From 151eac3798f1bea20203953686b38ae79e859f07 Mon Sep 17 00:00:00 2001
From: PrasadBoke <v-prasadboke@microsoft.com>
Date: Thu, 24 Aug 2023 18:09:29 +0530
Subject: [PATCH] Necessity changes

---
 .../Infoblox-DataExfiltrationAttack.yaml      |   2 +-
 ...eatLevelQueriesFromSingleHostDetected.yaml |   2 +-
 ...blox-ManyNXDOMAINDNSResponsesDetected.yaml |   2 +-
 .../Data/Solution_Infoblox.json               |   2 +-
 .../Package/3.0.0.zip                         | Bin 41837 -> 41891 bytes
 .../Package/createUiDefinition.json           |   8 +-
 .../Package/mainTemplate.json                 | 344 +++++++++---------
 .../Parsers/InfobloxCDC.txt                   |  54 ---
 .../Parsers/InfobloxCDC.yaml                  |   6 +-
 .../ReleaseNotes.md                           |  28 +-
 10 files changed, 198 insertions(+), 250 deletions(-)
 delete mode 100644 Solutions/Infoblox Cloud Data Connector/Parsers/InfobloxCDC.txt

diff --git a/Solutions/Infoblox Cloud Data Connector/Analytic Rules/Infoblox-DataExfiltrationAttack.yaml b/Solutions/Infoblox Cloud Data Connector/Analytic Rules/Infoblox-DataExfiltrationAttack.yaml
index ebc59144725..ce3b8952331 100644
--- a/Solutions/Infoblox Cloud Data Connector/Analytic Rules/Infoblox-DataExfiltrationAttack.yaml	
+++ b/Solutions/Infoblox Cloud Data Connector/Analytic Rules/Infoblox-DataExfiltrationAttack.yaml	
@@ -1,7 +1,7 @@
 id: 8db2b374-0337-49bd-94c9-cfbf8e5d83ad
 name: Infoblox - Data Exfiltration Attack
 description: |
-  'Data exfiltration attack detected by Infoblox Threat Insight. Customize query count, scheduling, responses and more. This rule depends on a parser based on a Kusto Function to work as expected called [**InfobloxCDC**](https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Solutions/Infoblox%20Cloud%20Data%20Connector/Parsers/InfobloxCDC.txt).'
+  'Data exfiltration attack detected by Infoblox Threat Insight. Customize query count, scheduling, responses and more. This rule depends on a parser based on a Kusto Function to work as expected called [**InfobloxCDC**](https://aka.ms/sentinel-InfobloxCloudDataConnector-parser).'
 severity: Medium
 status: Available
 requiredDataConnectors:
diff --git a/Solutions/Infoblox Cloud Data Connector/Analytic Rules/Infoblox-ManyHighThreatLevelQueriesFromSingleHostDetected.yaml b/Solutions/Infoblox Cloud Data Connector/Analytic Rules/Infoblox-ManyHighThreatLevelQueriesFromSingleHostDetected.yaml
index 1f0385658a7..0cb1ce7de95 100644
--- a/Solutions/Infoblox Cloud Data Connector/Analytic Rules/Infoblox-ManyHighThreatLevelQueriesFromSingleHostDetected.yaml	
+++ b/Solutions/Infoblox Cloud Data Connector/Analytic Rules/Infoblox-ManyHighThreatLevelQueriesFromSingleHostDetected.yaml	
@@ -1,7 +1,7 @@
 id: 3822b794-fa89-4420-aad6-0e1a2307f419
 name: Infoblox - Many High Threat Level Queries From Single Host Detected
 description: |
-  'At least 200 high threat level queries generated by single host in 1 hour. Queries do not need to be the same. Customize query count, scheduling, responses and more. This rule depends on a parser based on a Kusto Function to work as expected called [**InfobloxCDC**](https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Solutions/Infoblox%20Cloud%20Data%20Connector/Parsers/InfobloxCDC.txt).'
+  'At least 200 high threat level queries generated by single host in 1 hour. Queries do not need to be the same. Customize query count, scheduling, responses and more. This rule depends on a parser based on a Kusto Function to work as expected called [**InfobloxCDC**](https://aka.ms/sentinel-InfobloxCloudDataConnector-parser).'
 severity: Medium
 status: Available
 requiredDataConnectors:
diff --git a/Solutions/Infoblox Cloud Data Connector/Analytic Rules/Infoblox-ManyNXDOMAINDNSResponsesDetected.yaml b/Solutions/Infoblox Cloud Data Connector/Analytic Rules/Infoblox-ManyNXDOMAINDNSResponsesDetected.yaml
index 24c35aa5c0f..f9913745361 100644
--- a/Solutions/Infoblox Cloud Data Connector/Analytic Rules/Infoblox-ManyNXDOMAINDNSResponsesDetected.yaml	
+++ b/Solutions/Infoblox Cloud Data Connector/Analytic Rules/Infoblox-ManyNXDOMAINDNSResponsesDetected.yaml	
@@ -1,7 +1,7 @@
 id: b2f34315-9065-488e-88d0-a171d2b0da8e
 name: Infoblox - Many NXDOMAIN DNS Responses Detected
 description: |
-  'Detected at least 200 DNS responses for non-existent domains in 1 hour generated by single host. Queries do not need to be the same. Customize query count, scheduling, responses and more. This rule depends on a parser based on a Kusto Function to work as expected called [**InfobloxCDC**](https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Solutions/Infoblox%20Cloud%20Data%20Connector/Parsers/InfobloxCDC.txt).'
+  'Detected at least 200 DNS responses for non-existent domains in 1 hour generated by single host. Queries do not need to be the same. Customize query count, scheduling, responses and more. This rule depends on a parser based on a Kusto Function to work as expected called [**InfobloxCDC**](https://aka.ms/sentinel-InfobloxCloudDataConnector-parser).'
 severity: Medium
 status: Available
 requiredDataConnectors:
diff --git a/Solutions/Infoblox Cloud Data Connector/Data/Solution_Infoblox.json b/Solutions/Infoblox Cloud Data Connector/Data/Solution_Infoblox.json
index cc5c81b387f..b17c8c29e76 100644
--- a/Solutions/Infoblox Cloud Data Connector/Data/Solution_Infoblox.json	
+++ b/Solutions/Infoblox Cloud Data Connector/Data/Solution_Infoblox.json	
@@ -20,7 +20,7 @@
         "Data Connectors/InfobloxCloudDataConnector.json"
     ],
     "Parsers": [
-        "Parsers/InfobloxCDC.txt"
+        "Parsers/InfobloxCDC.yaml"
     ],
     "Playbooks": [
         "Playbooks/Infoblox-Import-AISCOMM-Weekly/azuredeploy.json",
diff --git a/Solutions/Infoblox Cloud Data Connector/Package/3.0.0.zip b/Solutions/Infoblox Cloud Data Connector/Package/3.0.0.zip
index 51d2a830578d6155b0483315ed90cca91742e90a..40ac21f12c99be35ccc581bb606826266c489952 100644
GIT binary patch
delta 35092
zcmV)wK$O4j#sZ_q0vk|E0|XQR000O8qmUR^;#@Gq77PFY8#@317nA;?8h`Cu>uwvl
z75-nK??9**ONKPEy_-!CG`rB+xfpd4*LF57>>!|KC=F}Qa6)n{D`|i}OCPOI(sRhU
zYDRVxTXC}6AdodAhdh_>+(_!f?|(-~=a1SCSwuSzNhdTW(GQ11*WyJqrc)NN*m(4P
zs+i}?DC^V1EpOY~86=8baDO%%?kYwNd$qsECOqbb%h-FK3d4ViynkvL|Dn^jYlSop
z1XH-ybM7mt<-~X+J9lM<Z14qB8YaTQwZ*dTgen>_1A}112W)~yU&a$YEgPVT>(~4}
zRRJ_ksL-rm^o*(IzOD|2#(-&G@x){+|Aj|WqLu&XtdNePGjGaGn17B_%@nL?P(mmh
z%Zd9O977|InHYkwfXLy2oJu|9@kEY=ynHL*(bE^xvksZ@z=SaW{d>tJJcf)<LsLBe
zcov_<o0~7BVGlPq$)R9WGosjpDPklsAtMthgq-nsO2%v=6(c;>h6;f#*srBXk)Ma;
zOp&vg{P*AgAxBn}wSR7Mdc@r9xR`#^%^7ygF6YoF#&R}~v&r;uKV$VzJ6pR#rUCrj
zqlV(6jAP~-sfO8tc0Df&dXB!6kO31BodZAQ^gNccm~gGrDoykp@TrG7qao)(+tF@t
zk0eYP3V1|0ps2VeIemSSG$k1|1?as+`2$7dG-s$JVm6z3xqn8jczVRLT8fmSW;B`0
z6qkSnxtJ5*@sF*F<g=2W;p1h@NB}|tOqh@qCPH#id*tWhb>zy<08r96dvkc-F6`5o
z7<$eK4K8SGz@&+s5Y4FaL-J>sPAMj+6AA_E#F^n+9DqpBC_x&AfiR{l_8DQZ;(mxu
z0dS{)C71*#@PEz}XwH5Rvbp&x4ww>iq_HIHg!y4CVK8T!fb9eb=<>Z2)K4Kfq*xP5
z0+ukCEcWLFTWfGPl?ffiT1J*T7zes7-o*tOh!ixP!HNUi51l`$fXaHJsPIhI-=#?+
zl^F^)rDB-5paHfD>l&#T0PX>bJp!09usW=P77WPJ;C}*fB^m_QCsF}VQ>HD0FirwM
zY1ZLOZS=!Z8q_1FqbZ6R+!PC(mVICyRS&OEl#Ix09tVgoWc`50=_Rn|hoE{*O0ELw
z>jkDPqwaGMNpRR;ixd~rLxkTz1Fn3g2Y#xJj0U)N&-o!VVNw{dMh$NFLE(o~fio<h
zUrTj9mVffRY#9NUbHjadlnQ2>AJ`WKotFc*ah1~pz-CM$v_v|VscC_B!xLC$a(B=p
z|02y<3g2|~%Y`oi!Sy=*N^H>SxEdTPVFNm00xPvcB`<j3!qRDV1gQqSm$~Zo^CHR)
zi<PUZE_;!R{a7Q=^l%2k)(HiT0YJ0Wht`y>tbebVtu}>K!xe)egmK@FoS;|hR0qB(
zA3jz^CZtbW#RZ|8BGwi=FiYS87%fKMXFNbV&nM}V86#5$Hf0?C(H#Id0sjtLniQg_
zQTMUNROf<gJ{By`2$qnZEA*+7Y0{wIdiKYcT%)^$UZc|LMETe3OFnU#a}?01CLb|m
zG=Io9@OUtKU9eK6%FGj1&z}lddm|N%5)RgBloa*1q!cF{x#(CoJK+K|Co-Ow5`!QT
zg12YL6M8Ka?olQKVub)f1Kke`YI8$8a_$XhKb_h<PIU!~rzY&ygxKwQ$YHO))qB&a
zi~1b|Y|{pkP-5oRdHVRIj!ek^OlVhx^?v~#-KufILOkeiRIK4s4d^GD@IjV&KHAyZ
z*&1v;7;J5C0KskAEl6t9;_MR@xGN)Y!rq>e$sS}cwb6o(nZV)gXh;OKgi-`9sXn&)
zfvCA;=>-%7uwsDO)r<>41nOPJq5_EuBJ_%o&_+S(WpqQQ)^J$x3l*SptH6jRU4IA2
zt}~DBM%@55dfo*N?~`m?k39Mj^B~Obbl1oOm{DbYp!r^(<ZZ3^>%o97H!QOABpAB7
z8HzSOoH?1FbsnB|Hu?mI*|+*+<E+y^>sU(Kdp~Z#)NdAWirD6g1x+7Om00PLs)I71
zy~(`?q}a)|&I7%wUqtA3G%bYj+JB(2paDDK#!_?TNaj+YMx<MG=<SqkL*jI48u4bS
zeVo8(NRs{Y#w#*$QL_<Ba5`Kg2Yl`-^8{a8MB9wJpv$JUMON<e`MMB1@{cU7##nUa
zP~vDmW`3%;nL`A1tAQ=q+`XCDl*Z?g(FE|kteWc+SL~*k-$4GyVhR9qRe#O`N8shl
zq<Nb1fMO;OG`QTOOu8|*^*VJKeyl#$1L>#fd0-7pePM007G+as>&m$`a8R)ZWk(JL
zE;ENrJ5x|=MMYv5PX&Ju<M35#JS<n6&6zqN!ZL$OtW;T8p9FjYWhZ9$C;)Ana9Nwx
zl%2LMOUALp3lzV=5-b=PIe&mZ1kzf_=b;nIxd@ii;JrbwI>Q^ul6zaxg=y?cI}Qa=
zfYbB%0*jHUBMU(U?lJ+{0wjE3Kyhi^eoG;G>mUJqpYN<29=J$bN7Xep%7#k4UDe0p
z!gdyrdZ)6HwzTxhYmH$x`Jh^MbrvW7SZ}BcyL>2e@axl(Myg*=G=G}ikX;>QBkJKC
zDq;xb;8OAoaJTSEXjMz<icSLMZvDMI8CR3`T6C<3q;?8d4MqiJU)V8KH#rK=loQj{
zJ+$+XiNx;ROd-L+Q8rC=P6?%IEVD+<^Bn>3JMDIQT?~O{Wk{;?o}7?1Mu$@H)*RO?
z_|;7Qc8uDj=yR#a_kUIf80)QxuV&gSiF5nYC3)=jkQy%(0=Y7$X}q?~^6+1q+#8g)
zTA&@eIvDJ0R{+9In_1&AGcNcW9zhTXx@`7mw-YpPI^u@D8Vzr%kE{FUVk4v7H;-Do
zKi4<6E_OrT+)m-DzPX_6Yw*qWJ?ES>qEgJZSp+3Go?cw%Xn%dXFH+6aYcuIJI^0s4
zzj}uoFoW5YJGjXAuYY=d;zj;j9y~gf3ODQvPT$&-thd#($7}5S2I60fgC02N{P+?#
zKis|+85zi|n@am!H(k(wXKvcE$f_(-%OY{=hU5n-+(INL?$j#V-1Eq;1p(A%<Xy^a
z$^?ZFWIle#f`3%liYPC8+(`=J(sRdA*2vv4lE(9=qJngXGPdQfI6rxk#_nJSzGGk`
zR0GM0BhLqy0Dn$5H*+d?_jWfommX&hieVUkk^Lh2X4Q0W(J$b?)q>MX;9a3KTLrw&
zKt;L24%h`0*nhJ+dLa$5xB;o{WlFwvK=0fcpht$_>3_2!+ayE@WCyLnO2DCX%3|E7
zcG$-B9Do=~w=)lK;pUOu#Q>1TAgpmFEXZCI3%Ifp`!=xudG{$+yJ(OdPYx?2c;?c4
zX)F3}JyryH!+eP;;mP+C+*CSt5PF6XTAM|EclQ>xv$eIvrce~uTa{OcEs)l-Vg{oD
z*khM8Yky$*+pw#zKBj#CMXez-02g1@W&z*dnFVD0HL)Ma2zQa32?T^zEd}ddT?r|Q
zO{ofSBiY^&vip(W2HJl^QRLnl?dHYb_g+39?Y|&<FOKo3H&g1`?B(8_*-Oq+-5`+d
z63e(56w7#EPr&VgjJ2hz#Vm^`|BoZ}e`~adAAi<k4=4NZ(LBF>PK_UuC!nan8jYAy
z#de$Z(M>JmhdZ;3CePj7$4`1CufyWo-qR6@tUxAKAo;m=S&Z-RJuWNq@*e4DL;tx9
z_+(x?iR)*FsFf?LiNd>;2F(w!9x#nJFupJ>@2?S-6;oXR<bjmuRPb{~_MES}bzt7V
zGk;)KxnAV+8-n4Nb>F|C#OT2qE$(=(MZ^2QIy$&@^LlV+=9RGsOnpPfbYp~-51)8O
zm*h9rtHLgUbJ*Jbxo32(i;<h1(X~^!>KR=@+1GMLm$OwK$`w~Bc$EEG!y!3OZOBUn
z$kf@PLZ6IMKyP^&DldOX_xR=Ls8{}6<A3_oKKJ_*d#!eCy}Xcf@X{&%ET$y%q#!iA
zTU#N(s%+V%j+2nh?FB@bytoAzIE%7ph(UQjzU@#E=iPOYfILgbw{XT-qTyG6#^^j)
zP#iMmtgr8wvCT!fFU8GZnVKZ6-?lFApARa(!swh%xYDNknU}5sV%-~DyzaAiDMl4K
ze*+u)`SP=J<%JvC_Lg<dL+yrjr^Z?S(5($A@51AlmeumB{Z^*%0ssF8P)h>@6aWAK
z2mpqV7+1!0X#0<r008o$vsMh~7JuC~j_iy6f7iO-0mn0YVrL}3UrBee$FY-c-^s%h
zJ2Ut0ILC{YXq!8-s1fBP-hJ}jFA5J5Bmn}TL|KvxGo3^d9tEIKs6qkti-%$Ac>&~>
zZrJaHu>Y3jOiRN(Ij@cUaKc{^-M0)QEw^|1shCUM_U+05|K^hbb1*3f>VNl#{8<M5
z7B)xqm-pcaHo_J;NZk#u<x59cW(n;z9T~bEY3)=H>M3+jwtr;GhPZ(SR}*2Hn^QD^
zl8@mP9if|7ccW3P9E{Ja4x#XEdDGf&X*aFW4U9nC>n7RP;-rAnm}U5F$b1seGVhx>
zOnC7kpD}Z3fa7wBjnaVrMt>(Z>*)0`xaY;BO7h40&p$SP3Iois0k|V#Xy87COT6PZ
z!LF+q+UUWozG6AYZAM&UF*FnpvrFmYw8E~y7}`kBgzOEZ&Ov=mm*x@q!ZnBr&gBw!
zn*19j<TV_IyR$0e>+-O?G>-fJ`UFPZT>Xx*dOyZ7x3JOlGBftTdw-3M!JI931L`v<
zF{;3&AGy1j^S0I)N{!W`q|Q!e<%B8ABrRn$ZL;FLcd*PV)>)>;l$M!cmEAI105&{o
zgwTI&Fe^|scm{XFK`(@P`VH(+L6+NCf?c5{_icQAO2=pziN!f3flz}>uhUN3goL?r
z;~FcoEZz6kj>R#idw&BvK2kz%NInhhJ4-pf5k1u6bzY}M1}rVKdaIN#mWp-Ctn?Dg
zZ`&59x*!FCZs#{(H@&(SV*rmv{vPIy^}Kn)D1$N|#PQ4~Kg5|(HHL>ax(g;z`had=
zIuR`0EO{S~(#s`m^vgxZyPm=><4_yogiVY*x=N2>N+!+>9Dk}*7~n_mPp4pj14n#|
zz#`Tg)(>jy%CG29{6pCB>R0)4^qY@|ahHBWt^83;mo^&9Xe`?|Pc)XDn?Yk4jb+QI
zqp|GN#u&`ma@V)fSVm(Rjb${JYpv4xF_v@pRD8^1TfzA?h~dq=uR)B@HSm(dBfI2a
zxB?i$VL?|nTYuu&sO}f_^{6s`y1NN0c>=4>b##{z%N5G(?19L7#RCxyE%;OfmmDs+
zY{^xyjpOqb^ZI<qhb$VZnA*e7Jwf5h4mcqPIfHPoK8KvXr<+ZmQ|2D5XkJ?++E*1t
zrEh0$l)lUhlB#&7iL_ij9sCfNPx*i66S;tjIw5XQbAP`<smxG6hKTE4q*ecvnw<4M
zwRKeZa6LWJ^`vJ&C#6oa>K;;?Q^_%^aXb?b=!ELr0;qGg34I8)4z~l`4#wXOtfD(7
zY#HZIUD{@@&?;%mXMFCZEs#<vZm&gv0*#{>KIWqs2zORVM8kJ%PTvAs75rTMmsF0*
zi#m)0bAR7tPOH(~@ZWcFl!QVW7pj1DP^hC&f#S*6RUq&37|YA62D-w^^%-ONoNK*M
zKD`)|WoJH1c41{PcRKxI!d(k@E!?%NyOw^i%^R2)-^Jg$#@dF`SeAJ?4iPN#vRPcW
z(Mj?&xMseNG^D2co{$Fo%-8gah50P)6|aUcgn#;)er1vAUKT3))c@L#zZdU@sN3uU
zZa#*Epl&;sa7t$q?2@j=!Ho!?bT^7P<_0@ado{dE0LEff#9o5)w(c;<U@b=9V={;%
zxS}DD{CH&&G$zchZ^ZrHJ;!(X9`(DlDJVc2StYOTNk1MD9(5K@`hxzw%yb{$kxtMj
zL4Pk1RR+DDS}nAhE?rRvl})r62Id(LG*B~K^6@{bVnFFQ!x*;IjV-kBlBg@7t}q|E
zg7&aqdr?mm@Czp;aZ(!G*yr_4ic{>O^_KQxqf0C&-R;TF%mtp>#lTZ@9(ZcgtaMFo
zYt_n;>4vhJ<V^y|0~xMhU}&z58@ytG8k4gqLm1)fY|n4dY`~c26I4lC+QU}AnC3;5
zc7Kx&DM^2rK0U48lWK-tX?oXzjV3W{Ipy8uAvTSlE#2mqN1e#e#RSZHltd_rJcw&T
z64ec(Ri*`FTSwmUzO3Q83f7D<P*($c0*2z^+tW>hkxMWXmvb{1iYq5gr^&w<ip$;t
zhT_6dTo{TALvd9%fT6hDR_XkN;?kQQj50O8*2aHi;#P}lybg!QyC&K?_X((_J-#Jv
za?J$EY@e7^Sl1YtI{j)^B2%Nm`v)4lXz-5R3L3m<@YZSp4PG>O(cndcx4Ho|c->a%
zY#F>ir)FgGu+6QB8JSr~XMaPv#w{w3D@-*Af)|QDgDEIcFt>Hr7ji#?cx>dNm*%=w
z)eC=8q7s*`7NXwlgtwLKAMCy9Z{dgpq|=M3nM-<<G7|MiF}2Qv5uxhaWeB&j|IMzr
zb>$n)GkCa}a6^|!ODjx-Nq<LcN=QKeMSqG$?4jzLyCGcTBi&)t>viMreRk0ssO&0K
zG82$2clq`3{EN_c!Pk%^cSCkBJOQG6J>h@9rair)hHyx0j|WhBBA(4&2A!{vUAYJV
zH1<jIJ)-gedM25St~&w~kgOIa8^j@947>SBepWTdfB$zcHIH-0FDYlr31yq)`O>rQ
z=KjuZ_gVXLbF0(d-rIZDezvjOZBvfF+6=clJL@5@z^Rp#^pY&e-c!l$a*5CT1blxR
zB_G3o-$iUwk%oEUBuf-1Uw2J67;)vN#ToO6PBbh1nNK94=?^v~yyA2C@tjvq|7!7j
z8=O@6TVbA0!_FOS9E3d!gIT4GRaOq-kyT!<oBotu;rt8v7$yTM{zFkMua#?`)n_I9
zyW8GpB|OZ2`owua*9KRlCU_Q-W9EO10fD83jL-kIsSV~oS$+?8c6YbJ%iZ?I`qp}T
zdvhaf2fOP*dpEdxcC{T`ZCyQkR)gOa)nCW+f{8NIz{2;pl$oPb_H_MRIi-q)7Vw1C
z(G7dB{foJ6<u;Pf;-Al-Q&~lAn3itk1nF_!M={Bn2BN8eKc%O_EK?0ZvO#~d6Ig>H
zMxt#sG5y#fADkgMWE1+ZLr$jKLO%C(xw-SK)*+^NdXWvYIumSZ2xi{tTy}RlTifle
zz4fj3_WssRI|#Ne+nZFTuWxT{tamm#HJCZQ&R5`K_<jQ13!`XcU<WsW@|3K6%S`i-
ztP*@6eU7fV4H<}+=?}1Ssu?Y7q72oVsLXGfWsu6bTb<p#%k9o?d%tr<Ik&U7)85|;
zgZB1iC)nTWhT-P3ll?3qe~bLhO4i>o;?g3^PnPBVSXjAHT;N{CpWGnd&anm|qe`8h
zm$Ys6@fC|Nb#CA5(@0mQn$nn84wa>$w@j5m5U%rwS1ekoaNgTmf3~^TU2g~bov^*V
zyV0fA;reC!Dty-I1{-^w?fu;f3!)ppk4GQx`v0Ql?(b2z3rDC8e|TEGk7DYcZ>5(g
zd~BKgUwMnB=Di6FAc5~&7WRD$#)rVAflEWXG%);wF8sqdQ6K6Yn6@UWynup%aUDc6
zGaJ`I@e*nnFXwq{nf+pa`jZHjO4m`qs=0^d3(-g!g~DS*SI<?+RRx(C+pUVV!TziY
zQCjpKZER0O`NRzke>b%8H#BeUO<u(AxC9IRJsR<c{ZN9fvo%HBHL@jy>_YLIDC~9Z
zS4DW{w7RrFH_I}wmz140nL5EpcjqY>={5!<og)n)o6an9(^la$wpyf2H-IQ^!MFu`
zY{7JVOAns-PQxqJnw7<UH_uuQ51^DW#`qylud*imsHzZje~Mjc6w}_E8idcTSf!(z
z25+h3vn%Ij@YxkUyRwWrKD%;iLuJl1`?=q{4183DkE-xd6+Wt}wMu94QB~p0U~gT}
z?1viHRl8gHTuEDeyxT17?vC4Yt<-p!fg=ph_#VxhyBP1|+~BoE0~HO_3a!76T8jp%
zUn^*!qJdhgVFff$(LhB5)h+_iK!q>RKt%&}f(9xNC*p6QYM)vl;`uZY&)qqud{1$2
zCJq?HriynY9>*OC3*?IX`H}8kqwCp^{;a3g4M^Tl!fz^p7@5w=$~+#Q;O#-YJ=oCg
z!RC{EFF}8`5#1cJB3k((X`S?U&8ybL36;F!7;v)MsUz3t&gnK=70Rb~<l4$x1_)4&
z`|cy$cbfw&uem!lz4255mQP_*fYB&#Zuz(Z`GKB*F^*yf#f}GYGxvP3Ob|XPjJz*?
zI^NqXm@UQ|n+?c*ypPE$9o;l|!3FPQIyZy&G4X#sre)OeKBiL}cpnq*W7gZQ@IGc`
z19%_PZI#aAeN3Md*SgmxU7)^&l?JA>IC)q|SnuY|RDAY_<|CSqP6{EKkA7AFnvY)m
zi{_)f1vDSgd_?onE&|YegfGy1e2nI!3y8PLd>jX`yVeCGk4rr@NE!pOTXaT8Z0=_e
zhK+w*e9~NCs)X!*MNPmDedz=zC6wb2lo~c3%;d|%cf&QWo^YEp6NxbR?t5xend(hs
zz1?6G<RA?Sg9bu`vekZmuqF!yymPr3ZtSmbw}WTFZhQN3f499K?1t^ly{qneaJjzu
z?2?ORr&hAtZ<zv-t-|aLju??l!4Q1|KB#|z<%dwf)_jiw3V7qPvlnb!J!^NjF1zjR
zaQ&)%xf6u#?QUoPGT09`ws*H`FmrmBrohGU{RFs|-AFMpu*1<JLIF>dp;{9?Bg?TT
z9mwwH#(sNeue09X-U_$c!Pfe2JJ{RU-P&KjT;B;1@Am=merId5m~WQ%V`1gaUV(pm
z`7aaT+lAB-5bSqMwil8)+}geDY;`u<m-{<ZUD(_2w4d$nU$*zIf~&n}oz0ET_Oo*{
z*zZIak0ZqHv@NLVIz-LRPR5KU{{?>)DpZ6%Ud?u{enzimXUamCztl)y{Bq%`d$IAU
zA5q35$G3DX0aJ<RR}SK3d#jdonc#oAZ=F{@-YEN0l{2$Vc4h{C{8#s4(ZT}$dzfE>
z#Y254@IgGw*x*M*<JQqS*E};Rzhm@&p2(TtB7JfSZTmh+;it&l5mWUrr4-O&E3d2=
z+3ex&kD$1G<l?e8==mEm(g+%cw^S3j==36B%k#-f+gBUpb-&Alz_C(gr(u6<?&a`o
zNjL6UX~W@m&es|BzfM-f<>waV9Ll)|l5-_NrSoRmg_bxIJMMR*4)}IaM|9Kg=0Qhv
z3yR?<QE!85@bgbZsA_l*1u6>ESrMqEQ*j45%5tNj?I-}}L5M0`Fs|%mSI>@u;bc_O
zBFCZVTwKw)wl+7yvtx@U!-9XaWmk$I2rXHr)e+vDkhLg0ZGvy6g=eS9csVu!>A+zq
zEEiW;miv{He&PgBcwV6agG?0}RUd9`ad!YOD=0VomC$yt=|4DA%DPeJxyh?Vl6h51
z;w0pso#jvnK6WAaO5TdGi$V2<O>HsA+DlncR*BNjO>#W~={F3!uZ9CK_LGyiGa`R)
z5+YB}WGL@uK;AWIj+O<g$Sj{G)fQS%fjnvEHM7n1eLRx8D~d2D@w0d$toV$1qN<w<
z-=S2S0jbuo7B{2r4&$KzFQu`=gR=`(JFtv8@YYO*3J*?B>=nvPwMG8>xZmaoQiKBp
zw(tUDW1>_QptP#)@9{*$XK4;mR-zNEoHbdglY)g|*JP<J*A6LrUdNMcG$I0bFq4op
z9e;;)AKN)fHg*W~Eei07-9yVYKFS{_<FznMD+)FgY%?v``ca%rMxMPt{&0$N>;dH1
z<%EpU!c3y*LeVwTqN{r~n2h8)dUJw;>j4B;8h(CqqKi$Xh>%<;xm}F32qjTPLpk?w
za_%<x8n%;g7=;OE;TKYN5fST-ezQ(!<9~TZx}xGm;il)wC>V}@l2NRF8TPwBNiqrt
z>X+BUAnN}#OUC?*qnNTkYkI-NV?cSRb3@1Md`TxMb_<fiI4CGOP;@+y=qPDBEF8Zs
zT81bviU(w89dhx_n}fnBf?zWz2p|;xqDNH815>ozl%=97<QAc%39ZWg#VLp;5Px_1
zzI9+Zgdawf%~>o_m;tTMwYyW)oJzdG0;%S!r|fwh@kv-8{2&|fhxm_CilP%m=j@2i
zQyH#J5to});<9K_4zd7i$0u_vFfW6lP>sfv8e2N4ksG31%;TaANHJX$h?d-S+H)6t
zm71ajz+6}WWwLw-)Bn5|_pe*(dVirh_b@7achO1nu8_}ka?Y~=^&2h1zW_dG-)zcn
z1e!-{OMa2zcC@zTck&v1Yv+q#(YrqMgZ+D%|Ahh(1>$)PffxcNZnw<Ic?1SNDlhV{
zGFoIOw*+3iC@?VD*8DCxo@{A;Ocw~DD`Z0hd2%Re%cQqbiDpIeDoi!KpnsqFDtE5x
z|71AJr7;Wg+XRT{Y@474q#!>ntKufj<9=~H3<fuXe1Gj(8NagL`w*au6N03DXk^{R
zK_Z?IX!96Yk3XG^H@2+HJiMvr;qv{e56W!>TBd(@dl?Sju#&t8-S6RF8+$G2no?H=
zV$lsd(QUw2(p?fV{fw^0^M4Ha@HY4n-QL~483t^7IEt>>{VQhti{DP8>ptD1IzfMw
z{=D_mU|P2L3$MdrMEe^BZ=$f*Wuzo@aPJZ!G?!Y+Lok^KG(I6DQ~R|g<Vit{a8U&`
zQnkFkJYiZYEgBB%%;c<2N<Z#~$K7n?GxFI`ei%jyr*DZ_RK7inuYa%E8A&#y@I&W4
zt@o7A&jx!x$RuojW}xju_&RI8I0K3zK8{?riUA*);wZX&s&o*zKGnJH5<WFrH#TpX
zDaM^S+is$7Ve(F%`0VHn!osn7g)%e&6Aq0bG=|P=7(=R0?raEl(UhEW1#^OLnmQvw
zT`HVJzUJrAdH_-?kAItBvw9m|vrbAJI6gaXVIGytu$k~*-e(d<$h^#TnTfhWUb(?!
zS(SaIkXH)(EN@Q67ji4IyzD~N6-c+IEW5fZebGwSJuQ%Ao=f}>+(2X)4%)QPWhkss
zSWi({i<2wOsEea3-7hMJs4@>NO*P`oi2n%@j1}KO{sgLA)_+t8j+;7$GW6$B3^5Of
zX7u0kF_r@v3LvY&pHXp8#f3ntp)Cd^{OcbBY95}&uYYtHRA>tL+3@a@VkByu!_xMX
zdrQ$w)C@J$q}q(@Ev@m-MfV}Aj|p(mGOKoH{Xe98)X_h@rEjGak@KUN#ZG)Xh!bkC
zzX}TG99wN?@_z(Gy&U6DY|1nf8jvroTu7T8W|HPS_$|?af=<8*JMI>TkmZ%ko=8Kc
ze2A$%^st|7&eXktme<)u)tN)9;<)1H&!7H=U&<$zD+J;K0a-tv$mIb#M1*PRAgQR>
zEh+B5aKQ=r=oVAX1)BUXQpS@vQNK&+CTH;gb~srQe1D!Vs7b*N$EfJZHYC(^P}7+~
zO~+fUfO`@f>OBehg9LcjG^H*Zkl(Oyz~jz0cd(e*G6KFo>BS?qGzhm6SwUPwxQ1qW
z4OPr8Sze~hy^>~?%OuCTy2@pN-1!tdVVL6altJayS`d)K`E<(HW@y?luw8;0>r`sJ
zpnmF3o_|6XKwon<v{5MhHvYZ_(^9D6GIL-QD%dY6zwT#bJB6~<CtGgkR0Te<UL-B3
ze{RQEOfXlUW99$CQ!T3`!+omZeM+6w+)XU;mAW&*pYp1qTCiHJQ!-W_6S3cNf4UtU
ziDlQaiT_7-a)jqNc#gAh=Q!C~$AcW)++7;R&3}E`o4fU}My(uAX>fro$^y~ziPK4p
zW*I%?5sXTXQ3>Z=d^CqIPUj58F=^(Yf%Cc3Ndq1+ppbnqA*+7_tEJVbJh<K<d3B#I
zi@B3UgUE6{(e=<b#b3*ttSN{aH|Sk%2c{^N`I=ra9L#(*DxQs|rWA)MUlZUs<?E?9
zkAE(d{nY>3kH7Z|<wtkJf8WJX5*km1&8DToJt!|xUOte#e9&9r2Dxk$y<!;VRsRE0
z{1m_z3gV?-!`s2={^f+^aZ!6Nu~akaGn251llqKWH0}xyy(^?q0CH@Sxy+1*3T4j8
z#Tv*59ysm9!!SLFi2GMjH|%%9mNwj%?tkh??hr$MI2nR)9^JPL<0XldpNhG7#it@{
zj?Aro`|jZIpxdRpLn6QVL}eDwk=1rO?0h)=Cts%O_lLQduj()F!x8KuEkbLL_~!B&
z&WxZ2SS$(cH659-%O^qICpTMs_c)+s?nhB4$u^McJ#q{W<;U;}9%H_`8;zJCl7Ac4
zoH{QR&SX_Qc*F+l%iz|zOMrl}p7xI0M0$g#*;op0uZqWQ#ro3Nt%30(HdJ#im#Nd_
z-zXukK|yn8RmRulVR>mB_x<$=jJmn{Eo1e5jAL$Lqv>U4?1A?hQ<*c(4y@NYcfObL
z8B_^XoYIe9SdE->wf7%VeZMG&4SzOEp_K79L+R?^m!DOuC{sg9i^#BsGQ{QEfEouP
zri6OOVQ@Db^g@`0-?*9MF_vI$Xvw8E)F~Y!2;V!+<z9mauhUN3M1Z++;|eNE%k1K)
zPXjwXGC*!OJ`L<U%P_vpOmyGyVmQZjT4X@&9bNxb$`?z;Iz7}zvDvmQPJbP+NcqZ^
z?#`AK8oqdIyau|wLlso5K4HC)SG>}51Tc2f0|u746ZfSB@y{rUE~6fsC4TuzX!Yr&
ze2YT)>i?Gh8p-pED0%&Fs$idS1@2qQ$!XN^4|Mi<;oPx?`ZWk0aZa+?syM=UACJPz
zIR46l2&D%Z*YGJd4(OuG6n}geM9G-elbApK36SZ3eCUVd==~}A2bdviAH!ro`6MKN
zAxFO-o{+a;kc3IrDQ06SXE+e0GaithI0|4k3H^H%lY45!R5iekRMIBcU6WN|!U;o8
zdn`2V@tdVHCOV3_^N7@|*X4)P(mb!gLiyB>D3PKavAs263O8=lR(}NgR)p6klU-Ip
zQ`D~N2rEk+t#i#K)k%P}@VUQ`b6?s6T<)9l?R<Qg<05y>>S1kRAr((k59@+Ldapx7
zg`7Iy8_<acQUB{in14PHA#GcUPA9dqGi>qTGhOBdl9feZU)*5WLUVf=;kW2+gKMzX
zCbI4{yf=4?PuwvuuVXWge<r$$i_2+Y%=F^wjQvPxjFnU1ra4(I6VulGRvV&tPnFZB
zf#PkR*@apPV}m}c<Ak`+55)PC!hJ4J=0Y+1xG=%$@E}s~!?60~kb+CIxfo!<g_ZG8
zz_MzPAWG85!;||yC?2=34^CgV4?n&>ID1`F?7t7ctFEs3<vld2Ywki#lR-ZefANVp
z3SJyZ-?Sz*P4`ANowUlkUQcB7<nh96&p5+>IytJpXM7rTS<7ng7lD;=<M7%z3~P;D
z?K=vF<^|`py!1>q$IHrnAJKKaw3pyov#pbvUTYKH;3nfrwDR4IFTbPLZ(rBm)jozj
z=yDg$A@5Z((<{w$SDUPlQO{I!f4q#`cQIYpaU1hr7&E=NCcKTwC;t;(akIROsps01
zV*RQMzFjYmz&X3jC*UHw3V%e&C|QR5l9;#jTUaIV9gh<S|E;W4EYbtoU8*{WTj)>$
zW&A!_PC_~;U0kD%>uaXhC}p0D5{rzvP}LY8V=PuX`}ugRW<E+rae>c*f9Hw~{fB`n
zA_|TxMUI*rSE>0iuhOC^&y{}caxSYPe`;gJfD7#P0>z85-2nv-)n2(31(>L*2+y~f
zV_|rs^)aMfN|<@eZ^$;stjU~4yT~q=<Q^WX+r)ZHyGyvl!q>gqG}vZa`c@DeK%F-P
z2bdjj0JDIpi4X7yE;4xTe+E@IZHfmE;*Bk2Yf#KLEz5J^SW%p#I7e|lA#tu87Uf07
zJgdv5tHEYLDeu$)piNqYq-9WOqR>R4i9%DTz+=RNFU-uHHcoE=N;8$wRZ>cSI#|@s
znPN=ZWMg~2C4A~-5t#s_U~|Xo6ogj+eh_xTl3lExUx{x+Q0c&_e|z|0M5l<^OF)L!
zs4E{TSB}@ba8g_|Y%j#Z{T4yYTz%+W$&C*Z4Og)S{~;p%s$b>HNt3ZfPKNO)rXmN!
z>DFCsV;wLSJz%+g?;+w7VmMvrW-y#ChSRl-I)>AAY6HXRVmRG;+m(?AF`O>^vhOUz
zFr4n3h0~QvJtIoJe>k=2c=^g&fjN|J{_X{=aj%;ja0SHw>W20P$FpLK1v4`>Cvx^?
z8r@fN8528niuN|vclR$h+QI&_ZhL!oeW$&@y}jPvU*Ejif3~-|yRp5+DsXBgcjpC0
znq^}@WhXyuFg{4TgD)lCwapgjIp9N$*lLxWaZ8tDbQ<;;e_B;$<ivu_p0GN)VGsCA
zm{BcGv=9rQ#Xp}v58!Fv7tv&XeFmvD_)*wP8H;NwNEkf_y<R4J04!%o@KGv7#7(#s
zXN{u(Zb&_6n>RBq*`I`_KbYapDL#iR^p8V!YytnG<tuX@QEJ?B@&_I)C(p=LhHCS5
ze|I}IU&XDof2`Z;$gs7}{N3!QLDcK<EpLK0X>I{!j7?X|=GF`!$rSGW<zu;s8+aVx
zDYtqgj#Tc;sp2$chdlgWzsJeQbkI}ikMf1MbXv&r=@Ybo2QgNrZ{b0VUg`4C4e=nx
zuN6Fq!GoAuE#N^69>m~5j9moaK@5C>2QhPU5K}e|e;8RlM=>5%R2;_Sj#K#ck0ybQ
z;P6L)0U4l;G~hlniFWjcO*I&#U{Iw;RQ%6FY64!z!+UZias|{t4M-A>NPI;^outEa
z2{VKY?|NZEMmNDIMLOae3pFLLLUygP7vFWs9Xx*;#nc8Jf!PW6GH-??gRldakpMF(
z9QJ8zf1;^X@`^p;rL8a|r4DRW*TR@<W##x~rGzARof{G)<N$OGFq&ThFgf`i^?Kwo
zB%|PK*oVqSH=!VdRxaC82jXBb=tUjgKkZmdu+zt-PM=ZoR0`NSVYju|$5UXdPDqvy
z4o_FWjQ>WrZ%SW>nu(I}q0JzxA|aP@AZg#Df1#Yidl;nT?oxhSC7%*1|J0(g|1FpT
zTCUHAAdyI413*S*7qeso-)};=Wy7+64=BF?DQrS$Sz0ms%xGovkanMr9nD6-B&Us0
zx}qzk4w_Sxr9(>Sv<5vw_X8>^8IiQnKK#<9lRdi0Ah(W=d0zsm-XyC;o#WFmB)2h4
zf9hp?H%g~jut$7F$2+2pe3qvb<S6dk-O3G!oKS%k^u8?Lj7Edx`Py1H?j);`$h%7A
z%33!{2EE{ZO%TKRL$Jr1ScfaC1vw&)gEzTQ^hKO+T((T_JT0HE`eaSu&KJs*FY&5n
z4iC;QSfK(oyd{givV)ToTV*nf@opcVe{t>ee7Y<+zYu<%wWYHWSdprOuZ`{PItO2k
zA7M2dM9}kwZG+*MOY`_JC)G2wvT7`bR7b%TF{KruE(3mi!;Jdz<HPEwaxoW0!#jkc
zui?6w(z-AQMLCfc{TPeGIHe6LeEC-bMoFvD3nzRhA>7;C-ReGTZ*D#d+uQqle>?49
zcRgtD?QU#r@9sRi+}q%XOHQq*@`iWil<Mv<9WC`%0(?mY1lV=2#QA;orG)YY0uQ&p
z$vLmS;h-OR04GkQ%tGgZ@FSr#1HXy@Zc;%Wv0Vbtol8;Exzi#J6o~BXIE8++HkMw$
zVdW0N(sOJ{upVPq)>4fd3sb+5f1p`B2?1fBt{|&nN92DSWh-xSHpNM3il!Jb%EJ%I
zb;Y|8e-s45PniJ@ipb7-`O?9bmFsG5oez11pdv(C?qHaA$-eOxw^jGolF8kry}I(W
zYU`TxZtolsv{g7^Zz+e{Z=$f*l@wkNgTYN<FtceM#e)frYA1vvwpwG+GMd`k(xL!$
zk(2FBRZ<E;`NbxRU8S%_@;0h&Rq62as&Uaip~fXDL5*vodzo#SqsG;f{6;87SLwc?
zcgSw%58fuLeLcI{*}2-dx@uqT?QKx)Yv-!HzZpDh@6bQ4wl_C-HaeXe+86H-NG;tf
z9Cf32(7m$DFw7*EB_@+<M;d>7oBQ4y(9|`g+$)*gs>fzkPtPW708Q?KK@aYvK>TZ%
z0P;f7sYF=pU-*PVzOdgd=YlxdBG1|yWrcnh?!kaqBw0z2Z7&EF%i%DBEj?VGF%|F0
zAB8pl^NB&z)8wpF_>8I@gdf^a!w<<H<olvh$rW{+fd&}qE)@@))8T)P4;y#5EOpY0
z`3oh&qx-Oei#X`{Ml!Pvo`WsZ;aFKIj%%*76}q<?UY<qBe}M4vdCk!nmr7c0;@uj{
zoVhR4Yr{>L0~3_HEuGF^BR<u}PV3wdaXzPQl}61?`}q@1<dE)uUt#V8si;N#{u?8a
z(5*854pV-0H)NOkx<h}uQ+4C-JQFuo#LY?2rc(WkwGj2MV!bxCwTN#1iO2yz;VbQG
z^;}0;Ve7dSmY!lk2{GHvEvS&$*3A4$uU+fK0neG%mFAYFaO+`>^>JQU8mznrjOw{<
zj_N6u>o?iBt3=m{@41`B_skt^w9YY{r{RdBHPr(EThL6S%&31E(H<pzLF0S!2VWTc
zCBIeB7di|AKYO0<_PpQe;8qQ{cmh}a?++LU$@l>BQ!y8e(gO#D^baM#4h&791my0?
zUmFp+h>4uC<~Gk{@q!IJ(Cbah6GGEl?Jq5#UAHB>tKH91h328&55A*|EfAbF?v7ri
zKQ#GFu~pU}tkHj-@?wN9ERUCpe$^Cr(!F&tO&-q@6^*y_F!6mnO5Y|*H;CbNq*hen
zE?j>XPDyeO$i1;%G|Ni64yc6r;}3{0?YY1BZY)i25#s_cJkTzIZ~UL*8-FbWPHT^z
z_U36dzl#Hr+2G=#vxrwBfEtS1-{#JPZGU=EI)VKUolJi-weM<|ooNp)n#H=p=$ION
zqGUHTR~?-_Syl7;kj^YKUDaxxzzWI9qnwLtzEr%NCks_POXaBIp^CQvDjxLI$!RUm
zQtc?|d)p7HAzG!f&BFoz+xU<3(q+ZsbCXy15~j?_Enm2lcq*Z%&b5y8okF#n#d`66
z*1~CI?uUO+RoAj)0aSX8N^j~{b5>o8v+$7WYDx<eW^Pb`sqo9Twa0er%DjQ)wh!I7
zxe55<y{oh)ud7$bC%J%iK9{cwdqz!(zKF}-NwU_zbEWL%O)V(ht*e|MFkQBa1{WQ9
zJ#$Vy%(;G!>*w5^C#dG>Uh3MxOI-_esVgs(Y({?%UhA^$A@aPG3sinyYT82b-Q<_K
z%4e&1tIPdX7yq-M@p|3u67$yF7L9kiCUvBXce@tzZkPVJu*Q8VMX4R<xKJw|aQpM#
z{%W{$3zEFTvDUcUZdwB4)hQpZ6#CVy`ycw%8rYj!4n}ShezlGDiCwdr(5`5fz!TUS
z(O-Ww3tMu@fRwqd*Q-h;(altMX7ZF|#{$kyDdQ|Yq<5-JRHdrNhcGW_@D3H~dZ_E6
zuD5Wyp2r=khgJWorLyH-6l?+~>A?8(z!$wwka@mTMNe|B1m!Atpr|OPpH5TXdOz-m
zyf)Yh&%)b5k5(o)0v2Y}4|{DzV|lf4cJzNQx+%czD@NR(lg>?e%LAfG1hMOAbaQvf
zpu^tD?PW~~P(~}{`%7C^m8{YFFV}7Zy3Y>Rc$IAPfge}-jf0<bv+pmp{_p>b6q3}$
zm!6X)s(@>=@Llh?3wb_&qeBg+#L4oLbc6dC$}CS-zG$oHh+&2*<j^b?^Zm?!@w0zW
z(I3V9%({RY(}7z3knO|A<$ZWfz~l{+HOfl?D4u0%mx4j`&umaO*EcuY>l^TYDsO@5
zG(~`&*yvCWrd?f5xm6vdCo8Qd*_^JP3h=y?&L=HV`iY#`_LCN&O6q7iq0>KFE(|^7
zIPPw+YM-poq#61p+G9E-BdXj{`bvKzNHc(6X&5nq2|f7RAF}GdhxacG%=-)J#n&-i
zG0gk(A`-bS;M>*Y+x0I*sr3b2MjYgi*=I0ROjHEmi%Fv77iIu}PL&*m11jpmK0pb+
zIK8L*e7pML613URUwAg*BcjSmbzU)5$G5?Cm`Fl3`2_dBpsc^T{tIF1X4-#if!+u)
z3rX5A%_LU($B_OReWU99=*BcsZ2A2{WPsHdzeuFUAuI8UmiW1<PJwRmP;R12M!)`2
zCNQi!ZgiK+UdY0SGKaB_uheXY;<8URF`^?;EGT0eTz=?TR3YIs=17maI+SHtIe~_<
zCLwo`h&H)!E0-;bDOOu>H@bhJO_};52~DMefha1;qh5(3_N@mo$=v|FiB@Xluo;M<
zLIirWL`|j<H3AK}sQvR5a>@NnG@b{=bfvtjEOI0HQbUGT58fXc=%Oo(9q`axpLH2D
z`-@EZRdg8N-o||?y{YD>Z;%y~e0wA$oTlH9bbW{9NKq<#fZLB$Dd~SmT9)5HpYH1~
znmH_fRov0lk4ky9|5Vy_zEY|E_lhMi^ZZjUbkZd&elG|eS^B-)v~@+{M?*QQj8Myn
zi8^IknL_UtY&g1{bwsr+`}Yb-y(EBW(_R;K6ezIK?rZujYCjpq-MdZ|fyIm^I-@bl
zdh9T=l;AhXUg>fgM{$1?bV_wU$!IJqj$7^ZZLQ*%DU3=_0&zLz<6SS5)t?T+4$N47
zG?oDQSZZvgiDV?VWtMzFE>M#X{k#}l`W(vpG?^~HJk0+2#C4>o#%fT0S6bvrh4w4w
zpRX~f$F#td3I3Ax%%tcR6<jGS+aUN}{{T~;cjsU<qHSNuD?)!k?;}I^POl6R_{@Q&
zr3NU~M^awRaI7IGvAA<dyDzs*vTs&zDHB|WfG@oo{LkGmWV<E*Em_-K-+0D3YK_ig
zFTTH37?Ek3f65DdxpED1Qe`-!f~LfbhJNI?s-?6x&2N%@lJb`8V#<{`<e*3AS6v)Q
zo>EqiZDDmxGE{$**BO8MHJlbnl~X!RUD`xflc(;2O)K!V<CxAHD(p=H#@`v@y>k36
zQR~G}uaZM{!UTRGb_UKJ0xgp89!CA^7Qn6#;ywV|gR=%8)B&<SO2`nFiI6k=ZNmU=
z=nXS$_<;N!>L+jR`s}(N_zYkiNRUvH2b?^*0O?SY&rg4!DyG%bry10G@Rcr?WUYMA
zQqqFjoPd>8t?5zN7t=9mbGtzm5roSKZ8c#ZxD6PAAChUZu(5<T!0VWv50e*U<CnZ=
z%f(y8d{s-8PO29#NO}M%rdHQ0UQ6|>hqM{t>3f;c55N6)9Q6sTgBKAU^Wj}TqJ1Sf
zKWd*4k6wRenaArFAuGUfSwFOM$0p{@Fr<I?J8Xtd&NhBGXFZ{YMBJ^+mx$wFCexU&
zK%b3TM|2!P-W&;6Rduyl{?~Sf8x5oD>u~r%F_3;^2hGE?n?OGlqR5$?U0P;cOUNh~
z-GMAxI`~GdQ6NQI-%vnE<QAl6N8rg|@GPY#M5cd&ELX`g%W>d}!MORNAsZ5Go}65(
zm8GjdV>9VmS{lLq{f@C?OUJi#cNl4!(AO4rZrI{8S9rFu{cK-v7}DQ%c6VIc0>L}F
ze-{h}a7gYurC0De$yOMW(Fi7BPXG~D;$TADJ=gb5l*qhMY|9pM!N3{@%eR7O_?Vmt
zWyXI{vEJOD;z0c#CnGil?jx05_BW4}u{L+g(uV;aq-8sV`m&%=GT+?wdY%KAe-F_R
z!@<PPCd+w_R(aQNbUvjQuptV^n$ved?|U%R*Y3K>grI9N$1->@g<EsUbf6ksUk}4;
zri`SgaI`=#WEPm~*)8`{AB7{T9+=z8hEab!^2v{_{8GPNW%;rfO8N52_qHn1Y1B`y
ztvG)*rE6XMqOYL%a4HiO%6E<<9`!qnt*K&i6<ufQq<-Z2m4jnZhGt`z9kf}m1?M<b
zOhD<Q#%iA`O4Q(UX@J0a$*6Nfn|K$FZn$cF(CfX1g%IiNd{HVhx~l5##qrlmYPWx>
z8unh-bwODVwF}L<oNYLtHqNx0Iz1YLgB7!{T0MT5xWBs6)mJ>c+t8XQCiiNIZeJIx
z$GH>9j*)Vss?BLQ33ocq6IGzURh#cI`CDybP5p?zI#*wv)0!{(>x@f&%)?2$=T1Ye
zm-o)Ayr<lfB^Sqww~1c7Nqh0&rZj&)3T9Vq;VIJn`*`$<4&2wUdnBA4kKC)bSy+i=
zVZD0gp0e_b;?+ACkzPoZY_dUa=<qQoOaR|e))%h2>-2%n<vmH5*-mcaguN7^rRdzz
zQt)snA^mtnF8M-%S4+dN8x7fVnGXlxF!;X8Z%g0N+64=+rF8&{jQ`m_4Y_}RP~MN0
zI!dx8tNoA7b*8t{zhP5_k5YGCJ7JV(c_|62qaP!0S0ach>1AbtianaVCsb4sA*+ZK
zR@$l`+P$dA*o)H+oow>*#s0d^{iq&#a97>i`1*VaIP5f{OB@c}x@x2up6TS^^z`ia
zkDn&*jhu`h(lh`%Pvr!L03Cmq=(xN@$EBJD9hd01M8~Brxs!>GOP<_EjK5Iz95dY`
z*M>&!=>6$z4xHzZasBFq8$|bwE`l1~UQQj;5*wOFbn~K{*KNcn;O5n|RQw9Poa1;o
zHy_Z;xv8~h+`OFn^E2Y@@i5lYgqPFU7<xIi`OwR$|A=1BvAmqcWjKEcFK69z)A2l?
zrJi_tK1=02Wtl9wIG)cf^n6a*^Z735-)p>|v;v50#x;2`tI-F_vTPOBBw1J=Xt}4X
z{KEM_H`mt<UQh^SX!nDzrh!YlG4qA?sSyaS$jgw0t4U~A=ED=({8LB}Hipd@1`s3;
z;Ub5C%xTV-NhiG_Zzg}??#%h{JQD7DL?0pg2+>EVWI-Px`UufSs7vl-&YzFabxqH#
zdj#DBkIOx<^?>eyEv+i!<{r?Smc;w0&{$6s?g3+C=pNAKL-&CGBf1C1at{=j;UwGx
zlQ@<b&s9+Bm8YwqRNhmr$&!oXD%eI>!4zBtd{r=K8afDAmhFGSN+b*GASm~gm0uJG
zfe`p**Fcxu!xSEZE(uge0>q|Ils8gf`VG5u3=<Mx5k8yq;S89kXHkazTg)JL^)Hw!
zL5qJgi*5xyq1stM7elcKx){*KprrY5G2l~&Tyh^c&mqI74*1l;AV7+b3d(Mv$vt&&
z>^1rmX5XK%{eXY|gl(<f;^t4#TcX7KY|&Ux6aEBaW9U!N=0ksi{v-Mm#_}f=mtlkc
z1nYUkcs_(uPdt4HrShJ#OqN_6AHoj$5Ss8Iy#IfXKD;|PeoqatkMfuky$3AIPGJp_
zh4mhkd&<f$iuXYBbKX5bIbJ#02l(24+;4|Jq67v-cou(D|AFcG0X{k?jeqrSEM*Rx
zf>i3vidTTe?NTYzK{A23JdC>nxJY*BVFR6M2`|SoGn0;w570A!o`GDJ#q|u};{*K<
zrGdi72ioLLCO$r3xu@x{z{dxV%UQ7VfX;#)tt#W@EYKUC#QWgTSWgqq0%K$7EYRjd
zXMz4BItzcsauyVq;l!K;9>){oISEQV@N^QC%6rN%S#oil1iR=Yn6#7N?6_SzDtHIT
zesAKtezz?y{v2*Ta%aJAVJ(t{brzI+%E~W_vp{n$cKG_u3P~A#E&bQgZwG{dT#_qT
z3*aia2S-7=p`0Bby_Rn0V>*1jUUVJy$9Q${F7AIuSN8;r7x920X%XN6o=H57$hr*2
z|FnN_rs#W8e|Aj&C=Ui(`h=~0wqJ^&&{pnyX5SrM0IugND%$|!<mQ+2K71X;o!s}^
zUGW1Y@r4*(b##yWT`GmBlC0e5k8Z=?Quocv7bLijm(_Y#@(1^CVUdi|il8`cDi~g0
z+y;L?mUFeW$WwN}pJt4mbx>Sgx8@-@!QI`0yF+k-ySuwf@W$QUT^oW+fZz!l2-di}
zyX$n`Z|2^b``tS=f2`i8_Sw~k;ym@N-|DmXKEh{~r(zJBPA8?rzm2)2>i|d;-E7Kn
z!sc8(RId-uSBT_5BMOVrlkT2eVi0-Jc&1`ZHizsJ+wl6-tE(qN=A9lAO%sb@sudBv
zai?L%3rXD1FFR7b?7v5AY7eTW^m)qp=I4aN+t`S^rV@1#-DMIXuK`qnxTuv;b)gB0
zMao*(L4661EC=UffD$Oz?x+3hvUF|+Qshxh>d(K41!(s|B&47IbR{A#+2fgnzY9X!
zbn3q1NuX?w_2aS6C4PPbnqX80*B-x@(^tj|=ruaaZR1aW)!f?=t<|eqmJUFDO<uRG
zkh&uD=ANgxiHJPrs{@p|O1S0SH=PGLMYKUWNtrC9YyWU2lYSRMs;w=a(8H4iZpCjY
zu9$uGI8b7Q5(qr%N3?R%)6G^%p3PgMO>NhexKq%{RgOI)i)Gv$Yuez?`Y~W<_WT8)
z8i>M@elALEXx8z)Qj--jB8>19J7*=ci*8<UE{T`_fM)Nj7#v34Tg0@;cx{N|o1hV@
zP=?#HVakyX2`=X*J12KIv$%t>JO0t<;xT8&3=<c8#S~IqT!1rbUIa2PYMR`y=;aFs
zA^@__)O@1d@d)KT$r&~drH=Nw$zN|Q_Cm#Wr2UkDxfz*BYP9KIKs>JI#nHN2-ITk2
z5aU)W)Ga=AU`|wW0-3_j(*xiYDgj(N)3*mY_IV_GOIxJo?^Encx^VCtsS>!m<=~KH
z6b-mf5SPmWsJd1nK5qJ8p{J=Pl#cw$7HUgm^O<g(Ono8KQDrI=L&NoN`K1r6n_Ca5
z24EHku<X#irgxe)8A+T_b`fSGte*Muvy-7rQoj%x^#8G1qJAlKB5MJ~&x_s=maJ=Q
zeRv)GW3}iMiz+Z=%Iofwk-R-@!mF9I@<{-Rm53n=aHbKKe4CU3o(3Kd(#&0^=$QM(
z@`QK+9Ng{zHrxklaosgbWiM+Wzv_Ix^js!5w%G!PH?aKx7L7+}aovz!0tdCVxT43L
zO|`gepBx7}YgCTn_ATO6y_LLa<d`Qc;{1QqO!ZpC%{-T8_^!PkZiA)6W!6)FGu&@D
zPInIgTXkwRer_AW?g3v%WD!V$Ng(&YI>4=Db#5+93!TOlyXZzL2etkE*-qFSvs=8r
z_3jD0=*nFx_8G1Z{zo1{`v=C=P`5FMOe*yWdSn2>oplL0%Xh!-pS8z+irp`?Y2#z>
zk1uYMZv`QD0RP9&1@p^)4hjH{MlTMxEC4{+`;(E<9~<59&zibMZ>ZzXq=~fFM#RnQ
zekyP6jaT#7-*xJzFrHB=L;;6E$sAG3u+7<3hRnmaNJMjOAp-nQOky4a^zayGK^5vP
zc)4u6=Tk~=M6Wx4tVWb3vb^LITqLOj&R}@5r*7kFoeZLWFoch-g#Tduxbu+ytSJtl
zY%wO$>&W8)uZTG=3}gP&4-u4CLR@&2!LfZSLArACym3c530JXNL+tPTBu>2LPvTTl
zfk2wuz;@GTb6te0_>S)HZ1%YE_ZA5AW?+t95;;;&3lTel(@MWwdM-<Zo|cdtozDvQ
z<TkfSLQcT7RY35~uu0L19p4*<H-H<FAx?g*hnxJHszs9iJ4zYes#ozmzFbTiuul(^
zeSxP+DV;N+r2SR20{hEp3~`Bcp3;!V%}(m&XUP?!>HQhG8v&K@xOUBuP_|g9uBD^(
zjk88vY99T820F1(AQ<F(Jh#v7?f*EkGYWS>!~1kS_<nGd@lqm&m6`3#0ALht)c8rh
zKTM*wPZ}3fSRhl7%GV`p*|>ONkJ=VKJAG)$Xlm0Q$SYKm0xukaUUd=$NLWDsAXVr$
z{?c~RGkFv~P*3}U0g2c7`?czUgL2m|HPn9;jfYGKZ_*NPQkD)z_nxLEcJ}=;slZiy
zL<`c(=K)?yMnzt6Gppk>KY->jK)h2SP?tv7=2kyf4Tla@Fv+LVM!PnmZ$rvBE}c48
zevl)Fx})%r^Gn$YBMFR<aO^-mrque)a89v3ODV^qMtgp|qGSNxGvLcm19xR}wArJQ
zE>GUim5{S*>On=p5ar*{gBFhMxh(kc$<1&wPiCcMRE0UZyn_okt$>Gw%>&1Uh_qa0
z6_>INx*x^5;O9(#;x!L^w#3C28r1qVEq)c2=X+V8M2lyIKr5_HlPbN92`Yxe4jnS)
zJhdcjaZ9+p^7{bz(*j1cNOlxvLkwI-Ilitbndp0**Nn}hT36vlz**s{;pc|*72>*#
z8|M%1Z|sylUh>7jnFGx7a*0Re%AC0Z5$ig;H(4V<Tzk%mFA7<Tu;Mjw_Ym#Uxf5f)
zQF2JDSxXBS)o?oxJ3$fB-J$;V<d0vzZoNeUeIrg%3mgIeOtMgin_WGXW4I<k>rR;N
zSavcZ&Fyw14e;}KzVo5bs|xX56QrM}YwG%4r>q`q4vp9kkS>~e8DQmHe2F>MDAO~0
z^8J$d3k$#3DzjAVE$;3-(KFeWMD!bZ3iqZ9g*wHe)is{~N1v}n?M&%Iy!uXu5Hko#
z+jc~J-k)WQV)mHQ14e4A9Xu4ovju)?r2Nr_d!bR7-M$Y;GRrdPT4Y69RZY!>U)I-0
znckfl3#PWc2dqh*1Sd@ud}*YN#WeY@HJ+SA3(wJP;k`fefn#WA<nvZVr`0B^GmdgH
zRDju;Ks}oZdvahcvA4>IF=+S*rc3%UWg8%~MgNgD&ub&eK-GPVozf-?qK5RMMN?gY
zqfyj(bP?ItBpZ}Fvw_NU&X-~p+p-frVSazU`Km2g3~+^Q>Gdw#VfdDohZv}l+nQxX
zeD%nQq!aGA(jGDsD6(|f#aj4Gv(ik{2Y$S#3JlEVxXw$L*L0d88Q`N8xZDA>9(rP`
z*tsH4aBoiR>WUz*sXY5iFwLBg6l{&5YoskL>S)h8sO3A&aNn@)G>T5SwR*5t^v(wP
z0rWGV0Jop5sar+qRpT<bCk}Xt!$Ncgj78IY9&ZjWJ5x|e|DdcD2mzi_8Q)xz0?Y^J
zWLluIxQ*~sfLhaG2ucKvGb8=&dkVR+BG?sDl*1vuuK3~p)9BgECuGDfP&DS}>{7ca
z(=*QS9rj|1TjWGWOr-hwH8sg0p%$7nC6lfE05*BFotNMJ2JJM8EDthqyp=ivrf%rB
zb?>q{4-D$h^UX^=qkP&yIv<CznWU>CN>pDPlwzQXzuzG<N=nn?^#<{RUJkl#cxh$N
zn47F%(Na0mqV%bz>#W-jzvk6B0DF<7cb?*-30nr%djNm#@1F~qh`8*&HoJ-P=%n<t
z0XU?Uax`Ycy&WsAfAAj|eq(hRmte-iyq{TwzB|~Nd@TVm9fn3H5Avp-X;AV84PT;|
zg|(@?pTU{16AgBNx0|3>`qS<rnkg!=#`**^ylr#F1`Q|>7kCiD>u>k;s{YJoBy?VI
zZ<Kt08F`n#R|0DIhRB=P)c}DJvB|ak0O*#!8KBP7;?Km-p*2Z}Njvv6>G_#2s9j23
zYP(tRB+9MHW39DtF=?|qmUP8V+P7TjCjPA5a+_N5OOue4GVY66h?{h~@W#jN+IUhj
z8mV<r)%p=R)b!HN=?cl^%&nZ}AsZ8gAtW)fTf)4Hjxr1HILO<=tTr+AtW6^B@_?N3
z(vV)ZMrNv}4|{BPITGw_?wPJdI~ruAbr-JRvXqY}1`mkmJ&dzR>ai(?s6Wf?YNSn&
zf;x*s5z%BQuu<wQ!|$OTFL&k?Ix?-v=OP`~sOQCZHn->^0n{hQ&D=|@cD7b#Il097
zkzC&!WY>b`={K?9?0?M&?dyF}JOfDcxO_eZo{SQwXii2{<GnauM2!yXErsoy_l`A(
zEgNt)w#&YK);&HYUY@W9rLOig2+4z-Gg3Mof2i8mscQW`7EcEuS0#^;Vf!7no<N_$
z-ut{4>qd0BsE}zWB`~~5w`0%_9HciQf&v+EGUUsBdu(-!2mObcd;NbLAG7RZd}mSh
z{Md1QcQz(>)-H!TeVsy`X?pd_Pn2{AH;quoEP+YBN_#%yb@}ZY)i=f2oCILb9}9QC
z;Q$ze{n3#*WglqH3kou4w6cWJC`2TuX?3lIba&;cCRCMLW6j@Q=Chx0A22D{4n`YS
zUn&u|gd4CM%cV4`wn%hRDYS>PeXrCnW<T`5VCo28O~(N|-4J&!h#RJ3nPhw0r2%Ku
zP0T?;{y<)s2RTtbRrP&R7(j-^0Y{0K$e80;qf)^YhwTz{MVO|-L{)uhPhisX&7s>B
z;g6c#=Yg-FdlBs5W!8h4TW^o~lE-I8KuolQ?fYcc`{B$>wl#x=4yrc8sP7l+lYu}|
z<4F&H<Ws2<Qx1ccz?xlm2?5AmrGcc(AMR+s)Or~?=5atP`tQ4ohX4YN#<%T**QHB@
z9e)Ka!O!cw!sL*EQfO{5?i>S83Dg{zHpm!yMh%Od>9bMTUg+SZ_3$7(i&pZxb4L~%
zyVUXurNg~UbSk58*Q2a(n*6Mg{9gg4#g`X>(aGe3rw6?v5?b=w)2QxrUIxjKibb0}
zfi~%(HF<f0W>H_Ob^ypVPz+Y5ID8D024hO?OaAzXhzhYOk+=+(E8sfo!2utSE)kjn
z$`@8Xf)*hQqt|r?8U#3KQxdV;<(rl<KMKp0saj;$BmCVQTYxy{)vsV<%!CdtBAs>d
z8=ID;Op!dnN(0{aNnMu9<VOsWPJx8fLaGH^zA#L~U_a%gCqTsanS`1r8X3+7FI@bL
z8nbQCrlA>)h)8(<R{SH3U57JEkbxwdIW{SICh4^-&Etx+^iWz$-+9)x;)^EU3Voj*
zi3yu_S+Qy68{w>qOD2WobiLwXf^YQ>+3GjfPRf>Q$4_IyN=OrQz2Yz#LJYsB+|SE=
zCrvtL(rPP5@&JnV`mQBo=aC)9&YWttA=fWQYdm4A`k;{@XyBWqf%by^ZdLq`ePc2|
zJmpS!{q#i+l8v>T#0kltVZxpMLrUMnNEtcAM{AW_G&1l>hbV1jR${8XPk#8i<*iKT
znM&xq$0N4o=S~Y-k<o|HDXq{P267a0gnYCWVpawvNK1aQU}B#=nAOSHwXQE;fDkSS
z|1`LSH-uI#Xynq;2mIzox;!>^HoB+}%5vCCDLGW{yW)<Kv0{>Ov*C<A-#9x{AW9%e
z8Mh(<tf#80Yr0R>pdTMax!yAzxNn(cFxirS-P+^=6~9HSQ)s!O@LHnk%@wR$GIwQA
z0}wG|$#dsA>}8gn<xya+k_V69q#ostDVsl7lx-64Q}p~<*4@4?XdVtV6pfr#x(Z<0
zUS4{UL+~^J)XcZEx7DM*#na8VZ*df_Bt)bGcqmGb#`7D>k0LtSKTYp({_q%UvGVJp
zJnGHpSn_*N)p|!aI_l`2_0YThRnajh>Es8r)3dp|Z|9SZX_tex%XfR!*kEWepQ6b>
zNWZsE=<+VVH^07KJpwkPS{@7YarQJD2ud3JsTi+5bY;ZrYW7U&aX;`AcD{$_FU#Bj
z2){dQd#=~J#o=>Xj}7W~k^4IRJcPANb;iWtR20n8>p4>@7)t7Y+^v|^(K}NYbm1N=
zji>6nDQ%xiG0&(Net=%QM`+xQb68BQyDXo(WjYn_E*fXphbc#lMfDrqR(lrx6C$`%
zb<}EZG!{a9t&{K?qzD?wjQ}KG|MIT^F#f3;GcyOM=)XTUzaM`ewVJsb5c0Lk&6iFP
zZ9CJs;dP()dlQsGJ^FkM680sjxV|mm`TXU*<xlqU-TLw4)%R70gT<={|F6FJEBg0c
z1=RDWjqBHD?<fMo0<}xJz;)N`b!W|<)!(Svw|WW{JlVP|l5rJZcUAtR@btB10$SFL
z`GwW4z4I;o?Q8&MHokf~!a2+u990O-Kk}N#cT0RY4xcp}5%!vXL^XSJxyrhV0vFc#
zb$4&f0Luqm4V#2gegg}`gi=n5e(Fxx-<+^+`@ep0!XRDLlURL)I9^cP8z=APvcC$p
zb8|u_K5w&ahflul(%cvLcIE`X3RpwYH1P5GalwD4*C**sY2AHv<T2iIH$Hl$9)CUe
z$9HCs$N!-mb^T^DN0^WS{NXoah5Li!z1*pF?JBNGZ#$<e*)hk%+hy&9Z-L#%ZsAwB
zOQR9d+E&(YbZNEH!R1aEAGZn~k=!^`mXQ8Kro1-w>{A}MZl_(KUsHY}fHCqqDK7lA
z@eB{wL?Dhl{1Q^6vc9~izc<quIE!HQC@BWBEy&5?Y<wi)Iz7smmp)y%=vXt8G&Q2L
zew(9wTIoAlD`4leK5L+912bpUvZ(`+0m{g??K%=>8B*T^Y0jbZAh}VdM*WUX))HGF
zy?O9oIg$fOw71M&q}f&i;t+t$d|s<XK8W5$U4viOj7skI9OOMrEcLHa5Igog`mTu4
zE6KXIdPW4U$?_KQRSRq)W>t%zpi%f?PmzD*HXkSswOl*%mUb-C7tugfUiVicbgEG>
z&wo9L|0O%EDy}GNNPHS3AUa<(#oEzTxXx%r2_1SROvMtQW9a_`C}7x^V=^?B)Pi{x
zEag6gS<T3J_v~(dDWL5MKt4ALcw1))c)XfV!@bC=YPurSB|Kc45tho^{j)E}$@03F
zTm55S&Zu%nlc4i;Zg1$mn2*1HY~^9Xap{mIj7|SusAc$9+)>@;FAL```S%jlqH7Ot
zEVY3UlyUaDhijiXz{P$X3q$jzzEzw8UZ$8s0SIapN(U8s<rW`d&((J3<@YwzZpPX#
z8#pWpemj?0Ql_tXG|!Um*l&@^D#h|es<2WyS69=~MT)w55l2R2WtN8B3q}#eJ!*Zh
zn6oU*5=opeZF7qR46j!Vb(aPUac7QQM=v1t-7#E3<y|oSb!z$7Z_VrZ^#T#|S-Ok_
z3Moniy-sA!2VdPU7FF8=FUzUQPAqatF`0j!H+j>yQD5)mJiqj?bPK*-kD3#vdK)?P
zk`taF_mU0LH`&{GWRD8xzi3%7ojldFKUBwITGA6cmlS4`a8=8dp&0yT*VGtx;v!WI
zGSbk?uFh@+49xn3W$@!XU1e1>2ork>=OU&Jsea3D>6pIXjLfnD-A3tm03RIfbE8kJ
z3`_z-U%~4sM7&(wHLy4|JR<YJb3WBQrFW`o!f^;Can6#nYHs|VpzrG(utaNRY5W0C
zmx=T=AVGR|9r~vTte`ZmOZ`@0jXpDnh6WWhN3IsYeKALLK8~G1wLwp@W=)pqL4qqi
zy;-Meel4e?K)SExQZw?fP@O;tcxx+^Jxh9@*28FknF+F%%W-yOAGelUp$Ebr_MU3l
z`B4w>$vyd|Dd_*M<uhto%7Wsu70+|a{qfCS7&JmWv%|kd>>rgO?2gi@Zqi54&!Rmc
zDPaPTD=Z@j!kKQ27tQ{$%|2WzurwqhH*ra9-Y6u~D<aqOfk_9)i>+VP+h1uX@HdHN
z)QryWJq)9fhSDalWDA=8epaF&exlB&ynSYnkQ^83j@=(c+MgKRR%H`brC!|8Rwcb~
zUfi}E;}`a`+NAk$TZ?r6@o^xY4~XN>jUt#3Yq2T}!-UA-P#VywFiou3d)Tq3>7i>L
z<QOYkqM5QMcI|+v(Kx#3tmAT%&M?ch&P<?R{R1&8hDV?|vydAaPAq=np55uN^zn>k
z`+;GN$Kk2l=J^2!uhQSy&*x!twezm0|HAG(KQ|IVyXLu~Sgn>v8B}nP0C1K6nU#OW
z*Q?<?Pxz{K^Z{h1KTDq4G90Ho<`!BOQlkG;Y*cnY`M8g6PS257gY3q!^TYWMOBU0t
z(E-CxM+l$h%v|=EiSH<Qe+vlvL^7MlJtzBn`rTv`<q}~=s$W2)?l0Zb2%o^Aa_{ME
zb2ow#z|(R+b}^iPIITpD_zsYZo_?az*b5*W{2H>Grje8ty+-@WLf}-R>eTTSKh$4x
z(LTfkdq;hAdDLLf=!m%_vQ1E@9r?pF@7KN4cz<O?kxEr56V$3AwTiEKig=zLMGXk3
z8^evnk_a~<1u>(um81wb)6bSdUo+$ZBdwclmmae!_j#*#Ps}F*tmV*J;9sLsP@RbZ
zd_x6GPe^Sj5@BhCDe~p;6rg0GaSa7`UFnq2C3ElWhHTB2Y^jlN$!j*uAHOxm%b)?D
zmu_m@@C=N!u3x1m<070d)E0Y+)VQ-R5&Z%<N!@&dQ7q3`g6;?10}m`EIh-;Zvn<1L
zGHQXfdMxD%`MFAA9hdu@UyQ7B%5M|^f<L^7-5r_ZpA8Z}-;`WreN&%c)4+uof~0#}
zwpi)HjgZ8B|8p2|ucY~QeVu|{y(5GDQLoCZU9qZffB-lQ9W4As-q(bA{rD@~kkjd-
zMBL<O!(!7T$$*Np(sre)cHc_^MaJY96+iMiwC`z}54&GG`j(>1B#YlR9CyBu0;oLs
zq1?;3yUav2n+c<+(~lsKHYiDF=Hgtx$Pu@$JMW%2g~tt-bVxWZJ&q#jHAw%Wr0J2v
zW-wi?U}qcKczDJkkrelY{`$TdI1wu<jFqCZw=;vmXx77b_C-9{q}R)x!Pg%Jr#%v4
zH2fsN8f$HO6PPF`|HGM7YQg_13=jZeoU}8NQ9y#_u1X4PH`f5FQBN~wpqY_DwZYtf
z`#?EK@`QC57%}RkzJNggrQDg0C^{geAH~?NdH96nO#IHaek|In^}!6y<>OhTEmR<A
zYXDNmh6M$}llVjD*RCgAkJl%h5nIJn=fh8(K{zKW_z!-<;eur9c}3BV-T<AtAfV5O
zBBisEPjiU^T+LTzQ&Ib8$IQoVMr!U8wZ(=9Q`3PNl~ZV)^xN|o3|q@sbs_Z(vLxd!
zyO+gqzY1mMamHB4<fGV^F8EWmoECA$w%*EpGNlz_7dRT!-Wdv)j+W^z7g40UAPLFo
z-d|xMa8{!Eoleye+N0V-E&&6FSqv6(Uk8SZd%hWjml!Jy{?Z|oJPf5#^q(Z)$k$=S
zw-0H)dG0$rXZBIDMXUcX$5vy8`a(j*L%syXjBpCs3^z$~@kw=vMBCT^pOZGR&2{^2
znY84=;YEmuS%BM1{G-u@w|3Qxv(MY{ilp^aU5YgtFC)cQTX+KKCKCYK11ExATrd5-
zwUW-VwLe~R6GhNm1Rv8YiuhKcg~eRN4BlL$@RoV#V1%65HdGucr?6l2EUWOtX18D6
z=?aDj*8^AcuqFxt1WN3QBC;ryF*g##JdO(OJk9I~!}RoJRLoJ5?G9(B$IH>d_7H7l
zTqo7+pbDY1!%D>$WCs9Inz<gApipe`%DyOFyi&KrbKGpNQ>ilky){DGrI?t7evUGJ
z-50q6;U|Onh?hC^nv(dLXcf}0GL;D>!tqbvmC$F0K+O<OyhkG>Ohx(nUp|)5c4l-D
z-u;k396uK>o_Ibg(fnB*P)j1Z5WCTkIg3QJpZKxyNJSAue~AQG$esTJ_*HVeY4E;b
zi$%bOD$#mk)1*+&fX@AUv3s^q9c6&<@=Uj23NLe`&DkCDdGA*e8*l9Jp=Av(KAjwo
z$>g_KI<hO`dOGJ1R`>*;V|v2<>8-}uh=Az<*iH0uFKzQ_47o7oJcC*)SC{a+%9Lu3
zdRcpm!F~2@yR|TYc?{jGB~Ww+Q~SV`y(zB!h!C*sjD)F5qHQ5$1gD2^D%dXi+fA)0
z13|M$ye13X6v{G#*8_uGkO@mi+``(GeO`G7lo48To_T$COcGDASt|}wF;}Ef^PoV%
zfe4QmJLA`F#Nlry9M1x>p<6ya+C{xjckfgU=#L{FebLqcKKaP&N|g3^&E)|(o7sY+
zTlV@;=244sO?SZ)L-#EKsdUhm!Vq-7i~fvv4YTnKQmE$6Ec^1UzN=4s5S=Rm!6M86
zh6{aRtfWP3re7m6ypo)J`8X`~(P1D9pQC(#3Xc#jLg-GNsK)!*U87DhvoYq8(R|^z
z5d^Ge|7{b1rBzTXIEC`NN8}@$n)`)D&`J)j=RwM<#@R{@Z`x+VvAyX*mX?vp9@H)<
ziM9E&$$9vojyOP*F?pO-y%aazZaqy{^#pUm96epa2;?2~9S)wL^IVyQRw+w*yJLMd
zO`t}#K@3%K+y8J<@Ckh{eJbrOHTL1E=a73_B3uu!Di>g;Y9%NL-;M_Q1HsksC)p_x
zjkIBb3V#dQlsgjtH#Gj@<FNc>|3t85FrIC6#8ex;NxDg@UmiIW1Ep2EJVO`|pB*^s
zHckM|W!&^J+A<<fJ=ij;$klxuL+;j6oPIpEcwn_kVcO)+j@VJMh=17Ov;7~%%sulz
z_rJ;jHcF?<YkAFs#=J<Qlc<lJ@tvS7*Cr+P_YmP$_s6kmEsJ0dtRj7PH|$19!VSSw
zee{nauy0D77OwT;1ugJMFue%k%P&jumaB}b60432PGd3HRv&K4;b~8!8O>_hP&GDG
z*~1DFhp{^#hbNixv5e`+Z1zwm%%ziL?&T{0hd09bVQp|S7zX!TD9j4KB&mRLU3X80
zD58Snz+$o8z>po|u5RMkGgRaDG+zz-j@ggM)qIo=Wg-lBZ&^Wa(-bL#r<gInV^?T{
zGUO-yKUuWSj0hqYRKc85C(wTvR9S$}%$Q61upfo7Bu@h`MEI0SR|_{I2dISw$u)rh
z5c6_lJ|QO~rORKC3Vjd%;9PWZ7I459$m^OS75W{XgEstZT4fWvIWt(a3*>iSYsqY9
z6TEjzJ|stB2p#Qu2cMHjoRCQL_+qhq8Yt@|HwM>83SV6B%@@P6ROAm*hnzh+F>ieC
zLrI^}YR6M<S{=mRWv<1jU$W=e4E(zQhVIA{?Kdd6_<ibi(~K%&I~W)mG@)~KnqFM7
zPC8+Y(ySN~(JFymsPOuP2Wz+e%#RaAXUri~vYK*T<y$E>F*2OfCR9oN*d}wgb(^oY
zCc-fto6}^9QqrHY^IA>4ML$vHVWsjnXd)Hg&lFa#@a@&dJiGS@=otYf-rkJ>WdSGy
zB*r8?Jl-GFUCKdd?A@wbdloDQ0EHW$gd2Wqb!Yy{DLO<S44e99enea?S2@wgLgs)D
z8&=j|Jz8HBvxWkRGG&D?ebFH_QqzyJS}UdC(spZ#HJK>y8q_>rC5zf(M|cP0X~*8W
zOb7Iiq!841>QYCSeo1a2eu%-RmvfggOTAsFwD{C#n%p%FVvl#7&*G0gqUo>XhAtT;
z_awoLKC(2?NGeZ}^`-!nf09PifL4)2(?}Sno-ss|;8M*G(fYySdhMGzv4t+t^2rrl
zB8@E4mg#E8k0R2R95=Yqc1$jyZ<rA;tBidy?_JQu9LKl%BWV_lsJer}&jXHH@vteY
zm+bxn4m^L@63!>92AGJ38yr#fRb4V`)IuTUv`G?Y2m64NAecFUv@tSZJn}9C&g-)H
ziF!n+C&UsYfk1DC%umH{^49LLX%_Y+Pz`FtjhM}RlY5o2)^6Xqxp}zZOe+*qghL5f
zPt@(i9Ee&jqeGXz+nKqQ#FZr5SBF<bs3fBcfZFlZ2WLV@zsreP_|-6O({D%Sr9_5O
z0!%A3X{yst6MvOQYQ5?U1xMy(TRITXTq2uRP<S3`FI1r-hK*KAi>PO$1q26H+CcKr
zIDW@(JtcuuX+eNgQ2@t`dPXb$2VGGSbq6sKb#ZWffsfSvV)&Ds3<zfe9|=_WS7a-J
zyA|OhZNaB)!7buQ5<TFyz7bXwdEq3uc+rG5tx(6blE|Rxrz(78wj6lWpY3Y@<<6A3
z$iT{-2B>0P5!2t;6ePCk*q6$LL*lFUM5ryXf2g88SEe>&J>=0)K?|^3MYh-EB)~T_
z!~4pxh*6#dzEJVgh;<vNX*(&gHPlcc$py8LK);jvieCy=7=Zc;DNvK}kxi65>g<fF
zPQs~nItCF<JA(n^cBOM(RY|@h`H_uyWrZN@otc=>Dt!(8H0P0xW28r?3J70S<<?Dl
zfB{@aEYuh`6rkU7K5J7gho{bS?ne4VS5`#&95u9?FMTY|ml_p6i_Q>roIsul5-85+
zmSir@$B+>E29N|pvxE@Sj@Yc4gZBsvo*Il9P@SeTqJTEG%GAkY(+o&<RP`+ek7v-M
zlGQQRNDYq%c6-nm{B)VIwVpYBjpC?E?<4eIR03iwLDj~MCkWN|cDUl-x?}ak^+XI<
z48dYY{!HUXrhKUq7Yl(v{tzd+F+<f~ph?p#JU9wqZ@mq=s6bgnARx8&Q>W$>)+fv%
z+=kjzqBY(vgxu&IKAT13gs>cdaCSiVaCH#N`$0keQpHuo9lzuyDdw=!($GFNs3Oy<
zF)%YgHv$hhT0x@Uwh^;fp)O(<)=YOva|!+I@#Qbi7$zx`esw^)1?%(ayIn~ot#5Ov
z55Se2DK`Ja5NA_~Aw^@%bJ$evUpy1~S)qv=Ir;&1QwjaeJz!HQXpW17erBQGgq+a(
z8JbP`RIVWeuktYzuW|_-<>0UZ$}J<ARFlC1xyfOH<m9mQR6j+Ss93hppg<w4KSe+^
z|B7*1a5p%(z^4IR;DfN8FKIreIw6Iy_MW0sC-o_^lZ<TY@wGappMHvrQ~wlc*}nvJ
zpRUT-Ng%0TEwCvwC9>@yqC;_wMdMY*nH4&6#Rut1*<nZuoGH5u^3y~H+1f*~DYrbL
zL210R)%ni$i|pnMy_glQT?CN9(wi0%K<}6hi7+|xr%3dQZ~^mg*_7qXeT)m!M}6#v
zz;oYOM+^>4@ukC#<%yv@2-%c#`bEMr-A^fjJ}YhO(@Cg4Q(8e-NrH%9W>5PmDC1I8
z0w@64<wWSJ=;YYwszP_!@@=A_vtPWA4KBTg$8Sye<E2Aq%ZDXH)m3rHZ|NqV2&aFW
zQ6$DABrdUfxN@VDwj_SMRB73z?lGRkM(R+_I#~ncvmQiufx=Kbf*&ednN5xH=fS_=
zu?Hxa7~>-`hCt%IHZ5#*Yx~4JR5~)DHNycWNx+VT3U;K=cfB8uM=ku+hr(SKqTWu)
z8G+(r0uZMVam0UxSFB0H$v-&C-Z~XjUkTRT5|Oo=I(0MOU)|+EnW)ejul!HCV+8(>
zx{LYmgeUp`5Z?dMor%hS(VZk%cX25XuqG<#I3A4J>N=lOT-mq^&R9;S>Rh=58SCkZ
zrJoc+zXKJowxC@!W<I#euWazx17xALfVP-hz-){yV0jg@14rn5@OR)6cwjg<64A6;
z5`RRB>uaF)qiJd6{42N$z}>lMS|IRg5V*xorqnn}vO*3fs9%JUY#LCc7j62f%-3NV
zRfeX;l>r`<Kcw~C`jz$@x{Jn0$&kive;(U>0&BI7CLmPDfymOM(<Kwc{vnla$wj(^
zV~$NUQ^Sl9z6m%U!CL*4;H^<g@|*sII`ov9YE>@Mgd>Y`0aU|c02!nuVr;=9f)<Dk
zsof-)fF0QKomc@n5TqjgEn!HvcnK<@MSad}J-rNiK*myTeuB5d(CWymMj&#CA4YHv
zJhNN?1TaM9NeB?|!qTo02!oL-kNO3SZ*?34@+Z;T#-Ba-{qh+@&bj5d<JhXVB#kj&
zu73s#)<qjV0^3Df=q^jXLX>Fki?_bvrS8bMhADryG|?Pbutb`{yfs{vDNRwlHDUUZ
z13)I0N0^cy#;F;j<~>Zkm{Q&iZ5<aXhG-E0(41tf`8K~g-pF9xr&#llBzxAa5&(`~
zA-<dwdIabjOz<7V5|jqGs+=F(`&UKjqU`{>0H;|6Yq;N`f5o{~|DWRIt@$@`x@iB;
z;slVRRR2%vj2!rPSNv)6{~=Bn?f+YxKTZCMv-$znMcWEFLgND}vj$w^Xj&G>i6%h8
z@SCZdgdr$ZYDWXyRM319-O;cU+X0!nmLex<wIC#EA%laQ{K}Tx8$DvUnk1C`3hb2s
zgsm{Rn-6>pJ`Du7^i<NoS*Wr94*S6anZbjE66)?8&J}ejDe5pJ3_T=?v)Jb2D#1dO
zFmNF9@ThQ^1+mYifOQyA2-aZ=d<d<+0)ZQdO5<qzTRPocuO3s{?Lq^X%<Pk=rad^~
z)4^o6cEr5(O%c-RHuOxJN9FxV#rWG94i0V>%^Z-(W|dpR<4t`Qd-d`@`Zk@A+s^#N
z>Zi`QFwRJ;$u(C>Ob8i3At{Ep8rntEPMOvU(?#=RJDQb-p5fI;DVIJv=CqLjo<Q2z
zt-ndN<U82}5S&!2{w7t`IB-&}f~5o*OGty0st7wcsZId@o21IVRkH-#L^y@Wo<zw+
z_y^2%{u9hxG_n4T%(iO&l35VIfk5&Sd8=lEaRSKarOy1>w1#5PR(yIBnoaW`|0v|O
zr~hDDV~c58lZ|0o^Dp~Y4aTbmr?%>Fa3rFc{bL`of9=BzY#;vw*gnj__F)FL4>PcR
znEhiPK^FgJAArC9VFvaOv;XuDHcbT6nvTM;%wtJE5F^7@HFtbn$1-oXE&jR;*6H_w
zas1;<vTk4l@=q<$p17aJ>(CEGcJ6MV4QdvpJqT+8#YF>M3)@A*pSwe58+cSI<1Y`w
zXd%f2uXrTsY-Xg!Q()KWupFE^;a3|1sIQ94gQVCr02RbxaX0A3Rp42u*jXs)^rR-M
z>FOTc>a%dG4Y&Wgtp?!Rs{GGw-8|z`;4`hH2&Xr#^f_V5It#`FCS9@q*eXlP*&cAm
zOTYty?>HW?lsTOKz<BR1xxqws2wKG<Tad3HvRHRGj1IVTm2AW+1^75<T_x{%{#gmH
z<k#9!|B$sPmWCcK8%o@<vI!AEPdO_J@?cS)SKOP9y@@Gfmn4=(8xH&ulr<_iF~NZo
z6REFpkcWkYN{a?~sQ@Hr5iu*KXP{CF_##=82Y3u)3sP{!mHg(k)^3I4Dru8@V5E1n
zN0Cs;3v>yA4TMS&1z@F2hFbxaI2E@D!QEU~8WNJX5|Uk;qOGyjy(w)<XgHv5ECKi!
zFeAr+c{#>b7JOXZ(L9c}g4kbdi`idHfYDzpCZ;_rc13|=q9Oz@t_{ZRe`3}T-0ccJ
z76*qLIKITISJ9?(!Q1v);$n@X2vk9jV~Fn_WCN(v!6Ws-BYa7W{wd9+LM5r;V{~D#
z%xY0Lm78kdBbIoHjtsY*D=i{vRGPQrF|2CLf}JY|xzSKGa==4wNw0xJc+QniU1sSf
z$~Lc(bhCtWX&>G`^(+QKRKf>l?|RojRQ__Xa)qe0cvK;MXqG60yRfOM846&O10cYr
z{7$P)b8-JZF&m_GkN(h1zA>|%A`Ro)VWh2EYO^q7@8_|s3_4U%Id+5l-(al=2J4%D
zz#8^1Si}277goT7!Me%Z=VLG!tOd@ZBSak?k!Mr{g8zbba6SgK(6_%_4gHs^C;!FO
zsxaa}02r*D3TTo30c&v}*}-41=Kkve_J6^e8+KsO*y}G?SN;X-gZ~b!*@N@{iwA(O
z^&iEVsM5b#Kybcd?{`tC-k_w_subx^bk<3=|FKHDnf<pa4c_OUDlItw|E|*Deg0Ny
zFqg=|`4k6-FW`RzRHz{Kh)F{M*^Z5_NPH9_d$_}p^st(P*sz+K*zgP|sLUa}P#x_`
zJqPV-HWBR#3qvd)CmGiT-up-tPb}XS^Ix$CZqva*06v`!ZpB<nWrgaXYebcyQV63t
zgyNv`&v;P0bYZRj(r%?Qn0Dd4z_bgg1g6~!bujIE&3+Ip1JBFu%@dPGJHhHxMBch=
z2+6}~%auuqiKYM`6)6%1^M_S<CLkQ&=$I%Zl{YA+LC!gdYwSx&#{D6NuG4mEH)%5b
z6(ChVb7GccPbgwIlS;YpDL9W}p=xL@*@hY3li<^N8v_Y+J0GWf#0k9T5>`9Br!3k@
zGmf{bF#1Vz;>SM4e`uBt8>tLTvxffptf~LdY#AWfxB`r`-|@gW>&ynm+3$ErxZuYz
zV4N*(2ji@9#XmUvUuYKI)3!RCwi(J=Ou(4t1fqZjd=d7dDK^dYhBy>x0gqwD$vu&r
z68fU?&83Bv1tNG)e#mWDWC%DZ&x-IuNLE7FK)aaA6g$i#zz#M-pW-)!7MIyU1`OM6
zaK#qK9WUGXjUb;yN=B+)ZQoKEUkQ_bn;HBQaYJKlbu8rqxN!3)`rmbvS!IG2)$EV~
zp`_4a3H5BsM;ntH^ZQ14Pu;8<-Bxj&916o*w_A9M1)J;^o0kC|c+Y6#itCS_vLoWn
zYDq+zfM<l_ymFYG%<n;_3$1<<0w5X*0WN9@0R=ViyCC2tVWt#Y5T+E7!9h;GWb+pl
ztSi8%uvEqUudopYck_Xd!KbUh?Wg|-DlFMBg9rTwDir4>4*}vmbrCSlYEd>7!FKa?
ziFf6&X>e1qKmp=xR(l9~Q!&ngY^92uv_J3Y^Bz}%u5(4b2P5p-r(=W<`4k&fq9Vec
zy)#?o90<K?AzM16m(3ETa9e-<#gb7DypZ=t8grTp7T8|Um3ZdRuiUp1D_&8W)RyX=
z2P)m5lDozMqU6caLH@cMpEO0WNmh9`D)x%zz<Z1A%ScL2MlWjC)UM>~jG2C3R%Z0S
z-~lB(=Bt0uDIb%{K8>h~PjWQ+lyC9Lt+SryI)aWMc2qvZ#%b@kT=(39pTL+K<2DBT
zyzh3~C8O4hX=SUYe~jx>fi{z)6|*w25!-5rXlhLZK#MNw0KAjWb@2*j8TIXuZKhHv
zDpLbPf5gN`zk>qoke|5<=&7W@i7*ALF-^W)%Uov9@-sVsQhl;dGoO^!_l+b>o!kg?
z>08;S6v{T@HWy^D+&VnYujG9ZPVVJ^x(2068yjy+MGto~^=<m^4KZUacos?x7Svg`
zxxTD*fUC=tv_DG0xi{}uI!XIO7xAsYIK+Dy3oW?5$ROp~5gn(m8$T$g@w(W(A7yW1
zZICG;Wo4kZZj1dPm6+q#3N#x_wmGm(=B2^Aki7)lojK@C<6iN+DpR-l&@|hpztN<>
zGI-U0K!t7Bi~WT@e8+U>f)~8EnigX43cO%r0>qrO6XvFB#LIRBi?K!9tp<D;4dq?G
zG>|Gkh0hP`CzR6uh`TcP-OFGz72{W}tVq*t*{}RGk}7qr#$f-)M*UBHFYvcpyu!^5
zKdFpebc7VK8go|yI}>47VHSoKKi0(@98nM$gnm9)+fpX{#&SX}b^e9Cnj?wgT@;rj
zU=<Mj1Pke*e|PBTik0%%>@J%HUAp@V-?}UevN3AX&lRKc(HyJp(Yz<FH>K`ioR(HJ
zS4nY6UYKblO9*c*I*}ZkLg)&yq0d||S(yRi=+)yQxpvfa7`rQVQ;Y(cxfTJWs(qrN
zV&JZ0!I@#i62bE48SpILu;VDzHcRyOcnnzDDC5}v?i#v1n66~FtS`*fbGVx_Fiw>(
z2>aXL_jiSTQ|cABj=&Dac!RWJm&<XKMm?XRo#!)UDL2`^&OCV)r83ofZ?UsOM6XLO
zs}g`X(cFFgqfsu)YN&JYm7o8`w%_4y-S0e^_YYCG$+`CcV&ub$v$5?Gqxl1)n*xAM
zpUQ*TY<cvJ$GbPn4}z)bx!v(%{LAP$srr74TPybmnyElEt_~WAVhaof_(W&}Onr96
z;v}q8o%!Dt2~M<AunABlb{h}o7`IIjRgXuVEJgzkkutN)E{!c}#8f;f*5ZMKQK0SA
z*WzF(Nv{eS<@8_v?3_RIzsOfo<KF{hI-S!l6jQ8g(e7pDcTApmeK3$cQ;om=Xul3{
z(TV9KOtDs6gJQcmE%8!fk1F3;#+sqPJ<p|?O2xR4pPxOx5xt@!P=mTS%%*hjSN%F}
zPC%4a!fH$S#tQ#Tb(AuohKpc}1aV!#xdMWr3+$_RYod7zu9maYjQ&N^lD-01U4tEX
zCi-UQ=Trf>{<daNkYBp?>m07^jzObGzAe_HDj(ghHE+uAn{1O+cYoeZQ|3eksYdfo
zmg=<G9Jx0aGy;K{LEEXfyoIwRZN7fHWcku8;g*qZYmm-qobXS}mT0a4|0&7KW^0$G
zB|?o9_X8DCm7CKvB~R%`<dJrO;l0VPluzk`u=0Fa9faq`qYadbdCtS;<EEsceu63y
zRYr(U6TU^_9*ODwfOQz5fi7Erb}ygVFJFb}`#bccD#9G{up)ej_7vznhO}_Xt4k|7
z$WdDsDV-U{&Vbn9H$sH@@JTq)L$!+mZ;syrJUuC1^0N}0vdDSs7GP-rWql}LHfyXq
z2YoEOX^GCUljHbSx4Rox;v0-~3>#X~xXe5EN2K6X23j0r1)y8RTDe^r`j{*k#*P}6
znCwhj=X%7gwbIwUAw6Zu4XXzSP#m`KZqqDURw<aUFXG-t5l4#LP_az)FcJkR`WjD2
zri{tG6Ofg-iu=V}JAHHjip)^IQk+7yzswW@rJA+BaAihU=r%t}6$hoN9-zm;PUAuQ
zNS6n3f@Es(t6-<G4sH^dKiUw4dP`-8al$kTmQ09c!)kC*Op0YA+ED(nZcemyluSI5
zE(=rtDnZtsfLQ86F)Nl$QFdDb63eD9T1&DcS4isjQLzU%!#)6X2l6<{QeVr0w^Aw{
zN{!tVU&8z(M{*D`tx~aI$r|{}E#BZx#xZvpf-6LmznbfRnIZd4Da%~?DRGCG4R_l8
z;3_u%Blxk~qx5tbCvv~71PJ_hZM((7cP5tedo|fQ0|R!le{y-fkyqv@+^I$7Xu$rS
z;;m*pz^uZZ<^))0OG=J21hbSbakg8yQ?CjXvrx5Fb|-d!PgWVYay~ZIZIVkh`Z5RE
z+IBpjV_Vn$D7~#@`GNS=@oE1w?PPPuf^eV7r^RYjJ!ns+t6|+nO$Yzkw~889$&h(Y
zd6!ieI&yxSo)kf?&vH+OLq6=xZakyolN)^f7M>xszY@SQ|7=BpZ44TiF>L(h`Vw#z
zls@~>raka;dZlW|q%tf;BbmA|NNb*X3wpxlph{n>F^Jzqn9wT8v*<0p#Es0r@SHcR
zV)H@|`UUN(5{@e)M+cbDz7lPeHosmH2YHUk^hcisHsntuLBC;n4-d`f7zb?6I@3B?
zsM5{d4+?<nwRBjiP|6weQzcnfC40z`#Dn+QB)e-SoPp)|RVEEMWAw3!pMFF)2R!~u
zc}}_xNPE4N>=L`XX))^7@Ii*U7~9v$Zo|uAeT;#X704kt)*q^)8;S2XCiY}$;Ps3h
zp<O;UKccmXyt4snx1#jOW{H!l1b!Bt%|fuk>y!Z`qWvh0^k@W|-7-`OAnPF*pg3_M
z5&1<6^cySRw5GT;o;sC}FKUefr5+U1JTPu%o@7>vuIS0foDr}|racGF5Thb$tXC?K
z)!d2&)X-oFt9RN=L}W7j0m*14@@O_vi4{sST*=7vAOtwJ)6I)RwSz4#BB}^+Ji00-
z3>*M)+pNLT(H?yky{8!6L~^sZ^Q@9^w&_$FJQ^^dJv}zbL4zzYBzwQ%17B+E=4B$$
z%I~44L=+2GAy(qiFn@Jy9eLIq^Je$e*pe;J@`R)Mph}duBL2zos%1;IR1&!C0VxxM
zq`fJkM)Elad5wx!$ri6DrP-l+Oypu^z%!st+pK-$GLR^m3d^oOb9oNpKw+jQPy~w<
zyqZ<<J9wXYkbL$?r_b$gYNLHWKElDD?aBe`*}EoRXqUL5^)$rm!<0$kZ#P>#C}$(O
z@gv6h$MxdwR4Q#S0!e9#9hTj)(Jy77KavYaeRA7Q0sx7wGz{`I{J`6iPz(=9HyHz>
z1^sT0PZ%eD=fr>gsW?DFtluI#j*yYvv-#1KQTFb;UBuCC8>4M6MkkXd*R9sTL;58Z
z>X<TKJT1c-l5y%=$CwvpW_PT%M2={4R&;Gg#Ef(^zIZlEGk!Vs1n2B;hzTRw==k1h
z!5F2iy9XtcPK^Zn^xRNY;oY+<Ly=Sf&HP|wbb7BTFD|4EKLR$+XY%64m&bX>o49&1
z7PNDGKka?FCivP$sY7#<>LObFzKbXmk;)BJMteZ|zMU7UKYw!4G-!Rns~viF!kEmp
zVXj4?4^$dG7}>?eCKi8M#)|GCP_ZSxkfTOMdBmML6kX5rX_NA(wPHhRfe;g*jN!37
z%1V`5E*ocF2tFPul3DOg`yfB-;G}PkAP_~rAYnlNkq%Qa&axNNtT|gex1Ogu9EGI%
zP)ylmXb<%|5X*z`T%A(II%fjBJ+H&}NEs6+Za6iSwnYlzu&zZSbIDc97;Wr3%a0e>
z9)!%>nhQD16gsm`zUG1T^)mov=oZ#VRs+tMSo<KWzBd?x-{w<{Cs{Q*z~938tkxV<
zNJ}*e@m30q46qJ!IO&|mla^|ZNK3JzIpa1M$D|?LW|Mo-p`tlaq#Ah5?cg_-I%|gD
zrXA!?K}g{>XL%)siRO@dCvo=|j(31Z5hwE$;Wg`I2uA%Z9RFE?j09Mcf1z{xPLQgk
zMmDMitrP;j-bprQ2zS$tC?2c>P8E(#ldY%eq@}`Dg(LSOY6!O$6)6Fmb(0$S8=r1|
zrNt7YN9f_sWV2awxZHL!Sx)W^%tZb0RIyE+!m`|+8YB9deMYs!TG{>srrmlh-_Xd&
zLThS-bl?A>8}oi^6X14L5yz7Qx9r<<!BV&NR+%>m>7&RUvH9(x6*vB%rfpM&%i)4g
z$6#F%KnT6c41T@Kg}9#wK58fDvxOkRueLuUgBx%%TZXgLfF)m;ceUjwl76$Z{bu<(
zxt@3Lwa@3*#|O!ZDumQ+xJVeXnJ-%1EvescDNL?nmW{oLZvlr^Pd(!vQcQM^*k^4c
zb5ffLDmjhAT;sgZ(^ub+_*y!cUqiFKdJz>2x-NjqAUcvAdc=Xm7Z%4dxL1{KOb0qe
zw+i*TJpxrr2Qv?W9G-3XCg!$b`q!pj<eW}DLcL@{;9g!E0xC&<inWCA;-^H$2>Oz&
z1QZ8uX}{43E$C(NeugRN**JilQnKA*{9hHqy9M{d`_7sp2Svt;S!vPFdsI46t5JQg
z3n4|*bWqo0%15O+SvG4lgS+JGH43tipWdl(@9n$T_x*`8zD^IlmxSkM(B{gI9sX2(
z+RHNXHZc6u=F1h^AJF#o+;!aJP(D^wlTaeR)=$f^)w-*_e!UC+Nw5RJ0hr7=;}f*M
zkl@AqK>9l!c|l?$#J1I&x|s5X-|LY9WcnOxGtM%Rq2A)}`!A}sOYF;Lx_{wq6Bp8X
zJk%bl%Xk6Bs_nUkka-IcU@p$VvM||gX<NUa2yajOMxvSa85R=_{7EDOJP5@sGd{)(
zMS0>9|NatiwOio;xE!=U)Ex8$>JDpM4gacG75N^c9bVYEkhy7$yUsno*4NTLBGd0`
zpWd*WFGMvtAS=3bC}ZQfR-R!e2*d5j)UOmGwR&U3lYWi892ETLG3N3DGJunK!aRuV
z?G6r*WNZRAw;IKM^Ye6Q6puA#WQ<v}fPn>->d%$<@Qr;c!2U!T<#$7#P%?awgQBXm
zHd1r_M;14(4H))8xNovR(nkI_U`Fm`Ueeqojb8x`g;_R-ui;5goTbO~cu#b^d#A9l
z?59sVsqS8<`>us+99sOoXSwv0j@uaba^f5~lBR<Y3!5{Q+lo`4Ac7&}!{P`?O)*re
z1n}X6baP8L0pi4!kLSEcES)LPrfEaqDbso{4AyF)i*U=)mi9@s>Jij-EZAJL++}D_
zm1Y%qIF}Ec30`(BbQ){V0xHLfl^9mb{-e86yApC!>hMhl6AkU^SP(xF#B+LJcP#M?
zr_TMP#1O-k7~|vi8%J>8Jea(6PI5F|n})iO$fFS~0j4Ob#!I&zMt0q^r#UDlp2Q(1
z6dTo)-G;gXAG#-aH>!2q)PHZ;Tr@!980)`rX$t)D%lVkSo=U|OpkbLNov^DHmS$Ru
z%I4QpgBreBO?aytr!n%)ln}<Phu6JKXOa;M8j<_F6CNwKY;l9SVD&4C*KmcvwoBjK
z&G%k>Ie?SPMlnxzL<}=!TT~-4D!hytbxLRqH+Qh})RG@O?zi_$z?2FmGXbY<F{m=;
zi+3UixhU-2Z_8fj#UHZ5NZ(_RS3f=+um<_{1&&6cT-UoeWNykx`NIk`0igp&1Vyf2
zOl4DcwUK^CW5?oemPxXCr&bdOM-9kjJU<JQNCLF3kVd9I6f0GGlQ2EGyJ!_4JvG1e
znjy^|Vq^(d&Xn~F6C^OwWXiK^cNh*%rBauDAmb~Uf^+ZSc5asO*NCY2t*>#E3ztBk
zJq)~MLOx^mRdK~cNx0$K(Hn6OT9<B<Cp1%RnPNRN>H#mPA!5d?SK67sxZB15#!J=K
zCj_vc%37DFmv{%bX)VuiBZa<4gHWF(2u8h@!xIs|5US#16K;K+##&00QZU7$bx*t7
zzRxAzFH`tm0i*<5`$}6!Y9&;W)^_f>T<#v<Ik7W!x}mUjDInjJXBzQY<O`9y;<<Av
zkC-~7(ibB&J3eiCNpUM7I-u2efQU$bnBhb!tbtI3e>gjBxP#y?60iYu>|WRqPgTzV
z0dm%eH=E6>Tn)l#y+}cncD2|HL-UznbDq+PA%+j)k;O^+HZJJQ6+Z4GS27yKbe3av
zmtE!E39B3-;GUq-mzy8R6B8XuoT<y4@jD0t?gPeOnR@X#`{aag-!Nn>7c5J4$x=5)
z$A6%JlOCT4e>{2zU`E?0M9Qs^X;}_Q(an{oum2;_ieOHn7SjE8N0W%7J=Jql;f@On
zDQO>9FxMhUuNWrfC?Ud}_!#lRS569+m%TKql3egmB1Jn~{k$)o)rERt3z-#yW7Zg=
z+^4kI09I}`uGqRAxSkW(nWM1i+dyt^>I4=X1I+iCe|Dgdze=N!JFF773dvQ$5Jei0
zN?B2~#}WLKM2mL3@Nc*_A`xFR&G3McH-wyyDm(}N<+AK!J`xL}OE~J&3OT3%k8M~&
z1jk7RXJvcPTBB5eBU@xsI6<FUuov7tV`XOa=%b=|j26YSC-^EdaMJg{kJ7);=?J79
zI#wlVf5=D6iFi;ojH>$)B_Gi{V7iffQ*YCcl!>QM((rR1s+)u9vxgLsr_|=WG=3J1
zDns-NBW`j|mC7=-G{CJCv5?$}^TN}l=1!Dm@UPk5Rff!+9<F2E@Y=HprD76y6~R~)
zN1BO(7GkmC8Z=?;t|Jw@F8t7AA|9305<9c5e}|hieSw3Bvw@@`%Sy5O%&RhXh}nc2
z+XL=#VQc^V2Nuh_;@x}hz@Ltj3C2G=q2=IgA|FZ3k1y*~vk`S{%0sQ_QlHfMAepmG
z5@++|O@-svCu=@R(yX7Hshq4K8S_CBW_9vq<D^SPqH^3=5=;4Mshv*$=gq=-L5yIP
ze?BE%7A9oNb3uLCwOgy1+%?<fEbCNEI_jr~4Xj*u*Q|UwdG>KOTg$Kgt{}g=2?!_a
zNc~3J;V2KWe^`!8vDDO~c7^4$DVCb5%C4{+n_@ZMA1o)PSZda>><Y`NDVEdy!E$Db
z<!pbjoSR}fH^D+gr-A3lcFjR@T<*DLf26F8(ME_-Q=E-(yvZ(G0#Kb>k-V|sxkC0L
zk13xwvHG{auJ7;etS8r<2J_93ETj^5jzuP8MGH`j;(RMmXjf6U4Jbxoz8xr(J+W?Z
zY39}dgE@geb=Biz4K<YYkQoL2){)&g!3;Cd>!X|ReG^nh;lFiM!-+2@e&m@TlOUof
zf7OCh>mBX^q@uEE1f`A;ln+bg?n=Jr)sICoR3$KwO}#XsXY~%PqiTgMFEe%)5<Eqk
zs`$3NJfJhez#gyL=rG$UsHTYD`ROK<si}G6Vn;8>V;0M{pdQ9NQHlChjk6)w81FVJ
z>OU2=mi4IrEfm_;;==Me?@HP-zsU0BB}&O1o+kQPYkZBr|4>T-0u%rg000080Hcr?
zSK?eS#1;$y02`C+qBtLhkQi6SbZGmJmH+_qq6q*I000000000103ZMW085iYqa+3i
IqW}N^0Q(<Xw*UYD

delta 35022
zcmV)qK$^d!#{%uf0vAwA0|XQR000O80%#alT_|JF2@C)L{E-(Re|vA+I1>N=fcp-F
z?-4t&<s`e^7QuBF-lQ*F`nV+B-XSRpTB0p(C{ZP;IBu`NeU|%Z_epMs)YFoaI*FU^
zqDA3YBt_2aH#6kWAOH9VLOOree#j!)*(IIOm_+XmhpxqoXiTRpVzKe)hg31omr>TI
zhg;sZw=+l-JLhaRf80}y8ut3xKAZ5E8!lt-c`6M5CGvjNGX7JiZ`TTG90;axt>@fV
zQp<_)Mt1JX4B6mwrZh~1gKLXr-3e7RVg?4mh>zF=jlPU0d|Ea@6W4F}2dV;SoKT@z
zzvvlL&3#=R42=QPzT%0=R{k50rbH|M;b|cqMQ7fWn=l=xf0`*+(V&D-HkK3jIXHqw
z9y2inVF8iD138s?$m59|3wiNQz@w+nr>7k<<ADib{`>cm3wR6}pN6J*{_!+EjW;)6
zNW*qFH_0o(sAfd52~)&KVnRkHQV2QY@sy0&L@GvjtPK?cTd-eCks?34<W!N<nEdZQ
z|0Rc3l(lYhe{#s&?6{bI+szqv%r589D8_O&kFv@1@L9&{Uv{?kgiHhYyH5?pM;XV=
zH&P9=1?_rX6!c2^jzb2FM05^3k(0An&SJu~POEg$Gq6!T)EON)AKH#~gL@=l%22RL
zlm&{5Ym(F0CrMM9QB#N>ssIQgCpk|g4YS$I%av*+f7BzE+fu3&m7~dArnmyE$HkoZ
zP6XJhNIon189rXdj07MjFbfls0wpAuwnu(0UPq?v3}8(fXKxPg+l74^6GP7!p}{$g
z4WOFH3DJxyKO}#J>6BuEI+;)aD9#Mu;s7LqxCCJs2C|s4*k^>riu)n@1u#7YEWso|
zfp@Ave|h$Ukj>54aln+ABaJ0l$IK6734=M)1mF{(O_%Q-qk0O-A;p?d60n59WU)Ud
z*jlrAQ<>0FtYu`mgK?nR;$2*jfk;8onN@MH_*c%QRBXyRqo{CB*5##1B9$2mHl<>i
zd7%Ne3hN!I7=Y=6CH4rIjDgi*4FoY5mIg0~e=E@-ux^nGc$zY88H8~X?2~34zSKtV
zmeQaeIT=k+%;2e5;I!-m>!^BoeWGMU-tag;`$E<ac${7UdwvM2*QDeskiK4E$};Lc
z2ayDy4REBmm>#0}4K&!5&-B1gwUN;P*X}u2geWEjhBaz%yAKL~MHTqN^7)NaXJaYP
zf6A5-a5*>JCx@wEw)ug5QP6oga2r=SIRM*?NrXV8W0{&3({4Bd%S`SKdgR}vIZNT5
zE`PajB_Oz7r(X#VIvrQzLnU%RCrn_a_Dacf9=OPKQXN66aqnfWdi}fzw8LWM>Z;3L
zq~cku(a`j82Ex_}1&x7$W~&b^l&!2Uf0?Z|g;m2PgCUA>-;SK1SL;*<zAYa<RYfMG
zPg}(W(VL>JEp}j{zykm+2H>YWK%D23^vR5oDFaLyXaDF9z&OGFoo#7Sh@wW_ry5h8
zbFTSVuskVPLVB*yCrYMCgMRDTA6;;b?h<;9N~;s)U$Zay#AVu1m_{}Kh#{##f4+go
zgVCFUl`2(cp0IifRhYFmQqd^kfKH>NsJ|tpIOfPj$GX`G7nnSe@w}861d$NDJwu+*
zYoTxtGZ_#o1PB`FeppbO8{(03Z#etO)TVN(D_A@=VYep4ZqGvwd;P86+fH57?;&2B
zHX{ioCU2c5kB;k>2`Qin?TWBIf0#$N3Qkyv2mOr-8a@|5KhcB_vgGsO&eqP>VC%tP
zYkLC-Zqsf-QkxcMpQ*q-8G#e__LWTbA$h5d7Ie%64sW-HL_kX@Md0%4BdZ^XnoE{m
zuz~<q3^2KxaUqC6y~|isOrl~DdPS4aMnUFfbVH{WI4t;u3Q)OKU__Iye>2FggGYCx
z4uFlGcaFpRBpcTw4}Ziw2$MVAHSz#vR9PQrzSk#tTdV!`U_h4}7TI|c3|-yKiZ(u;
zI+>q#c27GSeS*X6TYa)|+UcKmEG6x|pEh9Xw+nWPw#^j_nm(c`vC<_~2W5u#HuoNo
zWhYlU5A>>j5uw|yX(5c)e+G>O4cIX^mYPdPGM551BHf}xZ>MY<5~mB(h&M~|aSWp&
zN%qegugJtj%|<A}>2QtQ;B!}*=l9xLw9U8+x@=loWaTcOuM5E=|H{&8j766YC64wZ
z=BJ9AIYdym8eqxh?#;xe1fNGn6R_uH8@fJm``r}t8_54yOu>NMe<o*vBk=NN(mYLh
zKrxdC8eHyCCf%6ZdY!rqKUE*=f%NnAJg@*$Us&6$McLG0T{*V~4l355?8sSx%giCu
z&J@(Tqarbkr-FZgari1V9`06~&6zqN!ZL$Otn9LIe-iKs>^d>KM*(Qtgv;8jrtGwB
zSu&1Wyg>1D+=2xIe<KI*hd^2j`8;&Ob}oYDG<a{&tIq6=WXZkV(S>R3wsssgL;+6E
z<8$1MOdVNhMBpwHkS&;m4-6<St=n(eh~B!9fPJ6stlK<rk+zPiYiw*AD*NrKJ{A|Y
zvw+k)m9w;^Td#btG0Y|(RJUE7#fd-F8|uO?ABr6O>a?Vhf9ls0jb=AwR|naMdN_w2
zF@$n(DR~CCS9m2v)slThCxPv5{k?q|SCjTybgYM@b_!PwMg?VG*fCWPISS8|6Vuf_
z#Cga>V$W`-kl^4bo2ELagi<w@S)=Cpi2(SWcAQ=nL!en1lIpxCCuEJ$p%lD@<C+D(
z8su*W)Fwrre@jJvwlct2Zy~-Kv{w@6_UB9T$ekfIUMK`|X-?C4Z5i_LUz^+;l(!<#
z4qe?C>}!`8gqt=);}J71_!}NU5C^(!_Ggb1G;ccMhQ1mNZ>x{1`{v>xqun=;TD!07
zn_CyVp>J-da8=)2Q1&(W=K7g)P8v}uX4@=+EjSi1f39-0zC9PIX6m(>^co#*Db3%#
z!ws0hY|0fb^7HGT-W+?8|BeR_UrB`r_64W!Y%%LywfuMmzHcD@wK(X3bIy-0@bJT(
zYmt$G%(|(x>$>TJ{yTHimPJ-&ky;jsQ#T|(u){4xa_p*B+2Ni?_N)=W-i*9YnN68s
zBLta`e;=|S6?R9IZ+l!N1?|#v<tPhsS4PrUe=2s6t|((${*LpL$7$>eGw>Y)8=)FV
zP8@kYxCHofvbmX4xwpT!xmngBu2)uGt=^iIXoeLMJab`siyj95trq51g24)#yj5WE
z6qKE-{(zmsR{bAV+b^Uc)&fEP`<c1iIy83fe+(KUL$Hi($TkU40$IscSP3|LpRyQF
zyd6p~(Fc<br90z?x9}Lso`-<B#~`e6CM?K<6brbr68natuM9=stp`Prfy|dc32W$&
z@p$UUnb1=-p|v6EySqo!&eqlvOra>QMwM5HEsz#jF@w=y*khM|Yhd{suD&u{eg8#q
zf0aSWMXI%7>H9mwQpR5sMS+a)WXpjmAhe1(+>7f<a8hhaRe*=v_TG{`BmIV(uM9W$
z)`*)I|J;B1eDv%E*?)0_<>ySPYs1UEJHt!PQXLS;c4^CaKo!e)V5{=BNMx~8Ma;6;
z^erO&29fo{dXRPe3_hCG>F3n=A$bfce-AAD#EdGo*W9z+6k|W!8OEACclRDW?v=a_
zi*Nf+MkKNVnOK43Rr~U&;o1J9^1PwEC3|fUJ(mHW%xiVVepVu`T*yrn-W)XuWI#>8
zG~O@y!e)7Yjb>Rv+=4+KNO?vDKVxLydA(aV%=>p{m{qP9`TPx;;kQ6=S;GwwfA?UG
zh&!5V(eVDS4-ak~UJvdJUKxwP)Ncq(H@2|y;WI0cNq!%{D(up5UbS{#w*uL^7`a&m
zvYo<JE06_cUrPltXR9nZ78gZ$l>HXPS#qA*ke3Q9Q)eZUJ{hH8z2#M}d?Q7=M=wW*
zz4FH>SJyJ#uWRh3;j#7dLe9ZUf2a7PpOVnyg3#>daD@P?vSn9Rjzc!L*DGQ2;*MkB
z5M?W*L3#VXtz?Sx?zu=no~GklsGyeC@Vl>|Iu8~UCDfet^%YUuT$KA#+<TU(Nz(dV
z^73~5pz<4&&dG!;ZMxUIQVu4D7s0Q4t-R0Pr&Q?t4Q%Y^%g@S{7w(_iH#_7x54HQ_
zof>EPL$@}hyy=f)T2{+{xL{=pAMpSGP)h>@6aWAK2mnE87+35w%iv~~003R1vttbC
z7Jt^pj_i&8f1c-j2ffVf31n>U5R$c$Jp_`qIFkz#$jmuA<mGAX271T1J#G`iUT?np
zQR&jH?v`3oyKQV!npsI~>r#?Rr7D$Fzjzp?o)<uF>4yDI2>WkY&a^b#lk?ih56Ao!
z(S6G>(sFy3pNhHEZQrg8@NYf~Fb9)zpnraUz@KH%Z((y(fB6uOU?Xgi{nXv?M!s}}
zWtPxh(~+Uuk=9NHp`JqbWcx>^Y=|3Za5WL8d2)&dQ1U6fq$70w`gSymm4oql)gctV
zEpJ+TE$yZ?x`q*md)*}aTAUPc8nX<)4Vg~@TIPKdhY2rV<}+q44RBm8u~8b(-+$=D
zW*xm62KT&}R7w6=|M|zpPho&LHUM`-3=Q0eaEW*PCfIcqLmNGq)z>WNxXp-bEQW^S
zVRk8foL1Ns7(*NBnUKAK)H$fH>B2lBU%3WR!MR-GPLqG5guH>naCcT^d|e)vSH^MQ
zTW?_0&DHN1tM_9Za|;`jUS`G~cz>_4F_^REZa{qjB}Nsv^dol{bKce(L#eS^l+@YD
zteh}qnWUwRrcG9y_YRg>#X8H>n9?#ctg;(s3&4g)jS%{;4Q2(Z2G8JjIOv5iPrrdZ
zD#&shORy`n<i3lqPUsj7Be6KABoJzF=~dckn~*S9Zd_w!mZkgN+L1WMbboJP$45%Y
z4auj0J!dJ$H=>7Hyw2;i$bhAVR&SN^#Zs|OnU!8*`EA?cR2QTm(Cz#N?55ZEVhrHX
z$lt@fv7R?i7-dlAqd1<~<cBy7RbzN)qq|@dr4Q%^rW3)^&5{rCD7{?5M!#Hiyz43K
zG7hyNj@iV>qpS27rexyGz<;4ig#mu};baO1IB>-G2rOc~Vf~=CuKbD)#Xp1{uYQ#;
zN5A=W5O?V})XE>lbZMipjK;Ek^F(9WxfwK;(O9;OIvUGPZH&R3Eq8qzjb${J(O5=f
zxz;M3A7eRpPsPVPwiTRTgBae-`x?afTmvsTJhDp;hAV&}92RtSvwtO?jp}|;UymyD
zr@Nc5k|(h0Tt{~qv0S0d&K`)YS3D5W(1K4zaLM74%a&XP+c-X7F|W^ue8{4qim5&P
z+!GY8?0^$;kW&cv>T}5Hd%8L4bIRO<70qjlMEk0usPyg3jnbESK~fdZG?A98r-L8j
z@+trCtdR?-s1xD_HGlUTl*$bCV~Du!MOyVwsmWRIQ(H%c57*NpT~B%jbW-XxtL`DS
zIh7ov8pkv7fKI5+Er2>_o6v_)>u@{3?O^=vz$&_P!j^IV)TM3a3ayg1e8%Tq+5#z+
z;`T}eD9|{H;bT6EfpBM)L^OQI=JXw~Rl(22e@W%2yr{!CFn{+==Cm5!4*z`{M@cB8
zaiI!W2ZcHc6)2v3T?O(kkFmVGYM?8uT%R$P&$-qM<<pBXS$5{LWEWNzbEnfUCfv1f
z*TP-Px@+kN+q{8^@m>6_YpiW3jb)ja;}F3zFPp`68=WLigKOsNNJDD6?+IzZ&wNd<
zS(wk#Uh#SeLw~5R=~ot+?p2|p&;4)x_^x<2MBQc=aPu)N1a;f7gi|_|V3%|?4z5M`
zq}x%%F*n$W+UwzM0x%Y<BK8uTw{?d>25T|8i^(94;EIMo^5d0B(3mj0z7h9(_Z;8l
zF6wt_Q&505vPxdxlYTrRJnAf*^acHUndv^hC7qy8f`48jstkHPwOVL1UAm$UDw}9C
z49qhgXrN}e<l}!<#emXrhB0iZ8(V1MB~e#EU12_S1?^$K_M)CB;1^Cx;-pM)W1rVI
zDNeDA)?3<(jV`gAbhjrvGZ%Pj7XwetdElu{v(nYv)~b~w(+y?S<V^y|0~s!1U}&z5
zYrJBB8k4{%Lm1%eY|o#d*?=+48&pYK+QU}AnC3;5c5jm#DM^2jK0U48lWK-tne?s$
z8%<)^a>~2QLu?v9Te{6Jk2;Z`iw4Ykltd_rJcyfwB&r)mt4s^VwvN2xeObeG6|5O!
zpsoq*2^fltZ%@|~j9h}DxSX58P+U1_I!*q?P+ayFFccSt;=)i|7>cX90Sv|Ewo2zG
z6qnxgV3euxwKjj6iCZnI@j4tH@0w`q%qO6h_V|{x$rTeMvwdPxVO?Wn>h!BwiA;?K
z?;mLJqQN_MD`@bd!CR{ZG<ebAMS~X&-s%R>;B{N2vt{u9oSKoz!#1}XGcvP~&i;mS
zjayV6SD0!L1TPeQ22)U?U~cQKFXVm(@i>u-UYhG#RWE-?iAr3$T8MhH6W&&`f3Wwa
zzl9?bkWMeAW-jSb%1G27#nd_vMue(w7a`or{x`eg)|GEGPvPNa!VO&_Ev+ySCjBj~
zDIo#<7yT(3v4^T}Z-;P=k93Douh)(5`s|`NP}x<eWF{b4?(*y5`4^$@gKr^8Zinn%
zcmhQCdcq!mO?!Gt4dIa19uJ`ML_C|l2s+;&yK)f#XzY{ZE|dQ%7=K<h$AABKFEx*I
z$1f>o$_Ztg<k`~m?&jXkZufcnVsoq0-hTG%dHeasZnsT2{&F+i?(D3GyaK0IQqoJZ
zBzsRKyUQg$?-THClza;ReH*b&MH=RXlPpo7eBCwOV8oT57H7;uI?=537e0}Mra#z}
z@QTmi$1`3z{j0_AZGUi5<!^;~J_$RwuyGLfEDUCqHda|Vh(}g=xo-MXdWG{Z<Wrao
zsQ3>>wY*lYeO8~9?CoxQpOx@1`{@(s0bLthk!tWPB*)Ad0|HA68K3`aQya{`S$+?8
zc6YbJi{19d`qp}Tdvhaf2fOP*dpEdzez_f7Ze2cqUW4Bi)qh{d^MZ*o)4;;_H<X#9
z6ZUldOgW{Bg%<FH)zJ-mu>Fg<ZRIwSFXEpsUQk&@ZJ3sB<pk+*-X}51nFgY%fIp?D
z!Yoq_L9#)!4Xi;CBhj{+n11Y#56+MrvI%|IAt%#qA)ouY+}wFy>kv~sy~u`Hoe8!y
z1T*h+F1kCNt$*$I*0c4k_V(V^PCE#;F4~(^rmt^rZLD`TIyIO%z0OzQV)(uR?uAh_
zGO&Z2KzT}5zGbF)NLC3xkUmG(+=dLq%k&3WIn|8SC_}XxmH92R3{p9FtF!y;V!N~3
z-s@aa&h0$gY41G?gZB1CC)nHShT-P(-5Q)LPD0X)u#*!l7=O$B%}UnaG2+r9%QwsN
zek`oqC@yfX;!mC+-_EfHA)`v2ot3n0_VG1~FLh?$>(fYArkc{2R}Ph>p|?zxK@hI9
zhgU3Gsc?R_wf=nbS$Dl1>~+HS_U=ZPT8HZw?aT0aryFcM>um4sR#*_-_(MGUbld+I
zHFtlHx?MOzoqvF*)%z%>?)g@FiNeR0$^VtNXlmY@zyK2XzGY$Gw_tn-TpGAEv`YiS
zKj^|gj1%>t&VgyGQRM{`42<g_nwi<S4vLph!+1H*Tg&Vh`_rF9uvEH^0#?mEEMJI5
z$|w{bBf5GnORg%&#Mo|CtPS>ORfy7}_h@6g5#<v%G=JRC#^2DqwKsVYyW<ip^!I4Q
zANE5Dw$9cRaW|1IA!HYd-$r4tYriVOGpE(11-e<5dA+3Uw8_*7M!Gvs!AQ3;80j2o
z2-$RIk(;&(r?J%{Wx4@GaSO&R*kcQ(<6C<0#CIBAsn)D4?z?%`a(Doxj4{R!ae9^2
z@T00i(0?g*rBO`#<kTR1cEu_kT~F|qIzGE{ZU&!S;j=5tsN=IMr#4jPOtYW)z01Hy
zRrsh1A64O_s#>db79Uj=&J3Qd3!42<<GN~hE1xTAi;s7kh27n8d#;rl4>NFt;Thj!
z^5!na`#3XrZP7qQ1GPfyucOwYf$G-^8mMTX)?#V_4OBEx(Ll9}05nkH3p7yCKyA=K
z<>5s94OHz@3q(AhCgQm}$CU3WKAVXH2C=E)9f`+rN5TTR;(mUlyVvM?_M<=RsdWRA
zH<a+3N+3q2bFwmz$0vAu5N{7o==R{`lZY=t7<D4LIb=n&@<q}*>F=6Xt%(yVdBrhc
zvy<U38h<ATSYC5?n)Jp~1z0|XO#w!uyt(D$3gid60b?A+4vHNQ;%4soV3{C%QW$w(
z{B*pxSuk6SH#R3A`|&;|t8{cd!3!>UAJe%RypM_ZF)gEx_c5K?!26hZAG6+eh4(Ql
z8^HURZmV<_?_>I$xYoTk=>qjFtTZs4#mU1$!hd>C-b}@3e`r3U`RJq&qWS1&1)%xp
z#lL7i+FL;L5zR+5AMGLl%}4kG&Bw=RKDvN-o6N^?0K02lF!H$6Q-h>2AiG6pbj0R<
z24Ogni%*&hOqGz`uc-<6u`iwAq=a((ky69PgPDAJ_-?r7)e~-WW+D*=-+fPQDpS3Q
ztbex~jDj4bL1EB9h)}lL%MVtwP{2DEo8iXZ`gS{b9_+TaFZOoZd%<ql-h6i1T@NnS
zH=kc{vFy}JcKa<;AhK1My}=P9k|`LXZ@>pNu>24T*qZNAKml)Dbe;tpm(SbXt&47Z
zJ6ykPU+e^7d%N4&y9oAzjqTm78qA#DrGF`KF?`<u_p%!)CI)smT0|(|Mj5Kr=owj#
zJ?TJpH#hd$JI^}n?d`2_s~v2u@3w<y8@pS3>lf=gA>#c$Al~n6Z5H#*@_sC=+}SH|
zFaM<hzFkNi0l|L9WP2f*!>!$m&Q@o$eX+Mg)rDt!o%ZwHy^Hp<%i!|a^Umf*XMg+o
znHlW2(Z%Bku{&)GYPt?lv$K;i<MDsNUxf-4p^sOyovWYGtJ#^d(B&^R(igv6c<Nqk
zeC|h-@yO8)T}!}J;`x<>c-h{nC0!a^_pP(a#~Wo|s&Zzw$<EBckN^5!ELvE=e-HCZ
zuz08s1wM*r85{hFXxutlXPRdw<$rgK{?8LR6P%|{PN8kzCn@|CnLA>t9;TE6T5RQ&
z6(gHH-2D+0mycXr76(0lLq-}w!|;Y`0_UAx1Z;WMth9Z-LEiMcJO~^sRdyP-=3WlZ
zmUQEul{Or1=X{+}|68*nE<d*@=TOc)ken+CDxEjeF0{m%*ipY5b-=faI)9>@em4&~
zqFYc5KZ$x1T!Ejz5uvK#Jrt-YP-jJ;mQKYT<S5IHhPI;soChJQaKX5;lU+SK42I39
zq(zQH(Yd&yb8T&IglESVO@;+$%dQkb5L&WKt0TNQA!|{1+63QB3(w9Z<K@@{qyvYc
zuv}bWS?*U(`iT=j;dzAy3{WyvWK?~)wZ+{&ysV(y@K-|Hy`ul%OeyO|ndc_27D?t+
zDTz(UKRe5z5Pa-H@U^@ZV;6(!4V&6xkhPbxqO207pPS@*1k!I9c3%%+?3<IsGa`Sl
z36ZB~GL&~SAnzt<j+O<g$Sj{G)fQS%fjnvEHM7n1Lp+kZD~d2D@w0d$toV$%QPs_b
z?@+4EfK;2X7B{2r4&$KzFQu`A{nK++JFtv8@YYO*3ipqX?G?&QwMG7ixZmaoQiKBp
zw(tVu#6+noKxtLo-{VHaXK4;mR-%(-G!FzQdtSwpcr+pcw?C7dG#!5jbsyU~N;Y-~
z^gRmjiQPlXH9pFpn(<l~rWFMn3bvURZ2c%snvrK8jy|5C9D4vccF~YAT9`=`T`0O{
zT6A?U2hB*X!?(vMxE?@orQzqB6J2a7MTF!+$?amKMJS0X8p^qclXEx0x3Har!zfHR
z3%``Ii-=fv^qX};8_$0;(j^ry3OBt-M!|6OlZ;~Z%dp@5Ns>`GP`|ty22uZ~Su*Bd
z9L1FVS<?$99s|lloohN~XG=Osv0IQ7#z8^RfuiGqL`O;6Vd407(K1AVQ9K|!>yV3Y
z-W(K85d@n#K>(rf7d@g%9+;x#rYsdzA-4!6lhCT%Uz~zy0&#zr?^_3!L-=t-*__1^
zg&EN5T)R6(&8fs2ERbrxddi+x5ub$h!4I+le~AAWr6@X4bk2_GJdxqr6mhv(B`%8=
z<sb{Nc62<)0`npm3e{*#sj;P#8o43L#XK&`fE3e3foREHr#*AQSE(sl0L+C2P$tU<
zF#RujasR5Nt`~o*a}T4!cjuin?+W=sC+92+P`}Y4{0rc7_RXgJMxc4Lw&WKXZbxfd
zekZTNw|2e?7QO95KiI#Q`CljyQ6Qex5QrgQ;&#iNoJU~bqw+HUDx*bqa!cUl%K`(F
zZO!kJ<H?rh$8>=Zx<WQIkS7O{woG~}m1tHZufkN*OZtDAuX5+A{!fOpTpF_=zfFLM
z&bA3^Knn8HvMO%UJnk1)!(ebN$oJQtmGLX<y$=Dp*bpS`LnG@h4ia%gpv_}oJ^pku
z-q^A(^YEsghs*b?J}S2nXqo=)%|$qT%S!ShbiapxZ9Hp1*Oa<45Q}cuiEaYEl5Ufb
z>1T8`o@IZ?hd05G=;rq3?J!{5!(nvA?q4zEU;K6wUG?c6)d~8e^yjUg2Gg>|Uw9o1
zBii36cpHViE+ZwOgL|6@p}Evj9)ig{pz#SIncA-{Ax{cogo`Smk*ekO<q6YLY0+?4
zXC`NLQu=W>JnCj6pOMdo^5Za4IDJdZqVnx&e06`t&PcKug&#T}XuT(Vem2<qK_+4I
zGXrfOz}H#x#Tif(@p0s`RSfvZ6i3nJQ>BBz^{LKnm+-04y0Ll7Ofl}v*>)X$50m%u
z#Aiou5EhQrE0m!IOgJ=#&=@+aVGOB0xzi!oMN@Lh70d~~Y3hs!b*XR?`I?_c>j6lq
zJZ^u2&FWov#X2c*;P~vkgLzak!)C&N`H)E%A@efVWhUwhdF2L^WmWc-LS8BCv%EPO
zU&yV<^0Et6S0LS<vh3=v^i?ZepJ{<4^IYP8;07YYaL}fOE<<6B!g`9rTAW;IMqM0T
z>3&f$M3s4HX{r%tM*L5RV66BK@+VN`vZjARaNN`}l%YS5Vu*P-G^78PkFgxcPyksC
z{)~!)DlP<C6WU@x!oT@3pyuIe{N_i8L4~G(pA+7FQjA26b6DDba&IY`iJGB?npB%{
zy`?q&x#&J%^)Uf1T4vSmtpA5}k2?B?xAd))B65Bbv)GAm25~|S_SZqdoMWr)RGxo;
zsF!2>iA|ZNp#k~Y%7wJqVJ2zLgWnPzDCh*7u%m8q2w7gq?1?mF%7>WRLl67O=1koS
zXnCDoRGm4rDvm3D{`~20_@#Vexk4Z=5Rmn=MlKJ~AtFpe2T4W6Zb@<fg$qu|N4J=A
zF3{wEkusjVjrv_mH#v<5u*1oc;PZccNlglNI7UTJwjrUWgPP6^YC7I(1>BR^Q13~|
zA0)uLrYUvVfc%Dq10Hw2xr4>bmJ#s%aW5XRr9rrr$O_^b!ZkG0Yp7y&$?`H~?v*sF
zTqZfz)m1JF<j$wy3BweRrwl5u)`EZ>&ZkqpHp8S11KTC2u}-Dd3+kut<SBn-0rWLz
zLmP#{@8Y{Pn3h5f7nuX2P{CeF`E@@d+bNW-KG||Rrz-G?^&)9O{c}6UVuHE)94r49
zo@!Yo8SYaP-lx<_&E3QjU#UA2{3)**ss*dnIwfP}F%kPM_ov&zkyv&uoA`fZCr5aW
zgXcI4caD>-bv($y&E2J8+}wYsy}4TtYt+i|lm-{bqAU<SpE#YwXqM4K9>J*O7?p6|
z#Yc1a;&jeX9Fxf$G;lt5I%&Wo1{AUnCS>(*V70Uwl?T@wB(Lw&WifZMXb@ShC%PW`
zrub`llQji#;|9IU?Z6bpGGEhchJ%@}M#Zzy)Rf{d<!b^Qr+hsX=h1(KvY-3k`te=A
zP=0hf{P%4fC86<D*lb!V+=KEG<>dp(%Lly`Zjj4H(JO{wUiCj9#ZLijp&(xRHM|*&
z?q4+|kBi!KiKQl^J~IiMIH}L5MdPmU(7Qq!1t7;Jnaj+0s8HsdT&#h7;DM7)JPgx=
zh`4_lb;EuqY-z)N>8^i{<PI_9hvOj#=h1!3FkX^K`Kg$TS9~JE=E&UYx9|54_PbrW
zJ0$X(&s1jd99eBA!_LQ(fAVFjet(dQ`Ktc%AsoRT(jv6>h;J@$;LHeWfW?x~Uel2Y
zyL=MVeR8wKcaMEq=6)1)l57L1-Xq8GP<{$8;W6gx+tG*#BDsHI&8hQJ;Y?P=gGX$z
zz6@@ixdaFp>uK+}O{6z?CL2q^?N#x(tyo_gyEQOg#D;3l<uY}e{2L|Y4Jc^ttjhSh
zJS?w_<G#1vz^I$6-!fM3$2jH|HYUByj6LvPV=8l|*@5+1XU_LBzJMyBic|XWE31)n
zuJ-;zs_z%&u)%+3DU>qaW++`9{Q9$M6=iBjX%QLLP=>gC6Hwzo#FS9)I1FxwgI)-;
z@EbRCJjN2N4K2CUhB~2R1mSz9x!h~;;8ogbn+PyhZd^fSX_;Ld^=V+oM+V64#;1Wj
zXBoz~nMU^wFNSkmr$q+T-qH16rF^ketkVN+6q{|^;?#cui<GZy>F#V<q2Y_S#%rL<
zJ5)i{>SNX$dBrO|M*w3tJz!v&J8@rH5dVyl=pyQ|S>l(kgjSzU%J(Rgul{f7uaP{z
zh>|z|rV92cSKz*<oSa4t|43(_7tS4Ps9%H75$7bEt%@Uz5Ai6xh~sZ8h){ZvaRr}J
z<A5%@Ou>JLL6nSXJ&F0#p8%Qu$H#t14nLfbe}EaX_9;vTluttP7jpRf!7+Ik21%G?
zonkhYa)tv@I^zN9iK75!lhD6MF}bHkOjQHyNF{B8-8ESiCY&(jw8uiz9=};SW1^#&
zJC8`cdR=}vEzR=^ER@gvh!QE<5!>4&OyP+ewH1GXz7^rM$z+#R&=j?+I>O3QN9#;;
zNwo=Z7C!gqa_&oefXjVTzMYQ`b6n)ESv{;RETrOT>OoylNbhxssE||VdjmSrAnJc>
zg!$(K5z@Am=yXy$JHr+aKGS7hAX!-i_Qef`Ei|{65q^vACb$A?t&w%7;k~(AeBzFQ
zd7WZ${4>#2TwG2IW2P5ZXY5BpW2~G4H_gd%X-r%5TWyHqJylMh28y?NW*2HHj1Bs%
zjuYZOKM?0Ph5KBd%!Ok1abbeh;X$O}hhg>Rkb+CIxfo!<g_ZG8z_MzPAWG7wgOdn9
zD1Ucv_D|ll4?exwKYdeE?0*RFR9Dyh@*W!1HFu#&ctT2CHB(!O-x6~7Y7}}+mc`lJ
z(XluRUK~k3X-#UH?u~3ZX_dFVp2+CQ<AvFtafbhVd{}?a_&n&cmet-b0xRRj;k9uX
z)*8FocNh%K3(jeI>6vVfmzDcIqU(BTFMq+cW?LsSz1AAu;F@tITKR6qm*3%=cW-L%
zYM;U$bh(S>koPK?>6PZWt2OIm)HBr_FC+I|OxJbX#{3t?OfRm6w=wzTzu^@(%e$C*
zu1zV{ue#v-)$$0Ov&(z}&ZEolN0f|`Wymjyc}Ks6RRZ7fIC1db%1Xr|-KX89s(*vH
zg$@-^#_yBmB&37V#Wm`<zGixjQsy}?vB;PURgLj6#$vUzpO43C=A&d37x*lAuGr9j
z9H=6q;J8xcsL64anjiBjEhgo;(vMxvWmV))ZLAn@fxTIvcrms+punNpE4QKm6Ezj#
z`8IPb3~#hPg|tfvGjI6~*~u|$GJmJhF0#udxrc}9HnHB)?h-Ds@OAGt4Yt{qz7+%q
zQ0EQ70cHmrz${>D;sZQ_iwvH-LDfy0;=zM>V++|PDCQ?E%X8saQJkYVM{(YeI9Cpf
z@}gp%)n(JwV6&i<cj^GpCM`nJGAJ}rXfA@#M436R%mjuRBOH8TVs5ozdVdQ@nyHAc
z5>ooZ!J=}`^kUK`8{6|O;8Q1y$OIS#n>${IAiN52gRldZ>|XW!3Va)YN(T<z!;d36
zMa*0RGPE{b`AoTTyyk_I;+j!=Ar$WS2twxSBkxLXe2`$ciZS>P5$IR_Dql`oj4g6J
zj7KpQIT%g1?rIzBe6i>N%YW^A4-uXaqv<*~gVA&`nyzKkF`BMZ8yHO&qv_V$u8cg0
z(RAULJ!ct)(RAl5nyysp8ByxJsZGbbSJn#5k#zG{FJO&(UEF{hApSQuv==y@7h5ct
znW;IEvp3V=zLLwB*r8MOY-4?Q?_#4J>^<+cw|Ccf+I!pE>+QYu&40_i=g&5GH@3G}
z1x~HxuDrlVvuy0A?Bs_H#z$#)@TJ7Nw%Gzb2VAHTTdk5aZs>B1PQo4otICX=Sg_d>
zR!2AN0e=ZIs>O*GV&RMU=ZhBsyzKibn#`}yAhiZR341AHaZLpYqi4U@%VZB=<tzz4
zN~MUn2-o7QaTve_sec!2^Jc~+`;*Z02Q%C`#b=O({&B#LE#P0Yd}Yo<N{w4i{=S3d
z<QcijP;I{M?QW;$tGJYwbz2=7w$_=uoBcG1dOg17HE5IO7Es36bhT`5&G3;-;o4t5
zl#954$MKzVt4G2}<-VLMOjCBq!~gYroQzBdJ%#=#Ux+)Wg?}ucKSK+65MyQf79Pat
zl`aq65D#MfTET-DJcy~)0v^QRK@1+m*hK&y#K0GL5HlwSF=gX`k>zs~<55M$VNC8g
zg<t=eB(4!0{s=4}1G13@+h-=hj^47V27?p~s`QA8|9L=7z^iz8PcB8SfEuU)Nx~6{
zFNvs=ba*adhJTRZZ7)p7=sFmsKu3IIp{C?z$Zl2k;@d8{h1XA`nA)HtFgw9s=FN~~
z5O&})5<n(}!#-_IG_^`zvp2l76$Yf#fvxIF7;~+x9KWoTkmR;=O@f5%gN^}4^J~B*
zCwEb=M=nA#3ciJXsBCl{3NmQrvMqHW_6LJr)ZzWpj(<giojxjc`jnEVQoz;;yRF4O
zo&Z~QLbAMnaIyks{CB#2Q~Em8Oq7fdZ3bBt3AvC1N&6lR<s9C_ASJgK^5ZJ`oKX3v
z7M1;P!4%MPeKrJ%1o|2PFfzNCB^$WA4&jy!%YGM7egRV0gwV3IV)mKQ%H|>MJ{>!n
zjeto`8-Js8MVCq)G^Z#_hm_E14SIy`2UJorB59+2_@zrHdvu*4ZXF)+z64agNmhwE
z$0uP(Zep0!i}-ewPP1T-_>zuyL>u`cPb<h_+_}Ax8xT3B0xRf!UA`WT2FZ)HwQk%=
zRwI#jmCBX1Zj=mq!Tp*bhVzGDk2SFlS5^yhM1LFyZ*rmN3phV<*)qNJw0yqmlQjW5
zUno<)!>g7#*grjIg$mH{mMr?p_K%NkmB}o|yM27dwXgH(vf%te_-)pf&PHHGst&$3
zwzumXd`<iaYr-)EJ#W}fFdB1d9v|kUdWKe3jm41aD7Ye~v?A1Hz>ja3Q9pioSp8Hk
z=6|A?@D8EqYq&0^v@XmsQI4fWKgQxPPU!>{zWgfzqomd7g$>_H2%l~4ZgroxH#eV$
z?d`p1JMCb1J!n7M-PqXP-FbfTY=a*zIklq78{U-@s=LE<wA5P(@Ff)xVAs7C=l9i@
z63Q0{Jly^!=e+ucgMQ@kn>dj&3!MkTkAH;H4E!nrxJd<h#C8clcP>Ru=T3__P$06i
z;}rVQ+E{x1hLt-2OV6<-!Fr5cSxYr;EKL1If@bj~1cZIMf~<xek^gO!t-QtA6r0c#
zO(9~GhaZybigzRaC<ug~G6NhGk)8GOrGqUi*VWuQAMy%8MTE56!7%TVed8@|tAFmV
zC6n6=dv)b$)z;PYZtolrv{g7^Zz+e{Z=<l+l@wkLgTZxSFtceM#e;@MwG+Y-TdlEZ
zP3>)IQGmM0$@ZoyDTSc?Y7@n-QdlE-C#r5$>G1QaanU}Z#w992jjPeU%(l!?<C@el
z#5fvPK_H;Ug&G%XTnndhRjD#=N|PK%5r5a|zM*%>Zs!l)n$^CZU+(N&Zd_irFP}Zz
zpxW2YWqWTkc;4Qje_U>FZtiS!IyJN}-XV}$x>q>rM(?0|WtU-?NiIt?u8v8AzeP04
zNpX*N(uL%Prqg!HoSOJ*JsZz9_q;ctscT5NS2DX*kIkx{o;7R$HFv?F2X|5+{C_n}
z0C}nCR3a+&FML8FU)b-Kb3vGFk!Nj<vO>QL_h3LQlB^`iwwHv8<!~6mmL4w8n2Pu0
zkHVV&`NW{<X>wL7d`8s{!Vhhz;fLf8@_kXM<cd1ZKm&|)mx>3@>2Sw~jXPYHI_|~%
zg%aV>eOSRo9Q1r6nb`)<!ItT8tbeQ&$2Hg43f)_cF3$qwKR|T(yyj?(OC>Eg@otS}
z&fJ&jwc$ya0}aaEmQLrd5ua*fr*&osIG@wDN~7kc{rrh0azJ;#Z!q_PRMaAV|BaDI
z=vEou!IWR#4%wx??vU<O-T01Y;>L=&ISJZSs-LkIqW)#9*QT}>(aqn89Dnc=zS6E%
z&vld)ww_yI=_wYJ5VJkG1r;*enwekewQIdN;5pN}(%jM%Zau8AKF$kEgO&GyK|Qz4
zK|Q5%{WcqSmFPO*J$JM4p1FgK*4enxJX^Yx5$(}{{d~jSu%E&aM{BAF0Jfl+MwwAF
zpgl_Zg2wmc556$?OMa`MFMo6x1b+5B-|cz7)4{D8Zt)nd_}}j{4wCT!<fmdT7^Mde
z3h5t8fE^f`LJ7#-lfO11bP*FdWs}=Hlf?@*@IbFOEl&tdZ?(U+e0JTI?5=h{OBI@j
zdO!G{F1A2$*0?)*mHsfvXNs+|24Ri%loum>VR^h%^sA=0lRjG)(|_dgEK$*TOAix2
z#G~|WqI828UPo$074E|Icj1&I=YZTB>qWDywCjLMm_Po2_|l&Hi|@uV=`CVh+=U0)
zCGd^^3w-0RWx#3e(bL{Mt>$-eATk?VJaiWEN(4|tar@icd9dwIFG?HO|Io=aQ~R!V
z*_rm>qFJmfjE<?XCx1$ILvz*9*^^Z@uMg?WGSgM9)(NbToIJ|8xaLd6%XzX;#j{k7
zDjuqM3!vgbPo13B@+{R3lKyP_K{Z6HRJM6I;C~zcaaOvlSbT2s`d-46Il1Kvml97T
z^wgQwk-k%?cC%P7-p^V%jm-TJs_I&nEPzU{QRz+nYR;-_aeo#bQe91HVZzJ}3NRIZ
z*|zrBZe5u-u-x{c8#gxrU%Ypf*5q~d>gYHZu+Hc5RbkJlDbW{k**i(r`gg9By?jy&
zN_XojCkRZJt)jtsM_$jIQx9{lpX2&DcjpPIdAgUncJNZy0$u9L3niP;gV(xjdx$(Q
z<pPzTmzuVae1A9jWv=qsD&FdHztzS6ENHx5ce}*AO>T?EyIoBk>Ehk4#k||4KQ63s
zpGr|`$2l(4iU-{Oytls^?%aYTuW+nQTy9TV0^`*wAFmYp)vWs;`qd_|H?<s$+)4P=
zHr5-vX4TNHXqLbYY>ntInuRU7WI)Q?*6UTJlIUitJAX5IO0r`CXQz~L79Y|(RVJ!Z
z)#F2$7c_W>3Uxiy^-$MaI9<=<4%Ne|f7MdiaxV%tf#Y;we0t!E-Y3XBTdJZbIa7ji
z6+BQ>l+#Zqsc*d>_d{MAY=x)c&7ems6C42xGwO%EwxY4T-Z(w{7u^)#_7x-U&q?Px
zyx{@SB!7a~RW!Q3y<pH`@8$NgrUWRX74rS1Evrh_X#E#!Hv!#ehikk_w)w!1tNg~n
zPrBLnms<b#|3wN(YT`>T$P!h+wORPCchrSEU%u0!hEw8X`ANFLeF|lkCo5mIRdmEK
zLltspmWug)=D+w^sOXPker8=jjp;zGe$4jaqkr-~ye44shRGV`r2rJqGPO&=Ao^!E
zD4Xk>o9*=t_&=4mz;v1-z)oy*C<oK7E~nh8j?$Br){|^bS5E|ZUP|YamMHy1&TRWh
zi%=zXw4BiCA1xP#9&#LYH(0e#R%p@;{Sxgl9g-1M?kIhw5u_QwuQZI9z=R(B?GIV?
z-+#mVmj>qjh4kX9n64P+{dpOQT<7rZYV!T+7oybqk}e|-^2h8m7%C<z0`SEoQSu8j
z06?co4#NQzbzvW%1Ye%qQ+~c#{dfV|?3b@RoA41)Wu-c=n5v_j;3`Zcp_+Vx`(IMl
zUtRx&Fm*HSwLou#n1v*5m}U|y{ZmN)jDNmUb$)bh8Y#B?ejzfz>dRjwQsa=7cuh<E
zTvew)w|FQw(Iul_e<>3f)*Uyx%Vp1H;RBh&SjRVNHbZgQCz}}2kti0Fu?;Ri^en27
za1wK*M_nDtGOV0HLs^rMJ5NNLT)36X7R3~+Ew~+B)22-Qk%Xqwz(5q0<Wa9g5r6yE
zgP7!Y0Nz9^HFDSt#84puJzAnB(})^@hFsMC`3AY<ekK~vgJQZ;-c=U4k$kBkL#z8A
z4h?kC6~+#DXs$2144VB#ru-^8h;MG<zLefn^V2uT3QE2`6cSF;Z%DenLvo}jl|8`i
zhpLoxBrVHtpilSpSIrz2zbfwN>VHS2yxM;%?K<D6)c$+Ll9ze@sTVrwk`=!fgpMrz
zL2lZ*qVS`koK;4sWyD0CFs)3XcMCQgUCuh9T9*BLg`{2*K(uMEi#iGv*l71P{T8(!
z5997_r;5O0#uA;;7-c<n7+Fg2n`EzaIgO(@3Oc2_pJX(a700di`nFba%zqR{r6+;7
zobu_m7s~2S24M$gEI%4cfP5@9w$em0lG`#%z91K<$;W<P3@&{M<$an=mtP)c|9s*)
zQdDC#D8DN$@}xrhmGjTn7}R50V9Er4&3a~1bc+hE6qaoed~be$sn5H!KN``t&*c@N
zp!bQPd#6{12z=(i(ozGI>VG3CuVy&bkds*4xuo5f+a}pJt2dMhu0p_<UJd@|b{MkV
zlK+;hZLV)T=Nz?0=dl;x-zbd8G|fNd1-@Ll205uRoKZnjVn#zh@>|tXTASuK$v#PW
z%XKm3N*uD^qw}jSjwDYhtH-vmIwlz^%Il0j{Tfb-q{=CsrY>!wtAEK;cfqC=_}Xzy
z=M5G1CIRE`4Dnt$ewV2AVyIWi0Xty=KM*?u=MI4uNq7&V{#6TL*9UPQfbGFq0}$!}
zSsx{22+Kss8UD6m05|l888&=C{toq%x3_(E-4A>QFb*V0D9Hm(9$kQRD9M+nPZiVZ
z>C+5qeHh%W^23r_T7SEkSGHdEVdd~Y+b80%K^~7tbs|}l)&9rkI#ZnJ-!N$KQL000
z>~7&O%S%aE9sL-stZI#z!Va5`Zkt;ms<0tk+Gwi@`@pxrQvA40lZDL+v;qFh^rV@*
zBpbivePk|vFXr`Hs&sd~d`Z%yOu;0&Uh!J0-%q5?2%q7rjDLRk?Z4xwPhds8jOZi`
zZ~GDLE6I6e`-FJ(D$6`xzX(|Y-p%@<ojW!$Z-*iMyWe3mbbPw;yE*GIHA&)bWxhll
zEHmlIybk(o)Xt*g2$JhiIK8T?&GNsoGu&txU0sF4kBX`F8#}Tdo?Zv~p%6t*<?PZj
z>smra!RQvG+JDmicWT!HDcbsm0*oSOuxR!co(!fF?1;Q%UDIhPJ*_e|&2p8j#2gQ=
z7z{0qO{KNIzG?>?UIKKCWGx-t(0yj4X<1)e*tuql&s^c@#`g0){W#Izc6N7M+X5Lq
zx_=)G25{W&JEgqzsZbz}j*T;S2@j%dtw1u`-Hd^xJAaGq`9d6++GItj;Xp~e6vrpx
zhP;6T492#JHMGsT4b<;(VmNl1%ur>|1v~}|h-5{Kqh+kiow96WP@g7vP??pPB$@da
z6&~chz3ug?2XRU)_de*|1w$k0li<4YrtdLuQ{=oF)JfN6Gt*lBQZK4O*J3Ve@P!Ho
z>5}PaHh;Lf8irR)8A;FcXn|hHY&q9cVD9fe3`bNwFt?SBrFbrsA7J^Ve!J34gvazK
z8TsR>d|~yGm9>KGt(C5l3L1(}uriUMeCIggQNP1@jcP-e(N(5S>PP-cu!B=>0-7AP
zW&2d+qW0jCXo+TLmn{rMZs6_*ZQ^}6y5{=wet)m`282tbI|dM?dU5>if|^;XLi|i)
zo{Q|6;RU3)3qNstqtF%2P#3>KhqrKer-y8CL}T`Ps|Puad%i23hQ(vR4Xue{a@3aS
z_I1{JoM4gcKq@z?+MI?nb*F<tQ3ZN#wfP>C=hi0H)Q{-(bM^W;t@)zo&$#5rJe;)q
z0Dm>)diepp%6rN!S#ojwft%<LY}y|Pcdq$SFuSY^kDBg3#G}`A;J$_3L*X`g<o?0U
z!b&6y>mMxll$Bo;|KR?J^g^m+lMQlBhmSd70{D)yzHs_orB8h>?n%PTc5)pj?9CA^
zMdyx|f+t7`>Bl2-!50d=e;S6}Xvmfex_=Uzb|r$ClKxsIsMzz%dqPDO5weO%VWqA5
zq1}s$j6FZ;(8(sRUhb{y+>h$H33t`Ki?7a>fWuBAy2RlmtgFVX;hB#2PfkvM|Ma<e
zZ)7umNYeo5Je3U$0Xi<xami{x$ED1Ij!Sf0x(^jPF15*>%=vd*9)38PF2|MM$bWha
z8!s>u1NQ(PU#?yqb9?CCW7sCXTsdV-LG&OC-MqP6=;nPWH!pfQAHvJI`G8)|O|3oS
z=H=9%pAm15hq0bXcsY%Yp_fye551iFkLcwb%gb3@hD~@m>z<pA=lLx4#MARxD(@-F
zWXZ+xd~TuVvuV%g`=EcX@qW?@Ab&y{*W}?m1AU+@%T{4cl7;nwmV3&|FPsl_bA8?5
z1%;r9c0cH98UnQ&Ghb+*+L7Rjya-v~n}l`+J)uo|LP2a9wsn{akX?ieF9OnQa$Zr&
zJ`?hb67CqC4<9DsPE7PRqPLNtw=v6t-bVB`x(^k48@0)u%o*`Ex~}P&b$_&=qv3Hm
z8nzzL(XgdeW!xMMdLxy1A37TAnS`Uk*cdt*wE57{p#O-DhOrzC#bwxpqoIjoiSe8c
zrCxbD9ZKar<(e$HI8KLcbUIAI>A+V7bIYNtfo0h)tVFV~u7+|?S@}hAH3)%Ub~1F?
zT}|O@=#oHnNkF{(M0srmrhnhCOUE!F@g?E2iEf1{xfR3=@=F5?=1S0F^30-JK~Jc5
z7SP2|EP^fubTKGt;w}b!G*L=!1BZ_$@X>_pk(S$8e&)J)$VU?nZyp?bjsAq$_a|&W
zpg&<-tGBrM6ZDoS@jhEL)-wrzg0V65CusAbKSBQy{Rw0F6N<}lf`9%5>v_a@K7>+F
zJbehI@}9CxmRuYk!VdZnCgDT)@c$lue7}G6fm)lN<S{3D4_KC+!WtwC>pdv<l$Bo;
z?}6m!ynBFhymGP+kh=Z2-wuC72@HzxEU5ki(?bS)zVKjv1}VMRWTx_KR{RSrmY7PJ
z4kii&??K!ZU`nz>4}TkcO-pz=zM7eIe8zx2237<57-W{2^fBNw2FHQIXAI?YXMDz>
zrm>{a?7BYi8N=gpJM285+hIqm%DA~5^d>CvK7usXGYPkYu`zTzX!D`lLH`lm4r93;
zip#Juw}Z#=#CYz8QV%@c4W;s)GEA0S9CyPmx*M8yH=G`|OMiy`djKYU8{hW3ZE<bu
zVDpi?9d-+Aku0p+q1;neeo@>Gnp3TVH*Z%+%IIt9zYc%fCk&&LT*6uar^7wC9MTQt
z^yu)7bYLIR;p_FHtFS-D`-S&$H@dthV7!Q@5J`&w2k=bdkww;Ja3s+F!I`4(N&V>&
z{i8e>Z0QrW_J7%aDTYE@x$l{McXSTmrLU=M1K5@8U(WjQbrg4U-*0!t50u20VtCcj
zJ?eL<6rxJ9@-`s434co+L9bqt;3{5L>s`qo+`ofGGD<6g;<Tw?cy)dg{8-M_)*?^Y
z0e_nLsGGG5jJ<VGB+a+}i48KiyAJN|?l3qs?(Xi^xXa+~?(Xh3Ft`pdxVysu+wc3`
z*t>V{{YC5_51CaJQC&@+_?+`(Wo0=f^fe{9GY78`^t`Y{JdX-<y#84F8+E@2>^i^{
zRqGR<OkSG;=i#dq6U}1D!Q!w;zBl>NSM+vpzRq;fh9hTg&`tk~Tdm){hw()KFEU{~
zHoz=BMN4l^wWwoA&ZV}-@2i6`uXhn?3&wFG3FM&+7?4B>-QcT3o@hZWEkrQ!X7<8%
z+NUJUzU{*=i|-6}>VkO5HM0KcKpl65pD>Ye_jx{~n9Xa<g9x8qu=DOMuUe4=gBqbM
zrq!gtzknffr7wCbpYi}DLXTF{ozzjb;;ZVP6DA&QDsAz9iC!uCrWIoMxo%@>C619%
zS6sHF4<ZhE&n&hfw~-tmwqgeB85%ry+EYJ#aCG%0b3B-%)J6zLa@xo2f$y_<n$YfG
zOQD!E`V-CUMdTHH9g5U0EfMEgjobw|n<6+`lWAoGfcfqr8<RIBph^G|Q>p_Q5>uz%
z*|fLHM$^H;)O_oOw2v1TeiI$$Mv+F@q(NaY<M-oyI?A>{QJBpbuinx0sj>Iln!gmC
z2y<rKLySY4Fs`_l)+r)fNl4mXvE>HMENv0=!q$C{Sr>ugX*-&XL%XcDNle<<z-wGy
zWU4>>YPC>w_Cp>{e;JM?wnb~hsp5b8JXhD_ObmJ>PYIYEV2}8eJMzhRWy4Ah|9$>?
z1Fm}DUN__HU&J)i!RZUnE1BgK(+DFs`TOt3&3^L7$hWF}(V;IIGKYjI;6VL|?4yzC
zV_O-k*=aj%Pu(!21s;!dT9y}QV&F{ZnKG26tUw|qw$0<EC^UlXl&I=$u&GQ-KvcEv
z{SuZ-MXxpxx%R^;;<e{T(Y?-P)U-dUa`L^sA*E{<@$q;7w{Y4uyenLvCrX+lZLY-&
zVsR?k7*gT3=5(yTiJfSllVAt(()nxbgHIbwO8lwO5f1%R`{srT0s*x9h)RELEfHT^
z)mMtMZ%nXd7^^AxXfK16)8;k(q^#AwU%M-B+H0-(efq2Lel<&GZU7M9wS;cmH$eCv
z1|XW4cml+-kn60Eg?0h44Yk%7X+|bVu{t<Ff$nOSz$rYcCmE)v?zg)#kNCgVqxwcC
z386ii%9k{BebgFk+z#lIb1tr^VpWma?%Z>8e-9<QYHHx?$k?4R3+^SekUKu#Yy`a!
zw@Ed1eC|xx5qQ6iz6TpZZOw$}LeM%4b{tU3q0w5Tgb5-0G|&CO))mw-UUBOsH~35f
zP97e7`rc4je*W@*>+Ai<V>-Jyy8k8A_Up6tHLY(R_+D3L!Ok#5OjlF)8GiVVJdWPX
z^t9p7NBgO(^>X(0H~p$*q+j?#e&4<Dgw<{<c#U~w8oaXrWcb7MpVT=2Xr;}#uR$R`
ze`o*<&@l)zKKDs|!a^_6FgHmq_DfmQz~Ln~dfK_qtpFczy>0%2v#uY%H<@)8Gqp{>
z%-$egOuSE;l%LyQ(Znt#3$(f-KjD<%I?v+CL8jgfjKMi`u?inBS&W`V3bwC34O|H1
zBP(=i@xA`J59b|z<KNQ!Megf3IywteHXSa={VsJs5PJ|z$2c_V>&QrzyvOrf7Fg`V
z`x}%yL(}Ma43OGty;GI$+wJnlYK-Eu{O>IMgYIKY3Vz%0e4u%8ex-|*o9bKsp<dA_
zT?>R!iLvLOJBuk9kzM*zV=eEAP?1n1e?(Q?mA~+{_;Dm|u4v|{h}YYB@;UFDJ<`eD
z3B_v-_0XtpmB=8DWRbqzgM*{b956c3rgldYgVb!P4>@eR^M(+AW8n-TT9FAnNS~?q
zdp`r*RmBiVr1z5w8Af(W-3c-A8!0xPoLX_U$bRq%;FgyGsZLZ2(e+b4|Izso%cdRu
zeuDZLD>45~;5fcKCg7<^1_$9J^&MM#(-G$}#DEOUB&|aT6KGzXotIdz2*lmRD~1U^
zM}X9ZD-k~13Q0+L6%xErwWogJ1ye*O9-yX)nxNrVMebF0%BZF=&TbsXDv>g?Q|SNN
z(N(%hDa?SL*X+$WLj#`-lPfK-$WH(7lsu*HQ)mj5don-K^k!Z0idEe4;)95YM~znD
zimtr(<&|5p=QGYLbrq$6Wn@Az??T0Un)qtkBMpD4YO)lJFGZf#&`hXuMX1do_E_6=
zXHpSh#Mk#oHw%y{xZsXUvEo=-Lm56)xjP9TjVQ{#tLf5kBQRB@q9-0K3}JTWKL0>*
zKToa)Xt9)6Q0Zp`?<yUVh^V&Rm+gJB#wQgFIPp%E`d=iqBeHY={Ru%8sBGUpJi;yK
z=|C;_K?dJh8FOu?$MV4$O!MLtXg2Fz1;WgS;cRrfIkVzk6VR9c<pwlE%hV(%n`rWT
zi6ckA*Sd|~xp=k@#~**?GZdi3s$-wPI;65^qJ1L2BWz}@uU=Qd>>ob|hD!-X`qh)Z
zh<ogQL{$2~oG0f2?SXy71W6uhFpHZP-|6m%P<rF%J2$Sj&hxshh<&}AfUl(qHH!li
z_C%Og$!l9n8q~BRtPo#zl4h+wjBqk-KSmxZ=WAHr1<1#Zy;rW-<WxvM72Z6A`D8fa
z^Ot|fWL;CE(k7fYdBya?^lZ%j#+ouAsP%9SI0+fQ;fTuyb`zJ(O59<6?=xOmYV9l~
z<!HbAJIecq%c_v5kINKi>il#%%;-3^a9?xvaM$?<W1c=1y>izRr7?C)%!ha)p%DT6
zP>*$L48KTv0mBqu9#%RJrQ!#v(53()FrX<Qk>DEN#iM^zd_o$c(|uopA{g+k3j3bu
zP%-Y4BC?7enC-e7DCI6Q*Dw`RYz9&9-@l@*%rQL<JwRi@bslP^?xGN!w$XjW{tL%u
zf+J_*a(n2l!BhMI!8-6xc7jWrjt>*8irbFu7w`U*3{E4$X1fb~8F*mxo{y36lYG0C
zd=Tg^VX+!Ghs7ZuLq_#hu|SxMg8S~or|rT8W#RHZ5HH(qFlVYI0I$2~QBRy<p=)39
zW+b9g_TrqL{<M|mSDO|7D~|J8{xQ!6Z@Q}Csj#3??Ns0^F~5B|y>e_i=gcuTZfLMJ
zpP@*K_rv|k+}mD!p2Cw*cCY7aGW~~Bg1_nLvP=tP1!*yJtJ+ZUcMKvf)1%~2^qDhm
z+&~ot;Iz~agr|Kngg4L=#`>$@d3PD*#`P^@CM`;-c2JtvLkPyixW}~xxq0-pDBj?v
zs^z{H*ttceOOJbHhweGcXPaEJ;X9c&xsRJuoEp5RaNcN?Kh{~b08^S8Anve#eAkXs
zK@Kl{h0Mo-<8=flNRN(FV-6^Cs)U>;Ty!)}2L9GJMMfgwx1c5La4a^MvtPL4-CkEq
z!HpYVV!-6L4!^p*ynXM%Zw{R@zesgwJf^g{eR4m%wQ7o5Xa05JnyUe`IfY5to^c&&
zyj#kf)lZZ|(3x~!N1mgk%*vu)(zOgbL+0E)q`9NF*!M1y&K}-yIqbSQ>Edc{j$)3N
z0Bno#2Y>QR^uZc1IGsh>`Xa`?gXC~;aa3jT-t<9tOG-4iwcy*#+iC?4)3|~qyvy8e
ztn)`tTu67;t0Xw1!3*uNJ)om0`kmtOd4P<I6yN|^A!Taf7VI91h@7L|OF+YPhuRIt
zyV4vF$Wrpswr#m#nIFgC<ZeqogY3;e0iHgC8ymaABnHXrdk>QfG}$JyyET-M;zNx=
z6W(j8p*;<3x{D2dJXzvA1<L4ze98V&XtK^uK?oI>;6|DOV2N+oCQpnk7)pkxsDmK&
z3r(|`4$=1Dl)UO#hMaQEt3lyme9@w<t91P+hsL5%3y?;ua17vJ>!xzdqiVCC2abrt
zH%PkPF?J9cqhL#k{G~H8C~KJu(^BQb-`KzZqgg!=3%Divs{vQWZAh1U$+Ioy>?_n6
z_hzMGreUAa93-ea`X?}0QB87dma&@zQoode;JPqj8gTnLr|n?B<}O)Pdj64fVN_Y$
zmHpd&FU8m=McYK5t+Co(Iz<<{!sHL2&5X+Nscq#Adr9a#HX5R$&|7UsW-^7FNRlfV
zP|m2^&~7@9|Mb!<KK=KHUg(?a#>y`WM}y*XEZ3up&9t=N@M(<2R5ah2NA@pi2@)Qq
z=HZxrNuZN%Qe91WCe+?3`X(8f5&`XbBVeBXcmT(syF1h80s>6Aw*yV-EzG|F^1qT&
zwmR2>yE=PRQx(T_oAHmexvXZNgbfLfeId=PXby+@Nfzdj#*@~oK1H%!B)o>S_@Ue(
zZZ;qO$H(<c7X!n`{fUqJNO(6b%^>^TGA*F2VsO0D=T*%K`I;-(xw!mM=qr#hV%9?P
zCLnb))hti&plqobP656qGh5k61_<u*bh3cG&*f<{^%Tyx1TTUal*N3!@ZjaOQS|ag
z4~&kovxb}N`8-+pn`udBriH9YH#sG3dA=7wY&PrW_vJ#e$e2y9C7}AiRGbg|Kyff3
zz1tOKq^O^sZ3S!Tx9;b`+6fR3(D<=;J+wZ@vhOFR!7p^e%}WUmRD<Fa<;>D^*F?_x
z(gqz(OAj#HpTC@h?uQCm-wqALF>57#bZ}s_v`H>4Q#?6LM<w5ma6Zilqa?}>&K>bL
zF1#_!i%KNrA3g3D7EhDYoJV%0_S8!RSIFP#3$RKJsm{saH;Kfq+y^pLL(*AXVDZp>
z)0<N4Sog#I`jul;W;i;<^O8#l`tKG30){k1LZAR_=}=OL9Gqc?RnV!><HlHi%PqkP
zIqQSyO!1;^Mh&95_Nd|)8~&YA_WD#<nEWES=i{iPG?lU+V@<Rn0)Dh5nao=fVbzLc
z-)tuvAr<q2G))50Ect->J)05}EyhD4;$b^K-lm4%owVs0prj(0Jl|(U2QnFdD;cJ#
zAZU$9MIem-O_C9O+SySyv%B^=97XTLgl?0)PL<L`P_HP*DgA_YQzIyi$Y8HlecfvU
zH0E8ZcWfrC1GtjS2Kb;YF#c2p+2mm!T6R9o3mlVdp2(&x?JEGOI2k+U4m`v+N4PU-
zS_ZuQ-LA3*?Q2i>g&_c+g^cvJt+#4vTky;%f=K0hP%~5KBFK(cZqi3&yP|oULwgpR
zgWpm!NX@9q+nc9i;)_sQ$S+4I1l(_XIuz`W6<7+Zf!{-Q6cw!U*iceLlBw(yUHft8
zG6uf15Mh>|julBHH)7#hyPj50IkRi3+JYI#4Pltr#h63@a_idH4VTn=<1Y@(JPvGY
zPk(aWP0YDg8hT}o6gQ<7cd+A)wmC*W@y1D^C-qto0flHP%BznHwZ1Jcp&wvr&Ylbp
zG3qReUJeh@RZ6@g_bJxy6FA-zwO03aPi6bm$>w5G;)rqAxUD6&?xYiZ-KU6Mk&nAg
zTRyV<GATR6H<RL@r_nkZE^L($wj~xZuXszuxJS3~Hw(_)30UpX+M&^a{831~(y<#{
z_&XjZ6}UoHeEN{vP<l$$)j>0V$lmQe)neg0_U*Kvt83l&*<9ljb^E-tcg;=bVMMBH
zRKmfx*+$3eF|CtFHoD_Glns&l3*Zl3i|L#U|1!hX9FfnR+||Tkc=r;(DsN`l&)3r5
zrOPv_|GBWg^TvmXu%+6+sLl4;jnn-TQJ^j97|7+gF?!K!bcDxdJDVEY;Vt&K6|sQ0
zOud7L#;(Ahq0@I6pFfr`_;OITsHJnM#_!HKRUAh?aNpjsyl0vwHSvtI_QcY7&|<gt
zqwc12`2lbt)>}GFcl4$7YmB1b<euuA)vsXwlZw+;Q-i4m!aJ?__X>q2^qg>D=G~HC
zHIN>;YRbeEsH6Ky+VaWQF$uHyI3(a>kxe8UFVc1yc+c&+;tMMviF_(_y(AbwRCf13
z%qt}Q*@B#X_PBjUde^?0GYffm^LF{D<mJ5i<e#tGHsz0;@XmMs4Ax<7Q{lg4<v*?U
z9>pePxKziPqi<u~gTX<xlOiRcs2^O%3bg4Nb@i=3yi=NfJ)QqppMRWe^ySp6EUkcR
z?k;SeJ}B}QIC-;nM*C^uMQC+ry`Q`vq}I^q-8^|R_Axo<V=}Z7^PK54Sclu=b*tQ?
z-Q26b7`+3nPbJu>5!smqvD{#H_(0mro4pTMndsql?LMhIAd{Zq(#>&b>+GX+1^P&6
zy1g&moSwDUL1Q1Z<iE^Ut%R<ud(cm*^2}5TUCHAcJnftb`fi5Tz1dcW)V*E1<>_6|
z{5|Vk^Iqbbv5&2LlI^rxJ{a-pIWn9&t}(*KAD!@b@=UQ{l_HQ&z^l8)I)2F60(0UN
z>_+%nrs1}wV%2K!>!mld>UQ3H5ZFxeD8-5QXwzk)8+jpzAQ6KMHW)6CCx{ROS1L>B
zl4?L+%seB;28mj#Ku%TjbKZ&uaqwc4mk>86`$4Y{ZYi#l>U_89kw{_FEJfYW&k#Qs
z+R@JMq++@6@-9ryOyACo&}jw5n%C$_`l0vpJL&q9&tD?@2Q%x!-|D<)X+S1b<g6Zr
z=`)kTitmrxuI2Wk`qoT0CoXYebJINU<~%k8Kjr;h6T1JJc|Du}YqJ?zJOeTPDDLlm
zWO^RCX6bxvtj*s7i9TN$x`7V|z`nl+X9gPjgBGQPlMa@C#XgE_LZ|dV9-Tt36D|wg
zV1Auf*)K-59a&d){zQy;#Xw^VT>rp<nc9Yv*PrHnZ-ICnyPdaf*MG^{wM#$eLYH4!
z`J*Zr6*=<E^dHh5s&AO^4K#4TLly9|SYo<lgUjJ~zlvgvw_mV{{-n5@zS|4&*m<h=
z@Sg_<J@sis@E|os2p#NCq!%VsXqrroUYQ)2P$t*ZY+RkPyizbZ?F_6a&|rF6F1Wr@
zv+j3AJRp^zv5K;<VGCn?zoo0Y^IMIzci^{qUs5}%O2bz=>3W`NlGHRlV-R#)lK7P>
zSbebo0IeP24#T2@=}NXr#v9&H7E(fQkyUTPNO#r5v(Q56a)AH$w(nP;;QO8Ig8by~
zI<7zb@WagY(GBzTpc{n+t(}Tvp8zf7t`=>;z*($`dB(X5VRt4aN0m+s65%wfy2eBu
z1~F98<m<dH=PQy*5-QQ8rsYqIR)8Ptxi3FzW>|?aM^()_@=nB>)DlOO?(5`pt7Ufb
zxrLvTzyDwVPeX%tCD#-THh@Po;fz0ln!D_NgPJ&e92tDugd7lw-R}b-t-wxAgb{wj
zpZlLRW2#OPGpYgaVo~Fhot}(7X6iF(8I@INgZObso#&)^XQP>z6~FcHt2<QW1=Q`*
zDD0Ncaa)n1EUhqfaha^rXBbKtitv(_lSJ2ax;|>FWcL0rbv#*c=+9GTd&sfrqY;lq
z<s<yQY?hQ}%?8F7_i3y(j+|$@C|CJ$EA25Z@&G3`+7B1ff8WT~e%rc9@;re&>X*Uf
ztRf8vI^Y+>Xbq9AM5QHVIKwfY;A;$$>-^@0kg`uuAVRrO1c8vEMyHl&7Km*^p0eWc
z4MyitSSEYMm@^GlCXOO!B#C|@`)t6`^~6#4)B~wY?Fopm=nGaSaAzAqQTdBI=NIRV
z9QrTzfB%T_FATHE^Doe=MO$QgmPT4+?k!aVzE4|Zgt5t8teFjvc<@vaJjJN66sxjz
z^5~2)eN^34J5{vOu<3*+*%uh6@czA&n*N=zheL&W_)XGdLysXuM2jPKT1IJ^Wmv(&
zxsA^UIPfk(0Gh3llhnJtCfErMZGA<YL*VQC+529{{CByFYRnh{>#VozIQcAA@qy~K
zhydLQtE|f(i2M6d@{^tx@s)*<7JpKEpR?xR^>hBih*6!yti-7Nfgj_Hfh(I9#oI$C
z&||9}yIhXTxDMhW1mmoM+b9jm8#Ra5+4UI(s5g%HMDYe1Y)4!Z5+p;x{R2+@tK~}G
zcNLk)_Gi<mooN+uRjm=Wx5n0&b>%*oUmX}F4>FZM-#KF(V5aD*$k;G@6kiQE^wmnX
zT(4MR-=Z4VpoeJ3E0VcVx_<U8>PezHcr`lXLlrw+mTwT==3@jXmBb7ZF^ZKb*z@Hu
zv!9;^sh|__CYbTXpdAMaVy9Fn3!%{$KUH{NGG=@v+6`UpR+SfB@^xK2=&gDf$}#!e
z=p`vS5&|j4^44Dw+P;W~rr;;Zl|~RQB??Rf<XyGL$l+QhZrM#ZYOFcXDcWSc%R1<r
zCwVhT)Sg;Sa1WR}J1Y<06!Y<scVfyLfnsI0?0XdAfTEXlNOV_b7a&~sRSBdx7hR^;
zQ1Uc8TXXw;h})(&i{0(MFYRKiP?^Xp-a31U18{HWB`e>>&wueM=x+gWD4%_ab6iCy
z80=T!n{CG3%N}le-cO){pucD1ZJt4Hj3$L*rRJ(E;gp*wBGIyv1SQJ7i19kS%ga{x
zwve~QFDmPhj~g^hRi;}$H>znr(do@QE=S{p?D$=m7qZ2g=0T=DP+6crK!^4K)Amj3
z6-d&sfSXU(azY5-Shy)o-=GF#IE(jU*=V0ErhQuf9!6&YWV00~TB2}Xn9(p_jS`?G
zVtLW4)I>cKOo`NjM&5n8X2xs$*8Ud%=4y^`Taf;fl`1dQ5ch4`NeT}Q!EdBUXU)c;
zeq3T$p3@X4UUVIXq!FrXyc^oZH+Y#;2fT+A_9j>C{kYH1PwM2;Y>KNfFR6smVaZVN
zmd@gS!o~@FoGp`v(be`Z8dOjcVGR}AiN4Rma0k;Vk}!XAlxo%p)>9vD8X*pj&~Xe`
z!v{;oAVwOO^>G5LKSNpVIa}&0KU-;&R(Gj}qE%c&Y&MLa>_57r*#}QQMF6-C0jInX
z)t2yK{G5s98^V596r>PGDs(#<cxd&#XBN7+<35PSr$Tp&$A+y=<M*X%qHdRZ5{7L0
z+*-!b#UBY!L(6xzYWjB=$|lc+X%uv`PPJ-cS#T{4@mm`Y=SJnc8h|gUZ%ah}a_2rp
zT!j^R>9Psnbfi1&Zc(M!=RHIk1;$gA)h07+B7KYgXmv-83*x{HH@CwmLC@rV5V85`
zY2IL3k2pVn^+wg#bu3UJ(*IR+tUgZQ+UJLExFvEsc{9u`k+4sHnKYq~VW6AYY_{;$
zWbB&*FlN`|Mvq(9-S#>YOYrEfUZrg3{_jdh^lYI4)f|bVrugL|3OlU%5Rl~B3T+uL
z5O6t{+t@ny%1mw{0a1hOqWwx3HY_qVS&dxAQf=lpJOLYvoE9<)gGX%X`;1Xx<a<5j
z_cF8IK@lK%ZDW~GL%<G3fU}l^7X;mJivw26P^eHVU!J5<TvB9$z4UEq+{*pzd1-De
zK290mL#8~oh%;`zT`>V~9mq{P(Q57KjYHA#%S4la5V-w_UlF)1UBG%dheo>>8Zz0=
zS-`5FkSYkg?W#q7srjZUMOcPeBzT#qL@eb;@Zgk3Rvuqv1%B_em?WSrD$wx*OH$FD
z$%pUUD-t7f+fO{_X-TRkLgQUmAgCU9z=Wj&mwSd3+jOZYyArUA3#{j<OZbSAS{d5-
z_&A_uH^z*xU0X2ElG7lwO>gq65vd>uYunvy5iDY19&p$>CU~5_6EktdNm!WHbYfLX
ztsTnO!BrOC->^{r169ky?vDqAe^Z;uG~rfbc&9Z7q&_=1&}wkQ*VxC@74CP%4C<!|
zB%4m!(Jk=nFsCz=0)Mys(H5ms?b23mqwvtol|K(+=#Xkz+$^F<ImYr~UfcEfrtK)-
zkg^4^l?cWfpF90Rv2Nt^1sP~Y!+b8mg}R}WTeqO*@dsYCF$qE4h2>V#_2+VsNHg?J
z^s?s>I-w@CV%UMbE_errtvOICQb|`4nGQp9`y-E>Q<SfR5vYmE5Dw==v_!fxXYJ!j
z6Z@*#qYs@rE79?DF)A*6^G?BcYP?aq`y^eMJB|)g6p(7088{o2t!>_w`(5D|3yK7z
z@HajS91?{u$qnT(s7Z>g;5$~46U}S+;sS)%6l1Y6p0}k({DIt`9Ob9mTe@<o<u0os
zuNoYdS^H35*MYrv%uP+gI%%gwgq>o)pjlW22Zxf#_O52YC@Lg5zU@15Ob6q9)_~2c
zpisDKoKqES^rn~a_Jr?qLi|YOeNyvRUi0>MJ8Lo!$%Jrwf6mTPxc}p7@)&{t!ZN5<
zUdYcI#n&*F7|#A>u)M<s>G4-GtjpA~EKpX`_h#EQ%Lzy}RC7tu$5O#YL==)8eQFVq
zxoR<?_ydKwfm?=k7;e}Wg)JS9wec<?BR@3f%QO_rA_j8N726>F5cLbE7__?N41I?B
zR{)!-TE$T&2W)1*G$VB;p}PuPCPmof9LIP1r7Xk>cD5)ak1~ZsBp*s_l{AuJXLi%9
zNo*hYL3SXOPj4NgypQ$v<7F`i^pKHKnE!a0)9;#@<Sf6!SK|AIk|~4KURw0*0@#DX
ztg0Uj>tIJ#M^Tz!tk=LonxtUD*Fp(HYA^+y^}`i+_A~Pn-c$D>e;xg5Zp?fx2^>oe
zQ(Tu=uX2dAM4G=L;<dAg!eRC|#b9FKGHgIcN<LteT&D%EJk`?#b@!TL;&El2lcN<a
zBbhSj`TshhDN<mW7C^0>!0`t`H5cePtam~BHs`u1`84kWBMyt=8Vt*kEg`m91MOm~
z-+~R}Kga#hJSU(w(^Sm)a()(FXK2sr-<AhWp@+r>cv%tBIOb9pOq&MHHWesF?s_x#
z+#dn0m3r895FLA(tGUK=<vL@B!8+4EY{9p`-|+-rPZU#(f=#A<=p)XgnO8xbe0O;X
zdYDk#y82ou`JS#JNK2AIJy)ckOZ9vyGJGj=-z9aE$g10k55Y-@s~1l0p_r<djyn>f
z;Dw;k#wSweq4?Z@ytB?P<FG+_pU2LmHdqI=BAi=VIg`-%ll}e5F#%QXfp!{=LY$FQ
z*-X^(-8wXF=s65P?F02qq!@?7DGv&&7SYwg$0+T$Q+Zc3No3-ZN?paX>AEpmtSgR8
zv7<z~+q;fupLY7MLi=|1h@?5ADD$!!O?{=WGE^fi3e}jw$M5{dv>tIh=etCkR|+e@
z6@&WEPmPMap?VnM31YciFhI5yM@UTFVv5%s{OdMa&(^mdBs|P)By0Alpj>f0`kJ`G
zk(A#mN`mFldG>e+ayM6)iK>SzBrv6kihuQ?gfUA>yh|A>=S0kSs>%UV5q{?(dO+o4
z1{2n}hP{bKVBP9<YNs*;<_ld(qq`GxLVM8vGZ~cAT1&P*9W)uVC8p@NTPadeXC!ka
zdXVw~3ST^&gj-X6<#=&Yh!+`9Mm3J461Fgkq>?D>dub0zgmp1LOr58}{^1j7HKK13
zr^VwED1ac6%9in@yGWACP+i!<N(QEvFW;IBO;aaLJwEP2612{17=2B#pp;wOP>X)G
zBVkJB-Pn9B`ek^J8#8~LH-belI<Etz>}C^~FA(r33=s9{Z)tdGfWgw_(_joP=jBX>
z)Vy~<ZcrseTL-s<u{;OMqeSIvVJ(<rQBQ4%MH*Ic8&{Y;6wWH5EtuX}U;VvG5RtQ<
zbP<Nfyjrmwvd(S2hY8o>v@&`qi7!R5rjDqHTtxoOz0!rPJf;jT#VIXh@>x@B6fla)
zm&6tR4LGb&Bd5-=K^iTOTKC%F4TZ|bG0kh0KHL_O6SZ1lVpJwbjX_&P1g@;7{>lPT
zSo&o@y?w`gwbchoe2EfDoPz>NTwYag-5l2P3%GI%9Jn$fNTj4B)}&sj;Q{4DA*3Xg
zod1!vAZRxas1G_^32JG{r7D4oLz8$=^8M!67}H366;RV?Vh6{W6se-Zi@Ku1YCc2;
z7aLnS&5}^!6!C;8OAu%#wJ0}AP1O<MyiWX!(~)}xsW%zob8&pU*$r{fH%hT~Bt(^*
z#JdHjLWgeg+MeaUcj;o>i~gQc_&@a7&~E)n&S?g7@u2oi!UY)YdF6rqxp;tIujOSF
ztO81k-^~PCO|)bk)Aws#8)AwE-Ad!UJ44IM&_x9fSn7$<Pfyg100}ZhxrbqzZTNs3
zQcQr52Ya`1&q3JqSFAT&WyPj=iAFnVucT4}Wku8n3}r<D&NMk6k;MgRuW`K_*74~M
zBVI?T#RZv!=<+fsWksM(0@V?^vLbv3%7dDY{w@5d+CVyO%EaZ)5u8cos*c`sI&Flv
z^%>b{tP>$^4F28<#%Sz7I}47%oKQ4Fb#zHvg!d_E<!B$Ui@?f|#{e6XI}>F3`dVE{
z0m2c`N)C?g=d1Y;3GFInMj=9O(v~RsBKa(^zM10B3zH$sW19F{qpgA{AB&`XB72ar
z@s%N?;Wj2NCcY$ptss-CU2uSCgL&HM)_di#8sv+kdiYuRb_6M=Ivo50F^MtPWi!+H
zthtnGqk5pK#>5O)16S%<H9X{%`xF#}51=4aBCeAzkMH7)@@|y+UQUHQKX^QGX@>gI
z%&OI58&1zD(S3S!iVC_I_OoIU)NQiAG=q6FOn+%+J4eOL@bEe5fu`Rah`&Ks`q8+f
zKyu`vKmxK*AeWLseR(&lEK*y{Vc{jpVPOvPVd2maobu3p2?FDMZ<H{c@^#SWKY9V_
z0HiRG4ng`sP@$qoZ-c@Po~5V6&Uapn#{L~4rN|~#^DB#z3ml8mg_m!OgOA5N9x7xC
zKhPaP4c;`SLv&bpx{(a}beKh{jWRA!Thazig6~qvX_OZa^y#gEpwIG+2(0`}UlFi2
z%D<g9`Cw71^AbXV#AH!Igt%=m$;aZ#p=4Hyt+en%SVYSp!YMClB-&`8r{I=z*67q6
zRo>xM9TVP^L|BwD$`_UEd?W=3Ty9*U9goBG9A^nfNfUh`KXo@sNQg{|@+SjQ%JYyF
zlZn!j6?>m^WY`D8RwUdmckSN%$T}NxC5VTuNFu{VRguvPSsW5RbC70>j}+#m6g~~9
zNNS3FE)Ug>i2s*d!L^37DU+s8AaaRl{6nr;%wZ`Ixge)N<bqBGkqdIl&=41){~vNa
zjm+x|OZ`hOng5P14aU795V?jFK;$w~{(qAT>%YhqBJn@S1snYza@CjrAIU}kzmN;-
zUvh;={C~)W^$)qShudJIqw32|1_~!%Gm@h#UR;6p@%|}QJ4S(k6YhBjvSEN*BKBBB
zRVLOClU?XOBUL;U4Nz2RfTBv{KT*|<H4Fen6#x`ffY6Zk%73D2w-OXp?Un1G&42U~
z0&K550CmDZIt1yTu!`sZU&G1?-~#6a_^+_iNa6R^1u*@_b$N$v$~2QmUy2;6wpS!D
zZ;1h;h;siucO2u!4%=jH3u&a@@`7Rx_++VzS`5|-?Fp&x2`To0W3i=lfdY1AK9tar
zTz`eFK8J>ds3!xnNj++SsK;t6k_6KvbX$D&tfr_GxYh(g?a@w4mO0zB)%7B#=nMq4
zvCd%6YSn%dKjQn#@<;D_ujh@AqJHB|8hU0{d3trXW;Y%6rARep7uT^Px@8^v)#|*4
zJk)TGH%;=5uuU$jNz`ymppzzQ_>xK9ge%^#QEc+q0cKswZ(WMgJ)dEt9E^^LAz760
z7HBtTPSo(0AMj3^Ee8~RhRN75w<;OuZC^YGshJ+tu>~jLck9<XBNA+N!@qu8d*%pD
zuw_m}l=Qv-Wem@5a>B4%-`OJkj~UFTEfDy#zWR3+626-58&XvbD_-s_66kFm0U7m>
zAf6E{Plia2fifE>FG~0l2xnQ4c5#&<od4p?g#^h4auhMC)&&cQwp;&y1R8hs{{$L=
z`u`80g}3~7pb;#CfaZj`O@?$<y;CpyXQ1R1Or?X>C2SKIHC_d<jT^7ZoR8=R^<UX#
zWKq19GEux*(h01@_5pUH`v5VJq$9eurS*qNZ!2MpBDyQ(|D#Mr&~Al@ZfnqCYf$@j
zB7ydyzY$sly?*VBMAMK0tw__b5>KajWC@BFM;hqNxnmk{tsYc0s0kWyWObcHg+J5J
zBo~+H=?ZHV2;AH(cFU{Gs;QKl_mD&^s*93@gQ<WVu^rZlv=2Ax-!Xjt)TB;&pRYD1
z8*)xqo^;|$O`XXRI=ErqsFww_dCPfJpOph2sO!}|;G?7E&}{&5&GuQ9yg=I1sLN-c
z5$`F)EDqL3w%uxT;%L*2`WFzlcB{!|Xm_i<&sj1UgSo2`ZauqqITEu>hFvw|xvN0j
z0y?R~?N%@6E6h;tR%1Dn&Q!K`?_<a81}W>(CcWE(DdLQbY@H5DIf-Ngbg)@eV$YO}
zit+kNnN<)aD+eOtKD2B>_nUhpvH@*au<MYP$Z8bLFuM3z#QzQ^3~RLjhS1l+*$W7n
z(cJ?SlOme5GiHx*=%!XBVRox|O{q{VUGk@uQ)Ukx?QHFBk%qPGl8hqpl756(0CU)*
zc6Elea<sAmF4yI{{==FQF-veV;U>eH^6=v<PQknN6|fNvpkJ%OS~j8~v$V5$8pR#n
zxY`=sxEc@5xLQ;+W=Zsx42eZu09Gsp^ke_4C122PXHZ`ZBo~mR<J2l(QvZkX0)m`Z
zC{9&J2u{@_fA4x*51&<RM1w4f$<i0SQC+6pDswGV1GnAh$}aRV4Te3w$U;Job{-Q#
z#N8^q4Pjq^o#3#>67XjgiOF77=Hm~ZL3R0^a}*6sCjhF(l0}gXo(6zQ{?w#0wfv!9
zjUnY>wZx2Oz%p@So`WsUd?kYySbEAftd>JvdV1AdRG%OSLBC`XDj`uCTrw%8*+v1#
zVZwY6@v!arw;<BSe#2!^`?nx!_W>0|ENZA?m@H}nkEwDVA_z;;UO4(U^W)PuM!Ydn
z2uq-X2&b}`F^u-u@bDwC!AN!tN;!w!%UKXr0)!7`wSVyejKPYT1My=En9D2~-Ln)L
zKNmz@*~(~4fVWaG$j$CAZ$y9>BNlvv_ujNRIIQU%O<ifvfb!39Qn@T>V2P7c=&>K-
zY%-$Ix+;vS8PZae&ye!p3R~j8@|3vp|HxAjh3f%M!O#Iow_(1(e{)PkA+HT}Wkl3z
zWR&-Gur01eAQh-iq5ro|!2;DOSfGr81<EK`|H&xrm?08Nlpzuv<RKEFA@%>(DT9Te
zj8YG(QU0SBP<sGU7)Xa8{h#U-AgE9=Qg(qeQvR=uf|Wu-Z;h!G(;*ll1}aksPKS4t
z^5hASS`g;QK?y~9_n(9k4oWCHN}z;-^iM+ZjsXv^+~zaKg-%&E2odcu*Q5E9cbi2B
z8xRFnu9Z9XH9-5fdnTkX!&Llhe;Ea>K)^rM@uP_rP?kB}wAQsIrf3LcrhGfY`^(TF
z1O<5g)#}T9LMbFD5q&aa>+JC>c?D>#{VokX|Al}X-6LC2?!OQSxCKEVD3|P*CMehY
zoIYbKD8DS>Hm+;e=tq{$kn3Vxei;Y?B8qT9xuEIfGgLvjAO;*){KEi*iXc)TfHrBf
z?H78OT0>jsH7Nk)esNg>0e_EI4Tp2Ijs^ig*vN#ryAX(_qlW$60rh^d=1b5c*g7Nt
z?gAX-ipGdE4fSwE6z!I-L)^jSEn$9!5dK*p56V@iWak~7WNn=b%r8S)gIg!CbOCXL
z2gD8hEJzVWd}jMuFh@gE51=(H9$1qRSbJ*(ZwF_Af_?(%3Nn@OrR=)N3OFx8j?8ke
zoP48l=fo)46iUF&9y;ZQ9W?NlsDw*QH`PAL9hA#UzBs1*e^<s~ubvX3e!p9k|Jy)c
zbbeXNM5P&@X#>qJKu9B=Bq+C3iz+tg8B4@U5%u2HUqrD8Tr@XozkW3y^_HE1WNa7_
zcc^vm+kOQn>3#(b>AqFw={%>H5-qG(r97;cwKS~PS2$8d_=#xl5dH@e1X9Ho(B?n7
z18E8*M3AOIBIQvj$<<gUv4lucj$#u)hvDDM;{IcWn=ONJ(Oxu&duEApy|@Yuk!yWN
z`lsT<ME|Dzi>Itd+(-alXdKBZO;8Tr@SX__AA>!Qe9}M^8IYhrfeOm)tKtO_`tr%$
zU?y48C@%n7vkeiDgOAA}=z;Pd|KyGNhC86}FD}6T@lOK^sOK013IeUEaxNnEApg{-
zcSABhU0}p(DpmiFe=;nC8c_JxJ`E^<?9=(b_9;wdK<OX*v~&a~R`HL0QUcP#x`X^v
zSTx8#Az*|2Q&{wXBMXlDKmI8b<ey;O|2O{>V^{_nz!l{SplpUTA4CETCl4slq2m#P
zOwPu!aJ_2yIg}kzGfySjIzeshbnJAXVHqM0mn9fCb0Z%I6k@;{GnlT9c#dwC5|FA+
z8gvEn{|pc7Cn({2fRakHlUgDu0PmS)S%Y#wD*;V<W-8%=Mv!CTQ_OVDKwq5@?R2j^
z9%Q-3^zg;}K!GKAxlVmLLBvpyt1As(MAelhQNJ*0y3|P6xQcO8nO7x+GN7<foir-s
z3;Msny7TrKmL>Cx^I=XH0b7W_ty^ge$3@~(huKX@HLKc*Hmj<NHZQO*mDq(Tsi9n`
zWuaUw{y@3FKr76_O2l@Ga6c8nDa^4(|BntqZ7N83pu?G<R@AvzR-nFGWERTSU1aXO
zK1p_#o<%LLR?C=1oNt;!oUi5RW~ujLQ^rQTS@jmUI;TKqWc+i9^tV+i=8ggtlE<s>
zu4CCR`~W_V<vEhy6%B|Xd`pL7?W*r%-G|EXml&;aBmI140wVpYQ2ZRQ<6}sk+P_^h
z!T33-b01I@zl(d5<bsM4+tJ44KTH!kCn~s7fuN$~#?^$7R1rU%|H30ZXWoB-STe`v
z$GII4>1zW2*YgDk#fGny*T<vaLLA5~_70W2inO#r>OWhJ-3}gqYGb{vg&Cg&_f`1+
zd@4p8XVv4Jw-u6hi*bFEy`le}u@TCVAtXL$sAi5Q=fh^ewdBn-KL^&7P;Nk9S6xXQ
z-|0GHvxD`Csb4MgGHmU{=Ms4O9CdPuTxc2#>=Bg_XL2*lIy%UuW~dNSAMz#hwT#q5
z6?E1ABlcO1Lw;x*mH$`MjnS4@r*(3Neb2Rl&CTHK?GJ=ZhJx3t;3q$tPu9Y$N<&Jd
zJ?)n|#4&}!^o1IqG>i4`hJ6M~OQ-yP5HL?GNW*P;;XMbh@p`(oBh)@o40ID}d%uId
zfGP2L)xKV6`^BFtOi}zoK_1NjJGFL2+AdyLNrVt*`5Esn$Romp(c_efDUCu4IU5`}
zC0R0*x}yshPiLp+o#I47!n_LDF2UEl>%UJ6Pgj$Py+45S$N=Z6vI4WFd#;9agP~wd
zPv-GWWBNGZR)>c8Ar$tjT7vUajnH^2pqA;c%|FG}&T8|R7*Wc)XOHMgl*2D^SFEgd
zQrGktTg-#n+()gWFIiv9lBwObATk-47#^$dl}b7jG0&&c4rJjDrOJ<_ZUSQ|G6P1;
z9=Mgqot+^sb@5z}42dn6x<PB6-C4R4edPN@i`g~z)~Dh0d<(6f5s&)&rsw(W282At
zhgx)6E4!OemOEUShciR_k$O~?pMnKFPAPgfA(MZYq}+X&^v(&P*jvbzmks44$YaI!
z(oAmQ4)pvc8m1O;KTbCcon$8?S_4-8v@$@~NgGY7ajy~vAIaX{PO0|Ys6j)*ZO$xZ
zPS?K&r<eEa^8$G!v5RO^$>sT|4rmjsF%z>li5iEmBj{!4^1}Wi&y+`CPkFP?VtBb>
zB50OXlH4}24xVNiC*XV<tD{&QH0`9_v_VYT0?zZR6G?_Jkn9BpE7XP$DsC^t>-8*v
zyy#8;`PTM?Hv~Ny`z)B);(MLH*`?eowsf_|e)Z>>rL>Tn0U_Z>r{rhhCr}PPZjiW$
z6Hr|D%H+Ls5Rux-=zujHq0!74gvnSXR5G+84k@~LoCy|@N|}j50@q2|ZfaYYfRU`V
z^7BX$^oEY$vA{VFN7vut@ASgfy|0&5T#opKk?Rx+t?re<`<;=TP?p)60t#!t=(v?a
zJgkEn=`WKCNFT)u3sOygQvojq0fT%TbGoFLNwpKf_fD?pi0;XT9^D;H{!UuaUHJ0s
zR9AsGua7d_R91yFFPtOI<0E`!l$k0JxhI+4NrKY$g)AIkd9^&ERP=5u><fR&2||@O
zuE#`Hsg&~wvfHJVOu*8GN_J{zM8FZka?Utzuyyscn^fo@%Ukvz4}p|8TSu09dp>;c
zSq=}EudYen*nPyw>vd}HtedRMCEk+NpsBNWEwt0QFJC?86-{{a{MF_X%VcHZwZiw8
zP{=J~+%{W}SW*Tuay*?6urjPw9U_2MYtZH`T(2luOSH=fPZHQ83xy-o)(&d&^9530
zB<9*Q1lI@;xX6#ZH-X`pilv&jILrs8r|#XsG-GkxZiA#r9MOI#w>RR1rT#R>d{?1J
zOCs9;yr$zG;i>Xr;?Iflx6PMw*fV?F9IRG16@pWzbgqg;LOt#D+Qi(`F#bjJ`2HID
zt}1n19yP4f1C*W`g#E7-^L1};CnpWpKIVeGW?_H2jq%fyp@DoPp-qJscxNdGcHCQZ
z<oGU~V}52GgeHBB-NrU_HskKUl46kx!)!KjJYcOuZF9zJpxV-F=&Q!8+o~hiv_Fvw
z^tAkszO2%Ode-0}^EF4BENY}Kxkopv^>e+_(UFJG2q;C^$q3&@KutCJhzE!63vlu;
zMSO*yxHvWA=>Q^NDE6WnlgbBI;>{V8E*aA1TF)KgM?$N}7D%z<Nt>V?6J|iqt5J2B
z7vo8*<}V0!(idBy9O7DG&0~z;#_+;h;i)Y}2*X>^7RT}z&52faV2V@{r(mgUq6Y2@
z(*78YRD!pPN?wjvhqtN>@s_F$WtaGRCeZ+D$j&61fuZbJ36~juuStofv1%!bmv)|#
zouO(T+5C~WG2Wn)C%+KaE9O!gpz<Roc7NLw&4e~0Qg$Yl4<x^e==f18mS%CUE3HcM
zQz(%UbY1G-DjADuaPmyVS3}vC2C@Lbst?~*$nArUh=V%UOodX~waoenVw)y|1QWbL
zU%C{irMB2j_AFW{pQIzHG2ip;Rn$596#k@&4wr)-xs9=uqf7iH)RfTBr^~;m;xRJ|
z$o^qUIXib%3f$74AX3n8b=oS_@L86}w9H+^f6L)aNonXy({{euKQKlFAQedjcnZ|s
zCNN{#n&+|)sU7z&`&MMJhJ(???EvPVOb>x4Gn*Jqa{1no2x08RpH#$_GCe<1;h#++
zX-nV{%}B`LMGsW{+%Cuz{$z*cPP$Rxmzx|lIbm60pI&kE!pt8$<R*EcA@xc1Ba_B^
zE4g%Jl)R=-)jR{d-UZfit_A0Ae?Ay9Khsx{o}0bC4ewht)C^t%&H+{d?A^NgG7G?s
z`Tht;)6DAkQgROyc<C_l&$2k(EQbc1E%$T#3SO{iO?TQulRl}wlZ8v)6>Ae_7|9e;
zTBbVPVo@>J`}stiytHhwEk*=$aB+bgX3Idz`bz2zC*(`p+G3Ga2$ydWI{DM#?O$Hw
zUtBO1e?t^p{*c=wg?1~04iFiqr8of&qtX10^!3QNCi$f&>jH%WS<S9w5JGzl<>x%G
z`(_}iq4s_y`aZPb4^F-lS9w8xT=tOEE=Hjtn!3YF%U^L3wuy;`tTorJh+i5e;ZfR;
zz^OjrFcgr;`1V0gI#^9IpHHHgXAPZV9Uh$i==gk3<9hQoE_sL)A$buWE;<RQbINGv
z=8__ZDM5-+Cc93`eNL4pr+gv{1zXam`+ao2l@?`QWcp5%lu#D`)-xT+KFrk5F`Tu7
z=osl>P*66So-$pYRlC!ERN0+xVa#Jy*f%_Khi`VeV#9ncnFywKNYY3zVPcQhRIGX<
zy>jL~`s*!PUb&(X6`pv(2azMNVbnQkPlOjkhI-kMrMsqJmP-B;LR7`KyE}$=XZcbA
zz-C2xb-J{W=9_bO;EscSBl_ZJlNwH%W4VE13qTye3i2m84&PXg%_n{}C*V9|ci^~`
zDk!DQ7m^d-Xgy;8MwSALC0dN8dKftdR_Q#g;pV2EAd9pbNrFs1JxB|@6`pr!Y~p5f
z;N8OFgY$89T%zTm(zX78Gr%;tX&lqzQ>*JUx`9kx?P;j2=pz{AilOof2pe?d*SawW
zE4p9No3b%{Wi>|ifOfK=?K~yYBzCeuu<CWRNKfTn$Y+D(2HIgz1!{QV<uPB}<PEx4
z5v|elz?Jw;Zk`H+d&&cAV^J}=0wr7+MU!07XzBe$ZOvZp>Nb!0jCS-%ZrPseXHv~k
z&CO!xCm=M%6j_6I(8Yq4j7T)WKIwn8T@$^!Qk#@k^)=i$!`0+~i|!ZJ+GGWNm&J@l
z^|3JyA=vm1{_WIVK_aT2t1Lij(T+JD&&WXqLT1rUQRGKG7o{+e;<PoTK!#dA1#jXH
zsGl^HQvXC7npwWF)sBPijs{qb>{P?Lrp(5hCZQg+<Omlqa!^Mk<5yn@y&jC4Cf+Zg
zIpy4{7%iUV%z>;Z-*80D8Qii(sxP!}k|_S_)5LQf)j5r&Om{ww6+nN=sViAu&!soq
zT)zD{4rXptRse)`Fv>UTY{$Y~gIEiChi6YWcValtsMf0dDVWRb%SMi{T`eDHAx}>i
z=CF*F%5L~<u4<349kY`)T@m>Zzmvt{>mo6DJv|&xi?FQ=!Zml5QH-qXj3xCqgl)O*
zanPY3-O~6*&*pldF49Dn66l2AbH$CH&36}|!yJH={>ePLh?8YBC<k;wWg=){4(`*D
zJ6T${BnU%X(Q47nS{!^VzD<-bs$5y;;X7G$iO8`yy=yd}Gy1)r%1R<m4b?<jP2==t
zw7+g*vH9K&$b75QOU5%}4_))TXN6HN<BQ}Zv1W7-VO(!4TUpUq1GwIfX%Y8c4fl9H
z2Lb<D?OhyxJT@6Tr=>Xo7Zr}ddPuT{t|fgp;H6xbH?GSwIiG{7YaPn^5QFT~{5rUv
zNqajZ!u2xW$%tZiv#?D~u7k;)m`)Rg1bh%bRW~}}cUYd_wM$n@wm<pL@*ZB?TxH72
zV-q*vq2VaxKIpc!Wq*4oFu#n*Gj~V5-UHd*w-0%XQaRebK5dxV6kU&%%WLgNnG--*
zy{Ly}YwM-?i^}sGhL+aqduo+iV<0<Yh8jtKV7JW&e^75na$=Nqs8(vYAks9oHgx7p
zXE}vvrRkWad}#d%o8GL6Wtcz&+|6u+z#ub8vlsT9V@RiprOf@53g^uFCU`J3bpf=<
z@;M--MknP?dMI{2DqqF>X<Xd<Oy7HLqw>RfE@oFX@Aj9^z6*Di>Aezj*-zOKza|-V
zV-I6Tp-01V_R0RgtjWA5=H{7gkxpLYTsBE6{*&ALySX(Qhuw91w+gS%K=y*8130P$
zXWoY7Uavz9{WOiq3w@-b`t6I&E?uCD9xrB5@)9&lIo)<j7K63}<GIJLV8QsipTzg2
zK1j&;zhNyz{{*i!f>WVB=V#jKM<2uXA?d%%wyX*oY2QsXQ2^|=iT-lyct4!snbw<6
z2?)(xC@HG@^Df_<eF1XpC3pNLk=BnN6>n`Bpqt9%Mq3x^`qh39P8Oo6luivCyJjOF
zC*Cr1%A(kApqjfZ491-RP0ed&*h**Eob*%#z<0<Jbv!pyp<I%sk{-`+nRBm>JWaPe
zIoj3o$Y{n*v$p<j3WxI6q><*^Og2BV^X?c`HQZY!`^#>*DF5kZ$79eyNd27Mhl5P~
zM`~e54hweI0eFoKhvja#X_pKvz;7d_GwG+NWa`rNtL^6h!9Rsey3nND*dWHkJm&r=
zO$OD<BSUD!GCRoF{c|Y*dmM+jnYO}z{Pej>-+9tQQd=zR+AlLA#%ku=tKpL~b4iBl
zla_b>;`Nxhr1*#G{7y?A=rP59-IMbUm&%y-*zdoY5T`XUB5@%N!+#Y4<M<?~zz`vr
zF*&V$BV@!&E=|v$ES(a=klpeRLCYZZohzV40Eo^o_3dx!^5s#@iEZgJ8zgd-2ve(j
zR2G#sl0}b;;&O~NhxZovcWagk)x55*#B2BpWV7v_XwvXg&>19DNq@TYj2)^dg9!^E
z*?r*sI5YB;>AS;)qrnjbHgR+2PEi^>ueAIDG&pEaOcOn^R#Q`^NAgGqTCJ@3)x4;*
zIq-(8xgj)0&(_6B`&eDTzVq(Q)|pQ$vqYB-j6rJ#IK8ZBUhv=9F<O2UlUv<Xu~zYW
zt8LR(W4QQ59A=sMF|!+NmakY>%i3dZP^Z6*6wplvnHP|l)_ZLOCC2~IPeU`kocFr)
ziwSPx#>2Okj(wQ{4Gu#R^sspSIc9avqTaX(_`$9|Pwv><fC?42d?@zE@_p=YbX;ct
zT)r}TjijFVWN<bd9BaJ=CnV+gA>h`j-%R&PA5113ZXX_6O~ExiJl19iL6P;84aZuU
z0!;1@Jo5-!HIse}XiTDBZTJ(Gi6LsDNcRGT9f?Wr@+#aDLvNCe{5yPvV9lXd^YOxn
zUJvfQ)qCI=PWb}G{}nC;(fTrdP^U|UeKa0fOfZ>buynnQqbW;D1we8}qYvnGZQy8=
z`l=33nYpUeIS(E+u#i>jTN>P6^rGZC93JXx$hVT|0>6)Lm^Q|oYNLN)+`oDSvhM|4
zCSae)ui?$BQ(AFIZi0K*qBFmlREUCa!Rk%2CS3t3D9^WkeAkbX<Tgys{{QB#wx?|v
z2>%r;ANGl~l<~F=Ar+7|q%tZt#22I~q#=z+Y7{4QmG<NJoE_(-P5S0Yt%NGl+Ri<f
z%iZHUC$=u-5mSd$`eJ{iW+$LcFDY&%L<h9`4iFK^4>O!dg*6b02xq4acM$wV0ycn-
zor^BSQ`Iv-fSfhrO{dc;SA#HGFH#VtT`e}l(0nS`jHh&Bh!KEzWO0(djSD(+g^&A*
zCmD@mI*YNo!>;n~gjJ3Za$nHsi_H(@iHQy+&YQ=a(FX_u?gM|uUzvLGIs4>9@82+F
zEEg<Gb;(jUM#q1kfa(!=MsF#AntXZ(U`E?0M9Qs^X;}_Q(aDvkum2;_if~4v7SjFp
z-0_5?J=Jql;f)FlDQO>9FxMhUuNWrfC?Ud(_!#lRS569+m%TKql3egeB1Jn~{k$)o
z)q{Fr3z-#yW7d<opA3I`H}rfb>}HO_rf);Jxv3M{a11ctXWD^6{wj?^?yySSDk4_}
zLlkL9DrH5{9!Ky`5-r;C!oT6#h(vtNG{Zwi-Vky+s_+~Jmy5EGxGUyFmvGdl9dS?r
z9(Q306F5#XI6K>e)^<|?j%<@n;RJnZ!Cr9pjFg$tqmPQ>F<O5V&z|6`$iPY8gJ6>W
zg-%_NcIa4@q#++IC*on%FsklHlzc?*fayl^O}$M&QYM~4NyE>5sBQ+P&mK}lo>H6h
z()d|4stnO9jJU};RVvHS(g3&8ghk{|oEM%ZHFu&kgMZEbt}<lq^l%;PhS#1=C>4{q
z%LvA@IMPfMv=D#u4cDLvYj<^3?79ddpNZHlsU>!%9UnJo`T_?LX9Gz?mX%`lnO9}H
z5oQx!+#PVAi>~(1e_*k^BR>3R3;uMJj4}S%2`vX_WBEvGetcP{nvJMqQyywbm-?j6
zie%0<Nu14-Hx-UwpR8Gxq**^XQ#n~fGG;{*W_j{u<D`E}MWS-tSP)D3X{jBn|MO<<
zydXxf%779ta}%<~xuCx6+O5@0?waj#nsq8B9re@023D@SYgWFPJX@X3*79q=E6DF|
z0>a5UQa^V)9OWVQ56h7$mYRChuCRPI#ZpsM*%g*!Q!K~(gXP2&OU*i#U12#j#d5ko
zSk6qbob7)PmUB}q=O$Q)=rr&g*{(TAj><i^jFgoz+6Xafin9@pciCl20IG8<k~bDS
zm&jh^G3E0ncK`O*_5IzQ{p5LX;cPP`bE(9gW0A>N(E=2sINu5s+EvtR1By|YZwCrx
zPwX39nwdSoU``mkdFt`8h8oIx$c%!1>&Wh$aEcWf==IUf_r3`#qwwE4s^K^g<6z>O
zlU1TA0o{{-q85KOh($6~B`}apy)>a`_YUo&YK1K?Gg@;Ao+3?Ed|O@~V7VCB=XDz$
zW;+Gd6!EQ}UP76gnl~<5dO04mS+)iBFy@I$)GuqC4Y|g6x09m&Q&DSKkNV$2p=~WL
zEU)vfq%HG{EKjbKZ1FVF&syVa{QU<|O928D02BZK00<5M0%#alT_|JF2@C)L{F5T1
vI3Gc27+35w%iv~~003R12>=lQ0000000031AOHXWK9hN)BnH!>00000wNM<O

diff --git a/Solutions/Infoblox Cloud Data Connector/Package/createUiDefinition.json b/Solutions/Infoblox Cloud Data Connector/Package/createUiDefinition.json
index 99659a99bcc..d062e6418eb 100644
--- a/Solutions/Infoblox Cloud Data Connector/Package/createUiDefinition.json	
+++ b/Solutions/Infoblox Cloud Data Connector/Package/createUiDefinition.json	
@@ -6,7 +6,7 @@
     "config": {
       "isWizard": false,
       "basics": {
-        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/infoblox_logo.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \r \n • Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Infoblox%20Cloud%20Data%20Connector/ReleaseNotes.md)\r \n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe [Infoblox](https://www.infoblox.com/) Cloud solution allows you to easily connect your Infoblox BloxOne data with Microsoft Sentinel. By connecting your logs to Microsoft Sentinel, you can take advantage of search & correlation, alerting, and threat intelligence enrichment for each log.\r\n \r\n   **Underlying Microsoft Technologies used:** \r\n \r\n This solution takes a dependency on the following technologies, and some of these dependencies either may be in [Preview](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) state or might result in additional ingestion or operational costs:\r\n \r\n a. [Agent based logs collection from Windows and Linux machines ](https://docs.microsoft.com/azure/azure-monitor/agents/data-sources-custom-logs)\n\n**Data Connectors:** 1, **Parsers:** 1, **Workbooks:** 1, **Analytic Rules:** 8, **Playbooks:** 11\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
+        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/infoblox_logo.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \r \n • Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Infoblox%20Cloud%20Data%20Connector/ReleaseNotes.md)\r \n There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing._\n\nThe [Infoblox](https://www.infoblox.com/) Cloud solution allows you to easily connect your Infoblox BloxOne data with Microsoft Sentinel. By connecting your logs to Microsoft Sentinel, you can take advantage of search & correlation, alerting, and threat intelligence enrichment for each log.\r\n \r\n   **Underlying Microsoft Technologies used:** \r\n \r\n This solution takes a dependency on the following technologies, and some of these dependencies either may be in [Preview](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) state or might result in additional ingestion or operational costs:\r\n \r\n a. [Agent based logs collection from Windows and Linux machines ](https://docs.microsoft.com/azure/azure-monitor/agents/data-sources-custom-logs)\n\n**Data Connectors:** 1, **Parsers:** 1, **Workbooks:** 1, **Analytic Rules:** 8, **Playbooks:** 11\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
         "subscription": {
           "resourceProviders": [
             "Microsoft.OperationsManagement/solutions",
@@ -159,7 +159,7 @@
                 "name": "analytic1-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Data exfiltration attack detected by Infoblox Threat Insight. Customize query count, scheduling, responses and more. This rule depends on a parser based on a Kusto Function to work as expected called [**InfobloxCDC**](https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Solutions/Infoblox%20Cloud%20Data%20Connector/Parsers/InfobloxCDC.txt)."
+                  "text": "Data exfiltration attack detected by Infoblox Threat Insight. Customize query count, scheduling, responses and more. This rule depends on a parser based on a Kusto Function to work as expected called [**InfobloxCDC**](https://aka.ms/sentinel-InfobloxCloudDataConnector-parser)."
                 }
               }
             ]
@@ -187,7 +187,7 @@
                 "name": "analytic3-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "At least 200 high threat level queries generated by single host in 1 hour. Queries do not need to be the same. Customize query count, scheduling, responses and more. This rule depends on a parser based on a Kusto Function to work as expected called [**InfobloxCDC**](https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Solutions/Infoblox%20Cloud%20Data%20Connector/Parsers/InfobloxCDC.txt)."
+                  "text": "At least 200 high threat level queries generated by single host in 1 hour. Queries do not need to be the same. Customize query count, scheduling, responses and more. This rule depends on a parser based on a Kusto Function to work as expected called [**InfobloxCDC**](https://aka.ms/sentinel-InfobloxCloudDataConnector-parser)."
                 }
               }
             ]
@@ -215,7 +215,7 @@
                 "name": "analytic5-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Detected at least 200 DNS responses for non-existent domains in 1 hour generated by single host. Queries do not need to be the same. Customize query count, scheduling, responses and more. This rule depends on a parser based on a Kusto Function to work as expected called [**InfobloxCDC**](https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Solutions/Infoblox%20Cloud%20Data%20Connector/Parsers/InfobloxCDC.txt)."
+                  "text": "Detected at least 200 DNS responses for non-existent domains in 1 hour generated by single host. Queries do not need to be the same. Customize query count, scheduling, responses and more. This rule depends on a parser based on a Kusto Function to work as expected called [**InfobloxCDC**](https://aka.ms/sentinel-InfobloxCloudDataConnector-parser)."
                 }
               }
             ]
diff --git a/Solutions/Infoblox Cloud Data Connector/Package/mainTemplate.json b/Solutions/Infoblox Cloud Data Connector/Package/mainTemplate.json
index 18337b61af8..39b856f72d3 100644
--- a/Solutions/Infoblox Cloud Data Connector/Package/mainTemplate.json	
+++ b/Solutions/Infoblox Cloud Data Connector/Package/mainTemplate.json	
@@ -237,7 +237,7 @@
               },
               "properties": {
                 "displayName": "[parameters('workbook1-name')]",
-                "serializedData": "{\"version\":\"Notebook/1.0\",\"items\":[{\"type\":1,\"content\":{\"json\":\">**NOTE:** This data connector depends on a parser based on a Kusto Function to work as expected called [**InfobloxCDC**](https://aka.ms/sentinel-InfobloxCloudDataConnector-parser) which is deployed with the Microsoft Sentinel Solution.\",\"style\":\"info\"},\"name\":\"text - 9\",\"styleSettings\":{\"margin\":\"0 0 20px 0\"}},{\"type\":1,\"content\":{\"json\":\"# Infoblox CDC BloxOne DDI & Threat Defense Workbook\\r\\n\\r\\n##### Get a closer look at your BloxOne DNS Query/Response logs, DHCP logs and Threat Defense security event data. \\r\\n\\r\\nThis workbook is intended to help visualize BloxOne query data as part of the Infoblox Cloud Data Connector. Drilldown your data and visualize events, trends, and anomalous changes over time.\\r\\n\\r\\nSupported BloxOne Cloud Source log types:\\r\\n* Threat Defense Query/Response Log\\r\\n* Threat Defense Threat Feeds Hits Log\\r\\n* DDI Query/Response Log\\r\\n* DDI DHCP Lease Log\\r\\n\\r\\n---\\r\\n\"},\"name\":\"text - 3\",\"styleSettings\":{\"margin\":\"0 0 20px 0\"}},{\"type\":11,\"content\":{\"version\":\"LinkItem/1.0\",\"style\":\"tabs\",\"links\":[{\"id\":\"f2ce2fdb-104a-447f-b42b-6d11931a09ff\",\"cellValue\":\"view\",\"linkTarget\":\"parameter\",\"linkLabel\":\"DNS & DHCP Overview\",\"subTarget\":\"DNS & DHCP Overview\",\"style\":\"link\"},{\"id\":\"46b4abc5-316b-4c75-89b7-5cf134d6dbb0\",\"cellValue\":\"view\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Security Overview\",\"subTarget\":\"Security Overview\",\"style\":\"link\"},{\"id\":\"81661594-3591-4fe6-a67d-b69ae55abf67\",\"cellValue\":\"view\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Events by Device\",\"subTarget\":\"Events by Device\",\"preText\":\"IPs\",\"style\":\"link\"},{\"id\":\"46ca603b-ead0-46bd-987d-1d157b2a763a\",\"cellValue\":\"view\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Events by Domain\",\"subTarget\":\"Events by Domain\",\"style\":\"link\"},{\"id\":\"2e942b67-07c4-4579-ac5b-f43c5b01c51c\",\"cellValue\":\"view\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Filters\",\"subTarget\":\"Filters\",\"style\":\"link\"}]},\"name\":\"links - 16\",\"styleSettings\":{\"margin\":\"0 0 20px 0\"}},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"9878ee10-a66a-4438-afdd-29789d76bd61\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"TimeRange\",\"type\":4,\"isRequired\":true,\"value\":{\"durationMs\":14400000},\"typeSettings\":{\"selectableValues\":[{\"durationMs\":300000},{\"durationMs\":900000},{\"durationMs\":1800000},{\"durationMs\":3600000},{\"durationMs\":14400000},{\"durationMs\":43200000},{\"durationMs\":86400000},{\"durationMs\":172800000},{\"durationMs\":259200000},{\"durationMs\":604800000},{\"durationMs\":1209600000},{\"durationMs\":2419200000},{\"durationMs\":2592000000},{\"durationMs\":5184000000},{\"durationMs\":7776000000}],\"allowCustom\":true}}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"30\",\"name\":\"parameters - 0\"},{\"type\":1,\"content\":{\"json\":\"#### Set a time range for which to view data using the dropdown to the left. It will be applied to all visualizations of this workbook. Note that using a large range may cause queries to timeout depending on the size of your environment. Reduce the range if this keeps occurring.\\r\\n\\r\\n---\\r\\n\",\"style\":\"info\"},\"customWidth\":\"70\",\"name\":\"text - 7\",\"styleSettings\":{\"margin\":\"0 0 10px 0\"}},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"## Events by Device\\r\\n---\\r\\n#### Get a closer look into where threat data is originating. \\r\\nThis section visualizes which devices are producing the most hits. Further drilldown data by source IP address. \\r\\n\\r\\nMake sure to set all Threat Defense dropdowns below back to \\\"All\\\" when switching between Log Types.\"},\"name\":\"text - 8\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"12793c1f-b77e-4319-99f6-b6b4230d9cfe\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"LogTypeParam\",\"label\":\"Log Type\",\"type\":2,\"isRequired\":true,\"value\":\"RPZ\",\"typeSettings\":{\"showDefault\":false},\"jsonData\":\"[\\r\\n    { \\\"value\\\":\\\"RPZ\\\",  \\\"label\\\":\\\"Threat Defense Security Hits\\\" },\\r\\n    { \\\"value\\\":\\\"DNS\\\", \\\"label\\\":\\\"DNS Queries & Responses\\\" }\\r\\n]\",\"timeContext\":{\"durationMs\":86400000},\"timeContextFromParameter\":\"TimeRange\"}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"parameters - 6 - Copy - Copy - Copy2\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"19099936-395c-4ac9-a462-097e6c1fe50c\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"ThreatLevelParam\",\"label\":\"Threat Level\",\"type\":2,\"isRequired\":true,\"multiSelect\":true,\"quote\":\"'\",\"delimiter\":\",\",\"value\":[\"value::all\"],\"typeSettings\":{\"additionalResourceOptions\":[\"value::all\"],\"selectAllValue\":\"All\",\"showDefault\":false},\"jsonData\":\"[\\r\\n    { \\\"value\\\":\\\"N/A\\\"},\\r\\n    { \\\"value\\\":\\\"Info\\\"},\\r\\n    { \\\"value\\\":\\\"Low\\\"},\\r\\n    { \\\"value\\\":\\\"Medium\\\"},\\r\\n    { \\\"value\\\":\\\"High\\\"}\\r\\n]\",\"timeContext\":{\"durationMs\":259200000},\"timeContextFromParameter\":\"TimeRange\",\"defaultValue\":\"value::all\"},{\"id\":\"2d6b86ef-4bd8-4afd-be72-83f7cb365585\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"FeedParam\",\"label\":\"Feed\",\"type\":2,\"isRequired\":true,\"multiSelect\":true,\"quote\":\"\\\"\",\"delimiter\":\",\",\"query\":\"InfobloxCDC\\r\\n| where isnotempty(InfobloxB1FeedName)\\r\\n| summarize by InfobloxB1FeedName\\r\\n| order by InfobloxB1FeedName asc\",\"typeSettings\":{\"additionalResourceOptions\":[\"value::all\"],\"selectAllValue\":\"All\",\"showDefault\":false},\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"defaultValue\":\"value::all\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},{\"id\":\"8e48699a-6c2e-42b2-bcd8-15cfce54fe4d\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"ThreatClassParam\",\"label\":\"Threat Class\",\"type\":2,\"isRequired\":true,\"multiSelect\":true,\"quote\":\"\\\"\",\"delimiter\":\",\",\"query\":\"InfobloxCDC\\r\\n| summarize by ThreatClass\\r\\n| order by ThreatClass asc\\r\\n| project value = ThreatClass, label = case(ThreatClass == \\\"\\\", \\\"N/A\\\", ThreatClass)\",\"typeSettings\":{\"additionalResourceOptions\":[\"value::all\"],\"selectAllValue\":\"All\",\"showDefault\":false},\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"defaultValue\":\"value::all\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},{\"version\":\"KqlParameterItem/1.0\",\"name\":\"ActionParam\",\"label\":\"Action\",\"type\":2,\"isRequired\":true,\"multiSelect\":true,\"quote\":\"\\\"\",\"delimiter\":\",\",\"value\":[\"value::all\"],\"typeSettings\":{\"additionalResourceOptions\":[\"value::all\"],\"selectAllValue\":\"All\",\"showDefault\":false},\"jsonData\":\"[\\r\\n    { \\\"value\\\":\\\"NXDOMAIN\\\", \\\"label\\\": \\\"Block\\\"},\\r\\n    { \\\"value\\\":\\\"REDIRECT\\\", \\\"label\\\": \\\"Redirect\\\"},\\r\\n    { \\\"value\\\":\\\"PASSTHRU\\\", \\\"label\\\": \\\"Log\\\"}\\r\\n]\",\"timeContext\":{\"durationMs\":259200000},\"timeContextFromParameter\":\"TimeRange\",\"defaultValue\":\"value::all\",\"id\":\"f57d037a-57c8-4b7b-93fd-8f6215d1c9c2\"}],\"style\":\"pills\",\"doNotRunWhenHidden\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"conditionalVisibility\":{\"parameterName\":\"LogTypeParam\",\"comparison\":\"isEqualTo\",\"value\":\"RPZ\"},\"name\":\"parameters - 6 - Copy - Copy - Copy - Copy\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let starttime = {TimeRange:start};\\r\\nlet endtime = {TimeRange:end};\\r\\n// Finding Tops \\r\\nlet Top = materialize(InfobloxCDC\\r\\n| where TimeGenerated {TimeRange}\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| where DeviceEventClassID has_cs '{LogTypeParam}'\\r\\n| where isnotempty(SourceIP)\\r\\n| summarize count() by SourceIP\\r\\n| top 15 by count_ \\r\\n| project SourceIP);\\r\\n// Filtering datasource to Tops and Plot Time chart\\r\\nInfobloxCDC\\r\\n| where TimeGenerated {TimeRange}\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| where DeviceEventClassID has_cs '{LogTypeParam}'\\r\\n| where SourceIP in ((Top))\\r\\n| project TimeGenerated, SourceIP\\r\\n| make-series Total= count() default = 0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step {TimeRange:grain} by SourceIP\\r\\n\",\"size\":2,\"title\":\"Top Source IPs by Time\",\"color\":\"red\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"barchart\",\"tileSettings\":{\"showBorder\":false,\"titleContent\":{\"columnMatch\":\"DestinationDnsDomain\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"},\"numberFormat\":{\"unit\":17,\"options\":{\"maximumSignificantDigits\":3,\"maximumFractionDigits\":2}}}},\"chartSettings\":{\"createOtherGroup\":15,\"showLegend\":true}},\"name\":\"Top Source IPs by Time\"},{\"type\":1,\"content\":{\"json\":\"#### Click on a Device in the chart below to further drilldown the device.\\r\\n\\r\\n---\",\"style\":\"info\"},\"name\":\"text - 17\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange}\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| where DeviceEventClassID has_cs '{LogTypeParam}'\\r\\n| summarize count() by SourceIP, DeviceName, SourceMACAddress, InfobloxB1SrcOSVersion\\r\\n| order by count_ desc\",\"size\":2,\"title\":\"Hit Count by Device\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"exportFieldName\":\"SourceIP\",\"exportParameterName\":\"ip\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"count_\",\"formatter\":3,\"formatOptions\":{\"palette\":\"greenRed\",\"compositeBarSettings\":{\"labelText\":\"\"},\"customColumnWidthSetting\":\"40%\"}}],\"rowLimit\":500,\"filter\":true,\"labelSettings\":[{\"columnId\":\"count_\",\"label\":\"Hits\"}]},\"tileSettings\":{\"showBorder\":false,\"titleContent\":{\"columnMatch\":\"DestinationDnsDomain\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"},\"numberFormat\":{\"unit\":17,\"options\":{\"maximumSignificantDigits\":3,\"maximumFractionDigits\":2}}}}},\"customWidth\":\"30\",\"name\":\"Hit Count by Device\",\"styleSettings\":{\"margin\":\"0 10px 0 0\"}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange}\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| where DeviceEventClassID has_cs 'RPZ'\\r\\n| where '{ip}' == SourceIP \\r\\n| sort by TimeGenerated desc\\r\\n| project TimeGenerated, ThreatLevel, ThreatLevel_Score, ThreatConfidence, DestinationDnsDomain, InfobloxB1FeedName, ThreatClass, ThreatProperty, InfobloxB1PolicyAction, DeviceAction, InfobloxB1PolicyName, SourceIP, DeviceName, SourceMACAddress, SourceUserName, InfobloxB1SrcOSVersion, InfobloxB1ConnectionType, InfobloxB1Network, AdditionalExtensionsParsedNested\\r\\n\",\"size\":2,\"showAnalytics\":true,\"title\":\"Events for {ip}\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"showRefreshButton\":true,\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"ThreatLevel\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"==\",\"thresholdValue\":\"N/A\",\"representation\":\"gray\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Low\",\"representation\":\"yellow\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Info\",\"representation\":\"lightBlue\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Medium\",\"representation\":\"orange\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"High\",\"representation\":\"red\",\"text\":\"{0}{1}\"},{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"ThreatLevel_Score\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"is Empty\",\"representation\":\"gray\",\"text\":\"N/A\"},{\"operator\":\">=\",\"thresholdValue\":\"80\",\"representation\":\"red\",\"text\":\"{0}{1}\"},{\"operator\":\">=\",\"thresholdValue\":\"50\",\"representation\":\"orange\",\"text\":\"{0}{1}\"},{\"operator\":\">=\",\"thresholdValue\":\"1\",\"representation\":\"yellow\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"0\",\"representation\":\"lightBlue\",\"text\":\"{0}{1}\"},{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}],\"compositeBarSettings\":{\"labelText\":\"[\\\"ThreatLevel\\\"]\",\"columnSettings\":[{\"columnName\":\"ThreatLevel\",\"color\":\"orange\"},{\"columnName\":\"DestinationDnsDomain\",\"color\":\"blue\"}]}}},{\"columnMatch\":\"ThreatConfidence\",\"formatter\":8,\"formatOptions\":{\"min\":0,\"max\":100,\"palette\":\"purpleBlueGreen\",\"compositeBarSettings\":{\"labelText\":\"\"}}},{\"columnMatch\":\"LogSeverity\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"==\",\"thresholdValue\":\"0\",\"representation\":\"green\",\"text\":\"N/A\"},{\"operator\":\"==\",\"thresholdValue\":\"1\",\"representation\":\"blue\",\"text\":\"Low/Info\"},{\"operator\":\"==\",\"thresholdValue\":\"5\",\"representation\":\"orange\",\"text\":\"Medium\"},{\"operator\":\"==\",\"thresholdValue\":\"8\",\"representation\":\"red\",\"text\":\"High\"},{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}],\"compositeBarSettings\":{\"labelText\":\"\",\"columnSettings\":[{\"columnName\":\"LogSeverity\",\"color\":\"blue\"},{\"columnName\":\"DestinationDnsDomain\",\"color\":\"purple\"}]}}},{\"columnMatch\":\"Count\",\"formatter\":4,\"formatOptions\":{\"min\":0,\"palette\":\"blue\"}}],\"rowLimit\":500,\"filter\":true,\"sortBy\":[{\"itemKey\":\"InfobloxB1PolicyAction\",\"sortOrder\":2}]},\"sortBy\":[{\"itemKey\":\"InfobloxB1PolicyAction\",\"sortOrder\":2}]},\"customWidth\":\"70\",\"conditionalVisibilities\":[{\"parameterName\":\"ip\",\"comparison\":\"isNotEqualTo\"},{\"parameterName\":\"LogTypeParam\",\"comparison\":\"isEqualTo\",\"value\":\"RPZ\"}],\"showPin\":false,\"name\":\"Events for {ip}\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange}\\r\\n| where DeviceEventClassID has_cs 'DNS'\\r\\n| where '{ip}' == SourceIP \\r\\n| sort by TimeGenerated desc\\r\\n| project TimeGenerated, Activity, DestinationDnsDomain, SourceIP, DeviceName, SourceMACAddress, SourceUserName, InfobloxB1SrcOSVersion, InfobloxB1ConnectionType, InfobloxB1Network, InfobloxDNSQClass, InfobloxDNSQType, InfobloxDNSRCode, Protocol, AdditionalExtensionsParsedNested\\r\\n\",\"size\":2,\"showAnalytics\":true,\"title\":\"Events for {ip}\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"showRefreshButton\":true,\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"ThreatLevel\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"==\",\"thresholdValue\":\"N/A\",\"representation\":\"gray\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Low\",\"representation\":\"yellow\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Info\",\"representation\":\"lightBlue\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Medium\",\"representation\":\"orange\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"High\",\"representation\":\"red\",\"text\":\"{0}{1}\"},{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"ThreatLevel_Score\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"is Empty\",\"representation\":\"gray\",\"text\":\"N/A\"},{\"operator\":\">=\",\"thresholdValue\":\"80\",\"representation\":\"red\",\"text\":\"{0}{1}\"},{\"operator\":\">=\",\"thresholdValue\":\"50\",\"representation\":\"orange\",\"text\":\"{0}{1}\"},{\"operator\":\">=\",\"thresholdValue\":\"1\",\"representation\":\"yellow\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"0\",\"representation\":\"lightBlue\",\"text\":\"{0}{1}\"},{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}],\"compositeBarSettings\":{\"labelText\":\"[\\\"ThreatLevel\\\"]\",\"columnSettings\":[{\"columnName\":\"ThreatLevel\",\"color\":\"orange\"},{\"columnName\":\"DestinationDnsDomain\",\"color\":\"blue\"}]}}},{\"columnMatch\":\"ThreatConfidence\",\"formatter\":8,\"formatOptions\":{\"min\":0,\"max\":100,\"palette\":\"purpleBlueGreen\",\"compositeBarSettings\":{\"labelText\":\"\"}}},{\"columnMatch\":\"LogSeverity\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"==\",\"thresholdValue\":\"0\",\"representation\":\"green\",\"text\":\"N/A\"},{\"operator\":\"==\",\"thresholdValue\":\"1\",\"representation\":\"blue\",\"text\":\"Low/Info\"},{\"operator\":\"==\",\"thresholdValue\":\"5\",\"representation\":\"orange\",\"text\":\"Medium\"},{\"operator\":\"==\",\"thresholdValue\":\"8\",\"representation\":\"red\",\"text\":\"High\"},{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}],\"compositeBarSettings\":{\"labelText\":\"\",\"columnSettings\":[{\"columnName\":\"LogSeverity\",\"color\":\"blue\"},{\"columnName\":\"DestinationDnsDomain\",\"color\":\"purple\"}]}}},{\"columnMatch\":\"Count\",\"formatter\":4,\"formatOptions\":{\"min\":0,\"palette\":\"blue\"}}],\"rowLimit\":500,\"filter\":true,\"sortBy\":[{\"itemKey\":\"SourceIP\",\"sortOrder\":2}]},\"sortBy\":[{\"itemKey\":\"SourceIP\",\"sortOrder\":2}]},\"customWidth\":\"70\",\"conditionalVisibilities\":[{\"parameterName\":\"ip\",\"comparison\":\"isNotEqualTo\"},{\"parameterName\":\"LogTypeParam\",\"comparison\":\"isEqualTo\",\"value\":\"DNS\"}],\"showPin\":false,\"name\":\"Events for {ip} - Copy\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let starttime = {TimeRange:start};\\r\\nlet endtime = {TimeRange:end};\\r\\n// Finding Tops \\r\\nlet Top = materialize(InfobloxCDC\\r\\n| where TimeGenerated {TimeRange}\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| where DeviceEventClassID has_cs '{LogTypeParam}'\\r\\n| extend InfobloxB1FeedName = case(InfobloxB1FeedName == \\\"\\\", InfobloxRPZ, InfobloxB1FeedName)\\r\\n| where '{ip}' == SourceIP \\r\\n| summarize count() by InfobloxB1FeedName\\r\\n| top 10 by count_ \\r\\n| project InfobloxB1FeedName);\\r\\n// Filtering datasource to Tops and Plot Time chart\\r\\nInfobloxCDC\\r\\n| where TimeGenerated {TimeRange}\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| where DeviceEventClassID has_cs '{LogTypeParam}'\\r\\n| extend InfobloxB1FeedName = case(InfobloxB1FeedName == \\\"\\\", InfobloxRPZ, InfobloxB1FeedName)\\r\\n| where '{ip}' == SourceIP \\r\\n| where InfobloxB1FeedName in ((Top))\\r\\n| project TimeGenerated, InfobloxB1FeedName\\r\\n| make-series Total= count() default = 0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step {TimeRange:grain} by InfobloxB1FeedName\",\"size\":0,\"title\":\"Feed Trend for {ip}\",\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"barchart\",\"chartSettings\":{\"showLegend\":true}},\"customWidth\":\"50\",\"conditionalVisibilities\":[{\"parameterName\":\"ip\",\"comparison\":\"isNotEqualTo\"},{\"parameterName\":\"LogTypeParam\",\"comparison\":\"isEqualTo\",\"value\":\"RPZ\"}],\"name\":\"Feed Trend for {ip}\",\"styleSettings\":{\"margin\":\"0px 10px 0px 0px\"}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let starttime = {TimeRange:start};\\r\\nlet endtime = {TimeRange:end};\\r\\n// Finding Tops \\r\\nlet Top = materialize(InfobloxCDC\\r\\n| where TimeGenerated {TimeRange}\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| where DeviceEventClassID has_cs '{LogTypeParam}'\\r\\n| extend ThreatClass = case(ThreatClass == \\\"\\\", \\\"N/A\\\", ThreatClass)\\r\\n| where '{ip}' == SourceIP \\r\\n| summarize count() by ThreatClass\\r\\n| top 10 by count_ \\r\\n| project ThreatClass);\\r\\n// Filtering datasource to Tops and Plot Time chart\\r\\nInfobloxCDC\\r\\n| where TimeGenerated {TimeRange}\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| where DeviceEventClassID has_cs '{LogTypeParam}'\\r\\n| extend ThreatClass = case(ThreatClass == \\\"\\\", \\\"N/A\\\", ThreatClass)\\r\\n| where '{ip}' == SourceIP \\r\\n| where ThreatClass in ((Top))\\r\\n| project TimeGenerated, ThreatClass\\r\\n| make-series Total= count() default = 0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step {TimeRange:grain} by ThreatClass\",\"size\":0,\"title\":\"Threat Class Trend for {ip}\",\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"barchart\",\"chartSettings\":{\"showLegend\":true}},\"customWidth\":\"50\",\"conditionalVisibilities\":[{\"parameterName\":\"ip\",\"comparison\":\"isNotEqualTo\"},{\"parameterName\":\"LogTypeParam\",\"comparison\":\"isEqualTo\",\"value\":\"RPZ\"}],\"name\":\"Threat Class Trend for {ip}\",\"styleSettings\":{\"margin\":\"0px 10px 0px 0px\"}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange}\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| where DeviceEventClassID has_cs '{LogTypeParam}'\\r\\n| where '{ip}' == SourceIP \\r\\n| make-series Trend = count() default = 0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step {TimeRange:grain} by ThreatLevel\",\"size\":0,\"title\":\"Threat Level Trend for {ip}\",\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"timechart\",\"chartSettings\":{\"group\":\"ThreatLevel\",\"createOtherGroup\":\"\",\"showLegend\":true,\"seriesLabelSettings\":[{\"seriesName\":\"N/A\",\"label\":\"N/A\",\"color\":\"turquoise\"},{\"seriesName\":\"Info\",\"label\":\"\",\"color\":\"lightBlue\"},{\"seriesName\":\"Low\",\"label\":\"\",\"color\":\"yellow\"},{\"seriesName\":\"Medium\",\"label\":\"\",\"color\":\"orange\"},{\"seriesName\":\"High\",\"color\":\"red\"}]}},\"customWidth\":\"50\",\"conditionalVisibilities\":[{\"parameterName\":\"ip\",\"comparison\":\"isNotEqualTo\"},{\"parameterName\":\"LogTypeParam\",\"comparison\":\"isEqualTo\",\"value\":\"RPZ\"}],\"name\":\"Threat Level Trend for {ip}\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange}\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| where DeviceEventClassID has_cs '{LogTypeParam}'\\r\\n| where '{ip}' == SourceIP \\r\\n| make-series Trend = count() default = 0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step {TimeRange:grain} by SimplifiedDeviceAction\",\"size\":0,\"title\":\"Action Trend for {ip}\",\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"timechart\",\"chartSettings\":{\"showLegend\":true,\"seriesLabelSettings\":[{\"seriesName\":\"PASSTHRU\",\"label\":\"Log\",\"color\":\"green\"},{\"seriesName\":\"REDIRECT\",\"label\":\"Redirect\",\"color\":\"orange\"},{\"seriesName\":\"NXDOMAIN\",\"label\":\"Block\",\"color\":\"redBright\"},{\"seriesName\":\"<empty>\",\"label\":\"Unknown\",\"color\":\"turquoise\"}]}},\"customWidth\":\"50\",\"conditionalVisibilities\":[{\"parameterName\":\"ip\",\"comparison\":\"isNotEqualTo\"},{\"parameterName\":\"LogTypeParam\",\"comparison\":\"isEqualTo\",\"value\":\"RPZ\"}],\"name\":\"Action Trend for {ip}\"},{\"type\":1,\"content\":{\"json\":\"#### The time graph below utilizes Time Brushing. Click and drag between two points of the graph to view events for only that window of time. By not selecting any window you can also view all events for the TimeRange selected at the top of this workbook. \\r\\n\\r\\n---\",\"style\":\"info\"},\"conditionalVisibility\":{\"parameterName\":\"ip\",\"comparison\":\"isNotEqualTo\"},\"name\":\"text - 9\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange}\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| where DeviceEventClassID has_cs '{LogTypeParam}'\\r\\n| where '{ip}' == SourceIP \\r\\n| summarize count() by DestinationDnsDomain\\r\\n| order by count_ desc\",\"size\":2,\"title\":\"Queries for {ip}\",\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"DestinationDnsDomain\",\"formatter\":0,\"formatOptions\":{\"customColumnWidthSetting\":\"40%\"}},{\"columnMatch\":\"count_\",\"formatter\":3,\"formatOptions\":{\"palette\":\"greenRed\",\"compositeBarSettings\":{\"labelText\":\"\"},\"customColumnWidthSetting\":\"60%\"}}],\"rowLimit\":500,\"filter\":true,\"labelSettings\":[{\"columnId\":\"count_\",\"label\":\"Hits\"}]},\"tileSettings\":{\"showBorder\":false,\"titleContent\":{\"columnMatch\":\"DestinationDnsDomain\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"},\"numberFormat\":{\"unit\":17,\"options\":{\"maximumSignificantDigits\":3,\"maximumFractionDigits\":2}}}}},\"customWidth\":\"20\",\"conditionalVisibility\":{\"parameterName\":\"ip\",\"comparison\":\"isNotEqualTo\"},\"name\":\"Queries for {ip}\",\"styleSettings\":{\"margin\":\"0 10px 0 0\"}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let starttime = {TimeRange:start};\\r\\nlet endtime = {TimeRange:end};\\r\\nlet timeframe = 1h;\\r\\n// Finding Tops \\r\\nlet Top = materialize(InfobloxCDC\\r\\n| where TimeGenerated {TimeRange}\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| where DeviceEventClassID has_cs '{LogTypeParam}'\\r\\n| where '{ip}' == SourceIP \\r\\n| where isnotempty(DestinationDnsDomain)\\r\\n| summarize count() by DestinationDnsDomain\\r\\n| top 15 by count_ \\r\\n| project DestinationDnsDomain);\\r\\n// Filtering datasource to Tops and Plot Time chart\\r\\nInfobloxCDC\\r\\n| where TimeGenerated {TimeRange}\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| where DeviceEventClassID has_cs '{LogTypeParam}'\\r\\n| where '{ip}' == SourceIP \\r\\n| where DestinationDnsDomain in ((Top))\\r\\n| project TimeGenerated, DestinationDnsDomain\\r\\n| make-series Total= count() default = 0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step {TimeRange:grain} by DestinationDnsDomain\\r\\n\",\"size\":2,\"title\":\"Top Queries for {ip} by Time\",\"color\":\"red\",\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"timeBrushParameterName\":\"brush\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"barchart\",\"tileSettings\":{\"showBorder\":false,\"titleContent\":{\"columnMatch\":\"DestinationDnsDomain\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"},\"numberFormat\":{\"unit\":17,\"options\":{\"maximumSignificantDigits\":3,\"maximumFractionDigits\":2}}}},\"chartSettings\":{\"createOtherGroup\":15,\"showLegend\":true}},\"customWidth\":\"80\",\"conditionalVisibility\":{\"parameterName\":\"ip\",\"comparison\":\"isNotEqualTo\"},\"name\":\"Top Queries for {ip} by Time\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Total Events for {ip} between {brush:label}\",\"items\":[{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and TimeGenerated {brush} \\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| where DeviceEventClassID has_cs '{LogTypeParam}'\\r\\n| where '{ip}' == SourceIP \\r\\n| summarize count()\",\"size\":3,\"title\":\"Events Count\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"}},\"showBorder\":false}},\"name\":\"Events Count\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and TimeGenerated {brush} \\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| where DeviceEventClassID has_cs '{LogTypeParam}'\\r\\n| where '{ip}' == SourceIP \\r\\n| sort by TimeGenerated desc\\r\\n| project TimeGenerated, DeviceEventClassID, ThreatLevel, ThreatLevel_Score, ThreatConfidence, DestinationDnsDomain, InfobloxB1FeedName, ThreatClass, ThreatProperty, InfobloxB1PolicyAction, DeviceAction, InfobloxB1PolicyName, SourceIP, DeviceName, SourceMACAddress, SourceUserName, InfobloxB1SrcOSVersion, InfobloxB1ConnectionType, InfobloxB1Network, AdditionalExtensionsParsedNested\",\"size\":2,\"showAnalytics\":true,\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"showRefreshButton\":true,\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"ThreatLevel\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"==\",\"thresholdValue\":\"N/A\",\"representation\":\"gray\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Low\",\"representation\":\"yellow\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Info\",\"representation\":\"lightBlue\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Medium\",\"representation\":\"orange\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"High\",\"representation\":\"red\",\"text\":\"{0}{1}\"},{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"ThreatLevel_Score\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"is Empty\",\"representation\":\"gray\",\"text\":\"N/A\"},{\"operator\":\">=\",\"thresholdValue\":\"80\",\"representation\":\"red\",\"text\":\"{0}{1}\"},{\"operator\":\">=\",\"thresholdValue\":\"50\",\"representation\":\"orange\",\"text\":\"{0}{1}\"},{\"operator\":\">=\",\"thresholdValue\":\"1\",\"representation\":\"yellow\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"0\",\"representation\":\"lightBlue\",\"text\":\"{0}{1}\"},{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}],\"compositeBarSettings\":{\"labelText\":\"[\\\"ThreatLevel\\\"]\",\"columnSettings\":[{\"columnName\":\"ThreatLevel\",\"color\":\"orange\"},{\"columnName\":\"DestinationDnsDomain\",\"color\":\"blue\"}]}}},{\"columnMatch\":\"ThreatConfidence\",\"formatter\":8,\"formatOptions\":{\"min\":0,\"max\":100,\"palette\":\"purpleBlueGreen\",\"compositeBarSettings\":{\"labelText\":\"\"}}},{\"columnMatch\":\"LogSeverity\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"==\",\"thresholdValue\":\"0\",\"representation\":\"green\",\"text\":\"N/A\"},{\"operator\":\"==\",\"thresholdValue\":\"1\",\"representation\":\"blue\",\"text\":\"Low/Info\"},{\"operator\":\"==\",\"thresholdValue\":\"5\",\"representation\":\"orange\",\"text\":\"Medium\"},{\"operator\":\"==\",\"thresholdValue\":\"8\",\"representation\":\"red\",\"text\":\"High\"},{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}],\"compositeBarSettings\":{\"labelText\":\"\",\"columnSettings\":[{\"columnName\":\"LogSeverity\",\"color\":\"blue\"},{\"columnName\":\"DestinationDnsDomain\",\"color\":\"purple\"}]}}},{\"columnMatch\":\"Count\",\"formatter\":4,\"formatOptions\":{\"min\":0,\"palette\":\"blue\"}}],\"rowLimit\":500,\"filter\":true,\"sortBy\":[{\"itemKey\":\"InfobloxB1PolicyAction\",\"sortOrder\":1}]},\"sortBy\":[{\"itemKey\":\"InfobloxB1PolicyAction\",\"sortOrder\":1}]},\"conditionalVisibility\":{\"parameterName\":\"LogTypeParam\",\"comparison\":\"isEqualTo\",\"value\":\"RPZ\"},\"showPin\":false,\"name\":\"Events for {ip} between {brush:label} - grid\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and TimeGenerated {brush} \\r\\n| where DeviceEventClassID has_cs 'DNS'\\r\\n| where '{ip}' == SourceIP \\r\\n| sort by TimeGenerated desc\\r\\n| project TimeGenerated, Activity, DestinationDnsDomain, SourceIP, DeviceName, SourceMACAddress, SourceUserName, InfobloxB1SrcOSVersion, InfobloxB1ConnectionType, InfobloxB1Network, InfobloxDNSQClass, InfobloxDNSQType, InfobloxDNSRCode, Protocol, AdditionalExtensionsParsedNested\\r\\n\",\"size\":2,\"showAnalytics\":true,\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"showRefreshButton\":true,\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"ThreatLevel\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"==\",\"thresholdValue\":\"N/A\",\"representation\":\"gray\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Low\",\"representation\":\"yellow\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Info\",\"representation\":\"lightBlue\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Medium\",\"representation\":\"orange\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"High\",\"representation\":\"red\",\"text\":\"{0}{1}\"},{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"ThreatLevel_Score\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"is Empty\",\"representation\":\"gray\",\"text\":\"N/A\"},{\"operator\":\">=\",\"thresholdValue\":\"80\",\"representation\":\"red\",\"text\":\"{0}{1}\"},{\"operator\":\">=\",\"thresholdValue\":\"50\",\"representation\":\"orange\",\"text\":\"{0}{1}\"},{\"operator\":\">=\",\"thresholdValue\":\"1\",\"representation\":\"yellow\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"0\",\"representation\":\"lightBlue\",\"text\":\"{0}{1}\"},{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}],\"compositeBarSettings\":{\"labelText\":\"[\\\"ThreatLevel\\\"]\",\"columnSettings\":[{\"columnName\":\"ThreatLevel\",\"color\":\"orange\"},{\"columnName\":\"DestinationDnsDomain\",\"color\":\"blue\"}]}}},{\"columnMatch\":\"ThreatConfidence\",\"formatter\":8,\"formatOptions\":{\"min\":0,\"max\":100,\"palette\":\"purpleBlueGreen\",\"compositeBarSettings\":{\"labelText\":\"\"}}},{\"columnMatch\":\"LogSeverity\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"==\",\"thresholdValue\":\"0\",\"representation\":\"green\",\"text\":\"N/A\"},{\"operator\":\"==\",\"thresholdValue\":\"1\",\"representation\":\"blue\",\"text\":\"Low/Info\"},{\"operator\":\"==\",\"thresholdValue\":\"5\",\"representation\":\"orange\",\"text\":\"Medium\"},{\"operator\":\"==\",\"thresholdValue\":\"8\",\"representation\":\"red\",\"text\":\"High\"},{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}],\"compositeBarSettings\":{\"labelText\":\"\",\"columnSettings\":[{\"columnName\":\"LogSeverity\",\"color\":\"blue\"},{\"columnName\":\"DestinationDnsDomain\",\"color\":\"purple\"}]}}},{\"columnMatch\":\"Count\",\"formatter\":4,\"formatOptions\":{\"min\":0,\"palette\":\"blue\"}}],\"rowLimit\":500,\"filter\":true}},\"conditionalVisibility\":{\"parameterName\":\"LogTypeParam\",\"comparison\":\"isEqualTo\",\"value\":\"DNS\"},\"showPin\":false,\"name\":\"Events for {ip} between {brush:label} - grid - Copy\"}]},\"conditionalVisibility\":{\"parameterName\":\"ip\",\"comparison\":\"isNotEqualTo\"},\"name\":\"Total Events for {ip} between {brush:label}\"}]},\"conditionalVisibility\":{\"parameterName\":\"view\",\"comparison\":\"isEqualTo\",\"value\":\"Events by Device\"},\"name\":\"Events by Device\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"## Events by Destination Domain\\r\\n---\\r\\n#### Get a closer look into what is being queried. \\r\\nThis section visualizes where users are visiting. Further drilldown data by destination query (domain). \\r\\n\\r\\nMake sure to set all Threat Defense dropdowns below back to \\\"All\\\" when switching between Log Types.\"},\"name\":\"text - 6\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"9d2856d9-b23c-4779-916d-abef2e4c50e0\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"LogTypeParam\",\"label\":\"Log Type\",\"type\":2,\"isRequired\":true,\"value\":\"RPZ\",\"typeSettings\":{\"showDefault\":false},\"jsonData\":\"[\\r\\n    { \\\"value\\\":\\\"RPZ\\\",  \\\"label\\\":\\\"Threat Defense Security Hits\\\" },\\r\\n    { \\\"value\\\":\\\"DNS\\\", \\\"label\\\":\\\"DNS Queries & Responses\\\" }\\r\\n]\",\"timeContext\":{\"durationMs\":86400000},\"timeContextFromParameter\":\"TimeRange\"}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"parameters - 6 - Copy - Copy - Copy2 - Copy\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"a5663eb6-1030-421e-a60a-6af9f4af3f99\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"ThreatLevelParam\",\"label\":\"Threat Level\",\"type\":2,\"isRequired\":true,\"multiSelect\":true,\"quote\":\"'\",\"delimiter\":\",\",\"value\":[\"value::all\"],\"typeSettings\":{\"additionalResourceOptions\":[\"value::all\"],\"selectAllValue\":\"All\",\"showDefault\":false},\"jsonData\":\"[\\r\\n    { \\\"value\\\":\\\"N/A\\\"},\\r\\n    { \\\"value\\\":\\\"Info\\\"},\\r\\n    { \\\"value\\\":\\\"Low\\\"},\\r\\n    { \\\"value\\\":\\\"Medium\\\"},\\r\\n    { \\\"value\\\":\\\"High\\\"}\\r\\n]\",\"timeContext\":{\"durationMs\":259200000},\"timeContextFromParameter\":\"TimeRange\",\"defaultValue\":\"value::all\"},{\"id\":\"5cbd5c34-3703-4835-aa3b-228504310c1c\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"FeedParam\",\"label\":\"Feed\",\"type\":2,\"isRequired\":true,\"multiSelect\":true,\"quote\":\"\\\"\",\"delimiter\":\",\",\"query\":\"InfobloxCDC\\r\\n| where isnotempty(InfobloxB1FeedName)\\r\\n| summarize by InfobloxB1FeedName\\r\\n| order by InfobloxB1FeedName asc\",\"typeSettings\":{\"additionalResourceOptions\":[\"value::all\"],\"selectAllValue\":\"All\",\"showDefault\":false},\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"defaultValue\":\"value::all\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"value\":[\"value::all\"]},{\"id\":\"3c67b4c6-8cf3-4c75-87ea-4bca83dee296\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"ThreatClassParam\",\"label\":\"Threat Class\",\"type\":2,\"isRequired\":true,\"multiSelect\":true,\"quote\":\"\\\"\",\"delimiter\":\",\",\"query\":\"InfobloxCDC\\r\\n| summarize by ThreatClass\\r\\n| order by ThreatClass asc\\r\\n| project value = ThreatClass, label = case(ThreatClass == \\\"\\\", \\\"N/A\\\", ThreatClass)\",\"typeSettings\":{\"additionalResourceOptions\":[\"value::all\"],\"selectAllValue\":\"All\",\"showDefault\":false},\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"defaultValue\":\"value::all\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"value\":[\"value::all\"]},{\"version\":\"KqlParameterItem/1.0\",\"name\":\"ActionParam\",\"label\":\"Action\",\"type\":2,\"isRequired\":true,\"multiSelect\":true,\"quote\":\"\\\"\",\"delimiter\":\",\",\"value\":[\"value::all\"],\"typeSettings\":{\"additionalResourceOptions\":[\"value::all\"],\"selectAllValue\":\"All\",\"showDefault\":false},\"jsonData\":\"[\\r\\n    { \\\"value\\\":\\\"NXDOMAIN\\\", \\\"label\\\": \\\"Block\\\"},\\r\\n    { \\\"value\\\":\\\"REDIRECT\\\", \\\"label\\\": \\\"Redirect\\\"},\\r\\n    { \\\"value\\\":\\\"PASSTHRU\\\", \\\"label\\\": \\\"Log\\\"}\\r\\n]\",\"timeContext\":{\"durationMs\":259200000},\"timeContextFromParameter\":\"TimeRange\",\"defaultValue\":\"value::all\",\"id\":\"730927d0-a8ce-461d-b20b-fe9cda17c486\"}],\"style\":\"pills\",\"doNotRunWhenHidden\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"conditionalVisibility\":{\"parameterName\":\"LogTypeParam\",\"comparison\":\"isEqualTo\",\"value\":\"RPZ\"},\"name\":\"parameters - 6 - Copy - Copy - Copy - Copy - Copy\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let starttime = {TimeRange:start};\\r\\nlet endtime = {TimeRange:end};\\r\\nlet timeframe = 1h;\\r\\n// Finding Tops \\r\\nlet Top = materialize(InfobloxCDC\\r\\n| where TimeGenerated {TimeRange}\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| where DeviceEventClassID has_cs '{LogTypeParam}'\\r\\n| where isnotempty(DestinationDnsDomain)\\r\\n| summarize count() by DestinationDnsDomain\\r\\n| top 15 by count_ \\r\\n| project DestinationDnsDomain);\\r\\n// Filtering datasource to Tops and Plot Time chart\\r\\nInfobloxCDC\\r\\n| where TimeGenerated {TimeRange}\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| where DeviceEventClassID has_cs '{LogTypeParam}'\\r\\n| where DestinationDnsDomain in ((Top))\\r\\n| project TimeGenerated, DestinationDnsDomain\\r\\n| make-series Total= count() default = 0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step {TimeRange:grain} by DestinationDnsDomain\\r\\n\",\"size\":2,\"title\":\"Top Queries by Time\",\"color\":\"red\",\"timeContext\":{\"durationMs\":86400000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"barchart\",\"tileSettings\":{\"showBorder\":false,\"titleContent\":{\"columnMatch\":\"DestinationDnsDomain\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"},\"numberFormat\":{\"unit\":17,\"options\":{\"maximumSignificantDigits\":3,\"maximumFractionDigits\":2}}}},\"chartSettings\":{\"createOtherGroup\":15,\"showLegend\":true}},\"name\":\"Top Queries by Time\"},{\"type\":1,\"content\":{\"json\":\"#### Click on a Query in the chart below to further drilldown the query.\\r\\n\\r\\n---\",\"style\":\"info\"},\"name\":\"text - 14\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange}\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| where DeviceEventClassID has_cs '{LogTypeParam}'\\r\\n| summarize count() by DestinationDnsDomain\\r\\n| sort by count_ desc\",\"size\":2,\"title\":\"Hit Count by Query/Domain\",\"timeContext\":{\"durationMs\":86400000},\"timeContextFromParameter\":\"TimeRange\",\"exportFieldName\":\"DestinationDnsDomain\",\"exportParameterName\":\"domain\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"DestinationDnsDomain\",\"formatter\":0,\"formatOptions\":{\"customColumnWidthSetting\":\"60%\"}},{\"columnMatch\":\"count_\",\"formatter\":3,\"formatOptions\":{\"palette\":\"greenRed\",\"compositeBarSettings\":{\"labelText\":\"\"},\"customColumnWidthSetting\":\"40%\"}}],\"rowLimit\":500,\"filter\":true,\"labelSettings\":[{\"columnId\":\"count_\",\"label\":\"Hits\"}]},\"tileSettings\":{\"showBorder\":false,\"titleContent\":{\"columnMatch\":\"DestinationDnsDomain\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"},\"numberFormat\":{\"unit\":17,\"options\":{\"maximumSignificantDigits\":3,\"maximumFractionDigits\":2}}}}},\"customWidth\":\"30\",\"name\":\"Hit Count by Query/Domain\",\"styleSettings\":{\"margin\":\"0 10px 0 0\"}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange}\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| where DeviceEventClassID has_cs 'RPZ'\\r\\n| where '{domain}' == DestinationDnsDomain \\r\\n| sort by TimeGenerated desc\\r\\n| project TimeGenerated, ThreatLevel, ThreatLevel_Score, ThreatConfidence, DestinationDnsDomain, InfobloxB1FeedName, ThreatClass, ThreatProperty, InfobloxB1PolicyAction, DeviceAction, InfobloxB1PolicyName, SourceIP, DeviceName, SourceMACAddress, SourceUserName, InfobloxB1SrcOSVersion, InfobloxB1ConnectionType, InfobloxB1Network, AdditionalExtensionsParsedNested\\r\\n\",\"size\":2,\"showAnalytics\":true,\"title\":\"Events for {domain}\",\"timeContext\":{\"durationMs\":86400000},\"timeContextFromParameter\":\"TimeRange\",\"showRefreshButton\":true,\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"ThreatLevel\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"==\",\"thresholdValue\":\"N/A\",\"representation\":\"gray\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Low\",\"representation\":\"yellow\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Info\",\"representation\":\"lightBlue\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Medium\",\"representation\":\"orange\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"High\",\"representation\":\"red\",\"text\":\"{0}{1}\"},{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"ThreatLevel_Score\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"is Empty\",\"representation\":\"gray\",\"text\":\"N/A\"},{\"operator\":\">=\",\"thresholdValue\":\"80\",\"representation\":\"red\",\"text\":\"{0}{1}\"},{\"operator\":\">=\",\"thresholdValue\":\"50\",\"representation\":\"orange\",\"text\":\"{0}{1}\"},{\"operator\":\">=\",\"thresholdValue\":\"1\",\"representation\":\"yellow\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"0\",\"representation\":\"lightBlue\",\"text\":\"{0}{1}\"},{\"operator\":\"Default\",\"text\":\"\"}],\"compositeBarSettings\":{\"labelText\":\"[\\\"ThreatLevel\\\"]\",\"columnSettings\":[{\"columnName\":\"ThreatLevel\",\"color\":\"orange\"},{\"columnName\":\"DestinationDnsDomain\",\"color\":\"blue\"}]}}},{\"columnMatch\":\"ThreatConfidence\",\"formatter\":8,\"formatOptions\":{\"min\":0,\"max\":100,\"palette\":\"purpleBlueGreen\",\"compositeBarSettings\":{\"labelText\":\"\"}}},{\"columnMatch\":\"LogSeverity\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"==\",\"thresholdValue\":\"0\",\"representation\":\"green\",\"text\":\"N/A\"},{\"operator\":\"==\",\"thresholdValue\":\"1\",\"representation\":\"blue\",\"text\":\"Low/Info\"},{\"operator\":\"==\",\"thresholdValue\":\"5\",\"representation\":\"orange\",\"text\":\"Medium\"},{\"operator\":\"==\",\"thresholdValue\":\"8\",\"representation\":\"red\",\"text\":\"High\"},{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}],\"compositeBarSettings\":{\"labelText\":\"\",\"columnSettings\":[{\"columnName\":\"LogSeverity\",\"color\":\"blue\"},{\"columnName\":\"DestinationDnsDomain\",\"color\":\"purple\"}]}}},{\"columnMatch\":\"Count\",\"formatter\":4,\"formatOptions\":{\"min\":0,\"palette\":\"blue\"}}],\"rowLimit\":500,\"filter\":true}},\"customWidth\":\"70\",\"conditionalVisibilities\":[{\"parameterName\":\"domain\",\"comparison\":\"isNotEqualTo\"},{\"parameterName\":\"LogTypeParam\",\"comparison\":\"isEqualTo\",\"value\":\"RPZ\"}],\"showPin\":false,\"name\":\"Events for {domain}\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange}\\r\\n| where DeviceEventClassID has_cs 'DNS'\\r\\n| where '{domain}' == DestinationDnsDomain \\r\\n| sort by TimeGenerated desc\\r\\n| project TimeGenerated, Activity, DestinationDnsDomain, SourceIP, DeviceName, SourceMACAddress, SourceUserName, InfobloxB1SrcOSVersion, InfobloxB1ConnectionType, InfobloxB1Network, InfobloxDNSQClass, InfobloxDNSQType, InfobloxDNSRCode, Protocol, AdditionalExtensionsParsedNested\\r\\n\\r\\n\",\"size\":2,\"showAnalytics\":true,\"title\":\"Events for {domain}\",\"timeContext\":{\"durationMs\":86400000},\"timeContextFromParameter\":\"TimeRange\",\"showRefreshButton\":true,\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"ThreatLevel\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"==\",\"thresholdValue\":\"N/A\",\"representation\":\"gray\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Low\",\"representation\":\"yellow\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Info\",\"representation\":\"lightBlue\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Medium\",\"representation\":\"orange\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"High\",\"representation\":\"red\",\"text\":\"{0}{1}\"},{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"ThreatLevel_Score\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"is Empty\",\"representation\":\"gray\",\"text\":\"N/A\"},{\"operator\":\">=\",\"thresholdValue\":\"80\",\"representation\":\"red\",\"text\":\"{0}{1}\"},{\"operator\":\">=\",\"thresholdValue\":\"50\",\"representation\":\"orange\",\"text\":\"{0}{1}\"},{\"operator\":\">=\",\"thresholdValue\":\"1\",\"representation\":\"yellow\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"0\",\"representation\":\"lightBlue\",\"text\":\"{0}{1}\"},{\"operator\":\"Default\",\"text\":\"\"}],\"compositeBarSettings\":{\"labelText\":\"[\\\"ThreatLevel\\\"]\",\"columnSettings\":[{\"columnName\":\"ThreatLevel\",\"color\":\"orange\"},{\"columnName\":\"DestinationDnsDomain\",\"color\":\"blue\"}]}}},{\"columnMatch\":\"ThreatConfidence\",\"formatter\":8,\"formatOptions\":{\"min\":0,\"max\":100,\"palette\":\"purpleBlueGreen\",\"compositeBarSettings\":{\"labelText\":\"\"}}},{\"columnMatch\":\"LogSeverity\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"==\",\"thresholdValue\":\"0\",\"representation\":\"green\",\"text\":\"N/A\"},{\"operator\":\"==\",\"thresholdValue\":\"1\",\"representation\":\"blue\",\"text\":\"Low/Info\"},{\"operator\":\"==\",\"thresholdValue\":\"5\",\"representation\":\"orange\",\"text\":\"Medium\"},{\"operator\":\"==\",\"thresholdValue\":\"8\",\"representation\":\"red\",\"text\":\"High\"},{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}],\"compositeBarSettings\":{\"labelText\":\"\",\"columnSettings\":[{\"columnName\":\"LogSeverity\",\"color\":\"blue\"},{\"columnName\":\"DestinationDnsDomain\",\"color\":\"purple\"}]}}},{\"columnMatch\":\"Count\",\"formatter\":4,\"formatOptions\":{\"min\":0,\"palette\":\"blue\"}}],\"rowLimit\":500,\"filter\":true}},\"customWidth\":\"70\",\"conditionalVisibilities\":[{\"parameterName\":\"domain\",\"comparison\":\"isNotEqualTo\"},{\"parameterName\":\"LogTypeParam\",\"comparison\":\"isEqualTo\",\"value\":\"DNS\"}],\"showPin\":false,\"name\":\"Events for {domain} - Copy\"},{\"type\":1,\"content\":{\"json\":\"#### The time graph below utilizes Time Brushing. Click and drag between two points of the graph to view events for only that window of time. By not selecting any window you can also view all events for the TimeRange selected at the top of this workbook. \\r\\n\\r\\n---\",\"style\":\"info\"},\"conditionalVisibility\":{\"parameterName\":\"domain\",\"comparison\":\"isNotEqualTo\"},\"name\":\"text - 7\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange}\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| where DeviceEventClassID has_cs '{LogTypeParam}'\\r\\n| where '{domain}' == DestinationDnsDomain \\r\\n| summarize count() by SourceIP, DeviceName, SourceMACAddress, InfobloxB1SrcOSVersion\\r\\n| sort by count_ desc\",\"size\":2,\"title\":\"Devices Querying {domain}\",\"timeContext\":{\"durationMs\":86400000},\"timeContextFromParameter\":\"TimeRange\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"count_\",\"formatter\":3,\"formatOptions\":{\"palette\":\"greenRed\",\"compositeBarSettings\":{\"labelText\":\"\"},\"customColumnWidthSetting\":\"40%\"}}],\"rowLimit\":500,\"filter\":true,\"labelSettings\":[{\"columnId\":\"count_\",\"label\":\"Hits\"}]},\"tileSettings\":{\"showBorder\":false,\"titleContent\":{\"columnMatch\":\"DestinationDnsDomain\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"},\"numberFormat\":{\"unit\":17,\"options\":{\"maximumSignificantDigits\":3,\"maximumFractionDigits\":2}}}}},\"customWidth\":\"30\",\"conditionalVisibility\":{\"parameterName\":\"domain\",\"comparison\":\"isNotEqualTo\"},\"name\":\"Devices Querying {domain}\",\"styleSettings\":{\"margin\":\"0 10px 0 0\"}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let starttime = {TimeRange:start};\\r\\nlet endtime = {TimeRange:end};\\r\\nlet timeframe = 1h;\\r\\n// Finding Tops \\r\\nlet Top = materialize(InfobloxCDC\\r\\n| where TimeGenerated {TimeRange}\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| where DeviceEventClassID has_cs '{LogTypeParam}'\\r\\n| where '{domain}' == DestinationDnsDomain \\r\\n| where isnotempty(SourceIP)\\r\\n| summarize count() by SourceIP\\r\\n| top 15 by count_ \\r\\n| project SourceIP);\\r\\n// Filtering datasource to Tops and Plot Time chart\\r\\nInfobloxCDC\\r\\n| where TimeGenerated {TimeRange}\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| where DeviceEventClassID has_cs '{LogTypeParam}'\\r\\n| where '{domain}' == DestinationDnsDomain \\r\\n| where SourceIP in ((Top))\\r\\n| project TimeGenerated, SourceIP\\r\\n| make-series Total= count() default = 0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step {TimeRange:grain} by SourceIP\\r\\n\",\"size\":2,\"title\":\"Top Devices Querying {domain} by Time\",\"timeContext\":{\"durationMs\":86400000},\"timeContextFromParameter\":\"TimeRange\",\"timeBrushParameterName\":\"brush\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"barchart\",\"tileSettings\":{\"showBorder\":false,\"titleContent\":{\"columnMatch\":\"DestinationDnsDomain\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"},\"numberFormat\":{\"unit\":17,\"options\":{\"maximumSignificantDigits\":3,\"maximumFractionDigits\":2}}}},\"chartSettings\":{\"showLegend\":true}},\"customWidth\":\"70\",\"conditionalVisibility\":{\"parameterName\":\"domain\",\"comparison\":\"isNotEqualTo\"},\"name\":\"Top Devices Querying {domain} by Time\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Events for {domain} between {brush:label}\",\"items\":[{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and TimeGenerated {brush} \\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| where DeviceEventClassID has_cs '{LogTypeParam}'\\r\\n| where '{domain}' == DestinationDnsDomain \\r\\n| summarize count()\",\"size\":3,\"title\":\"Events Count\",\"timeContext\":{\"durationMs\":86400000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"}},\"showBorder\":false}},\"name\":\"Events Count\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and TimeGenerated {brush} \\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| where DeviceEventClassID has_cs 'RPZ'\\r\\n| where '{domain}' == DestinationDnsDomain \\r\\n| sort by TimeGenerated desc\\r\\n| project TimeGenerated, DeviceEventClassID, ThreatLevel, ThreatLevel_Score, ThreatConfidence, DestinationDnsDomain, InfobloxB1FeedName, ThreatClass, ThreatProperty, InfobloxB1PolicyAction, DeviceAction, InfobloxB1PolicyName, SourceIP, DeviceName, SourceMACAddress, SourceUserName, InfobloxB1SrcOSVersion, InfobloxB1ConnectionType, InfobloxB1Network, AdditionalExtensionsParsedNested\\r\\n\",\"size\":2,\"showAnalytics\":true,\"timeContext\":{\"durationMs\":86400000},\"timeContextFromParameter\":\"TimeRange\",\"showRefreshButton\":true,\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"ThreatLevel\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"==\",\"thresholdValue\":\"N/A\",\"representation\":\"gray\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Low\",\"representation\":\"yellow\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Info\",\"representation\":\"lightBlue\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Medium\",\"representation\":\"orange\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"High\",\"representation\":\"red\",\"text\":\"{0}{1}\"},{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"ThreatLevel_Score\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"is Empty\",\"representation\":\"gray\",\"text\":\"N/A\"},{\"operator\":\">=\",\"thresholdValue\":\"80\",\"representation\":\"red\",\"text\":\"{0}{1}\"},{\"operator\":\">=\",\"thresholdValue\":\"50\",\"representation\":\"orange\",\"text\":\"{0}{1}\"},{\"operator\":\">=\",\"thresholdValue\":\"1\",\"representation\":\"yellow\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"0\",\"representation\":\"lightBlue\",\"text\":\"{0}{1}\"},{\"operator\":\"Default\",\"text\":\"\"}],\"compositeBarSettings\":{\"labelText\":\"[\\\"ThreatLevel\\\"]\",\"columnSettings\":[{\"columnName\":\"ThreatLevel\",\"color\":\"orange\"},{\"columnName\":\"DestinationDnsDomain\",\"color\":\"blue\"}]}}},{\"columnMatch\":\"ThreatConfidence\",\"formatter\":8,\"formatOptions\":{\"min\":0,\"max\":100,\"palette\":\"purpleBlueGreen\",\"compositeBarSettings\":{\"labelText\":\"\"}}},{\"columnMatch\":\"LogSeverity\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"==\",\"thresholdValue\":\"0\",\"representation\":\"green\",\"text\":\"N/A\"},{\"operator\":\"==\",\"thresholdValue\":\"1\",\"representation\":\"blue\",\"text\":\"Low/Info\"},{\"operator\":\"==\",\"thresholdValue\":\"5\",\"representation\":\"orange\",\"text\":\"Medium\"},{\"operator\":\"==\",\"thresholdValue\":\"8\",\"representation\":\"red\",\"text\":\"High\"},{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}],\"compositeBarSettings\":{\"labelText\":\"\",\"columnSettings\":[{\"columnName\":\"LogSeverity\",\"color\":\"blue\"},{\"columnName\":\"DestinationDnsDomain\",\"color\":\"purple\"}]}}},{\"columnMatch\":\"Count\",\"formatter\":4,\"formatOptions\":{\"min\":0,\"palette\":\"blue\"}}],\"rowLimit\":500,\"filter\":true}},\"conditionalVisibility\":{\"parameterName\":\"LogTypeParam\",\"comparison\":\"isEqualTo\",\"value\":\"RPZ\"},\"showPin\":false,\"name\":\"Domain RPZ Events - grid\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and TimeGenerated {brush} \\r\\n| where DeviceEventClassID has_cs 'DNS'\\r\\n| where '{domain}' == DestinationDnsDomain \\r\\n| sort by TimeGenerated desc\\r\\n| project TimeGenerated, Activity, DestinationDnsDomain, SourceIP, DeviceName, SourceMACAddress, SourceUserName, InfobloxB1SrcOSVersion, InfobloxB1ConnectionType, InfobloxB1Network, InfobloxDNSQClass, InfobloxDNSQType, InfobloxDNSRCode, Protocol, AdditionalExtensionsParsedNested\\r\\n\",\"size\":2,\"showAnalytics\":true,\"timeContext\":{\"durationMs\":86400000},\"timeContextFromParameter\":\"TimeRange\",\"showRefreshButton\":true,\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"ThreatLevel\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"==\",\"thresholdValue\":\"N/A\",\"representation\":\"gray\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Low\",\"representation\":\"yellow\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Info\",\"representation\":\"lightBlue\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Medium\",\"representation\":\"orange\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"High\",\"representation\":\"red\",\"text\":\"{0}{1}\"},{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"ThreatLevel_Score\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"is Empty\",\"representation\":\"gray\",\"text\":\"N/A\"},{\"operator\":\">=\",\"thresholdValue\":\"80\",\"representation\":\"red\",\"text\":\"{0}{1}\"},{\"operator\":\">=\",\"thresholdValue\":\"50\",\"representation\":\"orange\",\"text\":\"{0}{1}\"},{\"operator\":\">=\",\"thresholdValue\":\"1\",\"representation\":\"yellow\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"0\",\"representation\":\"lightBlue\",\"text\":\"{0}{1}\"},{\"operator\":\"Default\",\"text\":\"\"}],\"compositeBarSettings\":{\"labelText\":\"[\\\"ThreatLevel\\\"]\",\"columnSettings\":[{\"columnName\":\"ThreatLevel\",\"color\":\"orange\"},{\"columnName\":\"DestinationDnsDomain\",\"color\":\"blue\"}]}}},{\"columnMatch\":\"ThreatConfidence\",\"formatter\":8,\"formatOptions\":{\"min\":0,\"max\":100,\"palette\":\"purpleBlueGreen\",\"compositeBarSettings\":{\"labelText\":\"\"}}},{\"columnMatch\":\"LogSeverity\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"==\",\"thresholdValue\":\"0\",\"representation\":\"green\",\"text\":\"N/A\"},{\"operator\":\"==\",\"thresholdValue\":\"1\",\"representation\":\"blue\",\"text\":\"Low/Info\"},{\"operator\":\"==\",\"thresholdValue\":\"5\",\"representation\":\"orange\",\"text\":\"Medium\"},{\"operator\":\"==\",\"thresholdValue\":\"8\",\"representation\":\"red\",\"text\":\"High\"},{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}],\"compositeBarSettings\":{\"labelText\":\"\",\"columnSettings\":[{\"columnName\":\"LogSeverity\",\"color\":\"blue\"},{\"columnName\":\"DestinationDnsDomain\",\"color\":\"purple\"}]}}},{\"columnMatch\":\"Count\",\"formatter\":4,\"formatOptions\":{\"min\":0,\"palette\":\"blue\"}}],\"rowLimit\":500,\"filter\":true}},\"conditionalVisibility\":{\"parameterName\":\"LogTypeParam\",\"comparison\":\"isEqualTo\",\"value\":\"DNS\"},\"showPin\":false,\"name\":\"Domain RPZ Events - grid - Copy\"}]},\"conditionalVisibility\":{\"parameterName\":\"domain\",\"comparison\":\"isNotEqualTo\"},\"name\":\"Events for {domain} between {brush:label}\"}]},\"conditionalVisibility\":{\"parameterName\":\"view\",\"comparison\":\"isEqualTo\",\"value\":\"Events by Domain\"},\"name\":\"Events by Domain\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"## BloxOne Threat Defense Security Overview\\r\\n---\\r\\n#### Top level insight into your BloxOne Threat Defense security data.\\r\\n\\r\\n\"},\"name\":\"text - 8\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"5b2e1804-a9a6-4b86-8a6e-27fd0ab029b5\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"ThreatLevelParam\",\"label\":\"Threat Level\",\"type\":2,\"isRequired\":true,\"multiSelect\":true,\"quote\":\"'\",\"delimiter\":\",\",\"value\":[\"value::all\"],\"typeSettings\":{\"additionalResourceOptions\":[\"value::all\"],\"selectAllValue\":\"All\",\"showDefault\":false},\"jsonData\":\"[\\r\\n    { \\\"value\\\":\\\"N/A\\\"},\\r\\n    { \\\"value\\\":\\\"Info\\\"},\\r\\n    { \\\"value\\\":\\\"Low\\\"},\\r\\n    { \\\"value\\\":\\\"Medium\\\"},\\r\\n    { \\\"value\\\":\\\"High\\\"}\\r\\n]\",\"timeContext\":{\"durationMs\":259200000},\"timeContextFromParameter\":\"TimeRange\",\"defaultValue\":\"value::all\"},{\"id\":\"1bc7a1f9-d3bd-4e0f-b5ae-4dc8ba8a1463\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"FeedParam\",\"label\":\"Feed\",\"type\":2,\"isRequired\":true,\"multiSelect\":true,\"quote\":\"\\\"\",\"delimiter\":\",\",\"query\":\"InfobloxCDC\\r\\n| where isnotempty(InfobloxB1FeedName)\\r\\n| summarize by InfobloxB1FeedName\\r\\n| order by InfobloxB1FeedName asc\",\"typeSettings\":{\"additionalResourceOptions\":[\"value::all\"],\"selectAllValue\":\"All\",\"showDefault\":false},\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"defaultValue\":\"value::all\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},{\"id\":\"1eedd218-57c0-43e3-a306-a716380b05e6\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"ThreatClassParam\",\"label\":\"Threat Class\",\"type\":2,\"isRequired\":true,\"multiSelect\":true,\"quote\":\"\\\"\",\"delimiter\":\",\",\"query\":\"InfobloxCDC\\r\\n| summarize by ThreatClass\\r\\n| order by ThreatClass asc\\r\\n| project value = ThreatClass, label = case(ThreatClass == \\\"\\\", \\\"N/A\\\", ThreatClass)\",\"value\":[\"value::all\"],\"typeSettings\":{\"additionalResourceOptions\":[\"value::all\"],\"selectAllValue\":\"All\",\"showDefault\":false},\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"defaultValue\":\"value::all\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},{\"version\":\"KqlParameterItem/1.0\",\"name\":\"ActionParam\",\"label\":\"Action\",\"type\":2,\"isRequired\":true,\"multiSelect\":true,\"quote\":\"'\",\"delimiter\":\",\",\"value\":[\"value::all\"],\"typeSettings\":{\"additionalResourceOptions\":[\"value::all\"],\"selectAllValue\":\"All\",\"showDefault\":false},\"jsonData\":\"[\\r\\n    { \\\"value\\\":\\\"NXDOMAIN\\\", \\\"label\\\": \\\"Block\\\"},\\r\\n    { \\\"value\\\":\\\"REDIRECT\\\", \\\"label\\\": \\\"Redirect\\\"},\\r\\n    { \\\"value\\\":\\\"PASSTHRU\\\", \\\"label\\\": \\\"Log\\\"}\\r\\n]\",\"timeContext\":{\"durationMs\":259200000},\"timeContextFromParameter\":\"TimeRange\",\"defaultValue\":\"value::all\",\"id\":\"e36bc3c2-b85e-478c-968b-7faf79c21c49\"}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"parameters - 6 - Copy - Copy\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"RPZ\\\"\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| summarize dcount(SourceIP)\",\"size\":3,\"title\":\"Unique Impacted Devices\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"gridSettings\":{\"rowLimit\":200,\"sortBy\":[{\"itemKey\":\"InfobloxThreatLevel\",\"sortOrder\":1}]},\"sortBy\":[{\"itemKey\":\"InfobloxThreatLevel\",\"sortOrder\":1}],\"tileSettings\":{\"titleContent\":{\"formatter\":1},\"leftContent\":{\"columnMatch\":\"dcount_SourceIP\",\"formatter\":12,\"formatOptions\":{\"palette\":\"orangeBlue\"}},\"showBorder\":false}},\"customWidth\":\"33\",\"name\":\"Unique Impacted Devices\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"RPZ\\\"\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1ConnectionType == \\\"remote_client\\\"\\r\\n| summarize dcount(SourceIP)\",\"size\":3,\"title\":\"Unique Impacted B1 Endpoints\",\"color\":\"orange\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"formatter\":1},\"leftContent\":{\"columnMatch\":\"dcount_SourceIP\",\"formatter\":12,\"formatOptions\":{\"min\":-1,\"palette\":\"pink\"}},\"showBorder\":false}},\"customWidth\":\"33\",\"name\":\"Unique Impacted B1 Endpoints\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"RPZ\\\"\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| summarize dcount(DestinationDnsDomain)\",\"size\":3,\"title\":\"Unique Threat Indicators\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"gridSettings\":{\"rowLimit\":200,\"sortBy\":[{\"itemKey\":\"InfobloxThreatLevel\",\"sortOrder\":1}]},\"sortBy\":[{\"itemKey\":\"InfobloxThreatLevel\",\"sortOrder\":1}],\"tileSettings\":{\"titleContent\":{\"formatter\":1},\"leftContent\":{\"columnMatch\":\"dcount_DestinationDnsDomain\",\"formatter\":12,\"formatOptions\":{\"min\":-1,\"palette\":\"magenta\"}},\"showBorder\":false}},\"customWidth\":\"33\",\"name\":\"Unique Threat Indicators\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"RPZ\\\"\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| summarize dcount(ThreatClass)\",\"size\":3,\"title\":\"Unique Threat Classes\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"gridSettings\":{\"rowLimit\":200,\"sortBy\":[{\"itemKey\":\"InfobloxThreatLevel\",\"sortOrder\":1}]},\"sortBy\":[{\"itemKey\":\"InfobloxThreatLevel\",\"sortOrder\":1}],\"tileSettings\":{\"titleContent\":{\"formatter\":1},\"leftContent\":{\"columnMatch\":\"dcount_ThreatClass\",\"formatter\":12,\"formatOptions\":{\"min\":-1,\"palette\":\"greenDark\"}},\"showBorder\":false}},\"customWidth\":\"33\",\"name\":\"Unique Threat Classes\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"RPZ\\\"\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n//| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| summarize count()\",\"size\":3,\"title\":\"Total Security Hits (All Actions)\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"gridSettings\":{\"rowLimit\":200,\"sortBy\":[{\"itemKey\":\"InfobloxThreatLevel\",\"sortOrder\":1}]},\"sortBy\":[{\"itemKey\":\"InfobloxThreatLevel\",\"sortOrder\":1}],\"tileSettings\":{\"titleContent\":{\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"}},\"showBorder\":false}},\"customWidth\":\"33\",\"name\":\"Total Security Hits (All Actions)\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"RPZ\\\"\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1PolicyAction == \\\"Log\\\" or SimplifiedDeviceAction == \\\"PASSTHRU\\\"\\r\\n| summarize count()\",\"size\":3,\"title\":\"Total Allowed + Logged Hits (PASSTHRU)\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"gridSettings\":{\"rowLimit\":200,\"sortBy\":[{\"itemKey\":\"InfobloxThreatLevel\",\"sortOrder\":1}]},\"sortBy\":[{\"itemKey\":\"InfobloxThreatLevel\",\"sortOrder\":1}],\"tileSettings\":{\"titleContent\":{\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"min\":-1,\"palette\":\"green\"}},\"showBorder\":false}},\"customWidth\":\"33\",\"name\":\"Total Allowed + Logged Hits (PASSTHRU)\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"RPZ\\\"\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1PolicyAction == \\\"Block\\\" or SimplifiedDeviceAction == \\\"NXDOMAIN\\\"\\r\\n| summarize count()\",\"size\":3,\"title\":\"Total Blocked Hits (NXDOMAIN)\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"gridSettings\":{\"rowLimit\":200,\"sortBy\":[{\"itemKey\":\"InfobloxThreatLevel\",\"sortOrder\":1}]},\"sortBy\":[{\"itemKey\":\"InfobloxThreatLevel\",\"sortOrder\":1}],\"tileSettings\":{\"titleContent\":{\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"min\":-1,\"palette\":\"redBright\"}},\"showBorder\":false}},\"customWidth\":\"33\",\"name\":\"Total Blocked Hits (NXDOMAIN)\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"RPZ\\\"\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1PolicyAction == \\\"Redirect\\\" or SimplifiedDeviceAction == \\\"REDIRECT\\\"\\r\\n| summarize count()\",\"size\":3,\"title\":\"Total Redirects (REDIRECT)\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"gridSettings\":{\"rowLimit\":200,\"sortBy\":[{\"itemKey\":\"InfobloxThreatLevel\",\"sortOrder\":1}]},\"sortBy\":[{\"itemKey\":\"InfobloxThreatLevel\",\"sortOrder\":1}],\"tileSettings\":{\"titleContent\":{\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"min\":-1,\"palette\":\"red\"}},\"showBorder\":false}},\"customWidth\":\"33\",\"name\":\"Total Redirects (REDIRECT)\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"RPZ\\\"\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1PolicyAction == \\\"Log\\\" or SimplifiedDeviceAction == \\\"PASSTHRU\\\"\\r\\n| where ThreatLevel == \\\"High\\\"\\r\\n| summarize count()\",\"size\":3,\"title\":\"Total High Threat Level Hits Not Blocked\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"gridSettings\":{\"rowLimit\":200,\"sortBy\":[{\"itemKey\":\"InfobloxThreatLevel\",\"sortOrder\":1}]},\"sortBy\":[{\"itemKey\":\"InfobloxThreatLevel\",\"sortOrder\":1}],\"tileSettings\":{\"titleContent\":{\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"min\":0,\"palette\":\"redBright\"}},\"showBorder\":false}},\"customWidth\":\"33\",\"name\":\"Total High Threat Level Hits Not Blocked\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"RPZ\\\"\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName !has_cs \\\"CAT_\\\" and InfobloxRPZ !has_cs \\\"CAT_\\\" and InfobloxB1FeedName !has_cs \\\"APP_\\\" and InfobloxRPZ !has_cs \\\"APP_\\\"\\r\\n| summarize count()\",\"size\":3,\"title\":\"Total Non-Filter Hits\",\"color\":\"orange\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"palette\":\"coldHot\"}},\"showBorder\":false}},\"customWidth\":\"33\",\"name\":\"Total Non-Filter Hits\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"RPZ\\\"\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName has_cs \\\"CAT_\\\" or InfobloxRPZ has_cs \\\"CAT_\\\"\\r\\n| summarize count()\",\"size\":3,\"title\":\"Total Category Filter Hits\",\"color\":\"orange\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"palette\":\"yellowGreenBlue\"}},\"showBorder\":false}},\"customWidth\":\"33\",\"name\":\"Total Category Filter Hits\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"RPZ\\\"\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName has_cs \\\"APP_\\\" or InfobloxRPZ has_cs \\\"APP_\\\"\\r\\n| summarize count()\",\"size\":3,\"title\":\"Total Application Filter Hits\",\"color\":\"orange\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"min\":-1,\"palette\":\"yellow\"}},\"showBorder\":false}},\"customWidth\":\"33\",\"name\":\"Total Application Filter Hits\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"RPZ\\\"\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1ConnectionType == \\\"remote_client\\\"\\r\\n| summarize count()\",\"size\":3,\"title\":\"Total Hits via B1 Endpoints\",\"color\":\"orange\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"min\":-1,\"palette\":\"orangeRed\"}},\"showBorder\":false}},\"customWidth\":\"33\",\"name\":\"Total Hits via B1 Endpoints\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"RPZ\\\"\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1ConnectionType == \\\"nios\\\"\\r\\n| summarize count()\",\"size\":3,\"title\":\"Total Hits via NIOS\",\"color\":\"orange\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"min\":-1,\"palette\":\"blue\"}},\"showBorder\":false}},\"customWidth\":\"33\",\"name\":\"Total Hits via NIOS\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"RPZ\\\"\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1ConnectionType == \\\"dfp\\\"\\r\\n| summarize count()\",\"size\":3,\"title\":\"Total Hits via DFP\",\"color\":\"orange\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"min\":-1,\"palette\":\"orange\"}},\"showBorder\":false}},\"customWidth\":\"33\",\"name\":\"Total Hits via DFP\"}]},\"customWidth\":\"40\",\"name\":\"Totals\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"RPZ\\\"\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| make-series Hits = count() default = 0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step {TimeRange:grain}\",\"size\":3,\"title\":\"Security Hits over Time\",\"color\":\"orange\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"areachart\"},\"customWidth\":\"60\",\"name\":\"Security Hits over Time\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"RPZ\\\"\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| summarize count() by DestinationDnsDomain\\r\\n| top 50 by count_ desc\",\"size\":2,\"title\":\"Top Indicators\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"gridSettings\":{\"filter\":true},\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"DestinationDnsDomain\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"}},\"showBorder\":false},\"chartSettings\":{\"createOtherGroup\":0}},\"customWidth\":\"65\",\"name\":\"Top Indicators\",\"styleSettings\":{\"margin\":\"0px 10px 0px 0px\"}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"RPZ\\\"\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| summarize count() by SourceIP\\r\\n| top 20 by count_ desc\",\"size\":3,\"title\":\"Top Impacted IPs\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"barchart\",\"chartSettings\":{\"createOtherGroup\":0}},\"customWidth\":\"35\",\"name\":\"Top Impacted IPs\"},{\"type\":1,\"content\":{\"json\":\"---\\r\\n## Threat Level\"},\"name\":\"text - 8\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"datatable (Count:long, ThreatLevel:string, ThreatLevel_count:long) [0,\\\"N/A\\\",1, 0,\\\"Info\\\",2, 0,\\\"Low\\\",3, 0,\\\"Medium\\\",4, 0,\\\"High\\\",5]\\r\\n|union\\r\\n(\\r\\nInfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"RPZ\\\"\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| extend ThreatLevel_count = case(ThreatLevel == \\\"High\\\", 5, ThreatLevel==\\\"Medium\\\", 4, ThreatLevel==\\\"Low\\\", 3, ThreatLevel==\\\"Info\\\", 2, 1)\\r\\n| summarize Count = count() by ThreatLevel, ThreatLevel_count\\r\\n)\\r\\n| summarize Count=sum(Count) by ThreatLevel, ThreatLevel_count\\r\\n| sort by ThreatLevel_count asc\",\"size\":0,\"title\":\"Hit Count by Threat Level\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"graph\",\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"ThreatLevel\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"==\",\"thresholdValue\":\"High\",\"representation\":\"red\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Medium\",\"representation\":\"orange\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Low\",\"representation\":\"yellow\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Info\",\"representation\":\"lightBlue\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"N/A\",\"representation\":\"gray\",\"text\":\"{0}{1}\"},{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}]}},\"leftContent\":{\"columnMatch\":\"Count\",\"formatter\":12,\"formatOptions\":{\"palette\":\"yellowOrangeRed\"},\"numberFormat\":{\"unit\":17,\"options\":{\"style\":\"decimal\",\"useGrouping\":false,\"maximumFractionDigits\":2,\"maximumSignificantDigits\":3}}},\"showBorder\":false,\"sortCriteriaField\":\"status_count\",\"sortOrderField\":1,\"size\":\"auto\"},\"graphSettings\":{\"type\":2,\"topContent\":{\"columnMatch\":\"ThreatLevel\",\"formatter\":1},\"centerContent\":{\"columnMatch\":\"Count\",\"formatter\":1,\"numberFormat\":{\"unit\":17,\"options\":{\"style\":\"decimal\",\"useGrouping\":false,\"maximumFractionDigits\":2,\"maximumSignificantDigits\":3}}},\"nodeIdField\":\"Count\",\"graphOrientation\":3,\"showOrientationToggles\":false,\"staticNodeSize\":100,\"colorSettings\":{\"nodeColorField\":\"ThreatLevel\",\"type\":3,\"thresholdsGrid\":[{\"operator\":\"==\",\"thresholdValue\":\"N/A\",\"representation\":\"gray\"},{\"operator\":\"==\",\"thresholdValue\":\"Info\",\"representation\":\"lightBlue\"},{\"operator\":\"==\",\"thresholdValue\":\"Low\",\"representation\":\"yellow\"},{\"operator\":\"==\",\"thresholdValue\":\"Medium\",\"representation\":\"orange\"},{\"operator\":\"==\",\"thresholdValue\":\"High\",\"representation\":\"red\"},{\"operator\":\"Default\",\"representation\":\"gray\"}]},\"hivesMargin\":5}},\"customWidth\":\"30\",\"name\":\"Hit Count by Threat Level\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"RPZ\\\"\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| make-series Trend = count() default = 0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step {TimeRange:grain} by ThreatLevel\",\"size\":0,\"title\":\"Threat Level Trend\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"timechart\",\"chartSettings\":{\"showLegend\":true,\"seriesLabelSettings\":[{\"seriesName\":\"High\",\"color\":\"red\"},{\"seriesName\":\"N/A\",\"color\":\"gray\"},{\"seriesName\":\"Low\",\"color\":\"yellow\"},{\"seriesName\":\"Medium\",\"color\":\"orange\"},{\"seriesName\":\"Info\",\"color\":\"lightBlue\"}]}},\"customWidth\":\"70\",\"name\":\"Threat Level Trend\"},{\"type\":1,\"content\":{\"json\":\"---\\r\\n## Feed\"},\"name\":\"text - 8 - Copy\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"RPZ\\\"\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| extend InfobloxB1FeedName = case(InfobloxB1FeedName == \\\"\\\", InfobloxRPZ, InfobloxB1FeedName)\\r\\n\\r\\n//| summarize c = count() by InfobloxB1FeedName\\r\\n//| summarize c = sum(c) by InfobloxB1FeedName = tolower(InfobloxB1FeedName)\\r\\n\\r\\n| summarize count() by InfobloxB1FeedName\\r\\n| order by count_ desc\",\"size\":0,\"title\":\"Hit Count by Feed\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"InfobloxB1FeedName\",\"formatter\":0,\"formatOptions\":{\"customColumnWidthSetting\":\"50%\"}},{\"columnMatch\":\"count_\",\"formatter\":3,\"formatOptions\":{\"palette\":\"greenRed\",\"compositeBarSettings\":{\"labelText\":\"\"},\"customColumnWidthSetting\":\"50%\"}},{\"columnMatch\":\"Feed\",\"formatter\":0,\"formatOptions\":{\"customColumnWidthSetting\":\"50%\"}}],\"rowLimit\":500,\"filter\":true,\"labelSettings\":[{\"columnId\":\"count_\",\"label\":\"Hits\"}]},\"tileSettings\":{\"showBorder\":false,\"titleContent\":{\"columnMatch\":\"DestinationDnsDomain\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"},\"numberFormat\":{\"unit\":17,\"options\":{\"maximumSignificantDigits\":3,\"maximumFractionDigits\":2}}}}},\"customWidth\":\"30\",\"name\":\"Hit Count by Feed\",\"styleSettings\":{\"margin\":\"0 10px 0 0\"}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let starttime = {TimeRange:start};\\r\\nlet endtime = {TimeRange:end};\\r\\n// Finding Tops \\r\\nlet Top = materialize(InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"RPZ\\\"\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| extend InfobloxB1FeedName = case(InfobloxB1FeedName == \\\"\\\", InfobloxRPZ, InfobloxB1FeedName)\\r\\n| summarize count() by InfobloxB1FeedName\\r\\n| top 10 by count_ \\r\\n| project InfobloxB1FeedName);\\r\\n// Filtering datasource to Tops and Plot Time chart\\r\\nInfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"RPZ\\\"\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| extend InfobloxB1FeedName = case(InfobloxB1FeedName == \\\"\\\", InfobloxRPZ, InfobloxB1FeedName)\\r\\n| where InfobloxB1FeedName in ((Top))\\r\\n| project TimeGenerated, InfobloxB1FeedName\\r\\n| make-series Total= count() default = 0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step {TimeRange:grain} by InfobloxB1FeedName\",\"size\":0,\"title\":\"Feed Trend\",\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"barchart\",\"chartSettings\":{\"showLegend\":true,\"seriesLabelSettings\":[{\"seriesName\":\"0\",\"label\":\"N/A\",\"color\":\"green\"},{\"seriesName\":\"1\",\"label\":\"Low/Info\",\"color\":\"blue\"},{\"seriesName\":\"8\",\"label\":\"High\",\"color\":\"red\"},{\"seriesName\":\"5\",\"label\":\"Medium\",\"color\":\"orange\"}]}},\"customWidth\":\"70\",\"name\":\"Feed Trend\",\"styleSettings\":{\"margin\":\"0px\"}},{\"type\":1,\"content\":{\"json\":\"---\\r\\n## Class\"},\"name\":\"text - 8 - Copy - Copy - Copy\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"RPZ\\\"\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| extend ThreatClass = case(ThreatClass == \\\"\\\", \\\"N/A\\\", ThreatClass)\\r\\n| summarize count() by ThreatClass\\r\\n| order by count_ desc\\r\\n\\r\\n\\r\\n\",\"size\":0,\"title\":\"Hit Count by Class\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"count_\",\"formatter\":3,\"formatOptions\":{\"palette\":\"greenRed\",\"compositeBarSettings\":{\"labelText\":\"\"},\"customColumnWidthSetting\":\"50%\"}},{\"columnMatch\":\"Feed\",\"formatter\":0,\"formatOptions\":{\"customColumnWidthSetting\":\"50%\"}}],\"rowLimit\":500,\"filter\":true,\"labelSettings\":[{\"columnId\":\"count_\",\"label\":\"Hits\"}]},\"tileSettings\":{\"showBorder\":false,\"titleContent\":{\"columnMatch\":\"DestinationDnsDomain\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"},\"numberFormat\":{\"unit\":17,\"options\":{\"maximumSignificantDigits\":3,\"maximumFractionDigits\":2}}}}},\"customWidth\":\"30\",\"name\":\"Hit Count by Class\",\"styleSettings\":{\"margin\":\"0 10px 0 0\"}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let starttime = {TimeRange:start};\\r\\nlet endtime = {TimeRange:end};\\r\\n// Finding Tops \\r\\nlet Top = materialize(InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"RPZ\\\"\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| extend ThreatClass = case(ThreatClass == \\\"\\\", \\\"N/A\\\", ThreatClass)\\r\\n| summarize count() by ThreatClass\\r\\n| top 10 by count_ \\r\\n| project ThreatClass);\\r\\n// Filtering datasource to Tops and Plot Time chart\\r\\nInfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"RPZ\\\"\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| extend ThreatClass = case(ThreatClass == \\\"\\\", \\\"N/A\\\", ThreatClass)\\r\\n| where ThreatClass in ((Top))\\r\\n| project TimeGenerated, ThreatClass\\r\\n| make-series Total= count() default = 0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step {TimeRange:grain} by ThreatClass\",\"size\":0,\"title\":\"Class Trend\",\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"barchart\",\"chartSettings\":{\"showLegend\":true}},\"customWidth\":\"70\",\"name\":\"Class Trend\",\"styleSettings\":{\"margin\":\"0px\"}},{\"type\":1,\"content\":{\"json\":\"---\\r\\n## Action\"},\"name\":\"text - 8 - Copy - Copy\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"RPZ\\\"\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| summarize count() by SimplifiedDeviceAction\\r\\n| top 10 by count_ desc\",\"size\":0,\"title\":\"Hit Count By Action\",\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"piechart\",\"chartSettings\":{\"seriesLabelSettings\":[{\"seriesName\":\"REDIRECT\",\"label\":\"Redirect\",\"color\":\"orange\"},{\"seriesName\":\"NXDOMAIN\",\"label\":\"Block\",\"color\":\"redBright\"},{\"seriesName\":\"PASSTHRU\",\"label\":\"Log\",\"color\":\"green\"},{\"seriesName\":\"\",\"label\":\"Unknown\",\"color\":\"turquoise\"}]}},\"customWidth\":\"30\",\"name\":\"Hit Count By Action\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"RPZ\\\"\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| make-series Trend = count() default = 0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step {TimeRange:grain} by SimplifiedDeviceAction\",\"size\":0,\"title\":\"Action Trend\",\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"timechart\",\"chartSettings\":{\"showLegend\":true,\"seriesLabelSettings\":[{\"seriesName\":\"REDIRECT\",\"label\":\"Redirect\",\"color\":\"orange\"},{\"seriesName\":\"NXDOMAIN\",\"label\":\"Block\",\"color\":\"redBright\"},{\"seriesName\":\"PASSTHRU\",\"label\":\"Log\",\"color\":\"green\"},{\"seriesName\":\"<empty>\",\"label\":\"Unknown\",\"color\":\"turquoise\"}]}},\"customWidth\":\"70\",\"name\":\"Action Trend\",\"styleSettings\":{\"margin\":\"0px\"}},{\"type\":1,\"content\":{\"json\":\"---\\r\\n## Events\"},\"name\":\"text - 8 - Copy - Copy - Copy\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"RPZ\\\"\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| sort by TimeGenerated desc\\r\\n| project TimeGenerated, DeviceEventClassID, ThreatLevel, ThreatLevel_Score, ThreatConfidence, DestinationDnsDomain, InfobloxB1FeedName, ThreatClass, ThreatProperty, InfobloxB1PolicyAction, DeviceAction, InfobloxB1PolicyName, SourceIP, DeviceName, SourceMACAddress, SourceUserName, InfobloxB1SrcOSVersion, InfobloxB1ConnectionType, InfobloxB1Network, AdditionalExtensionsParsedNested\\r\\n\",\"size\":2,\"showAnalytics\":true,\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"showRefreshButton\":true,\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"ThreatLevel\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"==\",\"thresholdValue\":\"N/A\",\"representation\":\"gray\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Low\",\"representation\":\"yellow\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Info\",\"representation\":\"lightBlue\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Medium\",\"representation\":\"orange\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"High\",\"representation\":\"red\",\"text\":\"{0}{1}\"},{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"ThreatLevel_Score\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"is Empty\",\"representation\":\"gray\",\"text\":\"N/A\"},{\"operator\":\">=\",\"thresholdValue\":\"80\",\"representation\":\"red\",\"text\":\"{0}{1}\"},{\"operator\":\">=\",\"thresholdValue\":\"30\",\"representation\":\"orange\",\"text\":\"{0}{1}\"},{\"operator\":\">=\",\"thresholdValue\":\"1\",\"representation\":\"yellow\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"0\",\"representation\":\"lightBlue\",\"text\":\"{0}{1}\"},{\"operator\":\"Default\",\"text\":\"\"}],\"compositeBarSettings\":{\"labelText\":\"[\\\"ThreatLevel\\\"]\",\"columnSettings\":[{\"columnName\":\"ThreatLevel\",\"color\":\"orange\"},{\"columnName\":\"DestinationDnsDomain\",\"color\":\"blue\"}]}}},{\"columnMatch\":\"ThreatConfidence\",\"formatter\":8,\"formatOptions\":{\"min\":0,\"max\":100,\"palette\":\"purpleBlueGreen\",\"compositeBarSettings\":{\"labelText\":\"\"}}},{\"columnMatch\":\"LogSeverity\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"==\",\"thresholdValue\":\"0\",\"representation\":\"green\",\"text\":\"N/A\"},{\"operator\":\"==\",\"thresholdValue\":\"1\",\"representation\":\"blue\",\"text\":\"Low/Info\"},{\"operator\":\"==\",\"thresholdValue\":\"5\",\"representation\":\"orange\",\"text\":\"Medium\"},{\"operator\":\"==\",\"thresholdValue\":\"8\",\"representation\":\"red\",\"text\":\"High\"},{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}],\"compositeBarSettings\":{\"labelText\":\"\",\"columnSettings\":[{\"columnName\":\"LogSeverity\",\"color\":\"blue\"},{\"columnName\":\"DestinationDnsDomain\",\"color\":\"purple\"}]}}},{\"columnMatch\":\"Count\",\"formatter\":4,\"formatOptions\":{\"min\":0,\"palette\":\"blue\"}}],\"rowLimit\":5000,\"filter\":true,\"sortBy\":[{\"itemKey\":\"InfobloxB1FeedName\",\"sortOrder\":1}]},\"sortBy\":[{\"itemKey\":\"InfobloxB1FeedName\",\"sortOrder\":1}]},\"showPin\":false,\"name\":\"RPZ Events\"}]},\"conditionalVisibility\":{\"parameterName\":\"view\",\"comparison\":\"isEqualTo\",\"value\":\"Security Overview\"},\"name\":\"Overview\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"## BloxOne DNS Query/Response & DHCP Leases Overview\\r\\n---\\r\\n#### Top level insight into your BloxOne DNS Query/Response and DHCP Lease data.\\r\\n\\r\\n\"},\"name\":\"text - 8\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"DNS\\\"\\r\\n| summarize dcount(SourceIP)\",\"size\":3,\"title\":\"Unique Devices\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"gridSettings\":{\"rowLimit\":200,\"sortBy\":[{\"itemKey\":\"InfobloxThreatLevel\",\"sortOrder\":1}]},\"sortBy\":[{\"itemKey\":\"InfobloxThreatLevel\",\"sortOrder\":1}],\"tileSettings\":{\"titleContent\":{\"formatter\":1},\"leftContent\":{\"columnMatch\":\"dcount_SourceIP\",\"formatter\":12,\"formatOptions\":{\"palette\":\"orangeBlue\"}},\"showBorder\":false}},\"customWidth\":\"33\",\"name\":\"Unique Devices\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"DNS\\\"\\r\\n| where InfobloxB1ConnectionType == \\\"remote_client\\\"\\r\\n| summarize dcount(SourceIP)\",\"size\":3,\"title\":\"Unique B1 Endpoints\",\"color\":\"orange\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"formatter\":1},\"leftContent\":{\"columnMatch\":\"dcount_SourceIP\",\"formatter\":12,\"formatOptions\":{\"min\":-1,\"palette\":\"pink\"}},\"showBorder\":false}},\"customWidth\":\"33\",\"name\":\"Unique B1 Endpoints\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"DNS\\\"\\r\\n| summarize dcount(DestinationDnsDomain)\",\"size\":3,\"title\":\"Unique Queries (Domains)\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"gridSettings\":{\"rowLimit\":200,\"sortBy\":[{\"itemKey\":\"InfobloxThreatLevel\",\"sortOrder\":1}]},\"sortBy\":[{\"itemKey\":\"InfobloxThreatLevel\",\"sortOrder\":1}],\"tileSettings\":{\"titleContent\":{\"formatter\":1},\"leftContent\":{\"columnMatch\":\"dcount_DestinationDnsDomain\",\"formatter\":12,\"formatOptions\":{\"min\":-1,\"palette\":\"magenta\"}},\"showBorder\":false}},\"customWidth\":\"33\",\"name\":\"Unique Queries (Domains)\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"DNS\\\"\\r\\n| summarize count()\",\"size\":3,\"title\":\"Total Queries\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"gridSettings\":{\"rowLimit\":200,\"sortBy\":[{\"itemKey\":\"InfobloxThreatLevel\",\"sortOrder\":1}]},\"sortBy\":[{\"itemKey\":\"InfobloxThreatLevel\",\"sortOrder\":1}],\"tileSettings\":{\"titleContent\":{\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"}},\"showBorder\":false}},\"customWidth\":\"33\",\"name\":\"Total Queries\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"DNS\\\"\\r\\n| where InfobloxB1ConnectionType == \\\"remote_client\\\"\\r\\n| summarize count()\",\"size\":3,\"title\":\"Total Queries via B1 Endpoints\",\"color\":\"orange\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"min\":-1,\"palette\":\"orangeRed\"}},\"showBorder\":false}},\"customWidth\":\"33\",\"name\":\"Total Queries via B1 Endpoints\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"DNS\\\"\\r\\n| where InfobloxB1ConnectionType == \\\"nios\\\"\\r\\n| summarize count()\",\"size\":3,\"title\":\"Total Queries via NIOS\",\"color\":\"orange\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"min\":-1,\"palette\":\"blue\"}},\"showBorder\":false}},\"customWidth\":\"33\",\"name\":\"Total Queries via NIOS\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"DNS\\\"\\r\\n| where InfobloxB1ConnectionType == \\\"dfp\\\"\\r\\n| summarize count()\",\"size\":3,\"title\":\"Total Queries via DFP\",\"color\":\"orange\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"min\":-1,\"palette\":\"orange\"}},\"showBorder\":false}},\"customWidth\":\"33\",\"name\":\"Total Queries via DFP\"}]},\"customWidth\":\"40\",\"name\":\"Totals\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"DNS\\\"\\r\\n| make-series Hits = count() default = 0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step {TimeRange:grain} by InfobloxDNSRCode\",\"size\":0,\"title\":\"DNS Queries over Time\",\"color\":\"orange\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"linechart\",\"chartSettings\":{\"showLegend\":true}},\"customWidth\":\"60\",\"name\":\"DNS Queries over Time - Copy\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID == \\\"DHCP-LEASE-CREATE\\\"\\r\\n| summarize count()\",\"size\":3,\"title\":\"New DHCP Leases\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"gridSettings\":{\"rowLimit\":200,\"sortBy\":[{\"itemKey\":\"InfobloxThreatLevel\",\"sortOrder\":1}]},\"sortBy\":[{\"itemKey\":\"InfobloxThreatLevel\",\"sortOrder\":1}],\"tileSettings\":{\"titleContent\":{\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"palette\":\"orangeBlue\"}},\"showBorder\":false}},\"customWidth\":\"33\",\"name\":\"New DHCP Leases\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID == \\\"DHCP-LEASE-CREATE\\\"\\r\\n| summarize dcount(SourceIP)\",\"size\":3,\"title\":\"New DHCP Leases (Unique IPs)\",\"color\":\"orange\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"formatter\":1},\"leftContent\":{\"columnMatch\":\"dcount_SourceIP\",\"formatter\":12,\"formatOptions\":{\"min\":-1,\"palette\":\"pink\"}},\"showBorder\":false,\"size\":\"full\"}},\"customWidth\":\"33\",\"name\":\"New DHCP Leases (Unique IPs)\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID == \\\"DHCP-LEASE-UPDATE\\\"\\r\\n| summarize count()\",\"size\":3,\"title\":\"Updated DHCP Leases \",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"gridSettings\":{\"rowLimit\":200,\"sortBy\":[{\"itemKey\":\"InfobloxThreatLevel\",\"sortOrder\":1}]},\"sortBy\":[{\"itemKey\":\"InfobloxThreatLevel\",\"sortOrder\":1}],\"tileSettings\":{\"titleContent\":{\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"min\":-1,\"palette\":\"greenDark\"}},\"showBorder\":false}},\"customWidth\":\"33\",\"name\":\"Updated DHCP Leases \"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID == \\\"DHCP-LEASE-UPDATE\\\"\\r\\n| summarize dcount(SourceIP)\",\"size\":3,\"title\":\"Updated DHCP Leases (Unique IPs)\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"gridSettings\":{\"rowLimit\":200,\"sortBy\":[{\"itemKey\":\"InfobloxThreatLevel\",\"sortOrder\":1}]},\"sortBy\":[{\"itemKey\":\"InfobloxThreatLevel\",\"sortOrder\":1}],\"tileSettings\":{\"titleContent\":{\"formatter\":1},\"leftContent\":{\"columnMatch\":\"dcount_SourceIP\",\"formatter\":12,\"formatOptions\":{\"min\":-1,\"palette\":\"magenta\"}},\"showBorder\":false}},\"customWidth\":\"33\",\"name\":\"Updated DHCP Leases (Unique IPs)\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID == \\\"DHCP-LEASE-DELETE\\\"\\r\\n| summarize count()\",\"size\":3,\"title\":\"Released DHCP Leases\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"gridSettings\":{\"rowLimit\":200,\"sortBy\":[{\"itemKey\":\"InfobloxThreatLevel\",\"sortOrder\":1}]},\"sortBy\":[{\"itemKey\":\"InfobloxThreatLevel\",\"sortOrder\":1}],\"tileSettings\":{\"titleContent\":{\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"}},\"showBorder\":false}},\"customWidth\":\"33\",\"name\":\"Released DHCP Leases\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID == \\\"DHCP-LEASE-DELETE\\\"\\r\\n| summarize dcount(SourceIP)\",\"size\":3,\"title\":\"Released DHCP Leases (Unique IPs)\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"gridSettings\":{\"rowLimit\":200,\"sortBy\":[{\"itemKey\":\"InfobloxThreatLevel\",\"sortOrder\":1}]},\"sortBy\":[{\"itemKey\":\"InfobloxThreatLevel\",\"sortOrder\":1}],\"tileSettings\":{\"titleContent\":{\"formatter\":1},\"leftContent\":{\"columnMatch\":\"dcount_SourceIP\",\"formatter\":12,\"formatOptions\":{\"min\":-1,\"palette\":\"green\"}},\"showBorder\":false}},\"customWidth\":\"33\",\"name\":\"Released DHCP Leases (Unique IPs)\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"DHCP\\\"\\r\\n| summarize avg(toint(column_ifexists(\\\"InfobloxLifetime\\\", \\\"\\\")))\",\"size\":3,\"title\":\"Average Lease Lifespan (seconds)\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"gridSettings\":{\"rowLimit\":200,\"sortBy\":[{\"itemKey\":\"InfobloxThreatLevel\",\"sortOrder\":1}]},\"sortBy\":[{\"itemKey\":\"InfobloxThreatLevel\",\"sortOrder\":1}],\"tileSettings\":{\"titleContent\":{\"formatter\":1},\"leftContent\":{\"columnMatch\":\"avg_InfobloxLifetime\",\"formatter\":12,\"formatOptions\":{\"min\":-1,\"palette\":\"redBright\"}},\"showBorder\":false}},\"customWidth\":\"33\",\"name\":\"Average Lease Lifespan (seconds)\"}]},\"customWidth\":\"40\",\"name\":\"Totals - Copy\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"DHCP\\\"\\r\\n| make-series Hits = count() default = 0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step {TimeRange:grain} by InfobloxLeaseOp\",\"size\":0,\"title\":\"DHCP Leases over Time\",\"color\":\"magenta\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"linechart\",\"chartSettings\":{\"showLegend\":true}},\"customWidth\":\"60\",\"name\":\"DHCP Leases over Time\"},{\"type\":1,\"content\":{\"json\":\"---\\r\\n## DNS Events\"},\"name\":\"text - 8 - Copy - Copy - Copy\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"DNS\\\"\\r\\n| summarize count() by DestinationDnsDomain\\r\\n| order by count_ desc\",\"size\":2,\"title\":\"Top Requested Domains\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"InfobloxB1FeedName\",\"formatter\":0,\"formatOptions\":{\"customColumnWidthSetting\":\"50%\"}},{\"columnMatch\":\"count_\",\"formatter\":3,\"formatOptions\":{\"palette\":\"greenRed\",\"compositeBarSettings\":{\"labelText\":\"\"},\"customColumnWidthSetting\":\"50%\"}},{\"columnMatch\":\"Feed\",\"formatter\":0,\"formatOptions\":{\"customColumnWidthSetting\":\"50%\"}}],\"rowLimit\":500,\"filter\":true,\"labelSettings\":[{\"columnId\":\"count_\",\"label\":\"Hits\"}]},\"tileSettings\":{\"showBorder\":false,\"titleContent\":{\"columnMatch\":\"DestinationDnsDomain\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"},\"numberFormat\":{\"unit\":17,\"options\":{\"maximumSignificantDigits\":3,\"maximumFractionDigits\":2}}}}},\"customWidth\":\"30\",\"name\":\"Top Requested Domains\",\"styleSettings\":{\"margin\":\"0 10px 0 0\"}},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"DNS\\\"\\r\\n| summarize count() by InfobloxDNSRCode\",\"size\":3,\"title\":\"Response Codes\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"piechart\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"InfobloxB1FeedName\",\"formatter\":0,\"formatOptions\":{\"customColumnWidthSetting\":\"50%\"}},{\"columnMatch\":\"count_\",\"formatter\":3,\"formatOptions\":{\"palette\":\"greenRed\",\"compositeBarSettings\":{\"labelText\":\"\"},\"customColumnWidthSetting\":\"50%\"}},{\"columnMatch\":\"Feed\",\"formatter\":0,\"formatOptions\":{\"customColumnWidthSetting\":\"50%\"}}],\"rowLimit\":500,\"filter\":true,\"labelSettings\":[{\"columnId\":\"count_\",\"label\":\"Hits\"}]},\"tileSettings\":{\"showBorder\":false,\"titleContent\":{\"columnMatch\":\"DestinationDnsDomain\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"},\"numberFormat\":{\"unit\":17,\"options\":{\"maximumSignificantDigits\":3,\"maximumFractionDigits\":2}}}}},\"name\":\"Response Codes\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"DNS\\\"\\r\\n| summarize count() by InfobloxB1ConnectionType\",\"size\":3,\"title\":\"Queries by Connection Type\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"piechart\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"InfobloxB1FeedName\",\"formatter\":0,\"formatOptions\":{\"customColumnWidthSetting\":\"50%\"}},{\"columnMatch\":\"count_\",\"formatter\":3,\"formatOptions\":{\"palette\":\"greenRed\",\"compositeBarSettings\":{\"labelText\":\"\"},\"customColumnWidthSetting\":\"50%\"}},{\"columnMatch\":\"Feed\",\"formatter\":0,\"formatOptions\":{\"customColumnWidthSetting\":\"50%\"}}],\"rowLimit\":500,\"filter\":true,\"labelSettings\":[{\"columnId\":\"count_\",\"label\":\"Hits\"}]}\"tileSettings\":{\"showBorder\":false,\"titleContent\":{\"columnMatch\":\"DestinationDnsDomain\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"},\"numberFormat\":{\"unit\":17,\"options\":{\"maximumSignificantDigits\":3,\"maximumFractionDigits\":2}}}},\"chartSettings\":{\"seriesLabelSettings\":[{\"seriesName\":\"\",\"label\":\"unknown\",\"color\":\"orange\"}]}},\"name\":\"Queries by Connection Type\"}]},\"customWidth\":\"30\",\"name\":\"group - 14\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"DNS\\\"\\r\\n| summarize count() by SourceIP\\r\\n| top 25 by count_ desc\",\"size\":2,\"title\":\"Top Source IPs by DNS Queries\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"barchart\",\"chartSettings\":{\"createOtherGroup\":0}},\"customWidth\":\"40\",\"name\":\"Top Source IPs by DNS Queries\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"DNS\\\"\\r\\n| sort by TimeGenerated desc\\r\\n| project TimeGenerated, Activity, DestinationDnsDomain, SourceIP, DeviceName, SourceMACAddress, SourceUserName, InfobloxB1SrcOSVersion, InfobloxB1ConnectionType, InfobloxB1Network, InfobloxDNSQClass, InfobloxDNSQType, InfobloxDNSRCode, Protocol, AdditionalExtensionsParsedNested\\r\\n\",\"size\":2,\"showAnalytics\":true,\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"showRefreshButton\":true,\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"ThreatLevel\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"==\",\"thresholdValue\":\"N/A\",\"representation\":\"gray\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Low\",\"representation\":\"yellow\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Info\",\"representation\":\"lightBlue\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Medium\",\"representation\":\"orange\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"High\",\"representation\":\"red\",\"text\":\"{0}{1}\"},{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"ThreatLevel_Score\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"is Empty\",\"representation\":\"gray\",\"text\":\"N/A\"},{\"operator\":\">=\",\"thresholdValue\":\"80\",\"representation\":\"red\",\"text\":\"{0}{1}\"},{\"operator\":\">=\",\"thresholdValue\":\"30\",\"representation\":\"orange\",\"text\":\"{0}{1}\"},{\"operator\":\">=\",\"thresholdValue\":\"1\",\"representation\":\"yellow\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"0\",\"representation\":\"lightBlue\",\"text\":\"{0}{1}\"},{\"operator\":\"Default\",\"text\":\"\"}],\"compositeBarSettings\":{\"labelText\":\"[\\\"ThreatLevel\\\"]\",\"columnSettings\":[{\"columnName\":\"ThreatLevel\",\"color\":\"orange\"},{\"columnName\":\"DestinationDnsDomain\",\"color\":\"blue\"}]}}},{\"columnMatch\":\"ThreatConfidence\",\"formatter\":8,\"formatOptions\":{\"min\":0,\"max\":100,\"palette\":\"purpleBlueGreen\",\"compositeBarSettings\":{\"labelText\":\"\"}}},{\"columnMatch\":\"LogSeverity\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"==\",\"thresholdValue\":\"0\",\"representation\":\"green\",\"text\":\"N/A\"},{\"operator\":\"==\",\"thresholdValue\":\"1\",\"representation\":\"blue\",\"text\":\"Low/Info\"},{\"operator\":\"==\",\"thresholdValue\":\"5\",\"representation\":\"orange\",\"text\":\"Medium\"},{\"operator\":\"==\",\"thresholdValue\":\"8\",\"representation\":\"red\",\"text\":\"High\"},{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}],\"compositeBarSettings\":{\"labelText\":\"\",\"columnSettings\":[{\"columnName\":\"LogSeverity\",\"color\":\"blue\"},{\"columnName\":\"DestinationDnsDomain\",\"color\":\"purple\"}]}}},{\"columnMatch\":\"Count\",\"formatter\":4,\"formatOptions\":{\"min\":0,\"palette\":\"blue\"}}],\"rowLimit\":5000,\"filter\":true,\"sortBy\":[{\"itemKey\":\"InfobloxDNSQType\",\"sortOrder\":2}]},\"sortBy\":[{\"itemKey\":\"InfobloxDNSQType\",\"sortOrder\":2}]},\"showPin\":false,\"name\":\"DNS Events\"},{\"type\":1,\"content\":{\"json\":\"---\\r\\n## DHCP Events\"},\"name\":\"text - 8 - Copy - Copy - Copy - Copy\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"b71068b1-a89d-4605-8440-802f89726143\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"DHCPTypeParam\",\"label\":\"DHCP Operation\",\"type\":2,\"isRequired\":true,\"multiSelect\":true,\"quote\":\"'\",\"delimiter\":\",\",\"value\":[\"value::all\"],\"typeSettings\":{\"additionalResourceOptions\":[\"value::all\"],\"selectAllValue\":\"All\",\"showDefault\":false},\"jsonData\":\"[\\r\\n\\r\\n    { \\\"value\\\":\\\"Create\\\"},\\r\\n    { \\\"value\\\":\\\"Delete\\\"},\\r\\n    { \\\"value\\\":\\\"Update\\\"}\\r\\n]\",\"timeContext\":{\"durationMs\":86400000},\"defaultValue\":\"value::all\"}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"parameters - 23\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"DHCP\\\"\\r\\n| where InfobloxLeaseOp in ({DHCPTypeParam}) or '{DHCPTypeParam:label}' ==  \\\"All\\\"\\r\\n| sort by TimeGenerated desc\\r\\n| project TimeGenerated, DeviceEventClassID, SourceIP, SourceHostName, SourceMACAddress, InfobloxLeaseOp, InfobloxLifetime, InfobloxLeaseUUID, AdditionalExtensionsParsedNested\\r\\n\",\"size\":2,\"showAnalytics\":true,\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"showRefreshButton\":true,\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"ThreatLevel\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"==\",\"thresholdValue\":\"N/A\",\"representation\":\"gray\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Low\",\"representation\":\"yellow\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Info\",\"representation\":\"lightBlue\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Medium\",\"representation\":\"orange\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"High\",\"representation\":\"red\",\"text\":\"{0}{1}\"},{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"ThreatLevel_Score\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"is Empty\",\"representation\":\"gray\",\"text\":\"N/A\"},{\"operator\":\">=\",\"thresholdValue\":\"80\",\"representation\":\"red\",\"text\":\"{0}{1}\"},{\"operator\":\">=\",\"thresholdValue\":\"30\",\"representation\":\"orange\",\"text\":\"{0}{1}\"},{\"operator\":\">=\",\"thresholdValue\":\"1\",\"representation\":\"yellow\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"0\",\"representation\":\"lightBlue\",\"text\":\"{0}{1}\"},{\"operator\":\"Default\",\"text\":\"\"}],\"compositeBarSettings\":{\"labelText\":\"[\\\"ThreatLevel\\\"]\",\"columnSettings\":[{\"columnName\":\"ThreatLevel\",\"color\":\"orange\"},{\"columnName\":\"DestinationDnsDomain\",\"color\":\"blue\"}]}}},{\"columnMatch\":\"ThreatConfidence\",\"formatter\":8,\"formatOptions\":{\"min\":0,\"max\":100,\"palette\":\"purpleBlueGreen\",\"compositeBarSettings\":{\"labelText\":\"\"}}},{\"columnMatch\":\"LogSeverity\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"==\",\"thresholdValue\":\"0\",\"representation\":\"green\",\"text\":\"N/A\"},{\"operator\":\"==\",\"thresholdValue\":\"1\",\"representation\":\"blue\",\"text\":\"Low/Info\"},{\"operator\":\"==\",\"thresholdValue\":\"5\",\"representation\":\"orange\",\"text\":\"Medium\"},{\"operator\":\"==\",\"thresholdValue\":\"8\",\"representation\":\"red\",\"text\":\"High\"},{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}],\"compositeBarSettings\":{\"labelText\":\"\",\"columnSettings\":[{\"columnName\":\"LogSeverity\",\"color\":\"blue\"},{\"columnName\":\"DestinationDnsDomain\",\"color\":\"purple\"}]}}},{\"columnMatch\":\"Count\",\"formatter\":4,\"formatOptions\":{\"min\":0,\"palette\":\"blue\"}}],\"rowLimit\":5000,\"filter\":true,\"sortBy\":[{\"itemKey\":\"DeviceEventClassID\",\"sortOrder\":2}]},\"sortBy\":[{\"itemKey\":\"DeviceEventClassID\",\"sortOrder\":2}]},\"showPin\":false,\"name\":\"DHCP Events\"}]},\"conditionalVisibility\":{\"parameterName\":\"view\",\"comparison\":\"isEqualTo\",\"value\":\"DNS & DHCP Overview\"},\"name\":\"DNS Query/Response Overview\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"## Filters \\r\\n---\\r\\n\\r\\nCategory filters are a set of content categorization rules that BloxOne Threat Defense Cloud uses to detect and filter specific internet content. Based on your configuration, specific actions such as Allow or Block will be taken on the detected content.\\r\\n\\r\\nApplication filters are a set of rules that BloxOne Threat Defense Cloud uses to detect and filter specific Internet content. The Application Classification Service (ACS) provides accessibility to applications based on their category or subcategory. Using application filters, you can set security policies based on whether you want to allow an app to access the Internet at all times, or if you want the app to use local resolution when used with BloxOne DDI appliances. \\r\\n\\r\\nSee more about filters on the official [Infoblox Documentation Portal](https://docs.infoblox.com/display/BloxOneThreatDefense/Filters).\"},\"name\":\"text - 2\",\"styleSettings\":{\"margin\":\"0px\"}},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} \\r\\n| where DeviceEventClassID has_cs \\\"RPZ\\\" \\r\\n| where InfobloxB1FeedName has_cs \\\"CAT_\\\" or InfobloxRPZ has_cs \\\"CAT_\\\" or InfobloxB1FeedName has_cs \\\"APP_\\\" or InfobloxRPZ has_cs \\\"APP_\\\"\\r\\n| summarize count()\",\"size\":3,\"title\":\"All Filter Hits\",\"color\":\"orange\",\"timeContext\":{\"durationMs\":14400000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"min\":-1,\"palette\":\"orange\"}},\"showBorder\":false}},\"customWidth\":\"33\",\"name\":\"All Filter Hits\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} \\r\\n| where DeviceEventClassID has_cs \\\"RPZ\\\" \\r\\n| where InfobloxB1FeedName has_cs \\\"CAT_\\\" or InfobloxRPZ has_cs \\\"CAT_\\\"\\r\\n| summarize count()\",\"size\":3,\"title\":\"Category Filter Hits\",\"color\":\"orange\",\"timeContext\":{\"durationMs\":14400000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"palette\":\"yellowGreenBlue\"}},\"showBorder\":false}},\"customWidth\":\"33\",\"name\":\"Category Filter Hits\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} \\r\\n| where DeviceEventClassID has_cs \\\"RPZ\\\" \\r\\n| where InfobloxB1FeedName has_cs \\\"APP_\\\" or InfobloxRPZ has_cs \\\"APP_\\\"\\r\\n| summarize count()\",\"size\":3,\"title\":\"Application Filter Hits\",\"color\":\"orange\",\"timeContext\":{\"durationMs\":14400000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"min\":-1,\"palette\":\"redPurple\"}},\"showBorder\":false}},\"customWidth\":\"33\",\"name\":\"Application Filter Hits\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Top Category Filter Hits\",\"items\":[{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"be7263d9-229e-4875-a60a-76114659b718\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"CatFilterSorter\",\"label\":\"Sort Tiles By\",\"type\":2,\"isRequired\":true,\"typeSettings\":{\"showDefault\":false},\"jsonData\":\"[\\r\\n    { \\\"value\\\":\\\"count_ desc\\\", \\\"label\\\":\\\"Hit Count\\\", \\\"selected\\\":true },\\r\\n    { \\\"value\\\":\\\"DestinationDnsDomain asc, count_ desc\\\", \\\"label\\\":\\\"Domain Name\\\" },\\r\\n    { \\\"value\\\":\\\"InfobloxDomainCat asc, count_ desc\\\", \\\"label\\\":\\\"Filter Type\\\" }\\r\\n]\",\"timeContext\":{\"durationMs\":86400000}}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"Top Category Filters RPZ Hits\",\"styleSettings\":{\"margin\":\"0px 0px 0px 10px\"}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} \\r\\n| where DeviceEventClassID has_cs \\\"RPZ\\\" \\r\\n| where InfobloxB1FeedName has_cs \\\"CAT_\\\" or InfobloxRPZ has_cs \\\"CAT_\\\"\\r\\n| summarize count() by DestinationDnsDomain, InfobloxDomainCat\\r\\n| sort by {CatFilterSorter}\\r\\n| take 50\\r\\n\",\"size\":3,\"timeContext\":{\"durationMs\":14400000},\"timeContextFromParameter\":\"TimeRange\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"gridSettings\":{\"filter\":true},\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"DestinationDnsDomain\",\"formatter\":1},\"subtitleContent\":{\"columnMatch\":\"InfobloxDomainCat\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"}},\"showBorder\":false,\"rowLimit\":50,\"sortOrderField\":1},\"graphSettings\":{\"type\":0,\"topContent\":{\"columnMatch\":\"DestinationDnsDomain\",\"formatter\":1},\"centerContent\":{\"columnMatch\":\"count_\",\"formatter\":1,\"numberFormat\":{\"unit\":17,\"options\":{\"maximumSignificantDigits\":3,\"maximumFractionDigits\":2}}}}},\"name\":\"Tops\",\"styleSettings\":{\"margin\":\"-20px 0px 0px 0px\"}}]},\"name\":\"Top Category Filter Hits\",\"styleSettings\":{\"margin\":\"10px\"}},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Top Application Filter Hits\",\"items\":[{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"be7263d9-229e-4875-a60a-76114659b718\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"AppFilterSorter\",\"label\":\"Sort Tiles By\",\"type\":2,\"isRequired\":true,\"typeSettings\":{\"showDefault\":false},\"jsonData\":\"[\\r\\n    { \\\"value\\\":\\\"count_ desc\\\", \\\"label\\\":\\\"Hit Count\\\", \\\"selected\\\":true },\\r\\n    { \\\"value\\\":\\\"DestinationDnsDomain asc, count_ desc\\\", \\\"label\\\":\\\"Domain Name\\\" },\\r\\n    { \\\"value\\\":\\\"InfobloxDomainCat asc, count_ desc\\\", \\\"label\\\":\\\"Filter Type\\\" }\\r\\n]\",\"timeContext\":{\"durationMs\":86400000}}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"Top Category Filters RPZ Hits\",\"styleSettings\":{\"margin\":\"0px 0px 0px 10px\"}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} \\r\\n| where DeviceEventClassID has_cs \\\"RPZ\\\" \\r\\n| where InfobloxB1FeedName has_cs \\\"APP_\\\" or InfobloxRPZ has_cs \\\"APP_\\\"\\r\\n| summarize count() by DestinationDnsDomain, InfobloxDomainCat\\r\\n| sort by {AppFilterSorter}\\r\\n| take 50\\r\\n\",\"size\":3,\"timeContext\":{\"durationMs\":14400000},\"timeContextFromParameter\":\"TimeRange\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"gridSettings\":{\"filter\":true},\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"DestinationDnsDomain\",\"formatter\":1},\"subtitleContent\":{\"columnMatch\":\"InfobloxDomainCat\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"}},\"showBorder\":false,\"rowLimit\":50,\"sortOrderField\":1},\"graphSettings\":{\"type\":0,\"topContent\":{\"columnMatch\":\"DestinationDnsDomain\",\"formatter\":1},\"centerContent\":{\"columnMatch\":\"count_\",\"formatter\":1,\"numberFormat\":{\"unit\":17,\"options\":{\"maximumSignificantDigits\":3,\"maximumFractionDigits\":2}}}}},\"name\":\"Tops\",\"styleSettings\":{\"margin\":\"-20px 0px 0px 0px\"}}]},\"name\":\"Top Application Filter Hits\",\"styleSettings\":{\"margin\":\"10px\"}}]},\"name\":\"Overview\",\"styleSettings\":{\"margin\":\"0px\"}},{\"type\":1,\"content\":{\"json\":\"---\\r\\n## By Filters\"},\"name\":\"text - 4\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"9f55f1ff-f771-485f-82a9-52a9f42251cc\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"FilterTypeParam\",\"label\":\"Filter Type\",\"type\":2,\"isRequired\":true,\"value\":\"CAT_\",\"typeSettings\":{\"showDefault\":false},\"jsonData\":\"[\\r\\n    { \\\"value\\\":\\\"CAT_\\\",  \\\"label\\\":\\\"Category Filters\\\" },\\r\\n    { \\\"value\\\":\\\"APP_\\\", \\\"label\\\":\\\"Application Filters\\\" }\\r\\n]\",\"timeContext\":{\"durationMs\":172800000},\"timeContextFromParameter\":\"TimeRange\"}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"parameters - 6 - Copy - Copy - Copy - Copy - Copy - Copy\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let starttime = {TimeRange:start};\\r\\nlet endtime = {TimeRange:end};\\r\\n// Finding Tops \\r\\nlet Top = materialize(InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} \\r\\n| where DeviceEventClassID has_cs \\\"RPZ\\\" \\r\\n| where InfobloxB1FeedName has_cs '{FilterTypeParam}' or InfobloxRPZ has_cs '{FilterTypeParam}'\\r\\n| summarize count() by InfobloxDomainCat\\r\\n| top 15 by count_ \\r\\n| project InfobloxDomainCat);\\r\\n// Filtering datasource to Tops and Plot Time chart\\r\\nInfobloxCDC\\r\\n| where TimeGenerated {TimeRange} \\r\\n| where DeviceEventClassID has_cs \\\"RPZ\\\" \\r\\n| where InfobloxB1FeedName has_cs '{FilterTypeParam}' or InfobloxRPZ has_cs '{FilterTypeParam}'\\r\\n| where InfobloxDomainCat in ((Top))\\r\\n| project TimeGenerated, InfobloxDomainCat\\r\\n| make-series Total= count() default = 0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step {TimeRange:grain} by InfobloxDomainCat\",\"size\":2,\"title\":\"Top Filters by Time\",\"color\":\"red\",\"timeContext\":{\"durationMs\":14400000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"barchart\",\"chartSettings\":{\"createOtherGroup\":15,\"showLegend\":true}},\"name\":\"Top Filters by Time\"},{\"type\":1,\"content\":{\"json\":\"#### Click on a Filter in the chart below to further drilldown the filter.\\r\\n---\",\"style\":\"info\"},\"name\":\"text - 3\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} \\r\\n| where DeviceEventClassID has_cs \\\"RPZ\\\" \\r\\n| where InfobloxB1FeedName has_cs '{FilterTypeParam}' or InfobloxRPZ has_cs '{FilterTypeParam}'\\r\\n| summarize count() by InfobloxDomainCat\\r\\n| sort by count_ desc\",\"size\":0,\"title\":\"Hit Count by Filter \",\"timeContext\":{\"durationMs\":14400000},\"timeContextFromParameter\":\"TimeRange\",\"exportFieldName\":\"InfobloxDomainCat\",\"exportParameterName\":\"filter\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"count_\",\"formatter\":3,\"formatOptions\":{\"palette\":\"greenRed\",\"compositeBarSettings\":{\"labelText\":\"\"},\"customColumnWidthSetting\":\"40%\"}},{\"columnMatch\":\"CategoryFilter\",\"formatter\":0,\"formatOptions\":{\"customColumnWidthSetting\":\"60%\"}}],\"filter\":true,\"labelSettings\":[{\"columnId\":\"count_\",\"label\":\"Hits\"}]},\"tileSettings\":{\"showBorder\":false,\"titleContent\":{\"columnMatch\":\"DestinationDnsDomain\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"},\"numberFormat\":{\"unit\":17,\"options\":{\"maximumSignificantDigits\":3,\"maximumFractionDigits\":2}}}}},\"customWidth\":\"30\",\"name\":\"Hit Count by Filter \",\"styleSettings\":{\"margin\":\"0 10px 0 0\"}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} \\r\\n| where DeviceEventClassID has_cs \\\"RPZ\\\" \\r\\n| where InfobloxB1FeedName has_cs '{FilterTypeParam}' or InfobloxRPZ has_cs '{FilterTypeParam}'\\r\\n| where '{filter}' == InfobloxDomainCat\\r\\n| sort by  TimeGenerated desc, SourceIP desc\\r\\n| project TimeGenerated, DestinationDnsDomain, InfobloxDomainCat, InfobloxB1PolicyAction, DeviceAction, InfobloxB1PolicyName, SourceIP, DeviceName, SourceMACAddress, SourceUserName, InfobloxB1SrcOSVersion, InfobloxB1ConnectionType, InfobloxB1Network, AdditionalExtensionsParsedNested\\r\\n\",\"size\":0,\"showAnalytics\":true,\"title\":\"Events for {filter}\",\"timeContext\":{\"durationMs\":14400000},\"timeContextFromParameter\":\"TimeRange\",\"showRefreshButton\":true,\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"LogSeverity\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"gray\",\"text\":\"N/A\"}],\"compositeBarSettings\":{\"labelText\":\"\",\"columnSettings\":[{\"columnName\":\"LogSeverity\",\"color\":\"blue\"},{\"columnName\":\"DestinationDnsDomain\",\"color\":\"purple\"}]}}},{\"columnMatch\":\"Message\",\"formatter\":0,\"formatOptions\":{\"customColumnWidthSetting\":\"40%\"}},{\"columnMatch\":\"Count\",\"formatter\":4,\"formatOptions\":{\"min\":0,\"palette\":\"blue\"}}],\"rowLimit\":500,\"filter\":true,\"sortBy\":[{\"itemKey\":\"InfobloxB1SrcOSVersion\",\"sortOrder\":2}]},\"sortBy\":[{\"itemKey\":\"InfobloxB1SrcOSVersion\",\"sortOrder\":2}]},\"customWidth\":\"70\",\"conditionalVisibility\":{\"parameterName\":\"filter\",\"comparison\":\"isNotEqualTo\"},\"showPin\":false,\"name\":\"Events for {filter}\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} \\r\\n| where DeviceEventClassID has_cs \\\"RPZ\\\" \\r\\n| where InfobloxB1FeedName has_cs '{FilterTypeParam}' or InfobloxRPZ has_cs '{FilterTypeParam}'\\r\\n| where '{filter}' == InfobloxDomainCat \\r\\n| summarize count() by SourceIP\\r\\n| top 10 by count_ desc\\r\\n\",\"size\":2,\"title\":\"Top IPs for {filter}\",\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"piechart\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"LogSeverity\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"==\",\"thresholdValue\":\"0\",\"representation\":\"green\",\"text\":\"N/A\"},{\"operator\":\"==\",\"thresholdValue\":\"1\",\"representation\":\"blue\",\"text\":\"Low/Info\"},{\"operator\":\"==\",\"thresholdValue\":\"5\",\"representation\":\"orange\",\"text\":\"Medium\"},{\"operator\":\"==\",\"thresholdValue\":\"8\",\"representation\":\"red\",\"text\":\"High\"},{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}],\"compositeBarSettings\":{\"labelText\":\"\",\"columnSettings\":[{\"columnName\":\"LogSeverity\",\"color\":\"blue\"},{\"columnName\":\"DestinationDnsDomain\",\"color\":\"purple\"}]}}},{\"columnMatch\":\"Count\",\"formatter\":4,\"formatOptions\":{\"min\":0,\"palette\":\"blue\"}}],\"rowLimit\":500,\"filter\":true,\"labelSettings\":[{\"columnId\":\"LogSeverity\",\"label\":\"Threat Level\"}]}},\"customWidth\":\"25\",\"conditionalVisibility\":{\"parameterName\":\"filter\",\"comparison\":\"isNotEqualTo\"},\"showPin\":false,\"name\":\"Top IPs for {filter}\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let starttime = {TimeRange:start};\\r\\nlet endtime = {TimeRange:end};\\r\\n// Finding Tops \\r\\nlet Top = materialize(InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} \\r\\n| where DeviceEventClassID has_cs \\\"RPZ\\\" \\r\\n| where InfobloxB1FeedName has_cs '{FilterTypeParam}' or InfobloxRPZ has_cs '{FilterTypeParam}'\\r\\n| where '{filter}' == InfobloxDomainCat \\r\\n| summarize count() by DestinationDnsDomain\\r\\n| top 10 by count_ \\r\\n| project DestinationDnsDomain);\\r\\n// Filtering datasource to Tops and Plot Time chart\\r\\nInfobloxCDC\\r\\n| where TimeGenerated {TimeRange} \\r\\n| where DeviceEventClassID has_cs \\\"RPZ\\\" \\r\\n| where InfobloxB1FeedName has_cs '{FilterTypeParam}' or InfobloxRPZ has_cs '{FilterTypeParam}'\\r\\n| where '{filter}' == InfobloxDomainCat \\r\\n| where DestinationDnsDomain in ((Top))\\r\\n| project TimeGenerated, DestinationDnsDomain\\r\\n| make-series Total= count() default = 0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step {TimeRange:grain} by DestinationDnsDomain\\r\\n\",\"size\":2,\"title\":\"Top Queries for {filter} by Time\",\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"barchart\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"LogSeverity\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"==\",\"thresholdValue\":\"0\",\"representation\":\"green\",\"text\":\"N/A\"},{\"operator\":\"==\",\"thresholdValue\":\"1\",\"representation\":\"blue\",\"text\":\"Low/Info\"},{\"operator\":\"==\",\"thresholdValue\":\"5\",\"representation\":\"orange\",\"text\":\"Medium\"},{\"operator\":\"==\",\"thresholdValue\":\"8\",\"representation\":\"red\",\"text\":\"High\"},{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}],\"compositeBarSettings\":{\"labelText\":\"\",\"columnSettings\":[{\"columnName\":\"LogSeverity\",\"color\":\"blue\"},{\"columnName\":\"DestinationDnsDomain\",\"color\":\"purple\"}]}}},{\"columnMatch\":\"Count\",\"formatter\":4,\"formatOptions\":{\"min\":0,\"palette\":\"blue\"}}],\"rowLimit\":500,\"filter\":true,\"labelSettings\":[{\"columnId\":\"LogSeverity\",\"label\":\"Threat Level\"}]},\"chartSettings\":{\"createOtherGroup\":0,\"showLegend\":true}},\"customWidth\":\"74\",\"conditionalVisibility\":{\"parameterName\":\"filter\",\"comparison\":\"isNotEqualTo\"},\"showPin\":false,\"name\":\"Top Queries for {filter} by Time\",\"styleSettings\":{\"margin\":\"0 0 0 1%\"}}]},\"name\":\"Category Filter By Type\"},{\"type\":1,\"content\":{\"json\":\"---\\r\\n## By Source IP\"},\"name\":\"text - 5\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let starttime = {TimeRange:start};\\r\\nlet endtime = {TimeRange:end};\\r\\n// Finding Tops \\r\\nlet Top = materialize(InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} \\r\\n| where DeviceEventClassID has_cs \\\"RPZ\\\" \\r\\n| where InfobloxB1FeedName has_cs '{FilterTypeParam}' or InfobloxRPZ has_cs '{FilterTypeParam}'\\r\\n| summarize count() by SourceIP\\r\\n| top 15 by count_ \\r\\n| project SourceIP);\\r\\n// Filtering datasource to Tops and Plot Time chart\\r\\nInfobloxCDC\\r\\n| where TimeGenerated {TimeRange} \\r\\n| where DeviceEventClassID has_cs \\\"RPZ\\\" \\r\\n| where InfobloxB1FeedName has_cs '{FilterTypeParam}' or InfobloxRPZ has_cs '{FilterTypeParam}'\\r\\n| where SourceIP in ((Top))\\r\\n| project TimeGenerated, SourceIP\\r\\n| make-series Total= count() default = 0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step {TimeRange:grain} by SourceIP\",\"size\":2,\"title\":\"Top Source IPs by Time\",\"color\":\"red\",\"timeContext\":{\"durationMs\":14400000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"barchart\",\"chartSettings\":{\"createOtherGroup\":0,\"showLegend\":true}},\"name\":\"Top Source IPs by Time\"},{\"type\":1,\"content\":{\"json\":\"#### Click on a Source IP in the chart below to further drilldown the IP.\\r\\n\\r\\n---\",\"style\":\"info\"},\"name\":\"text - 5\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} \\r\\n| where DeviceEventClassID has_cs \\\"RPZ\\\" \\r\\n| where InfobloxB1FeedName has_cs '{FilterTypeParam}' or InfobloxRPZ has_cs '{FilterTypeParam}'\\r\\n| summarize count() by SourceIP\\r\\n| sort by count_ desc\",\"size\":0,\"title\":\"Hit Count by Source IP\",\"timeContext\":{\"durationMs\":14400000},\"timeContextFromParameter\":\"TimeRange\",\"exportFieldName\":\"SourceIP\",\"exportParameterName\":\"ip_cat\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"SourceIP\",\"formatter\":0,\"formatOptions\":{\"customColumnWidthSetting\":\"60%\"}},{\"columnMatch\":\"count_\",\"formatter\":3,\"formatOptions\":{\"palette\":\"greenRed\",\"compositeBarSettings\":{\"labelText\":\"\"},\"customColumnWidthSetting\":\"40%\"}},{\"columnMatch\":\"CategoryFilter\",\"formatter\":0,\"formatOptions\":{\"customColumnWidthSetting\":\"50%\"}}],\"filter\":true,\"labelSettings\":[{\"columnId\":\"count_\",\"label\":\"Hits\"}]},\"tileSettings\":{\"showBorder\":false,\"titleContent\":{\"columnMatch\":\"DestinationDnsDomain\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"},\"numberFormat\":{\"unit\":17,\"options\":{\"maximumSignificantDigits\":3,\"maximumFractionDigits\":2}}}}},\"customWidth\":\"30\",\"name\":\"Hit Count by Source IP\",\"styleSettings\":{\"margin\":\"0 10px 0 0\"}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} \\r\\n| where DeviceEventClassID has_cs \\\"RPZ\\\" \\r\\n| where InfobloxB1FeedName has_cs '{FilterTypeParam}' or InfobloxRPZ has_cs '{FilterTypeParam}'\\r\\n| where '{ip_cat}' == SourceIP\\r\\n| sort by TimeGenerated desc, InfobloxDomainCat desc\\r\\n| project TimeGenerated, DestinationDnsDomain, InfobloxDomainCat, InfobloxB1PolicyAction, DeviceAction, InfobloxB1PolicyName, SourceIP, DeviceName, SourceMACAddress, SourceUserName, InfobloxB1SrcOSVersion, InfobloxB1ConnectionType, InfobloxB1Network, AdditionalExtensionsParsedNested\\r\\n\\r\\n\",\"size\":2,\"showAnalytics\":true,\"title\":\"Events for {ip_cat}\",\"timeContext\":{\"durationMs\":14400000},\"timeContextFromParameter\":\"TimeRange\",\"showRefreshButton\":true,\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"LogSeverity\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"gray\",\"text\":\"N/A\"}],\"compositeBarSettings\":{\"labelText\":\"\",\"columnSettings\":[{\"columnName\":\"LogSeverity\",\"color\":\"blue\"},{\"columnName\":\"DestinationDnsDomain\",\"color\":\"purple\"}]}}},{\"columnMatch\":\"Message\",\"formatter\":0,\"formatOptions\":{\"customColumnWidthSetting\":\"40%\"}},{\"columnMatch\":\"Count\",\"formatter\":4,\"formatOptions\":{\"min\":0,\"palette\":\"blue\"}}],\"rowLimit\":500,\"filter\":true}},\"customWidth\":\"70\",\"conditionalVisibility\":{\"parameterName\":\"ip_cat\",\"comparison\":\"isNotEqualTo\"},\"showPin\":false,\"name\":\"Events for {ip_cat}\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} \\r\\n| where DeviceEventClassID has_cs \\\"RPZ\\\" \\r\\n| where InfobloxB1FeedName has_cs '{FilterTypeParam}' or InfobloxRPZ has_cs '{FilterTypeParam}'\\r\\n| where '{ip_cat}' == SourceIP \\r\\n| summarize count() by DestinationDnsDomain\",\"size\":2,\"title\":\"Top Queries for {ip_cat}\",\"timeContext\":{\"durationMs\":14400000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"piechart\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"LogSeverity\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"==\",\"thresholdValue\":\"0\",\"representation\":\"green\",\"text\":\"N/A\"},{\"operator\":\"==\",\"thresholdValue\":\"1\",\"representation\":\"blue\",\"text\":\"Low/Info\"},{\"operator\":\"==\",\"thresholdValue\":\"5\",\"representation\":\"orange\",\"text\":\"Medium\"},{\"operator\":\"==\",\"thresholdValue\":\"8\",\"representation\":\"red\",\"text\":\"High\"},{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}],\"compositeBarSettings\":{\"labelText\":\"\",\"columnSettings\":[{\"columnName\":\"LogSeverity\",\"color\":\"blue\"},{\"columnName\":\"DestinationDnsDomain\",\"color\":\"purple\"}]}}},{\"columnMatch\":\"Count\",\"formatter\":4,\"formatOptions\":{\"min\":0,\"palette\":\"blue\"}}],\"rowLimit\":500,\"filter\":true,\"labelSettings\":[{\"columnId\":\"LogSeverity\",\"label\":\"Threat Level\"}]},\"chartSettings\":{\"createOtherGroup\":10}},\"customWidth\":\"25\",\"conditionalVisibility\":{\"parameterName\":\"ip_cat\",\"comparison\":\"isNotEqualTo\"},\"showPin\":false,\"name\":\"Top Queries for {ip_cat}\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let starttime = {TimeRange:start};\\r\\nlet endtime = {TimeRange:end};\\r\\n// Finding Tops \\r\\nlet Top = materialize(InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} \\r\\n| where DeviceEventClassID has_cs \\\"RPZ\\\" \\r\\n| where InfobloxB1FeedName has_cs '{FilterTypeParam}' or InfobloxRPZ has_cs '{FilterTypeParam}'\\r\\n| where '{ip_cat}' == SourceIP \\r\\n| summarize count() by InfobloxDomainCat\\r\\n| top 10 by count_ \\r\\n| project InfobloxDomainCat);\\r\\n// Filtering datasource to Tops and Plot Time chart\\r\\nInfobloxCDC\\r\\n| where TimeGenerated {TimeRange} \\r\\n| where DeviceEventClassID has_cs \\\"RPZ\\\" \\r\\n| where InfobloxB1FeedName has_cs '{FilterTypeParam}' or InfobloxRPZ has_cs '{FilterTypeParam}'\\r\\n| where '{ip_cat}' == SourceIP \\r\\n| where InfobloxDomainCat in ((Top))\\r\\n| project TimeGenerated, InfobloxDomainCat\\r\\n| make-series Total= count() default = 0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step {TimeRange:grain} by InfobloxDomainCat\",\"size\":2,\"title\":\"Top Filters for {ip_cat} by Time\",\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"barchart\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"LogSeverity\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"==\",\"thresholdValue\":\"0\",\"representation\":\"green\",\"text\":\"N/A\"},{\"operator\":\"==\",\"thresholdValue\":\"1\",\"representation\":\"blue\",\"text\":\"Low/Info\"},{\"operator\":\"==\",\"thresholdValue\":\"5\",\"representation\":\"orange\",\"text\":\"Medium\"},{\"operator\":\"==\",\"thresholdValue\":\"8\",\"representation\":\"red\",\"text\":\"High\"},{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}],\"compositeBarSettings\":{\"labelText\":\"\",\"columnSettings\":[{\"columnName\":\"LogSeverity\",\"color\":\"blue\"},{\"columnName\":\"DestinationDnsDomain\",\"color\":\"purple\"}]}}},{\"columnMatch\":\"Count\",\"formatter\":4,\"formatOptions\":{\"min\":0,\"palette\":\"blue\"}}],\"rowLimit\":500,\"filter\":true,\"labelSettings\":[{\"columnId\":\"LogSeverity\",\"label\":\"Threat Level\"}]},\"chartSettings\":{\"createOtherGroup\":0,\"showLegend\":true}},\"customWidth\":\"75\",\"conditionalVisibility\":{\"parameterName\":\"ip_cat\",\"comparison\":\"isNotEqualTo\"},\"showPin\":false,\"name\":\"Top Filters for {ip_cat} by Time\"}]},\"name\":\"Category Filter by IP\"}]},\"conditionalVisibility\":{\"parameterName\":\"view\",\"comparison\":\"isEqualTo\",\"value\":\"Filters\"},\"name\":\"Category Filters\"}],\"styleSettings\":{\"spacingStyle\":\"none\"},\"fromTemplateId\":\"sentinel-InfobloxCDCB1TDWorkbook\",\"$schema\":\"https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json\"}\r\n",
+                "serializedData": "{\"version\":\"Notebook/1.0\",\"items\":[{\"type\":1,\"content\":{\"json\":\">**NOTE:** This data connector depends on a parser based on a Kusto Function to work as expected called [**InfobloxCDC**](https://aka.ms/sentinel-InfobloxCloudDataConnector-parser) which is deployed with the Microsoft Sentinel Solution.\",\"style\":\"info\"},\"name\":\"text - 9\",\"styleSettings\":{\"margin\":\"0 0 20px 0\"}},{\"type\":1,\"content\":{\"json\":\"# Infoblox CDC BloxOne DDI & Threat Defense Workbook\\r\\n\\r\\n##### Get a closer look at your BloxOne DNS Query/Response logs, DHCP logs and Threat Defense security event data. \\r\\n\\r\\nThis workbook is intended to help visualize BloxOne query data as part of the Infoblox Cloud Data Connector. Drilldown your data and visualize events, trends, and anomalous changes over time.\\r\\n\\r\\nSupported BloxOne Cloud Source log types:\\r\\n* Threat Defense Query/Response Log\\r\\n* Threat Defense Threat Feeds Hits Log\\r\\n* DDI Query/Response Log\\r\\n* DDI DHCP Lease Log\\r\\n\\r\\n---\\r\\n\"},\"name\":\"text - 3\",\"styleSettings\":{\"margin\":\"0 0 20px 0\"}},{\"type\":11,\"content\":{\"version\":\"LinkItem/1.0\",\"style\":\"tabs\",\"links\":[{\"id\":\"f2ce2fdb-104a-447f-b42b-6d11931a09ff\",\"cellValue\":\"view\",\"linkTarget\":\"parameter\",\"linkLabel\":\"DNS & DHCP Overview\",\"subTarget\":\"DNS & DHCP Overview\",\"style\":\"link\"},{\"id\":\"46b4abc5-316b-4c75-89b7-5cf134d6dbb0\",\"cellValue\":\"view\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Security Overview\",\"subTarget\":\"Security Overview\",\"style\":\"link\"},{\"id\":\"81661594-3591-4fe6-a67d-b69ae55abf67\",\"cellValue\":\"view\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Events by Device\",\"subTarget\":\"Events by Device\",\"preText\":\"IPs\",\"style\":\"link\"},{\"id\":\"46ca603b-ead0-46bd-987d-1d157b2a763a\",\"cellValue\":\"view\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Events by Domain\",\"subTarget\":\"Events by Domain\",\"style\":\"link\"},{\"id\":\"2e942b67-07c4-4579-ac5b-f43c5b01c51c\",\"cellValue\":\"view\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Filters\",\"subTarget\":\"Filters\",\"style\":\"link\"}]},\"name\":\"links - 16\",\"styleSettings\":{\"margin\":\"0 0 20px 0\"}},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"9878ee10-a66a-4438-afdd-29789d76bd61\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"TimeRange\",\"type\":4,\"isRequired\":true,\"value\":{\"durationMs\":14400000},\"typeSettings\":{\"selectableValues\":[{\"durationMs\":300000},{\"durationMs\":900000},{\"durationMs\":1800000},{\"durationMs\":3600000},{\"durationMs\":14400000},{\"durationMs\":43200000},{\"durationMs\":86400000},{\"durationMs\":172800000},{\"durationMs\":259200000},{\"durationMs\":604800000},{\"durationMs\":1209600000},{\"durationMs\":2419200000},{\"durationMs\":2592000000},{\"durationMs\":5184000000},{\"durationMs\":7776000000}],\"allowCustom\":true}}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"30\",\"name\":\"parameters - 0\"},{\"type\":1,\"content\":{\"json\":\"#### Set a time range for which to view data using the dropdown to the left. It will be applied to all visualizations of this workbook. Note that using a large range may cause queries to timeout depending on the size of your environment. Reduce the range if this keeps occurring.\\r\\n\\r\\n---\\r\\n\",\"style\":\"info\"},\"customWidth\":\"70\",\"name\":\"text - 7\",\"styleSettings\":{\"margin\":\"0 0 10px 0\"}},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"## Events by Device\\r\\n---\\r\\n#### Get a closer look into where threat data is originating. \\r\\nThis section visualizes which devices are producing the most hits. Further drilldown data by source IP address. \\r\\n\\r\\nMake sure to set all Threat Defense dropdowns below back to \\\"All\\\" when switching between Log Types.\"},\"name\":\"text - 8\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"12793c1f-b77e-4319-99f6-b6b4230d9cfe\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"LogTypeParam\",\"label\":\"Log Type\",\"type\":2,\"isRequired\":true,\"value\":\"RPZ\",\"typeSettings\":{\"showDefault\":false},\"jsonData\":\"[\\r\\n    { \\\"value\\\":\\\"RPZ\\\",  \\\"label\\\":\\\"Threat Defense Security Hits\\\" },\\r\\n    { \\\"value\\\":\\\"DNS\\\", \\\"label\\\":\\\"DNS Queries & Responses\\\" }\\r\\n]\",\"timeContext\":{\"durationMs\":86400000},\"timeContextFromParameter\":\"TimeRange\"}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"parameters - 6 - Copy - Copy - Copy2\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"19099936-395c-4ac9-a462-097e6c1fe50c\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"ThreatLevelParam\",\"label\":\"Threat Level\",\"type\":2,\"isRequired\":true,\"multiSelect\":true,\"quote\":\"'\",\"delimiter\":\",\",\"value\":[\"value::all\"],\"typeSettings\":{\"additionalResourceOptions\":[\"value::all\"],\"selectAllValue\":\"All\",\"showDefault\":false},\"jsonData\":\"[\\r\\n    { \\\"value\\\":\\\"N/A\\\"},\\r\\n    { \\\"value\\\":\\\"Info\\\"},\\r\\n    { \\\"value\\\":\\\"Low\\\"},\\r\\n    { \\\"value\\\":\\\"Medium\\\"},\\r\\n    { \\\"value\\\":\\\"High\\\"}\\r\\n]\",\"timeContext\":{\"durationMs\":259200000},\"timeContextFromParameter\":\"TimeRange\",\"defaultValue\":\"value::all\"},{\"id\":\"2d6b86ef-4bd8-4afd-be72-83f7cb365585\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"FeedParam\",\"label\":\"Feed\",\"type\":2,\"isRequired\":true,\"multiSelect\":true,\"quote\":\"\\\"\",\"delimiter\":\",\",\"query\":\"InfobloxCDC\\r\\n| where isnotempty(InfobloxB1FeedName)\\r\\n| summarize by InfobloxB1FeedName\\r\\n| order by InfobloxB1FeedName asc\",\"typeSettings\":{\"additionalResourceOptions\":[\"value::all\"],\"selectAllValue\":\"All\",\"showDefault\":false},\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"defaultValue\":\"value::all\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},{\"id\":\"8e48699a-6c2e-42b2-bcd8-15cfce54fe4d\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"ThreatClassParam\",\"label\":\"Threat Class\",\"type\":2,\"isRequired\":true,\"multiSelect\":true,\"quote\":\"\\\"\",\"delimiter\":\",\",\"query\":\"InfobloxCDC\\r\\n| summarize by ThreatClass\\r\\n| order by ThreatClass asc\\r\\n| project value = ThreatClass, label = case(ThreatClass == \\\"\\\", \\\"N/A\\\", ThreatClass)\",\"typeSettings\":{\"additionalResourceOptions\":[\"value::all\"],\"selectAllValue\":\"All\",\"showDefault\":false},\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"defaultValue\":\"value::all\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},{\"version\":\"KqlParameterItem/1.0\",\"name\":\"ActionParam\",\"label\":\"Action\",\"type\":2,\"isRequired\":true,\"multiSelect\":true,\"quote\":\"\\\"\",\"delimiter\":\",\",\"value\":[\"value::all\"],\"typeSettings\":{\"additionalResourceOptions\":[\"value::all\"],\"selectAllValue\":\"All\",\"showDefault\":false},\"jsonData\":\"[\\r\\n    { \\\"value\\\":\\\"NXDOMAIN\\\", \\\"label\\\": \\\"Block\\\"},\\r\\n    { \\\"value\\\":\\\"REDIRECT\\\", \\\"label\\\": \\\"Redirect\\\"},\\r\\n    { \\\"value\\\":\\\"PASSTHRU\\\", \\\"label\\\": \\\"Log\\\"}\\r\\n]\",\"timeContext\":{\"durationMs\":259200000},\"timeContextFromParameter\":\"TimeRange\",\"defaultValue\":\"value::all\",\"id\":\"f57d037a-57c8-4b7b-93fd-8f6215d1c9c2\"}],\"style\":\"pills\",\"doNotRunWhenHidden\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"conditionalVisibility\":{\"parameterName\":\"LogTypeParam\",\"comparison\":\"isEqualTo\",\"value\":\"RPZ\"},\"name\":\"parameters - 6 - Copy - Copy - Copy - Copy\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let starttime = {TimeRange:start};\\r\\nlet endtime = {TimeRange:end};\\r\\n// Finding Tops \\r\\nlet Top = materialize(InfobloxCDC\\r\\n| where TimeGenerated {TimeRange}\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| where DeviceEventClassID has_cs '{LogTypeParam}'\\r\\n| where isnotempty(SourceIP)\\r\\n| summarize count() by SourceIP\\r\\n| top 15 by count_ \\r\\n| project SourceIP);\\r\\n// Filtering datasource to Tops and Plot Time chart\\r\\nInfobloxCDC\\r\\n| where TimeGenerated {TimeRange}\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| where DeviceEventClassID has_cs '{LogTypeParam}'\\r\\n| where SourceIP in ((Top))\\r\\n| project TimeGenerated, SourceIP\\r\\n| make-series Total= count() default = 0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step {TimeRange:grain} by SourceIP\\r\\n\",\"size\":2,\"title\":\"Top Source IPs by Time\",\"color\":\"red\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"barchart\",\"tileSettings\":{\"showBorder\":false,\"titleContent\":{\"columnMatch\":\"DestinationDnsDomain\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"},\"numberFormat\":{\"unit\":17,\"options\":{\"maximumSignificantDigits\":3,\"maximumFractionDigits\":2}}}},\"chartSettings\":{\"createOtherGroup\":15,\"showLegend\":true}},\"name\":\"Top Source IPs by Time\"},{\"type\":1,\"content\":{\"json\":\"#### Click on a Device in the chart below to further drilldown the device.\\r\\n\\r\\n---\",\"style\":\"info\"},\"name\":\"text - 17\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange}\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| where DeviceEventClassID has_cs '{LogTypeParam}'\\r\\n| summarize count() by SourceIP, DeviceName, SourceMACAddress, InfobloxB1SrcOSVersion\\r\\n| order by count_ desc\",\"size\":2,\"title\":\"Hit Count by Device\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"exportFieldName\":\"SourceIP\",\"exportParameterName\":\"ip\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"count_\",\"formatter\":3,\"formatOptions\":{\"palette\":\"greenRed\",\"compositeBarSettings\":{\"labelText\":\"\"},\"customColumnWidthSetting\":\"40%\"}}],\"rowLimit\":500,\"filter\":true,\"labelSettings\":[{\"columnId\":\"count_\",\"label\":\"Hits\"}]},\"tileSettings\":{\"showBorder\":false,\"titleContent\":{\"columnMatch\":\"DestinationDnsDomain\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"},\"numberFormat\":{\"unit\":17,\"options\":{\"maximumSignificantDigits\":3,\"maximumFractionDigits\":2}}}}},\"customWidth\":\"30\",\"name\":\"Hit Count by Device\",\"styleSettings\":{\"margin\":\"0 10px 0 0\"}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange}\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| where DeviceEventClassID has_cs 'RPZ'\\r\\n| where '{ip}' == SourceIP \\r\\n| sort by TimeGenerated desc\\r\\n| project TimeGenerated, ThreatLevel, ThreatLevel_Score, ThreatConfidence, DestinationDnsDomain, InfobloxB1FeedName, ThreatClass, ThreatProperty, InfobloxB1PolicyAction, DeviceAction, InfobloxB1PolicyName, SourceIP, DeviceName, SourceMACAddress, SourceUserName, InfobloxB1SrcOSVersion, InfobloxB1ConnectionType, InfobloxB1Network, AdditionalExtensionsParsedNested\\r\\n\",\"size\":2,\"showAnalytics\":true,\"title\":\"Events for {ip}\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"showRefreshButton\":true,\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"ThreatLevel\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"==\",\"thresholdValue\":\"N/A\",\"representation\":\"gray\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Low\",\"representation\":\"yellow\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Info\",\"representation\":\"lightBlue\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Medium\",\"representation\":\"orange\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"High\",\"representation\":\"red\",\"text\":\"{0}{1}\"},{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"ThreatLevel_Score\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"is Empty\",\"representation\":\"gray\",\"text\":\"N/A\"},{\"operator\":\">=\",\"thresholdValue\":\"80\",\"representation\":\"red\",\"text\":\"{0}{1}\"},{\"operator\":\">=\",\"thresholdValue\":\"50\",\"representation\":\"orange\",\"text\":\"{0}{1}\"},{\"operator\":\">=\",\"thresholdValue\":\"1\",\"representation\":\"yellow\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"0\",\"representation\":\"lightBlue\",\"text\":\"{0}{1}\"},{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}],\"compositeBarSettings\":{\"labelText\":\"[\\\"ThreatLevel\\\"]\",\"columnSettings\":[{\"columnName\":\"ThreatLevel\",\"color\":\"orange\"},{\"columnName\":\"DestinationDnsDomain\",\"color\":\"blue\"}]}}},{\"columnMatch\":\"ThreatConfidence\",\"formatter\":8,\"formatOptions\":{\"min\":0,\"max\":100,\"palette\":\"purpleBlueGreen\",\"compositeBarSettings\":{\"labelText\":\"\"}}},{\"columnMatch\":\"LogSeverity\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"==\",\"thresholdValue\":\"0\",\"representation\":\"green\",\"text\":\"N/A\"},{\"operator\":\"==\",\"thresholdValue\":\"1\",\"representation\":\"blue\",\"text\":\"Low/Info\"},{\"operator\":\"==\",\"thresholdValue\":\"5\",\"representation\":\"orange\",\"text\":\"Medium\"},{\"operator\":\"==\",\"thresholdValue\":\"8\",\"representation\":\"red\",\"text\":\"High\"},{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}],\"compositeBarSettings\":{\"labelText\":\"\",\"columnSettings\":[{\"columnName\":\"LogSeverity\",\"color\":\"blue\"},{\"columnName\":\"DestinationDnsDomain\",\"color\":\"purple\"}]}}},{\"columnMatch\":\"Count\",\"formatter\":4,\"formatOptions\":{\"min\":0,\"palette\":\"blue\"}}],\"rowLimit\":500,\"filter\":true,\"sortBy\":[{\"itemKey\":\"InfobloxB1PolicyAction\",\"sortOrder\":2}]},\"sortBy\":[{\"itemKey\":\"InfobloxB1PolicyAction\",\"sortOrder\":2}]},\"customWidth\":\"70\",\"conditionalVisibilities\":[{\"parameterName\":\"ip\",\"comparison\":\"isNotEqualTo\"},{\"parameterName\":\"LogTypeParam\",\"comparison\":\"isEqualTo\",\"value\":\"RPZ\"}],\"showPin\":false,\"name\":\"Events for {ip}\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange}\\r\\n| where DeviceEventClassID has_cs 'DNS'\\r\\n| where '{ip}' == SourceIP \\r\\n| sort by TimeGenerated desc\\r\\n| project TimeGenerated, Activity, DestinationDnsDomain, SourceIP, DeviceName, SourceMACAddress, SourceUserName, InfobloxB1SrcOSVersion, InfobloxB1ConnectionType, InfobloxB1Network, InfobloxDNSQClass, InfobloxDNSQType, InfobloxDNSRCode, Protocol, AdditionalExtensionsParsedNested\\r\\n\",\"size\":2,\"showAnalytics\":true,\"title\":\"Events for {ip}\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"showRefreshButton\":true,\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"ThreatLevel\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"==\",\"thresholdValue\":\"N/A\",\"representation\":\"gray\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Low\",\"representation\":\"yellow\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Info\",\"representation\":\"lightBlue\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Medium\",\"representation\":\"orange\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"High\",\"representation\":\"red\",\"text\":\"{0}{1}\"},{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"ThreatLevel_Score\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"is Empty\",\"representation\":\"gray\",\"text\":\"N/A\"},{\"operator\":\">=\",\"thresholdValue\":\"80\",\"representation\":\"red\",\"text\":\"{0}{1}\"},{\"operator\":\">=\",\"thresholdValue\":\"50\",\"representation\":\"orange\",\"text\":\"{0}{1}\"},{\"operator\":\">=\",\"thresholdValue\":\"1\",\"representation\":\"yellow\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"0\",\"representation\":\"lightBlue\",\"text\":\"{0}{1}\"},{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}],\"compositeBarSettings\":{\"labelText\":\"[\\\"ThreatLevel\\\"]\",\"columnSettings\":[{\"columnName\":\"ThreatLevel\",\"color\":\"orange\"},{\"columnName\":\"DestinationDnsDomain\",\"color\":\"blue\"}]}}},{\"columnMatch\":\"ThreatConfidence\",\"formatter\":8,\"formatOptions\":{\"min\":0,\"max\":100,\"palette\":\"purpleBlueGreen\",\"compositeBarSettings\":{\"labelText\":\"\"}}},{\"columnMatch\":\"LogSeverity\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"==\",\"thresholdValue\":\"0\",\"representation\":\"green\",\"text\":\"N/A\"},{\"operator\":\"==\",\"thresholdValue\":\"1\",\"representation\":\"blue\",\"text\":\"Low/Info\"},{\"operator\":\"==\",\"thresholdValue\":\"5\",\"representation\":\"orange\",\"text\":\"Medium\"},{\"operator\":\"==\",\"thresholdValue\":\"8\",\"representation\":\"red\",\"text\":\"High\"},{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}],\"compositeBarSettings\":{\"labelText\":\"\",\"columnSettings\":[{\"columnName\":\"LogSeverity\",\"color\":\"blue\"},{\"columnName\":\"DestinationDnsDomain\",\"color\":\"purple\"}]}}},{\"columnMatch\":\"Count\",\"formatter\":4,\"formatOptions\":{\"min\":0,\"palette\":\"blue\"}}],\"rowLimit\":500,\"filter\":true,\"sortBy\":[{\"itemKey\":\"SourceIP\",\"sortOrder\":2}]},\"sortBy\":[{\"itemKey\":\"SourceIP\",\"sortOrder\":2}]},\"customWidth\":\"70\",\"conditionalVisibilities\":[{\"parameterName\":\"ip\",\"comparison\":\"isNotEqualTo\"},{\"parameterName\":\"LogTypeParam\",\"comparison\":\"isEqualTo\",\"value\":\"DNS\"}],\"showPin\":false,\"name\":\"Events for {ip} - Copy\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let starttime = {TimeRange:start};\\r\\nlet endtime = {TimeRange:end};\\r\\n// Finding Tops \\r\\nlet Top = materialize(InfobloxCDC\\r\\n| where TimeGenerated {TimeRange}\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| where DeviceEventClassID has_cs '{LogTypeParam}'\\r\\n| extend InfobloxB1FeedName = case(InfobloxB1FeedName == \\\"\\\", InfobloxRPZ, InfobloxB1FeedName)\\r\\n| where '{ip}' == SourceIP \\r\\n| summarize count() by InfobloxB1FeedName\\r\\n| top 10 by count_ \\r\\n| project InfobloxB1FeedName);\\r\\n// Filtering datasource to Tops and Plot Time chart\\r\\nInfobloxCDC\\r\\n| where TimeGenerated {TimeRange}\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| where DeviceEventClassID has_cs '{LogTypeParam}'\\r\\n| extend InfobloxB1FeedName = case(InfobloxB1FeedName == \\\"\\\", InfobloxRPZ, InfobloxB1FeedName)\\r\\n| where '{ip}' == SourceIP \\r\\n| where InfobloxB1FeedName in ((Top))\\r\\n| project TimeGenerated, InfobloxB1FeedName\\r\\n| make-series Total= count() default = 0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step {TimeRange:grain} by InfobloxB1FeedName\",\"size\":0,\"title\":\"Feed Trend for {ip}\",\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"barchart\",\"chartSettings\":{\"showLegend\":true}},\"customWidth\":\"50\",\"conditionalVisibilities\":[{\"parameterName\":\"ip\",\"comparison\":\"isNotEqualTo\"},{\"parameterName\":\"LogTypeParam\",\"comparison\":\"isEqualTo\",\"value\":\"RPZ\"}],\"name\":\"Feed Trend for {ip}\",\"styleSettings\":{\"margin\":\"0px 10px 0px 0px\"}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let starttime = {TimeRange:start};\\r\\nlet endtime = {TimeRange:end};\\r\\n// Finding Tops \\r\\nlet Top = materialize(InfobloxCDC\\r\\n| where TimeGenerated {TimeRange}\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| where DeviceEventClassID has_cs '{LogTypeParam}'\\r\\n| extend ThreatClass = case(ThreatClass == \\\"\\\", \\\"N/A\\\", ThreatClass)\\r\\n| where '{ip}' == SourceIP \\r\\n| summarize count() by ThreatClass\\r\\n| top 10 by count_ \\r\\n| project ThreatClass);\\r\\n// Filtering datasource to Tops and Plot Time chart\\r\\nInfobloxCDC\\r\\n| where TimeGenerated {TimeRange}\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| where DeviceEventClassID has_cs '{LogTypeParam}'\\r\\n| extend ThreatClass = case(ThreatClass == \\\"\\\", \\\"N/A\\\", ThreatClass)\\r\\n| where '{ip}' == SourceIP \\r\\n| where ThreatClass in ((Top))\\r\\n| project TimeGenerated, ThreatClass\\r\\n| make-series Total= count() default = 0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step {TimeRange:grain} by ThreatClass\",\"size\":0,\"title\":\"Threat Class Trend for {ip}\",\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"barchart\",\"chartSettings\":{\"showLegend\":true}},\"customWidth\":\"50\",\"conditionalVisibilities\":[{\"parameterName\":\"ip\",\"comparison\":\"isNotEqualTo\"},{\"parameterName\":\"LogTypeParam\",\"comparison\":\"isEqualTo\",\"value\":\"RPZ\"}],\"name\":\"Threat Class Trend for {ip}\",\"styleSettings\":{\"margin\":\"0px 10px 0px 0px\"}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange}\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| where DeviceEventClassID has_cs '{LogTypeParam}'\\r\\n| where '{ip}' == SourceIP \\r\\n| make-series Trend = count() default = 0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step {TimeRange:grain} by ThreatLevel\",\"size\":0,\"title\":\"Threat Level Trend for {ip}\",\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"timechart\",\"chartSettings\":{\"group\":\"ThreatLevel\",\"createOtherGroup\":\"\",\"showLegend\":true,\"seriesLabelSettings\":[{\"seriesName\":\"N/A\",\"label\":\"N/A\",\"color\":\"turquoise\"},{\"seriesName\":\"Info\",\"label\":\"\",\"color\":\"lightBlue\"},{\"seriesName\":\"Low\",\"label\":\"\",\"color\":\"yellow\"},{\"seriesName\":\"Medium\",\"label\":\"\",\"color\":\"orange\"},{\"seriesName\":\"High\",\"color\":\"red\"}]}},\"customWidth\":\"50\",\"conditionalVisibilities\":[{\"parameterName\":\"ip\",\"comparison\":\"isNotEqualTo\"},{\"parameterName\":\"LogTypeParam\",\"comparison\":\"isEqualTo\",\"value\":\"RPZ\"}],\"name\":\"Threat Level Trend for {ip}\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange}\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| where DeviceEventClassID has_cs '{LogTypeParam}'\\r\\n| where '{ip}' == SourceIP \\r\\n| make-series Trend = count() default = 0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step {TimeRange:grain} by SimplifiedDeviceAction\",\"size\":0,\"title\":\"Action Trend for {ip}\",\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"timechart\",\"chartSettings\":{\"showLegend\":true,\"seriesLabelSettings\":[{\"seriesName\":\"PASSTHRU\",\"label\":\"Log\",\"color\":\"green\"},{\"seriesName\":\"REDIRECT\",\"label\":\"Redirect\",\"color\":\"orange\"},{\"seriesName\":\"NXDOMAIN\",\"label\":\"Block\",\"color\":\"redBright\"},{\"seriesName\":\"<empty>\",\"label\":\"Unknown\",\"color\":\"turquoise\"}]}},\"customWidth\":\"50\",\"conditionalVisibilities\":[{\"parameterName\":\"ip\",\"comparison\":\"isNotEqualTo\"},{\"parameterName\":\"LogTypeParam\",\"comparison\":\"isEqualTo\",\"value\":\"RPZ\"}],\"name\":\"Action Trend for {ip}\"},{\"type\":1,\"content\":{\"json\":\"#### The time graph below utilizes Time Brushing. Click and drag between two points of the graph to view events for only that window of time. By not selecting any window you can also view all events for the TimeRange selected at the top of this workbook. \\r\\n\\r\\n---\",\"style\":\"info\"},\"conditionalVisibility\":{\"parameterName\":\"ip\",\"comparison\":\"isNotEqualTo\"},\"name\":\"text - 9\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange}\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| where DeviceEventClassID has_cs '{LogTypeParam}'\\r\\n| where '{ip}' == SourceIP \\r\\n| summarize count() by DestinationDnsDomain\\r\\n| order by count_ desc\",\"size\":2,\"title\":\"Queries for {ip}\",\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"DestinationDnsDomain\",\"formatter\":0,\"formatOptions\":{\"customColumnWidthSetting\":\"40%\"}},{\"columnMatch\":\"count_\",\"formatter\":3,\"formatOptions\":{\"palette\":\"greenRed\",\"compositeBarSettings\":{\"labelText\":\"\"},\"customColumnWidthSetting\":\"60%\"}}],\"rowLimit\":500,\"filter\":true,\"labelSettings\":[{\"columnId\":\"count_\",\"label\":\"Hits\"}]},\"tileSettings\":{\"showBorder\":false,\"titleContent\":{\"columnMatch\":\"DestinationDnsDomain\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"},\"numberFormat\":{\"unit\":17,\"options\":{\"maximumSignificantDigits\":3,\"maximumFractionDigits\":2}}}}},\"customWidth\":\"20\",\"conditionalVisibility\":{\"parameterName\":\"ip\",\"comparison\":\"isNotEqualTo\"},\"name\":\"Queries for {ip}\",\"styleSettings\":{\"margin\":\"0 10px 0 0\"}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let starttime = {TimeRange:start};\\r\\nlet endtime = {TimeRange:end};\\r\\nlet timeframe = 1h;\\r\\n// Finding Tops \\r\\nlet Top = materialize(InfobloxCDC\\r\\n| where TimeGenerated {TimeRange}\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| where DeviceEventClassID has_cs '{LogTypeParam}'\\r\\n| where '{ip}' == SourceIP \\r\\n| where isnotempty(DestinationDnsDomain)\\r\\n| summarize count() by DestinationDnsDomain\\r\\n| top 15 by count_ \\r\\n| project DestinationDnsDomain);\\r\\n// Filtering datasource to Tops and Plot Time chart\\r\\nInfobloxCDC\\r\\n| where TimeGenerated {TimeRange}\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| where DeviceEventClassID has_cs '{LogTypeParam}'\\r\\n| where '{ip}' == SourceIP \\r\\n| where DestinationDnsDomain in ((Top))\\r\\n| project TimeGenerated, DestinationDnsDomain\\r\\n| make-series Total= count() default = 0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step {TimeRange:grain} by DestinationDnsDomain\\r\\n\",\"size\":2,\"title\":\"Top Queries for {ip} by Time\",\"color\":\"red\",\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"timeBrushParameterName\":\"brush\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"barchart\",\"tileSettings\":{\"showBorder\":false,\"titleContent\":{\"columnMatch\":\"DestinationDnsDomain\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"},\"numberFormat\":{\"unit\":17,\"options\":{\"maximumSignificantDigits\":3,\"maximumFractionDigits\":2}}}},\"chartSettings\":{\"createOtherGroup\":15,\"showLegend\":true}},\"customWidth\":\"80\",\"conditionalVisibility\":{\"parameterName\":\"ip\",\"comparison\":\"isNotEqualTo\"},\"name\":\"Top Queries for {ip} by Time\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Total Events for {ip} between {brush:label}\",\"items\":[{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and TimeGenerated {brush} \\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| where DeviceEventClassID has_cs '{LogTypeParam}'\\r\\n| where '{ip}' == SourceIP \\r\\n| summarize count()\",\"size\":3,\"title\":\"Events Count\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"}},\"showBorder\":false}},\"name\":\"Events Count\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and TimeGenerated {brush} \\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| where DeviceEventClassID has_cs '{LogTypeParam}'\\r\\n| where '{ip}' == SourceIP \\r\\n| sort by TimeGenerated desc\\r\\n| project TimeGenerated, DeviceEventClassID, ThreatLevel, ThreatLevel_Score, ThreatConfidence, DestinationDnsDomain, InfobloxB1FeedName, ThreatClass, ThreatProperty, InfobloxB1PolicyAction, DeviceAction, InfobloxB1PolicyName, SourceIP, DeviceName, SourceMACAddress, SourceUserName, InfobloxB1SrcOSVersion, InfobloxB1ConnectionType, InfobloxB1Network, AdditionalExtensionsParsedNested\",\"size\":2,\"showAnalytics\":true,\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"showRefreshButton\":true,\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"ThreatLevel\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"==\",\"thresholdValue\":\"N/A\",\"representation\":\"gray\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Low\",\"representation\":\"yellow\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Info\",\"representation\":\"lightBlue\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Medium\",\"representation\":\"orange\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"High\",\"representation\":\"red\",\"text\":\"{0}{1}\"},{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"ThreatLevel_Score\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"is Empty\",\"representation\":\"gray\",\"text\":\"N/A\"},{\"operator\":\">=\",\"thresholdValue\":\"80\",\"representation\":\"red\",\"text\":\"{0}{1}\"},{\"operator\":\">=\",\"thresholdValue\":\"50\",\"representation\":\"orange\",\"text\":\"{0}{1}\"},{\"operator\":\">=\",\"thresholdValue\":\"1\",\"representation\":\"yellow\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"0\",\"representation\":\"lightBlue\",\"text\":\"{0}{1}\"},{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}],\"compositeBarSettings\":{\"labelText\":\"[\\\"ThreatLevel\\\"]\",\"columnSettings\":[{\"columnName\":\"ThreatLevel\",\"color\":\"orange\"},{\"columnName\":\"DestinationDnsDomain\",\"color\":\"blue\"}]}}},{\"columnMatch\":\"ThreatConfidence\",\"formatter\":8,\"formatOptions\":{\"min\":0,\"max\":100,\"palette\":\"purpleBlueGreen\",\"compositeBarSettings\":{\"labelText\":\"\"}}},{\"columnMatch\":\"LogSeverity\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"==\",\"thresholdValue\":\"0\",\"representation\":\"green\",\"text\":\"N/A\"},{\"operator\":\"==\",\"thresholdValue\":\"1\",\"representation\":\"blue\",\"text\":\"Low/Info\"},{\"operator\":\"==\",\"thresholdValue\":\"5\",\"representation\":\"orange\",\"text\":\"Medium\"},{\"operator\":\"==\",\"thresholdValue\":\"8\",\"representation\":\"red\",\"text\":\"High\"},{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}],\"compositeBarSettings\":{\"labelText\":\"\",\"columnSettings\":[{\"columnName\":\"LogSeverity\",\"color\":\"blue\"},{\"columnName\":\"DestinationDnsDomain\",\"color\":\"purple\"}]}}},{\"columnMatch\":\"Count\",\"formatter\":4,\"formatOptions\":{\"min\":0,\"palette\":\"blue\"}}],\"rowLimit\":500,\"filter\":true,\"sortBy\":[{\"itemKey\":\"InfobloxB1PolicyAction\",\"sortOrder\":1}]},\"sortBy\":[{\"itemKey\":\"InfobloxB1PolicyAction\",\"sortOrder\":1}]},\"conditionalVisibility\":{\"parameterName\":\"LogTypeParam\",\"comparison\":\"isEqualTo\",\"value\":\"RPZ\"},\"showPin\":false,\"name\":\"Events for {ip} between {brush:label} - grid\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and TimeGenerated {brush} \\r\\n| where DeviceEventClassID has_cs 'DNS'\\r\\n| where '{ip}' == SourceIP \\r\\n| sort by TimeGenerated desc\\r\\n| project TimeGenerated, Activity, DestinationDnsDomain, SourceIP, DeviceName, SourceMACAddress, SourceUserName, InfobloxB1SrcOSVersion, InfobloxB1ConnectionType, InfobloxB1Network, InfobloxDNSQClass, InfobloxDNSQType, InfobloxDNSRCode, Protocol, AdditionalExtensionsParsedNested\\r\\n\",\"size\":2,\"showAnalytics\":true,\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"showRefreshButton\":true,\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"ThreatLevel\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"==\",\"thresholdValue\":\"N/A\",\"representation\":\"gray\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Low\",\"representation\":\"yellow\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Info\",\"representation\":\"lightBlue\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Medium\",\"representation\":\"orange\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"High\",\"representation\":\"red\",\"text\":\"{0}{1}\"},{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"ThreatLevel_Score\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"is Empty\",\"representation\":\"gray\",\"text\":\"N/A\"},{\"operator\":\">=\",\"thresholdValue\":\"80\",\"representation\":\"red\",\"text\":\"{0}{1}\"},{\"operator\":\">=\",\"thresholdValue\":\"50\",\"representation\":\"orange\",\"text\":\"{0}{1}\"},{\"operator\":\">=\",\"thresholdValue\":\"1\",\"representation\":\"yellow\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"0\",\"representation\":\"lightBlue\",\"text\":\"{0}{1}\"},{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}],\"compositeBarSettings\":{\"labelText\":\"[\\\"ThreatLevel\\\"]\",\"columnSettings\":[{\"columnName\":\"ThreatLevel\",\"color\":\"orange\"},{\"columnName\":\"DestinationDnsDomain\",\"color\":\"blue\"}]}}},{\"columnMatch\":\"ThreatConfidence\",\"formatter\":8,\"formatOptions\":{\"min\":0,\"max\":100,\"palette\":\"purpleBlueGreen\",\"compositeBarSettings\":{\"labelText\":\"\"}}},{\"columnMatch\":\"LogSeverity\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"==\",\"thresholdValue\":\"0\",\"representation\":\"green\",\"text\":\"N/A\"},{\"operator\":\"==\",\"thresholdValue\":\"1\",\"representation\":\"blue\",\"text\":\"Low/Info\"},{\"operator\":\"==\",\"thresholdValue\":\"5\",\"representation\":\"orange\",\"text\":\"Medium\"},{\"operator\":\"==\",\"thresholdValue\":\"8\",\"representation\":\"red\",\"text\":\"High\"},{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}],\"compositeBarSettings\":{\"labelText\":\"\",\"columnSettings\":[{\"columnName\":\"LogSeverity\",\"color\":\"blue\"},{\"columnName\":\"DestinationDnsDomain\",\"color\":\"purple\"}]}}},{\"columnMatch\":\"Count\",\"formatter\":4,\"formatOptions\":{\"min\":0,\"palette\":\"blue\"}}],\"rowLimit\":500,\"filter\":true}},\"conditionalVisibility\":{\"parameterName\":\"LogTypeParam\",\"comparison\":\"isEqualTo\",\"value\":\"DNS\"},\"showPin\":false,\"name\":\"Events for {ip} between {brush:label} - grid - Copy\"}]},\"conditionalVisibility\":{\"parameterName\":\"ip\",\"comparison\":\"isNotEqualTo\"},\"name\":\"Total Events for {ip} between {brush:label}\"}]},\"conditionalVisibility\":{\"parameterName\":\"view\",\"comparison\":\"isEqualTo\",\"value\":\"Events by Device\"},\"name\":\"Events by Device\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"## Events by Destination Domain\\r\\n---\\r\\n#### Get a closer look into what is being queried. \\r\\nThis section visualizes where users are visiting. Further drilldown data by destination query (domain). \\r\\n\\r\\nMake sure to set all Threat Defense dropdowns below back to \\\"All\\\" when switching between Log Types.\"},\"name\":\"text - 6\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"9d2856d9-b23c-4779-916d-abef2e4c50e0\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"LogTypeParam\",\"label\":\"Log Type\",\"type\":2,\"isRequired\":true,\"value\":\"RPZ\",\"typeSettings\":{\"showDefault\":false},\"jsonData\":\"[\\r\\n    { \\\"value\\\":\\\"RPZ\\\",  \\\"label\\\":\\\"Threat Defense Security Hits\\\" },\\r\\n    { \\\"value\\\":\\\"DNS\\\", \\\"label\\\":\\\"DNS Queries & Responses\\\" }\\r\\n]\",\"timeContext\":{\"durationMs\":86400000},\"timeContextFromParameter\":\"TimeRange\"}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"parameters - 6 - Copy - Copy - Copy2 - Copy\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"a5663eb6-1030-421e-a60a-6af9f4af3f99\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"ThreatLevelParam\",\"label\":\"Threat Level\",\"type\":2,\"isRequired\":true,\"multiSelect\":true,\"quote\":\"'\",\"delimiter\":\",\",\"value\":[\"value::all\"],\"typeSettings\":{\"additionalResourceOptions\":[\"value::all\"],\"selectAllValue\":\"All\",\"showDefault\":false},\"jsonData\":\"[\\r\\n    { \\\"value\\\":\\\"N/A\\\"},\\r\\n    { \\\"value\\\":\\\"Info\\\"},\\r\\n    { \\\"value\\\":\\\"Low\\\"},\\r\\n    { \\\"value\\\":\\\"Medium\\\"},\\r\\n    { \\\"value\\\":\\\"High\\\"}\\r\\n]\",\"timeContext\":{\"durationMs\":259200000},\"timeContextFromParameter\":\"TimeRange\",\"defaultValue\":\"value::all\"},{\"id\":\"5cbd5c34-3703-4835-aa3b-228504310c1c\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"FeedParam\",\"label\":\"Feed\",\"type\":2,\"isRequired\":true,\"multiSelect\":true,\"quote\":\"\\\"\",\"delimiter\":\",\",\"query\":\"InfobloxCDC\\r\\n| where isnotempty(InfobloxB1FeedName)\\r\\n| summarize by InfobloxB1FeedName\\r\\n| order by InfobloxB1FeedName asc\",\"typeSettings\":{\"additionalResourceOptions\":[\"value::all\"],\"selectAllValue\":\"All\",\"showDefault\":false},\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"defaultValue\":\"value::all\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"value\":[\"value::all\"]},{\"id\":\"3c67b4c6-8cf3-4c75-87ea-4bca83dee296\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"ThreatClassParam\",\"label\":\"Threat Class\",\"type\":2,\"isRequired\":true,\"multiSelect\":true,\"quote\":\"\\\"\",\"delimiter\":\",\",\"query\":\"InfobloxCDC\\r\\n| summarize by ThreatClass\\r\\n| order by ThreatClass asc\\r\\n| project value = ThreatClass, label = case(ThreatClass == \\\"\\\", \\\"N/A\\\", ThreatClass)\",\"typeSettings\":{\"additionalResourceOptions\":[\"value::all\"],\"selectAllValue\":\"All\",\"showDefault\":false},\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"defaultValue\":\"value::all\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"value\":[\"value::all\"]},{\"version\":\"KqlParameterItem/1.0\",\"name\":\"ActionParam\",\"label\":\"Action\",\"type\":2,\"isRequired\":true,\"multiSelect\":true,\"quote\":\"\\\"\",\"delimiter\":\",\",\"value\":[\"value::all\"],\"typeSettings\":{\"additionalResourceOptions\":[\"value::all\"],\"selectAllValue\":\"All\",\"showDefault\":false},\"jsonData\":\"[\\r\\n    { \\\"value\\\":\\\"NXDOMAIN\\\", \\\"label\\\": \\\"Block\\\"},\\r\\n    { \\\"value\\\":\\\"REDIRECT\\\", \\\"label\\\": \\\"Redirect\\\"},\\r\\n    { \\\"value\\\":\\\"PASSTHRU\\\", \\\"label\\\": \\\"Log\\\"}\\r\\n]\",\"timeContext\":{\"durationMs\":259200000},\"timeContextFromParameter\":\"TimeRange\",\"defaultValue\":\"value::all\",\"id\":\"730927d0-a8ce-461d-b20b-fe9cda17c486\"}],\"style\":\"pills\",\"doNotRunWhenHidden\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"conditionalVisibility\":{\"parameterName\":\"LogTypeParam\",\"comparison\":\"isEqualTo\",\"value\":\"RPZ\"},\"name\":\"parameters - 6 - Copy - Copy - Copy - Copy - Copy\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let starttime = {TimeRange:start};\\r\\nlet endtime = {TimeRange:end};\\r\\nlet timeframe = 1h;\\r\\n// Finding Tops \\r\\nlet Top = materialize(InfobloxCDC\\r\\n| where TimeGenerated {TimeRange}\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| where DeviceEventClassID has_cs '{LogTypeParam}'\\r\\n| where isnotempty(DestinationDnsDomain)\\r\\n| summarize count() by DestinationDnsDomain\\r\\n| top 15 by count_ \\r\\n| project DestinationDnsDomain);\\r\\n// Filtering datasource to Tops and Plot Time chart\\r\\nInfobloxCDC\\r\\n| where TimeGenerated {TimeRange}\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| where DeviceEventClassID has_cs '{LogTypeParam}'\\r\\n| where DestinationDnsDomain in ((Top))\\r\\n| project TimeGenerated, DestinationDnsDomain\\r\\n| make-series Total= count() default = 0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step {TimeRange:grain} by DestinationDnsDomain\\r\\n\",\"size\":2,\"title\":\"Top Queries by Time\",\"color\":\"red\",\"timeContext\":{\"durationMs\":86400000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"barchart\",\"tileSettings\":{\"showBorder\":false,\"titleContent\":{\"columnMatch\":\"DestinationDnsDomain\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"},\"numberFormat\":{\"unit\":17,\"options\":{\"maximumSignificantDigits\":3,\"maximumFractionDigits\":2}}}},\"chartSettings\":{\"createOtherGroup\":15,\"showLegend\":true}},\"name\":\"Top Queries by Time\"},{\"type\":1,\"content\":{\"json\":\"#### Click on a Query in the chart below to further drilldown the query.\\r\\n\\r\\n---\",\"style\":\"info\"},\"name\":\"text - 14\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange}\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| where DeviceEventClassID has_cs '{LogTypeParam}'\\r\\n| summarize count() by DestinationDnsDomain\\r\\n| sort by count_ desc\",\"size\":2,\"title\":\"Hit Count by Query/Domain\",\"timeContext\":{\"durationMs\":86400000},\"timeContextFromParameter\":\"TimeRange\",\"exportFieldName\":\"DestinationDnsDomain\",\"exportParameterName\":\"domain\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"DestinationDnsDomain\",\"formatter\":0,\"formatOptions\":{\"customColumnWidthSetting\":\"60%\"}},{\"columnMatch\":\"count_\",\"formatter\":3,\"formatOptions\":{\"palette\":\"greenRed\",\"compositeBarSettings\":{\"labelText\":\"\"},\"customColumnWidthSetting\":\"40%\"}}],\"rowLimit\":500,\"filter\":true,\"labelSettings\":[{\"columnId\":\"count_\",\"label\":\"Hits\"}]},\"tileSettings\":{\"showBorder\":false,\"titleContent\":{\"columnMatch\":\"DestinationDnsDomain\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"},\"numberFormat\":{\"unit\":17,\"options\":{\"maximumSignificantDigits\":3,\"maximumFractionDigits\":2}}}}},\"customWidth\":\"30\",\"name\":\"Hit Count by Query/Domain\",\"styleSettings\":{\"margin\":\"0 10px 0 0\"}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange}\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| where DeviceEventClassID has_cs 'RPZ'\\r\\n| where '{domain}' == DestinationDnsDomain \\r\\n| sort by TimeGenerated desc\\r\\n| project TimeGenerated, ThreatLevel, ThreatLevel_Score, ThreatConfidence, DestinationDnsDomain, InfobloxB1FeedName, ThreatClass, ThreatProperty, InfobloxB1PolicyAction, DeviceAction, InfobloxB1PolicyName, SourceIP, DeviceName, SourceMACAddress, SourceUserName, InfobloxB1SrcOSVersion, InfobloxB1ConnectionType, InfobloxB1Network, AdditionalExtensionsParsedNested\\r\\n\",\"size\":2,\"showAnalytics\":true,\"title\":\"Events for {domain}\",\"timeContext\":{\"durationMs\":86400000},\"timeContextFromParameter\":\"TimeRange\",\"showRefreshButton\":true,\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"ThreatLevel\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"==\",\"thresholdValue\":\"N/A\",\"representation\":\"gray\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Low\",\"representation\":\"yellow\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Info\",\"representation\":\"lightBlue\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Medium\",\"representation\":\"orange\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"High\",\"representation\":\"red\",\"text\":\"{0}{1}\"},{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"ThreatLevel_Score\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"is Empty\",\"representation\":\"gray\",\"text\":\"N/A\"},{\"operator\":\">=\",\"thresholdValue\":\"80\",\"representation\":\"red\",\"text\":\"{0}{1}\"},{\"operator\":\">=\",\"thresholdValue\":\"50\",\"representation\":\"orange\",\"text\":\"{0}{1}\"},{\"operator\":\">=\",\"thresholdValue\":\"1\",\"representation\":\"yellow\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"0\",\"representation\":\"lightBlue\",\"text\":\"{0}{1}\"},{\"operator\":\"Default\",\"text\":\"\"}],\"compositeBarSettings\":{\"labelText\":\"[\\\"ThreatLevel\\\"]\",\"columnSettings\":[{\"columnName\":\"ThreatLevel\",\"color\":\"orange\"},{\"columnName\":\"DestinationDnsDomain\",\"color\":\"blue\"}]}}},{\"columnMatch\":\"ThreatConfidence\",\"formatter\":8,\"formatOptions\":{\"min\":0,\"max\":100,\"palette\":\"purpleBlueGreen\",\"compositeBarSettings\":{\"labelText\":\"\"}}},{\"columnMatch\":\"LogSeverity\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"==\",\"thresholdValue\":\"0\",\"representation\":\"green\",\"text\":\"N/A\"},{\"operator\":\"==\",\"thresholdValue\":\"1\",\"representation\":\"blue\",\"text\":\"Low/Info\"},{\"operator\":\"==\",\"thresholdValue\":\"5\",\"representation\":\"orange\",\"text\":\"Medium\"},{\"operator\":\"==\",\"thresholdValue\":\"8\",\"representation\":\"red\",\"text\":\"High\"},{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}],\"compositeBarSettings\":{\"labelText\":\"\",\"columnSettings\":[{\"columnName\":\"LogSeverity\",\"color\":\"blue\"},{\"columnName\":\"DestinationDnsDomain\",\"color\":\"purple\"}]}}},{\"columnMatch\":\"Count\",\"formatter\":4,\"formatOptions\":{\"min\":0,\"palette\":\"blue\"}}],\"rowLimit\":500,\"filter\":true}},\"customWidth\":\"70\",\"conditionalVisibilities\":[{\"parameterName\":\"domain\",\"comparison\":\"isNotEqualTo\"},{\"parameterName\":\"LogTypeParam\",\"comparison\":\"isEqualTo\",\"value\":\"RPZ\"}],\"showPin\":false,\"name\":\"Events for {domain}\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange}\\r\\n| where DeviceEventClassID has_cs 'DNS'\\r\\n| where '{domain}' == DestinationDnsDomain \\r\\n| sort by TimeGenerated desc\\r\\n| project TimeGenerated, Activity, DestinationDnsDomain, SourceIP, DeviceName, SourceMACAddress, SourceUserName, InfobloxB1SrcOSVersion, InfobloxB1ConnectionType, InfobloxB1Network, InfobloxDNSQClass, InfobloxDNSQType, InfobloxDNSRCode, Protocol, AdditionalExtensionsParsedNested\\r\\n\\r\\n\",\"size\":2,\"showAnalytics\":true,\"title\":\"Events for {domain}\",\"timeContext\":{\"durationMs\":86400000},\"timeContextFromParameter\":\"TimeRange\",\"showRefreshButton\":true,\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"ThreatLevel\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"==\",\"thresholdValue\":\"N/A\",\"representation\":\"gray\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Low\",\"representation\":\"yellow\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Info\",\"representation\":\"lightBlue\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Medium\",\"representation\":\"orange\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"High\",\"representation\":\"red\",\"text\":\"{0}{1}\"},{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"ThreatLevel_Score\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"is Empty\",\"representation\":\"gray\",\"text\":\"N/A\"},{\"operator\":\">=\",\"thresholdValue\":\"80\",\"representation\":\"red\",\"text\":\"{0}{1}\"},{\"operator\":\">=\",\"thresholdValue\":\"50\",\"representation\":\"orange\",\"text\":\"{0}{1}\"},{\"operator\":\">=\",\"thresholdValue\":\"1\",\"representation\":\"yellow\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"0\",\"representation\":\"lightBlue\",\"text\":\"{0}{1}\"},{\"operator\":\"Default\",\"text\":\"\"}],\"compositeBarSettings\":{\"labelText\":\"[\\\"ThreatLevel\\\"]\",\"columnSettings\":[{\"columnName\":\"ThreatLevel\",\"color\":\"orange\"},{\"columnName\":\"DestinationDnsDomain\",\"color\":\"blue\"}]}}},{\"columnMatch\":\"ThreatConfidence\",\"formatter\":8,\"formatOptions\":{\"min\":0,\"max\":100,\"palette\":\"purpleBlueGreen\",\"compositeBarSettings\":{\"labelText\":\"\"}}},{\"columnMatch\":\"LogSeverity\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"==\",\"thresholdValue\":\"0\",\"representation\":\"green\",\"text\":\"N/A\"},{\"operator\":\"==\",\"thresholdValue\":\"1\",\"representation\":\"blue\",\"text\":\"Low/Info\"},{\"operator\":\"==\",\"thresholdValue\":\"5\",\"representation\":\"orange\",\"text\":\"Medium\"},{\"operator\":\"==\",\"thresholdValue\":\"8\",\"representation\":\"red\",\"text\":\"High\"},{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}],\"compositeBarSettings\":{\"labelText\":\"\",\"columnSettings\":[{\"columnName\":\"LogSeverity\",\"color\":\"blue\"},{\"columnName\":\"DestinationDnsDomain\",\"color\":\"purple\"}]}}},{\"columnMatch\":\"Count\",\"formatter\":4,\"formatOptions\":{\"min\":0,\"palette\":\"blue\"}}],\"rowLimit\":500,\"filter\":true}},\"customWidth\":\"70\",\"conditionalVisibilities\":[{\"parameterName\":\"domain\",\"comparison\":\"isNotEqualTo\"},{\"parameterName\":\"LogTypeParam\",\"comparison\":\"isEqualTo\",\"value\":\"DNS\"}],\"showPin\":false,\"name\":\"Events for {domain} - Copy\"},{\"type\":1,\"content\":{\"json\":\"#### The time graph below utilizes Time Brushing. Click and drag between two points of the graph to view events for only that window of time. By not selecting any window you can also view all events for the TimeRange selected at the top of this workbook. \\r\\n\\r\\n---\",\"style\":\"info\"},\"conditionalVisibility\":{\"parameterName\":\"domain\",\"comparison\":\"isNotEqualTo\"},\"name\":\"text - 7\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange}\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| where DeviceEventClassID has_cs '{LogTypeParam}'\\r\\n| where '{domain}' == DestinationDnsDomain \\r\\n| summarize count() by SourceIP, DeviceName, SourceMACAddress, InfobloxB1SrcOSVersion\\r\\n| sort by count_ desc\",\"size\":2,\"title\":\"Devices Querying {domain}\",\"timeContext\":{\"durationMs\":86400000},\"timeContextFromParameter\":\"TimeRange\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"count_\",\"formatter\":3,\"formatOptions\":{\"palette\":\"greenRed\",\"compositeBarSettings\":{\"labelText\":\"\"},\"customColumnWidthSetting\":\"40%\"}}],\"rowLimit\":500,\"filter\":true,\"labelSettings\":[{\"columnId\":\"count_\",\"label\":\"Hits\"}]},\"tileSettings\":{\"showBorder\":false,\"titleContent\":{\"columnMatch\":\"DestinationDnsDomain\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"},\"numberFormat\":{\"unit\":17,\"options\":{\"maximumSignificantDigits\":3,\"maximumFractionDigits\":2}}}}},\"customWidth\":\"30\",\"conditionalVisibility\":{\"parameterName\":\"domain\",\"comparison\":\"isNotEqualTo\"},\"name\":\"Devices Querying {domain}\",\"styleSettings\":{\"margin\":\"0 10px 0 0\"}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let starttime = {TimeRange:start};\\r\\nlet endtime = {TimeRange:end};\\r\\nlet timeframe = 1h;\\r\\n// Finding Tops \\r\\nlet Top = materialize(InfobloxCDC\\r\\n| where TimeGenerated {TimeRange}\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| where DeviceEventClassID has_cs '{LogTypeParam}'\\r\\n| where '{domain}' == DestinationDnsDomain \\r\\n| where isnotempty(SourceIP)\\r\\n| summarize count() by SourceIP\\r\\n| top 15 by count_ \\r\\n| project SourceIP);\\r\\n// Filtering datasource to Tops and Plot Time chart\\r\\nInfobloxCDC\\r\\n| where TimeGenerated {TimeRange}\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| where DeviceEventClassID has_cs '{LogTypeParam}'\\r\\n| where '{domain}' == DestinationDnsDomain \\r\\n| where SourceIP in ((Top))\\r\\n| project TimeGenerated, SourceIP\\r\\n| make-series Total= count() default = 0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step {TimeRange:grain} by SourceIP\\r\\n\",\"size\":2,\"title\":\"Top Devices Querying {domain} by Time\",\"timeContext\":{\"durationMs\":86400000},\"timeContextFromParameter\":\"TimeRange\",\"timeBrushParameterName\":\"brush\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"barchart\",\"tileSettings\":{\"showBorder\":false,\"titleContent\":{\"columnMatch\":\"DestinationDnsDomain\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"},\"numberFormat\":{\"unit\":17,\"options\":{\"maximumSignificantDigits\":3,\"maximumFractionDigits\":2}}}},\"chartSettings\":{\"showLegend\":true}},\"customWidth\":\"70\",\"conditionalVisibility\":{\"parameterName\":\"domain\",\"comparison\":\"isNotEqualTo\"},\"name\":\"Top Devices Querying {domain} by Time\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Events for {domain} between {brush:label}\",\"items\":[{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and TimeGenerated {brush} \\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| where DeviceEventClassID has_cs '{LogTypeParam}'\\r\\n| where '{domain}' == DestinationDnsDomain \\r\\n| summarize count()\",\"size\":3,\"title\":\"Events Count\",\"timeContext\":{\"durationMs\":86400000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"}},\"showBorder\":false}},\"name\":\"Events Count\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and TimeGenerated {brush} \\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| where DeviceEventClassID has_cs 'RPZ'\\r\\n| where '{domain}' == DestinationDnsDomain \\r\\n| sort by TimeGenerated desc\\r\\n| project TimeGenerated, DeviceEventClassID, ThreatLevel, ThreatLevel_Score, ThreatConfidence, DestinationDnsDomain, InfobloxB1FeedName, ThreatClass, ThreatProperty, InfobloxB1PolicyAction, DeviceAction, InfobloxB1PolicyName, SourceIP, DeviceName, SourceMACAddress, SourceUserName, InfobloxB1SrcOSVersion, InfobloxB1ConnectionType, InfobloxB1Network, AdditionalExtensionsParsedNested\\r\\n\",\"size\":2,\"showAnalytics\":true,\"timeContext\":{\"durationMs\":86400000},\"timeContextFromParameter\":\"TimeRange\",\"showRefreshButton\":true,\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"ThreatLevel\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"==\",\"thresholdValue\":\"N/A\",\"representation\":\"gray\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Low\",\"representation\":\"yellow\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Info\",\"representation\":\"lightBlue\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Medium\",\"representation\":\"orange\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"High\",\"representation\":\"red\",\"text\":\"{0}{1}\"},{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"ThreatLevel_Score\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"is Empty\",\"representation\":\"gray\",\"text\":\"N/A\"},{\"operator\":\">=\",\"thresholdValue\":\"80\",\"representation\":\"red\",\"text\":\"{0}{1}\"},{\"operator\":\">=\",\"thresholdValue\":\"50\",\"representation\":\"orange\",\"text\":\"{0}{1}\"},{\"operator\":\">=\",\"thresholdValue\":\"1\",\"representation\":\"yellow\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"0\",\"representation\":\"lightBlue\",\"text\":\"{0}{1}\"},{\"operator\":\"Default\",\"text\":\"\"}],\"compositeBarSettings\":{\"labelText\":\"[\\\"ThreatLevel\\\"]\",\"columnSettings\":[{\"columnName\":\"ThreatLevel\",\"color\":\"orange\"},{\"columnName\":\"DestinationDnsDomain\",\"color\":\"blue\"}]}}},{\"columnMatch\":\"ThreatConfidence\",\"formatter\":8,\"formatOptions\":{\"min\":0,\"max\":100,\"palette\":\"purpleBlueGreen\",\"compositeBarSettings\":{\"labelText\":\"\"}}},{\"columnMatch\":\"LogSeverity\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"==\",\"thresholdValue\":\"0\",\"representation\":\"green\",\"text\":\"N/A\"},{\"operator\":\"==\",\"thresholdValue\":\"1\",\"representation\":\"blue\",\"text\":\"Low/Info\"},{\"operator\":\"==\",\"thresholdValue\":\"5\",\"representation\":\"orange\",\"text\":\"Medium\"},{\"operator\":\"==\",\"thresholdValue\":\"8\",\"representation\":\"red\",\"text\":\"High\"},{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}],\"compositeBarSettings\":{\"labelText\":\"\",\"columnSettings\":[{\"columnName\":\"LogSeverity\",\"color\":\"blue\"},{\"columnName\":\"DestinationDnsDomain\",\"color\":\"purple\"}]}}},{\"columnMatch\":\"Count\",\"formatter\":4,\"formatOptions\":{\"min\":0,\"palette\":\"blue\"}}],\"rowLimit\":500,\"filter\":true}},\"conditionalVisibility\":{\"parameterName\":\"LogTypeParam\",\"comparison\":\"isEqualTo\",\"value\":\"RPZ\"},\"showPin\":false,\"name\":\"Domain RPZ Events - grid\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and TimeGenerated {brush} \\r\\n| where DeviceEventClassID has_cs 'DNS'\\r\\n| where '{domain}' == DestinationDnsDomain \\r\\n| sort by TimeGenerated desc\\r\\n| project TimeGenerated, Activity, DestinationDnsDomain, SourceIP, DeviceName, SourceMACAddress, SourceUserName, InfobloxB1SrcOSVersion, InfobloxB1ConnectionType, InfobloxB1Network, InfobloxDNSQClass, InfobloxDNSQType, InfobloxDNSRCode, Protocol, AdditionalExtensionsParsedNested\\r\\n\",\"size\":2,\"showAnalytics\":true,\"timeContext\":{\"durationMs\":86400000},\"timeContextFromParameter\":\"TimeRange\",\"showRefreshButton\":true,\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"ThreatLevel\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"==\",\"thresholdValue\":\"N/A\",\"representation\":\"gray\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Low\",\"representation\":\"yellow\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Info\",\"representation\":\"lightBlue\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Medium\",\"representation\":\"orange\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"High\",\"representation\":\"red\",\"text\":\"{0}{1}\"},{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"ThreatLevel_Score\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"is Empty\",\"representation\":\"gray\",\"text\":\"N/A\"},{\"operator\":\">=\",\"thresholdValue\":\"80\",\"representation\":\"red\",\"text\":\"{0}{1}\"},{\"operator\":\">=\",\"thresholdValue\":\"50\",\"representation\":\"orange\",\"text\":\"{0}{1}\"},{\"operator\":\">=\",\"thresholdValue\":\"1\",\"representation\":\"yellow\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"0\",\"representation\":\"lightBlue\",\"text\":\"{0}{1}\"},{\"operator\":\"Default\",\"text\":\"\"}],\"compositeBarSettings\":{\"labelText\":\"[\\\"ThreatLevel\\\"]\",\"columnSettings\":[{\"columnName\":\"ThreatLevel\",\"color\":\"orange\"},{\"columnName\":\"DestinationDnsDomain\",\"color\":\"blue\"}]}}},{\"columnMatch\":\"ThreatConfidence\",\"formatter\":8,\"formatOptions\":{\"min\":0,\"max\":100,\"palette\":\"purpleBlueGreen\",\"compositeBarSettings\":{\"labelText\":\"\"}}},{\"columnMatch\":\"LogSeverity\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"==\",\"thresholdValue\":\"0\",\"representation\":\"green\",\"text\":\"N/A\"},{\"operator\":\"==\",\"thresholdValue\":\"1\",\"representation\":\"blue\",\"text\":\"Low/Info\"},{\"operator\":\"==\",\"thresholdValue\":\"5\",\"representation\":\"orange\",\"text\":\"Medium\"},{\"operator\":\"==\",\"thresholdValue\":\"8\",\"representation\":\"red\",\"text\":\"High\"},{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}],\"compositeBarSettings\":{\"labelText\":\"\",\"columnSettings\":[{\"columnName\":\"LogSeverity\",\"color\":\"blue\"},{\"columnName\":\"DestinationDnsDomain\",\"color\":\"purple\"}]}}},{\"columnMatch\":\"Count\",\"formatter\":4,\"formatOptions\":{\"min\":0,\"palette\":\"blue\"}}],\"rowLimit\":500,\"filter\":true}},\"conditionalVisibility\":{\"parameterName\":\"LogTypeParam\",\"comparison\":\"isEqualTo\",\"value\":\"DNS\"},\"showPin\":false,\"name\":\"Domain RPZ Events - grid - Copy\"}]},\"conditionalVisibility\":{\"parameterName\":\"domain\",\"comparison\":\"isNotEqualTo\"},\"name\":\"Events for {domain} between {brush:label}\"}]},\"conditionalVisibility\":{\"parameterName\":\"view\",\"comparison\":\"isEqualTo\",\"value\":\"Events by Domain\"},\"name\":\"Events by Domain\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"## BloxOne Threat Defense Security Overview\\r\\n---\\r\\n#### Top level insight into your BloxOne Threat Defense security data.\\r\\n\\r\\n\"},\"name\":\"text - 8\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"5b2e1804-a9a6-4b86-8a6e-27fd0ab029b5\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"ThreatLevelParam\",\"label\":\"Threat Level\",\"type\":2,\"isRequired\":true,\"multiSelect\":true,\"quote\":\"'\",\"delimiter\":\",\",\"value\":[\"value::all\"],\"typeSettings\":{\"additionalResourceOptions\":[\"value::all\"],\"selectAllValue\":\"All\",\"showDefault\":false},\"jsonData\":\"[\\r\\n    { \\\"value\\\":\\\"N/A\\\"},\\r\\n    { \\\"value\\\":\\\"Info\\\"},\\r\\n    { \\\"value\\\":\\\"Low\\\"},\\r\\n    { \\\"value\\\":\\\"Medium\\\"},\\r\\n    { \\\"value\\\":\\\"High\\\"}\\r\\n]\",\"timeContext\":{\"durationMs\":259200000},\"timeContextFromParameter\":\"TimeRange\",\"defaultValue\":\"value::all\"},{\"id\":\"1bc7a1f9-d3bd-4e0f-b5ae-4dc8ba8a1463\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"FeedParam\",\"label\":\"Feed\",\"type\":2,\"isRequired\":true,\"multiSelect\":true,\"quote\":\"\\\"\",\"delimiter\":\",\",\"query\":\"InfobloxCDC\\r\\n| where isnotempty(InfobloxB1FeedName)\\r\\n| summarize by InfobloxB1FeedName\\r\\n| order by InfobloxB1FeedName asc\",\"typeSettings\":{\"additionalResourceOptions\":[\"value::all\"],\"selectAllValue\":\"All\",\"showDefault\":false},\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"defaultValue\":\"value::all\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},{\"id\":\"1eedd218-57c0-43e3-a306-a716380b05e6\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"ThreatClassParam\",\"label\":\"Threat Class\",\"type\":2,\"isRequired\":true,\"multiSelect\":true,\"quote\":\"\\\"\",\"delimiter\":\",\",\"query\":\"InfobloxCDC\\r\\n| summarize by ThreatClass\\r\\n| order by ThreatClass asc\\r\\n| project value = ThreatClass, label = case(ThreatClass == \\\"\\\", \\\"N/A\\\", ThreatClass)\",\"value\":[\"value::all\"],\"typeSettings\":{\"additionalResourceOptions\":[\"value::all\"],\"selectAllValue\":\"All\",\"showDefault\":false},\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"defaultValue\":\"value::all\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},{\"version\":\"KqlParameterItem/1.0\",\"name\":\"ActionParam\",\"label\":\"Action\",\"type\":2,\"isRequired\":true,\"multiSelect\":true,\"quote\":\"'\",\"delimiter\":\",\",\"value\":[\"value::all\"],\"typeSettings\":{\"additionalResourceOptions\":[\"value::all\"],\"selectAllValue\":\"All\",\"showDefault\":false},\"jsonData\":\"[\\r\\n    { \\\"value\\\":\\\"NXDOMAIN\\\", \\\"label\\\": \\\"Block\\\"},\\r\\n    { \\\"value\\\":\\\"REDIRECT\\\", \\\"label\\\": \\\"Redirect\\\"},\\r\\n    { \\\"value\\\":\\\"PASSTHRU\\\", \\\"label\\\": \\\"Log\\\"}\\r\\n]\",\"timeContext\":{\"durationMs\":259200000},\"timeContextFromParameter\":\"TimeRange\",\"defaultValue\":\"value::all\",\"id\":\"e36bc3c2-b85e-478c-968b-7faf79c21c49\"}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"parameters - 6 - Copy - Copy\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"RPZ\\\"\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| summarize dcount(SourceIP)\",\"size\":3,\"title\":\"Unique Impacted Devices\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"gridSettings\":{\"rowLimit\":200,\"sortBy\":[{\"itemKey\":\"InfobloxThreatLevel\",\"sortOrder\":1}]},\"sortBy\":[{\"itemKey\":\"InfobloxThreatLevel\",\"sortOrder\":1}],\"tileSettings\":{\"titleContent\":{\"formatter\":1},\"leftContent\":{\"columnMatch\":\"dcount_SourceIP\",\"formatter\":12,\"formatOptions\":{\"palette\":\"orangeBlue\"}},\"showBorder\":false}},\"customWidth\":\"33\",\"name\":\"Unique Impacted Devices\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"RPZ\\\"\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1ConnectionType == \\\"remote_client\\\"\\r\\n| summarize dcount(SourceIP)\",\"size\":3,\"title\":\"Unique Impacted B1 Endpoints\",\"color\":\"orange\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"formatter\":1},\"leftContent\":{\"columnMatch\":\"dcount_SourceIP\",\"formatter\":12,\"formatOptions\":{\"min\":-1,\"palette\":\"pink\"}},\"showBorder\":false}},\"customWidth\":\"33\",\"name\":\"Unique Impacted B1 Endpoints\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"RPZ\\\"\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| summarize dcount(DestinationDnsDomain)\",\"size\":3,\"title\":\"Unique Threat Indicators\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"gridSettings\":{\"rowLimit\":200,\"sortBy\":[{\"itemKey\":\"InfobloxThreatLevel\",\"sortOrder\":1}]},\"sortBy\":[{\"itemKey\":\"InfobloxThreatLevel\",\"sortOrder\":1}],\"tileSettings\":{\"titleContent\":{\"formatter\":1},\"leftContent\":{\"columnMatch\":\"dcount_DestinationDnsDomain\",\"formatter\":12,\"formatOptions\":{\"min\":-1,\"palette\":\"magenta\"}},\"showBorder\":false}},\"customWidth\":\"33\",\"name\":\"Unique Threat Indicators\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"RPZ\\\"\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| summarize dcount(ThreatClass)\",\"size\":3,\"title\":\"Unique Threat Classes\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"gridSettings\":{\"rowLimit\":200,\"sortBy\":[{\"itemKey\":\"InfobloxThreatLevel\",\"sortOrder\":1}]},\"sortBy\":[{\"itemKey\":\"InfobloxThreatLevel\",\"sortOrder\":1}],\"tileSettings\":{\"titleContent\":{\"formatter\":1},\"leftContent\":{\"columnMatch\":\"dcount_ThreatClass\",\"formatter\":12,\"formatOptions\":{\"min\":-1,\"palette\":\"greenDark\"}},\"showBorder\":false}},\"customWidth\":\"33\",\"name\":\"Unique Threat Classes\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"RPZ\\\"\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n//| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| summarize count()\",\"size\":3,\"title\":\"Total Security Hits (All Actions)\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"gridSettings\":{\"rowLimit\":200,\"sortBy\":[{\"itemKey\":\"InfobloxThreatLevel\",\"sortOrder\":1}]},\"sortBy\":[{\"itemKey\":\"InfobloxThreatLevel\",\"sortOrder\":1}],\"tileSettings\":{\"titleContent\":{\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"}},\"showBorder\":false}},\"customWidth\":\"33\",\"name\":\"Total Security Hits (All Actions)\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"RPZ\\\"\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1PolicyAction == \\\"Log\\\" or SimplifiedDeviceAction == \\\"PASSTHRU\\\"\\r\\n| summarize count()\",\"size\":3,\"title\":\"Total Allowed + Logged Hits (PASSTHRU)\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"gridSettings\":{\"rowLimit\":200,\"sortBy\":[{\"itemKey\":\"InfobloxThreatLevel\",\"sortOrder\":1}]},\"sortBy\":[{\"itemKey\":\"InfobloxThreatLevel\",\"sortOrder\":1}],\"tileSettings\":{\"titleContent\":{\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"min\":-1,\"palette\":\"green\"}},\"showBorder\":false}},\"customWidth\":\"33\",\"name\":\"Total Allowed + Logged Hits (PASSTHRU)\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"RPZ\\\"\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1PolicyAction == \\\"Block\\\" or SimplifiedDeviceAction == \\\"NXDOMAIN\\\"\\r\\n| summarize count()\",\"size\":3,\"title\":\"Total Blocked Hits (NXDOMAIN)\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"gridSettings\":{\"rowLimit\":200,\"sortBy\":[{\"itemKey\":\"InfobloxThreatLevel\",\"sortOrder\":1}]},\"sortBy\":[{\"itemKey\":\"InfobloxThreatLevel\",\"sortOrder\":1}],\"tileSettings\":{\"titleContent\":{\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"min\":-1,\"palette\":\"redBright\"}},\"showBorder\":false}},\"customWidth\":\"33\",\"name\":\"Total Blocked Hits (NXDOMAIN)\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"RPZ\\\"\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1PolicyAction == \\\"Redirect\\\" or SimplifiedDeviceAction == \\\"REDIRECT\\\"\\r\\n| summarize count()\",\"size\":3,\"title\":\"Total Redirects (REDIRECT)\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"gridSettings\":{\"rowLimit\":200,\"sortBy\":[{\"itemKey\":\"InfobloxThreatLevel\",\"sortOrder\":1}]},\"sortBy\":[{\"itemKey\":\"InfobloxThreatLevel\",\"sortOrder\":1}],\"tileSettings\":{\"titleContent\":{\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"min\":-1,\"palette\":\"red\"}},\"showBorder\":false}},\"customWidth\":\"33\",\"name\":\"Total Redirects (REDIRECT)\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"RPZ\\\"\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1PolicyAction == \\\"Log\\\" or SimplifiedDeviceAction == \\\"PASSTHRU\\\"\\r\\n| where ThreatLevel == \\\"High\\\"\\r\\n| summarize count()\",\"size\":3,\"title\":\"Total High Threat Level Hits Not Blocked\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"gridSettings\":{\"rowLimit\":200,\"sortBy\":[{\"itemKey\":\"InfobloxThreatLevel\",\"sortOrder\":1}]},\"sortBy\":[{\"itemKey\":\"InfobloxThreatLevel\",\"sortOrder\":1}],\"tileSettings\":{\"titleContent\":{\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"min\":0,\"palette\":\"redBright\"}},\"showBorder\":false}},\"customWidth\":\"33\",\"name\":\"Total High Threat Level Hits Not Blocked\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"RPZ\\\"\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName !has_cs \\\"CAT_\\\" and InfobloxRPZ !has_cs \\\"CAT_\\\" and InfobloxB1FeedName !has_cs \\\"APP_\\\" and InfobloxRPZ !has_cs \\\"APP_\\\"\\r\\n| summarize count()\",\"size\":3,\"title\":\"Total Non-Filter Hits\",\"color\":\"orange\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"palette\":\"coldHot\"}},\"showBorder\":false}},\"customWidth\":\"33\",\"name\":\"Total Non-Filter Hits\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"RPZ\\\"\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName has_cs \\\"CAT_\\\" or InfobloxRPZ has_cs \\\"CAT_\\\"\\r\\n| summarize count()\",\"size\":3,\"title\":\"Total Category Filter Hits\",\"color\":\"orange\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"palette\":\"yellowGreenBlue\"}},\"showBorder\":false}},\"customWidth\":\"33\",\"name\":\"Total Category Filter Hits\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"RPZ\\\"\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName has_cs \\\"APP_\\\" or InfobloxRPZ has_cs \\\"APP_\\\"\\r\\n| summarize count()\",\"size\":3,\"title\":\"Total Application Filter Hits\",\"color\":\"orange\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"min\":-1,\"palette\":\"yellow\"}},\"showBorder\":false}},\"customWidth\":\"33\",\"name\":\"Total Application Filter Hits\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"RPZ\\\"\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1ConnectionType == \\\"remote_client\\\"\\r\\n| summarize count()\",\"size\":3,\"title\":\"Total Hits via B1 Endpoints\",\"color\":\"orange\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"min\":-1,\"palette\":\"orangeRed\"}},\"showBorder\":false}},\"customWidth\":\"33\",\"name\":\"Total Hits via B1 Endpoints\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"RPZ\\\"\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1ConnectionType == \\\"nios\\\"\\r\\n| summarize count()\",\"size\":3,\"title\":\"Total Hits via NIOS\",\"color\":\"orange\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"min\":-1,\"palette\":\"blue\"}},\"showBorder\":false}},\"customWidth\":\"33\",\"name\":\"Total Hits via NIOS\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"RPZ\\\"\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1ConnectionType == \\\"dfp\\\"\\r\\n| summarize count()\",\"size\":3,\"title\":\"Total Hits via DFP\",\"color\":\"orange\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"min\":-1,\"palette\":\"orange\"}},\"showBorder\":false}},\"customWidth\":\"33\",\"name\":\"Total Hits via DFP\"}]},\"customWidth\":\"40\",\"name\":\"Totals\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"RPZ\\\"\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| make-series Hits = count() default = 0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step {TimeRange:grain}\",\"size\":3,\"title\":\"Security Hits over Time\",\"color\":\"orange\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"areachart\"},\"customWidth\":\"60\",\"name\":\"Security Hits over Time\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"RPZ\\\"\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| summarize count() by DestinationDnsDomain\\r\\n| top 50 by count_ desc\",\"size\":2,\"title\":\"Top Indicators\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"gridSettings\":{\"filter\":true},\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"DestinationDnsDomain\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"}},\"showBorder\":false},\"chartSettings\":{\"createOtherGroup\":0}},\"customWidth\":\"65\",\"name\":\"Top Indicators\",\"styleSettings\":{\"margin\":\"0px 10px 0px 0px\"}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"RPZ\\\"\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| summarize count() by SourceIP\\r\\n| top 20 by count_ desc\",\"size\":3,\"title\":\"Top Impacted IPs\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"barchart\",\"chartSettings\":{\"createOtherGroup\":0}},\"customWidth\":\"35\",\"name\":\"Top Impacted IPs\"},{\"type\":1,\"content\":{\"json\":\"---\\r\\n## Threat Level\"},\"name\":\"text - 8\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"datatable (Count:long, ThreatLevel:string, ThreatLevel_count:long) [0,\\\"N/A\\\",1, 0,\\\"Info\\\",2, 0,\\\"Low\\\",3, 0,\\\"Medium\\\",4, 0,\\\"High\\\",5]\\r\\n|union\\r\\n(\\r\\nInfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"RPZ\\\"\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| extend ThreatLevel_count = case(ThreatLevel == \\\"High\\\", 5, ThreatLevel==\\\"Medium\\\", 4, ThreatLevel==\\\"Low\\\", 3, ThreatLevel==\\\"Info\\\", 2, 1)\\r\\n| summarize Count = count() by ThreatLevel, ThreatLevel_count\\r\\n)\\r\\n| summarize Count=sum(Count) by ThreatLevel, ThreatLevel_count\\r\\n| sort by ThreatLevel_count asc\",\"size\":0,\"title\":\"Hit Count by Threat Level\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"graph\",\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"ThreatLevel\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"==\",\"thresholdValue\":\"High\",\"representation\":\"red\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Medium\",\"representation\":\"orange\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Low\",\"representation\":\"yellow\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Info\",\"representation\":\"lightBlue\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"N/A\",\"representation\":\"gray\",\"text\":\"{0}{1}\"},{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}]}},\"leftContent\":{\"columnMatch\":\"Count\",\"formatter\":12,\"formatOptions\":{\"palette\":\"yellowOrangeRed\"},\"numberFormat\":{\"unit\":17,\"options\":{\"style\":\"decimal\",\"useGrouping\":false,\"maximumFractionDigits\":2,\"maximumSignificantDigits\":3}}},\"showBorder\":false,\"sortCriteriaField\":\"status_count\",\"sortOrderField\":1,\"size\":\"auto\"},\"graphSettings\":{\"type\":2,\"topContent\":{\"columnMatch\":\"ThreatLevel\",\"formatter\":1},\"centerContent\":{\"columnMatch\":\"Count\",\"formatter\":1,\"numberFormat\":{\"unit\":17,\"options\":{\"style\":\"decimal\",\"useGrouping\":false,\"maximumFractionDigits\":2,\"maximumSignificantDigits\":3}}},\"nodeIdField\":\"Count\",\"graphOrientation\":3,\"showOrientationToggles\":false,\"staticNodeSize\":100,\"colorSettings\":{\"nodeColorField\":\"ThreatLevel\",\"type\":3,\"thresholdsGrid\":[{\"operator\":\"==\",\"thresholdValue\":\"N/A\",\"representation\":\"gray\"},{\"operator\":\"==\",\"thresholdValue\":\"Info\",\"representation\":\"lightBlue\"},{\"operator\":\"==\",\"thresholdValue\":\"Low\",\"representation\":\"yellow\"},{\"operator\":\"==\",\"thresholdValue\":\"Medium\",\"representation\":\"orange\"},{\"operator\":\"==\",\"thresholdValue\":\"High\",\"representation\":\"red\"},{\"operator\":\"Default\",\"representation\":\"gray\"}]},\"hivesMargin\":5}},\"customWidth\":\"30\",\"name\":\"Hit Count by Threat Level\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"RPZ\\\"\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| make-series Trend = count() default = 0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step {TimeRange:grain} by ThreatLevel\",\"size\":0,\"title\":\"Threat Level Trend\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"timechart\",\"chartSettings\":{\"showLegend\":true,\"seriesLabelSettings\":[{\"seriesName\":\"High\",\"color\":\"red\"},{\"seriesName\":\"N/A\",\"color\":\"gray\"},{\"seriesName\":\"Low\",\"color\":\"yellow\"},{\"seriesName\":\"Medium\",\"color\":\"orange\"},{\"seriesName\":\"Info\",\"color\":\"lightBlue\"}]}},\"customWidth\":\"70\",\"name\":\"Threat Level Trend\"},{\"type\":1,\"content\":{\"json\":\"---\\r\\n## Feed\"},\"name\":\"text - 8 - Copy\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"RPZ\\\"\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| extend InfobloxB1FeedName = case(InfobloxB1FeedName == \\\"\\\", InfobloxRPZ, InfobloxB1FeedName)\\r\\n\\r\\n//| summarize c = count() by InfobloxB1FeedName\\r\\n//| summarize c = sum(c) by InfobloxB1FeedName = tolower(InfobloxB1FeedName)\\r\\n\\r\\n| summarize count() by InfobloxB1FeedName\\r\\n| order by count_ desc\",\"size\":0,\"title\":\"Hit Count by Feed\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"InfobloxB1FeedName\",\"formatter\":0,\"formatOptions\":{\"customColumnWidthSetting\":\"50%\"}},{\"columnMatch\":\"count_\",\"formatter\":3,\"formatOptions\":{\"palette\":\"greenRed\",\"compositeBarSettings\":{\"labelText\":\"\"},\"customColumnWidthSetting\":\"50%\"}},{\"columnMatch\":\"Feed\",\"formatter\":0,\"formatOptions\":{\"customColumnWidthSetting\":\"50%\"}}],\"rowLimit\":500,\"filter\":true,\"labelSettings\":[{\"columnId\":\"count_\",\"label\":\"Hits\"}]},\"tileSettings\":{\"showBorder\":false,\"titleContent\":{\"columnMatch\":\"DestinationDnsDomain\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"},\"numberFormat\":{\"unit\":17,\"options\":{\"maximumSignificantDigits\":3,\"maximumFractionDigits\":2}}}}},\"customWidth\":\"30\",\"name\":\"Hit Count by Feed\",\"styleSettings\":{\"margin\":\"0 10px 0 0\"}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let starttime = {TimeRange:start};\\r\\nlet endtime = {TimeRange:end};\\r\\n// Finding Tops \\r\\nlet Top = materialize(InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"RPZ\\\"\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| extend InfobloxB1FeedName = case(InfobloxB1FeedName == \\\"\\\", InfobloxRPZ, InfobloxB1FeedName)\\r\\n| summarize count() by InfobloxB1FeedName\\r\\n| top 10 by count_ \\r\\n| project InfobloxB1FeedName);\\r\\n// Filtering datasource to Tops and Plot Time chart\\r\\nInfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"RPZ\\\"\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| extend InfobloxB1FeedName = case(InfobloxB1FeedName == \\\"\\\", InfobloxRPZ, InfobloxB1FeedName)\\r\\n| where InfobloxB1FeedName in ((Top))\\r\\n| project TimeGenerated, InfobloxB1FeedName\\r\\n| make-series Total= count() default = 0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step {TimeRange:grain} by InfobloxB1FeedName\",\"size\":0,\"title\":\"Feed Trend\",\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"barchart\",\"chartSettings\":{\"showLegend\":true,\"seriesLabelSettings\":[{\"seriesName\":\"0\",\"label\":\"N/A\",\"color\":\"green\"},{\"seriesName\":\"1\",\"label\":\"Low/Info\",\"color\":\"blue\"},{\"seriesName\":\"8\",\"label\":\"High\",\"color\":\"red\"},{\"seriesName\":\"5\",\"label\":\"Medium\",\"color\":\"orange\"}]}},\"customWidth\":\"70\",\"name\":\"Feed Trend\",\"styleSettings\":{\"margin\":\"0px\"}},{\"type\":1,\"content\":{\"json\":\"---\\r\\n## Class\"},\"name\":\"text - 8 - Copy - Copy - Copy\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"RPZ\\\"\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| extend ThreatClass = case(ThreatClass == \\\"\\\", \\\"N/A\\\", ThreatClass)\\r\\n| summarize count() by ThreatClass\\r\\n| order by count_ desc\\r\\n\\r\\n\\r\\n\",\"size\":0,\"title\":\"Hit Count by Class\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"count_\",\"formatter\":3,\"formatOptions\":{\"palette\":\"greenRed\",\"compositeBarSettings\":{\"labelText\":\"\"},\"customColumnWidthSetting\":\"50%\"}},{\"columnMatch\":\"Feed\",\"formatter\":0,\"formatOptions\":{\"customColumnWidthSetting\":\"50%\"}}],\"rowLimit\":500,\"filter\":true,\"labelSettings\":[{\"columnId\":\"count_\",\"label\":\"Hits\"}]},\"tileSettings\":{\"showBorder\":false,\"titleContent\":{\"columnMatch\":\"DestinationDnsDomain\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"},\"numberFormat\":{\"unit\":17,\"options\":{\"maximumSignificantDigits\":3,\"maximumFractionDigits\":2}}}}},\"customWidth\":\"30\",\"name\":\"Hit Count by Class\",\"styleSettings\":{\"margin\":\"0 10px 0 0\"}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let starttime = {TimeRange:start};\\r\\nlet endtime = {TimeRange:end};\\r\\n// Finding Tops \\r\\nlet Top = materialize(InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"RPZ\\\"\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| extend ThreatClass = case(ThreatClass == \\\"\\\", \\\"N/A\\\", ThreatClass)\\r\\n| summarize count() by ThreatClass\\r\\n| top 10 by count_ \\r\\n| project ThreatClass);\\r\\n// Filtering datasource to Tops and Plot Time chart\\r\\nInfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"RPZ\\\"\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| extend ThreatClass = case(ThreatClass == \\\"\\\", \\\"N/A\\\", ThreatClass)\\r\\n| where ThreatClass in ((Top))\\r\\n| project TimeGenerated, ThreatClass\\r\\n| make-series Total= count() default = 0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step {TimeRange:grain} by ThreatClass\",\"size\":0,\"title\":\"Class Trend\",\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"barchart\",\"chartSettings\":{\"showLegend\":true}},\"customWidth\":\"70\",\"name\":\"Class Trend\",\"styleSettings\":{\"margin\":\"0px\"}},{\"type\":1,\"content\":{\"json\":\"---\\r\\n## Action\"},\"name\":\"text - 8 - Copy - Copy\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"RPZ\\\"\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| summarize count() by SimplifiedDeviceAction\\r\\n| top 10 by count_ desc\",\"size\":0,\"title\":\"Hit Count By Action\",\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"piechart\",\"chartSettings\":{\"seriesLabelSettings\":[{\"seriesName\":\"REDIRECT\",\"label\":\"Redirect\",\"color\":\"orange\"},{\"seriesName\":\"NXDOMAIN\",\"label\":\"Block\",\"color\":\"redBright\"},{\"seriesName\":\"PASSTHRU\",\"label\":\"Log\",\"color\":\"green\"},{\"seriesName\":\"\",\"label\":\"Unknown\",\"color\":\"turquoise\"}]}},\"customWidth\":\"30\",\"name\":\"Hit Count By Action\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"RPZ\\\"\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| make-series Trend = count() default = 0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step {TimeRange:grain} by SimplifiedDeviceAction\",\"size\":0,\"title\":\"Action Trend\",\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"timechart\",\"chartSettings\":{\"showLegend\":true,\"seriesLabelSettings\":[{\"seriesName\":\"REDIRECT\",\"label\":\"Redirect\",\"color\":\"orange\"},{\"seriesName\":\"NXDOMAIN\",\"label\":\"Block\",\"color\":\"redBright\"},{\"seriesName\":\"PASSTHRU\",\"label\":\"Log\",\"color\":\"green\"},{\"seriesName\":\"<empty>\",\"label\":\"Unknown\",\"color\":\"turquoise\"}]}},\"customWidth\":\"70\",\"name\":\"Action Trend\",\"styleSettings\":{\"margin\":\"0px\"}},{\"type\":1,\"content\":{\"json\":\"---\\r\\n## Events\"},\"name\":\"text - 8 - Copy - Copy - Copy\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"RPZ\\\"\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| sort by TimeGenerated desc\\r\\n| project TimeGenerated, DeviceEventClassID, ThreatLevel, ThreatLevel_Score, ThreatConfidence, DestinationDnsDomain, InfobloxB1FeedName, ThreatClass, ThreatProperty, InfobloxB1PolicyAction, DeviceAction, InfobloxB1PolicyName, SourceIP, DeviceName, SourceMACAddress, SourceUserName, InfobloxB1SrcOSVersion, InfobloxB1ConnectionType, InfobloxB1Network, AdditionalExtensionsParsedNested\\r\\n\",\"size\":2,\"showAnalytics\":true,\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"showRefreshButton\":true,\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"ThreatLevel\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"==\",\"thresholdValue\":\"N/A\",\"representation\":\"gray\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Low\",\"representation\":\"yellow\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Info\",\"representation\":\"lightBlue\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Medium\",\"representation\":\"orange\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"High\",\"representation\":\"red\",\"text\":\"{0}{1}\"},{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"ThreatLevel_Score\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"is Empty\",\"representation\":\"gray\",\"text\":\"N/A\"},{\"operator\":\">=\",\"thresholdValue\":\"80\",\"representation\":\"red\",\"text\":\"{0}{1}\"},{\"operator\":\">=\",\"thresholdValue\":\"30\",\"representation\":\"orange\",\"text\":\"{0}{1}\"},{\"operator\":\">=\",\"thresholdValue\":\"1\",\"representation\":\"yellow\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"0\",\"representation\":\"lightBlue\",\"text\":\"{0}{1}\"},{\"operator\":\"Default\",\"text\":\"\"}],\"compositeBarSettings\":{\"labelText\":\"[\\\"ThreatLevel\\\"]\",\"columnSettings\":[{\"columnName\":\"ThreatLevel\",\"color\":\"orange\"},{\"columnName\":\"DestinationDnsDomain\",\"color\":\"blue\"}]}}},{\"columnMatch\":\"ThreatConfidence\",\"formatter\":8,\"formatOptions\":{\"min\":0,\"max\":100,\"palette\":\"purpleBlueGreen\",\"compositeBarSettings\":{\"labelText\":\"\"}}},{\"columnMatch\":\"LogSeverity\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"==\",\"thresholdValue\":\"0\",\"representation\":\"green\",\"text\":\"N/A\"},{\"operator\":\"==\",\"thresholdValue\":\"1\",\"representation\":\"blue\",\"text\":\"Low/Info\"},{\"operator\":\"==\",\"thresholdValue\":\"5\",\"representation\":\"orange\",\"text\":\"Medium\"},{\"operator\":\"==\",\"thresholdValue\":\"8\",\"representation\":\"red\",\"text\":\"High\"},{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}],\"compositeBarSettings\":{\"labelText\":\"\",\"columnSettings\":[{\"columnName\":\"LogSeverity\",\"color\":\"blue\"},{\"columnName\":\"DestinationDnsDomain\",\"color\":\"purple\"}]}}},{\"columnMatch\":\"Count\",\"formatter\":4,\"formatOptions\":{\"min\":0,\"palette\":\"blue\"}}],\"rowLimit\":5000,\"filter\":true,\"sortBy\":[{\"itemKey\":\"InfobloxB1FeedName\",\"sortOrder\":1}]},\"sortBy\":[{\"itemKey\":\"InfobloxB1FeedName\",\"sortOrder\":1}]},\"showPin\":false,\"name\":\"RPZ Events\"}]},\"conditionalVisibility\":{\"parameterName\":\"view\",\"comparison\":\"isEqualTo\",\"value\":\"Security Overview\"},\"name\":\"Overview\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"## BloxOne DNS Query/Response & DHCP Leases Overview\\r\\n---\\r\\n#### Top level insight into your BloxOne DNS Query/Response and DHCP Lease data.\\r\\n\\r\\n\"},\"name\":\"text - 8\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"DNS\\\"\\r\\n| summarize dcount(SourceIP)\",\"size\":3,\"title\":\"Unique Devices\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"gridSettings\":{\"rowLimit\":200,\"sortBy\":[{\"itemKey\":\"InfobloxThreatLevel\",\"sortOrder\":1}]},\"sortBy\":[{\"itemKey\":\"InfobloxThreatLevel\",\"sortOrder\":1}],\"tileSettings\":{\"titleContent\":{\"formatter\":1},\"leftContent\":{\"columnMatch\":\"dcount_SourceIP\",\"formatter\":12,\"formatOptions\":{\"palette\":\"orangeBlue\"}},\"showBorder\":false}},\"customWidth\":\"33\",\"name\":\"Unique Devices\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"DNS\\\"\\r\\n| where InfobloxB1ConnectionType == \\\"remote_client\\\"\\r\\n| summarize dcount(SourceIP)\",\"size\":3,\"title\":\"Unique B1 Endpoints\",\"color\":\"orange\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"formatter\":1},\"leftContent\":{\"columnMatch\":\"dcount_SourceIP\",\"formatter\":12,\"formatOptions\":{\"min\":-1,\"palette\":\"pink\"}},\"showBorder\":false}},\"customWidth\":\"33\",\"name\":\"Unique B1 Endpoints\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"DNS\\\"\\r\\n| summarize dcount(DestinationDnsDomain)\",\"size\":3,\"title\":\"Unique Queries (Domains)\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"gridSettings\":{\"rowLimit\":200,\"sortBy\":[{\"itemKey\":\"InfobloxThreatLevel\",\"sortOrder\":1}]},\"sortBy\":[{\"itemKey\":\"InfobloxThreatLevel\",\"sortOrder\":1}],\"tileSettings\":{\"titleContent\":{\"formatter\":1},\"leftContent\":{\"columnMatch\":\"dcount_DestinationDnsDomain\",\"formatter\":12,\"formatOptions\":{\"min\":-1,\"palette\":\"magenta\"}},\"showBorder\":false}},\"customWidth\":\"33\",\"name\":\"Unique Queries (Domains)\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"DNS\\\"\\r\\n| summarize count()\",\"size\":3,\"title\":\"Total Queries\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"gridSettings\":{\"rowLimit\":200,\"sortBy\":[{\"itemKey\":\"InfobloxThreatLevel\",\"sortOrder\":1}]},\"sortBy\":[{\"itemKey\":\"InfobloxThreatLevel\",\"sortOrder\":1}],\"tileSettings\":{\"titleContent\":{\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"}},\"showBorder\":false}},\"customWidth\":\"33\",\"name\":\"Total Queries\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"DNS\\\"\\r\\n| where InfobloxB1ConnectionType == \\\"remote_client\\\"\\r\\n| summarize count()\",\"size\":3,\"title\":\"Total Queries via B1 Endpoints\",\"color\":\"orange\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"min\":-1,\"palette\":\"orangeRed\"}},\"showBorder\":false}},\"customWidth\":\"33\",\"name\":\"Total Queries via B1 Endpoints\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"DNS\\\"\\r\\n| where InfobloxB1ConnectionType == \\\"nios\\\"\\r\\n| summarize count()\",\"size\":3,\"title\":\"Total Queries via NIOS\",\"color\":\"orange\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"min\":-1,\"palette\":\"blue\"}},\"showBorder\":false}},\"customWidth\":\"33\",\"name\":\"Total Queries via NIOS\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"DNS\\\"\\r\\n| where InfobloxB1ConnectionType == \\\"dfp\\\"\\r\\n| summarize count()\",\"size\":3,\"title\":\"Total Queries via DFP\",\"color\":\"orange\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"min\":-1,\"palette\":\"orange\"}},\"showBorder\":false}},\"customWidth\":\"33\",\"name\":\"Total Queries via DFP\"}]},\"customWidth\":\"40\",\"name\":\"Totals\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"DNS\\\"\\r\\n| make-series Hits = count() default = 0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step {TimeRange:grain} by InfobloxDNSRCode\",\"size\":0,\"title\":\"DNS Queries over Time\",\"color\":\"orange\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"linechart\",\"chartSettings\":{\"showLegend\":true}},\"customWidth\":\"60\",\"name\":\"DNS Queries over Time - Copy\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID == \\\"DHCP-LEASE-CREATE\\\"\\r\\n| summarize count()\",\"size\":3,\"title\":\"New DHCP Leases\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"gridSettings\":{\"rowLimit\":200,\"sortBy\":[{\"itemKey\":\"InfobloxThreatLevel\",\"sortOrder\":1}]},\"sortBy\":[{\"itemKey\":\"InfobloxThreatLevel\",\"sortOrder\":1}],\"tileSettings\":{\"titleContent\":{\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"palette\":\"orangeBlue\"}},\"showBorder\":false}},\"customWidth\":\"33\",\"name\":\"New DHCP Leases\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID == \\\"DHCP-LEASE-CREATE\\\"\\r\\n| summarize dcount(SourceIP)\",\"size\":3,\"title\":\"New DHCP Leases (Unique IPs)\",\"color\":\"orange\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"formatter\":1},\"leftContent\":{\"columnMatch\":\"dcount_SourceIP\",\"formatter\":12,\"formatOptions\":{\"min\":-1,\"palette\":\"pink\"}},\"showBorder\":false,\"size\":\"full\"}},\"customWidth\":\"33\",\"name\":\"New DHCP Leases (Unique IPs)\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID == \\\"DHCP-LEASE-UPDATE\\\"\\r\\n| summarize count()\",\"size\":3,\"title\":\"Updated DHCP Leases \",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"gridSettings\":{\"rowLimit\":200,\"sortBy\":[{\"itemKey\":\"InfobloxThreatLevel\",\"sortOrder\":1}]},\"sortBy\":[{\"itemKey\":\"InfobloxThreatLevel\",\"sortOrder\":1}],\"tileSettings\":{\"titleContent\":{\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"min\":-1,\"palette\":\"greenDark\"}},\"showBorder\":false}},\"customWidth\":\"33\",\"name\":\"Updated DHCP Leases \"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID == \\\"DHCP-LEASE-UPDATE\\\"\\r\\n| summarize dcount(SourceIP)\",\"size\":3,\"title\":\"Updated DHCP Leases (Unique IPs)\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"gridSettings\":{\"rowLimit\":200,\"sortBy\":[{\"itemKey\":\"InfobloxThreatLevel\",\"sortOrder\":1}]},\"sortBy\":[{\"itemKey\":\"InfobloxThreatLevel\",\"sortOrder\":1}],\"tileSettings\":{\"titleContent\":{\"formatter\":1},\"leftContent\":{\"columnMatch\":\"dcount_SourceIP\",\"formatter\":12,\"formatOptions\":{\"min\":-1,\"palette\":\"magenta\"}},\"showBorder\":false}},\"customWidth\":\"33\",\"name\":\"Updated DHCP Leases (Unique IPs)\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID == \\\"DHCP-LEASE-DELETE\\\"\\r\\n| summarize count()\",\"size\":3,\"title\":\"Released DHCP Leases\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"gridSettings\":{\"rowLimit\":200,\"sortBy\":[{\"itemKey\":\"InfobloxThreatLevel\",\"sortOrder\":1}]},\"sortBy\":[{\"itemKey\":\"InfobloxThreatLevel\",\"sortOrder\":1}],\"tileSettings\":{\"titleContent\":{\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"}},\"showBorder\":false}},\"customWidth\":\"33\",\"name\":\"Released DHCP Leases\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID == \\\"DHCP-LEASE-DELETE\\\"\\r\\n| summarize dcount(SourceIP)\",\"size\":3,\"title\":\"Released DHCP Leases (Unique IPs)\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"gridSettings\":{\"rowLimit\":200,\"sortBy\":[{\"itemKey\":\"InfobloxThreatLevel\",\"sortOrder\":1}]},\"sortBy\":[{\"itemKey\":\"InfobloxThreatLevel\",\"sortOrder\":1}],\"tileSettings\":{\"titleContent\":{\"formatter\":1},\"leftContent\":{\"columnMatch\":\"dcount_SourceIP\",\"formatter\":12,\"formatOptions\":{\"min\":-1,\"palette\":\"green\"}},\"showBorder\":false}},\"customWidth\":\"33\",\"name\":\"Released DHCP Leases (Unique IPs)\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"DHCP\\\"\\r\\n| summarize avg(toint(column_ifexists(\\\"InfobloxLifetime\\\", \\\"\\\")))\",\"size\":3,\"title\":\"Average Lease Lifespan (seconds)\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"gridSettings\":{\"rowLimit\":200,\"sortBy\":[{\"itemKey\":\"InfobloxThreatLevel\",\"sortOrder\":1}]},\"sortBy\":[{\"itemKey\":\"InfobloxThreatLevel\",\"sortOrder\":1}],\"tileSettings\":{\"titleContent\":{\"formatter\":1},\"leftContent\":{\"columnMatch\":\"avg_InfobloxLifetime\",\"formatter\":12,\"formatOptions\":{\"min\":-1,\"palette\":\"redBright\"}},\"showBorder\":false}},\"customWidth\":\"33\",\"name\":\"Average Lease Lifespan (seconds)\"}]},\"customWidth\":\"40\",\"name\":\"Totals - Copy\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"DHCP\\\"\\r\\n| make-series Hits = count() default = 0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step {TimeRange:grain} by InfobloxLeaseOp\",\"size\":0,\"title\":\"DHCP Leases over Time\",\"color\":\"magenta\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"linechart\",\"chartSettings\":{\"showLegend\":true}},\"customWidth\":\"60\",\"name\":\"DHCP Leases over Time\"},{\"type\":1,\"content\":{\"json\":\"---\\r\\n## DNS Events\"},\"name\":\"text - 8 - Copy - Copy - Copy\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"DNS\\\"\\r\\n| summarize count() by DestinationDnsDomain\\r\\n| order by count_ desc\",\"size\":2,\"title\":\"Top Requested Domains\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"InfobloxB1FeedName\",\"formatter\":0,\"formatOptions\":{\"customColumnWidthSetting\":\"50%\"}},{\"columnMatch\":\"count_\",\"formatter\":3,\"formatOptions\":{\"palette\":\"greenRed\",\"compositeBarSettings\":{\"labelText\":\"\"},\"customColumnWidthSetting\":\"50%\"}},{\"columnMatch\":\"Feed\",\"formatter\":0,\"formatOptions\":{\"customColumnWidthSetting\":\"50%\"}}],\"rowLimit\":500,\"filter\":true,\"labelSettings\":[{\"columnId\":\"count_\",\"label\":\"Hits\"}]},\"tileSettings\":{\"showBorder\":false,\"titleContent\":{\"columnMatch\":\"DestinationDnsDomain\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"},\"numberFormat\":{\"unit\":17,\"options\":{\"maximumSignificantDigits\":3,\"maximumFractionDigits\":2}}}}},\"customWidth\":\"30\",\"name\":\"Top Requested Domains\",\"styleSettings\":{\"margin\":\"0 10px 0 0\"}},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"DNS\\\"\\r\\n| summarize count() by InfobloxDNSRCode\",\"size\":3,\"title\":\"Response Codes\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"piechart\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"InfobloxB1FeedName\",\"formatter\":0,\"formatOptions\":{\"customColumnWidthSetting\":\"50%\"}},{\"columnMatch\":\"count_\",\"formatter\":3,\"formatOptions\":{\"palette\":\"greenRed\",\"compositeBarSettings\":{\"labelText\":\"\"},\"customColumnWidthSetting\":\"50%\"}},{\"columnMatch\":\"Feed\",\"formatter\":0,\"formatOptions\":{\"customColumnWidthSetting\":\"50%\"}}],\"rowLimit\":500,\"filter\":true,\"labelSettings\":[{\"columnId\":\"count_\",\"label\":\"Hits\"}]},\"tileSettings\":{\"showBorder\":false,\"titleContent\":{\"columnMatch\":\"DestinationDnsDomain\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"},\"numberFormat\":{\"unit\":17,\"options\":{\"maximumSignificantDigits\":3,\"maximumFractionDigits\":2}}}}},\"name\":\"Response Codes\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"DNS\\\"\\r\\n| summarize count() by InfobloxB1ConnectionType\",\"size\":3,\"title\":\"Queries by Connection Type\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"piechart\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"InfobloxB1FeedName\",\"formatter\":0,\"formatOptions\":{\"customColumnWidthSetting\":\"50%\"}},{\"columnMatch\":\"count_\",\"formatter\":3,\"formatOptions\":{\"palette\":\"greenRed\",\"compositeBarSettings\":{\"labelText\":\"\"},\"customColumnWidthSetting\":\"50%\"}},{\"columnMatch\":\"Feed\",\"formatter\":0,\"formatOptions\":{\"customColumnWidthSetting\":\"50%\"}}],\"rowLimit\":500,\"filter\":true,\"labelSettings\":[{\"columnId\":\"count_\",\"label\":\"Hits\"}]},\"tileSettings\":{\"showBorder\":false,\"titleContent\":{\"columnMatch\":\"DestinationDnsDomain\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"},\"numberFormat\":{\"unit\":17,\"options\":{\"maximumSignificantDigits\":3,\"maximumFractionDigits\":2}}}},\"chartSettings\":{\"seriesLabelSettings\":[{\"seriesName\":\"\",\"label\":\"unknown\",\"color\":\"orange\"}]}},\"name\":\"Queries by Connection Type\"}]},\"customWidth\":\"30\",\"name\":\"group - 14\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"DNS\\\"\\r\\n| summarize count() by SourceIP\\r\\n| top 25 by count_ desc\",\"size\":2,\"title\":\"Top Source IPs by DNS Queries\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"barchart\",\"chartSettings\":{\"createOtherGroup\":0}},\"customWidth\":\"40\",\"name\":\"Top Source IPs by DNS Queries\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"DNS\\\"\\r\\n| sort by TimeGenerated desc\\r\\n| project TimeGenerated, Activity, DestinationDnsDomain, SourceIP, DeviceName, SourceMACAddress, SourceUserName, InfobloxB1SrcOSVersion, InfobloxB1ConnectionType, InfobloxB1Network, InfobloxDNSQClass, InfobloxDNSQType, InfobloxDNSRCode, Protocol, AdditionalExtensionsParsedNested\\r\\n\",\"size\":2,\"showAnalytics\":true,\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"showRefreshButton\":true,\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"ThreatLevel\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"==\",\"thresholdValue\":\"N/A\",\"representation\":\"gray\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Low\",\"representation\":\"yellow\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Info\",\"representation\":\"lightBlue\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Medium\",\"representation\":\"orange\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"High\",\"representation\":\"red\",\"text\":\"{0}{1}\"},{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"ThreatLevel_Score\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"is Empty\",\"representation\":\"gray\",\"text\":\"N/A\"},{\"operator\":\">=\",\"thresholdValue\":\"80\",\"representation\":\"red\",\"text\":\"{0}{1}\"},{\"operator\":\">=\",\"thresholdValue\":\"30\",\"representation\":\"orange\",\"text\":\"{0}{1}\"},{\"operator\":\">=\",\"thresholdValue\":\"1\",\"representation\":\"yellow\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"0\",\"representation\":\"lightBlue\",\"text\":\"{0}{1}\"},{\"operator\":\"Default\",\"text\":\"\"}],\"compositeBarSettings\":{\"labelText\":\"[\\\"ThreatLevel\\\"]\",\"columnSettings\":[{\"columnName\":\"ThreatLevel\",\"color\":\"orange\"},{\"columnName\":\"DestinationDnsDomain\",\"color\":\"blue\"}]}}},{\"columnMatch\":\"ThreatConfidence\",\"formatter\":8,\"formatOptions\":{\"min\":0,\"max\":100,\"palette\":\"purpleBlueGreen\",\"compositeBarSettings\":{\"labelText\":\"\"}}},{\"columnMatch\":\"LogSeverity\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"==\",\"thresholdValue\":\"0\",\"representation\":\"green\",\"text\":\"N/A\"},{\"operator\":\"==\",\"thresholdValue\":\"1\",\"representation\":\"blue\",\"text\":\"Low/Info\"},{\"operator\":\"==\",\"thresholdValue\":\"5\",\"representation\":\"orange\",\"text\":\"Medium\"},{\"operator\":\"==\",\"thresholdValue\":\"8\",\"representation\":\"red\",\"text\":\"High\"},{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}],\"compositeBarSettings\":{\"labelText\":\"\",\"columnSettings\":[{\"columnName\":\"LogSeverity\",\"color\":\"blue\"},{\"columnName\":\"DestinationDnsDomain\",\"color\":\"purple\"}]}}},{\"columnMatch\":\"Count\",\"formatter\":4,\"formatOptions\":{\"min\":0,\"palette\":\"blue\"}}],\"rowLimit\":5000,\"filter\":true,\"sortBy\":[{\"itemKey\":\"InfobloxDNSQType\",\"sortOrder\":2}]},\"sortBy\":[{\"itemKey\":\"InfobloxDNSQType\",\"sortOrder\":2}]},\"showPin\":false,\"name\":\"DNS Events\"},{\"type\":1,\"content\":{\"json\":\"---\\r\\n## DHCP Events\"},\"name\":\"text - 8 - Copy - Copy - Copy - Copy\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"b71068b1-a89d-4605-8440-802f89726143\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"DHCPTypeParam\",\"label\":\"DHCP Operation\",\"type\":2,\"isRequired\":true,\"multiSelect\":true,\"quote\":\"'\",\"delimiter\":\",\",\"value\":[\"value::all\"],\"typeSettings\":{\"additionalResourceOptions\":[\"value::all\"],\"selectAllValue\":\"All\",\"showDefault\":false},\"jsonData\":\"[\\r\\n\\r\\n    { \\\"value\\\":\\\"Create\\\"},\\r\\n    { \\\"value\\\":\\\"Delete\\\"},\\r\\n    { \\\"value\\\":\\\"Update\\\"}\\r\\n]\",\"timeContext\":{\"durationMs\":86400000},\"defaultValue\":\"value::all\"}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"parameters - 23\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"DHCP\\\"\\r\\n| where InfobloxLeaseOp in ({DHCPTypeParam}) or '{DHCPTypeParam:label}' ==  \\\"All\\\"\\r\\n| sort by TimeGenerated desc\\r\\n| project TimeGenerated, DeviceEventClassID, SourceIP, SourceHostName, SourceMACAddress, InfobloxLeaseOp, InfobloxLifetime, InfobloxLeaseUUID, AdditionalExtensionsParsedNested\\r\\n\",\"size\":2,\"showAnalytics\":true,\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"showRefreshButton\":true,\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"ThreatLevel\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"==\",\"thresholdValue\":\"N/A\",\"representation\":\"gray\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Low\",\"representation\":\"yellow\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Info\",\"representation\":\"lightBlue\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Medium\",\"representation\":\"orange\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"High\",\"representation\":\"red\",\"text\":\"{0}{1}\"},{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"ThreatLevel_Score\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"is Empty\",\"representation\":\"gray\",\"text\":\"N/A\"},{\"operator\":\">=\",\"thresholdValue\":\"80\",\"representation\":\"red\",\"text\":\"{0}{1}\"},{\"operator\":\">=\",\"thresholdValue\":\"30\",\"representation\":\"orange\",\"text\":\"{0}{1}\"},{\"operator\":\">=\",\"thresholdValue\":\"1\",\"representation\":\"yellow\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"0\",\"representation\":\"lightBlue\",\"text\":\"{0}{1}\"},{\"operator\":\"Default\",\"text\":\"\"}],\"compositeBarSettings\":{\"labelText\":\"[\\\"ThreatLevel\\\"]\",\"columnSettings\":[{\"columnName\":\"ThreatLevel\",\"color\":\"orange\"},{\"columnName\":\"DestinationDnsDomain\",\"color\":\"blue\"}]}}},{\"columnMatch\":\"ThreatConfidence\",\"formatter\":8,\"formatOptions\":{\"min\":0,\"max\":100,\"palette\":\"purpleBlueGreen\",\"compositeBarSettings\":{\"labelText\":\"\"}}},{\"columnMatch\":\"LogSeverity\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"==\",\"thresholdValue\":\"0\",\"representation\":\"green\",\"text\":\"N/A\"},{\"operator\":\"==\",\"thresholdValue\":\"1\",\"representation\":\"blue\",\"text\":\"Low/Info\"},{\"operator\":\"==\",\"thresholdValue\":\"5\",\"representation\":\"orange\",\"text\":\"Medium\"},{\"operator\":\"==\",\"thresholdValue\":\"8\",\"representation\":\"red\",\"text\":\"High\"},{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}],\"compositeBarSettings\":{\"labelText\":\"\",\"columnSettings\":[{\"columnName\":\"LogSeverity\",\"color\":\"blue\"},{\"columnName\":\"DestinationDnsDomain\",\"color\":\"purple\"}]}}},{\"columnMatch\":\"Count\",\"formatter\":4,\"formatOptions\":{\"min\":0,\"palette\":\"blue\"}}],\"rowLimit\":5000,\"filter\":true,\"sortBy\":[{\"itemKey\":\"DeviceEventClassID\",\"sortOrder\":2}]},\"sortBy\":[{\"itemKey\":\"DeviceEventClassID\",\"sortOrder\":2}]},\"showPin\":false,\"name\":\"DHCP Events\"}]},\"conditionalVisibility\":{\"parameterName\":\"view\",\"comparison\":\"isEqualTo\",\"value\":\"DNS & DHCP Overview\"},\"name\":\"DNS Query/Response Overview\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"## Filters \\r\\n---\\r\\n\\r\\nCategory filters are a set of content categorization rules that BloxOne Threat Defense Cloud uses to detect and filter specific internet content. Based on your configuration, specific actions such as Allow or Block will be taken on the detected content.\\r\\n\\r\\nApplication filters are a set of rules that BloxOne Threat Defense Cloud uses to detect and filter specific Internet content. The Application Classification Service (ACS) provides accessibility to applications based on their category or subcategory. Using application filters, you can set security policies based on whether you want to allow an app to access the Internet at all times, or if you want the app to use local resolution when used with BloxOne DDI appliances. \\r\\n\\r\\nSee more about filters on the official [Infoblox Documentation Portal](https://docs.infoblox.com/display/BloxOneThreatDefense/Filters).\"},\"name\":\"text - 2\",\"styleSettings\":{\"margin\":\"0px\"}},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} \\r\\n| where DeviceEventClassID has_cs \\\"RPZ\\\" \\r\\n| where InfobloxB1FeedName has_cs \\\"CAT_\\\" or InfobloxRPZ has_cs \\\"CAT_\\\" or InfobloxB1FeedName has_cs \\\"APP_\\\" or InfobloxRPZ has_cs \\\"APP_\\\"\\r\\n| summarize count()\",\"size\":3,\"title\":\"All Filter Hits\",\"color\":\"orange\",\"timeContext\":{\"durationMs\":14400000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"min\":-1,\"palette\":\"orange\"}},\"showBorder\":false}},\"customWidth\":\"33\",\"name\":\"All Filter Hits\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} \\r\\n| where DeviceEventClassID has_cs \\\"RPZ\\\" \\r\\n| where InfobloxB1FeedName has_cs \\\"CAT_\\\" or InfobloxRPZ has_cs \\\"CAT_\\\"\\r\\n| summarize count()\",\"size\":3,\"title\":\"Category Filter Hits\",\"color\":\"orange\",\"timeContext\":{\"durationMs\":14400000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"palette\":\"yellowGreenBlue\"}},\"showBorder\":false}},\"customWidth\":\"33\",\"name\":\"Category Filter Hits\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} \\r\\n| where DeviceEventClassID has_cs \\\"RPZ\\\" \\r\\n| where InfobloxB1FeedName has_cs \\\"APP_\\\" or InfobloxRPZ has_cs \\\"APP_\\\"\\r\\n| summarize count()\",\"size\":3,\"title\":\"Application Filter Hits\",\"color\":\"orange\",\"timeContext\":{\"durationMs\":14400000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"min\":-1,\"palette\":\"redPurple\"}},\"showBorder\":false}},\"customWidth\":\"33\",\"name\":\"Application Filter Hits\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Top Category Filter Hits\",\"items\":[{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"be7263d9-229e-4875-a60a-76114659b718\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"CatFilterSorter\",\"label\":\"Sort Tiles By\",\"type\":2,\"isRequired\":true,\"typeSettings\":{\"showDefault\":false},\"jsonData\":\"[\\r\\n    { \\\"value\\\":\\\"count_ desc\\\", \\\"label\\\":\\\"Hit Count\\\", \\\"selected\\\":true },\\r\\n    { \\\"value\\\":\\\"DestinationDnsDomain asc, count_ desc\\\", \\\"label\\\":\\\"Domain Name\\\" },\\r\\n    { \\\"value\\\":\\\"InfobloxDomainCat asc, count_ desc\\\", \\\"label\\\":\\\"Filter Type\\\" }\\r\\n]\",\"timeContext\":{\"durationMs\":86400000}}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"Top Category Filters RPZ Hits\",\"styleSettings\":{\"margin\":\"0px 0px 0px 10px\"}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} \\r\\n| where DeviceEventClassID has_cs \\\"RPZ\\\" \\r\\n| where InfobloxB1FeedName has_cs \\\"CAT_\\\" or InfobloxRPZ has_cs \\\"CAT_\\\"\\r\\n| summarize count() by DestinationDnsDomain, InfobloxDomainCat\\r\\n| sort by {CatFilterSorter}\\r\\n| take 50\\r\\n\",\"size\":3,\"timeContext\":{\"durationMs\":14400000},\"timeContextFromParameter\":\"TimeRange\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"gridSettings\":{\"filter\":true},\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"DestinationDnsDomain\",\"formatter\":1},\"subtitleContent\":{\"columnMatch\":\"InfobloxDomainCat\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"}},\"showBorder\":false,\"rowLimit\":50,\"sortOrderField\":1},\"graphSettings\":{\"type\":0,\"topContent\":{\"columnMatch\":\"DestinationDnsDomain\",\"formatter\":1},\"centerContent\":{\"columnMatch\":\"count_\",\"formatter\":1,\"numberFormat\":{\"unit\":17,\"options\":{\"maximumSignificantDigits\":3,\"maximumFractionDigits\":2}}}}},\"name\":\"Tops\",\"styleSettings\":{\"margin\":\"-20px 0px 0px 0px\"}}]},\"name\":\"Top Category Filter Hits\",\"styleSettings\":{\"margin\":\"10px\"}},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Top Application Filter Hits\",\"items\":[{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"be7263d9-229e-4875-a60a-76114659b718\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"AppFilterSorter\",\"label\":\"Sort Tiles By\",\"type\":2,\"isRequired\":true,\"typeSettings\":{\"showDefault\":false},\"jsonData\":\"[\\r\\n    { \\\"value\\\":\\\"count_ desc\\\", \\\"label\\\":\\\"Hit Count\\\", \\\"selected\\\":true },\\r\\n    { \\\"value\\\":\\\"DestinationDnsDomain asc, count_ desc\\\", \\\"label\\\":\\\"Domain Name\\\" },\\r\\n    { \\\"value\\\":\\\"InfobloxDomainCat asc, count_ desc\\\", \\\"label\\\":\\\"Filter Type\\\" }\\r\\n]\",\"timeContext\":{\"durationMs\":86400000}}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"Top Category Filters RPZ Hits\",\"styleSettings\":{\"margin\":\"0px 0px 0px 10px\"}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} \\r\\n| where DeviceEventClassID has_cs \\\"RPZ\\\" \\r\\n| where InfobloxB1FeedName has_cs \\\"APP_\\\" or InfobloxRPZ has_cs \\\"APP_\\\"\\r\\n| summarize count() by DestinationDnsDomain, InfobloxDomainCat\\r\\n| sort by {AppFilterSorter}\\r\\n| take 50\\r\\n\",\"size\":3,\"timeContext\":{\"durationMs\":14400000},\"timeContextFromParameter\":\"TimeRange\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"gridSettings\":{\"filter\":true},\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"DestinationDnsDomain\",\"formatter\":1},\"subtitleContent\":{\"columnMatch\":\"InfobloxDomainCat\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"}},\"showBorder\":false,\"rowLimit\":50,\"sortOrderField\":1},\"graphSettings\":{\"type\":0,\"topContent\":{\"columnMatch\":\"DestinationDnsDomain\",\"formatter\":1},\"centerContent\":{\"columnMatch\":\"count_\",\"formatter\":1,\"numberFormat\":{\"unit\":17,\"options\":{\"maximumSignificantDigits\":3,\"maximumFractionDigits\":2}}}}},\"name\":\"Tops\",\"styleSettings\":{\"margin\":\"-20px 0px 0px 0px\"}}]},\"name\":\"Top Application Filter Hits\",\"styleSettings\":{\"margin\":\"10px\"}}]},\"name\":\"Overview\",\"styleSettings\":{\"margin\":\"0px\"}},{\"type\":1,\"content\":{\"json\":\"---\\r\\n## By Filters\"},\"name\":\"text - 4\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"9f55f1ff-f771-485f-82a9-52a9f42251cc\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"FilterTypeParam\",\"label\":\"Filter Type\",\"type\":2,\"isRequired\":true,\"value\":\"CAT_\",\"typeSettings\":{\"showDefault\":false},\"jsonData\":\"[\\r\\n    { \\\"value\\\":\\\"CAT_\\\",  \\\"label\\\":\\\"Category Filters\\\" },\\r\\n    { \\\"value\\\":\\\"APP_\\\", \\\"label\\\":\\\"Application Filters\\\" }\\r\\n]\",\"timeContext\":{\"durationMs\":172800000},\"timeContextFromParameter\":\"TimeRange\"}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"parameters - 6 - Copy - Copy - Copy - Copy - Copy - Copy\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let starttime = {TimeRange:start};\\r\\nlet endtime = {TimeRange:end};\\r\\n// Finding Tops \\r\\nlet Top = materialize(InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} \\r\\n| where DeviceEventClassID has_cs \\\"RPZ\\\" \\r\\n| where InfobloxB1FeedName has_cs '{FilterTypeParam}' or InfobloxRPZ has_cs '{FilterTypeParam}'\\r\\n| summarize count() by InfobloxDomainCat\\r\\n| top 15 by count_ \\r\\n| project InfobloxDomainCat);\\r\\n// Filtering datasource to Tops and Plot Time chart\\r\\nInfobloxCDC\\r\\n| where TimeGenerated {TimeRange} \\r\\n| where DeviceEventClassID has_cs \\\"RPZ\\\" \\r\\n| where InfobloxB1FeedName has_cs '{FilterTypeParam}' or InfobloxRPZ has_cs '{FilterTypeParam}'\\r\\n| where InfobloxDomainCat in ((Top))\\r\\n| project TimeGenerated, InfobloxDomainCat\\r\\n| make-series Total= count() default = 0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step {TimeRange:grain} by InfobloxDomainCat\",\"size\":2,\"title\":\"Top Filters by Time\",\"color\":\"red\",\"timeContext\":{\"durationMs\":14400000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"barchart\",\"chartSettings\":{\"createOtherGroup\":15,\"showLegend\":true}},\"name\":\"Top Filters by Time\"},{\"type\":1,\"content\":{\"json\":\"#### Click on a Filter in the chart below to further drilldown the filter.\\r\\n---\",\"style\":\"info\"},\"name\":\"text - 3\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} \\r\\n| where DeviceEventClassID has_cs \\\"RPZ\\\" \\r\\n| where InfobloxB1FeedName has_cs '{FilterTypeParam}' or InfobloxRPZ has_cs '{FilterTypeParam}'\\r\\n| summarize count() by InfobloxDomainCat\\r\\n| sort by count_ desc\",\"size\":0,\"title\":\"Hit Count by Filter \",\"timeContext\":{\"durationMs\":14400000},\"timeContextFromParameter\":\"TimeRange\",\"exportFieldName\":\"InfobloxDomainCat\",\"exportParameterName\":\"filter\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"count_\",\"formatter\":3,\"formatOptions\":{\"palette\":\"greenRed\",\"compositeBarSettings\":{\"labelText\":\"\"},\"customColumnWidthSetting\":\"40%\"}},{\"columnMatch\":\"CategoryFilter\",\"formatter\":0,\"formatOptions\":{\"customColumnWidthSetting\":\"60%\"}}],\"filter\":true,\"labelSettings\":[{\"columnId\":\"count_\",\"label\":\"Hits\"}]},\"tileSettings\":{\"showBorder\":false,\"titleContent\":{\"columnMatch\":\"DestinationDnsDomain\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"},\"numberFormat\":{\"unit\":17,\"options\":{\"maximumSignificantDigits\":3,\"maximumFractionDigits\":2}}}}},\"customWidth\":\"30\",\"name\":\"Hit Count by Filter \",\"styleSettings\":{\"margin\":\"0 10px 0 0\"}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} \\r\\n| where DeviceEventClassID has_cs \\\"RPZ\\\" \\r\\n| where InfobloxB1FeedName has_cs '{FilterTypeParam}' or InfobloxRPZ has_cs '{FilterTypeParam}'\\r\\n| where '{filter}' == InfobloxDomainCat\\r\\n| sort by  TimeGenerated desc, SourceIP desc\\r\\n| project TimeGenerated, DestinationDnsDomain, InfobloxDomainCat, InfobloxB1PolicyAction, DeviceAction, InfobloxB1PolicyName, SourceIP, DeviceName, SourceMACAddress, SourceUserName, InfobloxB1SrcOSVersion, InfobloxB1ConnectionType, InfobloxB1Network, AdditionalExtensionsParsedNested\\r\\n\",\"size\":0,\"showAnalytics\":true,\"title\":\"Events for {filter}\",\"timeContext\":{\"durationMs\":14400000},\"timeContextFromParameter\":\"TimeRange\",\"showRefreshButton\":true,\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"LogSeverity\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"gray\",\"text\":\"N/A\"}],\"compositeBarSettings\":{\"labelText\":\"\",\"columnSettings\":[{\"columnName\":\"LogSeverity\",\"color\":\"blue\"},{\"columnName\":\"DestinationDnsDomain\",\"color\":\"purple\"}]}}},{\"columnMatch\":\"Message\",\"formatter\":0,\"formatOptions\":{\"customColumnWidthSetting\":\"40%\"}},{\"columnMatch\":\"Count\",\"formatter\":4,\"formatOptions\":{\"min\":0,\"palette\":\"blue\"}}],\"rowLimit\":500,\"filter\":true,\"sortBy\":[{\"itemKey\":\"InfobloxB1SrcOSVersion\",\"sortOrder\":2}]},\"sortBy\":[{\"itemKey\":\"InfobloxB1SrcOSVersion\",\"sortOrder\":2}]},\"customWidth\":\"70\",\"conditionalVisibility\":{\"parameterName\":\"filter\",\"comparison\":\"isNotEqualTo\"},\"showPin\":false,\"name\":\"Events for {filter}\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} \\r\\n| where DeviceEventClassID has_cs \\\"RPZ\\\" \\r\\n| where InfobloxB1FeedName has_cs '{FilterTypeParam}' or InfobloxRPZ has_cs '{FilterTypeParam}'\\r\\n| where '{filter}' == InfobloxDomainCat \\r\\n| summarize count() by SourceIP\\r\\n| top 10 by count_ desc\\r\\n\",\"size\":2,\"title\":\"Top IPs for {filter}\",\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"piechart\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"LogSeverity\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"==\",\"thresholdValue\":\"0\",\"representation\":\"green\",\"text\":\"N/A\"},{\"operator\":\"==\",\"thresholdValue\":\"1\",\"representation\":\"blue\",\"text\":\"Low/Info\"},{\"operator\":\"==\",\"thresholdValue\":\"5\",\"representation\":\"orange\",\"text\":\"Medium\"},{\"operator\":\"==\",\"thresholdValue\":\"8\",\"representation\":\"red\",\"text\":\"High\"},{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}],\"compositeBarSettings\":{\"labelText\":\"\",\"columnSettings\":[{\"columnName\":\"LogSeverity\",\"color\":\"blue\"},{\"columnName\":\"DestinationDnsDomain\",\"color\":\"purple\"}]}}},{\"columnMatch\":\"Count\",\"formatter\":4,\"formatOptions\":{\"min\":0,\"palette\":\"blue\"}}],\"rowLimit\":500,\"filter\":true,\"labelSettings\":[{\"columnId\":\"LogSeverity\",\"label\":\"Threat Level\"}]}},\"customWidth\":\"25\",\"conditionalVisibility\":{\"parameterName\":\"filter\",\"comparison\":\"isNotEqualTo\"},\"showPin\":false,\"name\":\"Top IPs for {filter}\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let starttime = {TimeRange:start};\\r\\nlet endtime = {TimeRange:end};\\r\\n// Finding Tops \\r\\nlet Top = materialize(InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} \\r\\n| where DeviceEventClassID has_cs \\\"RPZ\\\" \\r\\n| where InfobloxB1FeedName has_cs '{FilterTypeParam}' or InfobloxRPZ has_cs '{FilterTypeParam}'\\r\\n| where '{filter}' == InfobloxDomainCat \\r\\n| summarize count() by DestinationDnsDomain\\r\\n| top 10 by count_ \\r\\n| project DestinationDnsDomain);\\r\\n// Filtering datasource to Tops and Plot Time chart\\r\\nInfobloxCDC\\r\\n| where TimeGenerated {TimeRange} \\r\\n| where DeviceEventClassID has_cs \\\"RPZ\\\" \\r\\n| where InfobloxB1FeedName has_cs '{FilterTypeParam}' or InfobloxRPZ has_cs '{FilterTypeParam}'\\r\\n| where '{filter}' == InfobloxDomainCat \\r\\n| where DestinationDnsDomain in ((Top))\\r\\n| project TimeGenerated, DestinationDnsDomain\\r\\n| make-series Total= count() default = 0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step {TimeRange:grain} by DestinationDnsDomain\\r\\n\",\"size\":2,\"title\":\"Top Queries for {filter} by Time\",\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"barchart\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"LogSeverity\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"==\",\"thresholdValue\":\"0\",\"representation\":\"green\",\"text\":\"N/A\"},{\"operator\":\"==\",\"thresholdValue\":\"1\",\"representation\":\"blue\",\"text\":\"Low/Info\"},{\"operator\":\"==\",\"thresholdValue\":\"5\",\"representation\":\"orange\",\"text\":\"Medium\"},{\"operator\":\"==\",\"thresholdValue\":\"8\",\"representation\":\"red\",\"text\":\"High\"},{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}],\"compositeBarSettings\":{\"labelText\":\"\",\"columnSettings\":[{\"columnName\":\"LogSeverity\",\"color\":\"blue\"},{\"columnName\":\"DestinationDnsDomain\",\"color\":\"purple\"}]}}},{\"columnMatch\":\"Count\",\"formatter\":4,\"formatOptions\":{\"min\":0,\"palette\":\"blue\"}}],\"rowLimit\":500,\"filter\":true,\"labelSettings\":[{\"columnId\":\"LogSeverity\",\"label\":\"Threat Level\"}]},\"chartSettings\":{\"createOtherGroup\":0,\"showLegend\":true}},\"customWidth\":\"74\",\"conditionalVisibility\":{\"parameterName\":\"filter\",\"comparison\":\"isNotEqualTo\"},\"showPin\":false,\"name\":\"Top Queries for {filter} by Time\",\"styleSettings\":{\"margin\":\"0 0 0 1%\"}}]},\"name\":\"Category Filter By Type\"},{\"type\":1,\"content\":{\"json\":\"---\\r\\n## By Source IP\"},\"name\":\"text - 5\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let starttime = {TimeRange:start};\\r\\nlet endtime = {TimeRange:end};\\r\\n// Finding Tops \\r\\nlet Top = materialize(InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} \\r\\n| where DeviceEventClassID has_cs \\\"RPZ\\\" \\r\\n| where InfobloxB1FeedName has_cs '{FilterTypeParam}' or InfobloxRPZ has_cs '{FilterTypeParam}'\\r\\n| summarize count() by SourceIP\\r\\n| top 15 by count_ \\r\\n| project SourceIP);\\r\\n// Filtering datasource to Tops and Plot Time chart\\r\\nInfobloxCDC\\r\\n| where TimeGenerated {TimeRange} \\r\\n| where DeviceEventClassID has_cs \\\"RPZ\\\" \\r\\n| where InfobloxB1FeedName has_cs '{FilterTypeParam}' or InfobloxRPZ has_cs '{FilterTypeParam}'\\r\\n| where SourceIP in ((Top))\\r\\n| project TimeGenerated, SourceIP\\r\\n| make-series Total= count() default = 0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step {TimeRange:grain} by SourceIP\",\"size\":2,\"title\":\"Top Source IPs by Time\",\"color\":\"red\",\"timeContext\":{\"durationMs\":14400000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"barchart\",\"chartSettings\":{\"createOtherGroup\":0,\"showLegend\":true}},\"name\":\"Top Source IPs by Time\"},{\"type\":1,\"content\":{\"json\":\"#### Click on a Source IP in the chart below to further drilldown the IP.\\r\\n\\r\\n---\",\"style\":\"info\"},\"name\":\"text - 5\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} \\r\\n| where DeviceEventClassID has_cs \\\"RPZ\\\" \\r\\n| where InfobloxB1FeedName has_cs '{FilterTypeParam}' or InfobloxRPZ has_cs '{FilterTypeParam}'\\r\\n| summarize count() by SourceIP\\r\\n| sort by count_ desc\",\"size\":0,\"title\":\"Hit Count by Source IP\",\"timeContext\":{\"durationMs\":14400000},\"timeContextFromParameter\":\"TimeRange\",\"exportFieldName\":\"SourceIP\",\"exportParameterName\":\"ip_cat\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"SourceIP\",\"formatter\":0,\"formatOptions\":{\"customColumnWidthSetting\":\"60%\"}},{\"columnMatch\":\"count_\",\"formatter\":3,\"formatOptions\":{\"palette\":\"greenRed\",\"compositeBarSettings\":{\"labelText\":\"\"},\"customColumnWidthSetting\":\"40%\"}},{\"columnMatch\":\"CategoryFilter\",\"formatter\":0,\"formatOptions\":{\"customColumnWidthSetting\":\"50%\"}}],\"filter\":true,\"labelSettings\":[{\"columnId\":\"count_\",\"label\":\"Hits\"}]},\"tileSettings\":{\"showBorder\":false,\"titleContent\":{\"columnMatch\":\"DestinationDnsDomain\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"},\"numberFormat\":{\"unit\":17,\"options\":{\"maximumSignificantDigits\":3,\"maximumFractionDigits\":2}}}}},\"customWidth\":\"30\",\"name\":\"Hit Count by Source IP\",\"styleSettings\":{\"margin\":\"0 10px 0 0\"}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} \\r\\n| where DeviceEventClassID has_cs \\\"RPZ\\\" \\r\\n| where InfobloxB1FeedName has_cs '{FilterTypeParam}' or InfobloxRPZ has_cs '{FilterTypeParam}'\\r\\n| where '{ip_cat}' == SourceIP\\r\\n| sort by TimeGenerated desc, InfobloxDomainCat desc\\r\\n| project TimeGenerated, DestinationDnsDomain, InfobloxDomainCat, InfobloxB1PolicyAction, DeviceAction, InfobloxB1PolicyName, SourceIP, DeviceName, SourceMACAddress, SourceUserName, InfobloxB1SrcOSVersion, InfobloxB1ConnectionType, InfobloxB1Network, AdditionalExtensionsParsedNested\\r\\n\\r\\n\",\"size\":2,\"showAnalytics\":true,\"title\":\"Events for {ip_cat}\",\"timeContext\":{\"durationMs\":14400000},\"timeContextFromParameter\":\"TimeRange\",\"showRefreshButton\":true,\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"LogSeverity\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"gray\",\"text\":\"N/A\"}],\"compositeBarSettings\":{\"labelText\":\"\",\"columnSettings\":[{\"columnName\":\"LogSeverity\",\"color\":\"blue\"},{\"columnName\":\"DestinationDnsDomain\",\"color\":\"purple\"}]}}},{\"columnMatch\":\"Message\",\"formatter\":0,\"formatOptions\":{\"customColumnWidthSetting\":\"40%\"}},{\"columnMatch\":\"Count\",\"formatter\":4,\"formatOptions\":{\"min\":0,\"palette\":\"blue\"}}],\"rowLimit\":500,\"filter\":true}},\"customWidth\":\"70\",\"conditionalVisibility\":{\"parameterName\":\"ip_cat\",\"comparison\":\"isNotEqualTo\"},\"showPin\":false,\"name\":\"Events for {ip_cat}\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} \\r\\n| where DeviceEventClassID has_cs \\\"RPZ\\\" \\r\\n| where InfobloxB1FeedName has_cs '{FilterTypeParam}' or InfobloxRPZ has_cs '{FilterTypeParam}'\\r\\n| where '{ip_cat}' == SourceIP \\r\\n| summarize count() by DestinationDnsDomain\",\"size\":2,\"title\":\"Top Queries for {ip_cat}\",\"timeContext\":{\"durationMs\":14400000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"piechart\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"LogSeverity\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"==\",\"thresholdValue\":\"0\",\"representation\":\"green\",\"text\":\"N/A\"},{\"operator\":\"==\",\"thresholdValue\":\"1\",\"representation\":\"blue\",\"text\":\"Low/Info\"},{\"operator\":\"==\",\"thresholdValue\":\"5\",\"representation\":\"orange\",\"text\":\"Medium\"},{\"operator\":\"==\",\"thresholdValue\":\"8\",\"representation\":\"red\",\"text\":\"High\"},{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}],\"compositeBarSettings\":{\"labelText\":\"\",\"columnSettings\":[{\"columnName\":\"LogSeverity\",\"color\":\"blue\"},{\"columnName\":\"DestinationDnsDomain\",\"color\":\"purple\"}]}}},{\"columnMatch\":\"Count\",\"formatter\":4,\"formatOptions\":{\"min\":0,\"palette\":\"blue\"}}],\"rowLimit\":500,\"filter\":true,\"labelSettings\":[{\"columnId\":\"LogSeverity\",\"label\":\"Threat Level\"}]},\"chartSettings\":{\"createOtherGroup\":10}},\"customWidth\":\"25\",\"conditionalVisibility\":{\"parameterName\":\"ip_cat\",\"comparison\":\"isNotEqualTo\"},\"showPin\":false,\"name\":\"Top Queries for {ip_cat}\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let starttime = {TimeRange:start};\\r\\nlet endtime = {TimeRange:end};\\r\\n// Finding Tops \\r\\nlet Top = materialize(InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} \\r\\n| where DeviceEventClassID has_cs \\\"RPZ\\\" \\r\\n| where InfobloxB1FeedName has_cs '{FilterTypeParam}' or InfobloxRPZ has_cs '{FilterTypeParam}'\\r\\n| where '{ip_cat}' == SourceIP \\r\\n| summarize count() by InfobloxDomainCat\\r\\n| top 10 by count_ \\r\\n| project InfobloxDomainCat);\\r\\n// Filtering datasource to Tops and Plot Time chart\\r\\nInfobloxCDC\\r\\n| where TimeGenerated {TimeRange} \\r\\n| where DeviceEventClassID has_cs \\\"RPZ\\\" \\r\\n| where InfobloxB1FeedName has_cs '{FilterTypeParam}' or InfobloxRPZ has_cs '{FilterTypeParam}'\\r\\n| where '{ip_cat}' == SourceIP \\r\\n| where InfobloxDomainCat in ((Top))\\r\\n| project TimeGenerated, InfobloxDomainCat\\r\\n| make-series Total= count() default = 0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step {TimeRange:grain} by InfobloxDomainCat\",\"size\":2,\"title\":\"Top Filters for {ip_cat} by Time\",\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"barchart\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"LogSeverity\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"==\",\"thresholdValue\":\"0\",\"representation\":\"green\",\"text\":\"N/A\"},{\"operator\":\"==\",\"thresholdValue\":\"1\",\"representation\":\"blue\",\"text\":\"Low/Info\"},{\"operator\":\"==\",\"thresholdValue\":\"5\",\"representation\":\"orange\",\"text\":\"Medium\"},{\"operator\":\"==\",\"thresholdValue\":\"8\",\"representation\":\"red\",\"text\":\"High\"},{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}],\"compositeBarSettings\":{\"labelText\":\"\",\"columnSettings\":[{\"columnName\":\"LogSeverity\",\"color\":\"blue\"},{\"columnName\":\"DestinationDnsDomain\",\"color\":\"purple\"}]}}},{\"columnMatch\":\"Count\",\"formatter\":4,\"formatOptions\":{\"min\":0,\"palette\":\"blue\"}}],\"rowLimit\":500,\"filter\":true,\"labelSettings\":[{\"columnId\":\"LogSeverity\",\"label\":\"Threat Level\"}]},\"chartSettings\":{\"createOtherGroup\":0,\"showLegend\":true}},\"customWidth\":\"75\",\"conditionalVisibility\":{\"parameterName\":\"ip_cat\",\"comparison\":\"isNotEqualTo\"},\"showPin\":false,\"name\":\"Top Filters for {ip_cat} by Time\"}]},\"name\":\"Category Filter by IP\"}]},\"conditionalVisibility\":{\"parameterName\":\"view\",\"comparison\":\"isEqualTo\",\"value\":\"Filters\"},\"name\":\"Category Filters\"}],\"styleSettings\":{\"spacingStyle\":\"none\"},\"fromTemplateId\":\"sentinel-InfobloxCDCB1TDWorkbook\",\"$schema\":\"https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json\"}\r\n",
                 "version": "1.0",
                 "sourceId": "[variables('workspaceResourceId')]",
                 "category": "sentinel"
@@ -320,7 +320,7 @@
               "kind": "Scheduled",
               "location": "[parameters('workspace-location')]",
               "properties": {
-                "description": "Data exfiltration attack detected by Infoblox Threat Insight. Customize query count, scheduling, responses and more. This rule depends on a parser based on a Kusto Function to work as expected called [**InfobloxCDC**](https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Solutions/Infoblox%20Cloud%20Data%20Connector/Parsers/InfobloxCDC.txt).",
+                "description": "Data exfiltration attack detected by Infoblox Threat Insight. Customize query count, scheduling, responses and more. This rule depends on a parser based on a Kusto Function to work as expected called [**InfobloxCDC**](https://aka.ms/sentinel-InfobloxCloudDataConnector-parser).",
                 "displayName": "Infoblox - Data Exfiltration Attack",
                 "enabled": false,
                 "query": "let threshold = 1;\nInfobloxCDC\n| where DeviceEventClassID has_cs \"RPZ\"\n| where InfobloxB1FeedName == \"Threat Insight - Data Exfiltration\"\n| summarize count() by SourceIP\n| where count_ > threshold\n| join kind=innerunique (InfobloxCDC\n  | where DeviceEventClassID has_cs \"RPZ\"\n  | where InfobloxB1FeedName == \"Threat Insight - Data Exfiltration\"\n  ) on SourceIP\n",
@@ -334,10 +334,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "InfobloxCloudDataConnector",
                     "dataTypes": [
                       "CommonSecurityLog (InfobloxCDC)"
-                    ]
+                    ],
+                    "connectorId": "InfobloxCloudDataConnector"
                   }
                 ],
                 "tactics": [
@@ -349,43 +349,43 @@
                 ],
                 "entityMappings": [
                   {
-                    "entityType": "IP",
                     "fieldMappings": [
                       {
-                        "columnName": "SourceIP",
-                        "identifier": "Address"
+                        "identifier": "Address",
+                        "columnName": "SourceIP"
                       }
-                    ]
+                    ],
+                    "entityType": "IP"
                   },
                   {
-                    "entityType": "Host",
                     "fieldMappings": [
                       {
-                        "columnName": "DeviceName",
-                        "identifier": "HostName"
+                        "identifier": "HostName",
+                        "columnName": "DeviceName"
                       },
                       {
-                        "columnName": "InfobloxB1SrcOSVersion",
-                        "identifier": "OSVersion"
+                        "identifier": "OSVersion",
+                        "columnName": "InfobloxB1SrcOSVersion"
                       },
                       {
-                        "columnName": "SourceUserName",
-                        "identifier": "FullName"
+                        "identifier": "FullName",
+                        "columnName": "SourceUserName"
                       }
-                    ]
+                    ],
+                    "entityType": "Host"
                   },
                   {
-                    "entityType": "Malware",
                     "fieldMappings": [
                       {
-                        "columnName": "InfobloxB1FeedName",
-                        "identifier": "Name"
+                        "identifier": "Name",
+                        "columnName": "InfobloxB1FeedName"
                       },
                       {
-                        "columnName": "InfobloxB1FeedName",
-                        "identifier": "Category"
+                        "identifier": "Category",
+                        "columnName": "InfobloxB1FeedName"
                       }
-                    ]
+                    ],
+                    "entityType": "Malware"
                   }
                 ],
                 "eventGroupingSettings": {
@@ -393,19 +393,19 @@
                 },
                 "customDetails": {
                   "InfobloxB1Network": "InfobloxB1Network",
+                  "InfobloxB1PolicyName": "InfobloxB1PolicyName",
                   "InfobloxB1FeedName": "InfobloxB1FeedName",
                   "InfobloxB1Action": "InfobloxB1PolicyAction",
-                  "InfobloxB1PolicyName": "InfobloxB1PolicyName",
                   "SourceMACAddress": "SourceMACAddress"
                 },
                 "incidentConfiguration": {
+                  "createIncident": true,
                   "groupingConfiguration": {
                     "reopenClosedIncident": true,
                     "matchingMethod": "AllEntities",
-                    "lookbackDuration": "7d",
-                    "enabled": true
-                  },
-                  "createIncident": true
+                    "enabled": true,
+                    "lookbackDuration": "7d"
+                  }
                 }
               }
             },
@@ -487,10 +487,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "InfobloxCloudDataConnector",
                     "dataTypes": [
                       "CommonSecurityLog (InfobloxCDC)"
-                    ]
+                    ],
+                    "connectorId": "InfobloxCloudDataConnector"
                   }
                 ],
                 "tactics": [
@@ -502,52 +502,52 @@
                 ],
                 "entityMappings": [
                   {
-                    "entityType": "IP",
                     "fieldMappings": [
                       {
-                        "columnName": "SourceIP",
-                        "identifier": "Address"
+                        "identifier": "Address",
+                        "columnName": "SourceIP"
                       }
-                    ]
+                    ],
+                    "entityType": "IP"
                   },
                   {
-                    "entityType": "Host",
                     "fieldMappings": [
                       {
-                        "columnName": "DeviceName",
-                        "identifier": "HostName"
+                        "identifier": "HostName",
+                        "columnName": "DeviceName"
                       },
                       {
-                        "columnName": "InfobloxB1SrcOSVersion",
-                        "identifier": "OSVersion"
+                        "identifier": "OSVersion",
+                        "columnName": "InfobloxB1SrcOSVersion"
                       },
                       {
-                        "columnName": "SourceUserName",
-                        "identifier": "FullName"
+                        "identifier": "FullName",
+                        "columnName": "SourceUserName"
                       }
-                    ]
+                    ],
+                    "entityType": "Host"
                   },
                   {
-                    "entityType": "DNS",
                     "fieldMappings": [
                       {
-                        "columnName": "DestinationDnsDomain",
-                        "identifier": "DomainName"
+                        "identifier": "DomainName",
+                        "columnName": "DestinationDnsDomain"
                       }
-                    ]
+                    ],
+                    "entityType": "DNS"
                   },
                   {
-                    "entityType": "Malware",
                     "fieldMappings": [
                       {
-                        "columnName": "ThreatProperty",
-                        "identifier": "Name"
+                        "identifier": "Name",
+                        "columnName": "ThreatProperty"
                       },
                       {
-                        "columnName": "ThreatClass",
-                        "identifier": "Category"
+                        "identifier": "Category",
+                        "columnName": "ThreatClass"
                       }
-                    ]
+                    ],
+                    "entityType": "Malware"
                   }
                 ],
                 "eventGroupingSettings": {
@@ -555,9 +555,9 @@
                 },
                 "customDetails": {
                   "InfobloxB1Network": "InfobloxB1Network",
+                  "InfobloxB1PolicyName": "InfobloxB1PolicyName",
                   "InfobloxB1FeedName": "InfobloxB1FeedName",
                   "InfobloxB1Action": "InfobloxB1PolicyAction",
-                  "InfobloxB1PolicyName": "InfobloxB1PolicyName",
                   "SourceMACAddress": "SourceMACAddress"
                 },
                 "incidentConfiguration": {
@@ -629,7 +629,7 @@
               "kind": "Scheduled",
               "location": "[parameters('workspace-location')]",
               "properties": {
-                "description": "At least 200 high threat level queries generated by single host in 1 hour. Queries do not need to be the same. Customize query count, scheduling, responses and more. This rule depends on a parser based on a Kusto Function to work as expected called [**InfobloxCDC**](https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Solutions/Infoblox%20Cloud%20Data%20Connector/Parsers/InfobloxCDC.txt).",
+                "description": "At least 200 high threat level queries generated by single host in 1 hour. Queries do not need to be the same. Customize query count, scheduling, responses and more. This rule depends on a parser based on a Kusto Function to work as expected called [**InfobloxCDC**](https://aka.ms/sentinel-InfobloxCloudDataConnector-parser).",
                 "displayName": "Infoblox - Many High Threat Level Queries From Single Host Detected",
                 "enabled": false,
                 "query": "let threshold = 200;\nInfobloxCDC\n| where DeviceEventClassID has_cs \"RPZ\"\n| where ThreatLevel_Score >= 80\n| summarize count() by SourceIP\n| where count_ > threshold\n| join kind=inner (InfobloxCDC\n  | where DeviceEventClassID has_cs \"RPZ\"\n  | where ThreatLevel_Score >= 80\n  ) on SourceIP\n",
@@ -643,10 +643,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "InfobloxCloudDataConnector",
                     "dataTypes": [
                       "CommonSecurityLog (InfobloxCDC)"
-                    ]
+                    ],
+                    "connectorId": "InfobloxCloudDataConnector"
                   }
                 ],
                 "tactics": [
@@ -658,30 +658,30 @@
                 ],
                 "entityMappings": [
                   {
-                    "entityType": "IP",
                     "fieldMappings": [
                       {
-                        "columnName": "SourceIP",
-                        "identifier": "Address"
+                        "identifier": "Address",
+                        "columnName": "SourceIP"
                       }
-                    ]
+                    ],
+                    "entityType": "IP"
                   },
                   {
-                    "entityType": "Host",
                     "fieldMappings": [
                       {
-                        "columnName": "DeviceName",
-                        "identifier": "HostName"
+                        "identifier": "HostName",
+                        "columnName": "DeviceName"
                       },
                       {
-                        "columnName": "InfobloxB1SrcOSVersion",
-                        "identifier": "OSVersion"
+                        "identifier": "OSVersion",
+                        "columnName": "InfobloxB1SrcOSVersion"
                       },
                       {
-                        "columnName": "SourceUserName",
-                        "identifier": "FullName"
+                        "identifier": "FullName",
+                        "columnName": "SourceUserName"
                       }
-                    ]
+                    ],
+                    "entityType": "Host"
                   }
                 ],
                 "eventGroupingSettings": {
@@ -773,10 +773,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "InfobloxCloudDataConnector",
                     "dataTypes": [
                       "CommonSecurityLog (InfobloxCDC)"
-                    ]
+                    ],
+                    "connectorId": "InfobloxCloudDataConnector"
                   }
                 ],
                 "tactics": [
@@ -788,26 +788,26 @@
                 ],
                 "entityMappings": [
                   {
-                    "entityType": "DNS",
                     "fieldMappings": [
                       {
-                        "columnName": "DestinationDnsDomain",
-                        "identifier": "DomainName"
+                        "identifier": "DomainName",
+                        "columnName": "DestinationDnsDomain"
                       }
-                    ]
+                    ],
+                    "entityType": "DNS"
                   },
                   {
-                    "entityType": "Malware",
                     "fieldMappings": [
                       {
-                        "columnName": "ThreatProperty",
-                        "identifier": "Name"
+                        "identifier": "Name",
+                        "columnName": "ThreatProperty"
                       },
                       {
-                        "columnName": "ThreatClass",
-                        "identifier": "Category"
+                        "identifier": "Category",
+                        "columnName": "ThreatClass"
                       }
-                    ]
+                    ],
+                    "entityType": "Malware"
                   }
                 ],
                 "eventGroupingSettings": {
@@ -815,8 +815,8 @@
                 },
                 "customDetails": {
                   "InfobloxB1Network": "InfobloxB1Network",
-                  "InfobloxB1FeedName": "InfobloxB1FeedName",
-                  "InfobloxB1PolicyName": "InfobloxB1PolicyName"
+                  "InfobloxB1PolicyName": "InfobloxB1PolicyName",
+                  "InfobloxB1FeedName": "InfobloxB1FeedName"
                 },
                 "incidentConfiguration": {
                   "createIncident": true
@@ -887,7 +887,7 @@
               "kind": "Scheduled",
               "location": "[parameters('workspace-location')]",
               "properties": {
-                "description": "Detected at least 200 DNS responses for non-existent domains in 1 hour generated by single host. Queries do not need to be the same. Customize query count, scheduling, responses and more. This rule depends on a parser based on a Kusto Function to work as expected called [**InfobloxCDC**](https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Solutions/Infoblox%20Cloud%20Data%20Connector/Parsers/InfobloxCDC.txt).",
+                "description": "Detected at least 200 DNS responses for non-existent domains in 1 hour generated by single host. Queries do not need to be the same. Customize query count, scheduling, responses and more. This rule depends on a parser based on a Kusto Function to work as expected called [**InfobloxCDC**](https://aka.ms/sentinel-InfobloxCloudDataConnector-parser).",
                 "displayName": "Infoblox - Many NXDOMAIN DNS Responses Detected",
                 "enabled": false,
                 "query": "let threshold = 200;\nInfobloxCDC\n| where DeviceEventClassID == \"DNS Response\"\n| where InfobloxDNSRCode == \"NXDOMAIN\"\n| summarize count() by SourceIP\n| where count_ > threshold\n| join kind=inner (InfobloxCDC\n  | where DeviceEventClassID == \"DNS Response\"\n  | where InfobloxDNSRCode == \"NXDOMAIN\"\n  ) on SourceIP\n",
@@ -901,10 +901,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "InfobloxCloudDataConnector",
                     "dataTypes": [
                       "CommonSecurityLog (InfobloxCDC)"
-                    ]
+                    ],
+                    "connectorId": "InfobloxCloudDataConnector"
                   }
                 ],
                 "tactics": [
@@ -916,30 +916,30 @@
                 ],
                 "entityMappings": [
                   {
-                    "entityType": "IP",
                     "fieldMappings": [
                       {
-                        "columnName": "SourceIP",
-                        "identifier": "Address"
+                        "identifier": "Address",
+                        "columnName": "SourceIP"
                       }
-                    ]
+                    ],
+                    "entityType": "IP"
                   },
                   {
-                    "entityType": "Host",
                     "fieldMappings": [
                       {
-                        "columnName": "DeviceName",
-                        "identifier": "HostName"
+                        "identifier": "HostName",
+                        "columnName": "DeviceName"
                       },
                       {
-                        "columnName": "InfobloxB1SrcOSVersion",
-                        "identifier": "OSVersion"
+                        "identifier": "OSVersion",
+                        "columnName": "InfobloxB1SrcOSVersion"
                       },
                       {
-                        "columnName": "SourceUserName",
-                        "identifier": "FullName"
+                        "identifier": "FullName",
+                        "columnName": "SourceUserName"
                       }
-                    ]
+                    ],
+                    "entityType": "Host"
                   }
                 ],
                 "eventGroupingSettings": {
@@ -1031,16 +1031,16 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "CEF",
                     "dataTypes": [
                       "CommonSecurityLog"
-                    ]
+                    ],
+                    "connectorId": "CEF"
                   },
                   {
-                    "connectorId": "ThreatIntelligence",
                     "dataTypes": [
                       "ThreatIntelligenceIndicator"
-                    ]
+                    ],
+                    "connectorId": "ThreatIntelligence"
                   }
                 ],
                 "tactics": [
@@ -1052,35 +1052,35 @@
                 ],
                 "entityMappings": [
                   {
-                    "entityType": "IP",
                     "fieldMappings": [
                       {
-                        "columnName": "SourceIP",
-                        "identifier": "Address"
+                        "identifier": "Address",
+                        "columnName": "SourceIP"
                       }
-                    ]
+                    ],
+                    "entityType": "IP"
                   },
                   {
-                    "entityType": "Host",
                     "fieldMappings": [
                       {
-                        "columnName": "DeviceName",
-                        "identifier": "HostName"
+                        "identifier": "HostName",
+                        "columnName": "DeviceName"
                       },
                       {
-                        "columnName": "SourceUserName",
-                        "identifier": "FullName"
+                        "identifier": "FullName",
+                        "columnName": "SourceUserName"
                       }
-                    ]
+                    ],
+                    "entityType": "Host"
                   },
                   {
-                    "entityType": "DNS",
                     "fieldMappings": [
                       {
-                        "columnName": "DestinationDnsDomain",
-                        "identifier": "DomainName"
+                        "identifier": "DomainName",
+                        "columnName": "DestinationDnsDomain"
                       }
-                    ]
+                    ],
+                    "entityType": "DNS"
                   }
                 ],
                 "eventGroupingSettings": {
@@ -1172,16 +1172,16 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "InfobloxCloudDataConnector",
                     "dataTypes": [
                       "CommonSecurityLog (InfobloxCDC)"
-                    ]
+                    ],
+                    "connectorId": "InfobloxCloudDataConnector"
                   },
                   {
-                    "connectorId": "ThreatIntelligence",
                     "dataTypes": [
                       "ThreatIntelligenceIndicator"
-                    ]
+                    ],
+                    "connectorId": "ThreatIntelligence"
                   }
                 ],
                 "tactics": [
@@ -1193,52 +1193,52 @@
                 ],
                 "entityMappings": [
                   {
-                    "entityType": "IP",
                     "fieldMappings": [
                       {
-                        "columnName": "SourceIP",
-                        "identifier": "Address"
+                        "identifier": "Address",
+                        "columnName": "SourceIP"
                       }
-                    ]
+                    ],
+                    "entityType": "IP"
                   },
                   {
-                    "entityType": "Host",
                     "fieldMappings": [
                       {
-                        "columnName": "DeviceName",
-                        "identifier": "HostName"
+                        "identifier": "HostName",
+                        "columnName": "DeviceName"
                       },
                       {
-                        "columnName": "InfobloxB1SrcOSVersion",
-                        "identifier": "OSVersion"
+                        "identifier": "OSVersion",
+                        "columnName": "InfobloxB1SrcOSVersion"
                       },
                       {
-                        "columnName": "SourceUserName",
-                        "identifier": "FullName"
+                        "identifier": "FullName",
+                        "columnName": "SourceUserName"
                       }
-                    ]
+                    ],
+                    "entityType": "Host"
                   },
                   {
-                    "entityType": "DNS",
                     "fieldMappings": [
                       {
-                        "columnName": "DestinationDnsDomain",
-                        "identifier": "DomainName"
+                        "identifier": "DomainName",
+                        "columnName": "DestinationDnsDomain"
                       }
-                    ]
+                    ],
+                    "entityType": "DNS"
                   },
                   {
-                    "entityType": "Malware",
                     "fieldMappings": [
                       {
-                        "columnName": "ThreatProperty",
-                        "identifier": "Name"
+                        "identifier": "Name",
+                        "columnName": "ThreatProperty"
                       },
                       {
-                        "columnName": "ThreatClass",
-                        "identifier": "Category"
+                        "identifier": "Category",
+                        "columnName": "ThreatClass"
                       }
-                    ]
+                    ],
+                    "entityType": "Malware"
                   }
                 ],
                 "eventGroupingSettings": {
@@ -1246,9 +1246,9 @@
                 },
                 "customDetails": {
                   "InfobloxB1Network": "InfobloxB1Network",
+                  "InfobloxB1PolicyName": "InfobloxB1PolicyName",
                   "InfobloxB1FeedName": "InfobloxB1FeedName",
                   "InfobloxB1Action": "InfobloxB1PolicyAction",
-                  "InfobloxB1PolicyName": "InfobloxB1PolicyName",
                   "SourceMACAddress": "SourceMACAddress"
                 },
                 "incidentConfiguration": {
@@ -1334,16 +1334,16 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "Syslog",
                     "dataTypes": [
                       "Syslog"
-                    ]
+                    ],
+                    "connectorId": "Syslog"
                   },
                   {
-                    "connectorId": "ThreatIntelligence",
                     "dataTypes": [
                       "ThreatIntelligenceIndicator"
-                    ]
+                    ],
+                    "connectorId": "ThreatIntelligence"
                   }
                 ],
                 "tactics": [
@@ -1355,40 +1355,40 @@
                 ],
                 "entityMappings": [
                   {
-                    "entityType": "IP",
                     "fieldMappings": [
                       {
-                        "columnName": "HostIP",
-                        "identifier": "Address"
+                        "identifier": "Address",
+                        "columnName": "HostIP"
                       }
-                    ]
+                    ],
+                    "entityType": "IP"
                   },
                   {
-                    "entityType": "Host",
                     "fieldMappings": [
                       {
-                        "columnName": "Computer",
-                        "identifier": "HostName"
+                        "identifier": "HostName",
+                        "columnName": "Computer"
                       }
-                    ]
+                    ],
+                    "entityType": "Host"
                   },
                   {
-                    "entityType": "DNS",
                     "fieldMappings": [
                       {
-                        "columnName": "Url",
-                        "identifier": "DomainName"
+                        "identifier": "DomainName",
+                        "columnName": "Url"
                       }
-                    ]
+                    ],
+                    "entityType": "DNS"
                   },
                   {
-                    "entityType": "URL",
                     "fieldMappings": [
                       {
-                        "columnName": "Url",
-                        "identifier": "Url"
+                        "identifier": "Url",
+                        "columnName": "Url"
                       }
-                    ]
+                    ],
+                    "entityType": "URL"
                   }
                 ],
                 "eventGroupingSettings": {
@@ -1553,7 +1553,7 @@
                       "description": ">**IMPORTANT:** This data connector depends on a parser based on a Kusto Function to work as expected called [**InfobloxCDC**](https://aka.ms/sentinel-InfobloxCloudDataConnector-parser) which is deployed with the Microsoft Sentinel Solution."
                     },
                     {
-                      "description": ">**IMPORTANT:** This Microsoft Sentinel data connector assumes an Infoblox Data Connector host has already been created and configured in the Infoblox Cloud Services Portal (CSP). As the [**Infoblox Data Connector**](https://docs.infoblox.com/display/BloxOneThreatDefense/Deploying+the+Data+Connector+Solution) is a feature of BloxOne Threat Defense, access to an appropriate BloxOne Threat Defense subscription is required. See this [**quick-start guide**](https://www.infoblox.com/wp-content/uploads/infoblox-deployment-guide-data-connector.pdf) for more information and licensing requirements."
+                      "description": ">**IMPORTANT:** This Sentinel data connector assumes an Infoblox Data Connector host has already been created and configured in the Infoblox Cloud Services Portal (CSP). As the [**Infoblox Data Connector**](https://docs.infoblox.com/display/BloxOneThreatDefense/Deploying+the+Data+Connector+Solution) is a feature of BloxOne Threat Defense, access to an appropriate BloxOne Threat Defense subscription is required. See this [**quick-start guide**](https://www.infoblox.com/wp-content/uploads/infoblox-deployment-guide-data-connector.pdf) for more information and licensing requirements."
                     },
                     {
                       "description": "Install and configure the Linux agent to collect your Common Event Format (CEF) Syslog messages and forward them to Microsoft Sentinel.\n\n> Notice that the data from all regions will be stored in the selected workspace",
@@ -1774,7 +1774,7 @@
               "description": ">**IMPORTANT:** This data connector depends on a parser based on a Kusto Function to work as expected called [**InfobloxCDC**](https://aka.ms/sentinel-InfobloxCloudDataConnector-parser) which is deployed with the Microsoft Sentinel Solution."
             },
             {
-              "description": ">**IMPORTANT:** This Microsoft Sentinel data connector assumes an Infoblox Data Connector host has already been created and configured in the Infoblox Cloud Services Portal (CSP). As the [**Infoblox Data Connector**](https://docs.infoblox.com/display/BloxOneThreatDefense/Deploying+the+Data+Connector+Solution) is a feature of BloxOne Threat Defense, access to an appropriate BloxOne Threat Defense subscription is required. See this [**quick-start guide**](https://www.infoblox.com/wp-content/uploads/infoblox-deployment-guide-data-connector.pdf) for more information and licensing requirements."
+              "description": ">**IMPORTANT:** This Sentinel data connector assumes an Infoblox Data Connector host has already been created and configured in the Infoblox Cloud Services Portal (CSP). As the [**Infoblox Data Connector**](https://docs.infoblox.com/display/BloxOneThreatDefense/Deploying+the+Data+Connector+Solution) is a feature of BloxOne Threat Defense, access to an appropriate BloxOne Threat Defense subscription is required. See this [**quick-start guide**](https://www.infoblox.com/wp-content/uploads/infoblox-deployment-guide-data-connector.pdf) for more information and licensing requirements."
             },
             {
               "description": "Install and configure the Linux agent to collect your Common Event Format (CEF) Syslog messages and forward them to Microsoft Sentinel.\n\n> Notice that the data from all regions will be stored in the selected workspace",
@@ -1857,15 +1857,15 @@
               "properties": {
                 "eTag": "*",
                 "displayName": "Infoblox Cloud Data Connector Data Parser",
-                "category": "Samples",
+                "category": "Microsoft Sentinel Parser",
                 "functionAlias": "InfobloxCDC",
-                "query": "\nCommonSecurityLog\r\n| where DeviceVendor == \"Infoblox\" and DeviceProduct == \"Data Connector\"\r\n| extend AEcopy = AdditionalExtensions\r\n| extend AEcopy = trim_end(\"InfobloxDHCPOptions=;(.*?)\",AEcopy)\r\n| extend AEcopy = extract_all(@\"(?P<key>[^=;]+)=(?P<value>[^=;]+)\", dynamic([\"key\",\"value\"]), AEcopy)\r\n| mv-apply AEcopy on (\r\n    summarize AdditionalExtensionsParsedNested = make_bag(bag_pack(tostring(AEcopy[0]), AEcopy[1]))\r\n)\r\n| extend AdditionalExtensionsParsed = AdditionalExtensionsParsedNested\r\n| evaluate bag_unpack(AdditionalExtensionsParsed)\r\n| extend ThreatLevel_Score = toint(column_ifexists(\"InfobloxThreatLevel\", \"\"))\r\n| extend ThreatLevel = case(ThreatLevel_Score>=80, \"High\",\r\n                       ThreatLevel_Score>=30 and ThreatLevel_Score<80, \"Medium\",\r\n                       ThreatLevel_Score<30 and ThreatLevel_Score>=1, \"Low\",\r\n                       ThreatLevel_Score == 0,\"Info\",\r\n                       \"N/A\" )\r\n| extend ThreatClass = extract(\"(.*?)_\", 1, tostring(column_ifexists(\"InfobloxThreatProperty\", \"\")))\r\n| extend ThreatProperty = extract(\"([^_]*$)\", 1, tostring(column_ifexists(\"InfobloxThreatProperty\", \"\")))\r\n| extend InfobloxB1FeedName = column_ifexists(\"InfobloxB1FeedName\", \"\")\r\n| extend InfobloxRPZ = column_ifexists(\"InfobloxRPZ\", \"\")\r\n| extend InfobloxB1PolicyAction = column_ifexists(\"InfobloxB1PolicyAction\", \"\")\r\n| extend InfobloxB1PolicyName = column_ifexists(\"InfobloxB1PolicyName\", \"\")\r\n| extend InfobloxDomainCat = column_ifexists(\"InfobloxDomainCat\", \"\")\r\n| extend InfobloxB1ConnectionType = column_ifexists(\"InfobloxB1ConnectionType\", \"\")\r\n| extend InfobloxB1SrcOSVersion = column_ifexists(\"InfobloxB1SrcOSVersion\", \"\")\r\n| extend InfobloxB1Network = column_ifexists(\"InfobloxB1Network\", \"\")\r\n| extend DeviceName = column_ifexists(\"DeviceName\", \"\")\r\n| extend SourceMACAddress = column_ifexists(\"SourceMACAddress\", \"\")\r\n| extend InfobloxLeaseOp = column_ifexists(\"InfobloxLeaseOp\", \"\")\r\n| extend InfobloxLifetime = column_ifexists(\"InfobloxLifetime\", \"\")\r\n| extend InfobloxLeaseUUID = column_ifexists(\"InfobloxLeaseUUID\", \"\")\r\n| extend InfobloxDNSRCode = column_ifexists(\"InfobloxDNSRCode\", \"\")\r\n| extend InfobloxDNSQClass = column_ifexists(\"InfobloxDNSQClass\", \"\")\r\n| extend InfobloxDNSQType = column_ifexists(\"InfobloxDNSQType\", \"\")\r\n| extend InfobloxThreatConfidence = toint(column_ifexists(\"InfobloxThreatConfidence\", \"\"))\r\n| extend ThreatConfidence = toint(column_ifexists(\"InfobloxThreatConfidence\", \"\"))\r\n",
+                "query": "CommonSecurityLog\n| where DeviceVendor == \"Infoblox\" and DeviceProduct == \"Data Connector\"\n| extend AEcopy = AdditionalExtensions\n//Remove DHCP Option codes at end of DHCP logs to prevent invalid chars in fieldnames, causing errors. If you require these advanced fields, remove the following line.\n| extend AEcopy = trim_end(\"InfobloxDHCPOptions=;(.*?)\",AEcopy)\n| extend AEcopy = extract_all(@\"(?P<key>[^=;]+)=(?P<value>[^=;]+)\", dynamic([\"key\",\"value\"]), AEcopy)\n| mv-apply AEcopy on (\n    summarize AdditionalExtensionsParsedNested = make_bag(bag_pack(tostring(AEcopy[0]), AEcopy[1]))\n)\n| extend AdditionalExtensionsParsed = AdditionalExtensionsParsedNested\n| evaluate bag_unpack(AdditionalExtensionsParsed)\n| extend ThreatLevel_Score = toint(column_ifexists(\"InfobloxThreatLevel\", \"\"))\n| extend ThreatLevel = case(ThreatLevel_Score>=80, \"High\",\n                       ThreatLevel_Score>=30 and ThreatLevel_Score<80, \"Medium\",\n                       ThreatLevel_Score<30 and ThreatLevel_Score>=1, \"Low\",\n                       ThreatLevel_Score == 0,\"Info\",\n                       \"N/A\" )\n| extend ThreatClass = extract(\"(.*?)_\", 1, tostring(column_ifexists(\"InfobloxThreatProperty\", \"\")))\n| extend ThreatProperty = extract(\"([^_]*$)\", 1, tostring(column_ifexists(\"InfobloxThreatProperty\", \"\")))\n| extend InfobloxB1FeedName = column_ifexists(\"InfobloxB1FeedName\", \"\")\n| extend InfobloxRPZ = column_ifexists(\"InfobloxRPZ\", \"\")\n| extend InfobloxB1PolicyAction = column_ifexists(\"InfobloxB1PolicyAction\", \"\")\n| extend InfobloxB1PolicyName = column_ifexists(\"InfobloxB1PolicyName\", \"\")\n| extend InfobloxDomainCat = column_ifexists(\"InfobloxDomainCat\", \"\")\n| extend InfobloxB1ConnectionType = column_ifexists(\"InfobloxB1ConnectionType\", \"\")\n| extend InfobloxB1SrcOSVersion = column_ifexists(\"InfobloxB1SrcOSVersion\", \"\")\n| extend InfobloxB1Network = column_ifexists(\"InfobloxB1Network\", \"\")\n| extend DeviceName = column_ifexists(\"DeviceName\", \"\")\n| extend SourceMACAddress = column_ifexists(\"SourceMACAddress\", \"\")\n| extend InfobloxLeaseOp = column_ifexists(\"InfobloxLeaseOp\", \"\")\n| extend InfobloxLifetime = column_ifexists(\"InfobloxLifetime\", \"\")\n| extend InfobloxLeaseUUID = column_ifexists(\"InfobloxLeaseUUID\", \"\")\n| extend InfobloxDNSRCode = column_ifexists(\"InfobloxDNSRCode\", \"\")\n| extend InfobloxDNSQClass = column_ifexists(\"InfobloxDNSQClass\", \"\")\n| extend InfobloxDNSQType = column_ifexists(\"InfobloxDNSQType\", \"\")\n| extend InfobloxThreatConfidence = toint(column_ifexists(\"InfobloxThreatConfidence\", \"\"))\n| extend ThreatConfidence = toint(column_ifexists(\"InfobloxThreatConfidence\", \"\"))\n",
                 "functionParameters": "",
-                "version": 1,
+                "version": 2,
                 "tags": [
                   {
                     "name": "description",
-                    "value": "Infoblox Cloud Data Connector Data Parser"
+                    "value": ""
                   }
                 ]
               }
@@ -1921,15 +1921,15 @@
       "properties": {
         "eTag": "*",
         "displayName": "Infoblox Cloud Data Connector Data Parser",
-        "category": "Samples",
+        "category": "Microsoft Sentinel Parser",
         "functionAlias": "InfobloxCDC",
-        "query": "\nCommonSecurityLog\r\n| where DeviceVendor == \"Infoblox\" and DeviceProduct == \"Data Connector\"\r\n| extend AEcopy = AdditionalExtensions\r\n| extend AEcopy = trim_end(\"InfobloxDHCPOptions=;(.*?)\",AEcopy)\r\n| extend AEcopy = extract_all(@\"(?P<key>[^=;]+)=(?P<value>[^=;]+)\", dynamic([\"key\",\"value\"]), AEcopy)\r\n| mv-apply AEcopy on (\r\n    summarize AdditionalExtensionsParsedNested = make_bag(bag_pack(tostring(AEcopy[0]), AEcopy[1]))\r\n)\r\n| extend AdditionalExtensionsParsed = AdditionalExtensionsParsedNested\r\n| evaluate bag_unpack(AdditionalExtensionsParsed)\r\n| extend ThreatLevel_Score = toint(column_ifexists(\"InfobloxThreatLevel\", \"\"))\r\n| extend ThreatLevel = case(ThreatLevel_Score>=80, \"High\",\r\n                       ThreatLevel_Score>=30 and ThreatLevel_Score<80, \"Medium\",\r\n                       ThreatLevel_Score<30 and ThreatLevel_Score>=1, \"Low\",\r\n                       ThreatLevel_Score == 0,\"Info\",\r\n                       \"N/A\" )\r\n| extend ThreatClass = extract(\"(.*?)_\", 1, tostring(column_ifexists(\"InfobloxThreatProperty\", \"\")))\r\n| extend ThreatProperty = extract(\"([^_]*$)\", 1, tostring(column_ifexists(\"InfobloxThreatProperty\", \"\")))\r\n| extend InfobloxB1FeedName = column_ifexists(\"InfobloxB1FeedName\", \"\")\r\n| extend InfobloxRPZ = column_ifexists(\"InfobloxRPZ\", \"\")\r\n| extend InfobloxB1PolicyAction = column_ifexists(\"InfobloxB1PolicyAction\", \"\")\r\n| extend InfobloxB1PolicyName = column_ifexists(\"InfobloxB1PolicyName\", \"\")\r\n| extend InfobloxDomainCat = column_ifexists(\"InfobloxDomainCat\", \"\")\r\n| extend InfobloxB1ConnectionType = column_ifexists(\"InfobloxB1ConnectionType\", \"\")\r\n| extend InfobloxB1SrcOSVersion = column_ifexists(\"InfobloxB1SrcOSVersion\", \"\")\r\n| extend InfobloxB1Network = column_ifexists(\"InfobloxB1Network\", \"\")\r\n| extend DeviceName = column_ifexists(\"DeviceName\", \"\")\r\n| extend SourceMACAddress = column_ifexists(\"SourceMACAddress\", \"\")\r\n| extend InfobloxLeaseOp = column_ifexists(\"InfobloxLeaseOp\", \"\")\r\n| extend InfobloxLifetime = column_ifexists(\"InfobloxLifetime\", \"\")\r\n| extend InfobloxLeaseUUID = column_ifexists(\"InfobloxLeaseUUID\", \"\")\r\n| extend InfobloxDNSRCode = column_ifexists(\"InfobloxDNSRCode\", \"\")\r\n| extend InfobloxDNSQClass = column_ifexists(\"InfobloxDNSQClass\", \"\")\r\n| extend InfobloxDNSQType = column_ifexists(\"InfobloxDNSQType\", \"\")\r\n| extend InfobloxThreatConfidence = toint(column_ifexists(\"InfobloxThreatConfidence\", \"\"))\r\n| extend ThreatConfidence = toint(column_ifexists(\"InfobloxThreatConfidence\", \"\"))\r\n",
+        "query": "CommonSecurityLog\n| where DeviceVendor == \"Infoblox\" and DeviceProduct == \"Data Connector\"\n| extend AEcopy = AdditionalExtensions\n//Remove DHCP Option codes at end of DHCP logs to prevent invalid chars in fieldnames, causing errors. If you require these advanced fields, remove the following line.\n| extend AEcopy = trim_end(\"InfobloxDHCPOptions=;(.*?)\",AEcopy)\n| extend AEcopy = extract_all(@\"(?P<key>[^=;]+)=(?P<value>[^=;]+)\", dynamic([\"key\",\"value\"]), AEcopy)\n| mv-apply AEcopy on (\n    summarize AdditionalExtensionsParsedNested = make_bag(bag_pack(tostring(AEcopy[0]), AEcopy[1]))\n)\n| extend AdditionalExtensionsParsed = AdditionalExtensionsParsedNested\n| evaluate bag_unpack(AdditionalExtensionsParsed)\n| extend ThreatLevel_Score = toint(column_ifexists(\"InfobloxThreatLevel\", \"\"))\n| extend ThreatLevel = case(ThreatLevel_Score>=80, \"High\",\n                       ThreatLevel_Score>=30 and ThreatLevel_Score<80, \"Medium\",\n                       ThreatLevel_Score<30 and ThreatLevel_Score>=1, \"Low\",\n                       ThreatLevel_Score == 0,\"Info\",\n                       \"N/A\" )\n| extend ThreatClass = extract(\"(.*?)_\", 1, tostring(column_ifexists(\"InfobloxThreatProperty\", \"\")))\n| extend ThreatProperty = extract(\"([^_]*$)\", 1, tostring(column_ifexists(\"InfobloxThreatProperty\", \"\")))\n| extend InfobloxB1FeedName = column_ifexists(\"InfobloxB1FeedName\", \"\")\n| extend InfobloxRPZ = column_ifexists(\"InfobloxRPZ\", \"\")\n| extend InfobloxB1PolicyAction = column_ifexists(\"InfobloxB1PolicyAction\", \"\")\n| extend InfobloxB1PolicyName = column_ifexists(\"InfobloxB1PolicyName\", \"\")\n| extend InfobloxDomainCat = column_ifexists(\"InfobloxDomainCat\", \"\")\n| extend InfobloxB1ConnectionType = column_ifexists(\"InfobloxB1ConnectionType\", \"\")\n| extend InfobloxB1SrcOSVersion = column_ifexists(\"InfobloxB1SrcOSVersion\", \"\")\n| extend InfobloxB1Network = column_ifexists(\"InfobloxB1Network\", \"\")\n| extend DeviceName = column_ifexists(\"DeviceName\", \"\")\n| extend SourceMACAddress = column_ifexists(\"SourceMACAddress\", \"\")\n| extend InfobloxLeaseOp = column_ifexists(\"InfobloxLeaseOp\", \"\")\n| extend InfobloxLifetime = column_ifexists(\"InfobloxLifetime\", \"\")\n| extend InfobloxLeaseUUID = column_ifexists(\"InfobloxLeaseUUID\", \"\")\n| extend InfobloxDNSRCode = column_ifexists(\"InfobloxDNSRCode\", \"\")\n| extend InfobloxDNSQClass = column_ifexists(\"InfobloxDNSQClass\", \"\")\n| extend InfobloxDNSQType = column_ifexists(\"InfobloxDNSQType\", \"\")\n| extend InfobloxThreatConfidence = toint(column_ifexists(\"InfobloxThreatConfidence\", \"\"))\n| extend ThreatConfidence = toint(column_ifexists(\"InfobloxThreatConfidence\", \"\"))\n",
         "functionParameters": "",
-        "version": 1,
+        "version": 2,
         "tags": [
           {
             "name": "description",
-            "value": "Infoblox Cloud Data Connector Data Parser"
+            "value": ""
           }
         ]
       }
@@ -7233,7 +7233,7 @@
           ],
           "metadata": {
             "title": "Infoblox Incident Enrichment Domains",
-            "description": "Leverages the Infoblox TIDE API to enrich Microsoft Sentinel incidents with detailed TIDE data. This playbook can be configured to run automatically when an incident occurs (recommended) or run on demand.",
+            "description": "Leverages the Infoblox TIDE API to enrich Sentinel incidents with detailed TIDE data. This playbook can be configured to run automatically when an incident occurs (recommended) or run on demand.",
             "prerequisites": [
               "Infoblox TIDE API key."
             ],
diff --git a/Solutions/Infoblox Cloud Data Connector/Parsers/InfobloxCDC.txt b/Solutions/Infoblox Cloud Data Connector/Parsers/InfobloxCDC.txt
deleted file mode 100644
index c0e059b84f6..00000000000
--- a/Solutions/Infoblox Cloud Data Connector/Parsers/InfobloxCDC.txt	
+++ /dev/null
@@ -1,54 +0,0 @@
-// Title:           Infoblox Cloud Data Connector Parser
-// Author:          Infoblox
-// Version:         3.0.0
-// Last Updated:    6/27/2023
-// Comment:         
-//  
-// DESCRIPTION:
-// This parser takes raw Infoblox Cloud Data Connector (CDC) logs from a Syslog (CEF) stream and parses the logs into a normalized schema.
-//
-// USAGE:
-// 1. Open Log Analytics/Microsoft Sentinel Logs blade. Copy the query below and paste into the Logs query window. 
-// 2. Click the Save button above the query. A pane will appear on the right, select "as Function" from the drop down. Enter the Function Name as InfobloxCDC.
-// 3. Kusto Functions can typically take up to 15 minutes to activate. You can then use Function Alias for other queries.
-//
-// REFERENCES: 
-// Using functions in Azure monitor log queries: https://docs.microsoft.com/azure/azure-monitor/log-query/functions
-// 
-CommonSecurityLog
-| where DeviceVendor == "Infoblox" and DeviceProduct == "Data Connector"
-| extend AEcopy = AdditionalExtensions
-//Remove DHCP Option codes at end of DHCP logs to prevent invalid chars in fieldnames, causing errors. If you require these advanced fields, remove the following line.
-| extend AEcopy = trim_end("InfobloxDHCPOptions=;(.*?)",AEcopy)
-| extend AEcopy = extract_all(@"(?P<key>[^=;]+)=(?P<value>[^=;]+)", dynamic(["key","value"]), AEcopy)
-| mv-apply AEcopy on (
-    summarize AdditionalExtensionsParsedNested = make_bag(bag_pack(tostring(AEcopy[0]), AEcopy[1]))
-)
-| extend AdditionalExtensionsParsed = AdditionalExtensionsParsedNested
-| evaluate bag_unpack(AdditionalExtensionsParsed)
-| extend ThreatLevel_Score = toint(column_ifexists("InfobloxThreatLevel", ""))
-| extend ThreatLevel = case(ThreatLevel_Score>=80, "High",
-                       ThreatLevel_Score>=30 and ThreatLevel_Score<80, "Medium",
-                       ThreatLevel_Score<30 and ThreatLevel_Score>=1, "Low",
-                       ThreatLevel_Score == 0,"Info",
-                       "N/A" )
-| extend ThreatClass = extract("(.*?)_", 1, tostring(column_ifexists("InfobloxThreatProperty", "")))
-| extend ThreatProperty = extract("([^_]*$)", 1, tostring(column_ifexists("InfobloxThreatProperty", "")))
-| extend InfobloxB1FeedName = column_ifexists("InfobloxB1FeedName", "")
-| extend InfobloxRPZ = column_ifexists("InfobloxRPZ", "")
-| extend InfobloxB1PolicyAction = column_ifexists("InfobloxB1PolicyAction", "")
-| extend InfobloxB1PolicyName = column_ifexists("InfobloxB1PolicyName", "")
-| extend InfobloxDomainCat = column_ifexists("InfobloxDomainCat", "")
-| extend InfobloxB1ConnectionType = column_ifexists("InfobloxB1ConnectionType", "")
-| extend InfobloxB1SrcOSVersion = column_ifexists("InfobloxB1SrcOSVersion", "")
-| extend InfobloxB1Network = column_ifexists("InfobloxB1Network", "")
-| extend DeviceName = column_ifexists("DeviceName", "")
-| extend SourceMACAddress = column_ifexists("SourceMACAddress", "")
-| extend InfobloxLeaseOp = column_ifexists("InfobloxLeaseOp", "")
-| extend InfobloxLifetime = column_ifexists("InfobloxLifetime", "")
-| extend InfobloxLeaseUUID = column_ifexists("InfobloxLeaseUUID", "")
-| extend InfobloxDNSRCode = column_ifexists("InfobloxDNSRCode", "")
-| extend InfobloxDNSQClass = column_ifexists("InfobloxDNSQClass", "")
-| extend InfobloxDNSQType = column_ifexists("InfobloxDNSQType", "")
-| extend InfobloxThreatConfidence = toint(column_ifexists("InfobloxThreatConfidence", ""))
-| extend ThreatConfidence = toint(column_ifexists("InfobloxThreatConfidence", ""))
diff --git a/Solutions/Infoblox Cloud Data Connector/Parsers/InfobloxCDC.yaml b/Solutions/Infoblox Cloud Data Connector/Parsers/InfobloxCDC.yaml
index 147eceea09e..0ca20c60e5b 100644
--- a/Solutions/Infoblox Cloud Data Connector/Parsers/InfobloxCDC.yaml	
+++ b/Solutions/Infoblox Cloud Data Connector/Parsers/InfobloxCDC.yaml	
@@ -14,7 +14,7 @@ FunctionQuery: |
     | extend AEcopy = trim_end("InfobloxDHCPOptions=;(.*?)",AEcopy)
     | extend AEcopy = extract_all(@"(?P<key>[^=;]+)=(?P<value>[^=;]+)", dynamic(["key","value"]), AEcopy)
     | mv-apply AEcopy on (
-        summarize AdditionalExtensionsParsedNested = make_bag(pack(tostring(AEcopy[0]), AEcopy[1]))
+        summarize AdditionalExtensionsParsedNested = make_bag(bag_pack(tostring(AEcopy[0]), AEcopy[1]))
     )
     | extend AdditionalExtensionsParsed = AdditionalExtensionsParsedNested
     | evaluate bag_unpack(AdditionalExtensionsParsed)
@@ -41,4 +41,6 @@ FunctionQuery: |
     | extend InfobloxLeaseUUID = column_ifexists("InfobloxLeaseUUID", "")
     | extend InfobloxDNSRCode = column_ifexists("InfobloxDNSRCode", "")
     | extend InfobloxDNSQClass = column_ifexists("InfobloxDNSQClass", "")
-    | extend InfobloxDNSQType = column_ifexists("InfobloxDNSQType", "")
\ No newline at end of file
+    | extend InfobloxDNSQType = column_ifexists("InfobloxDNSQType", "")
+    | extend InfobloxThreatConfidence = toint(column_ifexists("InfobloxThreatConfidence", ""))
+    | extend ThreatConfidence = toint(column_ifexists("InfobloxThreatConfidence", ""))
\ No newline at end of file
diff --git a/Solutions/Infoblox Cloud Data Connector/ReleaseNotes.md b/Solutions/Infoblox Cloud Data Connector/ReleaseNotes.md
index dbeb0ffea02..8b886d69cf5 100644
--- a/Solutions/Infoblox Cloud Data Connector/ReleaseNotes.md	
+++ b/Solutions/Infoblox Cloud Data Connector/ReleaseNotes.md	
@@ -1,14 +1,14 @@
-| **Version** | **Date Modified** | **Change History**                          |
-|-------------|--------------------------------|---------------------------------------------|
-| 3.0.0       | Aug 2023                       | Bug fixes
-|             |                                | Documentation updates
-|             |                                | Update Infoblox logo 
-|             |                                | **Analytic Rules** Optimization updates. 5 new rules
-|             |                                | **Playbooks** 11 new playbooks
-| 2.0.1-2.0.10       | May 2022-June 2023      | Bug fixes
-|             |                                | Documentation updates
-| 1.0.0-1.1.0       | April 2021-Oct 2021      | Initial solution release |
-|             |                                | **Data Connector** New custom data connector for the Infoblox CDC
-|             |                                | **Analytic Rules** 3 new rules
-|             |                                | **Parser** 1 new parser
-|             |                                | **Workbook** 1 new workbook
+| **Version**   | **Date Modified**              | **Change History**                          |
+|---------------|--------------------------------|---------------------------------------------|
+| 3.0.0         | Aug 2023                       | Bug fixes                                   
+|               |                                | Documentation updates                       
+|               |                                | Update Infoblox logo                        
+|               |                                | **Analytic Rules** Optimization updates. 5 new rules
+|               |                                | **Playbooks** 11 new playbooks
+| 2.0.1-2.0.10  | May 2022-June 2023             | Bug fixes
+|               |                                | Documentation updates
+| 1.0.0-1.1.0   | April 2021-Oct 2021            | Initial solution release |
+|               |                                | **Data Connector** New custom data connector for the Infoblox CDC
+|               |                                | **Analytic Rules** 3 new rules
+|               |                                | **Parser** 1 new parser
+|               |                                | **Workbook** 1 new workbook