From 758e83045c885f70e8cbe43eec6b6245f412f577 Mon Sep 17 00:00:00 2001 From: Lee Hinman <57081003+leehinman@users.noreply.github.com> Date: Thu, 10 Dec 2020 14:42:09 -0600 Subject: [PATCH] [Filebeat] AWS CloudTrail preserve eventCategory (#22805) (#23051) * AWS CloudTrail preserve eventCategory - map to aws.cloudtrail.event_category Closes #22776 (cherry picked from commit 971b95b2cfe261d599dd33a7d191c23901fd0b04) --- CHANGELOG.next.asciidoc | 1 + filebeat/docs/fields.asciidoc | 13 +++++++ .../module/aws/cloudtrail/_meta/fields.yml | 8 ++++ .../module/aws/cloudtrail/ingest/pipeline.yml | 7 ++-- .../describe_configuration_recorders-json.log | 1 + ...iguration_recorders-json.log-expected.json | 39 +++++++++++++++++++ .../test/insight-json.log-expected.json | 2 +- x-pack/filebeat/module/aws/fields.go | 2 +- 8 files changed, 67 insertions(+), 6 deletions(-) create mode 100644 x-pack/filebeat/module/aws/cloudtrail/test/describe_configuration_recorders-json.log create mode 100644 x-pack/filebeat/module/aws/cloudtrail/test/describe_configuration_recorders-json.log-expected.json diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index 5471790c7510..970568b1a299 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -497,6 +497,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d - Add `event.category` "configuration" to zoom module events. {pull}23010[23010] - Add `network.direction` to auditd/log fileset. {pull}23041[23041] - Add logic for external network.direction in sophos xg fileset {pull}22973[22973] +- Preserve AWS CloudTrail eventCategory in aws.cloudtrail.event_category. {issue}22776[22776] {pull}22805[22805] - Add top_level_domain enrichment for suricata/eve fileset. {pull}23046[23046] - Add top_level_domain enrichment for zeek/dns fileset. {pull}23046[23046] diff --git a/filebeat/docs/fields.asciidoc b/filebeat/docs/fields.asciidoc index 5b3baca7f99d..eab7d8d3d47a 100644 --- a/filebeat/docs/fields.asciidoc +++ b/filebeat/docs/fields.asciidoc @@ -1369,6 +1369,19 @@ type: keyword -- +*`aws.cloudtrail.event_category`*:: ++ +-- +Shows the event category that is used in LookupEvents calls. + + - For management events, the value is management. + - For data events, the value is data. + - For Insights events, the value is insight. + +type: keyword + +-- + [float] === console_login diff --git a/x-pack/filebeat/module/aws/cloudtrail/_meta/fields.yml b/x-pack/filebeat/module/aws/cloudtrail/_meta/fields.yml index 155908315e9e..230268476feb 100644 --- a/x-pack/filebeat/module/aws/cloudtrail/_meta/fields.yml +++ b/x-pack/filebeat/module/aws/cloudtrail/_meta/fields.yml @@ -176,6 +176,14 @@ description: >- Identifies the VPC endpoint in which requests were made from a VPC to another AWS service, such as Amazon S3. + - name: event_category + type: keyword + description: |- + Shows the event category that is used in LookupEvents calls. + + - For management events, the value is management. + - For data events, the value is data. + - For Insights events, the value is insight. - name: console_login type: group description: >- diff --git a/x-pack/filebeat/module/aws/cloudtrail/ingest/pipeline.yml b/x-pack/filebeat/module/aws/cloudtrail/ingest/pipeline.yml index 8ceec6ff1009..3dd78f82c6db 100644 --- a/x-pack/filebeat/module/aws/cloudtrail/ingest/pipeline.yml +++ b/x-pack/filebeat/module/aws/cloudtrail/ingest/pipeline.yml @@ -91,11 +91,10 @@ processors: value: "{{json.eventName}}" ignore_failure: true ignore_empty_value: true - - set: - field: "event.action" - value: "{{json.eventCategory}}" + - rename: + field: "json.eventCategory" + target_field: "aws.cloudtrail.event_category" ignore_failure: true - ignore_empty_value: true - rename: field: "json.awsRegion" target_field: "cloud.region" diff --git a/x-pack/filebeat/module/aws/cloudtrail/test/describe_configuration_recorders-json.log b/x-pack/filebeat/module/aws/cloudtrail/test/describe_configuration_recorders-json.log new file mode 100644 index 000000000000..318d53c1e5c3 --- /dev/null +++ b/x-pack/filebeat/module/aws/cloudtrail/test/describe_configuration_recorders-json.log @@ -0,0 +1 @@ +{"awsRegion":"us-east-1","eventCategory":"Management","eventID":"REDACTED","eventName":"DescribeConfigurationRecorders","eventSource":"config.amazonaws.com","eventTime":"2014-03-25T21:08:19Z","eventType":"AwsApiCall","eventVersion":"1.07","managementEvent":true,"readOnly":true,"recipientAccountId":"REDACTED","requestID":"REDACTED","requestParameters":null,"responseElements":null,"sourceIPAddress":"REDACTED","userAgent":"REDACTED","userIdentity":{"accessKeyId":"REDACTED","accountId":"REDACTED","arn":"arn:aws:iam::REDACTED:user/REDACTED","principalId":"REDACTED","sessionContext":{"attributes":{"creationDate":"REDACTED","mfaAuthenticated":"true"},"sessionIssuer":{},"webIdFederationData":{}},"type":"IAMUser","userName":"REDACTED"}} diff --git a/x-pack/filebeat/module/aws/cloudtrail/test/describe_configuration_recorders-json.log-expected.json b/x-pack/filebeat/module/aws/cloudtrail/test/describe_configuration_recorders-json.log-expected.json new file mode 100644 index 000000000000..ae3605a03a0a --- /dev/null +++ b/x-pack/filebeat/module/aws/cloudtrail/test/describe_configuration_recorders-json.log-expected.json @@ -0,0 +1,39 @@ +[ + { + "@timestamp": "2014-03-25T21:08:19.000Z", + "aws.cloudtrail.event_category": "Management", + "aws.cloudtrail.event_type": "AwsApiCall", + "aws.cloudtrail.event_version": "1.07", + "aws.cloudtrail.management_event": true, + "aws.cloudtrail.read_only": true, + "aws.cloudtrail.recipient_account_id": "REDACTED", + "aws.cloudtrail.user_identity.access_key_id": "REDACTED", + "aws.cloudtrail.user_identity.arn": "arn:aws:iam::REDACTED:user/REDACTED", + "aws.cloudtrail.user_identity.session_context.mfa_authenticated": "true", + "aws.cloudtrail.user_identity.type": "IAMUser", + "cloud.account.id": "REDACTED", + "cloud.region": "us-east-1", + "event.action": "DescribeConfigurationRecorders", + "event.dataset": "aws.cloudtrail", + "event.id": "REDACTED", + "event.kind": "event", + "event.module": "aws", + "event.original": "{\"awsRegion\":\"us-east-1\",\"eventCategory\":\"Management\",\"eventID\":\"REDACTED\",\"eventName\":\"DescribeConfigurationRecorders\",\"eventSource\":\"config.amazonaws.com\",\"eventTime\":\"2014-03-25T21:08:19Z\",\"eventType\":\"AwsApiCall\",\"eventVersion\":\"1.07\",\"managementEvent\":true,\"readOnly\":true,\"recipientAccountId\":\"REDACTED\",\"requestID\":\"REDACTED\",\"requestParameters\":null,\"responseElements\":null,\"sourceIPAddress\":\"REDACTED\",\"userAgent\":\"REDACTED\",\"userIdentity\":{\"accessKeyId\":\"REDACTED\",\"accountId\":\"REDACTED\",\"arn\":\"arn:aws:iam::REDACTED:user/REDACTED\",\"principalId\":\"REDACTED\",\"sessionContext\":{\"attributes\":{\"creationDate\":\"REDACTED\",\"mfaAuthenticated\":\"true\"},\"sessionIssuer\":{},\"webIdFederationData\":{}},\"type\":\"IAMUser\",\"userName\":\"REDACTED\"}}", + "event.outcome": "success", + "event.provider": "config.amazonaws.com", + "event.type": "info", + "fileset.name": "cloudtrail", + "input.type": "log", + "log.offset": 0, + "service.type": "aws", + "source.address": "REDACTED", + "tags": [ + "forwarded" + ], + "user.id": "REDACTED", + "user.name": "REDACTED", + "user_agent.device.name": "Other", + "user_agent.name": "Other", + "user_agent.original": "REDACTED" + } +] \ No newline at end of file diff --git a/x-pack/filebeat/module/aws/cloudtrail/test/insight-json.log-expected.json b/x-pack/filebeat/module/aws/cloudtrail/test/insight-json.log-expected.json index 2bfe4bedd302..a0e1ac2ea5ad 100644 --- a/x-pack/filebeat/module/aws/cloudtrail/test/insight-json.log-expected.json +++ b/x-pack/filebeat/module/aws/cloudtrail/test/insight-json.log-expected.json @@ -1,6 +1,7 @@ [ { "@timestamp": "2020-09-09T23:00:00.000Z", + "aws.cloudtrail.event_category": "Insight", "aws.cloudtrail.event_type": "AwsCloudTrailInsight", "aws.cloudtrail.event_version": "1.07", "aws.cloudtrail.insight_details.eventName": "AttachUserPolicy", @@ -45,7 +46,6 @@ "aws.cloudtrail.insight_details.state": "End", "aws.cloudtrail.recipient_account_id": "123456789012", "cloud.region": "us-east-1", - "event.action": "Insight", "event.dataset": "aws.cloudtrail", "event.id": "41ed77ca-d659-b45a-8e9a-74e504300007", "event.kind": "event", diff --git a/x-pack/filebeat/module/aws/fields.go b/x-pack/filebeat/module/aws/fields.go index e8968b65e8e1..18b5652f8046 100644 --- a/x-pack/filebeat/module/aws/fields.go +++ b/x-pack/filebeat/module/aws/fields.go @@ -19,5 +19,5 @@ func init() { // AssetAws returns asset data. // This is the base64 encoded gzipped contents of module/aws. func AssetAws() string { - return "eJzcXN9z47Zzf7+/Yicv8c1I7nwvmU7HnXRG53MaNc7FtXxJ+8RA5IpCDQEMAEqn/PWdBcAfEkFJtqi7zFcPd7JIAp9d7G8sOIZn3N4A25g3AJZbgTcw+X32BkCjQGbwBuZo2RuADE2qeWG5kjfwH28AAH5RWSkQFkrDkslMcJmDULmBhVYrGub6DcCCo8jMjXtgDJKtsJqOPnZb4A3kWpVF+CUyD31+dMPUI7t5rsPV9hTtaVKhysxqxkV9KTYjffaprT4ZLlgpbOKmuIEFEwZ3LkfBtgEr7fDeEpYnwrIDPQa/TQKuUdpkjdpwJXfuqCh5xu1G6Wzv2gFg9HlaYhtRGB/UAuwSCaCfmNCvmL2OQisN6oRnKC232yi0fSZ3gY2jyGjkaRgYUOCKoKRKWsalgQwt48IAm6vSOrw0G6hFZ6zp5BeoAIJdMgsrlqF7ROOfJRo7AiYz2Cx5uoRUo7uXCQMb1NgZrjSYXcN0ARZXhdJMbzvPuHtGboYKt1mqjYGl2tCvnTE7A6g5UYnZ9d6tMSFprwbxoHPxsIx0lyNyg1+RwGFHWM+St7Rb70vqy5F0BaOCMlmxv5SERzSq1CnCR7ZCuJo8fnxbASw0lykvmNhb85QJsc/WFuo0RWOSZ9wmPIZvKPx+HhoIph88wg0zTnDAKjA8l20J7Qds0JDSJqQY+Nn2Qo5p4amAp4s2FgfUsXPD7bKlBgbTUsdEAnZFnNStVgxHeqHVmmdogEtva8gMNZodaIyOW7Mu1cgsZs7U2qUy2J4y8mifKrWZu1qwhJV2SaOkNHr07uNScSqjIUjHmokSgRuwmv4P7FfKOqMISjuj5r5viNTewaKWKbCoWVAmjHI83KHVLy+Ls50+v/w4gQzXPMV/B2WXqDfc4Mh7x67Atvnq1oqkNmO2D7zn6YEbXsJQGsYZectXCJsleu3qym6XY9yYsmuId+mplNDdqw8S1KeHL6FoCH2E1+tk73jBvZ3uzqrPIV2E4+6t+pyihvACPkOQnuBjgmM5LDQjMGW6PDgkM/ColB2REn8yqEek0I9K9ChNmwG1U4t7p0szgkuLWjJBPitwox1XtT1Yjv1yAruyd5zseCxxaWonjx8rKoMEXLE0VaX0S+fsr1s7rQS+PThcjD1HBOkErngwX0cUwuSeMrWR5nLSUNHL5Vo9Y5bMYxZtqMCMpqpWnTI2g5o8XF/iQMoOLBZfQBWj3t2+g0lpFcxS5pLjkAveCWYsT+E9MmksE8/xBAu1VjpJVbZv+U5P/OL5VZs6N0kdaAS/otGWWhrnGej6IXwrNIblQ0KcHgbj06vWILVB6ocaxkoKptkKLer9dTuXpc3AI2Imk9tR0AXygoZ8q/fR/ZH9qhSWJ0fzvEOhfs/FI0WMNptMoaTBJMQDQ3OpGr+ONygeZSk9Yyo9e0ZIl0zmaODKR/ajbiZeUFjnLHCGAinC84O8/RsylWUZJ3BMJK6okrGdCtO5fJ3Uw1Osy1rJky/h1BZZKktiaoO6dAaq9I3cWlinvyE3K03uuL5zZdNnXo5bvsKx4Gh29NVHhMFuzpHLvFvOYUJgBjlK1My657nxQ/fYUFffi0S3ZxnQXfxV8aYlDxXArCUoGlOlszhMVvCzi5BHcU4epnUlkhmjUt4ko+76xkwKfsuE6IzkKHgiOg/wesUky53d8Yo4pBLCe6UEMtkjRpslUprc4jY3sG8FoIXQ39XnzFiWKCniRdezl6LByg2oguSEVoQAu6nHNHVzoQ+jD5zjHuQ1heEJCG6c8arHDrU0zIDLhrUvrZxerlxZ1ygnjx+7geJJwfwQMCYhYG9St4qDFL5HqhaD1pSPsMYZp1pTdLWSvvDg9qJubtjGjIPdHTtkN+TpxvSo+7tHAlNecFL2XgafozCPWGikuM7bLtbw2Om+xhT52tlXbg4pc6DLW6Qk7G1czsbWYT9NNwIuU1FmlJpsCLXVPM9Re7cQN7K+luZlqBR/xyDWLJnGLDB00DX/z0/TDy3XOd+299CsglLyP0sU20qe29fj3Awbmm5lKP2kzMyHssGFGJ87WAUZXyxQ0x9+f3b3E+TPxIVsXaQJyqxQfGiW7InXbw+3UE1Equx31kIAFUqCLpV2ZHcdID1vFTDpqsrtRLVOuKvkevZdnNZUSaMEJkLlPB6svMb7hN1cU2DKFzwlkLd+onuaJ6zmSz3P8czgMOou8rgDaFKEO6fDHyhRoNzrOA2H6GjTslJzLrAnSNylZO5DpZ57Ti6FdyOWHWoo5XFS5pHBIWQVEU5mEqsOwh9ms+fT431nBQ4zeMGS0hzZiLoYa51dhwVLLWXszWYRWapNTxUMwp45ZKUmF9NLakXiQjBrUXZofL3a3s2aQV167MIN4rua/x+m1hGofWXPlHMv6MA0ym8tPEu1kWTFWLZmMu1kw4Oqdx/tXSqPqfh5VQA4rRLwgtLaa2jsr9IOUGg7vd41LPShql/wogrYy0LN4SgeMPCEk4LPisyM52jiyf0Znt+5ktu6oQw+uFngXuUv9fpC5cmCi05q3MCUaOIdBydle3WefK9yN0/VOtXkyZ5FByTFMm0Ty1f96V/P9vypuuBmoOX/9HTrt+Y1Sb1XgwYiEAGQKnLecUWw7JmGYb464SLk1NtzN2odgwqVg+fGkq3jIjZHlKRNfO0kcSe87+cVyuyinEKZ/VPwyXyXzMv0ObodeJEtvCpNAD8theyeRNeoUGrdLQGG2VosXTKzR+9BCn1UcUEKG6r8VK6P7CrkiqMo4dGxhPLBW900FxjSJr6fUokbcvmheH1B4a+lPqBcKeNrK1WFFNhKkVgLcSigCbl2sH6NiJ9oDpXIvg65fuIeSvvzNXg1pYXGNVelSb6Eth7W0ArKjjr2pRonaGdN2pKZZcJErjS3y9UXskY0KdSTdtsk3PU+8Y2x4gCh5Vzw1DWyLrjMUReaRy3dUHQu8TPLMOUrJgBlqjLMoDVz3ZbrcDmDReRHh1sxmy5DxFhovmYW3QN73bH8RFbQ7cyWGr/IejfL22nm7UXbdLgYni8PF4D7IvJj+GauAz3eYFvKDLXYUmgQYnBD68UkTD2irr6FCL4qx3nj5Kv5I9+ZynJ/h2WWG8tTM3J7e0RpNzjxDfiR7TFbhYmU5KDMKjk6DKxh784pkA0J1pt9jn6dUyC/E5YXnQI51GMTKZcfqRfsgqgG7zIO03dfn2N3t+/8mSIuW8BPZRwvEpZlGs3rt1Q67GvaIdFCGL3ZWHMVB9QRbor56dzML8PL+/cvErvO3trZfGu7RKFYBnMmmEyxp23rrL6IKID2QZYdAI5J63dwTz++Dz/2bKdYpnO0iVu96+728ZkQW82nfiIvJs0Ru97SVl1h4Ib8xP7G7pm4nPSEkTubnJR8Solpf0dAoZVVqdrfCDsTVDVqfE2vltYW5D5sWrw90hmoVYrGcJm7CP/aYNrjhFUndjlF7pRlok61DaZKZgYMr5Lwhnu+6uoLsNw0PC6l5QL4zp4gpfI5LYnLw1n6jLKngSdc/BuR2SKDrgSAYLkQOz+4EMCE4mnGZd7bcOJLuV+ZwrrI2167epN3h8rdtXTsEby3UaBhnadrFXdpQnXa0l5GVVUPaK2UhBUXggdiR4FaD18Vbm+lRVAqlNlPxGrLKSj/kplZsme8LB3VUaen+xnUUxKjU7UqXMV8jy5QESmt6z9oLJsLbpZ9pFXqx/cLzGdauOnDfpBRCVEj6T4lOmaBK4SF0q/vfYtbYaVtVWI4Fx2Z7Ot624lyiNKc1wQfhewHBhq4q55X7atdBfUPkD8k/bVK+8r6H73Q/4hSbIxIUl4sh3bUs9k9+HF9IsolKcG/uJ/rRegJbQjTZTw1TV976xfjSpfKoExS1PaiEZefB2gevnCnISH0efmMviUEr4VvUHM2MHP9mCDL1Rz1hWnhMlUr516FSZjAoY0J5VY56tBJqxbOgrt5Wh51vo2F8JUee6rcBnGguN8d0bcsie0MnkkHwXaD+/i9B4FmKZ7TkhWd2h0Jl7b2GH/8z3iy+kuOn2i28TT7A5bIsr6syxfhskSXgsIpriJHSc8O2/2ozSK72KkU9XErB2H3xBVfUMBL94TLPb3qPkjCz5iW3W3UM4GH5rxqcH+geMfVNQeXrhZKb5jORrDgnzEbV55htHPa+vr6+u01TC2kTFY7tWBwjZoJz54ePdSYcY2pTUo9sDX59HgfLLTjeJjHFQ7TquOnZsGBs2HXGpkZ+rUl/sCaH7k6t1YvR8C3YFz0hqA+eR82CLoPW+5NsIbGVTZpGlPHon5uUx+zDt3rLj46mNEH0BeJhirsrZin1ZZaCa3ZrUn0+TnBjPHOZvD31eyO7XiaodnKFFbc8vzAYYTdJ5NLSOUeuCCexMtuJdB8588tfO1y4Ow715WDunonyUtqg37LLokdIDiXlUwqyVMm/GZCc2rBzbV3LtvD6MkoYhuYAxYwq13LqhWj/VaGRrlZzrjs02uNK2Ux6ckZOz+f4qCKgmkf0p1cooZuPeyLLWo9n+tlYzB24lnK3ReSVB3kh2t4Q4ZREzDWda3u9Ps3W9bRdn9kTbd7HGp9bGpY9jbHtFyFNoOlf4EJZJgKRvkpMzD7dfJwXd85gse72dP1T09PD8kK7VJl19WxIHcecQS/372fTZ/uDt2iNLyfPN3+dP3h7v7u6e761/f/dXf7FCf9GQcOIr95xu037WbWJlSkCCZsRTuQ34y/qWKFhlWZQt8Pa9kzAnMbzXV76WFJKzUflpZHP/D40+N0hyLifW1YOjt1bWhLa4sQIAxYUJPlCjVPPY52VaQ5SRbpDx7wDQbxhL1WwzsXDd6qDNvrLFUIE1Xq+pr6SnZbiyYxfUdBX82xkIPXpWA3j6sjjQA/V42vjqXN/sUaNSVlbTL+Qq16zIhr/koM/yvO2XOqpzRo7XJ9kxmX4CSwN8JyT8Zao4bh5E6Zdt/VcgkLwfOlbZ2lcmHNtwYK1Kag3GXdI6G21DJhWpXxLs6LwGe2JcCmIGfdyiC3qtSHfYhr39RDe+idTNzJ5mOYJxQLjpdT3BshXfPHpaF9MqjHE5rpYCUjnPkZvL5SnVKffqiq3rXnOdXZhCGm2TGXs1QDRzZEwOcxW/015tn4nXsnTS2N+NmizJqAC6YfeurEdWfVRd5NWg9f8WkEM57/5tDSl+9H3Ra6dsS4YyReHVf6InpiSt7p6jy3GI4pETdTlEEYuGdb1HA1m92/rSr3zYEdzJXl9QsOSfxnMdLoQk9BbOe41nkvm4j7jdBUUb9VcPd8mH8n6qS0y5+crvpzL7v3eC02I/jvEvV25kNvuu9P+ruKxa8KjWOSDcwoxHv7+qV1WuUnHbg8VZ1+rcQy1NPp65GTq1aYy2jTk2bSuD06L2iz6qVjV0/3s7e1NWtJWiiv7+9Ht84TL4TanF7AuFR32G8Pt0BIXlS6uAiPCcmPhORe5aaawr0teKtKEobw1ipHeHi9ge/Xr9jPDbyrH/AHjbfAIC2NVau+J3pEaYBXHsQDb3c+vX7VQVXXrJagb8PIol5cYp+jKSNItBuln5u5HLamm9xqtljwNHRlKJ0d3j0YFubeif7Yu20CvhFMbm/vHp7ceyHv+nNpofJDud6rkQqV52RoQ6YXmFst7wh+/XkEH3/9MHmaOE/88/SBvve2NFsmL7rq1RSOtd92OfsKqRhVoVs9Njeu8uiM4laVPd1tzzYxOmVZFvcnrynlFYyig7HANQq4UprnXDLxtip9dhtDAjn9CDNjvwjCjHJF6T17C2a9DXII57pILygx7gUTpIf16+QHtR6mnEsc3uw2+P0ElyTBpkWyEKxzrPVMEubcrph5Drlc7TiUEGpDFufp9gHctDfw7ofZ/34c/ePf6L/x5Pbn0T9++HH6cfT9D4+zpzjky7UJe67dwPRh/f2I/v1Xl+Ld/Ti5fvP/AQAA//9d8O3V" + return "eJzcXN9z47Zzf7+/Yicv8c1I7nwvmU7HnXRG5/M1apyLa+mS9omByBWFGgIYAJROmf7xnQXAHxJBWbaoXKZ+SHwmCXx2sb+xwBiecHcDbGveAFhuBd7A5LfZGwCNApnBG1igZW8AMjSp5oXlSt7Av70BAPhZZaVAWCoNKyYzwWUOQuUGllqtaZjrNwBLjiIzN+6DMUi2xmo6+rG7Am8g16oswl8i89DPRzdMPbKb5zo8bU/RniYVqsysZlzUj2Iz0s8htdVPhktWCpu4KW5gyYTBvcdRsG3ASju8t4RlTlj2oMfgt0nADUqbbFAbruTeGxUlT7jbKp0dPDsCjH7mK2wjCuODWoJdIQH0ExP6NbPXUWilQZ3wDKXldheFdsjkLrBxFBmNPA0DAwpcE5RUScu4NJChZVwYYAtVWoeXZgO17Iw1nfwMFUCwK2ZhzTJ0n2j8o0RjR8BkBtsVT1eQanTvMmFgixo7w5UGs2uYLsHiulCa6V3nG/fOyM1Q4TYrtTWwUlv6a2fMzgBqQVRidn3wakxI2qtBPOg8PC4j3eWIvOBXJHDYEdaz5C3t1oeS+nIkXcGooEzW7E8l4RGNKnWK8ImtEa4mj5/eVgALzWXKCyYO1jxlQhyytYU6TdGY5Al3CY/hGwq/n4cGgukHj3DLjBMcsAoMz2VbQvsBGzSktAkpBn6xvZBjWngq4OmyjcUBdezccrtqqYHBtNQxkYB9ESd1qxXDkV5oteEZGuDS2xoyQ41mBxqj49asSzUyi5kztXalDLanjHzap0pt5q6XLGGlXdEoKY0efft5qTiV0RCkY8NEicANWE3/D+xXyjqjCEo7o+Z+3xKpvYNFLVNgUbOgTBjleLhHq19eFmc7/fz8cQIZbniK/wrKrlBvucGR945dgW3z1a0VSW3GbB94z9MjL7yEoTSMM/KWrxG2K/Ta1ZXdLse4MWXXEO/TUymhe1cfJahPD19C0RD6CK/Xyd7xgns73Z1VP8d0EZ53b9XPKWoIL+AzBOkJPiY4luNCMwJTpqujQzIDj0rZESnxZ4N6RAr9qESP0rQZUDu1uHe6NCO4tKglE+SzAjfacVXbg+XYLyewL3vPkx2PJS5N7eTxU0VlkIArlqaqlH7pnP11a6eVwLdHh4ux5xlBOoErHszXEYUwuadMbaW5nDRU9HK5UU+YJYuYRRsqMKOpqlWnjM2gJg/XlziQsgOLxRdQxah3t+9gUloFs5S55DjkgneCGctTeI9MGsvEUzzBQq2VTlKVHVq+0xO/eH7Vps5NUgcawa9otKWWxnkGen4M3xqNYfmQEKfHwfj0qjVIbZD6oYaxkoJptkaL+nDdzmVpM/CImMnkbhR0gbygId/qfXR/ZL8uheXJs3nesVC/5+EzRYw2m0yhpMEkxANDc6kav443KB5lKX1jKj17QkhXTOZo4MpH9qNuJl5QWOcscIYCKcLzg7z9GzKVZRkncEwkrqiSsb0K07l8ndTDU6zLWsmTL+HUFlkqS2Jqg7p0Bqr0jdxaWKe/ITcrTe64vnNl02dejlu+wrHkaPb01UeEwW4ukMu8W85hQmAGOUrUzLrvufFD99hQV9+LRLdnGdB9/FXxpiUPFcCsJSgaU6WzOExW8LOLkM/inDxM60okM0alvElG3fOtmRT8lgnRGclRMCc6j/B6zSTLnd3xijikEsJ7pQQy2SNG2xVSmtziNjdwaAWghdC/1efMWJYoKeJF17OXosHKDaiC5IRWhAC7qcc0dfOgD6MPnOMe5DWF4QkIbpzxqscOtTTMgMuGtS+tnF6uXFnXKCePn7qB4knB/BAwJiFgb1K3ioMUvkeqFoPWlJ9hjTNOtaboaiV94cHtRd3csK0ZB7s7dshuyNON6VP37x4JTHnBSdl7GXyOwjxioZHiOm+7WMNjp/saU+QbZ1+5OabMgS5vkZKwt3E5G1uH/TTdCLhMRZlRarIl1FbzPEft3ULcyPpampehUvwdg1izYhqzwNBB1/zfP08/tFznYtfeQ7MKSsn/KFHsKnluP49zM2xoupWh9JMyMx/KBhdifO5gFWR8uURN//D7s/s/Qf5MXMg2RZqgzArFh2bJgXj9+nAL1USkyn5nLQRQoSToUmlHdtcB0vdWAZOuqtxOVOuEu0quZ98di6hSZjFX+tUu8n+7pM7cRl7jwasp6pUqgye6V+qpLO78+lJE2FqVrmCP4aPSHc9vfJZbbwc0zyPVIT+Ei/6jH9OT3s+m0vB8ZU38U+6fxlmdKmmUwESonMfjwtc4+rBxbgpM+ZKnJA+3fqJ7mifgfKmTfz4JO466izzua5tszAkAfKBVoTT3eRqO0dGmZa0WXGBPPL5PycJHpT3vnLzr0A0O96ih7NIptEcGx5BVRDiZSaw6Cn+YfbXPj/edFTjO4CVLSJm/DmudC4UlS63S7X05cgrbnoIjhPYEyEpN3ryX1IrEpWDWouzQ+Hq1vZs1gzqL4yI74rta/A+m1hGofRHVlAsv6MA0ym8tPEm1lWQ7WbZhMu0UHgZV7z7au1Q+p+LnFVzgtKLLC6qYr6GxvyA+QE3z9NLisNCHKjTCi4qNL4vqh6N4wBgfTorzKzIznqOJ11HO8PzOldzWvXvwwc0C9yp/qdcXKk+WXHSqEA1MiSbe3HFSYl2XJO5V7uaputSakoRn0RFJsUzbxPJ1f6bd0wlxqi64GWj5P89vfReEJqn3atBABCIAUkXOO64Ilj3RMMwXglwyknp77katw32hcvDcWLFNXMQWiJK0iW+cJO5lUv28QpldlFMos/8XfDLfJYsyfYruvF5kt7TKyMBPSyG7J9H1hJRad6utYbYWS1fMHNB7lEIfVVyQwoYqP5Vr2bsKyd4oSnh0LKF88Fb3JwaGtInvp1Tillx+2Ce4oPDXUh9QrpXxZawqJQW2ViTWQhwLaEJZI1i/RsRPNIdKZF+HXD9xD6X9+Rq8mtJC44ar0iR/hbYe19AKyp469qUaJ2hnTdqKmVXCRK40t6v1X2SNaFKoJ+12pLjnfeIbY8URQsuF4KnrGV5ymaMuNI9auqHoXOEXlmHK10wAylRlmEFr5roD2uFyBovIjw63ZjZdhYix0HzDLLoPDhqR+YmsoNeZLTX+JevdLG+nb7oXbdNM5EpaR2vtfRH5c/h8jTDey1zKDLXYUWgQYnBD68VkXYKL14ibyqc3Tn7jZOSbgFnu37DMcmN5akZuG5Uo7QYn/qxDZCfSVmEiJTkos0qOjgNr2Lt34GZLgvXmkKNf58DNb4TlRQdujrUzRXYmnqkX7IOoBu8yDtN3X59jd7fv/PEtLlvAT2UcLxKWZRrN63evOuxrOk/RQhi92cN0FQfUEW6KxenczC/Dy/v3LxK7zjbm2Xxru0ShWAYLJphMsadD7qwWlCiA9pmhPQCOSZt3cE9/fB/+2LNzZZnO0SZu9a67O/VnQmz1+fqJvJg0pxl7S1t1hYEb8hOHe+hn4nLSE0bu7CdT8iklpv3NF4VWVqXqcM/xTFDVqPE1vVpZW5D7sGnx9pkmTK1SNIbL3EX41wbTHiesOrHLKXKnLBN1qm0wVTIzYHiVhDfc81VXX4DlpuFxKS0XwPe2XymVz2lJXB7O0ieUPb1S4eHfiMwWGfQkAATLhdj7gwsBTCieZlzmvb09vpT7lSmsi7zttav30/eo3F9Lxx7Be3syGtZ5utZxlyZUpwPwZVRV9YDWSklYcyF4IHYUqPXwVeH2VloEpUKZw0SstpyC8i+ZmRV7wsvSUZ0qm9/PoJ6SGJ2qdeEq5gd0gYpIaV3/QWPZQnCz6iOtUj9+WGA+08JNHw6DjEqIGkn3KdFzFrhCWCj9+jbDuBVW2lYlhnPRkcm+rredKIcozXnnDaKQ/cBAA3fV86r9tKug/gPyh6S/VmlfWf+9F/rvUYqNEUnKi9XQjno2uwc/bt39Mb+f/ZP7c70IPaENYbqMp6bpa2/9YlzpShmUSYraXjTi8vMAzcOX7uAphJY6n9G3hOC18A1qzgZmrh8TZLleoL4wLVymau3cqzAJEzi0MaHcKkcd2n3U0llwN0/Loy52sRC+0mNPldsgDhT3uyP6LUtiO4Nn0kGw3eA+fu9BoFmK53S/Rad2p++lrT3G7/81nqz/lOM5zTaeZr/DClnWl3X5IlyW6FJQOMVV5NTu2WG7H7VZZBc7laI+2eYg7B9u40sKeOmd8LjnWIAPkvALpmV3G/VM4KEPshrcn93ec3XNGbGrpdJbprMRLPkXzMaVZxjtHWy/vr5+ew1TCymT1U4tGNygZsKzp0cPNWZcY2qTUg9sTT4/3gcL7Tge5nGFw7Tq+KlZcOQY3rVGZoa+IcafDfQjV0cE6+UI+JaMi94Q1CfvwwZB92HLvQnW0LjKJk1j6ljUz23qE+3hoICLj45m9AH0RaKhCnsr5ml1AFdCa/ZrEn1+TjBjvLMZ/Gqg/bEdTzM0O5nCmlueHzn3sf9lcgmpPAAXxJN42a0Emu/8EZGvXQ6cfee6clBX17+8pDbot+yS2FmNc1nJpJI8ZcJvJjQHRNxcB0fgPYyejCK2gTlgAbPataxaMdoXYDTKzXLGZZ9ea1wri0lPztj58ykOqiiY9iHdySVq6NbD/rJFredzvWwMxk48S7l/90vVrH+8hjdkGDUBY13X6t7RimbLOnqyAllzsCAOtT6hNix7mxNxrkKbwcrfFQMZpoJRfsoMzH6ZPFzXb47g8W42v/5xPn9I1mhXKruuTmC5o58j+O3u/Ww6vzv2itLwfjK//fH6w9393fzu+pf3/3F3O4+T/oQDB5HfPOHum3YzaxMqUgQTtqIdyG/G31SxQsOqTKHvh7XsCYG5jea6vfS4pJWaD0vLox94/PlxukcR8b42LJ2duja0lbVFCBAGLKjJco2apx5HuyrSHNqL9AcPeFlEPGGv1fDORYO3KsP2OksVwkSVur6mvpLdzqJJTN+p21dzLOTgdSnYzePqSCPAL1Xjq2Nps3+xQU1JWZuMP1GrHjPimr8Sw/+Mc/ac6ikNWrtc32TGJTgJ7I2w3Jex1qhhOLlXpj10tVzCUvB8ZVvH1lxY862BArUpKHfZ9EioLbVMmFZlvIvzIvCZbQmwKchZtzLInSr1cR/i2jf10B56LxN3svkY5gnFgufLKe7yTdf8cWlonw3q8YRmOlrJCGd+Bq+vVBcCTD9UVe/a85zqbMIQ0+w5l7NSA0c2RMCXMVv/OebZ+J27/qeWRvxiUWZNwAXTDz114rqz6iLXwNbDV3wawYznvzq09Mv3o24LXTti3DMSr44rfRE9MSXvdHWeWwzHlIibKcogDNyzHWq4ms3u31aV++bADubK8vouSRL/WYw0etBTENs7rnXevR5xvxGaKuoLHPfPh/nrZyelXf3odNWfe9l/x2uxGcF/lqh3Mx9603t/0L+rWPyq0Dgm2cCMQry3r19ap1V+0oHLU9VB40osQz2dfn3mkLAV5jLaNNdMGrdH5wVtVt3vdjW/n72trVlL0kJ5/XA/unV0eynU9vQCxqW6w359uAVC8qLSxUV4TEg+EpJ7lZtqCncx806VJAzhgjBHeLhJIhxrDuznBt7VH/iDxjtgkJbGqnXfFz2iNMDtEvHA210FUN8qUdU1qyXo2zCyqJeX2OdoyggS7Vbpp2Yuh63pJreaLZc8DV0ZSmfHdw+GhXlweULsGqGAbwST29u7h7m7gvOuP5cWKj+W670aqVB5ToY2ZHqBudXyjuCXn0bw6ZcPk/nEeeKfpg/0e29Ls2XyoqteTeFY+22Xs6+QilEVutVjc+Mqj84o7lTZ0932ZBOjU5ZlcX/ymlJewSg6GAvcoIArpXnOJRNvq9JntzEkkNOPMDP2L0GYUa4ovWdvway3QY7h3BTpBSXG3eVBeljf3D+o9TDlQuLwZrfB7ye4JAk2LZKlYJ1jrWeSsOB2zcxTyOVqx6GEUFuyOPPbB3DT3sC7H2b//Wn0j3+h/40ntz+N/vHDx+mn0fc/PM7mcciXaxP2XLuB6cPm+xH9959dinf3cXL95v8CAAD//7hdU30=" }