From 182ffa5ea6f173ce58e6a44b039026721809cfe1 Mon Sep 17 00:00:00 2001 From: Edward Arcuri Date: Thu, 10 Sep 2020 16:08:20 +0000 Subject: [PATCH 01/35] Add Pensando module init --- filebeat/module/pensando/_meta/config.yml | 3 + filebeat/module/pensando/_meta/docs.asciidoc | 46 ++++ filebeat/module/pensando/_meta/fields.yml | 10 + filebeat/module/pensando/dfw/_meta/fields.yml | 59 +++++ filebeat/module/pensando/dfw/config/dfw.yml | 19 ++ .../module/pensando/dfw/ingest/pipeline.yml | 215 ++++++++++++++++++ filebeat/module/pensando/dfw/manifest.yml | 15 ++ filebeat/module/pensando/dfw/test/test.log | 3 + .../pensando/dfw/test/test.log-expected.json | 113 +++++++++ filebeat/module/pensando/fields.go | 36 +++ filebeat/module/pensando/module.yml | 1 + 11 files changed, 520 insertions(+) create mode 100644 filebeat/module/pensando/_meta/config.yml create mode 100644 filebeat/module/pensando/_meta/docs.asciidoc create mode 100644 filebeat/module/pensando/_meta/fields.yml create mode 100644 filebeat/module/pensando/dfw/_meta/fields.yml create mode 100644 filebeat/module/pensando/dfw/config/dfw.yml create mode 100644 filebeat/module/pensando/dfw/ingest/pipeline.yml create mode 100644 filebeat/module/pensando/dfw/manifest.yml create mode 100644 filebeat/module/pensando/dfw/test/test.log create mode 100644 filebeat/module/pensando/dfw/test/test.log-expected.json create mode 100644 filebeat/module/pensando/fields.go create mode 100644 filebeat/module/pensando/module.yml diff --git a/filebeat/module/pensando/_meta/config.yml b/filebeat/module/pensando/_meta/config.yml new file mode 100644 index 000000000000..1220ccbf06ac --- /dev/null +++ b/filebeat/module/pensando/_meta/config.yml @@ -0,0 +1,3 @@ +- module: pensando + dfw: + enabled: true diff --git a/filebeat/module/pensando/_meta/docs.asciidoc b/filebeat/module/pensando/_meta/docs.asciidoc new file mode 100644 index 000000000000..e9895e047ceb --- /dev/null +++ b/filebeat/module/pensando/_meta/docs.asciidoc @@ -0,0 +1,46 @@ +:modulename: pensando +:has-dashboards: true + +== pensando module + +This is the pensando module. + +include::../include/what-happens.asciidoc[] + +include::../include/gs-link.asciidoc[] + +[float] +=== Compatibility + +TODO: document with what versions of the software is this tested + +include::../include/configuring-intro.asciidoc[] + +TODO: provide an example configuration + +:fileset_ex: {fileset} + +include::../include/config-option-intro.asciidoc[] + +TODO: document the variables from each fileset. If you're describing a variable +that's common to other modules, you can reuse shared descriptions by including +the relevant file. For example: + +[float] +==== `{fileset}` log fileset settings + +include::../include/var-paths.asciidoc[] + +[float] +=== Example dashboard + +This module comes with a sample dashboard. For example: + +TODO: include an image of a sample dashboard. If you do not include a dashboard, +remove this section and set `:has-dashboards: false` at the top of this file. + +:has-dashboards!: + +:fileset_ex!: + +:modulename!: diff --git a/filebeat/module/pensando/_meta/fields.yml b/filebeat/module/pensando/_meta/fields.yml new file mode 100644 index 000000000000..f4dba1a22bab --- /dev/null +++ b/filebeat/module/pensando/_meta/fields.yml @@ -0,0 +1,10 @@ +- key: pensando + title: Pensando + description: > + pensando Module + fields: + - name: pensando + type: group + description: > + Fields from Pensando logs. + fields: diff --git a/filebeat/module/pensando/dfw/_meta/fields.yml b/filebeat/module/pensando/dfw/_meta/fields.yml new file mode 100644 index 000000000000..a5735c21e7b4 --- /dev/null +++ b/filebeat/module/pensando/dfw/_meta/fields.yml @@ -0,0 +1,59 @@ +- name: payload_raw + description: Please add description + example: Please add example + type: text +- name: dfw + type: group + release: beta + default_field: false + description: > + Fields for Pensando DFW + fields: + - name: action + type: keyword + description: > + Action on the flow. + - name: app_id + type: integer + description: > + Application ID + - name: destination_address + type: keyword + description: > + Address of destination. + - name: destination_port + type: integer + description: > + Port of destination. + - name: direction + type: keyword + description: > + Direction of the flow + - name: protocol + type: keyword + description: > + Protocol of the flow + - name: rule_id + type: keyword + description: > + Rule ID that was matched. + - name: session_id + type: integer + description: > + Session ID of the flow + - name: session_state + type: keyword + description: > + Session state of the flow. + - name: source_address + type: keyword + description: > + Source address of the flow. + - name: source_port + type: integer + description: > + Source port of the flow. + - name: timestamp + type: date + description: > + Timestamp of the log. diff --git a/filebeat/module/pensando/dfw/config/dfw.yml b/filebeat/module/pensando/dfw/config/dfw.yml new file mode 100644 index 000000000000..b14d2747acb9 --- /dev/null +++ b/filebeat/module/pensando/dfw/config/dfw.yml @@ -0,0 +1,19 @@ +{{ if eq .input "syslog" }} + +type: udp +udp: +host: "{{.syslog_host}}:{{.syslog_port}}" + +{{ else if eq .input "file" }} + +type: log +paths: +{{ range $i, $path := .paths }} + - {{$path}} +{{ end }} +exclude_files: [".gz$"] + +{{ end }} + +processors: + - add_locale: ~ diff --git a/filebeat/module/pensando/dfw/ingest/pipeline.yml b/filebeat/module/pensando/dfw/ingest/pipeline.yml new file mode 100644 index 000000000000..a54110c6d7ea --- /dev/null +++ b/filebeat/module/pensando/dfw/ingest/pipeline.yml @@ -0,0 +1,215 @@ +--- +description: Pipeline for parsing Penando DFW logs +processors: +- rename: + field: message + target_field: event.original +- grok: + field: event.original + patterns: + - "%{SYSLOG5424PRI}%{NONNEGINT:syslog5424_ver} +(?:%{TIMESTAMP_ISO8601:syslog5424_ts}|-) +(?:%{IPORHOST:syslog5424_host}|-) +(-|%{SYSLOG5424PRINTASCII:syslog5424_app}) +(-|%{SYSLOG5424PRINTASCII:syslog5424_proc}) +(?::-|%{SYSLOG5424PRINTASCII:syslog5424_msgid}) +\\[%{GREEDYDATA:payload_raw}\\]$" +- json: + field: payload_raw + target_field: json +- remove: + field: syslog5424_sd + ignore_missing: true +- remove: + field: syslog5424_app + ignore_missing: true +- remove: + field: syslog5424_host + ignore_missing: true +- remove: + field: syslog5424_msgid + ignore_missing: true +- remove: + field: syslog5424_pri + ignore_missing: true +- remove: + field: syslog5424_proc + ignore_missing: true +- remove: + field: syslog5424_ver + ignore_missing: true +- remove: + field: host + ignore_missing: true +- date: + field: json.timestamp + target_field: '@timestamp' + ignore_failure: true + formats: + - ISO8601 +- rename: + field: json.action + target_field: pensando.dfw.action + ignore_failure: true +- rename: + field: json.app-id + target_field: pensando.dfw.app_id + ignore_failure: true +- rename: + field: json.destaddr + target_field: pensando.dfw.destination_address + ignore_failure: true +- rename: + field: json.destport + target_field: pensando.dfw.destination_port + ignore_failure: true +- rename: + field: json.direction + target_field: pensando.dfw.direction + ignore_failure: true +- rename: + field: json.protocol + target_field: pensando.dfw.protocol + ignore_failure: true +- rename: + field: json.rule-id + target_field: pensando.dfw.rule_id + ignore_failure: true +- rename: + field: json.session-id + target_field: pensando.dfw.session_id + ignore_failure: true +- rename: + field: json.session-state + target_field: pensando.dfw.session_state + ignore_failure: true +- rename: + field: json.srcaddr + target_field: pensando.dfw.source_address + ignore_failure: true +- rename: + field: json.srcport + target_field: pensando.dfw.source_port + ignore_failure: true +- set: + field: event.module + value: pensando +- set: + field: event.category + value: ['network'] +- set: + field: observer.vendor + value: Pensando Systems +- set: + field: observer.type + value: 'firewall' +- set: + field: observer.product + value: 'Distributed Services Platform' +- set: + field: network.type + value: 'ipv4' +- set: + field: network.transport + value: '{{pensando.dfw.protocol}}' + ignore_failure: true +- lowercase: + field: network.transport + ignore_missing: true + ignore_failure: true +- set: + field: source.address + value: '{{pensando.dfw.source_address}}' + ignore_failure: true + if: ctx.pensando.dfw?.source_address != null +- set: + field: source.port + value: '{{pensando.dfw.source_port}}' + ignore_failure: true +- set: + field: destination.address + value: '{{pensando.dfw.destination_address}}' + ignore_failure: true + if: ctx.pensando.dfw?.destination_address != null +- set: + field: destination.port + value: '{{pensando.dfw.destination_port}}' + ignore_failure: true +- set: + field: client.ip + value: '{{pensando.dfw.source_address}}' + ignore_failure: true + if: ctx.pensando.dfw?.source_port > ctx.pensando.dfw?.destination_port +- set: + field: client.ip + value: '{{pensando.dfw.destination_address}}' + ignore_failure: true + if: ctx.pensando.dfw?.destination_port > ctx.pensando.dfw?.source_port +- set: + field: client.ip + value: '{{pensando.dfw.source_address}}' + ignore_failure: true + if: ctx.pensando.dfw?.protocol == 'ICMP' +- set: + field: server.ip + value: '{{pensando.dfw.source_address}}' + ignore_failure: true + if: ctx.pensando.dfw?.source_port < ctx.pensando.dfw?.destination_port +- set: + field: server.ip + value: '{{pensando.dfw.destination_address}}' + ignore_failure: true + if: ctx.pensando.dfw?.destination_port < ctx.pensando.dfw?.source_port +- set: + field: server.ip + value: '{{pensando.dfw.destination_address}}' + ignore_failure: true + if: ctx.pensando.dfw?.protocol == 'ICMP' +- set: + field: server.port + value: '{{pensando.dfw.source_port}}' + ignore_failure: true + if: ctx.pensando.dfw?.source_port < ctx.pensando.dfw?.destination_port +- set: + field: server.port + value: '{{pensando.dfw.destination_port}}' + ignore_failure: true + if: ctx.pensando.dfw?.destination_port < ctx.pensando.dfw?.source_port +- set: + field: server.port + value: 0 + ignore_failure: true + if: ctx.pensando.dfw?.protocol == 'ICMP' +- set: + field: event.kind + value: 'event' +- set: + field: event.action + value: 'allowed' + if: '[''allow''].contains(ctx.pensando.dfw?.action)' +- set: + field: rule.id + value: '{{pensando.dfw.rule_id}}' + ignore_failure: true +- set: + field: event.outcome + value: success + if: '[''allow'', ''deny''].contains(ctx.pensando.dfw?.action)' +- set: + field: event.action + value: denied + if: '[''deny''].contains(ctx.pensando.dfw?.action)' +- set: + field: event.type + value: ['connection', 'allowed'] + if: '[''allow''].contains(ctx.pensando.dfw?.action)' + ignore_failure: true +- set: + field: event.type + value: ['connection', 'denied'] + if: '[''deny''].contains(ctx.pensando.dfw?.action)' + ignore_failure: true +- remove: + field: + - syslog5424_ts + - json + - payload_raw + ignore_missing: true +on_failure: +- set: + field: error.message + value: '{{ _ingest.on_failure_message }}' diff --git a/filebeat/module/pensando/dfw/manifest.yml b/filebeat/module/pensando/dfw/manifest.yml new file mode 100644 index 000000000000..2bce394fe9dd --- /dev/null +++ b/filebeat/module/pensando/dfw/manifest.yml @@ -0,0 +1,15 @@ +module_version: 1.0 + +var: + - name: syslog_host + default: 0.0.0.0 + - name: syslog_port + default: 9001 + - name: input + default: syslog + - name: log_level + default: 7 + +ingest_pipeline: + - ingest/pipeline.yml +input: config/dfw.yml diff --git a/filebeat/module/pensando/dfw/test/test.log b/filebeat/module/pensando/dfw/test/test.log new file mode 100644 index 000000000000..11bb828fe857 --- /dev/null +++ b/filebeat/module/pensando/dfw/test/test.log @@ -0,0 +1,3 @@ +<14>1 2020-04-22T17:24:31Z esx01-dsc pen-tmagent 1570 - [{"action":"allow","app-id":"0","destination-address":"172.31.10.2","destination-port":22,"direction":"from-uplink","protocol":"TCP","rule-id":13571811656724295508,"session-id":371,"session-state":"flow_delete","source-address":"172.31.10.31","source-port":40030,"timestamp":"2020-04-22T17:24:31.105391561Z"}] +<14>1 2020-04-22T16:45:12Z esx01-dsc pen-tmagent 1570 - [{"action":"allow","app-id":"0","destination-address":"172.31.10.2","destination-port":22,"direction":"from-uplink","protocol":"TCP","rule-id":13571811656724295508,"session-id":265,"session-state":"flow_delete","source-address":"172.31.10.31","source-port":37428,"timestamp":"2020-04-22T16:45:12.105412922Z"}] +<14>1 2020-04-22T14:58:42Z esx01-dsc pen-tmagent 1570 - [{"action":"allow","app-id":"0","destination-address":"1.1.1.1","destination-port":53,"direction":"from-host","protocol":"UDP","rule-id":8542065728696853408,"session-id":390,"session-state":"flow_delete","source-address":"172.31.10.2","source-port":39465,"timestamp":"2020-04-22T14:58:42.105387971Z"}] diff --git a/filebeat/module/pensando/dfw/test/test.log-expected.json b/filebeat/module/pensando/dfw/test/test.log-expected.json new file mode 100644 index 000000000000..4575c8476c41 --- /dev/null +++ b/filebeat/module/pensando/dfw/test/test.log-expected.json @@ -0,0 +1,113 @@ +[ + { + "@timestamp": "2020-04-22T17:24:31.105Z", + "destination.address": "172.31.10.2", + "destination.port": "22", + "event.category": [ + "network" + ], + "event.dataset": "pensando.dfw", + "event.kind": "event", + "event.module": "pensando", + "event.original": "<14>1 2020-04-22T17:24:31Z esx01-dsc pen-tmagent 1570 - [{\"action\":\"allow\",\"app-id\":\"0\",\"destination-address\":\"172.31.10.2\",\"destination-port\":22,\"direction\":\"from-uplink\",\"protocol\":\"TCP\",\"rule-id\":13571811656724295508,\"session-id\":371,\"session-state\":\"flow_delete\",\"source-address\":\"172.31.10.31\",\"source-port\":40030,\"timestamp\":\"2020-04-22T17:24:31.105391561Z\"}]", + "event.timezone": "-02:00", + "event.type": [ + "connection", + "allowed" + ], + "fileset.name": "dfw", + "input.type": "log", + "log.offset": 0, + "observer.product": "Distributed Services Platform", + "observer.type": "firewall", + "observer.vendor": "Pensando Systems", + "pensando.dfw.action": "allow", + "pensando.dfw.app_id": "0", + "pensando.dfw.destination_address": "172.31.10.2", + "pensando.dfw.destination_port": 22, + "pensando.dfw.direction": "from-uplink", + "pensando.dfw.protocol": "TCP", + "pensando.dfw.rule_id": 13571811656724295508, + "pensando.dfw.session_id": 371, + "pensando.dfw.session_state": "flow_delete", + "pensando.dfw.source_address": "172.31.10.31", + "pensando.dfw.source_port": 40030, + "service.type": "pensando", + "source.address": "172.31.10.31", + "source.port": "40030" + }, + { + "@timestamp": "2020-04-22T16:45:12.105Z", + "destination.address": "172.31.10.2", + "destination.port": "22", + "event.category": [ + "network" + ], + "event.dataset": "pensando.dfw", + "event.kind": "event", + "event.module": "pensando", + "event.original": "<14>1 2020-04-22T16:45:12Z esx01-dsc pen-tmagent 1570 - [{\"action\":\"allow\",\"app-id\":\"0\",\"destination-address\":\"172.31.10.2\",\"destination-port\":22,\"direction\":\"from-uplink\",\"protocol\":\"TCP\",\"rule-id\":13571811656724295508,\"session-id\":265,\"session-state\":\"flow_delete\",\"source-address\":\"172.31.10.31\",\"source-port\":37428,\"timestamp\":\"2020-04-22T16:45:12.105412922Z\"}]", + "event.timezone": "-02:00", + "event.type": [ + "connection", + "allowed" + ], + "fileset.name": "dfw", + "input.type": "log", + "log.offset": 367, + "observer.product": "Distributed Services Platform", + "observer.type": "firewall", + "observer.vendor": "Pensando Systems", + "pensando.dfw.action": "allow", + "pensando.dfw.app_id": "0", + "pensando.dfw.destination_address": "172.31.10.2", + "pensando.dfw.destination_port": 22, + "pensando.dfw.direction": "from-uplink", + "pensando.dfw.protocol": "TCP", + "pensando.dfw.rule_id": 13571811656724295508, + "pensando.dfw.session_id": 265, + "pensando.dfw.session_state": "flow_delete", + "pensando.dfw.source_address": "172.31.10.31", + "pensando.dfw.source_port": 37428, + "service.type": "pensando", + "source.address": "172.31.10.31", + "source.port": "37428" + }, + { + "@timestamp": "2020-04-22T14:58:42.105Z", + "destination.address": "1.1.1.1", + "destination.port": "53", + "event.category": [ + "network" + ], + "event.dataset": "pensando.dfw", + "event.kind": "event", + "event.module": "pensando", + "event.original": "<14>1 2020-04-22T14:58:42Z esx01-dsc pen-tmagent 1570 - [{\"action\":\"allow\",\"app-id\":\"0\",\"destination-address\":\"1.1.1.1\",\"destination-port\":53,\"direction\":\"from-host\",\"protocol\":\"UDP\",\"rule-id\":8542065728696853408,\"session-id\":390,\"session-state\":\"flow_delete\",\"source-address\":\"172.31.10.2\",\"source-port\":39465,\"timestamp\":\"2020-04-22T14:58:42.105387971Z\"}]", + "event.timezone": "-02:00", + "event.type": [ + "connection", + "allowed" + ], + "fileset.name": "dfw", + "input.type": "log", + "log.offset": 734, + "observer.product": "Distributed Services Platform", + "observer.type": "firewall", + "observer.vendor": "Pensando Systems", + "pensando.dfw.action": "allow", + "pensando.dfw.app_id": "0", + "pensando.dfw.destination_address": "1.1.1.1", + "pensando.dfw.destination_port": 53, + "pensando.dfw.direction": "from-host", + "pensando.dfw.protocol": "UDP", + "pensando.dfw.rule_id": 8542065728696853408, + "pensando.dfw.session_id": 390, + "pensando.dfw.session_state": "flow_delete", + "pensando.dfw.source_address": "172.31.10.2", + "pensando.dfw.source_port": 39465, + "service.type": "pensando", + "source.address": "172.31.10.2", + "source.port": "39465" + } +] \ No newline at end of file diff --git a/filebeat/module/pensando/fields.go b/filebeat/module/pensando/fields.go new file mode 100644 index 000000000000..025c82db1895 --- /dev/null +++ b/filebeat/module/pensando/fields.go @@ -0,0 +1,36 @@ +// Licensed to Elasticsearch B.V. under one or more contributor +// license agreements. See the NOTICE file distributed with +// this work for additional information regarding copyright +// ownership. Elasticsearch B.V. licenses this file to you under +// the Apache License, Version 2.0 (the "License"); you may +// not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +// Code generated by beats/dev-tools/cmd/asset/asset.go - DO NOT EDIT. + +package pensando + +import ( + "github.com/elastic/beats/v7/libbeat/asset" +) + +func init() { + if err := asset.SetFields("filebeat", "pensando", asset.ModuleFieldsPri, AssetPensando); err != nil { + panic(err) + } +} + +// AssetPensando returns asset data. +// This is the base64 encoded gzipped contents of module/pensando. +func AssetPensando() string { + return "eJy0k8GK2zAQhu9+inmBzQP4sFAICz0UQrfQo5la40Ss7BHSGG/evkhRbMWxySZNdZRG///NL80LfNCxBEudx05xASBaDJWwSztQACjytdNWNHclvBYAMF6AH6x6QwVAo8koX8bTF+iwpQvZsORoqYS9496mnQXlsN6iFjSO2wnE8N5vUkludmGIR8OoKofDeDZz2RlCT4BK5ftZNX1ia2MEU2Xay6pOvQh9yhWEaga4qsy7DstRVC/hDwlesDbYG6lihyU0aDyttfKaHYyZsZsi2779zkrmoeXMWM9SmMg/6DiwU7OzdZC4vkU94A7kQNAYHjawbGxtpefiJ2PdCe3JwZ3O1hpdY7T/vl02VeRFd7GmQqUceT93uej9XoQkyU3utBJAzmLZyTLIY1nsgt7XKLSj05M97w9sR01uxm+wbG8dC9dsnui+O0veNHe9oUpfPfK//ICfvaHw++SAAgN6aFHqA6mV9D15H95/DeKx138/qQaOmxmcCbyg0BODODNE3RxjLQnuXU3/YyjfozLgNJtfQ3n2TCYOm0bzBoTolrxga5cRVEj1Pv9fo2JyN7zfQPE3AAD//3eQEuo=" +} diff --git a/filebeat/module/pensando/module.yml b/filebeat/module/pensando/module.yml new file mode 100644 index 000000000000..ed97d539c095 --- /dev/null +++ b/filebeat/module/pensando/module.yml @@ -0,0 +1 @@ +--- From a653242921b63e735dceff37e7dc5da6ee858737 Mon Sep 17 00:00:00 2001 From: Edward Arcuri Date: Thu, 10 Sep 2020 18:19:18 +0000 Subject: [PATCH 02/35] explicitly define the ECS version per testing --- filebeat/module/pensando/dfw/config/dfw.yml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/filebeat/module/pensando/dfw/config/dfw.yml b/filebeat/module/pensando/dfw/config/dfw.yml index b14d2747acb9..fb59a3effa2a 100644 --- a/filebeat/module/pensando/dfw/config/dfw.yml +++ b/filebeat/module/pensando/dfw/config/dfw.yml @@ -1,6 +1,6 @@ {{ if eq .input "syslog" }} -type: udp +type: udp udp: host: "{{.syslog_host}}:{{.syslog_port}}" @@ -17,3 +17,7 @@ exclude_files: [".gz$"] processors: - add_locale: ~ + - add_fields: + target: '' + fields: + ecs.version: 1.5.0 From 60c9682cbcb40fa250600ba05e6b880aba6ecdf6 Mon Sep 17 00:00:00 2001 From: Edward Arcuri Date: Thu, 10 Sep 2020 19:33:18 +0000 Subject: [PATCH 03/35] updates to docs from make update --- filebeat/docs/fields.asciidoc | 153 ++++++++++++++++++++++++ filebeat/docs/modules/pensando.asciidoc | 59 +++++++++ filebeat/docs/modules_list.asciidoc | 2 + 3 files changed, 214 insertions(+) create mode 100644 filebeat/docs/modules/pensando.asciidoc diff --git a/filebeat/docs/fields.asciidoc b/filebeat/docs/fields.asciidoc index 67e84f08f35d..95dfe3ab1f26 100644 --- a/filebeat/docs/fields.asciidoc +++ b/filebeat/docs/fields.asciidoc @@ -65,6 +65,7 @@ grouped in the following categories: * <> * <> * <> +* <> * <> * <> * <> @@ -95994,6 +95995,158 @@ type: keyword -- +[[exported-fields-pensando]] +== Pensando fields + +pensando Module + + + +[float] +=== pensando + +Fields from Pensando logs. + + + +*`pensando.payload_raw`*:: ++ +-- +Please add description + +type: text + +example: Please add example + +-- + +[float] +=== dfw + +Fields for Pensando DFW + + + +*`pensando.dfw.action`*:: ++ +-- +Action on the flow. + + +type: keyword + +-- + +*`pensando.dfw.app_id`*:: ++ +-- +Application ID + + +type: integer + +-- + +*`pensando.dfw.destination_address`*:: ++ +-- +Address of destination. + + +type: keyword + +-- + +*`pensando.dfw.destination_port`*:: ++ +-- +Port of destination. + + +type: integer + +-- + +*`pensando.dfw.direction`*:: ++ +-- +Direction of the flow + + +type: keyword + +-- + +*`pensando.dfw.protocol`*:: ++ +-- +Protocol of the flow + + +type: keyword + +-- + +*`pensando.dfw.rule_id`*:: ++ +-- +Rule ID that was matched. + + +type: keyword + +-- + +*`pensando.dfw.session_id`*:: ++ +-- +Session ID of the flow + + +type: integer + +-- + +*`pensando.dfw.session_state`*:: ++ +-- +Session state of the flow. + + +type: keyword + +-- + +*`pensando.dfw.source_address`*:: ++ +-- +Source address of the flow. + + +type: keyword + +-- + +*`pensando.dfw.source_port`*:: ++ +-- +Source port of the flow. + + +type: integer + +-- + +*`pensando.dfw.timestamp`*:: ++ +-- +Timestamp of the log. + + +type: date + +-- + [[exported-fields-postgresql]] == PostgreSQL fields diff --git a/filebeat/docs/modules/pensando.asciidoc b/filebeat/docs/modules/pensando.asciidoc new file mode 100644 index 000000000000..e9ce8de437e6 --- /dev/null +++ b/filebeat/docs/modules/pensando.asciidoc @@ -0,0 +1,59 @@ +//// +This file is generated! See scripts/docs_collector.py +//// + +[[filebeat-module-pensando]] +:modulename: pensando +:has-dashboards: true + +== pensando module + +This is the pensando module. + +include::../include/what-happens.asciidoc[] + +include::../include/gs-link.asciidoc[] + +[float] +=== Compatibility + +TODO: document with what versions of the software is this tested + +include::../include/configuring-intro.asciidoc[] + +TODO: provide an example configuration + +:fileset_ex: {fileset} + +include::../include/config-option-intro.asciidoc[] + +TODO: document the variables from each fileset. If you're describing a variable +that's common to other modules, you can reuse shared descriptions by including +the relevant file. For example: + +[float] +==== `{fileset}` log fileset settings + +include::../include/var-paths.asciidoc[] + +[float] +=== Example dashboard + +This module comes with a sample dashboard. For example: + +TODO: include an image of a sample dashboard. If you do not include a dashboard, +remove this section and set `:has-dashboards: false` at the top of this file. + +:has-dashboards!: + +:fileset_ex!: + +:modulename!: + + +[float] +=== Fields + +For a description of each field in the module, see the +<> section. + diff --git a/filebeat/docs/modules_list.asciidoc b/filebeat/docs/modules_list.asciidoc index 936d44f2cb44..07ad355068cf 100644 --- a/filebeat/docs/modules_list.asciidoc +++ b/filebeat/docs/modules_list.asciidoc @@ -46,6 +46,7 @@ This file is generated! See scripts/docs_collector.py * <> * <> * <> + * <> * <> * <> * <> @@ -108,6 +109,7 @@ include::modules/o365.asciidoc[] include::modules/okta.asciidoc[] include::modules/osquery.asciidoc[] include::modules/panw.asciidoc[] +include::modules/pensando.asciidoc[] include::modules/postgresql.asciidoc[] include::modules/rabbitmq.asciidoc[] include::modules/radware.asciidoc[] From 2e56ff8a692899070b0df12a2ef49a5c7361b938 Mon Sep 17 00:00:00 2001 From: Edward Arcuri Date: Thu, 10 Sep 2020 19:33:56 +0000 Subject: [PATCH 04/35] updates for pensando module --- filebeat/filebeat.reference.yml | 5 +++++ filebeat/include/list.go | 1 + filebeat/modules.d/pensando.yml.disabled | 6 ++++++ 3 files changed, 12 insertions(+) create mode 100644 filebeat/modules.d/pensando.yml.disabled diff --git a/filebeat/filebeat.reference.yml b/filebeat/filebeat.reference.yml index bf66cfb98b95..ed62407b1bdf 100644 --- a/filebeat/filebeat.reference.yml +++ b/filebeat/filebeat.reference.yml @@ -327,6 +327,11 @@ filebeat.modules: # of the document. The default is true. #var.use_namespace: true +#------------------------------- Pensando Module ------------------------------- +- module: pensando + dfw: + enabled: true + #------------------------------ PostgreSQL Module ------------------------------ #- module: postgresql # Logs diff --git a/filebeat/include/list.go b/filebeat/include/list.go index 519d0e715819..e4c1396d973b 100644 --- a/filebeat/include/list.go +++ b/filebeat/include/list.go @@ -45,6 +45,7 @@ import ( _ "github.com/elastic/beats/v7/filebeat/module/nats" _ "github.com/elastic/beats/v7/filebeat/module/nginx" _ "github.com/elastic/beats/v7/filebeat/module/osquery" + _ "github.com/elastic/beats/v7/filebeat/module/pensando" _ "github.com/elastic/beats/v7/filebeat/module/postgresql" _ "github.com/elastic/beats/v7/filebeat/module/redis" _ "github.com/elastic/beats/v7/filebeat/module/santa" diff --git a/filebeat/modules.d/pensando.yml.disabled b/filebeat/modules.d/pensando.yml.disabled new file mode 100644 index 000000000000..5d9ae0bfd2a6 --- /dev/null +++ b/filebeat/modules.d/pensando.yml.disabled @@ -0,0 +1,6 @@ +# Module: pensando +# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-pensando.html + +- module: pensando + dfw: + enabled: true From 22c09d159d8233d4f6dde5b8ef98831a921b131e Mon Sep 17 00:00:00 2001 From: Edward Arcuri Date: Thu, 10 Sep 2020 22:40:10 +0000 Subject: [PATCH 05/35] updates to documentation and db screenshot --- .../docs/images/filebeat-pensando-dfw.png | Bin 0 -> 174541 bytes filebeat/module/pensando/_meta/config.yml | 5 ++++ filebeat/module/pensando/_meta/docs.asciidoc | 27 ++++++++++++------ 3 files changed, 23 insertions(+), 9 deletions(-) create mode 100755 filebeat/docs/images/filebeat-pensando-dfw.png diff --git a/filebeat/docs/images/filebeat-pensando-dfw.png b/filebeat/docs/images/filebeat-pensando-dfw.png new file mode 100755 index 0000000000000000000000000000000000000000..da98465eee5e885df9d1c2231f06159be37e3ccf GIT binary patch literal 174541 zcmdqIcT|(v_dbfFf-T^TqbLZdjG`i-(iDV%sHijr1t|$2y(C0>2q6jzqo{!N4l11x zYC=g7QE5`71qcw3nuO4kn1qBI=Qp33&-bqNyZ5iV?pnXB72v$H?LWWiAg}k#J1<{5*J-zd0QVB{n{2_X?#_zqWdUKG}z%`Xl5uT zRu#8*(|M<8yc>4YHb6{FvgPM{TdQBOtC-kU!L4hC_d>yog56oa4-&Sv_@Of#!q(XG z_!^<1;cWfe6Q^I)Ki+qKAHVYT=|A(tf3>;h^0fHR3x^LT?8?YHyz{`o>2JGa)W2Oi z{_Ancns<}M?@sGfd_o#tZ|>O&H@_cb6Ov1JD~yp}8Pw0|4je2AC@n?2poeiT*R_HX z%#-}3kn^IM{r$=_*ahA8pMhB3hyTAv{g?0zL;uwyax)xlVH}?K1Jx$6^@FswfZ58; zo;xe`&s4=!3}Lc{MihYZmK7GWWuuf`d>vwz5n^N*rEfKH_65cRFgOs500)oweL$0Ths5(8**!Q+hUaC&|b?AWJepX z4qNx?)In`B|M{TU=og%RJu>(cV0SY!h!Ek~^1$XM<1L36G)Nh$_3#CUjh<2u@*c0y z`gccaUxD=N^{_UKXciK(VJ7Gaf@`Yh7Z2Ssy} z^Y`>i4_a&w{?irkh?Rp=&}X5tw?UHngnV5__n~H$wW-PO@tHRH>)r5wmX$uEzTPm? zm)r40I%C$uhI-7U6fJode_2^5m2AsU0kou9nmq@cdO3Q=N`RWYchv??^au`I-NnP zSqOfLV|=YqjgJt-T(bkNl4NL-$qlm?{cqRzp zfQjhl-k$eLZ(6daWl?`agSKuJ<(@ofaqsf_*TAzrvdroVoq$#JKBz8RUKKI1{$>$Q zo%>x*BKut2ID0GWIHVdNB`7*N!8*pBxFy}5(<&8!O@5`d8@gMU&p)+;NMQ#bPSTmlO~mFB2)#p?TCIY8vBTw9SqmD-V5Da`ixa! z+sM3N__CizKdYDZs4L(yeL=sEHo1^zV^o(>+4!C3#Oy!;*?vV>%+RWcds4JFNWz90F2^3V#6|DZV zx2OX=Ts}&%g8TPYR4R8E&mGvP9o%=vsP}o1S>2Rx{9gL9j>@i^bs~2tRklHcP|Tg> zjDT*gwC;S9r!A=PVNhK_geo!F=;X4VPr7>TeMAq@=1bf#`N%-DS3P2QDti`ao_TW1 zf5Z>HETuCt0zL)#ZEQl|Gx83hJ>tUNr&dYWd^qy1^LTaZEf?3gR^cT0i%r|4*3o%oy|B9&E zqgw*w+fhr7Y66gJ!{cuIl`>slu052bY>gAIm1#UB(I^w4zrN|?&pR^zxp1esp1{|3 zYq2v}){i)Ae&hoEkA{`+oiptnEUiVrP|=-@<#)Y=_P^ol7}YM5yKufu=ApNr9pIv7 z+Ta9kD*p|OlZ>*P-Pu(5GG)-`8@GNQ;zM>MpLxKs_ajkkPx%TXKUYC|-9T>sKOLUq zz{ZP=E2sM7*&=0j7Y(_%&426F)-;}qHeVi|J+-n!p&BubJmux?Z@o;D5PI;rj!Ww?W{yI85b@mogqk z6HZ3}o)&rn2Z}vsF#vVWSb?IX1&Xp)0j}28EN-fIH{OwC98v&Z+6Cpa6}%|}ycmFj zPmHZ($AZXHJc00tMppk+oKj9$%I_>$Uy5+`Yi`GdR+d?@6=jeeup25x3x6NTnCQH$ zwtok-Vp8kuj{&Dr{KHqw!P1_@D0{hIY_`|ZS!P3hZk*Pu6M2L|3pB1}Ov`ud51%sa zHh}g-Mz8(a`$UVx7~zIC<-h|5iPyNZ3f{aqDrJ}Y>$52+?a)G-UnaAY{eJJYIiyct3 zKe*Lks`{g_HdibY_K(qZ7Knqaen_a(tV=NU8Kdn~y;%;1QDSt(vuRps^L({~0m*jY z$9LIag@phRhJ-=m7^Qmmq6|VlzCWXtHVAKy*w?fyHOsEc4w+Wj-5&m4vC`tDi11L=zkcDo%lS9$15&i4Nm{07Hswbs8O$l?T#pamzwQntgXyeY_ee5Gp9 zo6ecD3e9NYK)fv(`8ii8vp1_HFr&NwVsm(;{kxNDAHX>41|!NDV4{Hkd#9n4N~*bu zbf>V$wASdjTKyu*W!q9u;qplY>vRe#JHqO!r|j^0+8EiRXeZ8l)V8{{WLm^B1Q#BK z-Q@3qnh9E2b;rwu19t*Pucx-ZG?{Pfol?3fg38%y<%;A-2k-{hmYsFitIKA~15kgo zN&_mlq4j}l#o($*wk2tEB|)iur!+_vC~Uv)e{)`OacxvMTZ5_FMsK@24Y~Qgr#06< zIvw@rB5E?<|BG!ugs$-A)RH%0+>hfh6xEDrMWS6&!`F&8LDdNyKP7)x**D zh-vpyML1FQz&@++aeOATQH2Y^%Oe4S3f(+f-4Uuwqgf+9g?xUi>b^z$pu64vJVv8u zgHyc+0Lp3*n(g2N`>Bx}osnDsnquS#7K%k?>ntA*#{`Hb50Pr-nVHtH0Zir%Y6^5-P$jn2ARK& zn%7@rD_r~qf1t=3`=h z9hz0+tkBlC_Cl;{+m4lT^b&mQ0yb+MgUU@u(|w3DxNTJ~vqv(S=7U@J6V;d8Y*H59+j50~F$jm{Lz)QZ7)SWGnK6VQ&~CL;BDThbh?UT>#Ce0~1fSF$pF4HvZ>J4ej=a zdSPq;;w;K}oEm}L$PpSZ*23~qjuL79GJk?}m)&JQc&qh0!3zinqYO+tebP#dDBitA zj6#+KBOV{2+Nc_qRb`ldrfgg0gx~!rTY#NrZ~y-L+ox8-JmY0*4@^MO>TpV=JWdAe z{h^5Pq~&;?*jFlv6s+^BU0acXSZmh8x>SxU{5sE$swi>s(v+RIdtn<#Ro4PD>K z`38ty8G`BTvaN#xOzR{nqWS3)E>lQ3s8Q5%UXGJvG-8s@I5?0%^E0IG<((8m8*!qb znZyX0hYY?QCpHB@iujw+-r2?72W`nO@2vPuwDS{$vve>X-F0OU=U?nv*E6N(w(Mhl zyS4ei#TYD6l(bAFYO<6o?^AWB!aeNM7i%ZkJ)BN?BZ&@qV8iJu-#2U#r7AAfv#bj# zm-H&F#^9|D`uqq{5E7n5Q{yA1aFw?zIP}c52n@&4)9`kB~f= z$FrN-KdV>Nc4h~zNm7`|Uf7VIwdnLOo%uYxjq7HN0x8?1*Y9KdfZ3F~dX9=-7 z1L$a2vyQ7Bs-QVt72_6p$E-yUU=$R zC{mW*wd7c)m!Nq`GE7xM&xDopSqE4z1+8`(kD6#`UvFW&>uGUDckjJA<^&SK;oC?G z?13)7w4sU@#hnshNJV`6-ZdVP45o~}mK-l<(y7r)vINIR`=Ju7|3OctUIz`k2#_I% z&t5i-nsYkrDJ>!(b!s1;^sC+6?b-h=KBUJ*q8%lbdv0sBWn^vK1iF5eQZ;ctOXZt; zGxLIRyF5-MNlzG>ySUn@lr$+;LrXCwCb(NnMGLQ0wKvP;Y( z`<9OmpzvmGGm#c~=twm72 zP`0f`xK9c>MbQ2Ws0{@oeY!~OC9CXuA9NYbp?&E(vkd$@N>4u>a@Pko@x)C~xq&=e ze=<_ps$+*n@!&-sBD7)1vvX4Gz+W3}P^2rZyM6Suj>DQ8iFvXJ^r&{<0W&o~OrrUToCv4I&ZdrL_J)_zqfWz3-be z&-IBj0)ZLd5p_eu$) zXj^%7xs0l~vt4LYU3eu#M{n0%&G(zn;cB$r?$LMm5M1HIDTq*us6=YuZ)*aKZnt7c zUImhU;*Xx9UjbYQLV3akC49|dBTlk-nH{F0iKxZ1^OReM;!j#*M6o|9<7*ZAzT{XMOVT@V(G@p+ z>givteHl?H!BHwjJwah2WdN7{8ZTmF zy^=NMtj*9li`iWWjDz11Ktf#%dI;?fjtDBp`ToWC`u%u_TC#I;aDpLm2SbF;ALwXT9mlN+&6$Czs35qC z^wS1IIhHKAn)Bx%*Uo(VEs*)VSA5Y&#^kf6<&k((vT@Nfw*zC|!;RJ9$pAqlYv6q7 zcP}gE<_uF3tFlY2&bYE7q!Q4m&(T{^YC_tDti*{-2d->%*w1SKN6nnSyY*{7;-h%b zf^a|}Gm!5ls>|MQS+BY{MLtn%Ljeq3wyiX4);cY60vn^%8UMSi9g%k|x2gafuw=BR zBo(3k0*Z^?oFZT6tcxV^tutlEE2EnmQFXXS=k@v#=RmNsPVYDn0NUbQxkm!WyE0C_ z8hT_r`q+EG$FUih?BBq!=cGb<&&gEb0JvW~U;!%w(m0j+7rZ01So2Y$c;h{b`r@#_V+7ZS2@5k*RnUt45jSm4 zfnb!Joy&14MAfsRRXYX`ArAh%w9%`?iwXb_&3M342;=Q~ttl**67I?5#cZE-@SK$0 z#~+iS@{~T935-O3;{3%rwZSyJ}@&Ai}>^lr2)01sCWuTv^m(UV)u|Fkos9o*CKgvK5t`gE7sc< zH3hftNBr89a;*M74Z7n$74{#&ogs7YIB3Dhpmtja5d8v>Tux%thL81Y9chL-LgokxFrJBj@sSKUe-Z}urm`>SJc_rJO@!N{htIU|_8 z6CAOv@#t|0bJB;2R;@$B`kM&dE7k1UAk{=Am67PbS{}KBvr8*=2W!pIltK63Bklh- zg4kn_LNmnq*RjUH%U9XUR*N}gal2}Os8dp@=K=}MjLX6O)gu{b1VL^bum7h}GR*pQ z?9icRh;DBmr1$ZCM6363DW?E(&?;sq*~hc&e@t=*?%8!1MRLXXKhG3BG~Plzy5PAueYsyPwXUCZZhtlYhurCxZi)U1IH9Y{ij?mCU#om zV%f(N^$>|4ivQebke^_C@aG&qDE!+r+4JgaY2_{`Wt(ucV1Y5focmI1wo32{oV7PUFU6&68))W#WU?%EuMwOsF z$QjhX3lM|9yX<=@bui0%-A;Bac%hzz{MUwJ!wni3Rutv$#PHX5@4O28w?QSgGbMKt z>roPTXU8RvmsZcx>KEl`ux3bKekeZh(vMwn zLTF)-!{*yF>sIsC|G8OA?6I{tP7V`(O$W?*8hGigs4DF?H*(QN_)U*Q7)3<}F2GZ` zw6uBu6{!LvshXEQIfLY{qz_2}UF&j)vcR;OyE+b>w7>=5oYV_;k)Qb!@B~jhq zwcL;4L`X^C+{0QaW+T)zEJi(uv%&br%;F^lI=FVIUhFi_p0&^p%h187Gk;HKfj#G_ z?kRic{+;yc;*^~@vfgpI7p=PU1#T(rZlSZA-zLgs<@yy(QD!<5>@+R`6PQN2uLGWn zDSDER!aaeuDhp4`73v?8nzu`E(Z61Nx?VKN(J1z$V%B=!#m?cWH=y;GE(k!|3!jk<|J_iJn=usZ?N*v}Xpcon z;%m;(vpIgtX~!dy`l!=#P_6z*r=X|Nm1ceUi1XCL=zjmBXD^?v2js-W+}0OX4QNGq z$t?1kAu(0R>GgjtQ@aFG9FL1zNW9o1nVxm!TJ=S@cPU;7TXEcU%Qi@w!a|OEGeTdWNeji5 zEI&Z~nCT;#w9dLm>@QzJl?B#Qu8_VikBGdx&zVS0)W$TU+4ONLinw*vPcBMJHzO$X z?Y3&$p6gv0iB1xq3|tI@n$NCTb`(?p$+};0m4ns`k#{a6D6FRsu3cS{wHmG-(xiBz#>Ow}?JEXvL;%?VqOxne6}9 zQ-A+68v8Cz$9zdfjEX;s`f(S&*YCf)XwS^cw?hBr zNz0OD;2oJ8FH@ouT*MalM8~}uePT4TrZ1Sy+peR#MGUwfKZzA}v+rHGJDWw88E-XD zs(39r%;dxwvYr?D=p-d}T|_P_YaIH^Fjp?P*6SYrrI+~Xuu3d%BelE98-@@y#XCie zw|XPQCcU!nvT{Ks^L;q&98LbK<2|=R?T$A`<~ZCrjy5on4IJ$|8&GjT~%Q^lMnmRk2Zm<5FoeL`3%6qNTx!Poi!- zkahIL_B*)Ur!fIqFURrl#Bwm@SedqOLf0I;f7GqdrZbJ3N%c*cP0gUj&b6tOot>fI zdLA_6-J#gEsv{>#83z0WM#JZ%m<=jd%FSh5#&&H|ro{K+{1HFso0I)xv)jZz;4IAN zrP+;7FXJ9ij~xsffBUToS_LUn*N>Y34UnfE-9=cXmo=Gxd4`h38Qz=fZ0Z&&oUekxG3x|Eu!s+q{amJF7n> z*;WOnASaN~w(iN`Pas8{!*s6CVd-&?LcK;)Rl7T?v+fgDyQ5BR3^wu)V_Tuy7 zY}8cDv-Ewdld^R|;`C<&Fc`w?neR*FgABzGFEPs4BGUdo@DB(y9zOkjHbYC>1POXK zz>s*ajl0SHrC;)AHfeg9)uY1BR5cl5kk-2_s{$*MUYqH(w#{wkk0^+*CN%Vg*uK+? zdGP2JF5G78BZM0nRj~YUITF$zEnZSQHUq*VJzuM6V=O7V=-%`))WMAY|cJ9qQr zuVY_6jsj*aQ)rutnLY|rKSKm}4Yqf2G`M|IYZGu^a73uLX*QI0EGau#L+{+#`Z|U1 zjjN?w%|)K+_tN0W9E-T*bt2b$&P+KqY(0EhapLp6=-c9APUQIYhG!YIH&e)5qr;_U z6M8ege#7Uw6*j_;FI<-W>K7LN1P(rDgBjutwV4tOnwmGkILq6DYWC*ahTHC$RKg_o z?jh_NTNEY7w(NqLCob2swg`Tu@n=N!1+K9cSzk=-12k^(&~P2ozZtTIvuaU@_^XjU z<;Dgr3Re=3ov3GhBuhc!(jFs;VRs*X@L{Z~HvT38ph|}4w}$IC$yFYmaP3r+213l( zp^^tzF0`&o9F+1=8}&<&n}bci3+M`59(!0r)g_OXOM7d#zX?cGo%u!VaqzqA^U~du zLtDSu^pQ9f>v823NRdIu<(pM1eJHb$l%{3GX|}WRGvMZqp5;bAx5WlcXhS(x+GP1p zj_-xrshT(Y3*Bua2yppd$5O^g?ck#XMjtKMGe7N?;!m&}2GlN$ec#YsM0%&H<;dq+ z&t&^~PG(TJQALcdQ4?~O_SiCKs19ela&@e5u=6*@WsWb+UbJmu28hA8>w9frx@d>9 zg7sL_c?DY#f0vm^k~As(j8Lq}PMqi{TU%q}{BMOPMeu5Oqw`DA!OpL(gd9~_a!MyY zb2%O^r8OK|m?=HB03 z{=5&lxX-p8YnvexblB}D9~^ymDA(~vGej`m={D6j>))vesJ`0+*wE*)vAd3R1FIX@ zB9rK6lv{%P$%$0tcJ!{iZa=m2sjVNC$rOyXnGTO=s#){VAsb&`d{l@w}Yx(VW zAn*>WZ0XPOSS|i~O#SfZp-G3U2fGqZP9a7#{oWj0SE9gwrt?~$iau#2it>ZRwOlRoKZ|dFGo=f~I z8q^eA=c@#k%D(zQTa08)cnaN^Zegs~2yS;%@r$Sr*QfC)tZ%`Aw$C8UA zvgA?k?O2vwTv&E_2Z!uf+@$?e)#L;a=@4L&(0BezrH*${!MVS;d;?BI=tkz@~ zRRlaANX0t)&HUEOZ$s$ z_CxvDtz#t$L83zwIw_FntT|Shvg(E9I^mq&Aa&~qz7je{Gqlg~OY;4Q)OY+ciGip`<% z6FrU*1p}$C5>ZFTtxEY)=UKD+OJ5yU3@T782>#*eWfxk57d9aZxD`!frU=Z|Qpj4C z7p76PFuBVesuSlsQCKr?8j~Nfbk+N*(auBlxj_2Ytesw2A&uHW8^uS#` zEO))3gRJBZ;^(!o#j+Xn3sQ%){X_yY7p1C8+_Vh#rOa`^?;Rlqm4&nEK7E@p2dkZV zaf=savW9#PGs($guT2E;&ec<2165w9=__thHwvG zu$`@m6ljNZ6ms{@jKq4}WELNIzg9nCNx^)g+Q9c&m?7(s{LbjyuW!^yf0CdSRuJE} zES%Tj4xbiExK20Bo48?4cpbi^!FJn;WL5(@-u)K=UKF=GI3_8l$})=XO!Xt4Y0xKL zz(Pk(V77!(edpmX?s@rra#qY{)(-&AB-5Q0T^aU%p$FYV@vAFFmhg>7tIi2#a--{< z&$>{K$$NcbI0po0S1Z3SbcNmKtGF38{yOJDJ6*D5f5IXcnS*z<_uv>~<1jdAGEO1l znvA(1e;^I%6y=FlFHuS58Me%%)1=!|6_AtUIXx_apW~YroG(Ww%YMJ4GdytoiDtcE zvRzZyR}vQoMwp$I09;@KE_Ax?imY)SEkAnx+Qj$|JoPF&PL2}N=7Axd!2nkzMqt9g z64kQ_I!q?hyJ)Az!jQp_^dqV5*dEe~y%{pRj-?KtZk8x;|8%p2MxpY*8>L|Eb^c2y zH9fK3iPLew*s^P+9oOEKe3b&69+ccF(#H~Ou4hD4-SIXtLwd!W8WQW>3)ZYhAJKBq zkI-*Aw)~2ZQe(VkoD7l~<%z`lE(mW>jTvqO<8{53Tk9^pZ&^mLGf{uqA(P{N!OV!r zb5<+}>%9Y?qBCY{Rpc9YN5>S*;R%qJ=NY_*+m2=dh%T$5501 zDLN5Llp_U3rfRx#_n4jbAkB`S>V3c%#jO%$Ih_pOiEh% z`25$Ej2R}*knMp6#2HN$t0ua^GB2H!9}DXjY-K_O^|b5orPADV^3@i~2H%3l8_M7q zm_4`cdDCo3p`Hh_I2msYEkk_O;B$Sp)yy(TwV(`BKADdxL4pKiYlU1quT&#rO|#Lj z+7l@EZ=LG#xPg9@z1p$<_}i|0tlDg@X3*Lf1%(8haI+YHU+4knuaep%Sb(*`*4*K> zW|yYL%Fb{$o3i$Gr}Qn*))PzZt1Z=`p}1B2`fNj|`>pAh>3yN?rtl@>)V422fC(Wv z;gQh9!#?KR^?TF6ko0>$C1d-!H13mEY)FYA*7LB-XCQO7j6$(=yWaB z%y$XHrdrjRjRb$PUNy6(2Y*A*TBJt!!@@$(o-Ur;5oQc}V%m(Zcs~-b)?r>$3%n zxegQZ*JNo-wsPiI3r4hKoAUZxd$e*zk_{>Z<7-#@01OU{#dAMwU%T5MJCPAhwV%sh zE{oIBS7vkxho;KKFT#I3 zObqAtguFt1!NZtWO6U|SR`#5gc4)B%Sf4VKesm6kWT=c>^1%*l$Q}y{Lk%ARGOd&AI zu#-|11lwB*aYfnIP`` z7l5T3o5nld^1fSYM6?>rmUF?CpzwqNz!50oI2oXDvQ8=coZ9B54%Z18b>@g#nG~|3 zd9yVW{D!wX@jZ0XsVM?{=jcRmP0k#F;)I>rzAnE>pN^Yl#ObGC_6fX@YtQk#7=D5K z%x=qm>VP`z&jCr9Mb-&edTGOaYCsRZj@;SG$!OthzZA-0U zV)5!^(wWEp1V=Hkwofd-J^Ntb+79XvtK5qT0bjvM=`;AzwW3oU*!(Ld+W_4tY9ND)bH?Ezx+)V}7U)!JNQdV5}^SPbM zxN+4%8I9BoLBY1hAs6f|L?g8E(UZj=-}jPgIiXw0Hm>8MAniB0?ZVfwg7N2G#JGZ} zLU0cl+0~^VI(n|A!p6^58}=ttlc0D-qt+R*Gcy+hT>GPeeo$%XFtBw}6n%^8UTIhE(|JjsQY>~ssiEU)G(FKjoII*v*PHEwmPzbO zz$qZkou1v&;4=iA*=M=k38TX8Zb%Wol0CQw%9`J$wppPf=R8k&eBt7xtV)ognVkE0 z4#71#e6>P+hB};ghX(t~C~`cF*_u=3x@S(r4%$nptbdCJSo&d$3}ZrrhnR#@qN+j_ zbz{}AC9FgN*v^)Jy|d4K90KFV%DN%^Vf?kuYA9ZMOuWTz{`axyq5DP-kfJY};makr z`HeeFmd%v;F;#!q_lgGWDsF>2h z&o7A%M}q)+>%z@e4d7g?W9Mt8&f%cVRa&f>rM;GQ4k;WP&YFs8oC>A{A&H?|$Pw7; zz7koD0b7#)PF!QHcmjpQ(i$b~D(|3GJb@69=|f{uca$#$%hzx~`%KRYaO9XpT{`bO?y`cGn}@W1ia$Q?MvFE{Vst-{xOCV*7AtBadl zORp$<(yQ#>$2zoSC=rUege{TSLRi#wNaxikTal#=7R= z8y*(ee7U#m_adASREA$;Pzp-xKlv^fKQN&DHkt!y?P?_O?-hv7=J&Ej*Kqd>v!ASO z9Pt=EW~DGuNphDB@l8!lJ(qkIpd)Csq=$%$l2BU=#y3SO1DxcC^~3cLKtEoIG=o~5 zh&@C*x0uPfY1N}Aj_5(RyEjhgHo&?5_FzZa%5;r3_08ykFQ;}6xoO=*vAU^g%=0Fn zGHc@Eav({(TSX>JC+4lA-kte{uJIb(Kb|vfv+un^^G8Gx6hwHjIjMzPNf8;W(*Apk zRNs`SIv20ptrEX`UixRCM?Asa`E%0Rs6OcP_L)~P3a>?xy}@}^gGnkqLGXh(M^bu# zf(OD2f)m`00<+*o>Dytipm6`Xfqn9)07fPS&`+KvofqoSn*8ZxduXy8g`~xAAE4d$ zL2WH?=Vxi_h3$=C53F^`yCMu*y^Ly>fL?5inXo?OyOWw?mV!jiq)2VkwWvraydFEtu+XoXDke8=$Rbd~g^an| z$#9ZaoD)I9&urCvAM};CI%#TiuPb5!jB7SR?DpFfd93Pdsb}cspk&+Dkj;GbG@5n_ zsc0`0J{`!o7>xSSd9CWn%F|nGBV`z#<{$cC)XH%<{l|$ClN#Y)r)vJU!3mKa11oE8 zk4~#z74s*sA1>OT&{WDjVV{|46{b)3@5zdY9!S~u8^O`Da58xMq`Dik8T7u?CZWG^ zIxLgT(~YTmwFio04y%?~99CA_T04~OZKN}PDw{vswA}F}RyBbhu^m!un>noqWyGX( z@Ji-8iZUJRf}#~<Qwt zw)$aHaKGx2BCsD=eL3A@MghsogvdY{<0H-JiFI6KU~PED?>VCx8?3&mtUB#F1#2LL z9_9@z*{mtl8hFDQCPFeb)V2r%lKqhO@5`-=>IC3wlZDBrBM1coMUUKet`k_Xx%s zI97YS40M3&G<^duEDA8yRs5>I$Y6aKgur}_t67RS+DE5fr{aV>ZF?Kv*{HxfM?Rb>G*?hhFA+* z-&h^%!6XE=vJ!M^UJnW+mIfxV&cipk#<|)bmcseP$+0j z{L-nE=~#t{+apf_^6zP>@sdTP?xACU6825H4wtz_QSEi+MZjLykKCPN$8543^HgTk>jz`L+?9C>;m;g^Pt7^D^PU%V zM4z#mrKuNosC#59_VhH|5Zc~%L!6_7?m*(c`r(N=6n)`Mk*dJTRSZo`Yd$P?mEDmM z9lUsRAL*^U!obk2S0yGjsApo04&n??J!_F-p21IjR2b=1ou3R& z()NW4ZYgy(S(K;9Iies~#}+f$ah?f6Dw}iH<()5Y_C!f0taM-j)|4+_f0r&HnKJrF zsZ&}ZV&VSpd(5fa>D>3X5d=wvGa|paIbOfJn)yy@5f5W*l{+X|r28{8-vd}_Se9-i z#mNf*EsKeZ@7QKElb8yw?f)1T=Q#Su{Q}VzA3mk2yDpE5?(Rn@kysvn3)7R%J{R~4 zuO#GGqSR8_L*FtoLc5n5f@r388Fo`^X5xwxCQKj207-Qx6aWiOw|Ad zWHax}MR=A-OHZ5|MDk2TU@nplY{Y$$Kg@N+Y!+OVs`1;%>C}|@BE^YT9-3;@&d~-D zg)=VwZ#a%C!|bV;HIdd%%y_dHWe@o3c#*Oc7S3%~vIIVQGcc0>S+29lP}IN~R#}~r zput3xOT@1ZwLKMesSPSFkqqoTV<)x9t>j$fDGW6vcOXvh7X8i8XSuO3=Na-1tvIQ! zYE4DsPTtgr1dh>t#l&0G$EF`|nW;mhcK)Q{5bxauMyG+up$1Xy67{+nlEucO&&VC` z0g3*zeSO(t7@Vs0+H~Zc?tLO}GXNgaWoPR*ie3U5&=ax7BjAG1+h@C40Po%yXVH}fUM>k2RMJ)lY+{H%Tp*j^Y6nE(Z zq2cCq^TSGm1YSp>$rZW6?C zx3<~yFt3Kj47&OM0I>p*ASeuUXUH+s740Xf`*K^mnx_+I;YIrAvwiZ~+WQayE z=WpPg)0HO!cj64`1wbu_wF9<@n>M=TkA9bv3?)bcvhIbr!kPp=C0Su911tqsa#`t? zfma0VnZm>oUHq{?24eYk%fiJHIoqM{lh$Z*{-0*LnkTn2^&ZHc65h$Mx#G#ruZSZ- zMY_j*Xlk4Ubf%!Co|Vd&`#j)%w7|TPtE#-0y5b$m!jY0Y-XT6yhK?a_mfT~@9aGTO z8okJ#(*D2Ld(Wt*+OJI<8>lopN)-!;Qj{vasUS!Zq)C%rL+>Rh2#83LDugOsdJCZh z1e6W|0t841Ae|6;2nht{;O~8&|NCESWk(_gKmwoSj?Q35fhHqz_UwJ9} zYUNxi53E$$tVB2=Rq$?~Xq1#Zw$x||F3@+RL*B2**Zo1mkeKgKUe^lpVL`94*IC1l z&3c*$^UOg!8)m4klIddAjRbo(=1Io=TBTjGcF+UURANb45DboAgu{KiwTjrJc<+yU z4Pmi5iv0k}kXpyl;y$Ct!{ z&h$Gtjnvx&i_Vvn3*0KBv0A=>e^-JtwhVs(ZOzL8C-T4oXKnOU)m~S+PrRzS=+xgZ z3aHJ5b=!M9(WilBe!EysFnQ32K*NWUoJ4cZ$ueuGynzguwIFQ;C>RfRHrB zmX}r&N9ft1R>&j0OtASz<=gVsZ2sbd3Xj}3^sEn^OZ3hB&xQjAmXs$YL{ZY3D!+%# zw{t$pM_I;L0Qo5PT~)sW1<*9PUdn$#M=J--!J7jjwc-ze*oa<837!4Xv|)>BdvpxZ zG&nXGcY?`fH2zWX-AZ-9gGXVqJ~cWnhO#wpeo!a(C<%y?RDBr@{`3^-z|CmgSd@++U2hsLeQAgeZH2nohAfOj*UrJ!+Al9}TM47LD6!cKCc`~0(gEE_?=5HFrS1t=vuoq@!IQN~v{3iNg zJQ0X2OdDmIYE|f*JRdA;6|u<5W6O)49Q-moct?u`?>@0>*y1`#xfw`}|9}GZ*bnUR zzEduX6IB#if%lBE9>-2i^H;R^Q;plI1COc z<3!3wZA)A+1pfP~L%iMwT;rkt_4{i}j`+P+ya^j)e8`F9&7SO_xa=gj3ME6+ZQ@@K zP<$sP0kk1q*I0k*Ku&xnHe;BSHBg_)?eSDu!ebmE%}6y^b^-yt1%oRy*J_V150f_6 z-Q+r15m)sMpsDC*N8k`*Smu-7U{%RkFA>?%LWDv4&KIj=$q0X z2rr8qkV(DP-O!*T8CqdI}+fTIyUFPP88az-6~mCX9H|N9AH2PhM=RRbC(LME!SY( zg4<^;Fyew!@Bg# z4)v$Kl65y7286g?CCMmxcqMq^i~^$5-UO7mo2)a$sfQC|DH1SXLbsy;Pks3NPUIP~ z@^R%-*LZxB15=KMXbU6DopcF_9*H&YzI)o|8)*kvKU$Y~@P`TidavK&H1VERBp%;h8 z{(yp2<&19f(BqoDUt8O=)!0A}you27mWk%}wMGOUOeed23uBM4vI_Ulka`YnCgt;# z;{6pxX+&(DS9`F5{m>P7(%h^Ue4+qxw0wp1C!G)cawEGp5Dw%=x0q=2@{i>VWFKO! z9Vfn8K|yRP_13^TJDz2%3WT7F#hdywn~%cYMDfH=$}1w9Iliyux8lKWC-0ZI=>R&lJgEe^nhOh2uYp477u~ZfiCRJ{!@S>oucUw2qvneX8^uD3I{~rCV`KaB z^69k!FjLm$Y~2PIV`9mI(wDd&G89Xsni!h$-FsT??eC9DK!%TP9ad)f=?&v8egJ~; zE~hv{adLxRY$FUiet-RE{PeUaYsOe&lFHQb)p}uz?9tunDgMO=~=~GMC?mJ$F7^=i<>Snx0GBOHN3^EY)j}QX0NU20se0&KPDeC zo!u+9B0VoGZinF+E|`9>GR9*kPPLy@R02vkk(Ce^c-3nQ@abQjM9prpb>m75%XUY6 z8uhVu1NR$t6VzvCMEgk!DlUzBHY>yKU+8X%yrkacxMRGh!Mys|{zyi8ei=Mxwf~Dp zFxN6+cb&aqhL&ntAAw^HWrBf*N%@MDmA{vs(l zF+<5SCUBPWemy4_vB~46HQ}=|<(%cA-V9iUX~8tpcY33%Gh?65)rp?p2}=O=0_6rd zvQbQ6Q6+mn;?;7o!U8N4xNJ6`{&Exne6z3>Pn$h67CF@X6@;$iCcs1%)Yx$Sh}AzI zwzr+ZchR*q(+)_2@|r8lMQf#~uW#Yg8@Wi!xdpv0?M`BRgE=x9`$z{}(VA{xDiV+| zvdi-|nQ7{dX;AZMStfM(Irz>-85u%v;iU&o+hEG~~_y(4jis7S}4WD-DTY1F^*=vL+Q-8-ySX5mYI1Cvp%gs zoi6p9%z-j&__nRImwwMegZ)wXxpt-rk~OKBvUcbM*NEt^Q=}&_3vj1D?tmt`xH3^S zhjwIcD^6?%xKA?5Noe%$^0BX_WnKV6IQ8|V8}c#e`1vk%yY;)tvjLo(F#MpR-%7ob z>@j8*7H>Jt%UP-(kDID#FaBd;FAiUPwwELVgjG zcWfzcH~v^C2K|JJYKduFr}iO?O#(wMS$R%cjn}y17CssefR93n7K!#X)(M)%BcL*?B3RM26&Q@i2y;`x>8futWF6xW)6 zuu1)TB;-=~hQM;0g}+Jv1Rp8a+8Nxd(c6hGZ;sOo3Jf2y)6my0r-nhC>UE$go+!}% zq+>6NjP%*bmQ^X8@M>gy(Xerv`1*Y$rj~H% za2*E#?%Ywi%b!!f6)759YT1<RMR@bmh&+VNTw~rh>3R+G}qk2L$$TJn$Fk_qkW3cU3!k zo+x=HQxrIz@^?Z%&WIvCqv3wa<*wSfsO)SKTSM>b$;L6$u#>M}23F&LGWJJNssrT|;aL|-ucrQ{rAD~Yll9S8e147?Cq#z6D|Vtd$QG)$(wH<9xuzvVNH)~OsfxO>73L8ncKun+#;HUoijiPr~`E8 zTs6YP#IK-fC;8&UHmapZ@_JArF~dhoX1qeane13xilm)@<1g;bGC8;06*%;WeuMTO z$q$1<>o%2l*g2l`Bu(tksjf-8;kS?Yw}Zwzl@KkqCe<|a3uvc!J*R`(rmb+Ag}LNl z?6Q0@)*{?DC}4jVDawn=lBvfVtu?oT-favFuWVjf5wWcLlK$9$?7d-Lu;KYjU)*lw zK{<`;7nJ+L&4d0?pkm-7t9zTl@G;EA;22W4cxJ@JtC_Uvu3R`}2~g!?+X$x~aQxRI zEgs<8n?&p>i~rd0xdq-97j)C)I6mzFtSlFo#!ObxP1ajubs7o=&L5*W-QLRv$q_xI z?EudC?ORJX9^~q#n|eHb#UNwbr_7(BX8wLd{94+^`dTNmc} z*4r_iu=HNuL{2=QrjaH;TaiuHeO-8hJm~<&7sY&>@q*deEV~p55}FCiIncTihU(&3 zV;@=%GL$%-EP$N=$T&yinW;cj*BZV(OfNP`!9Ko&4H-kcQ%Es zOPu%tO%iI-d$eb>^%Q!JQ4KORl<*lUq%aMv@es!uoyE+fA+l!kgE}HTEW#56aULUnMc;jKLJL_QR2(eGf{DJ#C-VD@6@?LT z;w}Di=G@9|#jCdH-`0U2kcguqy%4YB1NvBk_5f7zZV-Hwr9;f;>{bTT);Yu+kYw_G z&Ro7<?rvlAdWCtl@JX`j(T8&2rxeJQF2$kbINv6ii5^}uED;h%P5zszwlKy6bU zBXGR)*T<2U9n4K3ydyD!vTCGB@O>>Yv$!V0lG0TuCv2mNxJjN}t(n;xwaHZ3p)jgM z1#&DO3_47Y>hgOb+3Ui)hb#uZ4xRDq+@P=aW?B(_r*e3v-$beFNq%3fMaaP~Uuid` z7$J^m$8lx`r~an99X;b$JC&1XWa|A>M8h)gD@N~ynW(3<#O(dNFeUjS1bsE^Wx+Vy zo*^N`Kl-bQl231e)O2wq>zMZ!R*P_@i%F-bEF&3ZmAQ%Tk%9B?=hWll)ma}+?GZze z@V$6SG$3rFIBWOU7#Fu+XUKH<%o_Mkb6S2l&*yUj0cRGjqn_@(%Iq6WC-Ly6i~&N2 zOBE5KD8F?Io~L)r=~fYx*}xFa@Kq)-WG8#xosmk8|0Eh0&ouQ|=Am$<-BtASOlD}U z4GwJVebSEjD(K!kBg3IAWeObGLMBU32N~c}4KSM$I74{MS3x$Ji6AE&3x>N{rW?gI zoZ)bSaFWhVD)=)x;R68&BSEbW%T+FWq~{AiM2I_p*Pcuqc5&o69o{>k*ie@bK&x_z z5u*pCs};Wl_+bWEpF>x>G3e2J9cf9azd^SPi4;hBtNmglo|(51TezZk2S>h!HpwjK zYwX;!9=+s!z+~DLEl}4T4eCfX?b$=fCWAKM+#9-O@l4K5Cjgc{s=AKpX>{Ku+eKwS zD06%AHFsBJ9p$Y_(3$|YSv$z@4c2GP)voFAqCkcETTvG1(d&kdK0n4si49ei+uL!H z3sFk_&17xgLjt+ibpE&h`qv+obCwiMZS{>OkT-g#s|A2mACx!-673aDmbHg(ZE`F` zO;2${z_kFp3~)_jWDOqr6TVKG1OjyrpGw*%E8aDFegd(5uODuTMwskc_|9dAFYMG! zSCuC>JM9s)O~0Wwt4p_6dLelLMaFkA&AlIIGs*FEWW+VN=#gys?7HNeZLoA6s<3)K zH)82m0zC&;dI)XNtl-swxT<)>*UGuzgRbR6fIcNV;~}wl@0Oj+n}UbZ410R*^nKjtwxNpedy*duc-OC4$1}lH;!wRDFZ$ zQWUTz3!X3C@b^sO2TGpY-|yFlN_#I~X=VhGPkhd?@uiAc!M=;#)OB_!+ zuu6IeK1XAUf3Hk7ZO#E(;O9CSMfgrQfE0-!3X~BcaFVEFhD)4B^^$D&5<5WGaXA5H z-M~Y$Ggnq*MZr$4allQuX+9poHN2Z+FJXSvpv1pKD|HP4m-$@jb>t&Xp4mLK$g4BX z-vJ^d|l$z?6_ z%r-~QGGr*>T0%bG-ay<4XTm4RS5|xOq9H!}4~ib%vP8)?N$Xg%;KCT3bq=6l`by8^ zm5O$XXQrLx7W84Hn&JH;>9CNhmxSEG+nz2(br}FK@2SH?5Id+FKjcl4C`C3MF`q?C z7~aAi)2aYL`cI>^-C>16(%_?|F$z4srs| zndx0{60tRu#SCWF4=;R4+O2xkx%ZQ9mE+07qW;$dR$AYxB-UI(-Eu6a4Jm<(-fYdV zY>#J=e)Uj&N5~)MzP(zRwO3bu$fi^WoIPk*b+gX&FAr%c(>1RTXrbXns!wH^X%&|z z4`+X~Xkknsx3;@s^NrSy06xKtVFa)$!`=TTxB)Ac2JmzL+MhOlK+eDgD69QnQ#}B` zrco3)Eq^-wFRpR=q!jain=Jdk>Jm^>pkkfsgrp(X{y!&a%%++IE<|v)=b6nfC&-BXY-CtQa_-1IfM zdMrRGvHU|8J9i$275c9~ZA&Rc*=Gzgo0>V*$5-VJPzDlgF1A<&!%^$j(p4DZLzQ>< z8Ow4w@eI}NxFf^tV{6zE->J3}evoB|JMDb%34=oPge|;A2V%yoS8vF_;ND?mrlK0! zoxVsBYbQ8gxYTjNYGFw;yv=m73aeTHPSHCXTjU9k^PgAjEns;6eOgn& zInR-)d4eocUfsI!u)6S}sBB5ocZF2~ar22=v@B?pt#YA}e=n&#$V0wqpyK=Us_)&! z?sIdI3Om-M&e@0clTywQ3r(mXYcW@UqMLr;(4k*`uN1v!EwRmZ zr|Cc97KZtMh7#Sr7Aq-k&iX6XqtJ7yB3nOm+)^m{Aid)=&d50v4aTJgW~)dzG^sE1 zKCP$piFU=kfKU8MJL^TCOWk{D);w^t>dbGqT6%Hlx4Ba9!`)S_Tfv4)Pi#y2z=M*_ebuJ02o4*Y zNsDe)gTl^aonAQBY9-pjE=K3WJBnxrE4ph-|U0< z^p5fh4Nk{aPM98xKf*VxRQmU5IZNyD5@P18v8yl2L3sJ<0M|b)+ElC;efw0)P^>}L zvg>T9Khk4@9FMHkjqiC+%;`4~9oEvEqNi_kic&p{iz1s4VGD~wOMP^$px)?s6VkZN;9yf^pC}4FIGN^5 z?#$kF6~cRQp;*X{kRt4O)xezVp+swuP?A4-XW323*;dbmabATYWP~9@(cwD}) zMnl=_YZ!n$5iA1qD1e>C;YR1A$TXE-y6ab-%BTP+YUM4S$)mXBPM_WL=MXM6<_h$D z@FPnsc%Zs{G1O1+th8AOqt2XyCsT?jCGt(Bv!Z0n1vc`G?zOYGAh~WKDT~B65R#A7 zp-WjYX~x99=NzXp(z?6}e3OCZZfljqy_up)=po~H8DW$$wt6>Y`I%&HbvkOC_298X z%Q>SOR*$I2E7}vD7`(5FW3{|Wc57X|O!<)ALiRYMx*i9|N z%XWPf+s>I@t7IDg+%#v53{!)uAA}|ky7G(G*nVsIf-hYRx}0Z6U^@z}8r&L?LhRkV z_NZ<=fp${NaqtRjc>kW4nm4B3rR1}7NXyX$>CmX}27>-8ZU!*h=-sJu{ec}+_t+c? z7s?rdF6{NgZJ5UH5X+_2(V*QoSlMhaQK)F&Arx2r3$!}2d*Ne`D%YzkfW*M_v$xgz6dax?WVa(^C5A5zA z);ALAw`1cw+shi15r+1XR)c^aBR!K^$|AWvMo9S?d6$X5&kp(x(E7b( z3O%&YxpQnDa7k-<%k2X(>i9F7$+wf;U22&bbIcoXivOPLN2;Kk!;8QP$L@Va;Eh!v z-Nn=IN|B}o@7RL(JZwoGol~zmf9#8XjMKId0prG#0FuC?&Ze}Qi?lQ z#=Xednm(DiHMF;N0J9E;N9-tczMs*r#2)xhqtY~{@|JwPZZ2k}WgM@ZJDy1!IMDix z+wZERmlN%5iex9q8V;Z=B1!(c&Su$5Dy`GzF3md3l3~0mQu%q(;B%c}Gdne;L!(jz zThJWosk$fx(L7l!vj4rCATg;k@}%1^yat`JSPjbeLk3yz#ZHO4MEPr(We>BWsq{bL#~W3H5$A+8>;FBep?q7o99PFk@xAGITnA z9AU!m`h7SbEwo#klV*Yqe&g>_7>%(s)mi=5UUF3N9V?ho?p}vF9dPy^=Y#T6ZZu{s z>+7LtMmA{{=L!1ok(T9T*9jNH-&)WtBV94->EOK-&`aZi|>>Xnp z7dug>wj#krLGDCMa>w`p;7{BJj`BEXIsZF;`i z?;4O#IqkmJsfo6314kY?LfqjO4(@oi{EEqz_e~rR!x8L%JR-I@N{f$4j!$BE6aD-z z9Y>CznBKvR`AZmT_#3u1j*7K9Ke$zgX*tvGdMwW^e@yDqQQb#~ZuwU5IhG1`-U6BV zz(T`7jmP&go#W;*gj)x{Ta)s~f6E`ANl)L)7BkAUFb>Ji!*JZ2L#F;<$sMLHJQ91a zxKk5Q(M(ozbWT5Xmc@Bdw~L7Ab~imLP+bw(Vr;Hl2==EAPu@Y9O`F9pjNp>H`C^30 z9DOYC6{>B7tGvM2nMXH&^!r}sLVb)h$ehm>t(KwwecH_V zrZ1lFwRQONPIw|QCSoPJ(SWVEjF`snMUkFLhN^!m2A)_y7)L}gy}bg|zMM*)?6%k=4c zz{b)*dA3=1vrOR7J8f_OdVp6H2TMC(AqiD)J=1o3yfcMWt@%xOdW+$rP1w>24n!^7ME049wsB}5BuDyrylkx67kc`{O-}xO zmvPt&Ys6y?QI1`itOfyQYDIpQY{sA1$9fXdH%)k&%6csq`>$ggL?MiUa~P)IZOCB8 z?gjym2R}Y;TL*0V7BQtDAe=~wqVkTyG{3+4%Th29aIq{2B`QDd6Vxu zP<)S$Qa~G5Yo6;)i|O@PV>lljMuN9MG_iWEl{QGOB7OAj>#gv-{^@LQQvvM`*UNk# zWQ8k}B0^7PYmTv4^V{9JdsBwrRoSPduEZp5_#ilx|HKduH*9RJ?)5 zJ^!AIv1l{dI^y*BLy<100P-Ky+XDt=x z$^HD8^Ze(XjNn?c3d$lH+?CZ;>Y!XTX5=%a-u_oW`G<7&g-c#Eqse6wUg0SVZS`%BYN4!v*$ z0*n~dhkwvz@gCLR4+V8k8t8If(EUqt%R#sC6(YjxBr z2cc)kgyBlsN?&JOa*jDhE;Jn+&dL4_kKcPez|DxBm$hK}6EMfI8)jU^;TP7Q*ti%QZkhSl56g+)cx+@I zPx|8vXB5l}`A`k~#Bg?X()(0FKJamN4~B7$EJjbu3$EZLup(6GHII z)(EQOaEb(;i6W<;Y+$?)2%{VG9cI&Vl077+Lh{U4cpIIlCgohr9^SM1w4Fe^)*W0S z5^$O4=-gG7w0z#HEuRXAHeWOZk^r@GUO0-7eu3%7l^BhcX!#d|l6S_?k6_OFK7qq* z-a@R!aR~$Ev7@s?%nF@vM?HUtLnlC6A|hRFx4(RYVj7oi3-r2;_k!Pf&2}`$_qhj6 z{GwuguiYB$`(o`-z-f;BW54p}vfq|l(Rq$X=1bqi&(^V`sm=mnObQ}Eh$Di7X{1BP zI~VLKW@M`30$Ja;NB4_F6i{lCq*M8cupM+X+>yupn zpEx%F*+l(!%;n;j|M%|XXafYi{;wJdxmh(yU3UNd2e;yc1G{RUZ;xNS-)ymf$t6WF zBpX^-MdgKa4{*39U^r5Pa5aNc;qJ*{t8OI_L#BH2?5~Eab)3A&J;3R91{#U{XMCta z^Ri2+Q@Uph)7crtKvc}Pvi!2~6qMIirvEAXwR(<8E=0^lXZWD#wUQTSdn1}8JPn7# z+q!X|gHyb+6QlwfJXBJ#E0d3M=Ob`|Oe#yjqr6a#(KoPI`Sgo)S3P-7amU|szfEo_ zFS~&iw>YNSAiefO(se4j1*$h30O;=hD^{K*7tCJu+zmH8uPMso6O||sSFCgvp%|xt z9T#p&`sc(DqtVntg2Yl9-?zA$Z8= z_UgI9$|bNZL`wEy6F~v3smXeomwS741oW~*%+C1Gv;P|F8LErn|LhaF53Kxp2d$3w z70hfI)@W@JqXLSw@3N)dxI_KvKf55t`n?A&>?ptR@r;(svqD~RSxl?fhb`>f9za;V zs29p(odyKx?u9i~+JVyt2E_!wc%Ca>3Bl?kX7ZTw`EmMUhBEa^j{(Kz+yCrZO_%i< zQIVMu?2n0aK*7`x**9)dn)G2JUeh+Bd3q)EzSVY;fi4a>HHO&A_^4PX@M8#b$&2uU z2s5V|m-K`GfCX-~QBuou&T&#H01~`n)6&`7JZ^@0)n&-4>0}T>< z0v!ia)zFt)OLxGH0CQ!~sm&qFZtoL}zxg1F0KRG+y(FbpS5v&MhLkh5mALJaQ~ zh5x92^@Zu%i!f++YjLTh#3wa61BzLE^+n^HV6>wjt%Z#$y_hj)Y1sE7xQoT%Y^)IR zGhuu-w)%okVyUDW`bqT9iOa(h{i7?M{su5}mPjmy`N)GZ78{%h%5rX22k53_3g>7raxby@$Vi}!2N--4Hi z_nUB;Pj$n>7N6tp6v!CeK^ELs18id7#o9zc+4hDRLpeo5dg1u?|7I{0&?g3?2rw8f zssG(z_#Y06-nizEyHbpHmc;4~2dwFuf3VjYvGW3aF|obl++Zml`0y0?pQ zut@F0U*qRs!}?`|Y>%=F3h13{kGee1yyyLAPiC=QJUyEGZY(S%+fKCU%SC0l#GeoO zOtBrA2cVB_M)W3k&uGdjN6{2ww_Dv=CS?K=b~k&8FzAEXdPto*Pix7v?sh|GkEK4- z+WLvPtjg5@OwhHajvl6NOi0KQ=Sxm!$5hh-q1`At3*%P%)GQQrbp*~T#8kG+vldiv zpLo8bj1SOY@GywGG)%ptAYZI+VosqSTcR;sS8G^OZ4DRO&B={PXD(JoX z1yKpzE_ zJM;U4hwR#lJFIRFl8;pyrWSsnA?(EhK!>WJ--W+OrEai3Lde93i;#p=zt^|f|7Hr4 zp~kq32dr!6VncQ{eT4RbU)b8Pu$pdZb7M0n<}Hb-YzGy{6J`uoU3^(*`2d8A5kjJi zr_0LwN4{#Xj1E4=$Q$pEB6EV=V#bXW`aa4Dv;Lvhnxw1AQUdBrGuW*q;qRZ;IyGi= zqp#7XdVj#yGEdsSOJT)Ku5A4rp)QJcLCu9iw|*jNRV)yccf!8lH$J#fD5Gi}=aFz@ zK>nsE`v4aTP0DxC$C=da3u2*`7n2Oz*f9BfWurfL$xcola?6^$quWhvl3~(2u z2%j}TmtB$*?gUw}#uhJnz9Ri;eXMi+ZTgFu+5iG6&q)|9Ed8bPb-SaAZUFr zIG>si{>LogwE-*3sxP6aUNHX?>Ces(497OVZY@uXJ@}`A2N|k z7^raadh1q>k?L}G0S0QF9SW}a;pvT}8fC+9eXIZ*PlR`r;kWWI4t4Z)wz!K*_}xJ! zM&VykbeizNy?qM>Q{J0b{MKm-x_5F;zY(aRr$|5h>!@f4Pq3n~Dcj5#a(0P>?Yw@B zzBch(Wp;vMZ^!Za^TU$MObXWJL{wnv zHkVc}0$zLiF5LR6XM=f$X^aKj7!Pa1#Cm{g!z5v#Zq4q?*`=!U(oV)rP$Yd&+RxEq zuYyph$@p8hw)Wv1U}xh(AzKwf51dWh^%!SzW5q=K%aOOpFTyIZe)p-1SK7w_2SY|x zJE^}EpWb^51GW5nR^BhTEou&1uod5Bpr#7>|4rz@-+M-akk?@iXN>jG^`X#*cVKEa zSSG~}JbCVUyFi#7^KpdK2Rw3Y-{tL|Y7*Ke3jI-&gbRqBWCUwIS8Z{cwEq;^W&-+M zacWGN-U&EN8=0J5MYr0j6I0a0nksQ7_1y~;Y_kDPOX>FAl|`EBqFHMXpVXU+FKAJA zK^p856M*Y7>E$Mu){Iy0{MhU>bJ3~V$$v@Z!pX&|nVde!rn!2}{t#<&9g}x#7jNYJk7^5AWsuy~>kPEm zl2Fh^@94C@wOY;iamvnP-_jpWz0lv_=|z}So2{MtGc(5csT!}7_GoFa?d1pC`OWqu z6jD^M#*?~eh||Tq5XT5%y|v91-uH5WBImpG5gLJM1-bdyW3>aT=$$-Cn(tQ`^;j9- zz;BB_l&V#{ACBszE}f`JA1Ujp#HaJzhpDA35`3c8IB~?9sEg)!X(z?(a=_U*zh*D# zOZkH#!up%V1gQS~d2qM0bv(#5m$uh%L%5u^^<{}AXAJ5h^5)FsIZ^2z8|_SNd#@PVEkr_8k38u^Ls|7 z)Xt0+ZVI2*3(PMwnp8jUq@xbnkSd!Q^UR!>_mzKYpUl`3dOy6j(l-Kb79TQ|0A<^` z5@I0G6qOi5=X>hszo98!+s)@zMYdIhfGZf*SwfN4<>wXIq+7fn))Xx#l8qm1%JtLg zg@ya>J==vv**`*)&LuHp8Wi5rKaX!4s9+62VAk*A&ReFlE*Jp@+IEddJzyj|c^6o< ztndBI?8%!WhWz(yJck~OWcPbCLA6g$Tq`4ZbrpfASyP1-4b@p*U`;N9v^>j!3MG)Le+T3)}FBMs~(ddVi2QoX=a4RSyLDIJ!H-?F}bZ1?YslDbaDT>>geaJm~2TxNzpl6t{2tf`G5EPv)EMZGS*;9cS~{ zQl^>EppnYIG{xGG{>()+LWoO6Pl+@&q%Qel882zg8|yn828CrjD`jUO6%mO@a~%`(~u@*-aqdB{re zKJxdb>Lbe>2a;|f47kNx_xUoq&I$~!FT}Ms*Sy+4P|Bcrfc8gjcYQ$g!{mCL_rs*B zbJwdTNk^~Vw0Pwi3D=Ilrm47kZGJ;BCPzmrWn}{xCS6&d@Gs6dO;<757ar*i%IiM> z5-=O|Z?6ji{zBj1@sm5cgt?=`@{!}AyNe+p1Yg%&0IKps@-q#*-&IK#ePQJ244HxA zMkI5kQ2ur&0PPO9B(8c=-bM20NNvEc%?s=T>8}*&MUnQXJFEC&K@Wr+%P>00xE5MN zOM-Ou({+m_baxPkv49Exb&^apbj->B%Qs#CJtKPyGMnE1Pv5orJFw?J0*pOWUn^Cmvthj8T#*(IN##35j8^M*Nr{dMDKGiX6BYM|8N8tBB;t@K zpin+^@lNejGK&|&;+JJg9rU^>ucOgjA@2Is|Fox5e(n-^%{W=KK|l&#|GbAuExF3w zFyF(mA$#TX!s=+5=-euY@ja_D6WZrUtG%2R|9X*9lY|D=&C-H))v|7vEm=e>KKGU4 zo^^W(lDBg!H>(wIS)Vsx3_Kw-=EigS59z#(DBqsDk~|6By%i)o1#lMqT1`t#6RT4H zbmyOlb+VxuQS!yLUSHC9e#ga>KP4Q0*Zl3vt$bR~Og(yo5RKoyTWQTYB6HxLNaE)% z7qe2JTZ3fsnP#ic`Mu90lY84}P+hAf{C-P28({Me6IC?`^cQTgQ&^lonCUSrirrpf z6wq~Xzrb4MpT4BikOcZbm))1}3ce?5Lz1yOX@h|QQIVkTM>5u3arDtv3ZiAsv7c*S zXqu&F8?eDL8ORW96GCe{L7n~CO&&&e;55o`>nZ+_AC&0w0nv2|~ z@1AIs-cM;g=|Iv&o6zruqU#j=S*JEIYkd@q_E6jtEiI3o(2n;TVu0MQd!uCPA z+P?L|xG>1&g}HB*+FDvmOmm&svrGYzvToAThOMFchy_C{;Mx1WE__vd;{0`#*dMok zVS)0RH*G;D={WynoZlnQ4bMd!8Ws?U`sB?Bp96|U`xulm@ zCe`_-eeD8Fy01p&x!ao5Tpq^HcIGN=moh3D-R&%}d*o_d1){ahJn!`NPF3AA!@aj^ z-lkKl3kKK_-aor+Rw`L6U-?id@b+sV4cEn6pjb7y43ibhoWeZmeDz1NCh9?ExXk$?pHt1tHB1CUY`7F zpaEwg*STuZK03APS*tg;E2EbgrQq*{k1)=6uPxedGT*|I!&Qz!}r=OL}2?*y-BWj0^+%YKl%lIPLbJe z-=`s3uZ~LFL&`eVN@DF$Vac^>p%nz);B0Q5@2bV)&?(yoV4xfM2;=XQ_! z{({9x?A& zps7|WeO~#z5LQi=Sxs>(W7dTa#ur-o;-2j$X}*>=4gX7`>-}jK?JKF1IymvbbmlGf ze$vZ&pO)tjISlSuP2TM#)nx+x7@1Th3q8g$0r2G=uRPZd7; z)_+^^+hn(60n;U=&}KV73|Dq1pO@#^I^`>Y*$-uSSCmt#UmuW7&b0h!nk^mMLGzVbI%fPe=f9 zOniG9N&T`@J=$v9>}SL_#i1-QNX^ze;xN-nthdF~y?IUiUeS^nmwaIFAJ4$0b;J2- zrzTCXOWTumtL<5s{C0?eyB2X8kLn@vvvaaBdh%XHDm4fB2Lu}C-Y@q}dP`{TA>wfV zgRu9GXY>93fOXKSs*aCQv#O}AYVT4y%o;&rRznG~_bf%LR?XT~wM7ULGgeDcn;3~z zBDHI8p4+FN_4_`r*Yn)}6ix2?y07ax=e*DRoa>z4!Yx?Y$1uD1{M9^C@fw#*Es5`5 zti()tJ=XcglsY#&f7y?t#n7NMMgC{x)@AJc$RO1IWm?q)<7I9*MKnw5O%yIWN%u|I$5`l!3s zdsgc`-1?@0Bkpzm zh5|wC_w!rtF6Fvj9P~^^!9X41(rxr%DVWE8Kx-{Y*z+?!PBW0At`qrBj~*7(1=M8M zDZdcv{Z&>)>z-}-a5yLOZD;F3e(Y$}dch|jNeMY@<1<#E&S7!e+jX-ChRK$Jl|4KP zi2+9@vU)Ci-RTA$H2XD44(~PVXD@6xtewSN#>xcf%uS69Vn~G4`?#Hx@ng%;4av53 zMCr~Zj943mzJ3VLINW(Vp5BRBoI>ZU7Wp<{pMlq~4(Tn>5;oIZilV-08}uvdD$N6* z_1^Z9(qU)vFY|a-_pi_VSnm-h6@-tksTXOlkDOt4Bdfg{1i6!P?V2h>LQ&yuQqF*0y^f}Ri>XWD zV)4%{5EEP1v3zwSMi-EtYi1YMe7xM!y~E&(o#j#5O8^#-o7dEho7REN4`Fj zXR?20ZNnzDJz=A>?SaHnYMBahCuVZ{m4sg+jcMl{uOH!+EDW!l!O6!V;{zxYbsK6m zj+a|Ii9W-|f+tR}=R)mri6(ps46`NN-0h1n&-&-}?hPI@vU^FNZ|%uo(uI5;h4|!R zPpZYr>Xw)HJNfMWPWC!ei6^f~N5BGWWvKFu`OHN=nVz*@4>(%xb-%Ga>4*6ipy6Jx z0A?fjlalh(+Ty(-1^@1V9&W(@9IF*S$S8a=oqrm};r}y?BQbm>f!UOeY29kTUGFYa z1!+szeVb7*{>_y5PFCzuuUP5?60Kn{Rp|DaqNW7xLS?US`*VSLf5c5|B4){F_v|uF zlfZSA&BT|8+zzN0B_xeY^j@FcSslSzAKxrR3PPRSEsYXzo6_Vbr`m z(@<@|%na3aZ>MF#6xtA2l?!wUJL;Nu@js@v0rc-&{m%dBQ&0g#a^8-)dnnOH6!gvO zHD<(UY=4#GIl~V^RG&@rq%U(4AX#6&w{e^`FNc?`3%;L59^*-X4~204>Ff1rr#PPd zP8dts!;HH|E2*n>Q!EntiC;PxA8Bc%P1+>NGN&}$Sr*Q(Mzb*Ry7<&C04!h4(ez$x z%cIL0{BblUQHiX4f|2A|GX`BTs5a|wPmVVzwKU^qG+p?Ux@}sZzY4Xl+Ai?<9Ikub zJp?Mb+!_8@NxdNZtL+9fzM&3RfH$GL6rxpE`|ye@|1g&{3x`j4Ehqc=PU*%4C)6Qn ze2sWaY#qo^UO%vJoL|rMXzlbRq01pGQOj}%bB2D5R>uclgI{FM_IBG1o8CuiTueA2 z+IncA&P(@pKrnSipUF{lQ;{CdDUiA3tcCU(3M{|<;LPtWU7y8wZ==e-L< z32J!CCi|x^mlE0q11BhTf*=Nx^D7}tGdsqSD+MWcf!NP)Mr%xxmJpFO$$x~ofR8nF2z9$JC@Jj{lSUIp@Xcb=(~O&-cYW6*vmhxYe$mxHBfbT7 zMI}0MrlWq!<&b0My3dm4&6`waT6N`GFO${BK6Zb)KF`LF@y%y;*7Kcsb${m7O0QRz zUq2|eFcX#$da8 zYev;IJl_l2z1sc?aI_Za4b$+m6ORO_;T*~rb4~zZ?^~+4 zZ0ur)JG-lKIYga|?Mb#B*tuCq>WSad*{0+vD@LFXolIfO2cN8{oh)+Re{?XC76YndWn`1D*Mk3@_F9BhBMb8>Ca^2H@p7hK1V zKGtmV4}{+&=GCC%0ByhR-4v@277f-gw4BkhH*aKYKK1Wx1KkG0XBk$Qt-YH%m?>MA+Q#pCz00ioCeCb`*9oUtMh_fNax*tEuSj~1|<6IX-_&|c~VI{5$Lc(XI&b5XW)o8wde&JR&A_aqug=-{1?Xa z<6`ejL5ka#g!NFBD!g=Bu0qzdk0xQ-VchP5H*#p}?b}qC@hMDDi!byK-Jd$bwh{Lu zUWQ{mEY*VXdVmKL(f;0SZtb(zkxuiwpW08LjN91F3{{ddn#8&z)ux$5YKZ5g-Xu&QAEplSZRcRknBOWHvBx0zRk^xdlCwYU;3 zPgBPL0suh-Q-OjxHC`JVY!mKrtbC%s(gdIwsZc)wCY~JetMz*OCh?*|9dD*Z1_kdc z@26!-Hw*|JHtPA*aCN;Kq;oSB?Q4i$HR`uCUpQ=8*$jJYdaq7n#RYFM7rFMaV|V57 zN&mA+e4Gna={A;sP}l9ay<6n%K8gL8tm<~1cZTmyH)OWfL+E`#dh+%g}M{oVQQ*ZF$`vaXad8XN89lDw6NVgRJ#NbY+ zD;V-8;hz76ekChqghS#_!kr1%O5%K7#3N^ZR4RTqvrNLV@fv|wp)PVL$zIEh>>EcA zWY*+Gw0MzGqV>VDZdi$KQXWmHfPHW;-8YR_LHMnL9dnI)K>Ja50T^z%ocO$4I0)NJ9vp--EsU@&RUeRbq;xFBnb zII%6~p2F-kmNl`NUDIwMk;%zDCT;yV)9&0NGx-^u$4VUttFZE6w+^tl#okg}Pk3eY+e!So_zf)qL$3qgtx3(WM2X|#1+tek7vX&rbWgm>XOt3MxRqS6OX=lAkXC+u2O@#YLiX*!Oe}2H=%8K6)n|3RjRvxcruV=Vs)4l#+nSAih zEo3EO;yCJ>Ns{VjcbE6)u(!@?>6TvE^K0Z$>twysK&VEFtjj8YmOuDef@9|BcW25- z0LEQewDOroKX5GK`l3Ac(DZ}P#~Ier`H*u%cNptTV<0aVZGxq1UE>7HVt`CF7w%mP zIMYwZHRiqOWRALt&}lCza>KVRRmRz@ES-1x2>~@FPG~6?v&h{3 zbfj5)#6&!3x!sXG%!Q>+Ugchj9hq^BI{X+`Ypg~j`3;@5F`KLkLa+gyP679w>26}k z(8@b~-rA2`&vv9}buzgwqZwFlz6`MwO2d2!`e~|ZL}81dW;zgjS9NjHnA5=eXAbS? z1}_`f3EA?^M|e)z)aP|%#I6MU-qyP-(jr%&%di7r+OW`roojyZgykb_=gQ=)vHXq& zX#>H+%3-Av`A6B4#I#gB9M8U5gwcg%vY6mOpnzq+?XTo9Dv4G$XGuJJ=)icnxPFbI zIR7W(6gRbTcaAn~DHu?~izCV8=cKYbI>Jm$xq~%xnufzJL%~0hS%$NX%%%C(yur$r z)lfz$cglVTYlAFKb@UuZPWfcH1k7HW^ol;>eN(hgCoH{Y99s0lJ_6j2B+qi=BmQ9? z8M8XRoFs;#mc7y3l75Zgz92M7Gv4AJ%}L)eK?%Kn?q@(I>%!ZcJY{)yi_KWm^-({Gr&2k7TI*#2vMZ_OC!MJEzc+>mOpq*FIJ*(#gqM zl$c{Vg@t1!-q9>zj8TEdv>v6$R;=JAE}%ZqI>|^xr29 z=C;0@V`Nk-L_E`P+|yAuJ=P!()O$Y-%^xoKJLyeak~#znL=3M=Rto@*C++7NAnOe$ zP^XS&cPfcWoMBxH>RgM~N@Sg8&6R%f%YNX{+%<*S1MFEX$`$qgntSr7j{B;%)E(yB zs1=U-;BD5M9APh*!qE@X56rw%CI_~idFsW=4AzeGs1qI()ky;$*k_FuCnlaevLdLQ z{*54f`qfyV21-@Zyui9yoQ@9#_vTsbmiqh$Q3aL07fKvUXd~S)MYzfQr%Oa zbgLoUKDp;&xRQl<-;dwE=us`+7uxhv9OD;o1$3q0UD#*ck02Kwa?UuVHXL|p#gq;Ro^zORq`Vq}IcmNLqN)|uc;pyfQ4);A` zd|~Q5nxAD{?u7_nd2= zA8JyYl!GM{>Zs?Sc$g%&LdMUXVmU4Ec&WM7Vg0DO9UUffP0yDvKs(iPOPWaESwE)> zS7NU#{2_3p;@-kUYUqYLFDd&A`&fUGGu2{R4Evh&w1G`#4wEp>Up0=epk)j7e0$hQ zxVO@K-y(mUb3MR1x7N(TW7Ng}?$1i_O~T5sigbo!jqfUY*87IvPU{A==Zpz+r**H5 zy3*>;^f5fB@|keT)?z9^Uz7Rr0pUeBa9$fec3VSJ-??vqyn(Cvb7$WLbJ3PK z&u#IU#jG$G0}+u&b^dOAISxWq$w9&26;W&z?{ZsYwU zq@`beuB7&p7i-YPI@@4#QOvN!IUs3s7X)Z)LN!rmzUtfT=xx3dC;pk36(s}r9SSBM zdb#WOn9WD#D3T@GD`f)-l}^Cfg&%b`*}i?7gH$W0k<6JsAc?U43mA_FrF#ct&vfz| zy{Qq}nbQWcZKa0#ti(%9X$!e8bi3(HZ-Lz&>G;@$8UY%KZ%#%jf)49HlN}l?c5+2u zUecf@kN>_-E`k0?g)QiMMSc3t&NVOf`zg4jPL-C}#Cyxe_0l!zhev)(QEhL2#z-zq zB34|!S8rMwcqQb;Fq3It9befFYNzx_k|aUOEW(B2XSk&2xbMC{MladTXIi;_P=;fB zVHn>C<{uw2^QjlUJEx+?6!y@N^O$iUVDVP&Uiqah?+?q>_puRMwRnIkkGPP(mK6cC zRFgPT+8dtoQp0fU9T(?LoTM!L3>lwi7=_JMQq~8RubQNIDom^rBnzPRIuH(I(@QF| zN!P#iG5fqv2OM4;vmrvx(n6PmE;Mi2Pe;Uva4EV$19+8 z=mbr8faB^<{q%kn^luANRbVmpu!^1o1p3fz#am-gj>)gO&VOz)?psEy%FSbev5F@k z1u%TfNKlQ{KBmJJI%yXV*~OfdY0^A65DsYZ5R*=%6m@vtQAz9k?&#oKuV%SaQio+s zl?*G#zF@aw=aq5|K2~GF(*Sz-mJOD{@`Z<%2apx75{);hZ(9bOSMA=>PgCv_Z@WbV za(BYhnO3hA0oD1et=JZ}7`RUSV7^94s{}8E@5z@H)ap+vVr|nVU8o;RUJn&wF>?KA zR_HReHhEGgsR} zQy$&hn%y zs7JLk@{jKu2MD6});Y*N`n?;U5w9WHI0lRwuR1Y}Zd9tV%?~&G5ay8GyK-=?n%XZc zn~Bs(Sz}hUfJtE6J6`rTno-EB>i9giv9RlB+;HC`qFnu*q|)$ex13ZSdx)IL=N21M z=g#%eyI2jZ&q3w-N$%0f=)tN`L5Zl=CKk3uFp|5!v;6^EzTfT2)8Z3%^F5ac2Zx-^ zx7X^|9~(b^ea)2Nm9P>8x8lW^Gwc?3*e`HW#wZsCeY#XRs9aR@q9!Ld@8@&y0HGim zvU*UGtT64>GjUKQS=REo=iDTlJYUpk+rx(x+>(=?+wl9_*8Yf4T19Jv=Hm^&oI1Ku z6X}y@lx@)IQe1||ylj7ri=-+C154$O0Z@sDtkLgGlfVlIB)|4WLP1Kf{(WW{pAbPm z6Qu;Zrc2cVu1mw&PUXlLhxwSz5i;ReMJ;i-`LQGFJ*dIQ`uy~=NzJ-1rG@dU@Zz<6 zG&Gc+ApW$5Nq|#NVCW)W(ZJ&T$Qz}I+I2x)&YFyqLdPxB2OVw;<4Q9oXCq#%9r{N6 zdL%sQtKC7eWH@0Re|Mt#*@MIesrut5Ck5FQ>$RLOoY%~|>#-5nsWfO2O?S!7z-s3J zAkkEp{+x8ZEM07K=vX8$8US2;HA1Hz4Q6%0@_`d!hgl z0+{pJ5@AFt{y~>*!fInq0Vg>w+v?33TqX+$&wKn8^n||Qddp~T{`a%{aW1X?$pMw+ zF6y=Ck7@9k5*cmVTsEoA{3aSnyW?}*MIMXzKLVm}D_`+$`|>!rugpK-^vnW*{wg6z zC0q3MO(}6zc-F#O7gvp%@t45ilbFe0=jsW8I-|LbAD*fYPs7Mt&wQV0gSb9di*^kF zc@^0Q9EQ6`>JAP33WAItIKGRD9FvL`t|EHBZ25XPqcZ1q0Fg!)c;-|Xy&NE~;gXv? zJK~x0h|`kmT*SMz1K-Pwlh23;BP54q{&A|AEAO^D`7FL{jt%;ban2}fHd<5{7N;fs8C z%Y=QHxE#I}GQ9KKzk=v(fuOav>kdka*h`;JS#R(VQtG=tFg*{1UJ*LMw77h>M;X-^ zutvi62gNp#n;nL8=a1SK%2rIJYr*cG<20$kc#cgVuSop*+|JL#nN4eyIOEQ*R(4i5 z4ocOwnIo3ADKwY1CNcyuUUKl#tuEHI2t+K#IEKvU<3LWLQ=QKMCA?e1?n*pqFmldph1c|FpnX(UD5HER^YIJ1+{}_g1G>Lmin%O=|d* zssgW>#BK?gNLI&nKo4SgwC#O1#@7naP*s5{Xg%#?{FSzs=P^q80TL|xyZGiAJ>Jm6 zW8%-O9ByPE2@`Id1fR^}BSq`5)o_G7F(=5grOV9sT4R2O-EOnMR(plG3$Q&EmPP@K zP#?g-Sl}=TtpU9-yt)$QTwKoKrAbC6Y(t(sJ1G$+U1B#7-22MRKC8sTn@3tgEAZK^ zDq>9`kCT;{#(nav@{*FAIZ|r7bqQRI=MR*#Wm!*km)=n~c;O&nEGneg0Hk|_wRJWs z^l1C4eXdw4n$fZZyDxln!HB86cnw6;*C1gaMDvKmxSzCt{DEV0b!4|3g(g32qdu6A zHj{f0a5#5!pX5`MV~_fr)Ys4-U7dRDr{15NzocC`SdxpN#gLo1Y#iKQ+F&Mcp;mn~ ze;<()_jn$bz!h~n=%^Buc-B5?(4k{o61gtd_Wbi5@f(ztHRu~ z6Q7FPn4zWi0aoV%usTVmT0Zh@ksWv)J{cgHaU^cG^>`Upp*MyO?B*QA5bv_|*P1J6 z6d54$aI%)RleKqF=q6+(=8GP6(ii7p+q8;S)3=Z19wzr)c{Z?702?|pmcvG3wjW1j z)a-|WaxMsGw30UZlo3k|^bH?jX8uLB>uXTy?Za0V#}H|6K*_*PRA297dU0_{^UZEE zmDp_}y=y4T>hxaR@gxvd4D@N%KF9ANbd)MFv`sS04Y;q>-#XhPk=zQA!$uq%_vgNN zo4kqa8YgAowNCu2PKHfNgO4BMwJ6VQ28=-U7*G1%lea9PhDBPJvywTNxRp+h-;`;T zl|-M+a6H;XTi$$3CzfXJDmpp&yj8kt2uSwZd4>YKUVn-qdr zza=TNN&7_}l~nM8bcxKI<03pOP<25@It{+7SKL{9y;e-ck;>elI&&PK$(B?R9BWsb zc;9NK%VW3`f0itQ^U&us^D1ss_-t|U)eWN9CL3Yho#qZ*?+H+XZ;hKqWp?@LH2jl- z-{=Vas;%dpEK|EPM{lvnqPqyhEzct-A@W;0pBi0B={ZSlONc~bZN!! zwB>&kV2w|0yK$U-uD)M<=J_{;iwwja%m=57aD$=;FWub`K_L~m@DX;3&#m&rELitF zH~y+hR_=hWLWQt1jVo6PN>1~86*cjKKlK!RcWBc`BnH>W0X;g>-%VgTFo=3O_TY(< zHNtXZBI|z9to<3X*6YV|z^SvqC-#zO5;PYkja+MhqL0PTElxwH6uWL)E9duYl1yAW@ia0u)M$4j^e^{=j44?EB$^7gop7xAd zy5|~3TO~5XLWmkVfV?pYhKR){xJBAs0Ud0X#B1Oe9)=($Ol{iGJxl~}RMHKg+mbqv zoqLANe8k-kUQ>XqI@+^|SeCF`od3QviX=(UV;+y4A&U_EYa&B2p?V?fkgAhIed5Rgt~axi#=>~2c!n+Oq)4Sd_m9(g-aFvC z_r3|izZ(ylPRSp?+1Wf~TAp(~mcU6}W7q96C=v!d| zdN0V(looc$U=K_6x)Ehb(i;L=$0A0K+f=6bdQ-%VHLAJ%FtO3)X0vyGKe`^qeqRohg27Mye%tqyps_H@tUa--iB03ZIo0$Gaf zbLMCUX3_i}tC^}@5_1LMb_b(Ofd`cJh#z*hef&I900?#irm=V@)ZI?w^(QvEQ3;noRTSB$fy=61h}(aSVYhAi&;P9rYbYdqkc#Cm!bh1E+nAtWh%C0V*d4F#CTES$K5qmWwIe5k@KL6~jyEL4M7b@m1bM?JX~{ipr86`qJ=TcSe=k zA*k=c^J&Bgw~ydnFht;^*lMS9iEZlhCJ{2S#xM8Ic6L31-Gxz_Zf$!tYp8uI64Kq_ zq4wL*+v|v4&M9aoK&9(}UUBQjDBx)5cYT~u5P*=-a107A5d;a0{des?R8(AbVdU%v zD;vQ+6jVxt6j-5nLAta^(M>VLaFP=W=$jNE?vbpD?3TlWgg8l0)EGa4*4J|8>piP{F#Q7~6*YUPa|45Z$)(x~(xQ>S?VasEVfVdS!j333MsO zJAyzG)i-L(yiel~DAxE>xc~cV{G9MHpYin^MG>k{*Xv_Sv{z>TEj{2iKO}L#5<*J$ zn)P;$D{3;&4xyGj?R+|&Trz9NK;H1}^{Kg=n=}W&w&K{ty;a$yA?Zmi3V=m65jfD= z^4!u+CY!R^q^4FXu3fgiXJl9*?OShftT>_BeZarVsuv;<3!Dw#;qh`zWqLtZ?A`U8 z^2t!RA&2NtjbNfj0Ds{Njm3)aF+h_(ISw?SQ!N4nApY_{!w#hW7K|q>j4A0ONBPeb zj_ISW<%c_p0~A_MTb(8o8|Edg9d;^_MaxefHHE90jIFWCAZ#iQUH`s5rDw*aWDH{{ z(pARy(AjqK&fg!XlMLl~OkCaw!`!YALs(DSW&IL=$0$ipm2!q`<$g93Av{pe)S|N) ztUBru7?QKsh9I6P#+gcC3Q&b6l)!GYr25a$BH)gE&AMJ80#vY@&`B6oSaw}A2!>2c zHKQw?i@AVV+M6f&A%Q+wA$Br;i2!ZA$WL2D-mJ^|9gMrFUw3Nq%l|d`?QdhMJXM6q z8jn<231H=JotmfJH^w?`|xkU5EvQwsX@D!667Y`M{w<3LG!y=PB^df zt2kd~BS)AVjT#fgro9(pdo{(xq-biK2GXo$^Z^oBrsefB#YLTk3XW*w(OD~s3&8># zf0hD+ib*8TByZNJl$q(T(GmQkwBwJ9CIY~ML7{lUwB*+U^EL#637d^43#F*cnuL_28@J4lBGOW zI?5jC(FNKAWLF99STtqA#AI?)4gd4u-4uz6N{VdX$-Q8m#WGI@$a6PAK(5M8>4d+w zGR4yZ=>&A&+eT4`mz~Ncx<5O2(iP65S>J`#c}3fUlp0fS41$#xbd-OzJLvso(!RI# zL*xAv5FR;pW1ze!-J(i^v9e{V3z!@b5pd)(*F#XgUK`Z<+nyD3_9%REGP<2{26z1< zSm}A_g;Lbf-Su=KAYsMa?w=DsWTmfsv-r(Q4D#n_WXey!G5xBbOpuQuL9gB_(g|ji zr0|ec)3Ni-a>YynSWI^G$v@VLhxJQJf^e%n59vbo>@8~MLjij|0Z6G*f9vOUd$5(Q zLNBL{<#p3vkrVDSOm@K9fQ>3M zm14z1-3IekWp+kdvMF*FuPk)xEM7XFYx@#bZ1!L|nn>fI^74SX(x9+&cYCiH&z^Cr zbmPzeBMoGY=i4daE{U}Bp@xWxF8VKEWqs`GS@xo(5!^<3tX$ap-gEkD!kxjoe#sY| zHYh&XzQmIT65rm^Po;13j7~9`+umz|TpLTl9heGUohZyg%pZ1NlLE8VSdr69AUacUQMWijzjvxTx76`rR>3F(^s3*_T3lqb5W(jsLy zyVy#s!mvRjkG4fKS_#pN&qU^2+>?=@rN?r0_?Ezri z$HDlt1+dY_lrT<7S`*IHAaks|nPX8#^xm%QV?pCAm}wh^&B?K-w^?sUk)BGM>UGYa zYPDkVIi9rIZTK2l*fxDNwBAWfgXG01qH0VAR;m*m7n19vHcQR&xP zm7mX-8o&1L&pABw{k~Xn@8!GD0@M_U|9&?_&K>KwW=SmIryvWY{8ys^BcKH)I;|vj z<271@Ja~keytOJ}nsl%E9-Py2r&am#^9@k%+|_Y*NLziEbv{XCLRF%Q_JNJ2a0j2A zkzwcEgD5&yOrk-(?Q(((gs*6}(Bvj0*no9?j{5nj$OXz) zCAdi$^ACRi%Rs>a%hNZNh$%mhxd`}eTyp>WG^x&qUtwh>;Tz;-xLXOUwTh*@GU% z>=c>GOpn~}zADa1x8pbQFUf`4iaD+wog-^}_)p~*U|r+F`KuBl@54;;$g6#Q5b4Qc z#Y4kT56d(NJ4_1w!UXiDIJ6Rc01yzNWwA^IUjA2k6_J|fbG?)yu;DL&2~su(Owc!o zj#~-;RAojgXFTW}>B-Hp62vDBHqfk|d)Q8%%|N7;KJ5?~XZ@}>a028c9$SyC4N6SK z(G-gz;uyxt#2(n5Xrmpxu$k zO^BdM+i?A_e;bl+gJizM#e@6$`&MjipFe-}yj<3s7?O-DjTMqOJJ9?p_o98$Dox?W z?Yl#yp|bvbQTZ3*>sWR42|op&;_ znLA3$0PbKa4%e2bb*@y*DSYjf={q(iR|d%D7pF@GT|mMVQhSF(%3;*$j)kDiqiuq- z85LO-+rOg|YId%76M-hU&gF&SIHS{vzFCiWo=VL1DGZVqMJNowz})vL zEMY;eQ!y_l6D?f;0&2wN@xZHiHz|MweZWeX0}ay^dUsh-Y7Ys%iB!~oUB1^^LL^z5 z=DArIo7;iewH#A#d;w>&0meuf@F)IL3gv^W;mgh-b(mvk64NUl8XeB*l3Pl6nk1OS z-f!((@RxSZB};HH z^ceWe@eq)#zreK2NlfsJn zS0YD``38?>WmZM~@5sii1`$hxaAas1{1IU zaz@=UQtj6i$v{Ynb{8&n#WpZ9kgfQgy6C?zbDj4WFx6+QvI>Xo63O(Jc}FkmsYs?e zEP%1B-O~T64d<8ccS?Kc zdXy6%F!5C{9Xs*Aw|CX#f42D(PKm07kP5G6&B(EIr!`0YyP{V1C0XZDiSDQ}*S+ee zg?_&aBoPe$)f$bT|5st%I(_?Fm8U3}Q=imv)^xF&HlO)-DI-U-|8A_OSnWii03#M_ z@ggNLnZxgJYpXFXSOoruewmRa0gNNkyx-8D3n%U$uj}uhb|oMqt3v*}Pkyi12lIbd z@AqH082(!_2>4qdW#~Vk{r5-Af#cx6PuKqb9RObc-?u3ZODP|$`*pQipmQ9-rn9lY zR9HTXDeghPzwQlDnQUF!npW0>fiv^({noVucWZi44%-CvHZkAFeWf_T1H!v>Cg5Qs zRR0;=hrlLz&(E>4DvdK4_YOb3V-hV(u>Z*1Ap*2>fU-il-O#@~4J^-slg=;Ts$ zaun=k?m4)w46Q=RY$byqlTGQKa*C~7SfkNcpRY2fQD(@pGOXw^*nh;_sDUfj548SG z+8uu2+HZ)--s8{FSX@t4)m?=5e%v~8XZs|UYiTt6$dWB3N`J`>m`8^HEQk5^fkJhK z&kr-j;w#T1y$@tx<#NsrB^4aRhhlTL_C++^?S%FYoRe%e7YNw$Ln+!za23cv^;}x* z;ci?IogKL4DVA_io$5l$?TRB|IvvuVnl20Rx27}yN7Lmv-YrI#Q*=hq2}XN47LgYw zD#nH-=R##4chSd$`!P%xUVI$swZ)JtoJ5ZFYJrG77CWm~RxjS8jIUAtLm$6kJ|rr{ z-Oa=OK|dNQ=TT1`Fp-13LPmDu!oLCwP>xJIg`siPO@$ZT%Fp#?k*Cc0t=qtc+ofI= zs4}-PVu7?aYc^hwMRqp@)P^`8+Vma|AH4F?sFieFMJOt9O5Z^UsZ$yH7h)Z*Fg0s! zk6O-g1GpTRXQsa6#Rh~ z(sNGNi!8;*u6*h0uwi1ubrAA{eny@f#O5bVdWWzT5=~Af{On&TB?}ZdJ?(z%1;27%sq*sNmEg!J`C{4Hp`kP#cFF6IcCL1(Wgqt%CWCp%y~i zQI^zZMvi=lSbf)4-l3y!-FW^JZ}+IBY9f{{n~z2J+!L4^g0cT;Eq6ClzE$TX*)H}H zF46}^BVowH2|vnbM6d8bNsq}xSwv4ev*?D+02azFO4fMipE@-FBbtBKx}a#~suzE! zTp3M4(O&2RKe@nSx&3FxdPFm$bQR6BY#Tp~_hffIh%T!+!$(8ims)*IvZBiS00d2@ z2e#k~dM590uK_4kuMh-4ok%nk+e$pjnnG`ePb&@8-_ZDvHGX_*jT`m;YmL(YJ^#lQ z_(mAYPR6OO>2+x%{ zC^)Gj*AZmj(({#3@!Veo@Ly^sG$;h!CE?ui4A|B%uQ#a@inL7y*WPGmuS*ZqF{Xis zNmPJ;3%eA)alTW@rcFGGbBvxUsx4Tys*>Vk&iTwgIhNTugnyS+j45#w=cto8uiz+ugD$h zU8blA#0`cHoW&ES^Z;LutZML*;Sm<7g1qVJE2f$PLkDu`I z4me>UOz+QK{Y%&3ggv1%=*+(qWoQ}7yi&1OCc<(9%BkNRiTD#SqqHj&e-!{g|EUV! z{fa`IQbL8*9-g?!WmH3OZ$gNX3FH*b%4Q+dC+@+Cq1PGJf+41rd^fX`(!=I`xuvUE zynmBS{^~|kyfm)RHdgS<&RI%0B0gaFA$0j$Z3G1wgV2A}&r{Ug^tA5HU0XAf`e-#ZKvF11}+KOzWv)&vQn|AU_tzA5iQ2$_@l|NIV>B%)ZSH*wMIk zUgLByEsR=fqn+`b#JfYuQ4+`4<$C;&{vgPVAu!BF`Tq#$<@d5xU5FCsD{GtS0?u7G zNG%`TgJQtp3)bJ*`xWEyp$+|m6r1PlnMPZzYT~C1Em7<$`POx6GDE{ETWg9P6Of%H zj>HE=b_(H#?9SLJ^ka!0+sab+x^~7fk$&ws4|}`UNg;gCRLoDAEl};cABpA_qV31D z?Sy42kp`|t9Zsdt^X$$kds4i|b)UdqH@e8ZSC7(JH9tV=v`|`U&HEe9an& zbR+m~A)@n&7w0QmT$ziq*+$Kh_&Tok=B3qf!I&szKd>g39kLm)@ zBnY51QvT=TMN<}eeFIYpW8&TLtQe)O9$o&fj?dRerWD@-reM(mfx{|_IhI*&Ts1_?J6xnb{eCu(By;-j zKUd@VQ_tYPmvGa6#`fobs0;t?_?r8ito5Y#6aV_WJCMfv`$s$A{N?YTMp*uaB&GlO z%jO<`%TeR@-!~5&{|7YT{~3b&KSf6W|897LiI7Xu9WLb5gPY>2U+=S~X|Y442T!iL zZAn-;oK_r`Hs)Jp^F*E@yY%nv4V)cic2@*yfX(VWtfhwG`MfxYaXr{MdFQWp_-hRg zHR3=VPhH8hmRC4nHL)Dx&qI!DdJ`3@6+0-HI)HN*zz#94aW~85n;a*exKCpJ z!b(hJHT`Vd{BV^&2))Pz9l608+xp{{f+e@ecrR@u>!U3FCyX|~cE$D&6Zie5aTwR> zUCs7;T>YBT8)|H5$s&Es4xTgVya1zJsRp`4ja)-*3dNX>kIj~jMoCsI8>-dsBnhvkG zw+vC(KZ;6vHMS4oX4yjvD3i>0q=T8^q#>7k-6zfB18B}?4t2Z-X0|3C3lRUbYv~PN z`lDCZk4$Aa&46-DabbI58i$OXC6RXfK%x2PK!Ir5mMYLw+A8scv3yUd4LSmd)1ywg9*%#uyhqDVUL*H& zJ7np5>yVo5QK>P<%}XYG>r~RMywCaD@?w&MR}NQbt0!HVVMRYvOSu|n&;aoRpV%4v`sW{ou2I`bg;=)$tkM!_-9od zBnqbMzlSYoa*?RE~l0w^Gd-U;P$A>GuH%)0>;swVoHWpm0Xtivz7odFjTo-O2 z!H3Vkj*l%fJ12bs>uxsJDVQd$SS!f8h&289U@>xpJa7K246+B=i`zjo*>h|y*YbBm zyfifPk(q|W%4(SnpO7*eb$eS^X*HMJ8l2Z8?SYI8GIN^w0b60uB*7)U+AsPgIow#f z;ViyK346s;IB&#vk8$&1BlMDpy@`L?g!yp)qQT2yXZOpCV!O^D73*!WRFljhx4ja- zn)J<9f#vG_PCDa{F#bP|)|rR$muH9F2lfhwS0&{4lRZsWS%;7zqr+?0GiuSumLp%E zEJb02KXP~NfbYlF_)Z9G;fd!4^JKtdKLxm%TuME{YMFLFwDM#n%5!i#=RGzGwexv% zRmG3{tH;Ot7lz-hvUTiBM5Qz+U*u2ov+cRRe;A~~CuyI7u$)GS(~t>|{-b+pnR2E; z)Eq`C)INtt0@C6>@+|v0dZY=gn?b|8&+@GAn2TJk?M{bNpGH<$gxiA;ERGAbkCzw} z3YW36NhWTeCd}*o4odn}ZSp{04;>T6XZ4F-RFvvdy;${E@u^th)>jR&&BpdPVCnTG z4s)x$XSTOVZS$|lJG^X3*|PN8yED-puyRG4yz%e)-629JTjWGvjUGNkUE+eqvRYV@ zA-q+h-*!vZ|3#0AT&qNfwEK+P{DlQ+VzqxZMdzgNt+SKGm$;!a_CS6xAU%X9TQyB3 zLb=2&4WQ@AC{=|u$+xqz*%uLSA`!p1!UGyFG^rgTE^Mu}u{C@$u~`%|tQJg(O84sm z)m{{IT^_*Le^!=INoB*tDJjqKBRrxSPm9mC+LOW-Y8v?*;*W`IKPj!iFC7ZA~RjE$375}sNd z;l9WjyHTI#{>TkqA)O*rrRDl6+n5hRc9ri@8v;+I@rO zOKY6WAi^Hm%V$~AcdJ&aZtARGw}WB$%p1Yzp_RzWm|mA5*hFa-tN2L}G&5T&KI9N`R2F!Zz$Zd{@d?G& zsIdYgXtDUOUn$#?t5;d7t&=&FC zAd)*p;!2i1u-AvHQL1At$bpVZf3&;0_*}hrq~4pDc)1Hu(}t+bTVNbM8vk`}Ts8w08e%boi&tb1o?5N9n;UrJ|@YD}FtUSq0mb-PZ!9866Jk7Gt zdrt+Gy9jd3k1$y4f#q>`%UL5FCrUgs8fTBP0}^~*{1a_hg1ZLeiq8)xISkjj!kpl&@*Mv25k{)R2@ofvt-PALq)bimv@GL zo^6ogg*S)W-gY~&g9yl4_2_z^GxZZp!FOOQQ|srp=Z^C6Dbe~^;#rfuD1Exr9nJuR z$O83W8~Uj3lJ!(}PwRq#^l zf(@9rpo%yo;hXGq9~5Cw1j_e4Avfvgb5h4IMy#+Hd326dxs63?Pmq^OtBz+08Oc=c zhuPN-Y|2tmU_9o>G|ChZx4DXr5@FBzWsj^%rCx)AiEIvi$-y!O(UCX5jis3J)$=_; zPWavVb5Cm4x}z53Oq)g@Lxxtuz3BfR_TKt0%DoF4#XwXT(l9U#JusArfOHQrbi**z(B-+^&-?D@+2>C<1i~o&>4I(T}7#jh_oJPCS4!UoeAP57r)&zshkZOU43X`+mEd~VkM1qv*ploC{a#p z?o37;w%vg~;xG8aQkL`n*Z-PQPg_0NL~swz!!oL|sJhTMjq_+4?&CCU(#C|o(V!BQ z!K_I_`P9)}T*qI;GTesW$g^g;U^XVUy#i`ZDCgHhFwI9z?Aq9E-RzmXzI4qJbDg(7 zyRX5<0kgH9C#2Em~F}Ac;@#sjDo;)d%Qh>)R-m<#);nKG$pVwK9P=&ug{R&gLr& z?BuluXsl z*-mSTtu{E?u8GI0mpQGGs?IH~Nh7=65}dXG8$akBcfbXMI*!AJGrej*VArrS@@ak) zko4fArI#EUZXH#TD|*pPTbH~oQ5S~`h}`{*PtmQ`J}SLCHK$%ff>UP~e0xnHO|IP) zK#y1m_*sv?zH`Do0@r`q8gD`GHOS8@nODXu;T?yO*9@~>) zaDg9MM+~wD>)EOew*1XV9g8`EQAVMI6>CJurt#GhZx{At8+u5CKF&Ki&LIwN*Qw9H ziR2i!$x+C9YAWwvB9}(O3;ekhf1niN&KjjT3H<420n|>jB!YkOIe5X5y zoa-@&D%PF&YJGd%ogkhPJ-45pMG0+{PlDR zxq#dHAKH2g+8coB`iKR=c~(fBaq&g+e-ajTOci_9x-Wa!?Ft8y+twcO_a#=ipdIW1 zF#JD<@mS3sqoOe2BQaiPlxup9&V5J;{O#LTb{pMy=WTX7jyAM2Pj7r;_%Fa}K(POx zgvk8tKaKpi{*mNOF#cm6;eXD&*FW(hps)Q;?*9|+zhC)JKv(-uy!iir;eWQ+{|9XN zB}XVpbvbGu;k8CQ1!FWFU;B_XuB^35+s4WKiPo38bJPpND=Y*-I`G+@=&G`d}tlVo5Og_`x z3a%_87B?<^>2m`6wo2^oq zt6FnS;PMRe5^qylDN(E>J~J$0J<1m*1|Wd|RL?(-lm4ZILvKK^4QN zKG)piywPK~F_mOA80v#%`b zRjtv`D~)HSeG44jm3AA$#hjZwwprc21swPcVaxG$Zud0nal}wIrw58sIg9GrQHHQH zK5F0nm}4p*!ToTWz4Oh%p7sTeY(8FDs3S9af0}>Sm1zB*aBvCpM<3(beecPO_9e|+ zT(HKm-#INOC@J)qMd0@97T+xzK;wJRNa1Pk^(irv6494mC0uMUhe+y1rsoo0T(sm6 zv-Dx(Ti|Pm^_`WJwK12H_@lYd`ApDA>YM=A+RpMD@CO8bXJ;@4RND9QO7_IFc82iK z06sSB(GT+C788~Wn3|h3r>TRH$@jn^s??*vQ(>$^h-5i!R^IMw^vl;O6KqB2IPDP1ga^vwEn7O%y z^TyL{Pfz0`2&(Jo_a$YnFeLKD17)Lc1G?v!aSIoKK-0P*WBBUqsc@nAV2y@CeC?DV ztmjaE0b!x72fv9f@r@4qwzI8W-D%L(uql63pVII0cCuw%UPrJ6(UNa>Qn54qWu^cJ znzFV(-&C9O1l|0qojLxa73jEhedTcR98^2T9_5i=MHMoaFQ7BnxI;{qXDzWZggEhr ze$5oGYjW1{nxpVGz-&2n-GxHd@<9?Me%wgAIgp`S?%5&HN_`bUrGf|NNqyy}jtkQq z>sl9@^YX0^cY@`s=w3w9&IFhyv(g^U}b3|l)}VmQ07 zc469#rrgi8PC21lTkAS1#KryYV_mD&x=d5w9goT&Pg~34o~)-uM4w*r5FtywK2l9v z;d|58#DD2_tm^9H0Z}&aX#gDA%h1ce%u_mfxHaT~ zJ7;mY@r+XVSCD9?FJpn}%1tEIMN_{RwUa$Zzry5i6Ed;jOzMHqjPR@D{YyUDj}qJ0 zS40;Vo?!;A?KRJxhSlzWGQdivHZ|id5BGpze)-y-p(|_$#|aU)F+4+lQy-sc_V^OT zw$oZcIvQrbvSZwK`%1QY?c!8W>u~B_KyZRjmZ(84h$!lG;x z)pU5vlNC|Xl1vV-z8WXUT8AN%kN&Ivm)6|GP~FEpC~5R6eh8(M2>-(t6O?lR=!1OW znl7ubYxiG(?2uqv*CSxE;+S0YdyUxj?>cn4_6-_veo%uz?JaY9;yN9D_}QMmX8@52 zbKqj@#tdTpI%(y{C%KZe=;BryVq~>bPYj)ZrEL{Vc8ndQbyz}}l_R`nqxaSmrx{I~ zYB{sRl`Uly_8{tfk87sUS0XTB)u#y5AwCPxt0&lfLZ7y^noUEzhgp`B@;h^1?olga zDgvhSn#wIK_j+t44mU6WY>B-_lFch8e~kFx8g%w9O+nfn z-P||gS0dG_Bl04h`<&G4-EO7ocB1a2r-)ILE+sW1OX)*46E-tcM!~xwZpC zR|Pi?q?e$cubToG%VrcgtkHvu-H_KTuij-0S!ymQ?H%Q}k(dGNMC{sEX^2$BOWm=< zSK~aM$bf^bEV?zuMk||QY5AYCHC6gsQ6*|Px<+(+5TNUK32;JQU&_3>B@Ilsz)zf%Z?^E1 z3e_6hpFd0E|1vd&?VlsA!Qq6RH3Ye--r`>xWDJO@MAk-%XvWuq2A%<`vo*+uq3+O_ z-Oc=Z%Jvt#XvscqizLg2W)P{GEVen7u#Ct}ea@eF@|wk+R`@LFH~@cG_JxUNXf7nj z=?)2_h#ZSp^D{%QtF{2iHNC&;RuCB*a@T>e-oo0KO}xRg_2-Kij#6M!SV#3AVi))v z-vG9IZr>Jh^+3l5xTh7JF->HxYJc5 z2qALZ+>pD=oL4M&yrF+6JJHZV(yFaM30AlLj?D-Q6nIKYpm@}t*we!ta@ z3M+FACq#D8lrkGH_f$hoDC@x#CDr!FXind)ftC?=1HcE?ltxlD&ipsN*1FauRkfI% zj;4HNN@75QAKO)&pSf1G5DHs9XSkIU9HqLsrLs;6%CxPDzT1D zIAVRUb;S9zHdhs%dhMG_LkXdW9!>v%hF3;a(K(ZeeVSTSTN~cUs9>z*{$MtC3gxTu z1q(*G?p@C~*@|+%FS4A4VB7&{gVP(M$0vfQAMD5-_Re*F$r*S_#JGmIc8vlK14Q;x z4KiaTW%F}cMyq$-7&-*{+l5Sr1MyKr3{Q(g)zL07+f<`cV4klZiwob}tGgSiE0oN2ptex~TEu;hI?m;QS<;OZ^wa7_PfCbC{LF(! zny%SiH^J{=U zxl>YwLB)KnB3!liZhG~esqVXiTi>+`9;@Tq+>C}Qlw{8b3y7T~iLBV+;nU37^mD$) z)SFJ{H^5VHuDF-i)l5s(v`FgDX7mqk_!(X&rbJdcDAm~3*iY%HrHjFv8EyPl@zt45 zq_%ZMLH^TB>#LoeV-54bA;VnYx+(I{r^S1_=IJ@=vR=us64y&U@_Iore1Pn)D--dJ=U@ zLc=dENzUy)e%=?`dko4?$JSH{vuW-c0JRlcHJIF6GZ&Y@uRFudL>oKc_Yqf9ec(Kk zMz(c4o2~G%;3lRaUe1C2$H*rW9e_#)5Tfe_On6@_LU&9Vru2_H1-%GiC~nQ-Q$Mbt z7~@2Idn@m)P4Fp(L$IzURQ0!1PKjX`s*$QlVl9K)BEZJyy^dQ~X^GJ!YG_yr-e?W{ zkgXcfEj%|&XU;vCnPGLfTTUsC*zafDa6}V2%w6vif}DPx>wHLpwF`U{?u1J>+O>PW zW?;TkAlmKK(Que}6ZazC$MN`yPbO%*a#xGk3PM@;#}Wj`*Ma-z>AXWCzB8{Oy^J54 zKejUCJv%q_JwRVYiX_X=-6_`BH8+J`S*>YG-S2bk9*MW79weR!Ddv)nnF5=$in0Ef zJgF|a4FxZ{bDMKT0_uQ6wVh7qx|Q2~3S8=$cF9ZtpfWxn$u=i)B1o$#n>gzB#MkPc z$JlWY8_Hoyk=SC~9y=_ZfkkD)PLK%a!ge$bEDx{%z{>V$YM8&$MxCBMYl9Nuf2S&B<3Abwo%r?Q_I%^XiRJx~%pA0J;4G9 zBqKrx>{xg5>H36!tvxWsXo9qG}QKLu?!S9ziU&Q~_jGP0{`>m(xbOWZS z=3Gx>hh8`s&K#h%Tp6Osaud!47C?IxeycdL*$Q|@LaS468;JN0SA8!V%*M#8Ff$QB z0T%q?&wKg?3AwKZIq&~*?@&wb)YJ7x!wZh1ERV_YJmk6|LNR%ux~MIuTXjbNqS=n? zw_piZs)9|L80i~N$coN{QSSD1V0IX^B()9D7#)OePMqzEFizi^=JUR)ShhKX;O~p| zz4ku2Nq9bWa&XbU(%A6Pb|yY3x(iE*k9O4>CZ7R$Pw9`d`RntEWF9&^t>vT%jFso0s1bxPvk`ozfGw4gb*Q{KixK=Q)gj&nAuZE4PjqDFsM+`t_~tXLdqUz z?KG&WWZoUh-!~nTvmu|himDZr(=cti07fCqixmVH-__MgrL0Y)L8U@)BbB21EW!n~ zW#1cLyv(o>$}G!%S4AUd^y|um_WR{OMXY}WGj%(lLouno61%S)I-P4tawY4sPSiCg zGK325+kkOB>GV%8M)Ox1H_>ztuWhAw7h2k$fyMeRN*#!mh#@D=AJs_te(ziQ%;a-K zYU;C~_)E*&BiMVGRz@;HZ-c=@e@zK`k9zNGFYkuzBF`058$rxJeX2J<;r#Xc6mZ-l z5&PHn=z&*Y)cUaAePdWs0{8NVKCiB7T8*NwqV@3=To_j5qe7x28k@7hJvQ9yblBLi z2)Gq_snO8UBX>$d^+n+u-!E_fuL!7)yJl3z!W9^7?v<+~QU~Amk~Q*U5N2@7>U+p>+;p1CI4LaxD6T$)OoEOncKBTCQ6RG)k8?r5NUyY=CPW9q&p zWuIq*A#G_?Frm10PJtYI7aetz%X-jmBf-|)f4yVp$}G)&!i$3qe5CWzikV}BjJAJQ zu}UZm^EPY%5eCA;FnRhn%PMND-N)d(tdisHUNB3H$5Zd=(Ot4JLi4>1j|Ht+uw%-U zlF8W**L}Wl=+|+P^t{e^+sWzyj3T&C;N&&Fic)DAG*EaHs@+9NP5IsSyo7Dyala|} zLlQ1Pzb{B=PXxdgjIZOreyw5XQ++kpT)l#pQ}#BRAFEBoY0Nsp?AuwF@5ObJJuYl3 zBrQ}85ne6~Yi0#5(=HAdYH$8#N|X~fpXz1mO+g=7WEa}%!zZtQCi<2Gl(PL?h?u5I zR8f%un7_)O2uXURz3YK&0S-l%<@rhD$U=TJ?UbdqdSGFcYD8+8QTFboZcu0FUl{NpLH%A9E?ro{`#vK+xXWFlA0_)DSl*1o3iCgs~?Hh zj_9?kd6;v7ZQr@?TiyO-%(AF&8C@S1f0k!L*<^@JjvDLDW{GWj&1;}?M>{^f@|9V_ z4%N`n%Y1Du)wNdIR3Be&n4|8Y-KNA4M~EweOb&#L)VG%OQ3 zo|NGu($}WnLYt^nEe>3VJ|J%(MOB0%dDDLOb17PFX+Uha#D-B&TLrA}GjfpKj}+M2 z#X;qr8a?hSoN4#_p@k?X{nP4!ox-dci|0vtx)_7wTlD~z2|lwb5@WtT^|KPZY?t0& zID#do$YAflfNAHPRS1!(=K9g@{`hL75tISl%hT~zjUN_E!tzM z(xuWV=|vo2ZN7WH>(@jXeKwrZ*Kx~@S{+K;@ZGTK$u-{LL6_G`qUk?QkoE(BO$h}JJo%6%15Ro^Kkg=?3i_7XL+Q@6ztq+#+KzOo8z61;X&U1 zq|&0Mvhv-hf~Rc7kZzBe$G3;n`p*wwP-#|4|oyJ5QQ93u<&V&o4P(m;T+`1ZlsIs)^ODx zX^f`JYsFe5A4@zPyO#>HySDx6Urs|5t2kqV8uI?^=?`E}FnNA~QGb3fQPsw^;3D^# zma?E=WX#vwpe0VM#~8dVZ5~h8lW^Dv_7)N5H}ctf`OGccc${euza9JZj+zW_(+A-` zd9n7w5)sO7SK(hP56`dq3G;=|{kYSx}3a_n|4|8p`T5Et%qS=!|Ojn}AqEg4iJc^P0WXXf`y7r92@c z&O^82(Bqfn#E`vMQ^cwqE!!eRldXk;ggA(swXj%Dy?Q-KX_&w@Z|YbpPM}QdS}yiu zUGP8h+CRkOaeAJ%b3JC+`Z?7!kFR+kcR0Ls4TM~%XB*;Y{AScVDy>pR0jg0n>pIsQ zYR*t0%D9F?kG>!A&k=g|vME}7M#y{dId=F4-)Mv0&B~Q#Ho%+m@Rf=t87lD^s`cqt zxQG!F0ZQt0!j)>*xQXZMS+Zky$ZjHkwpCXtqz5B>*+DO6I|_3(o@(Z6b@oQQs9y`v zU#)tSH8dTl#tEoZ ze7yIDyt?3wRdn1tV0u%hio;YPgb=Bs1s%fVD=%TI=`rFKM?Pno!8|<$ zv&zcu3~?aB!_*5)(o;w5_BXzct8kN!?pbP=Cc@B6%OkBpFY~oR%tpDdikdEo68G0_fDP_DINMr!+7XBr(~fc z^gF4E7>h|m8D%EVx=&tzI%od<`TG)A(FGmeBZVgYB}2*KRC>ntVZk=MC1JoTt=q$1 zzoJUU4&Q%ukHJe?bAiW&cs6gJpX{rw!L>7x2FsY2%oudJm52@B+HmHM!VH+RCO(vK zaPua2X&2btpfVz90=Fcph|lk9jBsb68=iU}x7}jbXq&C=J@3vfn+|rT*R2y` zoPEcgGnsws6=T_k_lFF%O|jV6pz=1pC7aa6nMJSrpECZ1S!>5DbNpdm?a394=7EeV zS!)Zn9dkWNpt_QE`6cV0KlG7OnqwUTe0#fSji)$1x0hm7V2qs_Uk0&edbK?7Fx9Y29MO15pHikBk2|lH7!sUQH=Up$L6{F zF3jIVZBO6ml3sAMEPbFCp3B4c6Yh6bcrmo09fg!}&Yq@SZ`uJ6*CGsZ;Q=@=rHW6Z zFU)QHG8^T?cUyZ3vtyO z<>de5$pKw;D_T!mYp{T>&){Y8t-LE`#%Uh0q`EFa0g-SW`-Tedgl5|_1Maa5?8sWQ zjq(syrIIV6on&V8I|qfe?m!{Ov;^dwD~v7Lrr8_+95(T!;~UAd>i}jC*4Q%ln9;pk zC;j!@-SIx(IqcNgX6D6y4dmn?jPH(>4b>9|NIR8dgVo7Fv*p;bL+E_%5zrDkt)MR& zV6s}p51UD#Dd0!Bv9v%T`0&f?qs-Sf1}W}1gfsLs&JLqR?%jAwtj^M{k-%FN>y~Si zZq)a~G4<4}>2(N0)T&&&8x4W*f3;G8U$W_1AWx|5t?q=m+c#{>KNS>VK1inmw+3J$ z$5;+rZPN9rX3-wQ0Edt;4?=!6bO_)9Q!av#8pAnfe5#WyFevzguXbe=e`5HjF|b;$ z%{lLiJF~aX`n#})ksnY`n}brB6;2KgjBnVMK3FJ6JX2bsyLIBMFBeF~MY)8Qm2_fV z&+0B5uX)b4NxZwU*(dkMO>}2Cz71@tX|6pNs)O9;7jMfF2OQM{OI9lqH6^^BS5uA_ z3D}9<29BTNncSCrfrG4Z_}stSEaK&*`$=esQQ<)S2gIA&vCb#nFy)&dHSh3C*P^LW zrig13|3YBKkRKqASc4t)+}ni8;&nMxp7nYH{jE z&rlzgGrT1xmAA~%1@f>IW@u`ybds7d)bH{x^2C;{pA)Il(wk0_QO_qm)FQ_;i{^zpC~{?(XZSroIjYMimR^hX2&Ti7B(eZ9@rcb zG{vW?WW6qD`qI@lx_4x7NFP?Rgy*%{!h9J|&C9karUKhNw==jPxc~p!KhK*|9LT1u zrrJ9Cex=^%1pK?#!E4cZidJ)c+~6-!aNV#}dhu06YrKpnbEm#3|Jrc1iyc&$VTNFv5+b}b983hg#chsu1P$Z#Ph z%*xMb1nEDVD%AAE%T+X+#>)@8Pjl1q$fWBW1hGa};x7dBLwrFCdd;biW0 zi9aQqUVSC-WEL0zOd}&GVV3=JETV>dyy=CvU;b9xbdZw%+StaEjI2uKhrNzA^|H0i zH`(k6Im2oPuV5($%4e>NBVwp`&Z0;of!`&wff337pz6`+z|;x%b1NMN)0 zMBg^1YYT|q4TXAZcc9qHqCC>38#GDdb=|tQhIXqabTOrn)uT=4*~5o=`d6%zNfEfoX zr08mtka1RaRjkNPeAgx{7`aE~5b$bCd1!=$X=s1hx2bPovvZ?>Z0tVi*D6 z!`+bqLyNp`Mu9bZwQ{VeWssx$#0?u`0Y+!-teyrBkl5?MvRMj<|0r z3(v(EGRI}gLT)=`sdkoeIt8-QuP=>|@;#6Ds6gzFN?hsG=mhrM18PxyXMa0ck+^Ll z043rtiaQd)z18AytVwO}!%wTm*zg**U(TiJE@q5(8`yur?|Z1$BR|ti3@LPWMaqJ# z+7H0P_!zL=$4skfIiEdU3cTjVQg5n^fr%cyZT1o$KJN)u=QKYj;mh!*$6w~{7DIZMWfOr3f-tG2NNr&!Q|}RuZKse&;~r}(R;M+0aCP$?jY;;jx=q<%5xWxQ(rlC~U&SMTPy++aY2zq~Ehtaf?chCl zU{6oDj7yb$%koqn--n2qr=zt(OelC}pX-s6oA#ayFVd&Yz7&3cEsNHy7D0ZFq?dBd zcoda!sG|COLjL|Ck@3BAlc`espv>Y_rSUZMN+3KJ*S_ho>=d%|I$JSh)o0={iJ8Ky zwGXm>j0ACn{~O`G+|WddAcAXY?Y`+6{Z`aa(sK7|=8$5nq2-(43jmxY?_+4UmP$C_ zETbZGm=kq1eBx`-nL}%C&jg0z67&yGN4psJUx(ld`Q$b>Tx4%28@d~MPzZptN-Y0M zLN%WKdcv;3p{qsD&+aa?h&?q;Ye|HOPO2ZnU2wEw};b@gPCUg-9h*0uD#U#7YPz4pL5lf zKB%=sQnP_O5-Ll+$vDOEJ*3fl>2I%Lb?-y3KNRX{-5f#J@ zWGs)AHhgTJrT$ArFMUVKTG}4#2#OtHtJO`Wif%0<%xM~z>nHHXEW8=)?RZ4BLkG+U zV6&qUdPsPEO0v@wTYZ?HuB}B!+Rhx#R(7?{PEIn^Dn>?&`oIR$VQ05$>LLJfmd=mZ zq+{Y$ZldVA$7AFetodu@ZIa#x73C`5OkU9tz{_Dhy2?0BO{_iX#!e!)gO|!~1JG^Y zj)9!U4^By2v(@_Q*U6mi@hmSzt|{LCHz0Wc(|Jr{1-V!#K66zWH4jE&HY2vbE^+Yh z?(*~0NgDBEjY;5F-#*iGk@+8WXbpW1Qu&n~b$n!hDpg%<5b?QlGz0rg?(OulkGrow zt@RIYAsybg&C;YFbf9CrQS8x+xAv~&hcZK7=yxyy*-MJj2TyF>45sgy%`l_4q~y1L*7x zvS-xV`v+Kw!S_|3#OW=d8M>BVJf*FMUmag-E8Glhb>qu)4$*xxv!YDpvHS9E<1w_i zA4$0W#5jnrPsIJ;3fvMT87BpI(Lz3WPNeuGTSk%K?VZ#9+7SGcb$@2yk+)d{5`br&1`C2QS~9x{3OznADl!c zkYO4_bZTlYNuS%xpcUdWn>Qg2n9Rd&>YT!LDTs&Q`w6RRXpg^|!W*j>_!tGSR!ORD8X7{(2NTe}T#iCs6Yz&kH~z#Q~L2c$flBAp-L%!?AxMiUZ$l- zVv8%FjUh&l1lo8=pjBNolR2QA*=4ScL?YGMjY+lIy^HuL<7A#4@q%NKR^V=AWQUPA z00?hP#6u5K=HJk3!1Vkt)ApZ5M$w4<0DcGm$P6RHJI zyj7KdJAr%fxavs)!>sb1N0jV*L`FF%?S73E1$v~3i6E&RSj>UEj-xVAOPgsJ!&Ef& z{ynm2@y?-kj2~)!@r?#$P71@~a|Fwjq~YQ7wYP61#11wKG0L@#MC%wugWuscplFh2{qnacp2 z2Z&c}cO^QS+DXSckzqPf@S>Y|;A!0Nb@Gy>GdB7dTUPob)-`x@e;9Y8_K@o44N!wWt9C@VY+;a^k}%Te7$+%(H(UgTOg4k;;T2zf&#k|sxL=|r1jyS zzHg#i*_9j`bA&zp(Ln!kWW^Wg(Es*b^>KkUuz9rXiW&@pM>nv`76aNpW%{mOa!qi_u%B)__lr2w`$3On()IYIos( zqcN>%jo`g5+i(-vJ5)>kYwe-K3bl*MSUWdHNRwa5EDR^qgw(AcRLTuuIjU z=Q_Iei^4CakYREakzyjm3mY7c@;Aa5uzR&}BHYw=aRo$p%t!n1&dS`!FE%q4c=xvM z-@hYflZ^L2h$rr!Ml$KQEq93ND<_>?dlP}^ZfA&}6^*0K$}m#54z52 z%%>xjX*F6A08Z=o4hDuB3QCKp&!M*mmZDt@sqTee3XiJR=ctREc{5Mr-i2_}Udg^{ zhJFl7Hln8nUozJ*qy+R0?2fCIM<8z#7%NP*Kqh||jEQPW5R373aKQCJPs&te+NOq{ z_bZ&g(qJaf5$*P<7x~~TZ$s(QfyQrq;#IUOh-A{uS7sj@ z$&`1%hr1+Qe3J4m45<#aW}#ctYS>15rJdv!8kY7HfuHfZ-i7ixAZXB^b*XIQfE3tX zct;Ju%H#;#tEu*ya+h2su0ne{WmX|C6TYhbRtNk z=8ObeuHYTB`#OYf5Ipizq~!63Xxo(!vq{^F(F;^$Gy~D0bd$HCa=;wMb!Bouv$>{l z%bhTfs;I9%Ih&^j8E%kER^D}t(<%#33EyEIS0cMzOWI*M$=mUjP(cInwewk73jV2v zJF?4WDy_H+hJs8uzo^tXjn1@a$$5YAD+~Z^%3)YL$)+nF6Xd#5ZWl}0QtP9R!>Pic z&h$Qi{Q@yo_UK1wmr6ih8#Pix{0sEFnGOhmt0X7YvwJ?$sE{*Er%Gu9)wHWMwWnzP z0DUb>46m(hs}H4yei9d~q9Rni_;t%?ezfF*XfjNi9QgfH#bxuJNG7r$e*w9%j>wUfe0(9# z@OQM$P898aGW6SXtee7(Dame)9AOi)mt^B@7-Yj{7u+@f7dtdfyiS74#b8R>E0C&L zU9ObFoL?OIff(f89yv$l$Du^*g12;Y3G}vIG~0<+3}lw5fw7o6kEQR2eC2y17mg)KdtYmprLZ&Pr} zHx(g$P*!4sqx0pC2**o}5~zS3`I8sqcPg#)xFI=Dni@X(#nJRkr``K1b*W6IebmRu zF(!v_Br%Ux{LXTOJpfJc)Ik7>U~ph^?cQK}?_En8Va%2)m~SDcB6 z(ntFqNf1>*<=ezQm4YygDyyNU5-f_nM7?p-r1bR0)-A9!>i%wf-0AuN5fZ*j2qOT6GYV?uFDWpS2~vTaG^-SisJ0Gn+) zif<3H>=u^R7(;34`Ih8^Hi-q!XZe0;T3nTs)mXISp2LasWBvSFReaYRcFj+SMB)zo6J+D6gMyUbT1^RCV|MZA)}1O#3jaP`DUC(LizCdN`w z->VLffwFi$mFV70cS?p*DsjyZ?8n;$za(F6m$J+ka(164Hz=0vhchWa8bQ@Bhx-e` zU3c#eY*5$=F~@6mA~?0Dtk@ zkEgsOvgpNbwEsz~QpxFnQ!cJ-P`pJWO#W!Pa?f1AZZ>D2>MNz`ba!^i z$Md&tWk>#Hu`E%%4{`)sJR_{em6FPkKg@d!bzB&MW&TtaizCc}SCHA1795$94u9u% zwFhck<7ybfX3nDr{m!s0xy@In&U?8f>7_H$x=lx9XPDm?D$ZD@D>_aiwxHCHYZqez zeky6T+lxIku2*PVH<9M(=HEE+p}i!d@qi5@zjOWBMBFhJDE18JZt5Oy`n>=;+aI6P z7$1G)eW^WnW$uZ;Ao6CwT&3;!bs{SmO^Y5(|ENozB1^bc-QLR-f)#iy`q>O-E6zb; zi7zg~&?k6+OZi5P01PXVt^eIz@iOv@)f2J%4Z`M^Meg5k`>7P9TA2JSiidkGy{Io~ zuZfRzYp_7>G2KB!9CcIbwrv4j`6mSuOM!dqAf&ZGsE=TVgJVOxi_bUo?d%#RF~ZHC zwS0!SInR|T*mi^BC0XJCM}JjBRb@n-{SYhRn+6tKr{tru7=KNh(-K2v7ti=A+pm*P)^`#ACrEh1$3TR z9FRye$5@{W?oV?#+rhJ1A0D>9>s&<~`vrc3=38cNM|b@m^xH)$4XU1@r# zk5WBgQnxb|6dc=*SUaQ<2%EX)kXxsHN)$Svoqy=Ug>XMWNhd&ma8A{+OMijB$+=Z` z-yu%-fdD4MDybLO>ig$b_C@|W@wNWhOPmIPGRV-fp>GC=RD{3yw5j(_+|F~uf5`0*SgleAj)0E3w8}_z5V_# zEzu4`9gDWSjBZJiT27VCZ&OlzM;XKm6HF@^?MtcO1)df9dFQ0|W@+c@Z3H#n3sqbj z4ubAjCk~fv3iZA`hzjZAZsdGZU^FxgY1UM&ymoMY;~M(~1fU4H@;a=Eo`PNvrki=BF<4U| zP2Nj9i1CDsqH)=XpSy>ml!~#OZRhT<)&zmF*!V8XIG!&mh{#%Q04iUpWLitwoIwgA z0QTH>ug6stB%W{y>Vm?G0601P9XyPz-~lF4TVzl&bvlh1m9jXu(N}m$M^(3sXRXh7 z#cAJcWvXDfFssjwj*764J^lZTb; zXNzYz*2|BtgqphNcKs%j+;Np=>q9D5V0q`wavaaXUeYG}G?)4zow>taJgoYqEq8^jI9Wm?Unj zati|?17BtFLJVjnd1&2=e<o!?uJr00KX9{%k>gl)0HRElWh} zA`;I%4O7QA8cM%*+pX1^@`4{!JUy^&-#qt`jii&ch|I|s7)g02xBR=nWItY#_Om_j&pK&2&n-pYj;?Q}Q4EAS|U zMCCWHzR-nxzPX1c`EZvCH)T5RFhyMQw_Ca!kVW3y@#D&g>gSakwDP)msfTTt;j*6J zqpsd#C)ZYP_Jy$i#8u+mTmwk4kLjpuWk`xKQlZ3J zZTE%O>72b$ck%3Pv9h3$fTWJ z#VyHGmoIJxOCAx=LMijLihk2({@`W6H^Ynf9z1TM_^I*AR>1R?^=q8D@AZ$Xl3%KZ z@PBB}>KU%9ET{gwP-emkN~#-8u=?3D?o$c!$^pTl*-Vb04?639LYV zIV*J3y7wG+RbAh^MeN;Z40bluH`X5xm03`qapgsiwKVk}4R#=3@-Pcfm#svvw71up z%#~XSwH&tin({0&Q=F-3_ljEZq%fl;wD8~+C3c!w%!y`3tEIt44qt`-{Rto7T1sr&8X(GeZP4>QCzyazW(5R(Ku;?1vl{85hA{U~G^yEi z<^IcgQV-5o>$?lBx~?M4S*AP&9rB) zY%N)jt->0F3nN zm>$)9X^Cy)`I^m1-N{%>iB%iF9wmZ7&jz!3w14Dsfjd=wcDWG2^f-mn=C7@MO-mbZ zf@Msx8=8ZMhlPSBR_^GqXK8QC$5oXOLN-oXGhu0@$MXn0+U}RS!l$!gIOfOv#*7zx{LHgyexiYZ;e}vOKuhn%t(Mp)B zF#?0j^1c;onm%UY7hd|jPtFx{$g_d$Gq4no;QC4#th)2UQ{PG|s6p9j@FPzunOWFR zs`uqjswjoQVqQPnPQAO6?~(#2%giTG=-h>4`&D?4`woeM1~})VwuqVnB1mLpqi<{TWd5AOYv=pk^Ru zDcdpD{Map6a(35i53_YlgJ(7F=4pR`Hyv&;G!a+7uCv0b)0?CDv-|o7p1#8?y$J?0 z&02l>zSS~IpU#|~4l{J)#YH%kj-{?-873Zuj|+k@CxzPctWW3z{1e3H9{H-kAp-PK(qo`X!VT9XQ#v*)|d7jrOM^Hjp#ejTF87HAI1mDLpn z>|YV#*A;JHN{eaTFlHXJveD?Ad4u~Km2`*bOFD8 zc$TyYKyUiBiasDUdtMt}&+Y!0*qr&nECFRfgV12oJhDT5V(16j*ivAKw0Jt<7PmKl z;#0h^Oc*LGnJHw_=mWS&z%FR&~oZrkY^b9{U4Rnt!6y}j7; z1)a`JkM!Q?(ChYHG<1g~G1?-Lkim#c<5GF@Uj*XyT9`*$p~l!{SyIeo^>$I$fI2Y& zwXgQq*Hy+qk)5tL%8W$$Xk2yppiBC{KW;k?-Um&mtKEe>y3!vI#k1eSNEjJ3E(MB0 znYr4TQ33ujAo!w+3!}%!Dy&4TDDj*%D-lpjW1hZduwrH)S1P*1Il8;oFS$?T94WGx zM1hw#UR~^9_=yS6NmBq8^4nz^6Bk%xl{9&!dJ!36P;fE@g6c84sb%9xc%afK!b)WH zqsvQBjm3Qt$2eZ7NRY$B;X{&^FCOt&2ed0|XBxm%bywV$5T#XdNNmylX%+TD{Xs?+ z(#_om(M6Nctx7ML-3>R3*54P;=ZG)2PbNYS2y$E<-P^)CZ&$b@qZLs3D`+;SPv;+Z z+meOa8Ov9mE|Zx_IZk!o)G+xI@x;{mai#ElB54!FQUD^xbF2NtQ^E$cv_6aEXJizGKIi2||Vx~#CYO{AI(QhV-?(CJpf z5}^5tQ9HKJ7EZ>>lvI&IK~XSD{qRnoNuCO$n+``-o9Mjg-?mct!S^k7kR(aBq!p&!@yws66 za8oNQoj|R&gl(MFo?fmZrrkV)f<`9>H_jh*QxrSO<$9k>mr`)-`C1)a(jrCpMcdoj zVc5mi_i9d)41G)rClepsi#=9S%*JUCZRzZNJNbs!Cc|kcbk=#jj(5WgbHJhn!@*)p zk-dEGME&;d4fe8dFV)5EV6=oDw%Fu4bulzIKkcZN^MPFfQosp?zr?sIv4@?%|AqP) z`%YMxcniw5>-Y7OZ^7jDxyY(lHmSnXknE$2s=VmG;DaFxTo;f*I^Uh9FT0qx_kR)i zOKxQSSSpcTop~>OL!{@yvE8+w+W^Y^XNZZX77~Tvk|=Fq4{#f?|B)*+y&(&^Jw5;w z7bT`@#t*=HS>gft)ZbazYwM-EWJ89IySB+(j+D$cNm9yO7Uvn%MdOe0t$N5kioPS5 z+bu%euJ3C}CQNTiM{1vN^u%C$n117Aso@Lf_3xy7fI#0EI-wzQ3hKINli}LiSye?g zxBunjEBQ?Ugm`5~QR|?ZC}`=ya2eI5^j&~l>9gs3>ET{& zwRtcqF5QR&JM*4&s2y`xeBa&;;=_fk@<#2{t?kO8oUo#y<}U-v;;wAs+^mk@#3<=f z{40yr^AQx&Ea9b=nHnU&(a4V4o*2sKGcsdg0gwZMEM(R|>vhAx(+Oc+Ze{XcG13J! z_`^8n+bdy%jg6ih=r$MDj|0H^j_*$T-f5=w0Qr~Q^0_@Ow-8^dsm|oH|Ei$=)estv z%8O7>*<5LYEiYg&Tva5oYKNp}y~pCN6smsu+1)gv$TWF;{fbSR@tzL|eA`sU*CKNW z!Bf|dEJLKe?;LC`6C`W};M1$ZHg%hT;wO6Xb1?SKgFChqytznvs?j_o>4tlzuHSJ3 zG-A|TOxu;{*cPhHkOH=5$Wf%P7n%LE6lm@RhVWw@^@QT{Q&z4yyX3S)P`6=P4e068`ZwK zHU0yf-V0O2=kPwgH;wcAHYf+n3b{4MQzz7j1-q#@y`+O6LDmDWvawzT$Y7 zB$K<`QMjbj&VoQeCxHaGflsredfVgIe*v!?df!gj#odU5v7GyCsqDsZ@>^pFa)3OY z#zSdv)`?57^m(4=6XFj0s(F99_+ zEaJubNLhRrYGCx8*waEqxYV5aQGrH%NWx6b>jqi%Uic$CJMNRw#AU{M=5kKVb0IAc zEo$M9|KRF| z+lHy3%!+zGnvb;^U~8lLl-;K&MsbU8#{}4H zxdTj5j$)0s#u55~NFT?S#mMXDiw4iyt~UI24Go=-U9wHkcE$n@gD3164cY55foeTE zrnl|xO@`MiQ=07~0sZZrh618SGG)(Oq6qGE(@?N{WVmsgsv6OD@UFLN+4j8VnRhNX zI{pFQ$laKD<%?TI4RWVi`zD;CL#sXe4vThQEQ>*)3YJXxrOR9x>7AOY*30hQZ$e=6 zdi!Nd9qz4h(5!y+K^Xc-vM!=er6(q!G;1*5I+2P@YXs7_=YN57Ex`1LFRCZ8vVWq2 zaL+;`z&~H>BjUQ&XaMt2v+na5cL_X`asJWl^z@3^1_>~^`0sR2A~!3*w5~B|t+G3l z4=IDbcMWvIKq^Rm%Nn5Y%pcD|h{}CI7?|}MB0Q5ymdQssvZ&HfY;pE0Q>@&^tb*$! zW!|cC7;D?bwo3jMKPx_jn@V5E2ElULS1~*o%#cyLqOhgoH9?_T5LYL6KA@_0>`SCl zV2v0CJd=QW&uU~F&Yl7p_gDm`;uI(2s?_uAH8HK95aoNRJk z8UaCeFY-HPwR+Kd84_YPvNzwnkmvK7ES4tkiV-cSIZ(Z6KHY&o_?0I$Z5Pvb?s+Z1 z@`tZBaXyDt0(Pm#(MD_lOp5}RY*o))WfBb+8Zv$GXM6X{5l{bqB~sblL8J$B&i;QJ zrzxuWIq2yI`%mRT?R1q#Uc1|)f8$mGzR3%cn|7fbW^oJ@DKP-alz%n(**FFAZea5E zLO^L{UZhCP4exrqg)geThU)WYqOTV){zn!P$@eSlhZjDIr+-)6YSaD&9S&lr&J!LzC(tk z)8~bAdS;=-bX2j<$$~Uv1$}|I%3$%@*R$1fmn>x7z+LB%u9c+$9>6gNZyIi=49fiF zA+RP{fgG!a``g1xE#7wj=Fy=1Du|^eqeWNL3l(kkz6kcw9|Jf2X&zqnUvG-pT~sn? z<3`HAIkEC@UIKq}wupU~wQ5tCku7O9l%&6r`M&(v<0C-$-Wa|0gj+o&4OM2+d!dUP z8F6eS*X<(8>;2|dSNu_uXx1cFDI{v=RwC|QRzk&HVC>tJRjNUQks2W9AwbLUR+-6d7~}E@@EEqXo5sk0#eP)5ZD} z8xIU^`fqxRXC+aU;G8_C#O@h3L}Y&0O6f zu_-fkMfagQ2~JJ|)uL@4_nSbMP2u4O>h-dvgY@}PmVbw*V7FxM!N<;3quu#*smS9% z0pf$9QKx9f4a{@U(S3xempFj3a`_J?+erCow^LXlQJXf11=G=pKP*eI7U}$}EZj6m}_h7atDCRcF_~_FJylkqsZ^b4&yK3$B?n_vMCm-OSx6E!m&OuyGbrtZ3nl&uh zEOl+BNwjnPD^4cDiGhAQ$M4<|y?)i*)?Zesa-hDNZQAITr>2#!J2u1lAHO*-c@MbG z>;HD0FDs1_u6!i(9{Gz|&Wme=IGAz+)$hVWGxT5=`C8t_$l^dp*nuKPnI!onM}uvw zHJu_3&+AU_w!Ds^(`+ z__q)5&?8z8g77JS*2tTVR5n!EOCsqFU3WCKm)6pL$Dyrg}Efl(ni=BE( zZ+ab@`dwjD`gJo>+^X#jG(lOz!$&f1t`w^SC?P$4@xLOfs$Twp?!IMmscOqWy=b6+ z$+R$RzeZ|%=S<09vw2X_5c{DoYNy5etAN}V8P-qNkZNVVbl7-!LWatcxzYr2Z9rVJ z&fBA{IkJ$v&Fw_Na+ByPrePBVa^zVqO%jHBcKfFx)okfzWU}JDQT7tqFF5j}ODZ$M zah}0Hs4`?G$fSW8ujsB0XohisXY` z-Dhc^bgsFPOkrh#VN3zd|J03!j`invD=2kZ{ZJQ#ROzoKj`flV|Brjp9*>O)fEgLg z1oH&@hjl$2P2LV}d$@m5KxR%a@LrMtFVQ@Cv?7mD!qL#b$2t8+LpYd=MJC)C7Rpg zhOvdK&cFk44+M7FT`J1K(Zf$}KjP zKYEMf zT^Q3(q3t)pp27>J_CGG{fXR?Ne9^r;@$4jNKD)g3X&W`=<~qfo_4GknAQfALw&iVG zGOBfHn_L8dJoP~jGqM4!&02UpDrf%$DjKV+taO1>e}=Lu?b3Ebc5yDS3ssFISr=tV zr@r`!-|F@eQ6qm?>5N8ben2%AC0LjhQ%eS+sR|k(w|fRrKes8Zyd~Uw$b+(rNs)~r zDy;Y>GVHvAzmC2sOuJ~lN|Zmkwebt|coWx~dgu+lEpJ3GnX0_#kc~K;svjsSE z&>sb$rbm+*-eVB}(-=0onKy9hP!h62)-w}!*I8@*9OfN2-_!%Tu`0jGWGI0u(~tJ) z0=_v&v1jTOx14(1yFhi)|J3H^?wWm2U0{SO%_PvjGr9naNBTUk8e(k60 zedMho&gb}Mdwfyekv1JQYsd?Xd(9GAJ|PbyV#HE0D7rG?Gw&-3rMIV!?nY`KYwHVx z)fX)`bRNFQpFH6jp%Rh{|2PmSUP>eCC9h_pI@A1X1UF$-dL|lbIU+@AE|k4>89kf^ ze&}+2H;4VpXfOI16I15qf??_v-iF< z>5;`){uIIGSOYcO~VDlmlNRy9QfHJ=^C62U`5bM2Q$=di-p7P*VwE(Ar zZn)8F*!oOq)1u!4TT7&@<`S%F)sQzT^im32$6HHL_4SsEnf-O0J<^To8e(ZmZ+}C? zDC1uHZcHG>p(dSIs^pIe^}Zt^QuFWNW#k?`KM~e~t4rUQ@YIMdJUO{` z2OBW{L8l=X0+j6ULhi%R$d>BIgCa9z@Gx*>^Kuh-u2UA|%E zR;BpFI3&U>!78Fnhi?|*X6?g_eZ3ujIe0%D+`@NP1$~jq=9kX#6JGXu*%XT+irF&w zR@@*fnu$4u3?5wvM?X%oTf2kbzt+02FS_hy{s94?uINK(m)fCC{PI$GY@Tj)OmWxb zx)GUy^}@dVNk!ogYZAWwVs(wLUsi5b;SoL5yjIv)5omEJB%e|f1BDnkQrh^uJ*6T< zf{_-_Mk}TZ-nAGhzi~sL->~b|Ize;Qh-mM5x{XZ=;K&y6+W#k}?5wu<&KoD<|kc&tFij$0oGSdqF5iy4WT;o+VUxdtH4uT zmm^P}_O3kQurCch5e#)m9wo~nAshzRZ%B>~+i?_I+RL>&jb7h|+xs_oOVstp+PvkB z(t6LB=UA$?kN^zS$Be&EdIk^cBYTDpg{SIkdw2T+70p)yyzm5P6_K1kc&YVwnWlW6 zj1+07nR%@xTZz&_Cs~udvcf7^n%GJAcMd z<`!D&jnLCqy7w%vC?>b6TKkDO_2gv4wBpTKM@@xzKc@fDJEinV&n91Mtb4&&1=AU0 zfmjCo(K;XdqUt=56ut5R)6lpC7~jt=wSy_Zb{$Her6k8GOrho4ol|)qjEmz*m(yCR zkd#fz{22V>kR{m97vo!xek8+7$E~Bz{58DY39Z$q?L+ zlm1e4lmFZtW?(P5D8yfEF)86gnA(e!vuEFW=K;2+JMEQeBKgWD4u=;1DrL~3QRuxX zT3(c{MQF?FeD%Ue1+>wXGBZPS?zyJSGd4fTejITkGMlW}>(lugBGMgW1&{Zh+gA-F z^V}i)^DTwQ+oY{-L5KWMDM+NkLFqhi$Id@d9C9zFG!ui3cE84+=9p;m=~A{`7#{Ut zMW2rxYm#fU@TL6BY7^u!X^t0eN=8BBDdXw>MC|_W!>Lnev%Y$n2oa~RSBoJVy!(bE z|3ydQETT9{7`vFMJuiboHr7_f`i6=cG0gbgy4@>7@jR!y1&vvNvh>Sb00cyXF=D5j zOoLTp$Gu~nHOo!{TW#_d$KOHZAZ`+(?fD*XSjWX8tvhSJQ5JY>=p#+*HJQ=3$H{x8 zTeLQoO%CN`K}*0$!qa*53}|Wa4CkvC3H~&EZJjIpW;!nQQQ_plJs00)I+B4hnB?k0 zLqyhPO6R)uWJjgTOHoZ^r6O3*u{v!2?!7Q} z25Ws?xxA72z$pLOKiU^t)+;(QGE$ z#-~awFgz(Owy#cn1~Vlx80kT{=LD^t-MZLp>@Vxk%T_MZO>3;hT=s8bB<-8!;Ohl8 z7ka6cWq=eAD`K-(8bYnR)Qt$Z(ZqZQwMXb8EjHM>zST=G_{xL(@;g*0LYDu{nX{UV z--M@DVi@bSrZFaq-zTpcgD8u<-smIma@A-oKZJ`t>fi}{F(z&+!0v3^TIB4TzN z`AFf=mINycOzr%KM?vYslxboBBc6OGRR4XAYBLhf{YUy>x!;)&;kHV)qA2r|4BxZU z()@^69;d<6)U-wTjwUu%iwmTV6;=9RHe~8*V&uwLqBY|RU`B|Ui&e>Cq)6(;8oF`i z8jJSDKn|}2?O4(s<0s6Cl>yZ)V1aGG24V#_b1qkxY5m@VJl4o`eZ@+3!Fi?kJSl<*tX7m5@6-3I;Kzz0Otv^7|;!6p@gS z(+~KH$E6UI^P*L(jS%?T7y!@|Pyk^6-vAUl&L3Ixu8_?a6|1g*p}`EoP5)?B09pf1 zCGZ^Aplwu`dpe1@eQJq(gb#y?o_QH_dl1;BnvC%GB zN+geoh<7+r_~2?C~L`9>wuz>0!x@jVEdQ6WlrkfyXI( zIz2kzeap7T&Z2m2UU(&;+^Bhf_u;*#2MBLitolxIjF1IF!}hF|NPew}5l`F0!;JXf z;BGO7c;cV%?y;p1n-paqGl=57M2I{C$(_0AKax3eFPaU8cL zK3Cyr#4>DJqUSc?eB~}h*RnRg)4w%6soP69Dx(2o$FeSmLLX|NSH&yo~UJT#uLP1KAe5IGUrNtGc zbLJLF7v}E(d_q8Su^^aIW8^hxiL`C2AMtFoLN)lQ|M+|LP-ZGH&kAn(j&c(~x@?bI2-o;(F)%U$Hag!2_Oy4Z@s z>U%)yk#El)IsGiB^|PCP-V;^)Z&P(YL(HN530D7iA^&*M7gZYgMfvOcU}i;eI>Fj&(H7O|Zv(6Pmw?D}%Kd2KCE&l1Uj?4{32{#k7uOF9K+V8F$C$Jx z=(e@y*DhaG9+>J(SF;){Z1f#`8ZgMDQ7Pt}w>Jw&8%2~I)RgRRh!T>Tm{G5q?Zzb#FKv}U#k$KvK(dlp?R6?bT|Lev>MD7B=`dnud z3)`1{_3tSL1m~wz=JBItk8A%VP81j{3}3W>{1c2L_~hvOxM))^fPt?OxW121;KiQL z3H77IQ3hK)?8@$Vm)PgGwz>4ar=OM+T z8G@!o0D!PNTqdmR#a%U>%Q;X^LTUWAI(v zX1pZZS+rqXNhcFx50-H7Iasr8dqGM)YXBWBd&BO%q-8Qi7+PN)xV>w{Suik60cu%j~#f_p(v|VHwiV6#iQRzP`GRd4{=7h;isu-Nl zQAx|!zZzi%^u55Udz)P9!_sk#mU~xS*LN-{OIxpBY!PAov`w}+2U=PjMcf$QQ~pD|u}Q2r)dh(HwG~*q z$y}im1*yln$88T!F!DWUIc5uNn@YYX7N@LDrOL?jEM`L$RHNCKI`tPxSkl~zO)%oB z(p9C7EE8U06Tr0>it-A>`3Hh|oahC?HK9t*bBXS*ku#m5LrnZ#JOY4IxL>stP%NE% z-Y<-&2x5r6j$AH(b$pJl_;kg5lqygB^f%J5SQjf)o9%c1o9!riXV%xA-zQ%f{k(E{ z06%)sJ_L!FyQ6Hf@EXiW$eHxs)mO_k3|0n1G$aI10kJc6-|I&Mq4=~I*2jBavEe6< zpH255qSHJKgaluakD(^Vt{Go79iK3vsp7+I5bZT1 z*VPVl!@LUoOGe+1)}$B=WvyFs{Re;ZjIPFjqB>$Voq5Rl{nzXimT8*nf8cLNflG|M z{a3RB6E3sW9;Fk`(8pE&PeQQ82H)>_+Zh_sjkK0E-n`QrG(D4V0A!~p?(oxUH5`&Su3{XSX1lZ z>yP7TCS%?BOs@XAnYtQS;^1Ec2dSpLp`^)PEXfWI zwLS?0y(DXyDij5E%=@%cf+;YQNo|0>294ZHe(t4@h1IT<(HO`tc7rdy5cuGUu6=}sO5?r95ra7^6b^+3S@bGlctkWrR?&Km0Sj#}=#GUoV<#KG-z;lO$|q_n z5?H?io^PUWtAyQ<8hcWe40ss-W<50c;;V8k`1NQuK@ce?TpJrsgNJ`+W`CoG0ahmZ zTI9ylMZF@z$>as41;M8|;;Tz$=u&G7k?M-zNh(FY<_4)}9P$h#Ii4d@S{jUmkoeJU zmDL_qQfis}7?~LoV8I?gWl}W0dIn+f)d@2=NKY)@Bg9vLoX|wQ6?{jTr_3d^*T7ZB zjh3o!t~{Xc;Lxv>FkE0DzJ=(!*WR}@jktQvFA=RTE9sQ+GUu$Gs8b-A9|xpQz~&Rf9o_K5a!kEZbd&*MqwIL}nMxFvG^tef#FcEPC_ zQKQ$tABwcnQV$KMhK|@6>w6Uipm(WhWs4uy_ zU?hoS#C!ecnE8}qG?C#!V@meK(!&SnFJFDWq+9o+MDO`Ta1Hl7Yi%^kOL(t#%zqz{ zEFF5Uwa+xgm}Mf1=f1eMdbp>7Ip`#22?~@??^%3OBEnG1*J?4@6qhwd^v1hE+wx7m5)O5~rk6bW~c@sqh* zC?pV4!x03YB_8U&r}rA&=tl&6?iP~G!tLGzon7AdQZi=rT-5~Q#iGcoUaxkzS2tk((wM+ zBcUqD7<*!b2P3Ne&QmBE^lDqX4CW6&;N{ zk6M~9Q>(3x&`PDqoM0YuLv@)b=k5e)KG?{mm1mMT5HMBP`*iXE4M}_Dz|FlGFBea@ zqVPC*@$9Y5R!;uIWKaEXn_MFzJdxi+vbRrm-I#}~TnK2FE7m%2;;imYimnc0?M%#R z4*tAfiW%9d9!BZJKb(bgiT{qLvpkmD$Z=7PL^9S;8tbHZ^3nmly=vX(yaCx#Hqho{ z*9vq+($P(<_vLqJt00q)FBV#^qn0T;vKZj32z;mHcJ41^argTEdLM|`LLMeJB78_a zoIXjca$CKepb_#+1@eqnYuaC4KJH&l zE7f1IW#cL+?a99-eC<(;BX z&-6%_mpT8er98aT#bF^*5t@)1SA<)65V1crsW0?=>YpYX zalC(rTUa30!r5`C+-0vK3P>?(K^O1#6!{_YA>TrH})|{V{ z7Hcn09#>Fmiz*Ya{(xtMByUn}*5lt3$0BmARj|uMIGeKVmywcc~h~ccsRB#)WHTDOsz>9yAfJ zh5^?eo8$9yCXfSh21;gf<0opuR^8fg{DS;w?6S5G9mbyuz-W4YWFUIqtGU&~Xf1IN zJ*EIFLbV95t9lI|p#A0DP3mHy~pgcqgkfv(o&Qy~CsNwX1C zb;1Y!M!l>zZZvH?`%y02|VFzG)77+J4m{WX;?+U7A7kV1{?r?^}3F zpC4x}<1?Dgx5juU-=UaFzV5^Li(PT3;q$o`S?QPq-#XiFK=gq<+U(?E}yd zz;uGM0Q9_CFk$*heE|N5wldhniU&j_G(joZetQ64)y+la3SBc@1Nh~C9cAIp=MS?a zsLRWB%!&(*X2Nql%&j5@xqNwd5+N0oAq zs#*LN;SyOqS@Zy9^msCvX0qnM6#GL?zGx2%7yG^>WuNBSqk5bhVYAq8KMqc&5;lsF zcCXJ*)SKcAQcZB1koNB{SqIA|2)t}AF=4r7-2*IV;v4VU<1@@b*Ip*r0siX!E$b)r z>;olTSoev|JQDrq4YOJG-gI==?Wxt`S)RUQiXn?Esw=+DNXO10cG#wKO#tg>bB|zO zQReoS5BUr-yW<=Qd@Y?AKF2-LraSrlF%`UXglQF-ydDZCl*G5|yJNE`qUP3hdd(_- zIS~clkGckVJXZpWgt@zu0pJJZKGxv?WOPQlhL?%tsSx#mYbhkP^!zlc)hPrWG1ZT& zxPcIcWgw>KK!s;IOHh6dNR{0L<(KbwQj(%OR0ihj=u#!$4@UL%$RPdYunn82`_Wl- zx#0H-z!k>9(u$C8Iw@R?b!)DQqMNwli&Z+WMyJT4kkO(+qi=#cLx)m=Sl)c54Hi)` zGEaV_<+IdM7`p$G?6kej?eauQxPVek8zSwuE5P)?09}r!M*V=0p=G?fPW$C!WSDGd za)nPHEl1O3>NwVQ?TuM5I28XbNl+Xg-r|*++DV%@i-`i3)IwUL2w)&2?AM-HH6rC8-6g{Ag=gg#~ zRT2e~Z0-DvPpWi@N)2yE%^0MAAwaUQP4{f61e7_Ph`x0iFWzq&d?)kO{`eE58w&PA-=kjBFhw{RMMr(h z^bTLEaVqHw$uG9g|GwVUa1HBL5btl<;+q0dP-n^cuS?Y&&}13OCZP>ZBNCAx?R!M{ z9LGIGjf}q_uWf5ha~oPj?-8ZzzON$^wLOEnY7|o3qtLOXh%EFMaAms2)M|lK={}nu znEwdAYf13o;Ka|5rU868Gk1D$7P62mtKQO>>%Q6wfc^;HlY02U2LV+%eEJrwl|bzm zB~0>vSglx3&y)PB{tQ7$a!@|ry3@pbGwUUzxLXNv4042-J1Ra(%BGHe?L{LFb z!#~q?HKWJDjH$5PF=PP;D5%dcaPJ_{7v7Cf9>b7^0DZJ9P3lXKv7z2}I~ zx>~0;!>+e9_%1wJU*9_HMc`7T~J1k9GV;BAlYPmq`myn$nu~qJ6j1+MEKPtR?;n;t8~*k z`@61Omm7jvm{;b+gELNE$CF{I=E&i+gZe_$=al+Vbj$nLmnkdSUeDC|$yCE-VbYPj z$VKC-pPByg@`-@Q90TS;USxpq^1Nuj4S5+P$gGQ(!27Z^-uoo+^684#k-m4Du1Cb_ zGBb{^_AO~my@cJT%uGepGi%v27?TJ03h@Ku?&#N`zxB)M-eg0~vDk@m0KGrPHFCKA?U6-D=ON@`_Ec)>jZ)tH+*;u8ybOA5F z#O_6xTQPiF*EHzuD)`sovuCzdt(OndQwU``4y-7~!{IMlJ_e-PWOqvx*b7mDXa818 zwxh)4zNeLW6U<$hsWEAj!NS!na`*gqA3O(qcMhpwxT4Xh8#&X(n|b7Uip98kQw54} z)n(?AaH7>^kJ*b})7u)xkd!Rr zGjL|Fd$Y2L#nLeA%9qX=Ox(5GB0gXQzEr2%JO+*9A<0KbX+25xu^M{FX-$R;eFU}t z#gB9_2aoSOVWx%C+MvSVrMg3tLMLO+i8^lHhd>#=^X!EtcWD>xX!NSBRXkpRG!NmO z=(?Iw@m7VNuqXKm>&hwA7=zr!td48UffY0{tY))E#P_G+u zxgR?`#k-uSuZ)s9qN7Aa(&Ik*xShED(I>BM@N#F?Hmwd{ZtC-yk$>6ZnZJ* zV!0`IWrj`jX8*cGs!{y|O5)&RwvE&dVS4f_x6Bu_`W^jz{C@PA-Q&7CI}fbo(imTD z@1EC;GhPUnIUu3q!-f{oXBBI7P$#s!!Cb2XkdWKWv>?pXavU2rp0%-<-2J(>8KG#3 zn!H>LGeYRxolL;>MU9lPa0Ez)S16qHcmrPs6BIcWv#s4f-qgD6SL@hQL6hQ#Tcux~ z&RmKIB%Tqb{^-;5mbpBkzEmfZ+NI2HJU+W*YEe%)+A(X)_BqD*M5db*qjz-k1?5!( z+hz?SPr@}W?p(S(qH>^gtunrJyO@I({p3 z=hnUTKkk^Va99llM7##8?JeGJDR>9^ixOI=5)-}vhPd8Yj&M>gh>QYv*cpA5qKpFU zftujGKyA61a1rf)LKs=+i2v~Rv>LdwM})iz&hpXrx>t|)Uol%YfhWz&**At=)Ci} zoT6Uc)ZXf=ovv&=i@fvBjS9C~(0HeHM8Mwt#cE&82)gOz$3CH>1V?}H8M+@^7U zBT63c9dgW0>V?Zh{ZX7J%ch@8%7Dlv;*u7eY?%x(>pXX;h}{AxAb77krQWINW%{?B z9oplC@eucZ*xHSA)qh_=At(K9@Ad-p?{|DZW6*4$1lZvh+1o5ta`b}%-lVZqS$Yvu!-Jw!~GM2hSe)OKqb>E#VRQ<=*jZdkn z94)(pt6MkJ+k6lE*%=}Dnsdr_E4AlN8)lUC>4KCea!Fa2z9>fHoNmp>zUk7i+2 zNv$2)9~0*0hdLj-za*}z!KXM^6?X?qhV>~+)hthmiU0{;*}E$*W<`(DDy)ra+DMJs9=kL})g4T~vj z`}eFbDwAV_P+4+W5xAt(;^Lb-l+*?1DYx6k6`9lgDhwu_U;iubFOo)H-HRjb_+kxT zauaqXy4lo*=+)y})?$F3rE-@A91Rt%$Tu$YkjSg+@yC&A^7LldyQLa_kWqj-PY~Em z;W_?+aic)KAa6cM4&C1l@GR+8f*e{IX2hkAh3JDU8GJdgbsQQMvcF|Ob=$4s;JCWT z(EcLOCvzqBLW#hxduvCbOGm!&Mj-Uj zy8Ta&lL@cWDQcgnt-bwv+$}_HNOfrS|6}XDGjGVKKK2e*LA($_rm5* z&;uV9e}iQElam(UIV9pNqvyv2nW!x(Zm#j9qzY&x|EUqH<7|v8(`8+%fg?OB?HX2? zSN6h%_#~Ws7gi*R-es19AL{{OC{i!;^sQc8gEZ}rZZ_Vr$3x+%8}{5?l4d>*&g;aQ z#idMx_30-}!~up2Jc>dWeTF*)l2CJax`aE`$vicg6f*z+p5R+QuPeH$SABg=x@9;P@iGF#SHfRUlYd*=ntm6(QAj9`-dqXzSZPy86rJti{)UO~Ajt3R z{O9?>)VZqXzP~Emo%V;PBmhHY(D3+`nYv}4Z3&&rN;D3AT4{2bHlNrkbE_^qIXvHO zJSS!p_EjltbGv-rym3yiIrJP3t5P{X;W?MA9^W|MiP{jZcIp!Kwn;o2KA*EMlknpR zeE$lFKwh48>K>`o3vD!INtIki`mb&mY|7)_34Y<86tyceCPvd}zJ-ewoxk2|7O^+F zOvJ^a`HAYaVfbF%+W3JP{HbWls{2|~-$11v!A-mPIgy|paeg5CA-@eQ|DwEz=`3pJ zgFKExeOvWrxOIp)O)Ckwfh`P@om{)512pHUfJ72>GY057)^HX_#zMM#9;lZ@dC7EN zBd>7dTwMNXNMLaD+MH#L#;x%jz$Oz9)(6)cO1}DQlewP;fekqrx)EQjy~Bgt7Z$ha zrsis{)i?p6rSlRHQP$23YXK{{y0;s^y6k2_!!=st!V6^t3Qx1eGH%&gh!DSss>fR@ zt=7|cq59KY7{d)B9R=lZB0WEVj^`AxXz*8PE+M8G#lZlCdg^5HY0HO>89TBiba z$M6B40c(9(-OwMOdjcj7NPh;wX9=0vGv_Bpe^$8&lM1t)@Hl**^~H^8Jgz`SRnTmq zj!P5>!HKl^D^DN%=gzi}SX0Pc*&6UQY$@-(9M?q=|N0gN@}a0T)9KXtQ$Vyi*yMIz z>AG{A>{Ck({P~q}x$NR&l-L4s9AL8}np%=g#mUXj&*1mzKf`kM91`fz1s7u;YYXPxz5MyE{?ts~NX6t`!R`Lr z_PWU{HI{%Cjep+CpGb{GLVO6C#`2|;t+fD^snYr7PWif!9`5op_GVRdG+c$sBu_obI7o^NTt}5 z701H~SXHWI|EcBX7vSITjGBE}ZRhU%+4BL}!$u=7Uw$STu#MX9pZM;fa~jI=bOVl;vzV3Z(Jq3`WX?Y^C8oFD@xk9&uf=r0Y&G(GVY;n zcqL?T;2m)M=%n?G8n5*K9zXXK!`G%Y@V}40BASG7ZESdO(R^Y+H)_Q?<>|M(F<(hw zF-@1mt3nmD4GjX&5!9iJ>zDpO{FLg>K|P0mp?d9E?>dwH1TI6{-OUDiEM0iMcPVJA z7EEb7*gq9oyftoFfZHfib2ha|S8}HaK?5#8H;0@*^1e}Ebx!)^TjX<-1fqp9y>GTQ z27F1+JwoiJ8k8ZB;hX`zM^lR_VqF^>qhJb7nTp2uJ^_B$8tjoe_Se5D!C=tAC@OPg25b0beq@aemqb78x*4 z|Mcm;k=MLTYj5>uXZX*W0WvRteAUgX*gQf({EdbNAUs=1ZeO<#-6uxBk5*`TYfJfV zq}|{m8HJSFB2HHao)FxO*c%!L*YT`69uEY(^Dpojn~$z<9Uo`QUgUfbmsa7FL*9$( zbIkJ%${!<4?*ep)rCCgKDTHHn(Hb8x#Vw*w6o}N z_&C?1ZM^wiG=p7cD>)W4JbVGdT*WQ`eAe!hF+@wXeZp4V{hNP-XRpEbg<6IgK7-13 z`Dyv6B_pE9$HtcCh!DOvFmPL61yA(ICrUz#rjGBT4UIRT`~3rvD-xAQQVylFo9}dK zYNEI>#u{QKk71*+#c@5Sa#8NL@ajH2)Ra-GyTN|!P=F=DSM6C2aPjHGd24e4Q?hpW z1cE;Kn^Z0SDuNn1NO34gNb6deSOL!iiv~Z3PPef!#!#ndft04ESr2ry9tRutg<+zh z-K}6t%9Jmd#2ePcHxxTMXfM!`-z8KuDQSr}kTJ$x*$X^-?O)%5hoo)i4^6X6N&W;& zlob8~OIT(`^r+(O=mqL(b%87XUXvZC;3mYe$c;TPIH|v74Lm$>v%^z0V(ao+-f}^` zD~RW3V5%wa4DYiqvH2ugG5AgA0w&%Wc^q+m@ku4s>dqRl(p*usc5bLtSen)%w_Kva zeK=J8dKvNE2b%1i&xN6dCt#9mfr^HVL0ocZ;52@9(nZ6^j7!m}tKQuU&pLMJ5Oe5b zyN9}6H%}kAThD~)lW7Y>lYmF4(RFizUgq#O99r@1Oi5=L4`wUrJqCb^WMo=9 zzQ6>?hnOTPAE#3Q*qfsU@?rT{{(m{&tk$F>i73;X1!BgngmV8b-+e!c#ZcIbDauZA_PNn7{Y}w+_%Z? z-s}k94FJ{gL-VkK?1-Lul) zYMo4dX~qnGbGmFomb-DX=&u|78+n0LHOmTMUkxm_5dBShNVU49W57S-M^o0F`;x(H z-FINVrd+TNpcc!?dkd@qZ@xQT7$`cpZ?+1c$ek=)pjWh3*Nhu8Bo_q@X@7uaY)lKe z=4O0@w!HW#r>3m35AJUSgaL&Z8yDl*#PrKGX~MoXd!Un0JA!i-fl6JK`i>NFq#ZP; zIs0LDoKeYh<*GF|30mw=OvDqtt#$AJpzs*&jx#e%wO|Gb(TTwMGEo8YlX`UXKV_Mx z0y$P=aL|_^%zFoTdhGqh-Gzp00*)9zINEz#K_#}~-50vMiZ?VM=$R!ek(AttYKptm zMRo1BJFQiF$Ipd{iHa$G7fyj)NH1t@a-C1pP(uOMG@s%Th3r5HjCw-ev8xYqLQSDl zMFy;QZRxpEz9p&y?LiL07zwYg?OVgCxk_x%kXpGABeNFvfwHVXVUtzN{-%^k;IwN2 z(A@pq5^P}-S2II`CE!HUMN0(3+u{9Z9?IALkBrL8UPef28mww2-}}F`Ir_rq{nl*$ z==h|rV)QC>%C#lf=xbY~1}b$)&*2eJBnP%}@RT-fSt;3Wt#JZZQ()2D6chuGE2OM8 zRH>5#l0#b*|D$2mPodhr=7CnNFl;fGF|)?6q#8H$6fE_iZqw=ZK3UXBPO&!d+w6&B zZ~V@YDdCLnwG}tG@`c5J$h6M9^+|Sg(h~GK(V1AvT2}k~A8lm+f~O`XB6JsD<1HjL zNo`^`lkfhWE!sm$HBdC>U9+d@q)?-H0zUa>s=y<8+UP=-D4;ECZZbyG=)Lt|d1bXm zPE<@WOZ>sB+m_&Hn={w`8+zeIy^%cZB4W}f-{|F1k`2e?9#0qI2?Ehr`NMiDOsI#x zX*If}8n}f=6wDNGT0#&4b!-igfqHL9?f^y0znZcwD|bI)G?S&~#Ru@XYB(?KkX}Cf zmoY6*O~?$H*fwl`b;$@%6kg1g*yhsQwMlji8~B@P;krHbGQH+`ZFIfZMyjD#vOWFK ztqR9mxG&D!H6N#42Y)+V**(2Z^d|F}I9MZ4AH=O%o@%QrcLuwFHD)t>s~ZG(V29## zptGb$qSyRnc!Gf1`sk0%)U8@h=(UouiBd0qh6{^2dfKt_I4xImH3oC4+2T>;&{}!v zD)5%%uYUm6y7-21A*f|9?}AN=cU##2^NJ(q`j{C92Ta=}YnqqBP& zCTpX#i?0FI(gh3Fl%`}`pl+B5L!Nc+x{eK5#i{!#0!^64$8_t_K`!np7#94>Bb6$; z=i4kZ|K009&>C^+xm0FD-46`?UEojJ?T?KU}0zL{VceQx$SIFZRQvPIU4*`+w`lX@ESFy$H+-PAOahY}3<~P2O(6}>=j?bSn?^#;n-Z&Q| z;QAUq0|B@$dWURE;wn+GhK6+{>XP=up`@_~@RHf^*P2gj?_3KWJM6aX)bK3=w+;<0 z)qZ%psmCXRp3+73uAVknf8v1xeRTwNE{rSZIo@AUp5+$|F73vZj!BBWbnWCom?{5!N07F1g=Muy zLn8AI8FphNAGvi?3Q()44gSH3v6p;JDooR%?j8sVlu4o|i(pN)Rob-4TVoa`MAkqYz1h)2QgrT6rtI<7mAk4Y zGjOXf+mBY|^QX*$4i4Ol0j|R14|oegi>54N8@QE)lj+(RdNBm z_D6vLT^=(11UA&pXh@IC@9yzup?m(~;V0jz>KzP-w1A;Ha*AtxNqkSZI<7 zAiEaygW1X1t1jXL$=lSsls+%eB{w>#Yr|`ZC)4-FgHSYrGGQpkWghQWz{CRk@)SPj z(Hg}rl|<&kDxUI8(p=qXh@1EPRyALt+Q>O`ke<`JhS4TJBEvA_N3oq%mrv9YQX*~n zd$VcqBnQqnMa1cW`rDoRgHIT;-_K?nCmo}9+(_psSAN%U>tdItPE||hyQ^3wYkB8D z1;=iH5p1X#eY>X~bPIPv&SXX9vdrlzH7MVf^Tbuug&>~ReG+6EI;o@?-1c2eU8`GM z;arqlxJAV0+Jlgz$*fO)F>IZyH27YWN77mSL4I_;=rfJeTLM`sYJGkVk+laHp7OzJ zYu23St~8oY7_)pk`K`LVUc}iuYxs=GF7uq~cn>j#ob1b%a$nEy$>mtdVi#4Zq*5Ku zHp)0S&kT%r+JH3fGGkPQRXt{!2XqevcXcGbmR9*dncTh{DJE-}e`CgxZlt%C%hQ$m zg7EBHQ|KuEISSG-iD>wl>Nzl~R8tPYon6xbP`9Qu*rY*0-P785CPrs9<=!1NuijZ? zE!!hq+K=&FU8_qoJWv{gw;qWg@i}WZAlz%Y@U_=cBPr%RTRQxKO7#(9R=o6cCB}f@ zwq{&cF)U$n{P6kFosPN6ZQMqFi$i8bdnt_*wm?D&VFqz%exl6)i~D)g5cVH*o)EQM z{AF&D9{s2wWUlv>f=e`er}5wLPX4%BhvWQfdN$P|0gQ_1>%k?j?>n@m*QeKRjKBe6Xo90b0(GZwKTil;rDJLAS&8>D zErtTF?J!Dfp8M$Z1G~1j*4QOo!Ko#^xElXeTDf^x$==RA1Pq-1zH>`uIFm8E^#>A~ z;xQ)FZlE3Qlf2wlkAEcL z-`v}ph8(C~q!Z9m`BL`ggPy^x`1$mZO9UN~?V~(GASs=7_!>f&wH;pja1r~=kj1T+ zY71%@*`G|uTlAZ+;(4LPigw5@5*$qUev-vMUlMZI64TM|93hsxJr9nf1P3nx3%ii} z-%CR?jgz7stsGT?OJxrY0=bS$EwE82`r*P~`tK@$&YnvTayUi{K5U_-snA|LT&89n zXk!CiQ7fxiBevs(ZYdx#1&;SPfeViAkH?VIT;{mnmmGeNF)ot?PSX^{&(Znm)2Gx2 z>u#V%HyV?l!an9tui8H`_uo3U;!PGwR+kx>U9W`4MT|LxVN~Wp`#mrCU}K&{sZtK~ zKqCJiOq7yecpKwotwh_08JQY;v7{^r*CqL@-VH~4x7zAYGGaP^UhW!(*&g~@P4Tiw z_r9sZt3>7PmLnz+iXCL$Vb}k(+Q@^6ia|#3p(M;QlQenht%dvjxBAX?dhRZj8v6_Ea94{(d#Zm*8Ak9~ zBB-yD)BneCX#L)u3R~d)1yVqI@@IV(89T0%S@*DZ{0yG}bIutC`M!@YR8%qLO6qJ^ z3rsHhaQva6;LpzwLow`E2owEbm0KU1O;UHc!%{VBrA3yCU3xUY!7K$0{|&=RHe{ZG z4M}__3k29)T3wsQfez-^pUv5zv6!n^*6*il9|nxqD+hz*yX|h-#mru7&@1iEO3%HPfBTFS3-)s@iv@SFac_h3>a=YCo17XwDZ{&dnj%5basb%;Dra~hG zReyy@D1P%7dmcdTTivRU!I?h)4@!XcW))`*y~R*?W7K z_FffVEbP;O4mbNRC$1hCcFNE$>)^h@P2EpBzYILf7Ptv+gT{kThC6$7eoRzyaY!9c zlH zlc(y#4Acw1s%Cb(YzSl33&zX8Pg1wyLB*O;UiHxs$BQ326ScBQ$Cq%y+!%Xi@3ZEI4kPwWBMsJ5YZ zK<0M&S+2d&6(SvF-Z)3xAJ*VFrnR`#j$SP|d+i-k-E33Zm8P_%!&})~wH_rB58NOO zO?Y7zS+l;Ll}UA9ZSJAwnjlIhYEDUWUN?N9YAy=?B>D+xzpYv(JN^9aCZM?^yg_eN z65eQ1{n#pRu=#p;_KkbW(%S7=x9*Sz@XrEpLl?krZOy!m>{M|BZWdi5%8Y7MKhA!R zeiK%(8eyftP^_^eBbr&OfbRTbOA62%0;S^^zv>rGFR6=fH%KzifuDZldzb`}(0`eE zb#bbO2d``H?-pZKkFbsHrslK`#*_>aK_i!lS(>|c{^4{I8iwxzGRuk%zS^e%pKq(l z=7dVsez=!+h!7`(>2KQs-FiT~>gpFl1{({gF+HYfU?`pzf4l#p-IZ>;N7x_G$a&qj zep7dKqB3~0)|NBOjB~&31*Utxd&KaaT7j8E=gZZD1K}x$*7xf<0^p+fMh3U>=$IIu z*Dv4lwzOn()y|`o6qFRS0RbD!qer2AeNF(5w)U;0!kbQV8h7QIfU=2M6fSWXP z=;=`5CMuW6PQ&imCR~yN0wN%OVi?;BkUAA7(*;%%*&VJ&9h#ahOo!>mUUM6dCtk0D zNhlkwXU*0t<7%xntqRG53F3dbh`Wtg#R)=^%FZnUZgfv`f;KIul>{U_tkO%HcbpUa zJJvmfC$8b!tY(0yU6;RKw(dHB6f{#Ui$AASe7V2+M~oGBDz} zIGCWYY)Zz|id`M6OujF$oT}efbybSp@IziHEhqdNdzZOd0m6YHW3s^qZ;n7{1Qsxq zt0=>wHkSU9Oik%9_4GH7z32o}k)TQb=Ttg0cNGD8NbP$0d#DlP*GOQHW9uTIXlPy% zmK<5;#Jg5T*=X0~>`mUJ+PK9)c7wtwQ8t)rEJuusOG4cy-8EF6MMPXP@a<7~16NQb zOE$jUH8lw_ga(?ZY2KOLznZrAch}FhvFh`D|}8kGm+rt3na_T9G1Z%YgSx& z-o0GCn^R&s6>45$AW@R`t}ot(GOF-23_WC(xtdBB@=5jUXEXXyuv>&}n*VLA2uB_^ zUZKZDt)s*&L_sz4sy-9dnhV6th^pY8%Z~{iw&;zFCUKPzC54Q{UOkZLlq}0}Lc6cu zXI#;)#+Jpc(J4b!Wuw*9*(haHMSUQqa1XNnf}3h}U+vqTXNUrc#A{?{*B!iRs!-i< zpOYQh4_5pC=0;Jg6s7E>vkN9Ppn`SNZ=ZP;8(wc{x zx6AXN)|$RCJXB=%c#KhxdCEH1So(>bp2C&Uv29-F?;Cn<+oI_At5Pk1+_UgQJ-%|u z@os=@$dsjF^BbnLaYyN&EfSl{4axo1tDlu^_u0^~o7eQ0=(%AVeA}GAci+59-)le`V!aouB|N zhs;=#1Ky>y*GA7_0;%>cS`!LtzgX^-+mjZuB0g}`bqVA1T){8qfwE@WY8KDF`mTQS zj%3>jqvq6u)DUDn)VCqQ##|)Fv@uA5tWxbTlL?fvoH=&9(s5={PvVGFd8Q8B17pMc z3@;lLwx6Tfq`@m@0|XZCSGeXiL8*^YKGa_wTNx(_QBh6(V5@?|FMs_s{{*+5m$ub8 zVJbfLGH#6uiok^4Rt-KfSkHW>%|R86=wz+o@cOFYOFh++II61>!O=m2PFc2iiozOoe-;Ix4+!cmuWtEM#-W>^3qi-Bga3YTYR~ zMRv^f*{JDs(xAG^;P8!h*W4&RH)sT`96mF29W=g{al*KZf<~|nIYDL|dtL9Xp~Q8R zIVxIEJj?ODFz|*Acw{D{FPID@F`JrE>RrlUPwlewq;rN9Bs>H@7IacXlPrYV9*XD( zPgg#&Hh7**^3+Is;)Z=>E%N~p^Oo1i@kZth0Rd`@*oaF zUT1`r35RajGj&%#Qn;&@+Tre{5C>DWiS*t1L*pU?q5XIMRu4X_ZPR$Q^Gzzy;;nMd z>Xp-!1tEJ9Y`Q7}>f1c~QFBSVC@}-2%Dg1wGipq=(Ccb1MktG~pzp)14f5V|@uPEj z7jn6rndSnhV|oyRTu6h^^|BY6&@R&Za%rVA=j>1mAij~e$%J!%S0TrFTqEZ;SrzWH zQ>^t#gL#Ygy3|8lvXQQ9>Cr{|kOKDYjjc3U@gTS^750d|VoFNDI6lS2z_kQvLnEuN zv=ceEn2_`PQ^FRxfW}-~+Nzt7Mu&Ut$esj3eDqaCcq@ArFA^u?S9x;ua8Uey=1s54 z110qh@=8ccmv4wwd&Y9DKOpD>t-QI{nT37)uCGAG0T25fYt={2e&xroW=}63=in@H z)9%t`K%&(-yF#ptLl&Jih%Bbs)y|C4Nx_sp@a2EBW-p0m9EmE>8T{T}3S(6BVQUy4u) z#Dsfm7NZ-FkR#EhoMRJpfNB!TJIZ`z376mlMdSor@N1(1WThTg;GMoDC+=+Mq`peL zXI3aE>nO)t3iSw=UpFY%Vy>UNTyyYadt%n9SNfMr3}XFF;ggG;IPWBkoR{Y%h-Iz)pZ9g0hirHSN3JqM3rx zKWwIkM-Vr#y?2+M>Ffma)p^6v<{Mw!#xYI3hro!`#mEd7$LWWy>i~7%l(#NvWS`E> zJ+>{BA@rTcR^8E=O_34Wq+|(LgTf(d>jM{8x6WkNlFvP&H=!Vg4z=sXPV!C`G@l~V zZ2=QVjYohFmuJ8|TE4?PL1pPwln+d*9v+5}l&mONXPNKzpr_;&3pfg3zGkmXZ`W%- z`$}R$gAvb#Mqkv^3_EmqqBk7>!{HsQf%%^pxykD{1}Eru1MG>v^e{Gl^j=14{AN7^9kiha49Eaz9rWzR zR7>sUpsDC9@9{4(J*{3`A8$QfaH$;sW^0xhC9*a3XOW0YgAG*gALYMse)Knu9NlGK zm=mNbHe~dQSH0g)$@EogU+xYG{KYLR+R16x(v#AyG_H^9+pRqute0unh~BIrKZU18 zvr)s@sb9}cT-KvWEik%}u>!>+AnP-N4fSl3>nkq#r>jgYA{;vX5|6Wn`DEJ-68c^& z+5)B{*Eyp!>T!F&a(KxG%lDb|6*Ob-*Z`=)OHm58zwF*+e*9Zj_O0MzLX0WeM;Yql zqedHl%~*U=B}|SUO(+Rq(ifJlfbN?)xE&YDddK8X{AALMInG@_yRW+^bhu7w*a^Jj zs0~?qZ?@%KZQkm;Euz0ZJrrFU9Pd=baYe}weN8`?OImzGQ^N!=$5>m)(fp5%C9JKn z@Po?@CpDCXE&Gj~!Y#&k(fE)VLnS(C*YDD0XAJxvAXGiqAhJLl02sYx|OO$8-|3 z+4&5J6>mg#qF>rP&F9rE%~xBmEJ#Q^P2_)<`R>05fv_-qNfm#s$<08p4lAq6r2nf# zQ*csQGsgdTwE}at$y%CZksX2*zfch(;wr4TZ(u*~3;0r(Sv|O|3AN&5(Y6fN4pvgk z0%~87*ss*9$i0K43ae^=eYZUpOpi!9$_cfs<0o_>#TE>uR0I1`? zBQdMkV?DCqlRe)XnlxF*li?IbY2xzoxEB=Eti$x<$(2bE!^D7}-h`u&zH}#_V-OII zX`=4RB^jYW%_T2t8o`;S3Dnc@76JAvqi^O}%G*m1!sqQ-6VPv0G!DJJMREq^lH7HU z1$WIzk0!~<^=oOk3T~mD({={(H&O_$Wy^xH9@6^SQg=@k?tZ^+@~ol>tLzf9jXoYV z&;Z437~ig&{2vAWSNWN~zRr&JNJ*+uW4V#gvFn^rDpvW^1bIcc!ApCW)(qmCn{Ye4 zHs{2XT$k*+5W{aP{grRFyA>}>Qk>cMQ`KaiutvJnp%t#-tI24~^;Lw__rk1jtMO-| zZ@Bfkrv*g|+0e0d^SYRWCKYsMwV=^^Mdv10kkEEya8WBH8^!~}yioFi+>UELLiPay%*(9d^5fl)P zPUPoLfKI%EQ+ha4%_wbx+eR@z-i6H1#xGoO-ad7n-8Qb`d-C{eIfbw;%(g<6_9<)2 zM{61$x>@3-l|EA3Q`b~Gg4w6Q_wgsCr$4@#r47*Q zJ#zPMi#~54CVF#y^Kf%u(<7MgNrIwpqafWYCDSkjyEV_}ybZt=7(f<*(A zH%YyTpSB0s91!JkotJbZO)99*+-h*u(>U6;I`yM-(5Wptcv!#auBzLE{++YO7_uvY ztp`h_G;rw_k(l^LFvUIYRLoP7{M;`9oT>yGYoZ+r| zPoQgayf=VBKbUYhaA2BH>djxe>a2cvXjjU(rq*rL2^?SN1#^q4c}!@a%y+rVJAdSS zL(|{_gPHX4^I{e_H|CMe%3s^~NVsh`T!73x+Ck1M)xO>_WTyU{;v^~D zwuhTCCeJ5@l4X~pdF0J!9f{q+w)mJV5+fRBQO)Bki7D23BH?-73nvDFRo&&RhjMj> zjbAt}>oK1tny|3_y0^%NJIc=>XLz7yAQPXjt!cni&rYj(z2uw26N~e=518ns3x$Z$ z$Abp91G63^T`FeykDDsmCq2Ke=j-!E>$PA?S`ygmkl+iCvw75}1$5to_0@*D68T*G zSFr*@f$g5GRP$Mohr2Hot^A>k za0`WWj>uXu)qFKr(41Kkm+MNWLC^g1{yPO~eV+k_T!?O^a%^75dfndVAx<|q7 zdj{qs=9h?mwED6fn1^a5wf|E@0+D{=TDbQvNBe87>&28CChd zjG~Gmz>58a)A@+Hk!5Nh*&#*SQr~4WaOQ)R=C1u=A10h9T_gUS@%S;grQR%ux}O=4 zK`0sBaoqgG_ldMMS!pfITz4ULI%v_ZO7r0`Awp*dK@>e^bps197$V*WH(OdQY34jU zt(NH~8hjG=R!6f93~hB9f;(NgO@u06Mlsnd2h$U&W^ z#KM&}7t;*5ccnHuy1-&xMKWyUVv7o3fL#08qUav2!UjQ^OgTJiC7%j#+2|~ruhHZB zxaqzJlG_zN$C|WcTN63rLH6ph-Fe4}_~?>bv?|9p(t%lnztD)s2W0A+7iStebao%F zTcz#sjrs%Rj<$$($~B^=38wmwUHo7elCFiw2@I)E0)s6iu;kk^??wr~k+sF)WF?bJbq0 zoU0cGAsMe42*LLdMfU?U+<<_X7L)wkL*Y91v$TP@JE0gI(;GwnEM@5%7chaZ(O++PxsQ0)Ne-YNur)+HE>*XO!iuV=EYmU3>)C=*#Q*PYuP)N&l?A^P|F2}beGsZqQ1LtN0*_u;KXJUs>ASar zafn6HN?`0(V@2pju0v>0KoK$EwHICZZ+B+GYHs>T0V(d(>e0aiDxAu7Uoyvj?UO`& z#W8st@|GR{oES95Gcx~H!uOpW6W7~Op1I;1%5aONq8eu&m-TuH=7%=RqH;-Ig&Z+{ zROK77k5zj{Y4LSxf47O8tXe0=p5mMkS{W$^T-~>|g_AWLF}C>W1Civb;xep2Eu!t0 z{(?5SD|5@e(Ejv81{fIk2w8QH;c`kkXx<;Iv;x#?G4?#Fl71&&2sv8@WOTmkKF(FH zmx`Z?_%qS$a!QZ9ae1N~uAuHEp;~?ZBXb+6p}?;28-1xbai~wN1M>zLu7_XwbGTmY zui^T8G$~?5&YApyeuVlh9Pl9VY9ReOdCvxEUBUdiz6oVuOkb;8pOfo`UhWA(NOOwr>jKc*Z<5i#pP|(;^*Za2 z2*+TANa|BLl{SL8hG!X?g4<)vS%nq7Zu@v~&K9@jvMV|DI*yxwNUC6e%%^f<7?qYN zloEofFJGTpgqXC#Ly)-Ck$h(b>tZ$Y-75&wAOF}h1hs!oEGJAue!mdsx zv>@B;*NCv}Uc5BU6TNZG9hAor*-AtgjQy_p5igcSVl1s5UD~U?9;Sul`%0Qo zpht`X#>Y^Ljz6pV^u28j=u=cTDEByk`wKM}P>`K`}jIuLi{o8d+)sQN@O(bVlfrs$GRsC?#u5{fp6}M6k zbstx*M8Zt*!wPWinhr!mD6ZRCZFC6?lIWL`%}&VOvf0lseM=bKtNh~PR)(0=gSuwG z$lMGNS_7vD8em=}%C;`*c8?&^r&xQ{X?BsNgq+D)qXqha%H9nUHzI`eNJ&`Mj?T@i z7ghpzE_7R`-XD#eENtfNi(T1;=4`^9Y&i{tC%e$IM5{2HC&%3r^I{I4==8%OyP4{} zS&UF82mV3L)zlCeGt|X176TK_Wp%qTXfyeuP%)^z-!E`{E!*5;(kpqnXEmed{Tei` z+JCh`H0P+DebCvee~?)}=V*joc+AbJUs^xMs`I{P%<5On2_v+`R$OykS9LJcxIuY@ z_Z6Cc7@|4kiYdguMB`uOxVj?^utW7o3|UBNPF+rb7S&_i;vg5Gi=Jv zDt1gxSzq{LQZ-<4OV1V8!$#LCDEhVmh0PeSL`G|znk25yVi0J0pS$^QT?YTyu;{oo zC2`2Vp-S{lTXrdII!MW^I?1wu&p>z)_0onN)1Mubxq<0|1eTux^2wb7r`qMPErYWf zuT^)Y>XI?FKAUHm8nk}|&Z_v{kPWbG=4RCn+&eLCkd7HPqA46C2aGOr8W_NQ(UVE~ zEM?Q$#Dih0TXRU`54Dc3A5tT`t^woi;++kwm!8tm@dv{qL(IcG<5{G;`hp@)hNd1Gm4SGRj9=qh(+a>P>(td`s`&5b z(0$|*=_z7NWJsCHf2E_eL^(mSPj1jhzs1^ql$jaI|5UvESqw}t4c*lV-M44P$7*SH zWNBd-Xw&;blMrK-so|g-f*KvK3MS#kH5fOfL3nnjT%gQ^yJ#I8Y0D*qg0Uu`jyQ1^#W*lro2i_aAg5)Vxe10dvWUOD-0two_C1Nh{oQI z8ebv5PA&$kNmZV~Y7F=uN{#^(r{sc$Yd#tr8=T8q8 z-7Z&-=3ZV~Blm4Yys2l`-_T#TF2qh^{Si}NR>IuW23xBmAie} zmb)%7H9r(FF~g1GHBb>4ewE|Z%xINEm%WT)h8lTAkL|&-aCyzBiu6|uJ)${ttMF14 zSBOS9nvQK>eI>xLl!3;_cR;!Oikul~r@oi*Jr+{kTm;|%WCj^EEBe1A=U=H!gpv-p z{-V%SA?u^3x@Fo}iXIDtWt0+6pc+a-0GCdy+;jwqj4FA^(Y1^Fem0m3Vt2C_M<=gj z4Dm1Ku8*rI{Nezpjw=JM2V#Rtwy7@YTTtEfty^RUR3)wj4Q>+C-Mf&te(2I21Yuk$k+poG=TA?De#@4okj z}BA!E}Ij`u$ ze1cuG&2)_`E_@dcD-Ta=s%QuySN#eZwSyDUV@4d-y!b?zlMTp`sAHT#{3J(Kth4uU z6HZU@TY-eQfJ-Pagtta)a_X;pe)##K09XBItp>258(6Ec0|M`9w8#{ZNUv;nt4p`) zB1FL&MW^B*q~r_qW>9YWI=2<5R)Mg2+!5gsNSDwJF*)?W$V;dcHYpDL^!=R3au1s1 z{E@DJreoCiqnKw|iB1o3%aJGlY(Dv16|Kb=b}}G{sk?!F4z(y#~cU z|D)k`sBK$r>K2!9U$=(IHx`656RY{AFh*WXK2(+_w_)yn^%fvfGnp;xhDhffd|oAn zMj;eX{3?Z6j+maR7ki(b23C_F#vIhupvvZdP!xF_{KPn7lqFt$Ei`ilFW zK3fLHtyxgwA!vt0Iz^r@5Y$AhlRAn!x`=X@8ZKn2@`ZW#vPWXnz`)a&E*;q&ER#+G zDUV`wvI0B1;~tvhd9B!~`h&CKqhVoJ=0UMvaZh^9Skg`p$`EX_u&@aI@`!9gKD)Wb zz;3zCIjedDf2gEtxoQ-9?Oy%?S4lydM4@1Ba+wS`+7A3| z!n^7IkW>nV&z8l@GRh>ariIe2E#`DE8)iF=F1D{R(QG88jy);)Y?1zIos%Am&B?Y{ z^z3~Vnih(Id^e{_it)k6ddUyrE$d$ZWbnYl5#Uo4U`B=X_Or@O{H0Ko%^qEG#RKEu^+Pcz0`6Qn^dCTa6$iiB8#I+ke$77x?bW zDEaD_8S}31_dTw6N1lFH!BmSV39w-!Ymd1G6GtC*3;EAKuL~MyHqWs_pg=sk>T?m& z1Ep)_Bno+8(kSy`TEqh}d8(M8oFm*#0sFhBzN-(>M$4&~VD&AM;O&+YTPUya3juSX z&czk26#Q#=%u()oJ6XXhu?f@z{>4BpOrwmwcB}8sD0nZ*e2T+r(oX>;s-!8^ujQC5 zjQ9eQ5yw0cTz8YkKazn$u;7{3--!Y1PS(xEd=~er$r?;Pz3t&F`xvP;!IwB zNoX;M)rV_L0K211-E2@m&D===oTH)DA38-I`a@&?wi8?(&0TwFvCe_}l`4 z$)51cw!MAS;?{5+|Dg0r-KhapjGR3USJ%(>n(x15bY0zTY+m;$nbn;;(h_l6R`}xs zrim)ctk=W~fj2__rot7A*4J+W<2V_(_oSw(qOwCH69Z-*QLW33kGxv1Ax14s z#a`XxM1q!LU(@?V!8JEPB3+v^MYW7^SLzZLlBvfcQ-)j2k)Fs>q_L1X^5Dnh@_z0k zpAR^bJ$3yV@#TVP&y+OW$L0aJ*XyKA@?5^9FC=I$&Z+F^4|r4LglzYY{BkaZZKRw3 zZRVf~LCm4BM`;m6ecsHfyPlI5dvEjg!_(x+^ zkJiM{E$i7~kv9fRyyOOsKam(6%Z}R0?!%7-G7KqqeN*(D>>-XnDwi6lY$22-h6DQL zjlc9`ENUrw&6E$*CQI#kzHr+;s6hIz-n9kdG!*3rt@GtNnt#8F4@7O3p6YLHsLAhW zskaI&=bcsCAZK$zOCNaV0qZhWtxZFz`;E_M1xt{E5kC4mth>lv>nK%q*(UX6>a~8B zu_@LC;TFD9o8B-jAR;ZrM%!HZ7Rpky5W?+-)QTGpG_5F`BYln-$H)5{@TB?J2HWJn)<-zI=5^K6V3&Hz4mO`p- zbT}r8{*zUmWIIXOLUn0fTl4SU&E~`QTKT3g9jS=#mNd{>J})$l^P}RDI_1FAr?}sAMAL&N_=HT7!G->_;DDwy zV^i9@Gr_n!g3xr9ln54&pW1C1Rqi#7*lwCJU%$MhQb>hlWkSE`g@+CTib)hLWZJqm zlYve*hECY$eZ!t{GU7Z|wO6M`D{%j?iiop?UGQWwQ={B)K}COgvv0|26A6_isyAqpU0(=j>ue zqMZxuky{H(HG?X40C_kV)3Q>A7=w7}&JKrin}4q{Zh&xhPB_0e7(&i&+qEy54L=e1 zf2e!UsHWDnU6>^*D$Rl*T}2R(q98~|r71{n(iMo*5Q?-wzzWi(OK(awAT`t=(u7b% zIsrlpp@q;wAR+KgTx;)l@AI88&d)PWe$64yr_86^{kp;`QY|O8M5BQ8t#Fi5nRZ0Q zRATba!Ow|PMmM`lcSqt;rFBnwqi;>T-1grx(l&6JPe@;^n3}6hYicnzq)ql#n?C!s zw^=xuv|-hufImMtU4h+_N-k{ANo@C}K#OZd;F;Q`5kp2nVdhQXq3hkAraIyK6Xago z07YA9{hG^=2>Q`2G@u2gu2w+OIQ~;EwI8jW9$Q4pq?>z%!89s{`TeLS6>lb3_l{AdlEN=DjFa{`h`A$qugfL59M|d z>k)u%BD!4w-&pAd{q)Y5^HR0ha@e>_D5;2=oTjQ*olV9sR`}Pug+n!YP}d6m_uPZr zN>@IafdL6PMPx22SVI&9$GK)>0OpoVOmOeB~a0tM54y}ARv6l~cu<&iH0u`Ex zxb4y2N7JXnBOYy6>w^Oia_7J%c~Rtim6LKZztJ(ti8>-;R8jjIkpN zr0i8fjrT5Zc62GJ$Zk!RF(y!!uaCTuWPkZfX9^sN%1ROIF$%q$_>F; z2s!8lH1?Wb)O1G=1!qF12!aUqB({Gtj*Ck=w%y(?0#5qODru~m^{3v%5eXLzEsdYm zXL*(2Y4A95nSMWPfWMo@r+iX2o`rjs+uHODeZ&{Oq`dC!{Z(6s0c*{$R5!}O(o4C7 z0RXFm%|)i}2T2x0SCL3*39PqHGSCEVw8s4r~WBN{o62+>AHL>Vc6>NS$^4sVMFa2log9r)?@4( zPLGHiQaX4y(V_IYWkA>AB*OJGA$e%T!-Abj@b8ryOr5+mBoB>oHEk%|Qs-^AFj@2s zeSc1%R&)uH-@RhBa7E@(Y46PhG(C#`pDo%umK0aaAoRRuY}XLT726iB$y5BMRzo9d|gor8;0HQA9N-AVP2lel?f?>BWxpS!0Jp&%suR()Gq zxPQAWyr_HChy{}8J?+rC<>iXVAO3waNgp&*&jO&P04~1@(Vbs4F9Y(+xLytaS6%@l zH^QQ;h_!ptKwFAgqig@rq_}ZFw+1z31anm+nkwZGsYkJ=$-MpNz~j#d^c)-qZ#XRa zg=ycI0U?!hZ_p`FVa%71CQ1=DnIb6R4Tfo)yfkTIvYvggK{QJC4^Ksx3L-B5d+VlN z5J-QdYkE5Iwqe7)TDX>zk@dl;UVn7E83mvhUKJb4aW~thYiHppIaU1pxyMj!um<~& z( zeRJ5PHm(S>85u%B0=RIl?ya~Xx46Geh=~ ze;yO|PPO@)vu-Ym4Mo?sC1kxyKQ>^~JuRO5|5JYbRp{}B@|Q}NX7Pb?jV)kp&!(;G zw*$2i#cqavR}LLd(daqVnq@Q0vgXcjU(^%^5|zhdy)D^0PV?Pt;X`#tYi3-&jWit6 z%@aywVN-&|Dhn%wbzgLG)SV5&`hGX>d=3{aH+K!)U7}@WWmS3Gh21F~vp$l3s@WeN zD%7=6mzl*TMDf2S9DTLwef58Bf6n^P#V57`t3v_vJQh@jW}B>-?j|{Yo_ARx_~$c# z&2Sr+gi9wMWX>Xr>U=fXFZR5e83BT7eM7FzPpTgm6e`Vg`Iqt-@EDfxf10TYK#Q)F z!a@~#&wx$;RVI-df0l) z&9e%Z-Rm{Yl=994lGD%l_I(zy%h;&$d&DkX!5mKKWM?kLuhw&*qHtX#bIVT4(Xa&o z75rh|(qCFFV5Il?+Fj7dn8-w&i3;;MXac$^0YDxJ+YL|5N_+PB^RDhg44rd_7Yw}t zxHDf3|MyPF0P6aRJac{3pP^h=0~~+u3Pllv^B7#cVQ+Pd>=tNOIH~F8@@|4EZ`l9Y z{R+EUMk(&^fWkig!J)I7!YET7(~{>oE#Rce@DO-bJi6(X{KE6`f6}(TK33D;d}(^& z>6`qU`jq*)>qRF19(&%qMcan^k@t^a=YSA&c-IHR)1EDY(|4(^gN8g%9h3 z)Lf$_Tz5!~exH~etpO-q=G2A!c=b?Km0O~mG%k%jGrQq%msZQb> zaTK$CCu;X7)e`QI@ZdG`8w*2#qRAqHDojjl))h??*INd#2g|EDSUD!8%bFiG^<~{c zFq$y^Bc)P}c`lVPh+c~zH@1i}R~FXm9mthvJAJAa|BL38d4;Gxd(WxXy~x3ZPZAs= zLHP`h#>KyVP{h6c(&BF(O3lJkk4!z$3wqs2pG0gFuV7lzSW+IeZ-R#6riDU{gY+o( z_ovFA-YaqYJ#xUk@Pw$R<9erE{YC`%_qyw_$I}KrxCs;W>qHXPh|OlEBoyS8U%|^( zjIRR}=xW^NiLX*+p6(XT{|QH)<(bm{?;0Vn`^A#2q6Pa~b;{#9Kv|UOc;{UEBqWRTr_*L&@Jv=p1u?`pBI# zE$u<;aF$-BgF&6uH_v|wySo~$ZzO61rx^X-TJU)4d;hiXJsdZEr|GEij+e~|8k*`x zWcw7Xt5_FnpxVf46cWm>=f7eC(sKde%G*psquUHXGgm}{f>t+0*raZn3o2c2F-2a$ zByw`cK1#WB$|z$Ydv=mhV#um+c9Lk6xRxEcWEsw28hm=bzbw4>3oScw$3FU6cJg4@ z6E=R%kR&nX1o&F>GgW~;hR=VE#FmA>;#~?c>P}JZ&n*(38GFK+^7TN77u3V`Xr+qV$V=;8y z8o@l7Gze}b6?rdcJFnMWFG!<6B0$qOe9^TGcg#c9^&%{HtNaKG)eO@_oviD+q#M=D zm@hu%jUpvStWpsb@@*2H&?TN~CgkJHQZ3JV&_<0QL97nFFPmA=j+?v$azc4#k4gCH ze$CSks24+xX7E9rR(Gu~ZL3+Su`5hnQ$iRIS(W*6j%p1J55n|E8en_cX2=F@dSQ#x zgb!GPKMEXJkeWlI*D@db4{mZOWAs0Alw-QLD^vTyr=d_|+lW~CWm`|u>g z2ISneN>`UNKN9E2n^n^Y%izrQ8RVr@RpqY!-CcO+C?Z$65w%t0j#+`>ms44`+k>u8 zsFkAoVJJ$t4Q3ZgF-d60)~R7U)2br+!Q3h97FGpR9%7AhZqJAW)}!V(>&3|t5?4Nw z%>2TY?km6={Rfjqs!aIwEWG&|#NFkwpdnCnkp|Qe>8lhwj38-gXy^@ZCzLWQznO(T zRb?+_u}KlSgT3pz|A>8};zyfUou#W^qr^+ga|f1_UFob7nI^YdCjqt7hMIH^Gj73> z@c50N9>qsuJA+@zpNzX;; zY885O@G~<%zhYTi$9+De!$YyFAC~MrrK1cJUCPpR`b6@e{p=NT(m$8yR(PB@(l058 zVqZE&|KSsZtQB@rqnZc4cJIf0VL4S~xUPD+t?Hul%dEUO z4*1tM6*|Sf8ToO=`m*2>^o?#M_3@+^vS7HCE-}|_^Q^3A{fPGmuJybvDHlgYt=)XS zEpJO_CE2NYPwvdVTTc89t1@P*(%nuL_|p~gF^1Mo4e5(m4#jzvcO2*Hb3vB%9(z7HL`0tJ&sj>L|?cP51Boj7kHe*kLsut0Q1o@=ef6Udu0dtx%jr1~usJ4N!ms`VWkhOy)uO~M z?^AGUMfjR${a3f`NF>|`&(~n#0_i{-txD|T_g-SmS5H<8rLq28XdQA-JR1?IXHx{-^ z#hnyG{I1hLGR6ER*GwXfbsQE)K7d(Z7A|XO`rMwsWZ^{oV;hW#v?nI>GPRJ3H0CGQ z6u10Bz;W$0+#d%kAni(pya*%`&Ji~_0`+hW!*`2(O&$czJ&lKP7Lf4P%}7Pj?h#7O z(_L`UG~x?)E>$<)n1JS3M_)oBtHTaw0OT@#%GBo(KC%hd=s~K~-3;j+u$WX2V8YjZ zErYaEI*_89t7tj>-ALqR7@P!7M?g@P=%3Ksw+i=kKf28GdvYs?wocSXQM#tQV^>B9 zd@;BaQZKA>B9DHli`G!W-F@6L>~xEs?r5XQH;0t>WWB!ztDlmRFS2XZxGS+CTU~ba zQIk8g&}By`%60FQf5>!xaZ<#PB>4_wgp)=;V}-AE&TLfk=jj36!jMpF9={0nj-ba= zdAzZ`K_4ch10S{W+2|(=Hq?4H>_y(Zd;3N=59O6ebwi;GV6H|5srBZrbtie{rsM8b zY>paX0wSE{N`HMPClAT*vJY2TUM2lXyDO3}KN_q$(lI|I(0zq{-|~s_CCa>;KBnOA z?X53?%|DUJa`zN2ZQB^2mKuz%k;?+8owo8w0n+z0qfwu*(;dj{L!ylyxD(_VMpBnP z)D+piU|g%KzrAFqKVq88FrZ#dR|wlt;kd#Af&{9^0;U-?#>sKdWz&pcn6mwD%vv9! zUsHJ`I>5wM6ucm*zneVgRjQ{#fDNeI81|2KR`7_n5`Jxb5)4>N*>jsv0q3sGzD~~7 zR^=SV$Ds$6H%?WDSHNwRS9mU?%MV@PRJ8a9Y3PHuxvl}pf)+b1g?p3hu`z`;cm^rP zX3?5`w%n#H!}7P3T@`&+68@5K;nX$qZrz>;9HPZVr-lhqwc|XzRHxeHb!*fxOVHQ8 z6%&7)6%mHyzDS*vCkq)@TVL&;;nOGBgdYZr^-0m$kE^uWgya2m)N&!{b_WI~*tKak zm!f%E>l4I&_4(Jf+X+^dtlu5;>aCJUjPh+4TkAt^qArz-a>!(=TEj=(aZ?s zl3AHkQ8sAVrAg9C`O)Qc zgP1T@B?w0h`c6eezt}hD;3KofPH-SJ)+arD9&@el!a?dL2^vMJjT(rtpa{rj7+;Sb z?%3qLRia37wBNIH2GF9aH znpAoQRs5JX_p>C;DQ&o|3Psa4hp9^-XApvE^5aot_L1a+hC3#{DgT{d(8BMFtJC1 zEoIoPgP60qZU+;?(mL?D%0Q5>Rj#zYNr@wU<|5vS4Lq^{yk%VqTM{+9DVufF)n>su z4?;H`S$;>4NN?pk2E&{D(f*tkr>ld%Ij%PgpbL#%nRUII(Dvhl#C0xKbPhrp5sT11 zpd?YA?81+mRl*X6KHtS>UH@z3`bosIbD%q$FU92zkL%6Vd`+y6tig?kw$B zwK79@&K~zJ@>JDp84G58wcq;1kL9)Baw_NUjszH8@O`yrhI4dmHS`>|%G(-KTo6vr z%_%2!ftz$pGR2y7n)qUh$~WZ3=a@g1K*P!Rf*$Sm&>JQCy-HO?I6d1o)L&;W21>VM z8a2R*%!Lw%XNDaz*-%RSG1SzjzT&dmrFxi8dm?CW;Y)*VD8>~||11Ty+%=g^v&)8e zWp=L(JLu~9zY#>k3=^p7Ys(Jp4%~U`uYHT)qzlFZJp3ADe~!tGYf@5^*+9H!=%f7O zw|Tlh4aJnSo-{;2e%&Y7ZLvgD*pcE&4&;C znT&R+h+0uYn}kcdE!W?y+2$^1)F>1)u4;BHOUef>znXzqkLY?0<*TNQqXE2i=W5qT zUB*Aa70C*@@Q{vaKGVa5CGk5}DDaNzkdtKs?Bj&_dU(B3LF$g=9N~-I-EXsJt82n4 z7y(&p!_$z(0WhGdR*93~qCWSeJTXikkfJk(7ho3rWRt2QzEyw+3W5nIy0j}9@^!EC z?!TI-uSSB;!_bIL+ASHs=G!~K9$dGGaZFPx$K1U^6ucLI^aF|?8x8MPFK;G7@!qCbh`E`(a(oZD*LZ?dJnnk%)u4o;E+idcX zuCRI)xm4C^B)Vdi3=I#F4ptTA892;UA6cRMiBSb<)(dPw44dNPD@l(8MDGy1Ta3z8`tNl`~U6o_abl4Cx(#sUwH91sMuY zq{Z+LAQa!)HecwhG_DFO(FEdIPECRhZzv-$V6y#%(SX7{b+e|tY4tB-es@e}-k~-x zpsqxtI}T74kSQRHKIa=@7f#vb9!G%gtXfSQ8f}KKwiop(;(@=`cAD}qy*&2?80+Jl&nMBecXAyg8ddeD6eJQfaP&JKbSjB zoU5HZbR|F^DYnKi!YEIwnx_#sCwq#QvseQ>(fI1h@U7ijDA57sMs9@TPoiwKRFeuL ze{x~N5j&CC#Fn5lU=u}!bieW{JUUgqT|U|G`zq*>%G<06QoF3vjA(gOzmxqAy|a}# zx$x*UgM6p-VO(k`kN)6{3de;qx=!Th#TE^TyWBkcPu6_E)!+x(wpqArPuJ}-N56T~1$I_Ygq_dJ zwOj05+ZFiSrjQV&0wy;*ed*Aax3sqMdkWVUy~b4l_TtTP*qnki`D|2a@MHK~`p}IP zrTS&l-1X+G{Xfw|a%3LHm>?mfxY9L;BdeA3AO^qRZ}QJrONbZ47b1v z8@yHncHH|?Nb=GjNgHYhx4~}p1zVa>KJK}SSv2-P2ak?PuJDqd1}@q;vr!dgcG;s` zXTBNlz?ZW02M}EDUSm@=v#|2u;36V^CanSzdRi5;CF}5t0tE75w^r~MDEf%P)}Lnp z1z@Y^mPJbRkEYH4E#bq#AM@J7(X)(WcfuL+xUTon>_eGwB6 zLv34(ZYu@EKs%LKDIMa4YFsg*d@-uchwABG)&@>ZGB-(+*+kBxJQ+7ggx7G8$7CiO zPTC{gBy1ZNDU-bEAK!nWeJ)+3FD8Q22z2r`Cr-dzg z`U37<>s+I(SpR6Rw(o*(u2tX>Lj-|a36tCrzFjBN&%mU_+AMB48g1b*y~e`|^r0h$ z+m3;SL)&Y*38I@BV-x!VjA33cz2EF9J_rOpLY2naP4A3kHH>oh>)DvL!$Z|WFPcy^ zjJ97jAo!87D4RWchgl)^=*crkMndPr_n)0}S77&j%9WBOYY!#MvnDTrulJ3vDkmPX z=#BatuW2zCLIBM)tPLRLAtrhtO(+CPHObym5ZHRW&OD8rT3E2%EI02NU<2Y%u&UIcPnibZUZD3 zt!}#jQ#IdQG>1>m&%%CPpyAlcu1QIut zl&;oqDfsBZPw8m?j&ZK`+~WFWdMm`;dV)TXkeyBkT0gg zD{D#H#@iLJ^F$-3kD}Ik0Usaz3YFpU> zlqDoO=`DH%@CdpptGbPz62`fUd!?_Wa~73DAD$NCIzLf7xga$BM#OYkO1Sjp&tG9G zl^x+)MtBY&WyHT&Q|3_=BU@39c0y|lc`7RU-tzu}vnq80k6R^d0aPX3N5gG;12~{#D$M6r?pYrJj_X*wxRtH#z^Di_^T% z!1(ta&(BfuO&~fcx!N_D#7B7HYEDN*iFuPO!(v55Sp<}D&0+kqFv1r_^Fc-1VM?tS zGOfeJl&spY!5v*XVmL?iDAtnKVuVu`Y7)C5CxwG-ktUhU7NsD*Vl4uZKNoah2KPjyuj@>qXG- zXg#&Q#B*rXHj%>mYt_Fbx(ytfw(r}xnhxJEzUP{-niz(6m$J?diB^&Lh?Aa^FXptu zsbP4ACYn9?>YN4ItHv@F2G)&v1`wk^JJ=fQj(q^#ziQ{s8Q%*>US9Rsz`B0Q4tcST zt~5&XOW?53`B-AMqjsQwoD^4`sqJY2-fUom1!%j`+58k2geS61?a$Q@Lf;G5LA+Ek z0^!m{&4Of~GRI)i1c;+7AeHHlWD{^mZ&?9*jAyN>_2{kLCe*Y$@wAzi8pWbbcYrs_ zwppJDXLzrcwmsDWWbJ{JQAqFwv{+3P>5hMS7NzDO4go1M%mK{ssS1czi3L#Kpah3Z zO(JsF-l;4&b0oto_>@9v-5k=!ARvr$3m7ynC}mBvn|)| zsey<NVP&PcvkzFBfH`Cz4M`(9RakCRlvF zv*neb%F$Qn3S)$RW+AOEThfrenN@ROugGN{eV+nIePd0QX7}Xua-cr5zDbys4(@V7 zEW9Q(Ts2_hWsXS0+pTa{&k0*E12z0d-zf!soxHuT%lMg5ek^p{KbP^eYMKmowXxA) zGvoKQ6$_yPFVAy<`1Wv3E?a*wc^jSNgt|5#T?icl@;IgQp4GM8YFn4Qzzox?-K@kR zl-Nb$B7UJ}ZrOH|`#U%;%_3VH1toQj_Lz^W^XF#lIB5(*E5hv(Y+PVy{)t?59WM-! zv$%s4tr-d54r0ba(HI+#I*s&(0!mFf#lZDe^CEdnRq@3Rd`zqfvVRj{X8j;cT6Cgh zQc2K8QY@|6YiGHl-mM~`p>Z%5Qs>$P*><%xE4R5EfKb^fFNZ|H87rFe(ZTf)aP`#C zPv6J8mKO;3KFphNS}P z#jRNE)n3Mk&eeinh7sCo^5zTF!RS%s~CmVJ3)T9)XJXFsLD8X zuWkQJ>`I$#UcUE3E{d;E*|#?wlzjWz(XoK{TkUtVE;(BWw8_ray2gY|r){mTagfBu zaZ!p0RsT5>>p-7zltod^_BmOKTR0V^?G2x6$lkwRN4MTR|8x9S-|8GGsl(di@Iq&b z!%`-L=qg&rP`@bNk~&&cgAd=c9_J%BW^ky=ay>Ema9CQ(h936TPJpFp-ZEFKqXRu% zS#Rdw&EW9#vC3Ylq0fy>vz2edEUNf|+*ciWlPMg>ty~=TWBNd?H+IE|I-e(&zKlF) zXHP&1U;s70OFl`K#qCP1&g{;%(PD@oVH3q`>xO1v1 z5-pn$Mb<;r#X<2)lxxmQ^*Vi-X`ae84WuyXdXZiJ0d(^274O%Rt)w;&6V1}s zE)tVIyVe&e4wt0>eWqfG*$owU4&j%Drbrmq)pXf?q;+s88yjuAqlcdm!fj@3Pa>+} zlZbdE(tFox_>INDQ86at53uqx;p1?jD828r+oKV&iG>c<-gA;RY(QWyf9)w)<_5qk zBsW`rXJ|)f^XrBf3y3b#7bBn#n$Q7&DMOm(9D0?WzV-c@IQ{Rq0((_TxAYpwznX+nu=b?%9D@ewmqN^S zD+wz6F2JA8BfU#6C8V%DlbH&E8Le`2q=ag^tuJh>)u!uciu3dIeG0v}=)@D06zW?& zlZ(MI#&U^t|ogIr@+H48AYP3Wac4?+AV&_eqoq$1zM zSTm&hTD6y^h1z&03?RDiRrz- z#P_8;Ut+p*;s7gO#dH;B0VlzMdEh<*%$-KyLVH3`T&y9VlEn_(qtKq2IdM|Fpc<)& zT}2nGucMc9;{30y2}8yK8I!^F#t|JG=ftlOzhu$bgB0CjN_3siiBn7KT|qy!!{{(4 zT8h^c)tC{`w&RFNRt2kPcosY??rR9rTPB7=HepKa!DoHCRp64QijigyX<^M;{Y8ROaptK-r5@yglL~FJ!7-PUe11A9X>5CxFemn4(2R3|?Pb_1 z8RexI0bs@V8%-A#-6}<+w$d$Mj3W6&=Nh{(2(`--8$@Y}V6~4WE3W7w5CT%VdbF>> zD_qyn)bBfO$;P9*KVq%f5B@lKXO1h@bV5sLe4;Q&A<|8M{~JVRD&ebnclGWEtOWKY zG}N=*gMhXAwdmCH6Y+IidCs~4hX^?6h7{l;kSyMJ6)rAe$ zqZ6+6yAR})%d|hD6#ijIU9r2zS6?S~mvRnu3FH9nFOMB4GIE@+sH)hf2qLO90+}5L zoyL8-*+4gMIN>wmj8*n?#V+Vi5YCRj*Pcr+CNiQ#mp`XJgs*-0X! z|8F56mUtMcuxWO-XktIIpia#4W@ev=bB@A52jI??w!iG$+**1GZL&HcvYV_f+l$V0 zaVju^jCYwCSM=7x{p9%bH05tb00B%9eZmR-n(0IKQ*PZqN4ry}5Gm%E7uqCnc@E@n zujR!-Us{k_$G|c`6qLPRKeo^`FMV^7$lwMsp2`P!0x(LO9h~GKAh4~~?jdEvzIdtx zz)AygtRshyzKciq8HIfO=6+McDuGi9cIQsr_1Kkya|zV*UpoT!aDun9fO`tWH36Uy z=AjV~I;kgH<_T$Ox{tfGc;9{htpYGl`}?0t_>_=;OqTNx==;E(F#B@H9MP|^{ZsE{ zYG_UX(fxdu%dFZBh6af_i>uEf?$!2&iyECyE2{t?NQC50^p6ARoM$gHOSmSHnm}3z z-5&y37oLApejOvf9mi2m8FK1qngE^EgM}uN&0oCCl$Z=O#tTg-y8y%_udv3AcMRFr zPoan}ay-YT-T#nwE#LSoVTa~dzKtNJ6KzJba4_W=<>wnSX9vAxjfra(sPYAPt-jtL~yoM`rG%eo!l5{Z<&LC&Qk0>D+ zJV-yJ(~d0b|BL1sh~HEoZuNPr#70^SRWq|J{WsnWNs?u#S?|vM`MGwvKkU)xfgw%M ztNr@%bQ6`X*vH74=co%~H3~xcJ0U48w_mXXsd#k9luv&+zEbJ_P3!@{z5W5%Y?++? z6vTarRRwJmkDFcxawog=&APvB8+-inw68A%1~I&;*IColqD(SjJ|&xN+)FsDH&W8Q zr=;9MGV_?-97?n|KAl=tF*q(({Gm7J=eOnCX`&j>P|o6u`hl}A8)!cP?Cf6mj|u9J zITYdkGyfu?I>vZBaa^foEnC+5tBYb#t=w^uPcq>(t|a?bNw5j#1kLw}?+-+jD@`t+ zB$vo#tXlL3@!8Zx>JO(_YL!-Kt|Z8#7n1S9SGhTDGE9wyS4r|d zV@!lq&G#BSA3c_IP3HA+#?}8}9FP40m?#NFZFVT~+%5p|VpK1&bGI^Jm{fEl$JQk4 zcsv&YAnK8+!B!r+ID4%GROgG%TR6HOzHhqay<1-dxf!Tlmz}3yeqmi8aZ)M*pfw$I z*L)vXLy&6*FW^gMQu$hqjnN{kq4OSfwJ26=#sA}0`9c&Bxb;@IQa&M{dWV%arIwYm#3@w6Mw&s zJPmz1R>Gib+THM;wo0fv6#zP7;pNd?9qDCoHVb@k;xeS?%#}cKe&pMG0(OgDUVm9j z0V&&m#`S#-D9?3iy`1&vUWH`hgTiqxt25u0$(Ff@9~^+ipoPl0T~WoI2uytc1iu&1n4+hsi+BMvpehvuvq92)FVLPqt9@mz-6$^>5_ zzaVQ>v)(H~=d79kd!YPE3Q5v83xr$sBxN&86)y=3C_HBWklNDsLy?6i-^$T+>itRJ zBep$&gIw|hPmAf|eDZ~8+rO9u!(WAWNGwd%o>dEDVO1pg(g%|^^iZ3#XA`c(J}SD< zmB5qoFeSDqfiqG4)SYD`uJ~(&Pw)?2IdMxO-RDsoTNhSs+sP}QQFHW{1QE9qg`@4` zDbHgorcp(%!P061#VX)erT{6$->ZFF{v=|ngK(OnndG#0#c8euA&UwHTU zBmm@ZC84c`#@V$7=2>Qihw87ntYtsx`Q{w6sXu`#@Q+`_W>on%IZ0IcSoRh~_iHA2 zn;**$z{{m?=J3iCxD)=PC+HmoN|Kq~9Cq8*cy`JB-&|b4^IiR*u;O@b$q7IdSX-@L zugdBIg&75i>9XH06;K?)UW>pdZx!v@@(ic&Fe`FaF&|CD7V4y$hFgDT5=2 z=eu!|6812@A9IP%0ZOM4pJ>;x;mV0CzziT6$ek@%ey0ZGY(zgC=Q$?nu2029;fvSt8)kj~L%rCT&GE;*sgGz{Dvw?k_u zPYQGNUd6#5f*zes4M{s?BolWHtu-7?12{SVX_>i2^!tfKwVS_25?Jb!;Y^06zrRSG zpHzbEeb{B?z3TGti;YDu(|6!BvR(&D2Y_?mwO#m#-5Tizl*1OdD_|4HdQtNXoK!~H~&2QP;o#1VT5PM;gT|Wtc>wJ`ld#k4bgAl2H86c6!+nqB~ zzzQndFLpl6{?xteVCbyXmXwVZv^8SS4uY>)SqLt+P-ZqRaRT_ohP9uCaBEzk;W(Gv;r#E6g!un^H+boti zWC!UF!>X?UOvqTdZAvko@r4pjCHe2hV6_}4szaRv-kOcr z6yndXK#PM?$}(Sf8xKGK?-ugz<8K2MGF;+>W(EX%GtfC(q0J(tQI8arX#16Zp1k#U zPr=1LXS@~d6i-w)6d(WnJ~g+P_PaAcUH0va$Lt;Z80~DZP|?d{D3l7Z(4xx>Zp!X~ zk8Wz}>RY_H$FJd(1ssoW20!xb1RJE@3rAx=Qt+l;GT2>Rt-=*mF;KmMqt(0Tl-BbA z)e$X_@*OzvxOtjzN+)9CMz8(?cj+^fRyc6uG9L(&ni|xk_woU|QmI?UO zagoGNn?F*5>&WkAj!6FI&1X8XTewY!epB7~-DS|p;s%eVE16V^R5mRxyYu+|Ohv?!_)9NNIm@7MOdy7-rHPcJ6 zsgzYK#nQ%Rv8!5$J96xOn$z7eTa1!C3xXedea3b>`^2#9~Q7 z@#KB)+ocGDNbgyvCS)<*YQ@gw+UhcjJ$V+oL23LNOic++TLJZu07CglP~l2xS>^9Y z?}62Zi=8IM##WD3m+=MSsKLW#Ee>=7ZX0UZ5t!vLsnisC+$`O370n3|;6nG~c=RNH zetEh3yLXXg|L+h@>zjo?M%w*m10Mhgibcu+pU%x`I)L*|w_XD@SqXZ>#+z*~It_ia ziW_ewhF&x|mE&SHIDfrZE<@`*-*SRMqUwe6Gmd{Hop^)(zIUC)=F=AQ$-Os;L7Tz} zAgcK1%|Knl63ZA2ZbtBz)kWiBpM529m&U?;8`bULERTJ1!1i!F0H+8!K;GG#iSTSx zuz9jm)^LP_v%)xy&?q9ax0$iLd+;WOobmV|(}O#>qaq5+ZX?+gcocNjNcXUd;Kg1H zoD?hZ0I6m4w~L)g({9E4>aU|kGpw22G^mQk%`;=>dllRGtd9NHOCUtGZx@!9JN^(0 zY!=|{ZCnW%gsd+Ex-(fBlMv(Vfga)uLX{6uo2&aPUD%ni)T1$pnzzBtg-gH}hBxCd zriZBBKkrgTAJ|wM``U4vL?9V&dAM%w_XI0ujwC-XCbDide4g$*fFhw=^)D1_W{5x~ z;Iou>^z8#c`Nc<7z*bszHVKh<$Jh=~?8w^~&$`^6u58x5giUs`n`RZ(`kGSC=xX(f z9tYfEw`Lu}Ns+k*wnD9m4?&cX7a!47l!528@Qu|{k#5fdy(cE=p7J!$HqTEMZ>k9+ zWxCk1joA48Q z_zIix6j82>)h^)V#I#-#==H>dEa@7JtCsoGBXV|%k%SWRsm_tPXi?bF0x1fg^8>p= z{jn$~K#N!29v*Dwfj0LTlZI_wWA39lyDLQW`OApvhzbSR_RU>DhstrMsSOl9N&RmWyaKth3jO`lGm&K#2NhAs-_$f zlo9?rALA8t7RKTylz!hT4!2K2mH4=}tO7-C-wiecSW7iERYelp+YG$|ufugUb5xw1 zUdl@DT}y%hv?~TThk1H~4*D0x z^bqp`-*Pc_x~IlBGFFWCS+5h!|4cm zr3hF$lNk`3r|U9)vH1{yLJXGQcA2jV-Y0JzX4y>&bYOv#Q(9kk`e^q|Ra1)yiqPxp zx+wvzQ|P5u1|PllAD!=C*l(QtqLsYJn7rrZ?t04F=UOLgu*NcWLt&ckU{tbiP#Kf8 zxt(H-1dbPQqsA+1{A+Nftn6zO3WBFHqmA=NxMS zM_d7;u~;$rrpj17YTroN_-d<7P*$?|l_$x*{Q~HVLINs*onn43!v!JFA~cw2L;$N< za#Ky{h(0Os8p^NWjLp|Mdczixl75E{dZ!NT{+r~WoXF7u+H>>ua>jM9r*Td}0Ja`( z<8K*uMBb2iz2asG;rGbcky`<-L2p3#&r8rd(FNf#L6(_EhtC1LnkbOukuaL;RNs z>r$87D2`x1T!*W!;h z-wRSpS*UMJZvzTkgf$sTet#Re)Xw&OPtiKKG{VNR^hm9Gf0`t2YOEU+Bi`s?6-gXG zL?r`ym(-P2f(`G{@oeWEzP+z{I~}ABt&@XU%|j2_j8e)=J3Nhv3#6Sx6JTWZWg++R zImenFkM+97KaBe>JBr}k2~O8n(tFWt^et!lFNby z;N$wEo<9gXHz#I6^AzB7`X6%`@FW7iSIdBB?avd*L@dUUE>Jb5E2~{qr=RRzHWf zkUh!LMJw>oE~we-6`(+k=GLD<91rO4FZ%S1-Tm%C=!`SN-F?NQ`$o)0wC~d!nffJ@ zaLtiC#S)6=NA^dxm@WNfk8YdTBn6AzsFfPgsJ1F515JEi0erH@ZPC#Dy=JUGu0Xe{ z?kp|*8uq&2_>i{mK0ufKiKEqwugSVmNtbhV&c?xRZ{qiaEZ+y?Q-}^I=W0$_ zD*>oQ`9AS)gYNHdCGsx#j5C8Ad%xuGR>LEjyB~q3tbMX24pu=7Zc%0a)3$Fc<{g&L z&j6e0EBF8U+4kr@cVrJLUzIX{;$G6sR_MBDBW`DPfD@Ij9bQIxjvx3RZUg)A8TQ{> zaPZF-q|XV>hW>J5Fqgf7{g!}{49Po?8=5f@AKc3fw-$%7+qtjuc96wgzNRUO>$%I@ zm;uxOR)4%y$G^XK^sD#3-gaxmOmChl?r6{^?)O~rBhzKS-lId1t73V6a*S>>>qWJQ z>aM;nu?|6UNrtp?-Q|31X518ol7t;M_!RcPna*+hE@%IJ5EPHk*SGV3{^K*z|L2a+ z@ofGt9&l^SOig`qI=2t8vHfYOr>XuMmru@?{N4V?;{v|(U;qBj4X5Y;@8i*Z<-?tO z)nx?1(X%6)Wl`9}MCAVNy_fg}0Zly-&h(4I>uA+Jpfo>zkg`0>e54+{Kg#P^(G@)Y zOvJSAw7ktP-w^4{arNLl!Rq`@gnzlbTBO21-BdS!iBGM1keq+-#w z>x7~vMVE9-rIO(y^X&E>o!Z_k9hAI&QkI^YWO4h5putD*4LgY5%tE-+ zlQVMW8LTMeo8(I06aq3x-9nCGTTM~E!20(+Wk1v`9*MBgcK{qQwEyE}y>oNoW*5fzvmOlbMzAg)1CLMf7ihS)5Qc*U!^*Taz zN1yd;ktGqWzRU|dksS*AOafX_8AoZ+H>$h}?eJMWmdF#8SO17O|UHUaTn%ivD^dnP( z|6Uo{Uz>{{d7|^YUq33C6;t$jaX)xH2BUNy7t{=5vo9sk6B>DK4356~)88Wy7~UK1 z{GcEw1z;(_5;WLf6-8Dy;jA$d(|GFx0yl8f05-jU4*B@|+eV(RBFf*VIiebxbCNMZ zy5h>g>K3Po^3c9tR{PVmE0g=5GP_4(5`CGS*q$G0#*iEb&%QO>F`8~6--AM**p$9Y zznSHP-NRTJHf1p>ZH~;YCf`LGa#r}E8kB$WF0_v|5BS<wm&+mO#apIjgS8N=Rx88K%q|iSW=xk#s_HkL z#^y1&F@j$nB6j%tj|S;I!X2e#)b#c9##mgp;(;`>%L{d$ULu zb)rb}Y71V`JFRa#rcrz<;IX)0=2GWlSf*noWa04Y%Atl^gZ6aA-R)}apOnIKr3XXa z>xaYZTXRHfg_K;Y!xr%O`ieR-Jzf|jvg%Bte5Xbos@IX4JP2XGL?BVeT9&` zO<8=}bO?(V8D6Bp&tDs61BL>WuwF|q+3EK(W<%~pvf}fHt5wrof^&I;$zePIz7MDM zFJ3?79hS0Pj2p0-Fa6JE*19yw8cu3_J+Z@mEBH$%Mb`Cq=meFMnnG9@Ao%Ui@<;76 zwk!o-NaCNQJP<3hdLli^J>Sr}2-(^4Df{HxBmboQ=`IN~$h)ARKXL~wqgEH4&B&%0gZAK5AtqJ46su7sW|YOoVz*q^}wEL^~%BDcgJ9udoSdVQ6h*vR`oYReT^Z`V>^mqu;prtuaci*ek>qJ0%E-#QpAdeXr~L`P_fOefu#F$>aS#uQQ*|^E&7FR(SBiY)*Cr zh1^HcC70!ucUV?;i~g~gZ4q)w?Mck{<^$T(y;39A9vxS{3bZd43AqYYLggR6oa+q0 ziUMPphy=Tnb*jhAo47peI&(egRB3KzsnHLUzbQ>Zosc!B1JSi3C{1d(C#$BZMJwqN zh54PTwS zHcv+u6nfSMw@hs2ww8tER<*LxW#p9MMl9Bm;d}d1mh{0(0+{UDlhU&4N^?_DGG*`C zV7oz-c6H}S;PugU{K@eEW?B@2C-*_m7D^n3aA9R~&6slmR+IwZ&;9|;;r9_PyOh|l z;W933`((F0vFT22f8SWK8^no>waljT)2b7}$dOYe5Z9-bLQva4-TT@7l$M1FXpqul z53)u;H&YU@)(G_KgwAE5(MNJ%@Tj@VD@cyUne3e|Q9=U`AUUx*pm0lKI_OLXwh@HO zG}V$oh7(h)1vyR=4JTxLkt2%^!a9F&NftJ)o2DH#K)YeN(!NSx2nE zeXY%|9R|XeB9ccX?BsT`&0aThA+Zx@=dI8_$NDJpafFIKJgOxo7+*ThM1bkbeXQMc z;h2Dh&a_=tZ~R=%$!4Gf`90AW#JtlMhdn*I-du;FV_>iuxC}lny)UqD zZM^1Eoa|0)!Xg)E&9R3NPt8_^p7NbElHt>V4?ql}4{t0_@g-s!24xLUYn%P|dSSDN zBM^h9R>)@GE}<42p^>Rt6r3^6$pOdhtnv?qe z?l9&NaOHUkM|T?k$p_!M+QsI#_S*GZL&&^OcCwTkLhqtFZcJ2H1K7>G^ zD)^5qY&Py3yk&u!&3%v?&9{$+SzRi)@P6jVVR+L^T9~DTRYESdYCUGo>XuRY-}y`h;Sw<>heg^t=<8%og?^3KtNrW z*nXo1hVHPbSGbjSHGo-0#+7AYvb+g@_Fy@FE+8WEP<9hp_X*y&j!d7;8~Jn~B$(HF z$}B0K1qv@nQLx4yk`_Mru3?_G2R}5B+h}J#{cUnv?tU$H8EAEqtJC{S>v7#j{%=_% zJ$+C_Y^1{-qQgX#-TslUvBciaMEyoX?7Y6a+HaqJi1hBB=K&K%O6tA)2T_K1BU~q1 zO>&Xml5-Me4at&7*>6r6C*MlAv7Z>Qpu2S>oPmz9KV*C4bU!Ntz@GX7C!injjsBkz zCE_%!$)~1|A>fG!f$<$)@`v=`fjLAt_GRdCu-#hFDUC$JekAkA9MwS(V+SOpy&=~%DSxq8 zS+y;Z?R#6TLu|o#ndXzjK!V2Q&If)VeNE`0#rpaRY1IFa3evuCpT>9=*~C8Wx;8(c zE^=5Z+Ly&Rv*F7}N;H>F{jL!lo^Q##dJzoqU6!8I8~_r60#i*3pB)bf^7is8?ADzC z{tTw>&03ITot~Liss9AC5Y#(D@;P$QOyd552Nir9-Eb1s;*Y;1K`---X@(KXfZON@ zKySw*8H4syc7ls)mSW~+GS}_y@e+ni;A~L5p>un%V;<2n}bjBNc`;2TKFzoV?QxnqQfAof3z{ zH7&YMS?rIRpRfg_@4EH3c<1#KrP}>nAM&+CnE$>)(0tasf@LG%0kiN73S)!D+5|0; z^2)wg3IbI&)&G_eITyhG-IE1#1Afsn8LeXxJmZu_bHi41T0fy#ShSp|(|HThy<((A zRQnyLYqc`D$!OY^IN5}({Ls^?t)sRW6sbnPXHaFRTMwDqnTSBiSVQjG@h#3xR;B$#7!GBG&{HHvW53oLJKi5 zo}<19?re(Y32;7<9J?UsV& zMbFx(NjXUg=adSlUqni}a2*3A=ol^>&PwWynH$Nz6a{1oK_rxWg!vi@nc4P<=d;W_jE!Z8S zG9wJIF_xMR!*452Pc6yTe-bP*fGZWoV5!iUd{5Z2+^bs?6Md&rp+4vgcd}?L4d0Ar zJQ~VB+%F9@<%E3sU)r0Ny$(i8ueWuFcLI;@`@xGC+qpCD=YGw!y(;2DlCHNQzn~6V zw8RY`UK|~!>8xL!_0q#+auec5%v|%gUxB{%pRgU;0&uOdW;A;Q11|fTN|FA7-hA*f zzPHe>1upV*PHtFIlxMR#r6Kpj68kGTU?H95)BP!0f)e#@pgcEs^$ddd1)5)0pU0vV z^K1EP<=H9?A2~id4{R~G2-O7mugd?(Svn9UJzI^pEEBhbR;JVx9YXmph!Fnj+-x|4PZ^UpMsX&&;d8f9L-RRIbd$&16<};BsRC z`ZZ8XmxTefHgoRc(=qA49`es3?|;A-0g<|Gz}XUZ^I8iakmvOp<-0khW##XWM)3W_pILIL=PvUG~N%Nn|e+=g>9Non!`SUMKGzsYY`di`; zo3(&xd=rz}5t2)D4lCpp(D%MpKMPvu(emWIc9hlr(R0Dgz}v|qoFa#7frQmfno((| zzc2>XywmvB9?>9w6B%eY%Gj;Y{P0ZkGWlqi^8lGDM&tSgdbIIK9sTv&stjlyc?vxw z?-vz#p0b^uUZK3ztsL^?=2`Z0T362rEMCfguYkxL9sm3q;Mu#Lx>Q`wm$9dbrm2x( z-6~)~nzS6^R-7ivCXr<)rWqi!;uXo_v6|)R<}p;+T+3nX)_o?0yX+UFU8VKoWK4q%1*UFZ6chy&FP_Qk?#Sl7^Z_f#%((m|vc-RWtg_z%eWLV> zZ!2g`fjQ}%H*6UrKk)bhn>+(^-_+8`-hh1aE70uq47@f+-dPcGt;+4K?}4wWHqXsE z8Pwvm4+@CdQV53n6=0UT!A`psl*+nS3}o+T>S(7tiE$nYmL$rcEY|YMTL_ia$OBax#>cST0qBdiaRn0*c|=7&|VkKGWT zRA`Pdl0tUi&X=e$oQpuHxb@PWgU1_@MAFzX+1E7%`rDgfDr^5Qac(TSIJe8_fTbrTe*m zJjnf~_vheX%P%ZfJ~F(2J^xsvxrE;^j#Aw6_97fN$0R;wl3x9F5w{X~!wErp9e!sb&hs|o#08fcRfU$1#PiwguPKr81uAzKrh|A6 zVPC$HFK3=^hLNjk-?h-UYDEid!Gj4t@f*vK&V#*L=Q&AB7>hkMD~|qlgQu2wvauvF ztD3Y{hIG(!20m*-@V+Er`>Q7(cB-J-+&c=#IVeT?%wu9`F&y|8b&RjYdGQX`y5gGS zpjwTG`<#JL%Fxk^mL?U~biCE;6Nlod;BvD}5pGG{xM|)lrm`A>pN^UDDaQ6$9ht1M z&E)l=8QFx)^`L8OsP#BiOoLM1X$$PHwL8O&ZQ#qm^OO;nGZqR6k}DVkKkPL1ifp;l zN~8H+YgK`4*4CfFn1E29y#3d=UjSW0l;l0XY{2II9s%1P)saZsVk9k7kgWrBU<*iFX}Lj?2N)<|f*Cc`2j)N9jV;b2lna+#Kpu1#BXvsg;q&UJtI zgFd4VHD2O(&9xvNQrVHVBwIy*hbxWu#qH`lv3!qOliNz(^k#0KYt^q!e5(m@w}KUgD!zO*7a(iW?QJqXEFbb}Ot!vSJnz2Jk5J%LCGKlQ z-t5zRiP0=>UGj>gidV@$vVt3)adb+YBQjCyvR%ne&keL{!&TUMDPNjv_Ie##!?7>s z2cG-&7Dci5ID@|qwg(7|dEus6vE&%r-eo9igXnx2!eJJg-AsDzCc|sG`Mb0vwG#Yk z=L41q*+{0GK%^Vj!!9)VnmbPTyu9cg(Q-pJQpX(6BipXC@7;sM5{M!l(=1RW?#Y_h z^0kw`>oOU8!n{pNe;5BB&i=0=E1!cS7GAxo$tL*EAMzXG;8HK#0*x+THyZp&N4hzl zOl^@^xV9orC$p0i@W}Aej_3SlEV-ziSByFMP=bzcEY*WJT&n|T_K@B1p?s=RYfh5& zFE}=FSTnm?RLQcDr=Y@+t+o!&7>*fq3Bu^3RbVk)_Rk7RZ%|R^g^FdnJ^URcJ|XgK zu*Qmu77T^(Qh$yEJKDa%S|hd-Cd~XZEVT0cN~l!k`J0fL*w6f1PDQ!Jv?6HU&=N9V9c^Cle%}Q|O9y6N{x~R?fBHQ+?s8B23H7C_UXgCkcLBeuNFp_} zYk6dg9168UmcPVM@V0D2N;^dIq%I=$tB;QA4?qlohtCg#-tNHSP8$<0zgQ-gMWka^5F(QxF19_z32hTJ|yQEZCc3Ini#;_*Tl>_eUOq^2y7GNrkIn ziKRsGSt&NZzK^#Tgr&E=G0^b5jm-o^$sYOxL$fwfC9&q_jK;w&It(2hw#aaZ=A zY$oI#(`N~AO!vZIFOwHZjmG=(uQ&0MAy#G3t-JwH#&E3Rqc!^J8!9=AzcrB#^IaH` zj_@TLB6%7_f2NovFm1=oIfo!j66s#WSZ7Y?`zuc}X%=kH2Ro8i!^EXaZp_s7ct%9) zoF<#;VwnYf2=n?zVv{2(V>FHH>2(>E+oRh7g1xvOEq+RNNG}}_GumKgLe5%H?#Jf$ zU?1}~qW}6)aAE6_+6I#UtqErx%dIBR<*K50OZb7Uyp5%{KrZvhAM=MRy^k93HXyUp zm(#vpt>eRY~E__h}U7o-f`g< zLWAb+t@Oe&9cp+_`FLB+Z30==8x0XGi7z`&$QX*PT|WFPhgrPxPY$E(cl81|zFBwn z;FFTBLS6Jp{w1B_b2`ZU39(CC=jdh~m@rGa@RDeoF(SWd16gm*T$a80 zo6V#S%-w;1SPp&RZ8l1*@{plwtJ!FMfaECRg8!mt&_fl}($RtQ8g_axt5gSt;mP{p z0=5~E1ZHHYEE8$8Pgcj$%%nc%dqJp)K2Px48$v@7L3qVGV^LUI(E^x|5r!|VnQJX` zlOc{x1QjA56Mi% z**M*vp26_>p0^?!vz&`Rre^|JuJ4zp~f=r~l}u2Zul@(4v=s zDXMj`*DBT8lN>0M!;}~Kb<}Du16=c?y;)`jY-3gC0zYNQByiK_Z+Y!r1dhTjza>9i z@CG$N{(f5(aI=wrM2@}q3jI%k_Ltt={nfZ_-8pJKR zJ(h?m%i4+&eF?Ucv1w{nnUNjQR%ABK7@D4mDUc*`6!s88cq^laJh~dIMIdbT+a_Ty z`f*dSOdk9IZym;d(lhncikGvsP98t8+E@ab?H`$i+-wUKwm8 zrj0gn#Mh474mUi$Rb43^rP5T8kZi@-IQujp^cNgN(I@whLR~2X^q?bi`37yy4V!ou zokun-hKdpxQ60p#neN_^8Lz*Go6;y^n;ge2TnRsV^!Uc%@XsdI>YgbLRpG;z=`NIC z_NUk(3E8iXo>NdLE3fkN*_4#)7)8cc^JvFzGz5L99{1WkwlTQ+#fuy=_L6wnp?|MI zor)c?9Z$n)d3@M=Z{uiCk%;#Ch$tO%Jgi}QQt(snckP*w^8ZV$aW!xB#KNFXtJD<> zsp@W0i9g#~M^e)~b<@z#F6;O!w*nq+vF-i>7pkD?BTtyb?W04 zR@UYf+Ck{WZuaCC#skkJ>sF38jM*W6(lI`+$ZVUOg8V+J_t*YgF3P0{9@*4o_Kyc# z_0yPPQScS!Qe_%A!q6LRMy4z5cFf`TO!WJ6Hhy}BnDghI#tc^kP(O$Ee4e;9&fFJZ zn&?+>W8R8rdEGF*o;&XAneP)CT3N~8V&&*fUZQ;B_pcE)0sYih1PVc3F4PW3?K3QV zIeDrU4d4n@OS{4f!|B`~yt1|}jj7BX;e68wm-1P~({E!_Y})DG9Gu+5RzpA~-}BqF zOgpTW&=oe-hzraNCKX7ha)8^PqV{D1J25s%BF2^)xNTRn+VsA##6?`vipFr?pNHFp zb9yZ#s9tg(Q{c0@aVg~Yf6HCPtAGp&Y%P6ozeGQvrBtbK+`qk6cUptb#jY>5O~Xn3 zs@QwFi69!dWASZY7ce)&G;?=;?=>Pjf(d{>9;(XA^IMI7&&rzS$$bu9T@&PnN%MB%`ao23EO8_9Lhl$^3e~_h~0NvV60{-j!Ef?VT4j z^d2zsFxDpyTm{U#ls`aN#>n8QuR);r=J8nF7&opCA&}*~RFC45HTJTVs7svw2%p#A z{>mKYmCyM#38a2-aDjsBUmv*00Cw&ou$l~4ZnxtZ?8cB$1Cgj{Zj8I&s`uJ2BF-HS&Hmi9`FsPQ-H)t-JY z9)w$1zR|s^W5su!t%PS-GRv&+N52GI;{JO&18HjbM@Z*s=GatTx1~AH;iEwjPe!2C z>AQAqp9c3_FYS45+F9)fMw?#m5!;M;`!rhdaSG#JF;UFZLe%~Ph7&8Q3EA;)=VfDB zuO)vtV1X}eoIJ?T*E`AsxZQsnWZoM9VZ_$*OY>VX+9e7x!~N#@-b*-DR06bn!9EV%apVD7)4d z3i#`5F{qz(_Zva0k(*O)zvw6YxNix5DLc+gW}dN4P=V^M*!zF2)^|Wp_Lkn8)B5$v z`-@l1oKf7DD~OWCnF~xMhFm1eTNM9_^9aZW?q1pyc3Rh-vH`y;S}P%Zbq&UA1}9#$@7LGgE#G6@{U5AD_PV zz;m{X$Q-%l`V;pvVxQDrd>+r>AJCyomL@^0NL_+px36%ei%ugx+gxVhBF{;`w$2Xc zD@}Jh+h1qvt=zi6FvBbB+?%5fT18O(8|42)ryrO2;bqySmB@N|0nMbBsn?Oa8Uioc zIaMtLEsVMJ&U4b1xri1J#$j>XvKuwzhhkIq7cRVRPqYUf)5@I5#z>!t283tGvTr2V zBkQkS7eV*lFr+tW0_^6d&@J#adx%eea$A^L&`7_DFP?cupEYq6X4j<`Jqx&0nB)ET zqdhK*9JJsi?`YJQqbK4MZEwFxxanai%Lo5WCH^ExIXiU}O3e*19epq?c=X~ISA!x-+ zEW&gC`&lN6ySr3m{t4sZ&V>(&KlB&sQJbjTvaajbWYG*s$Kz#(YL84SgQO)=(wx&# z1n_!HQT6zx%2Fe4*|{$}_nS2uT!lC0MX&OK$5^2TPfM_?TIL#S-E0)JcmBzh|I$*f ziirb8y3tE+p;KQ59deEx%`#dQjGouNN80$OpuT0dz!mt{;tf$Llfv6BzkI_V zo9Hm%#);jt!5VK=Cu}^ee zd!rXCnnww|ul3-+Bn#pWs|^ZUYEb>z@yR*)tMy~K$}xw8oVMT-EgvpM0HxXz40sZD zNIe$_To}B-Wq;FLe`sTUlVQi;PB#hFD=h6N9ldo$<=CFG?AKOCEoN~l zPJ-W1!9PaY?G@a$czo)jwRXAu%D=|_MzKff{QP4GJ69ymN@M8D@>{2;zT}@kuA}ZwRsMH1(X2$5O#BhH_1-f^E@TRlf_r< z_i%5g)*tA>86&^2qIbj3Me!xQKsc6+WZoA1GC{L|=8cFo;@g^;PZF@(oJwo#2`=8y zpF)}%u9%cw7BTW`DwTxQj!WkIKWA)il>18dxSu?b;We}pL%Y^n6t+KWptz64o+YxD zk$1hXj=8ppP?ftW3fGmi;@$$~z!9sjC;mc4@D>ZXmC( zm}S`Mc=HSeV^b(eweH{?)1e6pcSOPTAg?7>)|j zt?$1;a|LKuW>o5AgC5Lv8+OrI+F3c(-WX5q`S_kLIW0T6@U8Le@L+VkM`uY!wYh5& zt66gG1>$b#)H?t2eA1Nmpu(+Op<@UokXz-{WJj3UFsmiAlPs?@_lSvGZ?&XgrN-MI zqi@kC7r(1z=Z-QqXn=QNcmbQ-x*XS*fRp?Qkh8ZPb!S^7|V<# z+DyIak1Yqd75&b|?lrptV3P$9Y2xq;zHN{XY~2I8t3y_=1LO5(jhES@H5oBfbjkct zuMq8pP67kpHfFv(Oqy-inPfBLe6d}AWjc2KdxGi0O=pu@Q$ICfYb`56fU#52HzCyv z3^#E+BlGu*WYyEU%=t7v|G-9S*k$K%`b>|-z5tSftX6ZuY+%yI{Bh@Sf9X@>3e(%{ z&qR8E+`gOMht&ENAGEvkf5ZNJiX?{yLBY*TLTIy>W)NC6YNZgOSmL!Aw$JJ3TGUir znoK>(v@Cb1m0lN>T&OvlJbkpwVvc@OY0t{SSunmHzXz3=w7qv?@HcYz5)ElNS#e?k2@8OP1ZCcoI( z$_SPFo+pH3{f!fILnu5FO?O_idGsV_lr6{Qh5Z~~%V+YWy;r&FpYN$p7=3k~Yn*+9 zm)P;A2I`2e^kvzx`)MeUwwp9zF$^p7lFb5gDI;W1|IKdzfmj7LQW+)~SLq+0HK`$t zUUP3&%#g?H&n<;lEO;1w><}IKIuVZxy|ai@%S!Z69|l2edUGsqMSdEVhQIhl?qPJI zD;iy)sTwijM+j6&5^r$!;-~>H74)i|4)=6&YS?(B)5l*AZX)_Zua>pQC3PY0SWWVJ z{X62`#;C~jPIvasa8Q6YPqlzlDqmEBrMdYFPWp`Zqi0qxR+XFm!i+SS4QjYb)xHe# z=CQdc)X8%@L3C7GN1(d!UKARzI=m}WSQ<9SO5OuEzz?=KbM0l{TN8M>+9k6UmHQRi z`URD7MY-=*IEv#AbE;>1nJ7p3gFl!39-d-%nC*@sjrs(M`M(_(>$Pxe4JxP>mZzLB zd|VoIX^K>paSfhRMu)k6 zr)ziB#zTC0-5Q`@={W0b%wp= zfJb>YMGr~$x_wN4zhyFAmLqi1?bk2rb=B!y({)-cxXJCLA$DZM*YEMHw;)QX<@9nX zuz}YX!CwS+OcJ6q3+oi`%Ljv> zJdwHucH@glL-dIN)pEn{8_i#9VEQIK4|-!23ClkQr|gA>ex`a!l9-rCMWEVt-VC{g z?`h7u%ug00_1res{n>-xNbe~Zf@@#_yb#M%9gu&*-F^I{hMHuTxhKiNwq>UPx#ZpW zwgC*#3EG{%W15GPF`I!7u>!=EmZOzG?LGO1gQDN5dLGBonXGX-$FHFPtbNVAm%VN6 zmDp4pSk+vVkYH>`r8Daw8JLxaSo*g>*eig0Oz_$>Z3(%`Lmyqbg(jNYd^VCxeq)!NvrRJGEwaP@46a z^IZ-GRPZ*^3&JthLiFg#WjO_M`TLgyStb0tj8mA{4spjIRHkOxVVg1OKr7O(k9Xtb zLkV-92~8qypPpzjgfqS5MpHVb7QDrS)oI%V1}7y>v_Vqzm<+1%=Sl0is|U^&0ETb` z(EE&0u=U>eOrz9|TZOo7&xU1wAf+?-sBzKGQx>iHbNK15zm*RcXRie-cToftt?}wH zk#&&@uyAKY$@d59g^oa;bPP=C{LG!D{&^?QS$Sbz>yea+adKxtt@?QCi;Ot+fyLHX zyMD7d4|C;SPq^CcU?ZnrT6!}|T)-LM$KGwW6yUBBEGO{G%s!<%xZL0;Dz|)sQMHJP z5FNEXBIXoIQ!C%7xCkC&P#6~70L_H92H{=hPF#wbAa|de@!e^7^dxlA-EeYRQIzxC zc?98Vz@?#ryw~S{v`p$p^MrR=!pH8?(C_(xx*XOjSRN2-D`L?JN<1vo$MmK^W`Z4?Bt99ud3}Ra&;IES) z%+KrVjrD$tj(&L>r9Y>8My>J%2W9R0QJ= z!e%K2pQ8v_`?x>YEe%w&$s$H=5S=^sD~~M`C6*YBA(CITdmps!NhUf6U3*fL_!QlX zJ`2|B&8ps{2a~!!dbt(($YMgot1DlUIUXvu^eP4V*bE(LhIwjH72#HXnCF#&>L#9k z|DgAWTH5cd(&gmj_v}r4y2ymtOI~YXkBn+rV1u9{8w#M#Z z$R+X8EvN9;>G75YLsamii7Hi&y{hTkc?H`_atEipkVnYy$^9~T+|*TR-)|z&SA|yr zIFw&#V_x6SMJJqr@fTt{X6qPWeagrZO&Pq7y6sycg=|!<*k! z%vLbXPwFvhOf%8s{j~6oOmd>5+2a*7cX2$iUiWcCv4}42936W5Tfl<(aKS~V99+V4 z=qnU<``Z9>^QcdUg*&syKS!73KB3*Y3*KlVs<94R6bk8&b2ED?tXkSt-uaTPGYz0c z?}Y%*IS)yxO7dIS@+#hA%BGu=s<(6&CmZh?SU{!c(!X1W-WVOXRlyzjOKZRS>eP4W zlBW!n-lxO!3-z0{m3dC_$i&6v0-fq#dWx5K&p~)9<)0Tlgxm#x{_% z-T->*+IV5kq)O+uiAUN@Y|?Xya8O;;pw_R2qaRahIji@EohXYwP7w#agUOULn!Md)l?yhybtPZpeKu8ll5Dme!89wqGGVzs+dHrM27R-a*56mxk?^#fm}Fy~sq1UhC_zd2X7G$cgy3ame46`0io9nJFGLSiRL4#Vf*w~1J*#-@ ziPd>o=!k_)X^wS;1%~@&#J@E`+V~I5G9j}Azl!&H&JXrycBOB~aQC;8#nL?w__)7fySgA?Z7fJvUnik@+Y#uki_S_8RcanMRjjV>Q*3(WBN-`E zXXA)#{FP5n*M5fLu27$(aPxLIL%J%vEdUO;$-D=S_M>;yDY^Jz%4|aO$yu@Nl^4k5 z;B|qjsd{#S7!Q8zY=pKOA9B67&%mu{4Ycvi%z>H5ES=4w!rg`1+ahg_0{_g({0SSy zHTgbZ$uvmMS0?M~ZlvR{_d;SNpz{!==9YzUZu>Qjz#mtlzc&bO=(QQ=z%ppoVoi^& zr3O_g7b|S|A24DvVbXO6^kTP;sC@if02+HBG6ZL3k;F&3nEeiZ-sQ}ztF#xuR6VBE zEyU-PcLMH4Bnr(9wr^o};MzBN`knY{*!5}&r&qdgIU-#FKag8{BVMWy(AD4;e0s7H z{EJ|n4J2+gj}#idQy6hOU9#@LOZs4r!(2A+%r5=sgoV#V`75OaX%hZNK{QNw9ilR+ z?+5CXaGl!Az{WrKgUHO2d03X@4YZE*Ot?Z2z;>!>! z;Hs2mrb|qtVVyn#*=pm}ld0nce!9-WxXa?eXmanA^*XZ<&7PNu6)^~AMF1?olJ0hH^GQK@#D|#Y69L;SmXeC zV#MeAZKHvg+>n1|z$(yXjg9lTZ%4YlL9=2ZE^jOJ{#1y+3!q)1z%;41I?g@0vPg|Z zs){Phga~Wr9u(8HpW&*v8pKXF*i}STw)Lk+I=b4D?5rO6r!d8jP!CE>=5kt;RFAA zksZTiVa1P-nu)6FSmsgc$ccIVq1B-Hv_cAlJmKMJmoNMMQO6hDKxPlVRagIDPdl@y zw-suV&Qoal7duSxY6w6SX?u88&yac>BmB;6IoH^h9M(W>I`zPJrF1xJg(~g@wliDv zCKo=L$X0E?XHqiE)V3braAf@$L)?7NG@t>jy(~XvPj=Di4g|o&gBB$ zyG3zb-=0cT^mS!$r<_nGEXIBH@GNezqUl&IH23)R+eA4siG2&!6F?Ka$sW z9>}FpRPUgDh56obA9BX{wF!dG+HS*n-M`{a$&^w(Q+8&23AONgbtdNf2!YR42hPuF zE-nS^2@X0gsA<6iENPpLy;@EL+NQ1fkw~>(%5uF$RC=6I1biw_BM!ZuA@#U(kzLc9 zO)LZ^5U7zg>EmrIDV9&C|6rzZ>d=S=l|8TjxXDhM3Vu=l%~zY>^p-GNxE3mt1w4QI z1+q-zr=W^9vnJ21j>?!(AnK zgSt+f6zRnPSWMmM;5GAVBB%A$atz-{wm*1eBxim+*8nobW3Uv^>dI~olo#jV@hFoM zHjmUCJTUYvS8QZZ-<`|gc6iDQRE1tx-Xw;%aySzPC4hAeCgc?v?XK&E+KiWwj2 z^I4yjyql62#oRaWEcylEySUXU*KlgKV}kSX%d+HYySN&1X8av&Dc9ekA3?1gM{7r! zAIm6lUZHqWJ{4a3QNZVvrKq$w`5jT`m3?oxlC9^$N7Q+|wB0VvOvq#7wlA1NdvJ7J ziNAl2uDg>;+DDU`(;L1+7gY<&utoa0L&*lT^$VNM3{1y-E>(Ld<&4F>X6pAe|E)V? zL^3mbX35iwt~n|xEBs9Y(WZW=lomB-F~wvRsEKz3bDsuAYvE-DU9)f`e^Jh1(l3RF zw${p)E|noNyv0r*JD&LD0^4!>eDHJK&OexXC@2s>I6tV13=3qFOMn$Tm6#tj7Vh|_ zf5Bx;fn!rAO}BhQRLnFgcWZ^IW63VZu+Fl?SlP{K-=LIB+pS1Et|qk4czrrM*LZC? z(0}HNsA(A0FxJA@OtN03O#9acx2~3tNl;0X1x3Zbv(o-L6Xl7^rOVW{j+&C9u|}m$ zX5e2rP=EXt(0f=EfAhYLOOzFdSPJYyvp(UqFfr6@(dy%Xg+s5QccDL+itwpAe++i7R_ozJMT9i9EBA4& zWqs{*&I|}(zJ9_aLIC$|&1x@Ix&>!H6ZhiuxHN^iTLZHI%s5%DCm1RBwiz={^BTS{ zVxhS^eve^hwNB-K9RBA;lH8+fS7x5J0h~q`F0iLgUI4ii?QJcpVsWqZA!dmF>TS_u z0C#8!hW$=oq^=q%P&N_RaYY%*8%OHyz7|V?Z1XBSja>G`pFrq=j7i>&IelX*<^(GS zaD~fkLM@%2IcBg&>|4$=2MO9LzuCI&`xDk3R>BK#FYNjliJp~rW0)rkc_4O(64@~e z`P4t`PCTSWd_q==Nz}^&>Uvcy4R(pvrG#;vu=gjFuefD0U@Cw&NH;9%?dZB!bYtGwg$#nnuc+MR z!fe@sm3u?yMT1mF@W*H;ijdC2=_K|U%+Z-G)1WwmHK}lYr^sJG;ilh3U7=ZXnMSNw zPlo`~pUJg7Hs=m->t*SkQIss%r?KWl>uzlBx+zS*nhRcMuX;f+3+uO$GO{mH?gjrr zW-EZXvHxMxH(gzR{~?t8yuf$9XlH{s3=B<0w3?FrES>AN0(k68Ji$xhRU;L7;+-U6 zW6{VM<2Oh725rVr``+wUBLtm;KVStK(KTH2GBgy1Y8Rsl_6Hl)>biE@C#GI|u2f2R zPCfGC`NF>7z#k@zEZLK-m>-W_qW{kH)UDUl=MHD6bfN+{IuUH)?%8hKX@{YGz^OwM5egYJo#DHk<#Tos)Qr1_KI{jD%}|MLCiCA=BT-Qi0Xb`yj)l!q!SN$TvvHg~Cd zi)^|{z#AYfvw1%7b+P4V+}UBH90?co!g{dIGDwplSBU8^9g&i1jAV`NjAi=`Y&hko z<~OuC!w2$%(R$lERhBJ>=T(S~_=9Wqe5fYC@%~0RM`=b65CS9E?JK3p(qW;qPbXw~ z=EG|-8g)Uq_K54#LVq&9J@T18vHxt}czU7|#|m>O*k9_T0}@eFdd-R0M~b&a{c}1M zV^j~Xf@0~qc)#A*TS=MS&tJVN_6_!NFDK8NbaD659Di7ivDqMzU73+EK>L@J(YYsl z>{uCK*oUuBR?`h5v^j; zR9d|{vb0zq0cV8WsNLyvSp?`(p6aBJ#A$f(Axt>_^}YeRkm1Ce8^}At=Y7D1Y0wM) zSO7ywx-o}?t!pd<|D?CDi=;xR5CPXQ^Fze^0d8ieuV+83x|mSgzVtnbCC@&rUqiBF zgQOD{uDOoMx4X_#2)tUo_MUxF zvyvb5aM%TZVWD}ECU-ZxV|n+W6&$J?*4y{ETF-D~f;fFH1@vDEe#8-BEphAcJ>BO% z&r@BxoSWGo+amtseL2rduE}3>EGdns1VDhgyx^v)EnqhI7^4v{k|wOVk(4v@P4wnl zR6S~8odYI~WCOHi^-->pbFhiGJu|YMgQ>Vd-3Yy8txP{ZHgtTN zcWt(hx`H>EDeY(IO44FT@N?d3o5_d0E$s1UR{yJEf*q_F@ZLH-aC^-9q4HQsQL!^v zF8G0z4v#U9+bqU$ff~T7ekJfq2{3TB;OzX`IrDBfK}@d z^*@?i>}J@pJ9*;6B|G3voL1>C#8Br}EEnu#UBWkJi`AbUka}|IxzU41fot}wmm4q= z+)WuLS03w|@{sX;dI5>dZ3B!>nvP#d=<8E%EFm=irOwIUA3qa9&dKF-g-YLFG;K$< ze<2sbcJ`P7cm(5GL|#Q{x+WKD#H}1Jjf(7L;Vo$aw+eJ5Nz{*fpP2x7F?JJ6jVxKs z4{jDq5moV)42_I1FF6~}pL=gd41Wod-WPuvmahHqBU_arLbqjElD7$da`!PKOSoDE z)EGj|kTAOn7*k@>?2SEHif6q|=iurb*%IzLHN`1$wU<7x{&X7NZ@Smt;#ue||B;|P z!s$H1;T%Y&QSm4omnb{myXDB+Me7+H{S!b@_=Zs4I0S1ovK35 z&tiVKp9ZumX3DjG&eaVDnlFX*hj3|1Y`&foRFi=j)LmTpt*SMBvwt_78_G&bDv`vD zf8|bh`Fu+zKyT%}v?O(dG}k*c%AgiCJgD{D;967l9qflL`Cdij+B;VO7^XN6@Idd` zJi=6c0vvTClvj^Y7W%|C)EJe;ug)07J0I*oO>WOMV5B2<%}nnI~Q z7CABhk5o~!(Cej$ecYY16!#P6d$h-#7=P5-0$k5+xoo;aAZ)OJzic}_Y^+~c55koO zKA^4*&`CdKVR%$r2slO>;|)2qF<3AcpVqj}rpQK%eJrO1(;P@}uCNGLz%z>WJp#Rh z(Tyh!v54=Te^UMIahe40|$icaN{ct__UYQ)vHlD1mQhC00)AjZ}^)fepUoB>}5!dSMKxOfy za+tzeJl3ym^Cam>-n*rmU-Em_q%y{6Z@smM068gUB{T7iJDSS4uyPX2AlpdL6&QIt zf6<>+*;Vr^0TWK8UUvpK+(fue|I#s6?VoG9atKv&VaG?UPuFWIEFlZ39OU%)HnQ8Op2Hk(c^==2ik8Vq z3i;D&eV64tn0=?O>&h=_3pTrjl6}Q>W>K+Sz(e}!HbrnG^tde= z8LnWfmx;i{cMH*JNbWdaL%RllleA#HVRkouoa^wHy?S&*(E6h-n{GZuSXhIgGfd6lNbTCG}Ec43kZld}CU+dtmo~t1 zVZhZOA;~9EE!*5We6@1>Hk5V%3{TN_15kfHoCM%a46r5lnpx2LNcJX|9z*t81g~vN z;Ylj<=-%40gopR~t(HP&*3Hy=V8f#DdC|Sf5~ru7R1{CX^HgOInQ8Jcq-I|<8oI%d zUrb2qH|wQ!{$gd+Gm~fQQP$E=r-M;V!u#33V$K_@sjBHQRx-fNT}KB7mrJsN8LH#; zSwGx+?8ywYun3Hs|CXS9Hr;e7k>!e4`trL}i_fbAt_jv!pe47{C#k6RVNb>x>WJnp z^Ib|keRtw9eS-DXbY^4ak=;~_1ypWftsd=V$C&dZIjLu6M`VCZSrW*?L9-_TKJo-`*qtVd!N8E z!5X0o$aUcEn#Z|q4o9d8M}93pgQW-qSw-L;Q{lkPOF$@Vbg2O~nOX7O2Z)L5^*qB& zT}8s<9ty_kLPQmJwvozvyN~o(TO?8h+Xv{J#;(jLnVTV^Vx7)V#NIq<-=3HfhUis4 z7dFeLpVa7YrO!fZx=(S=mZkK4$JbeI1U)eH{@Uk2_Fq+`wq#JV(raP9=oiX)W>71gezVM^J1}h+)*65gzS1mly!A&X zsR5m2uDE^gOCDyDcX&M;bjhi>s;Ft(8+*4T2;3D(ZliMyH8VZ@vLD>tW$TBVeG~?r z`%|)=2WPdrJO>Ky`z`Yl&ITzXbttM{A;Zq{r0o$5&sCIVZ%OpQ%#+8{36`HjiS@r< zv|e9kHruznOl%HiD^>bGq`mb+l-bM2oL;m+LEI&f;@-Bwbz?z#ck2o`}^9OFpLfbx%gg*)g;!PJ43qKh(7 z&*#Ri)(S$pr{?bi8V+uik}Tgcv;E}%-K)R7?_&6*&H`saW@qwtF)}TnE$wxZMZ)I2 zTmXVXXhC}0;-5H31^1?q^Lnnmh-Wj_Te9nvSEq@d$yCayS97j1u;xe-O=Nhr9sYp4 zfU~b4_uUgrIrb*+g)QZM=$76L&kG)4DnGg$gu10ncCC_-jHU6&r$IqSB2>yYO&8sx z=QlKFwq%_n+nzwn^Z6F-#7E5Ds#Uy;;*{T`%{)zc18!!Xa!MmAd?fNFsZ=!)>AJrNld=8KsZEdehswI5s;ka$F&;-!#yRCI&Q^qN(u zMXF8!)Bt_=nbmKS^v%yiBmHEW2SRG)ps#`!^m|)u5EnB>(%8)V2#jUNm&^E~)TM8< z(Uisl_!N~`r;DDR?Yu)B66O9ewZ0~qa-0eHv69Ts)NnxiBHGU9S@%0@_I|Rr@>F(E zW-pg3e?C^NzXakOJVjnSqgtj-={kyD#LgRt);+yresBqS_f$o4p`F|4wdu6z9K|ly zsM+dX@?(#COEo=g=TByzU86O>^o3nZvadM%sCq5$MyYJMH_VfoU7Z2*47CyTm@2=pYwn;;`@w5d-DzFV2rV##YZuikwDq?Q+ zo4%*)7}$=(vJu1w9pqS0Go@R_cJ|ui204)nQD6P7INxEmHB)gKB=ejVNx8d-VutV3 zAjeNb;|;vE{HRICGQ$3yE8!k4Bp zB$Y4tQs!NXsyQ}c#7WG=bcFrn%OM`?Tt?Z;KM1X2kFja z_03SPk^*XFwlHjkuO$*Qny=fmO?@8Dqdo0pb#Px~4AlWOG;L1SCbxw{BJM`b#`>o) z=nX^`=?Cu(S_rH42%rupsdM3X4po-24qo5-C7OdPoct5yIn7Qjn_@*3hJl1hi!S<*HnuAn4hM2fCO?S<}q2EEano z>loaVc(0IJ#3&@zFiPrKg?gH3Dq^nm2OvMUF7-f#`Mjm$<7S;WVMb*CXo8HH|yHj(Ve3rkX#i#=id9?JfJt;JX9h zxr{bARGgT@;R~2-ZBez;!@g+nnrec|{pwkCW|C(1lBqKwohwjaS7Wp8nr;MVY$(~q zOSHOWOs=3~Clyi@w|<=b?jMguT>*52450u@)lL6j}M0X!ac4vM(~9@mzbzGBL^AJLlh8-MBA%ohZIJ~%R88S~6t zDgZ1b?|6)xIDR!3-~$LiT0>1_8RA3r0I8mf8!zl~{&j!V1}$H)n%tehd1G-M*%(EN z-vX!^k&Uc9{-h$JM(h0i?sqfJ-~sb$p}+1w1waVVn2Cva|0%P%miIb_a7>LAU2kgh z;~Z&eMPPS{Lf)^cH}-O6kiv&2u!}fG^(>`@O(j-|=7%ocEG}&ngQ>UXlo4`in6VIf z-kQ5rFkp+WLOE|pLlZWb>L_d#ArXJHO6TL^o;fy-e1AP#n3eS{6=X#pc#&kWD&>)x+3ZB$;D6Tc3- z`5v``f<1eIZT*IX0x;>qFWaSbtts=n?fK|_C=|@lVpm!nFU+3Ul;SJ%WHFDe;aQLH z7X1#)V=?Q|od)jR?9=bG#UfaHUYJtKNESGWH&6IC8PM}P5J%amr5y}Uv zP1_I8Kl2QN9dc@va~&0NMgV4eG@Rz7XqInqko^N9i7$o~>^BHcwL@PLx3(hHUzNBE z&-o#(d->eAo0p9>D$@&SAGM0GWPRXjNCKt(d(>Z(TbD^|?>^tffz10{nGWD8QS;?5 zGWKkLjlPGp(J!Fat&FQ>#jfmlTvM5kNJya^$7a@NvhG_^U_->{F9wuG{Z>7qDGMpi zGC8cl6|o8_;~U})YBL(^SD9`D^A=f35t6LeKHT^R1Sn6H%eoYh{_(55z5sof{WQFS zjF|n~A|sD+@LBYDXQfZU7XhVHshrZ21_)v7SUE|f^`|PUBr%Ky^Nq)mc36|EH*Qtp z2Df%Y%^B>!@`UXRUR|0OE|IIvlvsZn9rS)HZZwR_^PdqvHn60-$gT|Tp4YjMlicKx5XaT_H;VD(El)w@>N^rBA5 z1CXqtxHE3Mt(_0Rp1POaxku1BXUkz(eyh=%s-1(Ku!Kxr%_Px#I95-enoV(XAW zyfuqaqo9_sCC6v`URMXzLPMO`>M!%dH*z|uYlDDX@nG5~M)V-$dN9VIVcMpw@ zw?py`W66F7JYsHOouz`9VErfX$5ABgmHnR5iH$qkiG43+Z?tT+8I~=Yhy_>p`3`P- z7RGluXBozD(Sx{wwEO&c*}c8|8YJE(6|D%yD+!z{xUIg6+I(r7xo6)zCjCu6_y@03 z<^T=F&?sI*@D6D10_M%b3^uiA>e^1kfE*dfse?dpf_CY|zx9RqAa} zL9#DVLRv1&9*ou2i93ht*OIUlPp|J{ZOg!2k}R3-jqSz9E`y8?%Pp8XN_{=8;SS^> zX%IqW4zT=Q^XrQccNC~et{sJTxWzD)}&xYSH+ks#%Gj0TZ;4S?}LNcMnujA31# zMx363vKt5fOTyD4#X)yrt`X35MYFp;(*KX56xm^FnLf9~o=E}C?-2PfT!GDfV8B9N0pX`S6lKK8Z z#n4=g>mZ^6k!jVurxil5cQkaBx(SB?HXg$&Ojt#RA*nLP=J_RHP?+ z#Bz|4p8lLjBQI)6SHzJ&4r7M&F4BI!53B{F5@UNPjK4Il>v(Jlt_i7&PFTYqQWD_D z;oJXPGz-(QjVEIcPDa15e`;>IqcOcD50k8&jdg8)+;gl<@RI88E~WLBCkP~26A~;>%my)&{jfV<<>@6i{s;rkCYXXvX*j+FZ3S@=a;aNfp~JO zDB{gX*2gxPF8DmyK0j$gsF9?s5#08n#kM2gLSxFy8)$0%EgAM_PJO90Din%- zX#Z5OI&1u>ej}N#_IZNtFVxb|qVBcE&EDk4Gu3aVFOfuGJp!8aP7>c7OG4sBkf+bk z#ZH_m{*_b9yHy}Oaq}7ZQxVQfRaL1T>-tgG_KqC9|5g7>!m!fFvEf?NQ}#ydAsll> zv??p{C1J7g2W~#SsISW;=7%XN1$fHCQi*H^Ne>KAdm^tQRmyu^Uur%ss$rtaP(Dpb z%iHxSh6<(5I#AP-kMAZ8uD`kFLE^U$BtyP*$ytZ}G~ZwL%++AcYxw;sK$5}C!74eR ze*3Eh(kty$h~00|DrFwfDp&N2ih+jIbeeyKzqO>Nt7OWpS{l?&7`yFuHt|f@0FI^C z{>_6_n^&74$%PDnobgK`e_tb%gRJz?!KHqrv%=l!*aZ951OM1a@7dUa$AO+5y$g=k zn7z>*P#eCE1tDS$Wnl(gYDUuerJAgP2M(tz&?xlK>f@A9F9ISr!2;FW7v|Fjm{mCz z)L6w1bonHWA7`al5PcRZ68(PX{|8pCe)(!Hvux&!kFkUHys*Li19x51cUArQvr4ar z3Sq@IS^WXJX6yTw+KAW#sd4rO`hLba7i&cLGp#GYQp>f~e}?SV*-^+zL_XpXJ+JU@XcyrOfX! z9VRWizkO^NFZ6`!*K59!vEji%E-dbSL^AyTZ8RA$D=l6ltHk{zR1BFOo71iJ^SR9} zeBNvwGnXV zr>ZVFz#3a{jB?GxKw$&7XG)yb?vsRO5$H1rcn$(NB<{mc1UX{UP}6rgn;*QQ`7vn^ zre1a&Bh*0n%8kozkDfN8_=dWk@K-*MR9l336`WVIS3XzUjj*Yz?rhQC1Oy9)+!Em( zU2t@povpkj!yJJVv}!O<2ktP+YDqD@3ZBeuqBJ;JS+J;OrpK!AoX}65Ksl!vJ?IM8 z5BZ+1R~@L4#$}m7w9CuH#Wm}C+Mbk|g}LDDA55k;gmQgawv<$d58PUBYlcOAh4D{U z+h>|n()2LApSn!%#45|lwH~>C3OXtSzp|EY{o>yJ=4&M-=8I~i%ryvUomIcBs|67f z#hMYx@=0IjKCVogblMGg5z7QWt2qpgsSb5g*UBrbOgTT6iAx*mO4rNXruclBrY~;? zs%*#yI*cu@>Wcwb{(d2)=Vkp-?nmNj(uCysYU9Ho?_5|0TL|~AC$4TaNdA(?)jzur zv{H{!KpsXmrOfb-$H4pzg*qmI`?+6MGH1>ZH6(KJ0yA)rACS*KEx{9+$1a(}+2Z>l z-|c1FB{muH;{eUU_rV7ma-PVIis_uN&pdgrHrPpHwTd-}UV@r;Pm;zSoyT#bdS5GN z*`DWl1*k6x{sEq=EfO&LRX@)8IbSr(hEv>2e)mofs1_+@6%W_xC;J{|u~%Ay$pe7O zPr)tVf(oV$)ENVDeXCX}=)$01mA0RLi}-mY*ioz~dt7_g`a7!dd3GE-gV}Mmr=UY| z48fGg)77WIBo7e)_Z$A*B#YzlCQ78%x)%rEhT8QgTrbsrOZVuGzHJS!JuyAKfBlTV zb0RoAZ)XsQzrX&1Tjmj4v8PW)=TQMrcvqK zibA5Wh{UQ8%AWzvW^55>pIqSvOG_e^b<&Bc8kvl0HjmWM2yvAF|BBk;@^4DX%TBkG zeE)`%lejCPe^=@F(!G&FFod!0w#N^f_V7(72u!63HADM@O0ZS zYE$e}cn_Aw+vFIquRf;>iRy1{ZDyy(v9FwpnoIDtP3uwY^r#5+{MND+I*cY@ELwbv z?}cJ&0Qwf*W`LafS}i)N5z0iP+9esb?SV&NbCel(GCHMqlJysQTFbEwDbKpx4d$in zX#1+4E}R07{dC?YB&RWsN$zoRtqox|@Q#ImLi>Z}xK<;MH#go(3?-I#kyS_z+L=a; zd(tgcDRjk7UdL%WzlCJYJULey940**D}8ui>58*J6cX)l$zwj%fpN+Us@-GJ8ZS4|gOsQ51cr%=yOC4eZAxn{k{Jz$Dm*s&Bb*rT zU;*Bt22-!Dq@my0)MtmPb!>EKimvVOvbWN(70K%V%B$|-T*T|T&MZGT%_0RNMJFdA zwhkq*-J6jTOxYm|3#;Ep_>NVbb_rEo^9X2pWx=%TUl7s4loGw7$376hyp->By}u~v&E0-&m_samB-x*1Oa$|ti|UR?M$wA&mYuD-;m ziX7V2*B%^TpjH~cY-iTqJs}(v)GIF#9k)3madpF7+2Or{;ZT3Q@B~<6`-+N16xIaP zxy@`pTQ8RgS@b0q1Qo$?`d+o9X!OgAU%woRbaOKma^I$J`RybY>_wW^P@R_SsF{_% zyzSkkG*mYrVm6!TJo$^E%KvRG{_}t$G0cgBf#4+6VB(B?pZz*E^_K~4js!bpZo{wi z#-%%U-E*u{8-Q>H>SX)0LM=YF24p!O%d0@rO9*+9S)S4jCM>x|T&rGKwHXCXpI3Cr zZ6Lg!CR@`ESSaj=J%Pqq4a=xav$!nYEa6%NXw#sL_i77WrLoV(M~$+D^|ATdvP31X zoxn`%BJ&QYYwr?klc&{R3y|C@TgyP1A!e5KJBJ1|@B&USjxHqH21C4!k4)ZmsVBq&)PwC&2+b=t5ywnI{3-?~knJ0V@6&O6Mx4Wws5o&tcc+(PQYg@7oI^5^U4 z&5yTL{E<+n9H!1pK zg0Z8Jg40#q@4{Zy2k2?-blM9)07bj1E0)@@y!v8it|eBWyrQ;OTEO+Cuf}45>I8uq z@WV48&WO>-5mUW5YkCLgxIJX4ysfH}d{9@a!u?O5R z^y|m;{IwYjd>p%kOmR3@W%EE}d7nObR|R;|yu&i$zsHK~ZGi{8GevS`_J#8wnhxK* zQ5aD&Rj+O}ldRnVHEOiUL^h09ltmMz6qEc_Dek-ePprVyZozs|a6A=fN|U?<*l|pY*4Gj%{}kR)(+}xe zQuhlP^ALErSu~a?!X?a`Fdb$F>=WK?lU*+f@8`KI+#^I+Q8Z$Tfme!mG}hPy<^vM` z2vOl_yZUlBu-agn;w|8AAtIia0_13pyG?sb6y{r^Ut3>`vefFvF+qhAQX>_v@-G>* zpyc(|@j!zL6B65$iERM{K`Udb#IP4c%ei0@H7W?&tE*)n(&5cp@`B@ukJMM0)*pDN zbwl-*J1t%Z><3C1jb!=z6-MlA&-b~v&H8_zEB*?&#EDCU6p(xWD0II~lnk~)X=&VR zrg5M)DvpC>`>+y9^Q0Hr>}rXb3#OpNCT?Br*#*`9hi6hUu@}Ky+R(_24m|OG=&tusNa-83p#gDh3Pnz>dfL z&)Sy80^?HH;T&!uc^CTL)b077WrMlBEDEc_5eokGj`*18b~tL)KaO`MgwXamoltknsT!V3qLS~kIQ(59s-h{vUjjy#x$#>8eBo?$?i_TGDWw60YApEA1ao`wM=lPV(!R{%FP-z9X*NV0$$J@`##ls{W^q5#vTgSYGt!D zUE~zP{IQ2nG7Wf+iWSoWHb|do%4MxYFtmp7l$`e^sQ;IbdyuNt1$|(!RiSp$jKX&N zxLu`adH5Wu?$#o81Npr?qqxsm0c@(Cvz>e3PZ;SdbsGdzz=**}^$0oUNx!)Ht3X+P z-`0v4#h0y)!AWi${hzgSbq9E;gJ1i&_UdlkSk@BN@28LGQAqi?)W^cKl_3R>Z5rGa zt}j2thJ3hzNovY;EnA!tk;Zly|LI2h?~~sRlQI1TK4~PeT+WIb06<9Tn@E8|u<|f-Q`&i2Q-d2$yw&TfV;8(AXNZx=^sQ)0^ zemj{NTdNd(Br&~&@LDXOYdxZBwBFEC!Bri@hP(-l%#i#cFSMJ~aDLKU)th6J#>IiV)Z`r5HlHEXHFrk0n zSTOh)5ODz;6|c+GRjP7sU59aV4?LpS6)|#g^S?I!7w+A-4gh9TvWYoZv#2z|RM9_) zvlpQ=;9k8y+!HM7#oAWjQnKclmuV(LcU}oYzW##){ozT-xfzdEWh1S`%xOuox1}Ms zk$tm7ya=$wpPn~9Ro5iuKbQn2SSr#IyppM013RL%d6>10g-__NsEe-2W3tXazdtlu zlF(sQ_&1!rjB0L}<8yg5$DJjm*eY4a=Ri>5iCCj`V?jneuPfM+G?luV1V(VorpX#f ztZYl-QAIc5|HE3e^0|n1`|&Ct+U~RkBjVKpURhZ&TS`j;d)NL3Vu-f@$Vs2>=#9cL zdj%BwcCc6zvhoEXQ~DvZnA4yjSp2nr^dnU7EgIQkzV7P8<@xIV;K8?!x*yPc2A-Ko zv4Q8500-s4kHLRx%jrf9b_#RW1;e^uUk_DrzlIea36cZrpW8!IJ-h=-Y~aaL*hyA& z3y;7Ryk;2pTl01RVR~x;ICM`o_s#P((8dA(waAazg&+f<+PjP94GCXrQ5Y#Pl%3?1 zNTe*18QKftKI_dHy~()tNFlBmUZYgCe8{S>lMX38~vYuh>&+CNk(sOuzzdVqcyt%(yyOO>U}^B1Y{g` zfgr~cx4^;$SmB4@5<(Nt^%pa$I(KMZ~=0r0Beh4>}ZyYKSm-nNr-NFz9e4lNj6VbH*9K zoLO}NNM2|X|6$?c0Iz~u7mo8gv7)SJ`X`pg@@UzF)|m~yXzB$TnN zbm6eLzrGgqcBUfiqoZeNEq9CFn%F;J_IvA8`-Q$qIPp=FU5p2iq0`2s6$^_uLNL%v z$$2{j+CY^7Go@&MJ^do^!Ka}v{Vf$9*m7Z3(ANvq%^^jk=ZP=2o5jUub_BlbLG0RmB1Ydl_0c<*?mK&F!%KxdAvh zdK3t13zd$Z~7Yy>~Jgn4x zk~w=Qd3lDObz}oz^O6t&J3t%)d)Bwtxqb})FSF3+KbVDTrMYVK;cAQ*KHO=SpS6F! zN6$#VB~E4c5=%^_84+y!u5ljjP-AYaCPZi8P z)#}(%D4E3eweSnWy?{nn#1C)~q~AcAYVToUAh3dFJ=?QZsQ&Ui7&ogwbOq()u*c2# zUcdqDey^fG>lz7w%?OjKcS%Lk_RGj0Od1c42r~_0N;U-W;J(e%Z;P%o8w-G|Fc* z>lQhC*`F<7sdX3J=ey+PAB(bVoo3InxjFWev8j(#P>RN792M~7cQCaxpw(Q`k4gDy zK_^5aT9W74)YaJ-EBfJ`rLn7_@&sj8(%*@yCKvvcEMg8>EB9$YSccI0U=EDiaMX0~ z960QL_px)xpNk>->_aifl(losc!d@?-~Q+50}z4n+>-R{J2(zS%Z~s_K;hjC*)72U zC{Qn!K5E#hH#gEZfKxs5DB`PznU{F*PIY`FFaF2o2Xa1Zc7yI5Vu@IMjEq-Q^yL?E zv1roM>{L08r%8LjQ6U`m^S14M-$K+n6+x^jp^5am^3@9!&hABud9{%SYCUk1Wfkqh z!f9|msE_~bV+q|YQD1XEPu`l^{Q5@~`RplR_9pjs+Rs+Fi-=-$S$-ns99@|KhfQn+ z3zNNhpJ1TgfSUoez$i2I2ZOKbDxzuO#W(|{*~hQj8=w$xX-wRZF37uw0*Y5rzz8vq z#7~=Px`h%eBNyAeTtSDZ$bMi8&0Nv5l)d=p1SfwZ2+C$XI)y&w!RTCM1d|%i>Y6bV zOIcm+je^|8mmc%AB~}jrZL&Ffc$X5GaP)h6OqMlI+WCvbijM0ehO&aJRzpo<)1Mtn z1qd-m2bV*5;gz81#eKwILJF;$0l`Y<@&0-1BV8CN`XN?N=P&+4UK{NduBd|I=mBrMMbHiHC)N1GUE3OJt<@m?O(s=;Ftd0el3&n)3T za0Ui6T^JT-utELnLJcOpKw)b(L03`w?j;2#ZB%0(6hFnkEkRPb_a4+veJ5YX4|RM| zftIhPpmPaVvlaf_X&`uNkJz?Y;Vcv_(u9k1D-WKGWx8I;&LYI`(=UEoiZj-f?!?n! z6{8GQ%QbHLu9cKDZg1dPuiVOXR4H)fTh>d_^p^IdGLE=>>^a-~;vQ+b=8gj?*?ZUg~i?zO zB0D71atL(T?64*h1eZE)Z}9!#UZSr|!KZ8*FT{Oi`f^-Eiey~TTy15iQ+Te7n2vTC zR0Uj3xn{^Q#it?#Y0F(?+^64sYeK`I!BqT4C5Z(le5|a?MHrqIX4=`n&C)lJ@}bxU zRbgCxCLj53CCwuVJ-cddFKVD_1Gv67k)e_6okE8ENfkAc_@?FRt6@%Gzl@M$@+A+i zy!goS^S5H>a*Dhk!)8cRmchn1?$>TP)WUpe3Zwe>Jb5 z_X-jQ@y*Mcl9gZ^U8`nG+STh5%dkE?y+`T&#&|2Y=tz-I(*TieuQNlh(`l!B)h1I=jv;sTb=`G7zonB(H0yKh3QEW95lVv(Z&2lHeO z(_Ny9#0o6eO^f$I!jjc z=R34=c`vibArfSGrhN;ecQA^P+Gm{KQ@$1`Vw{JyhU1g9q3j)M5nJBdX~dvINQTTK1!^@AV&BAVrz(4S^~$ z!LXSn?+nU8{O=lL0L=Moo&281hTGzNADOOHtreE^c+6+(*RC05FSsys13bzj8KzVV z+?=h3qSZVb*11##t5m z;qY%n;|r)&N(T>|1o-&<#!r9GOLBgdj^VaM^xBC_#n(jcKc~5R3<6JxTK6uH1%0>j zeAY5pt!)>aM5jC7xEloNaLwE2kW?_gJ{%G7t(itqE}!a09$-W(@(uZlw;_Mu8xFPz zvu5FNb4575yTU8&tMp)q+VjyX}+GOcw(RBl^pD-wPbo$k6~d?X8O=8+864(nDU}WcnV%L|9Ta&kZQy76NvYlB?%N;Jm2( z=avg_h5v$eNt&<7!enXqy!|G=f2|b11Ym-MTr7<*n8N1Q9AUHUf+KCk$EpN9Si*vy z=g@cr9;XA5jxhau=P!@tF`rYi&eigkYHtC9*d8w-Z{iUD3m?SXlVG5D=?K67XBTWW zQ~ai&2LZ9iBZ*Q>%%!5L0rvz{Bt+I8sdX)2U4nX|^2!{4ODqJ)!A0Wb;BicEh`0Fa zmx-Kntrwe?eW*bk9P`h1Z(D_J0)7%#Yk-#e5hZ5Y?0;Y*jL!;G6=#2S9r`^q(<~)6^#}D_a%y%*u%K_i!TvvRRiSSAfgr) zc}1hgP%zpFu;6DCqdd8ohwl0Q&3o&#?a(fWxU^F-3nK;+1v}GL2qR7R3)#_xCytii z{~BjXrmmfX5&q5)cw4$7Fbnv3L>&f^mMNj(msprNFpLX>dj|fPm7~x4oVi_=xM-y0 z6BdBMO-yWld-HEN?0~BPyjLPFr8~cr-T}qxElRctma^ta%gM+NsEO<4vQ4YQtOCPC z{vcJ3JR&GzBP8pZPeI~$Iuw$%MNdzb?fH{a&0{LSHLI#l+@=nB54Gx z?=2Ly;MKdNym%9QxHi!I9qY*NTf~m!;9B2fI~BPCAHMMm{ciqd$=tVcc4Cxlc|sKp z7$ztRGM^z}AP>0|(HuxDh^}{I1XG$_0(GNE!j|ceR=iT2B7p1=L%M3Owkf@g{eAAu z-Y@JU>i=G7A=ULojL9#v-}<_wj8pkh?p0T&)5#a{Z}x=u2?GL`K{_+AK%22fMo}H! zc1@+v<`J@X7(|#_(8)`u8T;8viwP!xpOm#t8lP?9Xd_|eTT{%rjuxVAgwwr!p(4g8(6Bwxd_TU@YeQTpgjvIb z3Z~!u36ji!Nlg|Y6HpZdw}nY1DqYg`U`RV9L6H`z;a`s$GGEufnBf#lWDj7>`4$?v z5h!DS$-^pe=U!^zaS-?YBD0SB=_!vGF1lcTPQtD)WC#pqXbqCs^`cCIcajS%PeWoI z2wz9S_`m+5HLv#ffDxP>saa8crSJTGf7$QQkC%Y4jp%f*3hi7|?3vcTWNiR@s>${> zQ$&PP2RX9SSq+2Q|>*;p{Fd5-u5PceTe zM1Ka z7D2zc`xwcKe6+wt2;rEaeX6tDv7u0Z_>SFmWviTavSQ$lEmhs45YCwd-8XqA1&sJ+ zWJ?-A*Jv(r4{J=?Wo47jca-VDdOSlQhAwPMFU-#2JOG8;1YjpFU(xkAowy!oM3;#X zz!HKOGOK>KTqSDJlzm_2r@!x-g)71y`BlnnjJ#4;*)e$kyv+6!R&KHV84jxeJC&Sk z0sju{4gE&7f%dLU+P-^Le_Sffl_05@SLdmoyi5QvYCX#`EN&cmC80NU_n}x=>p_Tx&@QQ^^6mqfA;WjqA)I3w-Xz$!~wem%Gb>V7rF9@WNETb*Hvg+Pf#nU zKhyVW-6lv6nJtbxn2Ybfr5E4XG)Ew?4<)5SV{f}{#JIDNqH$5`-+*r46!~vJ4$-8u z5(2Q_6A@Jf*}^YBZS?wAl$Ne#wfJkIpguY;S!crXnBcyZH91#{V7vuayS_dS zyY00#@cwXVkh-^=?`2T@*=)mGS@Vvv1Ez>(nOUHa#I{gM0O4rJoQq5doW=sF8aSlw zlZ@M6m0Qz^!?6XfN)iDyq}H2|=>1l7KWqKILzjnG<@7mdi04;x|8}v`)7B%RWDB0A zLa;&Rf=;QBaNbY9)8=g(=ffMfJFk76bakCtR(jI$piJ=&m8a*0_PA$!Bopk3IjVRk z@n-5SRaroDw1YOq7tIzioh@_~6U)O*@^reaAPtXa{>oKdd9#3q5aeCaE7L5v9o4)s zcq_Atb^o<_k-~%b3I4rSp0i4RV<16z^LjPiXXfg2Ttg{MNR8P02}xcFPMFAPvfvDm z1B9x+?3oFbLA9e&#>s1;Lw}+Q>j6<(r$@I($K#RXE4eOcDo zLN)O$2Npyi=<)`fYcaVx5oKstT=n(dYi}yPP@pLa!#Dx>=A$hqf8hSrjuGqir)B3g>qYs;)GC|qu zA%=>~b%|18Q9b|m5zv|=tDdp191}se`73UZrBGK$D(C7^Tu*}9bmJK|`x`{kC<6n* zL2z$W`&Li$A()Xd`(-Z6K|!4FwDJLGg5Y`gl@GT*;jO}>a^|we>wSy4jsf)@%}UD} znX7jy^p~%G;oez48=+S1^1CdlvWNKzGq-7I{4SY2j(*mS;BcJL3Qs1!r&D^6ulxJC zIj&Wl|8TycW*tWRW&zWYz(#zFOYwRfPW?&bc>3Aj4)+c0AqmGi-Cig@jWAl|yJW3m$NT%KZs^Z< z&)0Tq#D#x>36r0>rmi#v6nIv?ffA(jn`q^W%QRzZZrkM9c4^fH$!j7e%P_kNgSEj`X{EcnazQZn&bRis+7&7qRl2Ul5_ z!qlM(g!H%`fkf~hs4kg<_*MD4c$T3^x{5LU6-$_D$SMBI%wKermHJo5A zbQaw}NUzs2LSePfpOlewfU)#-O*MFt@*;EJRNj7|e*@CrTBGAkam3lzR^HK(J?RK3 zm2jj%5IFIydcLAbAen43rQ^I7Y?7kj)3&x%J-3*1?S!-n7*%IwqS_#4Kov1=f$CUF zzn=kfo3Lbe1v9T%i;@N!F_7`brP>QH6ijlor_5!!+zR2@TY^cIgNo%v6R7^~ zl*6?M_&EHIe@lK>b&W~W?t?Nn7Co^xZ8xO?BSaRPU0|GsGYY%nI_bFjgPwF`YV?Or z?d17gqq>A=Gg}J*1re$)&Qj884>@BKgZ$R}2(=%v4%(x>Op?+vR@1Lsv;A!S&FK%Cqt1ZdeTXleeKQKt>ceWd!*H-(HCoH_~ z6`X4`bWrCsev~RdQh4l{(}xF=z&!q|=zum5$N*hZ)rAVQ8MRwz!ftMHyAU=x2h#nA*gaWMcJPEoGIB(s>CYd%zpm+N7Uv*v_U zCcV6%e08|lZKZGA9%<(ZKgl{EL|)odc_#PAbJf!J`<|~~T2O-b=2oI+vU${+Uuusv zYPQ07{36-H=l+qA-2+VWnl}j*X7H|xPs1pfJq%KOo)yu^b}0y+r+E)^BrF<@uVS)i zOujbNqxV~TLK(LzebMm9WI#kFuiVeQ0vrp953YIpm(%zZ)WRQw*}Fr8kBygy2?ZaR zg#2RT96=*AHRF69AwQ1(=??!v!CH8aae=*Tyb{RA8Ido#u}W5WhlpNPSo-A6FF%o3ZH> zd<3OtBUC#h{hJqGf<`Av!?7!6tlB7;kfC5bqdKU6tIx(f8&EuFs8+LPfBk<43;!T} zs+F8WE7^T~_Tu0aOzO&Fm$%Qitejgk99g&^TP-&qG$j|k4r$5woTf0UgZhL8`?{+c z`qwVgS(02{d%X-ry=I!hazOsT{KcF?Nuiyb#{hOJ*^admtP84`I^9kYH`<5{U(3k1AkDBrNDGjkI9yT@Jw6SfmDEwpWH zAT&66>o;LhzFbe{Io^~i;^<@hZ1i|t0-MaBCNNAdA*IA;c$LH~^NLX6bD(osW?8QgTItA+!BNe_i0l?^! zAiS7D!HtvmER;HjCQ|Fza^Q@){u=G=e|)YQDsQ(6wsqZza{=Mo-D-jv6gT|~ z@^Ct)oWIJ4RmFpo-BxqKIIsN-kPrLSBYrQ5+6fhm$hL+Z*@7M2*-+)*O~R({6&0zX z+DFEqTautn1*>Yb;689wjN+Z3I}|PA8B9>tkOmqhtS7zU_BTG<`v<-oof$4#`1N?+ zj2;8$xH*|eX_EI84xQEpqdDxqkI$`U7_l;WLmv9bzjmxSP^SS`A)Zx`1irjH7Uau^ zny|$L3@ZILLNt$@gx42!j~%sIm6v}iB%@jeiVLykIQM|WIu<*Z8)fln~K z&_BOF)}QL6WdP4TE`D3i?VQrA(+K4z3w}S$I)C>0wTII+$laF)DdPB6THde{p`ivv z)AUceHuhMP9ShEvBglpVbpW~K_XeWF#-bXtDCS)o_cX||SMTqq+Vkx|vpq-rg&(=>FJpQdQ%c z`wn_WCI=0$Wo~cwxn;Q#>NCNm(QOfQp~w#wj-{d1WKwv%puVE?ZZIGXy-w_@Nzt>gL64XwHRh_L^uV-uxtMVgmc~7GGYH?kz$QRIgXcU9bo#c zBqm|o-(4NpBF53tT6&xpwpCaJd@^8YY*MAlXU)Cq!U0Q5L&ih<2_mFwKlCl-0hvcP zP$udUw_z|}?B{iy;@vV8YZTMXI#ti(860S$0!l~xpoPS5>iu87nx+Gd%I6t$rXIBg zoq~d^y;jl^SpK}D_9oyl@RNPfeK`}M7e{gIdJ`gTyCtV@-&`@#E;6Gan8)3h|Gm8f zs`8d*c|)6%Rp~RwtAm>G604k?57W-P0~zy5RibO|T$Wj9=}#N{&a`lrR=0?eYQ5Pk zJ-txt38D^@Ixid>Z!?gP{O|7V&SPcP#jJ|W)jM;XPVTpid?LoHgzD|(1`@v2JQI0X*-F&$A0mVpgmSO&?F=pk^FJsm-PH-uCgvf% zOrdmOqXRb_iVG)!#sHg^XZN_PH)TnW`k~vhds}g#qrLdB=I%aE1s(cR zIRp-G3r6)6(rQ8xzC)V1avtIv)Ogl-!Zkg0mqT{IdEN!e32P9K@DH~39~#-EZl7OU z`olQD*y0axIh~+ja(XyS0e8Xqu2!l_;WTKBYJm!o;gZU)JAQ*)_xA5`++yN0N@87( zAoQ@#9(Ap{X7TLFsS|^7TK;1Yy;rRUxgn)-w7&}WRIc0m>sh8R#u{2E&PXiV&!oGh z+N1lqM-vD6&Q6m(79MRmrZKALbS?cAItW#O?7ANwfTKN^*jk`9 z2dN=wLc!KG-GehM4*h>1$xln2b!jl&!%j!(m~V@rkI?;G12M)A@K0E-Ls(QnWU8E- z)G^w!IY2gmJ;V`Wnpz|DWVuPO(@alsiNw{2spoM9Lohzut<@CsOgUuKs71!YJ+Ja_ z&EYaxChP@D1$XnzU@0{#ztGMrMK`_Dz3%DGVrTr$AJ$nALRP6y0^UGficBl#i_Cwt z+zfH|rhcX!Rm6T6`ph8#K74?i9uI!p`g|m9f4W_(OF0cda&8OP*%(EqG>G^mfLX08eG~ zWs3?LdB%08;@kR*hnFkcWu2%^0^8t7XZa?Iw*j*!G3*LGd+dNZqo5F{8B;SUPB*Z^%Yk`Um7UPPllWqQ_t%Ns|VG!QZqDS|LNzEqmJ{SmW8^p7JsC z8^#aWis7WB8CL5{i5z5EzNFhq5)AZ1MF^dd&17!4MeNEtXe+BitPeH!R7Q)8!M&I? z8Ra(v9mVYppVzu~Z#nKNBrerzg8K)b5VAmMwsQGT;9W9?Wa$qhqH(Jy-Ez1$@66LA zrqG`6eont!MB}z z8sVC@IHf&fpfp+JVSmhE$JBSZl)Hd@&9q>aUgo`RJ<%%Cq#ZKw7+KmiGJas|*ZHVO zV#51iJ?`S~!DAFUJXe({%U|I1U2AqypQcWY-__}yn;-fHk+~4rp30Rvu;hCIe_xQ+ zeM(Bf4CQdW>n!ZpOzDZYVL3o>%xAt3&}DYDeOfQk^50v0f!0GV5G1T! zN}=r&F0u^=Y(u*SbaBXX*faW%TB;Ld*kiWg+VKKoItI9AB=8LoBpVDg2$3% zvR4EGrQiGN1TU*J&&aQzVBG&*wo$Qh#KQWZndVs!Nxp{^EXb(mKhO|U^5U(avkO29 zEeY{%Pae6Y>pv4Wk-7cIrH#tEUKGIZzP$sau!olq+5`EP&zv@61m~#L-Yk6HJw${7 zMknMY&IV((aeisuDI9$g10f5B1u~UTo~#C!c#a4PF#H|Hy9AhoXwOYe<%F~49Cfx zZJlwNtFHlP(Cx@KJqJIijB47wj>RZ(UvjT(8@4v;aE)zRAF_ zb*Jtc1;x=Rv{xNu>;?;Qk1A705neyvt;Pw`6>E;fQ)>3t#$DZ`oZmBsH-1uH8`*3# zZ_R{R1na$8m|F%gf4f_tC6pc>Wq*9$RL(H+bAVer`M&cY1I0x+*VFd8i(DuOK(U-e6vflM{hUAS#!wbmzuTzPodfI6xmf zaI;>&9U?c;m-Kiq=Jg~*0N81U_M5O1vkJ;z=--_5a`y|}&caUU4$#^Ab-Bckw_hZA zNf9Z49FvF;`ix?K;y0;t_0yV#BU3^mTm;M@uQ80r6 z7~Q#EGA7d0p=(s5)D5+p5jH_n-ss3Ew8yQ23qxXHuMTgHEeoXQ9EFMU)X)#%JRT3( zR7?Q(z^ii^`@ife1`Kc2XiaA?(FgJ7o5hw$Z>p8<3gFSjpsU_A+i$ov1pK2&78d1^ zLxAZC9P&s&f-eMyl1 zG1vi7oM_0}{bZsY#!uVE1wHWq`c_VriL2b{gJ88+cU0;?_m{@fuzg3X{2@l=$$^IP zJB?OQ2o5dhl7BoO$Y}|?uZ25yTLMKF{JEhjfC4w7YE{O^;Lhc}gijQG(ejk+BcH|j z8p&RY^%Fo&HvWPjmqhqJUYU3NebZ5AZi6d{ALA$LD(-IGd$wmlnks)KK0EUB-mn;l zM8N`3BJe|3{yb-!>^-_g?nJGRA&zS;fm!rZkO211ZMtX8{qOf z4cMZG=_nw8O8xX@ekn zMT43);^m`n*;Q$*A2-Cr2=sh)0En{2=t2?IsDNULM~CYatlt~O^SUEqcJfn8rS{Lc zp@4+fnA**(Ai z?=Jr8n&qTAJ$-{Wb4OS*wkRAm9+>s(TZx3+qK#$$ZR=N8o-i0taw_q))wb$z56D%w z0J$QnUsj%nXj~4l%^2B}mA@B2Fg#Z!?*KI5zh&X_#!GdkcD)%B8;3^5n=W0yO!1uB z3Mp*=utJ_H2iup(k;NRXA1@3C+I`P&cU&O7xmO&?nA-Rte&J4eXr9qJ)U=hkB)|n^ zIKUU&(6xS&t^)jrFC5@-^Y>mAMu+!4f!hy;HQ+}D2T8|F6Q*1ZqmD|0x!gG^aE?Eye02_KLlsYo;L{#8 z^C}5s%xLt@s<^+1!-Dq62QjAnDU6y=*OXV6-y5r}?Qc@T*+p{ZtlT4m)YIxjM)93&)w)rKE8umuZQ-Q8sQO;}XMfoEaJ88gN zw%eIEYuv{SG<{&`u*WZ@fv%5Tec!8}3pwoBwR3JXKd++Kul?j-bir=FJ#zl|eGb;!uw_0n9C;UlSK&)s<8z4ic*uHd zVNZG?8e+yzC(gP4icaKtSX{4Ify*vxO9=m7NKMM|+GlX?Whx0b&m`YCi4GrL`GLEN zetjZsm<@HSp140jlgX_5k4oTt9J_c5_BFHta*0Ju3Sa%yeT6shsCCX2828m6_W>hT zX@G@tFkQBs3Uuq5Ufv1r#w@X>@CtmCZss)Ok2O>8C)wE6_sc5|Yu&hB+`oTP#5N`5 zNj|FvjGH~WpWfCpR7#Sa&4)J{6mNG0sh2Mto``=QG`SCSvudj`3;&+>#!9@UBQT{= zEn3CeI2nuuBD=;5MQjVmIu&UiJ=9$LxSDbqqY_tZe0JWkmFTPtwvT7xX&>UVL??G` zA!JZsiL6D==w_}aepN_+#(v~;DLU3fBnPP*mWlb0`=wnbw#k0dlx^9K7N*PFbZqCu z`&a*qdx)JB$c;~=duD}zIFDo$eqgd>sLqU?(T(c^hB4hvZkXm?vBaz>dnk=>?jq)SJV2(>mz=E>|WiE zfUxWxlNbC)cZi;1E<{D!?8>l&UIT=Y#U4xgBI{mLsz)W{#$*Sch;96mD-wUI32gvxL4g?rvVt}xlxU!3Ma>gcxC4NV7)cz@NZ?JtBm zPM=+Nl}lV$)Etwv57?k%ru|24PM_S5YQTS`y^)RQZ4=Rn0t8k4nb$VIjJXtXm+i?; zV^W!Y%jc0st}@T_%AOg0-U#$C;WT=<^CQ>qyGe9_gGFv;ha&64RKL(v9)8|dmR7{k zA{6m`b-I5ykte%1?7E`jdGtUcC;P3SxWwx5Pnz+vvZyeJWG=l@6TfDL-sQ!0Ti_kQ z(`ovUy?Ae(&jH>cq{i=5!`N%?6(Dr~#y@&IJn{?iGo3Yjc{73GcbwC(2Dh;tY!8J& zq=kgJrbY8MT(DOHUm1HT`9zGzV6}Zv&~!u{#;>Mmw8zRXaRpa2~}}>8cqN#7l(DJ-B5c%&HZ*(CbfRtO7y3>b6GY7 zWs4-|NZ68=UAy*rQQ!W0?@Vwl50xoRd46zsrA?1{-Cl^?U6eXzfr9Dw5fkc=%8Sw5$m-|m=>>ya^z+o!yX#A44t6&f?R$)hV zvMt*XI=?SL%g#tuDmCt^5w!{3*hLdzGQPO?0$U z3365(;9^sTAJcqKLgSoMF5LyDRo?zzJ!7*=pZF?1K?nKsQ+})iGv6ta4=tq&ykX2%Ch^6dQHB6;|u_ALNThwnJ8u zyVddJ%Wjdtd_GGB{F9!oKjfR^H7g9;r7EVXhfB}itY#Hk-#Pk?^&kHf>6C;Hb}V+RFH30jnZBSP33Qa9r!bHu$`G1i^i@O z&K8#)Su**#i?OOP8D5+&H$Ag(^(7-Y6G=_NxC*w(D?m@R?!1J1QTZaIh1?{19_lRG^o-Qb`Z%c( z@+v!Hv2s11>~=*Cr*g;zj92ZspLH)q{wBNECXmay18HLz2LJz}spaL-(?fa5H+@cg@CJAqiG1+SP5D`<;ZCEj9t^ODz(Z%U z2)0o@@YGflBxF2Ko5d`0j2bmce3L1aRhkJ*@P|z}ogmR9Jozh`UIXd57i0rK)mU)o3H6-fRb6|vH*_x^I4$U8rD_0VWyBz{o|^q`hm z#&qhOsMD3P6Q>K-p+{5BhYzq(Hb-yPOx2W3!qb_k(+?i!9n?ud{bvAlLHVC<69Otv z%)OF7M%G?O6y)CMfL05x+WYQwJXwHU>v-j`csa!b87JYGJ=d*#L2wu5ro!m^KlP~Y zQlNnrI9Vx0ZpUJl$k1EvIluQH9OUB^b^v3-W4N|jC6;n=G%?IftfKV8eu1*E{V~N+ z(t*1nH`c4!7qyJTeszLbQ;N1lYn}n2n31t#oEsy-XS!^Yl>yzupW{!ROevdPz!)aA zK+Lm?$g5n$G9ZPqrTx)nvqT{zMU*wuE3XbrO}&kJ{cy0l4*zSch|%H?QSE^2CCM`z zgF%}0VfKUF(z==C*XL*uraa&G!UToKw%6D*=Ps+EE?jkcoXEOAHstY)s!9CgnLrGZ z^eJjYF3~XEBMT9a^QwI}keM5sCP3Qf4yvvbh0R^q@pyKRiM+7K29<;I9n}S>RHsZ2 zIgvgW+lyWg0x5N@qryyD7r=PMWLL$(%EV>)C@c3`!_RhppQR8&pjAr%>5nx+?3=A{ z@*cQb%=;jLdtW#jDLL=RHl#O~VM(doeXt@cDU#=ZKMYCrjd**YB3#Qf?W3Tv!dJJ} zk1ZfLqoUN^J0O=`Cx1HL&!dM>-<$|o*f2Hna?~Shy|p9_GQA@u^7D{=0u!0uDA+`D z#e?H9WUobPhjvcD0E<21ZDJUxNPS9C+5SNrnH4Ic$e$B$2b9^`mR`*LO$+_)!-Fi_ z+oc3%Cmj&p%sH2~f>jvM5JD)?Zv+Q(&Xs&2VCnn#M?^tVdG8SA2B@r-GX>@{3$qjX zosN0-P9UCs&e0iatF{s+c3TEFs|D}f*2V=EgLVbQw_D&&$^hfP8PUrY4$swTH$7C^ zAUrbmEB=DcC@ss)YG?2+f%H-nm7#vg$>kmXoA<&>cc}*U_MW22rfFB53G_sz{>x+w zO1gg0Z%$x-_G?dV=QxEAnF7kPBtN>7a6ILtu;7|yx0Ovydc8g-=uN?8E^5ODki`YahqRl350`V)PZlpar(rF?23eD*J-C zALdtgy4(f9wLOczqJ+i6?FVpOzn+a{FzaeIXr1+vGVB1;|D^N|;jV1I;lSF)_pafqwFb6Q|;A6j4-v_UDx>3yNzb2l$56c9UrC}v_#zC;9B zZk0@xu+Ax0k(~Q^A7~19opClBbpz$lxfj!>$mTBh49|IBm#f14se7mYgpx1I>o-?_U>a)Nlw@=w7i z19AefUl9bL5O>+o7Fs*~lWvPsEhUJC{A|CJTjplu`dpniwYrXDIHplhl@FeFJg~8L z_w!1kAkFOn66;r?O|oF#wd@hr7E8m@rKek9o8C7 zY!yuH`B^m1e4kn}^1c#fHm`!Uo~WkZ5Q8pF&^Irz2SfiCu{HCatG zW=@u#rLr7wF3b5M<#$%gLJCT8iU8EUjtbA@*|@wA{h*03_=5@io4(nXADE=Z4E;BG z6TkMxNZekf3VPZhV9A-PiP#p=nu``XMOupEb{Je3-Phh_)`W03QIp9)%8N-K91%!@v6e#iSptg`DHfl@2ln@q+qsC8&q{d( zmOQ~TKQ{mZ=8=j;svqbRb~nVW`Cn5@(4_Tpdkv{3=qLg~(<3w4eJ4^uJK?K)PnMbL z{0_jh8EPb9RWUBMPcPMH&;nK;=%)Vq^=KZbz;AJ92&2fgL zhkZbz#3UR-L+%&5zy8eQRe!QP+op7?WK2QV8V&x1K8#%AViS*C^56vpdje{~T z7qe3DbeYN{W4>& z1`M0~5@hU_aO2O3dz(fYb%sDR%&O&Z_Z|Ty(T8JU^P&Yu`(hJhA)2=<0Kw&CJFte! zD%@C~(wp}4n)2^3{1&K8S^w`QbZ1oIur0@s<;8wyL!U-9p1=7iO9yaT;t|rTa!{R+&Zx z9UT(o9k*c_d^oKxqbpAuq%N8$@jIs`zSem~9>I;KIeYSpLD>@GQRjoS+ojf6==2xU zqiUq7Pnnu$fUYO?D`NDx7rb7#At+T!Y_UQ%>FP>%;)WTQpmwBcJZ-1!+neqD6dz(g zoFwPrk+$=kVP~Cw4S;0fYX)GtGgIq4rMEZF>Os6@hoM@sF(R(B-`cZ!H=Ry+^q~{6 z(v@0g4RtA61Np)CwZ6#hqWinGzgW~s+SM{ZN0cakUCGdc&=QXLL1#2NNB}+ z44%3up6o^YP}lJeQiaJ}@zm=h8HWNcH>=hHSGgR(H-29G7wqU9f97`R>mLo~EJuk5cF_l2jdeNgTe&Eu23;-2}>?e|{p@O#ffrxO;%BtQp{l zkPM$VX!J>uWGIhhe*Av?@mt!gtG7-*Dv5cds!l7(74ktNM(56%)SKtL&f$7*w#=(O zkhfx)th;@}&*zpeW9=6PZl8wxFW}MoQ#(Bg9;t2Z`3qgC-5)3k417f$KO_V?^iO;K zZU=$zbaEzxj#4HZI$C`YvuM<2g3T06Nl$LUV$Q>XrAxMbDKK| zE2j9%UyP%itO)82m^U6!N*MGfG1}l$dDfbN(R${!iT>jJ2yR2|`C`Hv?DH<~3?(;V zy}CHUsi6ZWEHWcb`m*l1mnUI^sbQn|_!)gfQl5_s^CfdzySTzGzj=Xx+=>)6wKB4P zq1tod*w91`w1^aC{o^=%vIzdB)48Om2Bwi4pzG)c+iVKjnA9v=ZjBMcRs8~o%K5*p zB9e#!!#9jc1)(Jr#nn&D0o9>wVUUf&twrB@KswpUVHZZ1`}Ifb`5dk>9X_kjWI0n7vv^Vcj@^giAsVm=NXEAYLUykD}MOrmAq{dKfC*E^u zh=6#AN#%}CQ}3w#SaUZ)Q;MW-kWGC31X?3o%&i#VsL|GiVC2(^*>;pSS{Xqa94K%W zmwg=TsohPvQ0&xBH|2#{j~lVL)T!aAs%-6;V|SqHxL@>9UpQ+k*!2j-SJ{6(!y3sl zN&6?iY-Xyz!h^;=ko*VM+!44Lgv}G5Jo6d#1e|iUFvBD^G8a=*^M)<@shdZCgYS<3 zL}%Z&r|$Gqx9x2z@#znHw~3_WlokAxJ;5jRrASk2$FnvMeF(yW=sK}gb_Qq5G(+HW zYD2a=5}=k56yBZhKXY-th?s9j-jXaoFX7yg$00CwqSSdNMwz{}14>#no8%Jh4@t@9t9( zt~Uj?rt9TSSGEiWC5$?wm^WUg7u`V57X5f{uyViP=|I&Fr3HV6UM;wfCDDz`*mB7@ zVqnD=SGYZjL6$kjR^gm}&d@hhE@D&xk$|b-g}nOq2}s)6)DSvM!RKBqZZoAXjN!=& zs!T~)znh+<@8z!1V@=KXJ?ub0mlnVEBacJKUST-8IMFkqulJkxR-afk*bl8<{n;qI zze5j3`vXc|l$C$h`T)&pzZO=-1JBbC#Q{9CW_KXVV!J{@kfz*ahVpWl+ZyUeq+vtS z(vCE$KmUhgt!1}ol2=52!AmBsfuffp>~sVZFPjQ|2{TbN8bjY8P8c$;M8gSa8!Eyv z3iq$7o0;)32~}$O{;*k_R7e=l=)~toSd0bvq zDS$Bw65A2leW_6HP_(sI4)*c-8-L&B9ZC$wBW1n8a*lX}pxc^k${Gkz)tu&u#*u87>LdfbN@_ckiOWV!9*&1j?0s6q|ZXSxT zvRr4NHs930_Cc?9sbFu)Q+uwmEQj)17I}rA`Fn+9_G@7erh_ySwD_1EW#%VVPfa?P zaF1Yk);;>});q$2z2*W6+XH-`-cTLX(pzCHKv`GumksZ5oQkG#A&&N|71EIQj8aSB zu6xVBr*oe~vDzsr}8KwqPPs4;&s=F8>(?V%xHJwLSFCO4dI|BSmI$QXKG) z4wR^+O0D;<*}?sYN^M=1N|=7*wIKbS2v4u;+IvIN*YnMrj5s*7&gv|!Yl%mQ+q*8E zGK)awNZ!?dh9IX|ETI@JEUW1o$*(i+npqC0%g+N;v8q0&}cP};R23CUlE z;tQ_w6y^<&Ol}Hm;En8Jvhliw9|pu81653 zh6%kAyZqK*LKB5HGm(WsyRj1w@LGKCn=`q3e8N$j1Y_Jp$2G3%f$=&m2I?SVBysG4 zk+awGL-7^k%7|q*L&C@5c+zd0_5z85B34YTC1$x`GjsXm-sX&~U!~>xla{F^LO@<1 zU%5A0)7fyyPP)QQNlcJGd%J;dihl7P$$8&&)1WN27IyBE`O;6@5qAs21JJnr(nb5{ z+`eIB;EN*;_U8XKTlqeD5F%dmoAsEgbJd!WVL@OUdwr#qrL7yjTdk6YVl}&OMVeM) zAis2Tq4|N9Gxg3yVz0}h|CIxczD2_&Alvl`eDWjU20%VXnb)K&z`^;|$Z^#?%ShS6 z2nC=btAl^{f6|=$lYf2DjQmS~Wg6s9r;v*E bnxz>mjd{j3izJU;DHI+*dzAm+x$l1gg{SJL literal 0 HcmV?d00001 diff --git a/filebeat/module/pensando/_meta/config.yml b/filebeat/module/pensando/_meta/config.yml index 1220ccbf06ac..1f1390c5e7a2 100644 --- a/filebeat/module/pensando/_meta/config.yml +++ b/filebeat/module/pensando/_meta/config.yml @@ -1,3 +1,8 @@ - module: pensando +# Firewall logs dfw: enabled: true + + # Set custom paths for the log files. If left empty, + # Filebeat will choose the paths depending on your OS. + #var.paths: \ No newline at end of file diff --git a/filebeat/module/pensando/_meta/docs.asciidoc b/filebeat/module/pensando/_meta/docs.asciidoc index e9895e047ceb..37623cc88084 100644 --- a/filebeat/module/pensando/_meta/docs.asciidoc +++ b/filebeat/module/pensando/_meta/docs.asciidoc @@ -3,7 +3,9 @@ == pensando module -This is the pensando module. +The +{modulename}+ module parses distributed firewall logs created by the +http://pensando.io/[Pensando] distributed services card (DSC). + include::../include/what-happens.asciidoc[] @@ -12,13 +14,20 @@ include::../include/gs-link.asciidoc[] [float] === Compatibility -TODO: document with what versions of the software is this tested +The Pensando module has been tested with 1.12.0-E-54 and later include::../include/configuring-intro.asciidoc[] - -TODO: provide an example configuration - -:fileset_ex: {fileset} +The following example shows how to set parameters in the +modules.d/{modulename}.yml+ +file to listen for firewall logs sent from the Pensando DSC(s) on port 5514 (default is 9001): + +["source","yaml",subs="attributes"] +----- +- module: pensando + access: + enabled: true + var.syslog_port: [5514] +----- +:fileset_ex: dfw include::../include/config-option-intro.asciidoc[] @@ -27,7 +36,7 @@ that's common to other modules, you can reuse shared descriptions by including the relevant file. For example: [float] -==== `{fileset}` log fileset settings +==== `dfw` log fileset settings include::../include/var-paths.asciidoc[] @@ -36,8 +45,8 @@ include::../include/var-paths.asciidoc[] This module comes with a sample dashboard. For example: -TODO: include an image of a sample dashboard. If you do not include a dashboard, -remove this section and set `:has-dashboards: false` at the top of this file. +[role="screenshot"] +image::./images/filebeat-pensando-dfw.png[] :has-dashboards!: From 110235b67f4244230edac7fc27bb908a945dc69a Mon Sep 17 00:00:00 2001 From: Edward Arcuri Date: Thu, 10 Sep 2020 22:49:15 +0000 Subject: [PATCH 06/35] add dashboard export to repo --- .../7/dashboard/pensando-dfw-overview.json | 1390 +++++++++++++++++ 1 file changed, 1390 insertions(+) create mode 100644 filebeat/module/pensando/_meta/kibana/7/dashboard/pensando-dfw-overview.json diff --git a/filebeat/module/pensando/_meta/kibana/7/dashboard/pensando-dfw-overview.json b/filebeat/module/pensando/_meta/kibana/7/dashboard/pensando-dfw-overview.json new file mode 100644 index 000000000000..307206f1cd03 --- /dev/null +++ b/filebeat/module/pensando/_meta/kibana/7/dashboard/pensando-dfw-overview.json @@ -0,0 +1,1390 @@ +{ + "objects": [ + { + "attributes": { + "description": "Overview of events coming from Pensando DSC distributed firewall system.", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": false + }, + "panelsJSON": [ + { + "embeddableConfig": { + "title": "" + }, + "gridData": { + "h": 5, + "i": "85119076-2756-4415-8917-14c9d46732a5", + "w": 41, + "x": 0, + "y": 0 + }, + "panelIndex": "85119076-2756-4415-8917-14c9d46732a5", + "panelRefName": "panel_0", + "version": "7.8.0" + }, + { + "embeddableConfig": { + "title": "" + }, + "gridData": { + "h": 5, + "i": "9215c2be-bca5-4b21-8042-0e0be99e38c0", + "w": 7, + "x": 41, + "y": 0 + }, + "panelIndex": "9215c2be-bca5-4b21-8042-0e0be99e38c0", + "panelRefName": "panel_1", + "version": "7.8.0" + }, + { + "embeddableConfig": { + "title": "Active Workloads" + }, + "gridData": { + "h": 9, + "i": "81013c87-76c2-4ff0-9545-1295babad06e", + "w": 8, + "x": 0, + "y": 5 + }, + "panelIndex": "81013c87-76c2-4ff0-9545-1295babad06e", + "panelRefName": "panel_2", + "title": "Active Workloads", + "version": "7.8.0" + }, + { + "embeddableConfig": { + "title": "DFW Allowed Count" + }, + "gridData": { + "h": 9, + "i": "3ee01275-08dd-4d3f-9834-d844f5550365", + "w": 8, + "x": 8, + "y": 5 + }, + "panelIndex": "3ee01275-08dd-4d3f-9834-d844f5550365", + "panelRefName": "panel_3", + "title": "DFW Allowed Count", + "version": "7.8.0" + }, + { + "embeddableConfig": { + "title": "DFW Denied Count" + }, + "gridData": { + "h": 9, + "i": "9628e969-1f18-4659-a8d9-e9409f11f3a9", + "w": 8, + "x": 16, + "y": 5 + }, + "panelIndex": "9628e969-1f18-4659-a8d9-e9409f11f3a9", + "panelRefName": "panel_4", + "title": "DFW Denied Count", + "version": "7.8.0" + }, + { + "embeddableConfig": { + "title": "Denied Destination IPs" + }, + "gridData": { + "h": 11, + "i": "37787af1-b5ef-467e-8c5e-b0dfba56c9f9", + "w": 24, + "x": 24, + "y": 5 + }, + "panelIndex": "37787af1-b5ef-467e-8c5e-b0dfba56c9f9", + "panelRefName": "panel_5", + "title": "Denied Destination IPs", + "version": "7.8.0" + }, + { + "embeddableConfig": { + "title": "Traffic by Workload" + }, + "gridData": { + "h": 14, + "i": "efafcbff-a163-4475-8d12-59f716e5a3ef", + "w": 12, + "x": 0, + "y": 14 + }, + "panelIndex": "efafcbff-a163-4475-8d12-59f716e5a3ef", + "panelRefName": "panel_6", + "title": "Traffic by Workload", + "version": "7.8.0" + }, + { + "embeddableConfig": { + "title": "Client to Server FW Action" + }, + "gridData": { + "h": 14, + "i": "52506949-eb15-4b23-b50c-2e5083df5e0f", + "w": 12, + "x": 12, + "y": 14 + }, + "panelIndex": "52506949-eb15-4b23-b50c-2e5083df5e0f", + "panelRefName": "panel_7", + "title": "Client to Server FW Action", + "version": "7.8.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 13, + "i": "077406bd-aa47-4dc9-b1f6-04cae0ae34b6", + "w": 24, + "x": 24, + "y": 16 + }, + "panelIndex": "077406bd-aa47-4dc9-b1f6-04cae0ae34b6", + "panelRefName": "panel_8", + "version": "7.8.0" + }, + { + "embeddableConfig": { + "vis": { + "legendOpen": false + } + }, + "gridData": { + "h": 14, + "i": "58e763b7-a23a-480a-a984-24dd115aba2c", + "w": 12, + "x": 0, + "y": 28 + }, + "panelIndex": "58e763b7-a23a-480a-a984-24dd115aba2c", + "panelRefName": "panel_9", + "version": "7.8.0" + }, + { + "embeddableConfig": { + "table": null, + "title": "Dest Port by DSC", + "vis": { + "legendOpen": false + } + }, + "gridData": { + "h": 14, + "i": "36fc48c8-0044-4af6-a8b2-da8023806f32", + "w": 12, + "x": 12, + "y": 28 + }, + "panelIndex": "36fc48c8-0044-4af6-a8b2-da8023806f32", + "panelRefName": "panel_10", + "title": "Dest Port by DSC", + "version": "7.8.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 13, + "i": "a1d34501-4d64-4213-b192-1b4ca2d88793", + "w": 24, + "x": 24, + "y": 29 + }, + "panelIndex": "a1d34501-4d64-4213-b192-1b4ca2d88793", + "panelRefName": "panel_11", + "version": "7.8.0" + } + ], + "timeRestore": false, + "title": "[Filebeat Pensando] DFW Overview", + "version": 1 + }, + "id": "2713ee40-f3b1-11ea-ba07-c1efedbf0bf9", + "migrationVersion": { + "dashboard": "7.3.0" + }, + "references": [ + { + "id": "a73c8dc0-cc8d-11ea-918e-c778f7abe5d7", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "39e26d70-cc4d-11ea-918e-c778f7abe5d7", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "bc6a36b0-cdba-11ea-a0ef-8f5241e594be", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "fa745d10-cc88-11ea-918e-c778f7abe5d7", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "1d2d5f00-cc89-11ea-918e-c778f7abe5d7", + "name": "panel_4", + "type": "visualization" + }, + { + "id": "bf9d4650-cc8a-11ea-918e-c778f7abe5d7", + "name": "panel_5", + "type": "visualization" + }, + { + "id": "07983660-cd38-11ea-a0ef-8f5241e594be", + "name": "panel_6", + "type": "visualization" + }, + { + "id": "fd2202d0-cc86-11ea-918e-c778f7abe5d7", + "name": "panel_7", + "type": "visualization" + }, + { + "id": "2aa5d850-cc85-11ea-918e-c778f7abe5d7", + "name": "panel_8", + "type": "visualization" + }, + { + "id": "b8bfd3e0-e8b7-11ea-ba07-c1efedbf0bf9", + "name": "panel_9", + "type": "visualization" + }, + { + "id": "c6188140-cdb9-11ea-a0ef-8f5241e594be", + "name": "panel_10", + "type": "visualization" + }, + { + "id": "0583e120-cc8f-11ea-918e-c778f7abe5d7", + "name": "panel_11", + "type": "visualization" + } + ], + "type": "dashboard", + "updated_at": "2020-09-10T22:32:33.177Z", + "version": "WzI1NjMsMTFd" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Client/Server - input list [Filebeat Pensando]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "controls": [ + { + "fieldName": "client.ip", + "id": "1595471403191", + "indexPatternRefName": "control_0_index_pattern", + "label": "Client", + "options": { + "dynamicOptions": true, + "multiselect": false, + "order": "desc", + "size": 500, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "server.ip", + "id": "1595471807689", + "indexPatternRefName": "control_1_index_pattern", + "label": "Server", + "options": { + "dynamicOptions": true, + "multiselect": false, + "order": "desc", + "size": 500, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "log.source.address", + "id": "1595471848091", + "indexPatternRefName": "control_2_index_pattern", + "label": "DSC", + "options": { + "dynamicOptions": false, + "multiselect": false, + "order": "desc", + "size": 500, + "type": "terms" + }, + "parent": "", + "type": "list" + } + ], + "pinFilters": true, + "updateFiltersOnChange": true, + "useTimeFilter": true + }, + "title": "Client/Server - input list [Filebeat Pensando]", + "type": "input_control_vis" + } + }, + "id": "a73c8dc0-cc8d-11ea-918e-c778f7abe5d7", + "migrationVersion": { + "visualization": "7.8.0" + }, + "references": [ + { + "id": "21d8a6f0-cc2e-11ea-918e-c778f7abe5d7", + "name": "control_0_index_pattern", + "type": "index-pattern" + }, + { + "id": "21d8a6f0-cc2e-11ea-918e-c778f7abe5d7", + "name": "control_1_index_pattern", + "type": "index-pattern" + }, + { + "id": "21d8a6f0-cc2e-11ea-918e-c778f7abe5d7", + "name": "control_2_index_pattern", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2020-09-10T21:58:28.390Z", + "version": "WzI0OTMsMTFd" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": { + "match_all": {} + } + } + } + }, + "title": "Logo [Filebeat Pensando]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "fontSize": 8, + "markdown": "[![Pensando]()](https://pensando.io)", + "openLinksInNewTab": true + }, + "title": "Logo [Filebeat Pensando]", + "type": "markdown" + } + }, + "id": "39e26d70-cc4d-11ea-918e-c778f7abe5d7", + "migrationVersion": { + "visualization": "7.8.0" + }, + "references": [], + "type": "visualization", + "updated_at": "2020-09-10T22:03:40.485Z", + "version": "WzI1MDIsMTFd" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Active Workload Count [Filebeat Pensando]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Active Workloads", + "field": "client.ip" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "params": { + "addLegend": false, + "addTooltip": true, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000 + } + ], + "invertColors": false, + "labels": { + "show": false + }, + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 36, + "labelColor": false, + "subText": "" + }, + "useRanges": false + }, + "type": "metric" + }, + "title": "Active Workload Count [Filebeat Pensando]", + "type": "metric" + } + }, + "id": "bc6a36b0-cdba-11ea-a0ef-8f5241e594be", + "migrationVersion": { + "visualization": "7.8.0" + }, + "references": [ + { + "id": "21d8a6f0-cc2e-11ea-918e-c778f7abe5d7", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2020-09-10T22:32:05.773Z", + "version": "WzI1NjIsMTFd" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "DFW Allowed Count [Filebeat Pensando]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "", + "exclude": "denied", + "field": "event.action", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "params": { + "addLegend": false, + "addTooltip": true, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000 + } + ], + "invertColors": false, + "labels": { + "show": false + }, + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 30, + "labelColor": false, + "subText": "" + }, + "useRanges": false + }, + "type": "metric" + }, + "title": "DFW Allowed Count [Filebeat Pensando]", + "type": "metric" + } + }, + "id": "fa745d10-cc88-11ea-918e-c778f7abe5d7", + "migrationVersion": { + "visualization": "7.8.0" + }, + "references": [ + { + "id": "21d8a6f0-cc2e-11ea-918e-c778f7abe5d7", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2020-09-10T21:55:19.408Z", + "version": "WzI0ODQsMTFd" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "DFW Denied Count [Filebeat Pensando]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "packet count" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "", + "exclude": "allowed", + "field": "event.action", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "params": { + "addLegend": false, + "addTooltip": true, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000 + } + ], + "invertColors": false, + "labels": { + "show": false + }, + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 30, + "labelColor": false, + "subText": "" + }, + "useRanges": false + }, + "type": "metric" + }, + "title": "DFW Denied Count [Filebeat Pensando]", + "type": "metric" + } + }, + "id": "1d2d5f00-cc89-11ea-918e-c778f7abe5d7", + "migrationVersion": { + "visualization": "7.8.0" + }, + "references": [ + { + "id": "21d8a6f0-cc2e-11ea-918e-c778f7abe5d7", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2020-09-10T22:21:26.142Z", + "version": "WzI1NDAsMTFd" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": "Denied Destination IPs", + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.action", + "negate": false, + "params": { + "query": "denied" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.action": "denied" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "event.action: \"denied\" " + } + } + }, + "title": "Denied Destination IPs [Filebeat Pensando]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "server.ip", + "json": "", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 25 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "maxFontSize": 36, + "minFontSize": 14, + "orientation": "single", + "scale": "linear", + "showLabel": false + }, + "title": "Denied Destination IPs [Filebeat Pensando]", + "type": "tagcloud" + } + }, + "id": "bf9d4650-cc8a-11ea-918e-c778f7abe5d7", + "migrationVersion": { + "visualization": "7.8.0" + }, + "references": [ + { + "id": "21d8a6f0-cc2e-11ea-918e-c778f7abe5d7", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "21d8a6f0-cc2e-11ea-918e-c778f7abe5d7", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2020-09-10T21:57:10.267Z", + "version": "WzI0ODgsMTFd" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Traffic by Workload Pie [Filebeat Pensando]", + "uiStateJSON": { + "vis": { + "legendOpen": false + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "client.ip", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 25 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": false, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "type": "pie" + }, + "title": "Traffic by Workload Pie [Filebeat Pensando]", + "type": "pie" + } + }, + "id": "07983660-cd38-11ea-a0ef-8f5241e594be", + "migrationVersion": { + "visualization": "7.8.0" + }, + "references": [ + { + "id": "21d8a6f0-cc2e-11ea-918e-c778f7abe5d7", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2020-09-10T21:57:31.753Z", + "version": "WzI0ODksMTFd" + }, + { + "attributes": { + "description": "Inner ring is client IP, middle ring is server IP and the outer ring is Allow vs Deny actions performed by the FW", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Client to Server FW Action [Filebeat Pensando]", + "uiStateJSON": { + "vis": { + "legendOpen": false + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "client.ip", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 100 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "server.ip", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "4", + "params": { + "field": "event.action", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": false + }, + "legendPosition": "right", + "type": "pie" + }, + "title": "Client to Server FW Action [Filebeat Pensando]", + "type": "pie" + } + }, + "id": "fd2202d0-cc86-11ea-918e-c778f7abe5d7", + "migrationVersion": { + "visualization": "7.8.0" + }, + "references": [ + { + "id": "21d8a6f0-cc2e-11ea-918e-c778f7abe5d7", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2020-09-10T21:56:22.329Z", + "version": "WzI0ODYsMTFd" + }, + { + "attributes": { + "description": "Firewall denies and allows plotted against each other in time series", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "DFW Deny vs Allow [Filebeat Pensando]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "filebeat-*", + "default_timefield": "@timestamp", + "filter": { + "language": "kuery", + "query": "event.dataset:\"pensando.dfw\" " + }, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "filebeat-*", + "interval": "", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "filter": { + "language": "kuery", + "query": "pensando.dfw.action : \"allow\" " + }, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "line_width": 1, + "metrics": [ + { + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "count" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "kibana", + "split_mode": "terms", + "stacked": "none", + "terms_field": "pensando.dfw.action" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(150,10,3,1)", + "fill": 0.5, + "filter": { + "language": "kuery", + "query": "pensando.dfw.action : \"deny\" " + }, + "formatter": "number", + "id": "b6c562c0-cc84-11ea-a4da-c770c13b4387", + "line_width": 1, + "metrics": [ + { + "id": "b6c562c1-cc84-11ea-a4da-c770c13b4387", + "type": "count" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_mode": "terms", + "stacked": "none", + "terms_field": "pensando.dfw.action" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(188,186,0,1)", + "fill": 0.5, + "filter": { + "language": "kuery", + "query": "pensando.dfw.action :\"none\" " + }, + "formatter": "number", + "id": "2dd6bef0-cd1f-11ea-98bc-ef8e168e330d", + "line_width": 1, + "metrics": [ + { + "id": "2dd6bef1-cd1f-11ea-98bc-ef8e168e330d", + "type": "count" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_mode": "terms", + "stacked": "none", + "terms_field": "pensando.dfw.action" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "DFW Deny vs Allow [Filebeat Pensando]", + "type": "metrics" + } + }, + "id": "2aa5d850-cc85-11ea-918e-c778f7abe5d7", + "migrationVersion": { + "visualization": "7.8.0" + }, + "references": [], + "type": "visualization", + "updated_at": "2020-09-10T21:54:41.152Z", + "version": "WzI0ODAsMTFd" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Top Destination IPs [Filebeat Pensando]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "destination.ip", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": true, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": false, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "type": "pie" + }, + "title": "Top Destination IPs [Filebeat Pensando]", + "type": "pie" + } + }, + "id": "b8bfd3e0-e8b7-11ea-ba07-c1efedbf0bf9", + "migrationVersion": { + "visualization": "7.8.0" + }, + "references": [ + { + "id": "0d0216f0-2fe0-11e7-9d02-3f49bde5c1d5", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization", + "updated_at": "2020-09-10T21:59:43.129Z", + "version": "WzI0OTYsMTFd" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Destination Port by DSC Pie [Filebeat Pensando]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "destination.port", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": true, + "otherBucketLabel": "Other", + "size": 25 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "log.source.address", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "type": "pie" + }, + "title": "Destination Port by DSC Pie [Filebeat Pensando]", + "type": "pie" + } + }, + "id": "c6188140-cdb9-11ea-a0ef-8f5241e594be", + "migrationVersion": { + "visualization": "7.8.0" + }, + "references": [ + { + "id": "21d8a6f0-cc2e-11ea-918e-c778f7abe5d7", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2020-09-10T21:58:55.571Z", + "version": "WzI0OTQsMTFd" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Top Destinations - table [Filebeat Pensando]", + "uiStateJSON": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Network Packets" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Top Servers", + "field": "server.ip", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 300 + }, + "schema": "bucket", + "type": "terms" + } + ], + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": true, + "showPartialRows": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "title": "Top Destinations - table [Filebeat Pensando]", + "type": "table" + } + }, + "id": "0583e120-cc8f-11ea-918e-c778f7abe5d7", + "migrationVersion": { + "visualization": "7.8.0" + }, + "references": [ + { + "id": "21d8a6f0-cc2e-11ea-918e-c778f7abe5d7", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2020-09-10T22:27:54.232Z", + "version": "WzI1NTAsMTFd" + }, + { + "attributes": { + "columns": [ + "host.name", + "source.domain", + "flow.src_port_name", + "destination.domain", + "flow.dst_port_name", + "network.bytes", + "network.packets" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + }, + "version": true + } + }, + "sort": [ + [ + "@timestamp", + "desc" + ] + ], + "title": "ElastiFlow: Flow Records (src/dst) - search", + "version": 1 + }, + "id": "0d0216f0-2fe0-11e7-9d02-3f49bde5c1d5", + "migrationVersion": { + "search": "7.4.0" + }, + "references": [ + { + "id": "elastiflow-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "search", + "updated_at": "2020-07-20T18:19:27.998Z", + "version": "WzEwMiwxXQ==" + } + ], + "version": "7.8.0" +} \ No newline at end of file From 1b2d4a4db8576af8c4f8e9ac38111a1b59a827e2 Mon Sep 17 00:00:00 2001 From: Edward Arcuri Date: Thu, 10 Sep 2020 23:02:36 +0000 Subject: [PATCH 07/35] update to add pensando beat --- CHANGELOG-developer.next.asciidoc | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG-developer.next.asciidoc b/CHANGELOG-developer.next.asciidoc index cf02bc84960f..f33a1d6e653a 100644 --- a/CHANGELOG-developer.next.asciidoc +++ b/CHANGELOG-developer.next.asciidoc @@ -102,3 +102,4 @@ The list below covers the major changes between 7.0.0-rc2 and master only. - Update Go version to 1.14.7. {pull}20508[20508] - Add packaging for docker image based on UBI minimal 8. {pull}20576[20576] - Make the mage binary used by the build process in the docker container to be statically compiled. {pull}20827[20827] +- Add Pensando distributed firewall beat From 812bdd58998d717b8f18dd9f855e73662cc29c3f Mon Sep 17 00:00:00 2001 From: Edward Arcuri <7133080+punisherVX@users.noreply.github.com> Date: Tue, 12 Jan 2021 12:08:25 -0700 Subject: [PATCH 08/35] Update filebeat/module/pensando/dfw/config/dfw.yml Co-authored-by: Marc Guasch --- filebeat/module/pensando/dfw/config/dfw.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/filebeat/module/pensando/dfw/config/dfw.yml b/filebeat/module/pensando/dfw/config/dfw.yml index fb59a3effa2a..167adb423196 100644 --- a/filebeat/module/pensando/dfw/config/dfw.yml +++ b/filebeat/module/pensando/dfw/config/dfw.yml @@ -20,4 +20,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.5.0 + ecs.version: 1.7.0 From 0e670c1e84d8e057b5ea4845533b1bce13f0250f Mon Sep 17 00:00:00 2001 From: Edward Arcuri <7133080+punisherVX@users.noreply.github.com> Date: Tue, 12 Jan 2021 12:15:20 -0700 Subject: [PATCH 09/35] Update pipeline.yml Condensed all "remove" fields to 1 list of fields. --- .../module/pensando/dfw/ingest/pipeline.yml | 23 +------------------ 1 file changed, 1 insertion(+), 22 deletions(-) diff --git a/filebeat/module/pensando/dfw/ingest/pipeline.yml b/filebeat/module/pensando/dfw/ingest/pipeline.yml index a54110c6d7ea..0223b26c3d1e 100644 --- a/filebeat/module/pensando/dfw/ingest/pipeline.yml +++ b/filebeat/module/pensando/dfw/ingest/pipeline.yml @@ -12,28 +12,7 @@ processors: field: payload_raw target_field: json - remove: - field: syslog5424_sd - ignore_missing: true -- remove: - field: syslog5424_app - ignore_missing: true -- remove: - field: syslog5424_host - ignore_missing: true -- remove: - field: syslog5424_msgid - ignore_missing: true -- remove: - field: syslog5424_pri - ignore_missing: true -- remove: - field: syslog5424_proc - ignore_missing: true -- remove: - field: syslog5424_ver - ignore_missing: true -- remove: - field: host + field: syslog5424_sd,syslog5424_app,syslog5424_host,syslog5424_msgid,syslog5424_pri,syslog5424_proc,syslog5424_ver,host ignore_missing: true - date: field: json.timestamp From b6455deebf2685a678dcbf743209395c2a726fed Mon Sep 17 00:00:00 2001 From: Edward Arcuri <7133080+punisherVX@users.noreply.github.com> Date: Tue, 12 Jan 2021 12:21:21 -0700 Subject: [PATCH 10/35] Update pipeline.yml Do not remove the payload_raw field. --- filebeat/module/pensando/dfw/ingest/pipeline.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/filebeat/module/pensando/dfw/ingest/pipeline.yml b/filebeat/module/pensando/dfw/ingest/pipeline.yml index 0223b26c3d1e..c918a5f7c92f 100644 --- a/filebeat/module/pensando/dfw/ingest/pipeline.yml +++ b/filebeat/module/pensando/dfw/ingest/pipeline.yml @@ -186,7 +186,6 @@ processors: field: - syslog5424_ts - json - - payload_raw ignore_missing: true on_failure: - set: From e03f6ade92ffc0cdcd0cd1be26020477c69bb386 Mon Sep 17 00:00:00 2001 From: Edward Arcuri <7133080+punisherVX@users.noreply.github.com> Date: Wed, 13 Jan 2021 13:05:46 -0700 Subject: [PATCH 11/35] Update filebeat/module/pensando/_meta/docs.asciidoc Co-authored-by: Andrew Kroh --- filebeat/module/pensando/_meta/docs.asciidoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/filebeat/module/pensando/_meta/docs.asciidoc b/filebeat/module/pensando/_meta/docs.asciidoc index 37623cc88084..0612e4467f7b 100644 --- a/filebeat/module/pensando/_meta/docs.asciidoc +++ b/filebeat/module/pensando/_meta/docs.asciidoc @@ -14,7 +14,7 @@ include::../include/gs-link.asciidoc[] [float] === Compatibility -The Pensando module has been tested with 1.12.0-E-54 and later +The Pensando module has been tested with 1.12.0-E-54 and later. include::../include/configuring-intro.asciidoc[] The following example shows how to set parameters in the +modules.d/{modulename}.yml+ From 2980f65fda27cc877fc3026ee909406ca3e8f3bf Mon Sep 17 00:00:00 2001 From: Edward Arcuri <7133080+punisherVX@users.noreply.github.com> Date: Wed, 13 Jan 2021 13:14:02 -0700 Subject: [PATCH 12/35] Update config.yml Added syslog_host and syslog_port values as suggested. --- filebeat/module/pensando/_meta/config.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/filebeat/module/pensando/_meta/config.yml b/filebeat/module/pensando/_meta/config.yml index 1f1390c5e7a2..e632160bdd77 100644 --- a/filebeat/module/pensando/_meta/config.yml +++ b/filebeat/module/pensando/_meta/config.yml @@ -2,7 +2,9 @@ # Firewall logs dfw: enabled: true + var.syslog_host: 0.0.0.0 + var.syslog_port: 9001 # Set custom paths for the log files. If left empty, # Filebeat will choose the paths depending on your OS. - #var.paths: \ No newline at end of file + # var.paths: From 4dbc382bc7cd3c859f228ba024015e74bd3ae26f Mon Sep 17 00:00:00 2001 From: Edward Arcuri <7133080+punisherVX@users.noreply.github.com> Date: Wed, 13 Jan 2021 13:15:31 -0700 Subject: [PATCH 13/35] Update docs.asciidoc Added documentation for syslog_host and syslog_port as suggested. --- filebeat/module/pensando/_meta/docs.asciidoc | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/filebeat/module/pensando/_meta/docs.asciidoc b/filebeat/module/pensando/_meta/docs.asciidoc index 0612e4467f7b..611ccdf01ca2 100644 --- a/filebeat/module/pensando/_meta/docs.asciidoc +++ b/filebeat/module/pensando/_meta/docs.asciidoc @@ -25,7 +25,8 @@ file to listen for firewall logs sent from the Pensando DSC(s) on port 5514 (def - module: pensando access: enabled: true - var.syslog_port: [5514] + var.syslog_host: 0.0.0.0 + var.syslog_port: [9001] ----- :fileset_ex: dfw From 10419e768bca9fb8b5f53cb3a44d0cc07afbda17 Mon Sep 17 00:00:00 2001 From: Edward Arcuri <7133080+punisherVX@users.noreply.github.com> Date: Wed, 13 Jan 2021 13:34:20 -0700 Subject: [PATCH 14/35] Update pipeline.yml Removing payload_raw - this and json are, essentially, the same field and no longer needed after parsing. --- filebeat/module/pensando/dfw/ingest/pipeline.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/filebeat/module/pensando/dfw/ingest/pipeline.yml b/filebeat/module/pensando/dfw/ingest/pipeline.yml index c918a5f7c92f..0223b26c3d1e 100644 --- a/filebeat/module/pensando/dfw/ingest/pipeline.yml +++ b/filebeat/module/pensando/dfw/ingest/pipeline.yml @@ -186,6 +186,7 @@ processors: field: - syslog5424_ts - json + - payload_raw ignore_missing: true on_failure: - set: From 89bd31a0a14cd076f9c7551190a0f7c7d9623ea5 Mon Sep 17 00:00:00 2001 From: Edward Arcuri <7133080+punisherVX@users.noreply.github.com> Date: Wed, 13 Jan 2021 13:40:25 -0700 Subject: [PATCH 15/35] Update pipeline.yml Changed checks if values are != null to use the filebeat specific ignore_empty_value: true instead. --- filebeat/module/pensando/dfw/ingest/pipeline.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/filebeat/module/pensando/dfw/ingest/pipeline.yml b/filebeat/module/pensando/dfw/ingest/pipeline.yml index 0223b26c3d1e..c4819da4dbe5 100644 --- a/filebeat/module/pensando/dfw/ingest/pipeline.yml +++ b/filebeat/module/pensando/dfw/ingest/pipeline.yml @@ -94,7 +94,7 @@ processors: field: source.address value: '{{pensando.dfw.source_address}}' ignore_failure: true - if: ctx.pensando.dfw?.source_address != null + ignore_empty_value: true - set: field: source.port value: '{{pensando.dfw.source_port}}' @@ -103,7 +103,7 @@ processors: field: destination.address value: '{{pensando.dfw.destination_address}}' ignore_failure: true - if: ctx.pensando.dfw?.destination_address != null + ignore_empty_value: true - set: field: destination.port value: '{{pensando.dfw.destination_port}}' From b3ca1924d1cde26ff6f0a89dff144a4f1c05a8b5 Mon Sep 17 00:00:00 2001 From: Edward Arcuri <7133080+punisherVX@users.noreply.github.com> Date: Wed, 13 Jan 2021 13:41:52 -0700 Subject: [PATCH 16/35] Remove set of event.module Remove the set param for event.module. Filebeat should add this automatically. --- filebeat/module/pensando/dfw/ingest/pipeline.yml | 3 --- 1 file changed, 3 deletions(-) diff --git a/filebeat/module/pensando/dfw/ingest/pipeline.yml b/filebeat/module/pensando/dfw/ingest/pipeline.yml index c4819da4dbe5..0f3ed15ead52 100644 --- a/filebeat/module/pensando/dfw/ingest/pipeline.yml +++ b/filebeat/module/pensando/dfw/ingest/pipeline.yml @@ -64,9 +64,6 @@ processors: field: json.srcport target_field: pensando.dfw.source_port ignore_failure: true -- set: - field: event.module - value: pensando - set: field: event.category value: ['network'] From 69c310788f10dbfa45eba18854642f8b8cf30432 Mon Sep 17 00:00:00 2001 From: Edward Arcuri <7133080+punisherVX@users.noreply.github.com> Date: Wed, 13 Jan 2021 13:49:38 -0700 Subject: [PATCH 17/35] Apply suggestions from code review Co-authored-by: Andrew Kroh --- CHANGELOG-developer.next.asciidoc | 2 +- filebeat/module/pensando/dfw/manifest.yml | 2 -- 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/CHANGELOG-developer.next.asciidoc b/CHANGELOG-developer.next.asciidoc index f33a1d6e653a..fe47af3fa144 100644 --- a/CHANGELOG-developer.next.asciidoc +++ b/CHANGELOG-developer.next.asciidoc @@ -102,4 +102,4 @@ The list below covers the major changes between 7.0.0-rc2 and master only. - Update Go version to 1.14.7. {pull}20508[20508] - Add packaging for docker image based on UBI minimal 8. {pull}20576[20576] - Make the mage binary used by the build process in the docker container to be statically compiled. {pull}20827[20827] -- Add Pensando distributed firewall beat +- Add Pensando distributed firewall module. {pull}21063[21063] diff --git a/filebeat/module/pensando/dfw/manifest.yml b/filebeat/module/pensando/dfw/manifest.yml index 2bce394fe9dd..5de3a9735476 100644 --- a/filebeat/module/pensando/dfw/manifest.yml +++ b/filebeat/module/pensando/dfw/manifest.yml @@ -7,8 +7,6 @@ var: default: 9001 - name: input default: syslog - - name: log_level - default: 7 ingest_pipeline: - ingest/pipeline.yml From 94a493314dedf084bb0f1496fa9a91c958bdd219 Mon Sep 17 00:00:00 2001 From: Edward Arcuri <7133080+punisherVX@users.noreply.github.com> Date: Thu, 14 Jan 2021 11:30:39 -0700 Subject: [PATCH 18/35] Update test.log --- filebeat/module/pensando/dfw/test/test.log | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/filebeat/module/pensando/dfw/test/test.log b/filebeat/module/pensando/dfw/test/test.log index 11bb828fe857..bf582967660e 100644 --- a/filebeat/module/pensando/dfw/test/test.log +++ b/filebeat/module/pensando/dfw/test/test.log @@ -1,3 +1,3 @@ -<14>1 2020-04-22T17:24:31Z esx01-dsc pen-tmagent 1570 - [{"action":"allow","app-id":"0","destination-address":"172.31.10.2","destination-port":22,"direction":"from-uplink","protocol":"TCP","rule-id":13571811656724295508,"session-id":371,"session-state":"flow_delete","source-address":"172.31.10.31","source-port":40030,"timestamp":"2020-04-22T17:24:31.105391561Z"}] -<14>1 2020-04-22T16:45:12Z esx01-dsc pen-tmagent 1570 - [{"action":"allow","app-id":"0","destination-address":"172.31.10.2","destination-port":22,"direction":"from-uplink","protocol":"TCP","rule-id":13571811656724295508,"session-id":265,"session-state":"flow_delete","source-address":"172.31.10.31","source-port":37428,"timestamp":"2020-04-22T16:45:12.105412922Z"}] -<14>1 2020-04-22T14:58:42Z esx01-dsc pen-tmagent 1570 - [{"action":"allow","app-id":"0","destination-address":"1.1.1.1","destination-port":53,"direction":"from-host","protocol":"UDP","rule-id":8542065728696853408,"session-id":390,"session-state":"flow_delete","source-address":"172.31.10.2","source-port":39465,"timestamp":"2020-04-22T14:58:42.105387971Z"}] +<14>1 2020-12-14T18:41:01Z esx01-dsc pen-tmagent 1402 - [{"time":"2020-12-14T18:41:01Z","destaddr":"10.29.95.101","destport":80,"srcaddr":"10.29.95.102","srcport":46554,"protocol":"TCP","action":"allow","direction":"from-host","rule-id":5413257681574708646,"session-id":6881552,"session-state":"flow_create"}] +<14>1 2020-12-14T18:41:16Z esx01-dsc pen-tmagent 1402 - [{"time":"2020-12-14T18:41:16Z","destaddr":"10.29.95.101","destport":80,"srcaddr":"10.29.95.102","srcport":46594,"protocol":"TCP","action":"allow","direction":"from-host","rule-id":5413257681574708646,"session-id":6881572,"session-state":"flow_create"}] +<14>1 2020-12-14T18:41:16Z esx01-dsc pen-tmagent 1402 - [{"time":"2020-12-14T18:41:16Z","destaddr":"10.29.95.101","destport":80,"srcaddr":"10.29.95.102","srcport":46582,"protocol":"TCP","action":"allow","direction":"from-host","rule-id":5413257681574708646,"session-id":6881566,"session-state":"flow_create"}] From 849a1a0aaf220af7e1617f3ef45c0bd10dc588b8 Mon Sep 17 00:00:00 2001 From: Edward Arcuri Date: Thu, 14 Jan 2021 11:48:43 -0700 Subject: [PATCH 19/35] Use convert instead of set for some fields Changed ECS sets for IP addresses and ports to converts of type ip and integer respectively. --- .../module/pensando/dfw/ingest/pipeline.yml | 50 +++++++++++-------- 1 file changed, 28 insertions(+), 22 deletions(-) diff --git a/filebeat/module/pensando/dfw/ingest/pipeline.yml b/filebeat/module/pensando/dfw/ingest/pipeline.yml index 0f3ed15ead52..23ef3c406f8a 100644 --- a/filebeat/module/pensando/dfw/ingest/pipeline.yml +++ b/filebeat/module/pensando/dfw/ingest/pipeline.yml @@ -1,17 +1,17 @@ --- -description: Pipeline for parsing Penando DFW logs -processors: +description: Pipeline for parsing Penando DFW logs +processors: - rename: field: message target_field: event.original - grok: field: event.original - patterns: + patterns: - "%{SYSLOG5424PRI}%{NONNEGINT:syslog5424_ver} +(?:%{TIMESTAMP_ISO8601:syslog5424_ts}|-) +(?:%{IPORHOST:syslog5424_host}|-) +(-|%{SYSLOG5424PRINTASCII:syslog5424_app}) +(-|%{SYSLOG5424PRINTASCII:syslog5424_proc}) +(?::-|%{SYSLOG5424PRINTASCII:syslog5424_msgid}) +\\[%{GREEDYDATA:payload_raw}\\]$" - json: - field: payload_raw + field: payload_raw target_field: json -- remove: +- remove: field: syslog5424_sd,syslog5424_app,syslog5424_host,syslog5424_msgid,syslog5424_pri,syslog5424_proc,syslog5424_ver,host ignore_missing: true - date: @@ -87,24 +87,30 @@ processors: field: network.transport ignore_missing: true ignore_failure: true -- set: - field: source.address - value: '{{pensando.dfw.source_address}}' +- convert: + field: pensando.dfw.source_address + target_field: source.address + type: ip ignore_failure: true - ignore_empty_value: true -- set: - field: source.port - value: '{{pensando.dfw.source_port}}' + ignore_missing: true +- convert: + field: pensando.dfw.source_port + target_field: source.port + type: integer ignore_failure: true -- set: - field: destination.address - value: '{{pensando.dfw.destination_address}}' + ignore_missing: true +- convert: + field: pensando.dfw.destination_address + target_field: destination.address + type: ip ignore_failure: true - ignore_empty_value: true -- set: - field: destination.port - value: '{{pensando.dfw.destination_port}}' + ignore_missing: true +- convert: + field: pensando.dfw.destination_port + target_field: destination.port + type: integer ignore_failure: true + ignore_missing: true - set: field: client.ip value: '{{pensando.dfw.source_address}}' @@ -158,9 +164,9 @@ processors: value: 'allowed' if: '[''allow''].contains(ctx.pensando.dfw?.action)' - set: - field: rule.id + field: rule.id value: '{{pensando.dfw.rule_id}}' - ignore_failure: true + ignore_failure: true - set: field: event.outcome value: success @@ -185,7 +191,7 @@ processors: - json - payload_raw ignore_missing: true -on_failure: +on_failure: - set: field: error.message value: '{{ _ingest.on_failure_message }}' From 1fa2c2e19ce6bb465caf872d4c986a0ce4d465df Mon Sep 17 00:00:00 2001 From: Edward Arcuri Date: Thu, 14 Jan 2021 12:03:54 -0700 Subject: [PATCH 20/35] Updates for geoip and autonomous system --- .../module/pensando/dfw/ingest/pipeline.yml | 20 +++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/filebeat/module/pensando/dfw/ingest/pipeline.yml b/filebeat/module/pensando/dfw/ingest/pipeline.yml index 23ef3c406f8a..f3f40d4a3c6f 100644 --- a/filebeat/module/pensando/dfw/ingest/pipeline.yml +++ b/filebeat/module/pensando/dfw/ingest/pipeline.yml @@ -185,6 +185,26 @@ processors: value: ['connection', 'denied'] if: '[''deny''].contains(ctx.pensando.dfw?.action)' ignore_failure: true +- geoip: + field: pensando.dfw.source_address + target_field: source.geo + ignore_missing: true +- geoip: + database_file: GeoLite2-ASN.mmdb + field: pensando.dfw.source_address + target_field: source.as + properties: + - asn + - organization_name + ignore_missing: true +- rename: + field: source.as.asn + target_field: source.as.number + ignore_missing: true +- rename: + field: source.as.organization_name + target_field: source.as.organization.name + ignore_missing: true - remove: field: - syslog5424_ts From dce70ab00a647d1d7e011f967c25b1824368394f Mon Sep 17 00:00:00 2001 From: Edward Arcuri Date: Fri, 15 Jan 2021 15:32:28 -0700 Subject: [PATCH 21/35] add pensando dfw fields --- filebeat/docs/fields.asciidoc | 159 ++++++++++++++++++++++++++++++++++ 1 file changed, 159 insertions(+) diff --git a/filebeat/docs/fields.asciidoc b/filebeat/docs/fields.asciidoc index 2a628ad8bbc4..a86084f6c736 100644 --- a/filebeat/docs/fields.asciidoc +++ b/filebeat/docs/fields.asciidoc @@ -105568,6 +105568,165 @@ Specifies the type of the log Specifies the sub type of the log -- +Action taken for the session. + +type: keyword + +-- + +[[exported-fields-pensando]] +== Pensando fields + +pensando Module + + + +[float] +=== pensando + +Fields from Pensando logs. + + + +*`pensando.payload_raw`*:: ++ +-- +Please add description + +type: text + +example: Please add example + +-- + +[float] +=== dfw + +Fields for Pensando DFW + + + +*`pensando.dfw.action`*:: ++ +-- +Action on the flow. + + +type: keyword + +-- + +*`pensando.dfw.app_id`*:: ++ +-- +Application ID + + +type: integer + +-- + +*`pensando.dfw.destination_address`*:: ++ +-- +Address of destination. + + +type: keyword + +-- + +*`pensando.dfw.destination_port`*:: ++ +-- +Port of destination. + + +type: integer + +-- + +*`pensando.dfw.direction`*:: ++ +-- +Direction of the flow + + +type: keyword + +-- + +*`pensando.dfw.protocol`*:: ++ +-- +Protocol of the flow + + +type: keyword + +-- + +*`pensando.dfw.rule_id`*:: ++ +-- +Rule ID that was matched. + + +type: keyword + +-- + +*`pensando.dfw.session_id`*:: ++ +-- +Session ID of the flow + + +type: integer + +-- + +*`pensando.dfw.session_state`*:: ++ +-- +Session state of the flow. + + +type: keyword + +-- + +*`pensando.dfw.source_address`*:: ++ +-- +Source address of the flow. + + +type: keyword + +-- + +*`pensando.dfw.source_port`*:: ++ +-- +Source port of the flow. + + +type: integer + +-- + +*`pensando.dfw.timestamp`*:: ++ +-- +Timestamp of the log. + + +type: date + +-- + + [[exported-fields-postgresql]] == PostgreSQL fields From 63b3ec53612a31fa79db8634f4c014bc9a980384 Mon Sep 17 00:00:00 2001 From: Edward Arcuri Date: Tue, 19 Jan 2021 14:50:04 -0700 Subject: [PATCH 22/35] fixes from make -C filebeat update --- filebeat/docs/fields.asciidoc | 86 +++++++++++------------- filebeat/docs/modules/pensando.asciidoc | 28 +++++--- filebeat/filebeat.reference.yml | 7 ++ filebeat/modules.d/pensando.yml.disabled | 7 ++ 4 files changed, 72 insertions(+), 56 deletions(-) diff --git a/filebeat/docs/fields.asciidoc b/filebeat/docs/fields.asciidoc index a86084f6c736..583ac51cbd06 100644 --- a/filebeat/docs/fields.asciidoc +++ b/filebeat/docs/fields.asciidoc @@ -18068,7 +18068,7 @@ type: integer *`checkpoint.duration`*:: + -- -Scan duration. +Scan duration. type: keyword @@ -18158,7 +18158,7 @@ type: integer *`checkpoint.next_scheduled_scan_date`*:: + -- -Next scan scheduled time according to time object. +Next scan scheduled time according to time object. type: keyword @@ -47986,7 +47986,7 @@ type: float *`elasticsearch.gc.phase.cpu_time.sys_sec`*:: + -- -CPU time spent inside the kernel. +CPU time spent inside the kernel. type: float @@ -48156,7 +48156,7 @@ Young GC type: long -example: +example: -- @@ -48167,7 +48167,7 @@ example: type: long -example: +example: -- @@ -48239,7 +48239,7 @@ Types type: keyword -example: +example: -- @@ -48283,7 +48283,7 @@ Extra source information type: keyword -example: +example: -- @@ -48327,7 +48327,7 @@ Id type: keyword -example: +example: -- @@ -63791,14 +63791,14 @@ type: keyword [float] === authentication_info -Authentication information. +Authentication information. *`googlecloud.audit.authentication_info.principal_email`*:: + -- -The email address of the authenticated user making the request. +The email address of the authenticated user making the request. type: keyword @@ -63808,7 +63808,7 @@ type: keyword *`googlecloud.audit.authentication_info.authority_selector`*:: + -- -The authority selector specified by the requestor, if any. It is not guaranteed that the principal was allowed to use this authority. +The authority selector specified by the requestor, if any. It is not guaranteed that the principal was allowed to use this authority. type: keyword @@ -63875,7 +63875,7 @@ type: keyword *`googlecloud.audit.request.name`*:: + -- -Name of the request. +Name of the request. type: keyword @@ -63885,7 +63885,7 @@ type: keyword *`googlecloud.audit.request.resource_name`*:: + -- -Name of the request resource. +Name of the request resource. type: keyword @@ -63902,7 +63902,7 @@ Metadata about the request. *`googlecloud.audit.request_metadata.caller_ip`*:: + -- -The IP address of the caller. +The IP address of the caller. type: ip @@ -63986,7 +63986,7 @@ type: keyword *`googlecloud.audit.response.status`*:: + -- -Status of the response. +Status of the response. type: keyword @@ -64033,14 +64033,14 @@ type: keyword [float] === status -The status of the overall operation. +The status of the overall operation. *`googlecloud.audit.status.code`*:: + -- -The status code, which should be an enum value of google.rpc.Code. +The status code, which should be an enum value of google.rpc.Code. type: integer @@ -64050,7 +64050,7 @@ type: integer *`googlecloud.audit.status.message`*:: + -- -A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client. +A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client. type: keyword @@ -92755,7 +92755,7 @@ type: text *`misp.identity.identity_class`*:: + -- -The type of entity that this Identity describes, e.g., an individual or organization. Open Vocab - identity-class-ov +The type of entity that this Identity describes, e.g., an individual or organization. Open Vocab - identity-class-ov type: keyword @@ -92765,7 +92765,7 @@ type: keyword *`misp.identity.labels`*:: + -- -The list of roles that this Identity performs. +The list of roles that this Identity performs. type: keyword @@ -92778,7 +92778,7 @@ example: CEO *`misp.identity.sectors`*:: + -- -The list of sectors that this Identity belongs to. Open Vocab - industry-sector-ov +The list of sectors that this Identity belongs to. Open Vocab - industry-sector-ov type: keyword @@ -93028,7 +93028,7 @@ Fields provide support for specifying information about threat indicators, and r *`misp.threat_indicator.labels`*:: + -- -list of type open-vocab that specifies the type of indicator. +list of type open-vocab that specifies the type of indicator. type: keyword @@ -93177,7 +93177,7 @@ format: string *`misp.threat_indicator.attack_pattern`*:: + -- -The attack_pattern for this indicator is a STIX Pattern as specified in STIX Version 2.0 Part 5 - STIX Patterning. +The attack_pattern for this indicator is a STIX Pattern as specified in STIX Version 2.0 Part 5 - STIX Patterning. type: keyword @@ -93190,7 +93190,7 @@ example: [destination:ip = '91.219.29.188/32'] *`misp.threat_indicator.attack_pattern_kql`*:: + -- -The attack_pattern for this indicator is KQL query that matches the attack_pattern specified in the STIX Pattern format. +The attack_pattern for this indicator is KQL query that matches the attack_pattern specified in the STIX Pattern format. type: keyword @@ -94005,7 +94005,7 @@ type: long *`mysql.slowlog.sort_range_count`*:: + -- -Number of sorts that were done using ranges. +Number of sorts that were done using ranges. type: long @@ -94105,7 +94105,7 @@ type: long *`mysql.slowlog.read_rnd`*:: + -- -The number of requests to read a row based on a fixed position. +The number of requests to read a row based on a fixed position. type: long @@ -105567,11 +105567,6 @@ Specifies the type of the log -- Specifies the sub type of the log --- -Action taken for the session. - -type: keyword - -- [[exported-fields-pensando]] @@ -105609,7 +105604,7 @@ Fields for Pensando DFW *`pensando.dfw.action`*:: + -- -Action on the flow. +Action on the flow. type: keyword @@ -105619,7 +105614,7 @@ type: keyword *`pensando.dfw.app_id`*:: + -- -Application ID +Application ID type: integer @@ -105629,7 +105624,7 @@ type: integer *`pensando.dfw.destination_address`*:: + -- -Address of destination. +Address of destination. type: keyword @@ -105639,7 +105634,7 @@ type: keyword *`pensando.dfw.destination_port`*:: + -- -Port of destination. +Port of destination. type: integer @@ -105649,7 +105644,7 @@ type: integer *`pensando.dfw.direction`*:: + -- -Direction of the flow +Direction of the flow type: keyword @@ -105659,7 +105654,7 @@ type: keyword *`pensando.dfw.protocol`*:: + -- -Protocol of the flow +Protocol of the flow type: keyword @@ -105669,7 +105664,7 @@ type: keyword *`pensando.dfw.rule_id`*:: + -- -Rule ID that was matched. +Rule ID that was matched. type: keyword @@ -105679,7 +105674,7 @@ type: keyword *`pensando.dfw.session_id`*:: + -- -Session ID of the flow +Session ID of the flow type: integer @@ -105689,7 +105684,7 @@ type: integer *`pensando.dfw.session_state`*:: + -- -Session state of the flow. +Session state of the flow. type: keyword @@ -105699,7 +105694,7 @@ type: keyword *`pensando.dfw.source_address`*:: + -- -Source address of the flow. +Source address of the flow. type: keyword @@ -105709,7 +105704,7 @@ type: keyword *`pensando.dfw.source_port`*:: + -- -Source port of the flow. +Source port of the flow. type: integer @@ -105719,15 +105714,13 @@ type: integer *`pensando.dfw.timestamp`*:: + -- -Timestamp of the log. +Timestamp of the log. type: date -- - - [[exported-fields-postgresql]] == PostgreSQL fields @@ -122712,11 +122705,9 @@ type: long *`snyk.vulnerabilities.publication_time`*:: + -- - The vulnerability publication time. - type: date -- @@ -160927,3 +160918,4 @@ This key captures values or decorators used within a registry entry type: keyword -- + diff --git a/filebeat/docs/modules/pensando.asciidoc b/filebeat/docs/modules/pensando.asciidoc index e9ce8de437e6..88c2924a8f10 100644 --- a/filebeat/docs/modules/pensando.asciidoc +++ b/filebeat/docs/modules/pensando.asciidoc @@ -8,7 +8,9 @@ This file is generated! See scripts/docs_collector.py == pensando module -This is the pensando module. +The +{modulename}+ module parses distributed firewall logs created by the +http://pensando.io/[Pensando] distributed services card (DSC). + include::../include/what-happens.asciidoc[] @@ -17,13 +19,21 @@ include::../include/gs-link.asciidoc[] [float] === Compatibility -TODO: document with what versions of the software is this tested +The Pensando module has been tested with 1.12.0-E-54 and later. include::../include/configuring-intro.asciidoc[] - -TODO: provide an example configuration - -:fileset_ex: {fileset} +The following example shows how to set parameters in the +modules.d/{modulename}.yml+ +file to listen for firewall logs sent from the Pensando DSC(s) on port 5514 (default is 9001): + +["source","yaml",subs="attributes"] +----- +- module: pensando + access: + enabled: true + var.syslog_host: 0.0.0.0 + var.syslog_port: [9001] +----- +:fileset_ex: dfw include::../include/config-option-intro.asciidoc[] @@ -32,7 +42,7 @@ that's common to other modules, you can reuse shared descriptions by including the relevant file. For example: [float] -==== `{fileset}` log fileset settings +==== `dfw` log fileset settings include::../include/var-paths.asciidoc[] @@ -41,8 +51,8 @@ include::../include/var-paths.asciidoc[] This module comes with a sample dashboard. For example: -TODO: include an image of a sample dashboard. If you do not include a dashboard, -remove this section and set `:has-dashboards: false` at the top of this file. +[role="screenshot"] +image::./images/filebeat-pensando-dfw.png[] :has-dashboards!: diff --git a/filebeat/filebeat.reference.yml b/filebeat/filebeat.reference.yml index 9bc66b08278a..794daa8f146a 100644 --- a/filebeat/filebeat.reference.yml +++ b/filebeat/filebeat.reference.yml @@ -337,8 +337,15 @@ filebeat.modules: #------------------------------- Pensando Module ------------------------------- - module: pensando +# Firewall logs dfw: enabled: true + var.syslog_host: 0.0.0.0 + var.syslog_port: 9001 + + # Set custom paths for the log files. If left empty, + # Filebeat will choose the paths depending on your OS. + # var.paths: #------------------------------ PostgreSQL Module ------------------------------ #- module: postgresql diff --git a/filebeat/modules.d/pensando.yml.disabled b/filebeat/modules.d/pensando.yml.disabled index 5d9ae0bfd2a6..72350a5dcb69 100644 --- a/filebeat/modules.d/pensando.yml.disabled +++ b/filebeat/modules.d/pensando.yml.disabled @@ -2,5 +2,12 @@ # Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-pensando.html - module: pensando +# Firewall logs dfw: enabled: true + var.syslog_host: 0.0.0.0 + var.syslog_port: 9001 + + # Set custom paths for the log files. If left empty, + # Filebeat will choose the paths depending on your OS. + # var.paths: From 5b1ed047940f10daf8fe90939f31e63f326c311f Mon Sep 17 00:00:00 2001 From: Edward Arcuri Date: Tue, 19 Jan 2021 15:22:01 -0700 Subject: [PATCH 23/35] fixes for filebeat check --- .../7/dashboard/pensando-dfw-overview.json | 75 +- .../7/dashboard/pensando-dfw-overview.json2 | 1390 +++++++++++++++++ 2 files changed, 1403 insertions(+), 62 deletions(-) create mode 100644 filebeat/module/pensando/_meta/kibana/7/dashboard/pensando-dfw-overview.json2 diff --git a/filebeat/module/pensando/_meta/kibana/7/dashboard/pensando-dfw-overview.json b/filebeat/module/pensando/_meta/kibana/7/dashboard/pensando-dfw-overview.json index 307206f1cd03..33ebc169841b 100644 --- a/filebeat/module/pensando/_meta/kibana/7/dashboard/pensando-dfw-overview.json +++ b/filebeat/module/pensando/_meta/kibana/7/dashboard/pensando-dfw-overview.json @@ -361,17 +361,17 @@ }, "references": [ { - "id": "21d8a6f0-cc2e-11ea-918e-c778f7abe5d7", + "id": "filebeat-*", "name": "control_0_index_pattern", "type": "index-pattern" }, { - "id": "21d8a6f0-cc2e-11ea-918e-c778f7abe5d7", + "id": "filebeat-*", "name": "control_1_index_pattern", "type": "index-pattern" }, { - "id": "21d8a6f0-cc2e-11ea-918e-c778f7abe5d7", + "id": "filebeat-*", "name": "control_2_index_pattern", "type": "index-pattern" } @@ -484,7 +484,7 @@ }, "references": [ { - "id": "21d8a6f0-cc2e-11ea-918e-c778f7abe5d7", + "id": "filebeat-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern" } @@ -577,7 +577,7 @@ }, "references": [ { - "id": "21d8a6f0-cc2e-11ea-918e-c778f7abe5d7", + "id": "filebeat-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern" } @@ -670,7 +670,7 @@ }, "references": [ { - "id": "21d8a6f0-cc2e-11ea-918e-c778f7abe5d7", + "id": "filebeat-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern" } @@ -761,12 +761,12 @@ }, "references": [ { - "id": "21d8a6f0-cc2e-11ea-918e-c778f7abe5d7", + "id": "filebeat-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern" }, { - "id": "21d8a6f0-cc2e-11ea-918e-c778f7abe5d7", + "id": "filebeat-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", "type": "index-pattern" } @@ -844,7 +844,7 @@ }, "references": [ { - "id": "21d8a6f0-cc2e-11ea-918e-c778f7abe5d7", + "id": "filebeat-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern" } @@ -954,7 +954,7 @@ }, "references": [ { - "id": "21d8a6f0-cc2e-11ea-918e-c778f7abe5d7", + "id": "filebeat-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern" } @@ -1242,7 +1242,7 @@ }, "references": [ { - "id": "21d8a6f0-cc2e-11ea-918e-c778f7abe5d7", + "id": "filebeat-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern" } @@ -1327,7 +1327,7 @@ }, "references": [ { - "id": "21d8a6f0-cc2e-11ea-918e-c778f7abe5d7", + "id": "filebeat-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern" } @@ -1335,56 +1335,7 @@ "type": "visualization", "updated_at": "2020-09-10T22:27:54.232Z", "version": "WzI1NTAsMTFd" - }, - { - "attributes": { - "columns": [ - "host.name", - "source.domain", - "flow.src_port_name", - "destination.domain", - "flow.dst_port_name", - "network.bytes", - "network.packets" - ], - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "highlightAll": true, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - }, - "version": true - } - }, - "sort": [ - [ - "@timestamp", - "desc" - ] - ], - "title": "ElastiFlow: Flow Records (src/dst) - search", - "version": 1 - }, - "id": "0d0216f0-2fe0-11e7-9d02-3f49bde5c1d5", - "migrationVersion": { - "search": "7.4.0" - }, - "references": [ - { - "id": "elastiflow-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "search", - "updated_at": "2020-07-20T18:19:27.998Z", - "version": "WzEwMiwxXQ==" } ], "version": "7.8.0" -} \ No newline at end of file +} diff --git a/filebeat/module/pensando/_meta/kibana/7/dashboard/pensando-dfw-overview.json2 b/filebeat/module/pensando/_meta/kibana/7/dashboard/pensando-dfw-overview.json2 new file mode 100644 index 000000000000..5de85edb4ee0 --- /dev/null +++ b/filebeat/module/pensando/_meta/kibana/7/dashboard/pensando-dfw-overview.json2 @@ -0,0 +1,1390 @@ +{ + "objects": [ + { + "attributes": { + "description": "Overview of events coming from Pensando DSC distributed firewall system.", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": false + }, + "panelsJSON": [ + { + "embeddableConfig": { + "title": "" + }, + "gridData": { + "h": 5, + "i": "85119076-2756-4415-8917-14c9d46732a5", + "w": 41, + "x": 0, + "y": 0 + }, + "panelIndex": "85119076-2756-4415-8917-14c9d46732a5", + "panelRefName": "panel_0", + "version": "7.8.0" + }, + { + "embeddableConfig": { + "title": "" + }, + "gridData": { + "h": 5, + "i": "9215c2be-bca5-4b21-8042-0e0be99e38c0", + "w": 7, + "x": 41, + "y": 0 + }, + "panelIndex": "9215c2be-bca5-4b21-8042-0e0be99e38c0", + "panelRefName": "panel_1", + "version": "7.8.0" + }, + { + "embeddableConfig": { + "title": "Active Workloads" + }, + "gridData": { + "h": 9, + "i": "81013c87-76c2-4ff0-9545-1295babad06e", + "w": 8, + "x": 0, + "y": 5 + }, + "panelIndex": "81013c87-76c2-4ff0-9545-1295babad06e", + "panelRefName": "panel_2", + "title": "Active Workloads", + "version": "7.8.0" + }, + { + "embeddableConfig": { + "title": "DFW Allowed Count" + }, + "gridData": { + "h": 9, + "i": "3ee01275-08dd-4d3f-9834-d844f5550365", + "w": 8, + "x": 8, + "y": 5 + }, + "panelIndex": "3ee01275-08dd-4d3f-9834-d844f5550365", + "panelRefName": "panel_3", + "title": "DFW Allowed Count", + "version": "7.8.0" + }, + { + "embeddableConfig": { + "title": "DFW Denied Count" + }, + "gridData": { + "h": 9, + "i": "9628e969-1f18-4659-a8d9-e9409f11f3a9", + "w": 8, + "x": 16, + "y": 5 + }, + "panelIndex": "9628e969-1f18-4659-a8d9-e9409f11f3a9", + "panelRefName": "panel_4", + "title": "DFW Denied Count", + "version": "7.8.0" + }, + { + "embeddableConfig": { + "title": "Denied Destination IPs" + }, + "gridData": { + "h": 11, + "i": "37787af1-b5ef-467e-8c5e-b0dfba56c9f9", + "w": 24, + "x": 24, + "y": 5 + }, + "panelIndex": "37787af1-b5ef-467e-8c5e-b0dfba56c9f9", + "panelRefName": "panel_5", + "title": "Denied Destination IPs", + "version": "7.8.0" + }, + { + "embeddableConfig": { + "title": "Traffic by Workload" + }, + "gridData": { + "h": 14, + "i": "efafcbff-a163-4475-8d12-59f716e5a3ef", + "w": 12, + "x": 0, + "y": 14 + }, + "panelIndex": "efafcbff-a163-4475-8d12-59f716e5a3ef", + "panelRefName": "panel_6", + "title": "Traffic by Workload", + "version": "7.8.0" + }, + { + "embeddableConfig": { + "title": "Client to Server FW Action" + }, + "gridData": { + "h": 14, + "i": "52506949-eb15-4b23-b50c-2e5083df5e0f", + "w": 12, + "x": 12, + "y": 14 + }, + "panelIndex": "52506949-eb15-4b23-b50c-2e5083df5e0f", + "panelRefName": "panel_7", + "title": "Client to Server FW Action", + "version": "7.8.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 13, + "i": "077406bd-aa47-4dc9-b1f6-04cae0ae34b6", + "w": 24, + "x": 24, + "y": 16 + }, + "panelIndex": "077406bd-aa47-4dc9-b1f6-04cae0ae34b6", + "panelRefName": "panel_8", + "version": "7.8.0" + }, + { + "embeddableConfig": { + "vis": { + "legendOpen": false + } + }, + "gridData": { + "h": 14, + "i": "58e763b7-a23a-480a-a984-24dd115aba2c", + "w": 12, + "x": 0, + "y": 28 + }, + "panelIndex": "58e763b7-a23a-480a-a984-24dd115aba2c", + "panelRefName": "panel_9", + "version": "7.8.0" + }, + { + "embeddableConfig": { + "table": null, + "title": "Dest Port by DSC", + "vis": { + "legendOpen": false + } + }, + "gridData": { + "h": 14, + "i": "36fc48c8-0044-4af6-a8b2-da8023806f32", + "w": 12, + "x": 12, + "y": 28 + }, + "panelIndex": "36fc48c8-0044-4af6-a8b2-da8023806f32", + "panelRefName": "panel_10", + "title": "Dest Port by DSC", + "version": "7.8.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 13, + "i": "a1d34501-4d64-4213-b192-1b4ca2d88793", + "w": 24, + "x": 24, + "y": 29 + }, + "panelIndex": "a1d34501-4d64-4213-b192-1b4ca2d88793", + "panelRefName": "panel_11", + "version": "7.8.0" + } + ], + "timeRestore": false, + "title": "[Filebeat Pensando] DFW Overview", + "version": 1 + }, + "id": "2713ee40-f3b1-11ea-ba07-c1efedbf0bf9", + "migrationVersion": { + "dashboard": "7.3.0" + }, + "references": [ + { + "id": "a73c8dc0-cc8d-11ea-918e-c778f7abe5d7", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "39e26d70-cc4d-11ea-918e-c778f7abe5d7", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "bc6a36b0-cdba-11ea-a0ef-8f5241e594be", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "fa745d10-cc88-11ea-918e-c778f7abe5d7", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "1d2d5f00-cc89-11ea-918e-c778f7abe5d7", + "name": "panel_4", + "type": "visualization" + }, + { + "id": "bf9d4650-cc8a-11ea-918e-c778f7abe5d7", + "name": "panel_5", + "type": "visualization" + }, + { + "id": "07983660-cd38-11ea-a0ef-8f5241e594be", + "name": "panel_6", + "type": "visualization" + }, + { + "id": "fd2202d0-cc86-11ea-918e-c778f7abe5d7", + "name": "panel_7", + "type": "visualization" + }, + { + "id": "2aa5d850-cc85-11ea-918e-c778f7abe5d7", + "name": "panel_8", + "type": "visualization" + }, + { + "id": "b8bfd3e0-e8b7-11ea-ba07-c1efedbf0bf9", + "name": "panel_9", + "type": "visualization" + }, + { + "id": "c6188140-cdb9-11ea-a0ef-8f5241e594be", + "name": "panel_10", + "type": "visualization" + }, + { + "id": "0583e120-cc8f-11ea-918e-c778f7abe5d7", + "name": "panel_11", + "type": "visualization" + } + ], + "type": "dashboard", + "updated_at": "2020-09-10T22:32:33.177Z", + "version": "WzI1NjMsMTFd" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Client/Server - input list [Filebeat Pensando]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "controls": [ + { + "fieldName": "client.ip", + "id": "1595471403191", + "indexPatternRefName": "control_0_index_pattern", + "label": "Client", + "options": { + "dynamicOptions": true, + "multiselect": false, + "order": "desc", + "size": 500, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "server.ip", + "id": "1595471807689", + "indexPatternRefName": "control_1_index_pattern", + "label": "Server", + "options": { + "dynamicOptions": true, + "multiselect": false, + "order": "desc", + "size": 500, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "log.source.address", + "id": "1595471848091", + "indexPatternRefName": "control_2_index_pattern", + "label": "DSC", + "options": { + "dynamicOptions": false, + "multiselect": false, + "order": "desc", + "size": 500, + "type": "terms" + }, + "parent": "", + "type": "list" + } + ], + "pinFilters": true, + "updateFiltersOnChange": true, + "useTimeFilter": true + }, + "title": "Client/Server - input list [Filebeat Pensando]", + "type": "input_control_vis" + } + }, + "id": "a73c8dc0-cc8d-11ea-918e-c778f7abe5d7", + "migrationVersion": { + "visualization": "7.8.0" + }, + "references": [ + { + "id": "filebeat-*", + "name": "control_0_index_pattern", + "type": "index-pattern" + }, + { + "id": "filebeat-*", + "name": "control_1_index_pattern", + "type": "index-pattern" + }, + { + "id": "filebeat-*", + "name": "control_2_index_pattern", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2020-09-10T21:58:28.390Z", + "version": "WzI0OTMsMTFd" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": { + "match_all": {} + } + } + } + }, + "title": "Logo [Filebeat Pensando]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "fontSize": 8, + "markdown": "[![Pensando]()](https://pensando.io)", + "openLinksInNewTab": true + }, + "title": "Logo [Filebeat Pensando]", + "type": "markdown" + } + }, + "id": "39e26d70-cc4d-11ea-918e-c778f7abe5d7", + "migrationVersion": { + "visualization": "7.8.0" + }, + "references": [], + "type": "visualization", + "updated_at": "2020-09-10T22:03:40.485Z", + "version": "WzI1MDIsMTFd" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Active Workload Count [Filebeat Pensando]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Active Workloads", + "field": "client.ip" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "params": { + "addLegend": false, + "addTooltip": true, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000 + } + ], + "invertColors": false, + "labels": { + "show": false + }, + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 36, + "labelColor": false, + "subText": "" + }, + "useRanges": false + }, + "type": "metric" + }, + "title": "Active Workload Count [Filebeat Pensando]", + "type": "metric" + } + }, + "id": "bc6a36b0-cdba-11ea-a0ef-8f5241e594be", + "migrationVersion": { + "visualization": "7.8.0" + }, + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2020-09-10T22:32:05.773Z", + "version": "WzI1NjIsMTFd" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "DFW Allowed Count [Filebeat Pensando]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "", + "exclude": "denied", + "field": "event.action", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "params": { + "addLegend": false, + "addTooltip": true, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000 + } + ], + "invertColors": false, + "labels": { + "show": false + }, + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 30, + "labelColor": false, + "subText": "" + }, + "useRanges": false + }, + "type": "metric" + }, + "title": "DFW Allowed Count [Filebeat Pensando]", + "type": "metric" + } + }, + "id": "fa745d10-cc88-11ea-918e-c778f7abe5d7", + "migrationVersion": { + "visualization": "7.8.0" + }, + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2020-09-10T21:55:19.408Z", + "version": "WzI0ODQsMTFd" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "DFW Denied Count [Filebeat Pensando]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "packet count" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "", + "exclude": "allowed", + "field": "event.action", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "params": { + "addLegend": false, + "addTooltip": true, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000 + } + ], + "invertColors": false, + "labels": { + "show": false + }, + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 30, + "labelColor": false, + "subText": "" + }, + "useRanges": false + }, + "type": "metric" + }, + "title": "DFW Denied Count [Filebeat Pensando]", + "type": "metric" + } + }, + "id": "1d2d5f00-cc89-11ea-918e-c778f7abe5d7", + "migrationVersion": { + "visualization": "7.8.0" + }, + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2020-09-10T22:21:26.142Z", + "version": "WzI1NDAsMTFd" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": "Denied Destination IPs", + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.action", + "negate": false, + "params": { + "query": "denied" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.action": "denied" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "event.action: \"denied\" " + } + } + }, + "title": "Denied Destination IPs [Filebeat Pensando]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "server.ip", + "json": "", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 25 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "maxFontSize": 36, + "minFontSize": 14, + "orientation": "single", + "scale": "linear", + "showLabel": false + }, + "title": "Denied Destination IPs [Filebeat Pensando]", + "type": "tagcloud" + } + }, + "id": "bf9d4650-cc8a-11ea-918e-c778f7abe5d7", + "migrationVersion": { + "visualization": "7.8.0" + }, + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2020-09-10T21:57:10.267Z", + "version": "WzI0ODgsMTFd" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Traffic by Workload Pie [Filebeat Pensando]", + "uiStateJSON": { + "vis": { + "legendOpen": false + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "client.ip", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 25 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": false, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "type": "pie" + }, + "title": "Traffic by Workload Pie [Filebeat Pensando]", + "type": "pie" + } + }, + "id": "07983660-cd38-11ea-a0ef-8f5241e594be", + "migrationVersion": { + "visualization": "7.8.0" + }, + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2020-09-10T21:57:31.753Z", + "version": "WzI0ODksMTFd" + }, + { + "attributes": { + "description": "Inner ring is client IP, middle ring is server IP and the outer ring is Allow vs Deny actions performed by the FW", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Client to Server FW Action [Filebeat Pensando]", + "uiStateJSON": { + "vis": { + "legendOpen": false + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "client.ip", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 100 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "server.ip", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "4", + "params": { + "field": "event.action", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": false + }, + "legendPosition": "right", + "type": "pie" + }, + "title": "Client to Server FW Action [Filebeat Pensando]", + "type": "pie" + } + }, + "id": "fd2202d0-cc86-11ea-918e-c778f7abe5d7", + "migrationVersion": { + "visualization": "7.8.0" + }, + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2020-09-10T21:56:22.329Z", + "version": "WzI0ODYsMTFd" + }, + { + "attributes": { + "description": "Firewall denies and allows plotted against each other in time series", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "DFW Deny vs Allow [Filebeat Pensando]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "filebeat-*", + "default_timefield": "@timestamp", + "filter": { + "language": "kuery", + "query": "event.dataset:\"pensando.dfw\" " + }, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "filebeat-*", + "interval": "", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "filter": { + "language": "kuery", + "query": "pensando.dfw.action : \"allow\" " + }, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "line_width": 1, + "metrics": [ + { + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "count" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "kibana", + "split_mode": "terms", + "stacked": "none", + "terms_field": "pensando.dfw.action" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(150,10,3,1)", + "fill": 0.5, + "filter": { + "language": "kuery", + "query": "pensando.dfw.action : \"deny\" " + }, + "formatter": "number", + "id": "b6c562c0-cc84-11ea-a4da-c770c13b4387", + "line_width": 1, + "metrics": [ + { + "id": "b6c562c1-cc84-11ea-a4da-c770c13b4387", + "type": "count" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_mode": "terms", + "stacked": "none", + "terms_field": "pensando.dfw.action" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(188,186,0,1)", + "fill": 0.5, + "filter": { + "language": "kuery", + "query": "pensando.dfw.action :\"none\" " + }, + "formatter": "number", + "id": "2dd6bef0-cd1f-11ea-98bc-ef8e168e330d", + "line_width": 1, + "metrics": [ + { + "id": "2dd6bef1-cd1f-11ea-98bc-ef8e168e330d", + "type": "count" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_mode": "terms", + "stacked": "none", + "terms_field": "pensando.dfw.action" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "DFW Deny vs Allow [Filebeat Pensando]", + "type": "metrics" + } + }, + "id": "2aa5d850-cc85-11ea-918e-c778f7abe5d7", + "migrationVersion": { + "visualization": "7.8.0" + }, + "references": [], + "type": "visualization", + "updated_at": "2020-09-10T21:54:41.152Z", + "version": "WzI0ODAsMTFd" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Top Destination IPs [Filebeat Pensando]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "destination.ip", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": true, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": false, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "type": "pie" + }, + "title": "Top Destination IPs [Filebeat Pensando]", + "type": "pie" + } + }, + "id": "b8bfd3e0-e8b7-11ea-ba07-c1efedbf0bf9", + "migrationVersion": { + "visualization": "7.8.0" + }, + "references": [ + { + "id": "0d0216f0-2fe0-11e7-9d02-3f49bde5c1d5", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization", + "updated_at": "2020-09-10T21:59:43.129Z", + "version": "WzI0OTYsMTFd" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Destination Port by DSC Pie [Filebeat Pensando]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "destination.port", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": true, + "otherBucketLabel": "Other", + "size": 25 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "log.source.address", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "type": "pie" + }, + "title": "Destination Port by DSC Pie [Filebeat Pensando]", + "type": "pie" + } + }, + "id": "c6188140-cdb9-11ea-a0ef-8f5241e594be", + "migrationVersion": { + "visualization": "7.8.0" + }, + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2020-09-10T21:58:55.571Z", + "version": "WzI0OTQsMTFd" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Top Destinations - table [Filebeat Pensando]", + "uiStateJSON": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Network Packets" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Top Servers", + "field": "server.ip", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 300 + }, + "schema": "bucket", + "type": "terms" + } + ], + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": true, + "showPartialRows": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "title": "Top Destinations - table [Filebeat Pensando]", + "type": "table" + } + }, + "id": "0583e120-cc8f-11ea-918e-c778f7abe5d7", + "migrationVersion": { + "visualization": "7.8.0" + }, + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2020-09-10T22:27:54.232Z", + "version": "WzI1NTAsMTFd" + }, + { + "attributes": { + "columns": [ + "host.name", + "source.domain", + "flow.src_port_name", + "destination.domain", + "flow.dst_port_name", + "network.bytes", + "network.packets" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + }, + "version": true + } + }, + "sort": [ + [ + "@timestamp", + "desc" + ] + ], + "title": "ElastiFlow: Flow Records (src/dst) - search", + "version": 1 + }, + "id": "0d0216f0-2fe0-11e7-9d02-3f49bde5c1d5", + "migrationVersion": { + "search": "7.4.0" + }, + "references": [ + { + "id": "elastiflow-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "search", + "updated_at": "2020-07-20T18:19:27.998Z", + "version": "WzEwMiwxXQ==" + } + ], + "version": "7.8.0" +} From 3ceeb679ce6db218d087c14684406ba3d3c4a51c Mon Sep 17 00:00:00 2001 From: Edward Arcuri Date: Tue, 19 Jan 2021 15:25:46 -0700 Subject: [PATCH 24/35] make update changes --- NOTICE.txt | 68 +++++++++++++------------- x-pack/filebeat/filebeat.reference.yml | 12 +++++ 2 files changed, 46 insertions(+), 34 deletions(-) diff --git a/NOTICE.txt b/NOTICE.txt index 73a265a048b3..1616d3b8a75d 100644 --- a/NOTICE.txt +++ b/NOTICE.txt @@ -5757,6 +5757,38 @@ SOFTWARE. +-------------------------------------------------------------------------------- +Dependency : github.com/eapache/go-resiliency +Version: v1.2.0 +Licence type (autodetected): MIT +-------------------------------------------------------------------------------- + +Contents of probable licence file $GOMODCACHE/github.com/eapache/go-resiliency@v1.2.0/LICENSE: + +The MIT License (MIT) + +Copyright (c) 2014 Evan Huus + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. + + + -------------------------------------------------------------------------------- Dependency : github.com/eclipse/paho.mqtt.golang Version: v1.2.1-0.20200121105743-0d940dd29fd2 @@ -13781,11 +13813,11 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -------------------------------------------------------------------------------- Dependency : github.com/shirou/gopsutil -Version: v2.19.11+incompatible +Version: v3.20.12+incompatible Licence type (autodetected): BSD-3-Clause -------------------------------------------------------------------------------- -Contents of probable licence file $GOMODCACHE/github.com/shirou/gopsutil@v2.19.11+incompatible/LICENSE: +Contents of probable licence file $GOMODCACHE/github.com/shirou/gopsutil@v3.20.12+incompatible/LICENSE: gopsutil is distributed under BSD license reproduced below. @@ -26207,38 +26239,6 @@ IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. --------------------------------------------------------------------------------- -Dependency : github.com/eapache/go-resiliency -Version: v1.2.0 -Licence type (autodetected): MIT --------------------------------------------------------------------------------- - -Contents of probable licence file $GOMODCACHE/github.com/eapache/go-resiliency@v1.2.0/LICENSE: - -The MIT License (MIT) - -Copyright (c) 2014 Evan Huus - -Permission is hereby granted, free of charge, to any person obtaining a copy -of this software and associated documentation files (the "Software"), to deal -in the Software without restriction, including without limitation the rights -to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -copies of the Software, and to permit persons to whom the Software is -furnished to do so, subject to the following conditions: - -The above copyright notice and this permission notice shall be included in all -copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -SOFTWARE. - - - -------------------------------------------------------------------------------- Dependency : github.com/eapache/go-xerial-snappy Version: v0.0.0-20180814174437-776d5712da21 diff --git a/x-pack/filebeat/filebeat.reference.yml b/x-pack/filebeat/filebeat.reference.yml index d0d78781e934..35b7f94b0c70 100644 --- a/x-pack/filebeat/filebeat.reference.yml +++ b/x-pack/filebeat/filebeat.reference.yml @@ -1632,6 +1632,18 @@ filebeat.modules: #var.external_zones: +#------------------------------- Pensando Module ------------------------------- +- module: pensando +# Firewall logs + dfw: + enabled: true + var.syslog_host: 0.0.0.0 + var.syslog_port: 9001 + + # Set custom paths for the log files. If left empty, + # Filebeat will choose the paths depending on your OS. + # var.paths: + #------------------------------ PostgreSQL Module ------------------------------ #- module: postgresql # Logs From b26adcbfe9af966e5398a00321177214dbe071ea Mon Sep 17 00:00:00 2001 From: Edward Arcuri <7133080+punisherVX@users.noreply.github.com> Date: Wed, 20 Jan 2021 07:36:10 -0700 Subject: [PATCH 25/35] Update filebeat/module/pensando/dfw/config/dfw.yml Co-authored-by: Marc Guasch --- filebeat/module/pensando/dfw/config/dfw.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/filebeat/module/pensando/dfw/config/dfw.yml b/filebeat/module/pensando/dfw/config/dfw.yml index 167adb423196..404eac5f138f 100644 --- a/filebeat/module/pensando/dfw/config/dfw.yml +++ b/filebeat/module/pensando/dfw/config/dfw.yml @@ -18,6 +18,6 @@ exclude_files: [".gz$"] processors: - add_locale: ~ - add_fields: - target: '' - fields: - ecs.version: 1.7.0 + target: '' + fields: + ecs.version: 1.7.0 From d9140e35032b0012cad76e3d26ea7e22b612ed57 Mon Sep 17 00:00:00 2001 From: Edward Arcuri <7133080+punisherVX@users.noreply.github.com> Date: Mon, 1 Feb 2021 13:28:33 -0700 Subject: [PATCH 26/35] Update filebeat/module/pensando/dfw/ingest/pipeline.yml Co-authored-by: Marc Guasch --- filebeat/module/pensando/dfw/ingest/pipeline.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/filebeat/module/pensando/dfw/ingest/pipeline.yml b/filebeat/module/pensando/dfw/ingest/pipeline.yml index f3f40d4a3c6f..9d57882973a0 100644 --- a/filebeat/module/pensando/dfw/ingest/pipeline.yml +++ b/filebeat/module/pensando/dfw/ingest/pipeline.yml @@ -1,6 +1,9 @@ --- description: Pipeline for parsing Penando DFW logs processors: +- set: + field: event.ingested + value: "{{_ingest.timestamp}}" - rename: field: message target_field: event.original From 57307d595965791a68a5373a4dc963074db5fc61 Mon Sep 17 00:00:00 2001 From: Edward Arcuri <7133080+punisherVX@users.noreply.github.com> Date: Mon, 1 Feb 2021 13:28:40 -0700 Subject: [PATCH 27/35] Update filebeat/module/pensando/dfw/ingest/pipeline.yml Co-authored-by: Marc Guasch --- filebeat/module/pensando/dfw/ingest/pipeline.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/filebeat/module/pensando/dfw/ingest/pipeline.yml b/filebeat/module/pensando/dfw/ingest/pipeline.yml index 9d57882973a0..bbc8db92e5ce 100644 --- a/filebeat/module/pensando/dfw/ingest/pipeline.yml +++ b/filebeat/module/pensando/dfw/ingest/pipeline.yml @@ -15,7 +15,7 @@ processors: field: payload_raw target_field: json - remove: - field: syslog5424_sd,syslog5424_app,syslog5424_host,syslog5424_msgid,syslog5424_pri,syslog5424_proc,syslog5424_ver,host + field: [syslog5424_sd,syslog5424_app,syslog5424_host,syslog5424_msgid,syslog5424_pri,syslog5424_proc,syslog5424_ver,host] ignore_missing: true - date: field: json.timestamp From 22a3ea36f42f5c3ee4c0694a9223983a5991bf12 Mon Sep 17 00:00:00 2001 From: Edward Arcuri <7133080+punisherVX@users.noreply.github.com> Date: Mon, 1 Feb 2021 13:28:54 -0700 Subject: [PATCH 28/35] Update filebeat/module/pensando/dfw/ingest/pipeline.yml Co-authored-by: Marc Guasch --- filebeat/module/pensando/dfw/ingest/pipeline.yml | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/filebeat/module/pensando/dfw/ingest/pipeline.yml b/filebeat/module/pensando/dfw/ingest/pipeline.yml index bbc8db92e5ce..42b84ca9d858 100644 --- a/filebeat/module/pensando/dfw/ingest/pipeline.yml +++ b/filebeat/module/pensando/dfw/ingest/pipeline.yml @@ -90,12 +90,11 @@ processors: field: network.transport ignore_missing: true ignore_failure: true -- convert: - field: pensando.dfw.source_address - target_field: source.address - type: ip +- set: + field: source.address + value: "{{pensando.dfw.source_address}}" ignore_failure: true - ignore_missing: true + ignore_empty_value: true - convert: field: pensando.dfw.source_port target_field: source.port From 074f0aab71c7882af252b3bc8a9f221c0c5e8e88 Mon Sep 17 00:00:00 2001 From: Edward Arcuri <7133080+punisherVX@users.noreply.github.com> Date: Mon, 1 Feb 2021 13:29:13 -0700 Subject: [PATCH 29/35] Update filebeat/module/pensando/dfw/ingest/pipeline.yml Co-authored-by: Marc Guasch --- filebeat/module/pensando/dfw/ingest/pipeline.yml | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/filebeat/module/pensando/dfw/ingest/pipeline.yml b/filebeat/module/pensando/dfw/ingest/pipeline.yml index 42b84ca9d858..0f72babbd0d0 100644 --- a/filebeat/module/pensando/dfw/ingest/pipeline.yml +++ b/filebeat/module/pensando/dfw/ingest/pipeline.yml @@ -101,12 +101,11 @@ processors: type: integer ignore_failure: true ignore_missing: true -- convert: - field: pensando.dfw.destination_address - target_field: destination.address - type: ip +- set: + field: destination.address + value: "{{pensando.dfw.destination_address}}" ignore_failure: true - ignore_missing: true + ignore_empty_value: true - convert: field: pensando.dfw.destination_port target_field: destination.port From 6e07cd936897d7aa1351515e1b573668e826b35d Mon Sep 17 00:00:00 2001 From: Edward Arcuri Date: Mon, 1 Feb 2021 13:59:15 -0700 Subject: [PATCH 30/35] remove old json file --- .../7/dashboard/pensando-dfw-overview.json2 | 1390 ----------------- 1 file changed, 1390 deletions(-) delete mode 100644 filebeat/module/pensando/_meta/kibana/7/dashboard/pensando-dfw-overview.json2 diff --git a/filebeat/module/pensando/_meta/kibana/7/dashboard/pensando-dfw-overview.json2 b/filebeat/module/pensando/_meta/kibana/7/dashboard/pensando-dfw-overview.json2 deleted file mode 100644 index 5de85edb4ee0..000000000000 --- a/filebeat/module/pensando/_meta/kibana/7/dashboard/pensando-dfw-overview.json2 +++ /dev/null @@ -1,1390 +0,0 @@ -{ - "objects": [ - { - "attributes": { - "description": "Overview of events coming from Pensando DSC distributed firewall system.", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "optionsJSON": { - "hidePanelTitles": false, - "useMargins": false - }, - "panelsJSON": [ - { - "embeddableConfig": { - "title": "" - }, - "gridData": { - "h": 5, - "i": "85119076-2756-4415-8917-14c9d46732a5", - "w": 41, - "x": 0, - "y": 0 - }, - "panelIndex": "85119076-2756-4415-8917-14c9d46732a5", - "panelRefName": "panel_0", - "version": "7.8.0" - }, - { - "embeddableConfig": { - "title": "" - }, - "gridData": { - "h": 5, - "i": "9215c2be-bca5-4b21-8042-0e0be99e38c0", - "w": 7, - "x": 41, - "y": 0 - }, - "panelIndex": "9215c2be-bca5-4b21-8042-0e0be99e38c0", - "panelRefName": "panel_1", - "version": "7.8.0" - }, - { - "embeddableConfig": { - "title": "Active Workloads" - }, - "gridData": { - "h": 9, - "i": "81013c87-76c2-4ff0-9545-1295babad06e", - "w": 8, - "x": 0, - "y": 5 - }, - "panelIndex": "81013c87-76c2-4ff0-9545-1295babad06e", - "panelRefName": "panel_2", - "title": "Active Workloads", - "version": "7.8.0" - }, - { - "embeddableConfig": { - "title": "DFW Allowed Count" - }, - "gridData": { - "h": 9, - "i": "3ee01275-08dd-4d3f-9834-d844f5550365", - "w": 8, - "x": 8, - "y": 5 - }, - "panelIndex": "3ee01275-08dd-4d3f-9834-d844f5550365", - "panelRefName": "panel_3", - "title": "DFW Allowed Count", - "version": "7.8.0" - }, - { - "embeddableConfig": { - "title": "DFW Denied Count" - }, - "gridData": { - "h": 9, - "i": "9628e969-1f18-4659-a8d9-e9409f11f3a9", - "w": 8, - "x": 16, - "y": 5 - }, - "panelIndex": "9628e969-1f18-4659-a8d9-e9409f11f3a9", - "panelRefName": "panel_4", - "title": "DFW Denied Count", - "version": "7.8.0" - }, - { - "embeddableConfig": { - "title": "Denied Destination IPs" - }, - "gridData": { - "h": 11, - "i": "37787af1-b5ef-467e-8c5e-b0dfba56c9f9", - "w": 24, - "x": 24, - "y": 5 - }, - "panelIndex": "37787af1-b5ef-467e-8c5e-b0dfba56c9f9", - "panelRefName": "panel_5", - "title": "Denied Destination IPs", - "version": "7.8.0" - }, - { - "embeddableConfig": { - "title": "Traffic by Workload" - }, - "gridData": { - "h": 14, - "i": "efafcbff-a163-4475-8d12-59f716e5a3ef", - "w": 12, - "x": 0, - "y": 14 - }, - "panelIndex": "efafcbff-a163-4475-8d12-59f716e5a3ef", - "panelRefName": "panel_6", - "title": "Traffic by Workload", - "version": "7.8.0" - }, - { - "embeddableConfig": { - "title": "Client to Server FW Action" - }, - "gridData": { - "h": 14, - "i": "52506949-eb15-4b23-b50c-2e5083df5e0f", - "w": 12, - "x": 12, - "y": 14 - }, - "panelIndex": "52506949-eb15-4b23-b50c-2e5083df5e0f", - "panelRefName": "panel_7", - "title": "Client to Server FW Action", - "version": "7.8.0" - }, - { - "embeddableConfig": {}, - "gridData": { - "h": 13, - "i": "077406bd-aa47-4dc9-b1f6-04cae0ae34b6", - "w": 24, - "x": 24, - "y": 16 - }, - "panelIndex": "077406bd-aa47-4dc9-b1f6-04cae0ae34b6", - "panelRefName": "panel_8", - "version": "7.8.0" - }, - { - "embeddableConfig": { - "vis": { - "legendOpen": false - } - }, - "gridData": { - "h": 14, - "i": "58e763b7-a23a-480a-a984-24dd115aba2c", - "w": 12, - "x": 0, - "y": 28 - }, - "panelIndex": "58e763b7-a23a-480a-a984-24dd115aba2c", - "panelRefName": "panel_9", - "version": "7.8.0" - }, - { - "embeddableConfig": { - "table": null, - "title": "Dest Port by DSC", - "vis": { - "legendOpen": false - } - }, - "gridData": { - "h": 14, - "i": "36fc48c8-0044-4af6-a8b2-da8023806f32", - "w": 12, - "x": 12, - "y": 28 - }, - "panelIndex": "36fc48c8-0044-4af6-a8b2-da8023806f32", - "panelRefName": "panel_10", - "title": "Dest Port by DSC", - "version": "7.8.0" - }, - { - "embeddableConfig": {}, - "gridData": { - "h": 13, - "i": "a1d34501-4d64-4213-b192-1b4ca2d88793", - "w": 24, - "x": 24, - "y": 29 - }, - "panelIndex": "a1d34501-4d64-4213-b192-1b4ca2d88793", - "panelRefName": "panel_11", - "version": "7.8.0" - } - ], - "timeRestore": false, - "title": "[Filebeat Pensando] DFW Overview", - "version": 1 - }, - "id": "2713ee40-f3b1-11ea-ba07-c1efedbf0bf9", - "migrationVersion": { - "dashboard": "7.3.0" - }, - "references": [ - { - "id": "a73c8dc0-cc8d-11ea-918e-c778f7abe5d7", - "name": "panel_0", - "type": "visualization" - }, - { - "id": "39e26d70-cc4d-11ea-918e-c778f7abe5d7", - "name": "panel_1", - "type": "visualization" - }, - { - "id": "bc6a36b0-cdba-11ea-a0ef-8f5241e594be", - "name": "panel_2", - "type": "visualization" - }, - { - "id": "fa745d10-cc88-11ea-918e-c778f7abe5d7", - "name": "panel_3", - "type": "visualization" - }, - { - "id": "1d2d5f00-cc89-11ea-918e-c778f7abe5d7", - "name": "panel_4", - "type": "visualization" - }, - { - "id": "bf9d4650-cc8a-11ea-918e-c778f7abe5d7", - "name": "panel_5", - "type": "visualization" - }, - { - "id": "07983660-cd38-11ea-a0ef-8f5241e594be", - "name": "panel_6", - "type": "visualization" - }, - { - "id": "fd2202d0-cc86-11ea-918e-c778f7abe5d7", - "name": "panel_7", - "type": "visualization" - }, - { - "id": "2aa5d850-cc85-11ea-918e-c778f7abe5d7", - "name": "panel_8", - "type": "visualization" - }, - { - "id": "b8bfd3e0-e8b7-11ea-ba07-c1efedbf0bf9", - "name": "panel_9", - "type": "visualization" - }, - { - "id": "c6188140-cdb9-11ea-a0ef-8f5241e594be", - "name": "panel_10", - "type": "visualization" - }, - { - "id": "0583e120-cc8f-11ea-918e-c778f7abe5d7", - "name": "panel_11", - "type": "visualization" - } - ], - "type": "dashboard", - "updated_at": "2020-09-10T22:32:33.177Z", - "version": "WzI1NjMsMTFd" - }, - { - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Client/Server - input list [Filebeat Pensando]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "params": { - "controls": [ - { - "fieldName": "client.ip", - "id": "1595471403191", - "indexPatternRefName": "control_0_index_pattern", - "label": "Client", - "options": { - "dynamicOptions": true, - "multiselect": false, - "order": "desc", - "size": 500, - "type": "terms" - }, - "parent": "", - "type": "list" - }, - { - "fieldName": "server.ip", - "id": "1595471807689", - "indexPatternRefName": "control_1_index_pattern", - "label": "Server", - "options": { - "dynamicOptions": true, - "multiselect": false, - "order": "desc", - "size": 500, - "type": "terms" - }, - "parent": "", - "type": "list" - }, - { - "fieldName": "log.source.address", - "id": "1595471848091", - "indexPatternRefName": "control_2_index_pattern", - "label": "DSC", - "options": { - "dynamicOptions": false, - "multiselect": false, - "order": "desc", - "size": 500, - "type": "terms" - }, - "parent": "", - "type": "list" - } - ], - "pinFilters": true, - "updateFiltersOnChange": true, - "useTimeFilter": true - }, - "title": "Client/Server - input list [Filebeat Pensando]", - "type": "input_control_vis" - } - }, - "id": "a73c8dc0-cc8d-11ea-918e-c778f7abe5d7", - "migrationVersion": { - "visualization": "7.8.0" - }, - "references": [ - { - "id": "filebeat-*", - "name": "control_0_index_pattern", - "type": "index-pattern" - }, - { - "id": "filebeat-*", - "name": "control_1_index_pattern", - "type": "index-pattern" - }, - { - "id": "filebeat-*", - "name": "control_2_index_pattern", - "type": "index-pattern" - } - ], - "type": "visualization", - "updated_at": "2020-09-10T21:58:28.390Z", - "version": "WzI0OTMsMTFd" - }, - { - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": { - "match_all": {} - } - } - } - }, - "title": "Logo [Filebeat Pensando]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "params": { - "fontSize": 8, - "markdown": "[![Pensando]()](https://pensando.io)", - "openLinksInNewTab": true - }, - "title": "Logo [Filebeat Pensando]", - "type": "markdown" - } - }, - "id": "39e26d70-cc4d-11ea-918e-c778f7abe5d7", - "migrationVersion": { - "visualization": "7.8.0" - }, - "references": [], - "type": "visualization", - "updated_at": "2020-09-10T22:03:40.485Z", - "version": "WzI1MDIsMTFd" - }, - { - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Active Workload Count [Filebeat Pensando]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Active Workloads", - "field": "client.ip" - }, - "schema": "metric", - "type": "cardinality" - } - ], - "params": { - "addLegend": false, - "addTooltip": true, - "metric": { - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 10000 - } - ], - "invertColors": false, - "labels": { - "show": false - }, - "metricColorMode": "None", - "percentageMode": false, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": 36, - "labelColor": false, - "subText": "" - }, - "useRanges": false - }, - "type": "metric" - }, - "title": "Active Workload Count [Filebeat Pensando]", - "type": "metric" - } - }, - "id": "bc6a36b0-cdba-11ea-a0ef-8f5241e594be", - "migrationVersion": { - "visualization": "7.8.0" - }, - "references": [ - { - "id": "filebeat-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization", - "updated_at": "2020-09-10T22:32:05.773Z", - "version": "WzI1NjIsMTFd" - }, - { - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "DFW Allowed Count [Filebeat Pensando]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "", - "exclude": "denied", - "field": "event.action", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "group", - "type": "terms" - } - ], - "params": { - "addLegend": false, - "addTooltip": true, - "metric": { - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 10000 - } - ], - "invertColors": false, - "labels": { - "show": false - }, - "metricColorMode": "None", - "percentageMode": false, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": 30, - "labelColor": false, - "subText": "" - }, - "useRanges": false - }, - "type": "metric" - }, - "title": "DFW Allowed Count [Filebeat Pensando]", - "type": "metric" - } - }, - "id": "fa745d10-cc88-11ea-918e-c778f7abe5d7", - "migrationVersion": { - "visualization": "7.8.0" - }, - "references": [ - { - "id": "filebeat-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization", - "updated_at": "2020-09-10T21:55:19.408Z", - "version": "WzI0ODQsMTFd" - }, - { - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "DFW Denied Count [Filebeat Pensando]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "packet count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "", - "exclude": "allowed", - "field": "event.action", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "group", - "type": "terms" - } - ], - "params": { - "addLegend": false, - "addTooltip": true, - "metric": { - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 10000 - } - ], - "invertColors": false, - "labels": { - "show": false - }, - "metricColorMode": "None", - "percentageMode": false, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": 30, - "labelColor": false, - "subText": "" - }, - "useRanges": false - }, - "type": "metric" - }, - "title": "DFW Denied Count [Filebeat Pensando]", - "type": "metric" - } - }, - "id": "1d2d5f00-cc89-11ea-918e-c778f7abe5d7", - "migrationVersion": { - "visualization": "7.8.0" - }, - "references": [ - { - "id": "filebeat-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization", - "updated_at": "2020-09-10T22:21:26.142Z", - "version": "WzI1NDAsMTFd" - }, - { - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": "Denied Destination IPs", - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "event.action", - "negate": false, - "params": { - "query": "denied" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "event.action": "denied" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "event.action: \"denied\" " - } - } - }, - "title": "Denied Destination IPs [Filebeat Pensando]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "server.ip", - "json": "", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 25 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "maxFontSize": 36, - "minFontSize": 14, - "orientation": "single", - "scale": "linear", - "showLabel": false - }, - "title": "Denied Destination IPs [Filebeat Pensando]", - "type": "tagcloud" - } - }, - "id": "bf9d4650-cc8a-11ea-918e-c778f7abe5d7", - "migrationVersion": { - "visualization": "7.8.0" - }, - "references": [ - { - "id": "filebeat-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "filebeat-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization", - "updated_at": "2020-09-10T21:57:10.267Z", - "version": "WzI0ODgsMTFd" - }, - { - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Traffic by Workload Pie [Filebeat Pensando]", - "uiStateJSON": { - "vis": { - "legendOpen": false - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "client.ip", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 25 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "isDonut": false, - "labels": { - "last_level": true, - "show": false, - "truncate": 100, - "values": true - }, - "legendPosition": "right", - "type": "pie" - }, - "title": "Traffic by Workload Pie [Filebeat Pensando]", - "type": "pie" - } - }, - "id": "07983660-cd38-11ea-a0ef-8f5241e594be", - "migrationVersion": { - "visualization": "7.8.0" - }, - "references": [ - { - "id": "filebeat-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization", - "updated_at": "2020-09-10T21:57:31.753Z", - "version": "WzI0ODksMTFd" - }, - { - "attributes": { - "description": "Inner ring is client IP, middle ring is server IP and the outer ring is Allow vs Deny actions performed by the FW", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Client to Server FW Action [Filebeat Pensando]", - "uiStateJSON": { - "vis": { - "legendOpen": false - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "client.ip", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 100 - }, - "schema": "segment", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "server.ip", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - }, - { - "enabled": true, - "id": "4", - "params": { - "field": "event.action", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "isDonut": true, - "labels": { - "last_level": true, - "show": false, - "truncate": 100, - "values": false - }, - "legendPosition": "right", - "type": "pie" - }, - "title": "Client to Server FW Action [Filebeat Pensando]", - "type": "pie" - } - }, - "id": "fd2202d0-cc86-11ea-918e-c778f7abe5d7", - "migrationVersion": { - "visualization": "7.8.0" - }, - "references": [ - { - "id": "filebeat-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization", - "updated_at": "2020-09-10T21:56:22.329Z", - "version": "WzI0ODYsMTFd" - }, - { - "attributes": { - "description": "Firewall denies and allows plotted against each other in time series", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "DFW Deny vs Allow [Filebeat Pensando]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "params": { - "axis_formatter": "number", - "axis_position": "left", - "axis_scale": "normal", - "default_index_pattern": "filebeat-*", - "default_timefield": "@timestamp", - "filter": { - "language": "kuery", - "query": "event.dataset:\"pensando.dfw\" " - }, - "id": "61ca57f0-469d-11e7-af02-69e470af7417", - "index_pattern": "filebeat-*", - "interval": "", - "isModelInvalid": false, - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "#68BC00", - "fill": 0.5, - "filter": { - "language": "kuery", - "query": "pensando.dfw.action : \"allow\" " - }, - "formatter": "number", - "id": "61ca57f1-469d-11e7-af02-69e470af7417", - "line_width": 1, - "metrics": [ - { - "id": "61ca57f2-469d-11e7-af02-69e470af7417", - "type": "count" - } - ], - "point_size": 1, - "separate_axis": 0, - "split_color_mode": "kibana", - "split_mode": "terms", - "stacked": "none", - "terms_field": "pensando.dfw.action" - }, - { - "axis_position": "right", - "chart_type": "line", - "color": "rgba(150,10,3,1)", - "fill": 0.5, - "filter": { - "language": "kuery", - "query": "pensando.dfw.action : \"deny\" " - }, - "formatter": "number", - "id": "b6c562c0-cc84-11ea-a4da-c770c13b4387", - "line_width": 1, - "metrics": [ - { - "id": "b6c562c1-cc84-11ea-a4da-c770c13b4387", - "type": "count" - } - ], - "point_size": 1, - "separate_axis": 0, - "split_mode": "terms", - "stacked": "none", - "terms_field": "pensando.dfw.action" - }, - { - "axis_position": "right", - "chart_type": "line", - "color": "rgba(188,186,0,1)", - "fill": 0.5, - "filter": { - "language": "kuery", - "query": "pensando.dfw.action :\"none\" " - }, - "formatter": "number", - "id": "2dd6bef0-cd1f-11ea-98bc-ef8e168e330d", - "line_width": 1, - "metrics": [ - { - "id": "2dd6bef1-cd1f-11ea-98bc-ef8e168e330d", - "type": "count" - } - ], - "point_size": 1, - "separate_axis": 0, - "split_mode": "terms", - "stacked": "none", - "terms_field": "pensando.dfw.action" - } - ], - "show_grid": 1, - "show_legend": 1, - "time_field": "@timestamp", - "type": "timeseries" - }, - "title": "DFW Deny vs Allow [Filebeat Pensando]", - "type": "metrics" - } - }, - "id": "2aa5d850-cc85-11ea-918e-c778f7abe5d7", - "migrationVersion": { - "visualization": "7.8.0" - }, - "references": [], - "type": "visualization", - "updated_at": "2020-09-10T21:54:41.152Z", - "version": "WzI0ODAsMTFd" - }, - { - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Top Destination IPs [Filebeat Pensando]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "destination.ip", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": true, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "isDonut": false, - "labels": { - "last_level": true, - "show": false, - "truncate": 100, - "values": true - }, - "legendPosition": "right", - "type": "pie" - }, - "title": "Top Destination IPs [Filebeat Pensando]", - "type": "pie" - } - }, - "id": "b8bfd3e0-e8b7-11ea-ba07-c1efedbf0bf9", - "migrationVersion": { - "visualization": "7.8.0" - }, - "references": [ - { - "id": "0d0216f0-2fe0-11e7-9d02-3f49bde5c1d5", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization", - "updated_at": "2020-09-10T21:59:43.129Z", - "version": "WzI0OTYsMTFd" - }, - { - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Destination Port by DSC Pie [Filebeat Pensando]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "destination.port", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": true, - "otherBucketLabel": "Other", - "size": 25 - }, - "schema": "segment", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "log.source.address", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "isDonut": true, - "labels": { - "last_level": true, - "show": false, - "truncate": 100, - "values": true - }, - "legendPosition": "right", - "type": "pie" - }, - "title": "Destination Port by DSC Pie [Filebeat Pensando]", - "type": "pie" - } - }, - "id": "c6188140-cdb9-11ea-a0ef-8f5241e594be", - "migrationVersion": { - "visualization": "7.8.0" - }, - "references": [ - { - "id": "filebeat-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization", - "updated_at": "2020-09-10T21:58:55.571Z", - "version": "WzI0OTQsMTFd" - }, - { - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Top Destinations - table [Filebeat Pensando]", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Network Packets" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Top Servers", - "field": "server.ip", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 300 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": true, - "showPartialRows": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Top Destinations - table [Filebeat Pensando]", - "type": "table" - } - }, - "id": "0583e120-cc8f-11ea-918e-c778f7abe5d7", - "migrationVersion": { - "visualization": "7.8.0" - }, - "references": [ - { - "id": "filebeat-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization", - "updated_at": "2020-09-10T22:27:54.232Z", - "version": "WzI1NTAsMTFd" - }, - { - "attributes": { - "columns": [ - "host.name", - "source.domain", - "flow.src_port_name", - "destination.domain", - "flow.dst_port_name", - "network.bytes", - "network.packets" - ], - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "highlightAll": true, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - }, - "version": true - } - }, - "sort": [ - [ - "@timestamp", - "desc" - ] - ], - "title": "ElastiFlow: Flow Records (src/dst) - search", - "version": 1 - }, - "id": "0d0216f0-2fe0-11e7-9d02-3f49bde5c1d5", - "migrationVersion": { - "search": "7.4.0" - }, - "references": [ - { - "id": "elastiflow-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "search", - "updated_at": "2020-07-20T18:19:27.998Z", - "version": "WzEwMiwxXQ==" - } - ], - "version": "7.8.0" -} From 8e55c3587145e92fcb8fc4aca364bfc39bec7889 Mon Sep 17 00:00:00 2001 From: Edward Arcuri Date: Mon, 1 Feb 2021 14:25:41 -0700 Subject: [PATCH 31/35] ran tests --- .../pensando/dfw/test/test.log-expected.json | 115 +++++++++++------- 1 file changed, 68 insertions(+), 47 deletions(-) diff --git a/filebeat/module/pensando/dfw/test/test.log-expected.json b/filebeat/module/pensando/dfw/test/test.log-expected.json index 4575c8476c41..1d6e9d7f9e80 100644 --- a/filebeat/module/pensando/dfw/test/test.log-expected.json +++ b/filebeat/module/pensando/dfw/test/test.log-expected.json @@ -1,15 +1,18 @@ [ { - "@timestamp": "2020-04-22T17:24:31.105Z", - "destination.address": "172.31.10.2", - "destination.port": "22", + "@timestamp": "2021-02-01T21:02:56.596Z", + "client.ip": "10.29.95.102", + "destination.address": "10.29.95.101", + "destination.port": 80, + "event.action": "allowed", "event.category": [ "network" ], "event.dataset": "pensando.dfw", "event.kind": "event", "event.module": "pensando", - "event.original": "<14>1 2020-04-22T17:24:31Z esx01-dsc pen-tmagent 1570 - [{\"action\":\"allow\",\"app-id\":\"0\",\"destination-address\":\"172.31.10.2\",\"destination-port\":22,\"direction\":\"from-uplink\",\"protocol\":\"TCP\",\"rule-id\":13571811656724295508,\"session-id\":371,\"session-state\":\"flow_delete\",\"source-address\":\"172.31.10.31\",\"source-port\":40030,\"timestamp\":\"2020-04-22T17:24:31.105391561Z\"}]", + "event.original": "<14>1 2020-12-14T18:41:01Z esx01-dsc pen-tmagent 1402 - [{\"time\":\"2020-12-14T18:41:01Z\",\"destaddr\":\"10.29.95.101\",\"destport\":80,\"srcaddr\":\"10.29.95.102\",\"srcport\":46554,\"protocol\":\"TCP\",\"action\":\"allow\",\"direction\":\"from-host\",\"rule-id\":5413257681574708646,\"session-id\":6881552,\"session-state\":\"flow_create\"}]", + "event.outcome": "success", "event.timezone": "-02:00", "event.type": [ "connection", @@ -18,35 +21,42 @@ "fileset.name": "dfw", "input.type": "log", "log.offset": 0, + "network.transport": "tcp", + "network.type": "ipv4", "observer.product": "Distributed Services Platform", "observer.type": "firewall", "observer.vendor": "Pensando Systems", "pensando.dfw.action": "allow", - "pensando.dfw.app_id": "0", - "pensando.dfw.destination_address": "172.31.10.2", - "pensando.dfw.destination_port": 22, - "pensando.dfw.direction": "from-uplink", + "pensando.dfw.destination_address": "10.29.95.101", + "pensando.dfw.destination_port": 80, + "pensando.dfw.direction": "from-host", "pensando.dfw.protocol": "TCP", - "pensando.dfw.rule_id": 13571811656724295508, - "pensando.dfw.session_id": 371, - "pensando.dfw.session_state": "flow_delete", - "pensando.dfw.source_address": "172.31.10.31", - "pensando.dfw.source_port": 40030, + "pensando.dfw.rule_id": 5413257681574708646, + "pensando.dfw.session_id": 6881552, + "pensando.dfw.session_state": "flow_create", + "pensando.dfw.source_address": "10.29.95.102", + "pensando.dfw.source_port": 46554, + "rule.id": "5413257681574708646", + "server.ip": "10.29.95.101", + "server.port": "80", "service.type": "pensando", - "source.address": "172.31.10.31", - "source.port": "40030" + "source.address": "10.29.95.102", + "source.port": 46554 }, { - "@timestamp": "2020-04-22T16:45:12.105Z", - "destination.address": "172.31.10.2", - "destination.port": "22", + "@timestamp": "2021-02-01T21:02:56.596Z", + "client.ip": "10.29.95.102", + "destination.address": "10.29.95.101", + "destination.port": 80, + "event.action": "allowed", "event.category": [ "network" ], "event.dataset": "pensando.dfw", "event.kind": "event", "event.module": "pensando", - "event.original": "<14>1 2020-04-22T16:45:12Z esx01-dsc pen-tmagent 1570 - [{\"action\":\"allow\",\"app-id\":\"0\",\"destination-address\":\"172.31.10.2\",\"destination-port\":22,\"direction\":\"from-uplink\",\"protocol\":\"TCP\",\"rule-id\":13571811656724295508,\"session-id\":265,\"session-state\":\"flow_delete\",\"source-address\":\"172.31.10.31\",\"source-port\":37428,\"timestamp\":\"2020-04-22T16:45:12.105412922Z\"}]", + "event.original": "<14>1 2020-12-14T18:41:16Z esx01-dsc pen-tmagent 1402 - [{\"time\":\"2020-12-14T18:41:16Z\",\"destaddr\":\"10.29.95.101\",\"destport\":80,\"srcaddr\":\"10.29.95.102\",\"srcport\":46594,\"protocol\":\"TCP\",\"action\":\"allow\",\"direction\":\"from-host\",\"rule-id\":5413257681574708646,\"session-id\":6881572,\"session-state\":\"flow_create\"}]", + "event.outcome": "success", "event.timezone": "-02:00", "event.type": [ "connection", @@ -54,36 +64,43 @@ ], "fileset.name": "dfw", "input.type": "log", - "log.offset": 367, + "log.offset": 311, + "network.transport": "tcp", + "network.type": "ipv4", "observer.product": "Distributed Services Platform", "observer.type": "firewall", "observer.vendor": "Pensando Systems", "pensando.dfw.action": "allow", - "pensando.dfw.app_id": "0", - "pensando.dfw.destination_address": "172.31.10.2", - "pensando.dfw.destination_port": 22, - "pensando.dfw.direction": "from-uplink", + "pensando.dfw.destination_address": "10.29.95.101", + "pensando.dfw.destination_port": 80, + "pensando.dfw.direction": "from-host", "pensando.dfw.protocol": "TCP", - "pensando.dfw.rule_id": 13571811656724295508, - "pensando.dfw.session_id": 265, - "pensando.dfw.session_state": "flow_delete", - "pensando.dfw.source_address": "172.31.10.31", - "pensando.dfw.source_port": 37428, + "pensando.dfw.rule_id": 5413257681574708646, + "pensando.dfw.session_id": 6881572, + "pensando.dfw.session_state": "flow_create", + "pensando.dfw.source_address": "10.29.95.102", + "pensando.dfw.source_port": 46594, + "rule.id": "5413257681574708646", + "server.ip": "10.29.95.101", + "server.port": "80", "service.type": "pensando", - "source.address": "172.31.10.31", - "source.port": "37428" + "source.address": "10.29.95.102", + "source.port": 46594 }, { - "@timestamp": "2020-04-22T14:58:42.105Z", - "destination.address": "1.1.1.1", - "destination.port": "53", + "@timestamp": "2021-02-01T21:02:56.597Z", + "client.ip": "10.29.95.102", + "destination.address": "10.29.95.101", + "destination.port": 80, + "event.action": "allowed", "event.category": [ "network" ], "event.dataset": "pensando.dfw", "event.kind": "event", "event.module": "pensando", - "event.original": "<14>1 2020-04-22T14:58:42Z esx01-dsc pen-tmagent 1570 - [{\"action\":\"allow\",\"app-id\":\"0\",\"destination-address\":\"1.1.1.1\",\"destination-port\":53,\"direction\":\"from-host\",\"protocol\":\"UDP\",\"rule-id\":8542065728696853408,\"session-id\":390,\"session-state\":\"flow_delete\",\"source-address\":\"172.31.10.2\",\"source-port\":39465,\"timestamp\":\"2020-04-22T14:58:42.105387971Z\"}]", + "event.original": "<14>1 2020-12-14T18:41:16Z esx01-dsc pen-tmagent 1402 - [{\"time\":\"2020-12-14T18:41:16Z\",\"destaddr\":\"10.29.95.101\",\"destport\":80,\"srcaddr\":\"10.29.95.102\",\"srcport\":46582,\"protocol\":\"TCP\",\"action\":\"allow\",\"direction\":\"from-host\",\"rule-id\":5413257681574708646,\"session-id\":6881566,\"session-state\":\"flow_create\"}]", + "event.outcome": "success", "event.timezone": "-02:00", "event.type": [ "connection", @@ -91,23 +108,27 @@ ], "fileset.name": "dfw", "input.type": "log", - "log.offset": 734, + "log.offset": 622, + "network.transport": "tcp", + "network.type": "ipv4", "observer.product": "Distributed Services Platform", "observer.type": "firewall", "observer.vendor": "Pensando Systems", "pensando.dfw.action": "allow", - "pensando.dfw.app_id": "0", - "pensando.dfw.destination_address": "1.1.1.1", - "pensando.dfw.destination_port": 53, + "pensando.dfw.destination_address": "10.29.95.101", + "pensando.dfw.destination_port": 80, "pensando.dfw.direction": "from-host", - "pensando.dfw.protocol": "UDP", - "pensando.dfw.rule_id": 8542065728696853408, - "pensando.dfw.session_id": 390, - "pensando.dfw.session_state": "flow_delete", - "pensando.dfw.source_address": "172.31.10.2", - "pensando.dfw.source_port": 39465, + "pensando.dfw.protocol": "TCP", + "pensando.dfw.rule_id": 5413257681574708646, + "pensando.dfw.session_id": 6881566, + "pensando.dfw.session_state": "flow_create", + "pensando.dfw.source_address": "10.29.95.102", + "pensando.dfw.source_port": 46582, + "rule.id": "5413257681574708646", + "server.ip": "10.29.95.101", + "server.port": "80", "service.type": "pensando", - "source.address": "172.31.10.2", - "source.port": "39465" + "source.address": "10.29.95.102", + "source.port": 46582 } ] \ No newline at end of file From f29d158d5cf5f94d5770a5ccbcaae256b0bedf84 Mon Sep 17 00:00:00 2001 From: Edward Arcuri <7133080+punisherVX@users.noreply.github.com> Date: Tue, 9 Feb 2021 07:36:48 -0700 Subject: [PATCH 32/35] Update filebeat/module/pensando/dfw/ingest/pipeline.yml Co-authored-by: Marc Guasch --- filebeat/module/pensando/dfw/ingest/pipeline.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/filebeat/module/pensando/dfw/ingest/pipeline.yml b/filebeat/module/pensando/dfw/ingest/pipeline.yml index 0f72babbd0d0..c8d1d57792fa 100644 --- a/filebeat/module/pensando/dfw/ingest/pipeline.yml +++ b/filebeat/module/pensando/dfw/ingest/pipeline.yml @@ -18,7 +18,7 @@ processors: field: [syslog5424_sd,syslog5424_app,syslog5424_host,syslog5424_msgid,syslog5424_pri,syslog5424_proc,syslog5424_ver,host] ignore_missing: true - date: - field: json.timestamp + field: json.time target_field: '@timestamp' ignore_failure: true formats: From ee1b59f99730e6479ff37dd5a333d662f0bab04a Mon Sep 17 00:00:00 2001 From: Edward Arcuri Date: Tue, 9 Feb 2021 08:17:47 -0700 Subject: [PATCH 33/35] gen after run of 'mage -v pythonIntegTest' --- filebeat/module/pensando/dfw/test/test.log-expected.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/filebeat/module/pensando/dfw/test/test.log-expected.json b/filebeat/module/pensando/dfw/test/test.log-expected.json index 1d6e9d7f9e80..d43ffdea29c5 100644 --- a/filebeat/module/pensando/dfw/test/test.log-expected.json +++ b/filebeat/module/pensando/dfw/test/test.log-expected.json @@ -1,6 +1,6 @@ [ { - "@timestamp": "2021-02-01T21:02:56.596Z", + "@timestamp": "2020-12-14T18:41:01.000Z", "client.ip": "10.29.95.102", "destination.address": "10.29.95.101", "destination.port": 80, @@ -44,7 +44,7 @@ "source.port": 46554 }, { - "@timestamp": "2021-02-01T21:02:56.596Z", + "@timestamp": "2020-12-14T18:41:16.000Z", "client.ip": "10.29.95.102", "destination.address": "10.29.95.101", "destination.port": 80, @@ -88,7 +88,7 @@ "source.port": 46594 }, { - "@timestamp": "2021-02-01T21:02:56.597Z", + "@timestamp": "2020-12-14T18:41:16.000Z", "client.ip": "10.29.95.102", "destination.address": "10.29.95.101", "destination.port": 80, From 0a619b9c670384d33954d65a8f3ad0ee7254c8af Mon Sep 17 00:00:00 2001 From: Edward Arcuri <7133080+punisherVX@users.noreply.github.com> Date: Thu, 11 Feb 2021 19:29:11 -0700 Subject: [PATCH 34/35] Update fields.yml --- filebeat/module/pensando/dfw/_meta/fields.yml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/filebeat/module/pensando/dfw/_meta/fields.yml b/filebeat/module/pensando/dfw/_meta/fields.yml index a5735c21e7b4..72422c321214 100644 --- a/filebeat/module/pensando/dfw/_meta/fields.yml +++ b/filebeat/module/pensando/dfw/_meta/fields.yml @@ -1,7 +1,3 @@ -- name: payload_raw - description: Please add description - example: Please add example - type: text - name: dfw type: group release: beta From 494e8cc026f5bb7ef37692aad1b9d422e4efa877 Mon Sep 17 00:00:00 2001 From: Edward Arcuri Date: Fri, 12 Feb 2021 06:21:56 -0700 Subject: [PATCH 35/35] mage fmt update request --- filebeat/docs/fields.asciidoc | 11 ----------- filebeat/module/pensando/fields.go | 2 +- 2 files changed, 1 insertion(+), 12 deletions(-) diff --git a/filebeat/docs/fields.asciidoc b/filebeat/docs/fields.asciidoc index 583ac51cbd06..83c40fcffa09 100644 --- a/filebeat/docs/fields.asciidoc +++ b/filebeat/docs/fields.asciidoc @@ -105583,17 +105583,6 @@ Fields from Pensando logs. -*`pensando.payload_raw`*:: -+ --- -Please add description - -type: text - -example: Please add example - --- - [float] === dfw diff --git a/filebeat/module/pensando/fields.go b/filebeat/module/pensando/fields.go index 025c82db1895..e791a74dfa93 100644 --- a/filebeat/module/pensando/fields.go +++ b/filebeat/module/pensando/fields.go @@ -32,5 +32,5 @@ func init() { // AssetPensando returns asset data. // This is the base64 encoded gzipped contents of module/pensando. func AssetPensando() string { - return "eJy0k8GK2zAQhu9+inmBzQP4sFAICz0UQrfQo5la40Ss7BHSGG/evkhRbMWxySZNdZRG///NL80LfNCxBEudx05xASBaDJWwSztQACjytdNWNHclvBYAMF6AH6x6QwVAo8koX8bTF+iwpQvZsORoqYS9496mnQXlsN6iFjSO2wnE8N5vUkludmGIR8OoKofDeDZz2RlCT4BK5ftZNX1ia2MEU2Xay6pOvQh9yhWEaga4qsy7DstRVC/hDwlesDbYG6lihyU0aDyttfKaHYyZsZsi2779zkrmoeXMWM9SmMg/6DiwU7OzdZC4vkU94A7kQNAYHjawbGxtpefiJ2PdCe3JwZ3O1hpdY7T/vl02VeRFd7GmQqUceT93uej9XoQkyU3utBJAzmLZyTLIY1nsgt7XKLSj05M97w9sR01uxm+wbG8dC9dsnui+O0veNHe9oUpfPfK//ICfvaHw++SAAgN6aFHqA6mV9D15H95/DeKx138/qQaOmxmcCbyg0BODODNE3RxjLQnuXU3/YyjfozLgNJtfQ3n2TCYOm0bzBoTolrxga5cRVEj1Pv9fo2JyN7zfQPE3AAD//3eQEuo=" + return "eJy0k92qnDAQx+99inmBsw/gRaGwHOhFYekp9FJSM3HDiU5IRmTfviSrbrSR/aidy5n4//+cjzf4xEsJFjsvOkkFAGs2WMJpzEABINHXTlvW1JXwpQCA+QP4TrI3WAAojUb6MlbfoBMtLmRD8MViCY2j3o6ZjHKI96gFylF7AzHU+MP4JDVLDaUaYE7mDEM4NCg8lvAbWSR5iUr0hqsoXoISxuOinGVNcMndaI/vv5Ina96UWdRBclGayD/xMpCTq9o2SIyvUQ+oAz4jKEPDAfLG1lZ6LX411h1jgw6edLbW6FpE+2/HvKlEz7qLbyohpUPv1y6Lf38WYZQklTptNCBlseQ4D/JaL05B7zEK7fA6sv124DhrkprXIG9vHTHVZHZ0P02Sd81db7DSfw35XzbgR28wbB+fBcMgPLSC6zPKje579D7Mfwvitel/XFUDx90eTASeBeOOjZgYom6KsdUJ6l2N/+MoP6IyiNttPoay902OHHY8zTsQrFv0LFqbR5Chq8/5/5wVR3dDzQGKPwEAAP//dBvr3Q==" }