - Source IP\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, @@ -325,7 +325,7 @@ "version": "WzEzMTcsMV0=", "attributes": { "title": "OSPF - Destination IP", - "visState": "{\"title\":\"OSPF - Destination IP\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"OSPF - Destination IP\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, @@ -355,7 +355,7 @@ "version": "WzEzODcsMV0=", "attributes": { "title": "OSPF - All IP Addresses", - "visState": "{\"title\":\"OSPF - All IP Addresses\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"related.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"OSPF - All IP Addresses\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"related.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/1fff49f6-0199-4a0f-820b-721aff9ff1f1.json b/dashboards/dashboards/1fff49f6-0199-4a0f-820b-721aff9ff1f1.json index 61ff91f69..758b41493 100644 --- a/dashboards/dashboards/1fff49f6-0199-4a0f-820b-721aff9ff1f1.json +++ b/dashboards/dashboards/1fff49f6-0199-4a0f-820b-721aff9ff1f1.json @@ -125,7 +125,7 @@ "version": "WzE2NCwxXQ==", "attributes": { "title": "Weird - Source", - "visState": "{\"title\":\"Weird - Source\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Weird - Source\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\"}}", "uiStateJSON": "{\"P-5\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"P-6\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, @@ -155,7 +155,7 @@ "version": "WzE2NSwxXQ==", "attributes": { "title": "Weird - Destination", - "visState": "{\"title\":\"Weird - Destination\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Port\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Weird - Destination\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Port\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/29a1b290-eb98-11e9-a384-0fcf32210194.json b/dashboards/dashboards/29a1b290-eb98-11e9-a384-0fcf32210194.json index 57ba23e4d..1917c8766 100644 --- a/dashboards/dashboards/29a1b290-eb98-11e9-a384-0fcf32210194.json +++ b/dashboards/dashboards/29a1b290-eb98-11e9-a384-0fcf32210194.json @@ -213,7 +213,7 @@ "version": "WzE3OCwxXQ==", "attributes": { "title": "EtherNet/IP - Source IP", - "visState": "{\"title\":\"EtherNet/IP - Source IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"}}]}", + "visState": "{\"title\":\"EtherNet/IP - Source IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, @@ -242,7 +242,7 @@ "version": "WzE4MCwxXQ==", "attributes": { "title": "CIP - Device Identity", - "visState": "{\"title\":\"CIP - Device Identity\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":4,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"N/A\"}},\"params\":{},\"label\":\"Serial Number\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.cip_identity.product_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"N/A\",\"customLabel\":\"Product Name\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.cip_identity.device_type_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"N/A\",\"customLabel\":\"Device Type\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.cip_identity.vendor_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"N/A\",\"customLabel\":\"Vendor Name\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.cip_identity.serial_number\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"N/A\",\"customLabel\":\"Serial Number\"}},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.cip_identity.revision\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"N/A\",\"customLabel\":\"Revision Number\"}}]}", + "visState": "{\"title\":\"CIP - Device Identity\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":4,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"N/A\"}},\"params\":{},\"label\":\"Serial Number\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.cip_identity.product_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"N/A\",\"customLabel\":\"Product Name\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.cip_identity.device_type_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"N/A\",\"customLabel\":\"Device Type\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.cip_identity.vendor_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"N/A\",\"customLabel\":\"Vendor Name\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.cip_identity.serial_number\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"N/A\",\"customLabel\":\"Serial Number\"}},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.cip_identity.revision\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"N/A\",\"customLabel\":\"Revision Number\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "CIP Identity Results", "version": 1, @@ -272,7 +272,7 @@ "version": "WzE3NywxXQ==", "attributes": { "title": "EtherNet/IP - Destination IP", - "visState": "{\"title\":\"EtherNet/IP - Destination IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Source IP\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"}}]}", + "visState": "{\"title\":\"EtherNet/IP - Destination IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Source IP\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, @@ -301,7 +301,7 @@ "version": "WzE3NiwxXQ==", "attributes": { "title": "CIP - Services", - "visState": "{\"title\":\"CIP - Services\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":3,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Request/Response\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":500,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"CIP Service\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.result\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Status\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.cip.direction\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Request/Response\"}}]}", + "visState": "{\"title\":\"CIP - Services\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":3,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Request/Response\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"CIP Service\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.result\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Status\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.cip.direction\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Request/Response\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "CIP Services and Status", "version": 1, @@ -331,7 +331,7 @@ "version": "WzE3OSwxXQ==", "attributes": { "title": "EtherNet/IP - Detailed Information", - "visState": "{\"title\":\"EtherNet/IP - Detailed Information\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":5,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Data Length\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.enip.session_handle\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":500,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Session Identifier\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.enip.sender_context\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Sender Context\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"EtherNet/IP Command\"}},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.enip.length\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Data Length\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.result\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Status\"}}]}", + "visState": "{\"title\":\"EtherNet/IP - Detailed Information\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":5,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Data Length\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.enip.session_handle\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Session Identifier\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.enip.sender_context\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Sender Context\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"EtherNet/IP Command\"}},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.enip.length\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Data Length\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.result\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Status\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "Includes: Session Identifier, Sender Context, EtherNet/IP Command, Data Length, and Status", "version": 1, diff --git a/dashboards/dashboards/2bec1490-eb94-11e9-a384-0fcf32210194.json b/dashboards/dashboards/2bec1490-eb94-11e9-a384-0fcf32210194.json index 2efe353b4..8f9f90ff6 100644 --- a/dashboards/dashboards/2bec1490-eb94-11e9-a384-0fcf32210194.json +++ b/dashboards/dashboards/2bec1490-eb94-11e9-a384-0fcf32210194.json @@ -223,7 +223,7 @@ "version": "WzE5NiwxXQ==", "attributes": { "title": "BACnet - BVLC Functions", - "visState": "{\"title\":\"BACnet - BVLC Functions\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.bacnet.bvlc_function\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"BVLC Function\"}}]}", + "visState": "{\"title\":\"BACnet - BVLC Functions\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.bacnet.bvlc_function\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"BVLC Function\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "BACnet Virtual Link Control Functions (Link-Layer Control)", "version": 1, @@ -253,7 +253,7 @@ "version": "WzE5NywxXQ==", "attributes": { "title": "BACnet - Protocol Data Units (PDUs)", - "visState": "{\"title\":\"BACnet - Protocol Data Units (PDUs)\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":0,\"direction\":\"asc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"PDU Service\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.bacnet.pdu_service\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"PDU Service\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.bacnet.pdu_type\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"PDU Type\"}}]}", + "visState": "{\"title\":\"BACnet - Protocol Data Units (PDUs)\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":0,\"direction\":\"asc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"PDU Service\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.bacnet.pdu_service\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"PDU Service\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.bacnet.pdu_type\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"PDU Type\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", "description": "BACnet Application Layer Protocol Data Unit types and services", "version": 1, @@ -283,7 +283,7 @@ "version": "Wzk1NSwxXQ==", "attributes": { "title": "BACnet - Actions and Results", - "visState": "{\"title\":\"BACnet - Actions and Results\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Action\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.result\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Result\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"BACnet - Actions and Results\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Action\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.result\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Result\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"sortColumn\":{\"colIndex\":2,\"direction\":\"desc\"}}}", "description": "", "version": 1, @@ -312,7 +312,7 @@ "version": "WzE5OSwxXQ==", "attributes": { "title": "BACnet - Source IP", - "visState": "{\"title\":\"BACnet - Source IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"}}]}", + "visState": "{\"title\":\"BACnet - Source IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "Source IP Addresses from bacnet.log", "version": 1, @@ -341,7 +341,7 @@ "version": "WzIwMCwxXQ==", "attributes": { "title": "BACnet - Destination IP", - "visState": "{\"title\":\"BACnet - Destination IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Source IP\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"}}]}", + "visState": "{\"title\":\"BACnet - Destination IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Source IP\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "Destination IP Addresses from bacnet.log", "version": 1, @@ -370,7 +370,7 @@ "version": "WzIwMywxXQ==", "attributes": { "title": "BACnet - Device Discovery", - "visState": "{\"title\":\"BACnet - Device Discovery\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":4,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":4,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Vendor\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.bacnet_discovery.object_type\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Object Type\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.bacnet.instance_number\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Identifier\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.bacnet.pdu_service\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"PDU Service\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.bacnet_discovery.vendor\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Vendor\"}}]}", + "visState": "{\"title\":\"BACnet - Device Discovery\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":4,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":4,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Vendor\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.bacnet_discovery.object_type\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Object Type\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.bacnet.instance_number\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Identifier\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.bacnet.pdu_service\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"PDU Service\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.bacnet_discovery.vendor\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Vendor\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":4,\"direction\":\"desc\"}}}}", "description": "Results from BACnet i-am and i-have commands", "version": 1, @@ -400,7 +400,7 @@ "version": "WzIwMiwxXQ==", "attributes": { "title": "BACnet - Read and Write Property ", - "visState": "{\"title\":\"BACnet - Read and Write Property \",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":6,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":6,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Property Value\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.bacnet_property.object_type\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Object Type\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.bacnet.instance_number\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":500,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Object Identifier\"}},{\"id\":\"7\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.bacnet.pdu_service\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"PDU Service\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.bacnet_property.property\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Property Type\"}},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.bacnet_property.value\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Property Value\"}}]}", + "visState": "{\"title\":\"BACnet - Read and Write Property \",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":6,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":6,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Property Value\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.bacnet_property.object_type\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Object Type\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.bacnet.instance_number\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Object Identifier\"}},{\"id\":\"7\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.bacnet.pdu_service\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"PDU Service\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.bacnet_property.property\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Property Type\"}},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.bacnet_property.value\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Property Value\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":6,\"direction\":\"desc\"}}}}", "description": "Results from BACnet Read-Property and Write-Property Commands", "version": 1, diff --git a/dashboards/dashboards/2cc56240-e460-11ed-a9d5-9f591c284cb4.json b/dashboards/dashboards/2cc56240-e460-11ed-a9d5-9f591c284cb4.json index a1f6c52b3..afeba696d 100644 --- a/dashboards/dashboards/2cc56240-e460-11ed-a9d5-9f591c284cb4.json +++ b/dashboards/dashboards/2cc56240-e460-11ed-a9d5-9f591c284cb4.json @@ -205,7 +205,7 @@ "version": "WzIxMSwxXQ==", "attributes": { "title": "Synchrophasor - Source", - "visState": "{\"title\":\"Synchrophasor - Source\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Synchrophasor - Source\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{}", "description": "", "version": 1, @@ -235,7 +235,7 @@ "version": "WzIxMiwxXQ==", "attributes": { "title": "Synchrophasor - Destination", - "visState": "{\"title\":\"Synchrophasor - Destination\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Port\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Synchrophasor - Destination\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Port\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{}", "description": "", "version": 1, @@ -355,7 +355,7 @@ "version": "Wzk0NiwxXQ==", "attributes": { "title": "Synchrophasor - Stations", - "visState": "{\"title\":\"Synchrophasor - Stations\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.synchrophasor_cfg_detail.station_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Station\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Synchrophasor - Stations\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.synchrophasor_cfg_detail.station_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Station\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{}", "description": "", "version": 1, @@ -385,7 +385,7 @@ "version": "Wzk0NSwxXQ==", "attributes": { "title": "Synchrophasor - Phasors", - "visState": "{\"title\":\"Synchrophasor - Phasors\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.synchrophasor_cfg_detail.phnam\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Phasor\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Synchrophasor - Phasors\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.synchrophasor_cfg_detail.phnam\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Phasor\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{}", "description": "", "version": 1, @@ -415,7 +415,7 @@ "version": "WzkzNywxXQ==", "attributes": { "title": "Synchrophasor - Analog Channels", - "visState": "{\"title\":\"Synchrophasor - Analog Channels\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.synchrophasor_cfg_detail.annam\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Analog Channel\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Synchrophasor - Analog Channels\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.synchrophasor_cfg_detail.annam\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Analog Channel\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{}", "description": "", "version": 1, @@ -445,7 +445,7 @@ "version": "Wzk0MSwxXQ==", "attributes": { "title": "Synchrophasor - Digital Channels", - "visState": "{\"title\":\"Synchrophasor - Digital Channels\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.synchrophasor_cfg_detail.dgnam\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Digital Channel\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Synchrophasor - Digital Channels\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.synchrophasor_cfg_detail.dgnam\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Digital Channel\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{}", "description": "", "version": 1, diff --git a/dashboards/dashboards/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9.json b/dashboards/dashboards/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9.json index 67c62af0b..9283cd75d 100644 --- a/dashboards/dashboards/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9.json +++ b/dashboards/dashboards/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9.json @@ -219,7 +219,7 @@ "updated_at": "2021-05-11T12:24:17.423Z", "version": "WzM1NCwxXQ==", "attributes": { - "visState": "{\"title\":\"DNS - Query/Answer\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dns.query\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Query\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dns.answers\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Answer\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"DNS - Query/Answer\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dns.query\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Query\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dns.answers\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Answer\"}}],\"listeners\":{}}", "description": "", "title": "DNS - Query/Answer", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -340,7 +340,7 @@ "version": "WzM1OCwxXQ==", "attributes": { "title": "DNS - Answers", - "visState": "{\"title\":\"DNS - Answers\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dns.answers\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Answer\"}}]}", + "visState": "{\"title\":\"DNS - Answers\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dns.answers\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Answer\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, @@ -370,7 +370,7 @@ "version": "WzM1OSwxXQ==", "attributes": { "title": "DNS - Response Code (Name)", - "visState": "{\"title\":\"DNS - Response Code (Name)\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dns.rcode_name\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Response Code (Name)\"}}]}", + "visState": "{\"title\":\"DNS - Response Code (Name)\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dns.rcode_name\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Response Code (Name)\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, @@ -460,7 +460,7 @@ "version": "WzYzMSwxXQ==", "attributes": { "title": "DNS Queries by Randomness", - "visState": "{\"title\":\"DNS Queries by Randomness\",\"type\":\"table\",\"params\":{\"dimensions\":{\"buckets\":[{\"accessor\":0,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\"}},\"params\":{}},{\"accessor\":1,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\"}},\"params\":{}}],\"metrics\":[{\"accessor\":2,\"aggType\":\"count\",\"format\":{\"id\":\"number\"},\"params\":{}}]},\"perPage\":10,\"percentageCol\":\"\",\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":1,\"direction\":\"asc\"},\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dns.host\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":500,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"DNS Query\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.freq_score_v1\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Randomness Score (method 1)\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.freq_score_v2\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Randomness Score (method 2)\"}}]}", + "visState": "{\"title\":\"DNS Queries by Randomness\",\"type\":\"table\",\"params\":{\"dimensions\":{\"buckets\":[{\"accessor\":0,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\"}},\"params\":{}},{\"accessor\":1,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\"}},\"params\":{}}],\"metrics\":[{\"accessor\":2,\"aggType\":\"count\",\"format\":{\"id\":\"number\"},\"params\":{}}]},\"perPage\":10,\"percentageCol\":\"\",\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":1,\"direction\":\"asc\"},\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dns.host\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"DNS Query\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.freq_score_v1\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Randomness Score (method 1)\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.freq_score_v2\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Randomness Score (method 2)\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"asc\"}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/2d98bb8e-214c-4374-837b-20e1bcd63a5e.json b/dashboards/dashboards/2d98bb8e-214c-4374-837b-20e1bcd63a5e.json index 9f42c444d..403f16059 100644 --- a/dashboards/dashboards/2d98bb8e-214c-4374-837b-20e1bcd63a5e.json +++ b/dashboards/dashboards/2d98bb8e-214c-4374-837b-20e1bcd63a5e.json @@ -260,7 +260,7 @@ "version": "WzMzNSwxXQ==", "attributes": { "title": "DHCP - IP to MAC Assignment", - "visState": "{\"title\":\"DHCP - IP to MAC Assignment\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dhcp.assigned_ip\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Assigned IP Address\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dhcp.mac\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"MAC Address\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source IP Address\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination IP Address\"}}]}", + "visState": "{\"title\":\"DHCP - IP to MAC Assignment\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dhcp.assigned_ip\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Assigned IP Address\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dhcp.mac\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"MAC Address\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source IP Address\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination IP Address\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/32587740-ef88-11e9-b38a-2db3ee640e88.json b/dashboards/dashboards/32587740-ef88-11e9-b38a-2db3ee640e88.json index 2a8ec6840..486cfa584 100644 --- a/dashboards/dashboards/32587740-ef88-11e9-b38a-2db3ee640e88.json +++ b/dashboards/dashboards/32587740-ef88-11e9-b38a-2db3ee640e88.json @@ -197,7 +197,7 @@ "version": "WzM1NywxXQ==", "attributes": { "title": "Tabular Data Stream - RPC Procedure", - "visState": "{\"title\":\"Tabular Data Stream - RPC Procedure\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.tds_rpc.procedure_name\",\"size\":200,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Procedure\"}}]}", + "visState": "{\"title\":\"Tabular Data Stream - RPC Procedure\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.tds_rpc.procedure_name\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Procedure\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -227,7 +227,7 @@ "version": "WzM1OCwxXQ==", "attributes": { "title": "Tabular Data Stream - RPC Source IP", - "visState": "{\"title\":\"Tabular Data Stream - RPC Source IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"size\":200,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"}}]}", + "visState": "{\"title\":\"Tabular Data Stream - RPC Source IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, @@ -257,7 +257,7 @@ "version": "WzM1OSwxXQ==", "attributes": { "title": "Tabular Data Stream - RPC Destination IP", - "visState": "{\"title\":\"Tabular Data Stream - RPC Destination IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"size\":200,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Port\"}}]}", + "visState": "{\"title\":\"Tabular Data Stream - RPC Destination IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Port\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/36ed695f-edcc-47c1-b0ec-50d20c93ce0f.json b/dashboards/dashboards/36ed695f-edcc-47c1-b0ec-50d20c93ce0f.json index 13b692273..379ddd8b6 100644 --- a/dashboards/dashboards/36ed695f-edcc-47c1-b0ec-50d20c93ce0f.json +++ b/dashboards/dashboards/36ed695f-edcc-47c1-b0ec-50d20c93ce0f.json @@ -179,7 +179,7 @@ "updated_at": "2022-01-12T18:22:26.156Z", "version": "WzIzOSwxXQ==", "attributes": { - "visState": "{\"title\":\"Intel - Source\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.intel.sources\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"Intel - Source\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.intel.sources\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source\"}}],\"listeners\":{}}", "description": "", "title": "Intel - Source", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -240,7 +240,7 @@ "version": "WzI0MSwxXQ==", "attributes": { "title": "Intel - Destination IP Address", - "visState": "{\"title\":\"Intel - Destination IP Address\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Port\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Intel - Destination IP Address\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Port\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -270,7 +270,7 @@ "version": "WzI0MiwxXQ==", "attributes": { "title": "Intel - Indicator", - "visState": "{\"title\":\"Intel - Indicator\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.intel.seen_indicator_type\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Type\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.intel.seen_where\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Seen Where\"},\"schema\":\"bucket\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.intel.seen_indicator\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Indicator\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Intel - Indicator\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.intel.seen_indicator_type\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Type\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.intel.seen_where\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Seen Where\"},\"schema\":\"bucket\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.intel.seen_indicator\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Indicator\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/42e831b9-41a9-4f35-8b7d-e1566d368773.json b/dashboards/dashboards/42e831b9-41a9-4f35-8b7d-e1566d368773.json index 256ee1395..431a69e37 100644 --- a/dashboards/dashboards/42e831b9-41a9-4f35-8b7d-e1566d368773.json +++ b/dashboards/dashboards/42e831b9-41a9-4f35-8b7d-e1566d368773.json @@ -304,7 +304,7 @@ "updated_at": "2021-11-12T19:32:24.674Z", "version": "WzQ0OCwxXQ==", "attributes": { - "visState": "{\"title\":\"SMB - File/Path Summary\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showMeticsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.smb_files.path\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"File Path\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.smb_files.name\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"_term\",\"customLabel\":\"File Name\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.action\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Action\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source IP Address\"}},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination IP Address\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"SMB - File/Path Summary\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showMeticsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.smb_files.path\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"File Path\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.smb_files.name\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"_term\",\"customLabel\":\"File Name\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.action\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Action\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source IP Address\"}},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination IP Address\"}}],\"listeners\":{}}", "description": "", "title": "SMB - File/Path Summary", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":5,\"direction\":\"desc\"}}}}", diff --git a/dashboards/dashboards/432af556-c5c0-4cc3-8166-b274b4e3a406.json b/dashboards/dashboards/432af556-c5c0-4cc3-8166-b274b4e3a406.json index edadcaa8b..d6e17e227 100644 --- a/dashboards/dashboards/432af556-c5c0-4cc3-8166-b274b4e3a406.json +++ b/dashboards/dashboards/432af556-c5c0-4cc3-8166-b274b4e3a406.json @@ -390,7 +390,7 @@ "version": "WzQ0NiwxXQ==", "attributes": { "title": "DCE/RPC - Summary", - "visState": "{\"title\":\"DCE/RPC - Summary\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dce_rpc.endpoint\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Endpoint\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dce_rpc.operation\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Operation\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dce_rpc.named_pipe\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Named Pipe\"}}]}", + "visState": "{\"title\":\"DCE/RPC - Summary\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dce_rpc.endpoint\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Endpoint\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dce_rpc.operation\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Operation\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dce_rpc.named_pipe\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Named Pipe\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/4a073440-b286-11eb-a4d4-09fa12a6ebd4.json b/dashboards/dashboards/4a073440-b286-11eb-a4d4-09fa12a6ebd4.json index 07b3051a7..a9c3d9f39 100644 --- a/dashboards/dashboards/4a073440-b286-11eb-a4d4-09fa12a6ebd4.json +++ b/dashboards/dashboards/4a073440-b286-11eb-a4d4-09fa12a6ebd4.json @@ -165,7 +165,7 @@ "version": "WzEyODcsMV0=", "attributes": { "title": "EtherCAT - Source", - "visState": "{\"title\":\"EtherCAT - Source\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.mac\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source MAC\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.oui\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"unknown\",\"customLabel\":\"Source OUI\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"EtherCAT - Source\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.mac\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source MAC\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.oui\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"unknown\",\"customLabel\":\"Source OUI\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -195,7 +195,7 @@ "version": "WzEzMDYsMV0=", "attributes": { "title": "EtherCAT - Destination", - "visState": "{\"title\":\"EtherCAT - Destination\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.mac\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination MAC\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.oui\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"unknown\",\"customLabel\":\"Destination OUI\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"EtherCAT - Destination\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.mac\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination MAC\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.oui\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"unknown\",\"customLabel\":\"Destination OUI\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/4a4bde20-4760-11ea-949c-bbb5a9feecbf.json b/dashboards/dashboards/4a4bde20-4760-11ea-949c-bbb5a9feecbf.json index 01a8ca434..43b5060a6 100644 --- a/dashboards/dashboards/4a4bde20-4760-11ea-949c-bbb5a9feecbf.json +++ b/dashboards/dashboards/4a4bde20-4760-11ea-949c-bbb5a9feecbf.json @@ -175,7 +175,7 @@ "version": "WzQ1MiwxXQ==", "attributes": { "title": "ICS/IoT External Traffic", - "visState": "{\"title\":\"ICS/IoT External Traffic\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":5,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"ip\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":3,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"ip\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":4,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Destination Country\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Protocol\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":499,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.geo.country_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Source Country\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":500,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"}},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.geo.country_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Destination Country\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Destination Country\"}}]}", + "visState": "{\"title\":\"ICS/IoT External Traffic\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":5,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"ip\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":3,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"ip\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":4,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Destination Country\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Protocol\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.geo.country_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Source Country\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"}},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.geo.country_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Destination Country\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Destination Country\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, @@ -264,7 +264,7 @@ "version": "WzQ1NSwxXQ==", "attributes": { "title": "ICS/IoT Source IP", - "visState": "{\"title\":\"ICS/IoT Source IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"ip\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":500,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"-\",\"customLabel\":\"Protocol\"}}]}", + "visState": "{\"title\":\"ICS/IoT Source IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"ip\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"-\",\"customLabel\":\"Protocol\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -324,7 +324,7 @@ "version": "WzQ1NywxXQ==", "attributes": { "title": "ICS/IoT Destination IP", - "visState": "{\"title\":\"ICS/IoT Destination IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"ip\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":500,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"-\",\"customLabel\":\"Protocol\"}}]}", + "visState": "{\"title\":\"ICS/IoT Destination IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"ip\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"-\",\"customLabel\":\"Protocol\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -354,7 +354,7 @@ "version": "WzQ1OCwxXQ==", "attributes": { "title": "File Types by Transport", - "visState": "{\"title\":\"File Types by Transport\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":true,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"file.mime_type\",\"orderBy\":\"_key\",\"order\":\"desc\",\"size\":500,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"File Type\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"file.source\",\"orderBy\":\"_key\",\"order\":\"desc\",\"size\":50,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Transport\"}}]}", + "visState": "{\"title\":\"File Types by Transport\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":true,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"file.mime_type\",\"orderBy\":\"_key\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"File Type\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"file.source\",\"orderBy\":\"_key\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Transport\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/4e5f106e-c60a-4226-8f64-d534abb912ab.json b/dashboards/dashboards/4e5f106e-c60a-4226-8f64-d534abb912ab.json index b83017c24..367b791b7 100644 --- a/dashboards/dashboards/4e5f106e-c60a-4226-8f64-d534abb912ab.json +++ b/dashboards/dashboards/4e5f106e-c60a-4226-8f64-d534abb912ab.json @@ -170,7 +170,7 @@ "version": "WzM1NiwxXQ==", "attributes": { "title": "SNMP - Destination IP Address", - "visState": "{\"title\":\"SNMP - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"IP Address\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Port\"}}]}", + "visState": "{\"title\":\"SNMP - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"IP Address\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Port\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/50ced171-1b10-4c3f-8b67-2db9635661a6.json b/dashboards/dashboards/50ced171-1b10-4c3f-8b67-2db9635661a6.json index f14731856..57d8d5167 100644 --- a/dashboards/dashboards/50ced171-1b10-4c3f-8b67-2db9635661a6.json +++ b/dashboards/dashboards/50ced171-1b10-4c3f-8b67-2db9635661a6.json @@ -180,7 +180,7 @@ "version": "WzQ3NywxXQ==", "attributes": { "title": "MySQL - Commands", - "visState": "{\"title\":\"MySQL - Commands\",\"type\":\"table\",\"params\":{\"perPage\":20,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":4,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Command\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Argument\",\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Response\",\"aggType\":\"terms\"},{\"accessor\":3,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Success\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.mysql.cmd\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Command\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.mysql.arg\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Argument\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.mysql.response\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Response\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.mysql.success\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Success\"}}]}", + "visState": "{\"title\":\"MySQL - Commands\",\"type\":\"table\",\"params\":{\"perPage\":20,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":4,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Command\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Argument\",\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Response\",\"aggType\":\"terms\"},{\"accessor\":3,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Success\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.mysql.cmd\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Command\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.mysql.arg\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Argument\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.mysql.response\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Response\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.mysql.success\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Success\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":4,\"direction\":\"desc\"}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/543118a9-02d7-43fe-b669-b8652177fc37.json b/dashboards/dashboards/543118a9-02d7-43fe-b669-b8652177fc37.json index 8665f1ee9..18437071d 100644 --- a/dashboards/dashboards/543118a9-02d7-43fe-b669-b8652177fc37.json +++ b/dashboards/dashboards/543118a9-02d7-43fe-b669-b8652177fc37.json @@ -360,7 +360,7 @@ "version": "WzQ4OSwxXQ==", "attributes": { "title": "NTLM - Hostname to Username", - "visState": "{\"title\":\"NTLM - Hostname to Username\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.ntlm.host\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Hostname\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"related.user\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Username\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.ntlm.domain\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Domain\"}}]}", + "visState": "{\"title\":\"NTLM - Hostname to Username\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.ntlm.host\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Hostname\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"related.user\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Username\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.ntlm.domain\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Domain\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/5694ca60-cbdf-11ec-a50a-5fedd672f5c5.json b/dashboards/dashboards/5694ca60-cbdf-11ec-a50a-5fedd672f5c5.json index 58d04d697..b7819873a 100644 --- a/dashboards/dashboards/5694ca60-cbdf-11ec-a50a-5fedd672f5c5.json +++ b/dashboards/dashboards/5694ca60-cbdf-11ec-a50a-5fedd672f5c5.json @@ -240,7 +240,7 @@ "version": "WzM5MywxXQ==", "attributes": { "title": "Alerts - Target", - "visState": "{\"title\":\"Alerts - Target\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"vulnerability.category\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Target\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Alerts - Target\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"vulnerability.category\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Target\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -270,7 +270,7 @@ "version": "WzM5NCwxXQ==", "attributes": { "title": "Alerts - Name", - "visState": "{\"title\":\"Alerts - Name\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"rule.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Name\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Alerts - Name\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"rule.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Name\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -300,7 +300,7 @@ "version": "WzM5NSwxXQ==", "attributes": { "title": "Alerts - Source", - "visState": "{\"title\":\"Alerts - Source\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Alerts - Source\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -330,7 +330,7 @@ "version": "WzM5NiwxXQ==", "attributes": { "title": "Alerts - Destination", - "visState": "{\"title\":\"Alerts - Destination\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Port\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Alerts - Destination\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Port\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -360,7 +360,7 @@ "version": "WzM5NywxXQ==", "attributes": { "title": "Alerts - Destination Country", - "visState": "{\"title\":\"Alerts - Destination Country\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.geo.country_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Country\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Alerts - Destination Country\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.geo.country_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Country\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -390,7 +390,7 @@ "version": "WzM5OCwxXQ==", "attributes": { "title": "Alerts - Source Country", - "visState": "{\"title\":\"Alerts - Source Country\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.geo.country_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source Country\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Alerts - Source Country\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.geo.country_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source Country\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/665d1610-523d-11e9-a30e-e3576242f3ed.json b/dashboards/dashboards/665d1610-523d-11e9-a30e-e3576242f3ed.json index 75ef20f18..76adbfa48 100644 --- a/dashboards/dashboards/665d1610-523d-11e9-a30e-e3576242f3ed.json +++ b/dashboards/dashboards/665d1610-523d-11e9-a30e-e3576242f3ed.json @@ -230,7 +230,7 @@ "version": "WzM3MCwxXQ==", "attributes": { "title": "Signatures - Name", - "visState": "{\"title\":\"Signatures - Name\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"rule.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":1000,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Signature\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":20,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Signatures - Name\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"rule.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Signature\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":20,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/677ee170-809e-11ed-8d5b-07069f823b6f.json b/dashboards/dashboards/677ee170-809e-11ed-8d5b-07069f823b6f.json index edf5d0f59..73790187f 100644 --- a/dashboards/dashboards/677ee170-809e-11ed-8d5b-07069f823b6f.json +++ b/dashboards/dashboards/677ee170-809e-11ed-8d5b-07069f823b6f.json @@ -140,7 +140,7 @@ "version": "WzQxNywxXQ==", "attributes": { "title": "Source Device Type", - "visState": "{\"title\":\"Source Device Type\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.device.manufacturer\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Manufacturer\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.device.device_type\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Type\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.device.role\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Role\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Source Device Type\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.device.manufacturer\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Manufacturer\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.device.device_type\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Type\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.device.role\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Role\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -170,7 +170,7 @@ "version": "WzQxOCwxXQ==", "attributes": { "title": "Traffic by Network Segment", - "visState": "{\"title\":\"Traffic by Network Segment\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Log Count\"},\"schema\":\"metric\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"related.site\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Site\"},\"schema\":\"bucket\"},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.direction\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"unknown\",\"customLabel\":\"Direction\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.segment.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Source Segment\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.segment.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Destination Segment\"},\"schema\":\"bucket\"},{\"id\":\"7\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Total Packets\"},\"schema\":\"metric\"},{\"id\":\"8\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Total Bytes\"},\"schema\":\"metric\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Traffic by Network Segment\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Log Count\"},\"schema\":\"metric\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"related.site\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Site\"},\"schema\":\"bucket\"},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.direction\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"unknown\",\"customLabel\":\"Direction\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.segment.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Source Segment\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.segment.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Destination Segment\"},\"schema\":\"bucket\"},{\"id\":\"7\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Total Packets\"},\"schema\":\"metric\"},{\"id\":\"8\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Total Bytes\"},\"schema\":\"metric\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":6,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -200,7 +200,7 @@ "version": "WzQxOSwxXQ==", "attributes": { "title": "Destination Device Type", - "visState": "{\"title\":\"Destination Device Type\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.device.manufacturer\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Manufacturer\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.device.device_type\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Type\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.device.role\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Role\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Destination Device Type\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.device.manufacturer\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Manufacturer\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.device.device_type\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Type\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.device.role\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Role\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -290,7 +290,7 @@ "version": "Wzk0OSwxXQ==", "attributes": { "title": "Protocol by Network Segment", - "visState": "{\"title\":\"Protocol by Network Segment\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":150,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"-\",\"customLabel\":\"Network Segment\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.type\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Family\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.transport\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":150,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Transport\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Protocol\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Protocol by Network Segment\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"-\",\"customLabel\":\"Network Segment\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.type\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Family\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.transport\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":150,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Transport\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Protocol\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":4,\"direction\":\"desc\"}},\"sortColumn\":{\"colIndex\":4,\"direction\":\"desc\"}}}", "description": "", "version": 1, @@ -320,7 +320,7 @@ "version": "WzQyMywxXQ==", "attributes": { "title": "Notice, Alert and Signature by Network Segment", - "visState": "{\"title\":\"Notice, Alert and Signature by Network Segment\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.provider\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Provider\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.dataset\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Dataset\"},\"schema\":\"bucket\"},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"related.site\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Site\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Network Segment\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"rule.category\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Category\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Notice, Alert and Signature by Network Segment\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.provider\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Provider\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.dataset\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Dataset\"},\"schema\":\"bucket\"},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"related.site\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Site\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Network Segment\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"rule.category\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Category\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":5,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -350,7 +350,7 @@ "version": "WzQyNCwxXQ==", "attributes": { "title": "Event Severity by Network Segment", - "visState": "{\"title\":\"Event Severity by Network Segment\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"7\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"related.site\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Site\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Network Segment\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.severity_tags\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Severity Tag\"},\"schema\":\"bucket\"},{\"id\":\"6\",\"enabled\":true,\"type\":\"max\",\"params\":{\"field\":\"event.risk_score\",\"customLabel\":\"High Raw Severity\"},\"schema\":\"metric\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Event Severity by Network Segment\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"7\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"related.site\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Site\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Network Segment\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.severity_tags\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Severity Tag\"},\"schema\":\"bucket\"},{\"id\":\"6\",\"enabled\":true,\"type\":\"max\",\"params\":{\"field\":\"event.risk_score\",\"customLabel\":\"High Raw Severity\"},\"schema\":\"metric\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":4,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -380,7 +380,7 @@ "version": "WzQyNSwxXQ==", "attributes": { "title": "Source Device Log Counts", - "visState": "{\"title\":\"Source Device Log Counts\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Log Count\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.device.manufacturer\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Manufacturer\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.device.device_type\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Type\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.device.role\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Role\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.device.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Name\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":15,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Source Device Log Counts\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Log Count\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.device.manufacturer\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Manufacturer\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.device.device_type\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Type\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.device.role\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Role\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.device.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Name\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":15,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":4,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -410,7 +410,7 @@ "version": "WzQyNiwxXQ==", "attributes": { "title": "Destination Device Log Counts", - "visState": "{\"title\":\"Destination Device Log Counts\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Log Count\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.device.manufacturer\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Manufacturer\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.device.device_type\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Type\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.device.role\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Role\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.device.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Name\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":15,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Destination Device Log Counts\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Log Count\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.device.manufacturer\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Manufacturer\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.device.device_type\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Type\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.device.role\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Role\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.device.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Name\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":15,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":4,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -440,7 +440,7 @@ "version": "WzQyNywxXQ==", "attributes": { "title": "Uninventoried Internal Source IPs", - "visState": "{\"title\":\"Uninventoried Internal Source IPs\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.segment.site\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Site\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.segment.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Segment\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Uninventoried Internal Source IPs\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.segment.site\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Site\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.segment.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Segment\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -470,7 +470,7 @@ "version": "WzQyOCwxXQ==", "attributes": { "title": "Uninventoried Internal Destination IPs", - "visState": "{\"title\":\"Uninventoried Internal Destination IPs\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.segment.site\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Site\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.segment.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Segment\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Uninventoried Internal Destination IPs\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.segment.site\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Site\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.segment.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Segment\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/76f2f912-80da-44cd-ab66-6a73c8344cc3.json b/dashboards/dashboards/76f2f912-80da-44cd-ab66-6a73c8344cc3.json index e7e158f77..acc870ea1 100644 --- a/dashboards/dashboards/76f2f912-80da-44cd-ab66-6a73c8344cc3.json +++ b/dashboards/dashboards/76f2f912-80da-44cd-ab66-6a73c8344cc3.json @@ -134,7 +134,7 @@ "updated_at": "2021-02-10T21:24:36.060Z", "version": "WzUxMiwxXQ==", "attributes": { - "visState": "{\"title\":\"IRC - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"IRC - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", "description": "", "title": "IRC - Destination IP Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -164,7 +164,7 @@ "updated_at": "2021-02-10T21:24:36.060Z", "version": "WzUxMywxXQ==", "attributes": { - "visState": "{\"title\":\"IRC - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"IRC - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", "description": "", "title": "IRC - Source IP Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -195,7 +195,7 @@ "version": "WzUxNCwxXQ==", "attributes": { "title": "IRC - Destination Port", - "visState": "{\"title\":\"IRC - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination Port\"}}]}", + "visState": "{\"title\":\"IRC - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination Port\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, @@ -255,7 +255,7 @@ "version": "WzUxNiwxXQ==", "attributes": { "title": "IRC - Destination Country", - "visState": "{\"title\":\"IRC - Destination Country\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.geo.country_name\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination Country\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.geo.city_name\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination City\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination IP Address\"}}]}", + "visState": "{\"title\":\"IRC - Destination Country\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.geo.country_name\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination Country\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.geo.city_name\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination City\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination IP Address\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, @@ -285,7 +285,7 @@ "version": "WzUxNywxXQ==", "attributes": { "title": "IRC - Command", - "visState": "{\"title\":\"IRC - Command\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.irc.command\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Command\"}}]}", + "visState": "{\"title\":\"IRC - Command\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.irc.command\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Command\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/7f41913f-cba8-43f5-82a8-241b7ead03e0.json b/dashboards/dashboards/7f41913f-cba8-43f5-82a8-241b7ead03e0.json index 734148662..5102c24a3 100644 --- a/dashboards/dashboards/7f41913f-cba8-43f5-82a8-241b7ead03e0.json +++ b/dashboards/dashboards/7f41913f-cba8-43f5-82a8-241b7ead03e0.json @@ -175,7 +175,7 @@ "version": "WzI3NjksMV0=", "attributes": { "title": "RDP - Destination IP Address", - "visState": "{\"title\":\"RDP - Destination IP Address\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Port\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"RDP - Destination IP Address\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Port\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb.json b/dashboards/dashboards/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb.json index 2c6e017f9..532bab29e 100644 --- a/dashboards/dashboards/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb.json +++ b/dashboards/dashboards/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb.json @@ -300,7 +300,7 @@ "version": "WzM3NiwxXQ==", "attributes": { "title": "SSL - Server", - "visState": "{\"title\":\"SSL - Server\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Server\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Randomness Score (method 1)\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.ssl.server_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.freq_score_v1\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Randomness Score (method 1)\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.freq_score_v2\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Randomness Score (method 2)\"}}]}", + "visState": "{\"title\":\"SSL - Server\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Server\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Randomness Score (method 1)\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.ssl.server_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.freq_score_v1\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Randomness Score (method 1)\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.freq_score_v2\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Randomness Score (method 2)\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -420,7 +420,7 @@ "version": "WzM4MCwxXQ==", "attributes": { "title": "SSL - Client JA3 Lookup", - "visState": "{\"title\":\"SSL - Client JA3 Lookup\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"tls.client.ja3_description\",\"size\":500,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client JA3 Lookup\"}}]}", + "visState": "{\"title\":\"SSL - Client JA3 Lookup\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"tls.client.ja3_description\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client JA3 Lookup\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, @@ -450,7 +450,7 @@ "version": "WzM4MSwxXQ==", "attributes": { "title": "SSL - Server JA3 Lookup", - "visState": "{\"title\":\"SSL - Server JA3 Lookup\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"tls.server.ja3s_description\",\"size\":500,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server JA3 Lookup\"}}]}", + "visState": "{\"title\":\"SSL - Server JA3 Lookup\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"tls.server.ja3s_description\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server JA3 Lookup\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, @@ -540,7 +540,7 @@ "version": "Wzg0NSwxXQ==", "attributes": { "title": "SSL - Certificate Fingerprint", - "visState": "{\"title\":\"SSL - Certificate Fingerprint\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.x509.fingerprint\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":500,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Certificate Fingerprint\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"SSL - Certificate Fingerprint\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.x509.fingerprint\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Certificate Fingerprint\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/82da3101-2a9c-4ae2-bb61-d447a3fbe673.json b/dashboards/dashboards/82da3101-2a9c-4ae2-bb61-d447a3fbe673.json index 59a13edb6..b53c6fb58 100644 --- a/dashboards/dashboards/82da3101-2a9c-4ae2-bb61-d447a3fbe673.json +++ b/dashboards/dashboards/82da3101-2a9c-4ae2-bb61-d447a3fbe673.json @@ -159,7 +159,7 @@ "updated_at": "2021-02-10T21:24:40.130Z", "version": "WzU2MiwxXQ==", "attributes": { - "visState": "{\"title\":\"Kerberos - Client\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.kerberos.cname\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Client\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"Kerberos - Client\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.kerberos.cname\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Client\"}}],\"listeners\":{}}", "description": "", "title": "Kerberos - Client", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -219,7 +219,7 @@ "updated_at": "2021-02-10T21:24:40.130Z", "version": "WzU2NCwxXQ==", "attributes": { - "visState": "{\"title\":\"Kerberos - Server\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.kerberos.sname\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Server\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"Kerberos - Server\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.kerberos.sname\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Server\"}}],\"listeners\":{}}", "description": "", "title": "Kerberos - Server", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", diff --git a/dashboards/dashboards/870a5862-6c26-4a08-99fd-0c06cda85ba3.json b/dashboards/dashboards/870a5862-6c26-4a08-99fd-0c06cda85ba3.json index 98d5ff339..1e4e7d37c 100644 --- a/dashboards/dashboards/870a5862-6c26-4a08-99fd-0c06cda85ba3.json +++ b/dashboards/dashboards/870a5862-6c26-4a08-99fd-0c06cda85ba3.json @@ -333,7 +333,7 @@ "version": "WzU4MywxXQ==", "attributes": { "title": "DNP3 - Objects Overview", - "visState": "{\"title\":\"DNP3 - Objects Overview\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":3,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":4,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"IP Address\",\"aggType\":\"terms\"}]},\"row\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dnp3_objects.object_type\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Object Type\"}},{\"id\":\"8\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dnp3_objects.object_count\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Object Count\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dnp3_objects.range_low\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"-\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Range Start\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dnp3_objects.range_high\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"-\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Range End\"}},{\"id\":\"7\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"split\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"}}]}", + "visState": "{\"title\":\"DNP3 - Objects Overview\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":3,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":4,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"IP Address\",\"aggType\":\"terms\"}]},\"row\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dnp3_objects.object_type\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Object Type\"}},{\"id\":\"8\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dnp3_objects.object_count\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Object Count\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dnp3_objects.range_low\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"-\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Range Start\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dnp3_objects.range_high\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"-\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Range End\"}},{\"id\":\"7\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"split\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":null}}}}", "description": "Overview of DNP3 objects from READ-RESPONSE messages in dnp3_objects.log", "version": 1, @@ -363,7 +363,7 @@ "version": "WzU4NCwxXQ==", "attributes": { "title": "DNP3 - Control Overview", - "visState": "{\"title\":\"DNP3 - Control Overview\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":5,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Control Code\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dnp3_control.index_number\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Index Number\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Function\"}},{\"id\":\"7\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dnp3_control.block_type\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Block Type\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dnp3_control.operation_type\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Operation Type\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dnp3_control.trip_control_code\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Control Code\"}}]}", + "visState": "{\"title\":\"DNP3 - Control Overview\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":5,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Control Code\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dnp3_control.index_number\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Index Number\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Function\"}},{\"id\":\"7\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dnp3_control.block_type\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Block Type\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dnp3_control.operation_type\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Operation Type\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.dnp3_control.trip_control_code\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Control Code\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":5,\"direction\":null}}}}", "description": "Overview of DNP3 control functions from dnp3_control.log", "version": 1, diff --git a/dashboards/dashboards/87a32f90-ef58-11e9-974e-9d600036d105.json b/dashboards/dashboards/87a32f90-ef58-11e9-974e-9d600036d105.json index dcef71690..2f145ac22 100644 --- a/dashboards/dashboards/87a32f90-ef58-11e9-974e-9d600036d105.json +++ b/dashboards/dashboards/87a32f90-ef58-11e9-974e-9d600036d105.json @@ -175,7 +175,7 @@ "version": "WzU5MiwxXQ==", "attributes": { "title": "MQTT - Source IP", - "visState": "{\"title\":\"MQTT - Source IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"size\":200,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"}}]}", + "visState": "{\"title\":\"MQTT - Source IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, @@ -205,7 +205,7 @@ "version": "WzU5MywxXQ==", "attributes": { "title": "MQTT - Destination IP", - "visState": "{\"title\":\"MQTT - Destination IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"size\":200,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Port\"}}]}", + "visState": "{\"title\":\"MQTT - Destination IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Port\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -265,7 +265,7 @@ "version": "WzU5NSwxXQ==", "attributes": { "title": "MQTT - Client ID", - "visState": "{\"title\":\"MQTT - Client ID\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"size\":200,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.mqtt_connect.client_id\",\"size\":200,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Client ID\"}}]}", + "visState": "{\"title\":\"MQTT - Client ID\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.mqtt_connect.client_id\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Client ID\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -295,7 +295,7 @@ "version": "WzU5NiwxXQ==", "attributes": { "title": "MQTT - Subscription", - "visState": "{\"title\":\"MQTT - Subscription\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.mqtt_subscribe.topics\",\"size\":200,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Topic\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.mqtt_subscribe.action\",\"size\":200,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Action\"}}]}", + "visState": "{\"title\":\"MQTT - Subscription\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.mqtt_subscribe.topics\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Topic\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.mqtt_subscribe.action\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Action\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, @@ -325,7 +325,7 @@ "version": "WzU5NywxXQ==", "attributes": { "title": "MQTT - Publish", - "visState": "{\"title\":\"MQTT - Publish\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.mqtt_publish.topic\",\"size\":200,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Topic\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.mqtt_publish.from_client\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"From Client\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.mqtt_publish.status\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Status\"}}]}", + "visState": "{\"title\":\"MQTT - Publish\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.mqtt_publish.topic\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Topic\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.mqtt_publish.from_client\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"From Client\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.mqtt_publish.status\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Status\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -355,7 +355,7 @@ "version": "WzU5OCwxXQ==", "attributes": { "title": "MQTT - Publish Payload", - "visState": "{\"title\":\"MQTT - Publish Payload\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":4,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.mqtt_publish.topic\",\"size\":200,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Topic\"}},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.mqtt_publish.from_client\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"From Client\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.mqtt_publish.payload_len\",\"size\":200,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Length\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.mqtt_publish.payload\",\"size\":200,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Payload\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.mqtt_publish.status\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Status\"}}]}", + "visState": "{\"title\":\"MQTT - Publish Payload\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":4,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.mqtt_publish.topic\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Topic\"}},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.mqtt_publish.from_client\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"From Client\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.mqtt_publish.payload_len\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Length\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.mqtt_publish.payload\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Payload\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.mqtt_publish.status\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Status\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":5,\"direction\":\"desc\"}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/89d1cc50-974c-11ed-bb6b-3fb06c879b11.json b/dashboards/dashboards/89d1cc50-974c-11ed-bb6b-3fb06c879b11.json index c8398f0e7..99ba19a25 100644 --- a/dashboards/dashboards/89d1cc50-974c-11ed-bb6b-3fb06c879b11.json +++ b/dashboards/dashboards/89d1cc50-974c-11ed-bb6b-3fb06c879b11.json @@ -155,7 +155,7 @@ "version": "WzUxMiwxXQ==", "attributes": { "title": "Log Source", - "visState": "{\"title\":\"Log Source\",\"type\":\"table\",\"aggs\":[{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"-\",\"customLabel\":\"Log Source\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"max\",\"params\":{\"field\":\"event.ingested\",\"customLabel\":\"Last Ingested\"},\"schema\":\"metric\"},{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"}],\"params\":{\"perPage\":5,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Log Source\",\"type\":\"table\",\"aggs\":[{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"-\",\"customLabel\":\"Log Source\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"max\",\"params\":{\"field\":\"event.ingested\",\"customLabel\":\"Last Ingested\"},\"schema\":\"metric\"},{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"}],\"params\":{\"perPage\":5,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -214,7 +214,7 @@ "version": "WzUxNCwxXQ==", "attributes": { "title": "Observed Device Types", - "visState": "{\"title\":\"Observed Device Types\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"related.manufacturer\",\"orderBy\":\"_key\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Manufacturer\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"related.device_type\",\"orderBy\":\"_key\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Device Type\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":15,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Observed Device Types\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"related.manufacturer\",\"orderBy\":\"_key\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Manufacturer\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"related.device_type\",\"orderBy\":\"_key\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Device Type\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":15,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":0,\"direction\":\"asc\"}}}}", "description": "", "version": 1, @@ -244,7 +244,7 @@ "version": "WzkzOSwxXQ==", "attributes": { "title": "Observed Devices", - "visState": "{\"title\":\"Observed Devices\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"\"},\"schema\":\"metric\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"related.site\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Site\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Network Segment\"},\"schema\":\"bucket\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"related.device_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Device\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"related.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":15,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Observed Devices\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"\"},\"schema\":\"metric\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"related.site\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Site\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Network Segment\"},\"schema\":\"bucket\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"related.device_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Device\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"related.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":15,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":4,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -304,7 +304,7 @@ "version": "WzUxNywxXQ==", "attributes": { "title": "Observed Software", - "visState": "{\"title\":\"Observed Software\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.software.software_type\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Category\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.software.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Name\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"related.device_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Device\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"related.role\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Device Role\"},\"schema\":\"bucket\"},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Network Segment\"},\"schema\":\"bucket\"},{\"id\":\"7\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"related.site\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Site\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Observed Software\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.software.software_type\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Category\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.software.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Name\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"related.device_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Device\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"related.role\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Device Role\"},\"schema\":\"bucket\"},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Network Segment\"},\"schema\":\"bucket\"},{\"id\":\"7\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"related.site\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Site\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":0,\"direction\":\"asc\"}}}}", "description": "", "version": 1, @@ -334,7 +334,7 @@ "version": "WzUxOCwxXQ==", "attributes": { "title": "Uninventoried Observed Services", - "visState": "{\"title\":\"Uninventoried Observed Services\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.type\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Family\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.transport\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Transport\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Protocol\"},\"schema\":\"bucket\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"related.device_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Device\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"related.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP\"},\"schema\":\"bucket\"},{\"id\":\"7\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Port\"},\"schema\":\"bucket\"},{\"id\":\"8\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Network Segment\"},\"schema\":\"bucket\"},{\"id\":\"9\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"related.site\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Site\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":15,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Uninventoried Observed Services\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.type\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Family\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.transport\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Transport\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Protocol\"},\"schema\":\"bucket\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"related.device_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Device\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"related.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP\"},\"schema\":\"bucket\"},{\"id\":\"7\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Port\"},\"schema\":\"bucket\"},{\"id\":\"8\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Network Segment\"},\"schema\":\"bucket\"},{\"id\":\"9\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"related.site\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Site\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":15,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":5,\"direction\":\"asc\"}}}}", "description": "", "version": 1, @@ -364,7 +364,7 @@ "version": "WzUxOSwxXQ==", "attributes": { "title": "Uninventoried Observed Hosts", - "visState": "{\"title\":\"Uninventoried Observed Hosts\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"related.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":15,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Uninventoried Observed Hosts\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"related.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":15,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":0,\"direction\":null}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/95479950-41f2-11ea-88fa-7151df485405.json b/dashboards/dashboards/95479950-41f2-11ea-88fa-7151df485405.json index f38bc9d9d..f93317e30 100644 --- a/dashboards/dashboards/95479950-41f2-11ea-88fa-7151df485405.json +++ b/dashboards/dashboards/95479950-41f2-11ea-88fa-7151df485405.json @@ -154,7 +154,7 @@ "version": "WzU1OSwxXQ==", "attributes": { "title": "Notice, Alert and Signature - Summary", - "visState": "{\"title\":\"Notice, Alert, and Signature - Summary\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.provider\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Provider\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.dataset\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Dataset\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"rule.category\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Category\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"rule.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Name\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":20,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Notice, Alert, and Signature - Summary\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.provider\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Provider\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.dataset\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Dataset\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"rule.category\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Category\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"rule.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Name\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":20,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":4,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -213,7 +213,7 @@ "version": "WzU2MSwxXQ==", "attributes": { "title": "Vulnerabilities", - "visState": "{\"title\":\"Vulnerabilities\",\"type\":\"table\",\"aggs\":[{\"id\":\"5\",\"enabled\":true,\"type\":\"max\",\"params\":{\"field\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER\",\"customLabel\":\"Last Seen\"},\"schema\":\"metric\"},{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.provider\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Data Source\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.dataset\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Log Type\"},\"schema\":\"bucket\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"vulnerability.id\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Vulnerability ID\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Vulnerabilities\",\"type\":\"table\",\"aggs\":[{\"id\":\"5\",\"enabled\":true,\"type\":\"max\",\"params\":{\"field\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER\",\"customLabel\":\"Last Seen\"},\"schema\":\"metric\"},{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.provider\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Data Source\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.dataset\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Log Type\"},\"schema\":\"bucket\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"vulnerability.id\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Vulnerability ID\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -243,7 +243,7 @@ "version": "WzU2MiwxXQ==", "attributes": { "title": "Clear-text Transmission of Passwords ", - "visState": "{\"title\":\"Clear-text Transmission of Passwords \",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Application Protocol\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"related.user\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":500,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Username\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Unknown\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}}}", + "visState": "{\"title\":\"Clear-text Transmission of Passwords \",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Application Protocol\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"related.user\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Username\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Unknown\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -302,7 +302,7 @@ "version": "WzU2NCwxXQ==", "attributes": { "title": "Outbound Internal Traffic by Country", - "visState": "{\"title\":\"Outbound Internal Traffic by Country\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Unknown\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.geo.country_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Responding Country\"}}]}", + "visState": "{\"title\":\"Outbound Internal Traffic by Country\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Unknown\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.geo.country_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Responding Country\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -331,7 +331,7 @@ "version": "WzU2NSwxXQ==", "attributes": { "title": "Inbound External Traffic by Country", - "visState": "{\"title\":\"Inbound External Traffic by Country\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Unknown\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.geo.country_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Originating Country\"}}]}", + "visState": "{\"title\":\"Inbound External Traffic by Country\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Unknown\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.geo.country_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Originating Country\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -389,7 +389,7 @@ "version": "WzU2NywxXQ==", "attributes": { "title": "DNS Queries by Randomness", - "visState": "{\"title\":\"DNS Queries by Randomness\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"dns.host\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":500,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"DNS Query\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.freq_score_v1\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Randomness Score (method 1)\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.freq_score_v2\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Randomness Score (method 2)\"},\"schema\":\"bucket\"}],\"params\":{\"dimensions\":{\"buckets\":[{\"accessor\":0,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\"}},\"params\":{}},{\"accessor\":1,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\"}},\"params\":{}}],\"metrics\":[{\"accessor\":2,\"aggType\":\"count\",\"format\":{\"id\":\"number\"},\"params\":{}}]},\"perPage\":20,\"percentageCol\":\"\",\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":1,\"direction\":\"asc\"},\"totalFunc\":\"sum\"}}", + "visState": "{\"title\":\"DNS Queries by Randomness\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"dns.host\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"DNS Query\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.freq_score_v1\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Randomness Score (method 1)\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.freq_score_v2\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Randomness Score (method 2)\"},\"schema\":\"bucket\"}],\"params\":{\"dimensions\":{\"buckets\":[{\"accessor\":0,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\"}},\"params\":{}},{\"accessor\":1,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\"}},\"params\":{}}],\"metrics\":[{\"accessor\":2,\"aggType\":\"count\",\"format\":{\"id\":\"number\"},\"params\":{}}]},\"perPage\":20,\"percentageCol\":\"\",\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":1,\"direction\":\"asc\"},\"totalFunc\":\"sum\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/9ee51f94-3316-4fc5-bd89-93a52af69714.json b/dashboards/dashboards/9ee51f94-3316-4fc5-bd89-93a52af69714.json index 5e656ec72..4ea6d42cf 100644 --- a/dashboards/dashboards/9ee51f94-3316-4fc5-bd89-93a52af69714.json +++ b/dashboards/dashboards/9ee51f94-3316-4fc5-bd89-93a52af69714.json @@ -318,7 +318,7 @@ "version": "WzU4MiwxXQ==", "attributes": { "title": "Files - MIME Type", - "visState": "{\"title\":\"Files - MIME Type\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"file.mime_type\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":500,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Mime Type\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Files - MIME Type\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"file.mime_type\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Mime Type\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -347,7 +347,7 @@ "version": "WzU4MywxXQ==", "attributes": { "title": "Files - Paths", - "visState": "{\"title\":\"Files - Paths\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.dataset\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Log Type\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Protocol\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"file.path\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":1000,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Path\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":20,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Files - Paths\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.dataset\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Log Type\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Protocol\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"file.path\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Path\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":20,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/a33e0a50-afcd-11ea-993f-b7d8522a8bed.json b/dashboards/dashboards/a33e0a50-afcd-11ea-993f-b7d8522a8bed.json index 223281735..a72f9975b 100644 --- a/dashboards/dashboards/a33e0a50-afcd-11ea-993f-b7d8522a8bed.json +++ b/dashboards/dashboards/a33e0a50-afcd-11ea-993f-b7d8522a8bed.json @@ -239,7 +239,7 @@ "version": "WzU5NywxXQ==", "attributes": { "title": "Actions", - "visState": "{\"title\":\"Actions\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Unknown\"}},\"params\":{},\"label\":\"Protocol\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Action\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Protocol\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Action\"}}]}", + "visState": "{\"title\":\"Actions\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Unknown\"}},\"params\":{},\"label\":\"Protocol\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Action\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Protocol\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Action\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -268,7 +268,7 @@ "version": "WzU5OCwxXQ==", "attributes": { "title": "Results", - "visState": "{\"title\":\"Results\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Unknown\"}},\"params\":{},\"label\":\"Protocol\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Result\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Protocol\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.result\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Result\"}}]}", + "visState": "{\"title\":\"Results\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Unknown\"}},\"params\":{},\"label\":\"Protocol\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Result\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Protocol\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.result\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Result\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/a7514350-eba6-11e9-a384-0fcf32210194.json b/dashboards/dashboards/a7514350-eba6-11e9-a384-0fcf32210194.json index 84f06730c..96953438f 100644 --- a/dashboards/dashboards/a7514350-eba6-11e9-a384-0fcf32210194.json +++ b/dashboards/dashboards/a7514350-eba6-11e9-a384-0fcf32210194.json @@ -178,7 +178,7 @@ "version": "Wzk5MSwxXQ==", "attributes": { "title": "PROFINET - Source IP", - "visState": "{\"title\":\"PROFINET - Source IP\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source Port\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":20,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"PROFINET - Source IP\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source Port\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":20,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -208,7 +208,7 @@ "version": "Wzk5MiwxXQ==", "attributes": { "title": "PROFINET - Destination IP", - "visState": "{\"title\":\"PROFINET - Destination IP\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Port\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":20,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"PROFINET - Destination IP\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Port\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":20,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -238,7 +238,7 @@ "version": "WzYxMCwxXQ==", "attributes": { "title": "PROFINET - Operation", - "visState": "{\"title\":\"PROFINET - Operation\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":4,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.profinet.operation_type\",\"size\":250,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Operation\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.profinet.index\",\"size\":30,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Index\"}}]}", + "visState": "{\"title\":\"PROFINET - Operation\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":4,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.profinet.operation_type\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Operation\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.profinet.index\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Index\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -268,7 +268,7 @@ "version": "WzYxMSwxXQ==", "attributes": { "title": "PROFINET - Operation Details", - "visState": "{\"title\":\"PROFINET - Operation Details\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":4,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.profinet.operation_type\",\"size\":250,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Operation\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.profinet.index\",\"size\":30,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Index\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.profinet.slot_number\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Slot\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.profinet.subslot_number\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Subslot\"}}]}", + "visState": "{\"title\":\"PROFINET - Operation Details\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":4,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.profinet.operation_type\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Operation\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.profinet.index\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Index\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.profinet.slot_number\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Slot\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.profinet.subslot_number\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Subslot\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":4,\"direction\":\"desc\"}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/abdd7550-2c7c-40dc-947e-f6d186a158c4.json b/dashboards/dashboards/abdd7550-2c7c-40dc-947e-f6d186a158c4.json index 38b4001b1..898c5e6ac 100644 --- a/dashboards/dashboards/abdd7550-2c7c-40dc-947e-f6d186a158c4.json +++ b/dashboards/dashboards/abdd7550-2c7c-40dc-947e-f6d186a158c4.json @@ -633,7 +633,7 @@ "version": "WzU1NiwxXQ==", "attributes": { "title": "Connections - Destination Port", - "visState": "{\"title\":\"Connections - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination Port\"}}]}", + "visState": "{\"title\":\"Connections - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination Port\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, @@ -723,7 +723,7 @@ "version": "WzU1OSwxXQ==", "attributes": { "title": "Connections - Source MAC Address", - "visState": "{\"title\":\"Connections - Source MAC Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.mac\",\"size\":500,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"MAC Address\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.oui\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Organizational Unique Identifier\"}}]}", + "visState": "{\"title\":\"Connections - Source MAC Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.mac\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"MAC Address\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.oui\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Organizational Unique Identifier\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, @@ -753,7 +753,7 @@ "version": "WzU2MCwxXQ==", "attributes": { "title": "Connections - Destination MAC Address", - "visState": "{\"title\":\"Connections - Destination MAC Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.mac\",\"size\":500,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"MAC Address\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.oui\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Organizational Unique Identifier\"}}]}", + "visState": "{\"title\":\"Connections - Destination MAC Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.mac\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"MAC Address\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.oui\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Organizational Unique Identifier\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/ae79b7d1-4281-4095-b2f6-fa7eafda9970.json b/dashboards/dashboards/ae79b7d1-4281-4095-b2f6-fa7eafda9970.json index d5fe73b05..2c618e78f 100644 --- a/dashboards/dashboards/ae79b7d1-4281-4095-b2f6-fa7eafda9970.json +++ b/dashboards/dashboards/ae79b7d1-4281-4095-b2f6-fa7eafda9970.json @@ -170,7 +170,7 @@ "version": "WzczNywxXQ==", "attributes": { "title": "RADIUS - Destination IP Address", - "visState": "{\"title\":\"RADIUS - Destination IP Address\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Port\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"RADIUS - Destination IP Address\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Port\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/af5df620-eeb6-11e9-bdef-65a192b7f586.json b/dashboards/dashboards/af5df620-eeb6-11e9-bdef-65a192b7f586.json index 98870eca5..b50436548 100644 --- a/dashboards/dashboards/af5df620-eeb6-11e9-bdef-65a192b7f586.json +++ b/dashboards/dashboards/af5df620-eeb6-11e9-bdef-65a192b7f586.json @@ -334,7 +334,7 @@ "version": "WzcyMiwxXQ==", "attributes": { "title": "NTP - Source IP", - "visState": "{\"title\":\"NTP - Source IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"size\":200,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"}}]}", + "visState": "{\"title\":\"NTP - Source IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -364,7 +364,7 @@ "version": "WzcyMywxXQ==", "attributes": { "title": "NTP - Destination IP", - "visState": "{\"title\":\"NTP - Destination IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"size\":200,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Port\"}}]}", + "visState": "{\"title\":\"NTP - Destination IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Port\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/bb827f8e-639e-468c-93c8-9f5bc132eb8f.json b/dashboards/dashboards/bb827f8e-639e-468c-93c8-9f5bc132eb8f.json index 8f22599b9..e290c789b 100644 --- a/dashboards/dashboards/bb827f8e-639e-468c-93c8-9f5bc132eb8f.json +++ b/dashboards/dashboards/bb827f8e-639e-468c-93c8-9f5bc132eb8f.json @@ -219,7 +219,7 @@ "updated_at": "2021-02-10T21:24:55.450Z", "version": "Wzc0MSwxXQ==", "attributes": { - "visState": "{\"title\":\"SMTP - \\\"From\\\" Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.smtp.mailfrom\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"\\\"From\\\" Address\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"SMTP - \\\"From\\\" Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.smtp.mailfrom\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"\\\"From\\\" Address\"}}],\"listeners\":{}}", "description": "", "title": "SMTP - \"From\" Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -369,7 +369,7 @@ "updated_at": "2021-02-10T21:24:55.450Z", "version": "Wzc0NiwxXQ==", "attributes": { - "visState": "{\"title\":\"SMTP - User Agent\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"user_agent.original\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"SMTP - User Agent\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"user_agent.original\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}", "description": "", "title": "SMTP - User Agent", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", diff --git a/dashboards/dashboards/beats/3768ef70-d819-11ee-820d-dd9fd73a3921.json b/dashboards/dashboards/beats/3768ef70-d819-11ee-820d-dd9fd73a3921.json index 21246f26d..d7de484d4 100644 --- a/dashboards/dashboards/beats/3768ef70-d819-11ee-820d-dd9fd73a3921.json +++ b/dashboards/dashboards/beats/3768ef70-d819-11ee-820d-dd9fd73a3921.json @@ -52,7 +52,7 @@ "version": "WzExMDgsMV0=", "attributes": { "title": "Linux Kernel Messages by Host", - "visState": "{\"title\":\"Linux Kernel Messages by Host\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Host\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"top_hits\",\"params\":{\"field\":\"@timestamp\",\"aggregate\":\"concat\",\"size\":1,\"sortField\":\"@timestamp\",\"sortOrder\":\"desc\",\"customLabel\":\"Last Kernel Message\"},\"schema\":\"metric\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Linux Kernel Messages by Host\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Host\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"top_hits\",\"params\":{\"field\":\"@timestamp\",\"aggregate\":\"concat\",\"size\":1,\"sortField\":\"@timestamp\",\"sortOrder\":\"desc\",\"customLabel\":\"Last Kernel Message\"},\"schema\":\"metric\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{}", "description": "", "version": 1, diff --git a/dashboards/dashboards/beats/4ca94c70-d7da-11ee-9ed3-e7afff29e59a.json b/dashboards/dashboards/beats/4ca94c70-d7da-11ee-9ed3-e7afff29e59a.json index aefc678ef..d2bc33ddb 100644 --- a/dashboards/dashboards/beats/4ca94c70-d7da-11ee-9ed3-e7afff29e59a.json +++ b/dashboards/dashboards/beats/4ca94c70-d7da-11ee-9ed3-e7afff29e59a.json @@ -112,7 +112,7 @@ "version": "Wzg4NiwxXQ==", "attributes": { "title": "Last Capture Metric Timestamp by Host", - "visState": "{\"title\":\"Last Capture Metric Timestamp by Host\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"top_hits\",\"params\":{\"field\":\"@timestamp\",\"aggregate\":\"concat\",\"size\":1,\"sortField\":\"@timestamp\",\"sortOrder\":\"desc\",\"customLabel\":\"Last Metric Timestamp\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"_key\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Capture Host\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.provider\",\"orderBy\":\"_key\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Other\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Last Capture Metric Timestamp by Host\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"top_hits\",\"params\":{\"field\":\"@timestamp\",\"aggregate\":\"concat\",\"size\":1,\"sortField\":\"@timestamp\",\"sortOrder\":\"desc\",\"customLabel\":\"Last Metric Timestamp\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"_key\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Capture Host\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.provider\",\"orderBy\":\"_key\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Other\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"sortColumn\":{\"colIndex\":2,\"direction\":\"desc\"}}}", "description": "", "version": 1, @@ -399,7 +399,7 @@ "version": "Wzg5NiwxXQ==", "attributes": { "title": "Zeek Analyzer Messages", - "visState": "{\"title\":\"Zeek Analyzer Messages\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.analyzer.cause\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Cause\"},\"schema\":\"bucket\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.analyzer.analyzer_kind\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Class\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.analyzer.analyzer_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Analyzer\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Zeek Analyzer Messages\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.analyzer.cause\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Cause\"},\"schema\":\"bucket\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.analyzer.analyzer_kind\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Class\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.analyzer.analyzer_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Analyzer\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{}", "description": "", "version": 1, diff --git a/dashboards/dashboards/beats/79202ee0-d811-11ee-820d-dd9fd73a3921.json b/dashboards/dashboards/beats/79202ee0-d811-11ee-820d-dd9fd73a3921.json index 61b4a9bcb..db57994e6 100644 --- a/dashboards/dashboards/beats/79202ee0-d811-11ee-820d-dd9fd73a3921.json +++ b/dashboards/dashboards/beats/79202ee0-d811-11ee-820d-dd9fd73a3921.json @@ -82,7 +82,7 @@ "version": "Wzk4MCwxXQ==", "attributes": { "title": "Windows Events by Host", - "visState": "{\"title\":\"Windows Events by Host\",\"type\":\"table\",\"aggs\":[{\"id\":\"4\",\"enabled\":true,\"type\":\"top_hits\",\"params\":{\"field\":\"@timestamp\",\"aggregate\":\"concat\",\"size\":1,\"sortField\":\"@timestamp\",\"sortOrder\":\"desc\",\"customLabel\":\"Last Log\"},\"schema\":\"metric\"},{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Host Forwarder\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"miscbeat.winlog.Computer\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Computer Name\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Windows Events by Host\",\"type\":\"table\",\"aggs\":[{\"id\":\"4\",\"enabled\":true,\"type\":\"top_hits\",\"params\":{\"field\":\"@timestamp\",\"aggregate\":\"concat\",\"size\":1,\"sortField\":\"@timestamp\",\"sortOrder\":\"desc\",\"customLabel\":\"Last Log\"},\"schema\":\"metric\"},{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Host Forwarder\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"miscbeat.winlog.Computer\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Computer Name\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{}", "description": "", "version": 1, @@ -202,7 +202,7 @@ "version": "Wzk4OSwxXQ==", "attributes": { "title": "Windows Event Insertion Strings", - "visState": "{\"title\":\"Windows Event Insertion Strings\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"miscbeat.winlog.StringInserts\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Insertion Strings\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Windows Event Insertion Strings\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"miscbeat.winlog.StringInserts\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Insertion Strings\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"sortColumn\":{\"colIndex\":1,\"direction\":\"desc\"}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/beats/7a7e0a60-e8e8-11ec-b9d4-4569bb965430.json b/dashboards/dashboards/beats/7a7e0a60-e8e8-11ec-b9d4-4569bb965430.json index f815ffdc7..127289332 100644 --- a/dashboards/dashboards/beats/7a7e0a60-e8e8-11ec-b9d4-4569bb965430.json +++ b/dashboards/dashboards/beats/7a7e0a60-e8e8-11ec-b9d4-4569bb965430.json @@ -72,7 +72,7 @@ "version": "WzkxOCwxXQ==", "attributes": { "title": "Malcolm Sensor Audit Logs - Host", - "visState": "{\"title\":\"Malcolm Sensor Audit Logs - Host\",\"type\":\"table\",\"aggs\":[{\"id\":\"3\",\"enabled\":true,\"type\":\"max\",\"params\":{\"field\":\"@timestamp\",\"customLabel\":\"Last Audit Log\"},\"schema\":\"metric\"},{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"unknown\",\"customLabel\":\"Host\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Malcolm Sensor Audit Logs - Host\",\"type\":\"table\",\"aggs\":[{\"id\":\"3\",\"enabled\":true,\"type\":\"max\",\"params\":{\"field\":\"@timestamp\",\"customLabel\":\"Last Audit Log\"},\"schema\":\"metric\"},{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"unknown\",\"customLabel\":\"Host\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -102,7 +102,7 @@ "version": "WzkyMiwxXQ==", "attributes": { "title": "Malcolm Sensor Audit Logs - Account", - "visState": "{\"title\":\"Malcolm Sensor Audit Logs - Account\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"miscbeat.auditlog.acct\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Effective Account\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"miscbeat.auditlog.UID\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"UID\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Malcolm Sensor Audit Logs - Account\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"miscbeat.auditlog.acct\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Effective Account\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"miscbeat.auditlog.UID\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"UID\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/beats/903f42c0-f634-11ec-828d-2fb7a4a26e1f.json b/dashboards/dashboards/beats/903f42c0-f634-11ec-828d-2fb7a4a26e1f.json index 34cfd2492..98f29a82d 100644 --- a/dashboards/dashboards/beats/903f42c0-f634-11ec-828d-2fb7a4a26e1f.json +++ b/dashboards/dashboards/beats/903f42c0-f634-11ec-828d-2fb7a4a26e1f.json @@ -91,7 +91,7 @@ "version": "Wzk0NSwxXQ==", "attributes": { "title": "Malcolm Sensor File/Directory Integrity - Host Check Summary", - "visState": "{\"title\":\"Malcolm Sensor File/Directory Integrity - Host Check Summary\",\"type\":\"table\",\"aggs\":[{\"id\":\"4\",\"enabled\":true,\"type\":\"top_hits\",\"params\":{\"field\":\"miscbeat.aide.number_of_entries.changed\",\"aggregate\":\"concat\",\"size\":1,\"sortField\":\"@timestamp\",\"sortOrder\":\"desc\",\"customLabel\":\"Changes\"},\"schema\":\"metric\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"top_hits\",\"params\":{\"field\":\"miscbeat.aide.number_of_entries.removed\",\"aggregate\":\"concat\",\"size\":1,\"sortField\":\"@timestamp\",\"sortOrder\":\"desc\",\"customLabel\":\"Removals\"},\"schema\":\"metric\"},{\"id\":\"6\",\"enabled\":true,\"type\":\"top_hits\",\"params\":{\"field\":\"miscbeat.aide.number_of_entries.added\",\"aggregate\":\"concat\",\"size\":1,\"sortField\":\"@timestamp\",\"sortOrder\":\"desc\",\"customLabel\":\"Additions\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"top_hits\",\"params\":{\"field\":\"miscbeat.aide.number_of_entries.total\",\"aggregate\":\"max\",\"size\":1,\"sortField\":\"@timestamp\",\"sortOrder\":\"desc\",\"customLabel\":\"Files/Directories Checked\"},\"schema\":\"metric\"},{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"params\":{\"field\":\"@timestamp\",\"customLabel\":\"Last Reported\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"unknown\",\"customLabel\":\"Host\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":5,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Malcolm Sensor File/Directory Integrity - Host Check Summary\",\"type\":\"table\",\"aggs\":[{\"id\":\"4\",\"enabled\":true,\"type\":\"top_hits\",\"params\":{\"field\":\"miscbeat.aide.number_of_entries.changed\",\"aggregate\":\"concat\",\"size\":1,\"sortField\":\"@timestamp\",\"sortOrder\":\"desc\",\"customLabel\":\"Changes\"},\"schema\":\"metric\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"top_hits\",\"params\":{\"field\":\"miscbeat.aide.number_of_entries.removed\",\"aggregate\":\"concat\",\"size\":1,\"sortField\":\"@timestamp\",\"sortOrder\":\"desc\",\"customLabel\":\"Removals\"},\"schema\":\"metric\"},{\"id\":\"6\",\"enabled\":true,\"type\":\"top_hits\",\"params\":{\"field\":\"miscbeat.aide.number_of_entries.added\",\"aggregate\":\"concat\",\"size\":1,\"sortField\":\"@timestamp\",\"sortOrder\":\"desc\",\"customLabel\":\"Additions\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"top_hits\",\"params\":{\"field\":\"miscbeat.aide.number_of_entries.total\",\"aggregate\":\"max\",\"size\":1,\"sortField\":\"@timestamp\",\"sortOrder\":\"desc\",\"customLabel\":\"Files/Directories Checked\"},\"schema\":\"metric\"},{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"params\":{\"field\":\"@timestamp\",\"customLabel\":\"Last Reported\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"unknown\",\"customLabel\":\"Host\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":5,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":5,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -151,7 +151,7 @@ "version": "WzgzNiwxXQ==", "attributes": { "title": "Malcolm Sensor File/Directory Integrity - Path", - "visState": "{\"title\":\"Malcolm Sensor File/Directory Integrity - Path\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"min\",\"params\":{\"field\":\"@timestamp\",\"customLabel\":\"First Reported\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"_key\",\"order\":\"desc\",\"size\":20,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"unknown\",\"customLabel\":\"Host\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"file.path\",\"orderBy\":\"_key\",\"order\":\"desc\",\"size\":50,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Path\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"max\",\"params\":{\"field\":\"@timestamp\",\"customLabel\":\"Last Reported\"},\"schema\":\"metric\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Malcolm Sensor File/Directory Integrity - Path\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"min\",\"params\":{\"field\":\"@timestamp\",\"customLabel\":\"First Reported\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"_key\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"unknown\",\"customLabel\":\"Host\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"file.path\",\"orderBy\":\"_key\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Path\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"max\",\"params\":{\"field\":\"@timestamp\",\"customLabel\":\"Last Reported\"},\"schema\":\"metric\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"asc\"}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/bed185a0-ef82-11e9-b38a-2db3ee640e88.json b/dashboards/dashboards/bed185a0-ef82-11e9-b38a-2db3ee640e88.json index 96e640f91..8f866e4ef 100644 --- a/dashboards/dashboards/bed185a0-ef82-11e9-b38a-2db3ee640e88.json +++ b/dashboards/dashboards/bed185a0-ef82-11e9-b38a-2db3ee640e88.json @@ -227,7 +227,7 @@ "version": "Wzc1NywxXQ==", "attributes": { "title": "Tabular Data Stream - Source IP", - "visState": "{\"title\":\"Tabular Data Stream - Source IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"size\":200,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"}}]}", + "visState": "{\"title\":\"Tabular Data Stream - Source IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, @@ -257,7 +257,7 @@ "version": "Wzc1OCwxXQ==", "attributes": { "title": "Tabular Data Stream - Destination IP", - "visState": "{\"title\":\"Tabular Data Stream - Destination IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"size\":200,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Port\"}}]}", + "visState": "{\"title\":\"Tabular Data Stream - Destination IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Port\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48.json b/dashboards/dashboards/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48.json index 1aca51519..5d42165b4 100644 --- a/dashboards/dashboards/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48.json +++ b/dashboards/dashboards/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48.json @@ -225,7 +225,7 @@ "version": "WzU4MiwxXQ==", "attributes": { "title": "TFTP - Destination IP", - "visState": "{\"title\":\"TFTP - Destination IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Destination IP\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Port\"}}]}", + "visState": "{\"title\":\"TFTP - Destination IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Destination IP\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Port\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2.json b/dashboards/dashboards/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2.json index 5bb44abf3..58f3c21cf 100644 --- a/dashboards/dashboards/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2.json +++ b/dashboards/dashboards/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2.json @@ -190,7 +190,7 @@ "version": "Wzc3MCwxXQ==", "attributes": { "title": "Telnet, rlogin and rsh - Login Attempts with Cleartext Passwords", - "visState": "{\"title\":\"Telnet, rlogin and rsh - Login Attempts with Cleartext Passwords\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":3,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Protocol\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"User\",\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Unknown\"}},\"params\":{},\"label\":\"Succeeded\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Protocol\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"related.user\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"User\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.login.success\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Success\"}}]}", + "visState": "{\"title\":\"Telnet, rlogin and rsh - Login Attempts with Cleartext Passwords\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":3,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Protocol\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"User\",\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Unknown\"}},\"params\":{},\"label\":\"Succeeded\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Protocol\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"related.user\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"User\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.login.success\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Success\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -220,7 +220,7 @@ "version": "Wzc3MSwxXQ==", "attributes": { "title": "Telnet, rsh and rlogin - Source", - "visState": "{\"title\":\"Telnet, rsh and rlogin - Source\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"ip\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Unknown\"}},\"params\":{},\"label\":\"Source IP\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Unknown\"}},\"params\":{},\"label\":\"Protocol\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Protocol\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Source IP\"}}]}", + "visState": "{\"title\":\"Telnet, rsh and rlogin - Source\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"ip\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Unknown\"}},\"params\":{},\"label\":\"Source IP\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Unknown\"}},\"params\":{},\"label\":\"Protocol\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Protocol\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Source IP\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":null}}}}", "description": "", "version": 1, @@ -250,7 +250,7 @@ "version": "Wzc3MiwxXQ==", "attributes": { "title": "Telnet, rlogin and rsh - Destination", - "visState": "{\"title\":\"Telnet, rlogin and rsh - Destination\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"ip\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Unknown\"}},\"params\":{},\"label\":\"Destination IP\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Unknown\"}},\"params\":{},\"label\":\"Protocol\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Protocol\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Destination IP\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Destination Port\"}}]}", + "visState": "{\"title\":\"Telnet, rlogin and rsh - Destination\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"ip\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Unknown\"}},\"params\":{},\"label\":\"Destination IP\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Unknown\"}},\"params\":{},\"label\":\"Protocol\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Protocol\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Destination IP\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Destination Port\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/ca5799a0-56b5-11eb-b749-576de068f8ad.json b/dashboards/dashboards/ca5799a0-56b5-11eb-b749-576de068f8ad.json index 7e45222f9..7797d09f2 100644 --- a/dashboards/dashboards/ca5799a0-56b5-11eb-b749-576de068f8ad.json +++ b/dashboards/dashboards/ca5799a0-56b5-11eb-b749-576de068f8ad.json @@ -175,7 +175,7 @@ "version": "Wzc3OCwxXQ==", "attributes": { "title": "BSAP - Source IP", - "visState": "{\"title\":\"BSAP - Source IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Source Port\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":500,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Source Port\"}}]}", + "visState": "{\"title\":\"BSAP - Source IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Source Port\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Source Port\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, @@ -295,7 +295,7 @@ "version": "Wzc4MiwxXQ==", "attributes": { "title": "BSAP Serial - Function", - "visState": "{\"title\":\"BSAP Serial - Function\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":3,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Destination Function\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.bsap_serial_header.type_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Message Type\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.bsap_serial_header.sfun\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Source Function\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.bsap_serial_header.dfun\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Destination Function\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.bsap_serial_header.nsb\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Node Status\"}}]}", + "visState": "{\"title\":\"BSAP Serial - Function\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":3,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Destination Function\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.bsap_serial_header.type_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Message Type\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.bsap_serial_header.sfun\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Source Function\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.bsap_serial_header.dfun\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Destination Function\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.bsap_serial_header.nsb\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Node Status\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":4,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -417,7 +417,7 @@ "version": "Wzc4NSwxXQ==", "attributes": { "title": "BSAP - Destination IP", - "visState": "{\"title\":\"BSAP - Destination IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"destination.port: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":500,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Destination Port\"}}]}", + "visState": "{\"title\":\"BSAP - Destination IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"destination.port: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Destination Port\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/caef3ade-d289-4d05-a511-149f3e97f238.json b/dashboards/dashboards/caef3ade-d289-4d05-a511-149f3e97f238.json index cc0537e6a..0788ca9de 100644 --- a/dashboards/dashboards/caef3ade-d289-4d05-a511-149f3e97f238.json +++ b/dashboards/dashboards/caef3ade-d289-4d05-a511-149f3e97f238.json @@ -185,7 +185,7 @@ "version": "WzM0MDEsMV0=", "attributes": { "title": "SSH - Destination IP Address", - "visState": "{\"title\":\"SSH - Destination IP Address\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Port\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"SSH - Destination IP Address\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Port\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -214,7 +214,7 @@ "updated_at": "2021-02-10T21:25:00.506Z", "version": "Wzc5MywxXQ==", "attributes": { - "visState": "{\"title\":\"SSH - Client/Server\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.ssh.client\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Client\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.ssh.server\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Server\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"SSH - Client/Server\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.ssh.client\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Client\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.ssh.server\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Server\"}}],\"listeners\":{}}", "description": "", "title": "SSH - Client/Server", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -335,7 +335,7 @@ "version": "Wzc5NywxXQ==", "attributes": { "title": "SSH - Client Algorithms", - "visState": "{\"title\":\"SSH - Client Algorithms\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Algorithms Offered by Server\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.ssh.hasshAlgorithms\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Algorithms Offered by Client\"}}]}", + "visState": "{\"title\":\"SSH - Client Algorithms\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Algorithms Offered by Server\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.ssh.hasshAlgorithms\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Algorithms Offered by Client\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -365,7 +365,7 @@ "version": "WzgwMCwxXQ==", "attributes": { "title": "SSH - HASSH Server Hash", - "visState": "{\"title\":\"SSH - HASSH Server Hash\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"HASSH Client Hash\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.ssh.hasshServer\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"HASSH Server Hash\"}}]}", + "visState": "{\"title\":\"SSH - HASSH Server Hash\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"HASSH Client Hash\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.ssh.hasshServer\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"HASSH Server Hash\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, @@ -395,7 +395,7 @@ "version": "Wzc5OSwxXQ==", "attributes": { "title": "SSH - HASSH Client Hash", - "visState": "{\"title\":\"SSH - HASSH Client Hash\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"HASSH Client Hash\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.ssh.hassh\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"HASSH Client Hash\"}}]}", + "visState": "{\"title\":\"SSH - HASSH Client Hash\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"HASSH Client Hash\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.ssh.hassh\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"HASSH Client Hash\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, @@ -425,7 +425,7 @@ "version": "Wzc5OCwxXQ==", "attributes": { "title": "SSH - Server Algorithms", - "visState": "{\"title\":\"SSH - Server Algorithms\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Algorithms Offered by Client\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.ssh.hasshServerAlgorithms\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Algorithms Offered by Server\"}}]}", + "visState": "{\"title\":\"SSH - Server Algorithms\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Algorithms Offered by Client\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.ssh.hasshServerAlgorithms\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Algorithms Offered by Server\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/d2dd0180-06b1-11ec-8c6b-353266ade330.json b/dashboards/dashboards/d2dd0180-06b1-11ec-8c6b-353266ade330.json index 63b20ad7e..7804e79d6 100644 --- a/dashboards/dashboards/d2dd0180-06b1-11ec-8c6b-353266ade330.json +++ b/dashboards/dashboards/d2dd0180-06b1-11ec-8c6b-353266ade330.json @@ -135,7 +135,7 @@ "version": "WzI5NDIsMV0=", "attributes": { "title": "Severity Tags", - "visState": "{\"title\":\"Severity Tags\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"max\",\"params\":{\"field\":\"event.risk_score\",\"customLabel\":\"High Raw Severity\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.severity_tags\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Severity Tag\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Severity Tags\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"max\",\"params\":{\"field\":\"event.risk_score\",\"customLabel\":\"High Raw Severity\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.severity_tags\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Severity Tag\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -195,7 +195,7 @@ "version": "WzY1NCwxXQ==", "attributes": { "title": "Severity - Notices", - "visState": "{\"title\":\"Severity - Notices\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.notice.note\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Notice Category\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"max\",\"params\":{\"field\":\"event.risk_score\",\"customLabel\":\"High Raw Severity\"},\"schema\":\"metric\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}}}", + "visState": "{\"title\":\"Severity - Notices\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.notice.note\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Notice Category\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"max\",\"params\":{\"field\":\"event.risk_score\",\"customLabel\":\"High Raw Severity\"},\"schema\":\"metric\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -284,7 +284,7 @@ "version": "WzY1NywxXQ==", "attributes": { "title": "File Types by Transport", - "visState": "{\"title\":\"File Types by Transport\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":true,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"file.mime_type\",\"orderBy\":\"_key\",\"order\":\"desc\",\"size\":500,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"File Type\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"file.source\",\"orderBy\":\"_key\",\"order\":\"desc\",\"size\":50,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Transport\"}}]}", + "visState": "{\"title\":\"File Types by Transport\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":true,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"file.mime_type\",\"orderBy\":\"_key\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"File Type\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"file.source\",\"orderBy\":\"_key\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Transport\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -314,7 +314,7 @@ "version": "WzY1OCwxXQ==", "attributes": { "title": "Severity - Source IP", - "visState": "{\"title\":\"Severity - Source IP\",\"type\":\"table\",\"aggs\":[{\"id\":\"3\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"_key\",\"order\":\"desc\",\"size\":255,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"max\",\"params\":{\"field\":\"event.risk_score\",\"customLabel\":\"High Raw Severity\"},\"schema\":\"metric\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Severity - Source IP\",\"type\":\"table\",\"aggs\":[{\"id\":\"3\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"_key\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"max\",\"params\":{\"field\":\"event.risk_score\",\"customLabel\":\"High Raw Severity\"},\"schema\":\"metric\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -344,7 +344,7 @@ "version": "WzY1OSwxXQ==", "attributes": { "title": "Severity - Destination IP", - "visState": "{\"title\":\"Severity - Destination IP\",\"type\":\"table\",\"aggs\":[{\"id\":\"3\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"_key\",\"order\":\"desc\",\"size\":255,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"max\",\"params\":{\"field\":\"event.risk_score\",\"customLabel\":\"High Raw Severity\"},\"schema\":\"metric\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Severity - Destination IP\",\"type\":\"table\",\"aggs\":[{\"id\":\"3\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"_key\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"max\",\"params\":{\"field\":\"event.risk_score\",\"customLabel\":\"High Raw Severity\"},\"schema\":\"metric\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -434,7 +434,7 @@ "version": "WzY2MiwxXQ==", "attributes": { "title": "Severity - Destination OUI", - "visState": "{\"title\":\"Severity - Destination OUI\",\"type\":\"table\",\"aggs\":[{\"id\":\"3\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.oui\",\"orderBy\":\"_key\",\"order\":\"desc\",\"size\":255,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination OUI\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"max\",\"params\":{\"field\":\"event.risk_score\",\"customLabel\":\"High Raw Severity\"},\"schema\":\"metric\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Severity - Destination OUI\",\"type\":\"table\",\"aggs\":[{\"id\":\"3\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.oui\",\"orderBy\":\"_key\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination OUI\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"max\",\"params\":{\"field\":\"event.risk_score\",\"customLabel\":\"High Raw Severity\"},\"schema\":\"metric\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -464,7 +464,7 @@ "version": "WzY2MywxXQ==", "attributes": { "title": "Severity - Source OUI", - "visState": "{\"title\":\"Severity - Source OUI\",\"type\":\"table\",\"aggs\":[{\"id\":\"3\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.oui\",\"orderBy\":\"_key\",\"order\":\"desc\",\"size\":255,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source OUI\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"max\",\"params\":{\"field\":\"event.risk_score\",\"customLabel\":\"High Raw Severity\"},\"schema\":\"metric\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"Severity - Source OUI\",\"type\":\"table\",\"aggs\":[{\"id\":\"3\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.oui\",\"orderBy\":\"_key\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source OUI\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"max\",\"params\":{\"field\":\"event.risk_score\",\"customLabel\":\"High Raw Severity\"},\"schema\":\"metric\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -494,7 +494,7 @@ "version": "WzY2NCwxXQ==", "attributes": { "title": "Actions and Results", - "visState": "{\"title\":\"Actions and Results\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":3,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Unknown\"}},\"params\":{},\"label\":\"Protocol\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Action\",\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Result\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Protocol\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Action\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.result\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Result\"}}]}", + "visState": "{\"title\":\"Actions and Results\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":3,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Unknown\"}},\"params\":{},\"label\":\"Protocol\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Action\",\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Result\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Protocol\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Action\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.result\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Result\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/dd87edd0-796a-11ec-9ce6-b395c1ff58f4.json b/dashboards/dashboards/dd87edd0-796a-11ec-9ce6-b395c1ff58f4.json index 86281e6fb..df44ee0a6 100644 --- a/dashboards/dashboards/dd87edd0-796a-11ec-9ce6-b395c1ff58f4.json +++ b/dashboards/dashboards/dd87edd0-796a-11ec-9ce6-b395c1ff58f4.json @@ -189,7 +189,7 @@ "version": "Wzc1OCwxXQ==", "attributes": { "title": "OPCUA Binary - Actions", - "visState": "{\"title\":\"OPCUA Binary - Actions\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Action\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"OPCUA Binary - Actions\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Action\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -218,7 +218,7 @@ "version": "Wzc1OSwxXQ==", "attributes": { "title": "OPCUA Binary - Results", - "visState": "{\"title\":\"OPCUA Binary - Results\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.result\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Result\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"OPCUA Binary - Results\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.result\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Result\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -247,7 +247,7 @@ "version": "Wzc2MCwxXQ==", "attributes": { "title": "OPCUA Binary - URLs and URIs", - "visState": "{\"title\":\"OPCUA Binary - URLs and URIs\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"url.original\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"URL or URI\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":20,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"OPCUA Binary - URLs and URIs\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"url.original\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"URL or URI\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":20,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -306,7 +306,7 @@ "version": "Wzc2MSwxXQ==", "attributes": { "title": "OPCUA Binary - Source", - "visState": "{\"title\":\"OPCUA Binary - Source\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"OPCUA Binary - Source\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -336,7 +336,7 @@ "version": "Wzc2MiwxXQ==", "attributes": { "title": "OPCUA Binary - Destination", - "visState": "{\"title\":\"OPCUA Binary - Destination\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Port\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"OPCUA Binary - Destination\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Port\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/e76d05c0-eb9f-11e9-a384-0fcf32210194.json b/dashboards/dashboards/e76d05c0-eb9f-11e9-a384-0fcf32210194.json index c8720b392..56bd82823 100644 --- a/dashboards/dashboards/e76d05c0-eb9f-11e9-a384-0fcf32210194.json +++ b/dashboards/dashboards/e76d05c0-eb9f-11e9-a384-0fcf32210194.json @@ -170,7 +170,7 @@ "version": "Wzc0NCwxXQ==", "attributes": { "title": "S7comm Operations", - "visState": "{\"title\":\"S7comm Operations\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Protocol\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Action\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.result\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Result\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":25,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"S7comm Operations\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Protocol\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Action\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.result\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Result\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":25,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -200,7 +200,7 @@ "version": "Wzc0NSwxXQ==", "attributes": { "title": "S7comm Source IP", - "visState": "{\"title\":\"S7comm Source IP\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Protocol\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"S7comm Source IP\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Protocol\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -230,7 +230,7 @@ "version": "Wzc0NiwxXQ==", "attributes": { "title": "S7comm Destination IP", - "visState": "{\"title\":\"S7comm Destination IP\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Protocol\"},\"schema\":\"bucket\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Port\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"S7comm Destination IP\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Protocol\"},\"schema\":\"bucket\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Port\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -290,7 +290,7 @@ "version": "WzkwNSwxXQ==", "attributes": { "title": "S7comm - Upload/Download File Names", - "visState": "{\"title\":\"S7comm - Upload/Download File Names\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"file.path\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"\",\"customLabel\":\"File Name\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.s7comm_upload_download.destination_filesystem\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Destination Filesystem\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"S7comm - Upload/Download File Names\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"file.path\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"\",\"customLabel\":\"File Name\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.s7comm_upload_download.destination_filesystem\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Destination Filesystem\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -320,7 +320,7 @@ "version": "Wzc0OCwxXQ==", "attributes": { "title": "S7comm Read-SZL", - "visState": "{\"title\":\"S7comm Read-SZL\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.s7comm_read_szl.szl_index\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"SZL Index\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Action\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.result\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Result\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"S7comm Read-SZL\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.s7comm_read_szl.szl_index\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"SZL Index\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Action\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.result\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Result\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/f1f09567-fc7f-450b-a341-19d2f2bb468b.json b/dashboards/dashboards/f1f09567-fc7f-450b-a341-19d2f2bb468b.json index 30177d9dd..776cdd97a 100644 --- a/dashboards/dashboards/f1f09567-fc7f-450b-a341-19d2f2bb468b.json +++ b/dashboards/dashboards/f1f09567-fc7f-450b-a341-19d2f2bb468b.json @@ -189,7 +189,7 @@ "updated_at": "2022-05-04T17:53:11.078Z", "version": "Wzc0MywxXQ==", "attributes": { - "visState": "{\"title\":\"Notices - Destination IP Addresses\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"Notices - Destination IP Addresses\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}", "description": "", "title": "Notices - Destination IP Addresses", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -220,7 +220,7 @@ "version": "Wzc0NCwxXQ==", "attributes": { "title": "Notices - Notice Type", - "visState": "{\"title\":\"Notices - Notice Type\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Notice Category\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.category\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Notice Category\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Notice Subcategory\"}}]}", + "visState": "{\"title\":\"Notices - Notice Type\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Notice Category\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.category\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Notice Category\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Notice Subcategory\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -340,7 +340,7 @@ "version": "Wzc0OCwxXQ==", "attributes": { "title": "Notice - Message Details", - "visState": "{\"title\":\"Notice - Message Details\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":4,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":4,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Category\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Subcategory\",\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Message\",\"aggType\":\"terms\"},{\"accessor\":3,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Sub-Message\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.category\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Category\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Subcategory\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.notice.msg\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Message\"}}]}", + "visState": "{\"title\":\"Notice - Message Details\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":4,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":4,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Category\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Subcategory\",\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Message\",\"aggType\":\"terms\"},{\"accessor\":3,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Sub-Message\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.category\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Category\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Subcategory\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.notice.msg\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Message\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -442,7 +442,7 @@ "version": "Wzc1MSwxXQ==", "attributes": { "title": "Notices - Notice Types by Source and Destination", - "visState": "{\"title\":\"Notices - Notice Types by Source and Destination\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":4,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Note\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"ip\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Source IP Address\",\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"ip\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Destination IP Address\",\"aggType\":\"terms\"},{\"accessor\":3,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Notice Category\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.category\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Notice Category\"}},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Notice Subcategory\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP Address\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP Address\"}}]}", + "visState": "{\"title\":\"Notices - Notice Types by Source and Destination\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":4,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Note\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"ip\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Source IP Address\",\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"ip\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Destination IP Address\",\"aggType\":\"terms\"},{\"accessor\":3,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Notice Category\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.category\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Notice Category\"}},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Notice Subcategory\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP Address\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP Address\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":4,\"direction\":\"desc\"}}}}", "description": "", "version": 1, diff --git a/dashboards/dashboards/f77bf097-18a8-465c-b634-eb2acc7a4f26.json b/dashboards/dashboards/f77bf097-18a8-465c-b634-eb2acc7a4f26.json index a5c2b2a0e..5e089e539 100644 --- a/dashboards/dashboards/f77bf097-18a8-465c-b634-eb2acc7a4f26.json +++ b/dashboards/dashboards/f77bf097-18a8-465c-b634-eb2acc7a4f26.json @@ -334,7 +334,7 @@ "updated_at": "2021-02-10T21:25:08.611Z", "version": "Wzg2NiwxXQ==", "attributes": { - "visState": "{\"title\":\"RFB - Server Version\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.rfb.server_major_version\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Major Version\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.rfb.server_minor_version\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Minor Version\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"RFB - Server Version\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.rfb.server_major_version\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Major Version\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.rfb.server_minor_version\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Minor Version\"}}],\"listeners\":{}}", "description": "", "title": "RFB - Server Version", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", @@ -364,7 +364,7 @@ "updated_at": "2021-02-10T21:25:08.611Z", "version": "Wzg2NywxXQ==", "attributes": { - "visState": "{\"title\":\"RFB - Client Version\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.rfb.client_major_version\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Major Version\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.rfb.client_minor_version\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Minor Version\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"RFB - Client Version\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.rfb.client_major_version\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Major Version\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.rfb.client_minor_version\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Minor Version\"}}],\"listeners\":{}}", "description": "", "title": "RFB - Client Version", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", diff --git a/dashboards/dashboards/fa141950-ef89-11e9-b38a-2db3ee640e88.json b/dashboards/dashboards/fa141950-ef89-11e9-b38a-2db3ee640e88.json index 6521f41dc..69d4a8c49 100644 --- a/dashboards/dashboards/fa141950-ef89-11e9-b38a-2db3ee640e88.json +++ b/dashboards/dashboards/fa141950-ef89-11e9-b38a-2db3ee640e88.json @@ -232,7 +232,7 @@ "version": "Wzg3NywxXQ==", "attributes": { "title": "Tabular Data Stream - SQL Source IP", - "visState": "{\"title\":\"Tabular Data Stream - SQL Source IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"size\":200,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"}}]}", + "visState": "{\"title\":\"Tabular Data Stream - SQL Source IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, @@ -262,7 +262,7 @@ "version": "Wzg3OCwxXQ==", "attributes": { "title": "Tabular Data Stream - SQL Destination IP", - "visState": "{\"title\":\"Tabular Data Stream - SQL Destination IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"size\":200,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Port\"}}]}", + "visState": "{\"title\":\"Tabular Data Stream - SQL Destination IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Port\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -292,7 +292,7 @@ "version": "Wzg3OSwxXQ==", "attributes": { "title": "Tabular Data Stream - SQL Query", - "visState": "{\"title\":\"Tabular Data Stream - SQL Query\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.tds_sql_batch.query\",\"size\":200,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Query\"}}]}", + "visState": "{\"title\":\"Tabular Data Stream - SQL Query\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.tds_sql_batch.query\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Query\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", "description": "", "version": 1, From 9ce8c25562692578b4c52af3ee4e069113a1a6e7 Mon Sep 17 00:00:00 2001 From: Seth Grover Date: Tue, 19 Mar 2024 15:42:08 -0600 Subject: [PATCH 49/79] related to 936bf157ca8707775512f0753cc3133cbb021fd8, make sure index-refresh.py can handle templates without any fields in them --- dashboards/scripts/index-refresh.py | 120 ++++++++++++++-------------- 1 file changed, 60 insertions(+), 60 deletions(-) diff --git a/dashboards/scripts/index-refresh.py b/dashboards/scripts/index-refresh.py index 028b574af..d28304b3c 100755 --- a/dashboards/scripts/index-refresh.py +++ b/dashboards/scripts/index-refresh.py @@ -30,23 +30,6 @@ urllib3.disable_warnings() -################################################################################################### -# print to stderr -def eprint(*args, **kwargs): - print(*args, file=sys.stderr, **kwargs) - - -################################################################################################### -# convenient boolean argument parsing -def str2bool(v): - if v.lower() in ('yes', 'true', 't', 'y', '1'): - return True - elif v.lower() in ('no', 'false', 'f', 'n', '0'): - return False - else: - raise argparse.ArgumentTypeError('Boolean value expected.') - - ################################################################################################### # main def main(): @@ -54,7 +37,14 @@ def main(): parser = argparse.ArgumentParser(description=scriptName, add_help=False, usage='{} '.format(scriptName)) parser.add_argument( - '-v', '--verbose', dest='debug', type=str2bool, nargs='?', const=True, default=False, help="Verbose output" + '-v', + '--verbose', + dest='debug', + type=malcolm_utils.str2bool, + nargs='?', + const=True, + default=False, + help="Verbose output", ) parser.add_argument( '-i', @@ -95,10 +85,10 @@ def main(): parser.add_argument( '--opensearch-ssl-verify', dest='opensearchSslVerify', - type=str2bool, + type=malcolm_utils.str2bool, nargs='?', const=True, - default=str2bool(os.getenv('OPENSEARCH_SSL_CERTIFICATE_VERIFICATION', default='False')), + default=malcolm_utils.str2bool(os.getenv('OPENSEARCH_SSL_CERTIFICATE_VERIFICATION', default='False')), help="Verify SSL certificates for OpenSearch", ) parser.add_argument( @@ -128,14 +118,21 @@ def main(): '-u', '--unassigned', dest='fixUnassigned', - type=str2bool, + type=malcolm_utils.str2bool, nargs='?', const=True, default=False, help="Set number_of_replicas for unassigned index shards to 0", ) parser.add_argument( - '-n', '--dry-run', dest='dryrun', type=str2bool, nargs='?', const=True, default=False, help="Dry run (no PUT)" + '-n', + '--dry-run', + dest='dryrun', + type=malcolm_utils.str2bool, + nargs='?', + const=True, + default=False, + help="Dry run (no PUT)", ) try: parser.error = parser.exit @@ -146,9 +143,9 @@ def main(): debug = args.debug if debug: - eprint(os.path.join(scriptPath, scriptName)) - eprint("Arguments: {}".format(sys.argv[1:])) - eprint("Arguments: {}".format(args)) + malcolm_utils.eprint(os.path.join(scriptPath, scriptName)) + malcolm_utils.eprint("Arguments: {}".format(sys.argv[1:])) + malcolm_utils.eprint("Arguments: {}".format(args)) else: sys.tracebacklimit = 0 @@ -179,7 +176,7 @@ def main(): statusInfo = statusInfoResponse.json() dashboardsVersion = statusInfo['version']['number'] if debug: - eprint('OpenSearch Dashboards version is {}'.format(dashboardsVersion)) + malcolm_utils.eprint('OpenSearch Dashboards version is {}'.format(dashboardsVersion)) opensearchInfoResponse = requests.get( args.opensearchUrl, @@ -189,7 +186,7 @@ def main(): opensearchInfo = opensearchInfoResponse.json() opensearchVersion = opensearchInfo['version']['number'] if debug: - eprint('OpenSearch version is {}'.format(opensearchVersion)) + malcolm_utils.eprint('OpenSearch version is {}'.format(opensearchVersion)) # if they actually just specified the name of the environment variable, resolve that for the index name if args.index.startswith('MALCOLM_'): @@ -206,7 +203,7 @@ def main(): getIndexInfo = getIndexInfoResponse.json() indexId = getIndexInfo['saved_objects'][0]['id'] if (len(getIndexInfo['saved_objects']) > 0) else None if debug: - eprint('Index ID for {} is {}'.format(args.index, indexId)) + malcolm_utils.eprint('Index ID for {} is {}'.format(args.index, indexId)) if indexId is not None: # get the current fields list @@ -233,15 +230,14 @@ def main(): getTemplateResponseJson = getTemplateResponse.json() if 'index_templates' in getTemplateResponseJson: for template in getTemplateResponseJson['index_templates']: - templateFields = template['index_template']['template']['mappings']['properties'] + templateFields = malcolm_utils.deep_get( + template, ['index_template', 'template', 'mappings', 'properties'], default=[] + ) # also include fields from component templates into templateFields before processing # https://opensearch.org/docs/latest/opensearch/index-templates/#composable-index-templates - composedOfList = ( - template['index_template']['composed_of'] - if 'composed_of' in template['index_template'] - else [] - ) + composedOfList = malcolm_utils.deep_get(template, ['index_template', 'composed_of'], default=[]) + for componentName in composedOfList: getComponentResponse = requests.get( '{}/{}/{}'.format(args.opensearchUrl, OS_GET_COMPONENT_TEMPLATE_URI, componentName), @@ -252,9 +248,13 @@ def main(): getComponentResponseJson = getComponentResponse.json() if 'component_templates' in getComponentResponseJson: for component in getComponentResponseJson['component_templates']: - templateFields.update( - component['component_template']['template']['mappings']['properties'] + properties = malcolm_utils.deep_get( + component, + ['component_template', 'template', 'mappings', 'properties'], + default=None, ) + if properties: + templateFields.update(properties) # a field should be merged if it's not already in the list we have from Dashboards, and it's # in the list of types we're merging (leave more complex types like nested and geolocation @@ -290,13 +290,13 @@ def main(): getFieldsList.append(mergedFieldInfo) # elif debug: - # eprint('Not merging {}: {}'.format(field, json.dumps(templateFields[field]))) + # malcolm_utils.eprint('Not merging {}: {}'.format(field, json.dumps(templateFields[field]))) except Exception as e: - eprint('"{}" raised for "{}", skipping template merge'.format(str(e), args.template)) + malcolm_utils.eprint('"{}" raised for "{}", skipping template merge'.format(str(e), args.template)) if debug: - eprint('{} would have {} fields'.format(args.index, len(getFieldsList))) + malcolm_utils.eprint('{} would have {} fields'.format(args.index, len(getFieldsList))) # define field formatting map for Dashboards -> Arkime drilldown and other URL drilldowns # @@ -342,18 +342,18 @@ def main(): if (field['type'] == 'ip') or (re.search(r'[_\.-](h|ip)$', field['name'], re.IGNORECASE) is not None): # add drilldown for searching IANA for IP addresses drilldownInfoParamsUrlTemplateValues = {} - drilldownInfoParamsUrlTemplateValues[ - 'url' - ] = 'https://www.virustotal.com/en/ip-address/{{value}}/information/' + drilldownInfoParamsUrlTemplateValues['url'] = ( + 'https://www.virustotal.com/en/ip-address/{{value}}/information/' + ) drilldownInfoParamsUrlTemplateValues['label'] = 'VirusTotal IP: {{value}}' drilldownInfoParamsUrlTemplates.append(drilldownInfoParamsUrlTemplateValues) elif re.search(r'(^|[\b_\.-])(md5|sha(1|256|384|512))\b', field['name'], re.IGNORECASE) is not None: # add drilldown for searching VirusTotal for hash signatures drilldownInfoParamsUrlTemplateValues = {} - drilldownInfoParamsUrlTemplateValues[ - 'url' - ] = 'https://www.virustotal.com/gui/file/{{value}}/detection' + drilldownInfoParamsUrlTemplateValues['url'] = ( + 'https://www.virustotal.com/gui/file/{{value}}/detection' + ) drilldownInfoParamsUrlTemplateValues['label'] = 'VirusTotal Hash: {{value}}' drilldownInfoParamsUrlTemplates.append(drilldownInfoParamsUrlTemplateValues) @@ -370,36 +370,36 @@ def main(): ): # add drilldown for searching IANA for ports drilldownInfoParamsUrlTemplateValues = {} - drilldownInfoParamsUrlTemplateValues[ - 'url' - ] = 'https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml?search={{value}}' + drilldownInfoParamsUrlTemplateValues['url'] = ( + 'https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml?search={{value}}' + ) drilldownInfoParamsUrlTemplateValues['label'] = 'Port Registry: {{value}}' drilldownInfoParamsUrlTemplates.append(drilldownInfoParamsUrlTemplateValues) elif re.search(r'^(protocol?|network\.protocol)$', field['name'], re.IGNORECASE) is not None: # add drilldown for searching IANA for services drilldownInfoParamsUrlTemplateValues = {} - drilldownInfoParamsUrlTemplateValues[ - 'url' - ] = 'https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml?search={{value}}' + drilldownInfoParamsUrlTemplateValues['url'] = ( + 'https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml?search={{value}}' + ) drilldownInfoParamsUrlTemplateValues['label'] = 'Service Registry: {{value}}' drilldownInfoParamsUrlTemplates.append(drilldownInfoParamsUrlTemplateValues) elif re.search(r'^(network\.transport|ipProtocol)$', field['name'], re.IGNORECASE) is not None: # add URL link for assigned transport protocol numbers drilldownInfoParamsUrlTemplateValues = {} - drilldownInfoParamsUrlTemplateValues[ - 'url' - ] = 'https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml' + drilldownInfoParamsUrlTemplateValues['url'] = ( + 'https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml' + ) drilldownInfoParamsUrlTemplateValues['label'] = 'Protocol Registry' drilldownInfoParamsUrlTemplates.append(drilldownInfoParamsUrlTemplateValues) elif re.search(r'(as\.number|(src|dst)ASN|asn\.(src|dst))$', field['name'], re.IGNORECASE) is not None: # add drilldown for searching ARIN for ASN drilldownInfoParamsUrlTemplateValues = {} - drilldownInfoParamsUrlTemplateValues[ - 'url' - ] = 'https://search.arin.net/rdap/?query={{value}}&searchFilter=asn' + drilldownInfoParamsUrlTemplateValues['url'] = ( + 'https://search.arin.net/rdap/?query={{value}}&searchFilter=asn' + ) drilldownInfoParamsUrlTemplateValues['label'] = 'ARIN ASN: {{value}}' drilldownInfoParamsUrlTemplates.append(drilldownInfoParamsUrlTemplateValues) @@ -407,9 +407,9 @@ def main(): # add drilldown for searching mime/media/content types # TODO: '/' in URL is getting messed up somehow, maybe we need to url encode it manually? not sure... drilldownInfoParamsUrlTemplateValues = {} - drilldownInfoParamsUrlTemplateValues[ - 'url' - ] = 'https://www.iana.org/assignments/media-types/{{value}}' + drilldownInfoParamsUrlTemplateValues['url'] = ( + 'https://www.iana.org/assignments/media-types/{{value}}' + ) drilldownInfoParamsUrlTemplateValues['label'] = 'Media Type Registry: {{value}}' drilldownInfoParamsUrlTemplates.append(drilldownInfoParamsUrlTemplateValues) From 5ba67e5d1d9e11ad3a6fe2865941d12d6d2f4992 Mon Sep 17 00:00:00 2001 From: Seth Grover Date: Tue, 19 Mar 2024 15:47:08 -0600 Subject: [PATCH 50/79] related to 936bf157ca8707775512f0753cc3133cbb021fd8, make sure index-refresh.py can handle templates without any fields in them --- dashboards/scripts/index-refresh.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dashboards/scripts/index-refresh.py b/dashboards/scripts/index-refresh.py index d28304b3c..83b233eb2 100755 --- a/dashboards/scripts/index-refresh.py +++ b/dashboards/scripts/index-refresh.py @@ -231,7 +231,7 @@ def main(): if 'index_templates' in getTemplateResponseJson: for template in getTemplateResponseJson['index_templates']: templateFields = malcolm_utils.deep_get( - template, ['index_template', 'template', 'mappings', 'properties'], default=[] + template, ['index_template', 'template', 'mappings', 'properties'], default={} ) # also include fields from component templates into templateFields before processing From 928d999ea365b1fc2cc0884d3d58707426031717 Mon Sep 17 00:00:00 2001 From: Seth Grover Date: Wed, 20 Mar 2024 09:25:50 -0600 Subject: [PATCH 51/79] Fix syntax error in malcolm_common.py --- scripts/malcolm_common.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/malcolm_common.py b/scripts/malcolm_common.py index fb2beece9..326842b93 100644 --- a/scripts/malcolm_common.py +++ b/scripts/malcolm_common.py @@ -74,7 +74,7 @@ def DialogInit(): if not MainDialog: MainDialog = Dialog(dialog='dialog', autowidgetsize=True) except ImportError: - Dialog = none + Dialog = None MainDialog = None From b9caae933cca3b662db1f85d09d7a85be8716092 Mon Sep 17 00:00:00 2001 From: Seth Grover Date: Wed, 20 Mar 2024 09:36:59 -0600 Subject: [PATCH 52/79] minor dashboard fixes --- .../dashboards/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa.json | 4 ++-- dashboards/dashboards/beats/Metricbeat-host-overview.json | 2 +- .../dashboards/fa477130-2b8a-11ec-a9f2-3911c8571bfd.json | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/dashboards/dashboards/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa.json b/dashboards/dashboards/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa.json index 11c0cffac..2a17f5301 100644 --- a/dashboards/dashboards/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa.json +++ b/dashboards/dashboards/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa.json @@ -369,7 +369,7 @@ "updated_at": "2021-02-10T21:24:11.908Z", "version": "WzE1NSwxXQ==", "attributes": { - "visState": "{\"title\":\"SIP - Method\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"zeek.sip.method\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Method\"}}],\"listeners\":{}}", + "visState": "{\"title\":\"SIP - Method\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"event.action\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Method\"}}],\"listeners\":{}}", "description": "", "title": "SIP - Method", "uiStateJSON": "{}", @@ -496,7 +496,7 @@ "source.ip", "destination.ip", "destination.port", - "zeek.sip.method", + "event.action", "zeek.sip.content_type", "zeek.sip.status_msg", "event.id" diff --git a/dashboards/dashboards/beats/Metricbeat-host-overview.json b/dashboards/dashboards/beats/Metricbeat-host-overview.json index b0e401a3f..74c3ad39a 100644 --- a/dashboards/dashboards/beats/Metricbeat-host-overview.json +++ b/dashboards/dashboards/beats/Metricbeat-host-overview.json @@ -18,7 +18,7 @@ "version": 1, "timeRestore": false, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"language\":\"kuery\",\"query\":\"host.name:\\\"hedgehogvm\\\"\"},\"version\":true,\"highlightAll\":false,\"filter\":[]}" + "searchSourceJSON": "{\"query\":{\"language\":\"kuery\",\"query\":\"host.name:*\"},\"version\":true,\"highlightAll\":false,\"filter\":[]}" } }, "references": [ diff --git a/dashboards/dashboards/fa477130-2b8a-11ec-a9f2-3911c8571bfd.json b/dashboards/dashboards/fa477130-2b8a-11ec-a9f2-3911c8571bfd.json index 9151a8a35..790cbd570 100644 --- a/dashboards/dashboards/fa477130-2b8a-11ec-a9f2-3911c8571bfd.json +++ b/dashboards/dashboards/fa477130-2b8a-11ec-a9f2-3911c8571bfd.json @@ -215,7 +215,7 @@ "version": "Wzk0MiwxXQ==", "attributes": { "title": "STUN - Method and Class", - "visState": "{\"title\":\"STUN - Method and Class\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.stun.method\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Method\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.stun.attr_type\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Attribute Type\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.stun.class\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Class\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "visState": "{\"title\":\"STUN - Method and Class\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Method\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.stun.attr_type\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Attribute Type\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.stun.class\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Class\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}", "description": "", "version": 1, @@ -433,7 +433,7 @@ "destination.ip", "destination.port", "network.is_orig", - "zeek.stun.method", + "event.action", "zeek.stun.class", "zeek.stun.attr_type", "event.id" From ba302920174084738d33ddd36d0fcba125cf07ba Mon Sep 17 00:00:00 2001 From: Seth Grover Date: Wed, 20 Mar 2024 10:02:37 -0600 Subject: [PATCH 53/79] point TDS plugin back upstream to amazon's github repo; rename log policy to match merge from upstream --- shared/bin/zeek_install_plugins.sh | 2 +- zeek/config/local.zeek | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/shared/bin/zeek_install_plugins.sh b/shared/bin/zeek_install_plugins.sh index 209a2dd2e..525b0827f 100755 --- a/shared/bin/zeek_install_plugins.sh +++ b/shared/bin/zeek_install_plugins.sh @@ -67,7 +67,7 @@ ZKG_GITHUB_URLS=( "https://github.com/0xxon/cve-2020-0601" "https://github.com/0xxon/cve-2020-13777" "https://github.com/mmguero-dev/zeek-plugin-profinet|master" - "https://github.com/mmguero-dev/zeek-plugin-tds|master" + "https://github.com/amzn/zeek-plugin-tds|master" "https://github.com/cisagov/icsnpp-bacnet" "https://github.com/cisagov/icsnpp-bsap" "https://github.com/cisagov/icsnpp-dnp3" diff --git a/zeek/config/local.zeek b/zeek/config/local.zeek index 74cf86787..64a332455 100644 --- a/zeek/config/local.zeek +++ b/zeek/config/local.zeek @@ -306,7 +306,7 @@ redef CVE_2021_44228::log = F; ##! Other logs we're just disabling unilaterally # amzn/zeek-plugin-profinet's profinet_dce_rpc.log is covered by cisagov/icsnpp-profinet-io-cm -hook Profinet::log_policy_profinet_dce_rpc( +hook Profinet::log_policy_dce_rpc( rec: Profinet::Profinet_DCE_RPC, id: Log::ID, filter: Log::Filter) { From dd9b3766e66ba5c2f4b7151b187049314347d1b2 Mon Sep 17 00:00:00 2001 From: Seth Grover Date: Wed, 20 Mar 2024 11:40:59 -0600 Subject: [PATCH 54/79] working on idaholab/Malcolm#266, Malcolm ISO should format bigger drives for index and artifact storage, NOT DONE YET --- .../normal/0900-setup-rc-local.hook.chroot | 4 +- shared/bin/capture-format-wait.sh | 6 +- ...pture-disk-config.py => os-disk-config.py} | 240 +++++++++++------- 3 files changed, 160 insertions(+), 90 deletions(-) rename shared/bin/{sensor-capture-disk-config.py => os-disk-config.py} (76%) diff --git a/hedgehog-iso/config/hooks/normal/0900-setup-rc-local.hook.chroot b/hedgehog-iso/config/hooks/normal/0900-setup-rc-local.hook.chroot index e40c67081..8e5872e7a 100755 --- a/hedgehog-iso/config/hooks/normal/0900-setup-rc-local.hook.chroot +++ b/hedgehog-iso/config/hooks/normal/0900-setup-rc-local.hook.chroot @@ -16,8 +16,8 @@ else fi if [ -f "$CAPTURE_STORAGE_FORMAT_FILE" ]; then logger "Initializing disk(s) to store captured artifacts" - date >>/var/log/sensor-capture-disk-config.log 2>&1 - python3 /usr/local/bin/sensor-capture-disk-config.py -u $CAPTURE_STORAGE_FORMAT_FLAG >>/var/log/sensor-capture-disk-config.log 2>&1 + date >>/var/log/os-disk-config.log 2>&1 + python3 /usr/local/bin/os-disk-config.py -m hedgehog -u $CAPTURE_STORAGE_FORMAT_FLAG >>/var/log/os-disk-config.log 2>&1 rm -f "$CAPTURE_STORAGE_FORMAT_FILE" fi diff --git a/shared/bin/capture-format-wait.sh b/shared/bin/capture-format-wait.sh index 1c4362e7c..209caa037 100755 --- a/shared/bin/capture-format-wait.sh +++ b/shared/bin/capture-format-wait.sh @@ -14,10 +14,10 @@ else CAPTURE_STORAGE_FORMAT_FILE="/etc/capture_storage_format" fi -if [[ -f "$CAPTURE_STORAGE_FORMAT_FILE" ]] || pgrep -f "sensor-capture-disk-config.py" >/dev/null 2>&1; then +if [[ -f "$CAPTURE_STORAGE_FORMAT_FILE" ]] || pgrep -f "os-disk-config.py" >/dev/null 2>&1; then trap finish EXIT - yes | zenity --progress --pulsate --no-cancel --auto-close --text "Capture storage media are being prepared..." --title "Preparing Storage" & - while [[ -f "$CAPTURE_STORAGE_FORMAT_FILE" ]] || pgrep -f "sensor-capture-disk-config.py" >/dev/null 2>&1; do + yes | zenity --progress --pulsate --no-cancel --auto-close --text "Large storage media are being prepared..." --title "Preparing Storage" & + while [[ -f "$CAPTURE_STORAGE_FORMAT_FILE" ]] || pgrep -f "os-disk-config.py" >/dev/null 2>&1; do sleep 2 done fi diff --git a/shared/bin/sensor-capture-disk-config.py b/shared/bin/os-disk-config.py similarity index 76% rename from shared/bin/sensor-capture-disk-config.py rename to shared/bin/os-disk-config.py index 40c05b323..4e7243583 100755 --- a/shared/bin/sensor-capture-disk-config.py +++ b/shared/bin/os-disk-config.py @@ -4,7 +4,9 @@ # Copyright (c) 2024 Battelle Energy Alliance, LLC. All rights reserved. ################################################################################################### -# Detect, partition, and format devices to be used for sensor packet/log captures. +# Detect, partition, and format devices to be used for: +# - Hedgehog Linux - sensor packet/log captures +# - Malcolm - database and capture artifacts # # Run the script with --help for options ################################################################################################### @@ -21,22 +23,55 @@ from malcolm_utils import remove_prefix, str2bool, sizeof_fmt, run_subprocess, eprint -MINIMUM_CAPTURE_DEVICE_BYTES = 100 * 1024 * 1024 * 1024 # 100GiB -CAPTURE_MOUNT_ROOT_PATH = "/capture" -CAPTURE_MOUNT_PCAP_DIR = "pcap" -CAPTURE_MOUNT_ZEEK_DIR = "bro" -FSTAB_FILE = "/etc/fstab" -CRYPTTAB_FILE = "/etc/crypttab" -CAPTURE_GROUP_OWNER = "netdev" -CAPTURE_USER_UID = 1000 -CAPTURE_DIR_PERMS = 0o750 -CAPTURE_SUBDIR_PERMS = 0o770 -SENSOR_CAPTURE_CONFIG = '/opt/sensor/sensor_ctl/control_vars.conf' -CAPTURE_CRYPT_KEYFILE = '/etc/capture_crypt.key' -CAPTURE_CRYPT_KEYFILE_PERMS = 0o600 -CAPTURE_CRYPT_DEV_PREFIX = 'capture_vault_' +OS_MODE_HEDGEHOG = 'hedgehog' +OS_MODE_MALCOLM = 'malcolm' + +HEDGEHOG_PCAP_DIR = "pcap" +HEDGEHOG_ZEEK_DIR = "bro" +MALCOLM_DB_DIR = "datastore" +MALCOLM_PCAP_DIR = "pcap" +MALCOLM_LOGS_DIR = "logs" + +OS_PARAMS = defaultdict(lambda: None) +OS_PARAMS[OS_MODE_HEDGEHOG] = defaultdict(lambda: None) +OS_PARAMS[OS_MODE_MALCOLM] = defaultdict(lambda: None) +OS_PARAMS[OS_MODE_HEDGEHOG].update( + { + MINIMUM_DEVICE_BYTES: 100 * 1024 * 1024 * 1024, # 100GiB + MOUNT_ROOT_PATH: "/capture", + MOUNT_DIRS: [HEDGEHOG_PCAP_DIR, HEDGEHOG_ZEEK_DIR], + FSTAB_FILE: "/etc/fstab", + CRYPTTAB_FILE: "/etc/crypttab", + GROUP_OWNER: "netdev", + USER_UID: 1000, + DIR_PERMS: 0o750, + SUBDIR_PERMS: 0o770, + SYSTEM_CONFIG_FILE: '/opt/sensor/sensor_ctl/control_vars.conf', + CRYPT_KEYFILE: '/etc/capture_crypt.key', + CRYPT_KEYFILE_PERMS: 0o600, + CRYPT_DEV_PREFIX: 'capture_vault_', + } +) +OS_PARAMS[OS_MODE_MALCOLM].update( + { + MINIMUM_DEVICE_BYTES: 100 * 1024 * 1024 * 1024, # 100GiB + MOUNT_ROOT_PATH: "/malcolm", + MOUNT_DIRS: [MALCOLM_DB_DIR, MALCOLM_PCAP_DIR, MALCOLM_LOGS_DIR], + FSTAB_FILE: "/etc/fstab", + CRYPTTAB_FILE: "/etc/crypttab", + GROUP_OWNER: "docker", + USER_UID: 1000, + DIR_PERMS: 0o750, + SUBDIR_PERMS: 0o770, + CRYPT_KEYFILE: '/etc/capture_crypt.key', + CRYPT_KEYFILE_PERMS: 0o600, + CRYPT_DEV_PREFIX: 'malcolm_vault_', + } +) + debug = False +osMode = None ################################################################################################### @@ -67,7 +102,8 @@ def YesOrNo(question): ################################################################################################### # create a name we can use for a mapper device name for encryption def CreateMapperName(device): - return f"{CAPTURE_CRYPT_DEV_PREFIX}{''.join([c if c.isalnum() else '_' for c in remove_prefix(device, '/dev/')])}" + global osMode + return f"{OS_PARAMS[osMode][CRYPT_DEV_PREFIX]}{''.join([c if c.isalnum() else '_' for c in remove_prefix(device, '/dev/')])}" def CreateMapperDeviceName(device): @@ -127,6 +163,9 @@ def GetDeviceSize(device): # main ################################################################################################### def main(): + global debug + global osMode + # to parse fdisk output, look for partitions after partitions header line fdisk_pars_begin_pattern = re.compile(r'^Device\s+Start\s+End\s+Sectors\s+Size\s+Type\s*$') # to parse partitions from fdisk output after parted creates partition table @@ -136,7 +175,16 @@ def main(): # extract arguments from the command line parser = argparse.ArgumentParser( - description='sensor-capture-disk-config.py', add_help=False, usage='sensor-capture-disk-config.py [options]' + description='os-disk-config.py', add_help=False, usage='os-disk-config.py [options]' + ) + parser.add_argument( + '-m', + '--mode', + dest='osMode', + required=True, + metavar='', + type=str, + help=f'Script mode: {OS_MODE_HEDGEHOG} or {OS_MODE_MALCOLM}', ) parser.add_argument( '-i', @@ -194,17 +242,24 @@ def main(): if debug: eprint(f"Arguments: {args}") + if args.osMode in (OS_MODE_HEDGEHOG, OS_MODE_MALCOLM): + osMode = args.osMode + else: + parser.print_help() + exit(2) + # unmount existing mounts if requested if args.umount and (not args.dryrun): if (not args.interactive) or YesOrNo('Unmount any mounted capture path(s)?'): if debug: eprint("Attempting unmount of capture path(s)...") - run_subprocess(f"umount {os.path.join(CAPTURE_MOUNT_ROOT_PATH, CAPTURE_MOUNT_PCAP_DIR)}") - run_subprocess(f"umount {os.path.join(CAPTURE_MOUNT_ROOT_PATH, CAPTURE_MOUNT_ZEEK_DIR)}") - run_subprocess(f"umount {CAPTURE_MOUNT_ROOT_PATH}") + for subdir in OS_PARAMS[osMode][MOUNT_DIRS]: + run_subprocess(f"umount {os.path.join(OS_PARAMS[osMode][MOUNT_ROOT_PATH], subdir)}") + run_subprocess(f"umount {OS_PARAMS[osMode][MOUNT_ROOT_PATH]}") # also luksClose any luks volumes devices we might have set up for cryptDev in [ - remove_prefix(x, '/dev/mapper/') for x in glob.glob(f"/dev/mapper/{CAPTURE_CRYPT_DEV_PREFIX}*") + remove_prefix(x, '/dev/mapper/') + for x in glob.glob(f"/dev/mapper/{OS_PARAMS[osMode][CRYPT_DEV_PREFIX]}*") ]: if debug: eprint(f"Running crypsetup luksClose on {cryptDev}...") @@ -222,9 +277,9 @@ def main(): mountDetails = line.split() if len(mountDetails) >= 2: mountPoint = mountDetails[1] - if mountPoint.startswith(CAPTURE_MOUNT_ROOT_PATH): + if mountPoint.startswith(OS_PARAMS[osMode][MOUNT_ROOT_PATH]): eprint( - f"It appears there is already a device mounted under {CAPTURE_MOUNT_ROOT_PATH} at {mountPoint}." + f"It appears there is already a device mounted under {OS_PARAMS[osMode][MOUNT_ROOT_PATH]} at {mountPoint}." ) eprint( "If you wish to continue, you may run this script with the '-u|--umount' option to umount first." @@ -301,7 +356,7 @@ def main(): # it in any way, (no partitions, mappings, etc. that are mounted) and is at least 100 gigabytes for device, entries in allDisks.items(): deviceMounts = list(set([par.mount for par in entries if par.mount is not None])) - if (len(deviceMounts) == 0) and (GetDeviceSize(device) >= MINIMUM_CAPTURE_DEVICE_BYTES): + if (len(deviceMounts) == 0) and (GetDeviceSize(device) >= OS_PARAMS[osMode][MINIMUM_DEVICE_BYTES]): candidateDevs.append(device) # sort candidate devices largest to smallest @@ -312,14 +367,14 @@ def main(): if len(candidateDevs) > 0: if args.encrypt: # create keyfile (will be on the encrypted system drive, and used to automatically unlock the encrypted capture drives) - with open(CAPTURE_CRYPT_KEYFILE, 'wb') as f: + with open(OS_PARAMS[osMode][CRYPT_KEYFILE], 'wb') as f: f.write(os.urandom(4096)) - os.chown(CAPTURE_CRYPT_KEYFILE, 0, 0) - os.chmod(CAPTURE_CRYPT_KEYFILE, CAPTURE_CRYPT_KEYFILE_PERMS) + os.chown(OS_PARAMS[osMode][CRYPT_KEYFILE], 0, 0) + os.chmod(OS_PARAMS[osMode][CRYPT_KEYFILE], OS_PARAMS[osMode][CRYPT_KEYFILE_PERMS]) # partition/format each candidate device for device in candidateDevs: - # we only need at most two drives (one for pcap, one for zeek), or at least one + # we only need at most len(OS_PARAMS[osMode][MOUNT_DIRS]), or at least one if len(formattedDevs) >= 2: break @@ -374,13 +429,15 @@ def main(): okToFormat = False # remove this device from /etc/crypttab - if os.path.isfile(CRYPTTAB_FILE): - with fileinput.FileInput(CRYPTTAB_FILE, inplace=True, backup='.bak') as f: + if os.path.isfile(OS_PARAMS[osMode][CRYPTTAB_FILE]): + with fileinput.FileInput( + OS_PARAMS[osMode][CRYPTTAB_FILE], inplace=True, backup='.bak' + ) as f: for line in f: line = line.rstrip("\n") if line.startswith(f"{CreateMapperName(parDev)}"): if debug: - eprint(f"removed {line} from {CRYPTTAB_FILE}") + eprint(f"removed {line} from {OS_PARAMS[osMode][CRYPTTAB_FILE]}") else: print(line) @@ -407,7 +464,7 @@ def main(): if debug: eprint(f"Running crypsetup luksFormat on {device}...") ecode, cryptOut = run_subprocess( - f"/sbin/cryptsetup --verbose --batch-mode luksFormat {parDev} --uuid='{parUuid}' --key-file {CAPTURE_CRYPT_KEYFILE}", + f"/sbin/cryptsetup --verbose --batch-mode luksFormat {parDev} --uuid='{parUuid}' --key-file {OS_PARAMS[osMode][CRYPT_KEYFILE]}", stdout=True, stderr=True, timeout=3600, @@ -421,7 +478,7 @@ def main(): eprint(f"Running crypsetup luksOpen on {device}...") parMapperDev = CreateMapperDeviceName(parDev) ecode, cryptOut = run_subprocess( - f"/sbin/cryptsetup --verbose luksOpen {parDev} {CreateMapperName(parDev)} --key-file {CAPTURE_CRYPT_KEYFILE}", + f"/sbin/cryptsetup --verbose luksOpen {parDev} {CreateMapperName(parDev)} --key-file {OS_PARAMS[osMode][CRYPT_KEYFILE]}", stdout=True, stderr=True, timeout=180, @@ -478,44 +535,50 @@ def main(): eprint(f"Error {ecode} partitioning {device}, giving up on {device}") # now that we have formatted our device(s), decide where they're going to mount (these are already sorted) - if len(formattedDevs) >= 2: - formattedDevs[0].mount = os.path.join(CAPTURE_MOUNT_ROOT_PATH, CAPTURE_MOUNT_PCAP_DIR) - formattedDevs[1].mount = os.path.join(CAPTURE_MOUNT_ROOT_PATH, CAPTURE_MOUNT_ZEEK_DIR) + devIdx = 0 + if len(formattedDevs) >= len(OS_PARAMS[osMode][MOUNT_DIRS]): + for subdir in OS_PARAMS[osMode][MOUNT_DIRS]: + formattedDevs[devIdx].mount = os.path.join(OS_PARAMS[osMode][MOUNT_ROOT_PATH], subdir) + devIdx += 1 elif len(formattedDevs) == 1: - formattedDevs[0].mount = CAPTURE_MOUNT_ROOT_PATH + formattedDevs[devIdx].mount = OS_PARAMS[osMode][MOUNT_ROOT_PATH] if debug: eprint(formattedDevs) # mountpoints are probably not already mounted, but this will make sure - run_subprocess(f"umount {os.path.join(CAPTURE_MOUNT_ROOT_PATH, CAPTURE_MOUNT_PCAP_DIR)}") - run_subprocess(f"umount {os.path.join(CAPTURE_MOUNT_ROOT_PATH, CAPTURE_MOUNT_ZEEK_DIR)}") - run_subprocess(f"umount {CAPTURE_MOUNT_ROOT_PATH}") + for subdir in OS_PARAMS[osMode][MOUNT_DIRS]: + run_subprocess(f"umount {os.path.join(OS_PARAMS[osMode][MOUNT_ROOT_PATH], subdir)}") + run_subprocess(f"umount {OS_PARAMS[osMode][MOUNT_ROOT_PATH]}") _, reloadOut = run_subprocess("systemctl daemon-reload") # clean out any previous fstab entries that might be interfering from previous configurations - if Fstab.remove_by_mountpoint(os.path.join(CAPTURE_MOUNT_ROOT_PATH, CAPTURE_MOUNT_PCAP_DIR), path=FSTAB_FILE): - if debug: - eprint( - f"Removed previous {os.path.join(CAPTURE_MOUNT_ROOT_PATH, CAPTURE_MOUNT_PCAP_DIR)} mount from {FSTAB_FILE}" - ) - if Fstab.remove_by_mountpoint(os.path.join(CAPTURE_MOUNT_ROOT_PATH, CAPTURE_MOUNT_ZEEK_DIR), path=FSTAB_FILE): + for subdir in OS_PARAMS[osMode][MOUNT_DIRS]: + if Fstab.remove_by_mountpoint( + os.path.join(OS_PARAMS[osMode][MOUNT_ROOT_PATH], subdir), + path=OS_PARAMS[osMode][FSTAB_FILE], + ): + if debug: + eprint( + f"Removed previous {os.path.join(OS_PARAMS[osMode][MOUNT_ROOT_PATH], subdir)} mount from {OS_PARAMS[osMode][FSTAB_FILE]}" + ) + + if Fstab.remove_by_mountpoint(OS_PARAMS[osMode][MOUNT_ROOT_PATH], path=OS_PARAMS[osMode][FSTAB_FILE]): if debug: eprint( - f"Removed previous {os.path.join(CAPTURE_MOUNT_ROOT_PATH, CAPTURE_MOUNT_ZEEK_DIR)} mount from {FSTAB_FILE}" + f"Removed previous {OS_PARAMS[osMode][MOUNT_ROOT_PATH]} mount from {OS_PARAMS[osMode][FSTAB_FILE]}" ) - if Fstab.remove_by_mountpoint(CAPTURE_MOUNT_ROOT_PATH, path=FSTAB_FILE): - if debug: - eprint(f"Removed previous {CAPTURE_MOUNT_ROOT_PATH} mount from {FSTAB_FILE}") # reload tab files with systemctl _, reloadOut = run_subprocess("systemctl daemon-reload") # get the GID of the group of the user(s) that will be doing the capture try: - ecode, guidGetOut = run_subprocess(f"getent group {CAPTURE_GROUP_OWNER}", stdout=True, stderr=True) + ecode, guidGetOut = run_subprocess( + f"getent group {OS_PARAMS[osMode][GROUP_OWNER]}", stdout=True, stderr=True + ) if (ecode == 0) and (len(guidGetOut) > 0): netdevGuid = int(guidGetOut[0].split(':')[2]) else: @@ -524,29 +587,33 @@ def main(): netdevGuid = -1 # rmdir any mount directories that might be interfering from previous configurations - if os.path.isdir(CAPTURE_MOUNT_ROOT_PATH): - for root, dirs, files in os.walk(CAPTURE_MOUNT_ROOT_PATH, topdown=False): + if os.path.isdir(OS_PARAMS[osMode][MOUNT_ROOT_PATH]): + for root, dirs, files in os.walk(OS_PARAMS[osMode][MOUNT_ROOT_PATH], topdown=False): for name in dirs: if debug: eprint(f"Removing {os.path.join(root, name)}") os.rmdir(os.path.join(root, name)) if debug: - eprint(f"Removing {CAPTURE_MOUNT_ROOT_PATH}") - os.rmdir(CAPTURE_MOUNT_ROOT_PATH) + eprint(f"Removing {OS_PARAMS[osMode][MOUNT_ROOT_PATH]}") + os.rmdir(OS_PARAMS[osMode][MOUNT_ROOT_PATH]) if debug: - eprint(f"Creating {CAPTURE_MOUNT_ROOT_PATH}") - os.makedirs(CAPTURE_MOUNT_ROOT_PATH, exist_ok=True) - os.chown(CAPTURE_MOUNT_ROOT_PATH, -1, netdevGuid) - os.chmod(CAPTURE_MOUNT_ROOT_PATH, CAPTURE_DIR_PERMS) + eprint(f"Creating {OS_PARAMS[osMode][MOUNT_ROOT_PATH]}") + os.makedirs(OS_PARAMS[osMode][MOUNT_ROOT_PATH], exist_ok=True) + os.chown(OS_PARAMS[osMode][MOUNT_ROOT_PATH], -1, netdevGuid) + os.chmod(OS_PARAMS[osMode][MOUNT_ROOT_PATH], OS_PARAMS[osMode][DIR_PERMS]) # add crypttab entries if args.encrypt: - with open(CRYPTTAB_FILE, 'a' if os.path.isfile(CRYPTTAB_FILE) else 'w') as f: + with open( + OS_PARAMS[osMode][CRYPTTAB_FILE], 'a' if os.path.isfile(OS_PARAMS[osMode][CRYPTTAB_FILE]) else 'w' + ) as f: for par in formattedDevs: - crypttabLine = f"{CreateMapperName(par.partition)} UUID={par.uuid} {CAPTURE_CRYPT_KEYFILE} luks\n" + crypttabLine = ( + f"{CreateMapperName(par.partition)} UUID={par.uuid} {OS_PARAMS[osMode][CRYPT_KEYFILE]} luks\n" + ) f.write(crypttabLine) if debug: - eprint(f'Added "{crypttabLine}" to {CRYPTTAB_FILE}') + eprint(f'Added "{crypttabLine}" to {OS_PARAMS[osMode][CRYPTTAB_FILE]}') # recreate mount directories and add fstab entries for par in formattedDevs: @@ -560,7 +627,7 @@ def main(): options="defaults,inode64,noatime,rw,auto,user,x-systemd.device-timeout=600s", fs_passno=2, filesystem='xfs', - path=FSTAB_FILE, + path=OS_PARAMS[osMode][FSTAB_FILE], ) else: entry = Fstab.add( @@ -569,9 +636,9 @@ def main(): options="defaults,inode64,noatime,rw,auto,user,x-systemd.device-timeout=600s", fs_passno=2, filesystem='xfs', - path=FSTAB_FILE, + path=OS_PARAMS[osMode][FSTAB_FILE], ) - eprint(f'Added "{entry}" to {FSTAB_FILE} for {par.partition}') + eprint(f'Added "{entry}" to {OS_PARAMS[osMode][FSTAB_FILE]} for {par.partition}') # reload tab files with systemctl _, reloadOut = run_subprocess("systemctl daemon-reload") @@ -584,40 +651,43 @@ def main(): eprint(f'Mounted {par.partition} at {par.mount}') userDirs = [] - if par.mount == CAPTURE_MOUNT_ROOT_PATH: - # only one drive, so we're mounted at /capture, create user directories for CAPTURE_MOUNT_ZEEK_DIR and CAPTURE_MOUNT_PCAP_DIR - userDirs.append(os.path.join(par.mount, CAPTURE_MOUNT_PCAP_DIR)) - userDirs.append(os.path.join(par.mount, CAPTURE_MOUNT_ZEEK_DIR)) + if par.mount == OS_PARAMS[osMode][MOUNT_ROOT_PATH]: + # only one drive, so we're mounted at /{MOUNT_ROOT_PATH}, create user directories for subdirs + for subdir in OS_PARAMS[osMode][MOUNT_DIRS]: + userDirs.append(os.path.join(par.mount, subdir)) else: # we're mounted somewhere *underneath* /capture, so create a user-writeable subdirectory where we are - userDirs.append(os.path.join(par.mount, 'capture')) + userDirs.append(os.path.join(par.mount, OS_PARAMS[osMode][MOUNT_ROOT_PATH].strip(os.path.sep))) # set permissions on user dirs - pcapDir = None - zeekDir = None + createdUserDirs = defaultdict(lambda: None) for userDir in userDirs: os.makedirs(userDir, exist_ok=True) - os.chown(userDir, CAPTURE_USER_UID, netdevGuid) - os.chmod(userDir, CAPTURE_SUBDIR_PERMS) + os.chown(userDir, OS_PARAMS[osMode][USER_UID], netdevGuid) + os.chmod(userDir, OS_PARAMS[osMode][SUBDIR_PERMS]) if debug: eprint(f'Created "{userDir}" for writing by capture user') - if f"{os.path.sep}{CAPTURE_MOUNT_PCAP_DIR}{os.path.sep}" in userDir: - pcapDir = userDir - elif f"{os.path.sep}{CAPTURE_MOUNT_ZEEK_DIR}{os.path.sep}" in userDir: - zeekDir = userDir + for subdir in OS_PARAMS[osMode][MOUNT_DIRS]: + if f"{os.path.sep}{subdir}{os.path.sep}" in userDir: + createdUserDirs[subDir] = userDir + break - # replace capture paths in-place in SENSOR_CAPTURE_CONFIG - if os.path.isfile(SENSOR_CAPTURE_CONFIG): + # replace capture paths in-place in control_vars.conf + if (osMode == OS_MODE_HEDGEHOG) and os.path.isfile(OS_PARAMS[osMode][SYSTEM_CONFIG_FILE]): capture_re = re.compile(r"\b(?PPCAP_PATH|ZEEK_LOG_PATH)\s*=\s*.*?$") - with fileinput.FileInput(SENSOR_CAPTURE_CONFIG, inplace=True, backup='.bak') as f: + with fileinput.FileInput(OS_PARAMS[osMode][SYSTEM_CONFIG_FILE], inplace=True, backup='.bak') as f: for line in f: line = line.rstrip("\n") log_path_match = capture_re.search(line) if log_path_match is not None: - if (log_path_match.group('key') == 'PCAP_PATH') and (pcapDir is not None): - print(capture_re.sub(r"\1=%s" % pcapDir, line)) - elif (log_path_match.group('key') == 'ZEEK_LOG_PATH') and (zeekDir is not None): - print(capture_re.sub(r"\1=%s" % zeekDir, line)) + if (log_path_match.group('key') == 'PCAP_PATH') and ( + createdUserDirs[HEDGEHOG_PCAP_DIR] is not None + ): + print(capture_re.sub(r"\1=%s" % createdUserDirs[HEDGEHOG_PCAP_DIR], line)) + elif (log_path_match.group('key') == 'ZEEK_LOG_PATH') and ( + createdUserDirs[HEDGEHOG_ZEEK_DIR] is not None + ): + print(capture_re.sub(r"\1=%s" % createdUserDirs[HEDGEHOG_ZEEK_DIR], line)) else: print(line) else: From 366c34a1629e442f4d99a5d7867c1dd6606e2f63 Mon Sep 17 00:00:00 2001 From: Seth Grover Date: Wed, 20 Mar 2024 13:52:58 -0600 Subject: [PATCH 55/79] working on idaholab/Malcolm#266, Malcolm ISO should format bigger drives for index and artifact storage, NOT DONE YET --- README.md | 2 +- docs/arkime.md | 2 +- docs/malcolm-hedgehog-e2e-iso-install.md | 2 +- .../interface/sensor_ctl/control_vars.conf | 2 +- .../sensor_ctl/filebeat/filebeat.yml | 6 ++-- .../filebeat/sensor_filebeat_local.sh | 4 +-- .../sensor_interface/static/js/custom.js | 4 +-- .../sensor_interface/templates/buttons.html | 4 +-- pcap-capture/scripts/supervisor.sh | 2 +- shared/bin/os-disk-config.py | 30 +++++++++---------- 10 files changed, 29 insertions(+), 29 deletions(-) diff --git a/README.md b/README.md index fb4a574d1..f8dde1e6a 100644 --- a/README.md +++ b/README.md @@ -4,7 +4,7 @@ Malcolm is a powerful network traffic analysis tool suite designed with the following goals in mind: -* **Easy to use** – Malcolm accepts network traffic data in the form of full packet capture (PCAP) files and Zeek (formerly Bro) logs. These artifacts can be uploaded via a simple browser-based interface or captured live and forwarded to Malcolm using lightweight forwarders. In either case, the data is automatically normalized, enriched, and correlated for analysis. +* **Easy to use** – Malcolm accepts network traffic data in the form of full packet capture (PCAP) files and Zeek logs. These artifacts can be uploaded via a simple browser-based interface or captured live and forwarded to Malcolm using lightweight forwarders. In either case, the data is automatically normalized, enriched, and correlated for analysis. * **Powerful traffic analysis** – Visibility into network communications is provided through two intuitive interfaces: OpenSearch Dashboard, a flexible data visualization plugin with dozens of prebuilt dashboards providing an at-a-glance overview of network protocols; and Arkime (formerly Moloch), a powerful tool for finding and identifying the network sessions comprising suspected security incidents. * **Streamlined deployment** – Malcolm operates as a cluster of Docker containers – isolated sandboxes that each serve a dedicated function of the system. This Docker-based deployment model, combined with a few simple scripts for setup and run-time management, makes Malcolm suitable to be deployed quickly across a variety of platforms and use cases; whether it be for long-term deployment on a Linux server in a security operations center (SOC) or for incident response on a Macbook for an individual engagement. * **Secure communications** – All communications with Malcolm, both from the user interface and from remote log forwarders, are secured with industry standard encryption protocols. diff --git a/docs/arkime.md b/docs/arkime.md index 41d9fdc35..557a33193 100644 --- a/docs/arkime.md +++ b/docs/arkime.md @@ -17,7 +17,7 @@ The Arkime interface will be accessible over HTTPS on port 443 at the docker hos ## Zeek log integration -A stock installation of Arkime extracts all its network connection ("session") metadata ("SPI" or "Session Profile Information") from full packet capture artifacts (PCAP files). Zeek (formerly Bro) generates similar session metadata, linking network events to sessions via a connection UID. Malcolm aims to facilitate analysis of Zeek logs by mapping values from Zeek logs to the Arkime session database schema for equivalent fields, and by creating new "native" Arkime database fields for all other Zeek log values for which there is not currently an equivalent in Arkime: +A stock installation of Arkime extracts all its network connection ("session") metadata ("SPI" or "Session Profile Information") from full packet capture artifacts (PCAP files). Zeek generates similar session metadata, linking network events to sessions via a connection UID. Malcolm aims to facilitate analysis of Zeek logs by mapping values from Zeek logs to the Arkime session database schema for equivalent fields, and by creating new "native" Arkime database fields for all other Zeek log values for which there is not currently an equivalent in Arkime: ![Zeek log session record](./images/screenshots/arkime_session_zeek.png) diff --git a/docs/malcolm-hedgehog-e2e-iso-install.md b/docs/malcolm-hedgehog-e2e-iso-install.md index 1c0b2a7a9..7e675bee0 100644 --- a/docs/malcolm-hedgehog-e2e-iso-install.md +++ b/docs/malcolm-hedgehog-e2e-iso-install.md @@ -463,7 +463,7 @@ To specify which files should be extracted, specify the Zeek file carving mode: If unsure what mode to choose, both **mapped (except common plain text files)** (to carve and scan almost all files) and **interesting** (to only carve and scan files with [mime types of common attack vectors]({{ site.github.repository_url }}/blob/{{ site.github.build_revision }}/hedgehog-iso/interface/sensor_ctl/zeek/extractor_override.interesting.zeek)) are probably good choices. -Next, specify which carved files to preserve (saved on the sensor under `/capture/bro/capture/extract_files/quarantine` by default). In order to not consume all the sensor's available storage space, the oldest preserved files will be pruned along with the oldest Zeek logs as described below with **AUTOSTART_PRUNE_ZEEK** in the [autostart services](#HedgehogConfigAutostart) section. +Next, specify which carved files to preserve (saved on the sensor under `/capture/zeek/capture/extract_files/quarantine` by default). In order to not consume all the sensor's available storage space, the oldest preserved files will be pruned along with the oldest Zeek logs as described below with **AUTOSTART_PRUNE_ZEEK** in the [autostart services](#HedgehogConfigAutostart) section. Users will prompted to specify which engine(s) to use to analyze extracted files. Extracted files can be examined through any of three methods: diff --git a/hedgehog-iso/interface/sensor_ctl/control_vars.conf b/hedgehog-iso/interface/sensor_ctl/control_vars.conf index a3b2c76ac..66a9ec266 100644 --- a/hedgehog-iso/interface/sensor_ctl/control_vars.conf +++ b/hedgehog-iso/interface/sensor_ctl/control_vars.conf @@ -32,7 +32,7 @@ export FLUENTBIT_METRICS_INTERVAL=30 export FLUENTBIT_THERMAL_INTERVAL=10 export FLUENTBIT_AIDE_INTERVAL=86400 -export ZEEK_LOG_PATH=/home/sensor/bro_logs +export ZEEK_LOG_PATH=/home/sensor/zeek_logs export ZEEK_MAX_DISK_FILL=90 export ZEEK_PRUNE_CHECK_SECONDS=90 diff --git a/hedgehog-iso/interface/sensor_ctl/filebeat/filebeat.yml b/hedgehog-iso/interface/sensor_ctl/filebeat/filebeat.yml index 7d122e151..adb9ae734 100644 --- a/hedgehog-iso/interface/sensor_ctl/filebeat/filebeat.yml +++ b/hedgehog-iso/interface/sensor_ctl/filebeat/filebeat.yml @@ -5,8 +5,8 @@ logging.metrics.enabled: false filebeat.inputs: - type: log paths: - - ${BEAT_LOG_PATTERN:/home/sensor/bro_logs/*.log} - - ${BEAT_STATIC_LOG_PATTERN:/home/sensor/bro_logs/static/*.log} + - ${BEAT_LOG_PATTERN:/home/sensor/zeek_logs/*.log} + - ${BEAT_STATIC_LOG_PATTERN:/home/sensor/zeek_logs/static/*.log} symlinks: true fields_under_root: true tags: ["_filebeat_zeek_hedgehog_live"] @@ -24,7 +24,7 @@ filebeat.inputs: - type: log paths: - - ${BEAT_SURICATA_LOG_PATTERN:/home/sensor/bro_logs/suricata/eve*.json} + - ${BEAT_SURICATA_LOG_PATTERN:/home/sensor/zeek_logs/suricata/eve*.json} symlinks: true fields_under_root: true tags: ["_filebeat_suricata_hedgehog_live"] diff --git a/hedgehog-iso/interface/sensor_ctl/filebeat/sensor_filebeat_local.sh b/hedgehog-iso/interface/sensor_ctl/filebeat/sensor_filebeat_local.sh index 212a1d1ad..7a6da4307 100755 --- a/hedgehog-iso/interface/sensor_ctl/filebeat/sensor_filebeat_local.sh +++ b/hedgehog-iso/interface/sensor_ctl/filebeat/sensor_filebeat_local.sh @@ -3,10 +3,10 @@ # Copyright (c) 2024 Battelle Energy Alliance, LLC. All rights reserved. if [[ -z "$ZEEK_CAPTURE_PATH" ]]; then - ZEEK_CAPTURE_PATH="$HOME/bro_logs" + ZEEK_CAPTURE_PATH="$HOME/zeek_logs" fi if [[ -z "$SURICATA_CAPTURE_PATH" ]]; then - SURICATA_CAPTURE_PATH="$HOME/bro_logs/suricata" + SURICATA_CAPTURE_PATH="$HOME/zeek_logs/suricata" fi export ZEEK_CAPTURE_PATH export SURICATA_CAPTURE_PATH diff --git a/hedgehog-iso/interface/sensor_interface/static/js/custom.js b/hedgehog-iso/interface/sensor_interface/static/js/custom.js index 9e7373347..347e16927 100644 --- a/hedgehog-iso/interface/sensor_interface/static/js/custom.js +++ b/hedgehog-iso/interface/sensor_interface/static/js/custom.js @@ -28,7 +28,7 @@ function stop_all() { } -function start_bro() { +function start_zeek() { var xhttp = new XMLHttpRequest(); loadingBar('on'); xhttp.onreadystatechange = function () { @@ -41,7 +41,7 @@ function start_bro() { xhttp.send(); } -function stop_bro() { +function stop_zeek() { var xhttp = new XMLHttpRequest(); loadingBar('on'); xhttp.onreadystatechange = function () { diff --git a/hedgehog-iso/interface/sensor_interface/templates/buttons.html b/hedgehog-iso/interface/sensor_interface/templates/buttons.html index 84eae9cdb..652e67dfe 100644 --- a/hedgehog-iso/interface/sensor_interface/templates/buttons.html +++ b/hedgehog-iso/interface/sensor_interface/templates/buttons.html @@ -55,7 +55,7 @@

    + onclick="start_zeek()"> Start
    @@ -116,7 +116,7 @@

    + onclick="stop_zeek()"> Stop
    diff --git a/pcap-capture/scripts/supervisor.sh b/pcap-capture/scripts/supervisor.sh index 618e775ff..73c4a869a 100755 --- a/pcap-capture/scripts/supervisor.sh +++ b/pcap-capture/scripts/supervisor.sh @@ -19,7 +19,7 @@ function SetCaptureCapabilities() { # Create config files for each capture interface for the various capture programs (tcpdump, netsniff) # so that supervisord can manage instances of each of these programs for each interface. -# bro is now managed by broctl (via brodeploy.sh) rather than individually by supervisord so that +# zeek is now managed by zeekctl (via zeekdeploy.sh) rather than individually by supervisord so that # we can use pf_ring function CreateCaptureConfigs() { diff --git a/shared/bin/os-disk-config.py b/shared/bin/os-disk-config.py index 4e7243583..16ce559dc 100755 --- a/shared/bin/os-disk-config.py +++ b/shared/bin/os-disk-config.py @@ -27,7 +27,7 @@ OS_MODE_MALCOLM = 'malcolm' HEDGEHOG_PCAP_DIR = "pcap" -HEDGEHOG_ZEEK_DIR = "bro" +HEDGEHOG_ZEEK_DIR = "zeek" MALCOLM_DB_DIR = "datastore" MALCOLM_PCAP_DIR = "pcap" MALCOLM_LOGS_DIR = "logs" @@ -204,7 +204,7 @@ def main(): nargs='?', const=True, default=False, - help="Unmount capture directories before determining candidate drives", + help="Unmount storage directories before determining candidate drives", ) parser.add_argument( '-v', '--verbose', dest='debug', type=str2bool, nargs='?', const=True, default=False, help="Verbose output" @@ -250,9 +250,9 @@ def main(): # unmount existing mounts if requested if args.umount and (not args.dryrun): - if (not args.interactive) or YesOrNo('Unmount any mounted capture path(s)?'): + if (not args.interactive) or YesOrNo('Unmount any mounted storage path(s)?'): if debug: - eprint("Attempting unmount of capture path(s)...") + eprint("Attempting unmount of storage path(s)...") for subdir in OS_PARAMS[osMode][MOUNT_DIRS]: run_subprocess(f"umount {os.path.join(OS_PARAMS[osMode][MOUNT_ROOT_PATH], subdir)}") run_subprocess(f"umount {OS_PARAMS[osMode][MOUNT_ROOT_PATH]}") @@ -271,7 +271,7 @@ def main(): eprint(f"\t{line}") _, reloadOut = run_subprocess("systemctl daemon-reload") - # check existing mounts, if the capture path(s) are already mounted, then abort + # check existing mounts, if the path(s) are already mounted, then abort with open('/proc/mounts', 'r') as f: for line in f.readlines(): mountDetails = line.split() @@ -366,7 +366,7 @@ def main(): if len(candidateDevs) > 0: if args.encrypt: - # create keyfile (will be on the encrypted system drive, and used to automatically unlock the encrypted capture drives) + # create keyfile (will be on the encrypted system drive, and used to automatically unlock the encrypted drives) with open(OS_PARAMS[osMode][CRYPT_KEYFILE], 'wb') as f: f.write(os.urandom(4096)) os.chown(OS_PARAMS[osMode][CRYPT_KEYFILE], 0, 0) @@ -574,17 +574,17 @@ def main(): # reload tab files with systemctl _, reloadOut = run_subprocess("systemctl daemon-reload") - # get the GID of the group of the user(s) that will be doing the capture + # get the GID of the group of the user(s) under which the processes will be run try: ecode, guidGetOut = run_subprocess( f"getent group {OS_PARAMS[osMode][GROUP_OWNER]}", stdout=True, stderr=True ) if (ecode == 0) and (len(guidGetOut) > 0): - netdevGuid = int(guidGetOut[0].split(':')[2]) + ownerGuid = int(guidGetOut[0].split(':')[2]) else: - netdevGuid = -1 + ownerGuid = -1 except Exception: - netdevGuid = -1 + ownerGuid = -1 # rmdir any mount directories that might be interfering from previous configurations if os.path.isdir(OS_PARAMS[osMode][MOUNT_ROOT_PATH]): @@ -599,7 +599,7 @@ def main(): if debug: eprint(f"Creating {OS_PARAMS[osMode][MOUNT_ROOT_PATH]}") os.makedirs(OS_PARAMS[osMode][MOUNT_ROOT_PATH], exist_ok=True) - os.chown(OS_PARAMS[osMode][MOUNT_ROOT_PATH], -1, netdevGuid) + os.chown(OS_PARAMS[osMode][MOUNT_ROOT_PATH], -1, ownerGuid) os.chmod(OS_PARAMS[osMode][MOUNT_ROOT_PATH], OS_PARAMS[osMode][DIR_PERMS]) # add crypttab entries @@ -656,23 +656,23 @@ def main(): for subdir in OS_PARAMS[osMode][MOUNT_DIRS]: userDirs.append(os.path.join(par.mount, subdir)) else: - # we're mounted somewhere *underneath* /capture, so create a user-writeable subdirectory where we are + # we're mounted somewhere *underneath* /{MOUNT_ROOT_PATH}, so create a user-writeable subdirectory where we are userDirs.append(os.path.join(par.mount, OS_PARAMS[osMode][MOUNT_ROOT_PATH].strip(os.path.sep))) # set permissions on user dirs createdUserDirs = defaultdict(lambda: None) for userDir in userDirs: os.makedirs(userDir, exist_ok=True) - os.chown(userDir, OS_PARAMS[osMode][USER_UID], netdevGuid) + os.chown(userDir, OS_PARAMS[osMode][USER_UID], ownerGuid) os.chmod(userDir, OS_PARAMS[osMode][SUBDIR_PERMS]) if debug: - eprint(f'Created "{userDir}" for writing by capture user') + eprint(f'Created "{userDir}" for writing by unprivileged user') for subdir in OS_PARAMS[osMode][MOUNT_DIRS]: if f"{os.path.sep}{subdir}{os.path.sep}" in userDir: createdUserDirs[subDir] = userDir break - # replace capture paths in-place in control_vars.conf + # replace paths in-place in control_vars.conf if (osMode == OS_MODE_HEDGEHOG) and os.path.isfile(OS_PARAMS[osMode][SYSTEM_CONFIG_FILE]): capture_re = re.compile(r"\b(?PPCAP_PATH|ZEEK_LOG_PATH)\s*=\s*.*?$") with fileinput.FileInput(OS_PARAMS[osMode][SYSTEM_CONFIG_FILE], inplace=True, backup='.bak') as f: From 2bc92142c48a07d663831b7234aaf987e0aaccb5 Mon Sep 17 00:00:00 2001 From: Seth Grover Date: Wed, 20 Mar 2024 14:56:58 -0600 Subject: [PATCH 56/79] ignore stderr in output of docker compose ps -q --- scripts/control.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scripts/control.py b/scripts/control.py index 8c8624850..e2d744ca1 100755 --- a/scripts/control.py +++ b/scripts/control.py @@ -253,6 +253,7 @@ def keystore_op(service, dropPriv=False, *keystore_args, **run_process_kwargs): err, out = run_process( [dockerComposeBin, '--profile', args.composeProfile, '-f', args.composeFile, 'ps', '-q', service], env=osEnv, + stderr=False, debug=args.debug, ) out[:] = [x for x in out if x] @@ -1264,7 +1265,7 @@ def authSetup(): default='', defaultBehavior=defaultBehavior, ) - if (PasswordMinLen <= len(password) <= PasswordMaxLen): + if PasswordMinLen <= len(password) <= PasswordMaxLen: passwordConfirm = AskForPassword( f"{username} password (again): ", default='', From e207704e939cfb460cd0b3a5d3cc35bcdc356d89 Mon Sep 17 00:00:00 2001 From: Seth Grover Date: Wed, 20 Mar 2024 15:09:48 -0600 Subject: [PATCH 57/79] working on idaholab/Malcolm#266, Malcolm ISO should format bigger drives for index and artifact storage, NOT DONE YET --- malcolm-iso/build.sh | 2 ++ .../normal/0900-setup-rc-local.hook.chroot | 18 ++++++++++++++++++ .../includes.binary/install/preseed_base.cfg | 1 + .../autostart/capture-format-wait.desktop | 7 +++++++ 4 files changed, 28 insertions(+) create mode 100644 malcolm-iso/config/includes.chroot/etc/skel/.config/autostart/capture-format-wait.desktop diff --git a/malcolm-iso/build.sh b/malcolm-iso/build.sh index 684eacff7..838f72248 100755 --- a/malcolm-iso/build.sh +++ b/malcolm-iso/build.sh @@ -77,6 +77,8 @@ if [ -d "$WORKDIR" ]; then cp ./config/includes.binary/install/preseed_multipar.cfg ./config/includes.binary/install/preseed_multipar_crypto.cfg cp ./config/includes.binary/install/preseed_base.cfg ./config/includes.binary/install/preseed_minimal.cfg sed -i "s@\(partman-auto/method[[:space:]]*string[[:space:]]*\)lvm@\1crypto@g" ./config/includes.binary/install/preseed_multipar_crypto.cfg + sed -i "s@\(/etc/capture_storage_format\)@\1.crypt@g" ./config/includes.binary/install/preseed_multipar_crypto.cfg + sed -i "s@\(/etc/capture_storage_format\)@\1.none@g" ./config/includes.binary/install/preseed_minimal.cfg # make sure we install the firmwares, etc. for PKG in firmware-linux \ diff --git a/malcolm-iso/config/hooks/normal/0900-setup-rc-local.hook.chroot b/malcolm-iso/config/hooks/normal/0900-setup-rc-local.hook.chroot index 71916acf7..656322c55 100755 --- a/malcolm-iso/config/hooks/normal/0900-setup-rc-local.hook.chroot +++ b/malcolm-iso/config/hooks/normal/0900-setup-rc-local.hook.chroot @@ -1,10 +1,28 @@ #!/bin/bash +# Copyright (c) 2024 Battelle Energy Alliance, LLC. All rights reserved. + sed -i 's/^exit 0//' /etc/rc.local 2>/dev/null cat << 'EOF' >> /etc/rc.local +# if this is the initial boot, format and set up storage drive(s) +if [ -f /etc/capture_storage_format.crypt ]; then + CAPTURE_STORAGE_FORMAT_FILE="/etc/capture_storage_format.crypt" + CAPTURE_STORAGE_FORMAT_FLAG="-c" +else + CAPTURE_STORAGE_FORMAT_FILE="/etc/capture_storage_format" + CAPTURE_STORAGE_FORMAT_FLAG="" +fi +if [ -f "$CAPTURE_STORAGE_FORMAT_FILE" ]; then + logger "Initializing disk(s) to store captured artifacts" + date >>/var/log/os-disk-config.log 2>&1 + python3 /usr/local/bin/os-disk-config.py -m hedgehog -u $CAPTURE_STORAGE_FORMAT_FLAG >>/var/log/os-disk-config.log 2>&1 + rm -f "$CAPTURE_STORAGE_FORMAT_FILE" +fi + # other agg-specific initialization prior to starting up +echo "Running Malcolm initialization" > /dev/tty0 /usr/local/bin/agg-init.sh systemctl mask ctrl-alt-del.target diff --git a/malcolm-iso/config/includes.binary/install/preseed_base.cfg b/malcolm-iso/config/includes.binary/install/preseed_base.cfg index f25b47593..7f0ebecb8 100644 --- a/malcolm-iso/config/includes.binary/install/preseed_base.cfg +++ b/malcolm-iso/config/includes.binary/install/preseed_base.cfg @@ -35,6 +35,7 @@ d-i preseed/late_command string \ echo 'deb http://deb.debian.org/debian bookworm main contrib non-free non-free-firmware' > /target/etc/apt/sources.list; \ echo 'deb http://security.debian.org/debian-security bookworm-security main contrib non-free' >> /target/etc/apt/sources.list; \ echo 'deb http://deb.debian.org/debian bookworm-updates main contrib non-free' >> /target/etc/apt/sources.list; \ + in-target touch /etc/capture_storage_format; \ in-target bash /usr/local/bin/agg-init.sh; \ in-target bash -c "(virt-what | grep -q vmware) || apt-get purge -y open-vm-tools-desktop"; \ in-target bash -c "(virt-what | grep -q virtualbox) || apt-get purge -y virtualbox-guest*"; \ diff --git a/malcolm-iso/config/includes.chroot/etc/skel/.config/autostart/capture-format-wait.desktop b/malcolm-iso/config/includes.chroot/etc/skel/.config/autostart/capture-format-wait.desktop new file mode 100644 index 000000000..8bc2f95a8 --- /dev/null +++ b/malcolm-iso/config/includes.chroot/etc/skel/.config/autostart/capture-format-wait.desktop @@ -0,0 +1,7 @@ +[Desktop Entry] +Encoding=UTF-8 +Name=capture-format-wait +Comment=Format Data Storage +Exec=/usr/local/bin/capture-format-wait.sh +Terminal=false +Type=Application From a0351073c5f52c5ade7c2bd6ba699cc94cee3bd6 Mon Sep 17 00:00:00 2001 From: Seth Grover Date: Wed, 20 Mar 2024 15:58:48 -0600 Subject: [PATCH 58/79] working on idaholab/Malcolm#266, Malcolm ISO should format bigger drives for index and artifact storage, NOT DONE YET --- docs/malcolm-hedgehog-e2e-iso-install.md | 2 +- docs/ubuntu-install-example.md | 2 +- scripts/install.py | 100 ++++++++++++++++++----- scripts/malcolm_utils.py | 9 ++ shared/bin/os-disk-config.py | 48 ++++++++--- 5 files changed, 126 insertions(+), 35 deletions(-) diff --git a/docs/malcolm-hedgehog-e2e-iso-install.md b/docs/malcolm-hedgehog-e2e-iso-install.md index 7e675bee0..69131bbbe 100644 --- a/docs/malcolm-hedgehog-e2e-iso-install.md +++ b/docs/malcolm-hedgehog-e2e-iso-install.md @@ -169,7 +169,7 @@ The [configuration and tuning](malcolm-config.md#ConfigAndTuning) wizard's quest - This question allows users to specify Microsoft Active Directory compatibility (**winldap**) or generic LDAP compatibility (**openldap**, for OpenLDAP, glauth, etc.) when using [LDAP authentication](authsetup.md#AuthLDAP) * **Use StartTLS (rather than LDAPS) for LDAP connection security?** - When using LDAP authentication, this question allows users to configure [LDAP connection security](authsetup.md#AuthLDAPSecurity) -* **Store PCAP, log and index files locally under /home/user/Malcolm?** +* **Store PCAP, log and index files in /home/user/Malcolm?** - Malcolm generates a number of large file sets during normal operation: PCAP files, Zeek or Suricata logs, OpenSearch indices, etc. By default all of these are stored in subdirectories in the Malcolm installation directory. This question allows users to specify alternative storage location(s) (for example, a separate dedicated drive or RAID volume) for these artifacts. * **Enable index management policies (ILM/ISM) in Arkime?** - Choose **Y** to proceed to the following related questions about [using ILM/ISM with Arkime](index-management.md#ArkimeIndexPolicies). diff --git a/docs/ubuntu-install-example.md b/docs/ubuntu-install-example.md index 138a3d499..6c0b3893c 100644 --- a/docs/ubuntu-install-example.md +++ b/docs/ubuntu-install-example.md @@ -130,7 +130,7 @@ Specify external Docker network name (or leave blank for default networking) (): 3: None Select authentication method (Basic): 1 -Store PCAP, log and index files locally under /home/user/Malcolm? (Y / n): y +Store PCAP, log and index files in /home/user/Malcolm? (Y / n): y Enable index management policies (ILM/ISM) in Arkime? (y / N): n diff --git a/scripts/install.py b/scripts/install.py index 51d9d671e..997d59477 100755 --- a/scripts/install.py +++ b/scripts/install.py @@ -71,9 +71,13 @@ DatabaseMode, DATABASE_MODE_LABELS, DATABASE_MODE_ENUMS, + MALCOLM_DB_DIR, + MALCOLM_PCAP_DIR, + MALCOLM_LOGS_DIR, deep_get, eprint, flatten, + LoadFileIfJson, run_process, same_file_or_dir, str2bool, @@ -857,40 +861,92 @@ def tweak_malcolm_runtime(self, malcolm_install_path): pass # directories for data volume mounts (PCAP storage, Zeek log storage, OpenSearch indexes, etc.) - indexDir = './opensearch' - indexDirDefault = os.path.join(malcolm_install_path, indexDir) + + # if the file .os_disk_config_defaults was created by the environment (os-disk-config.py) + # we'll use those as defaults, otherwise base things underneath the malcolm_install_path + diskFormatInfo = {} + try: + diskFormatInfoFile = os.path.join( + os.path.realpath(os.path.join(ScriptPath, "..")), ".os_disk_config_defaults" + ) + if os.path.isfile(diskFormatInfoFile): + with open(diskFormatInfoFile) as f: + diskFormatInfo = LoadFileIfJson(f) + except Exception: + pass + diskFormatInfo = {k: v for k, v in diskFormatInfo.iteritems() if os.path.isdir(v)} + + if MALCOLM_DB_DIR in diskFormatInfo: + for subDir in ['opensearch', 'opensearch-backup']: do + pathlib.Path(os.path.join(diskFormatInfo[MALCOLM_DB_DIR], subDir)).mkdir(parents=False, exist_ok=True) + if MALCOLM_LOGS_DIR in diskFormatInfo: + for subDir in ['zeek-logs', 'suricata-logs']: do + pathlib.Path(os.path.join(diskFormatInfo[MALCOLM_LOGS_DIR], subDir)).mkdir(parents=False, exist_ok=True) + + if args.indexDir: + indexDirDefault = args.indexDir + else: + indexDir = 'opensearch' + if (MALCOLM_DB_DIR in diskFormatInfo) and os.path.isdir(os.path.join(diskFormatInfo[MALCOLM_DB_DIR], indexDir)): + indexDirDefault = os.path.join(diskFormatInfo[MALCOLM_DB_DIR], indexDir) + else: + indexDirDefault = os.path.join(malcolm_install_path, indexDir) indexDirFull = os.path.realpath(indexDirDefault) indexSnapshotCompressed = False - indexSnapshotDir = './opensearch-backup' - indexSnapshotDirDefault = os.path.join(malcolm_install_path, indexSnapshotDir) + if args.indexSnapshotDir: + indexSnapshotDirDefault = args.indexSnapshotDir + else + indexSnapshotDir = 'opensearch-backup' + if (MALCOLM_DB_DIR in diskFormatInfo) and os.path.isdir(os.path.join(diskFormatInfo[MALCOLM_DB_DIR], indexSnapshotDir)): + indexSnapshotDirDefault = os.path.join(diskFormatInfo[MALCOLM_DB_DIR], indexSnapshotDir) + else: + indexSnapshotDirDefault = os.path.join(malcolm_install_path, indexSnapshotDir) indexSnapshotDirFull = os.path.realpath(indexSnapshotDirDefault) - pcapDir = './pcap' - pcapDirDefault = os.path.join(malcolm_install_path, pcapDir) + if args.pcapDir: + pcapDirDefault = args.pcapDir + else: + pcapDir = 'pcap' + if (MALCOLM_PCAP_DIR in diskFormatInfo): + pcapDirDefault = diskFormatInfo[MALCOLM_PCAP_DIR] + else: + pcapDirDefault = os.path.join(malcolm_install_path, pcapDir) pcapDirFull = os.path.realpath(pcapDirDefault) - suricataLogDir = './suricata-logs' - suricataLogDirDefault = os.path.join(malcolm_install_path, suricataLogDir) + if args.suricataLogDir: + suricataLogDirDefault = args.suricataLogDir + else: + suricataLogDir = 'suricata-logs' + if (MALCOLM_LOGS_DIR in diskFormatInfo) and os.path.isdir(os.path.join(diskFormatInfo[MALCOLM_LOGS_DIR], suricataLogDir)): + suricataLogDirDefault = os.path.join(diskFormatInfo[MALCOLM_LOGS_DIR], suricataLogDir) + else: + suricataLogDirDefault = os.path.join(malcolm_install_path, suricataLogDir) suricataLogDirFull = os.path.realpath(suricataLogDirDefault) - zeekLogDir = './zeek-logs' - zeekLogDirDefault = os.path.join(malcolm_install_path, zeekLogDir) + if args.zeekLogDir: + zeekLogDirDefault = args.zeekLogDir + else: + zeekLogDir = 'zeek-logs' + if (MALCOLM_LOGS_DIR in diskFormatInfo) and os.path.isdir(os.path.join(diskFormatInfo[MALCOLM_LOGS_DIR], zeekLogDir)): + zeekLogDirDefault = os.path.join(diskFormatInfo[MALCOLM_LOGS_DIR], zeekLogDir) + else: + zeekLogDirDefault = os.path.join(malcolm_install_path, zeekLogDir) zeekLogDirFull = os.path.realpath(zeekLogDirDefault) if self.orchMode is OrchestrationFramework.DOCKER_COMPOSE: - if not InstallerYesOrNo( - f'Store {"PCAP, log and index" if (malcolmProfile == PROFILE_MALCOLM) else "PCAP and log"} files locally under {malcolm_install_path}?', + if (not diskFormatInfo) or not InstallerYesOrNo( + f'Store {"PCAP, log and index" if (malcolmProfile == PROFILE_MALCOLM) else "PCAP and log"} files in {malcolm_install_path}?', default=not args.acceptDefaultsNonInteractive, ): # PCAP directory if not InstallerYesOrNo( - 'Store PCAP files locally in {}?'.format(pcapDirDefault), + 'Store PCAP files in {}?'.format(pcapDirDefault), default=not bool(args.pcapDir), ): loopBreaker = CountUntilException(MaxAskForValueCount, 'Invalid PCAP directory') while loopBreaker.increment(): - pcapDir = InstallerAskForString('Enter PCAP directory', default=args.pcapDir) + pcapDir = InstallerAskForString('Enter PCAP directory', default=pcapDirDefault) if (len(pcapDir) > 1) and os.path.isdir(pcapDir): pcapDirFull = os.path.realpath(pcapDir) pcapDir = ( @@ -902,12 +958,12 @@ def tweak_malcolm_runtime(self, malcolm_install_path): # Zeek log directory if not InstallerYesOrNo( - 'Store Zeek logs locally in {}?'.format(zeekLogDirDefault), + 'Store Zeek logs in {}?'.format(zeekLogDirDefault), default=not bool(args.zeekLogDir), ): loopBreaker = CountUntilException(MaxAskForValueCount, 'Invalid Zeek directory') while loopBreaker.increment(): - zeekLogDir = InstallerAskForString('Enter Zeek log directory', default=args.zeekLogDir) + zeekLogDir = InstallerAskForString('Enter Zeek log directory', default=zeekLogDirDefault) if (len(zeekLogDir) > 1) and os.path.isdir(zeekLogDir): zeekLogDirFull = os.path.realpath(zeekLogDir) zeekLogDir = ( @@ -919,13 +975,13 @@ def tweak_malcolm_runtime(self, malcolm_install_path): # Suricata log directory if not InstallerYesOrNo( - 'Store Suricata logs locally in {}?'.format(suricataLogDirDefault), + 'Store Suricata logs in {}?'.format(suricataLogDirDefault), default=not bool(args.suricataLogDir), ): loopBreaker = CountUntilException(MaxAskForValueCount, 'Invalid Suricata directory') while loopBreaker.increment(): suricataLogDir = InstallerAskForString( - 'Enter Suricata log directory', default=args.suricataLogDir + 'Enter Suricata log directory', default=suricataLogDirDefault ) if (len(suricataLogDir) > 1) and os.path.isdir(suricataLogDir): suricataLogDirFull = os.path.realpath(suricataLogDir) @@ -939,12 +995,12 @@ def tweak_malcolm_runtime(self, malcolm_install_path): if (malcolmProfile == PROFILE_MALCOLM) and (opensearchPrimaryMode == DatabaseMode.OpenSearchLocal): # opensearch index directory if not InstallerYesOrNo( - 'Store OpenSearch indices locally in {}?'.format(indexDirDefault), + 'Store OpenSearch indices in {}?'.format(indexDirDefault), default=not bool(args.indexDir), ): loopBreaker = CountUntilException(MaxAskForValueCount, 'Invalid OpenSearch index directory') while loopBreaker.increment(): - indexDir = InstallerAskForString('Enter OpenSearch index directory', default=args.indexDir) + indexDir = InstallerAskForString('Enter OpenSearch index directory', default=indexDirDefault) if (len(indexDir) > 1) and os.path.isdir(indexDir): indexDirFull = os.path.realpath(indexDir) indexDir = ( @@ -956,13 +1012,13 @@ def tweak_malcolm_runtime(self, malcolm_install_path): # opensearch snapshot repository directory and compression if not InstallerYesOrNo( - 'Store OpenSearch index snapshots locally in {}?'.format(indexSnapshotDirDefault), + 'Store OpenSearch index snapshots in {}?'.format(indexSnapshotDirDefault), default=not bool(args.indexSnapshotDir), ): loopBreaker = CountUntilException(MaxAskForValueCount, 'Invalid OpenSearch snapshots directory') while loopBreaker.increment(): indexSnapshotDir = InstallerAskForString( - 'Enter OpenSearch index snapshot directory', default=args.indexSnapshotDir + 'Enter OpenSearch index snapshot directory', default=indexSnapshotDirDefault ) if (len(indexSnapshotDir) > 1) and os.path.isdir(indexSnapshotDir): indexSnapshotDirFull = os.path.realpath(indexSnapshotDir) diff --git a/scripts/malcolm_utils.py b/scripts/malcolm_utils.py index febc46df1..28cda7208 100644 --- a/scripts/malcolm_utils.py +++ b/scripts/malcolm_utils.py @@ -50,6 +50,15 @@ class DatabaseMode(enum.IntFlag): DATABASE_MODE_ENUMS['opensearch-remote'] = DatabaseMode.OpenSearchRemote DATABASE_MODE_ENUMS['elasticsearch-remote'] = DatabaseMode.ElasticsearchRemote +OS_MODE_HEDGEHOG = 'hedgehog' +OS_MODE_MALCOLM = 'malcolm' + +HEDGEHOG_PCAP_DIR = "pcap" +HEDGEHOG_ZEEK_DIR = "zeek" +MALCOLM_DB_DIR = "datastore" +MALCOLM_PCAP_DIR = "pcap" +MALCOLM_LOGS_DIR = "logs" + def DatabaseModeEnumToStr(val): return DATABASE_MODE_LABELS[val] diff --git a/shared/bin/os-disk-config.py b/shared/bin/os-disk-config.py index 16ce559dc..2052992fe 100755 --- a/shared/bin/os-disk-config.py +++ b/shared/bin/os-disk-config.py @@ -12,6 +12,7 @@ ################################################################################################### import os +import json import re import glob import sys @@ -21,16 +22,20 @@ from collections import defaultdict from fstab import Fstab -from malcolm_utils import remove_prefix, str2bool, sizeof_fmt, run_subprocess, eprint - -OS_MODE_HEDGEHOG = 'hedgehog' -OS_MODE_MALCOLM = 'malcolm' +from malcolm_utils import ( + remove_prefix, + str2bool, + sizeof_fmt, + run_subprocess, + eprint, + OS_MODE_HEDGEHOG, + OS_MODE_MALCOLM, + HEDGEHOG_ZEEK_DIR, + MALCOLM_DB_DIR, + MALCOLM_PCAP_DIR, + MALCOLM_LOGS_DIR, +) -HEDGEHOG_PCAP_DIR = "pcap" -HEDGEHOG_ZEEK_DIR = "zeek" -MALCOLM_DB_DIR = "datastore" -MALCOLM_PCAP_DIR = "pcap" -MALCOLM_LOGS_DIR = "logs" OS_PARAMS = defaultdict(lambda: None) OS_PARAMS[OS_MODE_HEDGEHOG] = defaultdict(lambda: None) @@ -49,6 +54,7 @@ SYSTEM_CONFIG_FILE: '/opt/sensor/sensor_ctl/control_vars.conf', CRYPT_KEYFILE: '/etc/capture_crypt.key', CRYPT_KEYFILE_PERMS: 0o600, + OTHER_FILE_PERMS: 0o600, CRYPT_DEV_PREFIX: 'capture_vault_', } ) @@ -65,6 +71,7 @@ SUBDIR_PERMS: 0o770, CRYPT_KEYFILE: '/etc/capture_crypt.key', CRYPT_KEYFILE_PERMS: 0o600, + OTHER_FILE_PERMS: 0o600, CRYPT_DEV_PREFIX: 'malcolm_vault_', } ) @@ -577,7 +584,7 @@ def main(): # get the GID of the group of the user(s) under which the processes will be run try: ecode, guidGetOut = run_subprocess( - f"getent group {OS_PARAMS[osMode][GROUP_OWNER]}", stdout=True, stderr=True + f"getent group {OS_PARAMS[osMode][GROUP_OWNER]}", stdout=True, stderr=False ) if (ecode == 0) and (len(guidGetOut) > 0): ownerGuid = int(guidGetOut[0].split(':')[2]) @@ -586,6 +593,16 @@ def main(): except Exception: ownerGuid = -1 + # get home directory for USER_UID + try: + ecode, getentOut = run_subprocess(f"getent passwd {OS_PARAMS[osMode][USER_UID]}", stdout=True, stderr=False) + if (ecode == 0) and (len(getentOut) > 0): + ownerHome = getentOut[0].split(':')[5] + else: + ownerHome = '' + except Exception: + ownerHome = '' + # rmdir any mount directories that might be interfering from previous configurations if os.path.isdir(OS_PARAMS[osMode][MOUNT_ROOT_PATH]): for root, dirs, files in os.walk(OS_PARAMS[osMode][MOUNT_ROOT_PATH], topdown=False): @@ -672,8 +689,8 @@ def main(): createdUserDirs[subDir] = userDir break - # replace paths in-place in control_vars.conf if (osMode == OS_MODE_HEDGEHOG) and os.path.isfile(OS_PARAMS[osMode][SYSTEM_CONFIG_FILE]): + # replace paths in-place in control_vars.conf capture_re = re.compile(r"\b(?PPCAP_PATH|ZEEK_LOG_PATH)\s*=\s*.*?$") with fileinput.FileInput(OS_PARAMS[osMode][SYSTEM_CONFIG_FILE], inplace=True, backup='.bak') as f: for line in f: @@ -693,6 +710,15 @@ def main(): else: print(line) + elif (osMode == OS_MODE_MALCOLM) and os.path.isdir(os.path.join(ownerHome, 'Malcolm')): + # write .os_disk_config_defaults for to be picked up by install.py + configFileFull = os.path.join(os.path.join(ownerHome, 'Malcolm'), '.os_disk_config_defaults') + with open(configFileFull, 'w') as f: + f.write(json.dumps(createdUserDirs), indent=4) + if os.path.isfile(configFileFull): + os.chown(configFileFull, OS_PARAMS[osMode][USER_UID], ownerGuid) + os.chmod(configFileFull, OS_PARAMS[osMode][CRYPT_KEYFILE_PERMS]) + else: eprint(f"Error {ecode} mounting {par.partition}") From e7bb0d149f5b05b3f51995d0ebebaf3a186623df Mon Sep 17 00:00:00 2001 From: Seth Grover Date: Wed, 20 Mar 2024 16:05:05 -0600 Subject: [PATCH 59/79] working on idaholab/Malcolm#266, Malcolm ISO should format bigger drives for index and artifact storage, NOT DONE YET --- scripts/install.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/install.py b/scripts/install.py index 997d59477..5c65dea92 100755 --- a/scripts/install.py +++ b/scripts/install.py @@ -877,10 +877,10 @@ def tweak_malcolm_runtime(self, malcolm_install_path): diskFormatInfo = {k: v for k, v in diskFormatInfo.iteritems() if os.path.isdir(v)} if MALCOLM_DB_DIR in diskFormatInfo: - for subDir in ['opensearch', 'opensearch-backup']: do + for subDir in ['opensearch', 'opensearch-backup']: pathlib.Path(os.path.join(diskFormatInfo[MALCOLM_DB_DIR], subDir)).mkdir(parents=False, exist_ok=True) if MALCOLM_LOGS_DIR in diskFormatInfo: - for subDir in ['zeek-logs', 'suricata-logs']: do + for subDir in ['zeek-logs', 'suricata-logs']: pathlib.Path(os.path.join(diskFormatInfo[MALCOLM_LOGS_DIR], subDir)).mkdir(parents=False, exist_ok=True) if args.indexDir: From ba699c0975d486c103aaf90ae1e153916dc1267f Mon Sep 17 00:00:00 2001 From: Seth Grover Date: Wed, 20 Mar 2024 16:06:09 -0600 Subject: [PATCH 60/79] working on idaholab/Malcolm#266, Malcolm ISO should format bigger drives for index and artifact storage, NOT DONE YET --- scripts/install.py | 24 +++++++++++++++++------- 1 file changed, 17 insertions(+), 7 deletions(-) diff --git a/scripts/install.py b/scripts/install.py index 5c65dea92..2ebf5de01 100755 --- a/scripts/install.py +++ b/scripts/install.py @@ -887,7 +887,9 @@ def tweak_malcolm_runtime(self, malcolm_install_path): indexDirDefault = args.indexDir else: indexDir = 'opensearch' - if (MALCOLM_DB_DIR in diskFormatInfo) and os.path.isdir(os.path.join(diskFormatInfo[MALCOLM_DB_DIR], indexDir)): + if (MALCOLM_DB_DIR in diskFormatInfo) and os.path.isdir( + os.path.join(diskFormatInfo[MALCOLM_DB_DIR], indexDir) + ): indexDirDefault = os.path.join(diskFormatInfo[MALCOLM_DB_DIR], indexDir) else: indexDirDefault = os.path.join(malcolm_install_path, indexDir) @@ -896,9 +898,11 @@ def tweak_malcolm_runtime(self, malcolm_install_path): indexSnapshotCompressed = False if args.indexSnapshotDir: indexSnapshotDirDefault = args.indexSnapshotDir - else + else: indexSnapshotDir = 'opensearch-backup' - if (MALCOLM_DB_DIR in diskFormatInfo) and os.path.isdir(os.path.join(diskFormatInfo[MALCOLM_DB_DIR], indexSnapshotDir)): + if (MALCOLM_DB_DIR in diskFormatInfo) and os.path.isdir( + os.path.join(diskFormatInfo[MALCOLM_DB_DIR], indexSnapshotDir) + ): indexSnapshotDirDefault = os.path.join(diskFormatInfo[MALCOLM_DB_DIR], indexSnapshotDir) else: indexSnapshotDirDefault = os.path.join(malcolm_install_path, indexSnapshotDir) @@ -908,7 +912,7 @@ def tweak_malcolm_runtime(self, malcolm_install_path): pcapDirDefault = args.pcapDir else: pcapDir = 'pcap' - if (MALCOLM_PCAP_DIR in diskFormatInfo): + if MALCOLM_PCAP_DIR in diskFormatInfo: pcapDirDefault = diskFormatInfo[MALCOLM_PCAP_DIR] else: pcapDirDefault = os.path.join(malcolm_install_path, pcapDir) @@ -918,7 +922,9 @@ def tweak_malcolm_runtime(self, malcolm_install_path): suricataLogDirDefault = args.suricataLogDir else: suricataLogDir = 'suricata-logs' - if (MALCOLM_LOGS_DIR in diskFormatInfo) and os.path.isdir(os.path.join(diskFormatInfo[MALCOLM_LOGS_DIR], suricataLogDir)): + if (MALCOLM_LOGS_DIR in diskFormatInfo) and os.path.isdir( + os.path.join(diskFormatInfo[MALCOLM_LOGS_DIR], suricataLogDir) + ): suricataLogDirDefault = os.path.join(diskFormatInfo[MALCOLM_LOGS_DIR], suricataLogDir) else: suricataLogDirDefault = os.path.join(malcolm_install_path, suricataLogDir) @@ -928,7 +934,9 @@ def tweak_malcolm_runtime(self, malcolm_install_path): zeekLogDirDefault = args.zeekLogDir else: zeekLogDir = 'zeek-logs' - if (MALCOLM_LOGS_DIR in diskFormatInfo) and os.path.isdir(os.path.join(diskFormatInfo[MALCOLM_LOGS_DIR], zeekLogDir)): + if (MALCOLM_LOGS_DIR in diskFormatInfo) and os.path.isdir( + os.path.join(diskFormatInfo[MALCOLM_LOGS_DIR], zeekLogDir) + ): zeekLogDirDefault = os.path.join(diskFormatInfo[MALCOLM_LOGS_DIR], zeekLogDir) else: zeekLogDirDefault = os.path.join(malcolm_install_path, zeekLogDir) @@ -1000,7 +1008,9 @@ def tweak_malcolm_runtime(self, malcolm_install_path): ): loopBreaker = CountUntilException(MaxAskForValueCount, 'Invalid OpenSearch index directory') while loopBreaker.increment(): - indexDir = InstallerAskForString('Enter OpenSearch index directory', default=indexDirDefault) + indexDir = InstallerAskForString( + 'Enter OpenSearch index directory', default=indexDirDefault + ) if (len(indexDir) > 1) and os.path.isdir(indexDir): indexDirFull = os.path.realpath(indexDir) indexDir = ( From 50df2b6ac67edab81140a6e80aae8bab57bc9148 Mon Sep 17 00:00:00 2001 From: Seth Grover Date: Wed, 20 Mar 2024 16:13:56 -0600 Subject: [PATCH 61/79] working on idaholab/Malcolm#266, Malcolm ISO should format bigger drives for index and artifact storage, NOT DONE YET --- scripts/install.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/install.py b/scripts/install.py index 2ebf5de01..a94510afa 100755 --- a/scripts/install.py +++ b/scripts/install.py @@ -874,7 +874,7 @@ def tweak_malcolm_runtime(self, malcolm_install_path): diskFormatInfo = LoadFileIfJson(f) except Exception: pass - diskFormatInfo = {k: v for k, v in diskFormatInfo.iteritems() if os.path.isdir(v)} + diskFormatInfo = {k: v for k, v in diskFormatInfo.items() if os.path.isdir(v)} if MALCOLM_DB_DIR in diskFormatInfo: for subDir in ['opensearch', 'opensearch-backup']: From 1b18a08fcffbdf4029a472720266e22883861c2e Mon Sep 17 00:00:00 2001 From: Seth Grover Date: Wed, 20 Mar 2024 16:22:14 -0600 Subject: [PATCH 62/79] working on idaholab/Malcolm#266, Malcolm ISO should format bigger drives for index and artifact storage, NOT DONE YET --- scripts/install.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/install.py b/scripts/install.py index a94510afa..5136a5d72 100755 --- a/scripts/install.py +++ b/scripts/install.py @@ -943,7 +943,7 @@ def tweak_malcolm_runtime(self, malcolm_install_path): zeekLogDirFull = os.path.realpath(zeekLogDirDefault) if self.orchMode is OrchestrationFramework.DOCKER_COMPOSE: - if (not diskFormatInfo) or not InstallerYesOrNo( + if diskFormatInfo or not InstallerYesOrNo( f'Store {"PCAP, log and index" if (malcolmProfile == PROFILE_MALCOLM) else "PCAP and log"} files in {malcolm_install_path}?', default=not args.acceptDefaultsNonInteractive, ): From 94c8235a24d6f7738208b613612510b9d8d72314 Mon Sep 17 00:00:00 2001 From: Seth Grover Date: Wed, 20 Mar 2024 16:25:18 -0600 Subject: [PATCH 63/79] working on idaholab/Malcolm#266, Malcolm ISO should format bigger drives for index and artifact storage, NOT DONE YET --- scripts/install.py | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/scripts/install.py b/scripts/install.py index 5136a5d72..33ce1284e 100755 --- a/scripts/install.py +++ b/scripts/install.py @@ -886,7 +886,7 @@ def tweak_malcolm_runtime(self, malcolm_install_path): if args.indexDir: indexDirDefault = args.indexDir else: - indexDir = 'opensearch' + indexDir = './opensearch' if (MALCOLM_DB_DIR in diskFormatInfo) and os.path.isdir( os.path.join(diskFormatInfo[MALCOLM_DB_DIR], indexDir) ): @@ -899,7 +899,7 @@ def tweak_malcolm_runtime(self, malcolm_install_path): if args.indexSnapshotDir: indexSnapshotDirDefault = args.indexSnapshotDir else: - indexSnapshotDir = 'opensearch-backup' + indexSnapshotDir = './opensearch-backup' if (MALCOLM_DB_DIR in diskFormatInfo) and os.path.isdir( os.path.join(diskFormatInfo[MALCOLM_DB_DIR], indexSnapshotDir) ): @@ -911,7 +911,7 @@ def tweak_malcolm_runtime(self, malcolm_install_path): if args.pcapDir: pcapDirDefault = args.pcapDir else: - pcapDir = 'pcap' + pcapDir = './pcap' if MALCOLM_PCAP_DIR in diskFormatInfo: pcapDirDefault = diskFormatInfo[MALCOLM_PCAP_DIR] else: @@ -921,7 +921,7 @@ def tweak_malcolm_runtime(self, malcolm_install_path): if args.suricataLogDir: suricataLogDirDefault = args.suricataLogDir else: - suricataLogDir = 'suricata-logs' + suricataLogDir = './suricata-logs' if (MALCOLM_LOGS_DIR in diskFormatInfo) and os.path.isdir( os.path.join(diskFormatInfo[MALCOLM_LOGS_DIR], suricataLogDir) ): @@ -933,7 +933,7 @@ def tweak_malcolm_runtime(self, malcolm_install_path): if args.zeekLogDir: zeekLogDirDefault = args.zeekLogDir else: - zeekLogDir = 'zeek-logs' + zeekLogDir = './zeek-logs' if (MALCOLM_LOGS_DIR in diskFormatInfo) and os.path.isdir( os.path.join(diskFormatInfo[MALCOLM_LOGS_DIR], zeekLogDir) ): From 3b94d3c7e828ca3235b1b261b1bafa6d0b17560e Mon Sep 17 00:00:00 2001 From: Seth Grover Date: Wed, 20 Mar 2024 16:34:33 -0600 Subject: [PATCH 64/79] working on idaholab/Malcolm#266, Malcolm ISO should format bigger drives for index and artifact storage, NOT DONE YET --- scripts/install.py | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/scripts/install.py b/scripts/install.py index 33ce1284e..180138cd0 100755 --- a/scripts/install.py +++ b/scripts/install.py @@ -885,12 +885,14 @@ def tweak_malcolm_runtime(self, malcolm_install_path): if args.indexDir: indexDirDefault = args.indexDir + indexDir = indexDirDefault else: indexDir = './opensearch' if (MALCOLM_DB_DIR in diskFormatInfo) and os.path.isdir( os.path.join(diskFormatInfo[MALCOLM_DB_DIR], indexDir) ): indexDirDefault = os.path.join(diskFormatInfo[MALCOLM_DB_DIR], indexDir) + indexDir = indexDirDefault else: indexDirDefault = os.path.join(malcolm_install_path, indexDir) indexDirFull = os.path.realpath(indexDirDefault) @@ -898,46 +900,54 @@ def tweak_malcolm_runtime(self, malcolm_install_path): indexSnapshotCompressed = False if args.indexSnapshotDir: indexSnapshotDirDefault = args.indexSnapshotDir + indexSnapshotDir = indexSnapshotDirDefault else: indexSnapshotDir = './opensearch-backup' if (MALCOLM_DB_DIR in diskFormatInfo) and os.path.isdir( os.path.join(diskFormatInfo[MALCOLM_DB_DIR], indexSnapshotDir) ): indexSnapshotDirDefault = os.path.join(diskFormatInfo[MALCOLM_DB_DIR], indexSnapshotDir) + indexSnapshotDir = indexSnapshotDirDefault else: indexSnapshotDirDefault = os.path.join(malcolm_install_path, indexSnapshotDir) indexSnapshotDirFull = os.path.realpath(indexSnapshotDirDefault) if args.pcapDir: pcapDirDefault = args.pcapDir + pcapDir = pcapDirDefault else: - pcapDir = './pcap' if MALCOLM_PCAP_DIR in diskFormatInfo: pcapDirDefault = diskFormatInfo[MALCOLM_PCAP_DIR] + pcapDir = pcapDirDefault else: + pcapDir = './pcap' pcapDirDefault = os.path.join(malcolm_install_path, pcapDir) pcapDirFull = os.path.realpath(pcapDirDefault) if args.suricataLogDir: suricataLogDirDefault = args.suricataLogDir + suricataLogDir = suricataLogDirDefault else: suricataLogDir = './suricata-logs' if (MALCOLM_LOGS_DIR in diskFormatInfo) and os.path.isdir( os.path.join(diskFormatInfo[MALCOLM_LOGS_DIR], suricataLogDir) ): suricataLogDirDefault = os.path.join(diskFormatInfo[MALCOLM_LOGS_DIR], suricataLogDir) + suricataLogDir = suricataLogDirDefault else: suricataLogDirDefault = os.path.join(malcolm_install_path, suricataLogDir) suricataLogDirFull = os.path.realpath(suricataLogDirDefault) if args.zeekLogDir: zeekLogDirDefault = args.zeekLogDir + zeekLogDir = zeekLogDirDefault else: zeekLogDir = './zeek-logs' if (MALCOLM_LOGS_DIR in diskFormatInfo) and os.path.isdir( os.path.join(diskFormatInfo[MALCOLM_LOGS_DIR], zeekLogDir) ): zeekLogDirDefault = os.path.join(diskFormatInfo[MALCOLM_LOGS_DIR], zeekLogDir) + zeekLogDir = zeekLogDirDefault else: zeekLogDirDefault = os.path.join(malcolm_install_path, zeekLogDir) zeekLogDirFull = os.path.realpath(zeekLogDirDefault) From 139957b4bc970c290854d5c6e70b117c6fcd8771 Mon Sep 17 00:00:00 2001 From: Seth Grover Date: Thu, 21 Mar 2024 08:01:34 -0600 Subject: [PATCH 65/79] testing idaholab/Malcolm#266, Malcolm ISO should format bigger drives for index and artifact storage --- shared/bin/os-disk-config.py | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/shared/bin/os-disk-config.py b/shared/bin/os-disk-config.py index 2052992fe..25d393f82 100755 --- a/shared/bin/os-disk-config.py +++ b/shared/bin/os-disk-config.py @@ -31,12 +31,28 @@ OS_MODE_HEDGEHOG, OS_MODE_MALCOLM, HEDGEHOG_ZEEK_DIR, + HEDGEHOG_PCAP_DIR, MALCOLM_DB_DIR, MALCOLM_PCAP_DIR, MALCOLM_LOGS_DIR, ) +MINIMUM_DEVICE_BYTES = 'minimum_device_bytes' +MOUNT_ROOT_PATH = 'mount_root_path' +MOUNT_DIRS = 'mount_dirs' +FSTAB_FILE = 'fstab_file' +CRYPTTAB_FILE = 'crypttab_file' +GROUP_OWNER = 'group_owner' +USER_UID = 'user_uid' +DIR_PERMS = 'dir_perms' +SUBDIR_PERMS = 'subdir_perms' +SYSTEM_CONFIG_FILE = 'system_config_file' +CRYPT_KEYFILE = 'crypt_keyfile' +CRYPT_KEYFILE_PERMS = 'crypt_keyfile_perms' +OTHER_FILE_PERMS = 'other_file_perms' +CRYPT_DEV_PREFIX = 'crypt_dev_prefix' + OS_PARAMS = defaultdict(lambda: None) OS_PARAMS[OS_MODE_HEDGEHOG] = defaultdict(lambda: None) OS_PARAMS[OS_MODE_MALCOLM] = defaultdict(lambda: None) @@ -686,7 +702,7 @@ def main(): eprint(f'Created "{userDir}" for writing by unprivileged user') for subdir in OS_PARAMS[osMode][MOUNT_DIRS]: if f"{os.path.sep}{subdir}{os.path.sep}" in userDir: - createdUserDirs[subDir] = userDir + createdUserDirs[subdir] = userDir break if (osMode == OS_MODE_HEDGEHOG) and os.path.isfile(OS_PARAMS[osMode][SYSTEM_CONFIG_FILE]): From 4ae65fe9551843ee5ca8318bb7069279b1fe5650 Mon Sep 17 00:00:00 2001 From: Seth Grover Date: Thu, 21 Mar 2024 08:37:11 -0600 Subject: [PATCH 66/79] testing idaholab/Malcolm#266, Malcolm ISO should format bigger drives for index and artifact storage --- .../normal/0900-setup-rc-local.hook.chroot | 2 +- shared/bin/os-disk-config.py | 47 +++++++++++-------- 2 files changed, 28 insertions(+), 21 deletions(-) mode change 100755 => 100644 shared/bin/os-disk-config.py diff --git a/malcolm-iso/config/hooks/normal/0900-setup-rc-local.hook.chroot b/malcolm-iso/config/hooks/normal/0900-setup-rc-local.hook.chroot index 656322c55..535d38795 100755 --- a/malcolm-iso/config/hooks/normal/0900-setup-rc-local.hook.chroot +++ b/malcolm-iso/config/hooks/normal/0900-setup-rc-local.hook.chroot @@ -17,7 +17,7 @@ fi if [ -f "$CAPTURE_STORAGE_FORMAT_FILE" ]; then logger "Initializing disk(s) to store captured artifacts" date >>/var/log/os-disk-config.log 2>&1 - python3 /usr/local/bin/os-disk-config.py -m hedgehog -u $CAPTURE_STORAGE_FORMAT_FLAG >>/var/log/os-disk-config.log 2>&1 + python3 /usr/local/bin/os-disk-config.py -m malcolm -u $CAPTURE_STORAGE_FORMAT_FLAG >>/var/log/os-disk-config.log 2>&1 rm -f "$CAPTURE_STORAGE_FORMAT_FILE" fi diff --git a/shared/bin/os-disk-config.py b/shared/bin/os-disk-config.py old mode 100755 new mode 100644 index 25d393f82..6a9c714cf --- a/shared/bin/os-disk-config.py +++ b/shared/bin/os-disk-config.py @@ -23,18 +23,19 @@ from fstab import Fstab from malcolm_utils import ( - remove_prefix, - str2bool, - sizeof_fmt, - run_subprocess, eprint, - OS_MODE_HEDGEHOG, - OS_MODE_MALCOLM, - HEDGEHOG_ZEEK_DIR, HEDGEHOG_PCAP_DIR, + HEDGEHOG_ZEEK_DIR, + LoadFileIfJson, MALCOLM_DB_DIR, - MALCOLM_PCAP_DIR, MALCOLM_LOGS_DIR, + MALCOLM_PCAP_DIR, + OS_MODE_HEDGEHOG, + OS_MODE_MALCOLM, + remove_prefix, + run_subprocess, + sizeof_fmt, + str2bool, ) @@ -398,7 +399,7 @@ def main(): # partition/format each candidate device for device in candidateDevs: # we only need at most len(OS_PARAMS[osMode][MOUNT_DIRS]), or at least one - if len(formattedDevs) >= 2: + if len(formattedDevs) >= len(OS_PARAMS[osMode][MOUNT_DIRS]): break if (not args.interactive) or YesOrNo( @@ -559,13 +560,12 @@ def main(): # now that we have formatted our device(s), decide where they're going to mount (these are already sorted) devIdx = 0 - if len(formattedDevs) >= len(OS_PARAMS[osMode][MOUNT_DIRS]): - for subdir in OS_PARAMS[osMode][MOUNT_DIRS]: + for subdir in OS_PARAMS[osMode][MOUNT_DIRS]: + if devIdx < len(formattedDevs): formattedDevs[devIdx].mount = os.path.join(OS_PARAMS[osMode][MOUNT_ROOT_PATH], subdir) devIdx += 1 - - elif len(formattedDevs) == 1: - formattedDevs[devIdx].mount = OS_PARAMS[osMode][MOUNT_ROOT_PATH] + else: + break if debug: eprint(formattedDevs) @@ -728,12 +728,19 @@ def main(): elif (osMode == OS_MODE_MALCOLM) and os.path.isdir(os.path.join(ownerHome, 'Malcolm')): # write .os_disk_config_defaults for to be picked up by install.py - configFileFull = os.path.join(os.path.join(ownerHome, 'Malcolm'), '.os_disk_config_defaults') - with open(configFileFull, 'w') as f: - f.write(json.dumps(createdUserDirs), indent=4) - if os.path.isfile(configFileFull): - os.chown(configFileFull, OS_PARAMS[osMode][USER_UID], ownerGuid) - os.chmod(configFileFull, OS_PARAMS[osMode][CRYPT_KEYFILE_PERMS]) + configFilePath = os.path.join(os.path.join(ownerHome, 'Malcolm'), '.os_disk_config_defaults') + createdUserDirsFull = None + if os.path.isfile(configFilePath): + with open(configFilePath, 'r') as f: + createdUserDirsFull = LoadFileIfJson(f) + if createdUserDirsFull is None: + createdUserDirsFull = {} + createdUserDirsFull.update(createdUserDirs) + with open(configFilePath, 'w') as f: + f.write(json.dumps(createdUserDirsFull, indent=4)) + if os.path.isfile(configFilePath): + os.chown(configFilePath, OS_PARAMS[osMode][USER_UID], ownerGuid) + os.chmod(configFilePath, OS_PARAMS[osMode][CRYPT_KEYFILE_PERMS]) else: eprint(f"Error {ecode} mounting {par.partition}") From 2b11765c6ebea4ddfc0b69a868bc9f2474809ef8 Mon Sep 17 00:00:00 2001 From: Seth Grover Date: Thu, 21 Mar 2024 08:58:08 -0600 Subject: [PATCH 67/79] testing idaholab/Malcolm#266, Malcolm ISO should format bigger drives for index and artifact storage --- scripts/install.py | 4 ++-- shared/bin/os-disk-config.py | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/scripts/install.py b/scripts/install.py index 180138cd0..969367cd6 100755 --- a/scripts/install.py +++ b/scripts/install.py @@ -862,12 +862,12 @@ def tweak_malcolm_runtime(self, malcolm_install_path): # directories for data volume mounts (PCAP storage, Zeek log storage, OpenSearch indexes, etc.) - # if the file .os_disk_config_defaults was created by the environment (os-disk-config.py) + # if the file .os-disk-config-defaults was created by the environment (os-disk-config.py) # we'll use those as defaults, otherwise base things underneath the malcolm_install_path diskFormatInfo = {} try: diskFormatInfoFile = os.path.join( - os.path.realpath(os.path.join(ScriptPath, "..")), ".os_disk_config_defaults" + os.path.realpath(os.path.join(ScriptPath, "..")), ".os-disk-config-defaults" ) if os.path.isfile(diskFormatInfoFile): with open(diskFormatInfoFile) as f: diff --git a/shared/bin/os-disk-config.py b/shared/bin/os-disk-config.py index 6a9c714cf..de3eac097 100644 --- a/shared/bin/os-disk-config.py +++ b/shared/bin/os-disk-config.py @@ -727,8 +727,8 @@ def main(): print(line) elif (osMode == OS_MODE_MALCOLM) and os.path.isdir(os.path.join(ownerHome, 'Malcolm')): - # write .os_disk_config_defaults for to be picked up by install.py - configFilePath = os.path.join(os.path.join(ownerHome, 'Malcolm'), '.os_disk_config_defaults') + # write .os-disk-config-defaults for to be picked up by install.py + configFilePath = os.path.join(os.path.join(ownerHome, 'Malcolm'), '.os-disk-config-defaults') createdUserDirsFull = None if os.path.isfile(configFilePath): with open(configFilePath, 'r') as f: From 441c06062495642d35b7a50c431d8c17b689dff4 Mon Sep 17 00:00:00 2001 From: Seth Grover Date: Thu, 21 Mar 2024 09:01:03 -0600 Subject: [PATCH 68/79] don't kick off github workflow builds for changes to os-disk-config.py --- .github/workflows/api-build-and-push-ghcr.yml | 1 + .github/workflows/arkime-build-and-push-ghcr.yml | 1 + .github/workflows/dashboards-build-and-push-ghcr.yml | 1 + .github/workflows/dashboards-helper-build-and-push-ghcr.yml | 1 + .github/workflows/file-monitor-build-and-push-ghcr.yml | 1 + .github/workflows/file-upload-build-and-push-ghcr.yml | 1 + .github/workflows/filebeat-build-and-push-ghcr.yml | 1 + .github/workflows/freq-build-and-push-ghcr.yml | 1 + .github/workflows/htadmin-build-and-push-ghcr.yml | 1 + .github/workflows/logstash-build-and-push-ghcr.yml | 1 + .github/workflows/netbox-build-and-push-ghcr.yml | 1 + .github/workflows/nginx-build-and-push-ghcr.yml | 1 + .github/workflows/opensearch-build-and-push-ghcr.yml | 1 + .github/workflows/pcap-capture-build-and-push-ghcr.yml | 1 + .github/workflows/pcap-monitor-build-and-push-ghcr.yml | 1 + .github/workflows/postgresql-build-and-push-ghcr.yml | 1 + .github/workflows/redis-build-and-push-ghcr.yml | 1 + .github/workflows/suricata-build-and-push-ghcr.yml | 1 + .github/workflows/zeek-build-and-push-ghcr.yml | 1 + 19 files changed, 19 insertions(+) diff --git a/.github/workflows/api-build-and-push-ghcr.yml b/.github/workflows/api-build-and-push-ghcr.yml index 1918a6c05..ae0aa9276 100644 --- a/.github/workflows/api-build-and-push-ghcr.yml +++ b/.github/workflows/api-build-and-push-ghcr.yml @@ -12,6 +12,7 @@ on: - '!shared/bin/agg-init.sh' - '!shared/bin/common-init.sh' - '!shared/bin/sensor-init.sh' + - '!shared/bin/os-disk-config.py' - '!shared/bin/preseed_late_user_config.sh' - '!shared/bin/configure-interfaces.py' - '!shared/bin/configure-capture.py' diff --git a/.github/workflows/arkime-build-and-push-ghcr.yml b/.github/workflows/arkime-build-and-push-ghcr.yml index cb0be9fcc..7d05235db 100644 --- a/.github/workflows/arkime-build-and-push-ghcr.yml +++ b/.github/workflows/arkime-build-and-push-ghcr.yml @@ -12,6 +12,7 @@ on: - '!shared/bin/agg-init.sh' - '!shared/bin/common-init.sh' - '!shared/bin/sensor-init.sh' + - '!shared/bin/os-disk-config.py' - '!shared/bin/preseed_late_user_config.sh' - '!shared/bin/configure-interfaces.py' - '!shared/bin/configure-capture.py' diff --git a/.github/workflows/dashboards-build-and-push-ghcr.yml b/.github/workflows/dashboards-build-and-push-ghcr.yml index 11e3d3d52..c02f705cd 100644 --- a/.github/workflows/dashboards-build-and-push-ghcr.yml +++ b/.github/workflows/dashboards-build-and-push-ghcr.yml @@ -12,6 +12,7 @@ on: - '!shared/bin/agg-init.sh' - '!shared/bin/common-init.sh' - '!shared/bin/sensor-init.sh' + - '!shared/bin/os-disk-config.py' - '!shared/bin/preseed_late_user_config.sh' - '!shared/bin/configure-interfaces.py' - '!shared/bin/configure-capture.py' diff --git a/.github/workflows/dashboards-helper-build-and-push-ghcr.yml b/.github/workflows/dashboards-helper-build-and-push-ghcr.yml index b23682e8e..1a4654e1b 100644 --- a/.github/workflows/dashboards-helper-build-and-push-ghcr.yml +++ b/.github/workflows/dashboards-helper-build-and-push-ghcr.yml @@ -12,6 +12,7 @@ on: - '!shared/bin/agg-init.sh' - '!shared/bin/common-init.sh' - '!shared/bin/sensor-init.sh' + - '!shared/bin/os-disk-config.py' - '!shared/bin/preseed_late_user_config.sh' - '!shared/bin/configure-interfaces.py' - '!shared/bin/configure-capture.py' diff --git a/.github/workflows/file-monitor-build-and-push-ghcr.yml b/.github/workflows/file-monitor-build-and-push-ghcr.yml index 05827276e..cd1452a25 100644 --- a/.github/workflows/file-monitor-build-and-push-ghcr.yml +++ b/.github/workflows/file-monitor-build-and-push-ghcr.yml @@ -12,6 +12,7 @@ on: - '!shared/bin/agg-init.sh' - '!shared/bin/common-init.sh' - '!shared/bin/sensor-init.sh' + - '!shared/bin/os-disk-config.py' - '!shared/bin/preseed_late_user_config.sh' - '!shared/bin/configure-interfaces.py' - '!shared/bin/configure-capture.py' diff --git a/.github/workflows/file-upload-build-and-push-ghcr.yml b/.github/workflows/file-upload-build-and-push-ghcr.yml index ddab381f2..ae305baf4 100644 --- a/.github/workflows/file-upload-build-and-push-ghcr.yml +++ b/.github/workflows/file-upload-build-and-push-ghcr.yml @@ -12,6 +12,7 @@ on: - '!shared/bin/agg-init.sh' - '!shared/bin/common-init.sh' - '!shared/bin/sensor-init.sh' + - '!shared/bin/os-disk-config.py' - '!shared/bin/preseed_late_user_config.sh' - '!shared/bin/configure-interfaces.py' - '!shared/bin/configure-capture.py' diff --git a/.github/workflows/filebeat-build-and-push-ghcr.yml b/.github/workflows/filebeat-build-and-push-ghcr.yml index b2d1444c3..f38fce003 100644 --- a/.github/workflows/filebeat-build-and-push-ghcr.yml +++ b/.github/workflows/filebeat-build-and-push-ghcr.yml @@ -12,6 +12,7 @@ on: - '!shared/bin/agg-init.sh' - '!shared/bin/common-init.sh' - '!shared/bin/sensor-init.sh' + - '!shared/bin/os-disk-config.py' - '!shared/bin/preseed_late_user_config.sh' - '!shared/bin/configure-interfaces.py' - '!shared/bin/configure-capture.py' diff --git a/.github/workflows/freq-build-and-push-ghcr.yml b/.github/workflows/freq-build-and-push-ghcr.yml index a84e3c609..2b4981465 100644 --- a/.github/workflows/freq-build-and-push-ghcr.yml +++ b/.github/workflows/freq-build-and-push-ghcr.yml @@ -12,6 +12,7 @@ on: - '!shared/bin/agg-init.sh' - '!shared/bin/common-init.sh' - '!shared/bin/sensor-init.sh' + - '!shared/bin/os-disk-config.py' - '!shared/bin/preseed_late_user_config.sh' - '!shared/bin/configure-interfaces.py' - '!shared/bin/configure-capture.py' diff --git a/.github/workflows/htadmin-build-and-push-ghcr.yml b/.github/workflows/htadmin-build-and-push-ghcr.yml index 78f721cad..797e867d5 100644 --- a/.github/workflows/htadmin-build-and-push-ghcr.yml +++ b/.github/workflows/htadmin-build-and-push-ghcr.yml @@ -12,6 +12,7 @@ on: - '!shared/bin/agg-init.sh' - '!shared/bin/common-init.sh' - '!shared/bin/sensor-init.sh' + - '!shared/bin/os-disk-config.py' - '!shared/bin/preseed_late_user_config.sh' - '!shared/bin/configure-interfaces.py' - '!shared/bin/configure-capture.py' diff --git a/.github/workflows/logstash-build-and-push-ghcr.yml b/.github/workflows/logstash-build-and-push-ghcr.yml index c4a6749bd..40416b40b 100644 --- a/.github/workflows/logstash-build-and-push-ghcr.yml +++ b/.github/workflows/logstash-build-and-push-ghcr.yml @@ -12,6 +12,7 @@ on: - '!shared/bin/agg-init.sh' - '!shared/bin/common-init.sh' - '!shared/bin/sensor-init.sh' + - '!shared/bin/os-disk-config.py' - '!shared/bin/preseed_late_user_config.sh' - '!shared/bin/configure-interfaces.py' - '!shared/bin/configure-capture.py' diff --git a/.github/workflows/netbox-build-and-push-ghcr.yml b/.github/workflows/netbox-build-and-push-ghcr.yml index daf2bd1fb..05e927320 100644 --- a/.github/workflows/netbox-build-and-push-ghcr.yml +++ b/.github/workflows/netbox-build-and-push-ghcr.yml @@ -12,6 +12,7 @@ on: - '!shared/bin/agg-init.sh' - '!shared/bin/common-init.sh' - '!shared/bin/sensor-init.sh' + - '!shared/bin/os-disk-config.py' - '!shared/bin/preseed_late_user_config.sh' - '!shared/bin/configure-interfaces.py' - '!shared/bin/configure-capture.py' diff --git a/.github/workflows/nginx-build-and-push-ghcr.yml b/.github/workflows/nginx-build-and-push-ghcr.yml index 0bb0b87ca..5eb534666 100644 --- a/.github/workflows/nginx-build-and-push-ghcr.yml +++ b/.github/workflows/nginx-build-and-push-ghcr.yml @@ -12,6 +12,7 @@ on: - '!shared/bin/agg-init.sh' - '!shared/bin/common-init.sh' - '!shared/bin/sensor-init.sh' + - '!shared/bin/os-disk-config.py' - '!shared/bin/preseed_late_user_config.sh' - '!shared/bin/configure-interfaces.py' - '!shared/bin/configure-capture.py' diff --git a/.github/workflows/opensearch-build-and-push-ghcr.yml b/.github/workflows/opensearch-build-and-push-ghcr.yml index 8b0a21a60..290329cb6 100644 --- a/.github/workflows/opensearch-build-and-push-ghcr.yml +++ b/.github/workflows/opensearch-build-and-push-ghcr.yml @@ -11,6 +11,7 @@ on: - '!shared/bin/agg-init.sh' - '!shared/bin/common-init.sh' - '!shared/bin/sensor-init.sh' + - '!shared/bin/os-disk-config.py' - '!shared/bin/preseed_late_user_config.sh' - '!shared/bin/configure-interfaces.py' - '!shared/bin/configure-capture.py' diff --git a/.github/workflows/pcap-capture-build-and-push-ghcr.yml b/.github/workflows/pcap-capture-build-and-push-ghcr.yml index fd374e5cb..b79262978 100644 --- a/.github/workflows/pcap-capture-build-and-push-ghcr.yml +++ b/.github/workflows/pcap-capture-build-and-push-ghcr.yml @@ -12,6 +12,7 @@ on: - '!shared/bin/agg-init.sh' - '!shared/bin/common-init.sh' - '!shared/bin/sensor-init.sh' + - '!shared/bin/os-disk-config.py' - '!shared/bin/preseed_late_user_config.sh' - '!shared/bin/configure-interfaces.py' - '!shared/bin/configure-capture.py' diff --git a/.github/workflows/pcap-monitor-build-and-push-ghcr.yml b/.github/workflows/pcap-monitor-build-and-push-ghcr.yml index 855ea60c9..0384acfcb 100644 --- a/.github/workflows/pcap-monitor-build-and-push-ghcr.yml +++ b/.github/workflows/pcap-monitor-build-and-push-ghcr.yml @@ -12,6 +12,7 @@ on: - '!shared/bin/agg-init.sh' - '!shared/bin/common-init.sh' - '!shared/bin/sensor-init.sh' + - '!shared/bin/os-disk-config.py' - '!shared/bin/preseed_late_user_config.sh' - '!shared/bin/configure-interfaces.py' - '!shared/bin/configure-capture.py' diff --git a/.github/workflows/postgresql-build-and-push-ghcr.yml b/.github/workflows/postgresql-build-and-push-ghcr.yml index 4d031e237..1b190750d 100644 --- a/.github/workflows/postgresql-build-and-push-ghcr.yml +++ b/.github/workflows/postgresql-build-and-push-ghcr.yml @@ -11,6 +11,7 @@ on: - '!shared/bin/agg-init.sh' - '!shared/bin/common-init.sh' - '!shared/bin/sensor-init.sh' + - '!shared/bin/os-disk-config.py' - '!shared/bin/preseed_late_user_config.sh' - '!shared/bin/configure-interfaces.py' - '!shared/bin/configure-capture.py' diff --git a/.github/workflows/redis-build-and-push-ghcr.yml b/.github/workflows/redis-build-and-push-ghcr.yml index 90b3d391d..0cbb9d8f7 100644 --- a/.github/workflows/redis-build-and-push-ghcr.yml +++ b/.github/workflows/redis-build-and-push-ghcr.yml @@ -11,6 +11,7 @@ on: - '!shared/bin/agg-init.sh' - '!shared/bin/common-init.sh' - '!shared/bin/sensor-init.sh' + - '!shared/bin/os-disk-config.py' - '!shared/bin/preseed_late_user_config.sh' - '!shared/bin/configure-interfaces.py' - '!shared/bin/configure-capture.py' diff --git a/.github/workflows/suricata-build-and-push-ghcr.yml b/.github/workflows/suricata-build-and-push-ghcr.yml index 2b467e0db..8cbfa7a39 100644 --- a/.github/workflows/suricata-build-and-push-ghcr.yml +++ b/.github/workflows/suricata-build-and-push-ghcr.yml @@ -12,6 +12,7 @@ on: - '!shared/bin/agg-init.sh' - '!shared/bin/common-init.sh' - '!shared/bin/sensor-init.sh' + - '!shared/bin/os-disk-config.py' - '!shared/bin/preseed_late_user_config.sh' - '!shared/bin/configure-interfaces.py' - '!shared/bin/configure-capture.py' diff --git a/.github/workflows/zeek-build-and-push-ghcr.yml b/.github/workflows/zeek-build-and-push-ghcr.yml index 906c8d997..7969ec3d0 100644 --- a/.github/workflows/zeek-build-and-push-ghcr.yml +++ b/.github/workflows/zeek-build-and-push-ghcr.yml @@ -12,6 +12,7 @@ on: - '!shared/bin/agg-init.sh' - '!shared/bin/common-init.sh' - '!shared/bin/sensor-init.sh' + - '!shared/bin/os-disk-config.py' - '!shared/bin/preseed_late_user_config.sh' - '!shared/bin/configure-interfaces.py' - '!shared/bin/configure-capture.py' From 87f5cdf34647fa5bbd57eaf3557a9bc84382884c Mon Sep 17 00:00:00 2001 From: Seth Grover Date: Thu, 21 Mar 2024 13:34:35 -0600 Subject: [PATCH 69/79] bump fluent bit to v3.0.0 --- scripts/third-party-logs/fluent-bit-setup.ps1 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/third-party-logs/fluent-bit-setup.ps1 b/scripts/third-party-logs/fluent-bit-setup.ps1 index a1e0928c1..a4f0cffc1 100644 --- a/scripts/third-party-logs/fluent-bit-setup.ps1 +++ b/scripts/third-party-logs/fluent-bit-setup.ps1 @@ -8,8 +8,8 @@ # Copyright (c) 2024 Battelle Energy Alliance, LLC. All rights reserved. ############################################################################### -$fluent_bit_version = '2.2' -$fluent_bit_full_version = '2.2.2' +$fluent_bit_version = '3.0' +$fluent_bit_full_version = '3.0.0' ############################################################################### # select an item from a menu provided in an array From 4a72770d60a2bde4049d9823f5f554a7bb5b77b7 Mon Sep 17 00:00:00 2001 From: Seth Grover Date: Thu, 21 Mar 2024 14:37:17 -0600 Subject: [PATCH 70/79] replace salesforce with corelight hassh plugin --- docs/components.md | 2 +- logstash/pipelines/zeek/11_zeek_parse.conf | 8 +++++++- logstash/pipelines/zeek/12_zeek_mutate.conf | 2 +- shared/bin/zeek_install_plugins.sh | 2 +- 4 files changed, 10 insertions(+), 4 deletions(-) diff --git a/docs/components.md b/docs/components.md index ed12d9e0c..2156df396 100644 --- a/docs/components.md +++ b/docs/components.md @@ -38,6 +38,7 @@ Malcolm leverages the following excellent open source tools, among others. * Corelight's [bro-xor-exe](https://github.com/corelight/bro-xor-exe-plugin) plugin * Corelight's [callstranger-detector](https://github.com/corelight/callstranger-detector) plugin * Corelight's [DCE/RPC remote code execution vulnerability (CVE-2022-26809)](https://github.com/corelight/cve-2022-26809) plugin + * Corelight's [HASSH](https://github.com/corelight/hassh) SSH fingerprinting plugin * Corelight's [HTTP More Filenames](https://github.com/corelight/http-more-files-names) plugin * Corelight's [HTTP protocol stack vulnerability (CVE-2021-31166)](https://github.com/corelight/CVE-2021-31166) plugin * Corelight's [OpenSSL RCE buffer overrun vulnerability (CVE-2022-3602)](https://github.com/corelight/CVE-2022-3602) plugin @@ -52,7 +53,6 @@ Malcolm leverages the following excellent open source tools, among others. * Lexi Brent's [EternalSafety](https://github.com/0xl3x1/zeek-EternalSafety) plugin * MITRE Cyber Analytics Repository's [Bro/Zeek ATT&CK®-Based Analytics (BZAR)](https://github.com/mitre-attack/car/tree/master/implementations) script * Salesforce's [gQUIC](https://github.com/salesforce/GQUIC_Protocol_Analyzer) analyzer - * Salesforce's [HASSH](https://github.com/salesforce/hassh) SSH fingerprinting plugin * Salesforce's [JA3](https://github.com/salesforce/ja3) TLS fingerprinting plugin * Zeek's [Spicy](https://github.com/zeek/spicy) plugin framework * [GeoLite2](https://dev.maxmind.com/geoip/geoip2/geolite2/) - Malcolm includes GeoLite2 data created by [MaxMind](https://www.maxmind.com) diff --git a/logstash/pipelines/zeek/11_zeek_parse.conf b/logstash/pipelines/zeek/11_zeek_parse.conf index b6159b134..877477f3f 100644 --- a/logstash/pipelines/zeek/11_zeek_parse.conf +++ b/logstash/pipelines/zeek/11_zeek_parse.conf @@ -3366,7 +3366,13 @@ filter { # ssh.log # https://docs.zeek.org/en/stable/scripts/base/protocols/ssh/main.zeek.html#type-SSH::Info - if ("_jsonparsesuccess" not in [tags]) { + if ("_jsonparsesuccess" in [tags]) { + mutate { + id => "mutate_rename_zeek_json_ssh_fields" + rename => { "[zeek_cols][hasshServer_Algorithms]" => "[zeek_cols][hasshServerAlgorithms]" } + } + + } else { dissect { id => "dissect_zeek_ssh_with_all_fields_with_hassh" # zeek's default delimiter is a literal tab, MAKE SURE YOUR EDITOR DOESN'T SCREW IT UP diff --git a/logstash/pipelines/zeek/12_zeek_mutate.conf b/logstash/pipelines/zeek/12_zeek_mutate.conf index 636ed1dab..32388c8ca 100644 --- a/logstash/pipelines/zeek/12_zeek_mutate.conf +++ b/logstash/pipelines/zeek/12_zeek_mutate.conf @@ -1812,7 +1812,7 @@ filter { merge => { "[ssh][key]" => "[@metadata][ssh_key_str]" } } } - # HASSH stuff (see https://github.com/salesforce/hassh/tree/master/bro) + # HASSH stuff (see https://github.com/corelight/hassh) if ([zeek][ssh][hassh]) { mutate { id => "mutate_merge_zeek_ssh_hassh" diff --git a/shared/bin/zeek_install_plugins.sh b/shared/bin/zeek_install_plugins.sh index 525b0827f..69b2b9b71 100755 --- a/shared/bin/zeek_install_plugins.sh +++ b/shared/bin/zeek_install_plugins.sh @@ -89,6 +89,7 @@ ZKG_GITHUB_URLS=( "https://github.com/corelight/cve-2022-22954" "https://github.com/corelight/cve-2022-26809" "https://github.com/corelight/CVE-2022-3602" + "https://github.com/corelight/hassh" "https://github.com/corelight/http-more-files-names" "https://github.com/corelight/pingback" "https://github.com/corelight/ripple20" @@ -106,7 +107,6 @@ ZKG_GITHUB_URLS=( "https://github.com/ncsa/bro-simple-scan" "https://github.com/precurse/zeek-httpattacks" "https://github.com/mmguero-dev/GQUIC_Protocol_Analyzer" - "https://github.com/salesforce/hassh" "https://github.com/salesforce/ja3" "https://github.com/zeek/spicy-dhcp" "https://github.com/zeek/spicy-dns" From 319c3c6e887bcf677e30f6d061d73431fadbea2a Mon Sep 17 00:00:00 2001 From: Seth Grover Date: Mon, 25 Mar 2024 10:49:56 -0600 Subject: [PATCH 71/79] update opensearch-py to v2.5.0 (https://github.com/opensearch-project/opensearch-py/releases/tag/v2.5.0) --- api/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/api/requirements.txt b/api/requirements.txt index 462a38cc5..564b1d8f8 100644 --- a/api/requirements.txt +++ b/api/requirements.txt @@ -1,7 +1,7 @@ pytz==2021.3 Flask==2.3.2 gunicorn==20.1.0 -opensearch-py==2.4.2 +opensearch-py==2.5.0 requests==2.31.0 regex==2022.3.2 dateparser==1.1.1 From 425629811d59f30ca5a40f5326700da6eac0dfe4 Mon Sep 17 00:00:00 2001 From: Seth Grover Date: Mon, 25 Mar 2024 12:04:42 -0600 Subject: [PATCH 72/79] update arkime build for investigate allowing specifying another index pattern for Arkime to query in addition to arkime_sessions3-* (idaholab/Malcolm#423) --- Dockerfiles/arkime.Dockerfile | 4 +- .../queryExtraIndices_mal423_ark2705.patch | 431 ++++++++++++++++++ 2 files changed, 433 insertions(+), 2 deletions(-) create mode 100644 arkime/patch/queryExtraIndices_mal423_ark2705.patch diff --git a/Dockerfiles/arkime.Dockerfile b/Dockerfiles/arkime.Dockerfile index 1ae947cac..ac8d1f776 100644 --- a/Dockerfiles/arkime.Dockerfile +++ b/Dockerfiles/arkime.Dockerfile @@ -7,9 +7,9 @@ ENV TERM xterm ENV PYTHONDONTWRITEBYTECODE 1 ENV PYTHONUNBUFFERED 1 -ENV ARKIME_VERSION "v5.0.1_search_indices" +ENV ARKIME_VERSION "v5.0.1" ENV ARKIME_DIR "/opt/arkime" -ENV ARKIME_URL "https://github.com/mmguero-dev/arkime.git" +ENV ARKIME_URL "https://github.com/arkime/arkime.git" ENV ARKIME_LOCALELASTICSEARCH no ENV ARKIME_INET yes diff --git a/arkime/patch/queryExtraIndices_mal423_ark2705.patch b/arkime/patch/queryExtraIndices_mal423_ark2705.patch new file mode 100644 index 000000000..e8d022aee --- /dev/null +++ b/arkime/patch/queryExtraIndices_mal423_ark2705.patch @@ -0,0 +1,431 @@ +diff --git a/viewer/apiCrons.js b/viewer/apiCrons.js +index 2808cb62..74ac5d4d 100644 +--- a/viewer/apiCrons.js ++++ b/viewer/apiCrons.js +@@ -242,7 +242,7 @@ class CronAPIs { + + let minTimestamp; + try { +- const { body: data } = await Db.getMinValue(['sessions2-*', 'sessions3-*'], '@timestamp'); ++ const { body: data } = await Db.getMinValue(Db.getSessionIndices(true), '@timestamp'); + minTimestamp = Math.floor(data.aggregations.min.value / 1000); + } catch (err) { + minTimestamp = Math.floor(Date.now() / 1000); +@@ -525,7 +525,7 @@ class CronAPIs { + console.log('CRON', cq.name, cq.creator, '- start:', new Date(cq.lpValue * 1000), 'stop:', new Date(singleEndTime * 1000), 'end:', new Date(endTime * 1000), 'remaining runs:', ((endTime - singleEndTime) / (24 * 60 * 60.0))); + } + +- Db.searchSessions(['sessions2-*', 'sessions3-*'], query, { scroll: internals.esScrollTimeout }, function getMoreUntilDone (err, result) { ++ Db.searchSessions(Db.getSessionIndices(true), query, { scroll: internals.esScrollTimeout }, function getMoreUntilDone (err, result) { + async function doNext () { + count += result.hits.hits.length; + +diff --git a/viewer/apiHunts.js b/viewer/apiHunts.js +index 0f61664f..c08d47dd 100644 +--- a/viewer/apiHunts.js ++++ b/viewer/apiHunts.js +@@ -412,7 +412,7 @@ ${Config.arkimeWebURL()}sessions?expression=huntId==${huntId}&stopTime=${hunt.qu + return HuntAPIs.#huntFailedSessions(hunt, huntId, options, searchedSessions, user); + } + +- Db.searchSessions(['sessions2-*', 'sessions3-*'], query, { scroll: internals.esScrollTimeout }, function getMoreUntilDone (err, result) { ++ Db.searchSessions(Db.getSessionIndices(true), query, { scroll: internals.esScrollTimeout }, function getMoreUntilDone (err, result) { + if (err || result.error) { + HuntAPIs.#pauseHuntJobWithError(huntId, hunt, { value: `Hunt error searching sessions: ${err}` }); + return; +diff --git a/viewer/apiSessions.js b/viewer/apiSessions.js +index cf4f211d..8e6c324c 100644 +--- a/viewer/apiSessions.js ++++ b/viewer/apiSessions.js +@@ -1832,7 +1832,7 @@ class SessionAPIs { + + Promise.all([ + Db.searchSessions(indices, query, options), +- Db.numberOfDocuments(['sessions2-*', 'sessions3-*'], options.cluster ? { cluster: options.cluster } : {}) ++ Db.numberOfDocuments(Db.getSessionIndices(), options.cluster ? { cluster: options.cluster } : {}) + ]).then(([sessions, total]) => { + if (Config.debug) { + console.log('/api/sessions result', util.inspect(sessions, false, 50)); +@@ -2025,7 +2025,7 @@ class SessionAPIs { + const options = ViewerUtils.addCluster(req.query.cluster); + + Promise.all([Db.searchSessions(indices, query, options), +- Db.numberOfDocuments(['sessions2-*', 'sessions3-*'], options.cluster ? { cluster: options.cluster } : {}) ++ Db.numberOfDocuments(Db.getSessionIndices(), options.cluster ? { cluster: options.cluster } : {}) + ]).then(([sessions, total]) => { + if (Config.debug) { + console.log('/api/spiview result', util.inspect(sessions, false, 50)); +@@ -2172,7 +2172,7 @@ class SessionAPIs { + } + + Promise.all([ +- Db.numberOfDocuments(['sessions2-*', 'sessions3-*'], options.cluster ? { cluster: options.cluster } : {}), ++ Db.numberOfDocuments(Db.getSessionIndices(), options.cluster ? { cluster: options.cluster } : {}), + Db.searchSessions(indices, query, options) + ]).then(([total, result]) => { + if (result.error) { throw result.error; } +@@ -3007,7 +3007,7 @@ class SessionAPIs { + console.log('/api/session/entire/%s/%s/pcap query', ArkimeUtil.sanitizeStr(req.params.nodeName), ArkimeUtil.sanitizeStr(req.params.id), JSON.stringify(query, false, 2)); + } + +- Db.searchSessions(['sessions2-*', 'sessions3-*'], query, null, (err, data) => { ++ Db.searchSessions(Db.getSessionIndices(true), query, null, (err, data) => { + async.forEachSeries(data.hits.hits, (item, nextCb) => { + SessionAPIs.#writePcap(res, Db.session2Sid(item), writerOptions, nextCb); + }, (err) => { +diff --git a/viewer/db.js b/viewer/db.js +index faa630fd..327c64ce 100644 +--- a/viewer/db.js ++++ b/viewer/db.js +@@ -25,6 +25,8 @@ const internals = { + arkimeNodeStatsCache: new Map(), + shortcutsCache: new Map(), + shortcutsCacheTS: new Map(), ++ sessionIndices: ['sessions2-*', 'sessions3-*'], ++ queryExtraIndicesRegex: [], + remoteShortcutsIndex: undefined, + localShortcutsIndex: undefined, + localShortcutsVersion: -1 // always start with -1 so there's an initial sync of shortcuts from user's es db +@@ -154,10 +156,21 @@ Db.initialize = async (info, cb) => { + console.log(`prefix:${internals.prefix} usersPrefix:${internals.usersPrefix}`); + } + ++ // build regular expressions for the user-specified extra query index patterns ++ if (Array.isArray(info.queryExtraIndices)) { ++ internals.sessionIndices = [...new Set([...['sessions2-*', 'sessions3-*'], ...info.queryExtraIndices])]; ++ for (const pattern in info.queryExtraIndices) { ++ internals.queryExtraIndicesRegex.push(ArkimeUtil.wildcardToRegexp(info.queryExtraIndices[pattern])); ++ } ++ if (internals.debug > 2) { ++ console.log(`defaultIndexPatterns: ${internals.sessionIndices}`); ++ } ++ } ++ + // Update aliases cache so -shrink/-reindex works + if (internals.nodeName !== undefined) { +- Db.getAliasesCache(['sessions2-*', 'sessions3-*']); +- setInterval(() => { Db.getAliasesCache(['sessions2-*', 'sessions3-*']); }, 2 * 60 * 1000); ++ Db.getAliasesCache(internals.sessionIndices); ++ setInterval(() => { Db.getAliasesCache(internals.sessionIndices); }, 2 * 60 * 1000); + } + + internals.localShortcutsIndex = fixIndex('lookups'); +@@ -215,18 +228,21 @@ function fixIndex (index) { + }).join(','); + } + +- // If prefix isn't there, add it. But don't add it for sessions2 unless really set. +- if (!index.startsWith(internals.prefix) && (!index.startsWith('sessions2') || internals.prefix !== 'arkime_')) { +- index = internals.prefix + index; +- } ++ // Don't fix extra user-specified indexes from the queryExtraIndices ++ if (!internals.queryExtraIndicesRegex.some(re => re.test(index))) { ++ // If prefix isn't there, add it. But don't add it for sessions2 unless really set. ++ if (!index.startsWith(internals.prefix) && (!index.startsWith('sessions2') || internals.prefix !== 'arkime_')) { ++ index = internals.prefix + index; ++ } + +- if (internals.aliasesCache && !internals.aliasesCache[index]) { +- if (internals.aliasesCache[index + '-shrink']) { +- // If the index doesn't exist but the shrink version does exist, add -shrink +- index += '-shrink'; +- } else if (internals.aliasesCache[index + '-reindex']) { +- // If the index doesn't exist but the reindex version does exist, add -reindex +- index += '-reindex'; ++ if (internals.aliasesCache && !internals.aliasesCache[index]) { ++ if (internals.aliasesCache[index + '-shrink']) { ++ // If the index doesn't exist but the shrink version does exist, add -shrink ++ index += '-shrink'; ++ } else if (internals.aliasesCache[index + '-reindex']) { ++ // If the index doesn't exist but the reindex version does exist, add -reindex ++ index += '-reindex'; ++ } + } + } + +@@ -1636,17 +1652,21 @@ Db.deleteFile = function (node, id, path, cb) { + }; + + Db.session2Sid = function (item) { +- const ver = item._index.includes('sessions2') ? '2@' : '3@'; +- if (item._id.length < 31) { ++ // ver can be 2@ (sessions2), 3@ (sessions3), or x@ (user-specified queryExtraIndices) ++ const ver = internals.queryExtraIndicesRegex.some(re => re.test(item._index)) ? 'x@' : item._index.includes('sessions2') ? '2@' : '3@'; ++ if (ver === 'x@') { ++ // document from queryExtraIndices, format Sid as x@_index:_id ++ return ver + item._index + ':' + item._id; ++ } else if (item._id.length < 31) { + // sessions2 didn't have new arkime_ prefix + if (ver === '2@' && internals.prefix === 'arkime_') { + return ver + item._index.substring(10) + ':' + item._id; + } else { + return ver + item._index.substring(internals.prefix.length + 10) + ':' + item._id; + } ++ } else { ++ return ver + item._id; + } +- +- return ver + item._id; + }; + + Db.sid2Id = function (id) { +@@ -1666,10 +1686,17 @@ Db.sid2Index = function (id, options) { + const colon = id.indexOf(':'); + + if (id[1] === '@') { +- if (colon > 0) { +- return 'sessions' + id[0] + '-' + id.substr(2, colon - 2); ++ if (id[0] === 'x') { ++ // ver is x@, which indicates user-specified queryExtraIndices, ++ // so the id will be formatted x@_index:_id ++ // console.log(`Db.sid2Index: ${id.substr(2, colon - 2)}`); ++ return id.substr(2, colon - 2); ++ } else { ++ if (colon > 0) { ++ return 'sessions' + id[0] + '-' + id.substr(2, colon - 2); ++ } ++ return 'sessions' + id[0] + '-' + id.substr(2, id.indexOf('-') - 2); + } +- return 'sessions' + id[0] + '-' + id.substr(2, id.indexOf('-') - 2); + } + + const s3 = 'sessions3-' + ((colon > 0) ? id.substr(0, colon) : id.substr(0, id.indexOf('-'))); +@@ -1703,9 +1730,16 @@ Db.loadFields = async () => { + return Db.search('fields', 'field', { size: 10000 }); + }; + +-Db.getIndices = async (startTime, stopTime, bounding, rotateIndex) => { ++Db.getSessionIndices = function (excludeExtra) { ++ if (excludeExtra) { ++ return ['sessions2-*', 'sessions3-*']; ++ } ++ return internals.sessionIndices; ++}; ++ ++Db.getIndices = async (startTime, stopTime, bounding, rotateIndex, extraIndices) => { + try { +- const aliases = await Db.getAliasesCache(['sessions2-*', 'sessions3-*']); ++ const aliases = await Db.getAliasesCache(internals.sessionIndices); + const indices = []; + + // Guess how long hour indices we find are +@@ -1719,9 +1753,10 @@ Db.getIndices = async (startTime, stopTime, bounding, rotateIndex) => { + } + + // Go thru each index, convert to start/stop range and see if our time range overlaps +- // For hourly and month indices we may search extra ++ // For hourly and month indices (and user-specified queryExtraIndices) we may search extra + for (const iname in aliases) { + let index = iname; ++ let isQueryExtraIndex = false; + if (index.endsWith('-shrink')) { + index = index.substring(0, index.length - 7); + } +@@ -1730,61 +1765,116 @@ Db.getIndices = async (startTime, stopTime, bounding, rotateIndex) => { + } + if (index.startsWith('sessions2-')) { // sessions2 might not have prefix + index = index.substring(10); ++ } else if (internals.queryExtraIndicesRegex.some(re => re.test(index))) { ++ // extra user-specified indexes from the queryExtraIndices don't have the prefix ++ isQueryExtraIndex = true; + } else { + index = index.substring(internals.prefix.length + 10); + } ++ + let year; let month; let day = 0; let hour = 0; let len; ++ let queryExtraIndexTimeMatched = false; let queryExtraIndexTimeMatch; + +- if (+index[0] >= 6) { +- year = 1900 + (+index[0]) * 10 + (+index[1]); +- } else { +- year = 2000 + (+index[0]) * 10 + (+index[1]); +- } ++ if (isQueryExtraIndex) { ++ // the user-specified queryExtraIndices are less under our control, so we ++ // are going to take some regex-based best guesses to figure out if it's hourly, daily, etc. + +- if (index[2] === 'w') { +- len = 7 * 24 * 60 * 60; +- month = 1; +- day = (+index[3] * 10 + (+index[4])) * 7; +- } else if (index[2] === 'm') { +- month = (+index[3]) * 10 + (+index[4]); +- day = 1; +- len = 31 * 24 * 60 * 60; +- } else if (index.length === 6) { +- month = (+index[2]) * 10 + (+index[3]); +- day = (+index[4]) * 10 + (+index[5]); +- len = 24 * 60 * 60; +- } else { +- month = (+index[2]) * 10 + (+index[3]); +- day = (+index[4]) * 10 + (+index[5]); +- hour = (+index[7]) * 10 + (+index[8]); +- len = hlength; +- } +- +- const start = Date.UTC(year, month - 1, day, hour) / 1000; +- const stop = Date.UTC(year, month - 1, day, hour) / 1000 + len; +- +- switch (bounding) { +- default: +- case 'last': +- if (stop >= startTime && start <= stopTime) { +- indices.push(iname); ++ // daily 240311 v year v month v day ++ queryExtraIndexTimeMatch = iname.match(/([0-9][0-9])(0[1-9]|1[0-2])(0[1-9]|[12][0-9]|3[01])$/); ++ if (queryExtraIndexTimeMatch) { ++ queryExtraIndexTimeMatched = true; ++ index = queryExtraIndexTimeMatch[0]; + } +- break; +- case 'first': +- case 'both': +- case 'either': +- case 'database': +- if (stop >= (startTime - len) && start <= (stopTime + len)) { +- indices.push(iname); ++ ++ if (!queryExtraIndexTimeMatched) { ++ // hourly 240311h19 v year v month v day h v hour ++ queryExtraIndexTimeMatch = iname.match(/([0-9][0-9])(0[1-9]|1[0-2])(0[1-9]|[12][0-9]|3[01])[Hh]([01][0-9]|2[0-3])$/); ++ if (queryExtraIndexTimeMatch) { ++ queryExtraIndexTimeMatched = true; ++ index = queryExtraIndexTimeMatch[0]; ++ } + } +- break; ++ ++ if (!queryExtraIndexTimeMatched) { ++ // weekly 24w10 v year w v week ++ queryExtraIndexTimeMatch = iname.match(/([0-9][0-9])[Ww]([0-4][0-9]|5[0-3])$/); ++ if (queryExtraIndexTimeMatch) { ++ queryExtraIndexTimeMatched = true; ++ index = queryExtraIndexTimeMatch[0]; ++ } ++ } ++ ++ if (!queryExtraIndexTimeMatched) { ++ // monthly 24m10 v year w v month ++ queryExtraIndexTimeMatch = iname.match(/([0-9][0-9])[Mm](0[1-9]|1[0-2])$/); ++ if (queryExtraIndexTimeMatch) { ++ queryExtraIndexTimeMatched = true; ++ index = queryExtraIndexTimeMatch[0]; ++ } ++ } ++ } // if (isQueryExtraIndex) ++ ++ if (!isQueryExtraIndex || queryExtraIndexTimeMatched) { ++ if (+index[0] >= 6) { ++ year = 1900 + (+index[0]) * 10 + (+index[1]); ++ } else { ++ year = 2000 + (+index[0]) * 10 + (+index[1]); ++ } ++ ++ if (index[2] === 'w') { ++ len = 7 * 24 * 60 * 60; ++ month = 1; ++ day = (+index[3] * 10 + (+index[4])) * 7; ++ } else if (index[2] === 'm') { ++ month = (+index[3]) * 10 + (+index[4]); ++ day = 1; ++ len = 31 * 24 * 60 * 60; ++ } else if (index.length === 6) { ++ month = (+index[2]) * 10 + (+index[3]); ++ day = (+index[4]) * 10 + (+index[5]); ++ len = 24 * 60 * 60; ++ } else { ++ month = (+index[2]) * 10 + (+index[3]); ++ day = (+index[4]) * 10 + (+index[5]); ++ hour = (+index[7]) * 10 + (+index[8]); ++ // queryExtraIndices don't really have any way to specify (hourly[23468]|hourly12), ++ // so for those hourly just means "hourly" with regards to length calculation ++ len = isQueryExtraIndex ? (60 * 60) : hlength; ++ } ++ ++ const start = Date.UTC(year, month - 1, day, hour) / 1000; ++ const stop = Date.UTC(year, month - 1, day, hour) / 1000 + len; ++ ++ switch (bounding) { ++ default: ++ case 'last': ++ if (stop >= startTime && start <= stopTime) { ++ indices.push(iname); ++ } ++ break; ++ case 'first': ++ case 'both': ++ case 'either': ++ case 'database': ++ if (stop >= (startTime - len) && start <= (stopTime + len)) { ++ indices.push(iname); ++ } ++ break; ++ } ++ } else if (isQueryExtraIndex) { ++ // this is a extra user-specified index pattetern from queryExtraIndices, and ++ // we couldn't grok it, so just query the whole thing ++ indices.push(iname); + } +- } ++ } // for (const iname in aliases) + + if (indices.length === 0) { +- return fixIndex(['sessions2-*', 'sessions3-*']); ++ return fixIndex(internals.sessionIndices); + } + ++ if (internals.debug > 2) { ++ console.log(`getIndices: ${indices}`); ++ } + return indices.join(); + } catch { + return ''; +diff --git a/viewer/decryptPcap.js b/viewer/decryptPcap.js +index b188381a..6ec859d0 100644 +--- a/viewer/decryptPcap.js ++++ b/viewer/decryptPcap.js +@@ -88,6 +88,7 @@ async function premain () { + Db.initialize({ + host: escInfo, + prefix: Config.get('prefix', 'arkime_'), ++ queryExtraIndices: Config.getArray('queryExtraIndices', ''), + esClientKey: Config.get('esClientKey', null), + esClientCert: Config.get('esClientCert', null), + esClientKeyPass: Config.get('esClientKeyPass', null), +diff --git a/viewer/viewer.js b/viewer/viewer.js +index 5f92118b..73e7cb89 100644 +--- a/viewer/viewer.js ++++ b/viewer/viewer.js +@@ -2162,6 +2162,7 @@ async function premain () { + Db.initialize({ + host: internals.elasticBase, + prefix: internals.prefix, ++ queryExtraIndices: Config.getArray('queryExtraIndices', ''), + usersHost: Config.getArray('usersElasticsearch'), + // The default for usersPrefix should be '' if this is a multiviewer, otherwise Db.initialize will figure out + usersPrefix: Config.get('usersPrefix', internals.multiES ? '' : undefined), +diff --git a/viewer/viewerUtils.js b/viewer/viewerUtils.js +index 9cfefcec..6cdac982 100644 +--- a/viewer/viewerUtils.js ++++ b/viewer/viewerUtils.js +@@ -284,15 +284,15 @@ class ViewerUtils { + + if (reqQuery.date === '-1' || // An all query + Config.get('queryAllIndices', Config.get('multiES', false))) { // queryAllIndices (default: multiES) +- req._arkimeESQueryIndices = Db.fixIndex(['sessions2-*', 'sessions3-*']); +- return finalCb(err || lerr, query, Db.fixIndex(['sessions2-*', 'sessions3-*'])); // Then we just go against all indices for a slight overhead ++ req._arkimeESQueryIndices = Db.fixIndex(Db.getSessionIndices()); ++ return finalCb(err || lerr, query, req._arkimeESQueryIndices); // Then we just go against all indices for a slight overhead + } + +- const indices = await Db.getIndices(reqQuery.startTime, reqQuery.stopTime, reqQuery.bounding, Config.get('rotateIndex', 'daily')); ++ const indices = await Db.getIndices(reqQuery.startTime, reqQuery.stopTime, reqQuery.bounding, Config.get('rotateIndex', 'daily'), Config.getArray('queryExtraIndices', '')); + + if (indices.length > 3000) { // Will url be too long +- req._arkimeESQueryIndices = Db.fixIndex(['sessions2-*', 'sessions3-*']); +- return finalCb(err || lerr, query, Db.fixIndex(['sessions2-*', 'sessions3-*'])); ++ req._arkimeESQueryIndices = Db.fixIndex(Db.getSessionIndices()); ++ return finalCb(err || lerr, query, req._arkimeESQueryIndices); + } else { + req._arkimeESQueryIndices = indices; + return finalCb(err || lerr, query, indices); From a24781a69ddaf3a8d2150b46e958c50ec4f8bb8c Mon Sep 17 00:00:00 2001 From: Seth Grover Date: Mon, 25 Mar 2024 12:26:18 -0600 Subject: [PATCH 73/79] move profinet plugin to point upstream at amzn/zeek-plugin-profinet now that the PR has been pulled --- shared/bin/zeek_install_plugins.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/shared/bin/zeek_install_plugins.sh b/shared/bin/zeek_install_plugins.sh index 69b2b9b71..c25bced16 100755 --- a/shared/bin/zeek_install_plugins.sh +++ b/shared/bin/zeek_install_plugins.sh @@ -66,7 +66,7 @@ ZKG_GITHUB_URLS=( "https://github.com/0xl3x1/zeek-EternalSafety" "https://github.com/0xxon/cve-2020-0601" "https://github.com/0xxon/cve-2020-13777" - "https://github.com/mmguero-dev/zeek-plugin-profinet|master" + "https://github.com/amzn/zeek-plugin-profinet|master" "https://github.com/amzn/zeek-plugin-tds|master" "https://github.com/cisagov/icsnpp-bacnet" "https://github.com/cisagov/icsnpp-bsap" From 84c68b517acf5fcb316236457e0b7f4cd96a64bd Mon Sep 17 00:00:00 2001 From: Seth Grover Date: Mon, 25 Mar 2024 15:06:59 -0600 Subject: [PATCH 74/79] ignore warnings from compose --- malcolm-iso/config/includes.chroot/etc/bash.bash_functions | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/malcolm-iso/config/includes.chroot/etc/bash.bash_functions b/malcolm-iso/config/includes.chroot/etc/bash.bash_functions index 6dba56c0c..5b5b1753d 100644 --- a/malcolm-iso/config/includes.chroot/etc/bash.bash_functions +++ b/malcolm-iso/config/includes.chroot/etc/bash.bash_functions @@ -562,9 +562,9 @@ function malcolmmonitor () { select-pane -t 5 \; \ send-keys 'while true; do clear; free -m | grep ^Mem: | cut -d" " -f2- | sed "s/[[:space:]]\+/,/g" | sed "s/^,//" ; sleep 60; done' C-m \; \ select-pane -t 6 \; \ - send-keys "while true; do clear; pushd ~/Malcolm >/dev/null 2>&1; docker compose exec -u $(id -u) api curl -sSL 'http://localhost:5000/mapi/agg/event.dataset?from=1970' | python3 -m json.tool | grep -P '\b(doc_count|key)\b' | tr -d '\", ' | cut -d: -f2 | paste - - -d'\t\t' | head -n $(( (MAX_HEIGHT / 2) - 1 )) ; popd >/dev/null 2>&1; sleep 60; done" C-m \; \ + send-keys "while true; do clear; pushd ~/Malcolm >/dev/null 2>&1; docker compose exec -u $(id -u) api curl -sSL 'http://localhost:5000/mapi/agg/event.dataset?from=1970' 2>/dev/null | python3 -m json.tool | grep -P '\b(doc_count|key)\b' | tr -d '\", ' | cut -d: -f2 | paste - - -d'\t\t' | head -n $(( (MAX_HEIGHT / 2) - 1 )) ; popd >/dev/null 2>&1; sleep 60; done" C-m \; \ select-pane -t 7 \; \ - send-keys "while true; do clear; pushd ~/Malcolm >/dev/null 2>&1; docker compose exec -u $(id -u) api curl -sSL 'http://localhost:5000/mapi/agg?from=1970' | python3 -m json.tool | grep -P '\b(doc_count|key)\b' | tr -d '\", ' | cut -d: -f2 | paste - - -d'\t\t' ; popd >/dev/null 2>&1; sleep 60; done" C-m \; \ + send-keys "while true; do clear; pushd ~/Malcolm >/dev/null 2>&1; docker compose exec -u $(id -u) api curl -sSL 'http://localhost:5000/mapi/agg?from=1970' 2>/dev/null | python3 -m json.tool | grep -P '\b(doc_count|key)\b' | tr -d '\", ' | cut -d: -f2 | paste - - -d'\t\t' ; popd >/dev/null 2>&1; sleep 60; done" C-m \; \ split-window -v \; \ select-pane -t 8 \; \ send-keys "while true; do clear; find ~/Malcolm/zeek-logs/extract_files -type f | sed 's@.*/\(.*\)/.*@\1@' | sort | uniq -c | sort -nr; sleep 60; done" C-m \; \ From 05a38d258f086e2555e80399c1117b4e140d4bc9 Mon Sep 17 00:00:00 2001 From: Seth Grover Date: Mon, 25 Mar 2024 15:38:27 -0600 Subject: [PATCH 75/79] notice.log seems to have community ID on it now, so parsing that --- logstash/pipelines/zeek/11_zeek_parse.conf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/logstash/pipelines/zeek/11_zeek_parse.conf b/logstash/pipelines/zeek/11_zeek_parse.conf index 877477f3f..93e2ff88c 100644 --- a/logstash/pipelines/zeek/11_zeek_parse.conf +++ b/logstash/pipelines/zeek/11_zeek_parse.conf @@ -2384,7 +2384,7 @@ filter { id => "dissect_zeek_notice_with_all_fields" # zeek's default delimiter is a literal tab, MAKE SURE YOUR EDITOR DOESN'T SCREW IT UP mapping => { - "[message]" => "%{[zeek_cols][ts]} %{[zeek_cols][uid]} %{[zeek_cols][orig_h]} %{[zeek_cols][orig_p]} %{[zeek_cols][resp_h]} %{[zeek_cols][resp_p]} %{[zeek_cols][fuid]} %{[zeek_cols][file_mime_type]} %{[zeek_cols][file_desc]} %{[zeek_cols][proto]} %{[zeek_cols][note]} %{[zeek_cols][msg]} %{[zeek_cols][sub]} %{[zeek_cols][src]} %{[zeek_cols][dst]} %{[zeek_cols][p]} %{[zeek_cols][n]} %{[zeek_cols][peer_descr]} %{[zeek_cols][actions]} %{[zeek_cols][email_dest]} %{[zeek_cols][suppress_for]} %{[zeek_cols][remote_location_country_code]} %{[zeek_cols][remote_location_region]} %{[zeek_cols][remote_location_city]} %{[zeek_cols][remote_location_latitude]} %{[zeek_cols][remote_location_longitude]}" + "[message]" => "%{[zeek_cols][ts]} %{[zeek_cols][uid]} %{[zeek_cols][orig_h]} %{[zeek_cols][orig_p]} %{[zeek_cols][resp_h]} %{[zeek_cols][resp_p]} %{[zeek_cols][fuid]} %{[zeek_cols][file_mime_type]} %{[zeek_cols][file_desc]} %{[zeek_cols][proto]} %{[zeek_cols][note]} %{[zeek_cols][msg]} %{[zeek_cols][sub]} %{[zeek_cols][src]} %{[zeek_cols][dst]} %{[zeek_cols][p]} %{[zeek_cols][n]} %{[zeek_cols][peer_descr]} %{[zeek_cols][actions]} %{[zeek_cols][email_dest]} %{[zeek_cols][suppress_for]} %{[zeek_cols][remote_location_country_code]} %{[zeek_cols][remote_location_region]} %{[zeek_cols][remote_location_city]} %{[zeek_cols][remote_location_latitude]} %{[zeek_cols][remote_location_longitude]} %{[zeek_cols][community_id]}" } } if ("_dissectfailure" in [tags]) { @@ -2395,7 +2395,7 @@ filter { } ruby { id => "ruby_zip_zeek_notice" - init => "@zeek_notice_field_names = [ 'ts', 'uid', 'orig_h', 'orig_p', 'resp_h', 'resp_p', 'fuid', 'file_mime_type', 'file_desc', 'proto', 'note', 'msg', 'sub', 'src', 'dst', 'p', 'n', 'peer_descr', 'actions', 'email_dest', 'suppress_for', 'remote_location_country_code', 'remote_location_region', 'remote_location_city', 'remote_location_latitude', 'remote_location_longitude' ]" + init => "@zeek_notice_field_names = [ 'ts', 'uid', 'orig_h', 'orig_p', 'resp_h', 'resp_p', 'fuid', 'file_mime_type', 'file_desc', 'proto', 'note', 'msg', 'sub', 'src', 'dst', 'p', 'n', 'peer_descr', 'actions', 'email_dest', 'suppress_for', 'remote_location_country_code', 'remote_location_region', 'remote_location_city', 'remote_location_latitude', 'remote_location_longitude', 'community_id' ]" code => "event.set('[zeek_cols]', @zeek_notice_field_names.zip(event.get('[message]')).to_h)" } } From 2ae04f77c8a4a2476af74fd0d193080e909a88fb Mon Sep 17 00:00:00 2001 From: Seth Grover Date: Mon, 25 Mar 2024 15:39:38 -0600 Subject: [PATCH 76/79] update local.zeek for sensor --- .../config/includes.chroot/usr/local/etc/zeek/local.zeek | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hedgehog-iso/config/includes.chroot/usr/local/etc/zeek/local.zeek b/hedgehog-iso/config/includes.chroot/usr/local/etc/zeek/local.zeek index 6f7956ebe..2fbeabbc7 100644 --- a/hedgehog-iso/config/includes.chroot/usr/local/etc/zeek/local.zeek +++ b/hedgehog-iso/config/includes.chroot/usr/local/etc/zeek/local.zeek @@ -306,7 +306,7 @@ redef CVE_2021_44228::log = F; ##! Other logs we're just disabling unilaterally # amzn/zeek-plugin-profinet's profinet_dce_rpc.log is covered by cisagov/icsnpp-profinet-io-cm -hook Profinet::log_policy_profinet_dce_rpc( +hook Profinet::log_policy_dce_rpc( rec: Profinet::Profinet_DCE_RPC, id: Log::ID, filter: Log::Filter) { From 8428a407f5227fcd280ac971b8a8538391d96f66 Mon Sep 17 00:00:00 2001 From: Seth Grover Date: Tue, 26 Mar 2024 11:27:22 -0600 Subject: [PATCH 77/79] update kubernetes manifests to point to correct images --- kubernetes/03-opensearch.yml | 4 ++-- kubernetes/04-dashboards.yml | 2 +- kubernetes/05-upload.yml | 4 ++-- kubernetes/06-pcap-monitor.yml | 4 ++-- kubernetes/07-arkime.yml | 4 ++-- kubernetes/08-api.yml | 2 +- kubernetes/09-dashboards-helper.yml | 2 +- kubernetes/10-zeek.yml | 4 ++-- kubernetes/11-suricata.yml | 4 ++-- kubernetes/12-file-monitor.yml | 4 ++-- kubernetes/13-filebeat.yml | 4 ++-- kubernetes/14-logstash.yml | 4 ++-- kubernetes/15-netbox-redis.yml | 4 ++-- kubernetes/16-netbox-redis-cache.yml | 2 +- kubernetes/17-netbox-postgres.yml | 4 ++-- kubernetes/18-netbox.yml | 4 ++-- kubernetes/19-htadmin.yml | 4 ++-- kubernetes/20-pcap-capture.yml | 4 ++-- kubernetes/21-zeek-live.yml | 4 ++-- kubernetes/22-suricata-live.yml | 4 ++-- kubernetes/23-arkime-live.yml | 4 ++-- kubernetes/24-freq.yml | 2 +- kubernetes/98-nginx-proxy.yml | 4 ++-- 23 files changed, 41 insertions(+), 41 deletions(-) diff --git a/kubernetes/03-opensearch.yml b/kubernetes/03-opensearch.yml index 4a14aaeed..d33197848 100644 --- a/kubernetes/03-opensearch.yml +++ b/kubernetes/03-opensearch.yml @@ -30,7 +30,7 @@ spec: spec: containers: - name: opensearch-container - image: ghcr.io/mmguero-dev/malcolm/opensearch:development + image: ghcr.io/idaholab/malcolm/opensearch:24.03.1 imagePullPolicy: Always stdin: false tty: true @@ -71,7 +71,7 @@ spec: subPath: "opensearch" initContainers: - name: opensearch-dirinit-container - image: ghcr.io/mmguero-dev/malcolm/dirinit:development + image: ghcr.io/idaholab/malcolm/dirinit:24.03.1 imagePullPolicy: Always stdin: false tty: true diff --git a/kubernetes/04-dashboards.yml b/kubernetes/04-dashboards.yml index cfbb8b422..47f759213 100644 --- a/kubernetes/04-dashboards.yml +++ b/kubernetes/04-dashboards.yml @@ -30,7 +30,7 @@ spec: spec: containers: - name: dashboards-container - image: ghcr.io/mmguero-dev/malcolm/dashboards:development + image: ghcr.io/idaholab/malcolm/dashboards:24.03.1 imagePullPolicy: Always stdin: false tty: true diff --git a/kubernetes/05-upload.yml b/kubernetes/05-upload.yml index 7631d405f..ae65af467 100644 --- a/kubernetes/05-upload.yml +++ b/kubernetes/05-upload.yml @@ -34,7 +34,7 @@ spec: spec: containers: - name: upload-container - image: ghcr.io/mmguero-dev/malcolm/file-upload:development + image: ghcr.io/idaholab/malcolm/file-upload:24.03.1 imagePullPolicy: Always stdin: false tty: true @@ -73,7 +73,7 @@ spec: subPath: "upload" initContainers: - name: upload-dirinit-container - image: ghcr.io/mmguero-dev/malcolm/dirinit:development + image: ghcr.io/idaholab/malcolm/dirinit:24.03.1 imagePullPolicy: Always stdin: false tty: true diff --git a/kubernetes/06-pcap-monitor.yml b/kubernetes/06-pcap-monitor.yml index 70da6fc02..c14afabbd 100644 --- a/kubernetes/06-pcap-monitor.yml +++ b/kubernetes/06-pcap-monitor.yml @@ -30,7 +30,7 @@ spec: spec: containers: - name: pcap-monitor-container - image: ghcr.io/mmguero-dev/malcolm/pcap-monitor:development + image: ghcr.io/idaholab/malcolm/pcap-monitor:24.03.1 imagePullPolicy: Always stdin: false tty: true @@ -70,7 +70,7 @@ spec: name: pcap-monitor-zeek-volume initContainers: - name: pcap-monitor-dirinit-container - image: ghcr.io/mmguero-dev/malcolm/dirinit:development + image: ghcr.io/idaholab/malcolm/dirinit:24.03.1 imagePullPolicy: Always stdin: false tty: true diff --git a/kubernetes/07-arkime.yml b/kubernetes/07-arkime.yml index e050e6036..2e8b35855 100644 --- a/kubernetes/07-arkime.yml +++ b/kubernetes/07-arkime.yml @@ -30,7 +30,7 @@ spec: spec: containers: - name: arkime-container - image: ghcr.io/mmguero-dev/malcolm/arkime:development + image: ghcr.io/idaholab/malcolm/arkime:24.03.1 imagePullPolicy: Always stdin: false tty: true @@ -79,7 +79,7 @@ spec: name: arkime-pcap-volume initContainers: - name: arkime-dirinit-container - image: ghcr.io/mmguero-dev/malcolm/dirinit:development + image: ghcr.io/idaholab/malcolm/dirinit:24.03.1 imagePullPolicy: Always stdin: false tty: true diff --git a/kubernetes/08-api.yml b/kubernetes/08-api.yml index dff8c4274..457a81a37 100644 --- a/kubernetes/08-api.yml +++ b/kubernetes/08-api.yml @@ -30,7 +30,7 @@ spec: spec: containers: - name: api-container - image: ghcr.io/mmguero-dev/malcolm/api:development + image: ghcr.io/idaholab/malcolm/api:24.03.1 imagePullPolicy: Always stdin: false tty: true diff --git a/kubernetes/09-dashboards-helper.yml b/kubernetes/09-dashboards-helper.yml index 3c1292517..aa03d1cab 100644 --- a/kubernetes/09-dashboards-helper.yml +++ b/kubernetes/09-dashboards-helper.yml @@ -30,7 +30,7 @@ spec: spec: containers: - name: dashboards-helper-container - image: ghcr.io/mmguero-dev/malcolm/dashboards-helper:development + image: ghcr.io/idaholab/malcolm/dashboards-helper:24.03.1 imagePullPolicy: Always stdin: false tty: true diff --git a/kubernetes/10-zeek.yml b/kubernetes/10-zeek.yml index daa925943..92f5e0b80 100644 --- a/kubernetes/10-zeek.yml +++ b/kubernetes/10-zeek.yml @@ -16,7 +16,7 @@ spec: spec: containers: - name: zeek-offline-container - image: ghcr.io/mmguero-dev/malcolm/zeek:development + image: ghcr.io/idaholab/malcolm/zeek:24.03.1 imagePullPolicy: Always stdin: false tty: true @@ -64,7 +64,7 @@ spec: subPath: "zeek/intel" initContainers: - name: zeek-offline-dirinit-container - image: ghcr.io/mmguero-dev/malcolm/dirinit:development + image: ghcr.io/idaholab/malcolm/dirinit:24.03.1 imagePullPolicy: Always stdin: false tty: true diff --git a/kubernetes/11-suricata.yml b/kubernetes/11-suricata.yml index 5bdf9472f..df5e97054 100644 --- a/kubernetes/11-suricata.yml +++ b/kubernetes/11-suricata.yml @@ -16,7 +16,7 @@ spec: spec: containers: - name: suricata-offline-container - image: ghcr.io/mmguero-dev/malcolm/suricata:development + image: ghcr.io/idaholab/malcolm/suricata:24.03.1 imagePullPolicy: Always stdin: false tty: true @@ -55,7 +55,7 @@ spec: name: suricata-offline-custom-configs-volume initContainers: - name: suricata-offline-dirinit-container - image: ghcr.io/mmguero-dev/malcolm/dirinit:development + image: ghcr.io/idaholab/malcolm/dirinit:24.03.1 imagePullPolicy: Always stdin: false tty: true diff --git a/kubernetes/12-file-monitor.yml b/kubernetes/12-file-monitor.yml index 4925d67ba..bc55fb0e0 100644 --- a/kubernetes/12-file-monitor.yml +++ b/kubernetes/12-file-monitor.yml @@ -33,7 +33,7 @@ spec: spec: containers: - name: file-monitor-container - image: ghcr.io/mmguero-dev/malcolm/file-monitor:development + image: ghcr.io/idaholab/malcolm/file-monitor:24.03.1 imagePullPolicy: Always stdin: false tty: true @@ -83,7 +83,7 @@ spec: name: file-monitor-yara-rules-custom-volume initContainers: - name: file-monitor-live-dirinit-container - image: ghcr.io/mmguero-dev/malcolm/dirinit:development + image: ghcr.io/idaholab/malcolm/dirinit:24.03.1 imagePullPolicy: Always stdin: false tty: true diff --git a/kubernetes/13-filebeat.yml b/kubernetes/13-filebeat.yml index da45a94d1..c9eb11c99 100644 --- a/kubernetes/13-filebeat.yml +++ b/kubernetes/13-filebeat.yml @@ -33,7 +33,7 @@ spec: spec: containers: - name: filebeat-container - image: ghcr.io/mmguero-dev/malcolm/filebeat-oss:development + image: ghcr.io/idaholab/malcolm/filebeat-oss:24.03.1 imagePullPolicy: Always stdin: false tty: true @@ -83,7 +83,7 @@ spec: subPath: "nginx" initContainers: - name: filebeat-dirinit-container - image: ghcr.io/mmguero-dev/malcolm/dirinit:development + image: ghcr.io/idaholab/malcolm/dirinit:24.03.1 imagePullPolicy: Always stdin: false tty: true diff --git a/kubernetes/14-logstash.yml b/kubernetes/14-logstash.yml index 0cb84994b..ac26d7f2f 100644 --- a/kubernetes/14-logstash.yml +++ b/kubernetes/14-logstash.yml @@ -49,7 +49,7 @@ spec: # topologyKey: "kubernetes.io/hostname" containers: - name: logstash-container - image: ghcr.io/mmguero-dev/malcolm/logstash-oss:development + image: ghcr.io/idaholab/malcolm/logstash-oss:24.03.1 imagePullPolicy: Always stdin: false tty: true @@ -115,7 +115,7 @@ spec: subPath: "logstash" initContainers: - name: logstash-dirinit-container - image: ghcr.io/mmguero-dev/malcolm/dirinit:development + image: ghcr.io/idaholab/malcolm/dirinit:24.03.1 imagePullPolicy: Always stdin: false tty: true diff --git a/kubernetes/15-netbox-redis.yml b/kubernetes/15-netbox-redis.yml index 922f54f1d..e0056f3c8 100644 --- a/kubernetes/15-netbox-redis.yml +++ b/kubernetes/15-netbox-redis.yml @@ -30,7 +30,7 @@ spec: spec: containers: - name: netbox-redis-container - image: ghcr.io/mmguero-dev/malcolm/redis:development + image: ghcr.io/idaholab/malcolm/redis:24.03.1 imagePullPolicy: Always stdin: false tty: true @@ -83,7 +83,7 @@ spec: subPath: netbox/redis initContainers: - name: netbox-redis-dirinit-container - image: ghcr.io/mmguero-dev/malcolm/dirinit:development + image: ghcr.io/idaholab/malcolm/dirinit:24.03.1 imagePullPolicy: Always stdin: false tty: true diff --git a/kubernetes/16-netbox-redis-cache.yml b/kubernetes/16-netbox-redis-cache.yml index 0fef1bbf0..84dcffb87 100644 --- a/kubernetes/16-netbox-redis-cache.yml +++ b/kubernetes/16-netbox-redis-cache.yml @@ -30,7 +30,7 @@ spec: spec: containers: - name: netbox-redis-cache-container - image: ghcr.io/mmguero-dev/malcolm/redis:development + image: ghcr.io/idaholab/malcolm/redis:24.03.1 imagePullPolicy: Always stdin: false tty: true diff --git a/kubernetes/17-netbox-postgres.yml b/kubernetes/17-netbox-postgres.yml index 55a066358..587c4aa72 100644 --- a/kubernetes/17-netbox-postgres.yml +++ b/kubernetes/17-netbox-postgres.yml @@ -30,7 +30,7 @@ spec: spec: containers: - name: netbox-postgres-container - image: ghcr.io/mmguero-dev/malcolm/postgresql:development + image: ghcr.io/idaholab/malcolm/postgresql:24.03.1 imagePullPolicy: Always stdin: false tty: true @@ -74,7 +74,7 @@ spec: subPath: netbox/postgres initContainers: - name: netbox-postgres-dirinit-container - image: ghcr.io/mmguero-dev/malcolm/dirinit:development + image: ghcr.io/idaholab/malcolm/dirinit:24.03.1 imagePullPolicy: Always stdin: false tty: true diff --git a/kubernetes/18-netbox.yml b/kubernetes/18-netbox.yml index f81438018..6a3f4c8f6 100644 --- a/kubernetes/18-netbox.yml +++ b/kubernetes/18-netbox.yml @@ -36,7 +36,7 @@ spec: spec: containers: - name: netbox-container - image: ghcr.io/mmguero-dev/malcolm/netbox:development + image: ghcr.io/idaholab/malcolm/netbox:24.03.1 imagePullPolicy: Always stdin: false tty: true @@ -88,7 +88,7 @@ spec: subPath: netbox/media initContainers: - name: netbox-dirinit-container - image: ghcr.io/mmguero-dev/malcolm/dirinit:development + image: ghcr.io/idaholab/malcolm/dirinit:24.03.1 imagePullPolicy: Always stdin: false tty: true diff --git a/kubernetes/19-htadmin.yml b/kubernetes/19-htadmin.yml index de5293761..2a2015ce0 100644 --- a/kubernetes/19-htadmin.yml +++ b/kubernetes/19-htadmin.yml @@ -30,7 +30,7 @@ spec: spec: containers: - name: htadmin-container - image: ghcr.io/mmguero-dev/malcolm/htadmin:development + image: ghcr.io/idaholab/malcolm/htadmin:24.03.1 imagePullPolicy: Always stdin: false tty: true @@ -63,7 +63,7 @@ spec: subPath: "htadmin" initContainers: - name: htadmin-dirinit-container - image: ghcr.io/mmguero-dev/malcolm/dirinit:development + image: ghcr.io/idaholab/malcolm/dirinit:24.03.1 imagePullPolicy: Always stdin: false tty: true diff --git a/kubernetes/20-pcap-capture.yml b/kubernetes/20-pcap-capture.yml index 2e0f46fca..35a46368c 100644 --- a/kubernetes/20-pcap-capture.yml +++ b/kubernetes/20-pcap-capture.yml @@ -16,7 +16,7 @@ spec: spec: containers: - name: pcap-capture-container - image: ghcr.io/mmguero-dev/malcolm/pcap-capture:development + image: ghcr.io/idaholab/malcolm/pcap-capture:24.03.1 imagePullPolicy: Always stdin: false tty: true @@ -50,7 +50,7 @@ spec: subPath: "upload" initContainers: - name: pcap-capture-dirinit-container - image: ghcr.io/mmguero-dev/malcolm/dirinit:development + image: ghcr.io/idaholab/malcolm/dirinit:24.03.1 imagePullPolicy: Always stdin: false tty: true diff --git a/kubernetes/21-zeek-live.yml b/kubernetes/21-zeek-live.yml index 2575cfdc3..92984ceb0 100644 --- a/kubernetes/21-zeek-live.yml +++ b/kubernetes/21-zeek-live.yml @@ -16,7 +16,7 @@ spec: spec: containers: - name: zeek-live-container - image: ghcr.io/mmguero-dev/malcolm/zeek:development + image: ghcr.io/idaholab/malcolm/zeek:24.03.1 imagePullPolicy: Always stdin: false tty: true @@ -61,7 +61,7 @@ spec: subPath: "zeek/intel" initContainers: - name: zeek-live-dirinit-container - image: ghcr.io/mmguero-dev/malcolm/dirinit:development + image: ghcr.io/idaholab/malcolm/dirinit:24.03.1 imagePullPolicy: Always stdin: false tty: true diff --git a/kubernetes/22-suricata-live.yml b/kubernetes/22-suricata-live.yml index 3fbca4d03..2f1b95d57 100644 --- a/kubernetes/22-suricata-live.yml +++ b/kubernetes/22-suricata-live.yml @@ -16,7 +16,7 @@ spec: spec: containers: - name: suricata-live-container - image: ghcr.io/mmguero-dev/malcolm/suricata:development + image: ghcr.io/idaholab/malcolm/suricata:24.03.1 imagePullPolicy: Always stdin: false tty: true @@ -56,7 +56,7 @@ spec: name: suricata-live-custom-configs-volume initContainers: - name: suricata-live-dirinit-container - image: ghcr.io/mmguero-dev/malcolm/dirinit:development + image: ghcr.io/idaholab/malcolm/dirinit:24.03.1 imagePullPolicy: Always stdin: false tty: true diff --git a/kubernetes/23-arkime-live.yml b/kubernetes/23-arkime-live.yml index 79b4bc4d3..c3f30ec4c 100644 --- a/kubernetes/23-arkime-live.yml +++ b/kubernetes/23-arkime-live.yml @@ -16,7 +16,7 @@ spec: spec: containers: - name: arkime-live-container - image: ghcr.io/mmguero-dev/malcolm/arkime:development + image: ghcr.io/idaholab/malcolm/arkime:24.03.1 imagePullPolicy: Always stdin: false tty: true @@ -62,7 +62,7 @@ spec: name: arkime-live-pcap-volume initContainers: - name: arkime-live-dirinit-container - image: ghcr.io/mmguero-dev/malcolm/dirinit:development + image: ghcr.io/idaholab/malcolm/dirinit:24.03.1 imagePullPolicy: Always stdin: false tty: true diff --git a/kubernetes/24-freq.yml b/kubernetes/24-freq.yml index b9dc580df..465744da9 100644 --- a/kubernetes/24-freq.yml +++ b/kubernetes/24-freq.yml @@ -30,7 +30,7 @@ spec: spec: containers: - name: freq-container - image: ghcr.io/mmguero-dev/malcolm/freq:development + image: ghcr.io/idaholab/malcolm/freq:24.03.1 imagePullPolicy: Always stdin: false tty: true diff --git a/kubernetes/98-nginx-proxy.yml b/kubernetes/98-nginx-proxy.yml index 212c3eca9..44ecd11fb 100644 --- a/kubernetes/98-nginx-proxy.yml +++ b/kubernetes/98-nginx-proxy.yml @@ -39,7 +39,7 @@ spec: spec: containers: - name: nginx-proxy-container - image: ghcr.io/mmguero-dev/malcolm/nginx-proxy:development + image: ghcr.io/idaholab/malcolm/nginx-proxy:24.03.1 imagePullPolicy: Always stdin: false tty: true @@ -99,7 +99,7 @@ spec: subPath: "nginx" initContainers: - name: nginx-dirinit-container - image: ghcr.io/mmguero-dev/malcolm/dirinit:development + image: ghcr.io/idaholab/malcolm/dirinit:24.03.1 imagePullPolicy: Always stdin: false tty: true From eb5898871915d6b3f3d1ac35fdce39f78818a177 Mon Sep 17 00:00:00 2001 From: Seth Grover Date: Tue, 26 Mar 2024 15:23:51 -0600 Subject: [PATCH 78/79] fix comma that was added during merge --- .../third-party-environments/aws/ami/packer_vars.json.example | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/third-party-environments/aws/ami/packer_vars.json.example b/scripts/third-party-environments/aws/ami/packer_vars.json.example index 2aa366f62..a8313c604 100644 --- a/scripts/third-party-environments/aws/ami/packer_vars.json.example +++ b/scripts/third-party-environments/aws/ami/packer_vars.json.example @@ -3,7 +3,7 @@ "aws_secret_key": "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", "instance_type": "t2.micro", "malcolm_tag": "v24.03.1", - "malcolm_repo": "cisagov/Malcolm",, + "malcolm_repo": "cisagov/Malcolm", "malcolm_uid": "1000", "ssh_username": "ec2-user", "vpc_region": "us-east-1", From 8a18311afea9b24d5846876a89bdfadeb0b8c8b3 Mon Sep 17 00:00:00 2001 From: Seth Grover Date: Wed, 27 Mar 2024 09:39:14 -0600 Subject: [PATCH 79/79] fix for idaholab/Malcolm#266, Malcolm ISO should format bigger drives for index and artifact storage; fix directory permissions --- shared/bin/os-disk-config.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/shared/bin/os-disk-config.py b/shared/bin/os-disk-config.py index de3eac097..57ab4c8e0 100644 --- a/shared/bin/os-disk-config.py +++ b/shared/bin/os-disk-config.py @@ -82,7 +82,7 @@ MOUNT_DIRS: [MALCOLM_DB_DIR, MALCOLM_PCAP_DIR, MALCOLM_LOGS_DIR], FSTAB_FILE: "/etc/fstab", CRYPTTAB_FILE: "/etc/crypttab", - GROUP_OWNER: "docker", + GROUP_OWNER: 1000, USER_UID: 1000, DIR_PERMS: 0o750, SUBDIR_PERMS: 0o770,

    B+}yQ~TX|`tDuv&kK9&40CHUYWHjXHNN;&SV?L4o}Qis-Xs5&y{K^BXKCKt zdc2D|tbz|-woDyf@$jmZU(o0_b^lBCDIO5vKG(F)i<4)(Qx_B%4Zf7xZpEPf<6r(r z-`Tlz^v}R|O`iTbIiPd>4uMDGYWg%P|2Q_GSx}7)cPw0@e$VKFUxHYAdY^4OMXAq} zNz)gXTl5%g7d0fOO>|lNDZ4A`=WQ`}@|u-?eu?T@dpa5%)@9@hWr@EvCgGyg69 zV6}ef+#T}mKh}r$Pj&k$`4%^&W-jj#de6<$VAo4WZ)ek(<{NAL>a}34#2|N3ag98K z!*5i{-f8B2%}egTxZAC)$tv;4doPDKKE1Zw-(;t&yTP3L$5U%e>(=8|*NMHonwLk$ zF6m>sqmE^n{ne)Qa`h!cmLOI`R-#+-m`P`k4ekz^&+ZA zggik%-zC(bx0AQa?%SD{My*<}|GE8_-f6>kc1bRFNU@$7zs!GejC0m<%Z@!Ge&zDk zxh;zHzh!qd^!Q<^7<Oa74CQE^45>+&*@vQ+_CW6lhO4K zPEJi*)OmFKQ?6e(zd1QH^&9uWdm!KG!Hv1sQ>^#Comdk5)%(q%o8eu8#^2ldQ?c7+ z{+N>bBh=G}eoq*4z{az}cJK~ghoX(|tjDZK@_fPX?Y(QELuqjQ*eCm5><{n%W6Ljx zvf$dUWh1q4_5;5)G`5X6)wlf6l?kK$RKD}?oW2>h<$KeA zZX~5Ay(o@Y7*)2k?0xb4Yt65Pm&{nyp`x^;D7|6&milp#%P%@*w~pkmJWCGyeD1%H z&-RYnjXf`Iao|7Ndlf7@&ZqaR(Id83_w%LAeSU6po`1E!VQ9O-dJ8$%2iO0$xOKn5 zu8I+xeeZSo7T>MA{m_h<-Mc%le&RQ+<@Ki@x^?eo7I)Cf`0icPW5*E#pZRIm!80e* zZ(6fookncf{pk9TGPh$NZ(hIAZjaAsv-Yyr>Gw_Uz8xLw@^a9y&Az*)tCelI&W;=%!U)$b9HTn-#tyLp5`Wb)74^5M?Cw>(c=(Q05?Uv)nhzfN;M z^RMR)8M3Bka?F6-{4Z}_?Y|MTvTUa$}vV z{3rHR!x5Pq<9GbiJNeyQ=QK%|39r7@+&^b}NHW%~+>lxpiY*nohMc>sQ)%#e%6@=RMlDAufMu zkjOQ%Z9v_xv)6sBo68>_aM!QP-HGkj-H$R_+~yw#Np9zi6Xy$RnnhZ@>CvFeimcOZ z^4`1K?z(e6)U371?3w!-PJeE7{A}~-PwVeD-=0|W?t{DfT@(X`3^F{l?zv0bAA^!U z>FroJw3XFEx0}U!T|X}W*rP?u8)wc&Zj#ls^x5eiR{OqHKt&S)4 z>))(sqd~vC#Iw1zr~9l7!?Sz`B6^j%rx^YmRqO4|#LTYq%$8(s+8vnD>S#x!E7>0w zUH5LAv3vVNi-|*qI@G)PzVVVXQ)~u&h*2EF7&;@ts%iYCfX=*Cr-m!`iz~>C^7Z#=H5W zM>i=jx^%dI>n86`wN7~x82zQ^+=h0ZuV&4RZ|pK8OxAFu_|-XwZ7-jVuPC|S@>ink z@9e#bf}+*#sh!K3{=Kl{(1AaDcAL3q&?tkZ?&a5WGFBb48R(?gwJz*NSPRp4zJ`x> zh=2C%@H_I@92-8W)5iG1V|G0&W>0JK_SlRoPeaElijP(Jn_c9^fH zJKtniTHkFg?L8gbr53jR# zZ{K#ABk!~K#P#e4>)UR3S<^s2Xid5Ele?)a>h!D7dlgsGFKXC9svA5G zJvnc+%x?73>64eZ`IWiby$Ekml)AybsHL&8_k8o|`T2p{)vwY`7KDFQzA1b&>-6$o z7QJwtmwO}Ue8GD@!?oze%e$k*%5UdWd!;YEx~~1=OVO8hym}R;A9yGD?U7C`48mGn z&vL&up*MbHJKf}Kosad3ji%H+y{&;!gB`!$r%aj=YCgy4&6jSOj{NrCcnr6ysH4sX}Ba!2yI4k<3yoRe=^|a0Eg7gDv$=s59_?t6mD- zSAd1(L$4_1|9FX7Nxcs2jhBlTOg92YnwO}>3Ng-OxPT>B^@g&!shM76GodD?a%pN3 z?#!7Ev(u`SHOQo*lgtI4ys<#K5>9sVhJa$#CqU2PJ z*RS>Jwp3NiNyKTL>w#k<8$o3InhEDl(k!T?scE>!fd$z%2x?gmm9A`5y0WQ0p-xLS zTkK2EY2ME_RA-^C#{6KnrXD7}B@0e0?%SaLoLgC+Ut;}wyu8EZqR(fO7PqjpiQf{V`cV`g zS`h!(c7%CEp~>Lf0jK63eIgoE<8Y1FzkO3;myEsI^ZV@{bHnyklpfh^mBl~GxqWxvR(s5%=JkE} zI?KXCS`VLlg4=R>>z%11j;*ZtJ@mWih20^$d5a1s{`h7a65&+#w&>)c$!8r!t!4$3 zl%=^NqayUnh( zbL`~5Jc66GyowhzBdnw99euGnc6&#cf7+jJ5WwAgdi>hc?*I6$Eli&&SIo*$Pz&mNX*{P>7Ry}x_%`||dG_T07EV)BS9 zL6g=Dn>JuiSF5(Jah)XUP^Whn_Rcl*NU%EA?pwg8*4YWQJ~!R{>8@f-fz!7(JEK<{ z=Owwn-?nZ{$?cuf-#@he=Y3D-XFK1lOYO1SYJ|;zw8Wf$CT!YVvL-sZed5FGXBTu{ zb|ClOsa74m=6Lx{+PwLsZRV5Oqxq6p?{yD0``P)nJRG*wGU;jb=gHQy;c?|QvE}JFmUPf2jMS+S}IEkr&5OuG}Cjim0C(PM_Skp z2#~<+kS}SITq$uS^oCsF{0Ds1Z&Av%HnDA-Of7dc)06m0m6kX}sIrulSiS1MaYu8| z2WpUlZ}QdDE(O2jTXiMJm2kicp@hK6xAGpwNUBn(@1U_T9!GM>G{Xs+CC61&B{Fo2e5>xk9#?k_M*~}uujZZ{G9_PJ8KMa}%rE&?-ZT-(aamQXTm-?3 z6zcPX%=G%|8EzYFhT}3?;{S39_#j_WZ1`*m4(1?Vq0Zs6r5yT)ujVEW$IzUQpfz4rsA|c^(;4PUT_sR zj_PN)4JU_Z)pG z@uBYSr!U+1Qg=7uvMD)NiDJnS$1n+6K#OmgQo#_J$TS|XHjzqw0rR$c*d6Q0G^R+c zo(`CvjpU}F^40riQ#UJDJ|__twplaHv6w@(+ChM$-i9?*ppV71cAA-E35@-~-5E=;uG)E2LTF|BVSEE*NqMfEf43{lFKp7<37 zVPZhr3zG={YOduXO@VQSwvIt_0z)iiGHr&T#%2bZ>Ge*{LuI3dqpX5(ZI>D`!%Xjk z9?ty}r4oWJ`uZFvkjh)jB{nKCXURzvHpD)1G8<$+EIFCjMj=ye^EcBIt1V}l=_RV; zAd1Fn9>qJg5lcZWR^i7Zlr~~?9%lgB5PyIZOKn7)T-_P6j?#y0Noz9oCtRL~T^Fkl zBWST8YwZsH2m~Za?HgjIH(sxwR3zcV94A(AqV6KOl}KdOMXPJ`X8ZUWir_~`4Mo)- zoWv!Q$Si#=fpJPDJR^}@{dNup$_K`Vd@KXWJ>erI>xg`+F-|2V2Z6B|iB%~~qTT3)&R!WH5 zL1QWr489IVPTiyEP@j~glX7Bm93c4^RSk|9AWp8-n@2jvHYO9xF-3&})%3uKRwti7 zm_!BD?IF~`2v{tasEF@E(L*?7AyXK}9(C*x>R{_vDU_IgTJ*wza60vZPNq;7>h?vT z$1rKvArgsIDy#z?49Cu??dOw0V&oxFN+rnIXz?Ku5saPO5~V^x6x5&o3GGXWe*A-x zvI+&se$bdwQ8ghe2T3R_V zi1+!YK9p67lq5bOAHHhT$!gVIYGM^RW0QQe=#=E#QyK#ug^`9OB64^mOGi#w)WUdh zgUlE^48V{^(F4Hn4IgeJGPKx{~v;a?o5WmhC zBc`O6A4~->5?itrvddp8$CJ_v`c5TW1yz)1FwZdfI3fl!!2i~(in z6wv?7a7uYJOActI3qvyOY*ol4I+9T+Iac9Fl@bYSy?{xH14Olfxg`OEg8Zx2Hkp?) zW>yo7q$#Mv=o_o?Wg;==KTSt4mO&X#Sl7aM!Os9FB|*1#BLpLd^imj>qK=|bsN}ll zL?ULj9ww%eokuc`R|rW8twuNrlvkBut&|MhE2)s^(5B-QVpgeeoCqlidW<>Z){ql_ zwabbm3alq!ME+Hch=_fr3ya{LLGMw8MRJ%Uj=^MN{KN^f-envnmku4Yt(K&P@rMQw z>nIge$VfpX$G!!-N(jb^8Vtfoq?uM?DUv*ymJ~$5cqu)eBB94@!zvZ5A}vA@!Nhcr zIYQiyvdc^aNukMk*fT9GQgl>=$vwgJtXi!QeyEZIDULGot1sB02mynh=m~>Q+1!iP)?*ux=z5|2nLXwAnm`2Z}Fff#4fFV~%+XI4e5+zSf z5P%pvdM;q-u$*WW3``D-N=-~)oK%5LMv56IV77D69ja=bQtAI;RwA!Ohd96xoY3J3 zhZEtIDn>HEVA!ZJ1|9j2W(EwyX{I~O!*hWc>7H;ZY@X8I5Xa#}eu#|f9h8hpLC=07 zeuap3Km<%e+Y&5I6*3%3%KszlRfSQZ8$omT{Fy(Nl2@2LMKBkOgBt0T7PgH4-kgePeoh&3Z)WmlP*Tv z17S!oLufkq*_hc?nBf0m+yPc5zA(heYH|T(| zlZ)sNI;aF4<_F1bl23K#;Km(kIR01D|^ZBY{|MpC>KMtmAwOv2~|Vih&6 zww9!c?bQq?`d=k}fb0ww%q-hGu|fhzhhYX7ok!D{ZIbBLW?BlHNOgpV_z6fyvl>5u z(f#00B%z+y6ENMvNJ3Yu(W+E3CJ1fc zi8&UwHz_F~4^bI}Q2rnEBO@*lGL{W_P`LPX!x#~GC5)&MflJArly<{->`6h1U&NEl zIfj#7I!c8K^FtRS&wOcDNa&D2WifdE^pJp#1co|vVvc7kL|%_+7*Qc{;+Vp4UzquU zOe21^T8ED0_t~<_YROdje<%z+szZp(C(E@`LH4L=DJZdnphE}iNz(~KN2m2TUW}bs zVZ&d0oCwA^ibM)bdKE*51PvY2Yq09{nkKd&Lo8w4Zw0Ig$$x711cWMumUSYAh&(HY zDa_D;9ag6+fN85%O<5HZ2TWNBQuI~&qtgFF3t}1Lh6%Hp@r;4V*}z1=SXB*2kF^^l zC95;Hcn~6lWH^*cSz|&9Bi`1fW85p0!@dYT3B@ojOjex}lPwrT(SrX`t%6Y)E-&2( zA!H|#5)K37HNj(IBW6x$m`=R_!Z-34XZf#AB+xADy7h^x^#@=iTdDw z&}9XTY-DOpbP319<}kV%+8f!JstKZ*!N8(E?7HHyS^;sER+FhFe%F@Gg6;S%X$j_AGn6c#WV~} zt?ek1rHFIKx?g=o2J1i#GkpiYZ0)3WF ziC~?@5DOEG$iGtjWIQE|<0*)XS$4pX=wjvv!RVwEQl;1qX98CN)7B|yAB0HnFzz>D zh7C*vIwmY97`9BP-U%2J5g}4U2uL$cFdhyhT^Qb|@PLEXG9k>cd$`aO(3td`0fs5e zHiG^!VH|Rf@=B)!{jU_i05a|s))yQ_TK5xXpz0Z>Wjeki%Hl}?dM*$Qxm&HW@c-bR zBEg^yR$`1vg~1U?83qY67$~g@Q5JMa{jwMyPhgnF1B1x_F&wHSA~7pgU~HrVZAA9a z=|%{~WWHb#p#$j75vEm@X1m(|10m9~G$FxY;HgGX7)fnrj0qj%c%m$lX)J@l=tLFI zK~yBtry3D3Mybe|4#rJCxRrfv3jTq2{Z82DNLYa!g65PWu~P- zu&S`DO6kdY5oAbdB;k=DY^&4D4(b;cnjT|dDs0$N%z!~e?`*@MV>BV25akeW)BYbR z%fx%MJ zk|AYHbaFl2MpH;YVepHEd_!x8jj@fRgAv?4Bj_W z7MVymnW&HU|6pI3h6y3dAU0Q-T`}wy0%M$3Y~x{fgpmxvw3QU`|IjM-mvlsfpFgKD zflh1eh`|B|^Ull78k||lbY^{K*#v=z>s~VC!v5b zlEI3DJrL^qq`a=v#_G!VE%J3L|vF565fi0ASdLrL8By=>25)f5>_vxMm0m z#z+BluqCt<2s7|JX=Vr=Gn^y?&E^dR4Dlyj80ltghw5TFbePoDR;+pp7x4x&#w7G) z>;XiIG_R(^)&8FVN|>?3bG#g5-{Dikk!2Xf3mn25Dq7+vl3_ER7$X^cckRycWZ>j@ z074toU`#R+PdPv>P=&Ey1&lG<^%^+b04@J;z5IO}<8yFOZXH5Hq$X1Y@Ho7qO zN3n5DV+eZL3>ji$L~(4xaO$e&R+axJG_2EO$cxe6NC+Z<%}5K6dLk*yFay=YXiPAJ zBssm@dBP#4KU0{PRHnyxj*`uI!r?+s7%AZ0QRe9w;^1QrGW8J&V*j0P7!NJ7J{-i4 z=!fYs84@N0S0M6acejCI!-eS_o*ITnS=nx-|3@YW_K#_12qEJ{phCRB#fTc1@V=S$ z?8j3QNR(6c;bB6&XUt4Y9*H^D%o1jh*JcaDt=6d!3XQ=~7>`7-WwAX%k2{!wE6eQv z3Lum1fU<=L!W2d$I!lbuF|j|&BArXm52Qr2pPZ=l|B&EC2At-a6t3Q2kqyRbS)~C?jf>A>M{ErHC_ir$(bt{B}$_@!q8|)Y(UV{tBb_7d| zbWYp<10m~jK{5z`bP6Nip(7b=)aytFX<8leLzig{6Y>AZ?i8GNhC^(!>5Ls_u+ETR zXG=$dP|G?!#-!Gfpo-&lH;$lsbSp&mN{2zj8*J||a5_Ck)bMX*1cL{-X%!=r)>gXG}{ zR&gN@&pu6o`ef`ARRojrjD05{n_wUq;$C`wAYfzD^H}Z3uQ3x77`Bvk%2qwfU+w>) zF#I}ZreniO*RKOc`*4sTLIx&Q1O~InHcZmP)X?!L3>S`FP6T5-Swe>g`(klG7$_R#4ZI}A=EdsBH%*ckqDMffkQ}iuxdBG%Ksz& z2Lb{eLN*ZrIx@^G9n_u3spl=Yaz?pF6Wa(wu3vMYKV!5N-!O2;wuy=NHaTdw#6*7A#dx^8m zN!G{k|0l7;JA+O^lO3n}O!g0+6JTj8mN_DyB6V~?TqAMB2As1KB3pYGCy5J(O9ux- dynh!QGI4f@@bVqz7qTyMsbR;C&TcM-{|AyfDI|So z%JcU}=M;LJD3#dHspTE`nAp}E=prmX`ZhxBCdi(aTHe{B%97nx>(ZKuR)6w&A%=%G z?hH@+J3H7{h%OhV*P8?D*j#9W5jaA^z&i*y6{y#cnRCa2>UfWaFDZ`319=T$5|bfy z7*)Vzh8JbBa|~-R^2U`eyYhz+Qbj^SX(Rh%d!r%WYM5L{hc8xqZ^tj`579L0urUm3(O#ic-V{}To< zo9L6F5{|eO-CA)zxm#Ve(3iIDWEvYOO^^gpu=P{B!#_k<$sq$Ao{Q4(<+>2B;~`KA+tQmjf6Vyk4FcOrK%Kq5JVp2i&SRCaa@;L9 zhajVH1!Fl5&JUZ#@r2oRN)N)FK*|J?JjgmRU~SW<5Xtg8V(}C)xoV2?m&g0E{kH$g zchRpI3?ONU--qY>i-K67Fsv^OxO`r%4zp+!L-mrtlr#Z`Ww=O9Gr}PhN&Uy`p$K!} zCdD*Ryi6>rL7ZoqR@F}@1Hv2$lql{sxP&vtid8WQs=Aqrj3@@{K8hB1l*kEV z89;;*VYmRg+dMZv=jgt-S^c>v)PGAxd7}prP`7VH@iBC&rOh*Y~WV5yCFW%C5K|Ncz zVIQ*{_!Y;*08gQApne=uK_J@2A@P z2{J&MJrpupm>u1x{CO0`U8+>qT3k>TR8M&LBTd7cD_*Zesj7_8$xe8k@(g1c_X8_^ zO_3K|9BWR^tw)V19M}{Vi)eDziVrJ3s$IsSR;QV!cU-k#=1A66(ap-VxUDXXQ;D}K zO!tv;i+fF_DeW!lX(tJ65lxvM@}>vV*AHM=SdOjP=w0N{kb><*JEBaAEFwx97w0Tb zaIHlHqV8+v+Yt*y0-6Ut6=v>{xMh3?~TX(GKt)OJ1 ztg5Ce##lT{-E6Z0=#1?xq?q1-q5b7ws&tHy*Z-bOtorO7RYP~$(i=RTh@vHp1VnsrRzBqJtAa=w(_Os{{;HR+j1_yV23S5kE4D@sm&vD##G!Ah(PQ&>De0U47j?A>09- zzTgulZl3%14u#@==R|4Y6Jv23oR5(!Q%O-BRgk;_r{2N>**@%w;dhnvrvLtd_F!5{TWE(s z#b6*{Ah0*Gf@Wl5VE7*n_dj}QM#j8^Rro*jO?tUr&VVB^#GNndX1w~+s>+p1aKd}( z_-k-F6Qst>W3u25s0>*@{ue7=pBoPzOcTkUN-oz+70TxM@2;;hC|L`T(^8ibTCB|2 z_r9>xEBmfIJ{G`De!||`o_oQCk;SgtlZf9Z6Md6x@ATG0&dj^<+oz#swg*RY=Xzcs zZMRS_*T5fX%G*m3UHcl;Z367vY? zPwbyDUU(oT3*nsZ{-MW19wNA8v2bCIaRZJJKhSv9zV7e#uI_6-U7V5KCJ;u0D8eko z^<*~SdRbxrhm$$&D}wN|ih@KfD&H4y;VhVPb^zj#W!~7QS9(in5#tr?ljrVE9 zH_>F2oQ?bdh`8|rV#AbpMnzE)U7B{XBqH7irZdh+dzo+a`fHnSG17>l8C;k|4M9wl zCP2i77)9>qncWy~SsLhRda$yV*3p!N#RfCQLl>@--Y63~9=bAGumZRCxO}{mmks9n znwwx|w$U5&KD4Qd!eahiql{QNb^${fgL_;~tkrpMr(QIg{2w{Ku^cAa<)A$Q#B&wM z(l2mjm#PAW48DIriG32qq&LI*OMb*?7J$%M%d^ADA}Y00=O$mzh?CY$mxIYH6_~4H zYnoOpIq-%I#3A0*>0zJP-(LH|1rzHkYF1E;$iBX!gP4re`~ZY@D7U4$_^bt1*{Vx4 zWA6%BJHqU?859Y@%z|Z?VK6=#m&}-2$){}I(4>HR=ZVN)2YSgiOazoA6y2FE2cT-_ zBo@tzbg)TYMpC^KIF&77nO}WUUUlAYi1e*hnhhyONjT_g#tCvtbF4dYQMFOLEGZ4_ zSU+sxB;d==TT=EM+BNdJ;{91BnGKbYM(lX!xWP$uHh`N zRAZxL$)rVz4%|LGv04fSIb-zT3%Dg3KiOdMPdkc!RWx>}Y%p%D^H)QXm-gyii$508 zSK5GOIZ^n`Dp#4hL-psVj$YA3_l?L7)*5uhGSK!qm`Z#w&0)QPdJPK%M20MpLhkK4jFC20&gOSQg7A zhxwd3F3Y6I7EYi-;R#HAMFk*VJ!KF>o9jxx3-}O<2Aya=fZYxqm<_MTnaE(;mW1IE~kcq#8ms#l{_nSD-B1*0s76>`fu|LZ?Ys4 z{NhlpicSyJc92v4JDqlWZD5=i#T|*YUlw<45txjc~+PXu6ycg~m#Md$I)7P(O zN~ZtC#UX4wI2XHdd?lj}zW5Woffx;r*x#CJI7c{JEaQ*6C6Jge*^dueU{4`{L&=)A z=Y|jP2&(1$-J!7Gq;o4cCdhRB9SBcx-oI-k$_=Jrw<~-*#ltkead6< zIy`Vu&WGXdcc+&(?07$rb4Pag@$JZw8@6?)ATyvmE2r$A_jgPVEEH{=zqFrO-ish- zNkmB84E_6nIOm=)!=33tqC<{ouNmJZnSDAv&nDFjkDO~=LnhhYrm;>~Po>mTXY~S7 zl%X8;6m~>)MC7P@XlwON)&gJ;s3ey`G|3$THRZMw9{=b0?`9!}`a|J;a@3T+t~M)g z#Ac#;>2!Iv`!gU051DenJl)GuhD3bWr27z?z4a_7GpM_8x0%2nA+%lX zjXNkSyL@2-vreTBv&flswIl|_`$ESHeqJ!pGFmrsXu2^pqz?%^O#$#Ed>D`DM`J)B zf?r`y8V;)lALmrIVXhY57)PVtuAC{Fx`U6%!&qi>Hab-hYl|hhiFLFz*ks!>NlAQD z8Q(mu(xLN%MxR3dK`g|)|2u%625Qnih@Zlln&~E#LbkjvTecWTM_WZ@-t7ibPE3OX}OEpEbz_r+6y>n2)Th`<0Pw-=IxE1q0p;i&-g{xy9?F+dy_}QIyI8=otG3v zHD>_1*Ql~Hg;|Ki`>0iyWMLw)>-B3&snt@O;{d8H4XsDO=GQ8+b$;L$yMkDrS*m>H zp@j1@5@BqG1Rn*hP~pa2dlXwvHpG0%6r-1V=!GOJ`Dc1fE*LN$x7Peh;!?-*BErcw zr}cJwrd74KQv|Wq^!^oLd$Y>ho`0PJqm}rsavyVv@?M#2p+Rqia3xeSgKj(&DJZ_( zxx0f*;mX3k-~<_xwLKhsN>0HOIli z`G2z&Q<|biCr#Rx9|&a_kq<~4kq>AQ0)PP4{2dMw*rraErOg)ZSmAk@jW%!xeTEd! zCk!vTs5MdB1ingiLb%uM$t+9-b+~n3rywL5A}E4m3QJI3YL9Sug+Em0et7psHR4?pP7`sP>S?{=nE-m*R0|1w|$7(EIr>YY@CDCxO8Qw2xT^%WS5zY=C47l~c z5>i+cC0CFvuA90$9FkcV9ECi5^kgyX^ud}*Wzf1tu+YUI6(NSre^yI^ zAhX)+lDriX+`hY3p= zW4-AcL0UsWV@b5zhyMHmz+?*+mWS0=UXuCnzd!(18dX0Uar9?$o@+ofS4WbW+!7k2 zyN{yWCSuctN_p@U>o#RWW`ZO2^n5m zs(0+re6~8#G)KC#6dtc}u+!Zphj%6_Z$0(Yh>W%r|0F-}jttOz+_mLINNlunzspJg z-T>1-?Nw2eU!`ku4PBoR8QuG;P_XB9`nd+A*6g_tck&!uhfdChlSh z+or_i4_I#RvMYFb$ka!=!SG#LNRh~?0@`DlQyt)x_bWDb+W*$B{Ou%ubqmW5?dT%T z%e`fU@^&o&NhH?GWVSw3k=D01JRbh*H4x@QozOx^yh;B#pyp>Ooj|G5bB z@m5LrH_SeGpFq}kY!1@#y4HqPQGI7e!_Ry#yW|uBlbl~C%w4Gs7^>|$tk|`%$BTl^xuG`QSiqdc5-x6o)(Du14AI z)Y&=5f3fOp&9L{vx?}X^Gy%l8IqA`7W94(WIPu~ASm8v0u>_+TDWGKV4;}&grJzla zOFLbPMkPE%#A|=!G!!@ut-RG#5;}_#+CR&Nd_u~5^LAmsEZcnpOHkv9BwG8)X~31n zuo5nxU8f=#z*WE`u_c}&440Oq%)^iSEky=2Y=?t890wn9V_1nqF+8aY4PJmc$aj@R zD~4&GU1@DOmjUBRFc7Y`b5npM=8iO*hD6abwuh;ElY;bIm^kdlR5*`Q(Nj9GF4P)` z!m0*90MrR?;zNcE1?gMlZ^OO_t_iczbWOfD!e!&AOgF;o!SbBN~JmwbkH++Vy*F?BSD2H7;>kHW3O?OBX)Bze`M7C;&S5CMk;Gz|p?S zje%BBe&6zQ``q&Emh0eEK6wFG(U&!f{9UaHeYu$#xR1-R(!?7NJ>K1#(SPZ)G-9UG zkcQI4uyB9h9|1oNPsN0RjjNYH#j*O!VHy0AV-_n94~7f|4$VOYju1f&MffuII{)sE z;2}`NFvpLf*aMGFcw~*Mhqf4(4`3Pm`24Qn$8P;_pghYM#RLPP6}TlNFvmT<8%!~i z{!lszzKuo}sAHysl81uBG3MJkI}E#dSRq9H1hrcXr2}$g^#rhU>w($4(>eE9>2V5d zK(QY1cmHfCu;DK^ghB^b|TIi@j}UM_>9A|AI^AQ!USLji7n-k-Xr4;wgE@g zt`+3^sTwpObij6xn(k;E)yMmWsBzLYRpYKgBxjI7!^_jc;VvAz#2`hP*J3oiaVP3> zm>$$ANdzX(24h#~E)5c~pJE0d8YxD}is}%Y1_O+GB%=3B{(9d`vx=5C!0UyzPk1F) zCAE*20c5Wt&NI!qbx5^f5>U5wtO)T*HiZflDVmLF15hv56f2)5Y_Qc=GGz}3^AysQ z6EAmc9qpXLrk6=E-7zc(>_7g@|3dipi!$nU^E=7& ziTmGplM(2(19T^($-$*8XBW5oQg#hA)qa<019+~Cse4Mm9py$y!!{jMla-)PTGbm3 z_nf}fD$7lNY$@~Un`+e-O4Mtg?pxj1)B&^8wo38)i!;)Rxn>T+^lV?O!P!k!H_}FJ zkuT^crDqV6eJac6AHK+~Bo1k}^kBN%GRWzzS&C$t-1js)yyC@tM8~k6(bGIp=~^G|vLWnk5N~ zL>|tqptg-w5EE6!ySqft&?CFM?x|=blp|b(qm^r_MEU0MnB}_7!Nt-YH>A;&qNa+s zWFFlP9Cr;eFVZO`I<$rcs3<`^SZorJV@Q$GZcb8SX_VMJ(@g%N3^{5qUg_v%JQY?6 zEM24Mk5AwhwkZ^jQyf4D6pjN320S20JPtQi+qx$dtN7X$gUt`(20Fz4_$ZF6&8wYf zfGHwFHPWDqiYFzWv6C26b?9D1LtN6~rpOq>GlNU2Qxw3-m{;vFQGa88ub-NM(hWmb zKjU;9?+*NCZP)V$R}Q@;4Cx^g>=25h5uGlQn7%uM6#AQMXSu{f1VaH-O+435aU=;Q z%B;|WNr>b?yHxYzV{4VXl!|E-lC<@q=49}0y-fBHYhPt?j5|bQ62G+G z6qV^+)9SXU|G=Y7zO_@AvJAV->4F@+hWD`q`yN~OR`S_`Yh|M>R4b1Q3jb+w&$en< zXGG=kRH;{euFznlYeNUnma=y_lNEG4k9n~VHx^j|(Nss1I==;VylW4Nb4DBxuf`bL zxV5sEBp0#JmZMT+{;ISwcH~uZVTuB*GMi>s;QJ}NWHliwf4VckrK>%&;L_AIqvExr zT4eNCZ&-h7i4#rwb@?G9ZoRZwfy7HFbn0xZwaj-U@XjvvJd6Q)ohK0BVqMTuXS|1v zOoJrB$G3_~u?wraVU1Ni4bb&#w_WKwESJ+UFho8XyXR+^;Nkf1T9HRU;eD-5&p7ya z{}Pylml1}p?&DsbUpZM4b29(QkpBz!d6Y(Cs4c;GkOE*2Iw|kI$AjT;rlG52CA87C z3~^bY2ymAIexND-it!6Y?!SXvJp>UV64wI*<6H=Qt0M{=*D<34{cPrcE&hUH3tzReBf+HhXky-bu**}(ha z?vD6mnAx(FnZZc9^!@!=LYZ*x*8DAxSUi`cD>0HjLl@cu{@U+*>*r_I_ip{-~%j0Zc z;=lbtTH2S6xOD-rN5(I6D3zO%6ja=rBx{%!7Yl1$mM!J&I9>AT5T5Ny z6(LfWIl~qd+yc}Q54Fn4dqef{x(k$Y}859}inCBLsn7d+K5SR>78O$c^4KX)R_{R0I$QX1u ziL@F#ya5c{{$SdZ1v{!dVxIGjF_^rc!}vC$0z zb0jF*HrkxR<}-zjG*yK`)2UmQJ9Agn92oRINoX!oF(~&9+8NQ>3zLPy$_7)nnW9y~ zNBNnv?+vEN+tsgLS~5M4=ypARL+q7$=ma#QC4iG*CJONzngJ@#?sw6eJ)*}e;*_;s z(KxPa%W=kYK{Th-_+pV9*owLEze}vvJVUE~^yBWtVJ%1bMfpW$&%9VJM9M8&vt9;^ zw_Gi~;bIhFozg|9SIyRSwcO8Vf6%!Lhq38aP5iOuS64A|&_s&P3`M!cd0dp{(lYWmQCG1xIwyQiWO)GJB&gn3JAn8JNAA%!lbwV z`8zI!hFR8P?YALDO zibMgNcAv+$tS6G;;Z*4H4v7NSCoFQ%`=w~SE5^;tR)B{8G#a#qOnHYmICpUJR~I=$ z1^h;+Niu2OB!4x>4xdjV=B(tlGDf~6X3GWU9g+-us5iq@ZjCquxwU58*pwk3;9WB? za3u)SA($FoK%r#{Mz|H^k(xU8wBL(pf@=Uwh%u~*veCq)taQB=Gahq0P+IRJW>>aj z)?-(o*o*`%MA@Dtq)asW3}nR(!b<4YY*XFT5_`~Ro57o@Z3h>7%J(%|gGV=@ObZE^zlyO_Jp(C1A8S;H$df$Wf}l| z9!&f{Za0#rE@2hE!XJ0M-B{Ayg~b#+iU?{jk9hQb&H|96+e-9PdD91-c~E?M<$L;4{D=I zPK!pIFHz^0z}y!6t!6uh;@iC1X)CO)#XW-7^VEsH%fIz)F&etHp*nv;9cfqZI! zsnX-IYlpRUTqxXC-!$BOO!10CzwS;NdF}UB&yAzA%%TNudCEjtCvzpq=z+h2u!Tt2 zC2MpXCt4z2e^Yki4HoM;U_) zuc*}OMW~wBB*@zUxCge;oQ-p#wbPuXK{Xb{sUEOsQhNRA+f`lIh1dK0Hf~Co14$0W@ z4m*UhMknMWmW()dFZ%cbIv0VLd>@dE!o%tgk5wRE;zBW1#>evQMIp%OL2t{DS<>Sz zcr8LfCv}w&*GM^jBvk}#c0|cRyHoZoIYE?k;3zY#mOp@qFc6e_9&6Uc&ieirAnX>t z82|Gay2xw*yR46id?d6h; z{qS;P<$;-MotWOtMaXe<>V;C&-$({26Hjs_Ij{>F?sTU~H<()kFE1MJ@r%{OO{dP5 zjx-NrCklXY9J)>FK*?>(sHl6J1}~NxSnYdv0Ii#Hwr>sPhJ4U^;s=lxZ@}}hNH^#H ziFkEMdvjQ`N!q#Q^XfMn#GF}ED6&IUni?~G%5$hLGI!TBK592rtQ%_;JYW@vbiIXf z_APQ+he@9G)xnk+_4%-MytN_0s(Z;q-Mt3GDGFePHq+8*@TJmX_-0X8FoM{pX25Bb z?6p*6tGT4+&RsQW+@f$Nu;e;*U2~M#fl)lVxhq zej7V93Rgia64i5|`nL^+;Uv~0-XRa;XNKJUVBIf5ZT(P-39$JGq8-~A_rIJXZRZ~t zG%yQe+QmOGQNaHl?9D_kaG2nUGD||J=c5mqP`n=E&U+mRf-3$=7{I##py>P zdfN_{H1ls>pMUc)e|yv#u+zv>;MT=ed81}W*fqW2%y_xGc! zr^5^VhwOWa|4m!)AmhqXm*C5fKmN4k>FZaw29qPybK39T~{<4_AIlHKXa zj}k&(T*`!IxejA1GD1-~&QkQ6P4bcsq@m+T^augmfELee*oC^;i$KeCy+O!wITqkA z7XIkZ^%{7ae&)FED^9ocP}d05Wmn5q`l0^3^2{?!+Kx6x#S+O$KvV?an|FYZmK|i! z+N=-L?iJo8OU!OK(~C_ryN*+#Fo1+qSJIaR`#fb?^&DodB~yX?7ss_zF>FO%D2)i% z3OJ{q^l>pent9H!nNkFGC1>Jpq8f23qH)QTV@W@}eTEa8WW4@>6M#F5`>#4cYuEwL zeVe&|qYJk%-OkxX4kZ!5U1`iISDb54sIMkJ)pl25LE z+le8{YnbMLXTEMD%j#i`cIZM-%9S$Y+vw~(3N6J2=IFbyYS|lbtS%j3k_(iT; z>@sH0!eoP-N35^AyMd%r=Z~q@P3Ou>9p_M9y<{^aVQ)>L1(h-`PJ${J=%gMwm5KTq z)vWXfkQDhd)ZMEA5oP;3+a1iS*GD>Pd2$6J=8r)-&{)8?%F)_Z|(touB7 zb<~&+p`4!cc)C_aY3|gq2g3!)AdM^phNv$ z^HkpA4Ph%>rz^9&>>OXvf@?aaWv8xQxOGoi%)pd967;eRQKD z(lLytj^@_5RnRqT@{7KyJXQlyN891)+iXUi^_09p33skN-TCR?_*E@ z_v3h$v*T%P$&FY`zjdrSiC)|NJ8cK>0FVcKEd9HW%+tj|cuQ@9I16Lp_zp|!`|^3@ z)Mv7j+tm$(Ih*_S_;-@TA687q_j_`u@8k7CPxl!2vT`(c-x-YYcDi*HxJr({E#7sy zr+|{k@qEQHh)4t&MV?&{ zoiFCWG@Re(`(*!}_)^DT$I@@VRJ~;#PP;!qJHp{-gVlH6$9fyJbR5QPzw0yGwguFW z-N8<$xjfMEVro44Nc$ilcU$@psFuIxzU3$O7)|emUXPu~cg7j(aYnqDy^Gl^E_io2 zp5PC7fBzEe1-mN76~jf`b}#_8Wc+x4-Sm8-(v()8I`y3B&M>D)A^LuJJyvv`aDTZ0 zT@QeNq0b%1tj7-j5EL%v-hcbDk4kDA+A(!s&whQigie`Co5q|zW%R7gW*VExCTcsn_khh^P(A9}i=KtsZ`A`6`03{re9!@&1 zT#+WsYj&V~ANh1jb0aa)9s8Y^@CKh#fLoQ+g#ug(|j zE)EB0@zc9N_$8fcjHU?`D(wm8&#&H5hs^6AY@^?~xBGWgNvqNh#=K@i{G zne?PgYdO3 z|5UO$J_a^V7$S(C$Jo^QmW!g7$*sBWJ?ex;4D;_%V{5t;eb?D?ZFJVQh8M$q#+(kD z4EbtAaQ|jEoxUQ0YE+OfRJw*ilg+Bynd-bh9U+bGN-EQ19cGcm9|r^jxD%l$uzh&= z1On<^WzkA!uALTuIt^`;P(JkH7q^9tHd9iqR})#GC$GZemEku!Z)|a-I9=`3t33zx zefa&~!Gd2i_vlcC*|TG#o!E{)pgQ7c1hJ9&Y{goU#nM8+;@$vNlbSM6u5uwN)AxkL z-3Wc0F4&jcZJ?__z<1E(foCMh z)sk2yw_-EZ4zy~splz?PuzyrdCUHW^O?%|#1jm7M1w^R{qYp3TJRDyzxstyCkx-vW zx3$cq0(uUr?SzCP1gEA0PDN1?DXzSK-+`?VVBmz9ju4m|6BW*`-e`VorPzrAIfoTL z3^j#?%b}IFtqqO@P?gpq4OdBgC*?2}qIgMZe)0&j$Q%&J1Yd|^?+nkj3$a0?P4Ma; zR(EoCQi35+NkDa+$Uxt8-8)}zU3Hssx2L4 zqGO_9CvW?6u92xqeGz6V^a;EtD#Ehpc4I_^7bbY2d4)HhnG_}y>+MJkrVtlZi17OW zR}HUdG6*KsIqQtCoPbvW#Sa@iDr{@vQMf~8d{~i?YHUUQ$r6UT$!nPC^JWW;kPj zVaZz2uWfubVol{k8LAZd0;gujnM(~Dv%wH%DJ)RXMqxa^{>Q3Zbcr&;9UzUM^kz(( zWdm^}QhNm>o*QD9_}#y0#s{%_&(s>P3V$l%XoD(E@v9US+HqQM7*vG*6v*iA73+lv zP)3l#+OwR*hXHqWjPNk5GJ!qs7sIi}5CA$)h7^+MW3GpAfh-nI?Q^2Uxpu2&5!dLT zaK)_J6^c1AASV)CQ&j8c#VS_Ufdd|}5={rY4+U;WsRx!{I&87nY%xgl*8?X4z>H&N zCJ{t++h7O_swX6Ap;U?+S|emnh7|aRI$4a-43rRFs`p=KFbSBzv>^A_qQ-QAb+Fqt zJ!H)sS+?f6pSm*jH-+ThyqWCDC;j9t3eAy#X`(AeC+iHIRHCz0`v9X{a z{2z`q>9}^KxX5_(mBtd(=0duVrO!%bh#z9ZP=$r6CHzKBglpkY<12*?BRd+xz!K?- ziV%}lA*(^5{o^@;KoZ1UlFP@U`tIRw1sp`lR-puL_c%cZan$sn@e!o~uSxPt$pUsb zELAUX^}sU|y-gN~j+~Ea_y*umfKb|^WJL1g)Kwz%Rh zysnv|1aO}Ch33_IMvD`&-WQEJA~l}D7ckWPb5!q(+06tT1W!xKFsHVVR_N*`S)3^Q zN;Ln>s_bPyT&+-e%#4(yL*GH?043bgQ=p4NMnJg&gi0AcpghgkO#@+n0L_aQMGi`! zlJDIWXA&b|jySYyq}jHKXlj{EJh>q{q@!7oF%}t;W>i;XNuts@jG*_#aBLamA{{67 zWsO^!JwtR zux_OrOwn`8#Hn__;WQWdD+tk58{|A5g0iY1K(#xh)DL`rj`Gz<$P4be2P#|4&e zMpU#QGe@COmNt(oK}cTK^-!C#*@~du3oJ4t>vD-=q}?FLp@R+Y35%fPftsJ3svs7WFjmSz ziKI!K=Bj3)Jt!Xg6_sfl@fHj$t@d7j+WFaoxeqjwgy{sco|2Fd}-9-FMo zHvr&c`Kh@w!e&G{tKptEvkyrhZvu;e&q_VxAc8!o>q*D!8tIA6;?De_aAY1IfT7a+ z>@r_ItY&2O?(Fbf>%n_64+o;f79v zwpue3xk66L$|i+?-*dQ-O5#yvHOea>4TD{-q*L4ls(-OtsRIIt18B67 zMo3ds<}r++!-{Im?FmR!Y*jq8_J*`pis^zBh5gwz6eTkBiWD1%$kUu84?u(ELYSWf z>;B}x2eIZOW{@3{lM>9B1nmk~JGuVa;br0T#3pgDGItY8>pwH0oJZq8e{9Qne&GkRX>?C*6|86O6$1d|MkU zq&=Lx=+zeH1q+;@22nZy>#H%fR`5VO^WdbWT?u-IH;!dIx3##FmmGR;e3pdX+$1S^ z7^-n5Ax8pZw@pPhnbvZXjB3)c=cVq^-w86~-mJLJXMeTo;Qy4EY_nu3>)S*UlBalJ z(U4<87%S^O1f)*q#q4f$LD`nDs;3whGS8W1Tz!t@AVTmRGy(w-(r#BzNzen&EgJ4S z!-yS!M$QsK96~WGrp47UT<1FlzY;1vlcBwIm-i}xp^)dU@*YCNb$9_?dvw1jLFv-= zdypfT`#!Xi<7)x&ZU6#O9SK2?cnHX+u_4g1Z8QD$ug;y>T_i6-(M5yaEkcm7s@@Gm z!DL`%r5K+VRnP$pmEmm=z~mtlpYq-&uuJX)5yg?Zf~p1s&>a8pH`srkc#DKuSgCfC z31cRmn8jMi;lJbE91KTVu9yhqE}4~&KQ#uV@FourE2`5hi|jzb7d9H>Mk3Bi^oCW~ zh$bh(B-~E5Y|z(`3BQ9Mw`@YEI!Ydn!re#r&tHwwS!Dra4BJin>P1G83c2#_^uTG~ zBS}){k zJtzq^E26F#K=c3`I9H86uK-q^Khp_jh*bHnCh&IzSOQ0k@kyC| zBb#cXe5+0d18!(&?FyM^JZHrLwD$&D_$MSLCN%2UkU@e`9HTd+_jk3Q=a#fq& z7MJXv$^7oNn4IO)PSoVg7gb4?SKzBWvvE-a=>Y=e~olZS%h@p5RG) z3}0yMd}B52Oy1OG8(AGMu4eicuPJulDo8bQ+?69S9h)Tvch~?PYd;2Uoh~CF%W_NQ%L7~;%PZsniQo@*j(1%x~*HI zW%`~M#S@XwOiy=OHikkPVuB83%UtuyoyJcSI4?}WTnUL5T4vExi^S(tSOzb1Y_V=Q z{&1Z1+TVpX&`sM#7Efk@uTc!n^3v|eCF-=Zi1nTZVbj~4D=6+H7su8DLkTp&#Z^vK z59{Y|$YquhB!y6_QAVroqo#4TTpRe>8~-@SgeMaM zUM_nixj?t}YYjWXzr&cniA7^dYMQ#f5fTZa@f;BG8*_e*5}yS?WUitd%z*_3otstx zT@ISuEiI~+=yA4L%d3q~KR)?(1ir*fPBE*kh9HQJZPdTmT|bAr?NKnjMQui)s8#!` zSI)?lYY4!-rcEd=s!@QK5t^W@FWhSZpIg{7%>qxxIoTEmOKrIS&hac`R;P&}-74*Qi+ zRB`jwQIf4exF+k^8hS?-+s_odBidfV*eWcUf#YMis5JvWdLzps+82;5BCUWhV52Ip zYv=prit)5I$;K1x_MKyI)+|D?`oTgYAw}NgPR@wan@#m5eL5H@9s*% zc*Rc-lyXDam@9IUt{sKT9qCrDG(=CCUr+P}6+M;W+jY5@NbaauNPd*8>3O10H;tz7@VnIa2-Fh6_JhJRi0|aN}S*77*`f|k5 zF&keR`YvPpF$YFf(XBC84V$vh7c>WQpe3Y1g_Pj2PQD5!;f0gru<`FOG82^v;=6D! zD+=Le{hM82SK?QGuhqHn`@+9^Hl;ZYcLc-o;Oy|d$r?`T#n!BwtY8|@g~3X%?l>_G z4&`bH5|2HD(ELzXx@IvqAD9&>_>(C-`75KGpn1p2nze3d>71(}LZ;E2qM>b1t&fQI-1+q*Ft)c#Ht7oG=UpX)>srQi{p@QLba_|C#!mGb%;k zXe|!d|6>%S(+ERmiy*~%JUOtUk~DdySss!z)cEKNidH-GRQVu$=p8@k5OR# zr6{yYMnD^x7b@YDSnN3+MRi(goGsxds*s<8?*Cc-Lx@ijYE?YNckqPO%YjHW@7@1@ zmOawF`)GEby@SAZFTSf=&w{L+hEC{Gs>FxhKkpO6)dXo*V=)>|qRLk9@_wz;KJZB@ zqv-Q${kb`3EO*=v<%(F|4Qe#GuXzow++ne?(sh}~afyKSk+9p1=`*4pdXr2GA08ZK zreDKi?vBzZ{xWmH2U4eOig*x33>K?+AZi?`8@(Q<&o%~Q<5ok;u5lt>uAX>NRzUWW z<4;}`wxYYv!$`^4|7gtPv~uU)XOSd3?bQRp&Pp_YkAfnoBA${!LSb}q%RleJeLCdS z7Ae^<6Kund_!3QE-_gEwuo_Bzc=Y2H2xEPu#x(ly4~8HttBi$ z+wTMri-;cB6gxwWIZnhmCSxI@3_V{I(z9k|V=Y^5Ru(c9$scwI8#*incfvs|vY;E{ znxkSfbZsw!sWMVNS#qn#?Q&WhKBn5ET8(m}|GNuZdZa8?%?s2b&d15C`YTG`c>bBd z47@W8n*FxfUk{@2KezZ$MZC^8OD$zKt3x9;ZNFH-r7_YpBc&hU+%&}XLMUbR-qI?* zKO??p1N{z?59Lh^5ot_nRE&sc`p@(?q7{@MELJ?3H*b2-Lu-XBF-q3?M5k3Pvvu#(et74|IJ)zUW+#?sWf z35hT5ONCyV)i7bN2FsoFvqKo+k|$qi9$n=o*!t^CbWER3(!*$jLGrVA6lUB!J|tZN z0l}gb;c6xc{S+cq?Ly2@rZlSvx&&pwmD;~(b%u7?C6*{x0b*wL;Ogcdctkv%p?b8z z9kIc|qR4~~v-Q==*RMg1V*(G@R;;WG@!~f!K}vFSLF+G0QJp5}b{yX+4NfZ#yIhV35EM;U7FpkGJZoe`)fmGL?E&XIE)A^285v{n=--DkF}s z6ELG(#9z?7C@pV6I*mI{6s|uDH&r9qC8%rz_l7@&+nS%KyMkGpkd;@W_Lt z?v<30VoJ&-?+q@A24A(hn+cbiHCQg!(BM26A*w75*kVz$b5wl~uq7qGYxu7T|K%B+s( zY_DQrdwTgKAj#D4q2u-U(nl4&u3QV;gwa#$=A)Fck(6ieLvBS22LuX&gX74Xdk!+qGK#=A;AkiyK1W4-5mS4JHiJwZ!1ot|jxox$ohmMy@COAs-cU)b5W4 zS^6^q@c0-cM4)fuM$$A`fb{MKf8Q7!O*-@tcp&P4h%J*k_M(r*Z-hD$hY- zyk>ofKZ7j9T?7AcqW+faXb@G^c2fxsD~tY#Cq7Q)rF{4(6a0AaW4}p%Ys88qV&&J5 ziuw-l<3?X=xxl9W)Sx_ppCJ2=6E2#leOCbZmkyVY@dp2+u%|WOcReAMe9RbZS?xgY z8CMDHr49y0PV^;Thx&3x@P5gtfqXGEA^%opkV+pXuNZb@oLX-qeX5bxTFmF8##$ZT zy=HCf`BG!URAuQuM?-H!IYIs$^)A;ImbZQ2h}uNujB@g;B$P!_DmILEJ9DC-e8_eR z9v^oiiz&KavWir`xpmHtbq2b2ZsxIC6a~T!ETIlr& zCz)>;Li^s~dd=FOtL6!60}y)>OAN*(vGj|0l1dIV_8GJh%N6h)1#ao?D`iu}sfrT7 zecnaW$qQvuTG?JK8WV+oiW`t3%3#wzJ&#RtZSh;MSNeJA zM{#JCrQ}s>g{E3%n!7oJLKe?$k>n-lYaQVd5z<6Cy=Ks9ub*O67=1jD1D?$Z)JQ2C zrq{f(B=&FvC1?J~+Im~lM@@#Ctw1_|bY4fS~~ z0;IInU4y>lt9OLc^EN6K(Y|`Cjb4`r+flisWi{<4_zFv{TM-jqfH>+O`}ZpF>^HSB_Ih_DUT zqFzHvx)V=A#dv*GKM2OK$MgRSo`ueB7%!#nuA6h){%p0*T(!n=<=zAGY`+Pg*?$-Qtx!<3i~74$Gr;qHXHX?lLWaFjAi&kAyhlrV>@)huqAuKzo8k9x~V&U-MXG_NgG~-op@$)IJsK^e-P-kiZSGF>&=R@r2rSP(V^son#{>bt06w{~5QR zq}hFM$Ei81M}vq8ZV+e#tgFDF`p06p2xCsE$c+ud2#u^Ml4u9hNa)LRdoi4V*$PA@P&gUF630phEKRA+I zG(~A510A$O%ivzFaPHU%iMg+J7*_XLqOTWh%*%bkfXRd`Y z%izeZ?f+HoS59;cK~p}5;A1)0loO?7;vJ$Jo0`6Q|zvRDc$8OstezSNGQid;csNlyD*P7)E~^? z;R!6<;?EK}qbT?3V+HfUEW4;qhB5S1*q%>qEeWRK+<`fav6A=A!~BY@bnP=98yx=j z7&GDKAPl=hp5{tqAXQ;k`3rAB#=WvfDO3EBOjmn7tA_m#Mc`C7%9z@v`i5Z<%6~S9 z(e-UdT9nZa+M^||&pB)Z{|LIcXQ6;m=<|Bhn0I%(&ld2`g{x23lUYhS7(%__306Ei zgRyt?Hb(m7-|8%gd?Ka{z^5;(6v{gwjNZMt@UOGzR5C!d%90QqrJ&0`zidWKp&ys{ckZT=?xz-c2K%Ly{GY0X==o1S=lo>gN2~zZ=vt@d>?X6k z3eX=XVLz&|Co8k$AQQJ<7KzG*$Wsbw+vz9P9Jy+#HRNJTm#f-Dh^W!)7MjKnT^w$Y z3XOTLrh@v%3*-^nyKaWS!-o%DL8LJtEf#{&L~`XQeb^ zEjI)e_i(C2fvMW=<`t)6c7u+;`scESsdsVB%A&dc(s@-$-OXw%7}h+>5p4sXZMCgp z+Gn?0Av0a5295inlzA-+n1+wcFxDb@+U+}^YH+dq4_gkUh^yl`(dN4{m=%kW`cu{D=y#4*YQiUq9 z)}OuM6LEpIcngR_k6mo3WGb=MA{5T_jJrjc$NGE8gP(bqrS%-&$tlMVw%l|SqX9F5 zt=?x)cSIw-wBp)ukUV+eWJmk z>IuPZ>1O^AcW>qTHwCoY@!N^i*k4e*h{AaskqZ8MzPoN%V_4iZ8uXaVsD`Ynj>+BC z{Kq*-$NlXV+?|cd#ml*|k~A=P2t73N+=_;WFuc2YJd{2!y@~}|yu;Xdqu~(jvRWe& zxIB&h8%_Fb{^Z9~k@+$Bax(kN!lY$+p7b>^UhVcL*-`2}t0u2223Qy46`nyls^an~ z)T_bQWtP_)6Go^j1^4os2_f83x#`~@MEaWDw5P*@V8@Qzc{ia@_G0V}V%#06g~5!b zw+-B`ZcdbPGoK|2Q-POo7RMn*;j%w}$qc;qsT@#W0vRsHzS_U=5rqCcY1l1_#T(dJ zmn|&}Syvp-T{;q4o_5qboL{tG?>JiT0*kYRe)zmDuBkO9tB(TT|1Io_1$qsC{kz$D zJ3Rz@f}czpo-16q{f36E-=&qP9HmFEb>3v~a~%xi2SWIMVD~Jn6t^yDxgvPkzuqbrP7}Koh+D8hP95YRu=fa; zc(D>%iTo=2mZkBpFT?&jW+~=xEH3YQddY={GVmn@+T}O6k};c_3ZJVds@f5on=Lwy zycLJiA9I}cYcIdmNvxZwiz?S@)JJP9XC}ZAmvnmK{U)NmY=}k~mJ}?>Y4R-xdn1Jy zbXoEXtIY9pWX9*4Qt@{{+)8YjU7$o=VeDoRQteo$l8q@;Y(E~g+KlA^6>L=f8Mcf!TopN;HjJXXmU z&KTZzU>c1tf@MqMv9S_NYCqw48bLm5cfRI#6l8A7TUq(1C(G^;FRrzbgO+QNk2=5X z3-ykT2iKNnSx8YyIor?j|7g>nrzDHk>w<;KdmO&DwVdR#*rz@$Cjb7>HHV2GH#y?& zvS&hG*W9dNWIKBsQ7;%5Vf`_CI=fk8Y1Ps|Dsm~7k48YztvG&Uw^^j>m^nZ-m&owGMe7OFFJTL{Ud6_y(}_ zs7z+DCCQ%jy432ht>9{{J$9SgNG2#(z$minhkf`>)gL131Wg~&E`7`v>#y^Yiw6sa zmKWHMzr_-vch*}6fZ>i{1%lI~TGrFzUUyL{$D4bqZt#7mbc%N}p-3ts@JYW@MD9)e6&+-?deH)u%hrS$;1DA*(lf`_$QFe z)mh-IBCoK|iQ1-H(Tz<&!hKvC-VF2lX)EICK}SP(dFu)nw6|^UrsY;gyay(B2S)xo z|IGQ;x^xtIvpx61zsbhb6xkgKBd(48b+NTcC4c5mNM6irBl`OXM>_z=p5whkS9QV8 zWT_qh!0ekJRN%shOo)As$27X+<%`+;+;Wu6NA)oOoos_C5j4&b#Zl?_!Qc4l$4PV{ zY%fjUej-rQ8j7e}#S1S*4>7nHB^~KQgP%7Rt)19mp<^BLPJFfWpKp(sUZCzPOT)*C z`gV6hbMGbRhG!v^U8)?C6N7_6PBkf)lG*U+SZr@pZYM=9mbQoJ(!eSN84%Zj#+55e1gVB$|IU+ElOL)i*LHJR%=Z8Qy(P9`cpY7S!EK zHy%yb{=86#Iez**aL6dRD)#x4k+jqP%DR@$24CT^U*CGw1@}{_mjWi2AC}$MQ3u(W zeiw(I?xx&pss7#aKIduR38@uSCku?3>?$;uSCj9YJYkZviEc>Qece^%5=#E7?mBPb zX(Hw0F zhEytqCM*^%+y9Of1o3cj{-1y|p498D2F6g!5ZD&W5V%7vaJH80e?zz3hnh#7-#W?f zYoVcGSrhRr?2(XXL}yi3ZI#cOkAA#7%7!mcknl~xLYWY0V~OAFO0s%=y5HQ^FG?n1 zhsFL*Wb|nt`JGhQ=k@(+9`61TLhS`e$QEWWZ+h`6B|KhDr5_IcSvFEcvvGa6eH%)B zcH9&ruGMV`#?eFEpO_`31AFp)K~;zy4c|MG@ay_I%ZN-G6 z;of5s=goG(c617#Ft`8a!xHD@%ZRTuGqB{aBQjcQyE&bY#Bjr>g^0`st0EDMc@%AP z@>Nt5x^v7Q+vaRwMeC&p2Lh6Ka3?Iw-sL`>5gd>eYQbmhJ_984UUwbMIQGKLI{HM7 zM9rYi?awaKwosnY1{g((u%BHqE1G>Q?Sn43AqspWCgVL0m09(<`!ZZ^!|IINF8z@hOZ^_8xC$^>1$S zfW=ezLMnMW4I!hrzgTv)$tqbmXZM&xi?KbyyH^@)ZZO3V5h#G~${>HMEV=2~*{NzxzM_iX&C&u+z=T^DQykVtHDM!L1-uq7+*U037Us0;y%(>6nJ$IWvNC4j(_U~(o&=3BE12p> zXJrFeIe$-#Y9tK1vsqR4Fw2c{pvr??SU&T2ga*-8vrg#9cE?Z^`?DB|yV~06-;~k| znooNtKpQVSo3SVH0V~_y(|$LKmE{@LTtVR=-^GrXS2c>!oJDcwC#6+b3LcsPRDG*> zx1S^3xz#8ze8T-zBqy-+rVDdbVDR@ZEL|7@3I|?O-_Q8w^g^H=h~0v-+5(TX@^;rW zAuO-iU!_ZSJx+@#e4h(N7N?m;yy+OkP_FdQU|-@%Y>1Cfn_}5nSz;g&Pe(-pAlx;Z zl6kp)A(V+QL_{l_jQ(L=ND;M!j57VyX=%&NTU}l{Fv&E^)&-C6YOGL!3lZ;RNtN)#7n|SzQg6T&i=DmiCzUyt5jfw<>(~K zMHti3;;rnzkQR}k>@a>DbV~HX^s=y4TXaR;CeQ-^7t1E~!OKX-rYHt-W|L0X+JPhK zB)Ps~N~~}xssiW)Qb}1Yj)jHK3sA%wVml9A0i@w9iF9UovsmZ_nqof-Q^JX0)0()2 zj_}H%*FZT}!sujYFa+eX70}gEY2Wyw5$%Y25A@%OIEl?RV$Y{`1e*0%vMi^B?V=WFJ1+E$S5d=FT@7ns3WKo-H;P zp!1u?ws&XO-Sc7y%~Y~qSXkg)*~gF6)X9Tm(p$atJ~)TiRAz_f4HW7io8|k1o3T!z zM1&19t=6BUviGdh}VuVUh9!rJG9)QxRAYSPEWtZ5=(D#KkPqF z)U10P+g&T!W1>Fr{Ebr$9tg?WM`rhy+`m~`6h!O2S}Wd)w~glQM73nPpbiS<{(^2!y{BG0SZm z^@xR>;>u4wsvfh4=l3L9(wt;nnHpx^p`%NQ4qLYK&GFAVT@zL*uv3Qm`4f6Woc5Wi zYv;jDg$v|>I79uf5zhn9hH}Gz!GeSwp5Y={keo{SnGYVFL#Yc4Eia1LPB~J?3@>Y6 zu-yMC^L-M1I6PEby$P}OUDwkB#q%3wfyRD#thJ9+zi6Y8V3;zE6qSSC(<^}=_H1wR zISPtes3K9^fu)nGxt78$jlem454*b>Oiq}_25ItLN{RE!C$AM}rQ7KA!Z**)ypwPp z+miI~P+aCcMTrPt&d54(8m1Tag)@Dl&Ap$nIgV3UIpc)Uc=j*p_biBIlQv-=5KebY z(F6a~o_x?bnUs(E$!)q3q zWJ_kRUS(!AAD`q!l#gzRYNRLCz|cJ;3?orD^_6}*Ip;n-6ISRqTw`dK>0hPpi;xho zAg*nSpgz|M7Uw#bP<|00ZS2z!SNNmkTI5xQ(AW$*R%`RvlMI4RVc1~0{2i>5{Srd) z13QY{{1)MdVsmlrxG^KQ2Co$7@u27W=f#_!oHebk)Tgu=-xhWf`=_MJ0A;x z4Zs250`LI%00ICZfCxYgAOVm9z5vJow3|NfsHzyaU{Z~?dhJOEw*AAlbq01yNS0loo*0U`iVfEYj=AOVmBNCBh)G5}eC z96%nR08j)d0h9qM09Ak*Kpmg~&;)1!v;jH*U4S0oJKzUEA7B751Q-E~0VV)bfEmCX zU;(fMSOKg7HUL|I9l##o0B{620h|FY09Sw;z#ZTL@C0}Pya7J}J^)_;7~lu+2Lu2D z0YQLZKnNfd5C#YbL;xZIQGjSb3?LQ|2Z#qG01^R7fMh@lAQg}XNC#v9G67kDY(Ng+ z7a$jq2gnB$015#`fMP%ipcGIBCv_P=pm0kC)$j9S!f zCNv^~+M^oMocv$dhc8D-74cuhE{)94ULQ@T1=G<7Y ze{8PmvyAMwl6d~m&|Tt~FT#G|ncKJj_wgX~Z~LZaa}MU;`?=6YjBLfoehU{kt~9fU zI(V&<`;A)h4d!rF|AVZhg|mV45%b8hdkWh8cfJJnef>CH?cq-X*REq*iRJx@ z-9MBYB6@yDde_~6^R3d4{k7S%P}9cRqI~}2jX0t#cbAqh>=Lgfl5LPa99(JJ`ddXm z$=K#oaktc)d!5%wBy0NsF7+(um5OGP9&tx{NGJ!9OKl5EpxTqL&XMuJF@C65q2gg- zK>{V}n#-NFf-96AZ|UiQ%T}@R4_q`J`u@66#8=q0q!?=!fuy+7X9hKsLWsv0#|9dr z;%N)vD)o}mrU!1Ts=f%FQE;FY7B-^;lfRCJlzs^P;*!(n3=!fcyra=8q5`zWyY#u0 zJPl6wmR>r^@Yv-N_$s6}574EbZs}PZGCqF(lof)g z2v&YUDroE}F+0k*e79D(e1_38WL0}{ZoDXfknm%H5&f3$|HVI*)fudk^p7RAM`VVV zIf#ulRv7PHZu9N3(6(MPHzcaQHa!kqJ>%o3<}0}hhAZt0Eb<(DIzseya7b4IYdVCh z!J#&?$>~=&BgPpMs^AZP3wS2E{0`QTr?Wk{HVU;e*3#JR_%$|Oe_p)Em%x{(37SOx z#E?|FKWuxr{!S*AB=}&a_zIa_&wO4~9LTv@YtqSHyy>}tsIe^7vV0;rSB1ozm~!Ls zsdx}fpt3!3lx7tDEiS$3dc0hbRK=*3^Yoo+kQRzdzTgpVN;tdX2TnSr*hMm(92aS2 zg2cNBOBLk{fgCD^-#t%u;RR)15aZSDh4e|y1^Y|Aly;H8Rfl@X) z=ZE944?ZsDmO&m!yM3vv>lb=0uZifkFa8Wotr+tG%IJS}kFT>^QSnVNfTM=R$}a zVz5UIn+*KiG8T$456u-^=4Pev->Cva+*_?eh%$n7YW%YTf3`G}h5iWKCvXa*Y;ZZ6 z(KWW6;rWVW8j2b}0)IqnIRmkrDoP{eA2SC_j3s}H8HftD$`Qy73~9QU**2qrLo3Yx zK)m{PhO=c@Rrn>ZY3~Xl&r9w88 zy9+HCPCd9N*-I1e90MUelQ`@Ri>3u z6s?~yd5$r>LSyMUG+Xf3Q4xE(kZ3jVXQXuGA;Ph*oH~w^;w6^f4l)j1D4hqsCL$yi zEf3XB8Yz=sy%7LH$ZlzuG{(sH_YtQIE(mpw9O)IsH?^HjWt+OL&Y1dNFJhe#=6q%edj(Zu zBvqC50J>Nr?z<}YLj#1l3bg=JWF}!hPCJQ%Cz8c4RI;LyhvHJgZ&Jo_VpG)#8sW&l)kT zxT4*)dJD^}D|9@cbyH-zO51-N;YNCGh+x<>RUjuVU_;r6C)Z{O49tXe6{1ZXAJQWlzZP2grnsNlj^e7xM&BeHsj?sM63xD#&q#~U=zZpo-q^ZSok<8 zF~1*#m=tkQlGgXNl6mgZCM54lNiZqpk>Q{JH8Zs{2d~B<^PGg3Bs5GZN`+95hnQHL z{Eb6aCm~E2sQpEjjuJ9C6K@lB6!Upu12iQ{N0`tA6Um;V^G)7Tl0Z_Wm?Ao5+?X0} zC4a~}hj0pK84Fq8u=yo9upP2qTp{dClwmjwV&H2SI!^_ZT&W+fMUFEG9xSsdZL^Yx zB`TBEI5@*v6lZ1F&;bHRXCq`6F`=lj4>944F)Byc>e$3fERrQ^NO&m8G+D2hZqU|dT3Dra*>ID zP<F8>j1&*mVu(i=vA$1YY&F(d zcXF$*v?jMa^anOp2x?$s6|y|^_86@k0OxCd&Cy}vhql(OkoXz)J2q53=5rtKYyGEq zWgJqk#)HHsrQuQ$b*wW@`zL=mEk?m46N*9u3g~|t2R~I6c)N@3vsMx}siYP@Q-%5gZM4iTPdO@(W-3Kxjk4J#VP~VD+XOkb6Cd2u7XT`)oZZlD- zNPeC)tWsYU>oUGc=eh05*k3*WMK$kUVhne=9*KfqMVe909a)ZrG||QawoPeF9()^< zI+aCc^3>tWnG+|lW#eDHIljX%t-Nv9U607;433!^@uvOj+)Qe?M~GY`regqeqwT-- z20YkFFjIE#JKqHT9Lasa6E(++Drp)-hGsFhZQD}opF4BN9zv||i%=XHr5)tdlN*6C zE!mp~4Hp^zk}5k(ALk_2oLaA1-SZw6?&RQZWF~X>dUDYNRT;Y7AGgkZ5t6t)P9xHE z%-0|ikj+$Et&42K|U7DoNIEo?O(chL|8r>0KVEP zo^X;i_?#1R+W3u5BqF5$R&B2TO2KETdJ`z{i)w+q3b{aAd#yMzN@oL{PM2nQ?Ee_m zhKG6KUzMq-`pXh3@LTriMC;*NvpMg`B~rB6706>1;#SnZNFxUg(LObawaqk(Xx!eQ zY~EACQv4yqiC`qrMGbH;u`7sx~6*sV~!h^mMC)H=pEijle^$*o_wR!vXcjOWc&K zuvwbO^+N})PCvdiBA|aN`$j0hqc|*Y+ncne`aX5BHs-UbPxPNp7M3N>ETo}`2 z_j&l-sedL0Gvu)%>5{nSzNgJp>UPbc@Z3(DJ~J~X%r1n^%2B2f{NQLb_K2A!)c4>Y zRuWA*93Ib0*_fJitu)Trb---}@OL+m@BKWN7Wfk0|LAy?3b4s(OP>oJkh*@JA z(Mnu7w3=>57&I|UGQ0Sl%vv0mgmW`f_A^A3{4L0p)61{(((ioM1#I?|MAeTX^10eUQ`kF_g2>N}>uymN9x zkQ@*DWSo86ch6jZ8`YZGBhzE7-8E)&qGPFDElFJ_GsF#W3|AAjb!mD6g3<6nemh47 z>!gmnwr~TdkOJ}>iR;ba+5>+P+%U~9MvRmOF*VzNw~J#-Jy}3VAy!5g&+J2t@Ht4L zZ!{3nk_rSz>N-(46XK8XgWMCXpf38exjauzusTLY92(E08r-k9PNQ$b8>F$eDDCz; zVLNipQR{^;Nk>;PN5j1txgBxB8l0PAN!)@Wm4_SRbI?U^E?%-7GEqTNM|5X+QkZXB|T z3L@6u5qla8CE*CZ$N$?=*c3Qy7NCehK3Xp3<1JJbq`^|quLyjMpVYRJ$`DH6Q?1H} zx;+5jHHAb6?p)yUVC+#1B2du>cLsFx_zjdHM(p z6rr`$92Ra%#}^LhP8&M|+2x z?MinAzw4%-hv8mGHg^$8F?-v7KOFalb_s~Pg{yV-3KHik%+krLXBo1f(WG2X`r8)4 zIE#2hddo(5G|14JM&?FIfy5L@R>*=;tj)Q@vlqsPCgj$b>gteToTVGTn9_BP=eDE60dpp@g)e!>Wm|C|L8tnQcY1Rr_XYGOdv0t4d6syGeP2o!%ttqp z_|ozvvT!7f)?`ZqA7V8coCj6&^`~CSjnCHN3vvC5An9Y#y&$O8#?FqsbtV635MKH3 zNWs2fVENxcSasvpIqd}EvSAO}-AmXL^7X1E?k;CXIPxJ^#p1TZIHD=#C6t_T^fC58 zO$cw+-=*2Hq3zyUj*|Rq=SD*;DaBUt~8)Gw_ z$o8E2EVM+gF0`bx?_1rhv#ys?=3S47B+vq!2A?QLZa}8uqB%ojeY&aIq2=MfH~XCW zhpOkYli^~~Y2Bt>LJW(!NXqnC8dB?5AiKK`2?G4^Py&8ois!mM{O3H|<$Z=}GR7(a zF>0gILqTnSAlt{C9Mb4dhk(hQ8I#DSa}^O_y<_|q$qU0no`4frJ>}ike~2?7F7}Wy zNY=FGDc06=X%#j2xSTt~h@doT_+vD#7Xh80R`ffkGA6+!vy8d#@dTawIXmn` zS)k!R`^eI>^ClohV@e0}NqWt3FV1U3E(f#>BqCP*PlcQQUxjPA0#vxRFihZ=|4LkQ z?O-#$9$Nw2hoY`}X$E_q!@Mk8`FT*R-cuaGPC5oe+Rq5y;f$$JFaINdQa@Silgbe9o$`lYj7uc za3^SRhv4pRjRg;G!QI^n?ry;)NPyr3cez8J_gm}!C>CqFx~tAU`$(PYsYyUgCvO1l z96Jea3W&IqxCzg$^_8cL3?X?~m*s^F>`e&+EYN9|JZbs7@|OfC1@Wj9L}@OHJW2eG zhZ)}`D8XOfO8Q6>rungCZe+~F`aqn(+nO0+|8t1!r^)9YBvTcbeYOyKdfLzLadESG zxdB*mRw4|qiMRrw9LJG!4cBl&^gXJyKiN+Q=*D3QwOR*im!IC$Jp28j-{d)Yq_n}O zSCkxLD$@5QS#w<1x`l)N7gn@ezGFo?*ndI4`LBpZRVJB!){o9?zcA%7%!-RjawL*S zX_|b|OgxQB=Rw1HF9$?Nv893XQp1RoV!Qwk51ZFspPc24h4|#XuM4Ecw@$?hFN>MW zOf=#!`vp&ket==r&fv0nDjlvWj~dwi)V;w2&Jv04wR7F>^yy$h{i}%C`E`Cl5OSm- z^crgc@F$n-*>uihWT?7+%^A!G@9cCw4S@_Z@IY?S+OP_>YG1{`UuI~a{Se}>RPDHFx$qDn;uhF8Yct)Wx3-$YQRUN|jHdk@0R*fMaino; z7D_#o~Zvs6Q0)cO%Z_)tOJj>0d&^}*VIxm#l1ecY_R{3wEExtu*aU%&{X2<_Vy>{P}j*nY&v|IgvSAjI!lAG9!12}ieF_xfqoJsMg z`kl?&rjj~P4fKCC@WNs{RqpSZq+YJn9K%p*)0OW_&u&qw<*pN2F5*LvD)cl;KD-)Q z6^)*A7(BTcrVU+RV9bD-(yW$}Bu0|4^%_HO{%wol5To3YiL{5T?8+v5J1?e$kP~%K z24Yf3ETOmfTm;?h27vRfEoVVYOs^i93_i2#iy86^ipAvft-R5B>Dl`$43l>w4m=1N z+24C32Rl(D)SMfuBu=*XWTQnDmQ&)wZ6zo<})e9U!;_cu0088NJVqOBlq~g&k&# zA0QWqHgQFOGqkiaB#ANnlSH&vwc!kgEPS?2Hz+Csn|`oN-zabaPDbIE<~wr6Y1u1s zNI0J_)wk@TNUfnbWDwYo)MhlFKBj)#GF-uCZfV5diOejiOVab`dl}W{u?zOk zxBFYNMYO=bj;q8qxj?Aph7LIjE&=Whsf^NI*OhFe{@CQ4Dv3EH4 zIJp#pcC&=QUZ1|!%coW|0+D8oJ6*KjZYL`IUc@A-NlXMNWqI~sHf%m`MQ0o`4}O{= z41q#QN@&K~h_|Tr*l!vkmnI%LV`w^e%tA*YgcmtrAo($HEib->^X%$yYH9raQ@D27 zqacuJJV`_tZ{TSTIg;a1D8+Qj{Cw~z^n&KY{72~J@2+Ck3yRFP`oixyJUg}|&bx>U zWH`8cxLoN)foN57(+pour;Pg`K_BQYvk}yI4NATrM*DS2*Pl4xPxccFZ(Y#Tk-0#RA`5U%vcvM%r%330<$Kl(LY7U|56==i8r*MPa$l)km+lCv|uQb1ffMu9q$ho z0pIpMuG!k5bloL<3P4Hy?W*KDCHR~`g;Z)}Pwr+}zSfwN&1kvS`;~fl7p`RSs5k^j z_GP)QUdlMLO`Rm{4rOjZ8`oYdyyuyGXi$BAQcl{59Fh<@(fs|iQ;Vb(P(Xm(6`323 zsN%WKp|09!f|XUMKJZjm3=K$h5B^TU%zW-=aI*?8_)* zuJ`l219ilh&uB)?eXX;r1k&+0m3bE6aKC7bBXPU+WgZH5>IOMC>!^lX=Bsd2N7W*| zxE1CGRI16Zd#LB5NUbA-_h|4QqaOlVEkku(KgQGxs$?QQV9B>`7+1F9D?hlI|4v{D z+M@%d5IC|12i-Id(>SOiS#D7E3Cv1I;++SeQ=JrD1?+5EY81xwzw0}cKY)?~Kuy&_ zhRZ9@m#|_&m1MUCF}*cS)<30^2vG;1NLqwePo>}W+DpTE+GN8ZXrD@HXje-~wfQ3Cw6gOh!PmH5KH297xU{tAZPKr3!2``g(v!7MI;2XXZe^G9 zpGa>*?si_Bn-WgyNk4^#T*IgP{@(szsrWjRUTNc?n^YWXPA9aQIpO;V@ccS>9#8tf z&x+@AYUZPJ@d2D%L3!^L;H?#=)F8(qbHA7ghlrKHiQc~mHbwNC%OM>{d6kl>p%tV3 zSc~#?AS$4c|LVRA&Ox>`8K`A+3nz+kEH8Fe50hRztXl|U$FL{C1)ZK7NFZO7hbJ)I zd@hjk2T^&mTl*HC{hk+4Q1}hkn>h4Y6_e<3AWeeGG%f$S43P+nc>)Kgz(RQv<8MZ~ z5EQrbL<+JK(Wgs3M_OY}Ys?Fkc%s&1>g`Fbj2@M6bgDlpLj>L1!|A{u*qNjlO(|NQeI_Y=icI6FsJ+f^kest3>*{?pvzpc3|#;%7oVKQ~Etsoo; zk$e^-`3wFY&bOb%+#!ZI#;10Dl+r|;`!KcdH!k{za*wQ{3z&Y;^*VC;;I$QWcA|BV zcAh%tT=B5mvnOb@4fMB8E+^d|_u`jgW2#hPQAmF(os_1!KytnM z-8dO4@MP9BxIrDsPa)oLXOX;qtX{2~vi>xvT7Zr~j36#@bmAoU_{&+j!9bx{&HFHx zYl5XYA>{GI9iRuFaZs!gSguy4oq^rxo3V6WUqId%JB+_#BVA2he%vE57|V7#c2`@o zy2J0Rzp`onO^t)xdm=-{+MkKgkQd1KYdl~Q`FBz6_ z&Tg37_#-q^WmLD7<_76wE4j{cc4z6O2wRk+>(Ymq2a4X;N1)jru z8jdAD*43;q>liW5eW+wrGVm>9$;8s-_lgYTcUxp?M-pyswSCXJa~?7n%0@xf(G59_ z_u-BiAB~L?0?!+VBycjGcvHkG*O#&fuX&8J&v>i%T(fmyYsSU;tNnY;j{+psMjqYk z(BHy3fwEq)@v^cUiSM;>=!cxB(PZDQ;{(hFxFDn5qe#4yF4HtNnlM;FXIcKIu5S8a z4`vn#V>U+34Hs!Yxm6ep^i0z$MF(I5*^OQejrXIgSbh35B5sMlRIcBkHn?_XGuqyw zm?ts06-c;!ke`oA$ZL(kGWKh7BvX%X{sy%jtn#9jS9d~)x1F0vO3+*rGa}rZ)R#_ro^oQFWD#i%dphGXH-9X{v{4s0*g60;7CZs zUwY96K`E0h_3w2-6z>1~UJ5H42W#l2VlBAUfm=PeHGo?qxHW-WGq|;YTPwKz0Jk=9 zYj56E>^R5*1~EFj40`GzX7oB@fBBOMdnqFRPEUaFfp>~Hf$oumeEi*&z2cQ1-8d*| z1`>=oF1#tLPBRNRXl^#3{_uTyiKj635B3*C)YmH3=ZD!0yc zEcT{kFAus!BNW+VPA)W*FV{Dh+^!da)$*eW*C}z~z-@xx_l(;Q&{Hf4=^eEy{`kqP zo^6w6;j==W?Y@tDEF%h}ubG|i+|GpJz3;F7*rpM8UI=b+IX+x%U!9<|_OxZcxV4(Qje3(J}};sH)8uk;ymfkzVcWk8csMc- zCbBeCj`Ks_B_x|7Q;zJLb8({mh9cX>dh7~u1kgQ+v9?1#PF^KZ3{mM|8pwEVTJ;`E ze=WW}8H?R#z?=07@2g=Ryv}Yk9~Yxw`Hs-WdLai3VfrIk-8);5quy;XG5NHeocOPa zdcjGWqcB7UN*T?%@iK<83Qg4p=nX_Teh3E|YEYn@n_Iu6%Vi+&J#LyE5{bc<3hGB0 z2H>3+4QyB9Eg4~UfRC7^2#EEcxO0M(mE2n%tP`R38@MGKjO~Ao&1P4y87#XWHa4uh z*mURO;G(!9+&uVB!a_hp`HFYmS@B`8RbavKve!yA{wEY$NM@{oS`*~2HYXO$JPGw^ ztegfvJX``aId<+`B8g1>y<9Ib3~{l*dw@)Urog0|YH;kU?sb5CZdVrw26>lMyt}){ zm{#uHpT@z^1>%txwgqAyXti4%4(XrQh|LS6w5r2J>QO{mk{^C_Pk7zfj&;huL;HQa zxkTa8vtU`puhp&;Bzof)l?hcvHZc>7QYDw0qhCP|r;Zz+T3{O#>(#ip6$n!km*%nK9(;=##%BW_18se)(Ij&KUoo>M5QmLx+M+g9?;K)eG*^! z`(3-O#C27Fv4cwsCHjv_QNNm984GG(o)P}ykO=1KnB%k)dJVSw*ZW1tyl+QD&e{iS z0|e1QRJiB{oZ^~fLo;OXL}9wyFXF&AmYEUd=!l)E$@WDukB>dhib57j!Wc}pj3yFe zxb5&=q(3V3zC>GUtj?dSZsl3eghSBz)R9||7z=p+Hi)-mgS-aedlyscBT4HUpFqE7 zx3z++mz=90Cr`xXQ1~FrFCjL_s<|%9`|xm)oUPh;@lke0r(tA8oBNW;Or{E85D5fG zdK0WEFcKmtehbp+h170ngO7tvZs9V1&3ul#A+=Rx@0ZBXSSCtO3$K@{`C>I0N0jj3 zQH$(XflCvuM?s;Ck!&1}r@G*n^re=WYpBi2T1iX>=g=i4_gDgjS?-wIaY zwwukk=IqD#f{m#n7 zCa%J}4z$kT-SVj7mW`03FEglNw`6wn6FT>E2;HAaGV3T@_hs*q(FORH7(el_C<%&n z=e0BFkBqmuv!#g9yEQMZpGqrZ{*E{&cG`M{`{Xf^7d&or{*A4kYm&mt0>iDQ{a{x;s{SVtQEHlr+NH#YXil z*`4uXnmiI?ShSL1emm`*NGol=L&fplDK|b zzGJwDao4R=)BgaSM{WJ?gEGRSZ=m?chN!bKP`K z)pu@T+L7XgOA6x48493>|;86i!Ur+`Vd(?2aK)~&v}*N7hidz|NIceI8wmur-X zI?CY+`e^SGu#`|$TZIF478@(%^NSIH{ypZLRgQA==k1`bcf653a0;E{2^>XPloO&_ zk)6GI-^KWXRZey+?ev=;#00ZpER>UpmP`(bvY3hfqycwos0wK}+hK>e+bAlWAr0NR zNjay5SqBa~3Ek4f69kN;6l}9ii}T}|REVl63A^ZCcy6ie3~epd2+V)IP}@p6=9$~3 zdS+d1Z(zem(G525J7pMA|M;tr&SWYVWJMFTz&)?uO)nb#kG>}KgYArCzHl5 ztL(NVt$uA0HeVkM61wrF^;<^%bF~9g?N@XuKMlHB3m~cmX|XNrk+aI+F9XNL=j+>( zn4yGijDt3~lJw`34Hgx8dj6Tep`1oVl|j2PMiM(iNt0jO5dB(Kn8{!z<-)BUKMxQe z5Pk+Y-AZ<vgrnLCzG_EvNH5$qglYuWcoUV9 zD%$uSe=Z|O@Grk2H=@h_ME5?7efm|KNP8-&09K>K#$WE#FY(b`9uM_BXZTGP%AHJs&j zGThOeELNIOWsGwiqx*^30`0|wJNi4| z--Xy>nOEl9bLmj5wz@-EuaUO#~rW!jF6)U`#W8IEBvw+Z=I{E*yW^? zjBhGcciqP^T^bGL`Lo&;x^8BgHo>I?r$_wTGWX|PLyo}3npG}cy$q~Bu@+`2lulEy z2^~uH>(jSOw3P+!%3d1mN)YNodHRj;HL7$;EbhW5?1%K@$;i|8m6T|^w{VjH=lRIH zpKO&D=CV@WKgwZ@o(-eal#=6Pj$SWlw6PK}Uef*glDhgrU;U84zptobt?HPgxR;qu zS#jU9cTg=lw$P64nJV$4bN_FUdp+9JAKv#X71QJ6ii6JYDj@k8C)S=!_*3w7QrtGc z|7e)F_`{HkSp_F%Bb)z5MJ=2~9-pIOzkECZBAvobQntDpuv5k!I*=i_QA?P&COjK;}dJ&7@7%=I&i%sJD<5%SG!(QnqQwt?Oy+;cgzUAz5rd{b&&tu zTvoo;B>B0p#Xjx3T+uxJ?&^F#0`PiEpBqc*8L6Op)Jo{wW60CAqpD9cMQ2YHyE>AH zPID8}8*kUTH(qvcLc6r+=dJ9!o`EBwXM&SvgX8Kg`;C|TX29d|$lm_-V1naUqM@-e`| z{`B>pwDdtJFM8E`vI0YUsdKg!WOagD&bV}Ba z&12bqpR=%MSafnOf~b|VXL`J+`YI9reMfD+UZNIw@)c+x@DrctNNNrsZ&c6Pr+P-S z=CA%7c@zRSahrX#0?2{018)KM3-Fn558iFhMw>d640P;p-}+DBDm|e?|Mb8Ty2ntR z8#_bn)dp2ASfHHkl|Kie`E%mk>!>Mh92ofb=67*#{I0%X`NOi|hoHJo8ql>-*U?sl z&sON8coH+Itbxq^uD9dB^YP{K1nu>_*!tT8%d4AC_K|J}-0Vsl8gT35XLn~dRz2wZ zIB?K)xwREtx&nwI-(os#m)_1vLit+wUQJI6wpTq5-_N~Rr-c5vn|QU#W4IcqztK_Y z2I}uME{E*9JRsMq7lamiKRUa^Xq%*nBiWBrGPPT?6x8j`@60=GB-Wg!KhHmXdl?v9 z?NY!wAF^MFGeg4(2L>+BwgRpHQdqn4tG{oG0m@1(f1ehHNF>CrT%KeX(Yz+9BB_4V zOHyYmdS-sHdXZz=&6(eFU0u_!?`Vt=>ax8|8N}GfQ5i@$X&P0@nrVE9t~^}LBj`_aO0DJ%I3Xx{s3R*uvkYhR0!YYTmU|AzvAE;!a+Oz3j+ zOVqXgwRPhQ+OpFzEnJu%V=5~0X>TpkanOp~*x>W`ln3g>2zlu*^rY?;@q7C!zr(J) zexG=dvc;}#05Is|3@u{rM?R(8%vg1yd>wR!S&7Q@JR8fmdp+t#c{tQpSs_f#rK9Er>;%NU(W z99xt3A+$@8`|!jwKz=n3N~BT&9&w(*mXHw|eFc^y8AuFHdcRPI*zVf*uy)}og6!Q2 z3w__6{9y5wgQplIjbQQqs~H71&S%42JbUEJ1}h7^)U!^AYo~ToNJcBL#PAWxm7JyUwuHyn;6ApjAK1%;#RHOzQy0<*sed-_ z!LZo^L8!=$BYK~1SBm&^8tE87+K>d1&RUk~VUP?%CIro`X?9aD6>c5+5P`}%xEv)Y zy`t6;Dxd~v4&3ar>G*%WG;|;w+u8(J!Ym10$Y`6pY?Ki3QjOBtO<}@tg^fi3-0;Q< zNM8%0u~G1d$GZgRsw=&eGdWgCb9^vB@SKxvVM!lmIBktn6nD`!DbSUL-Cu*khpsB1 zb7YLO^1BW)hbpIbhafol4b2eCpPR@)54cYQ3g2`^KTp#FZeby373i(g9JYy>7zJVl zQG(@c(O!Mvcoo;aa4e@yC4!cP$~dBbGAJ#{=#cim9%|HK&3gbCgEt5?(zK1aWGswz zuo1uztN^;x_q1WqK7rc1l57 zW)nJ0{55N2Zu*?&SVrX7s}V9-e9FzMIw;;+jSQrTkn?5nFh~4ttl39V=MPUX-pc50 zV9}K7Y$_`GXqRK(^m|ns#YY?WrV-W?*3Ul5=(BG%IR@;0OP>id=}Es^7u94HZHhwBF3jA_Y5h-u7e%`y-=80!6^8Kr>N z$QMEq@mP0VBuO{=RqIP)Fgk1-m2+7C2=u}?dY*Nk5SZE|0v8BC+8*C|m-5}+E&Y2+ zhB}^1g(;55QOE(SySF}ipMDjDSVQ&pD)uU3sVp&w4&vMUVQFX#81?A$K^MpIiBlO7 z6z>jH=z-n^>g7@!Cf9#N?9U03&+tz&X1CQ&=V$oOFmeM$e{K!Uq53c61S-#L(G)^} zc?wwa{rr{n?v2doi8Cb!;<^^LaKX5hKg0_s96?}J%6GOT3#v{b{-2#MazYpDi>fK_~!)qQFmk&dYz24ra@ zgdkXinSA)M#!0SP*4+QiDvrTcVe&zT(6snxvydr_u&l6gc%9aNBWkCnZ~PBsT_fwD zV^uEPe`dj%YzmYYYLNONDJz%ztcu4CTl2yECt~4uXU>wVJ&m{leK$K581P{5>PU zgby(QiwyJG`$kKu5^U+B3Ro!Nr4cFE#C!>vUeM!xlb{?J3KUgfMlaH&xQE(DQK zc2X;csg)k=R4DlAzc%flzBwnaK`^(JX7#I~01?jmMg{&RqU=D#w?4f0hpHiOl2gxK zMgAW)qSSSb>TdMJkIsl>4bWuLFrY~IH`nx_y?fK%U1U2GKt{NvZ9GTG)|vy-#LGEh zV))lXu4p2E>whX3UZt8zrK*_GpbHWkt+IlN=tiKOwX+0fF3nzi1n9!_s@468C7B4b zOpEK}+l-Vz?2ypa^7`U|$EqYegOAGQf+T;kvHPn8_PJZZQj0 zs!!YL{eLu95fKQ1HkN#1*y^x?Z6wu6sP@mQ56^RQoeQ0AFA!H3YfeBVBowYl%_x z)lNIj{REXLG%Y`RS$*qjCQ)7_*FL|JXBL$6>`X)*2A`dOG3>K*7oou>KzYH|sJO-- z7T<&e8WywE$t|U-mwh9QVSy!5NH1zE&K^ajD?nvs0t&+gWj?&W)~9|mrX&3UZx^x> zZ8tb3YWfpU@Pe6bWlkm58_|4!R(r&tVkO24{lsLQk<98-Xn?FBS`>)9-S0;C+;4u_ zubBSX83ZOU8AX+>h1hZTsN=7C@GZzamzlpyf|Dm7AmD9{&`|6Hf5zXogU#C&nEEZi zCl@PwAbq6F_cJ6mx&gU@=pFcpw8E6s@}mSMdP>?G5V_Y5f%ICEdd9FdPP(^@>-kV( z$JV-$ZW|VXVDGr}k(Tf|3lE?#?=~I!je>|=V0iG62PwHTsDAjT7%!SB4xXg%&r**d z$SCm}k12&m8!{;Z5E+$!d!`8>g7!~n60p#QB{iYej4QU54CcY7TmD zT(Un@Ws4Aswj;m?o(C;>9wJTh4#S*lN4IQCW&YFJZaWteZS-$}^WWt@=y31*9Gu$= z5m|jYIBi(<=t%HD*oL%sBhBr#cUCkTfD^=fWEG1ovjmf9-_4fO&+SrhAt4N{(?!e8 zy8eTr(bl5raQ|Un`i8wY#w(mQBx(aK+JcxCOi1$;O-F>gMfZ`C8{#5WTIj0tbQ+xA0JesoZy*wKot3JC>8+3YkI$aZ*|Z;dJglt$;5{)K6Km% zm!&BO7rfwbT~OhhFxv%oHaaBbWLX$2f=YkR5ytQ^d~m>ZS#9zqg8NF=uiiZ01q z*?cw*EOEc<#wH2@I`%=%uMOX9$^@MZQ19Uq)S%Q!^ZUHF0XM*NWW`>hG7zP-PXF!# zdXF|y z8ZTJlgB^OC;1OoK1YC%Prek|P)QWNgGA2D5ko^JUE%T8YRD6WCpZ3p%Tzo!tmpJ_e z32$wp(Te9nH$(yUF$QPw>v?_9r7S?Pn!$@g`eEF)CT_s_px_Z&y9iVud;3|Wa<5jS z#RT?US@NlfWS7C%oiF#ntY7z=zDYK3^gr3SwZ_ zl5Wt_R_TKrFom}W;c;;PIk>DQuvZUz;wIdwrBr0p##S~uQ)dYE1NS6J8+COJ)aFXcstjB^#P@FC(VUz=iHFkv00L9^{`wlj`_01yCP5g*bRVH(l z86$I*`#cZ|0ZAhaP=&~3UzPpJg%H8^i;Z(cDBzNU>HY+gAFZ#8edFf7cD8HzuY4%q zktlO(D58pkD(VwqWO5Hd+;{0UOEL#YRU;2Gzn|%Dp|H?# zz^cj(LGX&Ss7@<9Xn_n)0&^PlPhXu4Z~9`68qo|zWbzdO!B=iUnXS}9+79**LxGp3 zD>NOJ;IOM?Y7Jh7JYd6vlP657$Abn=ckp6kO-blL^G)pG8BR)L7z;X95pa?#Z2sgB z`tHAQ2WG=&M*x=)P*e@$=CPW+FAL6>nW8CW4jD-{Q|y!J&P`wjMU&U2tj>x zvw)pHC!7xA0+bQ{@|HXHbMo(Ze0GepQi~N00K*ER#9KO3&h{4X! ztdykNu)Q~({zV5c5$@h>GP18YgF z;qxrLMAIL}4R11V?vIBsCGnQkvY#YWHG;9EHErVZBzB;c)&@<(nrx-TfaEd~{OMxfz+dg1~asDT9kE>mTN9|9cd3|0leD{&=}b%gRUZP?PW(0%-WoQ|H! zc4_#P1KJ=8hqX1$p1f#`h4fGIr&~vOQ~hFx&F%iCvgH`Sm0X36t33;mE76`X-a!VI zB&Vxp>R}0NFl4gXC^tYAhVsgg2!2M3R1r^Z&PKKA^E2n`%A!yP`Gfx~E_=~yh$1fx znF6T6I*m_O23%^P=AKgo8yq<2O<7(EBSJQDpJUfVf(&;Yrw7{;c$@p7060NKfxn1j zLQ$7F(9{IgU|!dQ}!QjVaEX2M1e&uMIdA zQIdzoDK7|6HwSf(c1!zGP^7JxZ2d>4K*W7SpCccHWb#X;w#u$ae za*taOWYzQXd%Fn*u07=V97qryl01Z2aX za{f5h*;wrd@IhR8%C)fLBxac4fyD80QXPEZ-&Pm8Q+025(k|jvo#Cj@LVS_1sxj@J*?b)M%wjyd_WE((x^Q4!0=>(~iGAo5zNGW#g@R+FT1`6?} zH$Svh8IkK$!^-LM(BUEBg|cok;7N)2P&3hHx~5J@JUGOt77zVuW#;rpXmZu<-->0X4@(S1FSxZIuz&CRKR(&xXs>*S_*esmuFXN;IQ!)O)bpR`vn(ksc_ z{q)8x3m4f5*Xi-!RV&Bb9G_cApp*g(D`7Jb?G)2uknbBhz5RnbF+RoF?YT=j!v3i2 zV@bN%x;mqMSjW3#q#OPUYeSG}jm!PLNC75#dlv#b0e!g8&$*~3QcKbS%2UuR=BRjX zpoJ`~m13Le-h_NnEY64{zIF&HHujn(cW@*fePliACC7x3H3$7;E^?2~da;0?|0USh>gml7 zV;aru<2cLVKRAV!)8$TfmNnlk%*|F}xjzIFfDpY3vt*4Xq@9hh6M|f_F=O7!tA70R+`yYl^U|(ZAR zt1b`9?p#7m{FLFYZ#2_5P!>>mm9tSlAVwZvhz(JHQ2Ce5@2f=YxDW6s`Zv!OVM2Vy z6vW-4^;^kTk9awl4sGC8N3)Vf&1tUUz0Yr1Uh;EKUr;=9<(*Vp5rTcdyz(RRm35g( z%rr12UAmS?Kr@YZ3{Ho11(2>o_69{~>iL|eO%t%`jgQ&2;Tl>8RJb?O4*XV!;q7WcxuvmNH9kp8wQSXUOEY43tJASHjA*tE+0a;P$QcHr#s~! z;VUy)jAow+A=IP4tQ;p_$5~b{2ITJSp z!NbRJ2J#R^tx>ycq(TojbIR%vCnlBx(gNw1hkNXp9!qS#tNq(9YtY~PuTy;%$|65@ zx+(i7<#!dioGm_dS1lfOD=A!l*VIY)f~AQz0G$&#l*n1^?8%!X3uj;HfQJ$T!A{7r zA9*r52~dk#B|wT=%{GjyVSuN3K8V_>{g)72nhdESq0=G^WYU6|)(&1CR?DNO=pJSJ z&h=>JYq$cgw8|?Ury*D$``1WjRj%^cCsdhY?AxAimUCtw2-O@7AfjVJbzSSa_%sgE zkrjm9If)D{hVh8MbMeUpmvi{;tUBz$VBrCyKA^;b873z;K?oDu#6FiV)e&It53U@o zYu7jTLcP_f>?iSsNCjr;Stg{WAfxoeF!0aA;NAdbyzDe3R5gTuFMT5ZNLUAD`Z%fm z-B}>KUmG`IeFW7`N2)D4AgEd+=Px*zZs90LG1ngEwHrOf>C~!;gR7%ndiB8K!m<9v z8)VZ{T_MH(Ha4h=5D-KgC6~rT-x1!5T&R9Jf7AcrK?pvfJhIs$0aD10c%N=w_3aVt zwl`~OzUCyUH(taZuNY7^4xYd5FG zGaaGv$d@VJG>3mP9&i)@CSZ@Lm_&L5{`+xi+n;7YZ10!m6-JnQ%fDK18kO$jp1+)z zF-Fh1#|eB7EXEi1KT7FT{mM*)QSg^WHa2^$aR27n0h`d5QhLyhz`5M#jbmWV@=YQ03|DRI)+!*N?%Z1Acl|v%+bneD zutHt&y6$VsXUMEOdPJL~Bg+`(v>WT;RtM{(y@c-X%p^>79I6ZAlVtq}dbqLZGiLOPNH-{8k>Z!IHa%uh@bpOPuF zj)(iG9J8w+i+*cqcoZu@!p?doI~#=Sk(zi$8L5ANHIg(B=X(i@GWYgZo@f5_OQ2*{ zS?7KDwxeioOq5p#>ha4_w~?y@Co?@+1G9pbr)q)uE-%<*z zAP_MKLNb@J$PbuP99b*wswQT~jQgtK_M%039n5Ye%w;}(1=!^jUX^cde}~ej`GUgw z`%HpETY|mh=$gc!LipF9g3O4j7U;+-hJR6|IF`PVXxk*16d!DDc%sj#dEbOH8s%mr zl~{GE4p)*t2MyK1^UF!z#eJz>@Xra{{WgQ0Hy}^WrEQ1Z!Ss$1zy)FUl{xz8?s+~f zmuLuO$DIOeD3iKlGgHjl%7U%O3g9gWc>Zy*ySUFR>i)5aue}5fMeKPr*3)I9(gG%j z8nUNhu+Pc42Sm|F-&a)0%_t&rU{>R&M14%*#5??a z)5FI?d&FkG0}HbWwf4O5^=iK&eei41!%<_!m;9J`R6mm$hU`i7rwf(&f}_tA9&OpY zP;e~!8E=~--?3>n7XE1}0~m6Sl+!l=5)DnNtFr?f&?F7G-?D44vR*1(^&heUdGNM{ zSU3ai4e~L>`ABWCp}Fvf?b0_78j24u#C|+aaHXo`LK)#SNMV{AwWcS=yA#a^7Be-V zW>SX$tpY425h@1yj)AKK3ZAOyd=IDLT)2qyVeOl);2mCV?jf{MKSP1E zVZGeMaKK9gkBrnaixq&){FH>4$1`KA^G~CicRzu*?VK*EixNu#qXQ(_`C0E@K6}B; z6Y!3t042$VssCIOZ$Jp-Gp+~DjO_Zm=pi};p}M1MK33JTkadI;@&c^gK@1lc)3==x zO2>_M*6(|t&D-=VLFVQSYkRu(FqoJ-ULPE!pY+ ztf_aFAP^PQH%cpA{5PQZ6(sHg)T%XdL;X2RHblQ*^w>W#VIyC0l(%!eJGbzJKo&vvbZ8z6NL|E>*nxzC-p8=abd@Q8lW zP?JqR#Ss>OiWv-!_{ZyvVAu5>U&Ey%SF$kY^CE91zF~sDIOy7ci`%Q|e_nQi2b=xF zlW_Y_W8`FRT^nDF^B_fKg>9HbyKWi5KK`7CWlO54Lmw`>gj4;p45PAbQK@L$8j&M8 zYyBf-)vwXos{nAsay!dz{xeks-oq!?05G1*-gT-Ln|^UssnUO2NU~wxO-%kK#k;XW z@j`aVfb_TDfgo!bPF_)w zdDkj<1(q3{N(la_|1#u_;|5-hZHmxdBYE+d!-B{;odr$*F(5VN40v-{kYdt@X%$US zKUC#G)9mPfdn`X1z9l0=-w}>{46nMuX_2s!tHkU__{xtv-sm~C`%>{#3w6}^zKLmP zQ2(|_ht&v&8b8fXg0RBacv{$tXCD9s+G^N!afGO8B%?C75qZ#WQw z@$@2om=KkAN70_Vo5M0w2(|Uq;uA1Dl{pJ0L{~?$tGTxvvZG13ob}tus70H-7jYC3NkHBDp=M1ErmF-CYTM*C=hDvY&Dnp zwo9_I(>XnFK{*TT4O@Fn`aE!aqs!d*Q^0$tyVI7(bh0xcbN4f{K2>38|L<~gn=NJK z0q=RK37aXD;4nW!jOEnxJ{wwH@nEq3kJG54F5$yj2=V-^YBs0Guq>#PuzaWVNRD3; z?c~?9)S@5Z{2;vs$LE}z)Q_kyVK%$RhDREW9!aj9Y4?MHrvU6NJftD57F}L588wb?ZtE4Xr`kt-NH`T9K<@b>?8@<)kz~jJ+ z)vxB8>Q4a2>8jA{4Vpdhd?IHizyev&Os{818P5JNxE;2Ya`X3W0`}RNAY+cb{@h)$ z)R`9h8kZJ`$gZ+KV!Hg>Eb17XMLLPEFGonj_?&eC@B4ax6Z(3W;Bq(C<;%CVV~%xd z?o}z@TokZngZN#tTD=bve8>g18tW`v*EbiK6jQ+5KicC{XXvz5Ry+R*EwA6Q^3%&g zK)=HCl}!W*z0>XP=cKL7RrbSuTLd{?Jip(~E_bZB4goDfOq7c^kCNip)*2p)H zXf7Ne#`kEjYEQlO(vO0NIRu)P_8xFv1ZtO&l4`!kMwy|mFJjxu+>=v--$utWyb9Gx z?!rj?8xx-s52R1Juaccj;HTG-6^U>oLe)YIhTG=KoSy=TD>G+xU3a@Q)R!U$+Y(N! zub)$a_y*?c-7oc5yLLuK!5yO0a4Xy^ngun29jnC?@c_o!RV@qinUZX?T>FdlYkzyI zUY)CFV^zELuiTrcMbw8&`GC?S(xWmc`QTZuE+!(ChcPj-&HBKocufe~xA) z=$PGQ$ym>NL^=l}atZjzZ~|Q0I;2_|8Hh6ga~f89EiM18YN(RB-9YB0j()@iuIsuY zJ96;W-{tvFdyzcGg~M(gcd$)mY{C8>Pb*o^NlUJk@96yuE25r-aO4i;QIJBBc#5R};l-LuKPc z7j-DZg+OZhz*g_}=wjqSC_5mfoQ13eV2zpla(VaMCsYphL8)wG?tdr8rSSyW-nkW| zrQ-9{$}Pz2q)s7522`sBvAu-AAev#u-grG&@TYx75 zKHj)KB#7E<@0}T}0wWL;1fPwA3frlT(#t*t_asm_DW}3B65L7-(~J=CJs2B2fQZ#B z?|FS7UW*jUAisxbM6aCICJw|0au|GwugjsR8Jg5k#bWbdTpS_^KEN)He_xg{KON^~ z8As00BnibAWMG8tR7V-SYug$)iSblE2xH|gAhS+nogI?$2e8Ii9R%mS)Rmx`OW0Ux zP&I;mg~9N4gy~FYcz`j`S;`jOW>tjm>WwDSOvqBN!OIwjzM_`Q7Nc z2rA)!gX4~k5{>;oqOJm{sxDg7-QC^Y(%s$N-JKGb4(Sd-It8Rlx+El|r5hA!X^?j= z|9kUh#9?N$_g?2)^{ut{xp$Cc0{92~GSL5PW#7Pp^P<)9;&CP%{^;_%m5W^DPcDrQ z6UvfEZ*qgGhV5WYzPoBzjk*&Fatj#<_#R><57V-ByY^P!V&vb~HsstX(h?x&a+1_z zDjl-oFK0iCGs!_Bxjhjx7V^{WRUnK2ySqkUK{p5a3tbxuY!&#|)v^mUj-YK1az*v2 z?0lF(g1CQ zm)unnUX>*onxGK(FN!q)?cvMBpO?Y>jlu8zaW(|}@Ld0gtUvxjQw&dz7Aq;Bl}x(O z>$vDQ=ol+54J-sl-uDne&)4m$uHSh^;gcz2e*u^oWfSJBSkA>92%a;8MM}m%E3+x3 z%`?g^HihqvJFU3&7VRlWoC5TYdk#NAadkOyi^p+euaqy|w;+dnz- z(*!8=_dKfhn!#7LVi37}i)GkO&?xSg84J6N6egaih zu7TxgOQSD9l1a|)Yl{F%7lU|ZTYO_%JmpYq^LCrf?aE)1KkrtNlz=I~lY<&~r!w9L z;_d>0H4e;LQ38UV?OIQ6kT9g*Z7+V$W=C=%Hiy9gF8H)tL;Ob-w=Yd*X5Y?VRgqm( zk?YieqWZk^PFY^$J{xzx3t0=7)-#Wp4j!JD85MG_E2&JSt0HMK*=~H zdb6nOz8uJZd<==7Ba0R#M8p zHAKM(CPA;;xoCykq^O_8>&k{cPw6DosPiSL0g^0vy0`cO4#y?WG6DqA{MOu;TQ!o&h}chkbA2u;v6Pbk?x!@1k`w###Ef29Vi|s1sylu9wB>L3X^$id zM1z^$`V2AidKi;?&pNmDvU|XJoBW*Z8-fF?^W!Qx|4_t_2|tC8nt%L+Bq(lfuJasI;H3h-N%MU> zuhZ9t!w+-ULamuV{&#_gbo=J#_*$Z}hred37wEGZdjX|VEW7{mE}4Vpy4|fu<2J?{EHS~Jh!4^ka-E>Oqev=?A7ej`D;+FQcZ zOzJ`H%Aler(=1Ou>eDWq`^A)o$EusKAW7vAFYVS33X-FSn81~Bq&?iSO%H$dT4zEwird{`S2o= z3)RveZJ5Dlu^fRdsQHQBZ);N10c#QzRAS(Twt9g zoaxxDD1D28;LoAIO9zXqX>QYrC)B6{8;!&i7p^hz$LSA34xxkepZcFsF#L_iXay^k za2C9wF%io-qk6EB*$^cI?sZ%rYQYP(IY<=B4mERc*&0jam=GdV0TVl-iD<8pwo}j*;F*i z(9~p{RIpM3D@AyYb9cg(N*b$f)BaCU3|cVr(<1+{5zSe0-HpUosW@+X2M~6U7TfG4o=x_*qR?0vU18cZ5?V zeitH66aa1#nMM`l==+G@G~FKqod3jfOyc7{v6(2QV$U3ie<=8nFhxt>K7gh5p`3bK zm5aHi>sPwu(P0JOQBmBm_QM0d+hV4@o8pyF_# zkD=dwHB0CPmU)8;x@DGzwM_tteB-GGjD{#*c#2|JY)}#@BrkP^qU0m^`R$NI?v3Ta z5TrArxa!)_ZJK&{wmQlYVMB$1J>b*iC9V*zMeQ!PJwK=`EXVj1qKcGhQtxHDA%TiM zYf=L5X`yHycY;unUc$gmGU=`p(Aas@@-60oGlC=%U|?1(fPtkP3?)PxxDaQdGlhoc zrpiXTcmIce3V3U!u*S3&pNlpKh~m*IT$@)jYaD?_P8+gxfF!}WKua{ff!|scUtoxF7=;*TWO%;KjVu$ZkTM#H^Xos& z+{YJu;K;gg#8$0lfr`cf%o$PU$L)Y56yUDkEC6?HFlV;X=Y5x#Rsywc6Kd~?_Xc4n zNdmATDB43$#)+a9$1minmWiWt` zBrO6yVnvvFAbXR$in+sA#cK2yN~2+Ea0c8(79ZKzZTyyP(Gsb0e<&JW<6tny>4irP%pF0|Y;2mHwZ zrn(d{Ppom{i-1)!hkxC$Wi;MwyE0C?2R0nf4aE!n%9hKxl7!GsG47aIqn#!)K|RB9 zmHvYq3{D93YmdD?CXc7L zz^8g`=P18}$98o*wtItVbd)m1VWhfx{V-Ufc9%*PaCgaoLT+o^WVJI1m%Nhd+lOlM zMd7R1@=IynZ?-Nv(YoqYCnj=G*FVmT2F5S3KoU+M1< zTxJoRKGJtJN&L)9YkVN+OVxlrhea1JH$;CkgH8MmQ9i#fnw7n@Bb=e5ON+gIbqIcr z=})0u_GNne-Nbpz0@mjD4}62T9RB%}B{Jz{!-rdynXJ)RWLQCepvQ$T($8n^#-S;_ zTnn@w!cObrq@M?8X(fAnQNMkf0=}^GRg`kpD}M)~yaTLTLm?Bu7L+U`*LzpJ6Q)KV%yKgZoDqS@ckY-lT{V57skAKm`o(TC)x@nr0sp=l)ik*cd8PgVaG zOym?#wIVo9IG(=wlnqNkhf+?GNYpDG_K3p6|qfc@>aXB z0r*(k!=3{Aj)g>#Dnj!VYyqpEdr`|Swd;h$AekpY2kO->h8Q^e&pkwS9VAY2{V0*o z0g(if5J2+VE4!_h(8s|~-Hqf&h3JM@UEp>Y86h+q(F!Y~2~j5e8G{sz4hQ8( zvCqu#9RmuSHt1V{w9(WtPfI&mOU!+<20_A(C4oXHp_?`7p}E#F7No?k`ebQ$8{(PY z0YV+#NX7e%3<)rbq_kBqqlooW!?eV&f!c=MzQ4u8kdjTwJn)QN;A6Env?}5Ms8h#( zVkIZ;azLHVsqXg{OCrjEFq4BT-zO{^WY!(x55cc`fo2KZn|3!&N?9$1qGbCJLsO5z z(k6s1s2nc1%df#5OGyh()ZU;4RT+e9L={p2w)g{+sIy)nh#3LV{x@lz1~k^RDHy8m z{1@J*2a{m8t`c1271vMtt7x=07$+rwrPaVQ8ar6>Ka>w$gAk@Kh32+~F#x!MtP8*m zB5|2-598<+GpK!k!te5;7a|2r4f$DjlHj$fAcuQqazpQwgYvx?B5-YH6i)h)5GC-E zCNVVvwJFN1oqcDgvo92_Nd`yZc6lewv#;`O-FG@kumB|wWkuotHicm~luj`8xPKuG zi#@Xmel*P`C7SI`K>?)PRCORMCitE3d+JxwmYDf^ z<6H#&isJz334!6|2jE4xf)knB3;AXFeh#rv!{>v4FAvf}3KlpUQ8@zH=rZe_CQhi} z5o6o{gs>S4g6$Xrz{${JS1Vv8G`y4v>I4z3yk(tKE5uvvM`Rq>5`an^Uivf;&tkmf zdS`lXGy+944b283jC~L8KbT^qTtEO$f7I1RokpVeg#asZ3C3*wP4T817O-lV@f6Bx zG@p!dAh<)@dM^wEQ!uRoqJ#uSum)O9Vd4)DtG=cqg*QT#4*Y+{Pz)GDj6yU?;xS4S zLTe%^Fta~^9kd>uK*2nDU|t27yEUn12(2-@5sDwkNJbpB40HT8S`iVgZssxZsKO^b1RM#8{8qzQAlSwy7*E|6m zyfH3#<1~~RHV0T)!uKX~NC{lRdh2tm<>1VXmbhAt@RbrG?If5;1EH6?2o5Wt70MA0 z3rre`z*s0kp$im+|NOd&$pIbLy$ZwqUviEI=2_^>wN1##CXW9M3niA{r?L3ohbaag zW*pS{l8cV9wk1#}egY5V=hS(7%o5G;e1A4Mxl`>(j*mN%40n77NPY4W{itQEc^=q- z*SM_00xSRJ`d{Me;X%(Hx{K1=81|4`?|6U(22P2b`)23 zQ@bCIu+u=1QwnAVPm!RsLaQH0-|4`dqQq2m{_Sy--ewPFVt-Hd(+&$Il;0ngF;^|^ z2HZIwaA#`RU~c_79{+tPOw$OaG^5n6H|1c0mBXU+15ei3@p%%#69mL7bRb@h(%guaV?Z|7HBuMp4)fOuXL6}ByB&6t zptc&MZh>T`_dQu$htiF>gkZPOLWV5h#+v;*P|>pl7%FBA-cOw8rwe#)Gd1>yJvRsgJ`xGYAmY^t|AO(_Hx3jRC#5Ad8|e6~`61uG z{)yTRQ0!!}OlCIvHpq61Kq5r>AGb?T#+sxIxYY2e+)w;~amX*nC^L%GO5UHm1GU&3 zi$XX>)zo0@t+ZJVCGm;+4vBql;19oR-?7X!=`TzK6Ciud_ zqBSx=fTgu7fr38kq<4I6fr4c&$})qH+6mw8TwOxkg$6VRr9dB@L06z3Q2&)4ELh|# z?j{kf>(*xD34#Z6$pb-j#-SB3`osW?HY8-nBl9n65ktg6+H*y-m2?s$kt~yDv{#AC zS07K|yr7!;HsQkzi}Q#Kq|E(=VV?1UKLBLX9dQ+OhHCG&gc4`1qrgAi(P2tX#h&z` z2OYRL&XVMx0oPGzT}Wd~;DH#Fhh!}e4hF~N-5SV)`4UzQo{F@ois7Neu@1~)?CWna zaYHAd6sVh`kMGGA5G;WNi0aLEk*P@ushf2&J@K`Lg2CMq(v$TETavv5g*jYFZqr)` zIr%q13|Q%vG37jAnLG6%2pgfJuB^aYCwo!js=Kph@^|i0*WQ(^41$#5`>q2H=wcJw#)K0s#7XgSAiQ9|9uti-G&Sk=A zECh8%rSOt+>izaSXJg$On1k-{D!uUc7NZ+OzM#(<1myxAtAF z&PQ}RoU~TLcdCzXFI}^N<9M9Z^=Kt#v=GKGTBO#`Ks1I>BuEWV z!1lnyRf6erl5ax;L**!ADCWMJtVPm4;ki*7kc|gJ$!_#Ojgn>o8YKYPC6y`XdcOZYbB@pvW^cRj7B0Jnz!u2d zdV~t=gJuZVh@!@5pBx=Y0bJBJI}kzI*A@s6mM~RKLRIs{f#k-R*o%Kb%LJ!|4V5>q z@K&L>`xfn{tOG=K;Tg}UuN7d8ePskcqung8%Mu%z@h@P%`#@0Uyw(5Dj11V6PV`G} zi4Pw$>cKqri$;3-i$abn;dv-lWvzF``;boId5Eult zUktJt#PZPgYucC?j96*Do|s4qPxnA1)e0!Z>)TR!_#@pdh`_EoY$Ln!V@1q^O4Lrh zB68^V0_Eifdih{npsVW)S;W4p@JfDLRDWBePLC01^O&+dR98(4$?vrU=d9VOz0CGs z|KQ?FV3YeSNl#Cu@U+Z}ei$hBxm5Abm+6Z+)K9fRN_ge2>Ck>M3*Ul*mxl6mDa$gK z@1zf+B}7;BH9P*)GW9J|tI@=A5)|&eZdxnHm4`nu(La$( zF~Mp7S(~_~Jqk>YbW2>gG*MAje2{=mg@5AsMpm^TuhDyPfk4Ea21yHA#%|L2G{Q8O zgG2d>t=;}sN}NUZ0fFL}=3@he0P9+9zYoNM#QJN>nY0bKhvGM~RRL#_i5EZKG=!hy zutW`!gPOnVp<6@+mCs);1=!x1^7@QbTpb)ll*{jed|bVpn?FS^(YJA3Q~gZ_?71`(?1oJN=C6 z1S;l9AF*c>Lk#Wer?g-0*vy1qNy0<(K&i4c0=L?4dGFnG;)nfP(Vu??JO9QCT71#K zD8U;R=q-(^z{UW&p%3Bc|L9l|O0L`CG|<>FVlV`uEM<>-DLb^{QlOY8@q;ejIY?mG z6uG)Jv);yY%;P$J2+hSjI#=~KfI9%*DKoyfWB6g~=O_1hI~rEOj5J`gb}SiWBu6sU z+h{-mPR+gBp?zwYgZGkUIUP{_Q}w*zp&v1q@vz)y-;mQYxwvzXAfRW7kJCa7T{Bz; zx^=ryTRM<$z+J=QKL>xxc-T}ed(%TTq3u3XNJ&Qs%ZMh=QV0ms_}?`IwK}pun#5l}^Q)F% z4%Ta!%f4^h706eDu!P&j$PRsh$^r<-6>Q~`i6e$=fOQ3Hs_d{trj?R(>Ztao?l9Fg#wD;u0IDm(x6G-e7bR6)Y>>{0-mu>W&dKxar(Nk5OXUSKDa` z3v@X}H&t|J#J~#x@Bs#mA&XoMr_n)KB@o;U-aro38J`kXH;dhW-)&BklpESc^BaGb zeeDSXCi0wr4NXA|*cpAy09S7a2cfpR5c&$_KVDsNP4!OzfU*STbN_){bcH z83^9aG0vjaXf}x(>DCO zTBR;)VDe;|ubn-wI+Pa2K%o9<=ln<5^{lqIcQB;?c(xe?2KKg7pQqMaliRN!2+;Js zyR8|W%e4We{EbBvVy@hlH5I~Ij1d4snejn??)mT>Qfcc81yXJ1ZlwCdu>RuHso-O0 zDYIboJnZGIpLDvs(s!p%!7M5C(-Vh@ZC12)%st=KfAbnO+qrO;_>2|42UhW3({AhH zK48n;s}e5ZRjf`~lcNx2%F6UX6^7rx)Q@1|UlkFv``j)Jx+9@*I*-gJxd(}e zZHZo14ONwRKx$PDH#T=;GkJ7%ZtuLnS5o9A(VXU-Ym2c}I-E%E)_ zb=!u*nUMXdd(zg{>KynK#dWA1*;lr@swE}qM880LD$=T%u{H#i?7Mfz00I%m?g=q1 z!IQ;rvDc-3;)#95O(5A(^&ZOqYT#M2=U$mhO1?GM(vbE?g{^&in6Z&lkaPt9Q;ZdK zQ{9D{ECWc(2q#*cJTcJ2f{bKhQZm;)j!gUdJVzg`*stW&a(DaTvVn+k>UYQY86T%? z#dsfCq+G9B*^6$Y#8Y|~n8jF*wJzUoon8a;nvusV!@u3TF9Eg5hY#a zbESAkwj{Ljo;B!%lS|RQ??1XR&*+8s9CHR$bFqO8rAyj{8`ut)lKy`YP@&#O-vT&@c zt19P@w{G#)BXEL#*(|601|0tV!ZJX4Co%OKj^Pm~bR#>$FtpO7aQ~C*0+7qw))MQ? zerRfD7^fNF%GBs{E{PO`))b3Cin>_=mcICrJC}`;mqj zs3plD+cZ)`9@X6q;AT`O8Ah85>R`|S>-s2i0^fqniZES*ZFGOw<(84Gk@O6*? zsr$yY=Y8Oq?-f5o(150-qW6mwe>0W=bD&Vh_eu|y>3CTf1Zl#oYxq9y>x!nnX^Vda z(AM=n$_hs^i$IIeG&3&+7!(?1g)%`f+?Z_ugKdJfO+D^C4D>0c9!8DKL0S)yep_0? zf*7~>f)pvz1Nd}agH*ICTLEWiC|6168=?wYuq_EABCXx?3^MS{`=6y39oE7EOc8_X zN|kyxhzzJMMHrm3@kp5M2$5PR6#Q=Lsre&mBKBwA zWZ|0wSZ*)NvNH5UU%LBMxvNzW72`yO$DYSgx?a87IsT{5Tkr}&a9Pb5^D>=Kp}>j1 zM<-I_j0ezHy(#(vaO(_)$LO{l3`R96)&O=S$p!IP1|pT3|J)P(5eN;PI+w69sMllq zD>-Q@q>%3@LBkmyJ|+K|(lOv=e}u9^4U8h!4i+%ozoMM|<`u*J&-cNDk+euIJkiwJ zv1^U~E>xqekE6chcJ~@Q8{PMaY5H&c5j;P&6w|^J zR>Z~S0)F8b_is3c76>O>;q4DNQJhQhB56%s)c+FqDrBTD`@DsKurEpf%_jitJYQlS zDjoSdvDOtdAbMM!NMcX`<(re415SoXg*9R!>(|D`8m26O%%>3)&BV2$^ z1&y*sIF$0!I$C50?s#3UQ`U+${r)h>OXO|k>=pmfpz6Vbpi`hM<_SQtXMzEaZGf?l zM3D~=-zOxeE=In709v6-U$@@cohO)p5mT~U#u~30OK@-Kk)?)V%!{)G`Oq;Un-xSI zy*CGY$Y)-zEKEbw6g*kr43)~yPE|7jD8yr;Pj&YFzP>9oNe0cR?%Kg$L~vhgE$^XI z%j=$B7rN1(UpLd=$e|yt`xjn%FB71>ceodWchrvjl{+@xxSgJIkJG{kAvec2dG-&E zET+$tuB6FT@N(?w{i}&{5MS=&eXdJw!%9QF#taIrC_EbejEs?2N^lBGgtlySp)Aqf zQ&SDkC$7nwIdYH~zFMw!H0pU=O{>CgYz$TNpK1;L+w)xqR9C3d#kf?hZzU3YIPf#9 z%f|zp2GU7;#oHq!0iw$cw<1plyc)rIp85`-=TQUJuhOnNSyUjoA4`mHRXq&QL{@s( zKMOgv=;_iVWwG5^iD8lv6;8})t$c&=p=fG)A^jaVW!VA3*~w0yZaLN2%+Abn?fbqo z>B}*QBlElnpDp&2mxAP#*MoFFS2~Ou|NMGuvl33H#o)y%5`o`(r`; zr^z{nd6y@FpM?SpyCNE@H^npe0>31FN^UN%T=Q33j#>8RZcM-M|O~J z+mF*ivG(2Hca3I{*A6%g=gS`Csmf2Ibh-6-W)&iBM@_n-x-O`!=W@80eoz0Nidj|k zfO)FU67|mhezoHcWP4q>s%f>L6+{k(sRD8M?PMd6CwWE2pCOH!_I*)BpC)v<>dnYU z_0rSJy;RvXD{=?HpWmnxy^BQoN}z)+?K5OKPb3^Ym+Sp>YUT>MCl<-(RPSX2nf%CV^}7-)6SDpZVOT!P zC7(+EPKKnMb{~~k^tA#>vrHwbD=P@@C)~pyYrS+&KJ7d+)vJ3%THGU>8>&+J;d7>O zQ$KiG#PJ-sh%`1yO>>XQm3gGA$8L&{SEPWU(eq*Q(mjqKN0cYQ_VB#TmIiW)Y+3pQ%pNy|>+_fsR$ zmPBx&7nU@XvNG%I+zhuO_dj1P^}<#B*LmleU0NZywDsIkr}?>rM#<;*njS?X^oQiQ z=0GO!<*;}sYxKn~uJMtg_9s4wD-rR%qnCF*JHVlNSFws_Ha#uWf!yS;My$WtpLqT#M$URywDi6J ze_|4+2{+ks3x|(3olpF{4-0F&e8Z(K~Ts>s|*W zACsJg)V)gg4c*FzKH%LT~SCnDfU3heM*p_=5r1u?3XezPfrP>fw?+$(DSTxi00nn*MF>{YhsOLG)vkMhG9NS$OCBzwb)nGVKk#Pu%bBK32l?;nXesE1t^LC9Y$tR)Sw9J7tvF0bXj^n^_Y1 zcjeaZqp-fp-1kcyU#~^i!x+oxbt>8n6#QrlY6U&&+B2@>jn#R*=Dtq8wk6?BfJm5+ z=oYdj8(E83DOEDE7thqTLKyqHu1@ilxUzH?vO<(eKzpFqR>ZlP?q`ZN`WCTf1n#iw znXTGI_!ULa&yZ#Oqxj(Zt7td*C^>{i_Ldpj&y-C+1WKX>{}O0*hb7&rjW!y9K+V(7 ztuLKodjn~LEjl40EY_u!CZ&2CasYDas(y)sutO)00AdJ@* zCfO9Yl#in)D^YfXJjsDtnrBuLI~oK&9X;UYot4QtW-#=tn24^y?0=uS&8FLnjKU!Ywx_g5s3`5*XbA$19VphydV@_tkZKd{j@Y~(HK?v)_%fs2Mg0?N`#LyiZRd1 z&pD{hewuf^{i!w{9=fSIef;yDKUjJEmjEm(t%quW;wEUyV4!rdInhFqa*9ZF-_G7b z$Md7+Tr={@>3fGfbEYKK5hXkfDMmvWX`L+5#r@P`KjWr#zGh)S+9- z8VkwXtPtQY`zUugn8VEWtp0#)`C-`z}&0tfo+4Y$Ug)GH&Vk-959XdXx!p!x-lt8t&@q6p=4D2cEy&0(H#w@s@o4d}|=2zhhvv@8!yEhRIAaNO#BbZ*!OF zVDo#B#+PjNGXq-x*~6<5QK#UClE&?=zL(2ir)zDv`k~5->4_A~34?98q-^y%aALh? zz2cwsZbCS})RDmsd?+qTYWk^?{9tzSmVOFIY0^*ELn-RWC1QY8^UT3TL*5 z_{eUud|NA{rHh|0fjWPJz|K{l^4d#%p z^jiZBAUT?l(R=n!hg(9$>3VB}q-{b?y={L<&i}yeQ$OcWyWH{$GY@QLJV(^#)mV5L z1nJml1>Vk8^ic=1e5G_-BsV+h*h`iX2HEd^f7UMODC7{Ug1pOc`BpnveS>@O{2|^j zfNkRQpxLCfo()^?^~IiaEAojmG)P!T;RjKB)W)yS8|(USZI`tXX1FA54l_`{^<(QD zdKgT8w0L(k`F=Q73KU2u>>lmbXOlT};!JRLuRdi)a5N_U#hgdU*ramIHFa)J`~tq6 zGN%$_ELU=S@!nR2s6lMy8+|QeD8DmFV5uI8Lnp&S!OpR**GD~JgVti7l$Pbc-d*zz zZ79yp@AZ0XN~SB~h22Vq+FIC9FlBxg?$j|CJ$Q}xyC69VCpFB=X+|m>IuR;6&Sd-= z|H8`*>YNPiC-(c=_8FC@`03{JG(5;q!3S>@EVN9a<8e!s zuoXZj_M+tN5VObeXWAzbj>J2(|BVch#A81p!-hMqT0CRAZ?&K3;G$oFy*LJKFH8t6 z7ge>aA)jDv*_H+LSh1xlwJ(yrN10{vzGQZ`(?ms3&9Ib57-WKyGKQo;8J9W7c$8!w zpyyC6!{dT_C$4{zwuU1K!wI1U>4_G4DD{0L7pgkAg@QgJ2Z3X&mNX-D z%}Usu>KTioNf;Unf`Nuy`9~+nvf0=MrXd5FRqJB{TbLiix|IW=m;Ry*DxktGl$W+x4BT-bI^_6_tL$^l9-y=hcz(pOJ*D()LeE7 z!)Z74?V<9;s|E*&qPhmqEns)#E)IGcPoedPoZT5{^>XKG8xz0Qa7R)Q*i;lYzoA<5M;PBxy21K_-{*YTIC+T#~&q^ zyYWLpNymPxJsg%re!#>Qf{T*FmYc-i`rU7X#EIJuy5=z5dzoNB;01lFqP(m$D33pFJHe@5IV0zY%4wr=WDi!^YI*Nrw zQ|_GeQSQV)Y`0x{<7Z5AGt1RjFrE=kP+`?*hk5A6vKAsCYoVt4#Zbw4+}fLH>ux^5 zaNrkwI&~T_{37WD`nx|`63rbD6KR<2Dmd7+agWsj+w63%2ol3GOEyQ55DGqJx`JW7>L*i(EXy&x&mvk!~V^LKU#^8&$E zl0R-+_BP77JhP8JFo@&*E%tfPB^8Nltu$aQtl;&F|tI(f49G zQn2H3dc-huU7E&sQs3HltwU=Hci*-7t4 zalIQbnuw1BcdDvrW`_NZwf1pG&YsOyEZO2}XjHbR->|^WiJ@HPLKWy;9 zwdq~W_mgoq;P$(3`_^m=(Hkg^eY@F?jjkGjzrC>{X#BB z(i275|M=~qc!*tZ5Y6pGS6T3u*n_Wh?R_Y|<1~bJzW;lnRLf|_(B3nD;#)C6xPGGE;8oZB>G!zk zp)MUs1PzBM!s%5QdnuPG088J6MCCf{#m)r;@-s5Ij`kyszi@NI(dgl&v6HjI|h=0SXU8te=`S|pk z;UIRR;6I^ZBRHDg_J|1l-_xhMM5I&*o3mgE%$Yp?{Pv!np621$?PfGcKqU|tJ2a2z z*M;A#kJ#dHjbbGlrSR_8*`(NK;>GYj;LDrrW$TPH{&U#8o&eQhhic%yMX1o=x}V#! zoC152ePaFM^-)+-W!h)FZW|8YhyXf0xD@1Y0j2f$!Ivh%0`)I&LliPv7;7*EohE@& z2kUzZ9inY5>MyHrEo7sOTVHzWPcPdV+c(k*Z*KzvjRp*nOYyx5gIQ@|K0B*(tUoF)^y*T~pn7;Bmev?TMzFaS4{&8kY?>2Rhx@R<*m5xog)!8Jto^ zS}A-ZXs+N9{2T5=_=!ldc%knLY{^3Rx2%o&#z?Ngr-V%>WXmWeLAY!dLd(e)E;C;J<+O{geBStnnnTNkzk93Cmw3UVVTUYh1VO!v>(2)s2<#KHU7($Ln>+@D zljb7tzEB^6pg+{QPtAKC6oz)+BzpY_?@h7V8~Pdalf3$F+A0f+Y~-il6*gG68Pi9x zJ8|EWS%uZ{TeRr~(~7FD2xr;lAHQrHgu^anBF<3+4}FJMC}hzoWa@>Ms4n$+uZ?NM z5vc4It3wE{^t9)6#y_+6@Cjs69cF>;z{+WJ9dQ10JS6lv@3`vnQt+g4)yMdLvzYWS z#LXEGzFf#w63-7G*Pmrbf{340*Ts=gPawW)IMWAtrjvH(-hN?gl`lGCvzFqHbWlZb z+oMOQ>`(eQy8pWt4&hTjOOxWmI}u0Y9QOKKtoedof>m#R>LTuR-eu67uVJ2Z@=UKq zUPps-$3a3e_n(!xufqq7^{wo)>}+;dsN91m1DslF+{TV)>XVqv*FQS4*wWiq)43sR z1l@Ey_pDrn&t(I4o##Ye6av^zq|lK_L1v5%h%>6!I=KFjvO{vSZ2g)S(-wjkNV1-V!ZIt$P`Mj{U7WN}qk4ep~_4wk`L4t69)-!Id?!;4pd%F0uKIn$%2 z>o`)DZm`|Y^=E8=_+xJXNDwBBNQZ}aJ@D`q32x(2W^*MGhdGe%`@|_2$?@-PJJ7Oepibp$fW9Jjt z7xEugH{=KY$Y$F~bSjy=zs-#k2}%shS-BvJP^5BoonCRz722NkQuI673Z%6^VTI3Z zh#25sJi4rd1I4csPLzS%@~2OBXPpa3IPjB_hR8Ycspj}Umt0VB#OBJ>P)vH27&(r= zroGegI#(&&Xt=MLj1|Ln&e!~bC2%F!S|atYt(?MVe|)nVb~N1%3w565%Cgt*`m;$_ zgP=|L3A+bXFX5JmoSHPz-eJq+t0>fwnk|*{c*BaABI0%T(9Qf1Jy|9V?IhAB6_OdDpM47<~1$cq2Ey;lCn> zd~}_M~AeXQ+VfqiHlQbR;t zc&|H7=>ihm^csLGkVixd-Pj;l#YNrVGSl^Xb$01luAq*k45~B7SDFgqLgl48UK^8A%CnnWqn#Vy z5VH2-B^SAldplIOxXn?OO)+q_I!$2n2e#-`jSWb5Cl7j(d0v6YFhS(wa34KaTpt}< z+~;%i>zaK!D#Qi4RM-z%l|5o zd|!}KNZvf@VM|4nq)5R+6)MyA-+caWY=Q7yNsz)jy#1$_J_40k>ffC?Q{#KH?K+!u z6mxQlh*mc;$`LL2^kFFZBWiYsMgb2e|OE~kKdRL?9w*mWpYBWDNhj|q4*vau($&?ZIL)nmPZ4UJ5b8HlCaOK%83LuX{8QVf;-Qcj9(FV+9!#I%9~1 z`(3?=%uqHJGq;9IqrE<%MdftD7-RQuV;3ho7;wjf&KYqG&MWVq&*WqS=@22D9xN0f z%fD;2v$M0XLUf&b#NKXi2{@2DC#oj7e$aa!AR@!M)`2G1pm7h#4(LuBY2$E)3cy{I z1+gXs9;;YzyzUA+U%V;b6R)n1e1iYTD{sfHtn;Du=hfIj=S%DFn}I(q*)!|&>o~Rm zpXc^bf7WMU{}WZ#o)h;Gjkiwbx@JJUrO0Z)Aad(QS72xJ*8?yY%`&oJXTlaVb#x$+ zQC9f#gPYrPugS-5zCXKbF1%Nm9wZY|#?jbX2;H9yU0(V-_=Xa^D!MbW1j-*^YxpLS z260p>zhBG}+XeK18 z5mmZkwPbuGd_To)Y@rv}9vBAJGky7=^5RewSu30ekF%1RfOWrmHJn`3-BcrENV2HC zfPws{AlTj9PYPaxC~7Fm@JCU96gE8(&2dU?nLClwS_t?yfM2Y z%8y>6Q(FW|NGW+)ZD?f1>GuK)D(0vgPgnF~fUMt*lXLuc%>d+4f3_Kp*VRK-I#kL$4yamr5CJ5&a zO=By##=Snqf(xxhUs&G?cQCQPO=Q956ynGviNhobWL{1EC2!xPljFQoaq9Ugn&ru& zGdjo48>~R%5KaNz!7OocoQaZg(eBj5nR-38Ax}Q#JoApfKB5j<(5j}=E8>rSt5XfA zmC+{hn4?Ur$~}LUAhdr_ZT!yrFyh>*ueO{9?e1)$tXBCBcr0-?f!Uqly!+*j#ABjm z(8Nx&bLnRVXZK}+?{q>wTaFQ0?(D>$U4F@uO40W_o43P;rV~QMX#MCRJ-|8%qzbf2 zLc;(QIS&*CZTA%9Uff(PW?9)x0{#JBooG7`zO^LU4Zvi=SFNp%XZSuk3&y{N8yCp- zZ{g+w0sia10fOFglA5R5rg%%;ibz7jOtfAkEH70B`5XJH3GVv+lmvtnJ4p=6qXDE$L)xUByS%K-rW zw=cH6Or)HalY7HU4yq{();}eJZ#vw9e(SB;I+9m!Z-%YMq*b2D6EUv z2z_-khredJ;)%oVpbXF8MaDq+QVaMgN=-PU-B2Eh`$;?DpwaXh|8!U!Nr!1P=Wo)i z4b-;!$UUB}DRjel^84_?J2|?yKd+Q`F}==?Ybi#mVwhlfRBESG{Kw(LA1?5h!b)y9 zf*2g`*6m#ck8w!@q7YX9D`@5Hb3?;=?Wk~{a!QtIR)sSAASO}mG{<6LQ~_>@fGbCn$CGiZHDJ@8T91?AN#C7 z6MJMd;pS7#%m31pvaLGYR}%n#ea*>2o$I}R@=ZVvRu7MBH5V3dt@!>Ou~}hA&e}1M zYiv5NbtX*J?DN#YY>Nz(a(FoJ4RVH!TFNrYw}przjmZ zRLEmzy!)sTK2>Z*_)tyT$89c=5YYR(34<0X;0hXRFF?Z99kaPiQAx3PI?6fc!1owy zB>u~Ym~yR37_G6lG2|K3Fncwghil#z_FF%GD+<5h&<0XRb#cS)PK8M-B4eU9K6%%D zaRHYY4l!><+T$twr?3{o7o)f8zn^LsUxA-`16$aBFMjQ&G#2mF8iM;MiED*i6uqj& zBQXrPTt#LsF#(zcfP!`T*FUDYG%@$k-B_$o1~Ih0SIIvbeblTDRp+k6s=Y)mb!8@O z`K&mx5Ag)Qv-K|c0fBn%!~O*Nx8QKF{f~r!fDp3X4n|0t%};u05IZDCxf28p0tLU? z{CvYu)2q#}5G4VK{U4zNvakU-|0{MN(0{u_fgpgf1(~MTgkk;ncp#2{y0HDPb^!t6 zH=!6HX<5Vc5U8*gMu^}`H!>6`Ysv)`3bTnIZI~Ap1;qJJR~8Tlq|0@b91@c{EC}fy z+Lmp?${r4Yf~>iXBA~Ew{Eym#ptavH|MeOS5Fwan5DXg!Yp_7>aFamph;k1e;GYoz z?5ynnq>;Bg?`E~6bNsSM3K46yc4@2V3~Z2w+BC@x5j>nI)Ma-;6kUkyJ&9$ZKJQ1Iyg z-EbHABlF*i9U8>;S4&zPj(;YSm-n-@k+q4VDJdHV7o-LqiUJ&{Fl0_BgxoQ&a$t$8 zrorTw(;aFRVgrN16_9=+?Rmi&@%iyjaoHzSeom}n$%6Y#kZ@4fAu?Q(yTMO< z7bDl_#7>=V3;pEr<#W-P$c+S$uIpz4D;&4Qox=GDSJ}Zb7yD3_M@eno)KC%$cus$b zeq~%r0?85uVm+`mN;4A9WyL7l4&&Dot*>Evddmx%u!--9LK|4CI<%&QpR{%_ZQLm*QdiYf?Wzm{xm^ zI5`jgjL$UFK46tq+FxI6%-6z8Q#@=|as@@}s=s;f>#2yrt{wrEk-4ST|7tMF!qM=H%z=?@(ojOn0~{|8)o0|tI5T4&L839KbslE z&cV*g0*SF7qo~1=m|HcB5z%f4#d8OB%X4!IO&1^$Gb@EjQ=)j|S9c3#%A#CpAoJ za&i+OH4r$6MkI()0yspIMow@(8Eu)_g_2b{TIDPAnAwGD*dFIbs4NmetlZQ%)Z41{ zXn`XT^j!97-^WNY+<`>F!Sncg_om3j7})M&Tv9)eOg*ce%bT489yvosV(jw88Uy0C zl~6Th{d3sJ}4<0~7 zaPk47?{7~iMv*yv5!;-O8#!|2FoX6AULkE2MvocAZp}*_VTO6EL|O8r-}_}Uq|CF} z`D=r>=>zc>WxDhqFz+%(?aTx92fqmhM&PMcn;EZf-#d?HTxH6lL&@!PMH&Q>4{1!) z+R~%T_lU`+c;3&>OO$7#{VZguWdfrF_?aJ5*61z!n;iD!EF8w?k_Bow++_HfLnOT| zWJ7Huyu%(If{4@|yZQCBZb=2(H3y z{n_WG@9})UH`emOhja{T^?d@}(Wy-10QAPBrpbG3K?x1{KXxYIO-Xtc%)J?asxsj_AheEW zm4|i~VkL=MN|vCP09bq6=@^lpdW$F20Vy)ImS4TSwM!_Q+6FV%@ZegR)Tlb>JKUA{ z3iIyP_s-|)3)u*lcN8Jy4QpFG^3S^l*E4N*4k8u5y&fw76)uHd=7oW{e6q%^L)-Nk zyoX`yX>#Y|1AN+P-y^{zKZ`dT6ySmd2s`=MyPXq?oyMJFEj^wZIt27h+Y&TAo^Gyx zSb`{~bS+<2l1-;^$ul{lT+CwRh(o>*kLtDOvFdHnmR)cAg09HrxTci~X+S)+SJFe( z%!Kjj*CU6|d$#7pNjd6$1NqRu8VENnQH%X^E^h|o^m2z-@GHUmvOyP9AKa@BLb2Yf zZ4AB}SGz6ra}@kMV@vvMZ4^{PUIkhNAB)r1^)qV*z)}aORz9keY0Te-#|$C*<>|-b z*7Bb17_?S)W)^b9efmVhh9e2hL7;x==I@cZEcI^gU7SSNxUm2@$oGy)KS01$f;|C&E%!^E(4{=!xn>ge9`3b5G^9O%z(qfxr>r%wTw8uz&IADW*nVAc%_gMH(p7jnJV|f^9&2CPd;H z8x>V}p`*$jcM;ae)yJV#Gg~k`G2fz(ClvCb((vFb+F!Mr3)~actUoq)#Evo0bQV*?{8;kkDc zsj677Mfx11s_6K$z8=eh?Hlb9JB>q-8k;oHCZRHZ#nXT;ePE4d{oo4 zoWMU%7BU8))$y zE?df?y1UuT{5!MZbtk~lEz#EPOT3Z#cZBZdzU(M{$MB0x<<9s z7_T;#TiMIbeG7@QNqN|#6)La$yixz0H|HxZZ2`}5a(yJ%v3rW1?&noM{bY&U*=}_r zj@v(@S`sPlPAyzx-Yd|SUN72=fXRv#gfaY#>FxBiJp0z-6&4qo3`KQ!?4@WITMru< z@L6V9`~1R$#a4L6NCM!BAZK{^m=!Kb`RYb(j%2dEai5=ifVQ-mQPOQ7!Dc=X0{c2f?%tJwu2_hQ4dn7sciy z&3VrtP4~KK)-vV`?W!@PsGbff%!+)-UG4Rig_lBg&5;e^FZ zmpAxjrpk_Fx$@yP)e|JB=yFQA*bDeV2U~rI4GOwx zxYrT|cil7?m_wTKNrG;|N2K|ej6^ef6%jWShi96JA9iG{dK?}Mfv1iAZ0y;HJ<8^m zL+<9%!P&$CmxpQUli%)_o;1{5&yiGd!@zRa+rdT7-oJq@P1^;ruPT`NS*CIK57V&Q z^DKv+iXytDH?O_?-;Xn&HSS_(6g@v>byHM}BYYV?$sc%-y|R#sHG$Xj99G=8#sOJ) zZ98A+ZCt?mmQ5KI!?bi&;vYH%&#mi{q+v2}cF0w{llG$Pwlg|Gk>;X3vrQyYIRlew zm)J3~9NDm%K*j7>Ie2FxbBe^Kd8fY^5bi>IIfJ~3(0f*?Uc5y^k~&G-fu=8Fmm zFBt%rwWRBQF-Xc^=maJ|2$wI1&KnG2z*!kvj_m4pqC=3d;Sy`gioO@Oy^MnyTepR) zMvQ&!{gl9Gzek}H%P2PU`?-kwtOC1IP~afAs)hn#2_5bCQRiX+E)n6jxuQ^&ALA4j zo;eCN!w?D%2op^Cd-#v>>f#Lv7ebGGcJ|Npr#+ zqJXu4;$7TzlKxu!9n)NM6S+nrUq9yz!=BVn=`dyDa3Q53{=Lfz|E$^qoDF7f%;IWD z`P=QrM2k&{vmtzIkQGF|(E!7KRm7UW27|y=cv_j&zJu?Gkf^D=O;TOwL%mW{LeE-h zC7HE00VpfLl&iaio2og@+ZxO-K3H+Y+#w?@Qtx|(dG%!n&ViFF3${zmLeM__zB7Kr z?sIX9v#`lK?O*Aw65O*%U$bp32JlZ18L$d$8FJh7F|!+b80{SM%4N(`dh?sDF{R~n z(c6tLQr(w$<_ywej*>*y3=G2B7;d5yW?lrW5koB~p#*=F3OYA95u{SkSU1{S?>3=Ehcy#1jOyO&PB1V{GX|{qjXVuU!|l zS{TC~XE+b%B-2i)K~Gv$iyTCBg@NQlpHvG~7lpY&mEx)>?=R!CQth!;Ag|qQ7v;>| zm#O;{C+)V9xb=anr800uXjIrBFto_JI=s40bvZs^dVAK*{(PN_ALYaXlk4XRN8{-kw$`E-{&R?sM=I$Tfw%FLtr6OE_L=7 z_U|sa{Nxb^%*lbpq|*o<#kQ#>y-h!m(E`TWCjbH671i_ULSKsv=TU}hn(bLo@t7xk zR@5O9ZY_3EIZ&Qp1nGDK#qS2QrJ$g4OS#b1J5u3V1@4EmBA@es9goOQS+c%zBDmRa zRV8ehZRC?gTS}+Y(i4{R-$}o>Z65Vy0w!DJV=K=6LJ8UaNCWsY7s*=6g=eV0iPS{? z1n+}u(2RY?IS@RgB|~m75DJ%x(s_1i&r2Fot(fo}`VsRE>`R{v(*8lf#KdvU7}hRU ze7-g16sh-8oxj~kTi+dphaLhj$j#ab(%-Hp*ypW7eDvw3;HHz6oP7ylkkm*t<``n} zN`L3TbTpmAMeF&M!TTP$g!ZIqan&wd`aHWt2*&(O)kiEU?@{A^&Ve_bYdjh2p!7Lx zsq7KVZJen9&et%N!1*}zo+^tQ8pcw5^Ku9aIfyF(n$-M*=cq+KI{i4F?bXnniYxEI zat6vkYM-o+plqHnI9opBL z$;DwV?n2e^s!ceNy9eCj;ef-4ybC=b1? z8bc7hh|8!0z&crCHH=FoGZy!&E<2(uLG7igu67=tN{}Ah7ZrX#3Ijk!<`NSv<&Vzq z+NJpArs)x+vmXfK-z$d1G8zGtO(%f{lA&bb-7wW}q1gud_AFcBW^?v_=3Eo_CNO)G z9SXKgU|Jso?nc;SABammsgeZFz4WIDg&0gH&0mvqbY}GR1cdJa9>{bBmZ@3mWhtNU z4J?Zm$Vhpz5c_LrcaRa>S`@0OJfsVG_L6{_$RZd#wHkXz2A^OIZqsA&uK395X0Cb8 z?Rg&vu7x6o`q}hHShL}<92%tpGZVeZD@BrRz^dM$MZtv_TRj+|o;Zpllw-ZAz#+`$ z3hNM>f@T+R4b>tBT<)>RfS|OYR6kv}1w`9# zg@+^Q1nt!j8BvZ+5-r+9$pb}=bxr9rDC9#@G0hBH-4h|h(~-wm^|L1+#=jtvY4Z;* zSjQ|f@h&oDkLru`PJyYZNeHk|CTAb^;ih~FMCx2$&32m8uH;X~ND5HWpKQWw)`>I@ zSKna`vNGb?&i|pznv#oxts*uw%20K|dA70ju9QM`TDDH8IK{ty<0m;Jr=L}2p*>6s z$fkyC5GFqATY)#_Q11XA(e|DyeKQIfy#76UbI5Qo{1MUB zW%4_tzvqPZ@l?L5&S;ItZs9$dHTi**SA`G*n^Jxg zJ6Wq96Ie`Gk=fp!Y>9`IvJxaZ4i2aJYBJ2E-!Upx`$4|XGsBmUu8gf>e#6w75qhYg zbdaD`n3T%AmOJSlS#2KIr;1J;9Z1Wd(%HMGk&uO~MrL@)_)d(XczocjcNBH!T0XKv!KM1=# z^cPfLHYSCEy}H;M(|~0(9=PsjZ@M9>Jn#G1K&-&8BWVdr)_Nu)XVAYS@P0id`n@WI zI%rm8!mIYToc zi1px^EtnDLqVtF{o3d!5h9}=Q)=#cmPyKCF)Urui!o|eO&66j-+YKyTgUcSA7&TC7 zkCDyG?cc{NSYM_@8w+np50w(oq)4vVcaj3ji^&Dl0dEz##+w*n{1oe$;4-279IBR3 zD+*^}L>jfr9kt;heGAP$Ygjd!<35z7XH(;@N%~gfE)daI2~j)ny7AXCOZf`9r$4+S zwWi_EZx4Vy-(rQhN<45%r>#;3x?M>m(z1tqJ7}9FPiWHI0O|cy;MfuuVafO@<)lDg z1AeY9jqw@kc&Za24SW%pG#Cq`yekEb2yH*vMNks=*a*%?fEPKQ4k^~VmvvpYqd30j zCkaz7wzB}T)!rSh&2!kv{R1yCt)t}n8FP=;aur;1LN(FF`vmZwvid?%RN4=?3Q7|L zD8ezoTX4s*tmO3rhsyym=?U_PPKqK%Fh)vuuAdSE9_(3xK{u`Id!f&yLtG!W(nz%> z(r;@?#dqA*qGHf0NbiHyPf#IenHbqZstITn{k-ml4nG;tcH?c=-ZGouk#_0Opdm%F z2)JeUY_LZ3R$qZx+JrUx(V{kpoT&7%e1FXt`19})qGBB>#t7_e-BM^|OeW={Ck(+J zQ=ALX*mezwD2De?!h4MW@)QeM(L0fQZgLdvTNW|t6@w*SGCW<4S5&F%(jP9jx>ccs zz9FuME=_l6o@7HPP-R<4N^|QeB9lmtBi!y)qxBl&R5JwIjBZ@2e;xE+IM~pGUHhDd z*H*1XwCc0qg^i>Q8A6;mJ}p&jouGu^T~JM3-y)%Q&v*Rr8P{C$4E-Z zwPmR=3Lpv06>|8-`=_4hz-Mu;(A7=+`qM}5=iaPIf2s5d^c~j5MAHl6({HlG&JHML z9*myUC2Rd)F*piF(6^5IFe=5_@GCzizmE46=|aitvsXBQpTW|2djtNqX#q3ARw_su zn}lDEc_=M(Wn{$_oHXw^M;L2}b<RCzDe?PZ zKvNU3pFaS|5?Ug3(CH+sK#YJd81t^Xh#eqr-|$cb7c3Fri4Z`SMV=yQrP94N4+M8#Dp|DVc0>MkJ!NZ9C4Vlf1-9ia(S$B147%&#}nGeEsay zig(1#v{Nf#3`>}==I_zv0Bsv=MzN>b3xhEID|*MWX%eZ`sSKaO4Q&Jx7W*+;iPWQ; z04&DfdCu{ljM(;NMvX#yuEwb0TNPMmx-unG=IATM!BT8+yevFYby^gb`Zr2ANa>$v zw!`_HiJ%-u4_o8i{0ss3(+K$4qdnXDq(+-xvvRj6kswyX5 zu)M2VaxsG$znSdtjW>Rt3oZ#=0FQY(WI6w$h}E++^n~S+haJ40ZTFjA|3>bedf>E0 zT0`KKiPGUTf>Lw;8go$2FrPB5;--N}26pZ6*V>?*4P?5tB15kpP~$~M4&J9X+5z}U z2b-0=pO$4DNlmOmH`!M@g}CuIjuFmJ@XErIgp?so!BhBt;?^Tm%7+{omkB!(gzRWC zhcl(|kQ~3h*-{Enjvfns`xUMMlG>hB)WpU}?rUF8zPT_nx8#{_g;udnSy!Hlh8?sa zQ0e@g1FyXJVK>RM=dsEx|MoHJ*}1^72CZVhp+MZzQ`H%%UGqUmxtBU!rv|C@*`#AmR&wcI3Z2 zez(|oEdRORX5;uTI|9f8fcWO#GX2Z#gc`L-2ASJlkPLQ@T71LO8Wl&32lax*WmWP8!4JVIU5GU9CXWFPiS-f;!4Dj!<1=l=4uD&tRWbtL$ z(&_HZ0j^qP69*IeO~@)$qp9sziiNW{^@DDwuS|1F2m_?u#L}NMvMtHsDl?LJr1{<8 zPxk3{eoKxdt@J283D0;D3jli;G;It(P(U)A(Q?|abFwT=KC2G~BLIE78$dMs;^Jjt zVDhHIAk#n;2DmapaU&VQBPHp^GQ(M4u#@eVVBA(cM%?Z+@pRrm9zCC7ek!EIQ#dLvuj32&)(L`jTV&v#_Xw$QBMpy09vBNtMN` zEn>QfsGO3_HQj?F@Ok%LA7#g<%5ggxe$%coCvJP(S}^4h&TPsFhMB6+*PQGA;;gf`GXp*AWOyhP$5Q`)a;>A23BV)5(+)%rs z4nVJ0i*0&`6;(-%+-Mzv7dAE@p7O3>y7dXx|1{_MlN6D zcm-*yClATd{QO$=1)2zS&fmf{T@YJhKa$w-BjZN>?AQs*YEc+jmptQv_Kj>dMn*}9 zWpYR+8LJzsZJmAsL6|=xg>?MR4$*i-tz9!iP_EgC9v|ycg2xsG_;T&bFsqNf#qdC; z2Y6I_@Nai>7CXSY2uG)%mB`bdjbMbnnrhkZ^aJf-6LgqJkb2=82-ds|VV&+ZP6q~O znU2@MP#ONzhmai6D=bJ?vUd@kS710|1!WI6RCCMJN3Mm^CapZDTDu*ardGv=HndUazks%}qqv(YKQ0nMNpfc+LW}qovdQ(0 zP`X#=D-FqoGc8wbV?bxbsoTg)m$#TIg4wdq^6!PlLM}hfy=W&gXpj7dKGAPl;pYqt z=l9inpI;-vDm(H{eQVX#yp{P-jWH<6}~+p@z%7NgO| zPA$TU0D&**1H9elR~c(Gzw*j$wAxh1v`(cqM>liK#eT{|>ekl;(8(}}OI?pI*zd%4 zU-Kk@qwb#PFHvV^uo(Z|kK;$!jv?>ixU4cO2a z@i^7b=vNPBZtEwIy-jROVbqo`9~oH8T-}ejwpA_%1ImIlB>}+fN^N-5P%n%cIAS8B z*i2Z@cZ3iU2nL=-E^SbA?Gi?y5{6bT%f|%3q^#07hHq!7EI5RQCEUJFoY^oOZ4iWf zryjT=7|(A!gM~F{n0V8XTOvp|*JZsW$zdq>nL2Zl9oC;wwO=mJfKZZbIiak@Bi*qj zKK=YH6FX1!DOxnF|Q`|LIOZz`y8DSp)(IP?%s# zD^nXN5!8aBdNaDkq_H=mI$NA&QANC^s;b7cCvV3+rN8)X8xMngwr{Q^^C6Z3SMP++ z(WS-xrR1Lz`JwYm4ftU-`66qSovF7(+TpzAZ`3|<&-1gYM#G7bn4}$$U+RO+H>g1Y zYi~A}Zd2*v@&@i)h3ijFe3z343FY9_bAj6d;~PFSd473RC~{pl2g6NO6ZGr-M-h(k z)l+Y`?f5(7l7yx(a+n*<&VBXk=#IVsCV)A-b9V!^vSyN0&m$fjkP@tP9pA0nA8m$kH)*yV!9wAp9*4RybR=z57IW4s&?QXLhd$f zgf57%8-;Xdf)X93LY+=^fpX3%9#~Y4MXNcEhH6iB2trmE?js1E#Ic)@vV^7RlVAPja4q~UqF}-Zb{V1<*0H!i_zEpUP>ZZ0O!_o`|q9k3Gff=8N~Wuaw3rRKdi40 z5S!F}5-8TcNs4brI8;#`W^lmL_8WHIu-g={w3pHa1%MEz?&Ct#X16~;RutOa2#}@w z$p7y8@3Z_LqL&mhM6+lgAM!l6jR^aeiH8dUKff&sPL#1(Wchd6f=jZ1>??A>`kpd6*ZWnOZ%hGF88)hcG)hrcqg*CJ00n5 zui`hJ!6hHWDe`LPjzYv`bbg)ED(0nBq!N?3*P8|NMQx14Z!q^02leqK2Pg-jZN^jw zqtl)i!+$2Jr7N7689d{3x?cuFnw$pK_0@;v%6o(^!W16vCsAyl;5NXt{QwOHuL%yn zLkt`@LJ%_Rh1L!>sO2N7Jtd{6cA`k+&pF@E0QbF~>Ouh&6p;x?bMcj?ObhUENP%MY zghIgKb+*XSz|G{7ep~IFORVFj96=W55=|iqWbH;}Xa!jfB`N(@!kIA}gO{?fh+p+# zB5b%gM0MCGp`+yGT|qIzlfJ7-mSWL0{C6mqm9QL4JG?hk7cmX1;bX_Y#N*0hdfS_p zz&~M6IaHa7sHp1n+r$X#-2FvX#Ycs)3#dxOri}z_Lf#8$^fA2?wVt91r$l6Kfc+At zM8h0us*b){&}<&89m|wpNoM1emS{9@#yywaiF2l^%?!OrKUO}?6ZXDhKDOyjX9T(~ z2_ta6Lp$)Xs6W7VRRgc|pfN@}9#!|1vj&IpLRu*`xXm z+hVE&&#?~$ZlMY_Ha8rD38MtI*_LvDh<&>OAK*g@pEmhQSzUUykbn5&mM+beL(7lc zb~WbeI$_%@x&U%?{~1Fohm}}OVR3y=E~h3E*(5*i-^y;6T`1Xs-~VF3Iyl-JK}tlg zkRij1+epZ4|D&QIQ0r(+5W%QpMhMr^_V-}avi&z4yy373we0A43qqK>kMy1$2;yRa zFr@B_LS&+jNg>gx`?6it*vL>*Fin&CKi>?Q&eUUq|B$)ZSUA}s{zdyDV6SgAvb}=H ztLF^7Dq$ASo-X`!!-7&&3-n_8g3^L|rb4GZ=i8Jr^Z-)Sn)QzRasJ?#O`3FHpP0Vv z!mwYs-)?O5n%jemusz=gkuj6_lG1h4F^X12g!x4@}Wr|zs5HoGnuC_Qr)MrQ;@gvlI1M z4_7+17{8zX6>Fwm8S58vfV_ETk|qadno`1Xj$5RQfzzU_jalsgK1uc zA!ZMByyRtdBTDHxq3;_GPDq^YUf&y}gt-3e&xmyCJ|Ya;Td0L<={^@E`pXp^q^)#c zI#?#-_zfpbG8v~6KcU&!A;iXKpCFh~$DjYz$TI3!?Vr1Xx8?f+4LP$q!++y%|3jVT ze50}MrXGucBbA2CR|L^Ijv1aT<=aZ#71%@I##~{C#z=p5?f*Dm;MUIXi-Bkx~*^h zMJi{(nV}SJGqydpN4SeSy~SIV&HZxt{m0Oo;jReA1gNp{*P_rRAJ(-HO}UyVUKzW4 z9&9ojpnkbRvzOvaM{{7{L54|p41%$J;q0)HRdnbgNuPvv;pu)Wq0JW~UTJ3+fUcRc zd0Wg(O%P}ldW2GA8->vTKRR=-B`}XIkb~qcRQJSp^KPqvSeUY?YsCNSQEWNJS=0NR4?YSsV5m*0C zjK*206Bc^g3C>RE0@h?crRK+9Mu65R3|N&dq67>KgUIhWTiL>n4(k0C)b**P=2yU~ z@ILot-%z9yR_p8Q{8mVKL4oFl6N{Jcp%fV!onR`p1WVfUcceXszm zE`{0d>mfg1I*Dv<)%)l^X{K;>Yh~n*dez_~@fiXfD-guW4uUWkpZ&XWr16eYClCzs=|K899=kEKIm(&sPIKQpBDS$IN1z z_3@D>>hYTxHd@RuiT52QuFIn(Vc|W*L>t9i347NpH1hd~Jz@8C zWCdggXKscrL?xgrpgCHvrlIEJ^h?>%M9ocpgdpJ(+1meLJZEg@vKv5X2oR+*#wCcc z0?TI~zM*c$smU$c@x~rLI54)mv{|nRe*vAR-)!x%8*yQHUX8^y z98R%Mp||dO=&oI%C#Y()^-9E$L%&qT7fTWE)dh&wB*~}-OO$4dANe)V*>)l|fJ24z z1q+H7mhnp8$4$e8Hvh;nwre*Wr(FK5qj2vhF8XV1c?vvhVl!P5J;IjKB!x}0V2h;MN z=9@BL3P0O?_N$yMpQQUso704X$cI&bSoy?;Aj;j8FDcuSlBpk?by$ntPu;(1SH6B5 zIjJ>@JyyLfnmZ*cF+DMLdT$0Vp?lbrx5rF-Z+3rH@qx5_cqvL^4L1JXTN->gX%Tz$ zOSe{f_^vtjgk>*i8AkM1sg;u4(1=vC>(SKkJK~c5+8x@)=C&yda(Lde(gN9m%=?g{5LGu8Cd0 z>0D7%6~n%zWf9axm6bi2Bei{ExHWou=#?TzkORN3yFhK=FCG2YQMY1yhDgB$ z0RAVU2l$_O#{aqRU}u4Bie6EHN6c4Q(1Py0kt$%6jm6`be9@Y@K=o}tIpLE^%fNv2 zB*U5c^N4|_gqa{5f2PR2t78H+-KpP}nJBo`f>Zf1mSLuT+cwdAyB61%!=5&iKd-MU zpfGup9qPEQPRu^cP|9g=go&kKk#MOV!LrtjQb75Sfhn z7m9p-HRthsR@r281!KzFe;g&Yw zQ;UX1ZV^j{r@-OOaVGbHMJnuW<9||$-1V|=%CPg$$+3jx7FRO=B0ovOk;%xPac2)h zapL(BZH~JpOz<`3H`~%X&+^s}rk9lFsPE?aDyOkV-sO=i;h%K z7ty7<JGZ?M4zt1=YfM+hAKqYPZLlwh0kkDD5?R+`DzD?<${6xzAq~_hVUZjAl)Y z-9Fc$n#u}9}`^gj-px4_rG9X4+^*4x38hXsNGva<|UjRwhW)mn#N{Z%_>bBpV)<{QvRS{ErRB{-5x* zzihB>(W^HbTCw}D?c9FMa7S2O+onE*f$N*r4u8s|dysSUR??NKYI8Sk{k+nU2k1rz zr@=5*ZajeD?q}ix2Yd4qPm;0I&=2>92ZQ&IZC2GrG)49PVUb9PpRGNQd|7bDTpI7m zspTws*UFz?AGi)#lOo%d7ecEfWYYOtAA|b?IiJAj??wAekg7d{k12d%b;5qwzZ&Ig zaL@Tt=Ss5b6&v-a!e^OiGpGH0#m*||UrccAq~ zGbPVhVL8j<^I56$TYq={B-|b*{+X*jk7Z=R;RJ6AF*T=MsNcoMuVurY zO+MdkY=P{AzYKghORH*Ow?-Oc9Rn?Tx!ih5ftWUp*(yRyI$-uYTT9Z~imP9~y%Z@f zS)|&X4FxijR}NCBxdXenQTQeM;s97La#Ipk`wHzl$Pt-ROPZL6IR$&_lXr0!wY@~? zdIXB zJvaV_EMCqy$!fmBXhp66Vx}ZM_7iGdILe)BA|3Xfpr)%D*RJStX*>LcoJln1iV!nov?AqI%Q`%F(+b5 ztk&4KK=6|-in662zteeH#g8w@G+aNL2e8=^_tLMy7aEYAie$&|{e{K=TG3wZO9%rf z*b!mvhn@wzOHXSFm6iS9ZpuyN-1T2fO%mJ^bq}?fFoa+hb^&!qX29f?&~?O$;I#7* ztoBx3)SIK?xoz=_Vv!@^m9j&_9_c}a&ymYQI#Bn9fQ1j&o`*sl<4okE!qJg-;)EXr zKa5~RP;#Hc(vw+ep~+v*4!omRA$}xE;6{fF+A6{^3Mb(bl4ESV&cdNjRs2rR6X_S; zGi{e()>gPsFXb{TZ~$y${**8skHM1&m!m}Go#QTU0j>_N)gyvDr@-H(HP|rqw6~CZ z6Jh;2LyQDj24jU7y;o||VnU!C=d~7vl?pTcLffjH)w`K!Pv1&A#r>vqG_x-MLdKFK zitA)#lWGxMmR-d2$$!Zfrb&qSw-JT$xDgRLDbElt#R)OR0Sa)LAfBNY$*p*65n@GB zSWFRriV9Ae0D5iU1Ghp}r05lQj>CPNlEKGqfd;yIG8sMj8(wf5egyBbtW5XZ!Upm8!0?2 zV}tcijODEYL&8|{aD?7!S8vpF1KIPTpFkGzwBj~eJ~_}vssUJOdh#P@5Nfdcala$Y zvn*M@%_Q1dKl5!xAPUf44Cm#ZA|Dt1=zj)TX^j(I4^#9S;Mkfg>Sy}9yiXyNazu&A{nO7~6X7M1ZE z2?O=OB)5 zxzT2wAX;??83waR(28zp(m`Vp8*homjoq?H%D*cG#fWnejM`GADg~AmqG}Z&G`B>`MzQ_1PcI6ZzE6 zg6i_vGdMa#4KKdSq2X>u8)`SaI-vbA{;lP{ys< zn9bB(H+Gfxhap1*6@6887cICjQUy%}-cbUTkm9y^(8S0*Gq0&!-^~mBGnNqb&p(VT z?6H#|)-H)I6Spi><1Y@j&(6dEHpW0wZNE;I4K(@Kvs;#Ui7YZh*?g_>9}QYBPn41+ z1LdTocAhasr%1-4l_(wtwyxN(xv8zCDt8at3bz&@_`(ajg_AWx8Fu6##pOag05@|LJNE83sS6M1-?=TBK90# z?uTDY-;reJLh{-bvTkHE(5NyjwB&V97?a^emS|tb%27)OOm$@bG&ij6GM-8d53Y_% zeOT7zpdIJ#eR69V=lL?tJ@drFAD!ybfhFZw4w>L_#A3`x?Q#0O5ZR;fXvadp7l*lY zK>H&ut)5&xk&+>%frE$jNWEnzMLSbQq75^!I*R2Qh{N0#Amw2d%%JN-0T-C|1}ll^ zm-wIC0-pcIaQxgH|2uVadtpccSbx(ooOe=#P=fD@fr$xr0ctXjOuuCR2qmQkkIQ;c z(X*Nh$qOg;BLAtF;`r8jNx{roz$aqr(Z`LmEsK8jsf&S?!=~@-S}4Mo1#v*}q-fz! z%~CEZXsMsIvblC>6t5`O&N}`KVFM1cFRw^t2Kz^(2`=@IZ+pVyP3J*^hL5lbLq4{W zDywE&hFUJ8H#AI}D^x>ttQ63EV)PgmyFxdfbesYN+eA~Jq7R~)l1GH?RX0(F1Wfa! zI_t(YwlmKN7!)^hB~j^YKVZNKpndu#(r*E~o@0P2woPDG+7o@55Bd^v#|%_&9K{@N zkaRJ(Yp31u5{Og2FJt!20h;Q3O0*n?0<&x^1EI3Gu{Kf2cV76L*c!$)TzFi#$sB`r zxv`S&0UjRE!-^mekr(EGdZ;rOWR=c-$lwFR5C9sKqb8RSXKhQP_Topm=s8WK@1@_- z&sU>NY+Tz%2lPfs9&M+n*n#dJBP8s3^y)G>-wjJS^S;hFX~gQrDGyRZtD2mv;ipo& zayK_Jw3#;1LLvhOK8~_S&RLgc*F-7PziLvNF*mr*I*ueg>~=&naVYM>O^P|^Ik%Pq znr7kT2Qs}>$35#tH)R>{6RbPBwt%?w2rI*<-@7O{ zjNfg@D=V>L@ysY?Glso6UKBd!I{IJps>v%qE%CK;mJy~AR@(&GK@`vh;Ayx?W6NS! z9!c0`WB5l}HIB<%>J_Sw)aZ#!jr%yFIpnPiTyP*LpzU?S^*ST@nv*<~WAv^-I^k_O zTz$B_%8#B)!QAvxf&>PQgnESce_1k^#U5a+nK?#aJ9m>%MPyT0ZNG|nxGQG}nNMrp z3QOWLZOWsA`Msy>f6tAolypB3>VP0L1vv#7dsnU3+jpum#^;jiSY~Nsx|tZVqwx*h zTJY^Bd>rhY_797vk!Zw{&FPqH^yReC+Z*tY&oY;U5rNoqArHK3m0WrvhllvgC>oVX zeO3yUg=Si$f6QYIIavJgtdVzZ^b<%PW$7|3dA?|3tTH_lRx`aDJel^LR)vU~{M2Et}C#FUk{jMqhMC5IRW zbf+(u5O-XJJe<#*4F{fYNi^;$h9v&qqTWYJXh|RD?-77?MPoDHKUUj!PCjPHx93$L z*URoLVtBATwneJh-m5QszUxhG8~b$EJH&`Q)zoSrwJioYY5{VDd>!~AgFjHXByh#k zfNZKYt7%6R#OQ0Fc^$^iGVPu_Q97Ql#`;4TWjMk@q>>NuI??Knx?EN6-B{H)`yDgF ztYRUL`Ir+>^<({#NmJd^KBlmg=RS{Na{9?=j5{Gs%M2Y5US4 zOC!u7^~VR|bvRlEWov=Ehp%ku4<~I`R;9`74^c3s0?wHoqn|uChO&`C7hHU!stx1; zf-JKDL3UBut%L34b_gp(3c zll%ZTUL8v?B=H7Rvc9?-sW(T|v_F$!_y?Ts$dZL_G#vcz2Oo? zc-0sNYSwKY>~V0KcY8_q8&?qt--+$XwQ5=CDG#B`sQ1A8rbA4Sk567#ik;?d>(uMA z>Pu5Qe1y^ull;z{7tM2$ZiF=x-5gMX6!>(Fv>M$5A+Y}_n0_(`4VkrAgv2odvYR1+VJ+8Bb!ZGbfJ7hT4+svKEo0Rcx524Oc*FytFc2HU%*yAXA8L=w#ytkK^l&Z8fd!CXLKxQkoH*YdSv!~BdFGsly zJM&seDRij;`T^ro5!Vj*mHn?TE_>qbeX9KWjyNkk-JUOZrMCwnI&Y-#K=I*R_D5I{ z;^K;TjgX?*)6?}e>72s*(Co`9(IUQWOmP#Is-3mrXL2JPmg}SQ(Wk|>N`u-x@Ibz~ z(jcqiSIQl>i*6fVUUZ5)U!{k>4Tx2Pqw#LxCrYF3@y^Ivqeozbm-%u1*oXpHu-5!I zG3$C(o{KkC2}@IZl4=MMi2nxTfn=xu_o>VLUp6BSHtv7rT>i^g^si@K9=`vu<#g(e z#h$jJ|9WO@B+0|ZA*F!FgIKNk(2!Xa%*0{^YQsc2M~+_^zc|F&Or`T&6P6=%%)}zC zP}eN2u!%~D5Jh>%A0U$^|FsoE+F9637obNF_`ZJ`M;ZYnwb@#_=q4F3X~gRy{p;a3 z#nv^!*^>VaN9N`9^6ra(Z=dBh@Mdow!*$0^t(Cu{_VM`4WI;9urt0oU7TNio=*>-1 zJ!a!{`|K1%X-j^H>x)%mmI0q@t=5;26BSD};CU~TZ#4@B%A7E*e?!DI^}%?2gs#G@ zzQVwiqd1S!9@ONM!eg0iVEpVVj+97CeVDr$C}gmSB6{T*Cr!AWtzvWzY%j$|wl&iP9Wh zw*iE1ao6gz1{oRxso$yYm_Sc~(=gs=9-M3s^Ml%Jo=)_(-DxB$YJHH@f;J(M8`5dx zLEGYYAFwLOwGbNNh${+#(^DUsv9_N9AQ`&v8-^!k6jforKg^)Z`4ey-BPSHWNqc3O z*0AUlWG|>n$6r5}{{n zG-!cI?2*(v`l5G7fNFae7aQ@Zg;!R-l8KgGi`gp(*Hu4Pku!R#VN7?lD8&fS&e_K8 z(_eSB>bOEiV~AIOTGcfs#nO8sNy@Vox=hEC5{q2)Mh0z;>O<{eAO#Ue6yUGJ=T1mj z35RhfY86%+5GWDJ9%GqX;i08Q@+548rl*_OjA-%PF=P|T0Y6}fak}bU{G4@2LK>Ue zUvze#{oYZVJ=dgTXGcsm1RRgq4j+qFhAQkX19$$~yL5 zRQa~}itXg$UQKrGkea$GZy~{O2ttbmqvGb~IAxm@q#c22NArps3LM_UbH?EfMc5L@p@~lG;pE&D6e3&japqV2&aJ#}GzHdUlf;Tx27iV}gZ)&|ewz{b zhvG$%c)|p1x*&O=%g+M^yW+Xh?hF;*&Bsaa zIy7!Vsjap26ukvZbGHYUGcNXG_Zj@*<22})GaAa(f=bnxRf19Pf~1APg(&3+O_P@L z%IJ2~RV@EPnz0dROa5bxdRLFslSrRlUqj^ID*8s4~ zOejRIM}V;o^w$qOpcE^;uN8qk*$EX87pq4tlxBZos%9>j%V7Dv%-(HESaUw*k~qlE z1J#xmj#g%-_?Zzipwd{5UibZuG2mpoKeCuAMIYp#Lajft+FPg%`oxm;Gx3mZKEKzc z$W3BHib^aXK3OHYrg-nkK-Y5v3FzUsgJDS)J=^QaNQUugc^N`e?N74Ane*cS|CDe% z@*PgHoANFhIOTA1#2*=C^AnN$cUdMA?>p1OA$jyAcHlJC#}Js6_L;-@&ur!6beiY7 zKXMynXEHb0-Td2zSZ>J7K|cn}Nhxz=Feey}GOXQ{(LLyWVY5gs$aZ_{>43#P7oLi4 zX4n!5*3AWdV%o*~jD}P*QusyRe9nq;O<}KFqc&#j3^rkJj;m`}j=Ia&7N4f+NPT(+ ze!!B-Ix8O!<5-kt(dfT1$26#86BLj9FvW0V)Xo(a<0OfJ)&ycyn6dS8i+z^1*8~4)b#m4M;_%i##n&vxyeHg#!cXoj zK7Y;%2nl(J%8uhUk&H|r#c}+SNP@-@%n)KEC?O&qz*ba>`D7=3ikIlmaQBOFarL_W zxMS$Zkn@CI3!uKkiOtHiLH&HaXd4k3-j{2^Ct~ zo+asz>(|*)j#nhsixN~Xo#l$x=_RQjud~aU`v=NXSU1u$B1J0x^=(!ab6B1Mg#L z3NO9$k84Dgx&wJ%FFshqFHi?Z5tyEt+-y)FP-ri zvA6ObG~`a-MG>14rC|d!aJRJrT(Kjvf7W>02yY3J^d(Z6DZFT{hpC61@6@-OMMD-O z1*o{ao*fU*ogLp|D*N-S!d--2Ujy^dcip0Mn%tAH8g6-prNUb228#PRZ<|B_!j5mf z@p`O%e6%Uz=5>>!;iP@L`j`SOLL)g+p*BM@9t`m`{U@Q1-!G}h5fBI_hMW(eIYBVbHKAx9SJsRvGS3! zGe(7&AXj;k61vKPVj?v{RoDzt1NIM-+9bhBXY|xB60rfVJaa)0zG2oG)s;)Zo?9dY zna1Uy4+Y+%L4FS4&`Gao#z-YepT8tSAF|$_stY)y=wvA=I+}31yjdV&H8$L>S>JWLT}bd_}CDBcN2!cb~B_a7e|DyoK0 zcz!?)2_^(lv;552>zwLk(Q2}#x!fA$dem};X|i1T_{>_^X{3<(qv|l^c@Cd98d*JA zG}HGVL4>%Cm6yw(+B`A82K-?RS5u=umV|o3{Mc z-a2hk{Q7U)NHNqNg~Q9s%7$?xKR^GLkxd%pWLOnhU>OjEe2>b6}h2#Zm+}D4ISFgM@mULB=h0fh<99R zM2g#Lvgde$GkVO))C^R^c}SDkWNV^5px_?~ReO!(qDo~f>f^J0b%YxE0Uq>3fxXm6^)a`i5Pt)vZfzh7RS6JFvPZy zb(B7!rba$-=l#iuaDPLU2K$JIK@|zQ9XU2qL@y=dkq}zH^N?0V}oA>v`s+ zWne8_o4V*zC!Sr`Eu4cm!9a97Njb%Pv5&E~_+C2ib*&s!y%SCaJ^9ys(tTO7NLD-p zRy6X9M~D3#^a$tFPp!HPvuMgnz+)!rx#Os_0Ay+@fv3HiO(RDQy5@{{X6&!Xe2^bx zI85tW_&g}GIs};-jj2x!gdK-6PQLPa($UUF)$~imk*}(wOYtQz`JcKXavN&wl=Wgc z{l3P>B~|Dx^@ZfTQc<{Sree*5FI9m`DqN0DqaiR`%VoAha3ICxz*$K64V>yXwN{Ce z*jHr^BQEDKvrTG4{o?ivvv^Bnd+SPxn!-&;g51iZCR>Qs>4$7z+kcWwu>AwiA7PEF zwrIb2NYk0$3%C8yfl=s^bykrTF&4$?i&H?Utg&pKe9wJlzS`Ca{?yKPA(1%6)Vog@)$ge8P~&^xNFaLdK#8jCtnMd@-D( z^D#-@>r?sTvEg%Za4OIk==f<(a888BlR{WngVXa`<=2(0^~+*FU<;oAlf$foLC!ZI zff1pc%WdJ{!y(Nw3P$5%>15KxBk11AjamA7YwhN+S4`x6BWrTvHN`Z<4DZJVA9vW` z<*SL~Q12fkTei;|y(UWdM|PG(oQCnNw0I4>xPnA3<2HxKIcMf?k1wxPcQd|ve;9%S zi9bM4=?;c5(=LjANxt{OITfR(5OdE1($-!lnprP-i@rT>kFl-CkaoYmZg0OFZ#wsT zWYCyPC%HS_4?~hqj!B$;%Igca92q_^lQT+SeCr>DVhT3rRV-U%31u{;z@3Fc4w%(5 z+xr>(1+AWW0cO~_l)8#9t5#GFVE%=DeJhxTDZXD#;of-U?9W*QkWCJk?AFoXXXVkZX#$wR*txzb-aEJRh zjzi23_WNFCEDRG~I=-piT2)aWfI?Idrmn_+3dwIdm&7DgyStc}O4w#=A{5lfwy$rf za%g>7ImI@5a=!RK{w#Od>x^${7h{sT()8qmcVA(o{xZu-CF!c!tX6*5Xfp&?m@hp@ zNCwaBoQ&P5T>h-|HSR#3F6JecNS-1KgQ(otzK+|z;^5m8#zB7U{1Od)H1NK#f0ARu z`1`9YvO{?=Z(}Y7m{p#msF>*J(j{5YSCSqqd;<_#5Jm=>~mR^$j2|L|;tx9wf0WHwkI#WMP7) ziPRXKF5rSyR;lYKjbDJ3JIo0=+{ef3p6I0aN51EK(l8>2(q4gJm-tXHir#6C?y-+0 zlGIjmb;E}qBkFpUTpOI$Pxf_5^kI<2jo&4tsqu`*!(&U**7e=;e*tH!y~a}3$@@)E zvF2xWetMMCuV{RHl^{tYl`m5Dx7xeOMy_t7Po7Fa-d1eM zpAeksA&b$D2!#A+-A-(_oEb+y-DD5aX;%Dze!AO z1JUh)*RDRTaq=(mEt#UCt>ZamO)&_!x@ zW;?P%p^9fR0(pTCN0R<8g`LjlYwsWMzQY>)|I3{j|Hohs)3HnP6nQjW z-+DpPiU4(GIY11D2D2Aa$26Nx#_wT)pO=3+6X=bZ>4XfwNPEV0%E_ryk}c$^sJKyKH-B-Dg794zZ*J3QBptx-mBWpL+DP0cVu z?6->IK2imeuKFe0)rcl0Q_@pKd7SzuekpJOwRG+7Hk;Z0j3V)0RUfl_Wam8a-tH+wmv z!?dpa9)vNwbrN|imf$JnwWsDEr)QJZd+V*`AfH5oVVT4<>qB4asr@ZouX>KYGwaV= zO0&Vk1xe*C``NFERO_W4f1m6~y#Ex@@p5tJZnKa92tn}$ce1&`m?QvjX(k{07xcnA zaJvV$hZgk0KU0PPwv_EhJkV@mCsS@5AppPtM$7+4$E2IA6&gST3tq;N%T5UZV1Y6+ z?hyW?qXG~A$N;)>8)y0p;SZhx1_-vcV73IoKRP)<@Nt4Jy&u8)0H)yb&c9|tfMHKF z@Xv}Mlj4RlkcRIg!C&vV_&#Fc@cr|N|FwI;#MpmR|EFk-{ROfC7kEB7EW36eKuhE; z|A=2l3L*NWq?Co$0e`9xC@RcJaE8HyB3_#zqphfU7dwsqLZB2Bgu*X=zq0>vYj7iB z>u&7w3MLQ0PlY6(k0ti z!mF1{GZ0#-gbnXKl8bq>2EbX>vnOPS+YBI;LB|w#II$UkoJfidF!msJkdr~cTq!y; ztH6<0{Pi(iRyym{&X6w+no+rU9aljJWU5yMtoh{GXqjhUZkgv8eet^zMmhVEwbuif zNL1=GNV*@wi#@-;fek&2vf*yGL#6$wm8jifCG_%xGOK}d=lufCnz88tdr(hMExe|@ zIZ{z=N{hx=ZI@fG+VUoqLoUi~lR=<)IbFZ&%V=K{?z(!5i5;Vat>3Cz>+MB{-#9!q z@P;tyfK$pd1A|RqGXI&Xo>6?ERQ|Yj=P?YHPBmfosO864@^4ns7Dk}Jrky{<*SRvD zRa=Zh$o@Ik*3ZECwCy)qkI5EMN?H}O!%i(F#Tj4v&GIo;K~3AyBzMb#RZ^IRC(%eR2XmTv)1W`SUQ>c!I&?%(_px$$7@rib9-{|_$pzt+vq`5)^B zTQNUKHKK(HgbVph2cGv=Q8EuK7yn=U0cxPD~m8w5@T)KK_K^#H70cFA8G zOVw@4_S?!juM--^4^FsPQDLN+3iS3We=XE(nmNt3Rp+4aB+}Va@c2s@pUot=o<4s$ zaRzGmJ?!Ao{^5A^<@fZ@hnFfyaFxD#i-^UstERm)iMD&aJ!_XYs&=N^o;_XkHIuk{ zKzY&DAM?X6EW?C@26j9mNnH>nF_W>o%!Rfl>TRc)7#xdvtC{HRS4VQ9}F9J zRG0C~+;=``WxEhH1(>(r>`~K!jWq+b;^iL$r%FTKmcs^sT3;PL78{l?SV^1}*3SoV zF^2LDPbACOfdMvgxADK~g?Mas{h0E9U(t2Nw&%vFp3RA$MV~eg77>}4Of?=zatBC> z7A{gxm<(alT0$QmRlS5+VE*ymqy0!I-xW`K7)Ha*R@9n29P`sZ_J!pZk9(P5Dfk*^ zlKJONFoC-QFrwBweeMN@_7gbgZiiBMxAms!&WzfXPiS2>3-=~<#kAI(g{utC=Mi@( zMX1#~*{;2lOVaCwD8OGIIWge$8Z}>&G~?|C6MmH?_)4ID>{Hy7kj-e^P$(}U%k8qv zL5f>ZC0u589P2*H%w@I%A5NwM>AUa#YI$OzatzOv?h^aVpD8O2S$}<A8jD_PXJ%`pQ(qxEwJ07RtFmpUnuy=)WT39MX>eok#(NMOGz7C z&1#8{jz#f|OeK62fN-*-su=pp1mw0#i_Va2sKOsh#E9sFZ?mjpHmz_~oD8TVu5o4Z zx9!*1PJiMcLZL}CGM%w-RQG|5wy-07rDY-*vndU^Oa&FAWkKI)1sp@1N0wx>p)@<0 z(LrMy6^rRA9YV>cZ@;wEE*MaF= zwRQ^2!#A~$v6Y>N^RLL%Nce8*cdZwayl2EvUPil}+Bad(sJ*ECq$@C8gVilRzj%fP zmLM|->FCQ<$Pjr~%8eEX?*2$hi636%HPENE=;M*mCgb9iO>X@ipL=y*Ms|(_J2r`H zZ86ylFLnea2AiU9sX7H|519HSKp5A)(&~m)#BXfEVzL;&LyE;mvK9`Z5EI@YCn+St z$rVqeyvmWUvs{8X@m;{A_BdT)fG4bi0e&liA|uf?)eJ^U+iI#tVt+mIjeX9L#Z(zCZhTBuUW8eH#5i1LL}N$=P5 zE%J(2Wlgg;807p^i`*F=H~V{e;s$dSfKe`*pw!q`mA}A})UY7rqlxEQwf zXnUQNQmmuVW85cUEZm=*s%3QRV}LX1bGwpXV#ycQ(P@7ZNXyTQx3%8h-L?@ZExd*+ z*I8W+IyRCkiDc)KmFZor07~XAg!^%rqjYOU{@{AHW-{=M{Q;pTfvTn05mVFb00tTp0I%80&pFnf)}5{JQCcx>8ZWD5M5Xx_yf zDf1iAu5}{LPqBn3rS{q)-kLJ8h%%16^x26*PXMJk$`lsyE~+(CK}&fdq-%@Ny;AiQ z7uNzG+HO3cOhbMBQwd)gCyUepwO}je`}JW0TS*GRikh=8vp4sN9wzgo>2&)p-h^Tzp6^2an==t}-=hyO=t8jC!E!#m>6dP`}`JW5ZD3u~R$G>%o(6RH= z(sNRo+i=w}{S2H4*3@?FLc@|(68|0jU{Im%XZFj%GR8au+9iFVa=#x~)U)=%ADNrm zrmyWMr@pF4xOH^%J1{ZISf_2$gyJwnHB0`)SR7Ql#_YIPu52cy9AK{zS&-hZP<%SL~$tEBrAOU$XT_r zi>{FMNAA8(Uv`#|09vT>kQ=&@_Ll-&LOl^KBcy{kcnXF=J9@piK#p&7)`KmFCr@+k zp_A*c+$%T0R+LTo|LiTi|MGJ2{;M{Ln;k4~_}5Nx2fZrANzeiS;11%i4)U)K3eYV< z3k@KRNBu7;69+#(8wY2%4mdWWg#%`5DE@VvfHiK$`AsZEsB|I7FP%EUs;vNY-v9r!P&$^e#BKof>OE_MC%AR6*2Brmr=<9 zT@Z&fzzsVgYMi=;Hc`dtx7XXDi?%<1$6WqSxQk%KHpq^S>S0}Uk7CyWVG-=^OQ&sOVDJ&wJUXC9m%oUQK^UX7L>H1~+F z_)cWUU%y=9u+2gs4dolkIrgmWQ7KSJPx9ms#``OAE$#cD(1yUrgd6=TB}_|!ZQ3gSu!c;AagNxq-Tk_9dmVI zAawLyP9-WssAXlHSUxcsTUcVij8TN+=Ew47$cHu}peN9>#~HLUUGU89um3#y6i4IE zh4BL9(v`H#jzuK*+(D?R8_|#=vvl;WBnICwGO6p{R)lDEGPtDx@0IyiBfn9X(rKhp zbPXt5*Opw(uW~jeB<(b%yEw{AArlfSWi}FY&Y5b;O+j-_3VZ`lUmJg;(ZH*$BmYpi zeWaZqd5c@jkX&`xvRmGVj8)}7kG8>rNnYc%e4ckW$F1%JR}+(5e?B5885;V--23(F zC~d1>nNAJ}8M6%sSoqtx{)IJU{~tLGH^<*tL(SY<8UR2s&ZG|-0PbJ_-6nmofC!KO z(m;Y?hJ1Wn-7YQAV2k>jPYDSa$-$X;2aw*Hu*>g+MiLIonJp={(B}b%(XrC0oy_M> zeIbrjTsIpXzKLLFnP1shU}hQdL6H+YmAi;dl7-Wy^SPL(m3)ToC1>KYjSvB^F$t1R zCR6T_vBc_t1?jubIA08sImP7`S+j+E1^aO$wFS8<7g0Wl`Q8|o$FfSAbHz|paQgG~@ zge-S(Ii{BD7C0mQaeV+o@%>8LGMgrc}1ZFjHpQtSAG^ z)zyslziiz2+iP#7S*=Aw>UL+lJz#e$=TGwd zXKqvm9R+K&diSH&tS1alzF#)_tM{X4q10OLx4RQ!>Z@@|>8*T4bdm1uC9}fId{}~n zcS~BD))d&d%5U*C+elk6D7j6>JpY4cVK_N=ym24!H7Lr%ROKq9Wi_HFVhIaW6``}H z?^RF4dtXZ-RF=fCKkAaD%Kw|&EMB3+(1jM8*_@v-JO!VyDV)vNLV5W7yua?S=9N|R z`W5hdAzJA_hKuu0HiL)bf8a!J4v?wLHFNHUI2?c>7Yl5+pW-wm-~iwb9?-2JfdEib zAmI2XW@qPS67WUa*b7)A-MUMd&G0->@7v~@VBo1B1UXmhujP>Ka zO-`2wY4vyzc_6roRgB_ZNBhs~*Ez>Go!nx?T z7?Sv$)|-mCtWs zGI4!I+$@6jL5yOxA$Lf5YoY2ckxc3=9HE_!w+CGmf;GUq=z4Q^h( z+!C;<^5yb^iHsO>;lQT)DegEK0nmM%j0k`W!sGlWtmfzA_?MO_ILGG>#hl9nUd5P; z3${_^zp0Q;A#-EEmI)8Z&&Qja4jzG}?6gL{uFL+#o^$PB!%yL+N&_dZ<%#X%gbXc$ zmuporjQ4G?8Z*I<0LU-o$y@n*B;~!OU2k<*Y7%h;{K!O=p9qU)}dTiq^P>I|d zoh^p4_5IHJqO31v3hDGef5v8|#(_j5<}7_$vs099seYzvy5!*D9{%BjWC2aJAR+Sf z_q?Q_SaZLyxnHNMoQ)`Fb@W{U<8ialaX)cF(1NfUbEMKHNK}i!xohed-b&Xl|w?nd%qlQcP2Z;lEGbDxGsJ_4wM~)4KLIK6z=? zgkuhX_|7$a@gTc%)%WWXsH*iX#;S{}x0w$b0^%Ti6lR;zT6O`Um%4@xJF6XYFTy9 z5IK9+r`LF?FSFvvepL9VdXTJvk^BOV*h%7{BhTa|5Z5|g60&&(ti_3uncB{c5iHkn-={mJ5;*e+{p?Rvc>adOjhN}* z=1+ghPYXye;_2HjEL1lEn@EIP+SScFgBm~8#}nvw8t|v3u={kaoi+oF=0%T1`?#Kr za+lORt608^&Y>_f+XgG9`00~m(8v^0^3WiO3##&-ZE)L!w)3;NSN*an1OvOQD`1j~7bMpp6VjFXqTa4I*>t!O!&cZa~otv9FT{ljNt zWPazpoXkNq<4v3vglos(G3SLHg`3CzlXcUy+22B+RXsbr7<#vR_mmGKglP~a3z~qb z1%mI}B00+v>vJ&r)`tEF!pBL(P<5w?`+5>c)r3TVNPR#RGLMq{JL>sn$v-w&UyiIM?PPp^ zC#|j00*ghyKfQe2cf``zN1`!ZEmJ@q)9xL~O|ne$C}kF5Q~(qE)M3S#LN?yE#MTE2 z0D@@5b*F1q0}>OK8f3(W+)Kdn#u$xd^i9MNCdWCYTJG zKzS8s8svkjL?*cgHF(i@u9$o&*#&k3J}cW@-;fgNYcWzf;SZQLB|oHp#P@WReL}JL zrT8s1OIWd-5lS&CGb(!ztrt0<5_Rpof}mSXxLQ`oB!f%a5}&x9>7|N^pOD3_g}#ws zj#xnBl!SYx?x%Z0NB!qVOXV`fI#T<~CZ4j~0Y*Kgub#gagRSxdOa1xpf`K$BCnF&U z67M*&r#TNn276>Wg2_AiXq`iCn(`@;#>+bHt>xxf;j}{gcYN8<`HL@9!HT9A zJ~Kh%7-{z_y1;-7B%hw)WK;P3V!U(9KL=awt;hzl_+LOT-3^Fu%L^9ol9u%r52ocz z%L4u&dh~uw310)^a0m;HYoK8{gIT+>un->|T_Bdr_VxPJ2+AJ6TVpSbKt)sw)s!>P+@AJb0t@Hr z|39|AG9Zp*YdeFxySux4aCdjN1h)hq+}#6#L4p%pg1ZykouI)T0tCLvX0vzid%qu3 z(_LMsTtN4zjYiEqIe6Y`irB`&i&V%fRa2_6ItOJYOF(H*ddo3{=5bjWg}c z?=9u7s_LdqJtSH~NrnbSKa*Ca23P;hHgNrsnep@TfO3eDz|%!nF%p0&2Ru*6$McjR z0l*0|pp&Nr1+Yv3U<09pUGd|A1i(w+432#(+D37Mj0Yp63{l?%4RKw4@Mgt9?YREH_~GtRR<3b+SaGu36hme@d5HEh zk%tl)Y zrvuz*B(84aeYzB}Go;hiIh`SUM0u05Ov&crzht$HXXuUTbtEAf2n{$00mlZp)G{Iw zXN?&&wXOBs=nW1dYR=K{MjTYWWYHR1qukgk!r*`2w>XqV{+3!Ow6VAsTHiKt-*aNk zDm-k_1c+HAS>SINRH)el{6N{k>}os7T&S+4S$+(p*iH!6>zNG zA?7-j_29_ltf6YFeTpDKrFHX06()JRy1SxO&2$a*V`>wc)t3^h;}BVAa1LK!8M~OA)ZAsX_1#v>H$xgbbuMMw?-WR%wm{w^P*JL-f{~&( zri`N(OHfDL+8=c`=mrz7#t|6WG>@8e;TtJ>4=#=Q2rui>u-kzmmKbkoEYI^nh6-_O zyY&$@pBpv^N*x+8=I5x=z8Un$Yuz0Xps)h~BJ*f!sWPTmrV6GjWHCiOi&2LA@6@bn znctX=X7=4&Uj-w`9+a1a4!x8H>{ykyYXH#Y$+^1G4t0CNcgn9~89yrl-}0%Nl1pxCP|#kd*t%7Ap!=o>bx>p2Sg0{M3iI)g*X({cSdSu(rRo$W0@q2y}lUkyS!=L0GR$QL}ZBA~E?Ij(=SpSaV} z+OAnZ?ei!A#$TJ@ybwGbo#YE(zefys|7dx#@p5zihl1z#Zunm$e{Y3DLZAXJXh17C zXaIOL{(rl8;O6E}@BW6)l>SoCP749{%=Bwd9Fm)d`!9Wu&PsYz01yF!hYQ5Yg$lq1 ziM>Y!u>4gPT!tqdAlIYRG+N#+00k1@M+G22v9s~;f=Iw$0A7$SID-MelYY@y! zSu#Eg-GcgDDzln^rMI+RlQCRPGgzf-4z&DLet24&RjX(R5wDQa47W9tJS)#!&b!r#^vE8Dxs95+0Yw!6Toi=iFEF4{b;9I&dLW9&A+ zi#B6as|XF(PU>3mjUblGzkA;xz1bjUC`WecVlVr( zmUUSoy~oohiWRj~!DFh=#gctIPV2L;%nwUhsO|IsPx5C8l<##wEEM(ZuT#`hB$jr& zNX9!UF1Mw0cI9ucjT=k#6kNyF^D(a93=+Cn;#l58e>bdWK>n)~}IjJIhxPI?kVv3+A!grf7yXgNpd#5%cTe6s!g;sV;?WJk@Qy{G^rUV_6*( zKJ9vFKST0u{&?M`=Vd-T94gDouS#Iz*S-v09NJM;ymzrZ{7`}d)Qo#ZHNhUv`Fs6| z2!8S4A;9ZOJn#V@C>I_N%qx0>kC{NGxM%=m0DHVw0tNt_VE#(5ekIty5*$FMR{}0z z%M+jPkGDcjZa!}Qf5~FgrwZDce^&{vIuXo_UN&+Q6PbU<8JG3~(!Is`T`<^N0Y=x;l zS@l9Z$%-RLDDqW>1G+Q{=AW@Q_2==9-=*P>d7``uBWJBwv##=)u(n*3$oNmO{2K*no(|7SfXQJ^Ys(;*EfQnZKhc4 z+q#jeYlj2Aq0qUAOjrm?MMxtcsxY!kFAvs7K_0SBdP=~LHc(6b45-UZ7R7*R% z&m{FpoXL?;B5~P@Vl@Xkb;nTERD}B^p~Q9}$iT7b^myFgEb2=CyDXsq6y$qCZeUC!B{EHHlp#bj+9Y+@UmtKeBOYZ{H|@kfd0$8!k3R-nt# zUICnd13tI;8h1a~HL{c>R%33KkC#Qumm?Xndj(kD$&#*`5;0zewGsY6@;a?9k_)Nd zd=;mYVM*_ss{4mTKj#4Y4*NM7{)*#0~B*)mxvE?{YUFerqJzezF-ZL z$oxNif7opsMXd`vrA2=6)*rJ^EVkn3ufqpAiF61O*sR`q@HpxK*O5#JguhHUM&nZt z=hF)+!|Tkk%Ls8XHTatN{9X{0jUU$uHJe=fXUe9k z;Lbrd_MQO7cvh1EW>og6KwTyjt|g=oL%Rf*_@bgYwVo@vz{koql#kt|4DT@NpxSy3<6o;>i zz3&mg#2F|#n-e`^232{gM+9)BY?LcsUMA!kUkkE+qqE+)amfD74-z-Pmnn5>*hrUghIqX5WV z3~iz!iN#By}o6Z+;D}AYxgLPp`7XKi|R> zt#fdfcIrpaxLF_*TFnl+0}MXpN}1bi%_1qd6gZw^AfCNNKj! zIoH@M?5SS3=Jp?9Sg=aUXwlu6>`~S!PEf93m;{>GF-`{~iHlV|`Og{Wc^`Wp-&~s_U z9`|lC**beueJ17CSuuhvuR>iy(albE=FR)s zfi_N~)A~zg+4VO*1|Cq$cf8jb{pfjlD!5q{kz#6X&aa5bR+WNJpen*ECP8B1&dG;1 z8+gFSL1(oa-pLL9?mUMZ6k07U-<`s4B0Ec-{H)uF-Rf^|;1=tr41{(OM(YuhnfE%7e!ehN^BS*l#nw9yLf*T>f}0LtaY|!ya%k_TL|km=mhfm` zRUfIyhH`O));vKs>>$?YKRS`S5EfVGGA?)I!cS4-)r&Bpi1ozqZB?5%_J+2s%x(jY ztRr!Nt`6YTlPk%SS$INBW$77$$Ma=*`f*P(>KSTfjmTSw8OKzbwm9d>PjDq3`*({; zuXi_eo|>z4_aR|kJ0M_S69Z9)J#loBywcA?q(6!zl4TzZNUYi=rh@)iloHx+>hlp>BS|_Y3I93Qd9(J3W ziUe-onuQK#!XSzaW8yu(&}zj9dX>_f5f2;5iw2D3UQ~ikL1c0uKCyxtj|?$j_Ip-~ zk*HS0Oz-{_ma{d_;2YQiIZS^mHq6B-DBT|a2iFHaB9-2sjHYn8h~j;pn91QQxtDbe zheEhj{JEl+R7}wl9GEe6K9dYw9jm~@J(g}B#rIu4g49dT@Ap+l*9Ar*~@W%-_&9EI~^@}-!8GcE>2hX?1S z!fMFmTa?DZHlt*5^EZ|pw_OBG)DQ~XHC5`zXWnPJ-JVE^z&^_(UY}w30avUH1o`i; zTaDkGe{XCYHxFlU5&z(#7uBQDe1^`fsBMNqzbVQ9q(lK4v`1OqUbGox7B6$iOsY>H21`{r}&u&e80<|AB4$EI7i^g;e@^%zYVJHbOLY#K5NlXKg=!xCQX z_AW8X=RTl9UCK%;TIqD|Ww0KcVGXA5bmTH0S#`T**numi7!YxB!H>91^Zt$NS2>if zn6o-J3k?i0SG;CZ#Iy5QyKE#%RJbGF3yiI66gyafZ;Jr? zvN#(A1X{}gNdq{NW?BZ#U>{+#>eZRc7NbbvMO9)z3u(xi?+a4>J2f@ak0LkU1V#ll zVTp2bXP&(`DSEte(*`TQ?yA4p<~xCONF1EVp-tTO;xAe0G`l+_MUoZP2BCvjg~X`* z|JHQm=Se5u1=~!Cj1mLr0c^jeK|E|+oq6C4G-7dei>`5&GYtoHm%2A1A6(ueq`0&pzUNf_nM000Rf5gqv-ooB9JW?mayzf8v1cH4>5 zolE8sK~EMW08;Sa@+f+EAbG$MHO)S?V|IQ8Ta&G;;IsV^yK%5_{VR4B5BqOJgMU@P z{!29Zw^Z$|B?&-N5`vu_)Kx+PzyU>yk^zuFj};^UGms4!Is(vnEeU`Lm;KLL`(Lpw zINA9@xuqn40QkSOPt_4bL_i$}#Nb-~qK9DT0Rg}jfotahMT5)Pfi%j&b^Q(j`m6MR z?gKk7=mK2S4uYNU4-FsapzIe-EjS+>HuRS&*Z-m6|4oyQURd{cH$mlKgy2ESU=k}3 zS|tg95&N&mdjCzx!Ty^N98M1$BLP1x@CFG~-#`K&19gBgKmb*ICIMK2oT`42bNmw9 z{vUGAzuP7Eh5Wl+2(Zr@NN{;O(AVl;z2*4zwEZ6{?mxX%tN(|J2V@Q|ZwF%dg)uhA zU#3m}g$u_YTsVH?A_bO`bk_VLiL4_5&|`D_FDx9tVX;rINr1=y>+UgwWve9M;&!0j z`oD;NJt_a)JI>#b*#93uAUHWds;wjdEYKkspI~gx|3!oIHyZZ8MA3hm{^={-R37=KNn6z>#Qwmxstc`rQb){2vIq+kUme^}i5sasEy94+LPUKNyg7 zfL{>0zZ5k7yKh{7rkMY*C}6?;uRyqXAT%OU07B;hn3RJUpX-l)7cUpre?(_IT)ZH5 zd{O`{NPiXF0tDE?l)0G%K-~EQe2NG7Wmu>7o)o|W5?dz$$f0xneo$C7owOX^SU6c) zfx^I`k^k|r!~>2T0+yTM{@wCEmYAV8N@lZTK0Kl2CoZ!j9L|ElP}f#&Axd<6HK1MrKx{EdkbAt}IAi2MIy z0`A%`F7?03dH(R2|GH1$N%a?6oxkoA9TEON;VyXD|7EAb!@~hm<0A#sVEWi!e|(YtyHo$h3yOo2mmNeQL<(R9j#u`S4xsYY>}}7wQjYGNu*pI?!qMhYi5Ca` zEVd+YLxAvavnJ3VeJpX1S3@m5;TCUY(=9?AWYm!EoahVud;C$fd&CLgeNI@{lGPR`0%p+mKv z29i3Oo1P7APrO{klRZ;hF9>t<*PVG>_d$popbvvGNj^j^kbWWkM%1U$0}S3G{h=YQ zD*g@YYc)oxVot%Nt%rB;lx5BGah#!zvB z#CDlyera=qgU4W|htZmFJ0Z_4HLufBqo2%6*XHE;(7|}kg;DEW?hEWoWp3+GZwtEl z*{2OrIzO$4$RACMwV|kF&%p5>*zd)1LZJ}!l|ZhH9)M$pLVKe~zb9{T#vZdD%ldA{ z$+r5@!d&7n&6@P^DM=VrpU<|Xo0paVEU9%JRix^C zN$C>esZ^RvX9p@Y$#Gbhw8_2*pU(*8XoBe(y2J!yY+i+R(ahf!>H!UD+^F_zAvF3~;Ap<+IpSnyFB>s>u-)H$5CcBu8;KL6^7Bl?+F57wSujHXb=FBtcMzdX(gA-WAj%fE!#9 zR$$zE2S2@|JkBRg%BMV2dHjQe!=nRqOkx&UUbydNT}0|MJlDXl^r`T8VnV6gDn+Uk zQeNNOTrZO$U(?&e^i1a5__^VgK#yXAp!Fr1F3oXK=W5NuGgQh{Nyw?;Ip2g{G>IR| zkE{jdxWVCj<|S;Sx8?zSs3JrHwg|AK%LW65Odq zXmySklf@?Dhek1C*lVTr=1E>J!91tS@!*bOLDB~rClv4x7kt6-Agj#_{6mB=%ve=@y5%~)pCz8#FDiE zMDS)ndk*oJLI582Io}g4mYiJXPs%#-ob5yFywA0T_AFG5iRKXrZ*Sd7{cEi(jQl{w ze3@>(IhWJ7mLFxY@nva^>Ap5~!N?nS5v{IHCMw=V9=BX$hQ9mxRC}b0zuAmNu7?OW-(qPy9vxc^ zJj#zAK1!$6`OM@u!!Z}AS^82GI}fF9^{jW0;fxS-JHSy*lb3=UHP2G3lU5&6=ec=> zc8pfj-12IQh327W0^ummO6pilO%58R;0p`~5En!)YE2TY;TS@n z)tBvspQvODR|rv!ZqX!b0?mOyh+Ikr4A~CUgm1$LdHYpVrxIFIElpVo&=Xw>1(gMv zj$RfliU`F9Uk}4#L0*UqAucaSuYnpk_X!E!J%NL2Qf?%ni$J}I0K!fVA469LeCDkl z2Gt__K_AXN8GK!0BtevwUIGFfo(%@hp2|wr6cc>r2PUVI`#=C^Ph%wuG(`kw8Gz{* zab#0jle`2YKQWNkOTbBy&$6ClN|upvpvi{fDxfAssCvu7B~JH>M_>`de`3Iijss`8 z7o$-~4Thl63y{c4;Y6QOpywSpl1oONqKkhzSPytjO(-`7eT0hs6P+p_B<3G-z`K+^ z6kMhztRFgV1i*`T2DSxn7VARi(~I7CBAJEtjL~W4*-APDMpeX^HIX$NPKQ!qct8wW zPP0&@mVHu+)BSNXMh z(k02z)@Gn|aVjn$1(`Y=VjI!JlFf)P@i<@RX_M>!<@4nCDj=N;drL6Gz-c_xRTd*6 zBjO1{mTUODo-I4>-l2PQsI@|#MwWl%^J>GXYs-&ioeXZ8c#R`RS#4>7@@Qe`y{#2P zE2(wU`s#Xpo9PdG4%Q%zVz-Cf{K;3G*INbX)+Fc(2NY;mWdF zt)~!ky-oUT__-KpPtRj`6h2QsTXPN&mg$5%!WMU^u|_0!BN9`|C>jVD&q&*3<`}Cj zkwKXMKpjXI^<50f!aNh99S{@2NvF`7vSsWBeRf zo;?(ugNwqa$|y7`y$6y^+ew4{;!@QGO*eZViccE0)Vq~C2kS!z(S!N~s2yxB*Z#s* zu7izJXS0fau5Cj#HC^q9;BO<_i$AU#t~#koGqk!2XNe)tH_ZMNgC`xT~Lxm-;S zZ)d>q!@xvKJG%HcZz684P5lbD4~7B-UT@ywz4lv4q>uexLoxDcEk^76h7{zx_%*U* z#>J>j^smI>rN#w${Smjp#=KsyHryHos!LAr=988dc?Q(X3V zQ5DTF19CGAEv1XQRog?E65%)!B#m5_14)tEQS3-#is8U>NXP6!*aJ@ZhTl->GB(^*E zL+2pzK2V#wg#Pn|{*aWgDZD-t`RG$f^s!Ljdw;|>3(-(IG)4&Xd=hC>3>-e}J2bKQ zEJf*<%j^MhjXd!}M<=Vvl zZ{8nOYUhN58rOE(v;2#1X47qM{eEaNw%vX0dIT<8SglMrEW11Ucs1X%Nc4yZKtukd z`pIZ1b?5#mh%5+8o~%MjoE;1MeF9!~EVZDzmui=2BmQA`MgpiGslYsw$lM5#;*I+| z*R=j)T@pBou%Zn1JSbIjt3XSRq7Wj++7<*MmdI|>dH9br0mI(%)Ln*_r|N5^iH3-U zNIAguG?O>lGdv!AuNR4!=X*yMCr}kjx!x~g#mU+%JxN$P(u&TH*WTp`X%Zlov2PI^ zgcPB*L+fTklSi>{k%_$(RVEpk@$w}}pFJ3y1X^Js3PFxR5QRYFWAr5SA32v!n5vmc zXWKNVJa-7_l)II<9MLL%Wcc}djt4el@y-bNsKPI>nm1P*Z)eXR>3{ZAhUp&JRc60xfHcy4D3$_=i zdNdk@Rtz?nPHKc?_|jNIeaxeT_il3`Rtf|5cuib$bDMB+njxd3?gGK#yk0^$$Y(P6 zCYATJ?PKPR&7Gx+DM-gF$8R)&f$L-EQ8>EduuOr_EUuU=QQx=vnI=pld};b2d5dSF z0vW0blxx`d>y!AJO3*3UAjs^(C=Os4=+aBjAm@-V$&*>Xj;~kL26?g~ZFv*L!F6F! zwGm+c*zBv6m7;Gzn@^t+ZNXrDRAI_~U zGgmY%qy8PeMNR5Mtb?783blgkjvvmvVNG7%&-=oCJh@KkMyun#20Y@{TLLdr0-ua4 zPdKU|z;_FReALhn1vDmr!mDj7f{X|zA)VQDIjv>p@j zmf|e}SE%wJA>6zxdaP`#E%$*W(Lg0qwK+-a!Xelhb*CV`i{5E}=TG$qkEe%pw;0#^ ziLybD?^Q>~6_3ljblKc{7XuX`)^`EVKG3$-QrS8H2ecUGGS=W%nH;*1qHt5QaY*C3 zVH6zv(R2{^#{yVlTtJj6%D1ugnqz@i z28%Z#$vvlu?Y;W3cc7K3>oUp8o)(?Fq=}6IgN-R)RW9wNM1}D)K?f5$gFT$C-vzQC z;kORe%h|BN;(RF}N1d_>nqxT#@}>Aj~_TfXQjj{atTCKfm24S6l{ldG6)$>_IKQ>&PgZdt=yxat}& zgkBaxW5K5YYgI()Xqq~K0Cgk;ervV@8{+3?xH~fXmd}ky%BIr$B(G-0R58f38~h`sXSNH%3J_E~mR5nnK@)Pq zn$S4h^#~zCK_r~-JQih@FN7d*om5c~6E#qxFetPJeA&B@dAV;sF%Y?OLVcI>ad8ik z(GN$V-mSvpm=o3_(xSAzz1RX+z`MP){h2w~4d{EG_j(*z{|R~B(IQTN*F|q-yu*9* zVByrBd57I*_E=FtvV2&S3DFc?xOR|<-?RS~CJy0CeRaFh6S6_ph!2C`MG$-X&k2Th z#kZ<2K;3VXYsdr9-p?W;r|+me--16HL%rAG_h=8aDbY;q1u)wK6^;-yU1p5A_0IXd4g zxgm&a878xVR3JH6pqI{Q9)}Tpl@+O@4!nebnxB)hzl*l#KBr`@v55kxQxYCr;;@lbl}S{~M1|6?#&3&+ zX?}#iE;iv#TdMRcFNugtd#w6wzUF$>(A4iY+5uVnHJ+zKy&`S0>ji(;H0>3XgfPBJ zfFf{YI*7Fky$N=F0#lJ>$?GI|RWhmn6VHpB?uyOTb)O~(cw1>5Wf9zytXMmw@R-~KM zFlV^1s{jS5#4yHZm;1p%JLZc}`NAG|*0ufzD7|W_H16?pS31DA5s6zRILv!7q+0#S zgoiMdn48rl6SemJi|(Dl5%urf!ZMW9n30_OM#xznVLyotbo`DPWo~_USC^ORcAuPq z5BHhYPu3RqH>}5eO{KCK`|Y`~K;(J)5BuvG91G-uCk{08N`~$7M&S?U(u$IEP;}EYyi~)n?~lWYv<@JiC;1YgP1J0^ex| znD>4f1ZYM(kkyOCg@$2-V?nlG%)m)JXc?oC{=)sk3t(n^rqiw~?D^JX@O$3jVcraJ zxeBtj1~Rb?OnEu%gnNaE(t2^;JBS?{mZ6DPZ=*hQ1RQ^2j~0DBi3F#@1@p0s0~kU4 zwG7%qyc$-rsHr|EO-pF2{dzxCJZQ9I>IGkLK2&bjH#gjRR_O~ z6o$j&(go1%2{N~(h8ru27{kWYD016;5og#+zY4wcEjz8*Lf(Jq<@O;tI(w~`(~I@( zp|W6WQu1m1idNJCSlU4A|F}Bay>NDFZ_+R<;WWn9XO|8Nzu|8@7x^i400RuN;#LPd zSXDDAR2YiMs0!noaGNgKGxW)&y|Plg#z?#Qf+Qr0z~rfE7LTxg+>cz*E7ny-TTp7` z%~}O?ZV%gVMyK`tn2H7JXhlIe!pthh77+b{)o@H9ob39laz1@BnzRALbaP zSeA)+zq_1Q&wVg0cLO2qY6ZlOKftAQWbaT7!OFc}uKHFZ!MdTXS8rXWm0mmm31X@# z?)<#GU;o@NHN0eBExlMu(2T={O)az0qfJ|g86DwvHM05W_y4Wx_ucjj&(bK=rgnxsUMK1XlMFp{oKS6ieSeA-{DKAq@oVKigDGLK^#P-ih` z(zQ>Y(CWgI99^Jhs!REjEms|Ap0jbiGcjIdcg{Qhd_1gVQVMocG<19Ys9X0lQJ8x+ zG@7)nKHKBW^Wr@!(L>hE*M*Ed4HIk^=ye#s=^#I5cbd!u{RDrOR|uXfbLBgYIHtai zTYl0s-urw(7txYuL^nj5USvh%y}D(P3i_zIAz&95!_#6hl5%l(&Yw?A!wO z2F%RK9ypIt=>xqf&|>s4%{D`eM>C()|txjv_D z2k)&}u!G{cojhUvnO>3Qk`={H=~ar+2_tQi;e_V#Ap5dVV1s$&PpXgT=zjCeLF(CY zWX7oc_wd_z&$j++b26mVh>VN3V^~nweKXk?v{ZU+J$bKy`l7ciQ%jg(8*H36V4snU zRjRPYdEWabmTOm4swWVj)y{LLdy)r{1Y>z~P`5#Bl*l1%Taf3ggJyQZb3*dHvz4JozRz@&q%44eZd#yPc=`kD-g6gWm3T1PHZ7+o3qdT~k| z=TV%k`d7LzH$(l&B9W2_q&%)&Y7kdRsAf6 zbGh9Gd}U;=gZ3^TUOi?>acj{HVGd81suq&jGjLMC0(C<0Y9ey0YI27-bWvV%{nJS) zH+20iABVYXRaQJ&@GhZlpM`0GeV^U(ZBuZS-=A(F2HuQ--KiAvbvN$k-A`xL6;kSG# zc}+=;>oqU2`!Gy|77TBWtrhg7nM#0Two;+TX|&T(fl zqJSxgcwmr^xkk<`oxFB5&3;BTw=3K3jt!-A@lN6zNn}hU+Fkb23&)JKhEU82$D6SL zIVHW#`ODB7JtLFSJgdeaB8wb(GgFX*{|>Obm0|7D(93vZD5p9y+1eR#NS`;RJ1oi~ zG{U-O(GLcK0e6j`Ct4Y@Uz3H{C77v~Q7_>ev^PMW-`CdB#N%gox=qJzLz?hO&ZEdP z_tR1R2akngZ_kx^8JeSs$K|jik$1cwWFCa&hdbc+LU*nN=s$$3Ik78n@kt_jZzKW3 z3o#JVV^HlHG8-HyW0h^TWmoiLwFQNgPwvegY)8H)r7J&Q7oQz(yo@$&WHJrA@N0Z8 zfQXfzIokqNJCVcIJ0v7GGSY1}!K_AH*-o{gs-;fJ3p?VGrcGfK+LuCpP!}JS#eLmn zqfSs~Je;Q7esjxucLv-qex1!^r6~ZcqY0geuoK(4g)Ym!TchL8Yy-r?@7IqFl;CmHQUK$1_>2c)&^%-)`dEoU#5!uKNs% z87ddLA7l$CfM}Y^)yh*h9AP0IQiv4$&cGWDi><2B+)BQGF|fV=u4T)Z!Zll6G#Tkq;{MSwla$8%ByH zntgDOA+lw}*MK7s_g5Kx!WtBg2~6^>R|H#LR~ zv!BHLMsJUE_(uBl)S``XLkzuOOp%lNAUjYOB!)u%fZ+o> zBGaqG)*OU|J8^NTI=@>;V+z@Q8C}WFV1dwVCKA*$TGl~`82O45NV6g$}mg89Zi}3fHr0PkJ zDj{NkDB6qbqfzB=7WfsNklv2b+;&6beU|-D)XbRsl&LH*dOYRTyBP9c#DdtTgcl>T zd-w~e!>?={^?ZYbfw8V?T1@!^A#Bl~^N;kCto4J)ck&JMuhb|7f%!!7)7 z_}iG5jLpPw&3AwD(K_EG^{+2+>XSIph~sQYI*MH2{D5mH`D-wKyBMHK*Zvb+ z?E`kV3#sBOPhlc{cf*!Tio{GEV^07}rL*_k7a5ZSUkc&=3vyKd%OpmVY=7;e3#v-v z!u1)#3t$u8Ug!RT-RRy#mU{}4`9!pL(7D}f(>BAP3q=AB1R~sQe|(vU38Ni|7+T!o z?Cd&2JSgVGC}4QZ=kFk4C$6E6!67Twq1eOX8K>>q2|R~d(h=7Vh<4$~mw*jz#u*g` zMFhjV`J&)A_G(*iqIvwJ9B``1h9=Hl;Z%sHOFb%X->AAqO3l(nzy#I^g$Aa4(yfkR zqhlMv%ZQfmiB2NfA}LY_w1%BPAP>~$+ZCrzYMrY|Jp*e6x;)JLD>kBtGIjFGY^|v5 z8O}32!XR>V^f*a!k1Sa`&Fxr%i}WIuI#uzjFW$8)CTpPcwY@!b_V#%@Y1xT(C|utn zGGYmKDlO^7Y)}tTCw{kVH=0;Mj%dk=L2!G?crA5kbbAD$9m00JhXeV+6LB5sD#56R zfGUFl!x_lroz@XCA+{tXWJ@MWi=ZlBRy4MAV+R3C$iO{DLG+2$7#7w@9Z(>mGNJ19 zs*&oaINrnO$z*>AAoYzBe@h{joqCW}sL!o|d*~uvDdQ zFiO9RVGEMY&Q?XC4&G-jgFc^pi1~=s2>uG;y56a$%+vFlc8h2JpvbE5+CcN$R(XX5?tAQ4q7Rx5$*)A^A05x^i42M7TR;N!yFIp6o<}F; zSE)dL9-pH!)9S*iFBD6<&UjZI?YmmST5(4gL(q#0q`3Bvs$-o<8ns4!2^ehDGoiKS zT7g(Wr7EWjRtbd)htpHIdnVnl<#5%?FN7%WYmc7YXQbxatECmF*lB2u3UrE(ftKpg2Wm@TG;!Er-vsp(1 z=vL)*SYAi-+$i8YjA+#^Pq^Ju5hD=lCkdDB&-GD(YIFZ$NRmSy}))0i&?fS z8dCYrlA+QK53}BT8>Xr)hLkK*2kNL&9v_`LKg?Urj~e_(3W@ zY6}*t!#l}w#n5&ZbW~*}ve{@q$MF=Wk-E&h+HUF@h%e4YP1`k_Z>h%#C-Ogglb9^t zeP7!h&+KSvJ+1uUZB10+*5Xw%<@KcK{X7`C_2p=B2~>NUv~zJ&m?cPv6c-+UJC35I zPB_Eu+go%#6o^@wd3yO_jl$XyXmI}u&X{IZ-gpnz*k%6o>IcrxuF<&VLTtwPP+jX8 zjZVJz`>d=tH%1S;+57$%vqh{6r+#gnFBg%^%kY=$1`0-B?!!kVB+_4;F9Kit``aE| z0ev?o%Wd=xCfdB=)|tVw2ke1*k1fB4tYhUJNvo1=1mq~*N2!oh-4ZSg;3*W-|10cD z;A&jnzf-o-LZwaVNDGS2zR*IegbHPsBy}yNq(!c`6yb`pCpp>ook+A;vm_MZrY!Ap zOC`$E|C#qx&dm9JKL31I!CZ(AvRe2V#TX|p5`&>p^lxqIp8J`y~|9GMK*?|>r!^*Bi9P`OJ zcj{Ai$+00nPyLs*{@}t6b%i*}y|g24VMnlnqJ(Pf%ijFgzAtUcyO*3F{3*(4X#27G zMofJZLCx3Ho!U#y41LC%oZKk-;+Wu7>|{By{ot(89b^1s?Cev{L^WrHdB425*J29Q z;%`yt=vM0e`SN)6P}@ec`B(K@Dj!GbZ!qz$%N?)aZGI##R}fQv*4=CVBBk5@XL-zV zLfF(WxCiB5=cwi|AjRRVu;1R8{|5HoyHT4}>f_Rez~* z^s$*QDv_)#&I+pYKipjOWkSxG`46J)R_=*xa4K$n@pQezspci2Ge^u|ri)!yy?4)S z4*syi#HY>JOy}j(*nR9Qeb1R2&dym|lWn?T3-{mgjx{1G>$v(ccOQ10|0~m-9}QB* z{mN`HjBMTX%+jqRe&^Bh?I|lIM{HfwJS?7%KXxm}ga+A4^KXD_1n2Ie{J8I zO~MYp3e8`O{=Gj>*WhRUg$zOejyS8;r$4VaGB<1S;(LtVD-%nK>+41w8FfR{F=u+o zie{^9QOAk1XWa{OzEe*lg3q14@heL`Z;VFfudKE6tb6_ZHBwhIZ|||5Di;U#KWtUy z+p|DLr0%IQYsa{In?qYyDcD-2TGh1-5B#WnIa!^fw)i=fag>?c!|>dV|4gnQ=()h^ ziTC_rb%*ng47VvQ4!`d)>Ekl@pz_wn{rcOlK1}<4mQ%BO^TjBQ*@yUJD2@F^+(gBY z{Zn2!Xa{>nb=b@n*jf)<5~KWLXxy*&VKV}b8l5v*{6$NkKFw&%^wR69hrNaQ)g5;R z$6rYBw8)H@zthvP_Cce@t%4cFQ{I2-zwvvf$KhLdeT!%KJk$T{t4@gT^cly-wTXNt zub$|3O!sw)D`(dE#_J7pgTDWE8r?{>OsxN&{4DLo7^{}Ab6?H05v*#7Tv}Bdd)+W3 z!m~MJQ+`I3al~quzu&G`UJ`WKe8Sl)Gc5#x2glfDx7GjCE8BhY%KdsLPwI~@5`T5| z$@?cjNUaWN2?{RSQup%xjCu2xUc0i&W&7?`*NzXLIpxj2HD7qGyLOqR<|mt6Ut4xS zvVeM+)O)FJf41$b{>ht;ALG=GZ0SE$rO3S?_3d|4_oz(a&Ajv@YbGTg4z{a$p5yN^ zOf|T2#+CceuR4rbk*mIYrq$(-n<^jZy+4@yA#cpvk=OlJj!xCqwW)jV<#$O`YKbEg4P->s=`=wmZ>tuLo^Rp^V>fnC$h1oonL&HXo7%^2c%auKA z;K;^#Q?_hm77fc)-r3)8$9T?&Xl8BPoQ+{6o0Nqk_nJ)S=T18lv*p&21L@_{XS{nE zdzpJJGS02fA`4Xw`27>1m%6TI^JVG*9MQfr!>d3Mq4RA zyNLNC{>N(04U_geZ;$s|etF){jHPXNg^%3^pRaNax%Aw4cgl`ylYp+kPq%5*C!b*0x)oUlXTr9a6}35jm6k&Tiq756 zw_LyEhnrv93qkv+v^2-l&u&mRM)b3BTko24EL=}z)YmI>LOYCq*+wf@>{RWQZ1g?$ zC~LrsTkka|1vF@noGTj2$&A@xIn=b^+Opp!;l&28) z&qKYq2kh3F3=h)^a~YX`!hYI6#uq}r6utRmx5c!{^~Rk?tXqb&G~I&A`h@n&r8ZxG z9dQ0bZg7)f{j(dbiMRPnCVxJza;Jp9o89g(;;63ukh9l|eEyv}HU08QyG6@;ea>JW zuxOi@>p%ZD|7z(HrLcx2vu`f>dzsUotjGsO=eC#$inZ^%Eu9~_$F4nNWQ{<#)Wi1O z^G|bQ>&0fxO0AQ%@@{@Gw|S$Gw#)2^L&^^7;hNcp&1x&S#@p^IM}@U6IXvi5`HX4b z-)!Lhr(x%*m18($+k!96YEEjV+fOW{qwUKjR>R##{WJ-;I-eFO7c!g%|? zcN|gZZ$(}3TV=a*|MfPP;eIzGmX2ZvX)H*LGv^o`>AS?xzOblV(c3Gj!P&H8jZxP6 z2YWkQKg=G|$IJ4?>a^*mD`r)1x)wHn$UZlt(GuIWg`7jR@42-@epcxHjDPi8@YHu% z`t8fQ{Vp!6orF_;FhRYVEsMjO=&U|3ed-{8gUCr8S zlQgs2wMs|&J{(+=<>%mQo|!UEPvxZXx2n(6zX;83BSc3%D!t$EoeS<(*BCmMFLPKj zfAU9``Os&_XCHGmw2?Po8=Yu+@BTWBRa>6B{a%*( z;uQnW4cal`wops$^APLg@cjeA>dUQG$K>=H?Y(Z!@tMUJ79BWsxA5G>k~RbOP={&C zfdv&8D;7@drR{yzQ+?9$$EUr+#I9}q4WB(Lp;mTSj!bq_yBIorYS>K=$~WRkhhKWu z)pIv)oVz+^Y@6+ZAgv)WeyKXY6PG!5*w<$*dSCVUR;tn0?ZV&DUwW(l65JWr=c1!W z`r!2k;dT1z=Kc*@iG$~SAG^R`J;poGMe(>;Td4V{-*&5b9lNHxx28|7=ok}oxaZr4 z3)iN5S&hz{wC(7J4`VNEwQ7l~j2S?UD6j}Vu&Jc|T+aHs6M^%YTZcT?YuZz@O;tUF ze>-e~*V4Hy&x^O*H~*yhLsI6MTp##Y^@9G9H#6VN>(x8T)APspWl_d+!j`44{`9~+ zhs9c6`C$9(N3P!==H}{*j|}{A$!^S=pE`w~8_%U$f4j3@b!)l!!pp5W4v${lyZ7>Y zYyj2XXaDP*3HN&$Bu-iPdQoe{q^oDjuAUvgB%@!O6X7rA4Bfeh?d%PUtCLcH8B-j#SO4E?qn+&HCciV8K8g2zSU?@ddOZnR79Q*$h7ZTJE0zV1n)!{zQd@dr<9 zw3cqqkI{K*vrUrj?zVp2jTeojZaxk=DP}uj8lxh&u>Y=Mgxj4j&N-Ns_o0n<$ta}a zz|{jYtMsoYjEJEG9cp)LjHkK0U4L5ZpC`|Ett+3(WmPG(Fk8O#|LCml5&g`eakG8L zrIu62m8&v${+?d^P(NvQO_tiscNezxsY=i_x}Ij+_ph9Fks3D@K3n%|s6J4pcD%&3 zqu=!y>Sp7zrm_0!m8ag{O#H1h>(Nr@>erKt&00cKZv};^$M>myL>=GLX0A&OnKIT| zp>X(7jY)Y~gC5R}{bq1O@v)`C_TIx^k1KZY8RwFsGhd~|qwoG@#W(Xu-Y{~Z3imq| zY}*~5DkwZi-C_UK{jK=IdG5Nmcb?j|pE@1?;zIet^4+JCOGidcZ5ngJr~O(>@L{{; z+J)x+Iok$R7&f`AsM!}M&hezKX$5FCSWF*oH0{MHwUhsO{kpU&wf%hiUth}?|Mz^g ztJ@O8H;b2TZB1`={p`LnbneZdWB>WSEw5?*DiJiUpSpg!O22y>z8wGJRdlWPTCKQf z`oxZc8%00Qw|O-;SoVH2`jO|OF)zJdW}Pv5Juzct#@h_@&r9lc>g}!+j>!;}J@BVi z49zSrNQ($sp1rU7v9Q9t>3*}%!;XNn$%B@=_ELNMPw#PNr`IRge;T*Iee9c@%KARy zNukY+cZ`k7v+|2{U5A*hAKusJar|EuPFn+RsT}TDX7>2t_L|u#=X<(_M4MSU`QEVA z+{KVc9>!OWkGu4_qQ~|2rDmsNI5{(Z+Kt-vk+NHKYedV+lfyKmRzn z=xX@O*1x{3s`fZ{PlC&$dl8eDk1;n-P%M3HvN=33w4u1-@%QXxy`Y9% z-=O93sRo8;&Q!L39%T3`CpdJefphH`5B-y8EkCS{zBXc%sK9AL=6nkerFjXW@8bN- z*>C48*VHj6*gUkE`fxAc8Y8H@CATrZEVlOT)0UAB^sal|Tls9@$U>DKUyj~)JvDXc zAw`Fwr8T)_Uu+T{ERC%jyWvUf-`j@-EiKPJv3J|HxIXIk!m0McA$uYpoO$lVVT^RU zQx>r>+Nv$bSF8NY_2KOun-jEu?9@KtT{U!GOqKE8MjNcX0 z$ZHu}H_13O+8=1&fk6n|zce5us1lEs}89;I$EyYJYC&Iejm z4!bM+KT0=mI$bZ>yvn>K!)5%yM>`ap7IQDx#6Nwgf5qdVzE@xWRR`AedU`>jZs(%? z%K3@84G(7tjS^pJCVWWBQh&Hx=>p^U6_**?83%eFXg)u7?!{e)TPFwlYdp`lhHHRK zo`;X`J1MVW^HYlxdE*|&oX?1}PjTfbcPw7FrZq3eGykpC=H)7N6BmB3h+%DCJZ*TR zn}_bCo&AkJ4Tzni5meB)O?OPsoCP)M=bxN`>*~zjN3@Jyb$WA1Scy@d()oVYsvdn3oj`*PF zl<`>$?KUed;jUZkq4aaiu%G?>-^|%NY1pL?rqs%|%2Jai{|B2g8?O2OXWEhDs#We| zlX|eDPvz6Z=6$iN;xncu2^9So^_-_P?#y555lSsD70&1!NQxQYG^ozAW%Tt2KKFH= zUA_LJij^H;)n=;K)MWL6}TUxI_}Spe_QHZF*ZO}{j6E&COR_iUJUP54 zx_ZX@g)JRD23KAkAYsF6&szF|t~VsvJdVu8yaG7tQTo1U(+VR-%y9Y*LgJmot|K~R zUMl4AwzE@=sJS}|&c0#wU-vC)lVz~ZbQ8ZZ45cAoEH2b+o$#YalCJ)V_+jzAg3I@b zi`-uHs(GciwXpg^z{RrQ)@9s@*;i`+z-4-pYNvRdvUQXh_8sBm1 z(*-xPk8f@_+ur$~r@E3mR7&?Y^O~#yV@yrY$RGod{ZaBjWyu z*88m*+oN`keBKsxb^LYq=z)#UCm z49km(9VO0LyZ_`al~qSa2kxg#{X%O7uJp~(t9rR_#nVCU&tHwKe(`b3Dw{g%kH2T6 zZa;MAO{pkszrkIty$0j_^55s}805m3r1tD*MdP5rP_2`RiW9}+3FoUCty11uhc=&! zPNC9{b!Y@wwivOjTC5tGEe**&HRW+mr`5_{-O+vLmH#ep_`>CGfgG)OTAUr!=wOxW zMtVJ~El$U#XWRE?TuRD2kbQCL6NAC~*fHgLiq;~|hI_h-t)bqEk;_{eavL_O3vRC1 zqGDRtaP(Z3g10a_k#9G1?c$4(-@_ITe^FTFr`jC+AiZsKpMCqS)mApQ3Op==Bb2jk zq70fMn?#8hR>j<(ZL@q!Ssi1IUFAG#Z+Y4Jv!-zlX+P_{0_Hkw>7nMXmeAblt+_n9 z%pzgWe3jz?%(&a)-lvpW)fV>6H#%+hYE06QKx;h%UHi7e=)14VL{G#?x8GYTimjgv zk8yA;cRe3{Bucp2d~brvqZEO~rwM_xYfe%B`p&XxU$b=Go7GqP9Q?sw_Oqt&?U~yn z`uzIE_-gEKEFI#KHh7&^MKT*+Gj?O}B*) z0eWtv5#x$PEy{>tVGUoC?=%bKUmS)ESj^xBiklX6T`a<+dIU$ zTqHU0zOlB_ME{_Gus|kA2iaH8BWjHp@3i&0FZ1S$IDbyL6$m>;N!o5EBVI|^^|HPs z2PBJj&S(acq0dkdcD-yJufSwX97dm?ioe$^l;@dJ5-LIo7|J3?5^Z=+h8b+TZ ziPu3S|8BL2FRgh{#!$-1npVF}82Hyhqb{d+?A=YlB)mnQsIeYx=3C9m?wtkr$=Pnq!AtbSXLD8(k**y}TD_Ad#{9szQdX(G2eslak%)I94 zzNdQd%@R-Q$larrqK1$4>U+*?R`yK(VG%x{Y0zDMDKp2UAg*Y8Jd3dt_Hwjf`5%T)biw&UDWzYRO|;mxl3Pflsrje2!--fQO*r!EDD+SM(L zYPzZ$;5o|e#)1Ral}gpoG)PHrl{rE=`~ zwu$`7_FF`5i)^PmR^=TFSMV$=tl0AOYGy=ymUgE5j*AZEfrm7oQJW`oZIAyuCoX!z z;!5t;lW9fAm&P`z_;20j@Vjou{%M(({KAdFo4jUKjB%a3n`=>_wmTYOXNT^pZYbAY$Jr#`w|_R*%G zZ9-%l~rlxv# z*Ab`pxKy0pvahjarE1l3%6){!_5&q*BWE?8djFsyVdT^Uk-Op#SX?5=h?uYTtGYjkZlnG?FA39=MA@gV79vG)Tpvk2D7!oLPZBolhWCc~ZfO zD4~w%)A=1V1a8&tdIIk7Xbz!z@L4P-d?bDKn2c2v=t86qrOEh^Ir?-xiQ%a$6FxKx zeLBB`qWIm#!P#z1^y&N#Zt3RJH+9p+foA1Pukuz#rNgD%=p!W+NDTFv43Qpu0o~Nu zQ}DNt+1c%qAoyMYX9+XW2PK*o3I}`xBWZmHPdqpc34NsBL9ad}uwhM`vd4UgTKNb9MrL=PpVfW@Y3>4p+Z zsT0jW0V{yzkqpTUx^V@#9<7&oCqJZ=QSeCTiyoaMjqpgb13l7pm9qR_c+>>*u{%E+ z)}pUMog#BK6%Wp)!fDVURS$+^{bw_xvrK8;m+;5o(8qL*q~A*5QA2?T=UsO-g~rj5 zJvx>$**Zx!!=nbA-h>nOl}Zm=+ue<~TeKyqkc$Rlh_nGxVItcAfq=+BOKQMkG-8rQ zYHrHXfIW&=L`!N+Vl;d?8hTpG(uid06Ke&1)Q1)|(4Nxhwn36~Xpd@ldlcZVDjQZO zSESS70zA^}ls=lXvBxz0QImsxyHWPhX+KOadTgMa=&>Qq@)JC2NOr<400aJ1hyF@S zYRAenhcDv(X|j|?DzY#dnI_XTno?0FOCy#fLCXzM%aK6ooDq^A01oOSJ<)QCWUn2N z&~@r5SuJ2PO3{>^)U?}pJq ze(0z(^rO~I2xr*BfpmGOQZ_Js(9fUm;Os`SFg{#h5AzeF0}Led0B4j3NiX1v(TQys zJz!|6;+P0bKZ!5OgCg^Qk%CMrj9x4haj{`R_l_8ya!Ar4ae-rEmKZAorRA{Dv3uxe zUN-~8Vm8vE=tl+7rX91{^3 zot8r~lq(X6klBc*6^q!N<#vt$Ix!al1z+e&krfuRgvhY|lL<}FN0$o!!O$FKiI8oH zV<1@M8z~U|4?1-CBl_u{%v>=?jE`TsV4+y9f*di~8!+HF90CLROc5YU00Ni5 z06}_?NG!%H2$g|5bkR|xvUEI=h>H(=77HpPMj=0%j_MTRd^R7X0+CoK;*gaA4a*{h zGfIo%Sh58J#_tk6U0eWdEkp-b%F63f>bu3zb@b!VkP?ZBl;c!t1!0XjET zwh$iJ3oK#~B8wZwZe}3TkMG5P6JvS~%(Ue_#;n?WCimIux;{ zYo2zqOURXz@;tyuRff8R)S-ZJiIENpl+Tmn3Q?ioifFA&;8oe^+7<$!wT3SY;4KR*(;~GAk!smHpC2xu|Q*(kb?4I6mr;vc4C7$%S91I*$feeyk-o8gMA5B zv$-(5z=go*5Jrq6dX`Xx=fLK|^h99**+LLTSVe3upAExRmX4mXY(gC)IxeB!0pozN zM5m>?*$*I!p2-vp+yd(WV;3+BF!+z4W3$+}44^B+!PyVVfDY#Z1t79Ru@PTzR%s5JbOH(+{m|{eK%&JUp+tnC%7y_0Ba_c2)BZys;w@f77QkJE(pkc0gQN!eh|z(!2(tul2pdcs zErSOjZ8q!0=QbqN?RM8P5um}F%{A~6?t1lerxbcDF=2pE!t ze9ZoXnJ5OI2=6<#5S&d8UTd}xj8>v0aD1~sfKNqWC>KTpHWkr$gA@O|rm@uilMX`M zu0t4DG&pAvCSnm>KpCQ=vj0q3X~8I>jbX4NfGaUJn-cI~jNtuFw}ea#Ee4&6X9%1D zFJ2xa*^fAg+ZDiRP|#q)(fX%T21r3dsL)-4!cDR*5wV4A!b@TU29t-NgVlJlG9rlo z{4ri=`ws>KfW*{6gN6uY03AqCT(n9tT&MsBgOKEm2s|tf*$@i3UBrMxqnb;!L=2Zn zp!3URxqvWS=ff0(keeI^i!-?DMN<(%Fi-}~|L(cX7jVeY56&Lp=|W<_a3d38A}-kT zcm;(JFeDl$225sb(e@uLKyZ@_G6YK&S42__1wSz^fIuR+#bF^GhWQa7$p9nt0f)t= zIH0+)3^^=tAc@M*7|{|WFUSC=1~9E=$;LtakY3?~_{Sgi zBaln53+ZhnT5jAf9NP+KLSY|jSLHNR3ig~)cMFz zA%ePeWD^f@f49rZ~%1|KY!Fne~ zHDD}y6Fxe5y4Zfh(d}314a&N;DU%y z#}r2h1>`fI#?kv z2uZOlM6!o07%*Z+(1V&3-(U>=aq~OvKOlq{H(4-OL`30fuZ9S(p_u~?H!(dy3qi;q zYY3X2LOjL@@)rn+s1#%fJ&Z>@0TYVB_{1^`y3$JRKMo=!r5?1G-ew}x5-vCcd_vqp ztcfKeJRQK;#5xA@%2}|q*HtjRzQ<)ze31~3`5?C((&8*c7_4q!iJ{Uk>j*j&yCU2; z*o6w=zwQ=y77Qz}$T30oN0$Ktgdoju0YYPhVL`Wq7_7h<*d~I@1;D`U#|I|OK^ZR4 z_8)*yE>S~-5pFrnYQo5b{zP^d#u=Jhcu|27Z2qQ*6EH{C- zh|2&}85r7lWe^=<4MAEFh!CJd{O`2?Xpj)CTrrGQVn)yyVR(W*s2d zi2xJ|VGsdqi0y#KfK6?%|7egHy}&AOHc)c z6xm{=W(kuE2)VGBU4k*xz$2%H9t4yEN1fhtHVBKB>tDFDU5aV#;7ku3oe2bPp^I)o9@5#BZcqY#%V zs4}o*LZk&cF&DT0(5ng%h9(I)d?Gf4lqXoY7#%8vv=eDMBL0UI{+}plr~QW#lO{Ax zNGK=3Kp@F?6If?hWoSCG>qH3hpgSQ@i;oYQj$prlO~FtgEERZ*2vjnjAtZ*F11>8dG6BjQ zpAj@hNJlz9LJ|T7mK~&(wf|^PzA_MBz-I(%9bB4?wHT!(7a9QL@rXzXjmdC^w*MeV z2qrIH2#pc;JYb+saL%C0fH8$v2GJ2h3VctnEQm6A(0-7vcw%@HOe9l7qz}M1W6@g} zWvmy#IAFwKX;Ed!Eo?L$*_{I57HucW*ndC>>rez+A;wE8CzyvY6uL(+ZO;P+CLBKc zQDuaL6s758J!WM80SJ5a3DzJxk>Cs%FYqQPKB{SqXdPg%2|=DS5JADXh3F_^+Xcu8 zv==~*P)vG1AP2!&A?OfBjD8{Pz=L2nRxsjBr;z$%|Ivi_rV?0D;G-26EHRA{1|>3! zWfm3aE}=1bI+)0^gB9#Qs13wBWI>4UqGeNJ^aBPP6!GyvV2U#c`kXQ(BQIK>(Fe7k`&jI0&j|Heo_g2Dg`wu`cjq%o@%782+ zGZd3z8P;S#-r{M&^@N>wWM#kx#!Yt$?XQqq%L5F2SA2@mg%IKv?dYMmGRw#Xgn>RG zDh>JJyD3n)uz!kJ|D{24nm`3%J&DK=UMG^B$1shBd{~^4jqTGIw3y@qipF#qIbHT2 z3de8=l}fXa2%W>`E?DXz*orWmtxzb00OdtB#F6nSOVNaK1%tyuP90Ez^mcPuR*NC9 zM{)~cggOTQTL8Ko;~*Mae4ZG$|7b#TI*El4p}|{>5`!qjGK923VxJETHi*8G(h;yf zA-pd858M}UrLhcAA&?x$5FHUj5_DJJ}@WIcK z51YYy9NuE6AXwyhes|n-CqbK@l84 zw6KM%avCEvD$SWcGDT|t!Nz8Yk`t{%7@_T;kHCN-TLOC|h*3?`5soXuNF^rXQOIDx zB^)9oSFI5SQD~eqC}dB#+dv096y@>*!=D&iKu0fd(ERU=fS|n9|@nHX#E!{c)1Kkr1t}KBG?{7a0X2XISjUjkpmNkDiN$k zT2Uw%NE8epyecC}UIlOCQs6{cO$iPTV@h8%gVQHmgBAtD6XecBPmavlOly0Qfa}O& zJ3^_zRwppkow!_Q2n!1#DCaQF*;e`gCqXaZIR^VV1p50eS+Q~%(+cu|6HM6l(0336 xWOLxv7I0MTogE<3J&wy6$AMEolvjlLhK5Ck`Y%$3@6e_Qj{{f&=7(oC4 From b5f2d78a602508fb1034f1068760e9bde203a80f Mon Sep 17 00:00:00 2001 From: Seth Grover Date: Tue, 12 Mar 2024 14:47:20 -0600 Subject: [PATCH 12/79] for idaholab/Malcolm#437; for capture using the zeek-live container, af_packet isn't being used for capture. the issue was a missing `lb_custom.InterfacePrefix=af_packet::` line in zeekctl.cfg, which was being set in Hedgehog Linux but not in Malcolm's zeek Docker container. this fix makes sure that line is enabled in both Malcolm and Hedgehog for zeek live capture --- .../hooks/normal/0910-sensor-build.hook.chroot | 6 ------ shared/bin/zeekdeploy.sh | 14 ++++++++++++++ 2 files changed, 14 insertions(+), 6 deletions(-) diff --git a/hedgehog-iso/config/hooks/normal/0910-sensor-build.hook.chroot b/hedgehog-iso/config/hooks/normal/0910-sensor-build.hook.chroot index 0cf80e7da..ae1f4d3b0 100755 --- a/hedgehog-iso/config/hooks/normal/0910-sensor-build.hook.chroot +++ b/hedgehog-iso/config/hooks/normal/0910-sensor-build.hook.chroot @@ -49,12 +49,6 @@ rm -rf "${ZEEK_DIR}"/var/lib/zkg/scratch rm -rf "${ZEEK_DIR}"/lib/zeek/python/zeekpkg/__pycache__ find "${ZEEK_DIR}/" -type f -exec file "{}" \; | grep -Pi "ELF 64-bit.*not stripped" | sed 's/:.*//' | xargs -l -r strip --strip-unneeded -cat << 'EOF' >> "${ZEEK_DIR}"/etc/zeekctl.cfg -# all interfaces using lb_method=custom should use AF_PACKET -lb_custom.InterfacePrefix=af_packet:: - -EOF - # set up default zeek local policy and sensor-related directories cp -f /usr/local/etc/zeek/*.zeek /usr/local/etc/zeek/*.txt "${ZEEK_DIR}"/share/zeek/site/ mkdir -p /opt/sensor/sensor_ctl/zeek/custom /opt/sensor/sensor_ctl/zeek/intel/STIX /opt/sensor/sensor_ctl/zeek/intel/MISP /opt/sensor/sensor_ctl/fluentbit diff --git a/shared/bin/zeekdeploy.sh b/shared/bin/zeekdeploy.sh index f5a88d49f..422d94549 100755 --- a/shared/bin/zeekdeploy.sh +++ b/shared/bin/zeekdeploy.sh @@ -129,6 +129,20 @@ elif grep --quiet ^MailTo ./zeekctl.cfg; then else echo "SendMail =" >> ./zeekctl.cfg fi +if [ $AF_PACKET_SUPPORT -gt 0 ]; then + if grep --quiet '^lb_custom\.InterfacePrefix' ./zeekctl.cfg; then + sed -r -i 's/(lb_custom\.InterfacePrefix)[[:space:]]*=.*/\1=af_packet::/g' ./zeekctl.cfg + else + echo >> ./zeekctl.cfg + echo "# InterfacePrefix=af_packet:: for interfaces using lb_method=custom " >> ./zeekctl.cfg + echo "lb_custom.InterfacePrefix=af_packet::" >> ./zeekctl.cfg + fi +else + # no af_packet support, so remove InterfacePrefix=af_packet + sed -r -i '/InterfacePrefix[[:space:]]*=[[:space:]]*af_packet/d' ./zeekctl.cfg +fi + + # completely rewrite node.cfg for one worker per interface # see idaholab/Malcolm#36 for details on fine-tuning From ea67d08a77631c5f447a486b7969bbf1923a8144 Mon Sep 17 00:00:00 2001 From: Seth Grover Date: Wed, 13 Mar 2024 07:35:42 -0600 Subject: [PATCH 13/79] fix an issue where using a different value for MALCOLM_OTHER_INDEX_PATTERN was not being applied correctly --- dashboards/templates/malcolm_beats_template.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dashboards/templates/malcolm_beats_template.json b/dashboards/templates/malcolm_beats_template.json index 4c9da40e4..fd9602182 100644 --- a/dashboards/templates/malcolm_beats_template.json +++ b/dashboards/templates/malcolm_beats_template.json @@ -1,5 +1,5 @@ { - "index_patterns" : ["malcolm_beats_*"], + "index_patterns" : ["MALCOLM_OTHER_INDEX_PATTERN_REPLACER"], "composed_of": [ "ecs_base", "ecs_ecs", From 0baf9ca7f0e7d5251a6a598a1a8edb344d77b788 Mon Sep 17 00:00:00 2001 From: Seth Grover Date: Wed, 13 Mar 2024 08:18:49 -0600 Subject: [PATCH 14/79] missed some replacers in a few dashboards --- .../9ee51f94-3316-4fc5-bd89-93a52af69714.json | 6 ++--- .../a7514350-eba6-11e9-a384-0fcf32210194.json | 14 +++++----- .../3768ef70-d819-11ee-820d-dd9fd73a3921.json | 2 +- .../4ca94c70-d7da-11ee-9ed3-e7afff29e59a.json | 26 +++++++++---------- .../79202ee0-d811-11ee-820d-dd9fd73a3921.json | 8 +++--- docs/contributing-dashboards.md | 1 + 6 files changed, 29 insertions(+), 28 deletions(-) diff --git a/dashboards/dashboards/9ee51f94-3316-4fc5-bd89-93a52af69714.json b/dashboards/dashboards/9ee51f94-3316-4fc5-bd89-93a52af69714.json index 57ea8d429..153af4d2f 100644 --- a/dashboards/dashboards/9ee51f94-3316-4fc5-bd89-93a52af69714.json +++ b/dashboards/dashboards/9ee51f94-3316-4fc5-bd89-93a52af69714.json @@ -330,7 +330,7 @@ { "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern", - "id": "arkime_sessions3-*" + "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" } ], "migrationVersion": { @@ -359,7 +359,7 @@ { "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern", - "id": "arkime_sessions3-*" + "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" } ], "migrationVersion": { @@ -401,7 +401,7 @@ { "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern", - "id": "arkime_sessions3-*" + "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" } ], "migrationVersion": { diff --git a/dashboards/dashboards/a7514350-eba6-11e9-a384-0fcf32210194.json b/dashboards/dashboards/a7514350-eba6-11e9-a384-0fcf32210194.json index c51cbcd3b..84f06730c 100644 --- a/dashboards/dashboards/a7514350-eba6-11e9-a384-0fcf32210194.json +++ b/dashboards/dashboards/a7514350-eba6-11e9-a384-0fcf32210194.json @@ -122,12 +122,12 @@ { "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern", - "id": "arkime_sessions3-*" + "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" }, { "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", "type": "index-pattern", - "id": "arkime_sessions3-*" + "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" } ], "migrationVersion": { @@ -156,12 +156,12 @@ { "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern", - "id": "arkime_sessions3-*" + "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" }, { "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", "type": "index-pattern", - "id": "arkime_sessions3-*" + "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" } ], "migrationVersion": { @@ -356,7 +356,7 @@ { "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern", - "id": "arkime_sessions3-*" + "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" } ], "migrationVersion": { @@ -400,7 +400,7 @@ { "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern", - "id": "arkime_sessions3-*" + "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" } ], "migrationVersion": { @@ -444,7 +444,7 @@ { "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern", - "id": "arkime_sessions3-*" + "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" } ], "migrationVersion": { diff --git a/dashboards/dashboards/beats/3768ef70-d819-11ee-820d-dd9fd73a3921.json b/dashboards/dashboards/beats/3768ef70-d819-11ee-820d-dd9fd73a3921.json index d7c991a76..21246f26d 100644 --- a/dashboards/dashboards/beats/3768ef70-d819-11ee-820d-dd9fd73a3921.json +++ b/dashboards/dashboards/beats/3768ef70-d819-11ee-820d-dd9fd73a3921.json @@ -130,7 +130,7 @@ { "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern", - "id": "malcolm_beats_*" + "id": "MALCOLM_OTHER_INDEX_PATTERN_REPLACER" } ], "migrationVersion": { diff --git a/dashboards/dashboards/beats/4ca94c70-d7da-11ee-9ed3-e7afff29e59a.json b/dashboards/dashboards/beats/4ca94c70-d7da-11ee-9ed3-e7afff29e59a.json index e17788646..1b5ef9a76 100644 --- a/dashboards/dashboards/beats/4ca94c70-d7da-11ee-9ed3-e7afff29e59a.json +++ b/dashboards/dashboards/beats/4ca94c70-d7da-11ee-9ed3-e7afff29e59a.json @@ -124,7 +124,7 @@ { "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern", - "id": "malcolm_beats_*" + "id": "MALCOLM_OTHER_INDEX_PATTERN_REPLACER" } ], "migrationVersion": { @@ -141,7 +141,7 @@ "version": "Wzk5OSwxXQ==", "attributes": { "title": "Zeek and Suricata Capture Measurements ", - "visState": "{\"title\":\"Zeek and Suricata Capture Measurements \",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"32d1fca0-d7e1-11ee-ad81-217e54128a4b\",\"color\":\"rgba(33,150,243,1)\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"32d1fca1-d7e1-11ee-ad81-217e54128a4b\",\"type\":\"sum\",\"field\":\"zeek.stats.pkts_link\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Zeek: packets seen\",\"type\":\"timeseries\",\"terms_field\":\"host.name\",\"terms_size\":\"25\",\"terms_order_by\":\"32d1fca1-d7e1-11ee-ad81-217e54128a4b\",\"split_color_mode\":\"opensearchDashboards\"},{\"id\":\"02bbf6a0-d7fb-11ee-a5f1-9ff9da698a18\",\"color\":\"rgba(84,179,153,1)\",\"split_mode\":\"everything\",\"metrics\":[{\"unit\":\"\",\"id\":\"02bbf6a1-d7fb-11ee-a5f1-9ff9da698a18\",\"type\":\"positive_rate\",\"field\":\"suricata.stats.capture.kernel_packets\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Suricata: packets seen\",\"type\":\"timeseries\"},{\"id\":\"e4143600-d7e0-11ee-ad81-217e54128a4b\",\"color\":\"rgba(229,115,115,1)\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"e4143601-d7e0-11ee-ad81-217e54128a4b\",\"type\":\"sum\",\"field\":\"zeek.stats.pkts_dropped\"},{\"id\":\"f6df2790-d7e0-11ee-ad81-217e54128a4b\",\"type\":\"math\",\"variables\":[{\"id\":\"f8ee0a60-d7e0-11ee-ad81-217e54128a4b\",\"name\":\"packets\",\"field\":\"e4143601-d7e0-11ee-ad81-217e54128a4b\"}],\"script\":\"params.packets*-1\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Zeek: packets dropped\",\"type\":\"timeseries\",\"terms_field\":\"host.name\",\"terms_size\":\"25\",\"terms_order_by\":\"e4143601-d7e0-11ee-ad81-217e54128a4b\",\"split_color_mode\":\"opensearchDashboards\"},{\"id\":\"20b9a420-d7df-11ee-ad81-217e54128a4b\",\"color\":\"rgba(211,96,134,1)\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"20b9a421-d7df-11ee-ad81-217e54128a4b\",\"type\":\"sum\",\"field\":\"zeek.capture_loss.gaps\"},{\"id\":\"9a3afce0-d7df-11ee-ad81-217e54128a4b\",\"type\":\"math\",\"variables\":[{\"id\":\"9dece150-d7df-11ee-ad81-217e54128a4b\",\"name\":\"gaps\",\"field\":\"20b9a421-d7df-11ee-ad81-217e54128a4b\"}],\"script\":\"params.gaps*-1\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Zeek: ACKS missed\",\"type\":\"timeseries\",\"terms_field\":\"host.name\",\"terms_size\":\"25\",\"terms_order_by\":\"20b9a421-d7df-11ee-ad81-217e54128a4b\",\"split_color_mode\":\"opensearchDashboards\"},{\"id\":\"cad40600-d7fb-11ee-a5f1-9ff9da698a18\",\"color\":\"rgba(255,171,145,1)\",\"split_mode\":\"everything\",\"metrics\":[{\"unit\":\"\",\"id\":\"cad40601-d7fb-11ee-a5f1-9ff9da698a18\",\"type\":\"positive_rate\",\"field\":\"suricata.stats.pkts_dropped\"},{\"id\":\"f5352cd0-d7fb-11ee-a5f1-9ff9da698a18\",\"type\":\"math\",\"variables\":[{\"id\":\"f79def70-d7fb-11ee-a5f1-9ff9da698a18\",\"name\":\"packets\",\"field\":\"cad40601-d7fb-11ee-a5f1-9ff9da698a18\"}],\"script\":\"params.packets*-1\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Suricata: packets dropped\",\"type\":\"timeseries\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"malcolm_beats_*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"arkime_sessions3-*\",\"default_timefield\":\"firstPacket\",\"isModelInvalid\":false,\"filter\":{\"query\":\"(event.provider:zeek OR event.provider:suricata) AND event.kind:metric\",\"language\":\"kuery\"},\"legend_position\":\"right\",\"background_color\":null}}", + "visState": "{\"title\":\"Zeek and Suricata Capture Measurements \",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"32d1fca0-d7e1-11ee-ad81-217e54128a4b\",\"color\":\"rgba(33,150,243,1)\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"32d1fca1-d7e1-11ee-ad81-217e54128a4b\",\"type\":\"sum\",\"field\":\"zeek.stats.pkts_link\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Zeek: packets seen\",\"type\":\"timeseries\",\"terms_field\":\"host.name\",\"terms_size\":\"25\",\"terms_order_by\":\"32d1fca1-d7e1-11ee-ad81-217e54128a4b\",\"split_color_mode\":\"opensearchDashboards\"},{\"id\":\"02bbf6a0-d7fb-11ee-a5f1-9ff9da698a18\",\"color\":\"rgba(84,179,153,1)\",\"split_mode\":\"everything\",\"metrics\":[{\"unit\":\"\",\"id\":\"02bbf6a1-d7fb-11ee-a5f1-9ff9da698a18\",\"type\":\"positive_rate\",\"field\":\"suricata.stats.capture.kernel_packets\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Suricata: packets seen\",\"type\":\"timeseries\"},{\"id\":\"e4143600-d7e0-11ee-ad81-217e54128a4b\",\"color\":\"rgba(229,115,115,1)\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"e4143601-d7e0-11ee-ad81-217e54128a4b\",\"type\":\"sum\",\"field\":\"zeek.stats.pkts_dropped\"},{\"id\":\"f6df2790-d7e0-11ee-ad81-217e54128a4b\",\"type\":\"math\",\"variables\":[{\"id\":\"f8ee0a60-d7e0-11ee-ad81-217e54128a4b\",\"name\":\"packets\",\"field\":\"e4143601-d7e0-11ee-ad81-217e54128a4b\"}],\"script\":\"params.packets*-1\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Zeek: packets dropped\",\"type\":\"timeseries\",\"terms_field\":\"host.name\",\"terms_size\":\"25\",\"terms_order_by\":\"e4143601-d7e0-11ee-ad81-217e54128a4b\",\"split_color_mode\":\"opensearchDashboards\"},{\"id\":\"20b9a420-d7df-11ee-ad81-217e54128a4b\",\"color\":\"rgba(211,96,134,1)\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"20b9a421-d7df-11ee-ad81-217e54128a4b\",\"type\":\"sum\",\"field\":\"zeek.capture_loss.gaps\"},{\"id\":\"9a3afce0-d7df-11ee-ad81-217e54128a4b\",\"type\":\"math\",\"variables\":[{\"id\":\"9dece150-d7df-11ee-ad81-217e54128a4b\",\"name\":\"gaps\",\"field\":\"20b9a421-d7df-11ee-ad81-217e54128a4b\"}],\"script\":\"params.gaps*-1\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Zeek: ACKS missed\",\"type\":\"timeseries\",\"terms_field\":\"host.name\",\"terms_size\":\"25\",\"terms_order_by\":\"20b9a421-d7df-11ee-ad81-217e54128a4b\",\"split_color_mode\":\"opensearchDashboards\"},{\"id\":\"cad40600-d7fb-11ee-a5f1-9ff9da698a18\",\"color\":\"rgba(255,171,145,1)\",\"split_mode\":\"everything\",\"metrics\":[{\"unit\":\"\",\"id\":\"cad40601-d7fb-11ee-a5f1-9ff9da698a18\",\"type\":\"positive_rate\",\"field\":\"suricata.stats.pkts_dropped\"},{\"id\":\"f5352cd0-d7fb-11ee-a5f1-9ff9da698a18\",\"type\":\"math\",\"variables\":[{\"id\":\"f79def70-d7fb-11ee-a5f1-9ff9da698a18\",\"name\":\"packets\",\"field\":\"cad40601-d7fb-11ee-a5f1-9ff9da698a18\"}],\"script\":\"params.packets*-1\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Suricata: packets dropped\",\"type\":\"timeseries\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"MALCOLM_NETWORK_INDEX_PATTERN_REPLACER\",\"default_timefield\":\"firstPacket\",\"isModelInvalid\":false,\"filter\":{\"query\":\"(event.provider:zeek OR event.provider:suricata) AND event.kind:metric\",\"language\":\"kuery\"},\"legend_position\":\"right\",\"background_color\":null}}", "uiStateJSON": "{}", "description": "Positive values on the y-axis represent observed packets while negative values represent missing dropped packets and missing ACKs.\n\nThis data is logged by Zeek in stats.log (https://docs.zeek.org/en/master/scripts/policy/misc/stats.zeek.html#type-Stats::Info) and capture_loss.log (https://docs.zeek.org/en/master/scripts/policy/misc/capture-loss.zeek.html#type-CaptureLoss::Info), and by Suricata (https://docs.suricata.io/en/suricata-6.0.0/performance/statistics.html).", "version": 1, @@ -164,7 +164,7 @@ "version": "Wzg4NywxXQ==", "attributes": { "title": "Zeek Stats - Packets and Bytes", - "visState": "{\"title\":\"Zeek Stats - Packets and Bytes\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#54B399\",\"split_mode\":\"everything\",\"split_color_mode\":\"opensearchDashboards\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"zeek.stats.pkts_link\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Total Packets Seen\"},{\"id\":\"bd4560e0-d7e4-11ee-ad81-217e54128a4b\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"bd4560e1-d7e4-11ee-ad81-217e54128a4b\",\"type\":\"sum\",\"field\":\"zeek.stats.bytes_recv\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Total Bytes Seen\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"malcolm_beats_*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"arkime_sessions3-*\",\"default_timefield\":\"firstPacket\",\"isModelInvalid\":false,\"background_color_rules\":[{\"id\":\"28bcc800-d7e4-11ee-ad81-217e54128a4b\"}],\"filter\":{\"query\":\"event.provider:zeek AND event.dataset:stats\",\"language\":\"kuery\"},\"time_range_mode\":\"entire_time_range\"}}", + "visState": "{\"title\":\"Zeek Stats - Packets and Bytes\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#54B399\",\"split_mode\":\"everything\",\"split_color_mode\":\"opensearchDashboards\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"zeek.stats.pkts_link\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Total Packets Seen\"},{\"id\":\"bd4560e0-d7e4-11ee-ad81-217e54128a4b\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"bd4560e1-d7e4-11ee-ad81-217e54128a4b\",\"type\":\"sum\",\"field\":\"zeek.stats.bytes_recv\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Total Bytes Seen\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"MALCOLM_NETWORK_INDEX_PATTERN_REPLACER\",\"default_timefield\":\"firstPacket\",\"isModelInvalid\":false,\"background_color_rules\":[{\"id\":\"28bcc800-d7e4-11ee-ad81-217e54128a4b\"}],\"filter\":{\"query\":\"event.provider:zeek AND event.dataset:stats\",\"language\":\"kuery\"},\"time_range_mode\":\"entire_time_range\"}}", "uiStateJSON": "{}", "description": "", "version": 1, @@ -187,7 +187,7 @@ "version": "Wzg4OCwxXQ==", "attributes": { "title": "Zeek Stats - Capture Loss", - "visState": "{\"title\":\"Zeek Stats - Capture Loss\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#54B399\",\"split_mode\":\"everything\",\"split_color_mode\":\"opensearchDashboards\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"zeek.stats.pkts_dropped\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Packets Dropped\"},{\"id\":\"bd4560e0-d7e4-11ee-ad81-217e54128a4b\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"bd4560e1-d7e4-11ee-ad81-217e54128a4b\",\"type\":\"sum\",\"field\":\"zeek.capture_loss.gaps\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"ACKs Missed\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"malcolm_beats_*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"arkime_sessions3-*\",\"default_timefield\":\"firstPacket\",\"isModelInvalid\":false,\"background_color_rules\":[{\"id\":\"28bcc800-d7e4-11ee-ad81-217e54128a4b\"}],\"filter\":{\"query\":\"event.provider:zeek AND event.dataset:(stats OR capture_loss)\",\"language\":\"kuery\"},\"time_range_mode\":\"entire_time_range\"}}", + "visState": "{\"title\":\"Zeek Stats - Capture Loss\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#54B399\",\"split_mode\":\"everything\",\"split_color_mode\":\"opensearchDashboards\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"zeek.stats.pkts_dropped\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Packets Dropped\"},{\"id\":\"bd4560e0-d7e4-11ee-ad81-217e54128a4b\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"bd4560e1-d7e4-11ee-ad81-217e54128a4b\",\"type\":\"sum\",\"field\":\"zeek.capture_loss.gaps\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"ACKs Missed\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"MALCOLM_NETWORK_INDEX_PATTERN_REPLACER\",\"default_timefield\":\"firstPacket\",\"isModelInvalid\":false,\"background_color_rules\":[{\"id\":\"28bcc800-d7e4-11ee-ad81-217e54128a4b\"}],\"filter\":{\"query\":\"event.provider:zeek AND event.dataset:(stats OR capture_loss)\",\"language\":\"kuery\"},\"time_range_mode\":\"entire_time_range\"}}", "uiStateJSON": "{}", "description": "", "version": 1, @@ -230,7 +230,7 @@ { "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern", - "id": "malcolm_beats_*" + "id": "MALCOLM_OTHER_INDEX_PATTERN_REPLACER" } ], "migrationVersion": { @@ -247,7 +247,7 @@ "version": "Wzg5MCwxXQ==", "attributes": { "title": "Suricata Stats - Packets and Bytes", - "visState": "{\"title\":\"Suricata Stats - Packets and Bytes\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#54B399\",\"split_mode\":\"everything\",\"split_color_mode\":\"opensearchDashboards\",\"metrics\":[{\"size\":1,\"agg_with\":\"max\",\"order\":\"desc\",\"unit\":\"\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"top_hit\",\"field\":\"suricata.stats.capture.kernel_packets\",\"order_by\":\"@timestamp\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Total Packets Seen\"},{\"id\":\"bd4560e0-d7e4-11ee-ad81-217e54128a4b\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"metrics\":[{\"size\":1,\"agg_with\":\"max\",\"order\":\"desc\",\"id\":\"bd4560e1-d7e4-11ee-ad81-217e54128a4b\",\"type\":\"top_hit\",\"field\":\"suricata.stats.decoder.bytes\",\"order_by\":\"@timestamp\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Total Bytes Seen\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"malcolm_beats_*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"arkime_sessions3-*\",\"default_timefield\":\"firstPacket\",\"isModelInvalid\":false,\"background_color_rules\":[{\"id\":\"28bcc800-d7e4-11ee-ad81-217e54128a4b\"}],\"filter\":{\"query\":\"event.provider:suricata AND event.kind:metric\",\"language\":\"kuery\"},\"time_range_mode\":\"entire_time_range\"}}", + "visState": "{\"title\":\"Suricata Stats - Packets and Bytes\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#54B399\",\"split_mode\":\"everything\",\"split_color_mode\":\"opensearchDashboards\",\"metrics\":[{\"size\":1,\"agg_with\":\"max\",\"order\":\"desc\",\"unit\":\"\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"top_hit\",\"field\":\"suricata.stats.capture.kernel_packets\",\"order_by\":\"@timestamp\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Total Packets Seen\"},{\"id\":\"bd4560e0-d7e4-11ee-ad81-217e54128a4b\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"metrics\":[{\"size\":1,\"agg_with\":\"max\",\"order\":\"desc\",\"id\":\"bd4560e1-d7e4-11ee-ad81-217e54128a4b\",\"type\":\"top_hit\",\"field\":\"suricata.stats.decoder.bytes\",\"order_by\":\"@timestamp\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Total Bytes Seen\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"MALCOLM_NETWORK_INDEX_PATTERN_REPLACER\",\"default_timefield\":\"firstPacket\",\"isModelInvalid\":false,\"background_color_rules\":[{\"id\":\"28bcc800-d7e4-11ee-ad81-217e54128a4b\"}],\"filter\":{\"query\":\"event.provider:suricata AND event.kind:metric\",\"language\":\"kuery\"},\"time_range_mode\":\"entire_time_range\"}}", "uiStateJSON": "{}", "description": "", "version": 1, @@ -270,7 +270,7 @@ "version": "Wzk5NiwxXQ==", "attributes": { "title": "Suricata Stats - Capture Loss", - "visState": "{\"title\":\"Suricata Stats - Capture Loss\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#54B399\",\"split_mode\":\"everything\",\"split_color_mode\":\"opensearchDashboards\",\"metrics\":[{\"size\":1,\"agg_with\":\"max\",\"order\":\"desc\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"top_hit\",\"field\":\"suricata.stats.pkts_dropped\",\"order_by\":\"@timestamp\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Packets Dropped\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"malcolm_beats_*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"arkime_sessions3-*\",\"default_timefield\":\"firstPacket\",\"isModelInvalid\":false,\"background_color_rules\":[{\"id\":\"28bcc800-d7e4-11ee-ad81-217e54128a4b\"}],\"filter\":{\"query\":\"event.provider:suricata AND event.kind:metric\",\"language\":\"kuery\"},\"time_range_mode\":\"entire_time_range\"}}", + "visState": "{\"title\":\"Suricata Stats - Capture Loss\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#54B399\",\"split_mode\":\"everything\",\"split_color_mode\":\"opensearchDashboards\",\"metrics\":[{\"size\":1,\"agg_with\":\"max\",\"order\":\"desc\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"top_hit\",\"field\":\"suricata.stats.pkts_dropped\",\"order_by\":\"@timestamp\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Packets Dropped\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"MALCOLM_NETWORK_INDEX_PATTERN_REPLACER\",\"default_timefield\":\"firstPacket\",\"isModelInvalid\":false,\"background_color_rules\":[{\"id\":\"28bcc800-d7e4-11ee-ad81-217e54128a4b\"}],\"filter\":{\"query\":\"event.provider:suricata AND event.kind:metric\",\"language\":\"kuery\"},\"time_range_mode\":\"entire_time_range\"}}", "uiStateJSON": "{}", "description": "", "version": 1, @@ -293,7 +293,7 @@ "version": "Wzk0MCwxXQ==", "attributes": { "title": "Network Traffic (Packets)", - "visState": "{\"title\":\"Network Traffic (Packets)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"arkime_sessions3-*\",\"default_timefield\":\"firstPacket\",\"filter\":{\"language\":\"lucene\",\"query\":\"\"},\"id\":\"da1046f0-faa0-11e6-86b1-cd7735ff7e23\",\"index_pattern\":\"malcolm_beats_*\",\"interval\":\"auto\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"rgba(0,133,255,1)\",\"fill\":\"1\",\"formatter\":\"'0a'\",\"id\":\"49931900-ebf3-11ec-a401-f5db2d59e6af\",\"label\":\"Inbound\",\"line_width\":1,\"metrics\":[{\"unit\":\"1s\",\"id\":\"49931901-ebf3-11ec-a401-f5db2d59e6af\",\"type\":\"positive_rate\",\"field\":\"miscbeat.network.packets.rx\"}],\"point_size\":1,\"separate_axis\":0,\"split_mode\":\"terms\",\"stacked\":\"none\",\"type\":\"timeseries\",\"terms_field\":\"miscbeat.network.interface\",\"terms_size\":\"3\",\"terms_order_by\":\"_count\",\"value_template\":\"{{value}}/s\",\"split_color_mode\":\"gradient\"},{\"id\":\"75fba890-ebf3-11ec-a401-f5db2d59e6af\",\"color\":\"rgba(13,212,26,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"unit\":\"1s\",\"id\":\"75fba891-ebf3-11ec-a401-f5db2d59e6af\",\"type\":\"positive_rate\",\"field\":\"miscbeat.network.packets.tx\"},{\"id\":\"96daba60-ebf3-11ec-a401-f5db2d59e6af\",\"type\":\"math\",\"variables\":[{\"id\":\"98e138c0-ebf3-11ec-a401-f5db2d59e6af\",\"name\":\"rate\",\"field\":\"75fba891-ebf3-11ec-a401-f5db2d59e6af\"}],\"script\":\"params.rate*-1\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"'0a'\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":\"1\",\"stacked\":\"none\",\"label\":\"Outbound\",\"type\":\"timeseries\",\"terms_size\":\"3\",\"terms_field\":\"miscbeat.network.interface\",\"terms_order_by\":\"_count\",\"split_color_mode\":\"gradient\",\"value_template\":\"{{value}}/s\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"tooltip_mode\":\"show_all\",\"type\":\"timeseries\"}}", + "visState": "{\"title\":\"Network Traffic (Packets)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"MALCOLM_NETWORK_INDEX_PATTERN_REPLACER\",\"default_timefield\":\"firstPacket\",\"filter\":{\"language\":\"lucene\",\"query\":\"\"},\"id\":\"da1046f0-faa0-11e6-86b1-cd7735ff7e23\",\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"interval\":\"auto\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"rgba(0,133,255,1)\",\"fill\":\"1\",\"formatter\":\"'0a'\",\"id\":\"49931900-ebf3-11ec-a401-f5db2d59e6af\",\"label\":\"Inbound\",\"line_width\":1,\"metrics\":[{\"unit\":\"1s\",\"id\":\"49931901-ebf3-11ec-a401-f5db2d59e6af\",\"type\":\"positive_rate\",\"field\":\"miscbeat.network.packets.rx\"}],\"point_size\":1,\"separate_axis\":0,\"split_mode\":\"terms\",\"stacked\":\"none\",\"type\":\"timeseries\",\"terms_field\":\"miscbeat.network.interface\",\"terms_size\":\"3\",\"terms_order_by\":\"_count\",\"value_template\":\"{{value}}/s\",\"split_color_mode\":\"gradient\"},{\"id\":\"75fba890-ebf3-11ec-a401-f5db2d59e6af\",\"color\":\"rgba(13,212,26,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"unit\":\"1s\",\"id\":\"75fba891-ebf3-11ec-a401-f5db2d59e6af\",\"type\":\"positive_rate\",\"field\":\"miscbeat.network.packets.tx\"},{\"id\":\"96daba60-ebf3-11ec-a401-f5db2d59e6af\",\"type\":\"math\",\"variables\":[{\"id\":\"98e138c0-ebf3-11ec-a401-f5db2d59e6af\",\"name\":\"rate\",\"field\":\"75fba891-ebf3-11ec-a401-f5db2d59e6af\"}],\"script\":\"params.rate*-1\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"'0a'\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":\"1\",\"stacked\":\"none\",\"label\":\"Outbound\",\"type\":\"timeseries\",\"terms_size\":\"3\",\"terms_field\":\"miscbeat.network.interface\",\"terms_order_by\":\"_count\",\"split_color_mode\":\"gradient\",\"value_template\":\"{{value}}/s\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"tooltip_mode\":\"show_all\",\"type\":\"timeseries\"}}", "uiStateJSON": "{}", "description": "", "version": 1, @@ -341,7 +341,7 @@ { "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern", - "id": "malcolm_beats_*" + "id": "MALCOLM_OTHER_INDEX_PATTERN_REPLACER" } ], "migrationVersion": { @@ -382,7 +382,7 @@ { "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern", - "id": "malcolm_beats_*" + "id": "MALCOLM_OTHER_INDEX_PATTERN_REPLACER" } ], "migrationVersion": { @@ -451,7 +451,7 @@ { "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern", - "id": "arkime_sessions3-*" + "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER" } ], "migrationVersion": { @@ -516,7 +516,7 @@ { "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern", - "id": "malcolm_beats_*" + "id": "MALCOLM_OTHER_INDEX_PATTERN_REPLACER" } ], "migrationVersion": { @@ -533,7 +533,7 @@ "version": "Wzk0MSwxXQ==", "attributes": { "title": "Network Traffic (Bytes)", - "visState": "{\"title\":\"Network Traffic (Bytes)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"arkime_sessions3-*\",\"default_timefield\":\"firstPacket\",\"filter\":{\"language\":\"lucene\",\"query\":\"\"},\"id\":\"da1046f0-faa0-11e6-86b1-cd7735ff7e23\",\"index_pattern\":\"malcolm_beats_*\",\"interval\":\"auto\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"rgba(0,133,255,1)\",\"fill\":\"1\",\"formatter\":\"bytes\",\"id\":\"6d8b8ab0-ebf1-11ec-a401-f5db2d59e6af\",\"line_width\":1,\"metrics\":[{\"unit\":\"1s\",\"id\":\"6d8b8ab1-ebf1-11ec-a401-f5db2d59e6af\",\"type\":\"positive_rate\",\"field\":\"miscbeat.network.bytes.rx\"}],\"point_size\":1,\"separate_axis\":0,\"split_mode\":\"terms\",\"stacked\":\"none\",\"label\":\"Inbound\",\"type\":\"timeseries\",\"terms_field\":\"miscbeat.network.interface\",\"terms_size\":\"3\",\"terms_order_by\":\"_key\",\"value_template\":\"{{value}}/s\",\"split_color_mode\":\"gradient\"},{\"id\":\"b5977de0-ebf2-11ec-a401-f5db2d59e6af\",\"color\":\"rgba(13,212,26,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"unit\":\"1s\",\"id\":\"b5977de1-ebf2-11ec-a401-f5db2d59e6af\",\"type\":\"positive_rate\",\"field\":\"miscbeat.network.bytes.tx\"},{\"id\":\"cdfb1540-ebf2-11ec-a401-f5db2d59e6af\",\"type\":\"math\",\"variables\":[{\"id\":\"d1b9caf0-ebf2-11ec-a401-f5db2d59e6af\",\"name\":\"rate\",\"field\":\"b5977de1-ebf2-11ec-a401-f5db2d59e6af\"}],\"script\":\"params.rate*-1\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":\"1\",\"stacked\":\"none\",\"label\":\"Outbound\",\"split_color_mode\":\"gradient\",\"type\":\"timeseries\",\"terms_size\":\"3\",\"terms_order_by\":\"_key\",\"terms_field\":\"miscbeat.network.interface\",\"value_template\":\"{{value}}/s\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"tooltip_mode\":\"show_all\",\"type\":\"timeseries\"}}", + "visState": "{\"title\":\"Network Traffic (Bytes)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"MALCOLM_NETWORK_INDEX_PATTERN_REPLACER\",\"default_timefield\":\"firstPacket\",\"filter\":{\"language\":\"lucene\",\"query\":\"\"},\"id\":\"da1046f0-faa0-11e6-86b1-cd7735ff7e23\",\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"interval\":\"auto\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"rgba(0,133,255,1)\",\"fill\":\"1\",\"formatter\":\"bytes\",\"id\":\"6d8b8ab0-ebf1-11ec-a401-f5db2d59e6af\",\"line_width\":1,\"metrics\":[{\"unit\":\"1s\",\"id\":\"6d8b8ab1-ebf1-11ec-a401-f5db2d59e6af\",\"type\":\"positive_rate\",\"field\":\"miscbeat.network.bytes.rx\"}],\"point_size\":1,\"separate_axis\":0,\"split_mode\":\"terms\",\"stacked\":\"none\",\"label\":\"Inbound\",\"type\":\"timeseries\",\"terms_field\":\"miscbeat.network.interface\",\"terms_size\":\"3\",\"terms_order_by\":\"_key\",\"value_template\":\"{{value}}/s\",\"split_color_mode\":\"gradient\"},{\"id\":\"b5977de0-ebf2-11ec-a401-f5db2d59e6af\",\"color\":\"rgba(13,212,26,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"unit\":\"1s\",\"id\":\"b5977de1-ebf2-11ec-a401-f5db2d59e6af\",\"type\":\"positive_rate\",\"field\":\"miscbeat.network.bytes.tx\"},{\"id\":\"cdfb1540-ebf2-11ec-a401-f5db2d59e6af\",\"type\":\"math\",\"variables\":[{\"id\":\"d1b9caf0-ebf2-11ec-a401-f5db2d59e6af\",\"name\":\"rate\",\"field\":\"b5977de1-ebf2-11ec-a401-f5db2d59e6af\"}],\"script\":\"params.rate*-1\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":\"1\",\"stacked\":\"none\",\"label\":\"Outbound\",\"split_color_mode\":\"gradient\",\"type\":\"timeseries\",\"terms_size\":\"3\",\"terms_order_by\":\"_key\",\"terms_field\":\"miscbeat.network.interface\",\"value_template\":\"{{value}}/s\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"tooltip_mode\":\"show_all\",\"type\":\"timeseries\"}}", "uiStateJSON": "{}", "description": "", "version": 1, diff --git a/dashboards/dashboards/beats/79202ee0-d811-11ee-820d-dd9fd73a3921.json b/dashboards/dashboards/beats/79202ee0-d811-11ee-820d-dd9fd73a3921.json index d714f6d1f..61b4a9bcb 100644 --- a/dashboards/dashboards/beats/79202ee0-d811-11ee-820d-dd9fd73a3921.json +++ b/dashboards/dashboards/beats/79202ee0-d811-11ee-820d-dd9fd73a3921.json @@ -253,7 +253,7 @@ { "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern", - "id": "malcolm_beats_*" + "id": "MALCOLM_OTHER_INDEX_PATTERN_REPLACER" } ], "migrationVersion": { @@ -292,7 +292,7 @@ { "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern", - "id": "malcolm_beats_*" + "id": "MALCOLM_OTHER_INDEX_PATTERN_REPLACER" } ], "migrationVersion": { @@ -309,7 +309,7 @@ "version": "WzEwNjEsMV0=", "attributes": { "title": "Windows RAM Usage", - "visState": "{\"title\":\"Windows RAM Usage\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"gauge\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#54B399\",\"split_mode\":\"terms\",\"split_color_mode\":\"opensearchDashboards\",\"metrics\":[{\"size\":1,\"agg_with\":\"max\",\"order\":\"desc\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"top_hit\",\"field\":\"miscbeat.winstat.physical_used\",\"order_by\":\"@timestamp\"},{\"size\":1,\"agg_with\":\"max\",\"order\":\"desc\",\"id\":\"e4b6eb90-d815-11ee-a6da-0f56a6d37163\",\"type\":\"top_hit\",\"field\":\"miscbeat.winstat.physical_total\",\"order_by\":\"@timestamp\"},{\"id\":\"fe21e0d0-d815-11ee-a6da-0f56a6d37163\",\"type\":\"math\",\"variables\":[{\"id\":\"01e57880-d816-11ee-a6da-0f56a6d37163\",\"name\":\"used\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"},{\"id\":\"082756a0-d816-11ee-a6da-0f56a6d37163\",\"name\":\"total\",\"field\":\"e4b6eb90-d815-11ee-a6da-0f56a6d37163\"}],\"script\":\"(params.used/params.total)*100\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"00.\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"terms_field\":\"host.name\",\"label\":\"RAM Usage\",\"terms_order_by\":\"_count\",\"value_template\":\"{{value}}%\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"malcolm_beats_*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"arkime_sessions3-*\",\"default_timefield\":\"firstPacket\",\"isModelInvalid\":false,\"gauge_color_rules\":[{\"id\":\"8db33970-d815-11ee-a6da-0f56a6d37163\"}],\"gauge_width\":10,\"gauge_inner_width\":10,\"gauge_style\":\"half\",\"filter\":{\"query\":\"event.module:winstat\",\"language\":\"kuery\"},\"time_range_mode\":\"entire_time_range\",\"gauge_max\":\"100\"}}", + "visState": "{\"title\":\"Windows RAM Usage\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"gauge\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#54B399\",\"split_mode\":\"terms\",\"split_color_mode\":\"opensearchDashboards\",\"metrics\":[{\"size\":1,\"agg_with\":\"max\",\"order\":\"desc\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"top_hit\",\"field\":\"miscbeat.winstat.physical_used\",\"order_by\":\"@timestamp\"},{\"size\":1,\"agg_with\":\"max\",\"order\":\"desc\",\"id\":\"e4b6eb90-d815-11ee-a6da-0f56a6d37163\",\"type\":\"top_hit\",\"field\":\"miscbeat.winstat.physical_total\",\"order_by\":\"@timestamp\"},{\"id\":\"fe21e0d0-d815-11ee-a6da-0f56a6d37163\",\"type\":\"math\",\"variables\":[{\"id\":\"01e57880-d816-11ee-a6da-0f56a6d37163\",\"name\":\"used\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"},{\"id\":\"082756a0-d816-11ee-a6da-0f56a6d37163\",\"name\":\"total\",\"field\":\"e4b6eb90-d815-11ee-a6da-0f56a6d37163\"}],\"script\":\"(params.used/params.total)*100\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"00.\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"terms_field\":\"host.name\",\"label\":\"RAM Usage\",\"terms_order_by\":\"_count\",\"value_template\":\"{{value}}%\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"MALCOLM_NETWORK_INDEX_PATTERN_REPLACER\",\"default_timefield\":\"firstPacket\",\"isModelInvalid\":false,\"gauge_color_rules\":[{\"id\":\"8db33970-d815-11ee-a6da-0f56a6d37163\"}],\"gauge_width\":10,\"gauge_inner_width\":10,\"gauge_style\":\"half\",\"filter\":{\"query\":\"event.module:winstat\",\"language\":\"kuery\"},\"time_range_mode\":\"entire_time_range\",\"gauge_max\":\"100\"}}", "uiStateJSON": "{}", "description": "", "version": 1, @@ -332,7 +332,7 @@ "version": "WzEwOTIsMV0=", "attributes": { "title": "Windows CPU Usage", - "visState": "{\"title\":\"Windows CPU Usage\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"gauge\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#54B399\",\"split_mode\":\"terms\",\"split_color_mode\":\"opensearchDashboards\",\"metrics\":[{\"size\":1,\"agg_with\":\"noop\",\"order\":\"desc\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"top_hit\",\"field\":\"miscbeat.winstat.cpu_utilization\",\"order_by\":\"@timestamp\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"00\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"CPU Usage\",\"value_template\":\"{{value}}%\",\"filter\":{\"query\":\"event.module:winstat\",\"language\":\"kuery\"},\"terms_field\":\"host.name\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"malcolm_beats_*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"arkime_sessions3-*\",\"default_timefield\":\"firstPacket\",\"isModelInvalid\":false,\"gauge_color_rules\":[{\"id\":\"a50173c0-d816-11ee-a6da-0f56a6d37163\"}],\"gauge_width\":10,\"gauge_inner_width\":10,\"gauge_style\":\"half\",\"gauge_max\":\"100\",\"time_range_mode\":\"entire_time_range\"}}", + "visState": "{\"title\":\"Windows CPU Usage\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"gauge\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#54B399\",\"split_mode\":\"terms\",\"split_color_mode\":\"opensearchDashboards\",\"metrics\":[{\"size\":1,\"agg_with\":\"noop\",\"order\":\"desc\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"top_hit\",\"field\":\"miscbeat.winstat.cpu_utilization\",\"order_by\":\"@timestamp\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"00\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"CPU Usage\",\"value_template\":\"{{value}}%\",\"filter\":{\"query\":\"event.module:winstat\",\"language\":\"kuery\"},\"terms_field\":\"host.name\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"MALCOLM_NETWORK_INDEX_PATTERN_REPLACER\",\"default_timefield\":\"firstPacket\",\"isModelInvalid\":false,\"gauge_color_rules\":[{\"id\":\"a50173c0-d816-11ee-a6da-0f56a6d37163\"}],\"gauge_width\":10,\"gauge_inner_width\":10,\"gauge_style\":\"half\",\"gauge_max\":\"100\",\"time_range_mode\":\"entire_time_range\"}}", "uiStateJSON": "{}", "description": "", "version": 1, diff --git a/docs/contributing-dashboards.md b/docs/contributing-dashboards.md index dd0f36701..285b8f420 100644 --- a/docs/contributing-dashboards.md +++ b/docs/contributing-dashboards.md @@ -32,6 +32,7 @@ Visualizations and dashboards can be [easily created](dashboards.md#BuildDashboa } } ``` +1. In your text editor, perform a global-search and replace, replacing the string `arkime_sessions3-*` with `MALCOLM_NETWORK_INDEX_PATTERN_REPLACER` and `malcolm_beats_*` with `MALCOLM_OTHER_INDEX_PATTERN_REPLACER`. These replacers are used to [allow customizing indexes for logs written to OpenSearch or Elasticsearch](https://github.com/idaholab/Malcolm/issues/313). 1. Include the new dashboard either by using a [bind mount](contributing-local-modifications.md#Bind) for the `./dashboards/dashboards/` directory or by [rebuilding](development.md#Build) the `dashboards-helper` Docker image. Dashboards are imported the first time Malcolm starts up. ## OpenSearch Dashboards plugins From 4244740a88f7621bcadd4e6d351e047aead7e170 Mon Sep 17 00:00:00 2001 From: Seth Grover Date: Wed, 13 Mar 2024 09:13:02 -0600 Subject: [PATCH 15/79] fix packet capture dashboard for suricata statistics to take into account the search time frame --- .../4ca94c70-d7da-11ee-9ed3-e7afff29e59a.json | 70 +++++++++---------- 1 file changed, 35 insertions(+), 35 deletions(-) diff --git a/dashboards/dashboards/beats/4ca94c70-d7da-11ee-9ed3-e7afff29e59a.json b/dashboards/dashboards/beats/4ca94c70-d7da-11ee-9ed3-e7afff29e59a.json index 1b5ef9a76..05552edd8 100644 --- a/dashboards/dashboards/beats/4ca94c70-d7da-11ee-9ed3-e7afff29e59a.json +++ b/dashboards/dashboards/beats/4ca94c70-d7da-11ee-9ed3-e7afff29e59a.json @@ -7,13 +7,13 @@ "namespaces": [ "default" ], - "updated_at": "2024-03-04T21:05:53.644Z", - "version": "Wzg4NCwxXQ==", + "updated_at": "2024-03-13T15:10:41.120Z", + "version": "WzEwNjUsMV0=", "attributes": { "title": "Packet Capture Statistics", "hits": 0, "description": "Statistics and diagnostics for packet capture from Zeek and Suricata", - "panelsJSON": "[{\"version\":\"2.12.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":13,\"h\":15,\"i\":\"0c179e97-9bcf-4f72-b717-b7a93667c1a0\"},\"panelIndex\":\"0c179e97-9bcf-4f72-b717-b7a93667c1a0\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"2.12.0\",\"gridData\":{\"x\":13,\"y\":0,\"w\":35,\"h\":15,\"i\":\"b483d809-a528-4280-b79e-aa7ada17d275\"},\"panelIndex\":\"b483d809-a528-4280-b79e-aa7ada17d275\",\"embeddableConfig\":{\"hidePanelTitles\":false},\"panelRefName\":\"panel_1\"},{\"version\":\"2.12.0\",\"gridData\":{\"x\":0,\"y\":15,\"w\":13,\"h\":10,\"i\":\"e10dc0a6-f197-4cbc-a1ad-e67194f95a63\"},\"panelIndex\":\"e10dc0a6-f197-4cbc-a1ad-e67194f95a63\",\"embeddableConfig\":{\"hidePanelTitles\":false},\"panelRefName\":\"panel_2\"},{\"version\":\"2.12.0\",\"gridData\":{\"x\":13,\"y\":15,\"w\":13,\"h\":10,\"i\":\"01b20859-4d95-47e0-a536-6b1e9932c35b\"},\"panelIndex\":\"01b20859-4d95-47e0-a536-6b1e9932c35b\",\"embeddableConfig\":{\"hidePanelTitles\":false},\"panelRefName\":\"panel_3\"},{\"version\":\"2.12.0\",\"gridData\":{\"x\":26,\"y\":15,\"w\":22,\"h\":20,\"i\":\"8e013ce7-3205-4d06-a805-6285826c1c5d\"},\"panelIndex\":\"8e013ce7-3205-4d06-a805-6285826c1c5d\",\"embeddableConfig\":{\"columns\":[\"@timestamp\",\"host.name\",\"zeek.capture_loss.peer\",\"zeek.capture_loss.acks\",\"zeek.capture_loss.gaps\",\"zeek.capture_loss.percent_lost\"]},\"panelRefName\":\"panel_4\"},{\"version\":\"2.12.0\",\"gridData\":{\"x\":0,\"y\":25,\"w\":13,\"h\":10,\"i\":\"147b45ae-804b-4d9e-a9a9-806772ad3b35\"},\"panelIndex\":\"147b45ae-804b-4d9e-a9a9-806772ad3b35\",\"embeddableConfig\":{\"hidePanelTitles\":false},\"panelRefName\":\"panel_5\"},{\"version\":\"2.12.0\",\"gridData\":{\"x\":13,\"y\":25,\"w\":13,\"h\":10,\"i\":\"687597e3-4848-4629-8b85-45c0773efb79\"},\"panelIndex\":\"687597e3-4848-4629-8b85-45c0773efb79\",\"embeddableConfig\":{\"hidePanelTitles\":false},\"panelRefName\":\"panel_6\"},{\"version\":\"2.12.0\",\"gridData\":{\"x\":0,\"y\":35,\"w\":24,\"h\":15,\"i\":\"0174654c-2010-463a-b49e-fa5759b61b9c\"},\"panelIndex\":\"0174654c-2010-463a-b49e-fa5759b61b9c\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"2.12.0\",\"gridData\":{\"x\":0,\"y\":50,\"w\":48,\"h\":21,\"i\":\"36e03a4a-e017-42b8-82cf-205d26b2ed6b\"},\"panelIndex\":\"36e03a4a-e017-42b8-82cf-205d26b2ed6b\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"2.12.0\",\"gridData\":{\"x\":0,\"y\":71,\"w\":48,\"h\":21,\"i\":\"e1c0f1e0-de36-4527-bafa-a297fe9452a2\"},\"panelIndex\":\"e1c0f1e0-de36-4527-bafa-a297fe9452a2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"},{\"version\":\"2.12.0\",\"gridData\":{\"x\":0,\"y\":92,\"w\":13,\"h\":20,\"i\":\"74a841b8-2ffc-4f6d-8b5a-ca7960eb6b10\"},\"panelIndex\":\"74a841b8-2ffc-4f6d-8b5a-ca7960eb6b10\",\"embeddableConfig\":{},\"panelRefName\":\"panel_10\"},{\"version\":\"2.12.0\",\"gridData\":{\"x\":13,\"y\":92,\"w\":35,\"h\":20,\"i\":\"f15e46fe-040f-4602-ad13-01aab36b372a\"},\"panelIndex\":\"f15e46fe-040f-4602-ad13-01aab36b372a\",\"embeddableConfig\":{},\"panelRefName\":\"panel_11\"},{\"version\":\"2.12.0\",\"gridData\":{\"x\":0,\"y\":112,\"w\":16,\"h\":17,\"i\":\"bfdc6d50-66f1-4f9a-9ea5-cd30bc01099d\"},\"panelIndex\":\"bfdc6d50-66f1-4f9a-9ea5-cd30bc01099d\",\"embeddableConfig\":{},\"panelRefName\":\"panel_12\"},{\"version\":\"2.12.0\",\"gridData\":{\"x\":16,\"y\":112,\"w\":32,\"h\":17,\"i\":\"efbd7f15-5af7-4e39-9889-c1c944a40dc2\"},\"panelIndex\":\"efbd7f15-5af7-4e39-9889-c1c944a40dc2\",\"embeddableConfig\":{\"columns\":[\"@timestamp\",\"host.name\",\"zeek.reporter.level\",\"zeek.reporter.msg\",\"zeek.reporter.location\"]},\"panelRefName\":\"panel_13\"},{\"version\":\"2.12.0\",\"gridData\":{\"x\":24,\"y\":35,\"w\":24,\"h\":15,\"i\":\"2ecc4ac3-d694-46ab-a6b1-9c86e5e9d394\"},\"panelIndex\":\"2ecc4ac3-d694-46ab-a6b1-9c86e5e9d394\",\"embeddableConfig\":{},\"panelRefName\":\"panel_14\"}]", + "panelsJSON": "[{\"embeddableConfig\":{},\"gridData\":{\"h\":15,\"i\":\"0c179e97-9bcf-4f72-b717-b7a93667c1a0\",\"w\":13,\"x\":0,\"y\":0},\"panelIndex\":\"0c179e97-9bcf-4f72-b717-b7a93667c1a0\",\"version\":\"2.12.0\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{\"hidePanelTitles\":false},\"gridData\":{\"h\":15,\"i\":\"b483d809-a528-4280-b79e-aa7ada17d275\",\"w\":35,\"x\":13,\"y\":0},\"panelIndex\":\"b483d809-a528-4280-b79e-aa7ada17d275\",\"version\":\"2.12.0\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{\"hidePanelTitles\":false},\"gridData\":{\"h\":10,\"i\":\"e10dc0a6-f197-4cbc-a1ad-e67194f95a63\",\"w\":13,\"x\":0,\"y\":15},\"panelIndex\":\"e10dc0a6-f197-4cbc-a1ad-e67194f95a63\",\"version\":\"2.12.0\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{\"hidePanelTitles\":false},\"gridData\":{\"h\":10,\"i\":\"01b20859-4d95-47e0-a536-6b1e9932c35b\",\"w\":13,\"x\":13,\"y\":15},\"panelIndex\":\"01b20859-4d95-47e0-a536-6b1e9932c35b\",\"version\":\"2.12.0\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{\"columns\":[\"@timestamp\",\"host.name\",\"zeek.capture_loss.peer\",\"zeek.capture_loss.acks\",\"zeek.capture_loss.gaps\",\"zeek.capture_loss.percent_lost\"]},\"gridData\":{\"h\":20,\"i\":\"8e013ce7-3205-4d06-a805-6285826c1c5d\",\"w\":22,\"x\":26,\"y\":15},\"panelIndex\":\"8e013ce7-3205-4d06-a805-6285826c1c5d\",\"version\":\"2.12.0\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{\"hidePanelTitles\":false},\"gridData\":{\"h\":10,\"i\":\"147b45ae-804b-4d9e-a9a9-806772ad3b35\",\"w\":13,\"x\":0,\"y\":25},\"panelIndex\":\"147b45ae-804b-4d9e-a9a9-806772ad3b35\",\"version\":\"2.12.0\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{\"hidePanelTitles\":false},\"gridData\":{\"h\":10,\"i\":\"687597e3-4848-4629-8b85-45c0773efb79\",\"w\":13,\"x\":13,\"y\":25},\"panelIndex\":\"687597e3-4848-4629-8b85-45c0773efb79\",\"version\":\"2.12.0\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":15,\"i\":\"0174654c-2010-463a-b49e-fa5759b61b9c\",\"w\":24,\"x\":0,\"y\":35},\"panelIndex\":\"0174654c-2010-463a-b49e-fa5759b61b9c\",\"version\":\"2.12.0\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":21,\"i\":\"36e03a4a-e017-42b8-82cf-205d26b2ed6b\",\"w\":48,\"x\":0,\"y\":50},\"panelIndex\":\"36e03a4a-e017-42b8-82cf-205d26b2ed6b\",\"version\":\"2.12.0\",\"panelRefName\":\"panel_8\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":21,\"i\":\"e1c0f1e0-de36-4527-bafa-a297fe9452a2\",\"w\":48,\"x\":0,\"y\":71},\"panelIndex\":\"e1c0f1e0-de36-4527-bafa-a297fe9452a2\",\"version\":\"2.12.0\",\"panelRefName\":\"panel_9\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"74a841b8-2ffc-4f6d-8b5a-ca7960eb6b10\",\"w\":13,\"x\":0,\"y\":92},\"panelIndex\":\"74a841b8-2ffc-4f6d-8b5a-ca7960eb6b10\",\"version\":\"2.12.0\",\"panelRefName\":\"panel_10\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"f15e46fe-040f-4602-ad13-01aab36b372a\",\"w\":35,\"x\":13,\"y\":92},\"panelIndex\":\"f15e46fe-040f-4602-ad13-01aab36b372a\",\"version\":\"2.12.0\",\"panelRefName\":\"panel_11\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":17,\"i\":\"bfdc6d50-66f1-4f9a-9ea5-cd30bc01099d\",\"w\":16,\"x\":0,\"y\":112},\"panelIndex\":\"bfdc6d50-66f1-4f9a-9ea5-cd30bc01099d\",\"version\":\"2.12.0\",\"panelRefName\":\"panel_12\"},{\"embeddableConfig\":{\"columns\":[\"@timestamp\",\"host.name\",\"zeek.reporter.level\",\"zeek.reporter.msg\",\"zeek.reporter.location\"]},\"gridData\":{\"h\":17,\"i\":\"efbd7f15-5af7-4e39-9889-c1c944a40dc2\",\"w\":32,\"x\":16,\"y\":112},\"panelIndex\":\"efbd7f15-5af7-4e39-9889-c1c944a40dc2\",\"version\":\"2.12.0\",\"panelRefName\":\"panel_13\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":15,\"i\":\"2ecc4ac3-d694-46ab-a6b1-9c86e5e9d394\",\"w\":24,\"x\":24,\"y\":35},\"panelIndex\":\"2ecc4ac3-d694-46ab-a6b1-9c86e5e9d394\",\"version\":\"2.12.0\",\"panelRefName\":\"panel_14\"}]", "optionsJSON": "{\"hidePanelTitles\":false,\"useMargins\":true}", "version": 1, "timeRestore": false, @@ -108,8 +108,8 @@ "namespaces": [ "default" ], - "updated_at": "2024-03-04T21:05:53.644Z", - "version": "Wzg4NSwxXQ==", + "updated_at": "2024-03-13T14:23:31.845Z", + "version": "Wzg4NiwxXQ==", "attributes": { "title": "Last Capture Metric Timestamp by Host", "visState": "{\"title\":\"Last Capture Metric Timestamp by Host\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"top_hits\",\"params\":{\"field\":\"@timestamp\",\"aggregate\":\"concat\",\"size\":1,\"sortField\":\"@timestamp\",\"sortOrder\":\"desc\",\"customLabel\":\"Last Metric Timestamp\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"_key\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Capture Host\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.provider\",\"orderBy\":\"_key\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Other\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", @@ -137,8 +137,8 @@ "namespaces": [ "default" ], - "updated_at": "2024-03-04T21:07:41.024Z", - "version": "Wzk5OSwxXQ==", + "updated_at": "2024-03-13T14:23:31.845Z", + "version": "Wzg4NywxXQ==", "attributes": { "title": "Zeek and Suricata Capture Measurements ", "visState": "{\"title\":\"Zeek and Suricata Capture Measurements \",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"32d1fca0-d7e1-11ee-ad81-217e54128a4b\",\"color\":\"rgba(33,150,243,1)\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"32d1fca1-d7e1-11ee-ad81-217e54128a4b\",\"type\":\"sum\",\"field\":\"zeek.stats.pkts_link\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Zeek: packets seen\",\"type\":\"timeseries\",\"terms_field\":\"host.name\",\"terms_size\":\"25\",\"terms_order_by\":\"32d1fca1-d7e1-11ee-ad81-217e54128a4b\",\"split_color_mode\":\"opensearchDashboards\"},{\"id\":\"02bbf6a0-d7fb-11ee-a5f1-9ff9da698a18\",\"color\":\"rgba(84,179,153,1)\",\"split_mode\":\"everything\",\"metrics\":[{\"unit\":\"\",\"id\":\"02bbf6a1-d7fb-11ee-a5f1-9ff9da698a18\",\"type\":\"positive_rate\",\"field\":\"suricata.stats.capture.kernel_packets\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Suricata: packets seen\",\"type\":\"timeseries\"},{\"id\":\"e4143600-d7e0-11ee-ad81-217e54128a4b\",\"color\":\"rgba(229,115,115,1)\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"e4143601-d7e0-11ee-ad81-217e54128a4b\",\"type\":\"sum\",\"field\":\"zeek.stats.pkts_dropped\"},{\"id\":\"f6df2790-d7e0-11ee-ad81-217e54128a4b\",\"type\":\"math\",\"variables\":[{\"id\":\"f8ee0a60-d7e0-11ee-ad81-217e54128a4b\",\"name\":\"packets\",\"field\":\"e4143601-d7e0-11ee-ad81-217e54128a4b\"}],\"script\":\"params.packets*-1\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Zeek: packets dropped\",\"type\":\"timeseries\",\"terms_field\":\"host.name\",\"terms_size\":\"25\",\"terms_order_by\":\"e4143601-d7e0-11ee-ad81-217e54128a4b\",\"split_color_mode\":\"opensearchDashboards\"},{\"id\":\"20b9a420-d7df-11ee-ad81-217e54128a4b\",\"color\":\"rgba(211,96,134,1)\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"20b9a421-d7df-11ee-ad81-217e54128a4b\",\"type\":\"sum\",\"field\":\"zeek.capture_loss.gaps\"},{\"id\":\"9a3afce0-d7df-11ee-ad81-217e54128a4b\",\"type\":\"math\",\"variables\":[{\"id\":\"9dece150-d7df-11ee-ad81-217e54128a4b\",\"name\":\"gaps\",\"field\":\"20b9a421-d7df-11ee-ad81-217e54128a4b\"}],\"script\":\"params.gaps*-1\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Zeek: ACKS missed\",\"type\":\"timeseries\",\"terms_field\":\"host.name\",\"terms_size\":\"25\",\"terms_order_by\":\"20b9a421-d7df-11ee-ad81-217e54128a4b\",\"split_color_mode\":\"opensearchDashboards\"},{\"id\":\"cad40600-d7fb-11ee-a5f1-9ff9da698a18\",\"color\":\"rgba(255,171,145,1)\",\"split_mode\":\"everything\",\"metrics\":[{\"unit\":\"\",\"id\":\"cad40601-d7fb-11ee-a5f1-9ff9da698a18\",\"type\":\"positive_rate\",\"field\":\"suricata.stats.pkts_dropped\"},{\"id\":\"f5352cd0-d7fb-11ee-a5f1-9ff9da698a18\",\"type\":\"math\",\"variables\":[{\"id\":\"f79def70-d7fb-11ee-a5f1-9ff9da698a18\",\"name\":\"packets\",\"field\":\"cad40601-d7fb-11ee-a5f1-9ff9da698a18\"}],\"script\":\"params.packets*-1\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Suricata: packets dropped\",\"type\":\"timeseries\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"MALCOLM_NETWORK_INDEX_PATTERN_REPLACER\",\"default_timefield\":\"firstPacket\",\"isModelInvalid\":false,\"filter\":{\"query\":\"(event.provider:zeek OR event.provider:suricata) AND event.kind:metric\",\"language\":\"kuery\"},\"legend_position\":\"right\",\"background_color\":null}}", @@ -160,8 +160,8 @@ "namespaces": [ "default" ], - "updated_at": "2024-03-04T21:05:53.644Z", - "version": "Wzg4NywxXQ==", + "updated_at": "2024-03-13T14:23:31.845Z", + "version": "Wzg4OCwxXQ==", "attributes": { "title": "Zeek Stats - Packets and Bytes", "visState": "{\"title\":\"Zeek Stats - Packets and Bytes\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#54B399\",\"split_mode\":\"everything\",\"split_color_mode\":\"opensearchDashboards\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"zeek.stats.pkts_link\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Total Packets Seen\"},{\"id\":\"bd4560e0-d7e4-11ee-ad81-217e54128a4b\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"bd4560e1-d7e4-11ee-ad81-217e54128a4b\",\"type\":\"sum\",\"field\":\"zeek.stats.bytes_recv\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Total Bytes Seen\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"MALCOLM_NETWORK_INDEX_PATTERN_REPLACER\",\"default_timefield\":\"firstPacket\",\"isModelInvalid\":false,\"background_color_rules\":[{\"id\":\"28bcc800-d7e4-11ee-ad81-217e54128a4b\"}],\"filter\":{\"query\":\"event.provider:zeek AND event.dataset:stats\",\"language\":\"kuery\"},\"time_range_mode\":\"entire_time_range\"}}", @@ -183,8 +183,8 @@ "namespaces": [ "default" ], - "updated_at": "2024-03-04T21:05:53.644Z", - "version": "Wzg4OCwxXQ==", + "updated_at": "2024-03-13T14:23:31.845Z", + "version": "Wzg4OSwxXQ==", "attributes": { "title": "Zeek Stats - Capture Loss", "visState": "{\"title\":\"Zeek Stats - Capture Loss\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#54B399\",\"split_mode\":\"everything\",\"split_color_mode\":\"opensearchDashboards\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"zeek.stats.pkts_dropped\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Packets Dropped\"},{\"id\":\"bd4560e0-d7e4-11ee-ad81-217e54128a4b\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"bd4560e1-d7e4-11ee-ad81-217e54128a4b\",\"type\":\"sum\",\"field\":\"zeek.capture_loss.gaps\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"ACKs Missed\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"MALCOLM_NETWORK_INDEX_PATTERN_REPLACER\",\"default_timefield\":\"firstPacket\",\"isModelInvalid\":false,\"background_color_rules\":[{\"id\":\"28bcc800-d7e4-11ee-ad81-217e54128a4b\"}],\"filter\":{\"query\":\"event.provider:zeek AND event.dataset:(stats OR capture_loss)\",\"language\":\"kuery\"},\"time_range_mode\":\"entire_time_range\"}}", @@ -206,8 +206,8 @@ "namespaces": [ "default" ], - "updated_at": "2024-03-04T21:05:53.644Z", - "version": "Wzg4OSwxXQ==", + "updated_at": "2024-03-13T14:23:31.845Z", + "version": "Wzg5MCwxXQ==", "attributes": { "title": "Packet Capture - Zeek capture_loss.log", "description": "", @@ -243,11 +243,11 @@ "namespaces": [ "default" ], - "updated_at": "2024-03-04T21:05:53.644Z", - "version": "Wzg5MCwxXQ==", + "updated_at": "2024-03-13T15:07:20.325Z", + "version": "WzEwMzYsMV0=", "attributes": { "title": "Suricata Stats - Packets and Bytes", - "visState": "{\"title\":\"Suricata Stats - Packets and Bytes\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#54B399\",\"split_mode\":\"everything\",\"split_color_mode\":\"opensearchDashboards\",\"metrics\":[{\"size\":1,\"agg_with\":\"max\",\"order\":\"desc\",\"unit\":\"\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"top_hit\",\"field\":\"suricata.stats.capture.kernel_packets\",\"order_by\":\"@timestamp\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Total Packets Seen\"},{\"id\":\"bd4560e0-d7e4-11ee-ad81-217e54128a4b\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"metrics\":[{\"size\":1,\"agg_with\":\"max\",\"order\":\"desc\",\"id\":\"bd4560e1-d7e4-11ee-ad81-217e54128a4b\",\"type\":\"top_hit\",\"field\":\"suricata.stats.decoder.bytes\",\"order_by\":\"@timestamp\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Total Bytes Seen\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"MALCOLM_NETWORK_INDEX_PATTERN_REPLACER\",\"default_timefield\":\"firstPacket\",\"isModelInvalid\":false,\"background_color_rules\":[{\"id\":\"28bcc800-d7e4-11ee-ad81-217e54128a4b\"}],\"filter\":{\"query\":\"event.provider:suricata AND event.kind:metric\",\"language\":\"kuery\"},\"time_range_mode\":\"entire_time_range\"}}", + "visState": "{\"title\":\"Suricata Stats - Packets and Bytes\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#54B399\",\"split_mode\":\"everything\",\"split_color_mode\":\"opensearchDashboards\",\"metrics\":[{\"size\":1,\"agg_with\":\"max\",\"order\":\"desc\",\"unit\":\"\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"top_hit\",\"field\":\"suricata.stats.capture.kernel_packets\",\"order_by\":\"@timestamp\"},{\"size\":1,\"agg_with\":\"min\",\"order\":\"asc\",\"id\":\"fdc32c00-e14a-11ee-81dc-175f4f602399\",\"type\":\"top_hit\",\"field\":\"suricata.stats.capture.kernel_packets\",\"order_by\":\"@timestamp\"},{\"id\":\"13bb68b0-e14b-11ee-81dc-175f4f602399\",\"type\":\"math\",\"variables\":[{\"id\":\"16585ab0-e14b-11ee-81dc-175f4f602399\",\"name\":\"pmax\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"},{\"id\":\"2174bec0-e14b-11ee-81dc-175f4f602399\",\"name\":\"pmin\",\"field\":\"fdc32c00-e14a-11ee-81dc-175f4f602399\"}],\"script\":\"params.pmax - params.pmin\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Total Packets Seen\"},{\"id\":\"bd4560e0-d7e4-11ee-ad81-217e54128a4b\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"metrics\":[{\"size\":1,\"agg_with\":\"max\",\"order\":\"desc\",\"id\":\"bd4560e1-d7e4-11ee-ad81-217e54128a4b\",\"type\":\"top_hit\",\"field\":\"suricata.stats.decoder.bytes\",\"order_by\":\"@timestamp\"},{\"size\":1,\"agg_with\":\"min\",\"order\":\"asc\",\"id\":\"3b878cc0-e14b-11ee-81dc-175f4f602399\",\"type\":\"top_hit\",\"field\":\"suricata.stats.decoder.bytes\",\"order_by\":\"@timestamp\"},{\"id\":\"47a7cc40-e14b-11ee-81dc-175f4f602399\",\"type\":\"math\",\"variables\":[{\"id\":\"54341400-e14b-11ee-81dc-175f4f602399\",\"name\":\"bmax\",\"field\":\"bd4560e1-d7e4-11ee-ad81-217e54128a4b\"},{\"id\":\"58165740-e14b-11ee-81dc-175f4f602399\",\"name\":\"bmin\",\"field\":\"3b878cc0-e14b-11ee-81dc-175f4f602399\"}],\"script\":\"params.bmax - params.bmin\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Total Bytes Seen\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"MALCOLM_NETWORK_INDEX_PATTERN_REPLACER\",\"default_timefield\":\"firstPacket\",\"isModelInvalid\":false,\"background_color_rules\":[{\"id\":\"28bcc800-d7e4-11ee-ad81-217e54128a4b\"}],\"filter\":{\"query\":\"event.provider:suricata AND event.kind:metric\",\"language\":\"kuery\"},\"time_range_mode\":\"entire_time_range\"}}", "uiStateJSON": "{}", "description": "", "version": 1, @@ -266,11 +266,11 @@ "namespaces": [ "default" ], - "updated_at": "2024-03-04T21:07:12.009Z", - "version": "Wzk5NiwxXQ==", + "updated_at": "2024-03-13T15:10:35.540Z", + "version": "WzEwNjIsMV0=", "attributes": { "title": "Suricata Stats - Capture Loss", - "visState": "{\"title\":\"Suricata Stats - Capture Loss\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#54B399\",\"split_mode\":\"everything\",\"split_color_mode\":\"opensearchDashboards\",\"metrics\":[{\"size\":1,\"agg_with\":\"max\",\"order\":\"desc\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"top_hit\",\"field\":\"suricata.stats.pkts_dropped\",\"order_by\":\"@timestamp\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Packets Dropped\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"MALCOLM_NETWORK_INDEX_PATTERN_REPLACER\",\"default_timefield\":\"firstPacket\",\"isModelInvalid\":false,\"background_color_rules\":[{\"id\":\"28bcc800-d7e4-11ee-ad81-217e54128a4b\"}],\"filter\":{\"query\":\"event.provider:suricata AND event.kind:metric\",\"language\":\"kuery\"},\"time_range_mode\":\"entire_time_range\"}}", + "visState": "{\"title\":\"Suricata Stats - Capture Loss\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#54B399\",\"split_mode\":\"everything\",\"split_color_mode\":\"opensearchDashboards\",\"metrics\":[{\"size\":1,\"agg_with\":\"max\",\"order\":\"desc\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"top_hit\",\"field\":\"suricata.stats.pkts_dropped\",\"order_by\":\"@timestamp\"},{\"size\":1,\"agg_with\":\"min\",\"order\":\"asc\",\"id\":\"b3188730-e14b-11ee-81dc-175f4f602399\",\"type\":\"top_hit\",\"field\":\"suricata.stats.pkts_dropped\",\"order_by\":\"@timestamp\"},{\"id\":\"c4eedf90-e14b-11ee-81dc-175f4f602399\",\"type\":\"math\",\"variables\":[{\"id\":\"c7577b20-e14b-11ee-81dc-175f4f602399\",\"name\":\"dmax\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"},{\"id\":\"cabd6270-e14b-11ee-81dc-175f4f602399\",\"name\":\"dmin\",\"field\":\"b3188730-e14b-11ee-81dc-175f4f602399\"}],\"script\":\"params.dmax-params.dmin\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Packets Dropped\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"MALCOLM_NETWORK_INDEX_PATTERN_REPLACER\",\"default_timefield\":\"firstPacket\",\"isModelInvalid\":false,\"background_color_rules\":[{\"id\":\"28bcc800-d7e4-11ee-ad81-217e54128a4b\"}],\"filter\":{\"query\":\"event.provider:suricata AND event.kind:metric\",\"language\":\"kuery\"},\"time_range_mode\":\"entire_time_range\"}}", "uiStateJSON": "{}", "description": "", "version": 1, @@ -289,8 +289,8 @@ "namespaces": [ "default" ], - "updated_at": "2024-03-04T21:05:59.817Z", - "version": "Wzk0MCwxXQ==", + "updated_at": "2024-03-13T14:23:37.927Z", + "version": "Wzk0MSwxXQ==", "attributes": { "title": "Network Traffic (Packets)", "visState": "{\"title\":\"Network Traffic (Packets)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"MALCOLM_NETWORK_INDEX_PATTERN_REPLACER\",\"default_timefield\":\"firstPacket\",\"filter\":{\"language\":\"lucene\",\"query\":\"\"},\"id\":\"da1046f0-faa0-11e6-86b1-cd7735ff7e23\",\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"interval\":\"auto\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"rgba(0,133,255,1)\",\"fill\":\"1\",\"formatter\":\"'0a'\",\"id\":\"49931900-ebf3-11ec-a401-f5db2d59e6af\",\"label\":\"Inbound\",\"line_width\":1,\"metrics\":[{\"unit\":\"1s\",\"id\":\"49931901-ebf3-11ec-a401-f5db2d59e6af\",\"type\":\"positive_rate\",\"field\":\"miscbeat.network.packets.rx\"}],\"point_size\":1,\"separate_axis\":0,\"split_mode\":\"terms\",\"stacked\":\"none\",\"type\":\"timeseries\",\"terms_field\":\"miscbeat.network.interface\",\"terms_size\":\"3\",\"terms_order_by\":\"_count\",\"value_template\":\"{{value}}/s\",\"split_color_mode\":\"gradient\"},{\"id\":\"75fba890-ebf3-11ec-a401-f5db2d59e6af\",\"color\":\"rgba(13,212,26,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"unit\":\"1s\",\"id\":\"75fba891-ebf3-11ec-a401-f5db2d59e6af\",\"type\":\"positive_rate\",\"field\":\"miscbeat.network.packets.tx\"},{\"id\":\"96daba60-ebf3-11ec-a401-f5db2d59e6af\",\"type\":\"math\",\"variables\":[{\"id\":\"98e138c0-ebf3-11ec-a401-f5db2d59e6af\",\"name\":\"rate\",\"field\":\"75fba891-ebf3-11ec-a401-f5db2d59e6af\"}],\"script\":\"params.rate*-1\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"'0a'\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":\"1\",\"stacked\":\"none\",\"label\":\"Outbound\",\"type\":\"timeseries\",\"terms_size\":\"3\",\"terms_field\":\"miscbeat.network.interface\",\"terms_order_by\":\"_count\",\"split_color_mode\":\"gradient\",\"value_template\":\"{{value}}/s\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"tooltip_mode\":\"show_all\",\"type\":\"timeseries\"}}", @@ -312,8 +312,8 @@ "namespaces": [ "default" ], - "updated_at": "2024-03-04T21:05:53.644Z", - "version": "Wzg5MywxXQ==", + "updated_at": "2024-03-13T14:23:31.845Z", + "version": "Wzg5NCwxXQ==", "attributes": { "title": "Packet Capture - Zeek stats.log", "description": "", @@ -354,8 +354,8 @@ "namespaces": [ "default" ], - "updated_at": "2024-03-04T21:05:53.644Z", - "version": "Wzg5NCwxXQ==", + "updated_at": "2024-03-13T14:23:31.845Z", + "version": "Wzg5NSwxXQ==", "attributes": { "title": "Packet Capture - Suricata Stats", "description": "", @@ -395,8 +395,8 @@ "namespaces": [ "default" ], - "updated_at": "2024-03-04T21:05:53.644Z", - "version": "Wzg5NSwxXQ==", + "updated_at": "2024-03-13T14:23:31.845Z", + "version": "Wzg5NiwxXQ==", "attributes": { "title": "Zeek Analyzer Messages", "visState": "{\"title\":\"Zeek Analyzer Messages\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.analyzer.cause\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Cause\"},\"schema\":\"bucket\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.analyzer.analyzer_kind\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Class\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.analyzer.analyzer_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Analyzer\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", @@ -425,8 +425,8 @@ "namespaces": [ "default" ], - "updated_at": "2024-03-04T21:05:53.644Z", - "version": "Wzg5NiwxXQ==", + "updated_at": "2024-03-13T14:23:31.845Z", + "version": "Wzg5NywxXQ==", "attributes": { "title": "Packet Capture - Zeek analyzer.log", "description": "", @@ -464,8 +464,8 @@ "namespaces": [ "default" ], - "updated_at": "2024-03-04T21:05:53.644Z", - "version": "Wzg5NywxXQ==", + "updated_at": "2024-03-13T14:23:31.845Z", + "version": "Wzg5OCwxXQ==", "attributes": { "title": "Zeek - Reporter Categories", "visState": "{\"title\":\"Zeek - Reporter Categories\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.reporter.level\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":false,\"labels\":{\"show\":true,\"values\":true,\"last_level\":true,\"truncate\":100}}}", @@ -494,8 +494,8 @@ "namespaces": [ "default" ], - "updated_at": "2024-03-04T21:05:53.644Z", - "version": "Wzg5OCwxXQ==", + "updated_at": "2024-03-13T14:23:31.845Z", + "version": "Wzg5OSwxXQ==", "attributes": { "title": "Packet Capture - Zeek reporter.log", "description": "", @@ -529,8 +529,8 @@ "namespaces": [ "default" ], - "updated_at": "2024-03-04T21:05:59.817Z", - "version": "Wzk0MSwxXQ==", + "updated_at": "2024-03-13T14:23:37.927Z", + "version": "Wzk0MiwxXQ==", "attributes": { "title": "Network Traffic (Bytes)", "visState": "{\"title\":\"Network Traffic (Bytes)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"MALCOLM_NETWORK_INDEX_PATTERN_REPLACER\",\"default_timefield\":\"firstPacket\",\"filter\":{\"language\":\"lucene\",\"query\":\"\"},\"id\":\"da1046f0-faa0-11e6-86b1-cd7735ff7e23\",\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"interval\":\"auto\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"rgba(0,133,255,1)\",\"fill\":\"1\",\"formatter\":\"bytes\",\"id\":\"6d8b8ab0-ebf1-11ec-a401-f5db2d59e6af\",\"line_width\":1,\"metrics\":[{\"unit\":\"1s\",\"id\":\"6d8b8ab1-ebf1-11ec-a401-f5db2d59e6af\",\"type\":\"positive_rate\",\"field\":\"miscbeat.network.bytes.rx\"}],\"point_size\":1,\"separate_axis\":0,\"split_mode\":\"terms\",\"stacked\":\"none\",\"label\":\"Inbound\",\"type\":\"timeseries\",\"terms_field\":\"miscbeat.network.interface\",\"terms_size\":\"3\",\"terms_order_by\":\"_key\",\"value_template\":\"{{value}}/s\",\"split_color_mode\":\"gradient\"},{\"id\":\"b5977de0-ebf2-11ec-a401-f5db2d59e6af\",\"color\":\"rgba(13,212,26,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"unit\":\"1s\",\"id\":\"b5977de1-ebf2-11ec-a401-f5db2d59e6af\",\"type\":\"positive_rate\",\"field\":\"miscbeat.network.bytes.tx\"},{\"id\":\"cdfb1540-ebf2-11ec-a401-f5db2d59e6af\",\"type\":\"math\",\"variables\":[{\"id\":\"d1b9caf0-ebf2-11ec-a401-f5db2d59e6af\",\"name\":\"rate\",\"field\":\"b5977de1-ebf2-11ec-a401-f5db2d59e6af\"}],\"script\":\"params.rate*-1\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":\"1\",\"stacked\":\"none\",\"label\":\"Outbound\",\"split_color_mode\":\"gradient\",\"type\":\"timeseries\",\"terms_size\":\"3\",\"terms_order_by\":\"_key\",\"terms_field\":\"miscbeat.network.interface\",\"value_template\":\"{{value}}/s\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"tooltip_mode\":\"show_all\",\"type\":\"timeseries\"}}", From d46d6ac3c7908064a211df170d91977ada168df3 Mon Sep 17 00:00:00 2001 From: Seth Grover Date: Wed, 13 Mar 2024 12:11:23 -0600 Subject: [PATCH 16/79] added release_carver.sh, see idaholab/Malcolm#440 --- scripts/release_cleaver.sh | 98 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 98 insertions(+) create mode 100755 scripts/release_cleaver.sh diff --git a/scripts/release_cleaver.sh b/scripts/release_cleaver.sh new file mode 100755 index 000000000..14f5ee40d --- /dev/null +++ b/scripts/release_cleaver.sh @@ -0,0 +1,98 @@ +#!/usr/bin/env bash + +# Copyright (c) 2024 Battelle Energy Alliance, LLC. All rights reserved. + +if [ -z "$BASH_VERSION" ]; then + echo "Wrong interpreter, please run \"$0\" with bash" + exit 1 +fi + +if ! (type basename && type sha256sum && type split && type cat) > /dev/null; then + echo "${BASH_SOURCE[0]} requires split, cat, and sha256sum" >&2 + exit 1 +fi + +set -euo pipefail +ENCODING="utf-8" + +function base () { echo "${1%.*}" ; } +function ext () { echo "${1##*.}" ; } + +if (( "$#" <= 0 )); then + # output script usage, used for splitting or joining release files + echo "Usage:" >&2 + echo " $(basename "${BASH_SOURCE[0]}") " >&2 + echo "OR" >&2 + echo " $(basename "${BASH_SOURCE[0]}") ... " >&2 + exit 1 + +elif (( "$#" > 1 )); then + # more than one file specified to join (should be .00, .01, .02, etc., and .sha) + echo "Joining..." >&2 + + # the part before the file extension needs to match for all files provided, otherwise bail + PREV_BASE= + for FILE in "$@"; do + CURR_BASE="$(base "$(basename "${FILE}")")" + if [[ ! -f "${FILE}" ]]; then + echo "\"${FILE}\" does not exist" >&2 + exit 1 + elif [[ -n "${PREV_BASE}" ]] && [[ "${PREV_BASE}" != "${CURR_BASE}" ]]; then + echo "File basenames (\"${PREV_BASE}\" and \"${CURR_BASE}\") do not match, giving up" >&2 + exit 1 + else + PREV_BASE="${CURR_BASE}" + fi + done + + # only proceed if we know what we're going to join to and that target doesn't already exist + OUT_FILE="${PREV_BASE}" + if [[ -n "${OUT_FILE}" ]] && [[ ! -f "${OUT_FILE}" ]]; then + + # loop over the input files, make note of the .sha file and cat the rest + > "${OUT_FILE}" + SHA_FILE= + for FILE in "$@"; do + EXT="$(ext "${FILE}")" + if [[ "${EXT}" == "sha" ]]; then + SHA_FILE="$FILE" + else + cat "${FILE}" >> "${OUT_FILE}" + fi + done + + if [[ ! -f "${OUT_FILE}" ]]; then + # file was not created + echo "Attempted to join files to ${OUT_FILE}, but could not create the file" >&2 + exit 1 + + elif [[ ! -s "${OUT_FILE}" ]]; then + # file was created but it's empty + echo "Attempted to join files to ${OUT_FILE}, but an empty file resulted" >&2 + exit 1 + + elif [[ -z "${SHA_FILE}" ]] || [[ ! -f "${SHA_FILE}" ]]; then + echo "Files joined to ${OUT_FILE}, but could not verify file integrity" >&2 + exit 1 + + else + # file was created, is non empty, and sha file exists, verify its integrity + sha256sum --check "${SHA_FILE}" + fi + + elif [[ -n "${OUT_FILE}" ]]; then + echo "Output file \"${OUT_FILE}\" already exists" >&2 + exit 1 + + else + echo "Could not determine output filename" >&2 + exit 1 + fi + +else + echo "Splitting..." >&2 + SHA_FILE="$(basename "${1}").sha" + sha256sum --binary "${1}" | head --bytes=64 | tee "${SHA_FILE}" + echo " $(basename "${1}")" | tee --append "${SHA_FILE}" + split --suffix-length=2 --bytes=2000000000 --numeric-suffixes=1 "${1}" "$(basename "${1}")." +fi From 7c985084ff927fa9022115b84448af189dc0eba9 Mon Sep 17 00:00:00 2001 From: Seth Grover Date: Wed, 13 Mar 2024 12:15:47 -0600 Subject: [PATCH 17/79] added release_carver.sh, see idaholab/Malcolm#440 --- scripts/release_cleaver.sh | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/scripts/release_cleaver.sh b/scripts/release_cleaver.sh index 14f5ee40d..b1882ea73 100755 --- a/scripts/release_cleaver.sh +++ b/scripts/release_cleaver.sh @@ -2,12 +2,16 @@ # Copyright (c) 2024 Battelle Energy Alliance, LLC. All rights reserved. +# release_cleaver.sh +# Split and join large files into 2 gigabyte chunks. sha256 sum is +# also calculated and saved on split and checked on join. + if [ -z "$BASH_VERSION" ]; then echo "Wrong interpreter, please run \"$0\" with bash" exit 1 fi -if ! (type basename && type sha256sum && type split && type cat) > /dev/null; then +if ! (command -v basename && command -v sha256sum && command -v split && command -v cat) >/dev/null 2>&1; then echo "${BASH_SOURCE[0]} requires split, cat, and sha256sum" >&2 exit 1 fi @@ -19,7 +23,6 @@ function base () { echo "${1%.*}" ; } function ext () { echo "${1##*.}" ; } if (( "$#" <= 0 )); then - # output script usage, used for splitting or joining release files echo "Usage:" >&2 echo " $(basename "${BASH_SOURCE[0]}") " >&2 echo "OR" >&2 From 2392498737f39f0b9de624d20e3754e246838890 Mon Sep 17 00:00:00 2001 From: Seth Grover Date: Wed, 13 Mar 2024 17:07:23 -0600 Subject: [PATCH 18/79] added release_carver.ps1, see idaholab/Malcolm#440 --- scripts/release_cleaver.ps1 | 94 +++++++++++++++++++++++++++++++++++++ scripts/release_cleaver.sh | 2 +- 2 files changed, 95 insertions(+), 1 deletion(-) create mode 100644 scripts/release_cleaver.ps1 diff --git a/scripts/release_cleaver.ps1 b/scripts/release_cleaver.ps1 new file mode 100644 index 000000000..4eb5cbaaf --- /dev/null +++ b/scripts/release_cleaver.ps1 @@ -0,0 +1,94 @@ +# release_cleaver.ps1 + +# Copyright (c) 2024 Battelle Energy Alliance, LLC. All rights reserved. + +# Split and join large files into 2 gigabyte chunks. sha256 sum is +# also calculated and saved on split and checked on join. + +if (-not $PSVersionTable.PSVersion) { + Write-Host "Wrong interpreter, please run \"$($MyInvocation.MyCommand.Path)\" with PowerShell" + exit 1 +} + +if (-not (Get-Command -Name "Split-Path" -ErrorAction SilentlyContinue) -or + -not (Get-Command -Name "Get-FileHash" -ErrorAction SilentlyContinue) -or + -not (Get-Command -Name "Join-Path" -ErrorAction SilentlyContinue) -or + -not (Get-Command -Name "cat" -ErrorAction SilentlyContinue)) { + Write-Error "$($MyInvocation.MyCommand.Path) requires Split-Path, Get-FileHash, Join-Path and cat" + exit 1 +} + +$ErrorActionPreference = "Stop" + +function Get-BaseName { + param([string]$path) + return (Split-Path -Path $path -Leaf).Split(".")[0] +} + +function Get-Extension { + param([string]$path) + return (Split-Path -Path $path -Leaf).Split(".")[-1] +} + +function Split-BinaryFile { + param ( + [string]$FilePath, + [string]$OutDir, + [int64]$ChunkSize = 2000000000, + [int64]$BufferSize = 1MB + ) + + $fileStream = [System.IO.File]::OpenRead($FilePath) + + try { + $chunkIndex = 1 + $bytesReadTotal = 0 + + while ($bytesReadTotal -lt $fileStream.Length) { + $chunkFilePath = "{0}.{1:D2}" -f (Join-Path -Path $OutDir -ChildPath (Split-Path -Path $FilePath -Leaf)), $chunkIndex + $chunkIndex++ + + $chunkFileStream = [System.IO.File]::Create($chunkFilePath) + try { + $bytesRead = 0 + $buffer = New-Object byte[] $BufferSize + + while ($bytesRead -lt $ChunkSize -and ($bytesReadTotal + $bytesRead) -lt $fileStream.Length) { + $bytesToRead = [math]::Min($ChunkSize - $bytesRead, $BufferSize) + $read = $fileStream.Read($buffer, 0, $bytesToRead) + $chunkFileStream.Write($buffer, 0, $read) + $bytesRead += $read + } + + $bytesReadTotal += $bytesRead + } finally { + $chunkFileStream.Close() + } + } + } finally { + $fileStream.Close() + } +} + + +if ($args.Count -eq 0) { + Write-Host "Usage:" + Write-Host " $(Split-Path -Path $MyInvocation.MyCommand.Path -Leaf) " + Write-Host "OR" + Write-Host " $(Split-Path -Path $MyInvocation.MyCommand.Path -Leaf) ... " + exit 1 + +} elseif ($args.Count -gt 1) { + +} else { + Write-Host "Splitting..." + $fileToSplit = $args[0] + + # generate sha256 sum file + $shaFile = Join-Path -Path (Get-Location) -ChildPath ((Split-Path -Path $fileToSplit -Leaf) + ".sha") + (Get-FileHash -Algorithm SHA256 -Path $fileToSplit | Select-Object -ExpandProperty Hash).ToLower() | Select-Object -First 64 | Out-File -FilePath $shaFile -NoNewline + Add-Content -Path $shaFile -NoNewline -Value ' ' + Add-Content -Path $shaFile -Value (Split-Path -Path $fileToSplit -Leaf) + + Split-BinaryFile $fileToSplit (Get-Location) +} \ No newline at end of file diff --git a/scripts/release_cleaver.sh b/scripts/release_cleaver.sh index b1882ea73..f15861b93 100755 --- a/scripts/release_cleaver.sh +++ b/scripts/release_cleaver.sh @@ -97,5 +97,5 @@ else SHA_FILE="$(basename "${1}").sha" sha256sum --binary "${1}" | head --bytes=64 | tee "${SHA_FILE}" echo " $(basename "${1}")" | tee --append "${SHA_FILE}" - split --suffix-length=2 --bytes=2000000000 --numeric-suffixes=1 "${1}" "$(basename "${1}")." + split --bytes=2000000000 --numeric-suffixes=1 --suffix-length=2 "${1}" "$(basename "${1}")." fi From 04a2b39a0edaaef402a8d44ee300c2e9b977ac33 Mon Sep 17 00:00:00 2001 From: Seth Grover Date: Wed, 13 Mar 2024 17:12:28 -0600 Subject: [PATCH 19/79] added release_carver.ps1, see idaholab/Malcolm#440 --- scripts/release_cleaver.ps1 | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/scripts/release_cleaver.ps1 b/scripts/release_cleaver.ps1 index 4eb5cbaaf..981e8ddb6 100644 --- a/scripts/release_cleaver.ps1 +++ b/scripts/release_cleaver.ps1 @@ -70,6 +70,29 @@ function Split-BinaryFile { } } +function Concatenate-BinaryFiles { + param ( + [string[]]$FilePaths, + [string]$OutputFile + ) + + try { + $outputFileStream = [System.IO.File]::Create($OutputFile) + + foreach ($filePath in $FilePaths) { + $inputFileStream = [System.IO.File]::OpenRead($filePath) + try { + $inputFileStream.CopyTo($outputFileStream) + } finally { + $inputFileStream.Close() + } + } + } + finally { + $outputFileStream.Close() + } +} + if ($args.Count -eq 0) { Write-Host "Usage:" @@ -79,6 +102,8 @@ if ($args.Count -eq 0) { exit 1 } elseif ($args.Count -gt 1) { + # TODO: + # Concatenate-BinaryFiles -FilePaths $args[0..($args.Length - 1)] -OutputFile $args[-1] } else { Write-Host "Splitting..." From 52b0eb5dd511be681a200d3a2d8bf73b5bbc6c00 Mon Sep 17 00:00:00 2001 From: Seth Grover Date: Thu, 14 Mar 2024 07:07:25 -0600 Subject: [PATCH 20/79] Added 'twice daily' option to examples in documentation for index rotation --- config/opensearch.env.example | 2 +- docs/malcolm-config.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/config/opensearch.env.example b/config/opensearch.env.example index f2ef048ee..a0cd11a3a 100644 --- a/config/opensearch.env.example +++ b/config/opensearch.env.example @@ -48,7 +48,7 @@ MALCOLM_NETWORK_INDEX_PATTERN=arkime_sessions3-* MALCOLM_NETWORK_INDEX_TIME_FIELD=firstPacket # Suffix used to create index to which network traffic logs are written # (supports Ruby strftime strings in %{}; e.g., -# hourly: %{%y%m%dh%H}, daily: %{%y%m%d}, weekly: %{%yw%U}, monthly: %{%ym%m}) +# hourly: %{%y%m%dh%H}, twice daily: %{%p%y%m%d}, daily: %{%y%m%d}, weekly: %{%yw%U}, monthly: %{%ym%m}) MALCOLM_NETWORK_INDEX_SUFFIX=%{%y%m%d} # Index pattern for other logs written via Logstash (e.g., nginx, beats, fluent-bit, etc.) MALCOLM_OTHER_INDEX_PATTERN=malcolm_beats_* diff --git a/docs/malcolm-config.md b/docs/malcolm-config.md index 30dd9a268..8a82c7c2a 100644 --- a/docs/malcolm-config.md +++ b/docs/malcolm-config.md @@ -66,7 +66,7 @@ Although the configuration script automates many of the following configuration - The following variables control the OpenSearch indices to which network traffic metadata are written. Changing them from their defaults may cause logs from non-Arkime data sources (i.e., Zeek, Suricata) to not show up correctly in Arkime. + `MALCOLM_NETWORK_INDEX_PATTERN` - Index pattern for network traffic logs written via Logstash (default is `arkime_sessions3-*`) + `MALCOLM_NETWORK_INDEX_TIME_FIELD` - Default time field to use for network traffic logs in Logstash and Dashboards (default is `firstPacket`) - + `MALCOLM_NETWORK_INDEX_SUFFIX` - Suffix used to create index to which network traffic logs are written (supports [Ruby `strftime`](https://docs.ruby-lang.org/en/3.2/strftime_formatting_rdoc.html) strings in `%{}`) (e.g., hourly: `%{%y%m%dh%H}`, daily (default): `%{%y%m%d}`, weekly: `%{%yw%U}`, monthly: `%{%ym%m}`) + + `MALCOLM_NETWORK_INDEX_SUFFIX` - Suffix used to create index to which network traffic logs are written (supports [Ruby `strftime`](https://docs.ruby-lang.org/en/3.2/strftime_formatting_rdoc.html) strings in `%{}`) (e.g., hourly: `%{%y%m%dh%H}`, twice daily: `%{%p%y%m%d}`, daily (default): `%{%y%m%d}`, weekly: `%{%yw%U}`, monthly: `%{%ym%m}`) - The following variables control the OpenSearch indices to which other logs ([third-party logs](third-party-logs.md#ThirdPartyLogs), resource utilization reports from network sensors, etc.) are written. + `MALCOLM_OTHER_INDEX_PATTERN` - Index pattern for other logs written via Logstash (default is `malcolm_beats_*`) + `MALCOLM_OTHER_INDEX_TIME_FIELD` - Default time field to use for other logs in Logstash and Dashboards (default is `@timestamp`) From 93eab42d25be1388a1530091ece21cd1d615879e Mon Sep 17 00:00:00 2001 From: Seth Grover Date: Thu, 14 Mar 2024 07:12:19 -0600 Subject: [PATCH 21/79] Added 'twice daily' option to examples in documentation for index rotation --- config/opensearch.env.example | 2 +- docs/malcolm-config.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/config/opensearch.env.example b/config/opensearch.env.example index a0cd11a3a..ce43aa7ff 100644 --- a/config/opensearch.env.example +++ b/config/opensearch.env.example @@ -48,7 +48,7 @@ MALCOLM_NETWORK_INDEX_PATTERN=arkime_sessions3-* MALCOLM_NETWORK_INDEX_TIME_FIELD=firstPacket # Suffix used to create index to which network traffic logs are written # (supports Ruby strftime strings in %{}; e.g., -# hourly: %{%y%m%dh%H}, twice daily: %{%p%y%m%d}, daily: %{%y%m%d}, weekly: %{%yw%U}, monthly: %{%ym%m}) +# hourly: %{%y%m%dh%H}, twice daily: %{%P%y%m%d}, daily: %{%y%m%d}, weekly: %{%yw%U}, monthly: %{%ym%m}) MALCOLM_NETWORK_INDEX_SUFFIX=%{%y%m%d} # Index pattern for other logs written via Logstash (e.g., nginx, beats, fluent-bit, etc.) MALCOLM_OTHER_INDEX_PATTERN=malcolm_beats_* diff --git a/docs/malcolm-config.md b/docs/malcolm-config.md index 8a82c7c2a..7922affa7 100644 --- a/docs/malcolm-config.md +++ b/docs/malcolm-config.md @@ -66,7 +66,7 @@ Although the configuration script automates many of the following configuration - The following variables control the OpenSearch indices to which network traffic metadata are written. Changing them from their defaults may cause logs from non-Arkime data sources (i.e., Zeek, Suricata) to not show up correctly in Arkime. + `MALCOLM_NETWORK_INDEX_PATTERN` - Index pattern for network traffic logs written via Logstash (default is `arkime_sessions3-*`) + `MALCOLM_NETWORK_INDEX_TIME_FIELD` - Default time field to use for network traffic logs in Logstash and Dashboards (default is `firstPacket`) - + `MALCOLM_NETWORK_INDEX_SUFFIX` - Suffix used to create index to which network traffic logs are written (supports [Ruby `strftime`](https://docs.ruby-lang.org/en/3.2/strftime_formatting_rdoc.html) strings in `%{}`) (e.g., hourly: `%{%y%m%dh%H}`, twice daily: `%{%p%y%m%d}`, daily (default): `%{%y%m%d}`, weekly: `%{%yw%U}`, monthly: `%{%ym%m}`) + + `MALCOLM_NETWORK_INDEX_SUFFIX` - Suffix used to create index to which network traffic logs are written (supports [Ruby `strftime`](https://docs.ruby-lang.org/en/3.2/strftime_formatting_rdoc.html) strings in `%{}`) (e.g., hourly: `%{%y%m%dh%H}`, twice daily: `%{%P%y%m%d}`, daily (default): `%{%y%m%d}`, weekly: `%{%yw%U}`, monthly: `%{%ym%m}`) - The following variables control the OpenSearch indices to which other logs ([third-party logs](third-party-logs.md#ThirdPartyLogs), resource utilization reports from network sensors, etc.) are written. + `MALCOLM_OTHER_INDEX_PATTERN` - Index pattern for other logs written via Logstash (default is `malcolm_beats_*`) + `MALCOLM_OTHER_INDEX_TIME_FIELD` - Default time field to use for other logs in Logstash and Dashboards (default is `@timestamp`) From df0007867d2dc2b9ee5caaabf8aa65fcbb2e233d Mon Sep 17 00:00:00 2001 From: Seth Grover Date: Thu, 14 Mar 2024 07:26:59 -0600 Subject: [PATCH 22/79] make sure index names are lowercased, which is a requirement for opensearch --- logstash/ruby/format_index_string.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/logstash/ruby/format_index_string.rb b/logstash/ruby/format_index_string.rb index 258f0a42a..eb66b3593 100644 --- a/logstash/ruby/format_index_string.rb +++ b/logstash/ruby/format_index_string.rb @@ -77,7 +77,7 @@ def filter(event) end end - event.set("#{@target}", prefix_resolved + String(midfix_first) + suffix_separator + suffix_resolved) + event.set("#{@target}", (prefix_resolved + String(midfix_first) + suffix_separator + suffix_resolved).downcase) [event] end From 51ffa938d09d5d4b0c691015f47ccabceaf67c9b Mon Sep 17 00:00:00 2001 From: Seth Grover Date: Thu, 14 Mar 2024 10:27:42 -0600 Subject: [PATCH 23/79] added release_carver.ps1, see idaholab/Malcolm#440 --- scripts/release_cleaver.ps1 | 135 ++++++++++++++++++++++++++++-------- 1 file changed, 107 insertions(+), 28 deletions(-) diff --git a/scripts/release_cleaver.ps1 b/scripts/release_cleaver.ps1 index 981e8ddb6..ecc69c566 100644 --- a/scripts/release_cleaver.ps1 +++ b/scripts/release_cleaver.ps1 @@ -2,34 +2,19 @@ # Copyright (c) 2024 Battelle Energy Alliance, LLC. All rights reserved. +# release_cleaver.sh # Split and join large files into 2 gigabyte chunks. sha256 sum is -# also calculated and saved on split and checked on join. +# also calculated and saved on split and checked on join. -if (-not $PSVersionTable.PSVersion) { - Write-Host "Wrong interpreter, please run \"$($MyInvocation.MyCommand.Path)\" with PowerShell" - exit 1 -} - -if (-not (Get-Command -Name "Split-Path" -ErrorAction SilentlyContinue) -or - -not (Get-Command -Name "Get-FileHash" -ErrorAction SilentlyContinue) -or - -not (Get-Command -Name "Join-Path" -ErrorAction SilentlyContinue) -or - -not (Get-Command -Name "cat" -ErrorAction SilentlyContinue)) { - Write-Error "$($MyInvocation.MyCommand.Path) requires Split-Path, Get-FileHash, Join-Path and cat" - exit 1 -} $ErrorActionPreference = "Stop" -function Get-BaseName { - param([string]$path) - return (Split-Path -Path $path -Leaf).Split(".")[0] -} - -function Get-Extension { - param([string]$path) - return (Split-Path -Path $path -Leaf).Split(".")[-1] -} +# Split a binary file into a series of smaller files +# - FilePath - path to file to be split +# - OutDir - directory containing resultant fragment files +# - ChunkSize - maximum size of each file part +# - BufferSize - intermediate in-memory buffer size function Split-BinaryFile { param ( [string]$FilePath, @@ -39,7 +24,6 @@ function Split-BinaryFile { ) $fileStream = [System.IO.File]::OpenRead($FilePath) - try { $chunkIndex = 1 $bytesReadTotal = 0 @@ -70,6 +54,9 @@ function Split-BinaryFile { } } +# Split a binary file into a series of smaller files +# - FilePaths - array of files to join (in the order to be reassembled) +# - OutputFile - Filename of resulting joined file function Concatenate-BinaryFiles { param ( [string[]]$FilePaths, @@ -93,21 +80,112 @@ function Concatenate-BinaryFiles { } } +# first expand wildcard arguments ($args -> $allFileArgs) +$allFileArgs = @() +foreach ($filename in $args) { + $expandedFiles = Get-ChildItem -Path $filename + foreach ($expandedFile in $expandedFiles) { + If (-not ($allFileArgs -contains $expandedFile)) { + $allFileArgs += $expandedFile.FullName + } + } +} -if ($args.Count -eq 0) { +if ($allFileArgs.Count -eq 0) { Write-Host "Usage:" Write-Host " $(Split-Path -Path $MyInvocation.MyCommand.Path -Leaf) " Write-Host "OR" Write-Host " $(Split-Path -Path $MyInvocation.MyCommand.Path -Leaf) ... " exit 1 -} elseif ($args.Count -gt 1) { - # TODO: - # Concatenate-BinaryFiles -FilePaths $args[0..($args.Length - 1)] -OutputFile $args[-1] +} elseif ($allFileArgs.Count -gt 1) { + Write-Host "Joining..." + + # separate the sha file from the files to join + $shaFiles = @() + $splitFiles = @() + foreach ($filename in $allFileArgs) { + if (Test-Path $filename -PathType Leaf) { + if ($filename -like "*.sha") { + $shaFiles += $filename + } else { + $splitFiles += $filename + } + } else { + Write-Host """$($filename)"" does not exist" + exit 1 + } + } + + # make sure the base names of the files to join match + $prevBase = "" + foreach ($filename in $splitFiles) { + $curBase = [System.IO.Path]::GetFileNameWithoutExtension($filename); + if ($prevBase -and ($prevBase -ne $curBase)) { + Write-Host "File basenames ""$($prevBase)"" and ""$($curBase)"" do not match, giving up" + exit 1 + } else { + $prevBase = $curBase + } + } + $outFile = $prevBase + + # don't overwrite an existing file + if (Test-Path $outFile -PathType Leaf) { + Write-Host """$($outFile)"" already exists" + exit 1 + } + + # join the files + Concatenate-BinaryFiles $splitFiles $outFile + + # check the results and sha sum + if (Test-Path $outFile -PathType Leaf) { + $outFileItem = Get-Item $outFile + if ($outFileItem.Length -gt 0) { + if ($shaFiles.Count -ne 1) { + Write-Host "Files joined to ""$($outFile)"", but could not verify file integrity" + exit 1 + + } else { + # calculate the sha256 sum + $outFileHash = Get-FileHash -Path $outFile -Algorithm SHA256 + $outFileHashSha256 = $outFileHash.Hash.ToLower() + + # Read the contents of the sha file for comparison + $shaFileContent = Get-Content $shaFiles[0] + $shaFileContents = @() + foreach ($line in $shaFileContent) { + $parts = $line -split '\s+' + if ($parts.Length -eq 2) { + $shaFileContents += @($parts[0].ToLower(), $parts[1]) + break + } + } + + # compare the joined file and hash from the sha file + if ($shaFileContents[0] -eq $outFileHashSha256.ToLower()) { + Write-Host """$($outFile)"" OK" + + } else { + Write-Host """$($outFile)"" SHA256 hash mismatch ($($shaFileContents[0]) vs $($outFileHashSha256))" + exit 1 + } + } + + } else { + Write-Host "Attempted to join files to ""$($outFile)"", but an empty file resulted" + exit 1 + } + + } else { + Write-Host "Attempted to join files to ""$($outFile)"", but could not create the file" + exit 1 + } } else { Write-Host "Splitting..." - $fileToSplit = $args[0] + $fileToSplit = $allFileArgs[0] # generate sha256 sum file $shaFile = Join-Path -Path (Get-Location) -ChildPath ((Split-Path -Path $fileToSplit -Leaf) + ".sha") @@ -115,5 +193,6 @@ if ($args.Count -eq 0) { Add-Content -Path $shaFile -NoNewline -Value ' ' Add-Content -Path $shaFile -Value (Split-Path -Path $fileToSplit -Leaf) + # split the file into its parts Split-BinaryFile $fileToSplit (Get-Location) } \ No newline at end of file From 760f3d25fc89b4b886dff382134e04720015992d Mon Sep 17 00:00:00 2001 From: Seth Grover Date: Thu, 14 Mar 2024 11:05:49 -0600 Subject: [PATCH 24/79] added release_carver.ps1, see idaholab/Malcolm#440 --- scripts/release_cleaver.ps1 | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/scripts/release_cleaver.ps1 b/scripts/release_cleaver.ps1 index ecc69c566..33234d0ce 100644 --- a/scripts/release_cleaver.ps1 +++ b/scripts/release_cleaver.ps1 @@ -132,7 +132,7 @@ if ($allFileArgs.Count -eq 0) { # don't overwrite an existing file if (Test-Path $outFile -PathType Leaf) { - Write-Host """$($outFile)"" already exists" + Write-Host "Output file ""$($outFile)"" already exists" exit 1 } @@ -195,4 +195,6 @@ if ($allFileArgs.Count -eq 0) { # split the file into its parts Split-BinaryFile $fileToSplit (Get-Location) + + Get-Content $shaFile | Write-Host } \ No newline at end of file From f949546a798d1e07678c0de6499346b81c5d3f94 Mon Sep 17 00:00:00 2001 From: Seth Grover Date: Thu, 14 Mar 2024 13:40:07 -0600 Subject: [PATCH 25/79] added release_carver.ps1, see idaholab/Malcolm#440 --- scripts/release_cleaver.ps1 | 398 ++++++++++++++++++------------------ 1 file changed, 199 insertions(+), 199 deletions(-) diff --git a/scripts/release_cleaver.ps1 b/scripts/release_cleaver.ps1 index 33234d0ce..e5c6019b1 100644 --- a/scripts/release_cleaver.ps1 +++ b/scripts/release_cleaver.ps1 @@ -1,200 +1,200 @@ -# release_cleaver.ps1 - -# Copyright (c) 2024 Battelle Energy Alliance, LLC. All rights reserved. - -# release_cleaver.sh -# Split and join large files into 2 gigabyte chunks. sha256 sum is -# also calculated and saved on split and checked on join. - - -$ErrorActionPreference = "Stop" - - -# Split a binary file into a series of smaller files -# - FilePath - path to file to be split -# - OutDir - directory containing resultant fragment files -# - ChunkSize - maximum size of each file part -# - BufferSize - intermediate in-memory buffer size -function Split-BinaryFile { - param ( - [string]$FilePath, - [string]$OutDir, - [int64]$ChunkSize = 2000000000, - [int64]$BufferSize = 1MB - ) - - $fileStream = [System.IO.File]::OpenRead($FilePath) - try { - $chunkIndex = 1 - $bytesReadTotal = 0 - - while ($bytesReadTotal -lt $fileStream.Length) { - $chunkFilePath = "{0}.{1:D2}" -f (Join-Path -Path $OutDir -ChildPath (Split-Path -Path $FilePath -Leaf)), $chunkIndex - $chunkIndex++ - - $chunkFileStream = [System.IO.File]::Create($chunkFilePath) - try { - $bytesRead = 0 - $buffer = New-Object byte[] $BufferSize - - while ($bytesRead -lt $ChunkSize -and ($bytesReadTotal + $bytesRead) -lt $fileStream.Length) { - $bytesToRead = [math]::Min($ChunkSize - $bytesRead, $BufferSize) - $read = $fileStream.Read($buffer, 0, $bytesToRead) - $chunkFileStream.Write($buffer, 0, $read) - $bytesRead += $read - } - - $bytesReadTotal += $bytesRead - } finally { - $chunkFileStream.Close() - } - } - } finally { - $fileStream.Close() - } -} - -# Split a binary file into a series of smaller files -# - FilePaths - array of files to join (in the order to be reassembled) -# - OutputFile - Filename of resulting joined file -function Concatenate-BinaryFiles { - param ( - [string[]]$FilePaths, - [string]$OutputFile - ) - - try { - $outputFileStream = [System.IO.File]::Create($OutputFile) - - foreach ($filePath in $FilePaths) { - $inputFileStream = [System.IO.File]::OpenRead($filePath) - try { - $inputFileStream.CopyTo($outputFileStream) - } finally { - $inputFileStream.Close() - } - } - } - finally { - $outputFileStream.Close() - } -} - -# first expand wildcard arguments ($args -> $allFileArgs) -$allFileArgs = @() -foreach ($filename in $args) { - $expandedFiles = Get-ChildItem -Path $filename - foreach ($expandedFile in $expandedFiles) { - If (-not ($allFileArgs -contains $expandedFile)) { - $allFileArgs += $expandedFile.FullName - } - } -} - -if ($allFileArgs.Count -eq 0) { - Write-Host "Usage:" - Write-Host " $(Split-Path -Path $MyInvocation.MyCommand.Path -Leaf) " - Write-Host "OR" - Write-Host " $(Split-Path -Path $MyInvocation.MyCommand.Path -Leaf) ... " - exit 1 - -} elseif ($allFileArgs.Count -gt 1) { - Write-Host "Joining..." - - # separate the sha file from the files to join - $shaFiles = @() - $splitFiles = @() - foreach ($filename in $allFileArgs) { - if (Test-Path $filename -PathType Leaf) { - if ($filename -like "*.sha") { - $shaFiles += $filename - } else { - $splitFiles += $filename - } - } else { - Write-Host """$($filename)"" does not exist" - exit 1 - } - } - - # make sure the base names of the files to join match - $prevBase = "" - foreach ($filename in $splitFiles) { - $curBase = [System.IO.Path]::GetFileNameWithoutExtension($filename); - if ($prevBase -and ($prevBase -ne $curBase)) { - Write-Host "File basenames ""$($prevBase)"" and ""$($curBase)"" do not match, giving up" - exit 1 - } else { - $prevBase = $curBase - } - } - $outFile = $prevBase - - # don't overwrite an existing file - if (Test-Path $outFile -PathType Leaf) { - Write-Host "Output file ""$($outFile)"" already exists" - exit 1 - } - - # join the files - Concatenate-BinaryFiles $splitFiles $outFile - - # check the results and sha sum - if (Test-Path $outFile -PathType Leaf) { - $outFileItem = Get-Item $outFile - if ($outFileItem.Length -gt 0) { - if ($shaFiles.Count -ne 1) { - Write-Host "Files joined to ""$($outFile)"", but could not verify file integrity" - exit 1 - - } else { - # calculate the sha256 sum - $outFileHash = Get-FileHash -Path $outFile -Algorithm SHA256 - $outFileHashSha256 = $outFileHash.Hash.ToLower() - - # Read the contents of the sha file for comparison - $shaFileContent = Get-Content $shaFiles[0] - $shaFileContents = @() - foreach ($line in $shaFileContent) { - $parts = $line -split '\s+' - if ($parts.Length -eq 2) { - $shaFileContents += @($parts[0].ToLower(), $parts[1]) - break - } - } - - # compare the joined file and hash from the sha file - if ($shaFileContents[0] -eq $outFileHashSha256.ToLower()) { - Write-Host """$($outFile)"" OK" - - } else { - Write-Host """$($outFile)"" SHA256 hash mismatch ($($shaFileContents[0]) vs $($outFileHashSha256))" - exit 1 - } - } - - } else { - Write-Host "Attempted to join files to ""$($outFile)"", but an empty file resulted" - exit 1 - } - - } else { - Write-Host "Attempted to join files to ""$($outFile)"", but could not create the file" - exit 1 - } - -} else { - Write-Host "Splitting..." - $fileToSplit = $allFileArgs[0] - - # generate sha256 sum file - $shaFile = Join-Path -Path (Get-Location) -ChildPath ((Split-Path -Path $fileToSplit -Leaf) + ".sha") - (Get-FileHash -Algorithm SHA256 -Path $fileToSplit | Select-Object -ExpandProperty Hash).ToLower() | Select-Object -First 64 | Out-File -FilePath $shaFile -NoNewline - Add-Content -Path $shaFile -NoNewline -Value ' ' - Add-Content -Path $shaFile -Value (Split-Path -Path $fileToSplit -Leaf) - - # split the file into its parts - Split-BinaryFile $fileToSplit (Get-Location) - - Get-Content $shaFile | Write-Host +# release_cleaver.ps1 + +# Copyright (c) 2024 Battelle Energy Alliance, LLC. All rights reserved. + +# release_cleaver.sh +# Split and join large files into 2 gigabyte chunks. sha256 sum is +# also calculated and saved on split and checked on join. + + +$ErrorActionPreference = "Stop" + + +# Split a binary file into a series of smaller files +# - FilePath - path to file to be split +# - OutDir - directory containing resultant fragment files +# - ChunkSize - maximum size of each file part +# - BufferSize - intermediate in-memory buffer size +function Split-BinaryFile { + param ( + [string]$FilePath, + [string]$OutDir, + [int64]$ChunkSize = 2000000000, + [int64]$BufferSize = 1000000 + ) + + $fileStream = [System.IO.File]::OpenRead($FilePath) + try { + $chunkIndex = 1 + $bytesReadTotal = 0 + + while ($bytesReadTotal -lt $fileStream.Length) { + $chunkFilePath = "{0}.{1:D2}" -f (Join-Path -Path $OutDir -ChildPath (Split-Path -Path $FilePath -Leaf)), $chunkIndex + $chunkIndex++ + + $chunkFileStream = [System.IO.File]::Create($chunkFilePath) + try { + $bytesRead = 0 + $buffer = New-Object byte[] $BufferSize + + while ($bytesRead -lt $ChunkSize -and ($bytesReadTotal + $bytesRead) -lt $fileStream.Length) { + $bytesToRead = [math]::Min($ChunkSize - $bytesRead, $BufferSize) + $read = $fileStream.Read($buffer, 0, $bytesToRead) + $chunkFileStream.Write($buffer, 0, $read) + $bytesRead += $read + } + + $bytesReadTotal += $bytesRead + } finally { + $chunkFileStream.Close() + } + } + } finally { + $fileStream.Close() + } +} + +# Split a binary file into a series of smaller files +# - FilePaths - array of files to join (in the order to be reassembled) +# - OutputFile - Filename of resulting joined file +function Concatenate-BinaryFiles { + param ( + [string[]]$FilePaths, + [string]$OutputFile + ) + + $outputFileStream = [System.IO.File]::Create($OutputFile) + try { + foreach ($filePath in $FilePaths) { + $inputFileStream = [System.IO.File]::OpenRead($filePath) + try { + $inputFileStream.CopyTo($outputFileStream) + } finally { + $inputFileStream.Close() + } + } + } + finally { + $outputFileStream.Close() + } +} + +# first expand wildcard arguments ($args -> $allFileArgs) +$allFileArgs = @() +foreach ($filename in $args) { + $expandedFiles = Get-ChildItem -Path $filename + foreach ($expandedFile in $expandedFiles) { + If (-not ($allFileArgs -contains $expandedFile)) { + $allFileArgs += $expandedFile.FullName + } + } +} + +if ($allFileArgs.Count -eq 0) { + Write-Host "Usage:" + Write-Host " $(Split-Path -Path $MyInvocation.MyCommand.Path -Leaf) " + Write-Host "OR" + Write-Host " $(Split-Path -Path $MyInvocation.MyCommand.Path -Leaf) ... " + exit 1 + +} elseif ($allFileArgs.Count -gt 1) { + Write-Host "Joining..." + + # separate the sha file from the files to join + $shaFiles = @() + $splitFiles = @() + foreach ($filename in $allFileArgs) { + if (Test-Path $filename -PathType Leaf) { + if ($filename -like "*.sha") { + $shaFiles += $filename + } else { + $splitFiles += $filename + } + } else { + Write-Host """$($filename)"" does not exist" + exit 1 + } + } + + # make sure the base names of the files to join match + $prevBase = "" + foreach ($filename in $splitFiles) { + $curBase = [System.IO.Path]::GetFileNameWithoutExtension($filename); + if ($prevBase -and ($prevBase -ne $curBase)) { + Write-Host "File basenames ""$($prevBase)"" and ""$($curBase)"" do not match, giving up" + exit 1 + } else { + $prevBase = $curBase + } + } + $outFileBase = $prevBase + $outFile = Join-Path -Path (Get-Location) -ChildPath (Split-Path -Path $outFileBase -Leaf) + + # don't overwrite an existing file + if (Test-Path $outFile -PathType Leaf) { + Write-Host "Output file ""$($outFileBase)"" already exists" + exit 1 + } + + # join the files + Concatenate-BinaryFiles $splitFiles $outFile + + # check the results and sha sum + if (Test-Path $outFile -PathType Leaf) { + $outFileItem = Get-Item $outFile + if ($outFileItem.Length -gt 0) { + if ($shaFiles.Count -ne 1) { + Write-Host "Files joined to ""$($outFileBase)"", but could not verify file integrity" + exit 1 + + } else { + # calculate the sha256 sum + $outFileHash = Get-FileHash -Path $outFile -Algorithm SHA256 + $outFileHashSha256 = $outFileHash.Hash.ToLower() + + # Read the contents of the sha file for comparison + $shaFileContent = Get-Content $shaFiles[0] + $shaFileContents = @() + foreach ($line in $shaFileContent) { + $parts = $line -split '\s+' + if ($parts.Length -eq 2) { + $shaFileContents += @($parts[0].ToLower(), $parts[1]) + break + } + } + + # compare the joined file and hash from the sha file + if ($shaFileContents[0] -eq $outFileHashSha256.ToLower()) { + Write-Host """$($outFileBase)"" OK" + + } else { + Write-Host """$($outFileBase)"" SHA256 hash mismatch ($($shaFileContents[0]) vs $($outFileHashSha256))" + exit 1 + } + } + + } else { + Write-Host "Attempted to join files to ""$($outFileBase)"", but an empty file resulted" + exit 1 + } + + } else { + Write-Host "Attempted to join files to ""$($outFileBase)"", but could not create the file" + exit 1 + } + +} else { + Write-Host "Splitting..." + $fileToSplit = $allFileArgs[0] + + # generate sha256 sum file + $shaFile = Join-Path -Path (Get-Location) -ChildPath ((Split-Path -Path $fileToSplit -Leaf) + ".sha") + (Get-FileHash -Algorithm SHA256 -Path $fileToSplit | Select-Object -ExpandProperty Hash).ToLower() | Select-Object -First 64 | Out-File -FilePath $shaFile -NoNewline + Add-Content -Path $shaFile -NoNewline -Value ' ' + Add-Content -Path $shaFile -Value (Split-Path -Path $fileToSplit -Leaf) + + # split the file into its parts + Split-BinaryFile $fileToSplit (Get-Location) + + Get-Content $shaFile | Write-Host } \ No newline at end of file From a30f20b9b52dcf5582d41dc6a4a182547dbb4879 Mon Sep 17 00:00:00 2001 From: Seth Grover Date: Thu, 14 Mar 2024 14:40:36 -0600 Subject: [PATCH 26/79] idaholab/Malcolm#440, rearrange download page --- .../workflows/nginx-build-and-push-ghcr.yml | 1 - _config.yml | 2 +- _layouts/default.html | 2 +- docs/README.md | 3 + docs/download.md | 73 ++++++++++++------- docs/kubernetes.md | 2 +- docs/malcolm-hedgehog-e2e-iso-install.md | 6 +- docs/ubuntu-install-example.md | 4 +- 8 files changed, 57 insertions(+), 36 deletions(-) diff --git a/.github/workflows/nginx-build-and-push-ghcr.yml b/.github/workflows/nginx-build-and-push-ghcr.yml index 2343e6f31..708d7fdd0 100644 --- a/.github/workflows/nginx-build-and-push-ghcr.yml +++ b/.github/workflows/nginx-build-and-push-ghcr.yml @@ -21,7 +21,6 @@ on: - '_includes/**' - '_layouts/**' - 'docs/**' - - '!docs/download.md' - 'Gemfile' - 'README.md' workflow_dispatch: diff --git a/_config.yml b/_config.yml index cc752665c..41ff84c2f 100644 --- a/_config.yml +++ b/_config.yml @@ -3,7 +3,6 @@ title: Malcolm description: A powerful, easily deployable network traffic analysis tool suite logo: docs/images/logo/Malcolm_outline_banner_dark.png remote_theme: pages-themes/minimal@v0.2.0 -external_download_url: https://malcolm.fyi/docs/download.html youtube_url: https://www.youtube.com/@MalcolmNetworkTrafficAnalysis mastodon: id: malcolm@malcolm.fyi @@ -17,6 +16,7 @@ components_docs_uri: docs/components.html configuring_docs_uri: docs/malcolm-preparation.html contributing_docs_uri: docs/contributing-guide.html dashboards_docs_uri: docs/dashboards.html +download_docs_uri: docs/download.html#DownloadISOs hardening_docs_uri: docs/hardening.html hedgehog_docs_uri: docs/hedgehog.html live_analysis_docs_uri: docs/live-analysis.html diff --git a/_layouts/default.html b/_layouts/default.html index 96b0304f2..0ee5513ce 100644 --- a/_layouts/default.html +++ b/_layouts/default.html @@ -72,7 +72,7 @@