From ed5caf503a45a581c079b2f8ec5ec3dc38d8e3b7 Mon Sep 17 00:00:00 2001
From: Sentinel <v-sudkharat@microsoft.com>
Date: Fri, 27 Sep 2024 15:19:20 +0530
Subject: [PATCH] Repackaging - CofenseIntelligence

---
 .../CofenseIntelligence_API_FunctionApp.json  |   2 +-
 .../CofenseIntelligence/Package/3.0.0.zip     | Bin 13170 -> 13103 bytes
 .../Package/createUiDefinition.json           |   2 +-
 .../Package/mainTemplate.json                 |  10 +++---
 .../Package/testParameters.json               |  32 ++++++++++++++++++
 5 files changed, 39 insertions(+), 7 deletions(-)
 create mode 100644 Solutions/CofenseIntelligence/Package/testParameters.json

diff --git a/Solutions/CofenseIntelligence/Data Connectors/CofenseIntelligenceDataConnector/CofenseIntelligence_API_FunctionApp.json b/Solutions/CofenseIntelligence/Data Connectors/CofenseIntelligenceDataConnector/CofenseIntelligence_API_FunctionApp.json
index 5963f895e4a..ba25365a329 100644
--- a/Solutions/CofenseIntelligence/Data Connectors/CofenseIntelligenceDataConnector/CofenseIntelligence_API_FunctionApp.json	
+++ b/Solutions/CofenseIntelligence/Data Connectors/CofenseIntelligenceDataConnector/CofenseIntelligence_API_FunctionApp.json	
@@ -158,7 +158,7 @@
         },
         {
             "title": "",
-            "description": "**1. Deploy a Function App**\n\n> **NOTE:** You will need to [prepare VS code](https://docs.microsoft.com/azure/azure-functions/functions-create-first-function-python#prerequisites) for Azure function development.\n\n1. Download the [Azure Function App](https://aka.ms/sentinel-CofenseIntelligence-functionapp) file. Extract archive to your local development computer.\n2. Start VS Code. Choose File in the main menu and select Open Folder.\n3. Select the top level folder from extracted files.\n4. Choose the Azure icon in the Activity bar, then in the **Azure: Functions** area, choose the **Deploy to function app** button.\nIf you aren't already signed in, choose the Azure icon in the Activity bar, then in the **Azure: Functions** area, choose **Sign in to Azure**\nIf you're already signed in, go to the next step.\n5. Provide the following information at the prompts:\n\n\ta. **Select folder:** Choose a folder from your workspace or browse to one that contains your function app.\n\n\tb. **Select Subscription:** Choose the subscription to use.\n\n\tc. Select **Create new Function App in Azure** (Don't choose the Advanced option)\n\n\td. **Enter a globally unique name for the function app:** Type a name that is valid in a URL path. The name you type is validated to make sure that it's unique in Azure Functions. (e.g. CofenseXXXXX).\n\n\te. **Select a runtime:** Choose Python 3.8 or above.\n\n\tf. Select a location for new resources. For better performance and lower costs choose the same [region](https://azure.microsoft.com/regions/) where Microsoft Sentinel is located.\n\n6. Deployment will begin. A notification is displayed after your function app is created and the deployment package is applied.\n7. Go to Azure Portal for the Function App configuration."
+            "description": "**1. Deploy a Function App**\n\n> **NOTE:** You will need to [prepare VS code](https://docs.microsoft.com/azure/azure-functions/functions-create-first-function-python#prerequisites) for Azure function development.\n\n1. Download the [Azure Function App](https://aka.ms/sentinel-CofenseIntelligence-functionapp) file. Extract archive to your local development computer.\n2. Start VS Code. Choose File in the main menu and select Open Folder.\n3. Select the top level folder from extracted files.\n4. Choose the Azure icon in the Activity bar, then in the **Azure: Functions** area, choose the **Deploy to function app** button.\nIf you aren't already signed in, choose the Azure icon in the Activity bar, then in the **Azure: Functions** area, choose **Sign in to Azure**\nIf you're already signed in, go to the next step.\n5. Provide the following information at the prompts:\n\n\ta. **Select folder:** Choose a folder from your workspace or browse to one that contains your function app.\n\n\tb. **Select Subscription:** Choose the subscription to use.\n\n\tc. Select **Create new Function App in Azure** (Don't choose the Advanced option)\n\n\td. **Enter a globally unique name for the function app:** Type a name that is valid in a URL path. The name you type is validated to make sure that it's unique in Azure Functions. (e.g. CofenseXXXXX).\n\n\te. **Select a runtime:** Choose Python 3.11 or above.\n\n\tf. Select a location for new resources. For better performance and lower costs choose the same [region](https://azure.microsoft.com/regions/) where Microsoft Sentinel is located.\n\n6. Deployment will begin. A notification is displayed after your function app is created and the deployment package is applied.\n7. Go to Azure Portal for the Function App configuration."
         },
         {
             "title": "",
diff --git a/Solutions/CofenseIntelligence/Package/3.0.0.zip b/Solutions/CofenseIntelligence/Package/3.0.0.zip
index 157bdb03d41668dd078e95bd47b698533dc1fe3c..0b0bb9dd97a069f5314e111f7c72ef2b8a94f90e 100644
GIT binary patch
literal 13103
zcmZ|0Q*<R<(5@TXww-irbZo7#<8*ARW81d9V%xTD+xGtceRIy)<Lo&v=BPPp)NMUg
z^%g)D90CIb1Ox_z*@I70T}1Wm5E=x86%Pai`@df!M-u~Q6EzDl6H^OY3ug;ETSiMK
zJKH6VA6xu3)bAdl9sgO(S_-KSS3gns!nXeC1wL>ED~fJ-xG`TqN77(M$7X^Ky$qvJ
zZgK1~^%>XZ&U*3{L{|YMLZ2*>S;#=T-S7K_8sDMSQ!dW+h@jZ%HS-G{)0u%<99XoR
z`)Db#bFgm~F0wFZ<>|Fsc5ZmRNj7q#qSfG<s9lB6e=fAktjP-J?Eez!seNSvdNi|r
z*fQL;wR47LaO$5VBqX%ET>FAow&nqFf-pw;VL^Pu<7ZL$IWW+qQeFk52ok)y6Y^|+
zq!v39v73W9I!-1-l{uOY^o7fof;jN_xan>4_ctc>2FqehsV>e4JCOKi&2Mxq{k;W+
zFiO^+3K2VRd<f&JWhi|CiF-}k=J?(7R`FU6Rup9TtD#elgRZQu+NVEPEo;zTw!xd$
zx?f*gthyx&XSq%2CkwP4N&(t^Q5x_AS*Eu1t6KEMZme6i$r@JVX>wHuGIKCf+EtG0
zGd$$FKkp-gYud!4(-hjBn8CKJCO5-Nu8~zlJGpEks+nGY=qk88f_Ho4qov4EQ=mG(
zNy4cQ5y{<bTfp?Fy<!n-hrEGqw28~dHe9a)X!9Y>?AmQMUCyNZ2I<T(<e(M@82A>N
zNApo8U$c~7VUUNI1cpaQ$5+4D=f<Oa;zluv2g1y}D3hH%=iw>)d95Q@GjxmVqFNV*
z>zn4nQ<>BnV$S6pp!G@eGn=a3QpnQl+r2bgP!O6pD&JsjwyQwBMJIN($-|W~Eu#MR
z+dT6|v;9&r1J5;CIE!U3es;#1O3+5NQK@>AAakb4#o^I~AdpmpUb*v>bHa*@LMWQc
znKP$e(v@A9yxBSzWA38j5zEt)O@VO4@kzlAx&0z;ZEdC9tyTjgqDjQ#79cp$EQy9s
zUbV+ef#E4tI*QM%;DJLAW-}PIhrXy41_|V?6*8|MJXjUw{9|%G4@Fw4q|lia*68w_
zwci^UED7=~0e(jMJaBb|*l`#`{*i=+8m+sj!{JkSE$6Y@vLk!PrwAubN@g;E6LG9m
zY(C9)=3uC%`K6L0(S1uC3xCcwO>Q>eLP_jXIHyFzuV;Y4pk?;05zOC(8$a!YPnO3R
z)YDr=!vzBF2PeL+K7z(;XUeE;daIOirzc-(Lb9-Uvx9b=JGJWku9x|dy!<i*Gsajw
zhM9umbC*25C4~BNyD$O-n}hvGe`;DJ`F`EU^EV=tkI2z!24vQ(3p6h2vcN*}a>cjO
zf-Jh-h-(Klwe{%(F&gbGS<#kLHq>K(9i9VuLkLC8*@$3y<L5m_`y@9vbizj(T~uFH
z{)ypa>q+Q2B9hb=Ht*^_+_e$17RQ5&?tu;LsiK9Vi<KB7+>#{R2S&l#(NVHBqg#^$
zHmc8fXc&c1{&+%951a#>JFPmzAmp^#lncldBz0<#9z6>mDo+G6fZJW)B%pM(cdTaj
z%?0N>_qj3-qEqLK=1z?mgR#%i0($zLH7)bc<5z4<^8~Wl%YDJpjI7~!P7)Q@bX7}L
zMY>V^n>EE`0b}YPRECT9{+I#JVyDu5-rB={ZzRm{1?W7eZq9);Sj@8P*!YTWQySsU
z2h9fxC?kn}uH5O_3fH`JQLlXFG59hGRa60d@83^0Tx`OLTg%!(-bEv=x>?K=2W!$5
zcsbfaz97?6vH{=sLuZi-Z)Z2hrDoLj|4yCFVzc+J)1hBws82Eais#lSx%DNr?veo%
zzq1f`)#Fz!g9Q?1`Fww$ZcEA$8w(>uvN+6Vt47fBx@7~^Wg1!geGFtY%!D+u2^k4c
ze+DsQHi`fCH#o${9Te~nQ*VKBr$Zo9{5C4y4C?ws%Eo5^sWQKO<Y3QmM4}c<ud}pf
z{-Hv_k)=kffqwZ#KWu`P?WKjqq8~GzT9}BNCqdz}6qU^&*>E)K$;$un1_9(t*FA1#
zhXEjyucKO#l>bttTGtIGYK=5j41mtJRDD_7v*tA)Cd^OXuWL=7_IxO#h{<_ZuUQ}j
zd#^P!Be5seso5c@iq)3-L9N>DZV~$^xGC1kkFi#T)fYB#`9){TbBI;(bzkJWn}S{2
zb56iju;`Wt3W{~KoKLGHdQYds>`AdRi&<1%>!({8-#B91%%-mM8BT&WgGDQuf`Q!&
z-U51rD7tgVdVGk!RmR_Ej`N$PId6eTJIpmLZAM^{N2ka4PL`Mo7dOMa)HU`wSwUID
zYZOlC6qT?B^0E0#4+6>@`ptU?b3plRv*APLA%A}+7P8~5)ze4&OsUDX@KmvoPcIcs
zmm4Y=8iQOLi1ZCq;FcLA@3c?aTVK?5D_`I|d-ozx4iWfNW-b@_xETn$>XSN}#IfV}
zC$kEdtaR0Yh=(EVp5gC19{THq>tZq|8CwJuxyPFy78!>VspZYG#PJZD;gjmNo8YHZ
z=37u@krBE`x|2Bx`<17!mFbR&{)!3iWbJ|cEoK)%&8;;LX;jFKP7f?&rEYuQ=!t9h
zqxL7z<u#f1PF3sCs$Svq9TYu@4qC+f5k@>#CD1NxXaRD(*oSk|#-!0?Q!r<~P)R9M
zRcB-eZG(w8l#(-!s>{EFTDu<<UCe0Wp0UIB8vkLr%Ck{J)@bXMUYb)1TIryMa-A(s
zU#G4DGl%xiv6WjmhZ|0t+0qgbZ&dqN4zrdj@j;A~(+g=jsMV6%^azIF>jxL${{sdj
z9<7V=bRZzf*q|V&|AB#xfrYKAiH*JWe|Ye}k>JYv%#lDc;rNFm(=9Ay9ZGTq)Nhy8
zpAAJ=y7t%~lEh*J1TRS~oyM4)zCkq|5@o7n?RVdI#*YzaY_no*Y;CS50j|5cI_Qw7
zZc-Ek*}?7Yt^Lbw*z5j4&nGge`ZvJ~Q&)b&y<DXZ)fkP>^3{0K^ek+)Ki6Y_(ZQ!T
z>of0{d0F?+*40#1>D5&B^RfEMlZ3Fd?3+U89*sR(%|i<}T#u%O1Naw>-0c;%9l?i^
z)Rnah=b7M>_bFw}1%+52w2V*!n>1q~i-|X??mvUe@a8b;LM3*E?=B{lFdR)#E|#KW
zBRU5H$V3Rla4}SJ#)3M)6M<h6$t|?r>Wg~Wt)%q8C@x<fIE9ufgwjra#ykZDRSS7+
zMtEW!F%moEBBG$zQE=cPntsc?@k)n1mGFHex?Jn#*=l6rSnJIfcMMfw(^HJ?QMT?M
ze@b9=tKhR_L`gE25*bz9Nwb(;LfGts&J3nBg@ghDycxeW^%!O=3iW==A7K3Roe4Ya
zCTB!*&&#?Xk5LP8{;C}zsn1go@o@M_t7?T5qrlyUJbQP9q{5Ds6{{~gSE|pC@@t)a
zSDkM(71QusTtm+~dI^YA>bF;tpp--*`Vd{_9oNig`kD)zuvnl~h2*y15jmQ&qj;sb
zM65i+Itq7eQNUs7duh11<L=X0>5@7fhgHS<$NBqv$C>wxb6bho()@DSM9=xN7>tNJ
zS!V>4A(L~!#^B8ej;!5f_==A&!O)yISqw|$=PbPWKO?5}D9eud$byP0PBnoYloYw~
z#EH5S3h4Zcz--i#gGJb7`|8v0#4O8o`0NJu{wB8PY`xtzIM9e0<W@6|_S4NnUJjSa
zD#v{~u>s=+5y>Pq=EAf!<pN}7%m@PB0e{&Y<@VQ|W;?a@m?a!+tJGkd`UNJ=s|??W
zj9<kI@H_faQ@*>lYR<QR1W?`*fMH50(AVq0`1xsJoR7c>itF>sJ4;y&RqTxu&2&34
z?TUl=l~SeE`lcX(mZ?TvUArn*72cSxZ{thqmXMsK<;MA|Og+yg4%n|9>YOZME3Cbf
z;-rnn)WgwOO-;hJX*LeYkS0h4WO?MB82&P$s5<mC1-xProtjf~+@Wz~ZUV{cB0HEr
z2(nr9Oarjm_gctY;Vu<bOPSkrKO_{;v6Rqigvmo~Whoq*ee5L@>N2fBliys7=)}cL
zpTbR*r3hn3O(WCq#>jYQTwX8+{|fFFHItiFRi<s5$h0XT+u?2m9MQOxHMQt->r5P-
z7sO(;44X{5P0Ge;{ejbF!3~Z2YL(>&V`fTJwmk~zs%*Wc!c>103blC!v^TsbO<DwB
zbhcY8XcbP!W3WwKEKVNi{<P%YJQ8@v1h#!tu5b)pW8IsU2v55JvK#mb4;~8yOY3LE
z^{dZRuVaSinqrfMH`OlZ(Fa_Qvf}OBSvN8_kPnsX1@Jsqy4{RS)V58^gXt%EtXxf3
z?C4926Gs_@>mlnHZbi6!@Jk5x9%pK98)10A=ozLS@Mf?etT68xuW%)xgDAVNmQ&g$
z5c!?*5rM6Di4)FE-oK#LjXzb+%K3cCLK!wbsbNIZLL&CUSm$J1{3&q~g3|$gBbOtS
zK+=~g<D4@=Ty@pSj)H|uO6zlLT8>NgHTTlU^4)P{P3qy)=~X9LR*aG_b<YRbkZKC6
zH(<4ljv`~7-qII_4CK)MdMvfV?vF0xW+6NwBwDkMk+@Vq^lE6lHSV4ebzGQc3d!(Z
zXs08CChdf~KY~RvA=}eqZY9m4!cb$Z4+3rX(#1f3Tv5f%{9c|oDH!{r?+j(2bg~z>
zw$j6c_0bxxcpN{l1YX;>d7fAMjwRa2i&tC%P5AQ_W6W}Tw?zli_e+3#(U>r=vOH`R
zqbDq+kVZ_nim}adQ3%w}Y{r;k$Z1A>J6~*FV5$4Y5q(<0Zp8Eb)!?JweberS-;t=%
zGnPoeM$o<WjQi_5ky;zswRKFw8MT9ZL{X1<KdJZ39hCa3=jVOqhukMi$oVz!{AZc!
zj`H`tPwp#<RT0HOcxgAWCv4GQA&S8LSJw8mR2C!(9d6-EZ!w8^5q6Nx(X+L+*Gq<?
zyEl8+l7GU2{OFG_zJ8Lgr9(YZ^W#0Z$Jw+Iv&uG8b_L@RN2Rg#pM0N-GHX3gwJlpa
z9`#E;pSx!V&(ne5>K|vvB@5d=`!)hTr~eeQB(a@pe+G#?B#}&0r_QtC6ee<*Be%lY
zD{8`zVmaM%tmkuMj|Tb}$bOBYQvdpsPM5>KuEcTJV=b_~ocyOnHsAt6*!jT_je3rm
zFd`X(&^Y?z_Z#S)=s=9uO<M$a8zP0igbzv{Y*C*8!A=eh?%>V3S6LC;;6S6rY%Y|M
zne!TlYY5c5VH+uEdn69Hd})Z5tcOoY;;!SI-JnJJxoSI;3*2^<#euhz(?Wd4)4f~$
z>IF)bYe#g?ov(!nU@xXMt9P@dh9w5jPG0sT8)ddpW=_wSw9zzkj;|jz9x9O+e;<TS
zhK0ll-O>-6XJ({uH^8|G(Mo?y8?b>RPX-rNj6Q<d1=tL50{eOyF03Q=te{zX0RQ(l
z3E6P1N5tD4ru}C>#R{S&|G;=tH=aI=!aoozaSp@)+&G-ik-1lICDnG1$>(ySow6bN
z+fxOg^q08%-Glw}_2{P7iaI{a&C*foi$vSN;B(0>QTF@x)xz~2cjoFB)vvb=`J-LM
zBSXJ5$D|mq9Ynrboy1$<2?-RfuW_l(X<PRKp}dFx&ds}dfcmW>(eHJi^CnMZH;=2T
zUp2^2`|dU)?zLaD-mML9wLgvM`pDl`As!7KU2ShQsYGwW9om_h7rBY$8$8kK`*<k&
zj+I;04JGRY56f|L>EQ2ElODBkYFf!{KFmWpW{WHrIOXw4Zn-hQ^u>7w=MEVg7);e>
zLaGLE3h4u|A3!GjNM%%v-JS&E&^04|7AtLm^8yAF4!STA$(v0ul|?(xO8gC+8*2c&
zlIxZ=KQ0nWt#2q24)S#9^aqD>i=YQ-)o87Da~-2c%RXg_qmf>AIUTaj!aMvvWQ398
z6_gEhBIylQy8Da(WJfr=sIn{pLGz%GSVdOK>)WZC?B_1Do~++`3r+s(D{^0?6qi~C
zd!yl>*YBYW;!qU-J(@OMPicIp1UKkHffY*1dIc9v_w9eMJOLknlZorydATb`Ro;X-
zl%C##Z(@2vH++MGX`^TRNIg-@E0mr`dPbd(P8{-N0_hvD%@hdSy?qY@f82Q~b9(`H
zm2DIo`^XI~5=PI7==${&dBB23D2}6wgnFTj(k%1i&dDOYgdTSDh<ciQUhVv_X%Ajm
zmAlX+aU<ps$dqH{NS^|mX+Y_7ow{rU+le?kY+?)cvZXIJI;e#ezdLJv<dvD=<P=Mt
zOWSt6S+}jod>~!Kuh|TRQ?H1@95z!p$f{p%MywUL@EUGIdFa5%PN(~hshpCdypQmE
z;I>?dz@mB+SYsG>Z-fa0wpZGnMB;`w7QaDwoBet6&-(0|N@KT|Vsw@m)6R?gS^jC0
zK=+hKER)QDtPe|P(PYTY@uva%`&X5ot^wftT>2;%mxc<BXJ=k2e(e1<W^yMR?!@L~
zAnWQd=OAiCeOZffJEiM&V543!AIZ8|)gq7z{ex}hLKL(8yZ_{w0sXwsQDo~PXg-2O
zMaql1|J2k*phl-44lA-8;a=uxzHQioAZzn}JC=Lg;F4dOuxKPTQ1M=}D(r+!Re@C2
zIo7%;kWFSqulZR(fqY2(zdTD$>u&(z!twl`MzI+J=l@(d_e-9GT5iK;T%Gi--MKk+
z`gwk>JF>x>$>))xv!hR~-8f_G7x%P&kGywlW4UbRyUE6);?<+?l9sgV;l+w<Y^sMv
zdFpqqhjewvt20CYEr9<Ersqd``0xC`2?RI>;gz>n-Rk)#o+jM>g#<%cZvl;@cNq&T
zxyO~7?q<##%2(`v;p;(fxk=5k8<{va$d-*I!%#iTfSu0=<(F2klLC#7sr0V9)wV6d
z{o4!oOG>L}YFmb?G7ZHwRfa{I^%05p9VsVF$3|oElV5kNaz(q>C7!fdDKT>+c1JxF
zl&dNA;t*!0DPZ%eLgunJwh8`tzuTnprtsYVtB_^$(^RaCTNG}nh|=4Cx8<EKTNNGc
z+S5`yjY}Vp!@8l9F38Cq(tRJ^JKJlJOMBr6W$S8;FJ`f-IU*d|&Z|`3Cdx+t!dW;x
z;kf4px1$wwOURXul{nR-kW_ziH<o}Ejh-YZT<cYNpJiZZ$YB;ot4vnSctvjS!U`Vt
zXY?6sRUVodcf}IKP&E+8(q6w}aMU0)oOSOt^H@n3?HbZrxJk8l_jYreV9bd@^U+E~
zU>xLaE7O(9J~_DD{^ur(vG(PGM)7SvcKamwD_~FDr@}89p|t4!>#M4=h2}(M0Ib<-
ziU==n-VF}<aE;?n*zP4mx}eNow!HTw5tCDv9sl)ci1aqO7mKD;!h1)X5|`5*GQlK1
z1nfkTFe+#80!tAxX5i6y&`U(%G+MZq0oak$9~hw8<k>NwQW&+mR7?CNcR#GFnV08u
z(Pe<uiE9hnL&(kg*bI!_JiAPTUGhw^dbPjKg>(|PuvXz#ul~90xa`yk44g7QE*##G
z!#@G%{9u-zfF|p+r)rsIEuEd!_02*5x+mbmd_7m$s>TfMr9RWRKe5PqDJ?8oupl(i
zPUmD(7yUPX$zQWlSLDi3#0b1p?dL5Wd~TuXVo{uSQI$U1{PC0w>mi($1k9(GN<K@A
zi|0LFr>zk<Sy_*Rnp2!hadsl!aF;ni&aLkig*R?~Gbe<+9`D5aAVud<W-0J@dsfgj
zgl!hpK^TLsUAzv<jxWS7pu99sCHxVG8&q2hxpC=Sar^57lb2|yC72P<(ZKNtvNrMA
z{i-BV`iW;8c7%w&>v#vN<6nWZP4e^8JH)hDFTtyRWMdu<vE)$yAB22vMLsV^P4{k|
zhw^<*ddtp<+Aj-N>5~`CNmNlYl+-J`=q!iI?)#w+#A%0!o>OF5e3}ir1*UV`2OfSn
zHN+Elvz5}O?lEbg8qg$LwOmA>uMcr@fM?5A!1s<$EnVG4Li7FFy&au9mY(9;ra}xq
zxlHkVKD>*AC-0ta+V*)~k`qfBo1-x{;YX!XO#feglk!(`Ou{d0BkB55`H4yx#2z#m
zhuRsVPOITON<r*q1fD;(4-LuXGCACZ))p(OF@Y^ihuF+@lzMZ)`?}rgUPKiHH3SH^
zq`J?MOh*DoZpOXaiOJllyqkp;o_9P9+#V8VR-ka{tS5}_;F%Y|e&WwN0uDVuIgn0G
z@I~OCBdG3ry(YCvym@;g@m7%VVe9@V`2yv#53l=|rEW^RH17zHH%|@Yzt$g7cOEaP
z$S$v&C+bVNiEJmmsh*7|=Xx1|SToMssp<zfcN=fl1)oFRxbttH1d2-8rmfe2Dxb3$
zkKymsjP(MDqX_}VmZrR~bBOneM5^rPfxk8r8D(+pe2ohUWBgVP@_;2^_V8gX15*&*
zB7bn2@!jR0Egh+?H(YAH{L`%rQePW_t<L+<-^Gc|8<QROBqf7f9)n25UqjtO1CoKO
zYzd5{jef&x{szUHcpCLvAOc|@Wz4><wcP^0{S?{G?pz$43fnul5`Ke_u38dgHFpmY
zxp@jNULYCpbk>1Ev6Ap0fQqeR9W>Npkc+>0^1w{Ur64F6B56=V7i$C$ihNIy;O(&T
z#|-Z<_zfDP->0$23kBc>I^lX{L(vFq1Wl?zO{)bFwqtklfiFn`Ob<~ihj6|TerE)u
zk1v^$ZkUR!jgi5AeL(ASsFQVY#1-#Ekl=|O;w8+KIOX{D`%C&k?!Z+XZ!sa}!7Liw
zjx`T|Ah?F8-kSemROPjEf7pM_o=hQQSUyp^cVMP4XPrt<@Uk4gGVJ!IU!`2L$zzFA
zE6*fH_8s`(aZZ?^qSS=;ic}L-<djGnch8gcy<9Z}aQc(ZMP;i&R;vXAlfhyzCsM#-
zQ&#fxo9_ME)PUAhQfz8E=e741hVgk0Fcasss=|nj78V_pmtz6Q*b`X7P1dKc$nv8V
zB;^?WnqYi0LJ=b2wleTuUg^GY@*KMhZDasXgaTwcfxh!PGVC@~&dVG%rUOLYucE5;
zOU|oyE82+h?+Y9pj_w!Jo&bJ1Ssb(-+JfUV!Qv+DQa$;}lFqZJ)f;+m&3=D6#z~<}
zLaDdQ!6dmYgk4Kfu!T=d)fCDedemAApM<Xpwe4fDM=o;H?<R@xGk(m`IB}9CH<MyS
z9equucMT<5;CI7B*&eT{ehVD>clEGj>X%jYRXTBzeKCf7OH?n|vVAwz50Z&lZ8|0s
zsn?!H+Y`x>Z13g}=<)cjtNz0`GGwB*f998at>cZw6A!uTCx*@j^b`Ft-)Y2Uf_1!5
zcjw9Oi|_9=GXoolAG4<t;bLNqf}V*T;n9aUb*E-<0m?KR5e-8dG<1anqAB#d0gA&H
zul=V8R|(69UY|H1Sw%6X9^U~yw!hq&hX<5!gN=$sK9!c<i&REMb3p6ht`&)#C+d#w
zj1><0pFF8vak18-#i?$#1ez3_N;5D%fHonaId`~RnqLq94vOIZr)s<#6lQtSN|6MO
z(AbFYJDNbvWv!nY=|1L=hIpv?>UG+VBAIpc#D)u}`?z+BSTdTJbJVFNc{A$KGIOw1
zFAf^B?UDbUzb;_Kx<#Ey_o&Ng9B9M>sYN-{o``CrtyVwA97x3Kf!j`QJwoLGU3Bdn
zgp@HsWjxEvNw^21+D8KE-+GG@nes<iZHFh7Bkr>vdpWFLh4s-n5M4)sMu)KM&zEu)
zYap@fEj?1+x1UMHiI%RV)I4M=J&98?1-Y<rT>+0Y$Dkf-;$ctJnGd*h(a#`qo~6_u
zdEITp-3Mk#rdY+n?LFZrDyGwV%R#yRXK`onoJVS7UCo~36YUfj)%Yoew%kZMm@UTp
zVThZ|tbzS3rwxLs4!IEj3?2(bOUlOTwO*%T1L`f?!j$qkM!c)xaodb&E|dNCgxO13
zl{4G!Ec*otcc1r3yDR8eB0RFai&4|{9Ls{tS6a0niJ%(^nz;}YgiZX@X}GTG(Q)TZ
zjrERnaMapf=AyRJ?vge79DHZ4Oue-VO=oB#%QUQg8o@5S19m;M2D5f8nI*P5tp!%l
z&wJ9#Ar2pX)EFr8TizOw5yz8QFyn_PiEC#$mEXsaQ)mL^VYR&Wk6nCWc5jA~UdZ)T
zh3R$w+~sTR4e1?_EjuB!>r|IgEPx7#4L)`x_Oo10kp!v5<fccGcGvP`^l2HSrGFE%
z9fz?fnoz-=5;)C9%uvJ{&e&s7&P}$x9CX$ti+qU6aW}<mOpvYCPNrWcKdNa61hi+c
zX?55OE-zlFL^G(T)Z{6NBl>SGK7I${(E85xghc!1H$xwz(RRTJhAjnXJrrj6Mj_~L
zVV$H47agxCVHS#(Uh9d23v@<9$>fqXuKGE?W#qt{p;QU1I#-0$vU>>T>M)uA#hZA=
z9vi|n4ReZaituPJpt}}{0sXv?&T?1eN*#zrRztW*--WgrzfX?6f!h}q6)dUMI3mi!
zJYP8Na1qs@Wo9KQp5TfBszs`#e0sM{I0P)jstTC4Of0{KB*oUU&cm92_1Aj+ORs#<
z=rUI^N~%IC8*Z$y%+ap;Meu?eW0j+;;=F1criy#b;CSahwVpMYD}k%aBxJ5^QZ=nf
z_x73pR8CP$e<QpHn9U9v#=`V)5245WQ^xVY?Gk<(wqT?<Y{)8W1PsO=WR==`ERZ%-
z6Xqyok%%BZ#G39@Bl)pKE}RVwKR-9u!~TFZn3q66b;x<mER$T>TDL%1bK6LRuxYIO
zoocLTa!ie486a)?<EaPB@B^q$8FShDYaHF6%+$WVlNf(-AYJpksJx_HsG()6K$;O6
zH_0u+kC@LhrGQpf$8~%5j}o+>=gdG(Yqsu^rqyDv00i>hc1aBYJ-`fOlI%4_K1kQe
zHHXbFK@Jqw2I*tk!XTdM*s$hetdIZD@6zK6VT`;w<A(o<0X_+OByXtgqBQydBue43
z%$wZ#7apfMX8-x<pQ3F&iL+=*N}RzG`uu`s6m?Tzw6iw9c`>sN0>I<rPd-IQi;iMG
z#zh7ppbsI)LBx-1<nDh~%Q2HKox4q12G(9grffy@o>^OG<Arz!%TwP9Oz2Ll)Uy;8
z10{;+oDUJIDf*`XvzyZn`_b3rVNYI02U8n~sWY653S#ZBEaCZh<EC|!`2$~Sq~6nf
z86<#%z|^7IYX(o_GK*{7BEyN<rifFd;n(qwJEIy%I#jiYri2K!I}PJPui_^8t&Dx4
zzap1}36kPKAGBFb<Gt4RDb9;|VwV6>-FpqTsjc6xcYv8l*&1I;Gb<lsiLi@#&Ka0%
z8D6_1+^|YkRh|w@`cf-eu@dcKH!RHkz|pEPe1cPsu{++NSVgi~wqSdNVceJ4JdC`g
z!*F$PDT3|g3@;dl@aoPuA1E$L#a%$S{wWp9YmR&^krYNJU%)I`esYKpf080ey{T%Z
zc{j95ObA3xdEeIp@jtfo*BJ*%He7t%+&QTm;|;;Yoz-rt{dI}(0yYw;hZ-Tl4{H10
z^?{0}&IW}|bq-$l_W)}pZv5r<FkO;1F_50Tps0x)1#sycu-?^`X_Vv@#)V-hJNo+Z
z{Hc0>pi;S}GV*5DW9y=%ORN5}LcAU{e$rVQjUzWUa0tYzVWmaCzJg@>{v>B?YTW34
zt*m)8$Dw}9xfhf0%%JcoX1j}8$L<(OI>{>pQ@x|}D>^!6lkhYB33?Kp*m!-_T$9oX
zAski0J&<V4qMpb)sK@vb3A&r6h7*v5MUZA8h9Y=t@zhH02E=5z9}Xcfv5UH_yt6nE
zyYm0gAneOEs9Ca21O8h??U8vjv|3~YfQ?A(s~g<1+uRpPboVc<@=wARV~J?~NV0>n
zQQ%G@9{ANffxpph_jTXJD0I%ko)Ix?fC&$%3!DgpnK9?GEpHjXhmmug=WAd1dyt=;
zZ(AG#WrkstbfWXZi%F9`PiN9AECU{pAk#M&+P8FyxikRlrqZBI-qD25N~t>rM>MqT
zp#;^O|I%cRzn0p%{~p!Lj}Jk<JmDBzi-5C@oXpaVph_SJ%S2IfMwqKMOf<#cXKDvS
zz1``;mXS62EZ<~WJ({Tlm?)%2<Pzq^p~aV=Qz;o#;8MnEGLJWw*?om2R~RuWdwb}p
z;?$KWieQUOSu0uJWnwZps>=h$FaVa)P0^@(skuoJfKIhSza2w@siT(QsW!@=fRQAf
zW>PPXTRTr^`gG>DsE2iUin***IM{~j*t+KPP{Vj5*{OtNNMaig8>KTz#tdV&;;=;V
zJI^p4wq?4gAZx$YID1B^s{&pvD`5rqqA}`=xWFq+ON%`BZnU8XM6b2xg%mmK2_Hrg
z+~lSPbI2z@3{}ps2QvJ@bWwQ@B?LN0G57y4%jTARGbs#Odno?(%h&|TCO8hBT{=5Y
z_U38Nx1NT|98gJk*+un|h5X-42R3tGXv(_`mO)aeJi`f47L^Z%P2!@JN1SF>PmdA9
z{96VXrfiDVS4Srt$+IOE22!7Kdiwi3Im>~fOWL@+YllX8K4I%1H1vu5Oye!+zg`za
z53SwMIY<#)B&bIK2%hS5Ac`C(XCoRW-E+U<<Q&8a*JaUhiUadf=Zy33>o6`HT~R?q
zgb!9<rL5U1l$N6FvI)<TF}Y9cg*QAo!eb5X=-SVO82Qa<zSb9wvx3qy1z!0nnNGi7
zagi#FKKojT+hZA}1!?nzrZ>_QyVLuC8b_BjFdjA;QMBd!^b{&g2^S-yr@<S5&dVRT
zGgp*mjbN{0!d`3TX4VTuR0wU}gF3AiPU2mGI3y|he255SL^~EPXbrCl4gu(_oR-7R
z4>j8s^Ya%4q{#8&w2^<5<xGDU(n;xd7A&7klIelf#3PMSBx!8rYZ;RZ2_(V?g_-u5
zWH}Dx#1GL;$eKgX(JKRjCZRl5f#~qoZgUM^q^5kK!Yat^e0hoI7PDKe3P&RcA5o}b
z@fQ45Ri=25$4fyYbI`a_v*ZRN^KG+!S2a3omZL<gh4uk5YJNFWcBeWY;Iz{MW|bvB
zkrOaR<SuYjJFvlnuSvd)_r2A;ZTDG$jkvjzuGKK^Simrmzw;K9tdFeW)KIO$d(?w0
zXG_aDrHhd>yrGpV1>k^K=5=7M-A<>Rona9+e?q2I(Mr1*g|K0n3aeUoiSho1Wp(0v
z<oj>@J8KPjOHVO+WIf_;0p2xFCy~Tg&l{1Pz*4%lHM%<>_qa8UxioUXIDA7>#Q?fR
z|K2LKGkpwL^_&YhGcjNP?<#3{IgQXKdmUm2RhMVVTV6t<ZhRDppY_9p+DnstpgBa{
zV!KhI>uSSymeN;>)3dUUuDWrz-|kn$s+o5nU4y}vzjhn0N{^ro(2%BOa+z<qw0ZuV
zuzE7Q8hh?E1uAqd$C9qH;@au%4=jb)(e|p<*emtXb-&{6kuxqs@H+H8^Mx@079W2O
zK**$!ydrK|fR_y#?29!oj;BW_CD2vVn7Qs08gtIFo7EX!Sba-T>dUK!tEehrm3lgU
zhG67E%^AMhk?K;3&AQa5-PBf82?Y(l06_2P>+BKEM>2Q5n1xJFjZnK79;SB@RpC`f
zcGlqQGCK@KLyJnn){WzloknY55<#^~PEo3TqxcWNr?#&?-cFO5yMAIi^(yTSkHnP&
zkX+Ixznv~Kk0PvMNm47nz>*oJq9dAc>siZLVbb0bpsKGH8GbHvCT=Xu;B#52|H?H<
zvN8uhgxzpB9nO^4S<UwwYNo!~@@n2?uW2bI`9I$8?DBUN!~yPPk4Y|Ir(T_)Yz|@{
zEyLrLzFeK#4Qg1Qm;~Iwh>saI$AZ8Q!9JO8DOos*A4%{1U~-V|NCQqf=%muH7T#29
z3a3*tDmonbRBh``LRD<RqlebF=Pq0f7zdeD1=kcX-TSY$Z8E>7tlf`4fo=RG1k^~>
zFmpTO(Nmu(&+9%wlp1fz&wg%$+c)ZJ;(T!i7Slb(D^|a3)nGN2F0OPNH-{JojF$Pn
zH8#Nb0>+sp!uol_b~ANsPPT|Q+I!0DQCi@<6M-A6;MozrQGW)))!Z*@<yS<!{XF(u
z#6)T^ia=+He6U7@`n=2dJ|F{6rjS6^RMcsT`9(NWv&c=4q*xFqQf;Zs9d2#V0g7|5
zU@h(bmW;<%9yub)P;9sb1*2)PSgo}OU%DUFzhV=n6nlge>>$RKL@10hA++dPEb`zW
zi~e{_#{mIp68EFBtY-?>dU&>D*uDHrZ)+E~KrF}ewLeedHfVyfCJ6{+P*s%g7SYW|
zTt?t2xX>W%1UmL*34b@#&-~!4knD%S?ufbtvdV9KXoKPvUuKex3eGf(Rj|ah<~f)l
zJvE=4HLif7cRWkRnLd&qI5?j{{nka>*+@(!?z@M8xkY88ePfAO6Iuahu=JZ~R4qfE
zND)iiUumU`+$~d%IZ$TOGnTW>K=lR!-CD$I{<D0#(+w7fHfkxpfVGE&^H=C|osAJr
z_XJ$gmyA!eKUF>}CQaPvt#$dx5C{QfBfNip7xo(1pi|fJ4Vm@RV4aNePlCTzTfe>D
zqHWxx?&CNHW;?~VIzT9%7_VS;5tJA}Rfj$AVZa`r#>AJzXgu(OI~jcX&Jpu!2zT8v
zF!C8j!5}?D{=y=zClWO_vWkR4gC?xu@MW4ulv*Y*eTi?io>e!W!2%Pq1F>&S8<NXq
z47?>xo-taBiY>n>#b}T2e?R!cicHv?(2^sg(CqIbM~LKvwzXPTi-46GOhgA;_a-xk
z(-t@ZZEWZ%sC*-4DxS=`mWk!1z+R=hXMd-_9juTZG~(ea6@%7h0ch7UWt~r78_@YH
z7gnGLq~!q-_soD=zp|qO=#pd;9?12|wZuVfw8&?#%{o?!xE{Xo2+-qvW5=}c3{~o6
zuM55q5MU_FcB}RzV-%zn!6#qVuPiG6l}XK+>F`)(JL!UV*NYAi*8uj;_9u|L>oUcr
z$mS;$1C-EGWQ*!4=e3suF=QAL6_CuI`CnmYDFL?JhUD0ifYn!sbbWTX{nP*~U0B5y
zn#NOvWn&IwXRL*b>)ttBvA;fmptLv<{~C*m2;x7P_XLZ7?2Wo8)vZ?JAt6OMoC?#I
z0wmOzRgty%F@HD0h1TItX9101|5|I*K``fl_WsK-ZSvLKpWqxywJD*yCuvB|Ad6-1
zfSK$$OKVJ5m;#sM(}rxY91<5<#ParQ%d_Ya%B-0kKWH&<#jZ6yT+~Pg8J>pk){JKV
z7;$31uI4D=#d33?p(6;VWg=nsef#^2jm!!-K4KzR?6IERBpqc}y9*F*NQF23SC{u)
z9N?}`^UAG8=)-upi;EJ7?T^9VlK>Qks#gE267Po{eYgSA=N7)%A$F}x_QDwNnL66#
zi*UG28`d>+dP;`kAt=ClQ!06wP2{G>et*pn*3m$6WqR<N$1WdlwDH|LBHd56$Gms`
zEN~kq?J*LZq6+^xq_=R%lWF0O;liHb=gm)iXR2e&MN-0dO(_2+L-rEm^o9()2cqnT
z31Q!}ebL*J=EgJNwi-Rl17gkcaMfdQb(2l838pSO&Op}9^ad98S%tKBI{0%Pg}@05
zFnI=3qY|%MO4^R~vaS`0H%A**C0n%2N7BeB@>)Vtr?62xrQZe=)%t~Aw-%??<0!Ud
z+Hj3DTK<C&R^GtkKxDiqNI`a<RnG-}e|93uKXp-rw_?UyaHh)T6#lnejM*mSFYg1K
zX}Ib;Y@Cc4Q8Fdj8Ctw^xYU1nx(k`IUW`bWES51|GIg}@C4`^1hD?hriV;;J6{hed
zhMD)qS%)l~F<vZHsz9GE;k2{CBOK?Ql00OZ4=8IqI}?Gh4uaa~RnY(|VnS{_4i%Q0
z%%sFA`C9oev5NNCSo2Q&!Guov#JO2c^thA$&$ZX0O?Yja*s2bhH6tn~c3>q>>GxYZ
zD*FvQj}ua;ZFpRp*r*PfF(WE#Dona;(4?<K&?JxCF&eB>c#wN;EEq#PvmiX0>DI3z
zG>EEjFw`+&W)6SPHt?i~kn;pO<{V^*i|@L8hNMF1>?s0HZ9={HkiP}-guFeAYAQ&b
z>X3FxhE<2x35$Or*MMKt1bC&FJJC75p_oP(NI5;>Xg6zax=)$hgJUj>1ClIH{=Lp~
zYl$_gcYKt2iUKOd{>gx;(>Kkq@t>QYZ@c{Mj7GMw8v_62lcDQ$VSK#5-aKb_3dr=x
zZ*JP!hqkQGo!7JZ4QRSk=dIfPCD-vIMJm3vp@%tD{C{Wz61y*WXV@OIYtfmVZE3r8
zDHvYz{H{g3FeSM1iAT_xB+x%I<9d|go!<g_H`6%=1=5`4U1g&pCJC|J*IA6w-rLSC
z`5Jt<5Y(KcB-TErrM75`#+A^w*k~A^<WYLq*@gDtM5s#XWEhjyF_U*hD0fPJp91vo
z6PGU4t)Bg-?zN$5v73s1<kG=>bbkH%ub;^@KobU)_U*jCDt{8df$*r6Yw8}LOXo48
zy}$0CrR`le;K4QxRQvsdBUu}S7K!i0Vp6V#tOBw~Fa0=BlX6?HsT!bK(>Dlaw+m4V
zR!NOx$Z-3LCO<oDJ+e9QsobLLZaG(_;Uj7wRT5NfFc)s$K7Z8S&CVusTHZ2>UHmLb
zc2Np9euiOD<u04yGS3X>EoF(l8GowJ&4C7iMuF-Iw<z;+(lkl!!^^|7XlGX8)d-rR
zB-W+CmJ>}8QT((n^O6bk9G+%`#|hdXhyE3!`_%s|w#|NCz-3yxwUVNZnB-wpf3?9>
zk%qsVH-t9V4y*q+IOX}$>Y&afvsp{Tj10R0Tl`P@jD?!odX{E|8n3x`a!-lcq9B9E
z56TpfT^$S>cO1xt#c<_LsArXJr-WDt3?DVK2FY7*rD3fl-a|$WCwlqS9F?6J!+s8s
z!3%0y@1|e)ro$5(uFUnz^Ir+Cfi|PpaOoJMJoo*ye<bSB^Pq@6emOymXKGlDt)c^&
zH5E^RN%2L1n5az5!fO`sEh070m`(2D`e-};fU77OqZIA3oPDn_PA$?3vs2BdoxN2%
zt!)2?TjCH;{`9EWm(@cZ_t8e0F|pi@2|iPkOgL_W>2XwiF&TPwC7JH7_*Z5qi;t3L
zYMzq`9g3Juz7hL~9>bGh*I6zcr5#m(R^1W9R6MZ6kgsa+@OVutfzX2}Mt{x4i;oTI
zdN#5E0m0+b^@hgNYx=k*9CMRT%moT%ZF$!8w#{K|0W(dfb8Wa%jP?8H2OtXyh5_<_
xUrYH<fcpPB|Cc3||1-${DPjG8BH+UO{|H(EvXD^!;{x{I4f^j*X8j-Qe*yeUWV`?X

literal 13170
zcmZ|0Q;;qU%%$75ZN6>Wwr$(yZrirIciXmY+ctLFn(sfSYHBWKl8aPQ$+~_nRupAG
z!O(z!fS`bgGGR5Koy8pQA%TFnae#m@|C^dPn;E&9sac7dnOoUgxmr2c(_6bZ*so|F
z*l)KZ{}}A=2F|13)i%&<07ntToWgL(-@<X$Bwp(&dd7lk9M)>86vq{JZxlm((E2v>
zPs}J5iq<r{``E#-LdBqS<zORN^uCWP7<`8%oVStBXbBaupq#9xozhBOCbkzO*=r6I
z$6ky{H*u<ou~;M}zp?r;F|c)=*=Bby#%R9`oq+4OOwegC`>8-r`O_Zu;ga>mna`@r
zn~`UT>o|B;rYhOs=JV_XhKaxBS%F3=wp&zZ(pQv%HxYrM<U2w^sF1DsEW!69aooO3
zRI*^{su-<T=V~bpsi49P8IH<U{;|TH^4}i`!^-W|ZCzM!#dT<(sZuk`fQZH*4QX)V
zsra4U8z4%T1t8HnGIuEBnk8vi&lDTM&JZ^?bnMZRHlAe82>ssrYxo7s<=o5JZ{0ei
zJ5$BS{}$5n@bHtb1t|?hnA?;_stupURHq_YPo0ESuWMV0x3i|f1d?((q?9`fSeRB!
zC@1;<J{la?z?wN^ZFifsxU-tuQ}_)%n<L)NTaSLR@3Bp8*60g+_NT%pQ_0|f%KPh@
zF3slWV{n1a!FC4AC1mqdv?e*4RL&!NK}uPnEMdLG;Zo?qDo9N<mn4L=|A|5580KLk
zJz?}2VYI$iz;eBdV9m}5?>Yxjw|1K&HqymX(OyKy-2SJ?WN9>-Bo=2SM{hQ&Vx7uv
zTBCMwjJr}?)`_+p!~$Mvxd!nVNJ1~ABQl&19teWF_7%c@wi?mfV79MA0sTB_3b6pz
zHer*Q8YN?6tXy`3$VukziM5jiF5^-WvgrtgzpMxmsRxNSTM1uV;=w2<H7d<Yw1hvf
zpx?VCxHNsUQyzreBF+^d*o8sIBx!QjB*g@^_Zt|^vBq`^&bB|_Xt}Ut<gAt^y(L-?
zk1hq8?1G1m&|8rqVkdke3tij}eq{)%1OYPuBwIw5WromJVd;#?0p$#H8Oe@X!MvJd
zgl8#hj|Y>$0dq%i+-pEvI|1H;wx|G=cDVljY<9+}nwRDs*EO^3e<oH#8K{^E02O;&
zrpa1LQdqdIWcxgmF0FkbjE7UTR4-Wt*f8Y#)D$!r2IP#Qu|kafXeRRZ;FF)FN)eT^
z1IGiGElPtD0M#4T#|mT)bF;V*WCX^KPB+U>k*6qkLSYU6EMar;`_(<|NLO@uftfkf
z&Z8?6g)O93UQ6O5GA@HpfnKD11;e#8EB?G4VuZ4!$`@(POUt#ucw5bz8KIz+OP5`D
zjw-H=I0!?dIEVCo(6TycD<?IliByGSC_7!m8^IE@lF4D`Nt*Ee?U%XUlCB?XepYQ)
z@f5}4=2yr)#;NZY{kw1XdXE$)Tb>dZ2AhE}Qn;Qks64{bj|iaIdxRq%qsdI9BgKU{
zvFmCDJprc_9hn7rCAOpV+U0v<N8fQ7(g^wk;@0oxU$AGTmJ0eyb$D=vi03FqBGA+c
zgZ`dBgIL#IWNBv|qALdiJnTC}P&d2RrUTv6*p>8rVV=Eu-$6esgTQ9qg7U2<9SJ_B
zCyH>trc1N{sM5n^y8Z}2hkFeHiW>0U8V+bDLK;Hq(_CGG4`~qBUiNEpYSvHyOUBJs
z@Dj?AHQ7FJb!YC0{rLNXT^@%olcY<$5ZmkBb8bOCZ<fsyZAiFif`UPTb+~a&Sspe=
zS0Df~JA+&J^Dr_Io%}w*@tC|s>gajxs*^q{@AR1o`6i7%Pjd)cGYPxz%V#B|AzSd~
z$qv*btyL?kz9+QX@fZl<*Z-uCVQR=EqThKUj1+iQTMVU4G7j}Pox-TD0+2rn9cm=3
z2q5)<)SP!#rZ_I9kDpNL1BxrX=Zl(?B;_Du=p*w~0!B4AUO~59p25rcauxqtxBQV4
zG909%$suU>z-G5<JU?G*jC*J1))ALr2{N`{iNT{Q+F*9hi<#rc3%uOw;T_pN%`y{-
zfg)WMQl?x6Y}QC1wkM`21VI*BZ@z5Y+iu#7^8HOMz}9iR>i(mev|?*JfAIqByWOO+
z??`xEu!mP24=(u&tv#?~7)gCq%VkMcj$ro|@~U`IC;lu3xkFN85ce9t{cQZep*Bz=
z*@?hPBDgrIX(_#)kRwf*fe+YQrz@_h&&a7GwnE%-v?%ri5)6w_&6a}EQZ@j2-G-pN
zmHa3@#1_lHQ$B$bmv~5Q7*P^XL_DzQ)A8FinjLuV!Zi3`To_*$&DaFpT;q&1aw4t*
zHWGBr!6;}`y0Zs^n~!1knL|$&f8W0MuKQzfFXCT7c>S;FL{XtF6<F<xBkF+Fb*xIf
z5OGZK062<R#|P4Xg&dFk5Lh28)zRg$u1k>_pvUKWB{JC_J_nw>+Vsm8lK~v#X+drt
zRR_(5O18?sAs9^Z(+MV!1xbI!Zu1<+sv(>fE8x!yjmTI{r+fY#<8cg&;fLv|5of@8
zH%IgSE3dQ#LlmoWP<Q7N;-qmnM{{El`uOxn`X1L&^=l}En~?ZVwGYe{(KL7@{1Wju
zR?L6@*Akz5;jAn~=S5O`*?K6;7PZfJ2uxZHSlGAtd1}t<3%kLulc?L9Yx|UU2HFj=
z{LNl<jT~d`;B5Hr#H4TdZg1#kez)K5jcXI-l8_EHWK><<*L`P)<8+{gr&G(t?)q3G
z$(9H|`8U9FF5qhreXGt<b|ZVwJ?#~%!(_z|kxv}|+5J?2oG<a;zhGw4)i1T#5wxHF
zUjrb;|4j)}|53t(-sDg)H4xAu1~3rvf0STnWM!{vX6I=8A1nNSd~nUT;k-4PcB{hn
zJ8z^+x*+1XU_AB0_&S-CTTZftBNb;Ot;|F;4?qqCiWOr$I>$V<+C9TOLp{yeod?3%
z1~5oPzNV47ziNFvZF~Ujd_C3u3QOLEuVXJX=y{7<7XdPd=d|f|7xA_N`HD?&0CJ!4
ztc7wEc+tJ>Ei3<cTQ+&ryOx|Uh7m0||K-F{^ybc=-a29V7}zj^$YTNKUuj~E8Q>D+
z%Qi-TBY&9WY}e!yf)&<*<lM7j2BE?ULO^kbQ#1kc6v>RzKNoixreUOpfKf?)@rb5*
z1ymwYlmR&G5M*S}xB&FM*DzK`OZY$sE<{wG#y~_vrK3Sae4Yc^XmU$gbJQr)L%>7O
z-(#S%1Mo3cEOOHG8`Bwj{Pl|bFY8aL;I0TuywXGw|ENLNMlA<vY7Oq%BuTK^^~mnX
z{fZZISxFp~HlYtIVGwD(%On5*l_xF|Keh(Y0YNnk{eGi~)G#Y<blHUwpv_SJ+=SmD
z4`tZL2K`4N5_1^3MQ>O-37M=<Zs?plZylipklmMfG43Kh933e`dJ7?mQ0O=vMtF+~
zu9)nz_aI<@qMfQlPq9}>q=B&pPDz5az0Fx7Qc6gCkR@YW!R%~jY#cbKv<$OMn3Hdc
zk>z{2Z-5&sYs1cA`YYb!*W&rFgK92QtEH8W?c_Cy06IX)9BS+!;Tp14K!%qhtfd&4
ztd5TY=EyN2fu){=p@5&>K{nZy*@OC<vHPE9gjWw4E7r+7Wudz>T021m3z&<prQwv+
zVQh}TWyNt1E7uI^_Ijelt8XO_n4?eLoH_d#=JRqnY^aG#Fq{2yU89lm#jfLhW{46&
zHP^z;bm$-y*Z%lOZw$kW!PHWMc7x^-vpYg{Q||M5x6C`VJvZCGC7Ex??MK3n+$iYY
zbXcVjG@?l@f{tulX_;&Zp=)>vsqLhpqgaTAcKRg?bu9o%(aJ^$cRLLJj?8&$&9r;b
z?z*L!PmU5rY`1CY+lD1=P;05LO;IAmZg`6G=lU|%EjHKMAC4Hx+DvE(zlWG?6|&8w
z;xX$m2MShW`<a&&K&pyRg@)|%aKkvLeBrzt{zyBLrm?|N4#0KB=DJnM6*o54%0Kv9
zs2yys9Sl59+7W`<EtXUh;3_{tq*n15>L$e(K;SuKtv3gzj8#>ayIR74^TBZrMRXUk
zAY3&`ITN^4p$=DdELd1TXatZZT`G}l8p(RH?2I8`8z05<o^n!i1W`+#qbYOJS1Zh<
zNUl4S)wRfDslX8IvBm(8uYG^wZT+k_ThrP~Lv+)hgwW%<Pg29BFmUZi@^f0WndW*~
z%WK+RODWUAk&*2&b~kp`E-gyZ&zJ+xci~FcSxwPNrtH2qv_NVLX)iW9ugKxMZ<aN$
z>S>v2OIigKauDQNi-@^f#W<2>FI6WWzc{qO79neCt=57Lwgy1hf3c4P1~>b9hmxr+
zdDiOL7`%A(kel_!)!11y@eOJ3pPJQWxzgzw5;LbfrI!g+7_iN{{^9oa1JcWwwG&_<
zoi8426Xp!!6hm^9wFZlgGZosY`_E(`+TLfk|NWh}sONZpPx-ZO?sI;~wulLwX~HoH
zSTkH>!wucvgw1e>k#HB)8wyBz_o#j$pv^TZ|Km~C32W`mALLt=LxEgNNzS34v)TI!
zxz`^Kss&Hd={Gcsgr4ImJtS5FN)8-rXb0_ffY=($dYv&x<{8$gMbqe`lV_AFRS8^+
z8H_P^%-_%q*r4BT#|t1XEdXQmza(&0TIJVU4e`}q&C@d`izLay82*~lK59G-#2%Y>
z0|r$BKbR|<r?rLXMMwI27!XLb#Rsky4l#~G9J~j>0V#IMh2bz767O%Y=qvsGXLbWa
z)OZ2?kvAo|&hw4`@ibA(R-ezgI&0#+bt&NYwY<4yx7B)dedE^Zfi+R`ChXLJETG~)
zsO{6G;Jf<d|NANME9WOI<fa*(;a?W(9I0>-z8syfVIh^Gyx=d6Iv->-O@<mjctKp}
zCOFjpV&Vl0x&V6s!bpOdp1yEm7I5`=@t`~o^6M#nxAzNzJ>ZXX4Qny8T^8a&#R($q
z!qf*%gZx;lgWwPD&&GW3;r^*3Z&7E$x8e6Oyt(1dy}IPS)!O=Ec{Wii_j)}R%r@-*
zFZQAWezhdpt4w&&hg^2pesbu_2JQXmWmX?opzZX;kVKeaoLWJ-&YALs;1&vQByTpk
zrYEX4hMv0i=JVi*C^p$Khfa(x5Slsulj#q7s0mrz;Wc&?XXd*uJ?h-62|21HYSBi=
zywDr{P`G7hwON<j23ySaL^-<IsC!kkZUa#7)EN&&!?Kh(nZ-qUJKU4Evyp4=;H%lh
zz)C6H?$Sl`1mD#;sQ5K^d77El9mCgN1e|WWoH$j8_Z7q{a?U@n?GLEcCFx22v;dc`
z`;5;pf|G{<(&B1Q8%X*AwmXaAmw~y_>JeC4NmL@eh6Xeo&<OybKGgVG3?~6wGOqv2
ziZ!x3!yZU=?~xdF$f+Q0mTezYc>fcUB@DS3o<DAF54>ww9z}B57!Id@9Vu*Bt{00)
zf9>evpickVX<K)F^0$YogA$4G$;+9o`|SiW!sd*)jmHRYTfmW87JJXzp4k{*A@4L+
z!OY&lK{3L$vzoxiLOuA%5zCzBwp|F7L<2|n^(G@qKx>h`wAP}H+-mPNCk+zdNYU5!
z>3K!f^3lcPTeb8Tp&e72ZfkdU)6K(Uvuk$A+=u0B49#L`$GYv;PLv7p(tY#hV-4+6
zeV_<i88k&ks98sBBWsY!TeR5c6seD@3KE$)T^+r)?F<>HFUMtUddx8%(D-Gmma6nv
zKW`1)CM4>lrI4|lOf-uF`liBb%4srtZVO?xoZ;F<yPwevwS`XA>Ld$g9+1(NDp}aE
z!SVMDg(LTEJ**)yId<tD3*!ax4tSxSqgBAZu<JV#qMfD4{zxhJ$>NyI_JX8U29+{i
zSL_?e40s<<pi*#CX7aKuxxtrB6@jazLd!P3AQg-k);?vG;88XP|1kMz6%5qo08Enf
z)i6_>%_XO+y-1eFvHo;OG#snSyyX*#h|qo=NB&tGEnghh-pu4+85Frs95D&2>B-Gq
zfu*uREUD^7=xP51viNhwJ%<-3uZfXZf>RpLF)nwacMNNpFnPHzi&D0HPfjr2H%^g`
z3Y8+RES-aKrJ0LUyD{g^YfKd^7-}bDNL_f?8IU(N&6><h2!Oh0kVzOM7OtST(cGx8
zP|vCmu++i|G|U(*q+^4Mc1A|Uv~e@6OG}|UBa#h1z9E9WE+{}~wPQY-xUdg?>M1ZZ
zDQ2nUaGgpAa0&zz$^yT-ipHVRzT8AONjf@g#4=S2>-YO;!1)AS4PN6t+CSSqGRw^O
zh?=T7EIJX^tK9&xk;jd`1;pFE^&h5Eteweb3=}#NS75$hB~9e*Kc7edoC$ir&g*N!
z_ci9;9JO7Tdl_k1{+uu;L*eG>jE4uFM`uD|VsZQZ-F`pAh+={!-8+;v8t?4swA)5*
z$KvsTZAhNU(JW4mPs<lb!~eQ5*+_SU?9{C69$*gpPQCdMO{wp5+R`5>XeETZ)Q6XT
z$OR?&6$*0f)MA(<fpcuifDXD*m3V;<J%BC_L{&dgbRuZ^N5<YbBJnLkeLRMqU^0PH
z8qT!nj&d7z+Hl*%p2A{Xf=pVw#0hpGz6?xf#3~BC3{An3(uQy9nvPEMCuI(oAn7LD
z^pki)pT6_d^;Q4joVDG%AHCO9X`7C0*8e-B^Akyh(D<?qU!^ZZr}K5^d+kBmhs58v
z@9B7ef$y!Pug2ie#woyIqO+XLLLO?b@5nl(Vj2d47J8&B8N9eswV{wBI40Ajx})x9
z?xdGF58C9T?zWfv#{1rYUv9YfPN1PCI-bL*M<8-V`+WDObJrR<h`K9<h25caa@}p>
zS|X9}D(=Q+Guo=L!h^{eyO5b6nJUeZ<|CQ%3!hKJN;H`Cl5Kp7=pbrqrq!dGPN!(=
z?5nSwtX^eR?RY6Th_;SM)2uz)94L&T7Ddn{j(^;EI9R#50`1*;c4wJ1{3@Czs+eCw
zCr+N=$yAO{t5e#G16|n^r#Rp(`f6!m0#DBPSxQOXcfNwnZBj9_H~S?8+0UtF0o^3=
zr#p=4C4v8ZF87Jz<_Kmd`qWX?K*Az~d3qs}h3HD<0C8oMxsFp)YTjL0>nPtdiVjW{
zMDO23iSmg(GS3t~nT95l=$gAPlz}=f`10chPfxbg`K)2x1s4R>TGvh-LS7BZSIY#r
zZlxQuBEB@QvFVW2@=ZcxyFr=Xp&S92{_j5*sBYR@Q2qLYlN8x)26H?It!voaV*Z^K
zd@|v^2`!9~mb9VnZdr_@@`ub$ph}wb)RM77FjkK8Xca=+2j9h;ll1ND8PC1^<JWoE
zH`Fkp%TFVi#R^tQ5EzCh>D1TB=vmezLnjzp^mrsyn=i3XX=3H)VVE2BEd21^^!0`6
zG0lshWv`EB7x$sr&3pSrGxHSq+YGx3B_hRwypYHn3oJK~Uw*<QLi>MmmLbokcbGtg
z1Du#SAnWOUnc=l<qD|rrKjlmI9Fk@Ff;DLoa}Y>X=N*Dy&y570z?PpR6oHj@!3rA_
zQy@3=@5F<~7ERTio7CwgfodjPv~@c>Ah8gC#tK01x+q|T+CmzIqOPZKJQOy0KRs3`
ztg+p`Pq^K-C1_+^{Ei%&ezqBVAb6mP8gc;}LLxtl3pPAXo}pO^kwR4s^9vg)@D3Xj
zDuIZI6a%h49J5&rHrJl8=~0)zRL0?#3FK$I$AwB35YG#Jm86u_e1)jz{b~xP$X^=n
z&X7ie`_(5ZpD!wB7>KDmjmln5=3-`4Gfrc?Bat^pk+fk&bL*XEXR8o-a|gqVYQ2Cj
zP)ZpFRMGh8_Oa;Ks&2b(>cWzIe%qa?rSQ-{!yjBBUU*iBCQB}Lk@zEp>G<RR!{WNS
z4+^n_e|fl@?_dx1yb`RSSZ$|M;}pa}*--T8J=Pj47F&8-zo|lE3G%#d@bN5aRfkG*
z%FkXJDMGG_C8_)AC+#roDb4Dk@m-7DWjWr19@-$f-d~p<*d`$+oYN1>Vnlnh!>N3W
za1xM=J<*CtWPc`_sXF%`){3|IO>MT-Z07fON+cp}RS*7Jl7>h1MTQMERzxC8I3Ri=
zLNy4*-4{5e<8%BQF&=J!hxG{x2RcF)=<^8;ydf2jCwRR<i+>v7i@0WFvE6$DmK=D}
zokrPo3%pCktO;}qP*kHF;YFk}_2fscA`=_a`Ku&%!I%T#XW4a}Vk}9TEs)>GU+aRk
z3y^rKFVlecbbgzJgT%*PpNe0W(n|6jRrMPcD!0X`>G3@2ckp?tKJ1ldesg*moh1HE
zL6~>zlS~eISH|Y(J+SS6E9Ohb#1gU73XXDAz!}wq?Ka2{{w?G!K5}Wy;>yyn+`&I*
z^?YpTL=j39Tn?IDyk^w<q1^^L1)m1w8+;jO<%4@H9F8*u?8d^K+9+}Iy^IpH7PX0Z
zPnI~gb-;p}+COEGrFg}kLdUJsh|sbeQW1Lwx;XvLBKHXk>+@PcpA~*$WHO#GD?4E#
zfu@yBh9@i)`?|;I<~G~kD0m_O9n<|0h$B;I8>{Ihe9<w9z+*+hgs7Nu$@-H0q#K^<
z_w<;Qb61k1@Q+W#8N^q5e~>+KIc}lo&|!6<Wc0@lTZqxiCLLDo<t5)!?3OXloC;3s
z?Uvc;Y8t-b)A4jkzj&YrFRUeX{&&RB>y}EY?-m9<U=BBx-z6YNU)TOzliIf^cVv5i
z!}E?C_VX@P7?vx!RxqB_b~cO{PFxz6(KL~G)_;(2C<ZYX8P@Sxqo@0nW44Q>b0p%9
zjnf<y)9F*R=rcuNt*d))1bGQD`fd{HhZlQ)$xMYk#A)QLSKoFPQUV|s!sHuuaeH2;
z3iT)c<Z4J>U{08Z<PFyo$w&33$0SOcZ<Eu5mxX}CkqaKa22CMRU+?XXuY$7a&RC8S
z(eEH@aY&@mxu|3Tp7qVxkY&X<<_jgq%c5bdmH`({^`6o5@KAe5E1hbMaBu1Ug8}|R
zt;wu^zpdiI%P<kuF6O1BPc(LRgn7q$=6neP)z0TW!Ebs6eN8|kZiJ(>RC}~^*Z2u#
zN6`Q_v)ZWQ!6u=^<*$V+a`@?hK(h|oBzx!Aq<z88_s(QIrm*{Tx@<dLj15!q5<X~v
z0|+2YM!RbQICv4CRI!*a?uhWg(M}k$_Xf$RJf;c_M9GctO8r(2Tqy(n&e$)1nZ=<d
zn^4=w&>A#*nFaZoq&t|a7OZOlx6S`vFdBEvYS!wwS#<L|=kAjl`Ddbful98-8qe*u
z+8Eb!)(@9?K(3=3mxfS(DGze^rQ6d7CchEVFMoqzUOpVQlA8Utb@FqRsTq7C?09eb
zUPdKm=l>&)&6ZvAZQFYEnD)3sf2Yd?e(f}`MjEG_&ExW%?IIn@2*tH2dAl8UAjlZY
z{BC>qK!I_z<tW46D>QDUHcFgf9sR_8U63EIVm0i0MO~vgmmMAg{f4Zf4zt!jXu;R(
zI#Au#kzJX|N}DZl&n`@JQ}AqW99~JUe|rd$^+nyQ#N>;qq%kBjMEdaK9I@hl3E8uU
zj((2Og(zN12@QKxOoi5*i;o{yU}YMY$A4p;#Myzupxm$#LKw_4Ael$<3jC|SAWG1h
zb@}<nQxfuPId?X1JdI05JS-s|n&6MD@E{?)NeB7qm>PDf9T_OTqVa0Q%o_dUHI~In
zO9o1vu6d1XP<##bNO4G@fa?>pBL(rf$Tpa|N0unY3>UP1bKHukCU7NMf=@o2<zdVl
zvJ#UAyR?qv^-v>gJ{kj`9F?V-psrRq<|B$~W`IZb9b2S%o#B?Wo}IKzBdeifiO5)(
zxh0ZDGYHo#TR9&l`DLHf`7TOU#4l-GKot{#klO|+#7o}v#Z;3^qrWp6=mfCYT&0qv
zFAM}Ev(sXOkAIP+!yj@WF+a|@pF~x?nysJ)CjHOsC!)hAEIaiXTrv{_O?md@4jk_I
zYK0q0OY``x1ZEUF;01Ns!&0w1a$((QmaJd0%4;irj&`xEZhrsE?3Qm&4JPOg1PT)+
zp~6&8Y>i*R(Jo>^O(bkz518Jj!MY~g^!pmkxs;@Fh36j}5=JoP4jFA`eWtB`maR7$
z9~br=esH*GX}r@m?W17`Z?nvcu*510QxgQU?zi+Fny>eWY^yr`15IOaeN24A;ruV7
zK-=6E%5MCoYP@JebQDH5gUl9=R^o*+4@HAV^YCt<Ry{ovgIz^dlj!SU-1H)h4(;SJ
z>sjR0a56N6ubEBiF~fUwmd7fN*V06E;h6@NsEJmsdNMgZ=>Tv!9hXBI%0jR6<~Wo|
zyIn6gU7xs!M_zP{?wGB~zUq=bkI~)G+oZ)Ri)Rwa3m_DPy1i@!sZ82iYw8n4b%>is
z@YCKPoJgOAu0Sk*A_Bzf5@lyhKeTB0mK2GWFZ<#6Z1s6#6LrOkXJ1tWxmNDC)g33!
zl&P*|;fXdVHYOll<fZswg0So@yEbd+*cI=u>e{t@E2Fg4dk5tx8qEk_P;d16WDGSo
zOj$UhKKTV_Zgl6GKlhR4Mtr2#;r6me(^op#^On~mniy3+5R#3``Q51=yC~|^a7N%%
z(0#6IHQKok*MtvccxO+f{4?NbMpMxXo>8;mmZ10W=b~RAOr!()ixI;NJJZmUn_vi!
z@v6HrsxE;h6gkz5y3VeR(<snb>{?hO`s+D7C?`$Jg6SWs2h{{t%RZ}0kw3j`B_neZ
z-@+Ci$~byzcbHaK%FghbE&}>?iule>;(zGK+t|cuZAGS|(cA@OQQ^UjXRTv21t@KE
zHi|%g>evuK5rtJ{)E~9khqH&Xg!8cFk8X$f34)s%NgB_z4Z$$x%j-%uU_;-*Q#Rd2
ze|l;mvUsNLu~jhDV{($Kr#194Z|^6cwKnrVSCc?!Y}qE~zYbJ6M?~<I&YK9Wk`6`D
zqtEAu)@bevIeEOXQ8`>?J%(3Yhrxkpk7tIFm2lIHupCpaGbDhz?)<VMKnaqejT4Xq
z>J9p-e#`T|sx5A)#nioi^Imis!Xc%fpjv{y<g2~~rYrAM15*qBkgcfKm=cx|)LHC;
zgUD>X3JN!0=F5yXGDo%fcD46~r~GXxO(En<+PLk)LVSq1D3Xx9j3>wq&<`YZ{!2_D
z+8BfsD1}_jAb(GZ!d{+a{d}7}LpP{?=IViZRXBKIZLAj(i|36n$;Y6_K6+;;ZoPt+
zT6vdPdiv{dtL=#+k#uKpVN!xSPA<+<#}~^9KzIqX4--n*=|GiilQ#|uH90#3!?^JK
zS}Dr+;{mWt*DhE?Ui+zPcxb3;sQJ?~kqvQz1IvBu(g(k5hxfn{B6#;S#SangKAQpt
z!HCtVBEkywrpZ#e`ld@1%+9JPQHbxDZ&&S5NrTg}xTawWCExReR;3I1GLE|TiDiTN
z6{!r<sfkl3FDnQLz29MUs&u3XxIog!cd@lqDK9k^l9oqBeWzwRpTdKQG&IUZT8;oC
z?r{#m_xQJ~*VEIO2UtVAE{qz}y(f538d#G_pUf#u4$z{7I{XYe6F2b<?__OL9Gr&B
z?QyS$_e$g-e!WO=!J#HU#KRy^WV4oPQiq0iHxC@JX%l)#N4NcQr_flchZ@~R*Jgy8
zgz{);_|U^}O0q|cxrxNmzEwopSlh`Ll;^VW+kGF2K@;Qt4?LGM>yq!&XVgh{zj5wI
z`vj4=mc%f@z{ZBZC+8HO!|^OzC@bfy=2dH5ct4Kxy&@j$mRGRMfo~B&Um(QAa_&v=
z8NARjPK7bVMmq)<&y>}YB#^;oDjS7pO;qqGojU6~6UTn`_<TKn$IvVkNqE%YGo=HX
z6?}G{`w|?|5lz<}9(dK=qS<sYsRdn)pKPe~7mO3)-g!~Gq`MqWkQ!+IdFajVPQN{Q
zV+#WYl70bRg`%bUbq*`ji~#iTLpX6$fg^W)Z>W@zu*!srNX73MJ4iqT|Cd$l`jO;w
z$>oJGPN!lHfFDBM6plA!33;8xv}F_D1l57>K2j;RMyo3jhw3`R&;9|;E~g^V?oO;y
zU>#bR4#MdB))ai&kU0W(6KD@#;tM!_3DpiCK6pJo{b?9A!)wrN9~gbU4*%v~GDJ6Y
z8I4qr6yD;M?k<m8Z6&8P)VH<p8MzbOcS1Wg2d5aN;)%YRm`llaK`8UQ1Ps#Ft5C}H
z>u>a)1sTJIV6F^Azep1^$J*&B@AJsu2^mZ}w4=cc^0i(<|L{Fq@uV4Zk<1)px?hMD
zO6Jj~?&i$5ZupauK7_VW#qFlA&5WN7u-i014@F8DBllFyfDo4&2_|iva`Tj-#?CLM
z!iM7w#q(KX0xX4kj9nuo!%4H`1br@>txmk36TMh7$#*CQ3`bq+QGFKVD|I%Q$=5~m
zj4qUewal_{MmVb?z3u>j%HXh6{REQaIM*Z?q{k7~(YgsaFzDhvq)z{^P`aj1ePoK_
zSzQWn(nbG?Gn%7Kff^EHe_kl)5^8{*IncV|-_I1!p1w*%nrvMZe5mew;;-6&hp^oU
z6fh)5@XXml5*Pcn)e-Cw20r0-iqoT*#WAjoG)%}Nr47c{kP6O6sSZe{`<8stGpj(b
z3ruigZID%Li61oy5hB4<Ly6p3Dnhi(Q(43|&Pt$;JKlw40v<~QsC(Bc_|h$aN!HAa
z^B(;z;1S-U6i31~CmE=y4h-j75ySiHO~L(6;WnLplf7kb7~XX_r@DB&JIA%UJi2gv
zh#WiEj`vGmjba1RRCC1YS3oUJvcU2U#*~hLx$yowr?d}IcB@x^oVPBE5IK9x=aj~a
z_2FbZp7yTpEc_g_ZM>nR_7a(m{m#|@g|p5*+z^;!<Y#h9j&BOT4bR?rWB0LXtKy3?
zX9R2dm9n+ht{$$icxq0C<8}NGpB!X*1NjD9yGj!HHbyu-B$ahZqd07RDB9@!ufZ#7
zr)y6Ur5Etk6kI`k6^jgb1;=LwNSPbW8_+7~B+wERzu@ouHS)_T8p7U#tO7#W5dUqL
z0-n9nG9moj;~<%VxDMGUM*W3r#AIBvu8-F9L*Z2!I032QK^g5v*7Xtyh0xKm9Ah@h
zrqd(R3$7I5a#V1*A=ob(nTt9%MeF))tH&qq`pq!}8^+TQ8p}%Tl3uoasJ`?%aRfdT
z%aW&#&JL^d^c4Ire`X`8&`ijUOqukO=sUKdD@r5elTvq(I4TBav7gB=f6jw5!8>fn
zcf12?25uTv{d?FsN)hdE%vqqU8|z60m^90z#LF#GB8Dh(XaBmT81tzY8YQVBzoI_3
z-+>jH<ULB#w9rk99pti3h8@>zyoEqUHr8p-*aI>0sdl;~761ZrM4_Vn-eIaI?vMdH
zym(lz4M*m4NdNX}=zT2uU||D^<6a;LcQ$y8yke{IL@jBun(Dj>Jn%Ub;fDG(<d0)7
z6!K0~cR-itj$ueqMz|;W43m+9VE|vu{_$`JgVO#VR$oLxtRI`?=;)L2`>LPhuSzwm
z<kqbwYCj$9MdS?`CpEFZckr~`3I`9Zog!MAP5)e#abgbg8{e8gHi#)XD4q}=RW>aD
zguwc{imy2_`wveLH<v|0RAqfCf2G2rq)m>l+tl38P3|;m;7;vNjW-%7Umyo$cF3()
z91m4kkS|5Y-gP>$SEgYTL>1pI4}_jPMW)y@pCT|@iw3y(pi1Z;Xz72SNMqnl2C1i<
z&%T;hbfb33j(481zc`0h?$<!5CTDMS#l==dP8&u!6jXr%I#XQ(FH4S>H?MjWnoD4h
zJWIAW*9rDmU`)cmL=HkRO>5KFWbiSC;@f;qq1LZS(Q3Y?<6gd<@Ac0Y2n$wV&v3o?
z1c}d&0+enD|J_E)x|t!H63}!B@|(N4RPQW;D{MfYcQeJ=d{#^ecprc5!m+<jP6RB>
z=+~QE`XqkUW(@URHQbOhN3@-FuLaZoQLv?}kQVgX@G#`<kw{nkiA^5o9>)JAERHca
zT$6pmNu^$gS)UR<+A?g6N+7Po_W&a7@8cu)j@Q`3g(0QH-0L9>MZEy9uBiSoaZ|le
z_H|1i`ip1kQkFa<2;1Q8dT*p~4tuYYs?e$wns#US#M$qkn_w|ot33sR!Xlvmj;u+8
zw(dGpr+S@-73fL$ai}o}4VvxG290`-9EWAs9<3CHxcryX31C;cXUEjG20B1zR-X+@
zMki<F%*41nvg+PnVWC09kL)Y+<s~J5L5^(k)tCCO*k5IgV=!a|9O6-8Uh1A>9+|6z
ziX(;vBtxjOAOS%eL@VJ#(nRf0d;FMuA8M-tc?C5r@7%a5oN*ME5EL@{p6<gUfb2ND
zpXMu34q1%mz6z3nhUkfqbSZ8knLz;wYN~W_0*Y0Lg6^~a$%$Y-&{6oN+Zk<xIde!0
z4tx<F-H?UX5M+Tme3Xg&ev>Z)SpkVcZ>(X=#{(46`N5_BAr=m$kHrQBokUjKAVw~_
z^>oeU=*T(=0%+dROQcph#Lhbqn%<M!6Yc!=@79pKcXkO<N_S+w%#i59Bgh9;!AMTv
z!iG%Y7-<7d@*zv%g!*@HBa`7n`nkEt{XcKljMB)XioqJPvtbYO_|+sS?m#vHZ2%%w
zO%q@=@4Mt33?j8v>z`9NX_bghmG%xvYDJAB*OCZ3W2^5W9_nyJK{f-n4UfYsV8E*7
z%+WdCeL^(P@3nmcda(orq*RHSBy%cXgQ%_bC3!u#Fo*GJ<Xtz+6REWNo$^nl>-)CB
zu5&=H^no)eVji_rDP4@S`8M1#(&zyIn%hmHj$GjyVpr7w>lgFqT8bPTBi*+_a|8>s
zS<^?}S+@J(C+zV&KFNDz7Z=qZ4dydAj6ek=6iny-y!8`G09bI>Slf)c18$Xox5Sk;
z`<4pf8-}k<N;lVc#Efw*ih&Ou&<cDO(P=2`+V^bhE2eD(7CW5BDQp1;>F5N20vHY^
zQX^f|s?wT{(I$9aZ4(={QzFIXsgN9aqZ1rTai1N-x0vRPT!b*ToudesrC(EzD-B#O
zzir%jY%1iE=3X0*8MxabhVk|>xMkN`aHSIPuzr0dp1}U5ZQJ?vQnFDDodpW?s!{Nh
z?!r))9JfI#Ns6l&7*p*)5Q9IT0*BLc>cRVpIVuD5!A9W`+*T|pd7w~pLZ4^^>6P#h
zSD-FRBn2y}c5_eUbHVh>LMd+SzqY*Df<55q4`eyG-LU=EV}LP{YB{5vP(`TN^%u%4
zT)3jAF8_$O(`$W>M8b!w#bMnDd-36OYyyM*95Q;$?l)3;%uXHQFtR9xVry+GvspK=
zh=r2L7-HrAaDN^0{viXny^YY_MPC7`zAYdbw$SujGt0+~r_-dPXy<K3>U3zv`@AHz
zEfhBv<s7ZH*yh!#D=W7I%V)NL=v;rBR^Ly~TUO-I4@YXFd$bT(KgU>D^XS>E;iFe|
z#%gtJC6}>~X5hnLAcBjmqu@iVhYC7`_FdJCfml_(=+OLH3Jo*{Y)15`5jX&;ICO><
zO&pMLeo^D@uazsOo5GbKSnaw2vFOldg8f?%4|YKNTfnca?J3*9uW5Q6_J4RjIzj)T
zU(Px~ZdZvf0>AR(x3@vmbKK(F0U>VT6udryKKl6y?t1mPfX?zmd$z&v+v67Kt=%R!
zV0<a#E%Ab;q;9~pJ!u`Kt}1lmxO~U(a_}xzTBTpsB6u|Oz9=JFXn~t-m|w1K@0{rV
zkVIr;3Tl3LZXp%n*7aBnq(-6Z1b^jP?7Ikl_?biPJy-p6A^qb3HPB^!pb9#k20Eq=
zI@(!X4H01n2B(9SsRz2tGG~(BZ3og{3;wl<gxds9ZqC<lLsxHuUtq((nr36J!lDhj
zuFcWmPhGIu3RJVD>BA;i?WVMO9a}|Ruu@1?3b*RBsd6yhYcIHB-X*_v=Y`J>A^*(+
zRN88C$lYJ=FDba}Zd>KT%VwgZN0SZ0J2MIRoQt_oLA2DiF?R<l#Sf@JRuuJs4zRjH
zm4#HjbRaBmey(;6D4s${Xa)t`07-EWiE{5N=^(lF7vbMoE&|85URbCEm4jm40EzPi
zEKqQCR@|%uM@At?HiM%0mI@YL{kue9eBuHPtL3S}XFSIQhp+>J(#E^A1yS69%4h`M
zw_vBQ^wS3NIVELZ7E~FZD7@S{m7!C#;M2Jb;L4v&y)Ig<u*dH=hpd11F*18ogCu;+
z1ZL-esO~8JdhY~g<p9sw$ohjXXs*Im;Pt>0Aj@UegFw^-I(`krY{iN%c&Y)D&=EFz
z9l*##G%c5>`9L#JyO?X*3KpW}23-LpXhX&%$_yo|&a(y7ha*!=j}ge8A`J^y-J+x+
zov22eP{hlsgRZLt8`5UH&9+7E5oJ@Jnmp(wrYO{E`TK{9^mc3D>kbGZMv9k@S0-(s
zE7<ovofFDDTtqpZ<rf*h53)C)>2PMR&O>?@8Agq&C;EUArIadS^eR{6L*_0Y^7DuI
z(xv%eJTSJEoRWK_t2aXeSW?JnNPN1$!`UYp2+V$1<<^jJoM%0sP=Aau<S*9__db(w
z;xR~{Wjki$7FV#RuPCNvAv;gk_^{x&hA)7@z6Rbo3YC?9qI*?W6*h2@i4=x0V{*vQ
z2bV&LIdms*^<kJ6-3Et|xkR%U%!H-ni%QfN)R{nSc|0mxv&LDHMb11>b>7PG(zp(|
zeBbbInhBPFO9-Z22?&dtke%4Tay(iL6tJThupUz+1ksuy=pZ@ISzB}8-7IBpJ~hjQ
z+9q#`OpK>_(?{-U%<YL)&A11NM|dY&xTkPPEI5WNS|SIuNTVQK)d!-k{1-1?Uey=9
z7Q&DSCx+Zuc|aUVo|GXakI8SgXzB80+%xjnh4Hpyxe%{riNc6Cuy!?>HneE6S*Z4n
zy|}J*<iFbwVRT_w+Z2Gutj&^YrX<BGbq7Lo@0`Bz<P@Q{*DuW)ihQ!RnrxDj(xWt?
zCW~sZI*pNGDxDGxb7jOhhAj}oX8UEv%C`__c9bhq>w4oIVK)_2*a}ogQV?YcxOjBR
zuYltAPX2oapdInlBI%z@3lmsSX<+)ULY>Ec0JGMv@aJA%<}ZT(pcJ@z(a&dn1Y65^
zMBISUkO_O$;sMX3wgFdfk&Ot>NE$984T|yQ?81gr>1Tte^M;ipxI)c;enJ>ysFUb7
zA$4y0A+}Vy6vOn&OR<Q)FO^%d3UK+<lSxP>D$sUYCX}++sDpL?G-3yp;=>#Td<uRe
z#Br1L?18Da*<OkAzdjRd;AGDe3|-_;FD!^RELRAfr==5xmdNrba1>~OsB20|B_>Mc
z4y{%UG)S(#<Ke2xL5UprfYFtICu2ph939iAbssB?UMh+eg|c{;6J@iRWjqDWXH{ek
zC<H_PzmSSDz#wQq|L@P1|7@#3z(7R*Q~rzp$DhmpDe`|azW&eY|1Uxg^?$L!D$0OE
S{Lc!=e;M*$U1$EE?tcN%Un98y

diff --git a/Solutions/CofenseIntelligence/Package/createUiDefinition.json b/Solutions/CofenseIntelligence/Package/createUiDefinition.json
index 8f5c0c9abcf..17565951197 100644
--- a/Solutions/CofenseIntelligence/Package/createUiDefinition.json
+++ b/Solutions/CofenseIntelligence/Package/createUiDefinition.json
@@ -6,7 +6,7 @@
     "config": {
       "isWizard": false,
       "basics": {
-        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/CofenseTriage.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \r \n • Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/CofenseIntelligence/ReleaseNotes.md)\r \n • _There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing._\n\nThe Cofense-Intelligence solution provides the capability to ingest Threat Indicators from the Cofense Intelligence platform to Threat Intelligence Indicators in Microsoft Sentinel and Cofense Intelligence Threat Intelligence Indicators from Microsoft Sentinel Threat Intelligence to Microsoft Defender for Endpoints. \n\n**Underlying Microsoft Technologies used:**\n\nThis solution takes a dependency on the following technologies, and some of these dependencies either may be in \n\n**Underlying Microsoft Technologies used:**\n\nThis solution takes a dependency on the following technologies, and some of these dependencies either may be in [Preview](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) state or might result in additional ingestion or operational costs:\n\na. [Azure Monitor HTTP Data Collector API](https://learn.microsoft.com/azure/azure-monitor/logs/data-collector-api)\n\nb. [Azure Functions](https://azure.microsoft.com/products/functions/#overview)\n\nc. [Microsoft Threat Intelligence Indicator API](https://learn.microsoft.com/en-us/rest/api/securityinsights/preview/threat-intelligence-indicator)\n\n**Data Connectors:** 1, **Workbooks:** 1\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
+        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/CofenseTriage.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/CofenseIntelligence/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe Cofense-Intelligence solution provides the capability to ingest Threat Indicators from the Cofense Intelligence platform to Threat Intelligence Indicators in Microsoft Sentinel and Cofense Intelligence Threat Intelligence Indicators from Microsoft Sentinel Threat Intelligence to Microsoft Defender for Endpoints. \n\n**Underlying Microsoft Technologies used:**\n\nThis solution takes a dependency on the following technologies, and some of these dependencies either may be in \n\n**Underlying Microsoft Technologies used:**\n\nThis solution takes a dependency on the following technologies, and some of these dependencies either may be in [Preview](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) state or might result in additional ingestion or operational costs:\n\na.[Azure Monitor HTTP Data Collector API](https://learn.microsoft.com/azure/azure-monitor/logs/data-collector-api)\n\nb.[Azure Functions](https://azure.microsoft.com/products/functions/#overview)\n\nc.[Microsoft Threat Intelligence Indicator API](https://learn.microsoft.com/en-us/rest/api/securityinsights/preview/threat-intelligence-indicator)\n\n**Data Connectors:** 1, **Workbooks:** 1\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
         "subscription": {
           "resourceProviders": [
             "Microsoft.OperationsManagement/solutions",
diff --git a/Solutions/CofenseIntelligence/Package/mainTemplate.json b/Solutions/CofenseIntelligence/Package/mainTemplate.json
index 84d8c265e6a..f1e85c593d0 100644
--- a/Solutions/CofenseIntelligence/Package/mainTemplate.json
+++ b/Solutions/CofenseIntelligence/Package/mainTemplate.json
@@ -72,7 +72,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "CofenseIntelligenceThreatIndicatorsWorkbook Workbook with template version 3.0.0",
+        "description": "CofenseIntelligenceThreatIndicators Workbook with template version 3.0.0",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('workbookVersion1')]",
@@ -90,7 +90,7 @@
               },
               "properties": {
                 "displayName": "[parameters('workbook1-name')]",
-                "serializedData": "{\"version\":\"Notebook/1.0\",\"items\":[{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"crossComponentResources\":[\"value::selected\"],\"parameters\":[{\"id\":\"a4b4e975-fa7c-46a3-b669-850aacc88134\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"Help\",\"label\":\"🔎 Guide\",\"type\":10,\"isRequired\":true,\"typeSettings\":{\"showDefault\":false},\"jsonData\":\"[\\r\\n    {\\\"value\\\": \\\"Yes\\\", \\\"label\\\": \\\"Yes\\\", \\\"selected\\\":true},\\r\\n    {\\\"value\\\": \\\"No\\\", \\\"label\\\": \\\"No\\\"}\\r\\n]\"},{\"id\":\"15b2c181-7397-43c1-900a-28e175ae8a6f\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"TimeRange\",\"type\":4,\"isRequired\":true,\"value\":{\"durationMs\":604800000},\"typeSettings\":{\"selectableValues\":[{\"durationMs\":86400000},{\"durationMs\":172800000},{\"durationMs\":604800000}],\"allowCustom\":true},\"timeContextFromParameter\":\"TimeRange\"}],\"style\":\"pills\",\"queryType\":1,\"resourceType\":\"microsoft.resourcegraph/resources\"},\"name\":\"Parameter Selectors\"},{\"type\":1,\"content\":{\"json\":\"# [Cofense Intelligence Threat Indicators](https://www.threathq.com)\\n---\\n\\nCofense Intelligence is a human-vetted phishing-threat intelligence service that provides accurate and timely alerts and in-depth analysis to strengthen your enterprise's ability to quickly identify and respond to phishing attacks in progress.\"},\"conditionalVisibility\":{\"parameterName\":\"Help\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"customWidth\":\"79\",\"name\":\"Workbook Overview\"},{\"type\":1,\"content\":{\"json\":\"![Cofense Intelligence Logo](https://cdn.splunkbase.splunk.com/media/public/icons/da85629e-b54b-11ec-90ee-aa325d5405c9.svg?width=200&height=100)\"},\"conditionalVisibility\":{\"parameterName\":\"Help\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"customWidth\":\"20\",\"name\":\"Microsoft Sentinel Logo\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"ThreatIntelligenceIndicator\\r\\n// Select cofense indicators from the table\\r\\n| where SourceSystem == \\\"Cofense Intelligence\\\"\\r\\n// latest data of cofense indicator to avoid duplicates\\r\\n| summarize arg_max(TimeGenerated,*) by ExternalIndicatorId\\r\\n// Create a new column to identify the type of indicator, IP, Domain, URL, File, or Other\\r\\n| extend IndicatorType = iif(isnotempty(EmailSourceIpAddress) or isnotempty(NetworkDestinationIP) or isnotempty(NetworkIP) or isnotempty(NetworkSourceIP) or isnotempty(NetworkCidrBlock), \\\"IP\\\",\\r\\n                        iff(isnotempty(Url), \\\"URL\\\",\\r\\n                        iff(isnotempty(EmailRecipient) or isnotempty(EmailSenderAddress), \\\"Email\\\",\\r\\n                        iff(isnotempty(FileHashValue), \\\"File\\\",\\r\\n                         iff(isnotempty(DomainName) or isnotempty(EmailSourceDomain), \\\"Domain\\\",\\r\\n                        \\\"Other\\\")))))\\r\\n// Summarize and order the data, then render the chart\\r\\n| summarize CountOfIndicators = count() by IndicatorType, bin(TimeGenerated, 1h),SourceSystem\\r\\n| order by CountOfIndicators desc \\r\\n| render barchart kind=stacked \",\"size\":0,\"showAnalytics\":true,\"title\":\"Number of Cofense Intelligence Indicators Imported into Sentinel by Indicator Type and Date\",\"timeContextFromParameter\":\"TimeRange\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"sortBy\":[{\"itemKey\":\"SourceSystem\",\"sortOrder\":1}]},\"sortBy\":[{\"itemKey\":\"SourceSystem\",\"sortOrder\":1}]},\"customWidth\":\"50\",\"name\":\"query - 1\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"ThreatIntelligenceIndicator\\r\\n// Select Cofense indicators from the table\\r\\n| where SourceSystem == \\\"Cofense Intelligence\\\"\\r\\n// latest data of cofense indicator to avoid duplicates\\r\\n| summarize arg_max(TimeGenerated,*) by ExternalIndicatorId\\r\\n// Summarize and order the data, then render the chart\\r\\n| summarize CountOfIndicators = count() by SourceSystem, bin(TimeGenerated, 1h)\\r\\n| render barchart kind=stacked\",\"size\":0,\"showAnalytics\":true,\"title\":\"Number of Cofense Intelligence Indicators Imported into Sentinel by Indicator Provider and Date\",\"timeContextFromParameter\":\"TimeRange\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"50\",\"name\":\"query - 3\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"ThreatIntelligenceIndicator\\r\\n// Select Cofense indicators from the table\\r\\n| where SourceSystem == \\\"Cofense Intelligence\\\"\\r\\n// latest data of cofense indicator to avoid duplicates\\r\\n| summarize arg_max(TimeGenerated,*) by ExternalIndicatorId\\r\\n| where TimeGenerated < now()\\r\\n// Select only indicators that have not expired\\r\\n    and ExpirationDateTime > now()\\r\\n// Select only indicators that are marked active\\r\\n    and Active == true\\r\\n// Select only the most recently ingested copy of an indicator\\r\\n| summarize arg_max(TimeGenerated, *) by IndicatorId\\r\\n// Create a new column to identify the type of indicator, IP, Domain, URL, File, or Other\\r\\n| extend IndicatorType = iif(isnotempty(EmailSourceIpAddress) or isnotempty(NetworkDestinationIP) or isnotempty(NetworkIP) or isnotempty(NetworkSourceIP) or isnotempty(NetworkCidrBlock), \\\"IP\\\",\\r\\n                        iff(isnotempty(Url), \\\"URL\\\",\\r\\n                        iff(isnotempty(EmailRecipient) or isnotempty(EmailSenderAddress), \\\"Email\\\",\\r\\n                        iff(isnotempty(FileHashValue), \\\"File\\\",\\r\\n                         iff(isnotempty(DomainName) or isnotempty(EmailSourceDomain), \\\"Domain\\\",\\r\\n                        \\\"Other\\\")))))\\r\\n// Summarize and order the data, then render the chart\\r\\n| summarize CountOfIndicators = count() by IndicatorType\\r\\n| order by CountOfIndicators desc \\r\\n| render barchart kind=unstacked\",\"size\":0,\"showAnalytics\":true,\"title\":\"Number of Active Cofense Intelligence Indicators by Indicator Type\",\"timeContextFromParameter\":\"TimeRange\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"50\",\"name\":\"query - 5\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"ThreatIntelligenceIndicator\\r\\n// Select Cofense indicators from the table\\r\\n| where SourceSystem == \\\"Cofense Intelligence\\\"\\r\\n// latest data of cofense indicator to avoid duplicates\\r\\n| summarize arg_max(TimeGenerated,*) by ExternalIndicatorId\\r\\n| where TimeGenerated < now()\\r\\n// Select only indicators that have not expired\\r\\n    and ExpirationDateTime > now()\\r\\n// Select only indicators that are marked active\\r\\n    and Active == true\\r\\n// Select only the most recently ingested copy of an indicator\\r\\n| summarize arg_max(TimeGenerated, *) by IndicatorId\\r\\n// Summarize and order the data, then render the chart\\r\\n| summarize CountOfIndicators = count() by SourceSystem\\r\\n| order by CountOfIndicators desc \\r\\n| render barchart kind=unstacked\",\"size\":0,\"showAnalytics\":true,\"title\":\"Number of Active Cofense Intelligence Indicators by Indicator Source\",\"timeContextFromParameter\":\"TimeRange\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"50\",\"name\":\"query - 7\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"ThreatIntelligenceIndicator\\r\\n// Select Cofense indicators from the table\\r\\n| where SourceSystem == \\\"Cofense Intelligence\\\"\\r\\n// latest data of cofense indicator to avoid duplicates\\r\\n| summarize arg_max(TimeGenerated,*) by ExternalIndicatorId\\r\\n| where TimeGenerated < now()\\r\\n// Select only indicators that have not expired\\r\\n    and ExpirationDateTime > now()\\r\\n// Select only indicators that are marked active\\r\\n    and Active == true\\r\\n// Select only the most recently ingested copy of an indicator\\r\\n| summarize arg_max(TimeGenerated, *) by IndicatorId\\r\\n// Summarize and order the data, then render the chart\\r\\n| where ConfidenceScore != \\\"\\\"\\r\\n| summarize CountOfIndicators = count() by tostring(ConfidenceScore)\\r\\n| order by CountOfIndicators desc \\r\\n| render piechart\",\"size\":3,\"showAnalytics\":true,\"title\":\"Number of Active Cofense Intelligence Indicators by Confidence Score\",\"timeContextFromParameter\":\"TimeRange\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"50\",\"name\":\"query - 10\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let DomainQuery=view() { \\r\\nThreatIntelligenceIndicator\\r\\n| where SourceSystem == \\\"Cofense Intelligence\\\"\\r\\n// latest data of cofense indicator to avoid duplicates\\r\\n| summarize arg_max(TimeGenerated,*) by ExternalIndicatorId\\r\\n| summarize arg_max(TimeGenerated, *) by IndicatorId\\r\\n| where isnotempty(DomainName)\\r\\n| summarize SourceSystemArray=make_set(SourceSystem) by DomainName\\r\\n| summarize count() by tostring(SourceSystemArray)\\r\\n| project SourceSystemArray, count_, EntryType=\\\"DomainEntry\\\"\\r\\n};\\r\\nlet UrlQuery=view(){\\r\\nThreatIntelligenceIndicator\\r\\n| where SourceSystem == \\\"Cofense Intelligence\\\"\\r\\n// latest data of cofense indicator to avoid duplicates\\r\\n| summarize arg_max(TimeGenerated,*) by ExternalIndicatorId\\r\\n| summarize arg_max(TimeGenerated, *) by IndicatorId\\r\\n| where isnotempty(Url)\\r\\n| summarize SourceSystemArray=make_set(SourceSystem) by Url\\r\\n| summarize count() by tostring(SourceSystemArray)\\r\\n| project SourceSystemArray, count_, EntryType=\\\"UrlEntry\\\"\\r\\n};\\r\\nlet FileHashQuery=view(){\\r\\nThreatIntelligenceIndicator\\r\\n| where SourceSystem == \\\"Cofense Intelligence\\\"\\r\\n// latest data of cofense indicator to avoid duplicates\\r\\n| summarize arg_max(TimeGenerated,*) by ExternalIndicatorId\\r\\n| summarize arg_max(TimeGenerated, *) by IndicatorId\\r\\n| where isnotempty(FileHashValue)\\r\\n| summarize SourceSystemArray=make_set(SourceSystem) by FileHashValue\\r\\n| summarize count() by tostring(SourceSystemArray)\\r\\n| project SourceSystemArray, count_, EntryType=\\\"FileHashEntry\\\"\\r\\n};\\r\\nlet IPQuery=view(){\\r\\nThreatIntelligenceIndicator\\r\\n| where SourceSystem == \\\"Cofense Intelligence\\\"\\r\\n// latest data of cofense indicator to avoid duplicates\\r\\n| summarize arg_max(TimeGenerated,*) by ExternalIndicatorId\\r\\n| summarize arg_max(TimeGenerated, *) by IndicatorId\\r\\n| where isnotempty(NetworkIP) or isnotempty(NetworkSourceIP)\\r\\n| summarize SourceSystemArray=make_set(SourceSystem) by NetworkIP, NetworkSourceIP\\r\\n| summarize count() by tostring(SourceSystemArray)\\r\\n| project SourceSystemArray, count_, EntryType=\\\"IPEntry\\\"\\r\\n};\\r\\nlet EmailAddressQuery=view(){\\r\\nThreatIntelligenceIndicator\\r\\n| where SourceSystem == \\\"Cofense Intelligence\\\"\\r\\n// latest data of cofense indicator to avoid duplicates\\r\\n| summarize arg_max(TimeGenerated,*) by ExternalIndicatorId\\r\\n| summarize arg_max(TimeGenerated, *) by IndicatorId\\r\\n| where isnotempty(EmailSenderAddress)\\r\\n| summarize SourceSystemArray=make_set(SourceSystem) by EmailSenderAddress\\r\\n| summarize count() by tostring(SourceSystemArray)\\r\\n| project SourceSystemArray, count_, EntryType=\\\"EmailAddressEntry\\\"\\r\\n};\\r\\nlet EmailMessageQuery=view(){\\r\\nThreatIntelligenceIndicator\\r\\n| where SourceSystem == \\\"Cofense Intelligence\\\"\\r\\n// latest data of cofense indicator to avoid duplicates\\r\\n| summarize arg_max(TimeGenerated,*) by ExternalIndicatorId\\r\\n| summarize arg_max(TimeGenerated, *) by IndicatorId\\r\\n| where isnotempty(EmailSubject)\\r\\n| summarize SourceSystemArray=make_set(SourceSystem) by EmailSubject\\r\\n| summarize count() by tostring(SourceSystemArray)\\r\\n| project SourceSystemArray, count_, EntryType=\\\"EmailMessageEntry\\\"\\r\\n};\\r\\nlet SingleSourceIndicators=view(){\\r\\n    DomainQuery\\r\\n    | union UrlQuery\\r\\n    | union FileHashQuery\\r\\n    | union IPQuery\\r\\n    | union EmailAddressQuery\\r\\n    | union EmailMessageQuery\\r\\n    | where array_length(todynamic(SourceSystemArray))==1\\r\\n    | summarize sum(count_) by SourceSystemArray\\r\\n    | extend counter=1 \\r\\n};\\r\\nlet MultipleSourceIndicators=view(){\\r\\n    DomainQuery\\r\\n    | union UrlQuery\\r\\n    | union FileHashQuery\\r\\n    | union IPQuery\\r\\n    | union EmailAddressQuery\\r\\n    | union EmailMessageQuery\\r\\n    | where array_length(todynamic(SourceSystemArray))!=1\\r\\n    | summarize sum(count_) by SourceSystemArray\\r\\n    | extend counter=1\\r\\n};\\r\\nlet CountOfActiveIndicatorsBySource=view(){\\r\\n    ThreatIntelligenceIndicator\\r\\n    | where SourceSystem == \\\"Cofense Intelligence\\\"\\r\\n    // latest data of cofense indicator to avoid duplicates\\r\\n    | summarize arg_max(TimeGenerated,*) by ExternalIndicatorId\\r\\n\\t| summarize arg_max(TimeGenerated, *) by IndicatorId\\r\\n    | where ExpirationDateTime > now() and Active == true\\r\\n    | summarize count() by SourceSystem\\r\\n    | project SourceSystem, count_\\r\\n};\\r\\nSingleSourceIndicators\\r\\n| join kind=fullouter MultipleSourceIndicators on counter \\r\\n| where SourceSystemArray contains todynamic(SourceSystemArray)[0] \\r\\n| order by SourceSystemArray\\r\\n| extend solitary_count=sum_count_\\r\\n| summarize shared_count = sum(sum_count_1) by SourceSystemArray, solitary_count\\r\\n| extend total_count = shared_count + solitary_count\\r\\n| extend unique_percentage = round(toreal(solitary_count)/toreal(total_count)*100, 1)\\r\\n| extend IndicatorSource = tostring(todynamic(SourceSystemArray)[0])\\r\\n| join kind=inner CountOfActiveIndicatorsBySource on $left.IndicatorSource == $right.SourceSystem\\r\\n| order by unique_percentage desc\\r\\n| project Source=IndicatorSource, UniquenessPercentage=unique_percentage, ActiveIndicators = count_\\r\\n\\r\\n\",\"size\":0,\"showAnalytics\":true,\"title\":\"Uniqueness of Cofense Threat Intelligence Sources\",\"timeContextFromParameter\":\"TimeRange\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"Source\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"icons\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"thresholdValue\":\"\",\"representation\":\"View\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"ActiveIndicators\",\"formatter\":4,\"formatOptions\":{\"palette\":\"blue\"}}],\"filter\":true,\"sortBy\":[{\"itemKey\":\"$gen_thresholds_Source_0\",\"sortOrder\":1}]},\"sortBy\":[{\"itemKey\":\"$gen_thresholds_Source_0\",\"sortOrder\":1}]},\"customWidth\":\"50\",\"name\":\"query - 12\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"ThreatIntelligenceIndicator\\r\\n| where SourceSystem == \\\"Cofense Intelligence\\\"\\r\\n| where Tags != \\\"\\\"\\r\\n| parse Tags with * \\\"[\\\\\\\"threatID-\\\" threat_id \\\"\\\\\\\"]\\\"\\r\\n| extend threat_id = toreal(threat_id)\\r\\n| join kind=inner Malware_Data_CL on $left.threat_id == $right.id_d\\r\\n// latest data of cofense indicator to avoid duplicates \\r\\n| summarize arg_max(TimeGenerated,*) by ExternalIndicatorId\\r\\n| extend Ioc = case(ThreatType == \\\"File\\\", FileHashValue, \\r\\n                    ThreatType == \\\"URL\\\", Url,\\r\\n                       DomainName)\\r\\n| order by TimeGenerated desc\\r\\n| project [\\\"Threat ID\\\"]=threat_id, [\\\"Confidence Score\\\"]=ConfidenceScore, [\\\"Threat Type\\\"]=ThreatType, [\\\"IOC\\\"]=Ioc, Label=label_s, [\\\"Last Published\\\"]=unixtime_microseconds_todatetime(lastPublished_d*1000), [\\\"First Published\\\"]=unixtime_microseconds_todatetime(firstPublished_d*1000), [\\\"Threat Detail URL\\\"]=threatDetailURL_s, [\\\"Download Report (HTML)\\\"]=ReportDownload_HTML__s, [\\\"Download Report (PDF)\\\"]=ReportDownload_PDF__s, [\\\"Executive Summary\\\"]=executiveSummary_s\",\"size\":0,\"showAnalytics\":true,\"title\":\"Cofense Intelligence Threat Indicators Data\",\"timeContextFromParameter\":\"TimeRange\",\"showRefreshButton\":true,\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"Confidence Score\",\"formatter\":1},{\"columnMatch\":\"Threat Detail URL\",\"formatter\":7,\"formatOptions\":{\"linkTarget\":\"Url\"}},{\"columnMatch\":\"Download Report (HTML)\",\"formatter\":7,\"formatOptions\":{\"linkTarget\":\"Url\",\"linkLabel\":\"Download HTML Report\"}},{\"columnMatch\":\"Download Report (PDF)\",\"formatter\":7,\"formatOptions\":{\"linkTarget\":\"Url\",\"linkLabel\":\"Download PDF Report\"}},{\"columnMatch\":\"threat Detail URL\",\"formatter\":7,\"formatOptions\":{\"linkTarget\":\"Url\"}},{\"columnMatch\":\"Report URL\",\"formatter\":7,\"formatOptions\":{\"linkTarget\":\"Url\"}},{\"columnMatch\":\"Threat Indicator Link\",\"formatter\":7,\"formatOptions\":{\"linkTarget\":\"Url\"}}],\"rowLimit\":10000,\"filter\":true}},\"name\":\"query - 6\"}]},\"name\":\"Indicators Ingestion\"}],\"fromTemplateId\":\"sentinel-CofenseIntelligenceThreatIndicators\",\"$schema\":\"https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json\"}\r\n",
+                "serializedData": "{\"version\":\"Notebook/1.0\",\"items\":[{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"crossComponentResources\":[\"value::selected\"],\"parameters\":[{\"id\":\"a4b4e975-fa7c-46a3-b669-850aacc88134\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"Help\",\"label\":\"🔎 Guide\",\"type\":10,\"isRequired\":true,\"typeSettings\":{\"showDefault\":false},\"jsonData\":\"[\\r\\n    {\\\"value\\\": \\\"Yes\\\", \\\"label\\\": \\\"Yes\\\", \\\"selected\\\":true},\\r\\n    {\\\"value\\\": \\\"No\\\", \\\"label\\\": \\\"No\\\"}\\r\\n]\"},{\"id\":\"15b2c181-7397-43c1-900a-28e175ae8a6f\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"TimeRange\",\"type\":4,\"isRequired\":true,\"value\":{\"durationMs\":604800000},\"typeSettings\":{\"selectableValues\":[{\"durationMs\":86400000},{\"durationMs\":172800000},{\"durationMs\":604800000}],\"allowCustom\":true},\"timeContextFromParameter\":\"TimeRange\"}],\"style\":\"pills\",\"queryType\":1,\"resourceType\":\"microsoft.resourcegraph/resources\"},\"name\":\"Parameter Selectors\"},{\"type\":1,\"content\":{\"json\":\"# [Cofense Intelligence Threat Indicators](https://www.threathq.com)\\n---\\n\\nCofense Intelligence is a human-vetted phishing-threat intelligence service that provides accurate and timely alerts and in-depth analysis to strengthen your enterprise's ability to quickly identify and respond to phishing attacks in progress.\"},\"conditionalVisibility\":{\"parameterName\":\"Help\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"customWidth\":\"79\",\"name\":\"Workbook Overview\"},{\"type\":1,\"content\":{\"json\":\"![Cofense Intelligence Logo](https://cdn.splunkbase.splunk.com/media/public/icons/da85629e-b54b-11ec-90ee-aa325d5405c9.svg?width=200&height=100)\"},\"conditionalVisibility\":{\"parameterName\":\"Help\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"customWidth\":\"20\",\"name\":\"Microsoft Sentinel Logo\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"ThreatIntelligenceIndicator\\r\\n// Select cofense indicators from the table\\r\\n| where SourceSystem == \\\"Cofense Intelligence\\\"\\r\\n// latest data of cofense indicator to avoid duplicates\\r\\n| summarize arg_max(TimeGenerated,*) by ExternalIndicatorId\\r\\n// Create a new column to identify the type of indicator, IP, Domain, URL, File, or Other\\r\\n| extend IndicatorType = iif(isnotempty(EmailSourceIpAddress) or isnotempty(NetworkDestinationIP) or isnotempty(NetworkIP) or isnotempty(NetworkSourceIP) or isnotempty(NetworkCidrBlock), \\\"IP\\\",\\r\\n                        iff(isnotempty(Url), \\\"URL\\\",\\r\\n                        iff(isnotempty(EmailRecipient) or isnotempty(EmailSenderAddress), \\\"Email\\\",\\r\\n                        iff(isnotempty(FileHashValue), \\\"File\\\",\\r\\n                         iff(isnotempty(DomainName) or isnotempty(EmailSourceDomain), \\\"Domain\\\",\\r\\n                        \\\"Other\\\")))))\\r\\n// Summarize and order the data, then render the chart\\r\\n| summarize CountOfIndicators = count() by IndicatorType, bin(TimeGenerated, 1h),SourceSystem\\r\\n| order by CountOfIndicators desc \\r\\n| render barchart kind=stacked \",\"size\":0,\"showAnalytics\":true,\"title\":\"Number of Cofense Intelligence Indicators Imported into Sentinel by Indicator Type and Date\",\"timeContextFromParameter\":\"TimeRange\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"sortBy\":[{\"itemKey\":\"SourceSystem\",\"sortOrder\":1}]},\"sortBy\":[{\"itemKey\":\"SourceSystem\",\"sortOrder\":1}]},\"customWidth\":\"50\",\"name\":\"query - 1\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"ThreatIntelligenceIndicator\\r\\n// Select Cofense indicators from the table\\r\\n| where SourceSystem == \\\"Cofense Intelligence\\\"\\r\\n// latest data of cofense indicator to avoid duplicates\\r\\n| summarize arg_max(TimeGenerated,*) by ExternalIndicatorId\\r\\n// Summarize and order the data, then render the chart\\r\\n| summarize CountOfIndicators = count() by SourceSystem, bin(TimeGenerated, 1h)\\r\\n| render barchart kind=stacked\",\"size\":0,\"showAnalytics\":true,\"title\":\"Number of Cofense Intelligence Indicators Imported into Sentinel by Indicator Provider and Date\",\"timeContextFromParameter\":\"TimeRange\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"50\",\"name\":\"query - 3\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"ThreatIntelligenceIndicator\\r\\n// Select Cofense indicators from the table\\r\\n| where SourceSystem == \\\"Cofense Intelligence\\\"\\r\\n// latest data of cofense indicator to avoid duplicates\\r\\n| summarize arg_max(TimeGenerated,*) by ExternalIndicatorId\\r\\n| where TimeGenerated < now()\\r\\n// Select only indicators that have not expired\\r\\n    and ExpirationDateTime > now()\\r\\n// Select only indicators that are marked active\\r\\n    and Active == true\\r\\n// Select only the most recently ingested copy of an indicator\\r\\n| summarize arg_max(TimeGenerated, *) by IndicatorId\\r\\n// Create a new column to identify the type of indicator, IP, Domain, URL, File, or Other\\r\\n| extend IndicatorType = iif(isnotempty(EmailSourceIpAddress) or isnotempty(NetworkDestinationIP) or isnotempty(NetworkIP) or isnotempty(NetworkSourceIP) or isnotempty(NetworkCidrBlock), \\\"IP\\\",\\r\\n                        iff(isnotempty(Url), \\\"URL\\\",\\r\\n                        iff(isnotempty(EmailRecipient) or isnotempty(EmailSenderAddress), \\\"Email\\\",\\r\\n                        iff(isnotempty(FileHashValue), \\\"File\\\",\\r\\n                         iff(isnotempty(DomainName) or isnotempty(EmailSourceDomain), \\\"Domain\\\",\\r\\n                        \\\"Other\\\")))))\\r\\n// Summarize and order the data, then render the chart\\r\\n| summarize CountOfIndicators = count() by IndicatorType\\r\\n| order by CountOfIndicators desc \\r\\n| render barchart kind=unstacked\",\"size\":0,\"showAnalytics\":true,\"title\":\"Number of Active Cofense Intelligence Indicators by Indicator Type\",\"timeContextFromParameter\":\"TimeRange\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"50\",\"name\":\"query - 5\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"ThreatIntelligenceIndicator\\r\\n// Select Cofense indicators from the table\\r\\n| where SourceSystem == \\\"Cofense Intelligence\\\"\\r\\n// latest data of cofense indicator to avoid duplicates\\r\\n| summarize arg_max(TimeGenerated,*) by ExternalIndicatorId\\r\\n| where TimeGenerated < now()\\r\\n// Select only indicators that have not expired\\r\\n    and ExpirationDateTime > now()\\r\\n// Select only indicators that are marked active\\r\\n    and Active == true\\r\\n// Select only the most recently ingested copy of an indicator\\r\\n| summarize arg_max(TimeGenerated, *) by IndicatorId\\r\\n// Summarize and order the data, then render the chart\\r\\n| summarize CountOfIndicators = count() by SourceSystem\\r\\n| order by CountOfIndicators desc \\r\\n| render barchart kind=unstacked\",\"size\":0,\"showAnalytics\":true,\"title\":\"Number of Active Cofense Intelligence Indicators by Indicator Source\",\"timeContextFromParameter\":\"TimeRange\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"50\",\"name\":\"query - 7\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"ThreatIntelligenceIndicator\\r\\n// Select Cofense indicators from the table\\r\\n| where SourceSystem == \\\"Cofense Intelligence\\\"\\r\\n// latest data of cofense indicator to avoid duplicates\\r\\n| summarize arg_max(TimeGenerated,*) by ExternalIndicatorId\\r\\n| where TimeGenerated < now()\\r\\n// Select only indicators that have not expired\\r\\n    and ExpirationDateTime > now()\\r\\n// Select only indicators that are marked active\\r\\n    and Active == true\\r\\n// Select only the most recently ingested copy of an indicator\\r\\n| summarize arg_max(TimeGenerated, *) by IndicatorId\\r\\n// Summarize and order the data, then render the chart\\r\\n| where ConfidenceScore != \\\"\\\"\\r\\n| summarize CountOfIndicators = count() by tostring(ConfidenceScore)\\r\\n| order by CountOfIndicators desc \\r\\n| render piechart\",\"size\":3,\"showAnalytics\":true,\"title\":\"Number of Active Cofense Intelligence Indicators by Confidence Score\",\"timeContextFromParameter\":\"TimeRange\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"50\",\"name\":\"query - 10\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let DomainQuery=view() { \\r\\nThreatIntelligenceIndicator\\r\\n| where SourceSystem == \\\"Cofense Intelligence\\\"\\r\\n// latest data of cofense indicator to avoid duplicates\\r\\n| summarize arg_max(TimeGenerated,*) by ExternalIndicatorId\\r\\n| summarize arg_max(TimeGenerated, *) by IndicatorId\\r\\n| where isnotempty(DomainName)\\r\\n| summarize SourceSystemArray=make_set(SourceSystem) by DomainName\\r\\n| summarize count() by tostring(SourceSystemArray)\\r\\n| project SourceSystemArray, count_, EntryType=\\\"DomainEntry\\\"\\r\\n};\\r\\nlet UrlQuery=view(){\\r\\nThreatIntelligenceIndicator\\r\\n| where SourceSystem == \\\"Cofense Intelligence\\\"\\r\\n// latest data of cofense indicator to avoid duplicates\\r\\n| summarize arg_max(TimeGenerated,*) by ExternalIndicatorId\\r\\n| summarize arg_max(TimeGenerated, *) by IndicatorId\\r\\n| where isnotempty(Url)\\r\\n| summarize SourceSystemArray=make_set(SourceSystem) by Url\\r\\n| summarize count() by tostring(SourceSystemArray)\\r\\n| project SourceSystemArray, count_, EntryType=\\\"UrlEntry\\\"\\r\\n};\\r\\nlet FileHashQuery=view(){\\r\\nThreatIntelligenceIndicator\\r\\n| where SourceSystem == \\\"Cofense Intelligence\\\"\\r\\n// latest data of cofense indicator to avoid duplicates\\r\\n| summarize arg_max(TimeGenerated,*) by ExternalIndicatorId\\r\\n| summarize arg_max(TimeGenerated, *) by IndicatorId\\r\\n| where isnotempty(FileHashValue)\\r\\n| summarize SourceSystemArray=make_set(SourceSystem) by FileHashValue\\r\\n| summarize count() by tostring(SourceSystemArray)\\r\\n| project SourceSystemArray, count_, EntryType=\\\"FileHashEntry\\\"\\r\\n};\\r\\nlet IPQuery=view(){\\r\\nThreatIntelligenceIndicator\\r\\n| where SourceSystem == \\\"Cofense Intelligence\\\"\\r\\n// latest data of cofense indicator to avoid duplicates\\r\\n| summarize arg_max(TimeGenerated,*) by ExternalIndicatorId\\r\\n| summarize arg_max(TimeGenerated, *) by IndicatorId\\r\\n| where isnotempty(NetworkIP) or isnotempty(NetworkSourceIP)\\r\\n| summarize SourceSystemArray=make_set(SourceSystem) by NetworkIP, NetworkSourceIP\\r\\n| summarize count() by tostring(SourceSystemArray)\\r\\n| project SourceSystemArray, count_, EntryType=\\\"IPEntry\\\"\\r\\n};\\r\\nlet EmailAddressQuery=view(){\\r\\nThreatIntelligenceIndicator\\r\\n| where SourceSystem == \\\"Cofense Intelligence\\\"\\r\\n// latest data of cofense indicator to avoid duplicates\\r\\n| summarize arg_max(TimeGenerated,*) by ExternalIndicatorId\\r\\n| summarize arg_max(TimeGenerated, *) by IndicatorId\\r\\n| where isnotempty(EmailSenderAddress)\\r\\n| summarize SourceSystemArray=make_set(SourceSystem) by EmailSenderAddress\\r\\n| summarize count() by tostring(SourceSystemArray)\\r\\n| project SourceSystemArray, count_, EntryType=\\\"EmailAddressEntry\\\"\\r\\n};\\r\\nlet EmailMessageQuery=view(){\\r\\nThreatIntelligenceIndicator\\r\\n| where SourceSystem == \\\"Cofense Intelligence\\\"\\r\\n// latest data of cofense indicator to avoid duplicates\\r\\n| summarize arg_max(TimeGenerated,*) by ExternalIndicatorId\\r\\n| summarize arg_max(TimeGenerated, *) by IndicatorId\\r\\n| where isnotempty(EmailSubject)\\r\\n| summarize SourceSystemArray=make_set(SourceSystem) by EmailSubject\\r\\n| summarize count() by tostring(SourceSystemArray)\\r\\n| project SourceSystemArray, count_, EntryType=\\\"EmailMessageEntry\\\"\\r\\n};\\r\\nlet SingleSourceIndicators=view(){\\r\\n    DomainQuery\\r\\n    | union UrlQuery\\r\\n    | union FileHashQuery\\r\\n    | union IPQuery\\r\\n    | union EmailAddressQuery\\r\\n    | union EmailMessageQuery\\r\\n    | where array_length(todynamic(SourceSystemArray))==1\\r\\n    | summarize sum(count_) by SourceSystemArray\\r\\n    | extend counter=1 \\r\\n};\\r\\nlet MultipleSourceIndicators=view(){\\r\\n    DomainQuery\\r\\n    | union UrlQuery\\r\\n    | union FileHashQuery\\r\\n    | union IPQuery\\r\\n    | union EmailAddressQuery\\r\\n    | union EmailMessageQuery\\r\\n    | where array_length(todynamic(SourceSystemArray))!=1\\r\\n    | summarize sum(count_) by SourceSystemArray\\r\\n    | extend counter=1\\r\\n};\\r\\nlet CountOfActiveIndicatorsBySource=view(){\\r\\n    ThreatIntelligenceIndicator\\r\\n    | where SourceSystem == \\\"Cofense Intelligence\\\"\\r\\n    // latest data of cofense indicator to avoid duplicates\\r\\n    | summarize arg_max(TimeGenerated,*) by ExternalIndicatorId\\r\\n\\t| summarize arg_max(TimeGenerated, *) by IndicatorId\\r\\n    | where ExpirationDateTime > now() and Active == true\\r\\n    | summarize count() by SourceSystem\\r\\n    | project SourceSystem, count_\\r\\n};\\r\\nSingleSourceIndicators\\r\\n| join kind=fullouter MultipleSourceIndicators on counter \\r\\n| where SourceSystemArray contains todynamic(SourceSystemArray)[0] \\r\\n| order by SourceSystemArray\\r\\n| extend solitary_count=sum_count_\\r\\n| summarize shared_count = sum(sum_count_1) by SourceSystemArray, solitary_count\\r\\n| extend total_count = shared_count + solitary_count\\r\\n| extend unique_percentage = round(toreal(solitary_count)/toreal(total_count)*100, 1)\\r\\n| extend IndicatorSource = tostring(todynamic(SourceSystemArray)[0])\\r\\n| join kind=inner CountOfActiveIndicatorsBySource on $left.IndicatorSource == $right.SourceSystem\\r\\n| order by unique_percentage desc\\r\\n| project Source=IndicatorSource, UniquenessPercentage=unique_percentage, ActiveIndicators = count_\\r\\n\\r\\n\",\"size\":0,\"showAnalytics\":true,\"title\":\"Uniqueness of Cofense Threat Intelligence Sources\",\"timeContextFromParameter\":\"TimeRange\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"Source\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"icons\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"View\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"ActiveIndicators\",\"formatter\":4,\"formatOptions\":{\"palette\":\"blue\"}}],\"filter\":true,\"sortBy\":[{\"itemKey\":\"$gen_thresholds_Source_0\",\"sortOrder\":1}]},\"sortBy\":[{\"itemKey\":\"$gen_thresholds_Source_0\",\"sortOrder\":1}]},\"customWidth\":\"50\",\"name\":\"query - 12\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"ThreatIntelligenceIndicator\\r\\n| where SourceSystem == \\\"Cofense Intelligence\\\"\\r\\n| where Tags != \\\"\\\"\\r\\n| parse Tags with * \\\"[\\\\\\\"threatID-\\\" threat_id \\\"\\\\\\\"]\\\"\\r\\n| extend threat_id = toreal(threat_id)\\r\\n| join kind=inner Malware_Data_CL on $left.threat_id == $right.id_d\\r\\n// latest data of cofense indicator to avoid duplicates \\r\\n| summarize arg_max(TimeGenerated,*) by ExternalIndicatorId\\r\\n| extend Ioc = case(ThreatType == \\\"File\\\", FileHashValue, \\r\\n                    ThreatType == \\\"URL\\\", Url,\\r\\n                       DomainName)\\r\\n| order by TimeGenerated desc\\r\\n| project [\\\"Threat ID\\\"]=threat_id, [\\\"Confidence Score\\\"]=ConfidenceScore, [\\\"Threat Type\\\"]=ThreatType, [\\\"IOC\\\"]=Ioc, Label=label_s, [\\\"Last Published\\\"]=unixtime_microseconds_todatetime(lastPublished_d*1000), [\\\"First Published\\\"]=unixtime_microseconds_todatetime(firstPublished_d*1000), [\\\"Threat Detail URL\\\"]=threatDetailURL_s, [\\\"Download Report (HTML)\\\"]=ReportDownload_HTML__s, [\\\"Download Report (PDF)\\\"]=ReportDownload_PDF__s, [\\\"Executive Summary\\\"]=executiveSummary_s\",\"size\":0,\"showAnalytics\":true,\"title\":\"Cofense Intelligence Threat Indicators Data\",\"timeContextFromParameter\":\"TimeRange\",\"showRefreshButton\":true,\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"Confidence Score\",\"formatter\":1},{\"columnMatch\":\"Threat Detail URL\",\"formatter\":7,\"formatOptions\":{\"linkTarget\":\"Url\"}},{\"columnMatch\":\"Download Report (HTML)\",\"formatter\":7,\"formatOptions\":{\"linkTarget\":\"Url\",\"linkLabel\":\"Download HTML Report\"}},{\"columnMatch\":\"Download Report (PDF)\",\"formatter\":7,\"formatOptions\":{\"linkTarget\":\"Url\",\"linkLabel\":\"Download PDF Report\"}},{\"columnMatch\":\"threat Detail URL\",\"formatter\":7,\"formatOptions\":{\"linkTarget\":\"Url\"}},{\"columnMatch\":\"Report URL\",\"formatter\":7,\"formatOptions\":{\"linkTarget\":\"Url\"}},{\"columnMatch\":\"Threat Indicator Link\",\"formatter\":7,\"formatOptions\":{\"linkTarget\":\"Url\"}}],\"rowLimit\":10000,\"filter\":true}},\"name\":\"query - 6\"}]},\"name\":\"Indicators Ingestion\"}],\"fromTemplateId\":\"sentinel-CofenseIntelligenceThreatIndicators\",\"$schema\":\"https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json\"}\r\n",
                 "version": "1.0",
                 "sourceId": "[variables('workspaceResourceId')]",
                 "category": "sentinel"
@@ -329,7 +329,7 @@
                       "title": "Option 2 - Manual Deployment of Azure Functions"
                     },
                     {
-                      "description": "**1. Deploy a Function App**\n\n> **NOTE:** You will need to [prepare VS code](https://docs.microsoft.com/azure/azure-functions/functions-create-first-function-python#prerequisites) for Azure function development.\n\n1. Download the [Azure Function App](https://aka.ms/sentinel-CofenseIntelligence-functionapp) file. Extract archive to your local development computer.\n2. Start VS Code. Choose File in the main menu and select Open Folder.\n3. Select the top level folder from extracted files.\n4. Choose the Azure icon in the Activity bar, then in the **Azure: Functions** area, choose the **Deploy to function app** button.\nIf you aren't already signed in, choose the Azure icon in the Activity bar, then in the **Azure: Functions** area, choose **Sign in to Azure**\nIf you're already signed in, go to the next step.\n5. Provide the following information at the prompts:\n\n\ta. **Select folder:** Choose a folder from your workspace or browse to one that contains your function app.\n\n\tb. **Select Subscription:** Choose the subscription to use.\n\n\tc. Select **Create new Function App in Azure** (Don't choose the Advanced option)\n\n\td. **Enter a globally unique name for the function app:** Type a name that is valid in a URL path. The name you type is validated to make sure that it's unique in Azure Functions. (e.g. CofenseXXXXX).\n\n\te. **Select a runtime:** Choose Python 3.8 or above.\n\n\tf. Select a location for new resources. For better performance and lower costs choose the same [region](https://azure.microsoft.com/regions/) where Microsoft Sentinel is located.\n\n6. Deployment will begin. A notification is displayed after your function app is created and the deployment package is applied.\n7. Go to Azure Portal for the Function App configuration."
+                      "description": "**1. Deploy a Function App**\n\n> **NOTE:** You will need to [prepare VS code](https://docs.microsoft.com/azure/azure-functions/functions-create-first-function-python#prerequisites) for Azure function development.\n\n1. Download the [Azure Function App](https://aka.ms/sentinel-CofenseIntelligence-functionapp) file. Extract archive to your local development computer.\n2. Start VS Code. Choose File in the main menu and select Open Folder.\n3. Select the top level folder from extracted files.\n4. Choose the Azure icon in the Activity bar, then in the **Azure: Functions** area, choose the **Deploy to function app** button.\nIf you aren't already signed in, choose the Azure icon in the Activity bar, then in the **Azure: Functions** area, choose **Sign in to Azure**\nIf you're already signed in, go to the next step.\n5. Provide the following information at the prompts:\n\n\ta. **Select folder:** Choose a folder from your workspace or browse to one that contains your function app.\n\n\tb. **Select Subscription:** Choose the subscription to use.\n\n\tc. Select **Create new Function App in Azure** (Don't choose the Advanced option)\n\n\td. **Enter a globally unique name for the function app:** Type a name that is valid in a URL path. The name you type is validated to make sure that it's unique in Azure Functions. (e.g. CofenseXXXXX).\n\n\te. **Select a runtime:** Choose Python 3.11 or above.\n\n\tf. Select a location for new resources. For better performance and lower costs choose the same [region](https://azure.microsoft.com/regions/) where Microsoft Sentinel is located.\n\n6. Deployment will begin. A notification is displayed after your function app is created and the deployment package is applied.\n7. Go to Azure Portal for the Function App configuration."
                     },
                     {
                       "description": "**2. Configure the Function App**\n\n1. In the Function App, select the Function App Name and select **Configuration**.\n2. In the **Application settings** tab, select **+ New application setting**.\n3. Add each of the following application settings individually, with their respective values (case-sensitive): \n\t\tWorkspace ID \n\t\tWorkspace Key \n\t\tCofense BaseURL (https://<your-cofense-instance-name>/)  \n\t\tCofense Username \n\t\tCofense Password \n\t\tAzure Client ID \n\t\tAzure Client Secret \n\t\tAzure Tenant ID \n\t\tAzure Resource Group Name \n\t\tAzure Workspace Name \n\t\tFunction App Name \n\t\tAzure Subscription ID \n\t\tRequireProxy \n\t\tProxy Username (optional) \n\t\tProxy Password (optional) \n\t\tProxy URL (optional) \n\t\tProxy Port (optional) \n\t\tLogLevel (optional) \n\t\tMalware_Data_Table_name\n\t\tSendCofenseIndicatorToDefender \n\t\tSchedule \n4. Once all application settings have been entered, click **Save**."
@@ -566,7 +566,7 @@
               "title": "Option 2 - Manual Deployment of Azure Functions"
             },
             {
-              "description": "**1. Deploy a Function App**\n\n> **NOTE:** You will need to [prepare VS code](https://docs.microsoft.com/azure/azure-functions/functions-create-first-function-python#prerequisites) for Azure function development.\n\n1. Download the [Azure Function App](https://aka.ms/sentinel-CofenseIntelligence-functionapp) file. Extract archive to your local development computer.\n2. Start VS Code. Choose File in the main menu and select Open Folder.\n3. Select the top level folder from extracted files.\n4. Choose the Azure icon in the Activity bar, then in the **Azure: Functions** area, choose the **Deploy to function app** button.\nIf you aren't already signed in, choose the Azure icon in the Activity bar, then in the **Azure: Functions** area, choose **Sign in to Azure**\nIf you're already signed in, go to the next step.\n5. Provide the following information at the prompts:\n\n\ta. **Select folder:** Choose a folder from your workspace or browse to one that contains your function app.\n\n\tb. **Select Subscription:** Choose the subscription to use.\n\n\tc. Select **Create new Function App in Azure** (Don't choose the Advanced option)\n\n\td. **Enter a globally unique name for the function app:** Type a name that is valid in a URL path. The name you type is validated to make sure that it's unique in Azure Functions. (e.g. CofenseXXXXX).\n\n\te. **Select a runtime:** Choose Python 3.8 or above.\n\n\tf. Select a location for new resources. For better performance and lower costs choose the same [region](https://azure.microsoft.com/regions/) where Microsoft Sentinel is located.\n\n6. Deployment will begin. A notification is displayed after your function app is created and the deployment package is applied.\n7. Go to Azure Portal for the Function App configuration."
+              "description": "**1. Deploy a Function App**\n\n> **NOTE:** You will need to [prepare VS code](https://docs.microsoft.com/azure/azure-functions/functions-create-first-function-python#prerequisites) for Azure function development.\n\n1. Download the [Azure Function App](https://aka.ms/sentinel-CofenseIntelligence-functionapp) file. Extract archive to your local development computer.\n2. Start VS Code. Choose File in the main menu and select Open Folder.\n3. Select the top level folder from extracted files.\n4. Choose the Azure icon in the Activity bar, then in the **Azure: Functions** area, choose the **Deploy to function app** button.\nIf you aren't already signed in, choose the Azure icon in the Activity bar, then in the **Azure: Functions** area, choose **Sign in to Azure**\nIf you're already signed in, go to the next step.\n5. Provide the following information at the prompts:\n\n\ta. **Select folder:** Choose a folder from your workspace or browse to one that contains your function app.\n\n\tb. **Select Subscription:** Choose the subscription to use.\n\n\tc. Select **Create new Function App in Azure** (Don't choose the Advanced option)\n\n\td. **Enter a globally unique name for the function app:** Type a name that is valid in a URL path. The name you type is validated to make sure that it's unique in Azure Functions. (e.g. CofenseXXXXX).\n\n\te. **Select a runtime:** Choose Python 3.11 or above.\n\n\tf. Select a location for new resources. For better performance and lower costs choose the same [region](https://azure.microsoft.com/regions/) where Microsoft Sentinel is located.\n\n6. Deployment will begin. A notification is displayed after your function app is created and the deployment package is applied.\n7. Go to Azure Portal for the Function App configuration."
             },
             {
               "description": "**2. Configure the Function App**\n\n1. In the Function App, select the Function App Name and select **Configuration**.\n2. In the **Application settings** tab, select **+ New application setting**.\n3. Add each of the following application settings individually, with their respective values (case-sensitive): \n\t\tWorkspace ID \n\t\tWorkspace Key \n\t\tCofense BaseURL (https://<your-cofense-instance-name>/)  \n\t\tCofense Username \n\t\tCofense Password \n\t\tAzure Client ID \n\t\tAzure Client Secret \n\t\tAzure Tenant ID \n\t\tAzure Resource Group Name \n\t\tAzure Workspace Name \n\t\tFunction App Name \n\t\tAzure Subscription ID \n\t\tRequireProxy \n\t\tProxy Username (optional) \n\t\tProxy Password (optional) \n\t\tProxy URL (optional) \n\t\tProxy Port (optional) \n\t\tLogLevel (optional) \n\t\tMalware_Data_Table_name\n\t\tSendCofenseIndicatorToDefender \n\t\tSchedule \n4. Once all application settings have been entered, click **Save**."
@@ -586,7 +586,7 @@
         "contentSchemaVersion": "3.0.0",
         "displayName": "CofenseIntelligence",
         "publisherDisplayName": "Cofense Support",
-        "descriptionHtml": "<p><strong>Note:</strong> <em>There may be <a href=\"https://aka.ms/sentinelsolutionsknownissues\">known issues</a> pertaining to this Solution, please refer to them before installing.</em></p>\n<p>The Cofense-Intelligence solution provides the capability to ingest Threat Indicators from the Cofense Intelligence platform to Threat Intelligence Indicators in Microsoft Sentinel and Cofense Intelligence Threat Intelligence Indicators from Microsoft Sentinel Threat Intelligence to Microsoft Defender for Endpoints.</p>\n<p><strong>Underlying Microsoft Technologies used:</strong></p>\n<p>This solution takes a dependency on the following technologies, and some of these dependencies either may be in</p>\n<p><strong>Underlying Microsoft Technologies used:</strong></p>\n<p>This solution takes a dependency on the following technologies, and some of these dependencies either may be in <a href=\"https://azure.microsoft.com/support/legal/preview-supplemental-terms/\">Preview</a> state or might result in additional ingestion or operational costs:</p>\n<p>a.<a href=\"https://learn.microsoft.com/azure/azure-monitor/logs/data-collector-api\">Azure Monitor HTTP Data Collector API</a></p>\n<p>b.<a href=\"https://azure.microsoft.com/products/functions/#overview\">Azure Functions</a></p>\n<p>c.<a href=\"https://learn.microsoft.com/en-us/rest/api/securityinsights/preview/threat-intelligence-indicator\">Microsoft Threat Intelligence Indicator API</a></p>\n<p><strong>Data Connectors:</strong> 1, <strong>Workbooks:</strong> 1</p>\n<p><a href=\"https://aka.ms/azuresentinel\">Learn more about Microsoft Sentinel</a> | <a href=\"https://aka.ms/azuresentinelsolutionsdoc\">Learn more about Solutions</a></p>\n",
+        "descriptionHtml": "<p><strong>Note:</strong> Please refer to the following before installing the solution:</p>\n<p>• Review the solution <a href=\"https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/CofenseIntelligence/ReleaseNotes.md\">Release Notes</a></p>\n<p>• There may be <a href=\"https://aka.ms/sentinelsolutionsknownissues\">known issues</a> pertaining to this Solution, please refer to them before installing.</p>\n<p>The Cofense-Intelligence solution provides the capability to ingest Threat Indicators from the Cofense Intelligence platform to Threat Intelligence Indicators in Microsoft Sentinel and Cofense Intelligence Threat Intelligence Indicators from Microsoft Sentinel Threat Intelligence to Microsoft Defender for Endpoints.</p>\n<p><strong>Underlying Microsoft Technologies used:</strong></p>\n<p>This solution takes a dependency on the following technologies, and some of these dependencies either may be in</p>\n<p><strong>Underlying Microsoft Technologies used:</strong></p>\n<p>This solution takes a dependency on the following technologies, and some of these dependencies either may be in <a href=\"https://azure.microsoft.com/support/legal/preview-supplemental-terms/\">Preview</a> state or might result in additional ingestion or operational costs:</p>\n<p>a.<a href=\"https://learn.microsoft.com/azure/azure-monitor/logs/data-collector-api\">Azure Monitor HTTP Data Collector API</a></p>\n<p>b.<a href=\"https://azure.microsoft.com/products/functions/#overview\">Azure Functions</a></p>\n<p>c.<a href=\"https://learn.microsoft.com/en-us/rest/api/securityinsights/preview/threat-intelligence-indicator\">Microsoft Threat Intelligence Indicator API</a></p>\n<p><strong>Data Connectors:</strong> 1, <strong>Workbooks:</strong> 1</p>\n<p><a href=\"https://aka.ms/azuresentinel\">Learn more about Microsoft Sentinel</a> | <a href=\"https://aka.ms/azuresentinelsolutionsdoc\">Learn more about Solutions</a></p>\n",
         "contentKind": "Solution",
         "contentProductId": "[variables('_solutioncontentProductId')]",
         "id": "[variables('_solutioncontentProductId')]",
diff --git a/Solutions/CofenseIntelligence/Package/testParameters.json b/Solutions/CofenseIntelligence/Package/testParameters.json
new file mode 100644
index 00000000000..101581b42ca
--- /dev/null
+++ b/Solutions/CofenseIntelligence/Package/testParameters.json
@@ -0,0 +1,32 @@
+{
+  "location": {
+    "type": "string",
+    "minLength": 1,
+    "defaultValue": "[resourceGroup().location]",
+    "metadata": {
+      "description": "Not used, but needed to pass arm-ttk test `Location-Should-Not-Be-Hardcoded`.  We instead use the `workspace-location` which is derived from the LA workspace"
+    }
+  },
+  "workspace-location": {
+    "type": "string",
+    "defaultValue": "",
+    "metadata": {
+      "description": "[concat('Region to deploy solution resources -- separate from location selection',parameters('location'))]"
+    }
+  },
+  "workspace": {
+    "defaultValue": "",
+    "type": "string",
+    "metadata": {
+      "description": "Workspace name for Log Analytics where Microsoft Sentinel is setup"
+    }
+  },
+  "workbook1-name": {
+    "type": "string",
+    "defaultValue": "CofenseIntelligenceThreatIndicators",
+    "minLength": 1,
+    "metadata": {
+      "description": "Name for the workbook"
+    }
+  }
+}