From 2b86e96b6bb4284ac6a756a00d2ebfaf2346a0ff Mon Sep 17 00:00:00 2001
From: ashwin <ashwin.venkatesha@illumio.com>
Date: Fri, 4 Oct 2024 16:20:16 -0700
Subject: [PATCH 01/11] Added more analytic rules, modified existing queries,
 changed alerttype

---
 ...io_Firewall_Tampering_Detection_Query.yaml |  12 +-
 .../Illumio_VEN_Clone_Detection_Query.yaml    |  37 ++
 .../Illumio_VEN_Deactivated_Query.yaml        |  47 ++
 ...EN_Enforcement_Change_Detection_Query.yaml |  13 +-
 .../Illumio_VEN_Offline_Detection_Query.yaml  |  13 +-
 .../Illumio_VEN_Suspend_Query.yaml            |  42 ++
 Solutions/IllumioSaaS/Package/3.2.0.zip       | Bin 17898 -> 18691 bytes
 .../Package/createUiDefinition.json           |  44 +-
 .../IllumioSaaS/Package/mainTemplate.json     | 465 ++++++++++++++++--
 .../data/Solution_IllumioSaaS.json            |   5 +-
 10 files changed, 628 insertions(+), 50 deletions(-)
 create mode 100644 Solutions/IllumioSaaS/Analytic Rules/Illumio_VEN_Clone_Detection_Query.yaml
 create mode 100644 Solutions/IllumioSaaS/Analytic Rules/Illumio_VEN_Deactivated_Query.yaml
 create mode 100644 Solutions/IllumioSaaS/Analytic Rules/Illumio_VEN_Suspend_Query.yaml

diff --git a/Solutions/IllumioSaaS/Analytic Rules/Illumio_Firewall_Tampering_Detection_Query.yaml b/Solutions/IllumioSaaS/Analytic Rules/Illumio_Firewall_Tampering_Detection_Query.yaml
index 1689d47d8aa..25d57e2b7b0 100644
--- a/Solutions/IllumioSaaS/Analytic Rules/Illumio_Firewall_Tampering_Detection_Query.yaml	
+++ b/Solutions/IllumioSaaS/Analytic Rules/Illumio_Firewall_Tampering_Detection_Query.yaml	
@@ -17,19 +17,23 @@ tactics:
 relevantTechniques:
 - T1562
 query: |
-  Illumio_Auditable_Events_CL
+ Illumio_Auditable_Events_CL
   | where event_type has 'tampering'
+  | extend ipaddress = action.src_ip,
+            hostname = created_by.agent.hostname,
+            ven_href = created_by.ven.href
+  | project-away resource_changes, action, version
 eventGroupingSettings:
-  aggregationKind: AlertPerResult
+  aggregationKind: SingleAlert
 entityMappings:
   - entityType: Host
     fieldMappings:
       - identifier: HostName
-        columnName: created_by
+        columnName: hostname
   - entityType: IP
     fieldMappings:
       - identifier: Address
-        columnName: action          
+        columnName: ipaddress          
 alertDetailsOverride:
   alertDisplayNameFormat: | 
     Illumio Firewall Tamper Incident: {{IncidentId}}
diff --git a/Solutions/IllumioSaaS/Analytic Rules/Illumio_VEN_Clone_Detection_Query.yaml b/Solutions/IllumioSaaS/Analytic Rules/Illumio_VEN_Clone_Detection_Query.yaml
new file mode 100644
index 00000000000..bb568d7e159
--- /dev/null
+++ b/Solutions/IllumioSaaS/Analytic Rules/Illumio_VEN_Clone_Detection_Query.yaml	
@@ -0,0 +1,37 @@
+id: ec07fcd3-724f-426d-9f53-041801ca5f6c
+name: Illumio VEN Offline Detection Rule
+description: |
+  'Create Microsoft Sentinel Incident When Ven Goes Into Offline state'
+severity: High
+status: Available
+requiredDataConnectors: 
+  - connectorId: IllumioSaaSDataConnector
+    dataTypes:
+      - Illumio_Auditable_Events_CL
+queryFrequency: 60m
+queryPeriod: 60m
+triggerOperator: gt
+triggerThreshold: 0
+tactics:
+- DefenseEvasion
+relevantTechniques:
+- T1562
+query: |
+  Illumio_Auditable_Events_CL
+  | where event_type has 'agent.clone_detected'
+  | extend hostname = created_by.agent.hostname
+          ven_href = created_by.ven.href
+eventGroupingSettings:
+  aggregationKind: SingleAlert
+entityMappings:
+  - entityType: Host
+    fieldMappings:
+      - identifier: HostName
+        columnName: hostname
+alertDetailsOverride:
+  alertDisplayNameFormat: | 
+    Illumio VEN Clone Detection Incident: {{IncidentId}}
+  alertDescriptionFormat: | 
+    Illumio VEN Clone Detection {{IncidentId}} generated at {{TimeGenerated}}
+version: 1.0.5
+kind: Scheduled
\ No newline at end of file
diff --git a/Solutions/IllumioSaaS/Analytic Rules/Illumio_VEN_Deactivated_Query.yaml b/Solutions/IllumioSaaS/Analytic Rules/Illumio_VEN_Deactivated_Query.yaml
new file mode 100644
index 00000000000..c922cf1c2e8
--- /dev/null
+++ b/Solutions/IllumioSaaS/Analytic Rules/Illumio_VEN_Deactivated_Query.yaml	
@@ -0,0 +1,47 @@
+id: ec07fcd3-724f-426d-9f53-041801ca5f6c
+name: Illumio VEN Offline Detection Rule
+description: |
+  'Create Microsoft Sentinel Incident When Ven Goes Into Offline state'
+severity: High
+status: Available
+requiredDataConnectors: 
+  - connectorId: IllumioSaaSDataConnector
+    dataTypes:
+      - Illumio_Auditable_Events_CL
+queryFrequency: 60m
+queryPeriod: 60m
+triggerOperator: gt
+triggerThreshold: 0
+tactics:
+- DefenseEvasion
+relevantTechniques:
+- T1562
+query: |
+  Illumio_Auditable_Events_CL
+  | where event_type has 'agent.deactivate'
+  | mv-expand resource_changes
+  | mv-expand resource_changes
+  | extend hostname = resource_changes['resource']['workload']['hostname'],
+      workload_href = resource_changes['resource']['workload']['href'],
+      workload_labels = resource_changes['resource']['workload']['labels']
+  | extend ipaddress = action.src_ip,       
+        ven_href = created_by.ven.href
+  | project-away resource_changes, action, version 
+eventGroupingSettings:
+  aggregationKind: SingleAlert
+entityMappings:
+  - entityType: Host
+    fieldMappings:
+      - identifier: HostName
+        columnName: hostname
+  - entityType: IP
+    fieldMappings:
+      - identifier: Address
+        columnName: ipaddress            
+alertDetailsOverride:
+  alertDisplayNameFormat: | 
+    Illumio VEN Deactivated Incident: {{IncidentId}}
+  alertDescriptionFormat: | 
+    Illumio VEN Deactivated Incident {{IncidentId}} generated at {{TimeGenerated}}
+version: 1.0.5
+kind: Scheduled
\ No newline at end of file
diff --git a/Solutions/IllumioSaaS/Analytic Rules/Illumio_VEN_Enforcement_Change_Detection_Query.yaml b/Solutions/IllumioSaaS/Analytic Rules/Illumio_VEN_Enforcement_Change_Detection_Query.yaml
index fdbccf4e353..ce5498aecea 100644
--- a/Solutions/IllumioSaaS/Analytic Rules/Illumio_VEN_Enforcement_Change_Detection_Query.yaml	
+++ b/Solutions/IllumioSaaS/Analytic Rules/Illumio_VEN_Enforcement_Change_Detection_Query.yaml	
@@ -25,12 +25,13 @@ query: |
   | extend old_mode = temp_resource_changes.changes.enforcement_mode.before,
           new_mode = temp_resource_changes.changes.enforcement_mode.after,
           workload_href = temp_resource_changes.resource.workload.href,
-          workload_name = temp_resource_changes.resource.workload.hostname
+          workload_name = temp_resource_changes.resource.workload.hostname,
+          ipaddress = action.src_ip
   | where new_mode in (visibility_state) and old_mode in (enf_state)
   | project-away temp_*
-  | project old_mode, new_mode, workload_href, workload_name, TimeGenerated, created_by
+  | project old_mode, new_mode, workload_href, workload_name, TimeGenerated, created_by, ipaddress
 eventGroupingSettings:
-  aggregationKind: AlertPerResult
+  aggregationKind: SingleAlert
 entityMappings:
   - entityType: Host
     fieldMappings:
@@ -39,7 +40,11 @@ entityMappings:
   - entityType: Account
     fieldMappings:
       - identifier: Name
-        columnName: created_by          
+        columnName: created_by
+  - entityType: IP
+    fieldMappings:
+      - identifier: Address
+        columnName: ipaddress                  
 alertDetailsOverride:
   alertDisplayNameFormat: | 
     Illumio Enforcement Change Incident: {{IncidentId}}
diff --git a/Solutions/IllumioSaaS/Analytic Rules/Illumio_VEN_Offline_Detection_Query.yaml b/Solutions/IllumioSaaS/Analytic Rules/Illumio_VEN_Offline_Detection_Query.yaml
index a8bc88e4f41..8d6ad837515 100644
--- a/Solutions/IllumioSaaS/Analytic Rules/Illumio_VEN_Offline_Detection_Query.yaml	
+++ b/Solutions/IllumioSaaS/Analytic Rules/Illumio_VEN_Offline_Detection_Query.yaml	
@@ -17,15 +17,20 @@ tactics:
 relevantTechniques:
 - T1562
 query: |
-  Illumio_Auditable_Events_CL
-  | where event_type has 'agent_offline_check'
+    Illumio_Auditable_Events_CL
+    | where event_type has 'agent_offline_check'
+    | mv-expand resource_changes
+    | extend hostname = resource_changes['resource']['workload']['hostname'],
+        workload_href = resource_changes['resource']['workload']['href'],
+        workload_labels = resource_changes['resource']['workload']['labels']
+    | project-away resource_changes, version, notifications, action, severity, status // action field will have filtered ip addr, so no point of using IP entity
 eventGroupingSettings:
-  aggregationKind: AlertPerResult
+  aggregationKind: SingleAlert
 entityMappings:
   - entityType: Host
     fieldMappings:
       - identifier: HostName
-        columnName: resource_changes
+        columnName: hostname     
 alertDetailsOverride:
   alertDisplayNameFormat: | 
     Illumio VEN Offline Incident: {{IncidentId}}
diff --git a/Solutions/IllumioSaaS/Analytic Rules/Illumio_VEN_Suspend_Query.yaml b/Solutions/IllumioSaaS/Analytic Rules/Illumio_VEN_Suspend_Query.yaml
new file mode 100644
index 00000000000..7db0cada50c
--- /dev/null
+++ b/Solutions/IllumioSaaS/Analytic Rules/Illumio_VEN_Suspend_Query.yaml	
@@ -0,0 +1,42 @@
+id: ec07fcd3-724f-426d-9f53-041801ca5f6c
+name: Illumio VEN Offline Detection Rule
+description: |
+  'Create Microsoft Sentinel Incident When Ven Goes Into Offline state'
+severity: High
+status: Available
+requiredDataConnectors: 
+  - connectorId: IllumioSaaSDataConnector
+    dataTypes:
+      - Illumio_Auditable_Events_CL
+queryFrequency: 60m
+queryPeriod: 60m
+triggerOperator: gt
+triggerThreshold: 0
+tactics:
+- DefenseEvasion
+relevantTechniques:
+- T1562
+query: |
+  Illumio_Auditable_Events_CL
+  | where event_type has 'agent.suspend'
+  | extend ipaddress = action.src_ip,
+        hostname = created_by.agent.hostname
+  | project-away resource_changes, action, version        
+eventGroupingSettings:
+  aggregationKind: SingleAlert
+entityMappings:
+  - entityType: Host
+    fieldMappings:
+      - identifier: HostName
+        columnName: hostname
+  - entityType: IP
+    fieldMappings:
+      - identifier: Address
+        columnName: ipaddress        
+alertDetailsOverride:
+  alertDisplayNameFormat: | 
+    Illumio VEN Suspended Incident: {{IncidentId}}
+  alertDescriptionFormat: | 
+    Illumio VEN Suspended Incident {{IncidentId}} generated at {{TimeGenerated}}
+version: 1.0.5
+kind: Scheduled
\ No newline at end of file
diff --git a/Solutions/IllumioSaaS/Package/3.2.0.zip b/Solutions/IllumioSaaS/Package/3.2.0.zip
index beb8586926dfd0d8edf63dcd214a6ce0afb90b04..bd50f128bad28a665d055733258f7a33d69c3d4f 100644
GIT binary patch
literal 18691
zcmV)yK$5>uO9KQH000080BC|lSsa|2cs~dL0AnZs02crN0Aq4xVRU6xX+&jaX>MtB
zX>V>WYIARH?OOeA8@UnxKTk2(7O-SUE8DrGh0)wWwVl*Jau-CZjlwblYL}8&bC-K0
z*NQJ^;GU(A)+gx<_d~m@Rct4A+_d*cVlO$I8P4aAq(43Z@cw9m1&^4w58lGs#Ox0S
z*@z#pn9X^_W9zeDQqBE9Mfsc=?D)I>UO&<NQt;*AKyzmK-;WRZOvJ(p75i^eX~jw8
z|I?`W4_=Q%Em#~%u1VAz5ol%9%=$yey22o%z2w>;8=|d=%4QR$S;Q^UAi+l*!LdNa
zGchl}aYUF?@e9)-j?I`fyjM(2nGu1hkm6X#O`t_$bD@6`(Hx8pUQ9}}Xtwm{!Y<Nj
zYPd#mmP|uNaeK)A?~ia$#9R*0N~qxAwVEq4IF>SvgrX1MT+SyREJbJ+$o)^xk`MT~
z;9|b8<@fiKcoJ`K|EMhA-`<9|k~70W^BLD*71#xbnUYd1MLdTopDE2j#KtlyX@usD
zk}2(GABfk#fBP4_a~7;k!r42X@g`B`yi;s8+vw)qS<QK|#Zk_z+~$a}(I98+`1(=U
zB`tu|7%w<#8?h@?9L_FcwTwX+lUBvE3yeQAFuAxwUE`=T;w~gyTZZvQ8z!3w1BEI*
zNY+gjty{_`t<EZHuT)qrm%hj*oEf?+qa|8h3Je%vQz3=DBL2vX8w)HAg=JI80fQZ8
z=po>jxC;X_ts)qnj$rf@rfG1&t)DshkXZ%?Dvo(zl{Vz>-5zXjpDKMZRqDcxJf)Fg
z%;c370lZ5kcf-$}{;xUHF+{XAHdU#GGQFU1*qUiwN*DI+!mqH-rS$8k7njZnRnYZ%
ztCTY7w3<_^WWzaJu2LQFx0xwjBA-<Vpjsn-LQgX%;!RnT2Bp}F$W7~*JdO<|m>De5
zswQCpH-n^*Jz!XttTXCnW;G7ZFPmvG&qd$}DFTdFp*t^szpj`{s(`hb35y&HF+LjO
zR7^z}a#yPUCPGSqf<+IO9Om4DuvyGezDqU7fXt%DKxu=jV%OE(c$dNmjN+nnwklot
z@Re3+($t($bvpVW48{mmWvkN)mnYSqInPyDE&`!ao@1={v{~HP>)~mse?=R6mGF9N
zDdX24>S&k<%rUE#tSwSXjs+?2jj4Xjgru$l)2o${3|f#`;ItP^b7#+Y`PRYh9SqjG
z!1A!l8XH6?igt1~cMVQ=B#-BI(W#lP)Aeb4-QG_3+^gC5XRLF!B_<Y%nwt0OXk3dy
z?2C5c#G!DEhE6pDQHltATa~E4ZKC|Z64B2a@{7Hly`BEfpZhzzTd3{2M|+!nx4fO(
z4pbB&fH>4DImBvTC6;W;B~iCVKq7Hqp=6k0jFEE+Fld+C@O+5kLTW`zEczhH*D98k
zFsMX<xmy?*tFcX4)0!eYJYf>u?A#Wyq?3hUCrgITRz2Xiy8b1R_aLY1!i(>Lun0;p
z9g7HKiHoy2^mn%h#aL^|b&;SWERP%?gjI%j^4Qt>ILYii@%AU)Ru72Gt?I$n#OqBw
zr%C(l^%k-|uLmcEv(P+TD+U#7t;$Y?B#W){yh<SCNNy++R563Hp|%E4qv=*@rjmtx
zEUZ)GQ-tVk>O{@f)hN{MO6~S7|6rRPWMeXnk@&Az;V+siRFd_;W`7`NB%lcIq81j|
z$GG?<ouE_-A*F^27V_aADusZ>uANjSAV`hH&O%+qvA}e=!r*Gb9jpBDVK~E}+yqm5
zkOBBqXV8hq4n;Xs*H9CS^9uaVQxUQ_AW#PxI#}T}g1f#~v&(hmtJd*u<+VPleX;kT
zULy%D<JH(*18TW~WDaMlEYX|z#4$;=s2=qYvLQGx^(LI_uw99~2RZLPG42<P8+@-f
zo4EYFz&$rLh$gbC*Zj3v>~ODhf?93G<095o42_}#AC%EWQP+;)yhIsWUv{YC3QD@(
zSSDJPyIX-Mb^6Ms!K{^rLX!?2vhZlL;4-27hB-DFqH+KMf5}gx*6q{kD-1-LbwHPm
zYsKKk5`e?nLTZYcLXihb?v=$|*8SI{^}QsnO|fDLCi|$ez+d}Rp<No^A${*)#NAul
zZ$!09#ZCIs5P7G8VR@E5%8t-Qk~LRu$g_2&+ZAuiw@>e2Qv|qGo1-9On&;lI$QBA_
zH3P)@TF_xb7559^&`@^6;F4{1xscx}Xr3rd>4q&ax0>JdZqvWb@AJ>}_wC!@ZT<a{
zZc7~AdKgFVeKU@B_j{GQqsR2~(|h+bc~>eH!pO1*%j&0(<80Sa%eE!ae;T`1Hbi?i
zfQM;{g2EVtb(8Ee&6K_Mi+p=0$W>knwL-38+w5mTt~N<u1i4z3yBp*xb$WEjRlm_M
z^a7pI8Hh)TWOR*w;}Oc;GF8t{HBRP%aMa3-|I0Wk<dzOXc0ooq{p<|<!|B+Mg7+eP
z@fIsIQkA=W?_NyaS6{a76?YXzzkl5IQfR)!_<}Ku66{qNX0?}x`zh3={*P0rGrzRm
zSRBUz_T<>Y>4L{AV;q~@9@vIYg<U*!|1Iou|2XR?o+&)Wlh5E_!D6fi59r@VLS47@
z?+O0Pj9_YpA#B342b7nol!NRxSzK}$D>x1%ADpZ}n<3(_6%h9i$WD%agr8<JtgRdl
zU6rH8aQ~t3NSN#{q3}v!92^q{FAVZkef!-v>)Y>s_w5b7efG`z_Sx^gy}`H7zggct
z|Nr#u`XSl<EFKwEYLm3~V!L|1?pOX;!#kS^ZEWW=A8zrW*7<_R+aCWpWzrNY-0N#0
zez}s|c;$63wZ$H)ue4rmW5q|OO0jxMCz2Lf`JV)kHLsssKlu+(O9KQH000080BC|l
zS$A#MJ;px(0M0f701*HH0BvDuZd7G$aBN|8WiD!SZ*J{<Yj@+elHm9ID=^ONk=-N8
zdis&1bFS0f$@QjRx9ucnkL}e^BqVc8kqSxK?c3vX_P6X$+h4L(c#t3oNR(u|-QDz^
zN!tWaC={v+g+dkZ>2HK={d??O(y6`mJ=wZUl3D!y?k@k*n%aRqp;H<pE&E^dh_;+?
zD$3&BZo6}6wfk1Pv+L5CAKqfUQ#zgbc0ybK6^FrhTTO)Tgh2vDf6yrQ!T`JJwA%PT
zUOc6V?b-?U{|WwvFZMjS3?r;)&t{efttXM4K->85p6}16UWkaW)(rd<dycXGN$Ah9
zB1r@uWE@81m^V7H?UOBNbH}=!*^v!h15#PXe(11%(l78Wxt&o29Vd|&Ohl)Mwimpn
z!6dna!cO|trDJ>UCx6)foV7ZOXdKQXhyEIc^V#-JOLlRgKq?YIK#HBnn+bHb-i8U8
z$JA|-(L5mmr7m?z5|Wu6$Hb1NR+3!7sN;nE=WEf0b#fWbeb<7f*3Z=XhaI_22+jVp
zMaZ9&ctM;{+eN4(xuoPjZ^Gy*p4kqyB$EG0ZZ19Nl6Wz3Y2;l)m*Xg$vg)soNZMda
zpnb>wy%Q5thF68IMGCG+r!(L-=xn?3fle4BgoJY^i6w8yDT#??k(eSQAfw>GB%<)y
zrw;zsXl9JE-H_#tot=v%gI33C9+Q!~s*Lqd*%t`_L&oZ_!wESGZ2va#oET=0MwGnq
zoG6ULaY9Z&PP~BnIH563<}>pcMqzl>u@LS$lO`mN9L-%Xu}3~7udY!>$)5uBGC8Uy
z6LQqZj}qy{L+Wlkq+k5-hP(vSKKodD8;=D?;D?|CP7?cbOirqdukFY~Hc@o(P|E9D
zKFBRqi#H2(l(nVT>WY;GD#-F<7mLK=;RQ}-uX}jV?e6t@dk2Rt@qHKz@hE}k&CgOS
zw;NeWV@Im;t-1Fi494E%*zFV$Mt*^^0CWm0Y!ZB-z6xI{QaW%|FfaJBTD7wUZPktq
z)l5i82=pUV#3}e7l<Tp(9c8~ZQXSNKH=}$pxBX*iF}Y0Q-BfADjV4j`ZCU^dw@DNz
zC)AloUUHj)$YF(Glrfpc&a}9eKFbKRfFjZYI+;-iS+}FEN`|pD8@mgJ)@UwkZMlxs
zXwC!guQ}zizg=zkJBC3BdFpUut&<5<9+t4|-bbN3cT#Q=*e3QB&7q;nOmomiyc^Ai
z>onLegrk4L(HAg`%~{hNqjM;ghRypk&8-}Jo;*^6<tfw7C?hLq#WGz7`7&5gv}s#O
zLA~VU#09Gt*u0EELo<NS!k;&zMf|BnT$N2dZO@jBJvVfQOQxJkWS%ZmP=8iYP-T4Y
zLq2XsYs-gZv$AOD$W@YxBFirni0*QM=qdt%R@5?C=-#I+bgRfh_X)~EcbP17m&!u7
zQGqwRPnI{k%XzcAkT-j!WvtXkPvK2z701jfHuGoiKKZj(g+F^wkUx9N__Mc^KYLa9
zv-f2Av$vc-3q-QT4*kR2r|(Ap1!hM_-NvcKMSEkAZO(>jJtwy`(nH#({k=V_cevlS
z`klRjHF6GIYk$AnarWrA*SGgFKq{QYCP;~&j(i#=*iN!4@_D05_t~5mF!(G6iX9c1
zzTzNu)M4mmWTVC3j@D-2)C+{Ta46M=#5-&-X5-__c^}HW+g-xD-O9YnY7Pz$$F6hO
zwdiQiwfdt$-#T#j53R1<8}Ikq_CbHoHu3Hvlc6H-R_VSn?>>q_q2b+XgQ(8C>lg?3
z%)6C_v@-AZmhf(`GVijQ)M@XJ9k*xgcl%?j-vvw$$Ag~L?spE_9mgJw_Z$=NE;1*o
z>fH+6SLWSEF*bC1x6&Z0^X@u^!+q=BDnnYCcl%3tw_lle`<wD^|B3N#|106${@2R8
zgC)E>sLZ>AO?h|l#CUh`mGJK1YvtX&CA_;=nRoX#<=wp}#=Co83GeQG9lV=%RUF?M
z!;Ag3hbN<Q%D$9RU7{-$awU8y>7j8N#{r``V*@T7gjYRw+?_??wdX=VyMk1yj3|sh
z^OSSuZoAv#;ZN2qqSqe1$!dyodGq;U$;XkCFeO}O>r5*LRu+h&v~%f<25$T=ND0C|
zfBwT+$$qwTWlw1FbXH}8EUe}t9Tv<Dpp|$^bbuIcF5o~p0Vhao;z(+f8!x%cLc*^3
zBoZ}JfB~G^ULa>C*VV%Z$))|2gXN4&l%305<YDAP+wO8@xk!tAQCXhk&!^m9DuZvP
z>Q_6XSNboBV#jLtbfTEH*gzxXLkr5F*A&;Z{goFmh5RcGXyiG+AD62bL_p;lj^6Jg
zZbVxRDte_zmZ3J(q)0t4@pF+wOv<+BF{}aP2)Um8G7nh5T)d+PF`JKkFTSLa0!Cj`
zk?S{hbmfLOoV23R#kLf{o12@K5)it(qlmnizL<p{IrhvRc|I^7#sdP*7$-@2M4A`C
zr*eo~i=1M^GQ2V%I}LKP1DA|3K1{%7F@;Beo{*Cs8O@z5nzZyoo<#QS@}F~<evS0W
zAKiqq*1&JTH!@D@G)!z?K}z5fQHNp#rxpPQ#-|g?IZ@7X5s10%$c`!Ef2%Yfrcn<=
ze$+dB@p?-O;7$*Br2#X#$MfmbMk1~?+&qXC2a6}#OUJ4CdZA^A*oGy7uFVmJrSXJ8
zBjI?38U3rmY?AYU{5OfiC?TU;a_UVf(_yf*xdc(*<-Rxd64Ghk&)ge_R(1AD1Iy3c
zy^N{yJmcDO3QN-(b1c{3Mbc(wemhPueCmS`lPa<c16O|jThjVplu?O1CsX_5c8*{>
z#U?x;*^7e^t+C{mRo}TE#wgOGAdu^mA`j@XsZg1f#9HND!|L<`3@uO{_8M#@4W;8)
z*gTRVMgm@ouws2jtcpR@lpmFluVF@BhZ8v=TAJqD!s?8k8KNK!t%`7dBK9QQ?zLUL
ziBiB-r|&)=!UlXVHe?$6+V*^5(im(;T#XVtna64jc%gz9zZZu0_hfAQG1XMl%JUYO
zwNo!fOI~l<vPyDi@?O~F3z*Hs*W8Gftt)Q>7BPx~`b#f{9o_9I?6eVjgn2b+4Bns|
z5~U)+loSyV&r>&SPz4eFYwktV)mw)J^hICN`bk3*7qyL@a8|vxMCW~lxe-m+K%r6+
z&8ZnO;iRcj&!s+1AsQ>{7@d7L!M<nq*o`k?{@mZ_?IxU}@&{}yI81T{KywKc8h#;X
zCzNMzxuG*h-vUox0w_MUqkv39sBVwKd7^+o$k{FmTE?v`{1rD+%#XqUYfZzzgALFw
zdMp4NC<L=Pv2I|~8s5a;g`>pw0xR3<daebWZ$TeB>#*}OQa(5*+m0|T*JC{GcdhQl
zC3_wx;nciHFXUHg?_|9CCmrp^AcwKaQH#h^u%$nk)fO;RVVjSi9AIClXs2Jv(QJmv
zWot2Lp@YgCI+iVVf#dE`AxHwB{PToSMQr44#|h^_f`fO_Spdu3?t1io_6$G{PhP$F
z@apv0vnJtxe|Yul@w>Ofw?}VYWgmZg^}qNZ|NQ;c@2`fxe|Y`uS)S0VP@1_%XLH~8
zg2~19j~^&VAm|0=Cba_sZ6oI3$U*vPr$vs(<Tji$9mIV<v2<)m2Z@WjCSgJ~(SMTI
zXy%9=c08ZWU}x1LM+pLo82;!(0laUaf8UpISU=ov3q#8JP*}EOlYfJ$nMZy)J<6OQ
z{xDTEW-g%VgK$Qg=J@^?l`2Ccrhr7U5*Hl5e*OEK<99;<lTEbxQL>0S<7{cL)66;?
z?$o|YT~=c1nV;_ci&xw=MH2@mc;;aW><oC7#%8kU6<KAw4zr7+Im6>5p|j0>7(YFG
z_V(TBtM7pdr<Xv7%r!TMacH#@uYtd&JOuo*i=2d+)4>144<`#<fY8wt7k#AI+)tn?
zv0c~~FoS^05%&Tjy`3;l;ud*vNu4X!<yjG{S>!n=HZxd6GyTSo4e|<3)ZBF`tgoP9
z6eY)IUVLwz2j>BhX8YYt;DprP0U|MXJN0h~EHQusvMA51_x{Bd12F7%yhG5y2(M^>
zzr*M_#;^*LKQLvqRs5hhLXp+6Y)YL=JMiKuGhSG4$ZZii>F6~xHwfD!0&UKI34Qd_
z0Ci%Xf-ab(lDePGte8gEo|F3>Z4K)hk+UK?hOKn~Qon=9U}}32f2rj1Q-ceaK^8W2
zP<2}5RS;uek^wpMj=jlTiZSv^rb(ICm?z#dpB56c;J4#^i)wfhB0s@cN0f0iE(OQH
zigpYtQtGF4&Ug<^GJ_={rY7~waEkwmQMEP|#8{R&!{#PdRc#A>V%-+Ol>0cL5ji?~
z32J8Mdm@|OBEJB{moGk$?U(#y&KK$RB%1q_%@r~yg9iph=35sMhKpD@A@ayRZnEWJ
z3g#1=<5#d?*=mn1(#i2!j?)ObUov)Mt7C!RXkg7_tr?7j-%aN5D~#O2zpPXNSV%nE
z|BjnQ7H?>SJ)9x7L$+g7hooZ-*sv!+S6JeKV5c;&VP=nAvFgL87rsZuCr0<&*AuqT
zJbNaoFSrZ|b7_OvaV%i6@}$f50od?8XM`(CX9V3*=txC+rBfa8YZQdbDgn^IMU)2O
zR)s}-*6h^ieMH%^#f;Mjk+K(;VF=?0gLDKy^eD6)&@)`1MihA=WG#SWUx6B+QF{3W
zFFpG3COan1ZjN9RsazYu)GsTMS{ZwT<u{nyzJFVVA}`a!;0Gbc?`&AOcu`RK!d3vL
zoeDR$>>P=8R2UsM>`+4jHSnk!PpWa50g(dM6HD8(XM70h&Hz|+G*1$s1*0W07yK_d
z`?oVu@l;e)*1apcHI2o=coH%)a~M0NN-{U!QjYm8sl7pY?~wC^{VxDf5Pl+tXlgHs
z6%&*k8bPt{T8wm0*(_R<O+h9QzavGlNth@psvW?!JHN9A2=NoijF;ntTXFo_8gYwD
zx{(U#4UthAgxwh<R(o~Ea$LvsaU6$^$L2PjN0_o+i{Jq&KLSOgWE6fRz76w3QI~*0
zFo`IY_7N!VDIW>o&rKX4R>F12D7>az)$}D7JbU&YIs$!wQ=bY;73S|qt0Eog8x}(m
zk!|3)9g@aid~VTDOg)w6UzCjeb57^<H1Z}uU#+}Um@p72fuNBhFhno{T`*8$$Mzp)
z>N2HCu05Ol;l*=i@Pcg=k{6*%t1urE3RKkOrA7^=ruu^n;MucIM#-G*`RtkCo|oZG
zz^-J`>>sdVHt7>s!R8}ouCQwSzm`;HyODjfJGIds+m!)$@vg!dyJ(92k8V2)ZIPw?
zyaT_t{^bFuj6ENWg;yWJ$O2>02BG(^nc84mc#Lg<tq|CyemG;)1e9iT=(oj`v0{at
zY1T_s<n;T2Wdj}g;Yf}&cO^v3Yo>F`=RKSD*3|t@VuVJT#WAunj4TzS9mOPI8_L4w
z4#&h5!yhM%8<_?^8ly!Fiw?RX#&f@*Vi1r@l_n@8Mz4T=ObE9XQANo$1;KmC!)#Ta
zJ%j0bA-5(BH7$>d8O{5degslc*gN=MaP<@034&z{%NJNg*&0lPYcC1|F2XVfiLW_g
zO*ygoLZeu-u%sn+l$1yX)*dV!&<(JG*bT+d+BFfU@}ZdaexqECYxOQW%q!RVMM~d_
zU-Ew!Ca)B8w?PD3I-uo&bf%crw8cGz{)yK4J6tdT7?0z(V=%E2^Bp$gzKY#kR<(lT
zvT!-TnMD_FeGOL^<wlmK7L>yLmR{_XgCk=Sb$3bSDqe38s475kQkx<cB_?tW(+AKM
zJhI9qVcO0#^vU1oRhC^1;^{q=TErzv3-7S3)Q@n>EbC}tP$iwhMrA2FhTu<rDEc0h
za6oljfKfD{_SN9%Vr-@ugZx)B@Wske`73imE5rhsX2IpZnb}2FF~nAv(+w^(jo)fQ
z`*T;->6<NOIHie@;S&}@p1awuosU=FP}pVr-<HVwmYYAKT`>k&c9Ty&F=AV~HlcvD
zCW3jT_Nywazo`r;816puOiF9=I{76}Zw)pkp)3ZZN&8qg3&xZ#^3^T+8_WN)MSg?D
zUB9R=Ud)#+;wvxS>iVEvtXEv5Re1VEdEsKb#v;6M@m+t>y<4c&K2vs2^{k!;$mUsF
z-I%j?jGAa!w$29WHp|m&zM=G*#c4IA4fbYfH0z|#teG~m%u}#Qdd%u+F{`J;<c#?|
zZyM7fj46n#q(406w1;Jrx?+066HRL{PkpuY1*2DNX}ZFKG=(oAJ>knpOSq^w*^ATL
zN|U^PI@^P%u`LtZb<@=zGEL1qFALK_jA<YX(?9Y#=8Mujs-$`7oVoXt*6~Q`9P6ZU
zR111vA=rIsy2i3JjV0+BC0||<#yw5r;`EC;?LtG|YUvjD&vA>>Di%9`3#W7o(k3)~
zwSJn!H;^7tMKJFz4WdqectYt9tIYgLX%0_2y`i93jCRV>^o3=HUY)K`rz<>ay26SZ
zkvc7*PD}W<(h@4ABdjPzPdn{kdAh-h!>!W_>a>EVl2)*3I>7_7{<oPnaDV9nD^ATC
zX#pFi1FVQ(9rj;`{Xaz5|H^FmHHP<_4>OkEb^5m=kb95vd#Kx_jjwsu7fIjOMbd>g
zThrIEzn<Hq%MW}$`bE-Z(JH^3xF83m;tQ}!)BC!tnV%L_yP5g`Cahd@VU|&mCy!L;
z1gsx_@uPF*7!<pbYuL|<;3?*r(1b3bBOvFZUhWoNnoCm%4lmIZ=cL14syC&7V5Eod
z{foLUIW@LEoy*A6^R4gCx88;cMJT(SR{MObdA<eP_Gt`7XHXFt2!1_;&w|<EuL6MI
z{_@{Ttd5~=3Mj)>K=WMI;P7C7Fmk$mYdq*UR=+doSciM#w$-J5d%WN79rpJ63_zt`
zaO|uGp3<`~0_nc^^+c?39P^msJmbXu!Mu<HHCJr>-r$GMK^uSWn#F?No}r-A?;A=E
z_Dm&v?Y`*e0x-4FDtN(;-k=PR@$L|R7!wn@kAm<9*ylX{W>Fp1OPt*LoLX#i$jHS)
zAx=5X+VHp3FXGerR^}xOvvtQSuRG^kcj|m((@!iiz`~57I^9JaC0UYfrPGO?;9n_H
zREVF6WqV6lHpfGZ1gvCHq}q9)hX1hhx$Pa+K86pH<8bT4Krs-6H|Lxhq6oeLixt)&
zR)zPjO!6;LI8E6+&(-%hO~@{68z;Q~thr-HE=LFOD9B98H6w2l%%>y7?G7iKpB4Y<
zxydCf?-gXSL<0sY4}EHX%mcVnIc3dxWOKLOSTLQ99X6rd$H{c~5W8f)&PHNSfrfx%
zW7Szdl`Yj#KeZY5igOTOhBrTlk;_nGF-CXy%n4e$d?DO`3;Qs3>|kYXc#j7wC(!aK
zbHhE(vUa@HX89twcrayOUN;_GtAo7-XgbM|hhID=E}!Geh>myAw99ydwPZ4b-wO>{
zVG_<rr(G^p`K6uL9?;^bU|BvXo=NB=j6BEoM|M<L?^)+CW$g!D>N8rsxU_=_C2#l{
z9q`s?GX?BuGAzaZHpw%_FvvN2-SYf7X~fhS&O+aFZd?2~p}|>adTr5<GkzAw=Wyuo
z@jfqpiCF^~Tb#$?JRe1l6O4Y)cxaEuEdCgN0WLDaZiy~h<(4hhvd{w`%24jw%kbpi
zEoI=Mb^#O~wRp*J%FU&Upz@6h5T~K*jXfB1$Q~MuE5a-`E8@voiWxP~PwES^;QuM<
zOC)`fcQ^(_&a>W#d>dx-N^X$HmVo#ix?~c0ZefvurQ+vXxibV2{EgnG7^ED`DF#*F
z3FD;07mCeVr#h<|*&ksA;>w{Y+2r3qMVwtU_)%q+`cbU6Lw0uw<xXE&CedfEU1&*I
z)3r2Lri{?B7}Fv8!pcbG^iWzV1S1K>Ymy^-GQ?QjQu|c+cFx)tI|W2v;JW!-*jtEP
z4!&8gUI-#Ui}d{RRJPE{l9RPaNtyQX#6{;tW?d*u-(4ay3tN>ezCqsNTS(xgmfzrh
z?E8n7F025>+sfiSwG$SG6443$NE-ip9@D7xtikJU7k3cp;vPn&-9>9YbB$#@6F`C$
z(LF;T_P=5I`T6-4i(JQF_(_na2Ebfc&H}<b5PtlF3m!X)aLMm5C{=b9>CXV|oHcOp
zjSK!S^F`|A7eFZzjKC`iZd&otrEf(6$VT*}_+FXwGSlEGXt`XlOirWED>4Ivjofev
zHTB$}aKU^b7l^~5Nt%2GEf{>0F?7TVc`O_*dRa?5xHW93&KG-DADExIg)Q`wAunUC
zu4XgMSybI9J?fr%sgZ%!i%1F>dp@4*-(1>>stnmdj0eak2+#`%Y(H_OjuLL5*jE$-
zfbq;m9LHp;#-(Ex>-(IvF`+D<%*Ub#KjF9U**W<gcE$e&1$f6|1xV*Izw-xtSv$<r
z?6@p~Aqa1vD}8M<dt+?9z;^^9#BK|K9W;CbYFq-BJ)yn-JOBbYSJY)Y{}sH5?3#dl
zMZtMYyr%XnU+9O<aWD>9r?2hgb;uYt$Iun%mUBTAIUJQ11N7Z@-;pB`gDj#01zg}O
z5q_!!nz~UqBdoKGRc&4KR>3!da|a0S=kdDVW3>*Y`%b?*utuHH!0Oxk9qYh#de-5n
z-`^kGopG<Tx5lv=lj_u>V}XcV{sYIKyOcZnGLugX4V^y9AuDH9ym|nSR|ScA{JO{C
zxLi!U_=5;{Ip?Qf?Axz?II{ih%M|3<J7Fhz*~h=;V8F4C8VnSePMDu7<fNHmm*=)D
zhEAHVJb8i<R~)N-|Gn))@9Y4Lb$aCce~9z8^Q~uGzJd2&a!sQ$KXMwbQLN^f@Em;N
zYb=9sjwSFPW<UDjB%HH#xyh<<YRf9j8q2DXyXG=@Alt#v3l;*zI=o6%fXh(CO4V_M
z0WHBWt+5=~46OE;vK+Y~hQ@jUa|0~ImRBeF>I=IPd1bA<=nuy>XhdUY1vQgZUOp<N
zAG&ZX`97)v=eC=q+CuOm;90492hcB8w5Q}rby2#QW)!-tKkhhow==NDhwZM_AKMP7
zv2oiv==Ev;@ZiAiwD;H1WgnTYF{w0Bys=879FF^WG+M2RYEASFYNAEp--dw^-Fz8e
z-#IyWHvNVwj)51-Z8c?e!tMiErh#}Zky80>n^4He^T;^SzhuRWm4OH=H^Dh67MFQu
zG5jjrxDMBewbMB`Jlxys?ps~Dzi;(>2Yc3`)9qOuIvTixwhQ}!4qrPLEyOGGDsH{J
z<hJJ4%G^q$$ixJ%q9}}(^QnisWCMufT$zqT5$gI(wtwih5Bmexa@*qrtKU8B;byaI
z^_;<e@37;z^l-44$@1ZdGtc+qhj8EO!x8uH#RcZmB;CFaGlvg4pFD58jnsa|rqK(?
z_NUb9yxVCK_ZATIoNewi=cY%a*-&h+Mw2vD(<%SAT0vcuC5-%9D!=NDlE#IKkb>vM
z4%ztuc%+(}S@C$`cy)wPgRDq_JX|&0u{#L(Rak}ZczjW8Bh-#)CH^XwDV-J$arnFx
zHU)P(`IF3o+Y)Iw{>u%T%7B{!<0f|CjinhTjy@Gfxmq0KIcKZXpecvZR2=g|d9or{
zOL5s_6v-zh<hL=fDHHKecXvDq#N00`j}~JJ2|Cw6@#yDk<$~SH-pqn+`I)2M%15VB
zc=H+;3HYni#tyg_FI!ZMr=+pE#H|vMu&iOut7)Jg)0XInl<6qPu7E9)OAF~VGMk3=
zDbitB15Ns0njEsLBuQH`QN)s<;#^7~2bpG(w75t0PW#?f{ymqrHcP>9^>jL)SxS^4
z&q0Kyu{-@FRTf`Q^E6(B>0(maBfbbDr_+29y`0lcpMfdl*!=yI1Pp@lT%QFdk^6x;
z7k+_#DJH(i%CF&DE54rmKoro=A1Zg}2a;Zw`;sN>(ZB(?&rg_|ZM|c`U}qP+T9zHV
zxUQJx<0<CX$?<9G35j{$!AB{6AWX+TPcMo}(J$oA{gCF(eW37P@0z~1lS>1wnaKV?
z;`xX}|3Q)~k`3-!>J;j3y;JY}H*wI459w4(G*eQ=<lt9$K4)2Go@iaaoU^2#Z{y`0
z?ImoPkef!&%@Z~aTSsqS>alagRm|Fplkvy+xLi(xR=K4+g`mDqfokr49=+4yg<QYv
zsVfaqS#>>Tny(k->04|AsOjxlzIyqEq59#YD$2R|=8;A>ubt7l{GlV+dW|=Zsy1C=
zLHSzlJm}VU9^BWR2YAOgy9)2CzwDs<bzOE)8qOxNkhcGFE<0eC$0$$3e7?I5x?k8`
z2Xy50>7duQ_U*oH^*bYKje2_n%XJ;MKOXG$+lTEn0vXVmHjFT;vk=0-o)h_y7ARLC
z6pvz#@X}U<L!=8#d-C%6Z&2v>x+~wU&>b9_8humOF6`fHsBhs-8)HoO$P0?WzMabj
zj^oqF9*;d|rMTCE1Uz)~D^#UC-Wbc-Z{?_)*X(g8#g}}^*ZcRO$Go`m`^Q4SYfgIk
zblw`P2wJ^JZ|X({$cM)!ypF}_X=&nNA1WnRAa?~TgUqZWczzR`l<mUE-0$#;U&=2^
z=2_^tTxGeAc!L|iF_~ZXI|2^mPY8tbg#VG<XU_BBczhPS${g=ZK4lkAE7_BHM?6$u
zG0c2<Q*K0O9Nr>X7(PRkox*CPeftj??b~*#?Y0lbRu`5LtKS~=EW6$5SoYwMw%hym
z0o`9`VUe^@64f)_OXoDp7*po4xWLH!T<w4`zYd#8J0UK`Oe_Aj9e+UwCsJGxju%8s
zL%g#;W2JO{3Tla+ddcC*gKy?BWhdYGA4zXnicQYdlk{_bBtBs0<mc)+dbvb7ML*BQ
z2k~%?4bn;ul$8XA&=v<i%Z|qn%!>cu-VV6)96_FwPx&u*>It!Cg%GJ^G8u>^X4qh6
zJ9ImaoT2>QByOCfe^p2yQyO|vq53h`1+o<sY<uJJHdMspQWhV<gCkgtCTZg?@tsf_
z3tGJ^wo(yEuY4#_EMLXE3cf+M*J#iR$ET0H7#6RAXjV%Gk)wT~G9v6n=F{K}W>e-A
z5QB<O^VmruPD@c2(Q&e{d8V0iZM*4*EZFB0iVSeLh#|u3hJ_wyYt1jLI<Gem_=)j8
zl!hvRsr}KL&Zj3Bxr*oOLGsd@cx<glkrTzgMErf8w5)r_S8R<P@$u-R7xSZ9$uu(B
zsAygo%?O2aHnt@eaAo268f#`1|4ircF)a`B>f_80Be|Q=7#t6Uz%OhQ#f=gsf9!<@
zftAYw!k|7+qvy@#H1cn`__x&zB~lvvd4SfFxaOZSBTA%Zd$T5<o+cRigEmd^Z`{{6
z(GQS>AX-hnL1damNqLgP!u!x87hi(l9UigUYS}mOqE|AH0$`eX;Nw#{@)e&}ss}4r
zQHKv{MIG3qeTN>lt<IjkXZ7hmwGIZOeXD!e?e_Ziq1$shYgkdZuz9nB^>o5#;Q0O0
zAW3FtWHZL<uN?uo;x-OeD+T*U51*`VKdrJLiWJZc2NlixUoa~qxPaB(=}_9X+N1W!
z>O1>~)?w#hWVJi)c(C8?^=!Ml2IHX(RbsrCihNh*zPyr%ADai2fz&*>x<5#DKpu{1
zXOCJV+U{HZ{X^F}>>V6h?e^io>5lq6cd*Vr5$6ZjiUq9pUKX#$Y$?=7=C+xN?gQ}K
za?X0nELBmh^<f<y_1Znl>9ohdZBEBJ9Jf0b{L<_8_YMz7{lhi5P1+*`ZhNnOUchCt
z9y89E^G7w#QY!|Zt71$y^I=yxXHR7Tli;&6DVq`ByP{;T+1Y<=9%VF8chr(7Z^f<}
zY`txfEx?L!(`t2i0szhw_le}o+r0QPoWZt6TSEZwoaszk-WBB&LwS#vPbT`}zGyzX
z?rX~jB7s4V+#WAY96j)TUhItYtq*uHHK2AVN2V|C2-=NCffYFpz7?jgCny+P&n(Z=
zR}n;<%?(`%BHGbp9_woeI?}0QLPJpUV?YfPEr<zw($LU}py%8*peYDCoqyDq3yQi<
zU`=6bqUR^ck|ur=<eWuQeR)@oGqyYfqFq5xkk{bK>genA)jC~$9YIsrXN^r@_LM3H
zD1xk!30px{FG>s*B&WuqmCW>V)DvWd*&q3O2IvXOPRG;=VuLgb>P|7D-SPrMt)84{
zgJAXqaeFgIUoHp>6By|$2(o@OkfbMQ>KbU;JIFe)oT&+lAZ#-GkN?nXFF{pLuU-36
zdCso)^c4g-V>dFW$6f}(io&_bx-C`fE7iu4J<-=nscPy?P&JCL4HX1gCy@aUK~^``
zPg`FQbQIWnZ7=9a4eU3N%h{#AST06Z;F}-_g2p%AOh1N!pk-his5B5{oQ5OMH^7h!
zlMxL;$oR@LR5(y()VTN#4wYI#7<@D=lWnCMEcANKyC<mUj1A(jCnyu!3A+#SN?%Km
z=PJ6LC82NYm!mz&YS*s5d|#q$P!W5F88W7&cVCSA+Kcu4wx0^9bFHr+X)+7+YubKK
zR=6DLD+r?9#0DG%xn>5D+ZTiyMb^ThN`{&TR-h;8zF?`Fkr~QiTE#rU2a=m$xiN6>
zfuQTPNwXeE#m62Ew#@Z<as~sc=h}l*^(A_P;6M;Kh{v$_StfJtK+xGWmG4VibF43y
z)}%Kv=#2wG+%TSvO;{WX+Qu^s47VZ!^B;C(&aa`bL%B{H=z1tE%8#w?Kwl%Jt6`20
zr5f}Mi~OOWXbi@&K@A=XqEdXe)zpt9Y~a`?OI%QGVj6CzEd_mS(4?KVw84YGV5GMN
z&1RmS(K_wEG}AqU0o|6{8E0myA&B;uLEm)Rf@Jot!Om}|D+j(9Xs9EVr@?^h$juFc
zu>Z1Vl<F7sPAAo%AHf_n>4T2k;ao=shV95b&TL|!uH3-*UDG7X9gOQ5XeT!?o^1qi
zAorW53X*cBamfA4JTdL{1jS<0<j5UNY#@Z(z06EF%B_nRdoc;GX+(_M>yF&Qj6H)%
z*O5CI$F%+E$PJ7W8Fz+q4->~uIGZ}Au2OTxutn+gQvGO<AGwK{nasP6+``0;X*_cK
zGS(~Kj@-SVnQYN6weXf96Zv|owTJ<=m(+Gm(j>PvKu4%+f+)y6o%!)1nUi~*scqcy
z%MH$@35ML@#FySwzlG_@P0o$UXz$2fP841mC@Qx(Y#lISD|b2eWMbUobo%LXuh}E~
zgcbH!h#3FyBW~gada%zA!W+F-?aF<_;!6E0l>~wjjcIgEbGBNcF?_{97%YEkryyT}
zuX^0xciIO|*BXz}SKYPuE!%bWtp3;?xclRdGwQ74tH#q);iA?Z|GrL(7C5YVFadK{
zi&J0*=P^#<_&pivAowNe{M{qzcg9;HTv?pE-Xd$p1Gut>12EU&xgACJZN9w<IBoqr
zf5)_}d)6skBrQ&>{TxwiF}Y7MIdlikXn%if^*Z*z>UXGX9USxzE!(EFI~sI)<H0(w
zHR6$*PE6Dj#8qWQJx0u6KZd-dqghQ}vS#bZOWJxRdC3#LmX~{xmwdD?MjHMj1cKwk
z3J-9)zx*9GKx-(@H-{|tX{DFgnk*<SjFR_i*py6;(F7b1S%}<2=bCU)+ved({O%_H
zJHP&^@vM>mC?3t=p(MPB|6ZssKl1uSkxG0IVTcb0@Jj5Xrm^_GLj(Y2^~?aIA2ryf
z08)gJ`dJ6~m!@C-S+wF7CM#pVI$^P=?DG!EDJcGEmrET_yxJwqQFf#}bJ1)S`+y@%
zm&)6$?1xtpJAwBhPPzv?cuRivLyQJBG!T}zp%VW6du9zUctoNwg7bWsb+?%d)Wkf-
zG%{N}^^~^UT2cQzbg1>rTatFfayQvRsT7>0C2zBr8OxKxV1|CkM|Mkba)l5VTFZIQ
zx0pnf2Kom2F4!%Py6SS8i}3AR7G|tdd4qz=TRyMLwBO*KUK>4Mm=EzdT5JOyl=Zis
z5_~Kjrm8T<x8qpex2I|^R)DIe@iX3+_;VD(9?y=GMot@LwccQ@H)t^~s`Y!LDYO%-
zw!Y%Z@LsC3;<Ww~R#H_3wJ?~KC3DG(9t2%09tKb2C6X??8PnyLE!d@C!^|DTBHkl9
zL)T1zEr8`PON~GN!QL?;;(;Uu2xH-034r-+(lMPcj%|PN^xQR-%{>?}8|sc#RNW)%
z8u_`7yQ|~w>bSeKypFrmieVjhmn*O1?sOIExVt*;u8zA?E7Wm!WwWV{yVI4|ad*WE
zb=+O4Mjdxo$KBO&cXixd9e0<nQODh}T7|~vJnk+FOcLJY=Oj)dd__Y#6Pu*5+sLj<
zd8@g(O0-RH&r+QKqUc=S8#Pcqiu>0V-4}Jrnw;?Z%%RSXz_J^VvV*h{3tK=3bcpv6
zzM*k!PdJpfq3jaxu9*k?$nGhfE@*C>T6k}gBr8_D6<^QN&+=kB4014Dpri&Nok(yC
zuTm0JFI=9qc#0mw^)JrZGq?WJJaha4j~wOa`UpT*Tps}_HR>aPtWJFdpsP|J0TgT1
zM*xKi^$|dQ1W+FVs1@oX09}>(2tZS#J_0CJsgD4PHR>aP`UpT)FqGFv0QC{Td3^+6
zsPr`+0YGbfl$jLXGvc07{%`gYMdko)iW`jc&ssD|c5;w;JF^1>=<$4!%U@*G$P3?D
z#n0rb&-uAacs-tLyHmTiYu9$k*^zF#Yu9$|+J0WUwl(FoYr9;bc5UaX)vj$;T)VdQ
z%Vh1^u3g);YrA%BXXUkPyI7-kZL52h+O=({P`kFvHEP#(?b@zg+uw?7TfLuZB;3i#
z6LWJf#PRW5-fiWYx!UJl`@Dr0B;AeIKJVJ+{k-;hYszb%cez6C^UhVPecr6N_Ic}<
z$=c^#`@CzPckT1e%4?r@u}1ClR`)Em&)ZO;_Ia0U)IRUp=Uw}}zb2pemdW8Qo>X{p
zPVN$3cNh6PP55{6>f_7@S&gs)l#c=5Qwov<1U+`eMJz!A)~0WvKO66z`4jpah2a&$
z|KDThl1^<_^D;?h@%OvC6EC@(k6N%+?!J-O?;g!SgdK*zbu7@gB&c|I<cFi(sT~8E
zb~#8kHY{xMTjB4{gRSP@Na08N<hQ;jTb)*0SA!Gu*u^Sm*I<m;BcI0Gjg)rsg`{J*
zv2&q=AnvZYMF^4{TZL+Oxxer7P(BqZvl9k{meQy7E}Pxs^6cWp^w%Ef$#@r7$#!8H
zN{DXRGw+X#8r^ocYqdN0f3t{Qd-SH<0@;C)#R&tv5h;5MNFh&Sr`gCRvUP%66j0nL
zmW`%p-H_91HJZeSx!jIXZEqK7jx~<mE(6=xfuAzXw_vzHkHn)fpjV_Glq=7NA^v~=
zBmw_MZ=Z_;801%e{37xCf%xGh{KfMr-ti>sy@qeC_<HgKQJ_9QA|U$sC>Gux6pjfB
zDxgC^Yl*oau#NV_BIX6~9UmDO<IO;n^@?v0fKmY=9NiMpR|`6UxkKrWU(y*3TrlGS
z?DLabVEt+9-3ayC*#)l#N+f_k!)QreF~7%CdqQJ5JWV|zE6+htTJ0YQ(_)ee{7xg3
zZ<3KK5vt$=h5vfj^u3*2s^rD$Ogw)e@qEPL{UGTR$(na9b-Fb21#AZd(@SW|Eqcl1
z$8+VTL)rF)tYHFyZ?s`+IqD@!Mu(q}I#Ul^yJ#6%>Hj43=LP~Pk}61gV%sPBiY9G0
zj0JqI<w{NOG>F^t<T8v*h)b00*$m7s(2!hz#eeq%ufqaRt)F;4LrGcIkr=yv+^}MJ
z{!(<bO+n4zAh%$lPQaGXSAsS73M<J)?&jvEr9j>lW03z=8@Q{8wQ2Nx*=N(Rb@cY7
z9y<r!BQV!c=}c2zUV*ZfssyP=*Ku}st?iSwmdyK7D7Esi4MSfUC*=5-s!ptiR90P&
znda+7dFmFg^~zsaTV>3k-<&H@&A*u?T~_%+uV_-?73FzFBOAY!tGTWv7V4WV)fGw;
zF*7I3LQ|0K;fkWExQ1euO@A}%<t^6(%fh}*2VAsUuzuGH%0m{g-$$W4cNSq+tXM?S
zTfgZFi^<<q4ig+DrDhWwQlKa;{WwLhY(w^}c3)>hX11ed3=;6kj5;_;J(UDoe#rL$
z+Noo>TCz&69oLreyCA3Kw$51W2cn!A^4n4NYojWG@D5PD0lb6HiJ2{6IpbWO5ROTh
zvN^p-hh?yJi#D#%gD4JuXuI)AVuOt-rGr0<CG9n7>5*Qmo0m&iB?CD-g%wBc<<wP<
ze`!ta00uUNF}Cb~%_GWJJXRL(cH5mp&Lq1qLw<NWRalEzhu`INwG={wt}DnvuV_>$
z50>Hpa%;<03a4BoIU+8tkrj4lIc{M))&-j>&0tbxR~pVH5|Or-D_(pFmb6=8X9(NE
z1DLRK&2)EJW!rUn>BU42k@&FfiID%<C&r@$I>ybD++%P@6ML5ppLF9iE$yUN-wjq+
z4tkp9AO(Q$SmJfH)P2dvzEz0!dmAPcp`_t{U~Wz28=aM2vy&u9<(Du4K0gmE%Q|Oa
zm3eZ`W1ysLb@cw2Z9T^{aV}H(!iF^gt2fTmHAc8C{Zn<_e1v1CgtI#6*I@GIVjQ!_
z@Dh6@9x${=C+XLbH<?g=w=bH@l0M=I^1e&EPUo;^b@%tF)gK>F>)>ECu)2<IJDt7#
zJ=z_ywhmR_p+2=oDa2Ddn$RTwY;junI=#kM(wL<BUOZ4ZA1M%uV?r2mOzNYB?b$~`
zH8GHbQGd@la9yjt-?6R!$n9H)Zg0=(bo=}6!9M)7yZ1bh<KP-EGoBa+(^+XSd0!x#
zD`1Yp0&{d1F^80hU-8Z8ltb7H(y8x~x?X~c&?GTy2H4Ib*x#i>Fa*Az0a5T`@5ZNJ
zU!A5B210Y!$oY$vN83xy)3@7U1L@ytz{7GX<4JiOZ>fq{Cs}xJ10ULMFv;}dAjFk9
zxh?nFioE!0$S)ed-4Wn3gz*9I7#7@NjLH=~P0uymsxVrS9mL`E1{Q)=TC)U3I@sk8
z`ntKVYX~Caz=Xg!R_ZJJbyx;g>~21D(PKZfla=~FpW-lUD}e5lz4MD6r$5;1xAEuh
z5iUK?xPKCPZsE=6FiL*Dl`0bW<2NeVTQe7YjL_s=<g$~5E*Ij>p)i6K-))UA!<(N&
zQE6=ZG0k6z&Iku8qb-#Qh%pE|BhMeHTa?2}6<qpGwA6&`G#w^eP|J&7{RIR(4LLPa
z#n~;aWgk+G_(BwxbgQJAX?P-E7I254rDS>lBRG1CbLU#jEqyMZ7wDAA&(-*MRB-P9
zjM@9|inhCk4bpIQI~4e)x(=h7pxG6@W$Tn|#2~0}<$mHh;1DOEe<#}`doqM}@wRNd
zbJo6qjS{<=f5>Wrnodj4mNdM`pX`YaB{)^Yd$|L+%$@?e{PF57`9n_0Q+U@M#OMu$
zVLP#uqbC3QnocOb((pYl6Xhofg86hrqhG>kY8ODx11}My31`9@U|pq4KfabewS9&Y
z7?F(Mp?%iZ)C;`ne0q#dQX0MVCSHO-I(K(>mELHV!avAtjz@Tp{pkpiSmjq1qSQKg
zEFsD|^v2`ul5v7g4gL*({XGyB8avCSPPAj@P1-Qqm$2qsXtZyYq#MLqN*`QG``@UP
z;y6|oQEc>h@`=4Imo-?_*y6?~<_XBlmna3jZ&V7xcx4#~<HwVLFs{DV+^Ck`yOSp&
z3SalqvA2TI;64)F3{jHCyTt;dhu$By3;RPUb*lHT-Y2f4HfS&oL5%PuXE+Vr)fZB1
z^oWKo?~SE=^WVY79nXCq4clMXzp4i+t&&A>4a2~{#o8Hnl6UNrwqZ<JXxKFx(HNO}
zBL7ySSMdk`K6ZIpTxM72BT5%+Xq9<joj(nO`AgJg``@SmfTuz8)r|n&?C~U+_g6_k
zq&<AXn$!ZZra*MQRe`t-93~a3FKSuSM-+^-&y|D&n_Wg>Ah?*xSG{{I%1TKnx{q<5
z(J|PorBmLeDH-<6tFtlcY>dsbF?tW4jggOATPGvqexi+@NCHNuoPd$4fqZ1&;w+3j
zSsx`ALmR@jTF9>n#Qo)Bn0lylF_!dG=VCmuT#N-4bDfv5=<hl&W3#-B-oxZ&=mK%q
z&&wzxxk6q>vFQp6%a@jyVMEWiiRXNn`;=QFoyJZ}{aVb}=+yZd_mi(N{KbptjqUrx
zQ+o>SV1GJ%No8o>KXKnVJQ5RO`#2Rbk$=Yo|NeSXJC?JdXxMoIDIX=SIr3rFRavQ+
z1EL@GQ2m^0<&I|er4#+`!i{8V#=<nZ0A7<3vT4T2id(`L5k=ljsY_18#+@94!R6xd
z#-EooAW~S!aZI?pP?!7({I9d+3#(0<$Sz@|0+$LDlP4W08sKCh(fAo|xd!tPsd9ZZ
z7l(k#9nS%gcRaHz09XtPUYkrBiNvMBDhY?8H?v(AxD*}jHq!_#afeARURvH%f=678
zknV7F+XAr#p-pcw$+dvqhnEo@=Uc$n7Jg+Y2nVBO-`KZAO3Ki=#H&f-ra-4D)s5cW
z!-(=rMB(4SVbpnly4QYVtoj~E5V{NN$q02OjMVk!x{U(cr6An^vzH>cn?vpVV@dT_
zOJ_QXSQ^Va#n%6o(J(p%;^@GO7N<bl_%iencw2`BJFsAThilj%As#wtNKRm3H)kf7
zRT%%#+v;1XkHfeLAqzQKZ<Sw^v1Nc9iRF@=fu?oY(ARXbl^{1dron8zq+>8B=&Ng+
zX~}9JsdE{4z?DX*r=7uGw;C{1X36av*zThHdbO$IZBNDe^A8Yb!wza|>`~uc(uuhv
z27;+tZ!9+1*csEFrY#$rTbRs1>R735^!%aUx9N6nhP`Jc5*@#PGy)xQ?OdHcsY1U8
z0#)NYlvsK2A<s`t?hAV|i6}o^NcX%@->1y9spyBosxNuo;X6>(5m3z7AFrEQ0{oO`
z!CIYJ1D`(0Uyt3pJ2FX60&OhI9sb?v&mz+PGb^Eb|KAr7IM-;ECEkZ`^2{OKxuBtC
zK6qHZ5dc&8{thIR1*y2Vb)0)V6Y3wwU7Ar268$=kqJs)Yl1n)Xb4VJ6osfI(_ggF(
zn_Hq8g^>)Cd$oy~mCKM@B)R1>OhuH8ZP?gs&ib9-U+4Ea&-eAbzTfBdJg@H`-{<xE
z{_{Maw??(8Ha*GF45mN7omM2;Gxh!<9MHGZTy$2L2(8inwmcJ2Gg;y^;&bcTDn+C0
zYngsvDs1Y!cFdH6lKK88gzkqeI&WaMi5}zyQcE{u26wcby|~R=_%QQHQ!R@FxP==Z
z@=(znD5@ieEr(AEWGeG7H`vnKh|{V%cKh!2blE0HM(p$6xjp6yi&Bu4#Lr((X5GLp
z?5BDWRj4~{ama+no-zmp{S~T6LF^D~dgt)cNlduDMDIrbY7!1vtTZGVQc-atfa0#H
zlOf*OB_~RaEkpbcj^1Z*>~I@-Cvn<K{Zh4G_7M%KFzfWoDKDIN;aOsKx&!gIPaQIg
z<~1$0_cZ2Cq`wA!ARQep(g#g@e~bj!$I;U1x!*hcrN6mp3?|`4RTMYToq0S~?^t5y
z$~QXWVE3;`dfy?4mp3|Z3!3-HYmMojZv0klAtV1?W07CUm3O-VMLpa}LV22>!6VKh
z*4VJ-nv``1xiB{cv$T!r16oRf%VYKIahIyB?@n0$)&NTAZs<RV?CnTch2#THjRUo^
z<A?2Mqq~|m?4+EVi;gx13{y9;zLlu$6vf6rZzYP?Y=Pe9z*kc8IauGWl>GY|H^)-)
z<>RjgD>gn7dwB8k3nu98edTqKFnkB7)utwx9PF24(#}*=AJ*mjn7r;@|1P?Y8(rx?
z{;`b{eRo&kbCJllL-B(GbT*it<~D7BCIY3OowN8rklDU@%15cH`&H25`sS&)&uEB*
z+EcRA_vgpk^-d3s5`NlsGYE1O?@M4Dxe2fx#!9BO8#l`;Q!66vq8J6`oUveZij3PC
z%mH-3-X=Wuj_~jr{*=n#hUoq=b`on+j?X%jU-Idlc$^Q`O5C$wGTf+BZ}(2-LDjx>
z3AR>3{;fnrBE0sR@Cqc6Blj^7BQopF?;w3_x$ZdA2c@iV@NLBGRh*Ur!?V};KB<XR
zNODMFRZ%HuNiL8v;V@$>Q9~p_txSldCe}pQR~)WJ)?jPGfx^Ups@5+nb+c_~D1}-)
zU}HJtc#}{>Mro4=H*kIA8uztyur^I(?a)tL4^lx>`1mZ30_MiV1-eM(#tRz!TpIOY
za4S_6nd1&6TG4!;w`Dq;5)0~CXPKpxw@%DWofhjGn#V@^omQKn2JjR9-Xn(rf<}Qs
z@!nxj3XSJt4Ddds#_5E53fa^YSBwI4YKu`sLgXL*-WF*3pT(#Xn-Ccux)`OI+zR}_
z{$lhC5R5^kP^M$Ehk6U-Zu?9QTGDYw3P{XJ1u1fv<w8dd5lAd&XvXL@*N!`;19(ss
zivo9$){=Rgd%=#IW1HRMaXf``-K8Zc*fBJrEE*3=nCYw{hxDxO{bomK<_G(;RE!8n
z?$H<9N<D=arv?jgAQ;4-bp?h6M*2C<!1mV=bzy>1>b5}r!oLpUYh+8F>dvIX_j|o)
z(1rc4i2f|9tUt@0Hb}PgXZ2sWWFNngwfgI1MjFh6qyl?iQ_l{vWI3+9$$Hg&PUB8+
zWl@v!8QQ>*GXug62`&w#5pW4j#P<f1Sk`pd3PFB?=FgnUht=@}*IcLdc*}Fj_<lPy
zTo-{8quKC?nuQ$c&vm$_9$DL91T6<1gb1b8%?*3F*r{E(j=)Lq<hrQ?e2P4Xnz91(
zMBt)T@e6pj$yY&4Gxuk%E)hSUw*C6yhR1sZfY`48x7uq29J;005z@A2dDizavv2yE
zNw1ZhSZ=A{k0g)Z=f?QYopp#&m1^=&-sU+ER15Ml|CpB!r@uDiFUm1QrfRvy@Xjdp
zH6cIN*d3vcz4^VJ_C?X6bXNeg+~$n(+RmM))+gPg43%^)#-;M@`5s^n0h*gWI;TEm
zrAI;gpl-`QS%qUIeHATdA2%<%m}F?DCU7Dr`Rey3)i*S3Xf8)kV#m1yVKxhMPRh!5
z*>%bE6ZFqVSY5*aE|P9i4@_?Lf(ffg*uO(&n3Jshe4ku>+Za+AkYBHXH%v@66HNnM
z@i}g+Q{O`fA1=RF@+@^~^kJuamqOR`D7N#U#{(nIMk;3WO~9J#h&jme43ML7c`3r~
zW!0E!!)U3pL;0CjdnD{e<l5<Q;t(}?1Zj9vD#lR9G-+}?OXRGD2BkcrBw)8J^Xy(|
z$&%umX#CvpNRr@Dd7&0?U{FNO)AiUWn&4FbA}il9X+Y~J9tz*AIwWhEWtQ`X92gmi
z>C=;q7|c;mWyYMBfFyOBI5V~u<B_wmVNnvpY#<?<zN}`UU&`k}Dto9Qmme7%Upnjz
ziLaL+k8iq9FFN3U$7QrV3B<h~D;hmu^Htw^`R<7gP8HKFtj&v`)}g-cNiyqMj^AYY
zerl9t&B-l!?lAH&tX4L$G1ox1>X||OL-Kjt#TlI`M?)E={FhO&(86l-Ec2&x*To`L
zD9`V;hw$`l*TWLy*c(r%GeTQbN{u!v{X)lqRb*c!@Y!@|v@ti<5mvFyr*gMl7u;ym
ziQJZR>$gz1i3eV;X~(dCL>D@^$Tf~&SIc#g->Tx(3Z6^w*1n(1jz{d}0F}z_m4_37
z4%G#O<jV32Pew(rJIBWG=b0#>CDly53G^>s!;l@%2=K8W8Dwjv1Rex1tJSCH&0iH?
zHBBuD0h{=I)6=k=2!+lz=uJt&{Ps;JyUm4^&~2;R=XkU|QCqOEh@9xZqlN^^|NoAP
tq#y2Iz(fB`@=tca-zkKIDw3iF6r=wm3D|-GVn2?E2rO0L126wr{RJ4l_hkS8

literal 17898
zcmaI7Ly#_9%r)A!ZJf4k+qSLKwr$(CZR=^<_G#PhzVG+{^$qUe-l`0eRCWe?kXn_s
zq9_9jh6V%#1O;@EC8X6`D;N0(3J9oy1PBQ8zpROqnURZ`nw6-Txs{!ji<P|{{a<H$
zyB)1>JKRp>-+sY8qXLWuQ%M^C0!t%ScL!SvwuEi)#J|N2F#(&Uq^sM<Y5%nEOMyRV
zeOvgYEIOvX=j-r!EcBefQAA`A!iV3#5+Co|`+?8CcSC3hns<?()K|++EO}=of-=Z#
zCQS0y1HMzN2tugoPo_N>))5iJD^J>k>c=RuSf+m6{3bE~Agfo9dL&EH&>!v-ij(zU
z!tdzQq=_b3Z(hbiwKD%T3N{(*9xWv5JKiKB`D16JE?X|!oS{Q192L(R5?m;aVXOte
zpTL-YNKr<Dr^{&d){v9QLNc`ZmjlZY^>5;)@u@(x2ef!NgL$bNs}7`$k;Voui|$ce
z8mnlRBgMpT962W?3jJ6GEt=DpHeD)qzD(wb@PdS)U3xP?jhLy%_;<X&q`>}ZRP^y=
z+TPwwl2%jqXK>S(r90-X^ei0Y45n_dnxO_BhO~4m#stcVPa!L0BGyz%333*Pw7E+b
z36cKq_pASYu8N5XO5N^#4u`E--RDokyU?vb?n=%li9C$?F%w0M+$gxo7)L}guoN)q
zsLP1bX2wq8zJqIWg)7KVMok}Iw-5)biHgnX2wNOC1%cpXtJ#^Gi{WA<<GvWS@TR)f
z_NuC&vfc`yPE@mgEpVJ72L~c`QMuL*oExs8Ght{K+23?D7CcRCsHyW`06ijX3(}nq
zZ)jksIuo9OyrC1+BW=&Ys%>Al_atpFYAPvji!^T2>kpEfJ40$;CXMTnID*wbPNRp}
zD5PDpq|;&fpS7HGFk^0<?CNP@Y}0-CRpr`foBBQAFW608>2Cg>4p#Y+At8biG1*KT
zeZ(s5jssF=#Y}|vE!|A|ocaqiMFk9jqQ=avW4X-S(c{@?y<45}f1bva<I^6oS!`6W
zo!FRV%O2#iimOyFz;^H$vz&-XCN0tPN=bwn`nh*qA8)D}nX1H>s+eWG7=`6F@``Tg
zN&vmpkLn0Y9NuK&8ZO#Sa3kl};`#Kyk$sswNrB4f@aGqQl*BQ_3uHcJz2eVy3+h`Y
z7t_A5?Em_{2w^>8OE0TixQhQ++z+$VIk}$WJeTAek`*`~VH*${q)AlDnB6K%C})<s
zT<&X*ja3fJH)~IvP?!Ewou~3rnWTXwt~?z0s$0wua%G0inGHF(P5G>w2j(OT7{tTU
zCSdb0IUc}MTF$I4t@iI?@N8<S_7jQx780bugL{QogU87FMP(_tc1lVuidyq_Ww-Sr
zUzO{2;yL^|Blz}mI28YbbF*A@&<Om*Co@t}vCe?-g76~l?T>SPeOoY~w~EhiI`T{c
z?@@G!6*yX{eomDZ4AE-pOdr{^g{vG%LPK^RBg*Rd0;~=j9Nt4Tgik`PVNDB1G;u?n
z$d+E=8RA(agH_#_rnQ96$=hX!B6kCa)!dTLV=90c|0B-=<OVTFmxx$cfIAR<8-N6B
zXY_&LIF5sP>TLNwi1ejd{tKT_z(5<1PY7lh_6p0e`OZ1z%72MJ<HaK)%f{<g9oE2d
z32(tiA@zDyj&HhicQw==Dh}T2B&uhkCS8S!9_M!53^|ni)I1T~^j9-&&(40cVgbIW
z(-b)$=CZ^y0Yy&1wOZ|*9o4Jd^pj*tU|qeplY_rZ@*9&DoTHX(65Mxc#mTKD+}$Ie
zn$Nf>Wh@X7q)ZQ1g!31QI-tKAPB^V&QYAZpkp&|f37u#R1oR(5ZY^l7Dl+=OJxJ~o
zzXMMQ-a84NV?Z<of;Sg!2Qhis4Gc2_3vwe^FpAkYuvq8~6e(n^ljf9RcHEohQLN%q
zcCamOJo|Z8MYj{|3A%8ScFyDj*gOb(oJ^V6_fSLxVxun=&!8zJyv#m7eMWr5<GAy#
z>DM{2nFirnJOc@x<ti=QwN*`6J#3Wu$H){#nf?=oL8F3nIEh3LB;<>-nT_*KrSt{S
z<<d7*iOx_tdAxFy0l#gA`sUrx)BR>xdMSE3)d)XrBN1|HF#20@$CkFcX7%knmzh3;
zUP&9uh{X~pf;DXBJ&S$<9fV)02WH%!>bQV{;uf4rmZ4LKG3*yt5$lccmsR06sq2k^
zeln`G1(s_ztaK=v8g$&$)`ym#)NA3IwwJ+^tK=@7uLYW4p@`2c6%MlJl}UuIE*+3P
zg7*Be*t<KNgCVv5gaffApD~&}W>&eh3X(B0ol845CH|-#ysm%eGh&<Jcls0e(cR|i
zwBMaIbGNrzO|Pb}Z#ALa;DxDmr6w5aR2%kvxWUX*9YlJld=VSlYNt<xeB5nXB~ktz
zHSxa~&hUqBs_Of>wx{Gkop<UL`0cOD(?_88*%?1_hs(6P%7NOHD;*%a8TnvLc-Fq;
zKhn|ne4%--0^U;2@w(5r+QG>ie{iZ>-u>f8|6D~Ks7=*LZkeYTwD<StKsdhXi!$sQ
zGfPxGl-%mcoci_xzkZ#~RQuzeU6b*n)-LQBP8$1^khWX9NaoR%riZ`%rQ+jIUXz*d
zL@}mQpw+GOP_F#9jix>L;2YW7V^C)2EoKW^n@jdKkH!r;1kIkpq+zqR3AxwP%5djj
z2eYJzNQ|53?xSz69QSBp=Qw3lwU5Vhe-sV#VKmt`b2GQPV}jdob9e>$=GZs@Hhr*6
zCQSWD$1!HuAk?Hs`3(Iu<g!;gZ){Po!R}}S-vE87W@EA<i>FvSy4k%IX><Jt(~T8L
zL6PuKrW;4(iq%kHsoudBy5E<IzLgT^8gXst&cd>V;bLZMH}&_7L$XR7b;0H8<kMWf
z{0;K=8&UE91uK%>dq^jFfq=Fzfq{_!gB7+$R(7gpwhlJ`fs6kGD6W02owqug_Fr{e
ze?a3;?Ivc~%>EnIld{TV$zw6@Ns$UynU!=~)gp-r0PCpbgcN**xayboD}^nCrX7z2
zB5=hNT7jhb)7?lpAozlX9m^-sx3BhJ#+caOm|UjJb=<kwSjQyUqf;K9D;Z~F$d?FN
z$pqHxesg3i?t_r@5uWR`6&4-6X0z)K(~EEp&D#{&vcBAe6aO)zyPZ+?>jCIsut`4(
zrK?cj7ZWy}HvxTq;>hbw=(v3rzW{|7TI_IS_11EgrQnz1arpw*FT}Z53seR`W5Y{J
zIP?pFNpSLfzL6ZsfeBNXkttrIIz^jrQ(&x})|v`WQ=vCj=5i+?cT4>hs*kK)8Q9>M
z)IV^N1(vv7*xf|Kl$gThN&aqA%ek+A?pyf_ZWhRq!&?6m@{1hUceejV>C>BPI%n)R
z7*jly`N-n-hea|)M|Ru7nMWcc9ipsB3Y+{LYc!HTWs#ycdT})Vy2QT)@M4Fv?6DPA
zzLPNdw~?$t7jE=th229k^$^KNT>nue!A3nYSTl0LR<I4vFwXd8t{cl^VeeUYkou=5
zls-(EGk<Z55ZeMgLjSYfWPnv<gz`vKeb62;Ub^54@dSx)$IhRGTpB%Z2xbikQUz=R
z!mMzZgsKF)2HztGhb;0r-*ilPinC_IDD7=*^=R|F?Iy`smQ-{~seXw+SU|8S%>vvH
z#yR0^e#!51uvU{q0UozpN?75;08ZeWdyvDUhf&f@Ihk^1s9~8Y(fMjRVhiyjhZC<z
zzPrf#6PS&)w_s3%X?=7qv1x)z)fk_H<xT61O&x(AcKu<X{P7%a>kQOc0HTm=4(UrV
zT^eam{nfb0MWUIz!5yn`GK2#7uUlhM3z=({Z6mP|ywbt=2y@@DN1(}dt2gBJi+*{t
z`@HqT?RSRroDXEpw-)!}jJWzDP#`hRbdQD+<CC~Vof;PFB2o%Ck+-3UEDt4Xf_FmH
zKYCs4d73sdjhniX#_iU!EH^9=uy-&vM>2jVA)kMCFqv@u?8-tbUyNk3$PM2lmP|Ml
z_wv+wN26`TQztDzA&+guLR`eNv=2$yXrgwiP~urBb`PqD)l4l=Y-XIu)XNhooRWaF
zo^UJk_MLUAOkERiCF>>E>CqS3yPq6nas>8jVnK1CI*e0VZjWl{k30w!T@KzjVfT{~
z(vh+3^>k7Wq)g8?cOA}$QMX}NoF~j+x&08ifZ=)eayjRJvjwVIoR<piJ;o2<V9=Rq
zV{%oHGHfYVnKx-R&9qT_EscUjS%FTv!7H%K`~o3(xzUFbg^QO$*s0VKc}GfYUS{-a
zgX0Q$apb5f&KY?rQB?v}5!53QYlGx#!KoXf^P9Zk6-ex3cw$2gr_pZUeU>slfmN%*
zX_ocLWSgm)Mc-grMZF1R>lK*OeITK2`Lv;Jm@1aYa-oN_Uv=zjG7?3Kg`8umj`W3#
zv)q*}Dv{DW3JKCYu$3vXUV~ROidLr+%2pOksTd2Uk4N8QnF{=HKe(#MH17M!Q_<Yx
zbuLktQ|MfyZ)qZ4B{E&!-sa`)d(7RdyLDU+2)fSx{kB}*rt9aM-YBHlik;fb5^CZ6
zktjA4P#6=vN~Qi*2e2X@Xr&`@Q7s0J7>kR4F^=Ug0`O~PM=SB6$A$`2vr#V_grMW(
z8Vu_)C=Oo!px9|p7-_q<ui<vd*V`ry=2^QzcI!P3?A&JBcC&2Xwp|6^<kgZLyzEGI
zNdK-#b$m;b>e^z+BshHDOLZ*fs1qH`{z17>{jW(XXYF_4k=yjQo4cjk7USlwLp$g$
z)@6Yi*UOE=+(MFr1-x>H@c;C9)Ku<Rq)q$pDQd!y+DS`7$kJ>Si>^^nWB&tKD22Vg
zPF8hx^BQ_hx2{YQ+*oBd<cag>39mgy{a@$pO!0$MNd88T@M4-{^i1HgJX0IH_D%c~
z9=3Ai&WG_<)l}Sz=ha~@Hu5>^ByZaz*$L!INcugb9%E96BSfJvjF0d8ndTq_+fx+0
zMX}EsS@<N>n?Kpuw8(I@_of<wli<YIL-3-V2T(b<Yx>Nyx|13<bg?;W0m3=!`a~F%
zdmEq~n@e#gdN<mCCu5jV=oo8`bB@~IhjJcE70dP+?vsZl^8WicP+F^obO^?=th9{_
zN-Y*!CrIqXS5`{H`pG`302zjYpbrX^fa2ZvYe^-EF(hW-M&h5*Ua1Q&#ieX#$B9|0
zV<c>ZUcg)@Ce@nltnoTwjL1LWqifm%f>#e2P!n$4H+{H18|b*QD!}>e_1PkPJ$9I9
zb+p`I!rI!}P@_bqgA59Y54Oogk;_#j-<=PU2pm;_k_iCZD9$EA6B_;Ixy&&N{`6o5
zv`J;J17ENLyepZ@1}DwoZ7kApF%SspG>KGhCWqMEocre#u0n7m>QJJyriD+D04d?F
zBrh!TTIT3*I5I+n5l@s40%nYYWL@)LE4?t46>oz{kaI`k=BtW<WWJW)XZ>!elfZ8>
zrd;)G)}cV29J%1J=?K@U5iO5NixWd$&4qIt;(t@qc3of`zoNLoJx|d?oKx4_@wcX-
zVbs&`3)k4S2!OSXRlXadI02!P4;#qaI6UcVe@GU#qK%7fS+3!U|4VBy{5)+Pi9S|)
zisn|As;*<RWQM0X1n-tpQ2$I~kwXm!zm)FxL#OzIS=hm>kA?cVWR75~GeS-~JrNy@
z#Mb^VOnpxqHxkWJd4GYYfCTY;kf{+&>3(LqJLvin{mhg|{wftp_DofRNh2Oi`^mEB
z5Lr5_&k`U0*6QvZ0R!UCF`$c5Dcc@ahjY^d&T4(W3hK1fD1K;0erm;%Idrh9WdA5u
zlVd-+TP5Dt%$r}s&jpA4Ms1%Xd!)0VNf@4i|77#S*~IdbNohsJ`3=Hy2$f+JG(a48
z7XNQtC$)jNyEe5&RlB9Z`<J3L>*Ae(H&YI@z5KyI+&)Rnx!ChP4)#(4H4YZ!)bN#N
zK?VFF@gM)$o`?<{-zG-j-Au)l#rd$s(MC|n_=}a1h`4H6WP1?`*w!RVacM)9vo@W|
zBG|@$Dp_ASvg4(o>+qtKTn{*!^B-Zm8&Ou~%7M%fU^aT-zx2W?LfoSp&_+W4?9Qg=
z6$gjPfuj_zC>hC#RofwnL+UJukeuAWg3}yXU`qy7u-Kv+ezTGp@AjWsf=>{!;L(Dr
zax>N(Zs6;WZij?G*s)l6=)LQpWetT1b!e1cgiZN@l(wFTd>~;|F)K!x?Jk=+p()64
zJ-N<dW++Lv1jY?1AVy=%HmSu_gn)l5FwF&Zz=MJPoC1;xi*o(g5Xx2H91J4WVewVT
zR|_p0K>_Xh??eec4|AwdSazrl_!K$d(6f7D-Jn-tJT!-28!Q1E0-lc-N7+jjb8YZ1
zuVWkn_`Ywgzn2G}92;W>yI%}1V*>u(k6YP4_Jn(U-f0pq%<E;NYv<FigE&r&@52%e
zUPT!N;+i~+1-7EGWL%OA?OCG>^BvF@s-#RZ%Cs@0L+gi!R?#%tTb9vM0qp=t#hNk|
z&P2A@VK87ZmoLlsK*v47-#&)@dA|%btg@8mvH6;4+ZXs%bBy=%56S4Dqwv;0Ol%Z#
zH__aSrqM?vXw5F9Oo5K1Q%XY%-R}Lp0w42`oEyedgy5Ou)$;DJJh3NZR0;$3q_T!S
z@0G{5Z!5Uw7k?r_qj{ehX)IvCWDZf5EdiS-n}jF)Vl3Qg$sw|9Mlhc5R~z+&@_W3H
zx;b&cxS50Y5Y0-H)as!Aa+T1O7LZmjEZqU9Z~}O#I2eV+&{d!j?V0(4YQt^^ctUF6
zqe|0l5t{BpoRQh1)l81`R_PWaN^*lxVQ{RWJ8a2r(_D#|?mgsh<c3G!MkJBET|Zym
zkG!0SKy2BB|G~wGTRK4$wo}yK(EvWk(SVdm6rkSzj0m8votSpGW!@nfl>J*q9(LpP
z+}J%P18@)aUm@oDKO-g^A)F>WcZbj`e=Y4Lod@6yr#g$gB7_uD1G1aj3**ZO2IQxe
z|8ZujqWmmXVke(XIy?0jqZsQS>`zC)9Y_)Y{n{TGGCtRF`Vrqe$OLa`KK4!PsxNt<
z0@ia2gv9#|XY!%_#GNJp)NB&X+k$_wMSL)517cj1$m4}csWNT?6pKcE51=ZLY4f%!
z;pEd}pMm5>)(L_5aJ1yc(0;Ltb9T}o#8vjrEbC0PZrB$ZR_$;y5U_%Khd6nC;2+E{
zym^=ASa(4HYxVp%*{s1+z})*o)F2u>dh{g<Fo>)%)0T6YaPBP*V7|_f-|Ray<ORwL
zW`3aE>2$B_tTlL@#}PAvQ*z>tF4eRNc+k^YHL8io_dFADexaGcdzNU~m2iy6o^8MQ
zOUbgU^ALJmxa(<+&{$ccVP-drR`Edf4SS$N@=}JwlLVc*-~kHtKJj-7Xt$m914jd9
zb9vBL&eS4+7~6ebb{NeX-isy{5O!Yk5C^I8WkDH?EE8mdb7cwIkz}226d-t2QON-o
zewp~TObHlSXcy4pj|*SN&1y%iA>AROTyP?O7~8vdC&IY^BEFCoaK&rf1PH;}KN9Jw
z1b#mGo~6yx>RlPi+BB&{Euv5sSMV=~hUT9?a%43<@_KWxp-FpZ%MOGjMBkkcKmeWt
zcE<&QKUWQmB4yWw4PY?^_IP?n9Y;Xcz|aqRHybSM(NE(*CEOWg(EGuMsF83#={euu
zF&ezb=%sXbDBI8b<E6(^l1ej%HZy7{nSo_!T81z}2u?mzoC;^ZAcoL(T1B98=#+h)
zK@B3cl<LP<W##f^PSQno*~QT7cZw(uAmmOlH7JZ!a}QU*$PBTv@mwIjK_9)AWqb;p
z3JRLQoe++bX+s6jH$F${8nhCgs`O)yX9Zxc&8{J2m#pwl^UQ=a7ZkyF$-v^m4TA-;
zz&nO$2SP!W(nJFkHsp+cW!FGWDC9B_2k147^nW!J2b(R%=8?z2bw5&!sF{EiQA8}b
zS6*5Fk}$Iep0&lWUL8R<gqOTec>ET<fldFiIN^Ab2sS2JRMFzxp%WHjkTFUq!syMb
z8;`x*+P*WtTj_eX-FIWoRUp81DO>iy=qX1+QMnf^pDayI4XgV0*Gutwo0~z+RF=%;
zIZ}JU7oxMu={nX7L~R_#8%kuuSHOr=H~wY`H(ZOpJR<-EfTM3CGzUB+iW2Zu=YAx*
zQ%9B}luy_PZ)f^>3o;5%gF)_3P$~5b1UHF*1||Yw73SWs6hJ9R=heO)q>*7nvStem
z_Th+#q*!=VuJV~LE90S~$+_=_12e4X$=J-<mdwm#@@svZ5B(^_L!z=L#7)gfn2(W_
z@Z)Geo^rG}9}jXe0^Ytulu1)Z!$p>pj6j8TMjX<z88q}vYixoIi{4-cifkCak;PKi
z4Ul>unP^_c3mc4Sf1oJBi&c`S43>N7E+7Xm0Ahh_d>uYga}fo1Lv|3-%57xH`;*Z_
z0gg>j-o`ped&crMZMTxr^j8j%@CniDAmB*sC}$9qfrLrMmhe#*JH6Hy-k45m9z-T-
z^JOhL)BZW1s&9(AqjQ%rg)*mV#2E^>7Tq^MqK;FtasEuK*ty@?`-*oD_p^_fAcBbR
zF?D7jFNVvklZmtcqWcwyIa*oYjp*kc?tM`w$0d)+FuB__`5n@R4bN6b<)Q{7a^+Bm
zG0$$9lwQgQlz%3X!5ON>^LGcHJ6$wO*PPX^qP83{UepNop%WML`W+;@G*wT`_#mL+
zg;2A!JE+DBw?-tD_z~}KM`4szepHx^rz}C`%a!i>Q|99<iX(sX<`Oy-TQPnV%v5NX
zTXZCYoN#BiDOi{J+zI1dfCsbz0YG<Cf2bM`PQLr6ASmrAm&{v0^JGqF<8+XXdhr6x
zN;6NGD_j4KPv7p)9FOu2_G;$~s31sZHa0n-#Ivs)U#cM8&?93|gSjh#vBC@l#rofe
z^?!-yZ}BhVem3EHA(WVdGVFC|Y&1-9T=3Y;x5J9<nv_z}CFZ#hT1i#I7A3Kg_9kd&
zxVfaa6vCVf?<r@^2R#+MqkiHq1*%JfYO{S?G=3k*Tk+GByw)VFCJP{-L8;|W7tS^6
zQhOdrQP|Sz@0lgD<o#6^$3|9_?VHEl!=TVfA=C0fo<KK{R2~s~Rx?QG<mlgYA7AeN
zh3g&3>2V_8?KR&|tyT2Yj^@uT<&7;(Ff+(%Q>M}rvy#wP@tPDVEv-q3Q)V*u&y@Tg
zv7&%olEWy?oYp~XzqJ;_EJ<8GCvlg=?L<7(Ng!w%ztMdnOe^)Tki0@TC)g9tl3?T4
zGvJoU9lcLk<V@4~K3-(Y^T-lcnohA~iC$vFpbm506w7tHZ?M9Y$=ADhisJ4)#FeS9
zNK<cQrQo}NiiEL3l~L%FkFQuF$&>X0<SzZWN&V_ycnW7L<D>26tuEo%W~((i7g{}s
zb^RFXEn%n;j5ILI63)~xy_aj80{h21;oa3bSG=O(QvVutGi2g%Zc<{f!ngByTgEqw
zzVlea{)?riWh}P>`EqlFVRJHGl|%*R=nC235><8VsVWA;m%<Pe01uHnk0lrK+ToD>
zh@KPZNr?#$tRkvZ_|EOFp@csCaL8IHZ25`zx4AsG)rt<w^iU)vBzlk;>fd80R5IV5
zhhN-WGAdZ}e|xS|+^thwhwXfTq6-9iV#@v+fzL?`qCYy&*F(8KZI~;Vt%~4=As6dh
zDZCftXE$j14qJG4nu%Mj-qh7KypDOc%k_a@_0r{)D^-AW@BTk4csQs6gSUe2uQk*@
z*rvp0_d&<|v)~D1OL~P8|9HZhV2qz_J4{$^?<|n&t(6qKt8?iWZN1$&@EA0gz`GCh
z=OZEP4{&?OFGh+<?|jZfwgzAg&g>@cmUPa}d+fF|tE8f6aXmvD93T6^J>k_mg;U&2
zT)OEt8+*Sg{=JUWH4+`aVOF<BMiR<uJ#nQV((@ItbK&^AdKblz=7Km=9#~0s2@y2#
zmJ(X^8{UNAxQc9h=jgWhgWv*A-akr;Xkh--xk`T{Xx|8Q6&ffOsB7G<68D10XvrRV
z)#@EH6Lil!;|<nDvw7V9H609a!tf?5&kW##H%|bKxkX3M;LZ7a*fEzK=YlBA9s~qU
ziiB&{@&X0;oVu1+w{K8t&5mN|DVpPzI`zcsDU(={1Qw7X<qTFdURC8sr9IT-Z^C$w
zutkg=JjWY>U9f-2k!0Gf$wEu__z*7#WP20V&<`#yJH!nBrI>%9QW?h4(Bj(rTkVs$
z#aq#kzsGT-R~0-2KJ1djAARUy)L|1lwjZ%A{7hdAznSy^=f}WW5-P<RDhPO2&eYfT
zJO`#jfZaS!F3Jpv8G`yU`WX<<N=T1!Ly%eRTC3$BUZG(Oj~nosxseCm^kP*Th!g+r
zj4-(aRSpuGRGLb|WQc(PL_L)gV|mzRO`onAmaud(Pn1(RA2zaG@!0e+L>U-w3W~Cx
zjsb~1SnX@~*lf3li{L!N^#h?>8F6@G&b+6|Z8pt=W=k979GxCS_Gd2wJg-40d%7lN
zK2Xc()xc8iRRcJo_3Y0Eb3{I7O>~jX8?_vBTF4BP;D17T=2`qcPFjfXqFaW=2fF8}
z68pn8x^UJcO<)Ci!)UR^@^scs4XfYo#dF{S!HJ7V@P(uY;Y<{tK{e!Q+myCzU8$R^
z3crEfh{*Axa%{iwMFAUP!Fu0mWO-<pw%9y8hJt10MoQ#i3bFn3iv@BTNxGSgLr(`8
zPYdkq0uecQ(lT5oq{RN?&W7<H9{yjtpDFKcv)Y(Cp@DrvzK`H*?G6rHZ(e=I*<c}j
z+onJA;)C4!D3-||jEnqvoR^BUGswQ)z*8x0Sxaw%B*|PAXoIk90;;!tKsQ4$iak`e
zyZfVMjWkFmBK+8~zwm+7N{?E>D?7A#M2j={yeiIS&6U-3CR`98w1}`5piRGV$ET-;
z<AZBxcbF$M%F93*rN>W2`gax*Z;&RuUIziz0f+)go*IWgaPzBLpcH!@hQG=tC0YK!
zDS$z!9+aapbi$m^G}8bZafPUxQnq{w9GBGDbmycAsV6Nl<AR1noKZy;Id~NGY3a&<
z?r3qVJj|AYJJ-p1VmebHmyUBYy6XVK-IJ68@U#{0vU0Zrs9wX#XvykYPFWU|R77b+
zuQL4#(}I^Fg9t1y{#|_!zBW`XEM<!r$Y2Ge0!T+b_IbLuD3r2-^>nb{@CEx}J?6{`
z$BBed=zd1+jE1y1+>*lZ{QE8E3#tB*y7fIGAbTspK%>}43V$pH+whITG#L@0;5(cy
z<+ash4)N2+dxU_{vu|*RpfH7iSSG~{RPN6?5WxgzDP6AzgP|zNTe@+Le<>0h*2W5t
zq5G7)Fk!^kPr120uvCL5P+cIqPUI1PLW}2%0{T90cpBOpx)0uMr|{_K(c`sJi&XUP
z*05WeV^nR`9?b{YgRCJzx98%md+pew6MW0JcG)0T4cD$VKhr$-x$&Dh&fH$Z+t{u&
zy=gjDC^gD)@MCpNzX&;h;Btyvcvartmgmn%xU{h=55FPLjE^bJZ(%&(;-=OC(E<+v
zSeC*n4EI|Kew+>8S5shb8$5-1Jy%EhEQ<S<67VoEsuZ%|Cq7NNar6qdT0Oan1{>a(
zXr0@&FJD|9r?VUtps{XVXP?X7lEeZgU+^uzSyDKeZ;6Wz@kMNN9mo4DTP9RsZ^v9e
z;TQ2pSNOAMeLZs3j5g8Ks<=~C0V1Bry!+P$x8S8fjR@7s==(*)#-$e~A<%SKM%pG!
z4OEubOckIF0lqP%&meyxDDmm4?fzA#yNxt2WqGdNBHAWIY|g?MlUMh6s4EMUxX{1z
zR{>jeWe;dmdE|9dsr7=NVai;n45{e-qo>C1q`gF-8?)2tK51C{o4r$b9e@>#6c{X@
z?&1vz*|xH2AeQD^)Fe)^=y9JbhGXQgJ(g(MN?Jv>z(E-~Iq-`Ev3YPZwf-|ZKe+gK
zOL<7?LBE}bs!s8=nJ9)5v2s{%=(|OYhQh2l;0pWAPD8ID^S1KN%}FtG=$XZIBO6<-
zh`+~^8?0|{U*C&(@ACO+-tOFB@qz~x(>89nwqx7rfY7kMtJQ|gAXV-06!bQprA?zk
z6Zr=pxhJwH0V8cGF}&Oq9?C0-zEm-!i#zf9bz8l@`!dVU+QZOos~3TQean1oW9RmX
zc8sid$LY^hIEg&pUOXW^o})b-IV0mt`PiDD`JK>F@+mwA^48oLbI{=5N9QWnT{~Oc
z8+f>BXZFmQ9Q+`ht#d*LpT9P^@b5_JzdCh9_LCsuehlaaD`O-LbJCzmqn?dsHol0g
z$}`inT0IVZ)PQjzb#Y)m8<OtQIq@dkc9^{dUnQI25d`~@U+OfeT#Ot}8$Fotpsm^-
zie|$$Q9OiSmtb3~p)DW4);cg4>>VhvyRUSZQzxgmfQ572U|Ys$n`y=^>>LaQ-Gphp
z5@|kF@?OBZqp;T3<27CPh1MPeOguRm3^4baVAI*DwQZ^n3vAahiA3*Aw|w#42YwZ+
zCAy6f<aAVerJy!LrDj?w2?_?=v=$rNTk#?aeBvLz<A}%uR@Bx6Ly`w;%Y0tGFm^>=
z$CR?jE6MoT%s*xTw1UI!W(hdcECu0aGezsj<vE{Y!aA!;7IfBE({k%9J-<2`xBYvo
zCj_CutXPKQ^KAB$TE2fv9L8qP9Ou!;y`SD3p(WY=J{SdoGWr$C0Ki>eIs06@gX9P+
zmeM=EkM*cV@hv>`Q}n0wNuWLeys!Se8JN@o=q4JK+Buuh(sX?TygE&9T2DWn;b{SE
z+q*F%zlh*87juAfX7v>Uy#oYZxy6#W6@l7G>ppS7zn8|zhQb8Cj_TJBk-r-_I4;<P
zl@@24{g_NupP8~>vw)<?EFZ2aBY@m2A@ZH!QE`4~ns2wqk3`Z@>wx1&JmDj&J?6HR
z)9?e<cgyJLZfz|Knfoix@;P<(SmFA3{cq(IAXUMx;7w<XC7`PDfDZ?j@KYI%wz?iW
z_rm!A!osZgqqp3(=e0#K3^U(LIr45r#R#+imNcvWp+)7mO~!`LV9gBX`hz+2S-&ix
zy{LHoliW^eTxCwfDSGIuq;F6M?JSpV5tcLFD^mDVrdu=+E{A^O+GWPK+d5m%T5wv(
z!hX#~Z|oYueb9K%1Srk<UqNaep;3n=F?&#7(gPD+!i^@S7b&92aF__SDrOs7Dd@v}
zz4@8jri{Vn{O<KRj<3oq*Ht}RSjU}eJiDgPKKKZwv9+#oB7f`^aYk=COa-08fN%JU
zu-XtvW@F9|JK^kO9KQh>cIAQ!Led#0m=uo1o&fqEE9dR0v`2BB(4#2AvW(yV>fEy%
zxXDM#E1_C?>vawIIV1SlMJMwD;|et?Y-B|I`dM}br2zC(rRUcjW@b_;9{$_U>(1+B
zkNS*2FsAi*0b8-(iF&QGC|8>Mn7wBB`HY<Ss1bN+i_G^h-W7tu#TytDdaLqOJrhR&
zmAJASJu@uFSN`D$9s0(d)xmk2VRmCTo!~gDcG{^Hckhyw&344`A8Op_fzTA-{0054
zGA-(?mbel4u>Qp0wIJnUBt0n}U=hYLhenI9bsE8r1Y~|Z$kTK~Q(0jjWg?PN7hf3T
z$gU;8Q;0;awn3!~{x8WLopj?w=T%X;KQD({CFqZ?+x%R*<jwn|?mluXXr$=j-Crsi
z$VGFI=7FaK>bh6Z-YWsk>_=V&wEeBGoL?sz?|k%ZFa;IVNO9KlVTjZ%;%vu%Pb2Pk
zc4JZ>8llUqm4%q-RfJ5AMA|}wWgK{R!eTBXi|eo$9zxbOxO6@`ub}C;WVQTgIuoE$
z^~scmv<71R$bAx%8c+*w6W8G*H00FeSrHo#BpB5Y5=k4R9`Tu3T-c(8K{grd(AlM-
zfSY6^<xO5x`OdcMClQPnh}v?&2*pq;i)PUXr>>oz(iN><t%06}PsK@l0Sj={&t#5F
zIeA8YLf==RhfUCSIyJZUrNee)Z&^w@>)|}#YIQPxe7^_d69^1ZlEa%QoG|s|1j^Id
z3sGn_4BaD5mTJlizM2Q4o_Da5SV=rfH1089cp#r()u%%@@pnWHmcDqUc#_&V<tHuY
z#+WM|dK4Efy@`zMFV6rNG=FcPEJGM@na`IpA_i!Em*F7HDF35-f*{!<M(DuSwhin=
zX$-1dX<3>-2#g+Z+Q^qkhhiffKa;x5(I7-wT0kHI80rx1nUjMsQL4B6=#`+}4YvvU
zQ!Ou7e9ba1k)91a0S(jo-8<)-eC<b?G?dC6jh;(EAg)8|`)3|TK;&v{P3XnX8gbzI
z52TRYsjMH6h@^FO0(8y94^N9Wa1V@Y{YL7NdB7t(O;A>uwL;d0Zn@ui8_ft1h9}P9
z-JjR;V{KbBNCX#(&LOYbhqsf<>6j?@B1;9ViCGZo9MBW&<GTr(-iDr}`#@*HvJD%T
zcmW&*D_gFc!FG^CGa96<+ceUW@VA*df$Pc@h_bd;{jZ|-(WP4&M5|p5@d(_tap#(~
z#ERJ_nZ3jw6bI?@-Q8=K@Lj#=6>?`J;D3421kx2VD<o1`{{AMWHmgPh$L<w~ay%cX
zM%LpTsF}4HjfqQ}8@6<ij_$U#{?4;XI}+trfGf{i1WB08KeKz1gU}6$R9iLv1JR{2
z$CyZO*SzP<8EO>Q3I@H)nNZc*Jvk<k^9)ao7r!{9x99J@pq|PEhd>iEJ13x#!(+Si
zRlkB;u0_;jT7aviFfXHT<Gg_g9*Dsk%eiyu==8!19z+L7cwSKBMJ{EQ(Zq@J;LI4i
z!pBK41Mg_+1)Dsm2(rS?Btly(DlS2foldX7C6l-?f0odnV!7rH<P0o`$|(eqx;~9A
zaK(~eIK@pV2-$dL1-5bV2O0#+EGe&@Pr7biaO0Ib%;H=OTuG_1DspO*>{xPX_fjsX
zBBkJjn=`9DDuoxLtNR1tv^T+wU71Qw6RkS1jNO109}{mYs6-#Fxw6J=9E@Mf;=6K5
z(9#-~)D0|rNChV$j8#?-TAdPI4!DqWQ{pvFJoW#`(Dibv^R>EM!yIt+ZmMYPpT+D*
zk`VA<gP~3%@fN$+X_Je;P8*rVFSjb!TzDO6#vanhfyb>P&+X^XoLah?JU6*=2}1_f
zroG_hi;DPl8}r~+M~|4BLi8bkNLcz@AK2zs;ozkQ)($SxOB|7gNJ7KIH8NR+4<ch5
zcxAyrE=K+3*xSidrGW}o$g*uBQwxsOr}KQ}e90*c!++s4H|8mHm(#DZc6`zm=U5_r
zvVC@Ip^&_uR7-aT^HhnASidw2Ua;-`^w~8WRA1Win=F`3?Ft&0U{$=e`pn78Irk{2
z8%T7+w;ml|U|VU}=9gF|VwNeVhWd+<VMwB`en9HVH!pHts`doyGe6me3;#^u(4&7&
zdKrl1lkqMr>&q9X?*M;@KUsxSc_y<AGYBl<fP`rD$l`jj4LsIdO>+t*pHtYSYni+&
zNy34^=``%Yy&PLK=7_7nRI(kz3fMb(dv;~6qIj`_*Y_4K{#v%Vt+FohSgCPT_>Vei
zo_OUHH&KjZGj145l)l5)(h~q_3^ci9b&P9GwChrrVf;`ek*ZCb9}E^OE@|hSEz8TA
zufdSO#@k?pago8Z$f>M@kl4(}@ib}WoV>!1&D)c9N8s$eAg2i_7Y}R(96$)I`)8>P
z(G#et%95Q?C_=hE44_ctR7;99q;Vd}O5j{YfyV5u(lv1ocGN+*9|9e1Xd~fyHns%~
z<k%4$et{eSvS9E`8tohb(B!K`!a4e7T})BMumGn~2+<s|uon;8NRsLKr3#lc&Oy$u
zqi`|=M)?vx>?jslJe~uW!?P~w73>-05tOkE%`t&PBv56UrAW>pK%5=_;Ty9mtbt69
zzM>qvRQ5m~O2C$!iq<LyQ=J=JArH45${5Z7$?}TOzq7Ej>yDUH05;^GVOI%1#{uk1
z!w67$-WT!<k{B`st~Kt`9hCAMN<3>u>NqYJ!udG$9H*-VN$=4{05L@bx<yF3rcu0j
zWFw-$K5-r*;_SPSM{Qb_t)m@fJpfWuKN1lsrjfMkkVEiZJ9P989n>hV2=gCJgBqgF
zr~KuBRrWCPX4Te9pH(-4M_~9(UAI6>PGD<PElzLwwrH)>Z=X!GG~6m}MnG0|CuYWw
zClmu-cQ8pVSa(2gVl&SXJX#&)tX^&++ZHvibbuBj!xd$d{lm4{fYl}D`)9S-4vY0o
z(%+lf**m@FiLQ;3(;M#K@9)BmMw<w>)(C3?JQwdWThv8@EA8Ba8)^ojqA9r%@+L?}
zE&aru2<)ry{d5=hse74K8+1P@9flDGPr%w&6NcY}#HDe`!5k9dJ0|~T!^?H;B(6PU
z4gahCi`CVVa(z!@0qb3OIWO%4CM)omFU}wLy>s%Il{4}qxs6`MD|fe6)gvvE-$a4&
zL18IP<j-D310U08EzsFo6P}x+Vz3&N?+VN5etT@ZfEI6apvCy8g)*Q;V3L<+ggXYY
z{wo&y5ms4ka^B%k@{LnE5{iQLU_*LG-k(2M8vn_nJuiwjC+C0*_`}vbb5nmBq`ycV
z;ELEJc?$+{k0b;DmWpzqb)MGL2YdZyn+_A8=%LtXLp59Pf^xDJvLwy#EXr0><rshY
zo-s@b7SQCol%&Bete_zv8?c~8iWD=5Lt++jIKVK|SsV*nHD7&T9Y7NWcLaC9dv8_M
z^k|)t`+P-)W7Ph{htriVTHbfjC;34+;xqICz4LXUbqB*ue(1<S@u$Egi)9>bInv%d
zB$r~+2`VkUA>SH*F$E>KP)g!(S*5Ia#kcMjk7}x4a#W0zpw_l^?N5&ODw>a2eN)hu
zRQ-2}z%1i@60{}^$6D)w#T$#M+V!+5m%cM#I0uevenNzEPmoBJWe(I9O&T8g_sR(Q
zLmUPoSP9n|A|#1%cX!ZuVcsrz)=J3cv)AIRj?!keU|?Ixjh5tsKyx)>&UIT4-(6#D
zr_}A5`$pdErvB*W;jH5522E6XY-h#M-E}*68u@>V{!jdW>;Kn%-FI}?GDK-7?`I^M
z2FX808Wp`mzuG6^PZDdeygIdA+G-{}5@3+NjonP;f1p{P{Erham6O->{i|3`-*5#{
zGM&g?U<7L!fN(E8^hz3M`vgBvV=tQS;XVU*i|O^zE|<ESO*$WiZvUnMwLVUg7AE?a
zK`|*ffinnGw-nH*-@#ky6G<@iH1~a#sr761f!8mXUi_w8zFQ5j&Glj!DOsz0-C+Np
zxChMj!Z+8;pnUhg)PL?ZNQKJn<?<)@Gk^NB*8gVzw*c`9Bw+Pzv{}hxF+xjvqklsN
zEfY9}&qByvBR#Lx(4T2e$ozU556beEf#v<N2FLN>(<JM{+3lv&kuS$;t4eOG)ykW`
zfVua!u1~G4PYpxN-?!Svk)_5ywf284*CO~sedGV%>aW!|D9kt0Zp(2ToShy3)7zyc
zKAg$!GF|3%2&Z+!oz~gyE}^{rKfQiZwQZhrw@Ixt-EE$0?6;dIdRsl0>B|@Y-`4k&
zzDzK9Qp@J?NP(W0ljv=y+m89pBe(8;G*ezlD9*|LVK|L6>Mc#KLWtxA(2pCES?&#Z
zBj0Sk-^~;#m=nU%U%dadxQdwol(CITF~{cLUd8m7^5U}QIy61%$M~H(a6jKexMTHu
z0>bTK6z>tR4k39^c_3J?853OWG}lerhxYO$P6tO{_I^luC-Q%xn!iS!O+ahzC#m5o
zCFobVx|>Mm2;N9{ZA#uy<8SdhV{2i_p!@=7;DeAjHz-%TXZ$<pfIf6<6!hSsn8Z{c
zMcSq%9;aeBmJK}Vr#&DoC*6$rP9(aG6nghqN?LTT+cui+e#`!k?5qe{8Da#%gZIv<
z<VuSOS|+ykTD+}n2G!?vL&k2=k-g3HGE7sexzYBmp(dNDFSJujkZ+aKX$#H91lA9&
zVlMz2R2n57z}UwHCk%d0$CNWDzz;j$pOB5YjT;P@@?kPI-NW_cgxT}rAB4>p?RCGa
z#WslT;~=eIK!8sGeS5;vCqqMk|EG-=5Bw*lKHTwmguown8FrtikCPE#9RziaPDly_
z4T{Ir!Q^2ecLuhKsKw_eS4Qd}wGXt8Nx?AynS2rs4Aa>Rs}4^p4dfrT5Y*)p8BhKa
z0WkK8^2)K+2byBl*~3*Wfu?PMjZ4^wh0}vhhb4smTI>EZ=Ej`15WPZG?`IEa1`ZA%
zHhQA|yUTujtjvU?NMI;CQ%yB!>5<}jd9w8)cBD}hh5^yH5jHadz>LIOLE?I}`ZR13
zmz!Ngk{9+b6G;X%;Whs!PA;mfMD_p9cpU)j`fL>e70+L3F(Z&%pN%wJoue%?A!W(t
zjQrklZVZnqwpM$vi?wO3V@d>?e>7x!{0tFSZUt=*R@x2F=LHlMR)X_9kgcNV>_0!d
zss!~8pA!Gna{Fo=y3iqH=nG<+{@+Cf$W$QXt4)P#SyjP$&aw?zcl*(Ff9(ys#B6<M
zgUYmic;N9^sP3IMMmjoV+R9pt{PVkTV_dW<$h$&iFRwRJ;4E3ht%3BvfC`f9N9oy<
zV{j=_?W5fS+o;eiH(0UA?J$NVXtm3ddpCzur4?N<zv#C9l!#mSHBdG{pOl53s#Al|
zmS|y7pdVi7%`_FRVdLR8XD?5Sp79oPEoU$EgLLLOeHH~_IVUAx1M8G+E^gz3nr%+@
zNOf8?fIkxjQlmO~7yu!9Js(JonTW84ruG1zDHtmN=E>CIC|(Z=FtUIQlyk%gHo#SD
z40(;HVmqbtNs_JSj&8O13UzRqCZoF%V`s@t(_N11%n*IK6WNMYK*4QM8Kk>%r7Jv#
z#$PyN-2#^n#b-l`R^8476e{i_ZKR(75DeW=Gc1>WtTB+=xE7l{%6FQ)Vzk{1bHDB&
zE+geD%-{9&Ghpk!dQo)#Sw+aOG^%oje?hb)3M;2TFGifUFHu|c;2q3^I&4JBGL@>r
z%_>~T!!ftBjhf7l?odm}avBf}EK*gKL9R%TwJ$Yd;u`0LA&!+pVF&pYp;-&Ac|f6B
zpquv=#rGcYIKnkQQaq|5q@lM($NlY=B;E(j^gyI{R2mZ`3S}HJAjU!-EO87eD3t>o
z<)`LNpjt|DZ5GhNtJ5s8YW0{Cls02EP-){65H6TpC6LZ?jxgc*p(<t`@!FY$Y^nAK
zuFZzaYdf2yQG6q`9P8ehzD(*HBfd>VyzG;HbKi-Rv?v|m9?h%ohxgm=x=L*|df_+s
z_A5-^+y!JnLI&$KU$3{B{CDn@_!6MUDeLp={`1C?F>oaWbH5xXPCC&ao`dlKIbA5b
zzb?rE{PS>NLnK5w3vCp^HBnF8R+i7X`X-71vBP&d;5xI~XO_JaxW(peXEE2Zx#Rn4
zNa&}1&8F~=vSUamNn&$CQ$~*5-n7IT9I!xxB+(ti2`2Fs60cN_CY)a;A6o=?F7U=n
z%ra4r+0GSr;FQfQKy(oRFWHYhh@BJY<&xuq%Q$IEWD%9AADm-TAPfy(q6op83l4{O
zOUCWd3b@ln@3UX*IDqKe-zmsB9|0z^W|p%%@wOG$_t~)E$k?-SyxR!4H@m}P-}j3F
z!KhVdh;hP_W7Hly_=ocnY_9E$AbV4(_9jHa-JJa#_@7=ADPv68*R22LG!VTzTh6GM
z*ltfg?E;i8<-3LsvWw0BMFIXZre+&E8RRzc2jQiQ?yJ)`U~8G>g77~c%|jLk4o+Yf
z3K{wd*j!P5H>%apIfR_>&;0fMjP@wNJzN-B-3N)CAbd?AtY>ll#U!cUI`<EPC<H&c
z%owl@+_e0{qxWB9vj%10bbdiPQew+g#j{A;#pt~+XeeHIY<87FDGs{I$9O6+A7T)h
zbz|j;WdURbj1J!f<v+IpfAHw$xWcj79LsMpG@Xw-y%&`RI)70aVPeRnco=^H--B}b
z@f@kHL|BT#dP%rl3X$SyL2w#5jQRsuhhYD1E&qq1o2TDJi*5gppL6gk()f9`l0#au
zI^PHi!}LrizEuoJ*6K-qyfXVh+dqEg=*Q9B@x?(L1;y>9V6>&c@M)Rp>mwl<pz#6N
z8voP=8?s|3oY`W@U4e{i?UVVi6RVAiX`HXd&owC6C=wOGP$s7A7W%HP0bqM3Y@9+c
z)KPk029P5JYjnOU@5)*Xe|8{!&%VzYk@t?%&5KldJSfR0xu3#@XSj~R=<u&_e?D{u
zXachBiP!GkRC}dx%}-G_c~=F3k_b?&>3iMjul<U3qaHQ0#2Ocd?<ro|GS&=LinDQb
zGAJ6VeIvcqPH~Te81=Ithu#i2iDIg6*)q+Lksc2INi__u)$U)@4YGQ~iL!`*^&uPi
z9g}q3J`%q$AR0L2+I&~fMao3Nqriz6l002KQ51H6iATi}C@z@wa=FQ}Z`>9fAz1Xq
zM_ucD)Y}9~SDP*vely<LH@J!CjzWG&Z7`CvPG7;KTEcnqA^T4mHNFM=6Lt=C+}W3D
zoQkN)AhaxU&(G$E4SkVKHhtTx0t?#D+jx=%uz7PLn18DoBNZYR|Jtat0IJ}Oe5>Ic
zQ8`m+()N~{$`Hq~tny`;AlY#xj0Q%ykLy34H2<Y?m01de2n;WtRXgkNhISGl87q~0
zE?W^;%RQd)3T8?0*Vv}2#y^J;@+D3qSo1fNq(Z+B^gles@oE#2Pl(`ewCN@|oB}8D
zw)ief5x6FerRV)qDpFg6CiIcJ42g%7dOO?J7?QB)g(l49A@!MV)iZ|uU`FL106*Fz
z&3kk_K`k59jIAyEYR!N#UWp{Slm$EQfBxfS`|0<)oF^#KK=@>UihS^@z}xqN`0ljM
zPcLZ`(Qg9!`%~p4j<G~yPnmpBe3CSsJB#3}>6htTMV?-9x|=Rg{?NtgTT5%1ZordJ
z#y#xSH6Q3rI6*r_KxZHZM#VMK=s0x!$57Hy@K4a(zj!8SxIykwB^$;Y;OIlb0r<&B
zK_dofm22>XlwakaqN~ynF%VrA0G=~EO_kzQ^7L6a%YXOQdeXVOQgZfG1%-5@>v6<!
zGH_*uoi4#a{<z3*91fNOW98npuOD4wK=dwCG*OgJ(g#TYDag#tmTDaKaY$R%ctNrU
zTmAG^e`kyVf$-?fa{Q7wuL>zdMN5sf;t=*u++q5oh4K43lYxqJAS(y;HgjWzln2Dx
zfwY#3istz9R?j%Oek5!{XYruoRGyZ~h0QZ%K$FNKdI^cOf9uBU)t{Ra*Be;4HmPiT
z$VD2)k~uWkQ$^GYgAADO0_2|q6l!;R-PAlN8IrPJU(kHxWEi&RN&31g9HD_=0MNjn
ztl_w8LxpHpLHWY|cEw%Pad;o)roSwlXp}&D(OYEDA%&s4zypKTRz{zRjiIb%-EJb0
zl_G0mz|IO0+}wSrQ;Hk(c>6<S<*lsi#Y&<X<$`#%72?1TpCpkMe#cWZHa5>$WGH?>
zodm#>PrZwi8we9QKV+Y#UFe{Ixx-hI*BA9(1G6J3_m2xbG%rT+%Fp@Hrkt?^1VeC|
zK@M*fRj&*|Gl^RX&6<p0<u3W(pcZd*MBY_p@@r`lgT-ZE4K=;R9_KfMQG~t+rO4pg
z>!ViRo;#H-<=f%3uC4~kP0iLOWBl-~Q1Z2lM@b>gXxT>h@J@*Hx7G~1Em+z1>rIz#
z^(8uh>GPf>@JjsvKhvMq_qG`F5qzz^p!c>~^v98N|KyXcy@OxuDL@!NoRv8Y3yZ+Q
zFydDpC)hqG3}STqR<iMn^~Vw0yM7z>(s$-XKc5t9H-9v_i$jnuuh|oV*q;$U0-Kd_
zQQ;rDjjoNaKY<|$m6gx}JB=9<uPnb|ET(3L7!2vWvw?%m-a*7%=pu#;lbxDX@u+Gf
z>!0cgyBkX^r@GAB#V?eYB(>))v|kKV<t$K;|7Y?i%BE!sPIxWqc+**-gfpm0k@H4p
zdsM+A=c?0Q!mC#wSRfL?#<Tx}&EX6yQ+)%o?$i5Soo@%ZBu$;NX4?{vq|5uZ<=;@4
z_cZ83#p$<OX1}#zTVj9H_D$>SJI1q9-!`wP75F*-7W>DiKNX7Z#O+pmcQUiMpKrEv
zyIR+ka~xBJ%K86wOp42zek8cWQ-ptZ!G$V?=`O$f^f-^6c>iWn#JeAr_IjON$LsmF
zm3dy#>pbNDc2b4JbeGV?!u07!jJ{15jS<>anKJ#C{`*N0V$Y<OJih*D(hHpe&k~@K
zw_=6l+nnXktlcWVs7Ju{)v@gl+FxX(Ru}%dzefJiasmCP$J-xUeAjs&alksu^|49w
zV?pN=xg3+de<_NyZ7?|ZbTRAX|2!tK?USxAd}7J8()nb#(PJ@N-}olg@3Xt6Ofzq)
z-r%+B!1ZS*mS^<oyqdEh-*$rKregQvB}q@p&D`~tx8Ccw-1JDZp?U4uiCZl<eF&bd
zEPqTUGBo1OO_|8ISGF}N2AMa%+0^-zcjD<oG0ibG49-g`ii=IHpPb5{nB|)-bnTgb
zphmTH4QE(DaPmjakG(H*9#k93ypPv@{oFC_*1_{9TlQ`Ld-%&!{z9SFgD+I~P5Sbu
zUH0Gf!Z*U!YHTiz6FKh7`y3M}l>Aj!(QC=1!^WQ<?42VYk?eB%sPYPiv|pcW7#{q8
z|Nl??W98ThF|3c-Zy#XTEdKmutdO$4<axF)uR5IfxHSE}E+RH_u8LAhI#ZQsXBkV@
zV_8mJYk5vtqjSo6es@0iPXE*GX#aOZ^8Pcuuct`4stHJ$D|9j5oL*Ke^u9w{{OE<p
zrxo__?Xj5mQ1z7l%Xqfm!qo;7l5+GHXgIE^+^E>LJJ;v=M5~#{Q;lVx{aMlVe%fIH
z6`2cyOFW*{h)A39x3<bL+H?vZ7AsSda<XU%O}(~ohU-<ie}zeNN_q~S*{RZLBI74B
zLnkj~8&_x6nq21)q3eH79G$zy;`ybMS2bta#tT=S?ud{$aKJjrz0uH7=T>vUG!309
z5##@6s~UZ--{O@O{W0aA(JZaoMW<96|NT-j>_|GwwOu?kk4tog$OkoL<vtls-HEk#
zQ*<o5J&!QH+&S4;?cR+UMoV|>`&e^$$Fb;E#$W&R?3^-tI8Xig@_xE#{+vtp3G1x4
zPcaEx{ch={Xe*1XBZXY$4+BizpSry{#V3Euk2P<^7X9_%fA9Q!z4RYvAy%si72Dk;
zRHJ5e&1K@%72Z&)^Tz1D+C#S`$<|&9ZaV_H@_Un3`c3*+*i~P8S#x*K`aeSZCY}EN
z?5}<k->2_MXXH<Qy)tXJg~?u(vq9B*CRGu9Z65BYC;JOJKD~S~e)-NbzWJwp7Zr%#
z5|*g{t@k+J{@)MN{I2x{;&(Saj!($kxxeN|X<DJ(qb1XQenchDIic)V<@x@T)cGYf
zmp;uGpH-Xs!nLsIj9;+A7f$=ILo<u6Zz;NVsrO4w)E$pYdrf|8R2!N-nBeJ_xa8K(
zI|BOmgIm}RFdLtF$5Vdgzn4(TGo^D+v?>mZ-l=5LlHVTkq(IT%&UU-DQrWvSG4qlv
zf31p)=RBs;3j+MpIk{*2xLtqX|KIumZ$>5&2HYpA0Cztl0UYP6pc{g|e;Q#zIPkC*
WjNQ}$-mGjOB}_or0;B_6K|BD&=4hAz

diff --git a/Solutions/IllumioSaaS/Package/createUiDefinition.json b/Solutions/IllumioSaaS/Package/createUiDefinition.json
index cb18df34c5f..2feed2f85a0 100644
--- a/Solutions/IllumioSaaS/Package/createUiDefinition.json
+++ b/Solutions/IllumioSaaS/Package/createUiDefinition.json
@@ -6,7 +6,7 @@
     "config": {
       "isWizard": false,
       "basics": {
-        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/IllumioLogo.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/IllumioSaaS/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\n[IllumioSaaS](https://www.illumio.com/) solution provides ability to ingest auditable and flow events from AWS S3 bucket.\n\n**Data Connectors:** 1, **Workbooks:** 3, **Analytic Rules:** 3\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
+        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/IllumioLogo.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/IllumioSaaS/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\n[IllumioSaaS](https://www.illumio.com/) solution provides ability to ingest auditable and flow events from AWS S3 bucket.\n\n**Data Connectors:** 1, **Workbooks:** 3, **Analytic Rules:** 6\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
         "subscription": {
           "resourceProviders": [
             "Microsoft.OperationsManagement/solutions",
@@ -212,6 +212,48 @@
                 }
               }
             ]
+          },
+          {
+            "name": "analytic4",
+            "type": "Microsoft.Common.Section",
+            "label": "Illumio VEN Offline Detection Rule",
+            "elements": [
+              {
+                "name": "analytic4-text",
+                "type": "Microsoft.Common.TextBlock",
+                "options": {
+                  "text": "Create Microsoft Sentinel Incident When Ven Goes Into Offline state"
+                }
+              }
+            ]
+          },
+          {
+            "name": "analytic5",
+            "type": "Microsoft.Common.Section",
+            "label": "Illumio VEN Offline Detection Rule",
+            "elements": [
+              {
+                "name": "analytic5-text",
+                "type": "Microsoft.Common.TextBlock",
+                "options": {
+                  "text": "Create Microsoft Sentinel Incident When Ven Goes Into Offline state"
+                }
+              }
+            ]
+          },
+          {
+            "name": "analytic6",
+            "type": "Microsoft.Common.Section",
+            "label": "Illumio VEN Offline Detection Rule",
+            "elements": [
+              {
+                "name": "analytic6-text",
+                "type": "Microsoft.Common.TextBlock",
+                "options": {
+                  "text": "Create Microsoft Sentinel Incident When Ven Goes Into Offline state"
+                }
+              }
+            ]
           }
         ]
       }
diff --git a/Solutions/IllumioSaaS/Package/mainTemplate.json b/Solutions/IllumioSaaS/Package/mainTemplate.json
index 71e6d301129..dfcb7cd6266 100644
--- a/Solutions/IllumioSaaS/Package/mainTemplate.json
+++ b/Solutions/IllumioSaaS/Package/mainTemplate.json
@@ -107,6 +107,27 @@
       "analyticRuleTemplateSpecName3": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('ec07fcd3-724f-426d-9f53-041801ca5f6c')))]",
       "_analyticRulecontentProductId3": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','ec07fcd3-724f-426d-9f53-041801ca5f6c','-', '1.0.5')))]"
     },
+    "analyticRuleObject4": {
+      "analyticRuleVersion4": "1.0.5",
+      "_analyticRulecontentId4": "ec07fcd3-724f-426d-9f53-041801ca5f6c",
+      "analyticRuleId4": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 'ec07fcd3-724f-426d-9f53-041801ca5f6c')]",
+      "analyticRuleTemplateSpecName4": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('ec07fcd3-724f-426d-9f53-041801ca5f6c')))]",
+      "_analyticRulecontentProductId4": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','ec07fcd3-724f-426d-9f53-041801ca5f6c','-', '1.0.5')))]"
+    },
+    "analyticRuleObject5": {
+      "analyticRuleVersion5": "1.0.5",
+      "_analyticRulecontentId5": "ec07fcd3-724f-426d-9f53-041801ca5f6c",
+      "analyticRuleId5": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 'ec07fcd3-724f-426d-9f53-041801ca5f6c')]",
+      "analyticRuleTemplateSpecName5": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('ec07fcd3-724f-426d-9f53-041801ca5f6c')))]",
+      "_analyticRulecontentProductId5": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','ec07fcd3-724f-426d-9f53-041801ca5f6c','-', '1.0.5')))]"
+    },
+    "analyticRuleObject6": {
+      "analyticRuleVersion6": "1.0.5",
+      "_analyticRulecontentId6": "ec07fcd3-724f-426d-9f53-041801ca5f6c",
+      "analyticRuleId6": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 'ec07fcd3-724f-426d-9f53-041801ca5f6c')]",
+      "analyticRuleTemplateSpecName6": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('ec07fcd3-724f-426d-9f53-041801ca5f6c')))]",
+      "_analyticRulecontentProductId6": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','ec07fcd3-724f-426d-9f53-041801ca5f6c','-', '1.0.5')))]"
+    },
     "_solutioncontentProductId": "[concat(take(variables('_solutionId'),50),'-','sl','-', uniqueString(concat(variables('_solutionId'),'-','Solution','-',variables('_solutionId'),'-', variables('_solutionVersion'))))]"
   },
   "resources": [
@@ -483,7 +504,7 @@
               },
               "properties": {
                 "displayName": "[parameters('workbook1-name')]",
-                "serializedData": "{\"version\":\"Notebook/1.0\",\"items\":[{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"9875bc24-f51c-4151-96f0-2e4af7039364\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"Time\",\"type\":4,\"typeSettings\":{\"selectableValues\":[{\"durationMs\":1800000},{\"durationMs\":3600000},{\"durationMs\":14400000},{\"durationMs\":86400000},{\"durationMs\":604800000}],\"allowCustom\":true},\"timeContext\":{\"durationMs\":86400000},\"value\":{\"durationMs\":86400000}}],\"style\":\"above\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"parameters - 5\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Illumio_Auditable_Events_CL\\n| summarize count()\",\"size\":4,\"title\":\"Audit Events\",\"noDataMessage\":\"0\",\"timeContextFromParameter\":\"Time\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"card\",\"textSettings\":{\"style\":\"bignumber\"}},\"customWidth\":\"30\",\"name\":\"Audit Events\",\"styleSettings\":{\"maxWidth\":\"30\"}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"table('Illumio_Auditable_Events_CL')\\n| where event_type has 'tampering'\\n| summarize count()\",\"size\":4,\"title\":\"Tampering Events\",\"timeContextFromParameter\":\"Time\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"card\",\"tileSettings\":{\"showBorder\":false},\"textSettings\":{\"style\":\"bignumber\"}},\"customWidth\":\"30\",\"name\":\"Tampering Events\",\"styleSettings\":{\"maxWidth\":\"30\"}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"table('Illumio_Auditable_Events_CL')\\n| where event_type has 'port_scan'\\n| summarize count()\",\"size\":4,\"title\":\"Port Scan Events\",\"timeContextFromParameter\":\"Time\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"card\",\"textSettings\":{\"style\":\"bignumber\"}},\"customWidth\":\"30\",\"name\":\"Port Scan Events\",\"styleSettings\":{\"maxWidth\":\"30\"}}]},\"name\":\"group - 5\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Illumio_Auditable_Events_CL\\n| summarize distinct_count = dcount(href) by event_type\\n| order by distinct_count \\n| top 10 by distinct_count\",\"size\":0,\"title\":\"Top Auditable events\",\"timeContextFromParameter\":\"Time\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"categoricalbar\"},\"name\":\"query - 0\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Change Monitoring\",\"items\":[{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Illumio_Auditable_Events_CL\\n| summarize arg_max(TimeGenerated, *) by href\\n| where event_type == 'sec_policy.create' \\n| mv-expand resource_change = resource_changes\\n| project TimeGenerated,\\n            workloads_affected_after_change = resource_change.changes.workloads_affected.after,\\n           policy_version = resource_change.resource.sec_policy.version,\\n           commit_message = resource_change.resource.sec_policy.commit_message,\\n           modified_objects = resource_change.resource.sec_policy.modified_objects,\\n           change_type = resource_change.change_type\\n\",\"size\":0,\"title\":\"Workloads affected by policy changes\",\"noDataMessage\":\"No workloads were affected by policy changes\",\"timeContextFromParameter\":\"Time\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"sortBy\":[{\"itemKey\":\"TimeGenerated\",\"sortOrder\":1}]},\"sortBy\":[{\"itemKey\":\"TimeGenerated\",\"sortOrder\":1}]},\"name\":\"Workloads affected by policy changes\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Illumio_Auditable_Events_CL\\n| where resource_changes != '[]' and isnotempty(resource_changes) // ensure resource changes are not empty\\n| summarize arg_max(TimeGenerated, *) by href\\n| mv-expand  parse_json(resource_changes)\\n| project resource_type = tostring(bag_keys(resource_changes.resource)[0])\\n| summarize Count=count() by resource_type\",\"size\":0,\"title\":\"Changes by Resource Type\",\"noDataMessage\":\"No changes by resource type\",\"timeContextFromParameter\":\"Time\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"sortBy\":[{\"itemKey\":\"Count\",\"sortOrder\":2}]},\"sortBy\":[{\"itemKey\":\"Count\",\"sortOrder\":2}]},\"customWidth\":\"35\",\"name\":\"Changes by Resource Type\",\"styleSettings\":{\"maxWidth\":\"35\"}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Illumio_Auditable_Events_CL\\n| where resource_changes != '[]' and isnotempty(resource_changes) and not(event_type matches regex '^user.*') and (event_type has '.create' or event_type has '.update' or event_type has '.delete') and (created_by !has \\\"agent\\\" and created_by !has \\\"ven\\\" and created_by !has \\\"container\\\")\\n| extend User = tostring(parse_json(created_by)['user']['username'])\\n| summarize Count = count() by User\",\"size\":0,\"title\":\"Changes by User\",\"timeContextFromParameter\":\"Time\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"35\",\"name\":\"Changes by User\",\"styleSettings\":{\"maxWidth\":\"35\"}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Illumio_Auditable_Events_CL\\n| where created_by has \\\"agent\\\" or created_by has \\\"ven\\\"\\n| project user = tostring(parse_json(created_by)['agent']['hostname'])\\n| summarize count() by user\",\"size\":0,\"title\":\"Events generated by agents\",\"noDataMessage\":\"Agents have not generated any events\",\"timeContext\":{\"durationMs\":86400000},\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"20\",\"name\":\"Events generated by agents\",\"styleSettings\":{\"maxWidth\":\"20\"}}]},\"name\":\"ChangeMonitoring\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Illumio_Auditable_Events_CL\\n| summarize arg_max(TimeGenerated, *) by href // try to filter what event_type to prioritize in bar chart\\n| make-series events = count() default = 0 on TimeGenerated from {Time:start} to {Time:end} step 1h by event_type //from ago(1d) to now() step 1h by event_type \",\"size\":0,\"title\":\"PCE events breakdown - every hour\",\"timeContextFromParameter\":\"Time\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"unstackedbar\",\"tileSettings\":{\"showBorder\":false},\"graphSettings\":{\"type\":0},\"mapSettings\":{\"locInfo\":\"LatLong\"}},\"name\":\"PCE events breakdown - every hour\"},{\"type\":1,\"content\":{\"json\":\"### Authentication events \\nChoose from below drop down to filter authentication events.\"},\"name\":\"text - 7\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"1ee7c425-b1b5-4a71-8dc3-9b447fa1f316\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"EventType\",\"label\":\"Include Event Type\",\"type\":2,\"description\":\"Types of events to be included \",\"isRequired\":true,\"isGlobal\":true,\"multiSelect\":true,\"quote\":\"'\",\"delimiter\":\",\",\"typeSettings\":{\"additionalResourceOptions\":[\"value::all\"],\"selectAllValue\":\"*\",\"showDefault\":false},\"jsonData\":\"[\\n    { \\\"value\\\":\\\"user.logout\\\", \\\"label\\\":\\\"User logout\\\" },\\n    { \\\"value\\\":\\\"user.sign_in\\\", \\\"label\\\":\\\"User signin\\\" },\\n    { \\\"value\\\":\\\"user.sign_out\\\", \\\"label\\\":\\\"User signout\\\" },\\n    { \\\"value\\\":\\\"user.login\\\", \\\"label\\\":\\\"User login\\\"},\\n    { \\\"value\\\":\\\"user.pce_session_terminated\\\", \\\"label\\\":\\\"User session terminated\\\"},\\n    { \\\"value\\\":\\\"request.authentication_failed\\\", \\\"label\\\":\\\"Authentication failed\\\"},\\n    { \\\"value\\\":\\\"user.authenticate\\\", \\\"label\\\":\\\"User Authentication\\\"},\\n    { \\\"value\\\":\\\"user.create_session\\\", \\\"label\\\":\\\"User create session\\\"}\\n]\",\"timeContext\":{\"durationMs\":86400000},\"value\":[\"value::all\"]},{\"id\":\"4f1ca215-f902-4fac-9bf0-834e4988a107\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"ExcludeEventType\",\"label\":\"Exclude Event Type\",\"type\":2,\"description\":\"Types of events to be excluded\",\"isRequired\":true,\"isGlobal\":true,\"multiSelect\":true,\"quote\":\"'\",\"delimiter\":\",\",\"typeSettings\":{\"showDefault\":false},\"jsonData\":\"[\\n    { \\\"value\\\":\\\"user.logout\\\", \\\"label\\\":\\\"User logout\\\" },\\n    { \\\"value\\\":\\\"user.sign_in\\\", \\\"label\\\":\\\"User signin\\\" },\\n    { \\\"value\\\":\\\"user.sign_out\\\", \\\"label\\\":\\\"User signout\\\" },\\n    { \\\"value\\\":\\\"user.login\\\", \\\"label\\\":\\\"User login\\\"},\\n    { \\\"value\\\":\\\"user.pce_session_terminated\\\", \\\"label\\\":\\\"User session terminated\\\"},\\n    { \\\"value\\\":\\\"request.authentication_failed\\\", \\\"label\\\":\\\"Authentication failed\\\"},\\n    { \\\"value\\\":\\\"user.authenticate\\\", \\\"label\\\":\\\"User Authentication\\\"},\\n    { \\\"value\\\":\\\"user.create_session\\\", \\\"label\\\":\\\"User create session\\\"},\\n    { \\\"value\\\":\\\"None\\\", \\\"label\\\":\\\"None\\\", \\\"selected\\\": true}\\n]\",\"timeContext\":{\"durationMs\":86400000},\"value\":[\"None\"]},{\"version\":\"KqlParameterItem/1.0\",\"name\":\"Status\",\"type\":2,\"description\":\"Status values\",\"isRequired\":true,\"isGlobal\":true,\"multiSelect\":true,\"quote\":\"'\",\"delimiter\":\",\",\"typeSettings\":{\"additionalResourceOptions\":[\"value::all\"],\"selectAllValue\":\"*\",\"showDefault\":false},\"jsonData\":\"[\\n    { \\\"value\\\":\\\"failure\\\", \\\"label\\\":\\\"Failure\\\" },\\n    { \\\"value\\\":\\\"success\\\", \\\"label\\\":\\\"Success\\\", \\\"selected\\\": true },\\n    { \\\"value\\\":\\\"None\\\", \\\"label\\\":\\\"None\\\"}\\n]\",\"timeContext\":{\"durationMs\":86400000},\"id\":\"c8996627-2e77-4386-9c23-1eb5d50df311\",\"value\":[\"value::all\"]},{\"version\":\"KqlParameterItem/1.0\",\"name\":\"Severity\",\"type\":2,\"description\":\"Status values\",\"isRequired\":true,\"isGlobal\":true,\"multiSelect\":true,\"quote\":\"'\",\"delimiter\":\",\",\"typeSettings\":{\"additionalResourceOptions\":[\"value::all\"],\"selectAllValue\":\"*\",\"showDefault\":false},\"jsonData\":\"[\\n    { \\\"value\\\":\\\"err\\\", \\\"label\\\":\\\"Error\\\" },\\n    { \\\"value\\\":\\\"info\\\", \\\"label\\\":\\\"Info\\\", \\\"selected\\\": true }    \\n]\",\"timeContext\":{\"durationMs\":86400000},\"id\":\"79d0945d-d0f8-4293-8dc2-3c57391cde95\",\"value\":[\"value::all\"]}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"parameters - 6\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let included_event_types = iif(\\\"*\\\" in ({EventType}), dynamic(['user.login','user.logout', 'user.sign_in', 'user.sign_out', 'user.authenticate','user.create_session','user.pce_session_terminated']), dynamic([{EventType}]) );\\nIllumio_Auditable_Events_CL\\n| where event_type in (included_event_types)\\n| where  \\\"*\\\" in ({Status}) or status in ({Status}) and \\\"*\\\" in ({Severity}) or severity in ({Severity})\\n| where not(event_type in ({ExcludeEventType}))\\n| project TimeGenerated, pce_fqdn, event_type, status, notification_type = parse_json(notifications)[0].notification_type,severity, created_by_username = iif(created_by == '{\\\"system\\\":{}}', parse_json(notifications)[0].info.user.username, parse_json(created_by).user.username)\",\"size\":0,\"title\":\"PCE Authentication Events\",\"timeContextFromParameter\":\"Time\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"rowLimit\":100,\"filter\":true,\"sortBy\":[{\"itemKey\":\"severity\",\"sortOrder\":1}]},\"sortBy\":[{\"itemKey\":\"severity\",\"sortOrder\":1}]},\"name\":\"PCE Authentication Events\"}],\"fromTemplateId\":\"sentinel-AuditableEventsWorkbook\",\"$schema\":\"https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json\"}\r\n",
+                "serializedData": "{\"version\":\"Notebook/1.0\",\"items\":[{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"9875bc24-f51c-4151-96f0-2e4af7039364\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"Time\",\"type\":4,\"typeSettings\":{\"selectableValues\":[{\"durationMs\":1800000},{\"durationMs\":3600000},{\"durationMs\":14400000},{\"durationMs\":86400000},{\"durationMs\":604800000}],\"allowCustom\":true},\"timeContext\":{\"durationMs\":86400000},\"value\":{\"durationMs\":86400000}}],\"style\":\"above\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"parameters - 5\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Illumio_Auditable_Events_CL\\n| summarize count()\",\"size\":4,\"title\":\"Audit Events\",\"noDataMessage\":\"0\",\"timeContextFromParameter\":\"Time\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"card\",\"textSettings\":{\"style\":\"bignumber\"}},\"customWidth\":\"30\",\"name\":\"Audit Events\",\"styleSettings\":{\"maxWidth\":\"30\"}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"table('Illumio_Auditable_Events_CL')\\n| where event_type has 'tampering'\\n| summarize count()\",\"size\":4,\"title\":\"Tampering Events\",\"timeContextFromParameter\":\"Time\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"card\",\"tileSettings\":{\"showBorder\":false},\"textSettings\":{\"style\":\"bignumber\"}},\"customWidth\":\"30\",\"name\":\"Tampering Events\",\"styleSettings\":{\"maxWidth\":\"30\"}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"table('Illumio_Auditable_Events_CL')\\n| where event_type has 'port_scan'\\n| summarize count()\",\"size\":4,\"title\":\"Port Scan Events\",\"timeContextFromParameter\":\"Time\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"card\",\"textSettings\":{\"style\":\"bignumber\"}},\"customWidth\":\"30\",\"name\":\"Port Scan Events\",\"styleSettings\":{\"maxWidth\":\"30\"}}]},\"name\":\"group - 5\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Illumio_Auditable_Events_CL\\n| summarize distinct_count = dcount(href) by event_type\\n| order by distinct_count \\n| top 10 by distinct_count\",\"size\":0,\"title\":\"Top Auditable events\",\"timeContextFromParameter\":\"Time\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"categoricalbar\"},\"name\":\"query - 0\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Change Monitoring\",\"items\":[{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Illumio_Auditable_Events_CL\\n| summarize arg_max(TimeGenerated, *) by href\\n| where event_type == 'sec_policy.create' \\n| mv-expand resource_change = resource_changes\\n| project TimeGenerated,\\n            workloads_affected_after_change = resource_change.changes.workloads_affected.after,\\n           policy_version = resource_change.resource.sec_policy.version,\\n           commit_message = resource_change.resource.sec_policy.commit_message,\\n           modified_objects = resource_change.resource.sec_policy.modified_objects,\\n           change_type = resource_change.change_type\\n\",\"size\":0,\"title\":\"Workloads affected by policy changes\",\"noDataMessage\":\"No workloads were affected by policy changes\",\"timeContextFromParameter\":\"Time\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"sortBy\":[{\"itemKey\":\"TimeGenerated\",\"sortOrder\":1}]},\"sortBy\":[{\"itemKey\":\"TimeGenerated\",\"sortOrder\":1}]},\"name\":\"Workloads affected by policy changes\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Illumio_Auditable_Events_CL\\n| where resource_changes != '[]' and isnotempty(resource_changes) // ensure resource changes are not empty\\n| summarize arg_max(TimeGenerated, *) by href\\n| mv-expand  parse_json(resource_changes)\\n| project resource_type = tostring(bag_keys(resource_changes.resource)[0])\\n| summarize Count=count() by resource_type\",\"size\":0,\"title\":\"Changes by Resource Type\",\"noDataMessage\":\"No changes by resource type\",\"timeContextFromParameter\":\"Time\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"sortBy\":[{\"itemKey\":\"Count\",\"sortOrder\":2}]},\"sortBy\":[{\"itemKey\":\"Count\",\"sortOrder\":2}]},\"customWidth\":\"35\",\"name\":\"Changes by Resource Type\",\"styleSettings\":{\"maxWidth\":\"35\"}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Illumio_Auditable_Events_CL\\n| where resource_changes != '[]' and isnotempty(resource_changes) and not(event_type matches regex '^user.*') and (event_type has '.create' or event_type has '.update' or event_type has '.delete') and (created_by !has \\\"agent\\\" and created_by !has \\\"ven\\\" and created_by !has \\\"container\\\")\\n| extend User = tostring(parse_json(created_by)['user']['username'])\\n| summarize Count = count() by User\",\"size\":0,\"title\":\"Changes by User\",\"timeContextFromParameter\":\"Time\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"35\",\"name\":\"Changes by User\",\"styleSettings\":{\"maxWidth\":\"35\"}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Illumio_Auditable_Events_CL\\n| where created_by has \\\"agent\\\" or created_by has \\\"ven\\\"\\n| project user = tostring(parse_json(created_by)['agent']['hostname'])\\n| summarize count() by user\",\"size\":0,\"title\":\"Events generated by agents\",\"noDataMessage\":\"Agents have not generated any events\",\"timeContext\":{\"durationMs\":86400000},\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"20\",\"name\":\"Events generated by agents\",\"styleSettings\":{\"maxWidth\":\"20\"}}]},\"name\":\"ChangeMonitoring\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Illumio_Auditable_Events_CL\\n| summarize arg_max(TimeGenerated, *) by href // try to filter what event_type to prioritize in bar chart\\n| make-series events = count() default = 0 on TimeGenerated from {Time:start} to {Time:end} step 1h by event_type //from ago(1d) to now() step 1h by event_type \",\"size\":0,\"title\":\"PCE events breakdown - every hour\",\"timeContextFromParameter\":\"Time\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"unstackedbar\",\"tileSettings\":{\"showBorder\":false},\"graphSettings\":{\"type\":0},\"mapSettings\":{\"locInfo\":\"LatLong\"}},\"name\":\"PCE events breakdown - every hour\"},{\"type\":1,\"content\":{\"json\":\"### Authentication events \\nChoose from below drop down to filter authentication events.\"},\"name\":\"text - 7\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"1ee7c425-b1b5-4a71-8dc3-9b447fa1f316\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"EventType\",\"label\":\"Include Event Type\",\"type\":2,\"description\":\"Types of events to be included \",\"isRequired\":true,\"isGlobal\":true,\"multiSelect\":true,\"quote\":\"'\",\"delimiter\":\",\",\"typeSettings\":{\"additionalResourceOptions\":[\"value::all\"],\"selectAllValue\":\"*\",\"showDefault\":false},\"jsonData\":\"[\\n    { \\\"value\\\":\\\"user.logout\\\", \\\"label\\\":\\\"User logout\\\" },\\n    { \\\"value\\\":\\\"user.sign_in\\\", \\\"label\\\":\\\"User signin\\\" },\\n    { \\\"value\\\":\\\"user.sign_out\\\", \\\"label\\\":\\\"User signout\\\" },\\n    { \\\"value\\\":\\\"user.login\\\", \\\"label\\\":\\\"User login\\\"},\\n    { \\\"value\\\":\\\"user.pce_session_terminated\\\", \\\"label\\\":\\\"User session terminated\\\"},\\n    { \\\"value\\\":\\\"request.authentication_failed\\\", \\\"label\\\":\\\"Authentication failed\\\"},\\n    { \\\"value\\\":\\\"user.authenticate\\\", \\\"label\\\":\\\"User Authentication\\\"},\\n    { \\\"value\\\":\\\"user.create_session\\\", \\\"label\\\":\\\"User create session\\\"}\\n]\",\"timeContext\":{\"durationMs\":86400000},\"value\":[\"value::all\"]},{\"id\":\"4f1ca215-f902-4fac-9bf0-834e4988a107\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"ExcludeEventType\",\"label\":\"Exclude Event Type\",\"type\":2,\"description\":\"Types of events to be excluded\",\"isRequired\":true,\"isGlobal\":true,\"multiSelect\":true,\"quote\":\"'\",\"delimiter\":\",\",\"typeSettings\":{\"showDefault\":false},\"jsonData\":\"[\\n    { \\\"value\\\":\\\"user.logout\\\", \\\"label\\\":\\\"User logout\\\" },\\n    { \\\"value\\\":\\\"user.sign_in\\\", \\\"label\\\":\\\"User signin\\\" },\\n    { \\\"value\\\":\\\"user.sign_out\\\", \\\"label\\\":\\\"User signout\\\" },\\n    { \\\"value\\\":\\\"user.login\\\", \\\"label\\\":\\\"User login\\\"},\\n    { \\\"value\\\":\\\"user.pce_session_terminated\\\", \\\"label\\\":\\\"User session terminated\\\"},\\n    { \\\"value\\\":\\\"request.authentication_failed\\\", \\\"label\\\":\\\"Authentication failed\\\"},\\n    { \\\"value\\\":\\\"user.authenticate\\\", \\\"label\\\":\\\"User Authentication\\\"},\\n    { \\\"value\\\":\\\"user.create_session\\\", \\\"label\\\":\\\"User create session\\\"},\\n    { \\\"value\\\":\\\"None\\\", \\\"label\\\":\\\"None\\\", \\\"selected\\\": true}\\n]\",\"timeContext\":{\"durationMs\":86400000},\"value\":[\"None\"]},{\"version\":\"KqlParameterItem/1.0\",\"name\":\"Status\",\"type\":2,\"description\":\"Status values\",\"isRequired\":true,\"isGlobal\":true,\"multiSelect\":true,\"quote\":\"'\",\"delimiter\":\",\",\"typeSettings\":{\"additionalResourceOptions\":[\"value::all\"],\"selectAllValue\":\"*\",\"showDefault\":false},\"jsonData\":\"[\\n    { \\\"value\\\":\\\"failure\\\", \\\"label\\\":\\\"Failure\\\" },\\n    { \\\"value\\\":\\\"success\\\", \\\"label\\\":\\\"Success\\\", \\\"selected\\\": true },\\n    { \\\"value\\\":\\\"None\\\", \\\"label\\\":\\\"None\\\"}\\n]\",\"timeContext\":{\"durationMs\":86400000},\"id\":\"c8996627-2e77-4386-9c23-1eb5d50df311\",\"value\":[\"value::all\"]},{\"version\":\"KqlParameterItem/1.0\",\"name\":\"Severity\",\"type\":2,\"description\":\"Status values\",\"isRequired\":true,\"isGlobal\":true,\"multiSelect\":true,\"quote\":\"'\",\"delimiter\":\",\",\"typeSettings\":{\"additionalResourceOptions\":[\"value::all\"],\"selectAllValue\":\"*\",\"showDefault\":false},\"jsonData\":\"[\\n    { \\\"value\\\":\\\"err\\\", \\\"label\\\":\\\"Error\\\" },\\n    { \\\"value\\\":\\\"info\\\", \\\"label\\\":\\\"Info\\\", \\\"selected\\\": true }    \\n]\",\"timeContext\":{\"durationMs\":86400000},\"id\":\"79d0945d-d0f8-4293-8dc2-3c57391cde95\",\"value\":[\"value::all\"]}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"parameters - 6\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let included_event_types = iif(\\\"*\\\" in ({EventType}), dynamic(['user.login','user.logout', 'user.sign_in', 'user.sign_out', 'user.authenticate','user.create_session','user.pce_session_terminated']), dynamic([{EventType}]) );\\nIllumio_Auditable_Events_CL\\n| where event_type in (included_event_types)\\n| where  \\\"*\\\" in ({Status}) or status in ({Status}) and \\\"*\\\" in ({Severity}) or severity in ({Severity})\\n| where not(event_type in ({ExcludeEventType}))\\n| project TimeGenerated, pce_fqdn, event_type, status, notification_type = parse_json(notifications)[0].notification_type,severity, created_by_username = iif(created_by == '{\\\"system\\\":{}}', parse_json(notifications)[0].info.user.username, parse_json(created_by).user.username)\",\"size\":0,\"title\":\"PCE Authentication Events\",\"timeContextFromParameter\":\"Time\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"rowLimit\":100,\"filter\":true,\"sortBy\":[{\"itemKey\":\"severity\",\"sortOrder\":1}]},\"sortBy\":[{\"itemKey\":\"severity\",\"sortOrder\":1}]},\"name\":\"PCE Authentication Events\"}],\"fromTemplateId\":\"sentinel-AuditableEventsWorkbook\",\"$schema\":\"https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json\"}\n",
                 "version": "1.0",
                 "sourceId": "[variables('workspaceResourceId')]",
                 "category": "sentinel"
@@ -570,7 +591,7 @@
               },
               "properties": {
                 "displayName": "[parameters('workbook2-name')]",
-                "serializedData": "{\"version\":\"Notebook/1.0\",\"items\":[{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"ebc4e534-7a4a-41be-b365-ddcd4f564090\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"time_range\",\"label\":\"Time Range\",\"type\":4,\"description\":\"As a time filter\",\"isGlobal\":true,\"typeSettings\":{\"selectableValues\":[{\"durationMs\":1800000},{\"durationMs\":3600000},{\"durationMs\":14400000},{\"durationMs\":43200000},{\"durationMs\":86400000},{\"durationMs\":259200000},{\"durationMs\":604800000}],\"allowCustom\":true},\"timeContext\":{\"durationMs\":86400000},\"value\":{\"durationMs\":86400000}}],\"style\":\"above\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"parameters - 7\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Illumio_Flow_Events_CL\\n| summarize count() by bin(TimeGenerated, 1h)\",\"size\":0,\"title\":\"Traffic every hour\",\"timeContextFromParameter\":\"time_range\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"linechart\",\"chartSettings\":{\"showLegend\":true,\"showDataPoints\":true,\"xSettings\":{\"label\":\"Time\"},\"ySettings\":{\"label\":\"Traffic Connections\"}}},\"name\":\"traffic-every-hour\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Trafficked Workload Stats\",\"items\":[{\"type\":1,\"content\":{\"json\":\"#### Enter the number of workloads for which the inbound and outbound connections are to be fetched. These workloads will be ordered by connection count. \",\"style\":\"info\"},\"name\":\"text - 4\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"0dead08f-24f5-40b3-a011-a59e007a8e70\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"workload_count\",\"label\":\"Workload Count\",\"type\":1,\"description\":\"Provide an integer that denotes the limit for retrieving most trafficked workloads\",\"query\":\"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": 5, \\\\\\\"label\\\\\\\": 5, \\\\\\\"selected\\\\\\\": true}\\\"}\\r\\n\",\"timeContext\":{\"durationMs\":86400000},\"queryType\":8,\"value\":\"10\"}],\"style\":\"pills\",\"queryType\":8},\"name\":\"parameters - 8\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let workload_count = {workload_count};\\nIllumio_Flow_Events_CL\\n| extend hostname = coalesce(src_hostname, dst_hostname)\\n| summarize Count = count() by hostname, dir\\n| summarize InboundCount = sum(iff(dir == \\\"I\\\", Count, 0)), OutboundCount = sum(iff(dir == \\\"O\\\", Count, 0)) by hostname\\n| top workload_count by hostname\\n\",\"size\":0,\"title\":\"Most Trafficked Workloads\",\"timeContextFromParameter\":\"time_range\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"categoricalbar\",\"tileSettings\":{\"showBorder\":false,\"titleContent\":{\"columnMatch\":\"workload\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"Count\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"},\"numberFormat\":{\"unit\":17,\"options\":{\"maximumSignificantDigits\":3,\"maximumFractionDigits\":2}}}},\"chartSettings\":{\"xAxis\":\"hostname\",\"showLegend\":true,\"xSettings\":{\"label\":\"Workloads\"},\"ySettings\":{\"label\":\"Traffic Connections\"}}},\"name\":\"Most Trafficked Workloads\"}]},\"name\":\"MostTraffickedWorkload\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Traffic Explorer\",\"items\":[{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Filters for querying traffic data\",\"expandable\":true,\"expanded\":true,\"items\":[{\"type\":1,\"content\":{\"json\":\"## Traffic Explorer\\n### Please enter source ip, destination ip, destination port, protocol, time range to filter traffic records. \\n### All records are returned unless provided.\\n\",\"style\":\"info\"},\"name\":\"text - 9\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"8ab7ce90-16a6-4e7e-85b7-292234a9d3c1\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"src_ip\",\"label\":\"Source IP\",\"type\":2,\"description\":\"Select source ip\",\"multiSelect\":true,\"quote\":\"'\",\"delimiter\":\",\",\"query\":\"Illumio_Flow_Events_CL\\n| summarize by src_ip\",\"typeSettings\":{\"additionalResourceOptions\":[\"value::all\"],\"selectAllValue\":\"*\",\"showDefault\":false},\"timeContext\":{\"durationMs\":86400000},\"timeContextFromParameter\":\"time_range\",\"defaultValue\":\"value::all\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"value\":[\"value::all\"]},{\"id\":\"24f11ee0-0b0b-4c79-918b-01df57233aa2\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"dst_ip\",\"label\":\"Destination IP\",\"type\":2,\"description\":\"Select destination ips\",\"multiSelect\":true,\"quote\":\"'\",\"delimiter\":\",\",\"query\":\"Illumio_Flow_Events_CL\\n| summarize by dst_ip\",\"typeSettings\":{\"additionalResourceOptions\":[\"value::all\"],\"selectAllValue\":\"*\",\"showDefault\":false},\"timeContext\":{\"durationMs\":86400000},\"timeContextFromParameter\":\"time_range\",\"defaultValue\":\"value::all\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},{\"id\":\"eb9fe16e-be04-479d-9389-0095c2b43d50\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"dst_port\",\"label\":\"Destination Port\",\"type\":2,\"description\":\"Select destination port\",\"multiSelect\":true,\"quote\":\"'\",\"delimiter\":\",\",\"query\":\"Illumio_Flow_Events_CL\\n| summarize by dst_port\",\"typeSettings\":{\"additionalResourceOptions\":[\"value::all\"],\"selectAllValue\":\"*\"},\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"time_range\",\"defaultValue\":\"value::all\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"value\":[\"value::all\"]},{\"id\":\"416ab303-c10f-47c1-9f01-7c1324699b49\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"protocol\",\"label\":\"Protocol\",\"type\":2,\"description\":\"Protocol for fetching traffic records. For multiple, use comma as delimiter like 6,17\",\"multiSelect\":true,\"quote\":\"'\",\"delimiter\":\",\",\"query\":\"Illumio_Flow_Events_CL\\n| summarize by proto\\n| extend protocolName = case(\\n    proto == -1, \\\"all\\\",\\n    proto == 0, \\\"hopopt\\\",\\n    proto == 1, \\\"icmp\\\",\\n    proto == 2, \\\"igmp\\\",\\n    proto == 3, \\\"ggp\\\",\\n    proto == 4, \\\"ipv4\\\",\\n    proto == 5, \\\"st\\\",\\n    proto == 6, \\\"tcp\\\",\\n    proto == 7, \\\"cbt\\\",\\n    proto == 8, \\\"egp\\\",\\n    proto == 9, \\\"igp\\\",\\n    proto == 10, \\\"bbn-rcc-mon\\\",\\n    proto == 11, \\\"nvp-ii\\\",\\n    proto == 12, \\\"pup\\\",\\n    proto == 13, \\\"argus\\\",\\n    proto == 14, \\\"emcon\\\",\\n    proto == 15, \\\"xnet\\\",\\n    proto == 16, \\\"chaos\\\",\\n    proto == 17, \\\"udp\\\",\\n    proto == 18, \\\"mux\\\",\\n    proto == 19, \\\"dcn-meas\\\",\\n    proto == 20, \\\"hmp\\\",\\n    proto == 21, \\\"prm\\\",\\n    proto == 22, \\\"xns-idp\\\",\\n    proto == 23, \\\"trunk-1\\\",\\n    proto == 24, \\\"trunk-2\\\",\\n    proto == 25, \\\"leaf-1\\\",\\n    proto == 26, \\\"leaf-2\\\",\\n    proto == 27, \\\"rdp\\\",\\n    proto == 28, \\\"irtp\\\",\\n    proto == 29, \\\"iso-tp4\\\",\\n    proto == 30, \\\"netblt\\\",\\n    proto == 31, \\\"mfe-nsp\\\",\\n    proto == 32, \\\"merit-inp\\\",\\n    proto == 33, \\\"dccp\\\",\\n    proto == 34, \\\"3pc\\\",\\n    proto == 35, \\\"idpr\\\",\\n    proto == 36, \\\"xtp\\\",\\n    proto == 37, \\\"ddp\\\",\\n    proto == 38, \\\"idpr-cmtp\\\",\\n    proto == 39, \\\"tp++\\\",\\n    proto == 40, \\\"il\\\",\\n    proto == 41, \\\"ipv6\\\",\\n    proto == 42, \\\"sdrp\\\",\\n    proto == 43, \\\"ipv6-route\\\",\\n    proto == 44, \\\"ipv6-frag\\\",\\n    proto == 45, \\\"idrp\\\",\\n    proto == 46, \\\"rsvp\\\",\\n    proto == 47, \\\"gre\\\",\\n    proto == 48, \\\"dsr\\\",\\n    proto == 49, \\\"bna\\\",\\n    proto == 50, \\\"esp\\\",\\n    proto == 51, \\\"ah\\\",\\n    proto == 52, \\\"i-nlsp\\\",\\n    proto == 53, \\\"swipe\\\",\\n    proto == 54, \\\"narp\\\",\\n    proto == 55, \\\"mobile\\\",\\n    proto == 56, \\\"tlsp\\\",\\n    proto == 57, \\\"skip\\\",\\n    proto == 58, \\\"ipv6-icmp\\\",\\n    proto == 59, \\\"ipv6-nonxt\\\",\\n    proto == 60, \\\"ipv6-opts\\\",\\n    proto == 62, \\\"cftp\\\",\\n    proto == 64, \\\"sat-expak\\\",\\n    proto == 65, \\\"kryptolan\\\",\\n    proto == 66, \\\"rvd\\\",\\n    proto == 67, \\\"ippc\\\",\\n    proto == 69, \\\"sat-mon\\\",\\n    proto == 70, \\\"visa\\\",\\n    proto == 71, \\\"ipcv\\\",\\n    proto == 72, \\\"cpnx\\\",\\n    proto == 73, \\\"cphb\\\",\\n    proto == 74, \\\"wsn\\\",\\n    proto == 75, \\\"pvp\\\",\\n    proto == 76, \\\"br-sat-mon\\\",\\n    proto == 77, \\\"sun-nd\\\",\\n    proto == 78, \\\"wb-mon\\\",\\n    proto == 79, \\\"wb-expak\\\",\\n    proto == 80, \\\"iso-ip\\\",\\n    proto == 81, \\\"vmtp\\\",\\n    proto == 82, \\\"secure-vmtp\\\",\\n    proto == 83, \\\"vines\\\",\\n    proto == 84, \\\"iptm\\\",\\n    proto == 85, \\\"nsfnet-igp\\\",\\n    proto == 86, \\\"dgp\\\",\\n    proto == 87, \\\"tcf\\\",\\n    proto == 88, \\\"eigrp\\\",\\n    proto == 89, \\\"ospfigp\\\",\\n    proto == 90, \\\"sprite-rpc\\\",\\n    proto == 91, \\\"larp\\\",\\n    proto == 92, \\\"mtp\\\",\\n    proto == 93, \\\"ax.25\\\",\\n    proto == 94, \\\"ipip\\\",\\n    proto == 95, \\\"micp\\\",\\n    proto == 96, \\\"scc-sp\\\",\\n    proto == 97, \\\"etherip\\\",\\n    proto == 98, \\\"encap\\\",\\n    proto == 100, \\\"gmtp\\\",\\n    proto == 101, \\\"ifmp\\\",\\n    proto == 102, \\\"pnni\\\",\\n    proto == 103, \\\"pim\\\",\\n    proto == 104, \\\"aris\\\",\\n    proto == 105, \\\"scps\\\",\\n    proto == 106, \\\"qnx\\\",\\n    proto == 107, \\\"a/n\\\",\\n    proto == 108, \\\"ipcomp\\\",\\n    proto == 109, \\\"snp\\\",\\n    proto == 110, \\\"compaq-peer\\\",\\n    proto == 111, \\\"ipx-in-ip\\\",\\n    proto == 112, \\\"vrrp\\\",\\n    proto == 113, \\\"pgm\\\",\\n    proto == 115, \\\"l2tp\\\",\\n    proto == 116, \\\"ddx\\\",\\n    proto == 117, \\\"iatp\\\",\\n    proto == 118, \\\"stp\\\",\\n    proto == 119, \\\"srp\\\",\\n    proto == 120, \\\"uti\\\",\\n    proto == 121, \\\"smp\\\",\\n    proto == 122, \\\"sm\\\",\\n    proto == 123, \\\"ptp\\\",\\n    proto == 124, \\\"isis over ipv4\\\",\\n    proto == 125, \\\"fire\\\",\\n    proto == 126, \\\"crtp\\\",\\n    proto == 127, \\\"crudp\\\",\\n    proto == 128, \\\"sscopmce\\\",\\n    proto == 129, \\\"iplt\\\",\\n    proto == 130, \\\"sps\\\",\\n    proto == 131, \\\"pipe\\\",\\n    proto == 132, \\\"sctp\\\",\\n    proto == 133, \\\"fc\\\",\\n    proto == 134, \\\"rsvp-e2e-ignore\\\",\\n    proto == 135, \\\"mobility header\\\",\\n    proto == 136, \\\"udplite\\\",\\n    proto == 137, \\\"mpls-in-ip\\\",\\n    proto == 138, \\\"manet\\\",\\n    proto == 139, \\\"hip\\\",\\n    proto == 140, \\\"shim6\\\",\\n    proto == 141, \\\"wesp\\\",\\n    proto == 142, \\\"rohc\\\",\\n    proto == 143, \\\"ethernet\\\",\\n    proto == 144, \\\"aggfrag\\\",\\n    proto == 145, \\\"nsh\\\",\\n    proto >= 146 and proto <= 252, \\\"unknown\\\",\\n    proto == 253, \\\"unknown\\\",\\n    proto == 254, \\\"unknown\\\",\\n    proto == 255, \\\"reserved\\\",\\n    \\\"unknown\\\"\\n)\\n\",\"typeSettings\":{\"additionalResourceOptions\":[\"value::all\"],\"selectAllValue\":\"*\",\"showDefault\":false},\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"time_range\",\"defaultValue\":\"value::all\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"value\":[\"value::all\"]},{\"id\":\"f07c08c2-ff0f-42a7-adc6-4fd5d7f1cb19\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"src_label\",\"label\":\"Source Label\",\"type\":2,\"description\":\"Filter for source labels\",\"multiSelect\":true,\"quote\":\"'\",\"delimiter\":\",\",\"query\":\"Illumio_Flow_Events_CL\\n| where src_labels != ''\\n| extend parsed_labels = parse_json(src_labels)\\n| mv-expand kind=array parsed_labels\\n| extend src_label=tostring(parsed_labels[1])\\n| summarize by src_label\",\"typeSettings\":{\"additionalResourceOptions\":[\"value::all\"],\"selectAllValue\":\"*\",\"showDefault\":false},\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"time_range\",\"defaultValue\":\"value::all\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"value\":[\"value::all\"]},{\"id\":\"9d5cb77f-31a5-41ed-8849-aaee2b513f54\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"dst_label\",\"label\":\"Destination Label\",\"type\":2,\"description\":\"Filter for destination label\",\"multiSelect\":true,\"quote\":\"'\",\"delimiter\":\",\",\"query\":\"Illumio_Flow_Events_CL\\n| where dst_labels != ''\\n| extend parsed_labels = parse_json(dst_labels)\\n| mv-expand kind=array parsed_labels\\n| extend dst_label=tostring(parsed_labels[1])\\n| summarize by dst_label\",\"typeSettings\":{\"additionalResourceOptions\":[\"value::all\"],\"selectAllValue\":\"*\",\"showDefault\":false},\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"time_range\",\"defaultValue\":\"value::all\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"value\":[\"value::all\"]}],\"style\":\"formHorizontal\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"30\",\"name\":\"all_traffic_params\",\"styleSettings\":{\"maxWidth\":\"30\"}}],\"exportParameters\":true},\"name\":\"parameters_group\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Illumio_Flow_Events_CL\\n| where (src_ip in ({src_ip}) or '*' in ({src_ip})) and (dst_ip in ({dst_ip}) or '*' in ({dst_ip})) and  (dst_labels has_any ({dst_label}) or '*' in ({dst_label}))  and  (src_labels has_any ({src_label}) or '*' in ({src_label})) and (dst_port in ({dst_port}) or '*' in ({dst_port})) and (proto in ({protocol}) or '*' in ({protocol})) \\n| extend policy_decision = \\n    case(pd == 0, \\\"Allowed\\\",\\n         pd == 1, \\\"Potentially Blocked\\\",\\n         pd == 2, \\\"Blocked\\\",\\n        \\\"Unknown\\\")\\n| summarize count() by policy_decision\\n\",\"size\":2,\"title\":\"Flow count by policy decision\",\"timeContextFromParameter\":\"time_range\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"piechart\",\"chartSettings\":{\"seriesLabelSettings\":[{\"seriesName\":\"Potentially Blocked\",\"color\":\"yellow\"},{\"seriesName\":\"Allowed\",\"color\":\"green\"},{\"seriesName\":\"Blocked\",\"color\":\"red\"},{\"seriesName\":\"Unknown\",\"color\":\"gray\"}]}},\"customWidth\":\"50\",\"name\":\"Flow count by policy decision\",\"styleSettings\":{\"maxWidth\":\"50\"}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"\\nIllumio_Flow_Events_CL\\n| where (src_ip in ({src_ip}) or '*' in ({src_ip})) and (dst_ip in ({dst_ip}) or '*' in ({dst_ip})) and (src_labels has_any ({src_label}) or '*' in ({src_label}))  and (dst_labels has_any ({dst_label}) or '*' in ({dst_label})) and (dst_port in ({dst_port}) or '*' in ({dst_port})) and (proto in ({protocol}) or '*' in ({protocol}))\\n| extend class_type = \\n    case(class == 'B', 'Broadcast',\\n         class == 'M', 'Multicast',\\n         class == 'U', \\\"Unicast\\\",\\n        \\\"Unknown\\\")\\n| summarize count() by class_type\\n\",\"size\":2,\"title\":\"Flows by class\",\"timeContextFromParameter\":\"time_range\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"piechart\"},\"customWidth\":\"50\",\"name\":\"Flows by class\",\"styleSettings\":{\"maxWidth\":\"50\"}},{\"type\":1,\"content\":{\"json\":\"### A service is indicated with a destination port and protocol, represented in the below graph as \\\"destination_port/protocol\\\"\",\"style\":\"info\"},\"name\":\"text - 7\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Illumio_Flow_Events_CL\\n| where (src_ip in ({src_ip}) or '*' in ({src_ip})) and (src_labels has_any ({src_label}) or '*' in ({src_label})) and (dst_labels has_any ({dst_label}) or '*' in ({dst_label})) and (dst_ip in ({dst_ip}) or '*' in ({dst_ip})) and (dst_port in ({dst_port}) or '*' in ({dst_port})) and (proto in ({protocol}) or '*' in ({protocol}))\\n| extend protocolName = case(\\n    proto == -1, \\\"all\\\",\\n    proto == 0, \\\"hopopt\\\",\\n    proto == 1, \\\"icmp\\\",\\n    proto == 2, \\\"igmp\\\",\\n    proto == 3, \\\"ggp\\\",\\n    proto == 4, \\\"ipv4\\\",\\n    proto == 5, \\\"st\\\",\\n    proto == 6, \\\"tcp\\\",\\n    proto == 7, \\\"cbt\\\",\\n    proto == 8, \\\"egp\\\",\\n    proto == 9, \\\"igp\\\",\\n    proto == 10, \\\"bbn-rcc-mon\\\",\\n    proto == 11, \\\"nvp-ii\\\",\\n    proto == 12, \\\"pup\\\",\\n    proto == 13, \\\"argus\\\",\\n    proto == 14, \\\"emcon\\\",\\n    proto == 15, \\\"xnet\\\",\\n    proto == 16, \\\"chaos\\\",\\n    proto == 17, \\\"udp\\\",\\n    proto == 18, \\\"mux\\\",\\n    proto == 19, \\\"dcn-meas\\\",\\n    proto == 20, \\\"hmp\\\",\\n    proto == 21, \\\"prm\\\",\\n    proto == 22, \\\"xns-idp\\\",\\n    proto == 23, \\\"trunk-1\\\",\\n    proto == 24, \\\"trunk-2\\\",\\n    proto == 25, \\\"leaf-1\\\",\\n    proto == 26, \\\"leaf-2\\\",\\n    proto == 27, \\\"rdp\\\",\\n    proto == 28, \\\"irtp\\\",\\n    proto == 29, \\\"iso-tp4\\\",\\n    proto == 30, \\\"netblt\\\",\\n    proto == 31, \\\"mfe-nsp\\\",\\n    proto == 32, \\\"merit-inp\\\",\\n    proto == 33, \\\"dccp\\\",\\n    proto == 34, \\\"3pc\\\",\\n    proto == 35, \\\"idpr\\\",\\n    proto == 36, \\\"xtp\\\",\\n    proto == 37, \\\"ddp\\\",\\n    proto == 38, \\\"idpr-cmtp\\\",\\n    proto == 39, \\\"tp++\\\",\\n    proto == 40, \\\"il\\\",\\n    proto == 41, \\\"ipv6\\\",\\n    proto == 42, \\\"sdrp\\\",\\n    proto == 43, \\\"ipv6-route\\\",\\n    proto == 44, \\\"ipv6-frag\\\",\\n    proto == 45, \\\"idrp\\\",\\n    proto == 46, \\\"rsvp\\\",\\n    proto == 47, \\\"gre\\\",\\n    proto == 48, \\\"dsr\\\",\\n    proto == 49, \\\"bna\\\",\\n    proto == 50, \\\"esp\\\",\\n    proto == 51, \\\"ah\\\",\\n    proto == 52, \\\"i-nlsp\\\",\\n    proto == 53, \\\"swipe\\\",\\n    proto == 54, \\\"narp\\\",\\n    proto == 55, \\\"mobile\\\",\\n    proto == 56, \\\"tlsp\\\",\\n    proto == 57, \\\"skip\\\",\\n    proto == 58, \\\"ipv6-icmp\\\",\\n    proto == 59, \\\"ipv6-nonxt\\\",\\n    proto == 60, \\\"ipv6-opts\\\",\\n    proto == 62, \\\"cftp\\\",\\n    proto == 64, \\\"sat-expak\\\",\\n    proto == 65, \\\"kryptolan\\\",\\n    proto == 66, \\\"rvd\\\",\\n    proto == 67, \\\"ippc\\\",\\n    proto == 69, \\\"sat-mon\\\",\\n    proto == 70, \\\"visa\\\",\\n    proto == 71, \\\"ipcv\\\",\\n    proto == 72, \\\"cpnx\\\",\\n    proto == 73, \\\"cphb\\\",\\n    proto == 74, \\\"wsn\\\",\\n    proto == 75, \\\"pvp\\\",\\n    proto == 76, \\\"br-sat-mon\\\",\\n    proto == 77, \\\"sun-nd\\\",\\n    proto == 78, \\\"wb-mon\\\",\\n    proto == 79, \\\"wb-expak\\\",\\n    proto == 80, \\\"iso-ip\\\",\\n    proto == 81, \\\"vmtp\\\",\\n    proto == 82, \\\"secure-vmtp\\\",\\n    proto == 83, \\\"vines\\\",\\n    proto == 84, \\\"iptm\\\",\\n    proto == 85, \\\"nsfnet-igp\\\",\\n    proto == 86, \\\"dgp\\\",\\n    proto == 87, \\\"tcf\\\",\\n    proto == 88, \\\"eigrp\\\",\\n    proto == 89, \\\"ospfigp\\\",\\n    proto == 90, \\\"sprite-rpc\\\",\\n    proto == 91, \\\"larp\\\",\\n    proto == 92, \\\"mtp\\\",\\n    proto == 93, \\\"ax.25\\\",\\n    proto == 94, \\\"ipip\\\",\\n    proto == 95, \\\"micp\\\",\\n    proto == 96, \\\"scc-sp\\\",\\n    proto == 97, \\\"etherip\\\",\\n    proto == 98, \\\"encap\\\",\\n    proto == 100, \\\"gmtp\\\",\\n    proto == 101, \\\"ifmp\\\",\\n    proto == 102, \\\"pnni\\\",\\n    proto == 103, \\\"pim\\\",\\n    proto == 104, \\\"aris\\\",\\n    proto == 105, \\\"scps\\\",\\n    proto == 106, \\\"qnx\\\",\\n    proto == 107, \\\"a/n\\\",\\n    proto == 108, \\\"ipcomp\\\",\\n    proto == 109, \\\"snp\\\",\\n    proto == 110, \\\"compaq-peer\\\",\\n    proto == 111, \\\"ipx-in-ip\\\",\\n    proto == 112, \\\"vrrp\\\",\\n    proto == 113, \\\"pgm\\\",\\n    proto == 115, \\\"l2tp\\\",\\n    proto == 116, \\\"ddx\\\",\\n    proto == 117, \\\"iatp\\\",\\n    proto == 118, \\\"stp\\\",\\n    proto == 119, \\\"srp\\\",\\n    proto == 120, \\\"uti\\\",\\n    proto == 121, \\\"smp\\\",\\n    proto == 122, \\\"sm\\\",\\n    proto == 123, \\\"ptp\\\",\\n    proto == 124, \\\"isis over ipv4\\\",\\n    proto == 125, \\\"fire\\\",\\n    proto == 126, \\\"crtp\\\",\\n    proto == 127, \\\"crudp\\\",\\n    proto == 128, \\\"sscopmce\\\",\\n    proto == 129, \\\"iplt\\\",\\n    proto == 130, \\\"sps\\\",\\n    proto == 131, \\\"pipe\\\",\\n    proto == 132, \\\"sctp\\\",\\n    proto == 133, \\\"fc\\\",\\n    proto == 134, \\\"rsvp-e2e-ignore\\\",\\n    proto == 135, \\\"mobility header\\\",\\n    proto == 136, \\\"udplite\\\",\\n    proto == 137, \\\"mpls-in-ip\\\",\\n    proto == 138, \\\"manet\\\",\\n    proto == 139, \\\"hip\\\",\\n    proto == 140, \\\"shim6\\\",\\n    proto == 141, \\\"wesp\\\",\\n    proto == 142, \\\"rohc\\\",\\n    proto == 143, \\\"ethernet\\\",\\n    proto == 144, \\\"aggfrag\\\",\\n    proto == 145, \\\"nsh\\\",\\n    proto >= 146 and proto <= 252, \\\"unknown\\\",\\n    proto == 253, \\\"unknown\\\",\\n    proto == 254, \\\"unknown\\\",\\n    proto == 255, \\\"reserved\\\",\\n    \\\"unknown\\\"\\n)\\n| extend service = strcat(dst_port, '/', protocolName)\\n| summarize service_count = count() by service\\n| top 5 by service_count\\n\",\"size\":0,\"title\":\"Top 5 Services by Flow Count\",\"color\":\"blue\",\"noDataMessage\":\"No services found\",\"timeContextFromParameter\":\"time_range\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"categoricalbar\",\"chartSettings\":{\"xAxis\":\"service\",\"yAxis\":[\"service_count\"],\"xSettings\":{\"label\":\"Destination Service\"},\"ySettings\":{\"label\":\"Count\"}}},\"name\":\"Top 5 Services by Flow Count\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Illumio_Flow_Events_CL\\n| where pd == 2 and (src_ip in ({src_ip}) or '*' in ({src_ip})) and (dst_ip in ({dst_ip}) or '*' in ({dst_ip})) and (src_labels has_any ({src_label}) or '*' in ({src_label})) and (dst_labels has_any ({dst_label}) or '*' in ({dst_label})) and (dst_port in ({dst_port}) or '*' in ({dst_port})) and (proto in ({protocol}) or '*' in ({protocol}))\\n| extend protocol = case(\\n    proto == -1, \\\"all\\\",\\n    proto == 0, \\\"hopopt\\\",\\n    proto == 1, \\\"icmp\\\",\\n    proto == 2, \\\"igmp\\\",\\n    proto == 3, \\\"ggp\\\",\\n    proto == 4, \\\"ipv4\\\",\\n    proto == 5, \\\"st\\\",\\n    proto == 6, \\\"tcp\\\",\\n    proto == 7, \\\"cbt\\\",\\n    proto == 8, \\\"egp\\\",\\n    proto == 9, \\\"igp\\\",\\n    proto == 10, \\\"bbn-rcc-mon\\\",\\n    proto == 11, \\\"nvp-ii\\\",\\n    proto == 12, \\\"pup\\\",\\n    proto == 13, \\\"argus\\\",\\n    proto == 14, \\\"emcon\\\",\\n    proto == 15, \\\"xnet\\\",\\n    proto == 16, \\\"chaos\\\",\\n    proto == 17, \\\"udp\\\",\\n    proto == 18, \\\"mux\\\",\\n    proto == 19, \\\"dcn-meas\\\",\\n    proto == 20, \\\"hmp\\\",\\n    proto == 21, \\\"prm\\\",\\n    proto == 22, \\\"xns-idp\\\",\\n    proto == 23, \\\"trunk-1\\\",\\n    proto == 24, \\\"trunk-2\\\",\\n    proto == 25, \\\"leaf-1\\\",\\n    proto == 26, \\\"leaf-2\\\",\\n    proto == 27, \\\"rdp\\\",\\n    proto == 28, \\\"irtp\\\",\\n    proto == 29, \\\"iso-tp4\\\",\\n    proto == 30, \\\"netblt\\\",\\n    proto == 31, \\\"mfe-nsp\\\",\\n    proto == 32, \\\"merit-inp\\\",\\n    proto == 33, \\\"dccp\\\",\\n    proto == 34, \\\"3pc\\\",\\n    proto == 35, \\\"idpr\\\",\\n    proto == 36, \\\"xtp\\\",\\n    proto == 37, \\\"ddp\\\",\\n    proto == 38, \\\"idpr-cmtp\\\",\\n    proto == 39, \\\"tp++\\\",\\n    proto == 40, \\\"il\\\",\\n    proto == 41, \\\"ipv6\\\",\\n    proto == 42, \\\"sdrp\\\",\\n    proto == 43, \\\"ipv6-route\\\",\\n    proto == 44, \\\"ipv6-frag\\\",\\n    proto == 45, \\\"idrp\\\",\\n    proto == 46, \\\"rsvp\\\",\\n    proto == 47, \\\"gre\\\",\\n    proto == 48, \\\"dsr\\\",\\n    proto == 49, \\\"bna\\\",\\n    proto == 50, \\\"esp\\\",\\n    proto == 51, \\\"ah\\\",\\n    proto == 52, \\\"i-nlsp\\\",\\n    proto == 53, \\\"swipe\\\",\\n    proto == 54, \\\"narp\\\",\\n    proto == 55, \\\"mobile\\\",\\n    proto == 56, \\\"tlsp\\\",\\n    proto == 57, \\\"skip\\\",\\n    proto == 58, \\\"ipv6-icmp\\\",\\n    proto == 59, \\\"ipv6-nonxt\\\",\\n    proto == 60, \\\"ipv6-opts\\\",\\n    proto == 62, \\\"cftp\\\",\\n    proto == 64, \\\"sat-expak\\\",\\n    proto == 65, \\\"kryptolan\\\",\\n    proto == 66, \\\"rvd\\\",\\n    proto == 67, \\\"ippc\\\",\\n    proto == 69, \\\"sat-mon\\\",\\n    proto == 70, \\\"visa\\\",\\n    proto == 71, \\\"ipcv\\\",\\n    proto == 72, \\\"cpnx\\\",\\n    proto == 73, \\\"cphb\\\",\\n    proto == 74, \\\"wsn\\\",\\n    proto == 75, \\\"pvp\\\",\\n    proto == 76, \\\"br-sat-mon\\\",\\n    proto == 77, \\\"sun-nd\\\",\\n    proto == 78, \\\"wb-mon\\\",\\n    proto == 79, \\\"wb-expak\\\",\\n    proto == 80, \\\"iso-ip\\\",\\n    proto == 81, \\\"vmtp\\\",\\n    proto == 82, \\\"secure-vmtp\\\",\\n    proto == 83, \\\"vines\\\",\\n    proto == 84, \\\"iptm\\\",\\n    proto == 85, \\\"nsfnet-igp\\\",\\n    proto == 86, \\\"dgp\\\",\\n    proto == 87, \\\"tcf\\\",\\n    proto == 88, \\\"eigrp\\\",\\n    proto == 89, \\\"ospfigp\\\",\\n    proto == 90, \\\"sprite-rpc\\\",\\n    proto == 91, \\\"larp\\\",\\n    proto == 92, \\\"mtp\\\",\\n    proto == 93, \\\"ax.25\\\",\\n    proto == 94, \\\"ipip\\\",\\n    proto == 95, \\\"micp\\\",\\n    proto == 96, \\\"scc-sp\\\",\\n    proto == 97, \\\"etherip\\\",\\n    proto == 98, \\\"encap\\\",\\n    proto == 100, \\\"gmtp\\\",\\n    proto == 101, \\\"ifmp\\\",\\n    proto == 102, \\\"pnni\\\",\\n    proto == 103, \\\"pim\\\",\\n    proto == 104, \\\"aris\\\",\\n    proto == 105, \\\"scps\\\",\\n    proto == 106, \\\"qnx\\\",\\n    proto == 107, \\\"a/n\\\",\\n    proto == 108, \\\"ipcomp\\\",\\n    proto == 109, \\\"snp\\\",\\n    proto == 110, \\\"compaq-peer\\\",\\n    proto == 111, \\\"ipx-in-ip\\\",\\n    proto == 112, \\\"vrrp\\\",\\n    proto == 113, \\\"pgm\\\",\\n    proto == 115, \\\"l2tp\\\",\\n    proto == 116, \\\"ddx\\\",\\n    proto == 117, \\\"iatp\\\",\\n    proto == 118, \\\"stp\\\",\\n    proto == 119, \\\"srp\\\",\\n    proto == 120, \\\"uti\\\",\\n    proto == 121, \\\"smp\\\",\\n    proto == 122, \\\"sm\\\",\\n    proto == 123, \\\"ptp\\\",\\n    proto == 124, \\\"isis over ipv4\\\",\\n    proto == 125, \\\"fire\\\",\\n    proto == 126, \\\"crtp\\\",\\n    proto == 127, \\\"crudp\\\",\\n    proto == 128, \\\"sscopmce\\\",\\n    proto == 129, \\\"iplt\\\",\\n    proto == 130, \\\"sps\\\",\\n    proto == 131, \\\"pipe\\\",\\n    proto == 132, \\\"sctp\\\",\\n    proto == 133, \\\"fc\\\",\\n    proto == 134, \\\"rsvp-e2e-ignore\\\",\\n    proto == 135, \\\"mobility header\\\",\\n    proto == 136, \\\"udplite\\\",\\n    proto == 137, \\\"mpls-in-ip\\\",\\n    proto == 138, \\\"manet\\\",\\n    proto == 139, \\\"hip\\\",\\n    proto == 140, \\\"shim6\\\",\\n    proto == 141, \\\"wesp\\\",\\n    proto == 142, \\\"rohc\\\",\\n    proto == 143, \\\"ethernet\\\",\\n    proto == 144, \\\"aggfrag\\\",\\n    proto == 145, \\\"nsh\\\",\\n    proto >= 146 and proto <= 252, \\\"unknown\\\",\\n    proto == 253, \\\"unknown\\\",\\n    proto == 254, \\\"unknown\\\",\\n    proto == 255, \\\"reserved\\\",\\n    \\\"unknown\\\"\\n)\\n| project TimeGenerated, src_ip, src_hostname, src_labels, dst_ip, dst_hostname, dst_port, dst_labels, protocol\\n\\n\",\"size\":0,\"title\":\"Blocked Traffic\",\"timeContextFromParameter\":\"time_range\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"Blocked Traffic\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Illumio_Flow_Events_CL\\n| where pd == 1 and (src_ip in ({src_ip}) or '*' in ({src_ip})) and (dst_ip in ({dst_ip}) or '*' in ({dst_ip})) and (src_labels has_any ({src_label}) or '*' in ({src_label})) and (dst_labels has_any ({dst_label}) or '*' in ({dst_label})) and (dst_port in ({dst_port}) or '*' in ({dst_port})) and (proto in ({protocol}) or '*' in ({protocol}))\\n| extend protocol = case(\\n    proto == -1, \\\"all\\\",\\n    proto == 0, \\\"hopopt\\\",\\n    proto == 1, \\\"icmp\\\",\\n    proto == 2, \\\"igmp\\\",\\n    proto == 3, \\\"ggp\\\",\\n    proto == 4, \\\"ipv4\\\",\\n    proto == 5, \\\"st\\\",\\n    proto == 6, \\\"tcp\\\",\\n    proto == 7, \\\"cbt\\\",\\n    proto == 8, \\\"egp\\\",\\n    proto == 9, \\\"igp\\\",\\n    proto == 10, \\\"bbn-rcc-mon\\\",\\n    proto == 11, \\\"nvp-ii\\\",\\n    proto == 12, \\\"pup\\\",\\n    proto == 13, \\\"argus\\\",\\n    proto == 14, \\\"emcon\\\",\\n    proto == 15, \\\"xnet\\\",\\n    proto == 16, \\\"chaos\\\",\\n    proto == 17, \\\"udp\\\",\\n    proto == 18, \\\"mux\\\",\\n    proto == 19, \\\"dcn-meas\\\",\\n    proto == 20, \\\"hmp\\\",\\n    proto == 21, \\\"prm\\\",\\n    proto == 22, \\\"xns-idp\\\",\\n    proto == 23, \\\"trunk-1\\\",\\n    proto == 24, \\\"trunk-2\\\",\\n    proto == 25, \\\"leaf-1\\\",\\n    proto == 26, \\\"leaf-2\\\",\\n    proto == 27, \\\"rdp\\\",\\n    proto == 28, \\\"irtp\\\",\\n    proto == 29, \\\"iso-tp4\\\",\\n    proto == 30, \\\"netblt\\\",\\n    proto == 31, \\\"mfe-nsp\\\",\\n    proto == 32, \\\"merit-inp\\\",\\n    proto == 33, \\\"dccp\\\",\\n    proto == 34, \\\"3pc\\\",\\n    proto == 35, \\\"idpr\\\",\\n    proto == 36, \\\"xtp\\\",\\n    proto == 37, \\\"ddp\\\",\\n    proto == 38, \\\"idpr-cmtp\\\",\\n    proto == 39, \\\"tp++\\\",\\n    proto == 40, \\\"il\\\",\\n    proto == 41, \\\"ipv6\\\",\\n    proto == 42, \\\"sdrp\\\",\\n    proto == 43, \\\"ipv6-route\\\",\\n    proto == 44, \\\"ipv6-frag\\\",\\n    proto == 45, \\\"idrp\\\",\\n    proto == 46, \\\"rsvp\\\",\\n    proto == 47, \\\"gre\\\",\\n    proto == 48, \\\"dsr\\\",\\n    proto == 49, \\\"bna\\\",\\n    proto == 50, \\\"esp\\\",\\n    proto == 51, \\\"ah\\\",\\n    proto == 52, \\\"i-nlsp\\\",\\n    proto == 53, \\\"swipe\\\",\\n    proto == 54, \\\"narp\\\",\\n    proto == 55, \\\"mobile\\\",\\n    proto == 56, \\\"tlsp\\\",\\n    proto == 57, \\\"skip\\\",\\n    proto == 58, \\\"ipv6-icmp\\\",\\n    proto == 59, \\\"ipv6-nonxt\\\",\\n    proto == 60, \\\"ipv6-opts\\\",\\n    proto == 62, \\\"cftp\\\",\\n    proto == 64, \\\"sat-expak\\\",\\n    proto == 65, \\\"kryptolan\\\",\\n    proto == 66, \\\"rvd\\\",\\n    proto == 67, \\\"ippc\\\",\\n    proto == 69, \\\"sat-mon\\\",\\n    proto == 70, \\\"visa\\\",\\n    proto == 71, \\\"ipcv\\\",\\n    proto == 72, \\\"cpnx\\\",\\n    proto == 73, \\\"cphb\\\",\\n    proto == 74, \\\"wsn\\\",\\n    proto == 75, \\\"pvp\\\",\\n    proto == 76, \\\"br-sat-mon\\\",\\n    proto == 77, \\\"sun-nd\\\",\\n    proto == 78, \\\"wb-mon\\\",\\n    proto == 79, \\\"wb-expak\\\",\\n    proto == 80, \\\"iso-ip\\\",\\n    proto == 81, \\\"vmtp\\\",\\n    proto == 82, \\\"secure-vmtp\\\",\\n    proto == 83, \\\"vines\\\",\\n    proto == 84, \\\"iptm\\\",\\n    proto == 85, \\\"nsfnet-igp\\\",\\n    proto == 86, \\\"dgp\\\",\\n    proto == 87, \\\"tcf\\\",\\n    proto == 88, \\\"eigrp\\\",\\n    proto == 89, \\\"ospfigp\\\",\\n    proto == 90, \\\"sprite-rpc\\\",\\n    proto == 91, \\\"larp\\\",\\n    proto == 92, \\\"mtp\\\",\\n    proto == 93, \\\"ax.25\\\",\\n    proto == 94, \\\"ipip\\\",\\n    proto == 95, \\\"micp\\\",\\n    proto == 96, \\\"scc-sp\\\",\\n    proto == 97, \\\"etherip\\\",\\n    proto == 98, \\\"encap\\\",\\n    proto == 100, \\\"gmtp\\\",\\n    proto == 101, \\\"ifmp\\\",\\n    proto == 102, \\\"pnni\\\",\\n    proto == 103, \\\"pim\\\",\\n    proto == 104, \\\"aris\\\",\\n    proto == 105, \\\"scps\\\",\\n    proto == 106, \\\"qnx\\\",\\n    proto == 107, \\\"a/n\\\",\\n    proto == 108, \\\"ipcomp\\\",\\n    proto == 109, \\\"snp\\\",\\n    proto == 110, \\\"compaq-peer\\\",\\n    proto == 111, \\\"ipx-in-ip\\\",\\n    proto == 112, \\\"vrrp\\\",\\n    proto == 113, \\\"pgm\\\",\\n    proto == 115, \\\"l2tp\\\",\\n    proto == 116, \\\"ddx\\\",\\n    proto == 117, \\\"iatp\\\",\\n    proto == 118, \\\"stp\\\",\\n    proto == 119, \\\"srp\\\",\\n    proto == 120, \\\"uti\\\",\\n    proto == 121, \\\"smp\\\",\\n    proto == 122, \\\"sm\\\",\\n    proto == 123, \\\"ptp\\\",\\n    proto == 124, \\\"isis over ipv4\\\",\\n    proto == 125, \\\"fire\\\",\\n    proto == 126, \\\"crtp\\\",\\n    proto == 127, \\\"crudp\\\",\\n    proto == 128, \\\"sscopmce\\\",\\n    proto == 129, \\\"iplt\\\",\\n    proto == 130, \\\"sps\\\",\\n    proto == 131, \\\"pipe\\\",\\n    proto == 132, \\\"sctp\\\",\\n    proto == 133, \\\"fc\\\",\\n    proto == 134, \\\"rsvp-e2e-ignore\\\",\\n    proto == 135, \\\"mobility header\\\",\\n    proto == 136, \\\"udplite\\\",\\n    proto == 137, \\\"mpls-in-ip\\\",\\n    proto == 138, \\\"manet\\\",\\n    proto == 139, \\\"hip\\\",\\n    proto == 140, \\\"shim6\\\",\\n    proto == 141, \\\"wesp\\\",\\n    proto == 142, \\\"rohc\\\",\\n    proto == 143, \\\"ethernet\\\",\\n    proto == 144, \\\"aggfrag\\\",\\n    proto == 145, \\\"nsh\\\",\\n    proto >= 146 and proto <= 252, \\\"unknown\\\",\\n    proto == 253, \\\"unknown\\\",\\n    proto == 254, \\\"unknown\\\",\\n    proto == 255, \\\"reserved\\\",\\n    \\\"unknown\\\"\\n)\\n| project TimeGenerated, src_ip, src_hostname, src_labels, dst_ip, dst_hostname, dst_port, dst_labels, protocol\\n\\n\",\"size\":0,\"title\":\"Potentially blocked traffic\",\"timeContextFromParameter\":\"time_range\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"Potentially blocked traffic\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Illumio_Flow_Events_CL\\n| where pd == 0 and  (src_ip in ({src_ip}) or '*' in ({src_ip})) and (dst_ip in ({dst_ip}) or '*' in ({dst_ip})) and (src_labels has_any ({src_label}) or '*' in ({src_label})) and (dst_labels has_any ({dst_label}) or '*' in ({dst_label})) and (dst_port in ({dst_port}) or '*' in ({dst_port})) and (proto in ({protocol}) or '*' in ({protocol}))\\n| extend protocol = case(\\n    proto == -1, \\\"all\\\",\\n    proto == 0, \\\"hopopt\\\",\\n    proto == 1, \\\"icmp\\\",\\n    proto == 2, \\\"igmp\\\",\\n    proto == 3, \\\"ggp\\\",\\n    proto == 4, \\\"ipv4\\\",\\n    proto == 5, \\\"st\\\",\\n    proto == 6, \\\"tcp\\\",\\n    proto == 7, \\\"cbt\\\",\\n    proto == 8, \\\"egp\\\",\\n    proto == 9, \\\"igp\\\",\\n    proto == 10, \\\"bbn-rcc-mon\\\",\\n    proto == 11, \\\"nvp-ii\\\",\\n    proto == 12, \\\"pup\\\",\\n    proto == 13, \\\"argus\\\",\\n    proto == 14, \\\"emcon\\\",\\n    proto == 15, \\\"xnet\\\",\\n    proto == 16, \\\"chaos\\\",\\n    proto == 17, \\\"udp\\\",\\n    proto == 18, \\\"mux\\\",\\n    proto == 19, \\\"dcn-meas\\\",\\n    proto == 20, \\\"hmp\\\",\\n    proto == 21, \\\"prm\\\",\\n    proto == 22, \\\"xns-idp\\\",\\n    proto == 23, \\\"trunk-1\\\",\\n    proto == 24, \\\"trunk-2\\\",\\n    proto == 25, \\\"leaf-1\\\",\\n    proto == 26, \\\"leaf-2\\\",\\n    proto == 27, \\\"rdp\\\",\\n    proto == 28, \\\"irtp\\\",\\n    proto == 29, \\\"iso-tp4\\\",\\n    proto == 30, \\\"netblt\\\",\\n    proto == 31, \\\"mfe-nsp\\\",\\n    proto == 32, \\\"merit-inp\\\",\\n    proto == 33, \\\"dccp\\\",\\n    proto == 34, \\\"3pc\\\",\\n    proto == 35, \\\"idpr\\\",\\n    proto == 36, \\\"xtp\\\",\\n    proto == 37, \\\"ddp\\\",\\n    proto == 38, \\\"idpr-cmtp\\\",\\n    proto == 39, \\\"tp++\\\",\\n    proto == 40, \\\"il\\\",\\n    proto == 41, \\\"ipv6\\\",\\n    proto == 42, \\\"sdrp\\\",\\n    proto == 43, \\\"ipv6-route\\\",\\n    proto == 44, \\\"ipv6-frag\\\",\\n    proto == 45, \\\"idrp\\\",\\n    proto == 46, \\\"rsvp\\\",\\n    proto == 47, \\\"gre\\\",\\n    proto == 48, \\\"dsr\\\",\\n    proto == 49, \\\"bna\\\",\\n    proto == 50, \\\"esp\\\",\\n    proto == 51, \\\"ah\\\",\\n    proto == 52, \\\"i-nlsp\\\",\\n    proto == 53, \\\"swipe\\\",\\n    proto == 54, \\\"narp\\\",\\n    proto == 55, \\\"mobile\\\",\\n    proto == 56, \\\"tlsp\\\",\\n    proto == 57, \\\"skip\\\",\\n    proto == 58, \\\"ipv6-icmp\\\",\\n    proto == 59, \\\"ipv6-nonxt\\\",\\n    proto == 60, \\\"ipv6-opts\\\",\\n    proto == 62, \\\"cftp\\\",\\n    proto == 64, \\\"sat-expak\\\",\\n    proto == 65, \\\"kryptolan\\\",\\n    proto == 66, \\\"rvd\\\",\\n    proto == 67, \\\"ippc\\\",\\n    proto == 69, \\\"sat-mon\\\",\\n    proto == 70, \\\"visa\\\",\\n    proto == 71, \\\"ipcv\\\",\\n    proto == 72, \\\"cpnx\\\",\\n    proto == 73, \\\"cphb\\\",\\n    proto == 74, \\\"wsn\\\",\\n    proto == 75, \\\"pvp\\\",\\n    proto == 76, \\\"br-sat-mon\\\",\\n    proto == 77, \\\"sun-nd\\\",\\n    proto == 78, \\\"wb-mon\\\",\\n    proto == 79, \\\"wb-expak\\\",\\n    proto == 80, \\\"iso-ip\\\",\\n    proto == 81, \\\"vmtp\\\",\\n    proto == 82, \\\"secure-vmtp\\\",\\n    proto == 83, \\\"vines\\\",\\n    proto == 84, \\\"iptm\\\",\\n    proto == 85, \\\"nsfnet-igp\\\",\\n    proto == 86, \\\"dgp\\\",\\n    proto == 87, \\\"tcf\\\",\\n    proto == 88, \\\"eigrp\\\",\\n    proto == 89, \\\"ospfigp\\\",\\n    proto == 90, \\\"sprite-rpc\\\",\\n    proto == 91, \\\"larp\\\",\\n    proto == 92, \\\"mtp\\\",\\n    proto == 93, \\\"ax.25\\\",\\n    proto == 94, \\\"ipip\\\",\\n    proto == 95, \\\"micp\\\",\\n    proto == 96, \\\"scc-sp\\\",\\n    proto == 97, \\\"etherip\\\",\\n    proto == 98, \\\"encap\\\",\\n    proto == 100, \\\"gmtp\\\",\\n    proto == 101, \\\"ifmp\\\",\\n    proto == 102, \\\"pnni\\\",\\n    proto == 103, \\\"pim\\\",\\n    proto == 104, \\\"aris\\\",\\n    proto == 105, \\\"scps\\\",\\n    proto == 106, \\\"qnx\\\",\\n    proto == 107, \\\"a/n\\\",\\n    proto == 108, \\\"ipcomp\\\",\\n    proto == 109, \\\"snp\\\",\\n    proto == 110, \\\"compaq-peer\\\",\\n    proto == 111, \\\"ipx-in-ip\\\",\\n    proto == 112, \\\"vrrp\\\",\\n    proto == 113, \\\"pgm\\\",\\n    proto == 115, \\\"l2tp\\\",\\n    proto == 116, \\\"ddx\\\",\\n    proto == 117, \\\"iatp\\\",\\n    proto == 118, \\\"stp\\\",\\n    proto == 119, \\\"srp\\\",\\n    proto == 120, \\\"uti\\\",\\n    proto == 121, \\\"smp\\\",\\n    proto == 122, \\\"sm\\\",\\n    proto == 123, \\\"ptp\\\",\\n    proto == 124, \\\"isis over ipv4\\\",\\n    proto == 125, \\\"fire\\\",\\n    proto == 126, \\\"crtp\\\",\\n    proto == 127, \\\"crudp\\\",\\n    proto == 128, \\\"sscopmce\\\",\\n    proto == 129, \\\"iplt\\\",\\n    proto == 130, \\\"sps\\\",\\n    proto == 131, \\\"pipe\\\",\\n    proto == 132, \\\"sctp\\\",\\n    proto == 133, \\\"fc\\\",\\n    proto == 134, \\\"rsvp-e2e-ignore\\\",\\n    proto == 135, \\\"mobility header\\\",\\n    proto == 136, \\\"udplite\\\",\\n    proto == 137, \\\"mpls-in-ip\\\",\\n    proto == 138, \\\"manet\\\",\\n    proto == 139, \\\"hip\\\",\\n    proto == 140, \\\"shim6\\\",\\n    proto == 141, \\\"wesp\\\",\\n    proto == 142, \\\"rohc\\\",\\n    proto == 143, \\\"ethernet\\\",\\n    proto == 144, \\\"aggfrag\\\",\\n    proto == 145, \\\"nsh\\\",\\n    proto >= 146 and proto <= 252, \\\"unknown\\\",\\n    proto == 253, \\\"unknown\\\",\\n    proto == 254, \\\"unknown\\\",\\n    proto == 255, \\\"reserved\\\",\\n    \\\"unknown\\\"\\n)\\n| project TimeGenerated, src_ip, src_hostname, src_labels, dst_ip, dst_hostname, dst_port, dst_labels, protocol\\n\",\"size\":0,\"title\":\"Allowed traffic\",\"timeContextFromParameter\":\"time_range\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"Allowed traffic\"}]},\"name\":\"Traffic Explorer\"}],\"fromTemplateId\":\"sentinel-FlowDataWorkbook\",\"$schema\":\"https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json\"}\r\n",
+                "serializedData": "{\"version\":\"Notebook/1.0\",\"items\":[{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"ebc4e534-7a4a-41be-b365-ddcd4f564090\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"time_range\",\"label\":\"Time Range\",\"type\":4,\"description\":\"As a time filter\",\"isGlobal\":true,\"typeSettings\":{\"selectableValues\":[{\"durationMs\":1800000},{\"durationMs\":3600000},{\"durationMs\":14400000},{\"durationMs\":43200000},{\"durationMs\":86400000},{\"durationMs\":259200000},{\"durationMs\":604800000}],\"allowCustom\":true},\"timeContext\":{\"durationMs\":86400000},\"value\":{\"durationMs\":86400000}}],\"style\":\"above\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"parameters - 7\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Illumio_Flow_Events_CL\\n| summarize count() by bin(TimeGenerated, 1h)\",\"size\":0,\"title\":\"Traffic every hour\",\"timeContextFromParameter\":\"time_range\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"linechart\",\"chartSettings\":{\"showLegend\":true,\"showDataPoints\":true,\"xSettings\":{\"label\":\"Time\"},\"ySettings\":{\"label\":\"Traffic Connections\"}}},\"name\":\"traffic-every-hour\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Trafficked Workload Stats\",\"items\":[{\"type\":1,\"content\":{\"json\":\"#### Enter the number of workloads for which the inbound and outbound connections are to be fetched. These workloads will be ordered by connection count. \",\"style\":\"info\"},\"name\":\"text - 4\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"0dead08f-24f5-40b3-a011-a59e007a8e70\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"workload_count\",\"label\":\"Workload Count\",\"type\":1,\"description\":\"Provide an integer that denotes the limit for retrieving most trafficked workloads\",\"query\":\"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": 5, \\\\\\\"label\\\\\\\": 5, \\\\\\\"selected\\\\\\\": true}\\\"}\\n\",\"timeContext\":{\"durationMs\":86400000},\"queryType\":8,\"value\":\"10\"}],\"style\":\"pills\",\"queryType\":8},\"name\":\"parameters - 8\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let workload_count = {workload_count};\\nIllumio_Flow_Events_CL\\n| extend hostname = coalesce(src_hostname, dst_hostname)\\n| summarize Count = count() by hostname, dir\\n| summarize InboundCount = sum(iff(dir == \\\"I\\\", Count, 0)), OutboundCount = sum(iff(dir == \\\"O\\\", Count, 0)) by hostname\\n| top workload_count by hostname\\n\",\"size\":0,\"title\":\"Most Trafficked Workloads\",\"timeContextFromParameter\":\"time_range\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"categoricalbar\",\"tileSettings\":{\"showBorder\":false,\"titleContent\":{\"columnMatch\":\"workload\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"Count\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"},\"numberFormat\":{\"unit\":17,\"options\":{\"maximumSignificantDigits\":3,\"maximumFractionDigits\":2}}}},\"chartSettings\":{\"xAxis\":\"hostname\",\"showLegend\":true,\"xSettings\":{\"label\":\"Workloads\"},\"ySettings\":{\"label\":\"Traffic Connections\"}}},\"name\":\"Most Trafficked Workloads\"}]},\"name\":\"MostTraffickedWorkload\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Traffic Explorer\",\"items\":[{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Filters for querying traffic data\",\"expandable\":true,\"expanded\":true,\"items\":[{\"type\":1,\"content\":{\"json\":\"## Traffic Explorer\\n### Please enter source ip, destination ip, destination port, protocol, time range to filter traffic records. \\n### All records are returned unless provided.\\n\",\"style\":\"info\"},\"name\":\"text - 9\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"8ab7ce90-16a6-4e7e-85b7-292234a9d3c1\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"src_ip\",\"label\":\"Source IP\",\"type\":2,\"description\":\"Select source ip\",\"multiSelect\":true,\"quote\":\"'\",\"delimiter\":\",\",\"query\":\"Illumio_Flow_Events_CL\\n| summarize by src_ip\",\"typeSettings\":{\"additionalResourceOptions\":[\"value::all\"],\"selectAllValue\":\"*\",\"showDefault\":false},\"timeContext\":{\"durationMs\":86400000},\"timeContextFromParameter\":\"time_range\",\"defaultValue\":\"value::all\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"value\":[\"value::all\"]},{\"id\":\"24f11ee0-0b0b-4c79-918b-01df57233aa2\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"dst_ip\",\"label\":\"Destination IP\",\"type\":2,\"description\":\"Select destination ips\",\"multiSelect\":true,\"quote\":\"'\",\"delimiter\":\",\",\"query\":\"Illumio_Flow_Events_CL\\n| summarize by dst_ip\",\"typeSettings\":{\"additionalResourceOptions\":[\"value::all\"],\"selectAllValue\":\"*\",\"showDefault\":false},\"timeContext\":{\"durationMs\":86400000},\"timeContextFromParameter\":\"time_range\",\"defaultValue\":\"value::all\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},{\"id\":\"eb9fe16e-be04-479d-9389-0095c2b43d50\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"dst_port\",\"label\":\"Destination Port\",\"type\":2,\"description\":\"Select destination port\",\"multiSelect\":true,\"quote\":\"'\",\"delimiter\":\",\",\"query\":\"Illumio_Flow_Events_CL\\n| summarize by dst_port\",\"typeSettings\":{\"additionalResourceOptions\":[\"value::all\"],\"selectAllValue\":\"*\"},\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"time_range\",\"defaultValue\":\"value::all\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"value\":[\"value::all\"]},{\"id\":\"416ab303-c10f-47c1-9f01-7c1324699b49\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"protocol\",\"label\":\"Protocol\",\"type\":2,\"description\":\"Protocol for fetching traffic records. For multiple, use comma as delimiter like 6,17\",\"multiSelect\":true,\"quote\":\"'\",\"delimiter\":\",\",\"query\":\"Illumio_Flow_Events_CL\\n| summarize by proto\\n| extend protocolName = case(\\n    proto == -1, \\\"all\\\",\\n    proto == 0, \\\"hopopt\\\",\\n    proto == 1, \\\"icmp\\\",\\n    proto == 2, \\\"igmp\\\",\\n    proto == 3, \\\"ggp\\\",\\n    proto == 4, \\\"ipv4\\\",\\n    proto == 5, \\\"st\\\",\\n    proto == 6, \\\"tcp\\\",\\n    proto == 7, \\\"cbt\\\",\\n    proto == 8, \\\"egp\\\",\\n    proto == 9, \\\"igp\\\",\\n    proto == 10, \\\"bbn-rcc-mon\\\",\\n    proto == 11, \\\"nvp-ii\\\",\\n    proto == 12, \\\"pup\\\",\\n    proto == 13, \\\"argus\\\",\\n    proto == 14, \\\"emcon\\\",\\n    proto == 15, \\\"xnet\\\",\\n    proto == 16, \\\"chaos\\\",\\n    proto == 17, \\\"udp\\\",\\n    proto == 18, \\\"mux\\\",\\n    proto == 19, \\\"dcn-meas\\\",\\n    proto == 20, \\\"hmp\\\",\\n    proto == 21, \\\"prm\\\",\\n    proto == 22, \\\"xns-idp\\\",\\n    proto == 23, \\\"trunk-1\\\",\\n    proto == 24, \\\"trunk-2\\\",\\n    proto == 25, \\\"leaf-1\\\",\\n    proto == 26, \\\"leaf-2\\\",\\n    proto == 27, \\\"rdp\\\",\\n    proto == 28, \\\"irtp\\\",\\n    proto == 29, \\\"iso-tp4\\\",\\n    proto == 30, \\\"netblt\\\",\\n    proto == 31, \\\"mfe-nsp\\\",\\n    proto == 32, \\\"merit-inp\\\",\\n    proto == 33, \\\"dccp\\\",\\n    proto == 34, \\\"3pc\\\",\\n    proto == 35, \\\"idpr\\\",\\n    proto == 36, \\\"xtp\\\",\\n    proto == 37, \\\"ddp\\\",\\n    proto == 38, \\\"idpr-cmtp\\\",\\n    proto == 39, \\\"tp++\\\",\\n    proto == 40, \\\"il\\\",\\n    proto == 41, \\\"ipv6\\\",\\n    proto == 42, \\\"sdrp\\\",\\n    proto == 43, \\\"ipv6-route\\\",\\n    proto == 44, \\\"ipv6-frag\\\",\\n    proto == 45, \\\"idrp\\\",\\n    proto == 46, \\\"rsvp\\\",\\n    proto == 47, \\\"gre\\\",\\n    proto == 48, \\\"dsr\\\",\\n    proto == 49, \\\"bna\\\",\\n    proto == 50, \\\"esp\\\",\\n    proto == 51, \\\"ah\\\",\\n    proto == 52, \\\"i-nlsp\\\",\\n    proto == 53, \\\"swipe\\\",\\n    proto == 54, \\\"narp\\\",\\n    proto == 55, \\\"mobile\\\",\\n    proto == 56, \\\"tlsp\\\",\\n    proto == 57, \\\"skip\\\",\\n    proto == 58, \\\"ipv6-icmp\\\",\\n    proto == 59, \\\"ipv6-nonxt\\\",\\n    proto == 60, \\\"ipv6-opts\\\",\\n    proto == 62, \\\"cftp\\\",\\n    proto == 64, \\\"sat-expak\\\",\\n    proto == 65, \\\"kryptolan\\\",\\n    proto == 66, \\\"rvd\\\",\\n    proto == 67, \\\"ippc\\\",\\n    proto == 69, \\\"sat-mon\\\",\\n    proto == 70, \\\"visa\\\",\\n    proto == 71, \\\"ipcv\\\",\\n    proto == 72, \\\"cpnx\\\",\\n    proto == 73, \\\"cphb\\\",\\n    proto == 74, \\\"wsn\\\",\\n    proto == 75, \\\"pvp\\\",\\n    proto == 76, \\\"br-sat-mon\\\",\\n    proto == 77, \\\"sun-nd\\\",\\n    proto == 78, \\\"wb-mon\\\",\\n    proto == 79, \\\"wb-expak\\\",\\n    proto == 80, \\\"iso-ip\\\",\\n    proto == 81, \\\"vmtp\\\",\\n    proto == 82, \\\"secure-vmtp\\\",\\n    proto == 83, \\\"vines\\\",\\n    proto == 84, \\\"iptm\\\",\\n    proto == 85, \\\"nsfnet-igp\\\",\\n    proto == 86, \\\"dgp\\\",\\n    proto == 87, \\\"tcf\\\",\\n    proto == 88, \\\"eigrp\\\",\\n    proto == 89, \\\"ospfigp\\\",\\n    proto == 90, \\\"sprite-rpc\\\",\\n    proto == 91, \\\"larp\\\",\\n    proto == 92, \\\"mtp\\\",\\n    proto == 93, \\\"ax.25\\\",\\n    proto == 94, \\\"ipip\\\",\\n    proto == 95, \\\"micp\\\",\\n    proto == 96, \\\"scc-sp\\\",\\n    proto == 97, \\\"etherip\\\",\\n    proto == 98, \\\"encap\\\",\\n    proto == 100, \\\"gmtp\\\",\\n    proto == 101, \\\"ifmp\\\",\\n    proto == 102, \\\"pnni\\\",\\n    proto == 103, \\\"pim\\\",\\n    proto == 104, \\\"aris\\\",\\n    proto == 105, \\\"scps\\\",\\n    proto == 106, \\\"qnx\\\",\\n    proto == 107, \\\"a/n\\\",\\n    proto == 108, \\\"ipcomp\\\",\\n    proto == 109, \\\"snp\\\",\\n    proto == 110, \\\"compaq-peer\\\",\\n    proto == 111, \\\"ipx-in-ip\\\",\\n    proto == 112, \\\"vrrp\\\",\\n    proto == 113, \\\"pgm\\\",\\n    proto == 115, \\\"l2tp\\\",\\n    proto == 116, \\\"ddx\\\",\\n    proto == 117, \\\"iatp\\\",\\n    proto == 118, \\\"stp\\\",\\n    proto == 119, \\\"srp\\\",\\n    proto == 120, \\\"uti\\\",\\n    proto == 121, \\\"smp\\\",\\n    proto == 122, \\\"sm\\\",\\n    proto == 123, \\\"ptp\\\",\\n    proto == 124, \\\"isis over ipv4\\\",\\n    proto == 125, \\\"fire\\\",\\n    proto == 126, \\\"crtp\\\",\\n    proto == 127, \\\"crudp\\\",\\n    proto == 128, \\\"sscopmce\\\",\\n    proto == 129, \\\"iplt\\\",\\n    proto == 130, \\\"sps\\\",\\n    proto == 131, \\\"pipe\\\",\\n    proto == 132, \\\"sctp\\\",\\n    proto == 133, \\\"fc\\\",\\n    proto == 134, \\\"rsvp-e2e-ignore\\\",\\n    proto == 135, \\\"mobility header\\\",\\n    proto == 136, \\\"udplite\\\",\\n    proto == 137, \\\"mpls-in-ip\\\",\\n    proto == 138, \\\"manet\\\",\\n    proto == 139, \\\"hip\\\",\\n    proto == 140, \\\"shim6\\\",\\n    proto == 141, \\\"wesp\\\",\\n    proto == 142, \\\"rohc\\\",\\n    proto == 143, \\\"ethernet\\\",\\n    proto == 144, \\\"aggfrag\\\",\\n    proto == 145, \\\"nsh\\\",\\n    proto >= 146 and proto <= 252, \\\"unknown\\\",\\n    proto == 253, \\\"unknown\\\",\\n    proto == 254, \\\"unknown\\\",\\n    proto == 255, \\\"reserved\\\",\\n    \\\"unknown\\\"\\n)\\n\",\"typeSettings\":{\"additionalResourceOptions\":[\"value::all\"],\"selectAllValue\":\"*\",\"showDefault\":false},\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"time_range\",\"defaultValue\":\"value::all\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"value\":[\"value::all\"]},{\"id\":\"f07c08c2-ff0f-42a7-adc6-4fd5d7f1cb19\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"src_label\",\"label\":\"Source Label\",\"type\":2,\"description\":\"Filter for source labels\",\"multiSelect\":true,\"quote\":\"'\",\"delimiter\":\",\",\"query\":\"Illumio_Flow_Events_CL\\n| where src_labels != ''\\n| extend parsed_labels = parse_json(src_labels)\\n| mv-expand kind=array parsed_labels\\n| extend src_label=tostring(parsed_labels[1])\\n| summarize by src_label\",\"typeSettings\":{\"additionalResourceOptions\":[\"value::all\"],\"selectAllValue\":\"*\",\"showDefault\":false},\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"time_range\",\"defaultValue\":\"value::all\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"value\":[\"value::all\"]},{\"id\":\"9d5cb77f-31a5-41ed-8849-aaee2b513f54\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"dst_label\",\"label\":\"Destination Label\",\"type\":2,\"description\":\"Filter for destination label\",\"multiSelect\":true,\"quote\":\"'\",\"delimiter\":\",\",\"query\":\"Illumio_Flow_Events_CL\\n| where dst_labels != ''\\n| extend parsed_labels = parse_json(dst_labels)\\n| mv-expand kind=array parsed_labels\\n| extend dst_label=tostring(parsed_labels[1])\\n| summarize by dst_label\",\"typeSettings\":{\"additionalResourceOptions\":[\"value::all\"],\"selectAllValue\":\"*\",\"showDefault\":false},\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"time_range\",\"defaultValue\":\"value::all\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"value\":[\"value::all\"]}],\"style\":\"formHorizontal\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"30\",\"name\":\"all_traffic_params\",\"styleSettings\":{\"maxWidth\":\"30\"}}],\"exportParameters\":true},\"name\":\"parameters_group\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Illumio_Flow_Events_CL\\n| where (src_ip in ({src_ip}) or '*' in ({src_ip})) and (dst_ip in ({dst_ip}) or '*' in ({dst_ip})) and  (dst_labels has_any ({dst_label}) or '*' in ({dst_label}))  and  (src_labels has_any ({src_label}) or '*' in ({src_label})) and (dst_port in ({dst_port}) or '*' in ({dst_port})) and (proto in ({protocol}) or '*' in ({protocol})) \\n| extend policy_decision = \\n    case(pd == 0, \\\"Allowed\\\",\\n         pd == 1, \\\"Potentially Blocked\\\",\\n         pd == 2, \\\"Blocked\\\",\\n        \\\"Unknown\\\")\\n| summarize count() by policy_decision\\n\",\"size\":2,\"title\":\"Flow count by policy decision\",\"timeContextFromParameter\":\"time_range\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"piechart\",\"chartSettings\":{\"seriesLabelSettings\":[{\"seriesName\":\"Potentially Blocked\",\"color\":\"yellow\"},{\"seriesName\":\"Allowed\",\"color\":\"green\"},{\"seriesName\":\"Blocked\",\"color\":\"red\"},{\"seriesName\":\"Unknown\",\"color\":\"gray\"}]}},\"customWidth\":\"50\",\"name\":\"Flow count by policy decision\",\"styleSettings\":{\"maxWidth\":\"50\"}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"\\nIllumio_Flow_Events_CL\\n| where (src_ip in ({src_ip}) or '*' in ({src_ip})) and (dst_ip in ({dst_ip}) or '*' in ({dst_ip})) and (src_labels has_any ({src_label}) or '*' in ({src_label}))  and (dst_labels has_any ({dst_label}) or '*' in ({dst_label})) and (dst_port in ({dst_port}) or '*' in ({dst_port})) and (proto in ({protocol}) or '*' in ({protocol}))\\n| extend class_type = \\n    case(class == 'B', 'Broadcast',\\n         class == 'M', 'Multicast',\\n         class == 'U', \\\"Unicast\\\",\\n        \\\"Unknown\\\")\\n| summarize count() by class_type\\n\",\"size\":2,\"title\":\"Flows by class\",\"timeContextFromParameter\":\"time_range\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"piechart\"},\"customWidth\":\"50\",\"name\":\"Flows by class\",\"styleSettings\":{\"maxWidth\":\"50\"}},{\"type\":1,\"content\":{\"json\":\"### A service is indicated with a destination port and protocol, represented in the below graph as \\\"destination_port/protocol\\\"\",\"style\":\"info\"},\"name\":\"text - 7\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Illumio_Flow_Events_CL\\n| where (src_ip in ({src_ip}) or '*' in ({src_ip})) and (src_labels has_any ({src_label}) or '*' in ({src_label})) and (dst_labels has_any ({dst_label}) or '*' in ({dst_label})) and (dst_ip in ({dst_ip}) or '*' in ({dst_ip})) and (dst_port in ({dst_port}) or '*' in ({dst_port})) and (proto in ({protocol}) or '*' in ({protocol}))\\n| extend protocolName = case(\\n    proto == -1, \\\"all\\\",\\n    proto == 0, \\\"hopopt\\\",\\n    proto == 1, \\\"icmp\\\",\\n    proto == 2, \\\"igmp\\\",\\n    proto == 3, \\\"ggp\\\",\\n    proto == 4, \\\"ipv4\\\",\\n    proto == 5, \\\"st\\\",\\n    proto == 6, \\\"tcp\\\",\\n    proto == 7, \\\"cbt\\\",\\n    proto == 8, \\\"egp\\\",\\n    proto == 9, \\\"igp\\\",\\n    proto == 10, \\\"bbn-rcc-mon\\\",\\n    proto == 11, \\\"nvp-ii\\\",\\n    proto == 12, \\\"pup\\\",\\n    proto == 13, \\\"argus\\\",\\n    proto == 14, \\\"emcon\\\",\\n    proto == 15, \\\"xnet\\\",\\n    proto == 16, \\\"chaos\\\",\\n    proto == 17, \\\"udp\\\",\\n    proto == 18, \\\"mux\\\",\\n    proto == 19, \\\"dcn-meas\\\",\\n    proto == 20, \\\"hmp\\\",\\n    proto == 21, \\\"prm\\\",\\n    proto == 22, \\\"xns-idp\\\",\\n    proto == 23, \\\"trunk-1\\\",\\n    proto == 24, \\\"trunk-2\\\",\\n    proto == 25, \\\"leaf-1\\\",\\n    proto == 26, \\\"leaf-2\\\",\\n    proto == 27, \\\"rdp\\\",\\n    proto == 28, \\\"irtp\\\",\\n    proto == 29, \\\"iso-tp4\\\",\\n    proto == 30, \\\"netblt\\\",\\n    proto == 31, \\\"mfe-nsp\\\",\\n    proto == 32, \\\"merit-inp\\\",\\n    proto == 33, \\\"dccp\\\",\\n    proto == 34, \\\"3pc\\\",\\n    proto == 35, \\\"idpr\\\",\\n    proto == 36, \\\"xtp\\\",\\n    proto == 37, \\\"ddp\\\",\\n    proto == 38, \\\"idpr-cmtp\\\",\\n    proto == 39, \\\"tp++\\\",\\n    proto == 40, \\\"il\\\",\\n    proto == 41, \\\"ipv6\\\",\\n    proto == 42, \\\"sdrp\\\",\\n    proto == 43, \\\"ipv6-route\\\",\\n    proto == 44, \\\"ipv6-frag\\\",\\n    proto == 45, \\\"idrp\\\",\\n    proto == 46, \\\"rsvp\\\",\\n    proto == 47, \\\"gre\\\",\\n    proto == 48, \\\"dsr\\\",\\n    proto == 49, \\\"bna\\\",\\n    proto == 50, \\\"esp\\\",\\n    proto == 51, \\\"ah\\\",\\n    proto == 52, \\\"i-nlsp\\\",\\n    proto == 53, \\\"swipe\\\",\\n    proto == 54, \\\"narp\\\",\\n    proto == 55, \\\"mobile\\\",\\n    proto == 56, \\\"tlsp\\\",\\n    proto == 57, \\\"skip\\\",\\n    proto == 58, \\\"ipv6-icmp\\\",\\n    proto == 59, \\\"ipv6-nonxt\\\",\\n    proto == 60, \\\"ipv6-opts\\\",\\n    proto == 62, \\\"cftp\\\",\\n    proto == 64, \\\"sat-expak\\\",\\n    proto == 65, \\\"kryptolan\\\",\\n    proto == 66, \\\"rvd\\\",\\n    proto == 67, \\\"ippc\\\",\\n    proto == 69, \\\"sat-mon\\\",\\n    proto == 70, \\\"visa\\\",\\n    proto == 71, \\\"ipcv\\\",\\n    proto == 72, \\\"cpnx\\\",\\n    proto == 73, \\\"cphb\\\",\\n    proto == 74, \\\"wsn\\\",\\n    proto == 75, \\\"pvp\\\",\\n    proto == 76, \\\"br-sat-mon\\\",\\n    proto == 77, \\\"sun-nd\\\",\\n    proto == 78, \\\"wb-mon\\\",\\n    proto == 79, \\\"wb-expak\\\",\\n    proto == 80, \\\"iso-ip\\\",\\n    proto == 81, \\\"vmtp\\\",\\n    proto == 82, \\\"secure-vmtp\\\",\\n    proto == 83, \\\"vines\\\",\\n    proto == 84, \\\"iptm\\\",\\n    proto == 85, \\\"nsfnet-igp\\\",\\n    proto == 86, \\\"dgp\\\",\\n    proto == 87, \\\"tcf\\\",\\n    proto == 88, \\\"eigrp\\\",\\n    proto == 89, \\\"ospfigp\\\",\\n    proto == 90, \\\"sprite-rpc\\\",\\n    proto == 91, \\\"larp\\\",\\n    proto == 92, \\\"mtp\\\",\\n    proto == 93, \\\"ax.25\\\",\\n    proto == 94, \\\"ipip\\\",\\n    proto == 95, \\\"micp\\\",\\n    proto == 96, \\\"scc-sp\\\",\\n    proto == 97, \\\"etherip\\\",\\n    proto == 98, \\\"encap\\\",\\n    proto == 100, \\\"gmtp\\\",\\n    proto == 101, \\\"ifmp\\\",\\n    proto == 102, \\\"pnni\\\",\\n    proto == 103, \\\"pim\\\",\\n    proto == 104, \\\"aris\\\",\\n    proto == 105, \\\"scps\\\",\\n    proto == 106, \\\"qnx\\\",\\n    proto == 107, \\\"a/n\\\",\\n    proto == 108, \\\"ipcomp\\\",\\n    proto == 109, \\\"snp\\\",\\n    proto == 110, \\\"compaq-peer\\\",\\n    proto == 111, \\\"ipx-in-ip\\\",\\n    proto == 112, \\\"vrrp\\\",\\n    proto == 113, \\\"pgm\\\",\\n    proto == 115, \\\"l2tp\\\",\\n    proto == 116, \\\"ddx\\\",\\n    proto == 117, \\\"iatp\\\",\\n    proto == 118, \\\"stp\\\",\\n    proto == 119, \\\"srp\\\",\\n    proto == 120, \\\"uti\\\",\\n    proto == 121, \\\"smp\\\",\\n    proto == 122, \\\"sm\\\",\\n    proto == 123, \\\"ptp\\\",\\n    proto == 124, \\\"isis over ipv4\\\",\\n    proto == 125, \\\"fire\\\",\\n    proto == 126, \\\"crtp\\\",\\n    proto == 127, \\\"crudp\\\",\\n    proto == 128, \\\"sscopmce\\\",\\n    proto == 129, \\\"iplt\\\",\\n    proto == 130, \\\"sps\\\",\\n    proto == 131, \\\"pipe\\\",\\n    proto == 132, \\\"sctp\\\",\\n    proto == 133, \\\"fc\\\",\\n    proto == 134, \\\"rsvp-e2e-ignore\\\",\\n    proto == 135, \\\"mobility header\\\",\\n    proto == 136, \\\"udplite\\\",\\n    proto == 137, \\\"mpls-in-ip\\\",\\n    proto == 138, \\\"manet\\\",\\n    proto == 139, \\\"hip\\\",\\n    proto == 140, \\\"shim6\\\",\\n    proto == 141, \\\"wesp\\\",\\n    proto == 142, \\\"rohc\\\",\\n    proto == 143, \\\"ethernet\\\",\\n    proto == 144, \\\"aggfrag\\\",\\n    proto == 145, \\\"nsh\\\",\\n    proto >= 146 and proto <= 252, \\\"unknown\\\",\\n    proto == 253, \\\"unknown\\\",\\n    proto == 254, \\\"unknown\\\",\\n    proto == 255, \\\"reserved\\\",\\n    \\\"unknown\\\"\\n)\\n| extend service = strcat(dst_port, '/', protocolName)\\n| summarize service_count = count() by service\\n| top 5 by service_count\\n\",\"size\":0,\"title\":\"Top 5 Services by Flow Count\",\"color\":\"blue\",\"noDataMessage\":\"No services found\",\"timeContextFromParameter\":\"time_range\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"categoricalbar\",\"chartSettings\":{\"xAxis\":\"service\",\"yAxis\":[\"service_count\"],\"xSettings\":{\"label\":\"Destination Service\"},\"ySettings\":{\"label\":\"Count\"}}},\"name\":\"Top 5 Services by Flow Count\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Illumio_Flow_Events_CL\\n| where pd == 2 and (src_ip in ({src_ip}) or '*' in ({src_ip})) and (dst_ip in ({dst_ip}) or '*' in ({dst_ip})) and (src_labels has_any ({src_label}) or '*' in ({src_label})) and (dst_labels has_any ({dst_label}) or '*' in ({dst_label})) and (dst_port in ({dst_port}) or '*' in ({dst_port})) and (proto in ({protocol}) or '*' in ({protocol}))\\n| extend protocol = case(\\n    proto == -1, \\\"all\\\",\\n    proto == 0, \\\"hopopt\\\",\\n    proto == 1, \\\"icmp\\\",\\n    proto == 2, \\\"igmp\\\",\\n    proto == 3, \\\"ggp\\\",\\n    proto == 4, \\\"ipv4\\\",\\n    proto == 5, \\\"st\\\",\\n    proto == 6, \\\"tcp\\\",\\n    proto == 7, \\\"cbt\\\",\\n    proto == 8, \\\"egp\\\",\\n    proto == 9, \\\"igp\\\",\\n    proto == 10, \\\"bbn-rcc-mon\\\",\\n    proto == 11, \\\"nvp-ii\\\",\\n    proto == 12, \\\"pup\\\",\\n    proto == 13, \\\"argus\\\",\\n    proto == 14, \\\"emcon\\\",\\n    proto == 15, \\\"xnet\\\",\\n    proto == 16, \\\"chaos\\\",\\n    proto == 17, \\\"udp\\\",\\n    proto == 18, \\\"mux\\\",\\n    proto == 19, \\\"dcn-meas\\\",\\n    proto == 20, \\\"hmp\\\",\\n    proto == 21, \\\"prm\\\",\\n    proto == 22, \\\"xns-idp\\\",\\n    proto == 23, \\\"trunk-1\\\",\\n    proto == 24, \\\"trunk-2\\\",\\n    proto == 25, \\\"leaf-1\\\",\\n    proto == 26, \\\"leaf-2\\\",\\n    proto == 27, \\\"rdp\\\",\\n    proto == 28, \\\"irtp\\\",\\n    proto == 29, \\\"iso-tp4\\\",\\n    proto == 30, \\\"netblt\\\",\\n    proto == 31, \\\"mfe-nsp\\\",\\n    proto == 32, \\\"merit-inp\\\",\\n    proto == 33, \\\"dccp\\\",\\n    proto == 34, \\\"3pc\\\",\\n    proto == 35, \\\"idpr\\\",\\n    proto == 36, \\\"xtp\\\",\\n    proto == 37, \\\"ddp\\\",\\n    proto == 38, \\\"idpr-cmtp\\\",\\n    proto == 39, \\\"tp++\\\",\\n    proto == 40, \\\"il\\\",\\n    proto == 41, \\\"ipv6\\\",\\n    proto == 42, \\\"sdrp\\\",\\n    proto == 43, \\\"ipv6-route\\\",\\n    proto == 44, \\\"ipv6-frag\\\",\\n    proto == 45, \\\"idrp\\\",\\n    proto == 46, \\\"rsvp\\\",\\n    proto == 47, \\\"gre\\\",\\n    proto == 48, \\\"dsr\\\",\\n    proto == 49, \\\"bna\\\",\\n    proto == 50, \\\"esp\\\",\\n    proto == 51, \\\"ah\\\",\\n    proto == 52, \\\"i-nlsp\\\",\\n    proto == 53, \\\"swipe\\\",\\n    proto == 54, \\\"narp\\\",\\n    proto == 55, \\\"mobile\\\",\\n    proto == 56, \\\"tlsp\\\",\\n    proto == 57, \\\"skip\\\",\\n    proto == 58, \\\"ipv6-icmp\\\",\\n    proto == 59, \\\"ipv6-nonxt\\\",\\n    proto == 60, \\\"ipv6-opts\\\",\\n    proto == 62, \\\"cftp\\\",\\n    proto == 64, \\\"sat-expak\\\",\\n    proto == 65, \\\"kryptolan\\\",\\n    proto == 66, \\\"rvd\\\",\\n    proto == 67, \\\"ippc\\\",\\n    proto == 69, \\\"sat-mon\\\",\\n    proto == 70, \\\"visa\\\",\\n    proto == 71, \\\"ipcv\\\",\\n    proto == 72, \\\"cpnx\\\",\\n    proto == 73, \\\"cphb\\\",\\n    proto == 74, \\\"wsn\\\",\\n    proto == 75, \\\"pvp\\\",\\n    proto == 76, \\\"br-sat-mon\\\",\\n    proto == 77, \\\"sun-nd\\\",\\n    proto == 78, \\\"wb-mon\\\",\\n    proto == 79, \\\"wb-expak\\\",\\n    proto == 80, \\\"iso-ip\\\",\\n    proto == 81, \\\"vmtp\\\",\\n    proto == 82, \\\"secure-vmtp\\\",\\n    proto == 83, \\\"vines\\\",\\n    proto == 84, \\\"iptm\\\",\\n    proto == 85, \\\"nsfnet-igp\\\",\\n    proto == 86, \\\"dgp\\\",\\n    proto == 87, \\\"tcf\\\",\\n    proto == 88, \\\"eigrp\\\",\\n    proto == 89, \\\"ospfigp\\\",\\n    proto == 90, \\\"sprite-rpc\\\",\\n    proto == 91, \\\"larp\\\",\\n    proto == 92, \\\"mtp\\\",\\n    proto == 93, \\\"ax.25\\\",\\n    proto == 94, \\\"ipip\\\",\\n    proto == 95, \\\"micp\\\",\\n    proto == 96, \\\"scc-sp\\\",\\n    proto == 97, \\\"etherip\\\",\\n    proto == 98, \\\"encap\\\",\\n    proto == 100, \\\"gmtp\\\",\\n    proto == 101, \\\"ifmp\\\",\\n    proto == 102, \\\"pnni\\\",\\n    proto == 103, \\\"pim\\\",\\n    proto == 104, \\\"aris\\\",\\n    proto == 105, \\\"scps\\\",\\n    proto == 106, \\\"qnx\\\",\\n    proto == 107, \\\"a/n\\\",\\n    proto == 108, \\\"ipcomp\\\",\\n    proto == 109, \\\"snp\\\",\\n    proto == 110, \\\"compaq-peer\\\",\\n    proto == 111, \\\"ipx-in-ip\\\",\\n    proto == 112, \\\"vrrp\\\",\\n    proto == 113, \\\"pgm\\\",\\n    proto == 115, \\\"l2tp\\\",\\n    proto == 116, \\\"ddx\\\",\\n    proto == 117, \\\"iatp\\\",\\n    proto == 118, \\\"stp\\\",\\n    proto == 119, \\\"srp\\\",\\n    proto == 120, \\\"uti\\\",\\n    proto == 121, \\\"smp\\\",\\n    proto == 122, \\\"sm\\\",\\n    proto == 123, \\\"ptp\\\",\\n    proto == 124, \\\"isis over ipv4\\\",\\n    proto == 125, \\\"fire\\\",\\n    proto == 126, \\\"crtp\\\",\\n    proto == 127, \\\"crudp\\\",\\n    proto == 128, \\\"sscopmce\\\",\\n    proto == 129, \\\"iplt\\\",\\n    proto == 130, \\\"sps\\\",\\n    proto == 131, \\\"pipe\\\",\\n    proto == 132, \\\"sctp\\\",\\n    proto == 133, \\\"fc\\\",\\n    proto == 134, \\\"rsvp-e2e-ignore\\\",\\n    proto == 135, \\\"mobility header\\\",\\n    proto == 136, \\\"udplite\\\",\\n    proto == 137, \\\"mpls-in-ip\\\",\\n    proto == 138, \\\"manet\\\",\\n    proto == 139, \\\"hip\\\",\\n    proto == 140, \\\"shim6\\\",\\n    proto == 141, \\\"wesp\\\",\\n    proto == 142, \\\"rohc\\\",\\n    proto == 143, \\\"ethernet\\\",\\n    proto == 144, \\\"aggfrag\\\",\\n    proto == 145, \\\"nsh\\\",\\n    proto >= 146 and proto <= 252, \\\"unknown\\\",\\n    proto == 253, \\\"unknown\\\",\\n    proto == 254, \\\"unknown\\\",\\n    proto == 255, \\\"reserved\\\",\\n    \\\"unknown\\\"\\n)\\n| project TimeGenerated, src_ip, src_hostname, src_labels, dst_ip, dst_hostname, dst_port, dst_labels, protocol\\n\\n\",\"size\":0,\"title\":\"Blocked Traffic\",\"timeContextFromParameter\":\"time_range\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"Blocked Traffic\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Illumio_Flow_Events_CL\\n| where pd == 1 and (src_ip in ({src_ip}) or '*' in ({src_ip})) and (dst_ip in ({dst_ip}) or '*' in ({dst_ip})) and (src_labels has_any ({src_label}) or '*' in ({src_label})) and (dst_labels has_any ({dst_label}) or '*' in ({dst_label})) and (dst_port in ({dst_port}) or '*' in ({dst_port})) and (proto in ({protocol}) or '*' in ({protocol}))\\n| extend protocol = case(\\n    proto == -1, \\\"all\\\",\\n    proto == 0, \\\"hopopt\\\",\\n    proto == 1, \\\"icmp\\\",\\n    proto == 2, \\\"igmp\\\",\\n    proto == 3, \\\"ggp\\\",\\n    proto == 4, \\\"ipv4\\\",\\n    proto == 5, \\\"st\\\",\\n    proto == 6, \\\"tcp\\\",\\n    proto == 7, \\\"cbt\\\",\\n    proto == 8, \\\"egp\\\",\\n    proto == 9, \\\"igp\\\",\\n    proto == 10, \\\"bbn-rcc-mon\\\",\\n    proto == 11, \\\"nvp-ii\\\",\\n    proto == 12, \\\"pup\\\",\\n    proto == 13, \\\"argus\\\",\\n    proto == 14, \\\"emcon\\\",\\n    proto == 15, \\\"xnet\\\",\\n    proto == 16, \\\"chaos\\\",\\n    proto == 17, \\\"udp\\\",\\n    proto == 18, \\\"mux\\\",\\n    proto == 19, \\\"dcn-meas\\\",\\n    proto == 20, \\\"hmp\\\",\\n    proto == 21, \\\"prm\\\",\\n    proto == 22, \\\"xns-idp\\\",\\n    proto == 23, \\\"trunk-1\\\",\\n    proto == 24, \\\"trunk-2\\\",\\n    proto == 25, \\\"leaf-1\\\",\\n    proto == 26, \\\"leaf-2\\\",\\n    proto == 27, \\\"rdp\\\",\\n    proto == 28, \\\"irtp\\\",\\n    proto == 29, \\\"iso-tp4\\\",\\n    proto == 30, \\\"netblt\\\",\\n    proto == 31, \\\"mfe-nsp\\\",\\n    proto == 32, \\\"merit-inp\\\",\\n    proto == 33, \\\"dccp\\\",\\n    proto == 34, \\\"3pc\\\",\\n    proto == 35, \\\"idpr\\\",\\n    proto == 36, \\\"xtp\\\",\\n    proto == 37, \\\"ddp\\\",\\n    proto == 38, \\\"idpr-cmtp\\\",\\n    proto == 39, \\\"tp++\\\",\\n    proto == 40, \\\"il\\\",\\n    proto == 41, \\\"ipv6\\\",\\n    proto == 42, \\\"sdrp\\\",\\n    proto == 43, \\\"ipv6-route\\\",\\n    proto == 44, \\\"ipv6-frag\\\",\\n    proto == 45, \\\"idrp\\\",\\n    proto == 46, \\\"rsvp\\\",\\n    proto == 47, \\\"gre\\\",\\n    proto == 48, \\\"dsr\\\",\\n    proto == 49, \\\"bna\\\",\\n    proto == 50, \\\"esp\\\",\\n    proto == 51, \\\"ah\\\",\\n    proto == 52, \\\"i-nlsp\\\",\\n    proto == 53, \\\"swipe\\\",\\n    proto == 54, \\\"narp\\\",\\n    proto == 55, \\\"mobile\\\",\\n    proto == 56, \\\"tlsp\\\",\\n    proto == 57, \\\"skip\\\",\\n    proto == 58, \\\"ipv6-icmp\\\",\\n    proto == 59, \\\"ipv6-nonxt\\\",\\n    proto == 60, \\\"ipv6-opts\\\",\\n    proto == 62, \\\"cftp\\\",\\n    proto == 64, \\\"sat-expak\\\",\\n    proto == 65, \\\"kryptolan\\\",\\n    proto == 66, \\\"rvd\\\",\\n    proto == 67, \\\"ippc\\\",\\n    proto == 69, \\\"sat-mon\\\",\\n    proto == 70, \\\"visa\\\",\\n    proto == 71, \\\"ipcv\\\",\\n    proto == 72, \\\"cpnx\\\",\\n    proto == 73, \\\"cphb\\\",\\n    proto == 74, \\\"wsn\\\",\\n    proto == 75, \\\"pvp\\\",\\n    proto == 76, \\\"br-sat-mon\\\",\\n    proto == 77, \\\"sun-nd\\\",\\n    proto == 78, \\\"wb-mon\\\",\\n    proto == 79, \\\"wb-expak\\\",\\n    proto == 80, \\\"iso-ip\\\",\\n    proto == 81, \\\"vmtp\\\",\\n    proto == 82, \\\"secure-vmtp\\\",\\n    proto == 83, \\\"vines\\\",\\n    proto == 84, \\\"iptm\\\",\\n    proto == 85, \\\"nsfnet-igp\\\",\\n    proto == 86, \\\"dgp\\\",\\n    proto == 87, \\\"tcf\\\",\\n    proto == 88, \\\"eigrp\\\",\\n    proto == 89, \\\"ospfigp\\\",\\n    proto == 90, \\\"sprite-rpc\\\",\\n    proto == 91, \\\"larp\\\",\\n    proto == 92, \\\"mtp\\\",\\n    proto == 93, \\\"ax.25\\\",\\n    proto == 94, \\\"ipip\\\",\\n    proto == 95, \\\"micp\\\",\\n    proto == 96, \\\"scc-sp\\\",\\n    proto == 97, \\\"etherip\\\",\\n    proto == 98, \\\"encap\\\",\\n    proto == 100, \\\"gmtp\\\",\\n    proto == 101, \\\"ifmp\\\",\\n    proto == 102, \\\"pnni\\\",\\n    proto == 103, \\\"pim\\\",\\n    proto == 104, \\\"aris\\\",\\n    proto == 105, \\\"scps\\\",\\n    proto == 106, \\\"qnx\\\",\\n    proto == 107, \\\"a/n\\\",\\n    proto == 108, \\\"ipcomp\\\",\\n    proto == 109, \\\"snp\\\",\\n    proto == 110, \\\"compaq-peer\\\",\\n    proto == 111, \\\"ipx-in-ip\\\",\\n    proto == 112, \\\"vrrp\\\",\\n    proto == 113, \\\"pgm\\\",\\n    proto == 115, \\\"l2tp\\\",\\n    proto == 116, \\\"ddx\\\",\\n    proto == 117, \\\"iatp\\\",\\n    proto == 118, \\\"stp\\\",\\n    proto == 119, \\\"srp\\\",\\n    proto == 120, \\\"uti\\\",\\n    proto == 121, \\\"smp\\\",\\n    proto == 122, \\\"sm\\\",\\n    proto == 123, \\\"ptp\\\",\\n    proto == 124, \\\"isis over ipv4\\\",\\n    proto == 125, \\\"fire\\\",\\n    proto == 126, \\\"crtp\\\",\\n    proto == 127, \\\"crudp\\\",\\n    proto == 128, \\\"sscopmce\\\",\\n    proto == 129, \\\"iplt\\\",\\n    proto == 130, \\\"sps\\\",\\n    proto == 131, \\\"pipe\\\",\\n    proto == 132, \\\"sctp\\\",\\n    proto == 133, \\\"fc\\\",\\n    proto == 134, \\\"rsvp-e2e-ignore\\\",\\n    proto == 135, \\\"mobility header\\\",\\n    proto == 136, \\\"udplite\\\",\\n    proto == 137, \\\"mpls-in-ip\\\",\\n    proto == 138, \\\"manet\\\",\\n    proto == 139, \\\"hip\\\",\\n    proto == 140, \\\"shim6\\\",\\n    proto == 141, \\\"wesp\\\",\\n    proto == 142, \\\"rohc\\\",\\n    proto == 143, \\\"ethernet\\\",\\n    proto == 144, \\\"aggfrag\\\",\\n    proto == 145, \\\"nsh\\\",\\n    proto >= 146 and proto <= 252, \\\"unknown\\\",\\n    proto == 253, \\\"unknown\\\",\\n    proto == 254, \\\"unknown\\\",\\n    proto == 255, \\\"reserved\\\",\\n    \\\"unknown\\\"\\n)\\n| project TimeGenerated, src_ip, src_hostname, src_labels, dst_ip, dst_hostname, dst_port, dst_labels, protocol\\n\\n\",\"size\":0,\"title\":\"Potentially blocked traffic\",\"timeContextFromParameter\":\"time_range\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"Potentially blocked traffic\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Illumio_Flow_Events_CL\\n| where pd == 0 and  (src_ip in ({src_ip}) or '*' in ({src_ip})) and (dst_ip in ({dst_ip}) or '*' in ({dst_ip})) and (src_labels has_any ({src_label}) or '*' in ({src_label})) and (dst_labels has_any ({dst_label}) or '*' in ({dst_label})) and (dst_port in ({dst_port}) or '*' in ({dst_port})) and (proto in ({protocol}) or '*' in ({protocol}))\\n| extend protocol = case(\\n    proto == -1, \\\"all\\\",\\n    proto == 0, \\\"hopopt\\\",\\n    proto == 1, \\\"icmp\\\",\\n    proto == 2, \\\"igmp\\\",\\n    proto == 3, \\\"ggp\\\",\\n    proto == 4, \\\"ipv4\\\",\\n    proto == 5, \\\"st\\\",\\n    proto == 6, \\\"tcp\\\",\\n    proto == 7, \\\"cbt\\\",\\n    proto == 8, \\\"egp\\\",\\n    proto == 9, \\\"igp\\\",\\n    proto == 10, \\\"bbn-rcc-mon\\\",\\n    proto == 11, \\\"nvp-ii\\\",\\n    proto == 12, \\\"pup\\\",\\n    proto == 13, \\\"argus\\\",\\n    proto == 14, \\\"emcon\\\",\\n    proto == 15, \\\"xnet\\\",\\n    proto == 16, \\\"chaos\\\",\\n    proto == 17, \\\"udp\\\",\\n    proto == 18, \\\"mux\\\",\\n    proto == 19, \\\"dcn-meas\\\",\\n    proto == 20, \\\"hmp\\\",\\n    proto == 21, \\\"prm\\\",\\n    proto == 22, \\\"xns-idp\\\",\\n    proto == 23, \\\"trunk-1\\\",\\n    proto == 24, \\\"trunk-2\\\",\\n    proto == 25, \\\"leaf-1\\\",\\n    proto == 26, \\\"leaf-2\\\",\\n    proto == 27, \\\"rdp\\\",\\n    proto == 28, \\\"irtp\\\",\\n    proto == 29, \\\"iso-tp4\\\",\\n    proto == 30, \\\"netblt\\\",\\n    proto == 31, \\\"mfe-nsp\\\",\\n    proto == 32, \\\"merit-inp\\\",\\n    proto == 33, \\\"dccp\\\",\\n    proto == 34, \\\"3pc\\\",\\n    proto == 35, \\\"idpr\\\",\\n    proto == 36, \\\"xtp\\\",\\n    proto == 37, \\\"ddp\\\",\\n    proto == 38, \\\"idpr-cmtp\\\",\\n    proto == 39, \\\"tp++\\\",\\n    proto == 40, \\\"il\\\",\\n    proto == 41, \\\"ipv6\\\",\\n    proto == 42, \\\"sdrp\\\",\\n    proto == 43, \\\"ipv6-route\\\",\\n    proto == 44, \\\"ipv6-frag\\\",\\n    proto == 45, \\\"idrp\\\",\\n    proto == 46, \\\"rsvp\\\",\\n    proto == 47, \\\"gre\\\",\\n    proto == 48, \\\"dsr\\\",\\n    proto == 49, \\\"bna\\\",\\n    proto == 50, \\\"esp\\\",\\n    proto == 51, \\\"ah\\\",\\n    proto == 52, \\\"i-nlsp\\\",\\n    proto == 53, \\\"swipe\\\",\\n    proto == 54, \\\"narp\\\",\\n    proto == 55, \\\"mobile\\\",\\n    proto == 56, \\\"tlsp\\\",\\n    proto == 57, \\\"skip\\\",\\n    proto == 58, \\\"ipv6-icmp\\\",\\n    proto == 59, \\\"ipv6-nonxt\\\",\\n    proto == 60, \\\"ipv6-opts\\\",\\n    proto == 62, \\\"cftp\\\",\\n    proto == 64, \\\"sat-expak\\\",\\n    proto == 65, \\\"kryptolan\\\",\\n    proto == 66, \\\"rvd\\\",\\n    proto == 67, \\\"ippc\\\",\\n    proto == 69, \\\"sat-mon\\\",\\n    proto == 70, \\\"visa\\\",\\n    proto == 71, \\\"ipcv\\\",\\n    proto == 72, \\\"cpnx\\\",\\n    proto == 73, \\\"cphb\\\",\\n    proto == 74, \\\"wsn\\\",\\n    proto == 75, \\\"pvp\\\",\\n    proto == 76, \\\"br-sat-mon\\\",\\n    proto == 77, \\\"sun-nd\\\",\\n    proto == 78, \\\"wb-mon\\\",\\n    proto == 79, \\\"wb-expak\\\",\\n    proto == 80, \\\"iso-ip\\\",\\n    proto == 81, \\\"vmtp\\\",\\n    proto == 82, \\\"secure-vmtp\\\",\\n    proto == 83, \\\"vines\\\",\\n    proto == 84, \\\"iptm\\\",\\n    proto == 85, \\\"nsfnet-igp\\\",\\n    proto == 86, \\\"dgp\\\",\\n    proto == 87, \\\"tcf\\\",\\n    proto == 88, \\\"eigrp\\\",\\n    proto == 89, \\\"ospfigp\\\",\\n    proto == 90, \\\"sprite-rpc\\\",\\n    proto == 91, \\\"larp\\\",\\n    proto == 92, \\\"mtp\\\",\\n    proto == 93, \\\"ax.25\\\",\\n    proto == 94, \\\"ipip\\\",\\n    proto == 95, \\\"micp\\\",\\n    proto == 96, \\\"scc-sp\\\",\\n    proto == 97, \\\"etherip\\\",\\n    proto == 98, \\\"encap\\\",\\n    proto == 100, \\\"gmtp\\\",\\n    proto == 101, \\\"ifmp\\\",\\n    proto == 102, \\\"pnni\\\",\\n    proto == 103, \\\"pim\\\",\\n    proto == 104, \\\"aris\\\",\\n    proto == 105, \\\"scps\\\",\\n    proto == 106, \\\"qnx\\\",\\n    proto == 107, \\\"a/n\\\",\\n    proto == 108, \\\"ipcomp\\\",\\n    proto == 109, \\\"snp\\\",\\n    proto == 110, \\\"compaq-peer\\\",\\n    proto == 111, \\\"ipx-in-ip\\\",\\n    proto == 112, \\\"vrrp\\\",\\n    proto == 113, \\\"pgm\\\",\\n    proto == 115, \\\"l2tp\\\",\\n    proto == 116, \\\"ddx\\\",\\n    proto == 117, \\\"iatp\\\",\\n    proto == 118, \\\"stp\\\",\\n    proto == 119, \\\"srp\\\",\\n    proto == 120, \\\"uti\\\",\\n    proto == 121, \\\"smp\\\",\\n    proto == 122, \\\"sm\\\",\\n    proto == 123, \\\"ptp\\\",\\n    proto == 124, \\\"isis over ipv4\\\",\\n    proto == 125, \\\"fire\\\",\\n    proto == 126, \\\"crtp\\\",\\n    proto == 127, \\\"crudp\\\",\\n    proto == 128, \\\"sscopmce\\\",\\n    proto == 129, \\\"iplt\\\",\\n    proto == 130, \\\"sps\\\",\\n    proto == 131, \\\"pipe\\\",\\n    proto == 132, \\\"sctp\\\",\\n    proto == 133, \\\"fc\\\",\\n    proto == 134, \\\"rsvp-e2e-ignore\\\",\\n    proto == 135, \\\"mobility header\\\",\\n    proto == 136, \\\"udplite\\\",\\n    proto == 137, \\\"mpls-in-ip\\\",\\n    proto == 138, \\\"manet\\\",\\n    proto == 139, \\\"hip\\\",\\n    proto == 140, \\\"shim6\\\",\\n    proto == 141, \\\"wesp\\\",\\n    proto == 142, \\\"rohc\\\",\\n    proto == 143, \\\"ethernet\\\",\\n    proto == 144, \\\"aggfrag\\\",\\n    proto == 145, \\\"nsh\\\",\\n    proto >= 146 and proto <= 252, \\\"unknown\\\",\\n    proto == 253, \\\"unknown\\\",\\n    proto == 254, \\\"unknown\\\",\\n    proto == 255, \\\"reserved\\\",\\n    \\\"unknown\\\"\\n)\\n| project TimeGenerated, src_ip, src_hostname, src_labels, dst_ip, dst_hostname, dst_port, dst_labels, protocol\\n\",\"size\":0,\"title\":\"Allowed traffic\",\"timeContextFromParameter\":\"time_range\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"Allowed traffic\"}]},\"name\":\"Traffic Explorer\"}],\"fromTemplateId\":\"sentinel-FlowDataWorkbook\",\"$schema\":\"https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json\"}\n",
                 "version": "1.0",
                 "sourceId": "[variables('workspaceResourceId')]",
                 "category": "sentinel"
@@ -657,7 +678,7 @@
               },
               "properties": {
                 "displayName": "[parameters('workbook3-name')]",
-                "serializedData": "{\"version\":\"Notebook/1.0\",\"items\":[{\"type\":1,\"content\":{\"json\":\"### Illumio Workloads Stats\\n---\\n\\nThis workbook uses Illumio APIs to fetch workload details and presents stats.\"},\"name\":\"text - 2\"},{\"type\":11,\"content\":{\"version\":\"LinkItem/1.0\",\"style\":\"tabs\",\"tabStyle\":\"bigger\",\"links\":[{\"id\":\"4de2c193-277e-4f8e-88b5-2caac1676e2b\",\"cellValue\":\"Tab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Workload Operations\",\"subTarget\":\"0\",\"style\":\"link\",\"tabWidth\":\"500px\"},{\"id\":\"8b46c8dd-071a-4bd4-9d36-1247d8777702\",\"cellValue\":\"Tab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Workload Investigations\",\"subTarget\":\"1\",\"style\":\"link\",\"tabWidth\":\"500px\"}]},\"name\":\"links - 9\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"print workload_response = '{GETWorkloadsAPI}'\\n| project parse_json(workload_response)\\n| mv-apply workload_response on (\\n    where workload_response.managed == 'true' and isnotempty(workload_response.risk_summary)\\n    | project exposure_severity = workload_response.risk_summary.ransomware.workload_exposure_severity,\\n            protection_percentage = workload_response.risk_summary.ransomware.ransomware_protection_percent,\\n            updated_at = workload_response.risk_summary.ransomware.last_updated_at\\n    )\",\"size\":0,\"timeContext\":{\"durationMs\":86400000},\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"gridSettings\":{\"sortBy\":[{\"itemKey\":\"protection_percentage\",\"sortOrder\":2}]},\"sortBy\":[{\"itemKey\":\"protection_percentage\",\"sortOrder\":2}],\"tileSettings\":{\"showBorder\":false}},\"name\":\"query - 0\"}]},\"conditionalVisibility\":{\"parameterName\":\"Tab\",\"comparison\":\"isEqualTo\",\"value\":\"2\"},\"name\":\"Ransomware\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Illumio_Workloads_Summarized_API_CL\\n| order by TimeGenerated desc\\n| top 1 by TimeGenerated\\n| extend parsedJson = parse_json(vens_by_version)\\n| mv-expand keyValue = parsedJson\\n| extend version = tostring(bag_keys(keyValue)[0]), count_ = toint(keyValue[tostring(bag_keys(keyValue)[0])])\\n| project version, count_\",\"size\":3,\"title\":\"Workloads by VEN Version\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"piechart\",\"chartSettings\":{\"showMetrics\":false,\"showLegend\":true,\"ySettings\":{\"numberFormatSettings\":{\"unit\":0,\"options\":{\"style\":\"decimal\",\"useGrouping\":true,\"minimumIntegerDigits\":1}}}}},\"customWidth\":\"50\",\"name\":\"query - 5\",\"styleSettings\":{\"maxWidth\":\"50\"}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Illumio_Workloads_Summarized_API_CL\\n| order by TimeGenerated desc\\n| top 1 by TimeGenerated\\n| extend parsedJson = parse_json(vens_by_managed)\\n| mv-expand keyValue = parsedJson\\n| extend managed = tostring(bag_keys(keyValue)[0]), count_ = toint(keyValue[tostring(bag_keys(keyValue)[0])])\\n| project managed = iff(managed == 'true', 'Managed', 'Unmanaged'), count_\",\"size\":3,\"title\":\"Managed and Unmanaged workload counts\",\"noDataMessage\":\"No workloads\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"piechart\",\"chartSettings\":{\"showMetrics\":false,\"showLegend\":true,\"ySettings\":{\"numberFormatSettings\":{\"unit\":0,\"options\":{\"style\":\"decimal\",\"useGrouping\":true,\"minimumIntegerDigits\":1}}}}},\"customWidth\":\"50\",\"name\":\"query - 4\",\"styleSettings\":{\"maxWidth\":\"50\"}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Illumio_Workloads_Summarized_API_CL\\n| order by TimeGenerated desc\\n| top 1 by TimeGenerated\\n| extend parsedJson = parse_json(vens_by_type)\\n| mv-expand keyValue = parsedJson\\n| extend type = tostring(bag_keys(keyValue)[0]), count_ = toint(keyValue[tostring(bag_keys(keyValue)[0])])\\n| project type, count_\",\"size\":3,\"title\":\"VENs by type\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"piechart\",\"chartSettings\":{\"ySettings\":{\"numberFormatSettings\":{\"unit\":0,\"options\":{\"style\":\"decimal\",\"useGrouping\":true,\"minimumIntegerDigits\":1}}}}},\"customWidth\":\"50\",\"name\":\"query - 3\",\"styleSettings\":{\"maxWidth\":\"50\"}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Illumio_Workloads_Summarized_API_CL\\n| order by TimeGenerated desc\\n| top 1 by TimeGenerated\\n| extend parsedJson = parse_json(vens_by_os)\\n| mv-expand keyValue = parsedJson\\n| extend os = tostring(bag_keys(keyValue)[0]), count_ = toint(keyValue[tostring(bag_keys(keyValue)[0])])\\n| project os, count_\",\"size\":3,\"title\":\"Managed workloads by OS\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"piechart\",\"chartSettings\":{\"showMetrics\":false,\"showLegend\":true,\"ySettings\":{\"numberFormatSettings\":{\"unit\":0,\"options\":{\"style\":\"decimal\",\"useGrouping\":true,\"minimumIntegerDigits\":1}}}}},\"customWidth\":\"50\",\"name\":\"query - 6\",\"styleSettings\":{\"maxWidth\":\"50\"}}],\"exportParameters\":true},\"conditionalVisibility\":{\"parameterName\":\"Tab\",\"comparison\":\"isEqualTo\",\"value\":\"0\"},\"name\":\"WorkloadOperations\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Illumio_Workloads_Summarized_API_CL\\n| order by TimeGenerated desc\\n| top 1 by TimeGenerated\\n| extend parsedJson = parse_json(vens_by_enforcement_mode)\\n| mv-expand keyValue = parsedJson\\n| extend mode = tostring(bag_keys(keyValue)[0]), count_ = toint(keyValue[tostring(bag_keys(keyValue)[0])])\\n| project mode = case(mode == 'full', 'Full',\\n         mode == 'visibility_only', 'Visibility Only',\\n         mode == 'selective', \\\"Selective\\\",\\n        \\\"Idle\\\"), count_\\n\",\"size\":3,\"title\":\"Workloads by enforcement modes\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"piechart\",\"chartSettings\":{\"ySettings\":{\"numberFormatSettings\":{\"unit\":0,\"options\":{\"style\":\"decimal\",\"useGrouping\":true,\"minimumIntegerDigits\":1}}}}},\"customWidth\":\"50\",\"name\":\"query - 7\",\"styleSettings\":{\"maxWidth\":\"50\"}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Illumio_Workloads_Summarized_API_CL\\n| order by TimeGenerated desc\\n| top 1 by TimeGenerated\\n| extend parsedJson = parse_json(vens_by_status)\\n| mv-expand keyValue = parsedJson\\n| extend status = tostring(bag_keys(keyValue)[0]), count_ = toint(keyValue[tostring(bag_keys(keyValue)[0])])\\n| project status, count_\\n\",\"size\":3,\"title\":\"VENs by Status\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"piechart\",\"chartSettings\":{\"ySettings\":{\"numberFormatSettings\":{\"unit\":0,\"options\":{\"style\":\"decimal\",\"useGrouping\":true,\"minimumIntegerDigits\":1}}}}},\"customWidth\":\"50\",\"name\":\"query - 1\",\"styleSettings\":{\"maxWidth\":\"50\"}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Illumio_Workloads_Summarized_API_CL\\n| order by TimeGenerated desc\\n| top 1 by TimeGenerated\\n| extend parsedJson = parse_json(vens_by_sync_state)\\n| mv-expand keyValue = parsedJson\\n| extend sync_state = tostring(bag_keys(keyValue)[0]), count_ = toint(keyValue[tostring(bag_keys(keyValue)[0])])\\n| project sync_state, count_\\n\",\"size\":3,\"title\":\"VENs by synchronization state\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"piechart\",\"chartSettings\":{\"ySettings\":{\"numberFormatSettings\":{\"unit\":0,\"options\":{\"style\":\"decimal\",\"useGrouping\":true,\"minimumIntegerDigits\":1}}}}},\"name\":\"query - 2\"}]},\"conditionalVisibility\":{\"parameterName\":\"Tab\",\"comparison\":\"isEqualTo\",\"value\":\"1\"},\"name\":\"Workload Investigations\"}],\"fromTemplateId\":\"sentinel-apiWorkbook\",\"$schema\":\"https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json\"}\r\n",
+                "serializedData": "{\"version\":\"Notebook/1.0\",\"items\":[{\"type\":1,\"content\":{\"json\":\"### Illumio Workloads Stats\\n---\\n\\nThis workbook uses Illumio APIs to fetch workload details and presents stats.\"},\"name\":\"text - 2\"},{\"type\":11,\"content\":{\"version\":\"LinkItem/1.0\",\"style\":\"tabs\",\"tabStyle\":\"bigger\",\"links\":[{\"id\":\"4de2c193-277e-4f8e-88b5-2caac1676e2b\",\"cellValue\":\"Tab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Workload Operations\",\"subTarget\":\"0\",\"style\":\"link\",\"tabWidth\":\"500px\"},{\"id\":\"8b46c8dd-071a-4bd4-9d36-1247d8777702\",\"cellValue\":\"Tab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Workload Investigations\",\"subTarget\":\"1\",\"style\":\"link\",\"tabWidth\":\"500px\"}]},\"name\":\"links - 9\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"print workload_response = '{GETWorkloadsAPI}'\\n| project parse_json(workload_response)\\n| mv-apply workload_response on (\\n    where workload_response.managed == 'true' and isnotempty(workload_response.risk_summary)\\n    | project exposure_severity = workload_response.risk_summary.ransomware.workload_exposure_severity,\\n            protection_percentage = workload_response.risk_summary.ransomware.ransomware_protection_percent,\\n            updated_at = workload_response.risk_summary.ransomware.last_updated_at\\n    )\",\"size\":0,\"timeContext\":{\"durationMs\":86400000},\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"gridSettings\":{\"sortBy\":[{\"itemKey\":\"protection_percentage\",\"sortOrder\":2}]},\"sortBy\":[{\"itemKey\":\"protection_percentage\",\"sortOrder\":2}],\"tileSettings\":{\"showBorder\":false}},\"name\":\"query - 0\"}]},\"conditionalVisibility\":{\"parameterName\":\"Tab\",\"comparison\":\"isEqualTo\",\"value\":\"2\"},\"name\":\"Ransomware\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Illumio_Workloads_Summarized_API_CL\\n| order by TimeGenerated desc\\n| top 1 by TimeGenerated\\n| extend parsedJson = parse_json(vens_by_version)\\n| mv-expand keyValue = parsedJson\\n| extend version = tostring(bag_keys(keyValue)[0]), count_ = toint(keyValue[tostring(bag_keys(keyValue)[0])])\\n| project version, count_\",\"size\":3,\"title\":\"Workloads by VEN Version\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"piechart\",\"chartSettings\":{\"showMetrics\":false,\"showLegend\":true,\"ySettings\":{\"numberFormatSettings\":{\"unit\":0,\"options\":{\"style\":\"decimal\",\"useGrouping\":true,\"minimumIntegerDigits\":1}}}}},\"customWidth\":\"50\",\"name\":\"query - 5\",\"styleSettings\":{\"maxWidth\":\"50\"}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Illumio_Workloads_Summarized_API_CL\\n| order by TimeGenerated desc\\n| top 1 by TimeGenerated\\n| extend parsedJson = parse_json(vens_by_managed)\\n| mv-expand keyValue = parsedJson\\n| extend managed = tostring(bag_keys(keyValue)[0]), count_ = toint(keyValue[tostring(bag_keys(keyValue)[0])])\\n| project managed = iff(managed == 'true', 'Managed', 'Unmanaged'), count_\",\"size\":3,\"title\":\"Managed and Unmanaged workload counts\",\"noDataMessage\":\"No workloads\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"piechart\",\"chartSettings\":{\"showMetrics\":false,\"showLegend\":true,\"ySettings\":{\"numberFormatSettings\":{\"unit\":0,\"options\":{\"style\":\"decimal\",\"useGrouping\":true,\"minimumIntegerDigits\":1}}}}},\"customWidth\":\"50\",\"name\":\"query - 4\",\"styleSettings\":{\"maxWidth\":\"50\"}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Illumio_Workloads_Summarized_API_CL\\n| order by TimeGenerated desc\\n| top 1 by TimeGenerated\\n| extend parsedJson = parse_json(vens_by_type)\\n| mv-expand keyValue = parsedJson\\n| extend type = tostring(bag_keys(keyValue)[0]), count_ = toint(keyValue[tostring(bag_keys(keyValue)[0])])\\n| project type, count_\",\"size\":3,\"title\":\"VENs by type\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"piechart\",\"chartSettings\":{\"ySettings\":{\"numberFormatSettings\":{\"unit\":0,\"options\":{\"style\":\"decimal\",\"useGrouping\":true,\"minimumIntegerDigits\":1}}}}},\"customWidth\":\"50\",\"name\":\"query - 3\",\"styleSettings\":{\"maxWidth\":\"50\"}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Illumio_Workloads_Summarized_API_CL\\n| order by TimeGenerated desc\\n| top 1 by TimeGenerated\\n| extend parsedJson = parse_json(vens_by_os)\\n| mv-expand keyValue = parsedJson\\n| extend os = tostring(bag_keys(keyValue)[0]), count_ = toint(keyValue[tostring(bag_keys(keyValue)[0])])\\n| project os, count_\",\"size\":3,\"title\":\"Managed workloads by OS\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"piechart\",\"chartSettings\":{\"showMetrics\":false,\"showLegend\":true,\"ySettings\":{\"numberFormatSettings\":{\"unit\":0,\"options\":{\"style\":\"decimal\",\"useGrouping\":true,\"minimumIntegerDigits\":1}}}}},\"customWidth\":\"50\",\"name\":\"query - 6\",\"styleSettings\":{\"maxWidth\":\"50\"}}],\"exportParameters\":true},\"conditionalVisibility\":{\"parameterName\":\"Tab\",\"comparison\":\"isEqualTo\",\"value\":\"0\"},\"name\":\"WorkloadOperations\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Illumio_Workloads_Summarized_API_CL\\n| order by TimeGenerated desc\\n| top 1 by TimeGenerated\\n| extend parsedJson = parse_json(vens_by_enforcement_mode)\\n| mv-expand keyValue = parsedJson\\n| extend mode = tostring(bag_keys(keyValue)[0]), count_ = toint(keyValue[tostring(bag_keys(keyValue)[0])])\\n| project mode = case(mode == 'full', 'Full',\\n         mode == 'visibility_only', 'Visibility Only',\\n         mode == 'selective', \\\"Selective\\\",\\n        \\\"Idle\\\"), count_\\n\",\"size\":3,\"title\":\"Workloads by enforcement modes\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"piechart\",\"chartSettings\":{\"ySettings\":{\"numberFormatSettings\":{\"unit\":0,\"options\":{\"style\":\"decimal\",\"useGrouping\":true,\"minimumIntegerDigits\":1}}}}},\"customWidth\":\"50\",\"name\":\"query - 7\",\"styleSettings\":{\"maxWidth\":\"50\"}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Illumio_Workloads_Summarized_API_CL\\n| order by TimeGenerated desc\\n| top 1 by TimeGenerated\\n| extend parsedJson = parse_json(vens_by_status)\\n| mv-expand keyValue = parsedJson\\n| extend status = tostring(bag_keys(keyValue)[0]), count_ = toint(keyValue[tostring(bag_keys(keyValue)[0])])\\n| project status, count_\\n\",\"size\":3,\"title\":\"VENs by Status\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"piechart\",\"chartSettings\":{\"ySettings\":{\"numberFormatSettings\":{\"unit\":0,\"options\":{\"style\":\"decimal\",\"useGrouping\":true,\"minimumIntegerDigits\":1}}}}},\"customWidth\":\"50\",\"name\":\"query - 1\",\"styleSettings\":{\"maxWidth\":\"50\"}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Illumio_Workloads_Summarized_API_CL\\n| order by TimeGenerated desc\\n| top 1 by TimeGenerated\\n| extend parsedJson = parse_json(vens_by_sync_state)\\n| mv-expand keyValue = parsedJson\\n| extend sync_state = tostring(bag_keys(keyValue)[0]), count_ = toint(keyValue[tostring(bag_keys(keyValue)[0])])\\n| project sync_state, count_\\n\",\"size\":3,\"title\":\"VENs by synchronization state\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"piechart\",\"chartSettings\":{\"ySettings\":{\"numberFormatSettings\":{\"unit\":0,\"options\":{\"style\":\"decimal\",\"useGrouping\":true,\"minimumIntegerDigits\":1}}}}},\"name\":\"query - 2\"}]},\"conditionalVisibility\":{\"parameterName\":\"Tab\",\"comparison\":\"isEqualTo\",\"value\":\"1\"},\"name\":\"Workload Investigations\"}],\"fromTemplateId\":\"sentinel-apiWorkbook\",\"$schema\":\"https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json\"}\n",
                 "version": "1.0",
                 "sourceId": "[variables('workspaceResourceId')]",
                 "category": "sentinel"
@@ -743,7 +764,7 @@
                 "description": "Create Microsoft Sentinel Incident When Firewall Is Tampered With",
                 "displayName": "Illumio Firewall Tampering Analytic Rule",
                 "enabled": false,
-                "query": "Illumio_Auditable_Events_CL\n| where event_type has 'tampering'\n",
+                "query": "Illumio_Auditable_Events_CL\n | where event_type has 'tampering'\n | extend ipaddress = action.src_ip,\n           hostname = created_by.agent.hostname,\n           ven_href = created_by.ven.href\n | project-away resource_changes, action, version\n",
                 "queryFrequency": "PT60M",
                 "queryPeriod": "PT60M",
                 "severity": "Medium",
@@ -768,30 +789,30 @@
                 ],
                 "entityMappings": [
                   {
+                    "entityType": "Host",
                     "fieldMappings": [
                       {
-                        "columnName": "created_by",
-                        "identifier": "HostName"
+                        "identifier": "HostName",
+                        "columnName": "hostname"
                       }
-                    ],
-                    "entityType": "Host"
+                    ]
                   },
                   {
+                    "entityType": "IP",
                     "fieldMappings": [
                       {
-                        "columnName": "action",
-                        "identifier": "Address"
+                        "identifier": "Address",
+                        "columnName": "ipaddress"
                       }
-                    ],
-                    "entityType": "IP"
+                    ]
                   }
                 ],
                 "eventGroupingSettings": {
-                  "aggregationKind": "AlertPerResult"
+                  "aggregationKind": "SingleAlert"
                 },
                 "alertDetailsOverride": {
-                  "alertDisplayNameFormat": "Illumio Firewall Tamper Incident: {{IncidentId}}\n",
-                  "alertDescriptionFormat": "Illumio Firewall Tamper Incident {{IncidentId}} generated at {{TimeGenerated}}\n"
+                  "alertDescriptionFormat": "Illumio Firewall Tamper Incident {{IncidentId}} generated at {{TimeGenerated}}\n",
+                  "alertDisplayNameFormat": "Illumio Firewall Tamper Incident: {{IncidentId}}\n"
                 }
               }
             },
@@ -862,7 +883,7 @@
                 "description": "Create Microsoft Sentinel Incident When Ven Changes Enforcement State from Full/Selective To Idle/Visibility state",
                 "displayName": "Illumio Enforcement Change Analytic Rule",
                 "enabled": false,
-                "query": "let enf_state = dynamic([\"full\", \"selective\"]);\nlet visibility_state = dynamic([\"visibility\", \"idle\"]);\nIllumio_Auditable_Events_CL\n| extend temp_resource_changes = parse_json(resource_changes)[0]\n| where event_type == 'workloads.update' \n| extend old_mode = temp_resource_changes.changes.enforcement_mode.before,\n        new_mode = temp_resource_changes.changes.enforcement_mode.after,\n        workload_href = temp_resource_changes.resource.workload.href,\n        workload_name = temp_resource_changes.resource.workload.hostname\n| where new_mode in (visibility_state) and old_mode in (enf_state)\n| project-away temp_*\n| project old_mode, new_mode, workload_href, workload_name, TimeGenerated, created_by\n",
+                "query": "let enf_state = dynamic([\"full\", \"selective\"]);\nlet visibility_state = dynamic([\"visibility\", \"idle\"]);\nIllumio_Auditable_Events_CL\n| extend temp_resource_changes = parse_json(resource_changes)[0]\n| where event_type == 'workloads.update' \n| extend old_mode = temp_resource_changes.changes.enforcement_mode.before,\n        new_mode = temp_resource_changes.changes.enforcement_mode.after,\n        workload_href = temp_resource_changes.resource.workload.href,\n        workload_name = temp_resource_changes.resource.workload.hostname,\n        ipaddress = action.src_ip\n| where new_mode in (visibility_state) and old_mode in (enf_state)\n| project-away temp_*\n| project old_mode, new_mode, workload_href, workload_name, TimeGenerated, created_by, ipaddress\n",
                 "queryFrequency": "PT60M",
                 "queryPeriod": "PT60M",
                 "severity": "Medium",
@@ -887,30 +908,39 @@
                 ],
                 "entityMappings": [
                   {
+                    "entityType": "Host",
                     "fieldMappings": [
                       {
-                        "columnName": "workload_name",
-                        "identifier": "HostName"
+                        "identifier": "HostName",
+                        "columnName": "workload_name"
                       }
-                    ],
-                    "entityType": "Host"
+                    ]
                   },
                   {
+                    "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "columnName": "created_by",
-                        "identifier": "Name"
+                        "identifier": "Name",
+                        "columnName": "created_by"
                       }
-                    ],
-                    "entityType": "Account"
+                    ]
+                  },
+                  {
+                    "entityType": "IP",
+                    "fieldMappings": [
+                      {
+                        "identifier": "Address",
+                        "columnName": "ipaddress"
+                      }
+                    ]
                   }
                 ],
                 "eventGroupingSettings": {
-                  "aggregationKind": "AlertPerResult"
+                  "aggregationKind": "SingleAlert"
                 },
                 "alertDetailsOverride": {
-                  "alertDisplayNameFormat": "Illumio Enforcement Change Incident: {{IncidentId}}\n",
-                  "alertDescriptionFormat": "Illumio Enforcement Change Incident {{IncidentId}} generated at {{TimeGenerated}}\n"
+                  "alertDescriptionFormat": "Illumio Enforcement Change Incident {{IncidentId}} generated at {{TimeGenerated}}\n",
+                  "alertDisplayNameFormat": "Illumio Enforcement Change Incident: {{IncidentId}}\n"
                 }
               }
             },
@@ -981,7 +1011,7 @@
                 "description": "Create Microsoft Sentinel Incident When Ven Goes Into Offline state",
                 "displayName": "Illumio VEN Offline Detection Rule",
                 "enabled": false,
-                "query": "Illumio_Auditable_Events_CL\n| where event_type has 'agent_offline_check'\n",
+                "query": "Illumio_Auditable_Events_CL\n| where event_type has 'agent_offline_check'\n| mv-expand resource_changes\n| extend hostname = resource_changes['resource']['workload']['hostname'],\n    workload_href = resource_changes['resource']['workload']['href'],\n    workload_labels = resource_changes['resource']['workload']['labels']\n| project-away resource_changes, version, notifications, action, severity, status // action field will have filtered ip addr, so no point of using IP entity\n",
                 "queryFrequency": "PT60M",
                 "queryPeriod": "PT60M",
                 "severity": "High",
@@ -1006,21 +1036,21 @@
                 ],
                 "entityMappings": [
                   {
+                    "entityType": "Host",
                     "fieldMappings": [
                       {
-                        "columnName": "resource_changes",
-                        "identifier": "HostName"
+                        "identifier": "HostName",
+                        "columnName": "hostname"
                       }
-                    ],
-                    "entityType": "Host"
+                    ]
                   }
                 ],
                 "eventGroupingSettings": {
-                  "aggregationKind": "AlertPerResult"
+                  "aggregationKind": "SingleAlert"
                 },
                 "alertDetailsOverride": {
-                  "alertDisplayNameFormat": "Illumio VEN Offline Incident: {{IncidentId}}\n",
-                  "alertDescriptionFormat": "Illumio VEN Offline Incident {{IncidentId}} generated at {{TimeGenerated}}\n"
+                  "alertDescriptionFormat": "Illumio VEN Offline Incident {{IncidentId}} generated at {{TimeGenerated}}\n",
+                  "alertDisplayNameFormat": "Illumio VEN Offline Incident: {{IncidentId}}\n"
                 }
               }
             },
@@ -1065,6 +1095,354 @@
         "version": "[variables('analyticRuleObject3').analyticRuleVersion3]"
       }
     },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[variables('analyticRuleObject4').analyticRuleTemplateSpecName4]",
+      "location": "[parameters('workspace-location')]",
+      "dependsOn": [
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
+      ],
+      "properties": {
+        "description": "Illumio_VEN_Clone_Detection_Query_AnalyticalRules Analytics Rule with template version 3.2.0",
+        "mainTemplate": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "[variables('analyticRuleObject4').analyticRuleVersion4]",
+          "parameters": {},
+          "variables": {},
+          "resources": [
+            {
+              "type": "Microsoft.SecurityInsights/AlertRuleTemplates",
+              "name": "[variables('analyticRuleObject4')._analyticRulecontentId4]",
+              "apiVersion": "2023-02-01-preview",
+              "kind": "Scheduled",
+              "location": "[parameters('workspace-location')]",
+              "properties": {
+                "description": "Create Microsoft Sentinel Incident When Ven Goes Into Offline state",
+                "displayName": "Illumio VEN Offline Detection Rule",
+                "enabled": false,
+                "query": "Illumio_Auditable_Events_CL\n| where event_type has 'agent.clone_detected'\n| extend hostname = created_by.agent.hostname\n        ven_href = created_by.ven.href\n",
+                "queryFrequency": "PT60M",
+                "queryPeriod": "PT60M",
+                "severity": "High",
+                "suppressionDuration": "PT1H",
+                "suppressionEnabled": false,
+                "triggerOperator": "GreaterThan",
+                "triggerThreshold": 0,
+                "status": "Available",
+                "requiredDataConnectors": [
+                  {
+                    "dataTypes": [
+                      "Illumio_Auditable_Events_CL"
+                    ],
+                    "connectorId": "IllumioSaaSDataConnector"
+                  }
+                ],
+                "tactics": [
+                  "DefenseEvasion"
+                ],
+                "techniques": [
+                  "T1562"
+                ],
+                "entityMappings": [
+                  {
+                    "entityType": "Host",
+                    "fieldMappings": [
+                      {
+                        "identifier": "HostName",
+                        "columnName": "hostname"
+                      }
+                    ]
+                  }
+                ],
+                "eventGroupingSettings": {
+                  "aggregationKind": "SingleAlert"
+                },
+                "alertDetailsOverride": {
+                  "alertDescriptionFormat": "Illumio VEN Clone Detection {{IncidentId}} generated at {{TimeGenerated}}\n",
+                  "alertDisplayNameFormat": "Illumio VEN Clone Detection Incident: {{IncidentId}}\n"
+                }
+              }
+            },
+            {
+              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+              "apiVersion": "2022-01-01-preview",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleObject4').analyticRuleId4,'/'))))]",
+              "properties": {
+                "description": "IllumioSaaS Analytics Rule 4",
+                "parentId": "[variables('analyticRuleObject4').analyticRuleId4]",
+                "contentId": "[variables('analyticRuleObject4')._analyticRulecontentId4]",
+                "kind": "AnalyticsRule",
+                "version": "[variables('analyticRuleObject4').analyticRuleVersion4]",
+                "source": {
+                  "kind": "Solution",
+                  "name": "IllumioSaaS",
+                  "sourceId": "[variables('_solutionId')]"
+                },
+                "author": {
+                  "name": "app-integrations@illumio.com"
+                },
+                "support": {
+                  "name": "Illumio",
+                  "email": "app-integrations@illumio.com",
+                  "tier": "Partner",
+                  "link": "https://www.illumio.com/support/support"
+                }
+              }
+            }
+          ]
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('analyticRuleObject4')._analyticRulecontentId4]",
+        "contentKind": "AnalyticsRule",
+        "displayName": "Illumio VEN Offline Detection Rule",
+        "contentProductId": "[variables('analyticRuleObject4')._analyticRulecontentProductId4]",
+        "id": "[variables('analyticRuleObject4')._analyticRulecontentProductId4]",
+        "version": "[variables('analyticRuleObject4').analyticRuleVersion4]"
+      }
+    },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[variables('analyticRuleObject5').analyticRuleTemplateSpecName5]",
+      "location": "[parameters('workspace-location')]",
+      "dependsOn": [
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
+      ],
+      "properties": {
+        "description": "Illumio_VEN_Deactivated_Query_AnalyticalRules Analytics Rule with template version 3.2.0",
+        "mainTemplate": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "[variables('analyticRuleObject5').analyticRuleVersion5]",
+          "parameters": {},
+          "variables": {},
+          "resources": [
+            {
+              "type": "Microsoft.SecurityInsights/AlertRuleTemplates",
+              "name": "[variables('analyticRuleObject5')._analyticRulecontentId5]",
+              "apiVersion": "2023-02-01-preview",
+              "kind": "Scheduled",
+              "location": "[parameters('workspace-location')]",
+              "properties": {
+                "description": "Create Microsoft Sentinel Incident When Ven Goes Into Offline state",
+                "displayName": "Illumio VEN Offline Detection Rule",
+                "enabled": false,
+                "query": "Illumio_Auditable_Events_CL\n| where event_type has 'agent.deactivate'\n| mv-expand resource_changes\n| mv-expand resource_changes\n| extend hostname = resource_changes['resource']['workload']['hostname'],\n    workload_href = resource_changes['resource']['workload']['href'],\n    workload_labels = resource_changes['resource']['workload']['labels']\n| extend ipaddress = action.src_ip,       \n      ven_href = created_by.ven.href\n| project-away resource_changes, action, version \n",
+                "queryFrequency": "PT60M",
+                "queryPeriod": "PT60M",
+                "severity": "High",
+                "suppressionDuration": "PT1H",
+                "suppressionEnabled": false,
+                "triggerOperator": "GreaterThan",
+                "triggerThreshold": 0,
+                "status": "Available",
+                "requiredDataConnectors": [
+                  {
+                    "dataTypes": [
+                      "Illumio_Auditable_Events_CL"
+                    ],
+                    "connectorId": "IllumioSaaSDataConnector"
+                  }
+                ],
+                "tactics": [
+                  "DefenseEvasion"
+                ],
+                "techniques": [
+                  "T1562"
+                ],
+                "entityMappings": [
+                  {
+                    "entityType": "Host",
+                    "fieldMappings": [
+                      {
+                        "identifier": "HostName",
+                        "columnName": "hostname"
+                      }
+                    ]
+                  },
+                  {
+                    "entityType": "IP",
+                    "fieldMappings": [
+                      {
+                        "identifier": "Address",
+                        "columnName": "ipaddress"
+                      }
+                    ]
+                  }
+                ],
+                "eventGroupingSettings": {
+                  "aggregationKind": "SingleAlert"
+                },
+                "alertDetailsOverride": {
+                  "alertDescriptionFormat": "Illumio VEN Deactivated Incident {{IncidentId}} generated at {{TimeGenerated}}\n",
+                  "alertDisplayNameFormat": "Illumio VEN Deactivated Incident: {{IncidentId}}\n"
+                }
+              }
+            },
+            {
+              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+              "apiVersion": "2022-01-01-preview",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleObject5').analyticRuleId5,'/'))))]",
+              "properties": {
+                "description": "IllumioSaaS Analytics Rule 5",
+                "parentId": "[variables('analyticRuleObject5').analyticRuleId5]",
+                "contentId": "[variables('analyticRuleObject5')._analyticRulecontentId5]",
+                "kind": "AnalyticsRule",
+                "version": "[variables('analyticRuleObject5').analyticRuleVersion5]",
+                "source": {
+                  "kind": "Solution",
+                  "name": "IllumioSaaS",
+                  "sourceId": "[variables('_solutionId')]"
+                },
+                "author": {
+                  "name": "app-integrations@illumio.com"
+                },
+                "support": {
+                  "name": "Illumio",
+                  "email": "app-integrations@illumio.com",
+                  "tier": "Partner",
+                  "link": "https://www.illumio.com/support/support"
+                }
+              }
+            }
+          ]
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('analyticRuleObject5')._analyticRulecontentId5]",
+        "contentKind": "AnalyticsRule",
+        "displayName": "Illumio VEN Offline Detection Rule",
+        "contentProductId": "[variables('analyticRuleObject5')._analyticRulecontentProductId5]",
+        "id": "[variables('analyticRuleObject5')._analyticRulecontentProductId5]",
+        "version": "[variables('analyticRuleObject5').analyticRuleVersion5]"
+      }
+    },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[variables('analyticRuleObject6').analyticRuleTemplateSpecName6]",
+      "location": "[parameters('workspace-location')]",
+      "dependsOn": [
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
+      ],
+      "properties": {
+        "description": "Illumio_VEN_Suspend_Query_AnalyticalRules Analytics Rule with template version 3.2.0",
+        "mainTemplate": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "[variables('analyticRuleObject6').analyticRuleVersion6]",
+          "parameters": {},
+          "variables": {},
+          "resources": [
+            {
+              "type": "Microsoft.SecurityInsights/AlertRuleTemplates",
+              "name": "[variables('analyticRuleObject6')._analyticRulecontentId6]",
+              "apiVersion": "2023-02-01-preview",
+              "kind": "Scheduled",
+              "location": "[parameters('workspace-location')]",
+              "properties": {
+                "description": "Create Microsoft Sentinel Incident When Ven Goes Into Offline state",
+                "displayName": "Illumio VEN Offline Detection Rule",
+                "enabled": false,
+                "query": "Illumio_Auditable_Events_CL\n| where event_type has 'agent.suspend'\n| extend ipaddress = action.src_ip,\n      hostname = created_by.agent.hostname\n| project-away resource_changes, action, version        \n",
+                "queryFrequency": "PT60M",
+                "queryPeriod": "PT60M",
+                "severity": "High",
+                "suppressionDuration": "PT1H",
+                "suppressionEnabled": false,
+                "triggerOperator": "GreaterThan",
+                "triggerThreshold": 0,
+                "status": "Available",
+                "requiredDataConnectors": [
+                  {
+                    "dataTypes": [
+                      "Illumio_Auditable_Events_CL"
+                    ],
+                    "connectorId": "IllumioSaaSDataConnector"
+                  }
+                ],
+                "tactics": [
+                  "DefenseEvasion"
+                ],
+                "techniques": [
+                  "T1562"
+                ],
+                "entityMappings": [
+                  {
+                    "entityType": "Host",
+                    "fieldMappings": [
+                      {
+                        "identifier": "HostName",
+                        "columnName": "hostname"
+                      }
+                    ]
+                  },
+                  {
+                    "entityType": "IP",
+                    "fieldMappings": [
+                      {
+                        "identifier": "Address",
+                        "columnName": "ipaddress"
+                      }
+                    ]
+                  }
+                ],
+                "eventGroupingSettings": {
+                  "aggregationKind": "SingleAlert"
+                },
+                "alertDetailsOverride": {
+                  "alertDescriptionFormat": "Illumio VEN Suspended Incident {{IncidentId}} generated at {{TimeGenerated}}\n",
+                  "alertDisplayNameFormat": "Illumio VEN Suspended Incident: {{IncidentId}}\n"
+                }
+              }
+            },
+            {
+              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+              "apiVersion": "2022-01-01-preview",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleObject6').analyticRuleId6,'/'))))]",
+              "properties": {
+                "description": "IllumioSaaS Analytics Rule 6",
+                "parentId": "[variables('analyticRuleObject6').analyticRuleId6]",
+                "contentId": "[variables('analyticRuleObject6')._analyticRulecontentId6]",
+                "kind": "AnalyticsRule",
+                "version": "[variables('analyticRuleObject6').analyticRuleVersion6]",
+                "source": {
+                  "kind": "Solution",
+                  "name": "IllumioSaaS",
+                  "sourceId": "[variables('_solutionId')]"
+                },
+                "author": {
+                  "name": "app-integrations@illumio.com"
+                },
+                "support": {
+                  "name": "Illumio",
+                  "email": "app-integrations@illumio.com",
+                  "tier": "Partner",
+                  "link": "https://www.illumio.com/support/support"
+                }
+              }
+            }
+          ]
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('analyticRuleObject6')._analyticRulecontentId6]",
+        "contentKind": "AnalyticsRule",
+        "displayName": "Illumio VEN Offline Detection Rule",
+        "contentProductId": "[variables('analyticRuleObject6')._analyticRulecontentProductId6]",
+        "id": "[variables('analyticRuleObject6')._analyticRulecontentProductId6]",
+        "version": "[variables('analyticRuleObject6').analyticRuleVersion6]"
+      }
+    },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/contentPackages",
       "apiVersion": "2023-04-01-preview",
@@ -1075,7 +1453,7 @@
         "contentSchemaVersion": "3.0.0",
         "displayName": "IllumioSaaS",
         "publisherDisplayName": "Illumio",
-        "descriptionHtml": "<p><strong>Note:</strong> Please refer to the following before installing the solution:</p>\n<p>• Review the solution <a href=\"https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/IllumioSaaS/ReleaseNotes.md\">Release Notes</a></p>\n<p>• There may be <a href=\"https://aka.ms/sentinelsolutionsknownissues\">known issues</a> pertaining to this Solution, please refer to them before installing.</p>\n<p><a href=\"https://www.illumio.com/\">IllumioSaaS</a> solution provides ability to ingest auditable and flow events from AWS S3 bucket.</p>\n<p><strong>Data Connectors:</strong> 1, <strong>Workbooks:</strong> 3, <strong>Analytic Rules:</strong> 3</p>\n<p><a href=\"https://aka.ms/azuresentinel\">Learn more about Microsoft Sentinel</a> | <a href=\"https://aka.ms/azuresentinelsolutionsdoc\">Learn more about Solutions</a></p>\n",
+        "descriptionHtml": "<p><strong>Note:</strong> Please refer to the following before installing the solution:</p>\n<p>• Review the solution <a href=\"https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/IllumioSaaS/ReleaseNotes.md\">Release Notes</a></p>\n<p>• There may be <a href=\"https://aka.ms/sentinelsolutionsknownissues\">known issues</a> pertaining to this Solution, please refer to them before installing.</p>\n<p><a href=\"https://www.illumio.com/\">IllumioSaaS</a> solution provides ability to ingest auditable and flow events from AWS S3 bucket.</p>\n<p><strong>Data Connectors:</strong> 1, <strong>Workbooks:</strong> 3, <strong>Analytic Rules:</strong> 6</p>\n<p><a href=\"https://aka.ms/azuresentinel\">Learn more about Microsoft Sentinel</a> | <a href=\"https://aka.ms/azuresentinelsolutionsdoc\">Learn more about Solutions</a></p>\n",
         "contentKind": "Solution",
         "contentProductId": "[variables('_solutioncontentProductId')]",
         "id": "[variables('_solutioncontentProductId')]",
@@ -1133,6 +1511,21 @@
               "kind": "AnalyticsRule",
               "contentId": "[variables('analyticRuleObject3')._analyticRulecontentId3]",
               "version": "[variables('analyticRuleObject3').analyticRuleVersion3]"
+            },
+            {
+              "kind": "AnalyticsRule",
+              "contentId": "[variables('analyticRuleObject4')._analyticRulecontentId4]",
+              "version": "[variables('analyticRuleObject4').analyticRuleVersion4]"
+            },
+            {
+              "kind": "AnalyticsRule",
+              "contentId": "[variables('analyticRuleObject5')._analyticRulecontentId5]",
+              "version": "[variables('analyticRuleObject5').analyticRuleVersion5]"
+            },
+            {
+              "kind": "AnalyticsRule",
+              "contentId": "[variables('analyticRuleObject6')._analyticRulecontentId6]",
+              "version": "[variables('analyticRuleObject6').analyticRuleVersion6]"
             }
           ]
         },
diff --git a/Solutions/IllumioSaaS/data/Solution_IllumioSaaS.json b/Solutions/IllumioSaaS/data/Solution_IllumioSaaS.json
index fcba9bda4d1..1f0eea09450 100644
--- a/Solutions/IllumioSaaS/data/Solution_IllumioSaaS.json
+++ b/Solutions/IllumioSaaS/data/Solution_IllumioSaaS.json
@@ -14,7 +14,10 @@
     "Analytic Rules": [
         "Analytic Rules/Illumio_Firewall_Tampering_Detection_Query.yaml",
         "Analytic Rules/Illumio_VEN_Enforcement_Change_Detection_Query.yaml",
-        "Analytic Rules/Illumio_VEN_Offline_Detection_Query.yaml"
+        "Analytic Rules/Illumio_VEN_Offline_Detection_Query.yaml",
+        "Analytic Rules/Illumio_VEN_Clone_Detection_Query.yaml",
+        "Analytic Rules/Illumio_VEN_Deactivated_Query.yaml",
+        "Analytic Rules/Illumio_VEN_Suspend_Query.yaml"
     ],    
     "BasePath": "C:\\GitHub\\Azure-Sentinel\\Solutions\\IllumioSaaS",
     "Version": "3.2.0",

From 0740f560eb18ad6f605195261dd6ae883bf32ab2 Mon Sep 17 00:00:00 2001
From: ashwin <ashwin.venkatesha@illumio.com>
Date: Mon, 7 Oct 2024 10:15:50 -0700
Subject: [PATCH 02/11] fix ids

---
 .../Illumio_VEN_Deactivated_Query.yaml        |   2 +-
 .../Illumio_VEN_Offline_Detection_Query.yaml  |   2 +-
 .../Illumio_VEN_Suspend_Query.yaml            |   2 +-
 Solutions/IllumioSaaS/Package/3.2.0.zip       | Bin 18691 -> 18825 bytes
 .../IllumioSaaS/Package/mainTemplate.json     |  24 +++++++++---------
 5 files changed, 15 insertions(+), 15 deletions(-)

diff --git a/Solutions/IllumioSaaS/Analytic Rules/Illumio_VEN_Deactivated_Query.yaml b/Solutions/IllumioSaaS/Analytic Rules/Illumio_VEN_Deactivated_Query.yaml
index c922cf1c2e8..34e70b9c0b1 100644
--- a/Solutions/IllumioSaaS/Analytic Rules/Illumio_VEN_Deactivated_Query.yaml	
+++ b/Solutions/IllumioSaaS/Analytic Rules/Illumio_VEN_Deactivated_Query.yaml	
@@ -1,4 +1,4 @@
-id: ec07fcd3-724f-426d-9f53-041801ca5f6c
+id: c18bd8c2-50f0-4aa2-8122-d449243627d7
 name: Illumio VEN Offline Detection Rule
 description: |
   'Create Microsoft Sentinel Incident When Ven Goes Into Offline state'
diff --git a/Solutions/IllumioSaaS/Analytic Rules/Illumio_VEN_Offline_Detection_Query.yaml b/Solutions/IllumioSaaS/Analytic Rules/Illumio_VEN_Offline_Detection_Query.yaml
index 8d6ad837515..3d9ff5f2135 100644
--- a/Solutions/IllumioSaaS/Analytic Rules/Illumio_VEN_Offline_Detection_Query.yaml	
+++ b/Solutions/IllumioSaaS/Analytic Rules/Illumio_VEN_Offline_Detection_Query.yaml	
@@ -1,4 +1,4 @@
-id: ec07fcd3-724f-426d-9f53-041801ca5f6c
+id: 93e40501-f737-4281-9df9-505aa773d983
 name: Illumio VEN Offline Detection Rule
 description: |
   'Create Microsoft Sentinel Incident When Ven Goes Into Offline state'
diff --git a/Solutions/IllumioSaaS/Analytic Rules/Illumio_VEN_Suspend_Query.yaml b/Solutions/IllumioSaaS/Analytic Rules/Illumio_VEN_Suspend_Query.yaml
index 7db0cada50c..856c6bbb123 100644
--- a/Solutions/IllumioSaaS/Analytic Rules/Illumio_VEN_Suspend_Query.yaml	
+++ b/Solutions/IllumioSaaS/Analytic Rules/Illumio_VEN_Suspend_Query.yaml	
@@ -1,4 +1,4 @@
-id: ec07fcd3-724f-426d-9f53-041801ca5f6c
+id: 7379f752-18a2-43ca-8b74-70747dd792f8
 name: Illumio VEN Offline Detection Rule
 description: |
   'Create Microsoft Sentinel Incident When Ven Goes Into Offline state'
diff --git a/Solutions/IllumioSaaS/Package/3.2.0.zip b/Solutions/IllumioSaaS/Package/3.2.0.zip
index bd50f128bad28a665d055733258f7a33d69c3d4f..93e47f4344d4b46e8f69a060ba5b1754ebd5fc41 100644
GIT binary patch
delta 16665
zcmX_mV^}6o^LMswx7oI9b8WV5yF1&p*|u%lc5TL;+l>D{&--4_r!&{!H*?PUFz3un
za1v-_GAN>wEI0%P2nYxa$eprO1ELcQ+`m=pLTUF(PB=LNh6KRbxc~eCr+<2#xTBHs
zx4D`khfP6<b@$O`Q^EOZT^~_Gl(mlL7b#7bfPkO{VCt*+lTs%X8a63FT;Su(-uqg9
z3qpw+qY^Gu6!Z3#Z)p8>ZoHR5#pV>+<dikeVgdR69VlyJ{kj?=7fH-j4VV#ItPiGP
zihkOfS?#xVp8=TL?2)oDwU2n0neskVr?Y?Y!F}9#T)^xhec(iWkr*983A!&?v)=)#
zJ!Ooi8jOM8Y#)dQ)n2~1A({)BGjiD4ilTI3tqXg)b6JWzAgBd3G%qwy1V*39{aGdw
z<R_juha~KAT1Dtnyc>a>9?e@BnA-CkB){E(kepXkuK=*UgDqT<d1ZpmuMm$Y%dRi{
z1H}VbYFkPJLe|z3{g3eD8LO(M1n~j>=7~BZ=De$G4smR3v|@fx?&5Kz9b74kQ#};?
zhX`&r6ZUw-Jd|*5Ndg=;x+ny?>`W(L$f7vo!#oF1?2`#I=4S%*%*;NNha2^?bx`(q
ziy`JO3P9MU6iWj^i1l#V@XM(@ioOKf)Q?i(`@GSa5*q_NdsA)-*Sdl!CmcDezg$w1
zi-zGvep25(hv+IH8ez3waJ4_n*!DTkY}=j^<*3Oapbizt(Yi@XDOlx}B4Aj-SmBW5
zNZ|4Wj1L`JyeFx<IF$9bwz@P~ExoGWSgbm#rU9DY7=E~dhCj7F<(XOHe5bl%_4tA|
z$VpjtJKb@_2e>&EgcWr2Jh=-{BTv~raU?|?S6ET6d6P#eXSp-^>}_NDjk`M~aXG$@
z^3x`ic`{InB>gddG7<gqIVA0Q3c^36%zrvFIk)A<A_&9|K;n+98B5O=$2HI?h_)p=
zKL8XYta;cb@HJx9onHL3ku6&|p@UaNIUYm8x*Hk#d$lU!<G5~5?8*xr9t`y@7}M^F
z(cg4p0h`*@(p=n1rTRL%?T7ke;^7Qzc7`GE6V5>9g~Z|n71S^YW5Sds<YrCBw$)<T
z+6ZcO9?P`mrGS9AhowEh@I9LRyS{<AWB{;<M6&MALv2mh*=1=?*BxE(FJv#$-bwgt
z_X`BB&Hks7LWBVF&I>1K;sD&hPm{&i9BU^^zf@FnP>B#oS5|V)MtfQP-|Qw;Yfsn+
zHR=Ydo36G^>Ur<i1}=l9fVS=1XZGOz`(@)%Z92?ydV2c}KNxTed#df>hS(aqBoTmE
zYKC`Rr03cN$5`!x0YcaptXSUAJZG6aTg+^J3LfXBB3GL+Q0pEBF||aFtt6&AA7jdt
z&~(aBVc~}zB;-m`GAed;uE_%#6vqe%QK*oEWb}(lWIKJ9^=2*uu8;W{Mw%)Q<~YAz
zdHxrDQGV2my_lfAq|H>gVN;=H`8Yr=A&P&B2_xdkInYuTEKq%!Rm;*r1#8pHwBQrM
zte{5@Yg5*&K#y)9>xybB>*~0BLw`IgXOLC>tcd)sv_6X58uRkCsY(6|nDS?C7X4^$
zmh}rre>|sv`vv6J`bVD55hT+0ihXlGkH0Sff;SeD+MJx7c6ZN8vYHBX0duqTv8KYE
z#XgRP?ogkl8+L?`(}{j(>7V{xX2c0jWj2Jx0jAv1@(Ex<gkBUe4LOEtM-SQ=*GoKe
zMz_>ZQJ5zgy+<TZM@Hr5rbQ!raBJrK!|);P%+$wW!@SkX<|c<zp2ShzTl#}tSBu@U
zHcwE&4JOE&KX3`T%{`Vc0h!?n0K?Xr+4em<?eHCN*|Dx@xv->eoznNk?spQX&>)W~
z#6td?S`z}>3=dgEE3@4z`ae4gR=Xt}(1eS2PnirZ+c%Fh_V4v(NZEJ&Kn|bOl^c)j
z0VAn@NYj!3LmCbH9}@TfkQn~}cI^KH6}bb9w<|Mw+S*|uf&Ima^UQ1Bw8d-NYFou6
zSnt-owG%X>RQNBVEkF9Kf@PA)2m9wcueRj`^^=`lwB4)UCwkgT_JncSVqJ)698g1}
zjhiP%RXdzH_8#-s?ns+{Wp#%;yC?r|S6e<5y9`_r_uX4QzPkVhj^f{5&xWu!L@ED3
z&{IPO+V^a-YQ*~Mwi*~79G7o0Kh68LJo<;N;*s6Ded>8`QqOzYZ;1HOZc_2Zy><mW
zeRuz1P<Cgz{wChT8;b6338yM_j_OSj)e}>jJdS!-N)kJyhy#~&k%ZRehGFsnwhO@r
z+pGopKk-zc0dNy>04Fl1(^uwQLxXwKT0d*`oRe3NPVe6yhJxbB$&G%sPtRujLYihr
zk+42Zz`e^k>&Zh2@%R52(i-qj^)r+I`Q@r^9>iXKLWYYqjhK(w^~)86*#5`9FfS-q
z!g?4(x!rdAof#gQ`^=Ap1ae5~{)*!_V{=x$9YBKaB0!NvQ(;Q{yklAdOOmtsicuvs
zvUwZ}^H}=BclLvl?Zv#(zlF`a;yZ}Cb=q8tGD<ockzJItIUmMb-bsGbphHk?ybmoe
zr1taOsUb=d!nD@t>~r=|GG!&dP$$9^msU*ve%Zx@37tp0#MXmo0MC$sbPd1mR1h&e
z`e~WO9Pp5MDw#%+(qC>P<NUb_SC_pXmYB-bxsD0u>Eg1K04DnUOp$oHguQS}zLlv(
zz6O3W<SE>bdq@Er{nN$oMHL~@2B&Pj9;OavTqbCnevf4ohj`RzDSfa=NHHckjwN$T
zgTlT%oFBGk<5=i~`4jFOU8oYaq$Y4Lz(G8F8DNE?lN*9DMoGar0HZ(&h7lw6BgCmN
z{g@xcZz~ZKb@*G|T2QW#C=6Kc@p3Q|ht{8icP#^6>KcEtR1qq!YtycULWhK<*qj!p
za`#ts0wobr7D6kF+*$SzHq;#A5Yzmz4z0;5`+c-8mKw&y#MLIdQ$^Gbhu$tOkh<P^
z4v^E?uwZR(aor+D$LA9oXl7wgXF@A5*WQ{vxY#^O5Y6G4*nFO`7iEl)_clIK90MHe
zFUbSIYkx;8(c;d<R{XW%607g=MaN12O8N(^YWm7n-Pnb*+&_-P9=#QhgLzxhrkGRq
zs&}l_^Y(y<!K;S1K<U7WopT>>#^*<*0s_|ft2K8}YYI_0&ZT}F;io5Z4T#G{B$aNo
z*7Fuwj3y+6se5q?;jdDxU$GOmL?#WXmD~^^8zJ^$<Fm%P*>w<cS+R4H*Ge{E&XMy#
z@oNmk3OWwGLz~!op(?AYOg<o`x2SN5%Ie!~F3K2N+y`zQ!KcfQtxZQ@)yO)41F%@4
zLf&M#f(Uo6Xn@VA-Vt6LmI%A~1bDwBz*T;E3iHeE)C*&V9MyH;qe<Bjp3I;6!Cq3q
z%Ihw3HU?|GZi3|?Q=Wuz6@Z7zIB`>Xk3*5mXLuvs{RC6iQ64#a>_U1<-7pdA40(0&
zCvVGgjG88{uQ6nfr31;7&R4pP1~|EkYCff+ue&@l)IU-N9H7!Y##(`_)F?B@Q=-7|
z>_~`Al_!Sv9Y{vKv8)4TtoFO=K{uu1Aq~Mp4LQe75N)-Cv(DZPF?4DjN_F(sSOOp9
z&rBQ$-Ss6WeNIiMPD+oxW6C~imwVbx=Zd(~FR;%;KWKqDDH`7tMV~N70OlkfYg8}i
z)<>zHO|Y;@yNA1EL?Aq7%~6#TdzO*&hBiXxWj=d&oJ6$Wemes#gvfp}AX};OHn!Vr
zYhXLx=@y9>-mqiKAbxi)7j*p3L=`r%L5`r0I@kIhvB9VJ$Jfs7&cc?)`PiQRC)3lI
zkU!w>d)1#C;yr$!RLVzMKuYQL!p8Q4F2K3reMt%o4aPgLQ<`Bfpq13k(Ujz~dyP46
zY}Agqj5p%dpX|>%3KAN$hx~R(Wzjc9>-_W|KA@#w*1&9~5y1!yb@59PGURP<=$C+E
zf59hn9|Ho-p;*C2oZAy(sX3AN#N$twpqC-l#E8y-(&s^3>CD4$fQf1)Mr;HK+MSH9
z<HyO&jYIq%GN>Hy!oAc0*?r7X$$$*&rDMCwC9RXzT}7FHCo+>h%Nj<cUHX1TG)+C*
zz8c#3M4`HA$rbN3Bho2Gd~*6U=d;nr2XLe7xvb6~gf?3rjPTdmHo<7YvO+b~SLQ9s
z?UbN1nz;h_H@-eIK<f-FB(AjmjC|xoA3+UqD$oy<116n-g^6Tw3#pLX8i$E7(odp`
zf69adUJrl794gwfa&NssM19~c^BpPhFD83T@zL4z!%eKq_crt*us6>sJ7LpDnBu~o
zYPSYd7GXbte)9fe2f#7{g3yJ3g==XDp)owRXXJ`tq8S<s5MnlKPW&d}5lviau$2MI
zPI(m3aOhh)jN6g&o{w{Ia3OR`L2PFCAn`vgfw+;S2F+#^r*!7cOh<&Q)#khs+95vR
zC9;XJhSjtn|LO}LH?;O40u&rIsszKQNn&xjDz)H^(g_XrLV&ZL5OyVZpqL!}R!#m@
z$0FNZCdfbmFrRf8d%;?{r4aTHYKVh5w$z1-3&gB}Q7xWVoXBn<x)?=B4T(5gW*eb-
zqZ3`xPD3fuI>E@w`l;T6_!!xO4^_G?#R3~!RFsx)Zk{{UbS{6$A?*8lP}K0Alr!zc
z-?IyIN>tzyIxYPtP$cnfwIk#Y8I~M^lPU4a`8_iv;30DMj!v_lzGEzGVe(cxYze`&
zuNWw)F-Fjbx|b~_!-fOfM?CjO1E(VrkP!*SoamYQEWj2mw>l5z!!2Puw;roRh{w<*
z6)phUIf#Y~!AIE($>syRRU;Pcxz!yMQtq_q&7BWD*<cg#n>G8HE(<>#X9Sx3n^Lb6
zxj&2;fJ3f}%E~rR7#gQqtiifM+9es-Rc#D{s4E^Z=b)z9Y$2~0D;N^OsI$!7gH7Y(
zgbTqO*RLoEB906`1tl;9VJ)734Ymo!{e)Q#iuNPTpnkC^-eJk);PC{8H*v8ARrPZb
zt>AY9m!|(`$FWzN8TCCY4?-`t^M^usXf!q`;P;#zq~Ruwhe`BoqNY^G0?QB*2Za)N
zeC1s+UK%b6jiEqqvw+WNSOO3sKtk$)8%kSAo6Ke4`=IHY`w&ynOTucWs}XN0f;eUj
zl#(sDL8F|)`9c0XeGg+3Kjk^siD>Ejl>}~EQ5;nsNZD%~lq5z@{Yx)85lD0CWz#qd
zn1DF&prGLdMW>W#1y6Uk@K^;Q_2>L`c+73CPSDjFws(+ZTkPv>5<!g^yo)=e;o~*R
zsw?%^2?MfK_LMV2D!ox*s2^O_9U@9{g8IeO6Kfh-L=OyVfPzANT`Ir5%$6cRh|MWL
zlVyptXg`x#Z3$EN7PtX@2J;B2;73LeFiY>Ftd24*cCbQ_umpn5UExY2jG9D;nO;n=
ze;1k_5xcNbl@;)TzR@0+42J~%bb@HX2qX<cJqrj#+eq~gQc0tgKiq7I5!$v?K-8~~
z1v`}3Phg#v3I)S#x%*WBg|70c4|NOFqAM{See!*ZahaRiA1%{pq<%uyWXX91z*ZYR
zpmJzfay%KRP&a+fcW&fqTgG2SgLGRO9K`ssk9<jWWrVdx{Bqw7+{6EN4pbSfg&rNO
zQZzITY_JTR?^;u}n`hu3ZS7Zw0sdl2SGER|Y2ta@%AeG19Gu0tETMP4`0Q^CjO#X}
zkj(5rBQxem<}rK7Rq!#n@MU5Kh?38k;$+ZBmc}gPnxf4kn%TRAn;1v^iASG|RRt%G
zT_6jSfYw7j>_}5#f%#b~Lx_P^lBOs)0@Z}6ED^~8InZ_YX{(ki5Pa@U+WG^7gEIae
zcjhg_AM6+EI-h4P;4j+_Y>*lJ6t<@LIiB2y4Hts%k3ll1$QmABd7g&#fBv<a>WfFz
zaj<_vt`gA`&Lh@??jcIdZ!VygJr<<j`xnW@+PpIIP19+-O2F;i8#Dq=f7GG4w246I
zu;w2Jx^||o7LTNgetTX52^n!fV#e;eP}4OVzL4<!4MzNbRA~=7X|)sV%N4<U^oCVM
zvy#jHf`>Emmt}IF>_=q*L{@ecvtrh9!KfaS;8eJwMuVX@gjIl_ITLA}Co!8@z`dC|
zJkn0qg54eE%1|DFm4td|re1`1nWeflGnXgH85K2R5X#?D@nL*|$gES*GWJvBDZM*8
zx(ae8$BTSa;k+0hQ-A*EEub_Glv~=r-+Kg-RazQXMV~`qM~&V9FbY01sxFpiQdzT?
zL#A$F5lQE^ZP%tps~o6-g`W<xrha1+L<_Yz;PjmnKk_Ua7<97|#I#Wdx_`Z^VXk_x
zf;)$8N#;r$$?H?~9i7(<Y*M6*1YlSZUz!h`ElTuuN&rk=4O+(?>f5WZ|BghzE=u?w
zkLc(Vr$qmaif%>#DE3e@>Bg*ShF~-HUNUuhz_)CYn?0w@U37%o=C-WF3i?P@MW&iv
z+9udH@z0##%hYLQtE;RVI;2WADZEW*TCq*>LuM6^Rp(+gdGpGRrqA7%auSMW1+~k(
z4XG&jXmVE2m2&YfG(&wZr^y=3dyk}+($W7^c|lu5?~Q2&ghVGL_i*>rFi%{THSPG|
zZLv1!ap_$NE-gPkG%^#4XF)YGf0AdJ^iuB>$z_I5W_0B=$3e@SYEs1(>CV5y4P47E
zaio@5(M!)!zuez5x3b4ZFELd%!$W#amFU>!9b%QK(Yt@0D4b&z%TvEtf3in9kO&mU
z7}_%+7Rmqso}%Z-Rns3bR!E9`J)~ut&F+(nkD+E^`oC+HO6d44I|rli6KNR=WMp4j
z7tv%&$g8O(6#1?Uy*dY?hH4h!Dw~7KlGN+1cn1U;zuGc5>w8=SG0V(jn*$J+K-I<T
z;oj>8zi!BZ05i@HyrK8M;kZ*byq}E7rkBe8&u&?O<|mH13$k-NJ&GKkCJryc_sb6X
z&X@kvU;_$0jGBX~NO)%@nO+b&j-6Gr8DMky_RMlPv(ZQ<d{fLlzZV4`mEq@0G+~a)
z7|Gsm-68)}Xhr3@5HeR-LQq`nzs_y9i@KS*j-G*~+*Ay2zj_!y!N~>qpACk+CdwNg
zUUkI*xw$tVj=c|z5wM~g4jh@Me19JZ*IO0Isd<B=#)WS$K?GgQ!~2{;{NJbEN$PpS
zT4D1sG>~T8EQ1G(`nVdm^jx-WHq6^rY%+p_otA8qYdNmD_=0Ce(!i)!;Nx;u`&GQ(
zLdkcI`*LqN;*5w;vn{gQh03v$icW50_jEo0^SrhPb9w>>^E~qy&7FGk6Mq70kMcK;
zKXpM$v9uwX&KB@f{;=#49w3_(l08SF>w~{%kL=M`iupty=)@~W+au9*SW*wu6ltM<
zVZDU{c=x1xOhr1c+eh3^eNPo~<6Yknm(GlgCY5TQ$l}oGrP~%K#1(JrAZP|h6vr9?
zIh6ESe@JD(v>T~^U2Ufg0nT2xuZir42cQR>+W!{hQ^N#vSY+en!}LN%W3G~DhyG=h
zzrSQo|6!YZe8HfA-Uz=l>U1MyXRlK*G!M$}%$n>tGoJJEa1P_tH8f#vF#_mR@Rgq8
z<H?|(4+xqR&C||n1i3a<&~hO<-@aM}V98n7#Vb%hIQ=3N9A>PjYr@h|$tT^{)Nxx?
zl#umWR<sM-`5+Ka8<=4dIa5lpj9J)8<q?riV+z4{G$NL4J+7NZB)&B~hR_x?vtK`;
zryJ9;Pi10_hE{tTaXZ{?;a%4WC?!PJdKqyUGIH_7O}Zn>bf<BcPgOO)^{FKVFvJ9B
zELda7n)zFqw?H>@PimzqMp+oM!iui7b|+$<tom&7$Z0+3r@f`9Gchs%L}S{3F-V@5
z3v!@z*$D6reQt-iW;jO#E%sht+vO6&M6+OXEe`lV?t)QG3vat5MK*V=u@gtjraQqo
zK%^x&s!sOEAAWp^IP@6*c}q(`>=^qOjz1{l;-LL4Bi=|V;wI}FIR2y(a5MULcn{HP
zzuO%NgQ%tb&T(?OBq_f!))}QN@Gwpf$3>VJFGgl?nrrG%TIU{jWnS?NzGwfN=FA4>
zjqHXQ0fA-Cn*3fbVYbRCn7<Wb*yJop`i!?j0xC7iz<y*FMf{e_Im-}`;K*Erqv|&o
zn~bGH&1sW!R_$yG2*8Y>3GX(={|2Q!02YqM(Jn2=`}PQ!0QN|x&*>&1-j-Y784x#J
z8D@UdlDpDNnnv{2lcC`Xq@*|xM1X%~9*t)ru&B4q3!?V+G@Xp-BQ0RJ+Y6pPVUeW;
z)}>WpXT!{s@$~UyGNb?+P0JY2e*N&{cUtgD)W$|zYD<fl9#n^nu1jlq!9w$_I9}U|
z^8@THhGOP>YG`+tsml#1iL#RB#cY1(N>SMIS2c8Yy%LHywnG~kc`T&Q5!m5QL7*6V
zxz3?Pd=hK=`}_Bbk+0ohyQ3ACgEC{ME(I`ShY)`o21&(}5gY<Ma8l^Ik{-(fo@TAN
zUp67%)85Ed?&0$(U?ulUAh;@C_7~d<L5j(}fB7=acqLlhVl->cYW*l$IHk-89F(+g
z56QH)PiQynO@M#-GfyGi8-#_?JB!0x7)p<Ygx%9za=d5Fsd^eMQ1v{mc(sk?J&};s
zpsv%9VNOr$kU|7-RqR<F7rqRof{f8aR(x_`tkF~tdn6f!JTieedxNqSaw<VGG0)f3
zfB+A;n+_u$E3O<RHNm@l-?lUs)#A*Emqhg+br70&x#t5$eIml$#*M<^)Jy?qiEm4;
zm=&9j=V73P+5>BsTmAxL8~zgPp+=zeFo3wv-@=wV!Ri8@LY}@{h+#|(P{Xf3G;YZj
zZNM5ac}|t@GPRp*3$WM6zPR&qdK(V7K+V<>#M1J0Mj;bV9aXh4=AZWf4g_~NrbL9}
zf4~gxZdGXJmtli5MEGR2R(^3f9Ql%SdjuE?MX$NXuV{xnUfFk9#Az4hZnV5HJj^%n
zofs}(J&gg>ZMLlltDUMPOL!a3EJ?_c0eep;NJeqJ%SVS|VrB8J<CB`0bwvG#Y6`|!
zeb=nqNa*NXZ{tIHvl}!xpHEfTG4xEItdL&rif7XLZ+CS(IF8Llc#x2#=qIPnJQY;y
zW*rQ%1?VSqvbp)g$79w)ABJA@d;-EnIYeH&#2<j}E8kPxWQYCFG`Xem>G<q08;lyS
zQ32?@4Ln)WY!ldz@XdIAX4n%~z1k((n9V}CmeEDpQ9VCg{scR~*&95lF`;@1eZLvC
zamhXRU_h#2`m!dHEtI;CxMkcnikOLBUMDD)@l+-L#sz%WftOiq^%?RQmZi9z1rJBE
zx;{XVwt~3Pk$yvP64atKD}Ph;mVaNX(i?i7NxivjSlUg$v)ufsvzpI-L%nN-Z7kS)
z3mC_Mzr5aVMdaRD%*V~&tUdF^+X+Np;o$u}8qK9{6*AyNBvquAS-vQ~m;XZ>;!AJe
zW??3^;crf2u-TGB`2n?O?Y6p#I@P0Kf*AlWV&#D5_g*V(XbeAc3;HK7gMKxFr)CGz
ztaNYtI9v3ev_GS6?QwNEPk#&@9p|sJ>=tjbc4q$s^3-n;Hc3bdl&!fM63-jkoEC<9
zO6ZT&q~Y(WZ)<1jNaI|j@2lZJ{c#p_b4sfQb;_nuaiSL0%bR!uFXK6TB3QDDL!JTH
z`^*o_{M*!ekH5uyBO&V<gL$JZ_rdhv?lZydwhPDM;F|V+el)7BHKU7Lk<;YMIFH25
zxij|8-iCLc2Hu;ei!c}Xh>j=5hYYr*BK11yR*f3_Wz!{^_cmP-{S?R;pf+u9Wo*)B
zXiP%L=}2zFGx_aL9<HXNyTQ9k7;*r#7B0^{^NOR?4T+(K(Q)tLokTC9246SkH=V%`
zw@kiaqlcs|jO{BkMOGJk+2TJhOk;Jj;I%F>m+OIiSmroFZz%-F&Q2kx*|DO*oj8(u
z&eO;v6L1y`6K3(s6nPa1dy@U7s>4EiI}H>letqTqcqudxXL8^ZMR_&9Vch|A-fS+d
z$K+BynDGij`zMHuXtx?wk%Y`l|1REAQJUN<QiqbvNNXrYLq$xel3@XrW>Gng5Gji)
z?PSqPoD=aXxol`2D(bP1g2&WACW%v`FoH%{A|pi@igkj_iaGuw=f0;3=))*)mKt<&
zac(NOltL|^3yv&b<nabuNe}4FJ+bPBSsE>FhW163lq>rp^JXc_5(H14YIxnU0L6hg
z?BIo$BY7rwW9$y|qxsPrG3l_cL*AMDVfiyZZ%^ZTHeS+M?^-sqUdk7LUr?yPy7ev>
zDmX{4-rC9?c+lya8ef)fKs8!cK1O-s1y5Y^vXIaF<mIfa8syLDaSa%waJVK9{O(*k
z3dS_Bwv?B6k|NKH$9W`%>=0epuO(G1xLD<Todpm=*SsVsbcnOjsL3Jthn~8mnw{LO
zu1xXBzP)nl&noK=rowgDKTh)(EY-U_UYFqUWf_cAcXQ(cn&YR;C@g>LbfUxDzhji2
zv_72Wz%d=YnJMbgBmiWps#sKfd#DxmjPZpP926f`qL~oXkcodQ&%ScSV|035#jGA9
z6GpDubUUfGp2NXUt~sBIbag%$>Ua?C6COU&cGrD120yL2ZHO3gXN`+4eob`%1N4c=
z1rQ%RJqVlo>bsD}$FGz0%WR%%YR%kr$c^K8p#_$lY|Hqr2?4HI!6$fu2xoHmVK^%p
z@J9J_k-l<p#Z@TxQY=!QR&;|bA@Fiu_xCSc)UJG2zi-qnpP@P>_x>f|&zi8elilWp
zQP+4~A!6WGr|v$tAY#qkdW%Ms&x~}xpH!cy+TcNKL-v<?OsAI^u}6~cM4D~SH%j|*
zG+i%X60+O87?37^TGI+wwi10*YHu1~>uEcEk)D!UN=Ee5`^%ZfS)-mcVwx9x&Veka
zQ4c5MT|oa%c3onE9-c6*ihT{$!O?{4N7IzQRDU24Hqel$NoetXT8oGvdah6-<1lBU
z?D4>g#s}>tA{>rAEQ7&eG4?EF2wxH}OcAxDtbWpR4{+@#`OZmb%ri68un}f94CIs|
zT(WM}E?vP-FmG}oO#0%5kIoNGDbKyvXDzcDO=pjPg_PVrwSI;AdpV!cY&=AoZZ)#o
zYQl83FMba{co!6572xqyR-H1fsKBtG!o<SwbSp1V`gnx@O@788(=gHDo8&(mH|+D6
z{h=!;1z<}3S$1}s@j`-C+aRJnQP7;!kCOS(Z?SRrQlNiFY=0HNH-$Rta_I6jmE$W~
ztx4)hoADE>FcKFleS>o&R@8^OcMXv$D!EUlI9?iYhgst@{Tyro4$gh&&J&yVz=<X{
z-f#f5S#rnnfbmX10}o!iXRa*?Rl3%9T$x@+0?-H7E77W9Igd70hTM&FQWsdBCJTjH
z<VVUz29!8a`DQRzF~>j&jZ%EjbedL_RmM(q>aO>y%wV<Knh0lKKV^$TaO93B9lQ+d
zAS$z&vC+<1$$AG4w<DJXA{bixIhQ@0!%Eg3ymk`zxl%FeT`C`W-d!g2%q6F^+^k2{
z0P4vF3H_YO-Bsz*CB^ZNXW(maNu6d#TZh4FrwI*AW||N3Cin%5kBz$D*dKzFfaVxb
zV}7K!nf8V0%A&{dz4QGI&X&SB%NACT)g9@QPYmeat(gU;7*K%gqQAp+uT;ws2NfIF
z)p2EIERtXO^2y)$&wt$>!G}R3)N|}m02StmzjBA`Zv`Lc2hvD1!=)Zuwcld<&M@c1
zh||rleO^@KJV(kB&j!%cm-hv0%EfG!+a~g@T9K;3n`GaH`GK)-=05ZG9-XWG=j$~b
z)zrG{+gh{Uyhdz}A4XOQ6fJCvxJ7^0;sSJ?@S&@IhkOQyE2g&PscWHl!C6KH17c2|
zu&2>r84X+7v_sfuPRe;$yW9bWNZR4#O&iXmJ^o!w4b@M0G2xu5fp_{c_j;M{jWT53
zmP9E~zwY)gzDPDed2o_fL0P1VH#oXJ15J>4!@-+22p)k?<y%hPmq2tUf5#flersa!
zJL~CGVLwCrtckN-@IHpq>ayuy0Lm3@?9~P3vJI9ibr*zf^S0@M_6^oQX$oCF%s4Tf
z!5r=K>*PH4?<4^IezQU%j@j}DDb86mI;gy=LOHGnLk*rXMKjRk{U$cpEZkfliI`yT
zs_%Jz87q>Ta!BRfJ3Wqd?=F6w0IWZyE4B>~AlWo0=o6`2T6bp5!FI8Y04V7F&83XS
z?wKj7%zGrdJh|l&y<K1T9ktYFPq1LT4sdn6E$e+hb=&ym8e}b&g?vsFauw`0?kh?1
zJp?=aJvf!MLyX5di_*)=Do3)}lgwIf)EY<D_+<`m!inY8f&rS>398J<li?5ntNinj
zC6{Z<`6Gy&S)qz49tpxN09RQ(hw?+Rp)_Hilk@CgMQ1m|C~ihA)B<N2)p!-ataaI~
z(>bTL6RC^_*fh$^4E+le5kp~BDV%|-3V$>cE=Z-QKgPnE=fbgZ5E#$T0q)9eR%T-S
zmMEFY<5q^VVBgtWsxBqhEXmB5-JX+C!+07J3X8CU$*m=1^>gtLfZdIq{feNJF#Smt
zIuxBV_j3(U(Slu8S+!cLSHN$v27LjSot=noy=+1iY8W<<ZLxz@=~iNWIG<T=L#ev*
zceDaeaxD`syE<7Z7@DdIy`rpU3YPbtp{4cokpl1OGV&PsOOGCleCgR0g<GTu-=maB
zEPiRRja~J^iB%yOka%fj7!fKR4Mk<@dTdQgAj4Lv=j#JrkxKlM$3A7MQV9j$qy0eS
zc(Gv;%T3@oDXuPe6Wsl4?ck^b&cVWIU+d!dOt^ltrHJtcK81t!z%YTVNXPr#cYDpg
z_@vFBEdQycGbn#zTBFYDGp^i`=a<I5cvmDlx3lvMJK5SPAOtV;WUv4(Ec3mz?uS)g
z)AGzuWU~a-1;yKf{U4h4?At!$=iW6-)#0Ld3sS-Iem!yNB6;N<Pt3}G4Vxs~M-Wd%
zEcE`Rv)Oz{uI{eKenvKNE60PGu2gtEPUDgI;!O=m(V%5^>_h#IY|G5w`IOH79Dazy
zyfp=v!kQ_00KBW*PDxRX83N=GJXenBj{p^RutUuvDCq2Rh&;QMzvM8NTdA{Xr>a?J
zVO!R4BE&ZAR#h~%j(cl3=kf|o8CB-Z>P>Xht{Nu7TqEwIx#!l7g`Xu0Ts1$aGFs{y
z9<nAT1DT+#FJO)<SoXDzU4luf`=)V8FCcqXWZ2KB0L;*CZ~2t&+-n74MmomvY+07&
zbezokI$RUR(1+Z3n~{hyHdZ18QJ<x?LHXJC1jgU2@oqi>3JpKGc#NUZtzbyqnb-*9
zj4ux)?M)%pDA=2~E>qVBWAtLB*U<QIblN^G|3MI1dxRMyqf59mXKi-YqPa*mNm#j|
zeU>Kzh#Mj^&ZoQnnTWUA^Bcdjs?+VIuJ`0;*d}qZ+@+EdzVbG<M1Z!W4LiFoQnYdi
zOO;mzk535XcrB1+p!;N3l<eF`BhHo}g{|+4r(LV|gjz+)&&JMLIz;Lz;OJUY)3)-s
z63!dbx$~@=7VaE2cTPCht&@MmU?N#Y;JgEF(d`d-yzA$lgYjF`?V|mL4rF#%e{%<s
zM*j4aXKmH4W$_&m#-RsTmys9*)_HFOw`Rn;?Bd4Gs_b?AmYjj$O?>X&3V`iKsTw!m
z6;JO;z2(ZoJuc}5uy79eANkkT{%~@C_=jl-x~Rx;A-X7XdVDB8W<6y?$fMZSbcz8p
znjji)jvyzz{B48toinXzpj0(^7B}fwZgbk9(Z#P;Eor3Ils~pGk^`5Tq&~mafz8#q
z8+NE;{QN*9xhb+@fr}R2!(HAwj)TN38M!0$VKp-eK}k6yp^$EhA}x9SMf1yX*+p+k
zuL-o?q_moGSx#+ia>Q>Ukbyg+P#*yIj={fDc|OO{X_gq?d-I~Kts7nnR>&PRkF5;F
z7&Ta2IJ@|DuZw(o`BmdBg}Vp(dyd|>s*n1V|53boy%L)Gu>af&HnEnUSdxq{vQY#w
zbiK@DQ6bBBuZ1JX;zb77PeIyxc@PR1^1n++w@ea!KsJXFdO2-LKufT%;yK_{fV?Pw
zy+{wKLGQ~Nn@j3E@qSvQ>GutI9J3y+P17Q=dgKj+AO!b0<L!RUT{N~KdwD5nTQ|q=
z+nYTV8_xl9w2pr@#i8o0zjFCMPFQ{<ZhTaf6(7$=y`A=o)mU67HIrv{Nn^`Y?9<bD
zrS(p0W@Esy-GXs8>I5ZEg>nPdw5NSqM<^(UHMo>KL>#<S)v%Yc!yR@OnN5CAULLFN
z-h1hletPS8+dcXk2@VfgHXynxZSHx?+!nZ|R}b3GMUgq}<yQAtf>vg3GI<&tFd2dP
z@Y6-v;M%3EdPleH7LK%+uimuqt|>HczD3cE_*BeBCA}$XO8>@O-ZliNr%qEcdE=aE
zJF$4;F(ta5&7>oB*$&V`;Fn&L;N1}=;dYw)+Je%DYgq&Dkl*4W2Z(<r1t?+dVuO_L
z{lHy%Jy?J8QJm9L*{~f5*iiDQF1#SpT#J}f+t$PM&=}dFJXYJz`Gru`-X-US=}}gx
zG_s@S<nfQETM*SnmkE&nM^<)6bxmoMA6&z6RJM1~Ue`u-RUKUaBW+`8uj5uHIRq`7
zJgf}So_`2&6><-2u!pcU*e^fXoV(H7U~p;NwN6}VB|YR}=S2Gyc`r)&e{UAP7b;jK
zqpRofE}x@ndV~M+PT(vwf<FsDx)mI3qll`84ZdeY(L2}yaJb|VZU~etL5|p|z~9KD
znT|xYeOzkYYw6mCiy&>nryP+Kql4Q2QIpBO=$J~zQd|&g|9a)|xmX2cTErRbCl<Zv
z5`vaTRgr^KNV-8JtX9N<sH#<x2l&=pz>sJZ@Pd`cfmD)%bcnh^<X8S81f{lCl>!N+
zT|pJ@{ihF5A_R?q%e=pU$>#;*u8RX<|J^%E4q_P_&x+si9Fty_@|o2up2#bF`2lqZ
zY{GIQ7vTBXlXDIV_UPF=emvJ?Jsf(|d_dlD!RCJrrjLBOX|Gm$HQA!)=uVM!{cr7P
z&C{s0lkhs;WK=KL-O8~3ZIgxdkMoyRtD}`}4d8yfS*yEc^-n&#_D_DFTjFeIL#tYQ
zWgPooYr3_kwu8;on=(8n59g2J?QM7`U+y#yl}_{8doK+^higb__ru?FUH4u>b-ue%
z_mii3)k?43Y%8>RTnx3oyBB7S|Ixeo$A9f!`X|n*Q-19}7LYxDSXC|e1?-OC{nz@R
zO5Mb1Pmzn~0~Ka&c5+w1+K$AN0{YXA=U=On!0Iqf(8;lY8yZk)uplD74>BwvD4Qj=
zg}m73*$-I1xS;*0gYUdVKj~7e8ZX?jrnB(R&q#cOSt&$Ky5~JO;B&k=$sp&*9{<T%
z7MN<Y(0$Ot*K$;V9N-;+f)F2zbG_!)<Md16laKtF-1nYO2#2pmQbjEo^>KZG)?&>t
zMw2{VysIU|{UEg1q^#AWAgKSQwnG9Yh=8xd+9RXyrcp`oly(UnDkOEj>`pLe=kNe{
zF!H#@cs5~4tU2LqhzA#Ot;zNrpMv*q(9Moh=LOJ|pxbp+3Rnl*2uvD5^6f^Y@q_<K
zrf65EFH6<v6r_Wpv<;iu!t0=izGSs}5eDtjfnTt>JF`GwL%?ST*V+m#B$0X3?-)qb
zAWJ69q$oh0mWwR*@%^L)@)f%+cnZxtUI%=U*#BGf2QqoT<r1~~P<q)1d=GEo?~#;P
z(A&p2$ikRZ1K{>4-_SNcAB-2ul0gs~%C<<aH=;w(cT5Uu)RPURpyvP|B41S)Myd_!
zrV2Etf4jg{ifJO|1u6Xw<mq*Sq5iA+&OgNa3K*mYPI)ktC(>Tbn74OW!9kjclUqoX
z_WP8CI`$+UYQ;DR4yZt$;y_NRF|9Tr1@`S$Hv#?c7o0K?y;9-%WhwrE8vI<8uSjjZ
z%W-u6YaF|t5Jirm0Jg21GMR7=GYd&#3%f8338Hr)tY)M<jT#rzU-!aQfcdJ>)U@LJ
z->|n0423i;)p?{@PC4C0^A7XDZAK~`dyfi<{mkJM$ucRUQlmK=bC<9f>nG;t%yBmo
zyl{tqA>b8((o9Rr7kJ?`6!phjc0rjFk|Q{HJ1~?NN=H-=c6FPsngXjMD=RAu!Yl7z
zLsiFqKaOIxbD_yBPhn_wp)1WAXzLo^uPau<CgJ4-DWfxqMnSA6b-vNksJN-kd?Q=C
z95u9x;AfVdaA+{e+d%Nk%8kQ3st$XkLZ^FG762%*D`5%tZ>kgK_%2OzRX#>;DU=RL
zOS8a?wfs=1KB-LAEVpk})%Yp@GM%jiFE82}OczynfET63{wZIV=0Si>4}Zyt>$qz_
z@MgEfgp@J#g#tCZtskP-YfL2V@%gXW`D1T_V3bGZ=gbdI3MpmHH{~Gxg)m_HOzmWt
z9KcR$1P5Y28MnbHiI)}Dy*uCvJViyyi9_PI9A7Cz(X+qg)K&JvI<hzq$C1a-<C?Y>
z*dM}tYj98GJoF`<e&f*$eo}%Q<`Nh0L<Cur%M&}@T4-g0?tbUO<aIE7m7mZ)ShDLj
zgNtmuvF_@OM!z3NfJf>C4Qa_5JWnMoEdXDfb&S#V`Y#S-Se-jdt>!)ZR;U>1C!?_L
zeRtXhtQMrcxif3h5InuK<Y0x}@+2bq5m3|B)EtO^FF;3eRZVhP;4JI5s7EzCr%KcS
z#bhmWwmb!y6_a}R85+G++3+k%Yv_L)mJ`>F)2)|}i?IkS;zPl9iV+`*Ldrw{j(n4C
z{zw5R7xo2@jaz9h$)!OB@4q{Sk;nN(nn-9MFL9Lm8nW4Gwm`lP%RUbgITRVRYv_|z
z)$RqY3l2V!AaQ?0+WyniUaQPg_G(tySucnbjG8z>f~A_%^x-EnQG@mRQNzEITAh+G
zZ3X_7wK=hlwwR8o(4SCpyK*rAlQ$fF+t?TIu+=k)S6*i-^ug;V2^X#Ta3PUhx1U?~
zh`i=qdsOBgzCWjjhLq=Qw^Gg8klvt+1q$u#$oj<mtYgt4%G9|@ot`!hif`qeW9#x8
z63=|Tg#Y+bh>XX>8bz>7#A9(<<Z-XO2qQ`DfWOZ>O`G?bW$Yv_aX>2oPWx?Jy8KS-
zk%eZSQlXuJ28U*&=vRi?bcjDL;fq}$r&-2Xq<m0aU?N{I_hJ;dLwZSaUKk?}N6TT{
z(3;ExuINKP^~fN^_TO<)Aeo+O{l5OLSdkf#uzR$`^l5rG_ssKqbrEtV?ACzs)0dIu
zri|QSRo=QKg*~s{7F^*0e#>#)gX?A-ZW-6b&d1h<0SoW81ds$JaENc?3<n4$%XJr)
z9(5OL5Q<Q>{W0Vm3`s31IN%LKg7rS~>#|-u!$?>;<zQk=N_rO!!X*q}uTR*Z1)jv{
z^ed1bX^@s$3C{Ev`1;PA-iCth(E-;)`-=}L?^FesN4vgAgD+_SodU8zA%F6q9!!^k
zQ5gB%a3ld~OE%J70ys*|ubtI1*7jG*{okXh*ona3XDN>PteK)20XV_+D)%3W?Gm`v
z;sca7;_&i66_<<}d0Mv5Rt$vumjaa8l(Vn4wVzo2L@<dP!M4d1W`t24n1NcrXv-8s
zD+Lv`al6z?>@1!F4!i=@3qEw?08)^rA9E4C-;7pWHtQsaQf*>!4uzM@m9Uw5i8`GM
zk&+le2pT}DTyP|1gg1{yzQ!M7me^NOqdpch@axnIS+C*EKg!RGA8n<FqJa}cH%bA?
z65Yu>0kT&#`BTJoySRV|8ZWq;&S0D#N@iO=G-p){gS`X*?0^QI|G&z{3q_z%Ufj<Y
zUYIg<q@!&Q6TwWw(HhWAwZ_Lon{$<^BJMy`=~u$dGCz5}y`0&yu`>$FKe8SNqcFv8
z9v&JOvF@ZFJ<BJa0nh7saVU3c{$`{y)xqIth0S6f{JRV|RA<YEd$((Qe)<KiZMqkp
zeAc@Zh)aF|Si9K}$yashMv>~`$K8_V_gER4I1@9}5lLjKy!9<-tzd~*MtfW1+<<Q1
z$Y1lXk|iV&>ZySw-rTS-h4(fyv9{+uLSATvw{A>?&~z|}*W?Q`D5KKdI>RiTH=jmq
zZ9*8osC>RF{SIWTgI^9ohG7()!<PEB{7C<Kusj1a?pjWAy%XAQ-)%q4*ZawT{}xb^
z{>>g_gY&Y>u&U6p<f$k`gD)8p7N%E(8k<-_b>P6`jS0BDF$pgjDRFn>EOZ?RQ_qCn
zd|hHr?-SQs{gy-o;YZA@vxlfRN2VI6?)wEs2K<A*S&SCJ0a^IB25z{<L8U^|Pgyog
zFy9bB;a5vRunuHJ@SPn|?XBD~(N~8PUGR^1h)EsQXUM*1l%J?KxBnfhY-VDc8@tf)
zY#U>{y~&G<yA{dlO$LioV+<x)2-TSA7v03%XzG`si(m$`Wlh@0i?TH}GXGcU*qHvj
zY;wfYxB~~C{)CpvWMNNDf7ILyH|Kp~N(mBhP@9*QDCHd59pk%%iIvL4z%&$;>tM3>
z#r+J^B&prf6ZXN8*RW7|&(WG($Krbxb~Jk5{ilK>)V*Gau$O|2{f4;xhJffUvYtOX
zY8(Y11@-m$x7eNDLTtDGFT^iFI9->cf$FKoU#!sL0v81zJPVTyBiFK&Z&#uC6T>lp
zP%BrEZZdMyrI=*Qwh$)KpzbWCHSRz79)~yxjL`91U)>bFq#+~RaR@({hFQKKzBD%O
zJ63*3n_@Gg1<FE1O(w%(+&MKSSOO8+G=se(OgjWKAH;;u<1F@2JouOBKr9j9^s{W2
zjRR$4)en#)Jj{8J9BFtr87finK9G_Da^21C6%g_5)TB9o&RRi@;YG8yjgzcEdytvL
zSZ7-U>JUF<l=qP&mpU8l5lLyp-qGrQL|zc&bSiOKdmvLzUMBSS^~zT~{CUiORoD3o
zo<QP=wTg~<p^6iEIID&a*(od132M&d<;WGh`SzZ4QI|UFO0dYD`kYkrO;=(B@Pr#y
z4m@R02y9(2+b6v(g@gAt6nREks}~XFSDjDD?jKYbm1C@Aeky8R@jxREcSkp-KQe7m
z^H&~D1#5&%m34=TT9ptpSeQ_V*|xldYI;bD8OSH8t7WL9oC>6PD!BpEurA1L^@hH3
z?pMkfX>%~@ioU*FDUE6oIKG?%?1^M^@RjE@$nslAQ@zDe!&F-Du<V(dSg873wA#Ab
z8?pKon1r?}KZJYlm2P%eJ>{1Cbp7}<0OLB`?BexC0p|w~K|AI}-EgokmYsLDjlF7$
zhUVUx0Q4&8l`6MVSws$1GidA{dd{yD%TI3=Qs-)bSf`l_YT<2x5(HoY`iS^EJVq&a
zV4LgdU0yuO1fzexDb|GCe|{&3?duk(rFs(gPOycWo(6@be(f8*N`lD!xgz}e6aJUK
zgPL5R{ysQU=#zEt9U>QWQbQi;CtTcv8<!b@^|6w{;#}Jwr8@qG?unD!^%gbJU9qYq
z7@c))Cb#ueVsWs-mf^%M0LwT7bwAVI-Io5ri=9T?9s`g6x94B`7n!Ice-S;p-wzs7
zQ3oegbz84ntF#YKT-P6;;9q&L(xyLy#14%j0-YS8M(=N^2A)Q(3=JJWdoh|7!3i~P
zv8D(cX4@_po_@xNd`K^syTI!nY<5|k@}=iF_Ns6(=PH^a19gF)0MBa^avBbig(vMO
zX>l0FQk?ox_|GM)Lh|}M=9|AWP}3)}EW8|k!%EJMCZghKAuEQ@F3Si!Mbj=}WTfIN
z4q_i!ihNcvFun<XTY?>0=qVgfL}?_HYjKW39eCL<3EL&2glDwO+ad;datjW10*F5=
zauJA$MW&lzeE3;N0i5d6nhuIlH0F$esIw+HRw4&2#m)+g3e~x|*4#dTfPi&*S#X5{
zQe|@R#gQ;HFpGz0+%j&AUy!@e3U4Gh(VBy`gtnR27!|RSJXJnU69ej6EU%GXxPaHv
zYd<*kqZGe22ibXkaTk~`5%^RJ%|K^2d~=*%k_{drR)eGsNPScxY*vM4z$a=>QH9MS
zYOdaQ(LT(V;EH$@3Hpt!tq#!v3HfqN-0Yf4(Ck_noXSAd+)W%W(xzTU=lzBLN@wtV
zE+bVnz_)T9b!QXc0JpE>rmL?m$T)!SF0m!PdM!|`kFBOCwjU0f=9iB4UYXjnM1B*Q
zra)O-{^nZ)Xv%!~)x|A4%X#auQ0_iJ`21=Tf+;K#OosFHb|w>`nY<}6Fk%pMp;)W-
z1nxS(%$QR6nf(4|1XB3@y?Z)8mslx17rMFc$88(-(j$V0dA<}>CIrZ8`X4*0^e~}#
z=AfgO-~nIRcxR+rk9npQ8eum$r5rH+Sd{>V6J%d_K(CHhi=Sm#P36s`&U^pvW;ZIb
zIWXAMhA+#@2Gi2vqDF6`z7N~Mt^*M>T-(bg?NP<chR)$CY<Dw>)=0&{u7cqP&tIGH
z?HrPl?%hh`-)XHpAHQ35$$m8NOe%Is2wlN5m3KG8x5sk<{de>?Yt>ym=$Nk7&P(jp
zRqqJ_QHV~~)>73^-pTAT-Ww}Fey26uv(ke8%Mp`P<Np8h#lVu(6{}T^r!bXC@8#si
z%g@=-ZU(s3^<ZxNt}Gt>|HNpkJ0aMEZDG>k2O6%;ga0o^9(+2B!?4-WB-%d}y!dWs
zR3x2reE9!AIzD_K+3eV!$&Gdi3&5dl5MQIs1^LS=VXW8eA)=2#TTw&V%4W~x!pm=7
zyd3ch+2J7nuEavwy8IItGXA=$kJ_qTYCF~1%}F(#4r@9MJGTPYQW3YUfzn>v2_PV)
zTubfyH`{w)&c^E}lI92U!SuD=$+UWYPX(J#iNJghchl6B0MGJdMo)3xBp^eNr-{qe
zJWUl=aV4WhObB#AXCtGBY@DIImuWA<uYNegPl>0g?QB{wL+WRg!){{EDevy>{-wJq
z@xPgAk>l|%8Nv<J<QHukhZ@JFRQOW84Xr5vZJyn6Q;l!y@443d4RbtI!7X{e*6mI|
zig>$*=ShS2{;$n$E#$DPV8DwFGUvk@?fmYtL03`*faz<~S%)5}<$jIvyzG8W{c98P
zvxQP^Q04F1#k`_0K{c>W5A_I3bx+{kCY0QX(BrCeRxJnnUi)M-d&)6TlxgnG`fIA<
zGiSs1sAGW=)_}Ik0;KfvbMKI5B}Hh)|BEJSs6X%HgE3+PS?KDa4-kV))Ieq&Qg4J1
z%guZsYa9bU2XB8nDEf4i^5?By<(dB@=vZ_cbQ*Z-LLBhj_x%8fjdvwu#f-_L2M0gM
z&7+!hJs3@UKwT-4I%6{X<_HzC5ki99$P3C5AM_JhwKO1`{E`w?9(59rt#IjmVEZ<n
zR}{L^5wf`DEzvKj0Jy;yDU+D$X~kMK6FWgbTrB)1-hQ#i81TpG%m?5C6@df7`VG2y
zNe~q$l3~Ja_R~?~IapR3Kj-O<e;c@fKt@7g1c!|4`jQPD%=L=IGkVt=523{&yy30l
znE&orBYO(kUdW>wl^(;HxuQdpJ##z}HV94R)upJlT0vAk2PmRcDWm94jN~+PyQH=0
zo*E9Ey=E(gcc$ay_v0If_OeLOY8M$2(R~!8uzs&9x<Hw-t|=H+^;3PM-7g10ng^oI
zGa^q+X4IwYNJUo(pQm!F@CkJ+MWTkbiYLu?S}{9iOHmv-J|<0s-pez?q6H2M{ig)u
zJJ#-$^MaNSc=l;hygj89;mG^=bg3B8clde6N&1E*qvG2D+q?Xzzj2gW!&?&BQ)tC7
zq>{A=FMq}%cN+TR;jQ#u&%CGb3u=$?+Ry`R;?(!?+U&X+;b{lr#PIblCH<-TxurgN
zm93PV%Qvx`yM}*jVO;|k<pA?|5Xvs2Ogu)sd`Arm;54*V9o}d8$*$z!5a9jpq<mu=
z;B8^IjO`<S{Ri@C<nULp8jw>vUT}AXh-P=!hd7>NcO@5beYeN!KNREsrvAmXNvuZ;
zfB%()hrp_*20Zpgu183`M@5$dFiiR5|JL~Sef*{e%3lgf&ZeEuDK!e)P%!0*&b%Wx
zy!UykCx=^`9hk$i@X)RzCY~xSIi7bN&b)_B?oE`qzCdQ-6RC<*`A6B_IP937<8GVs
z&_v7aT5j2$O(r*Zs+Y0cY>d5|BeywV`TKYKe*X{fW@Hj!h97k>xx&K<`KW^<9+qtH
KJ%9%xFaQ848qCQ6

delta 16530
zcmX_oWl$bXur;m$f)j$fy99?2+#$HTyX)fa?h-t>ySux)yTgOSm-l|R?pAH}?CH}#
zW~OR(t55faC4dLSgCogHK|*1Gfq}t+nfd>!L9&NK_-EB!t(W))1rkExh=9iU?Z;PI
zrpfcT4boAMm$(AQ%DIh^ha%mk3o_G~iv@WyGDqn+1c{Z4wLM2r)4AN5ZmqIgED^kT
zqEXw%#(kE=8k9U0#$SY>pP1Jtwt-gfp66P#r5z7^E3MM;>TmCt44<><tA2cWO1Nb7
zuex`kjhS{dqq`e6ZH{IQuYgKh-Pvp!;if@{5_i_K%TLWu%#a>eO_{)}Kp_YbV44cl
z3)Xg0zxpJg!&?}3u?i3Rg#QR;1o5_fAuTtXGD(K5pp45BTzk68zM3l52@S1Y{PKq3
z8C~-saXeK+A^}BUgeSV6%E?`Gkw9<eIMkZ85{IM>si;2Wb6o8+3ou^Ow`3_m;Zw$8
zOaCekZNzRb>LF_h?3I04C^YoEqy&~fG8?!f%<v{jLq2eW?p8puQZDv+f;4D?g5g=i
z8SqYxo5ApDL-W@0GrYv$g$&LTXz^+IL;cZ3D)Cx9C3}HyN0u`|&JN!uy_fup7N_Q4
zLhxH;;U+%nM22$`0XLyc`8AOevX+8<0o&eVn(P(i2D1212^$8!qj)!Fd-Hv5;gmh9
z%-Ykc81Yp-sa)@&j}CNnrC`;dN)d!g@nY6(j$^B~8$Veb(!fAR$}n=<Vd}6j<G553
zQlk9rZn8huE5*nki)JQ~wHvVqQCV3L<N+!}76b`#ZGR&l0J#-xcrf9?)2cprE(EJj
zj+;yzlNiy&_M1$q$Ugg@vVyYhzAr!Wm}L%G?{Gx*-4<%TUUDZ;kVWH7XfxJ`@sn3o
zDu|BcK-{x%{iQ&6m>-ToI~fo@wc#z$eY*~BhnnYqRrB~B11+{4k_#z|_Ub4t`!}-c
zVpy0%!RbbR6gbo5AEsB1;6!vzY$#kh4Nrom8NM~dj_BXrftEF`@^qWNxP0*Ngbks;
z@y0>Cq4GPLm{O!``mQcvDE9ZZqUDj~%i!kz@&(3MQ6IlrFed~$D>SdXP6S<QMQ%G~
zCdQ{)jfOgC>xF2f1!-|{xO>vy{nSrHiDxx!_{LoviU9t+2WP$)bJM$_8FP#D?#6HP
z!6*ua2Wt&5geD0LD$4mZF&&2t|6%<gy+r1;!O8mOWd1R@I$x4m2<|imSoNm-O3C0F
z_U~<o!HZ@LmewuN3ucp$S5;gGwO!iQPdvdwaPFseh7}3$zX_77&o{;Lcw7~2(3UAc
zm=k$<qky#Iv}pVHiQqG~WyZjKpmzqFDRM%64lm!4Dk*s4m35*5&oi4>G2noDZjy?W
z)@*=98}^w+O}^e-Q$na?f4?8P412jfQb?H9cd9psGhgJbR75LDhR=E`Ig*dlDOjo~
zQ_?7#;kP`Xq9AYVbtTMiBWgJoVpLaac08;c4}_D9F=B*XI`|#aK=`T5v#1|$7SlPE
z4gY+EAN}c?M(30=`m;&FkF!lKnX_%oy{;{m)3eaHd|pg$N5&j;Xq<-Q&h(1^xlT1m
zz*8<(z;o=Wt|?K#Q~9ax(dfCZDN_LPSM31ud*6ETmFOq5iI~{NVCjH}r(vx1WUvJv
zCD6n+E4*6#-oaPq+Pu~HlGWkI?trXi33RR5gN~b*njTpMX)*^W#KUr;y>Q8wWov0}
z-SZ_MS2D4gp6Fo0@iEgncZpo)^^Z-A@&~q}7frV35d)j;s1}0zd90XB_V&iy2}j%4
zw0qk&M%%|MkdaY_Djk;_j?JbTUh;*u0B*ZSl#0rY?^lm&AR%Ci<K~hiA&=xr<)oA4
zia%T^Z)d|Ipk%V`3<vgcye%oXp5+RZd~H+3a#fo?Z+;bn-(-5>`f6CV1ucy-6p+1e
z>59CHKSU7uh=+c~z(V==bOT{S^>9OsnZwDWX_n~k-6eN$pZD1Yjj%?V>#LL-(4_m%
zX589*hTYhF((Y`0ERD7Wkhk-cjJE~IxVv8WySZK`U0-fn9&B`wx3{ULxju6I8&VFo
zdFsMnU3%lUXSgWiZQ=Gsyf=hU<~xjbCMs(Gp~Z9{_o6z<v&S6*&*w6PWWWzp<#Soj
z64_}u`YF)n|GPAjDpKGs(GfVbX<OUdkz1tuvqaD_ViE4>e)p_DG8C7<M6P9WCQS>g
zf))Cw-ti<7#^#Md9KM$y_~=s~@o984mNUC?QZe?YD?cQ`#~Me<O>&cT^2M=X*cRjh
zrxdr^6}L$E&e$^kv$yh@42@mU7d&%Shscy-X`v5xr0_j4;2=^uF$);e+SlI~Ub}QK
zZV`|0Qc%y{pDJG0r3tVtI#uP#SAAg&GZ?aXbo!IpxGYGzFN`>vyM(b+|DJ@+6!b=m
zWVX-MMVL~C^GommH+u7m#O9YK5{*Zpcyb=ce1SM0<BemSu=Hr-5py~CK3q%o8w-kB
zw^n;TEOSPT7h`8Z90VY$s}y&}>Ed({%$ZsLXJ()gqdOxbBN^>$Yg>M3dunHD5Fr<6
zoWPx*iEt1SViJc^!u?k|c6YHus8&R#K_5#y3lR^JLmgyFBs0Hsw+VBQ7?2&CK=5rM
zi#EOfUO4*~==?UvG1VvPeuQu%uy(QAwwseh_LNQ9N>@m78x2qhF@P$@0*4taMjz!;
zm~=o5ZMhhZrrrh0*a(XhP=tNvdAx2sq!71dQCthbSzCwhPUb~PD%sb0Los0^C|9M1
zN}oOQj6;`$$^9!QP=g9@0)<F-+=9Nnm-Sl3-}%0AhV@Yq=W9Bg%23bgSJ$^dDQq8f
zaz3EVnr}_5e+NQToI#S1V^ixLk)^l1d#erzQggVDbW7VJvnD1!JhDt)rvYCRXlfB5
zRee4*XJ2#^6~cHam0tH;qV;$ND0qohA_Bfv)a)lKZ?zB(QqATQ#hxXQpd8nf%BLmu
zYaD3zo!&!yp_j)8;aZU+74E4m^Tv~iLg++P8+ePAhXX?MiG)e9Rr;bjA?RGh8tI2?
zy{D1c-~JFGRfOC5kbub6FB`Nw!W6rei?8?zdttm7IgD^$S3zF-vp80wT2W{`X+suY
z-17XfyRd^FAC0VDnHPS~jox9UHYhQQO6l0H)=D~<-s&vxBc@LDFRh0rSJ2u*VljvN
zzeq6#;{zKP)aUi69)a%cW?wdQ@z4rMdJ-{EzfLJ}TFFDBzFS_3%r9t$K;Mh#&b~+p
zqhmKjW!b58H2ymB4r)P_Sr*JwM4Kr6#<EjTsyJ21FGGw=dy13g&Dqmw3R;e0)c;uD
zI=-OD{BsLyMf*eA0b0-z9s}2h*pxES)V3v$RSejIkkf^r;%~_Jl@>0siRpF!<10A4
z!hoPLSV8xO$*DLV)AMO5)7Kq<G|k{a2lkx`s*bD1MsE&xvwtfnzaIoayLReP37u&x
zM96bieaE86|ATTZnu&hNkoUs1;&Oo8lYnw(zFnMgU)B7|sQrZ!|6-6Rq-InhVpyrV
zPyk3>z+(EXpAnOTr>9$DR;)WRV--ANY{_hv7ch#)olNiIw|A*PEDn+Lb{D81VzqBQ
z1b-ytAK*Hp4mP%N>2dD^`XY!dr_=FteR{uAN3jC{ZVzWSZB2bmVzxTQgn;Km*AwCA
z+xx;*Rd5&J_I|FOJzXZB-Xdn|xb^5i0t|p+2&u%0j-d}J8XzI8Ne{P&g<i~yMWToH
zIWk%C`@IEfoUFuQ!y?)!^nbF?0P)LahoSf`yg3tkrVAuu@DSlRAIHMr?Y4QqR*IdP
zz`8A>@aVI=TBBhC5Kx*X=EKc5no0D*q|9c*kb4qfCz^iv^nsH^BTQQ4`>PfWz{czH
zd4J8=a}@?lkg0!Bs14=bvof!q8|TKmobQy>RxvnD%ej1yP+eyiL5HPqJJd%w|KgT3
zXi|HOsczhcTo;kg)wf5MS2y8}Bf#eg0&Sd>UHKstrwE3OvvY>nn>C<U`E?cXLcP^S
zWCo_qb$|AwP$FvkPS0RqdlxJN>vFj?HQLMAOaZ=QsE-gN9a&7WyIAh_5?Qp12kNM0
z>ib+&9IR@;Sl<U@kZuuV=hvO7%d2wrG02BZbi8b{V2{9KO<p&ow*%)l!AY21c^+)x
z>6m>XYpJHn9zO;!A(_ry+J&dP;i}AhyZVlQ3|1o~2rwDfE5GIb_!+kV)L2PoN%36o
zQnTu)*$!Kya-STtvvR_%kwREc`oMeN&w)7`WcxFu7R0yaOq8dJE@daY;#(t~;l|aG
za0gd7gDG|e4C`5Vq5`G+w@LwsDMDBrPV&wg`^sMpb>qRg?xH(Jw8EKhC5t4|mQpD<
zS#z+^>b9Hqydo^z&`1P;9yPH<do~8>q3&>(FEom$#ZHrMC^9So<itf3594;>pWzA(
z9GLxT$y|Mh6e`Nrh~5SpSUriaKk`tyxIN%4Ob$IsGB!!N!1_}d`C~6q-i#)(Paeq9
zUlS)VSttWwVMGo!vC)Df)P4}(4)fd89_S++qG#->R_m=;#L&+IBR3k+b8xM?EG~v+
zhJIUSdJ~2f-y#FIWDc)sBiDPo%725aiSw>~MrVj%*_s9LWfC_EHyZv9DKJD@uBH@J
zRonH`D`u<KH;K`%IqfUP?i3rK6n$J@LT{Yr^`t0eZ2ki8XdbX^Pp4OVTQCL!U%uuu
z4WyMch1yU!78mgV3YGA0EHMJdXuzktMG|3lRf0r37tiO9y??FL4n)qu#?@k{=)>*7
z1vo(o-c!}%PqS*}iek7E8`1k3>iXg4DtJ6YGxEJ$Q}9qs+C=N2muh|QnP;Sp)A;5Y
zaKM?m)(L0^kuc8nZNm}|U0JC$yD7*&_o{#uWg&1jp5ui9&cAW+InU*VA=s}=aOM8m
zr-8>oETT)T)tP$1olJtMIkCy1<wEC^vtYk5a=kXOD%|}3{d=*4wv9b%pvMi3g~btv
zr%;lGb4xM$nZC3`$o(qzF7TZZOyR2!NwAp(V;ClSA|9?#&80@9liUiOMuLnG#n&!U
zks66qD(b)ZKz9RAR~-!84f;rA%3h$R{o5+8eS}nN9KtbDoC0p(#y3(GPv=1gt)Y8+
zypZUjLyj!5)LNa0ZEzX^2$6gv3?H&iq&s1S6kj2xFsdXFD%B-5A^i4~3?7k6uk$cf
zdy&?{Jvlb7Cy0O>!rNCV2SEz+@JhUl1pnkamN04@V7=XfA3vz)Wiul$&6jkjn;7}#
zD0_6zc1t0sThabImFX+BUv3-;(=R3nZ6<kxArPU-DNCV5C11wd&VZxIwZAn+Ja(Q`
z851Eo!teS0LQ$lmqL+X#+bealq9d6X&*y2|*(p0R-IYc&=Y-V;94F{%J%^+wmDLt+
zUCF;qfVMdAI-Z6Zg0&=Yx0}k|Z*6Ab?=dz!h}Ln1Z|#s>O&<r~#gTl3kwL12J;M-&
zGcb9Nm1(Pbnr@NSeidJr3w?eV&O;@dI370*B-R)NWtlHZDevFE`WZvwKktY~v$>N0
z8n-NR96jR804>hH%NhiVrVlXJvP9Bh=Hm~L0eas@dk>L^`Z4<mDI>q9!SLhei+qVd
zZY3FX?8-Ix8Y`JZK}9B7<?AC2*MzAcGQtks<2ll2rJT(daN<GSMDc~4J|_Iz#A})l
zl%m2i&y$Yb1Ns`gzcJz%w%V^1T<HKyMg&NPUKW_JDlP*VuA1kc`D%651>`P?iQ>?U
z1OOfWG*Y$SGSa~GDm!ZNZC)zKCtoYd@_~V8oObD1L~<)!_ZGmWsKRh;5`xm?&OPvR
zDoS0fAK(l62wQyS(P9F_iP>v1WU4{C!{^xT4ByaFY4G2xwd3ke6T!CeMpDH-5KS(^
zO6+}0);UiMAT>mDc9l4w(XstnLL+FW2xO38kyAJz&B0D%^45-$>#t6--H&V?D<^9s
z?Vj)@Y4npzB3@OO&&Sw}(Vdy;%adpIiW*aM2XD*yP`wZ&+6g*q`6{sGf)=)q4XlcA
z0^U?vuLnjIo@pI_()L57ne-fVrLBmlF!!sZ%pozbMQvI9e05Y^ILV+l{!thf3+$j{
z{mgD#smzK|-I8B6e%(qQeo4*{_@m7Xqvnzz$Ion_*~*dUTTkKdUI;3qDeo%%LWOh5
ze=99%dCUDwE@z9xL6JuXQy}rG#)&wX$Z)$r|MGq8vsT0>U_iU8gi&Wag<+SLar5*g
zSG!zQt3cW9MZ|r_pnZ^}-R?#k0A@NgOBVQ*T;v|gvtfr1)ipO#>s%w#&D0wwVNN*4
z=BzsN?$Za%*$a_CCgyBs1yki|9ChPL)e;`#r{>IM#eMsc&%Cy{bHtI<p=AXEya)9m
z#tE$k9)0LCmP~Tq4foLbs#fN$z5Z-LjKq99W8zZHB|lao=GG(=+I_g!fPmr}dh|8t
zxdj3inF(G-#5tizb0Wk!fm^P_h*`eB1@6b0EsqI{H{vIFX9f1Z5j}K?m%Ytf2W#1)
z$WOkJ>*}Bm^2zM&-bZj>{1o1_IKg_HvX7Xf!QufBi=7Z>DcHOkeA4?lV+j;Qn6BuN
z{>TDuKTlA~#@{5(k>z+gfV^C_NSD#s`yk_BovcdvVp?8{*52^%aoqHIvQkftvuHGh
zq~%m1ay%D$?yWuHeHC*Er}h5D@ha8k+&z%BA5Cc-cEAY)t?UG@Ir#S?$nsD<e2{L)
zyTGsI&rz!<_Ta}16xQS|=a(juSkIVS&yux*s4DkGY>BNUk=Y<lKyz-XrYn1`U<}2J
z|3zfhc!s7cvzZ9Ca2K&!a_+UYJS_)Hxh?GljG|o2Q9oHBjxy%=5mY%LaFg$Nh=b7<
zZ@D}bzD<3YHXX>2M@n?`N9PhtCtXSj4w-QV<EWrd=Pzd=pjQxb^&Zj6$i?2spEWi-
zcUN&W)$}iGB|_B(WU0J*mAQ99uYt_Jh?vTweuMMj3!L&_*{Oo?-TJuQk}8kRvqqrm
zQx?3_THL<Y1DG6Iy)Ai<f2ee^9;=0T?lmqHdV98SUE+g4FJA-;b?nZ|VX|lI7$HtN
zpB{dd+vDA(?(**SzxTAqLa?h^y=`uXObUGmF4G76H?#AA+_|golE@%wa?gv-<0A;B
zh8Y^Sp6JcoFEKZlUjZC+^p+U^YnbID-VYN6{6(qE^_NTyE63sCfuF>(TobF;P4kSq
zbI&S=<cM|7L$p;qN1CpuUPg0rbS&Myk$K!3B6#HL@z#ZNVcFaNQbNB&bHa>0rPMfv
zgd?HKjT8!iRrlQB&+5CD3;ad?V3hbhyR$w)=C6UAN13>P;5xx0Fc*nbf*vcSZy6PS
z$gJ>AEj<2^8D_BhPTBrh-eM@mAO?F)H7q^KPHKxbUQF75flQf^gZX*VGD1#!g=tj#
z3lfF~#oGcHhiq2jGM;cZa%|dAW6Fxc=g3<h8gY68zP1^4PKp}H`33tL8ZM{{B+)M@
z2sC^Hg*$%L4dxUGi5rtQU>0?K9EaCv^&(#PMSNv)IoC6`af^YarJTN{cI@MutaWK$
zFnK0va$_>q)!`)2Dhud<Hsc<N4bkPLWXRbY3ypT2t{-y?XfR?4*g`~7*GHQaFV<#I
zelE-cmI$VIOZ3$Fsk0@H$s&1&Kw>Vx)vnZ!n2axAwNF_!I-2VP;K^;DzTsalnzBNl
zo3YRhd~l4g4l)gMd2HOiahdnef1CWd<!Gb%_9L%H-PFT+CWh4qYv{=C`1*#Q(I-qD
z@|$Mn&<-!5NHlt+&$OFa%n;oNjt@8kORr5Bz@TxEOutw=4M{jEf4Mq#y}w0oy#2=o
z9D|_2ZNzSLqA)!7HVWZuao$-JACBWN0d6F1FC7Q%?ubVCH}+|{Q^dOMPwEpXGVeIo
zA27cr>o!BZzMI@h+Qbee`##~d8lkz{=*RgL?jC8jutK4}MQs-06yS|h!zgdT?-lf6
z1K|@I#oT4MD}?&cyQ6tjEBjl5BAME3PYTA#FAC*N!Y;1x2eP{A6f>rk+GY}Ja}8{&
zMUm4rICI1=y`$p$_wpJvP^9n!mhq&XEd6R5im$()Tqaksd7yvkZnr*bEo+8qA$O`*
z>cEi*M%=&M{%)KejZbJ0mq-KM^otyc04Ca0(p%ajEQp#(be%$*yPD$Lg~?mnKIg9?
z$qeOS18bwZd=2PW!Dut^@8Y<ho&<9x59K{)HrTFTPj(4J3pYe8`5mK-dC>*^F=zOM
zi9lWY&;Ks02(2OACyCf1m~Jh#Nr+zFuRd=9hy*<0b|Y6zRLU-xCsSY-ne2AJbrj+U
z<DJOq0k$ADT4XmZyp6`qOrfm^_^{}G!IMtf9n0J{wONZ+wX|&h6fFy6K-9V&Jp03X
zu3e88F?MKQo<zDAG(C=20<%*;f;$}^gNM2lPcyq!$t1R?3SnwaYY_c?JTaqTMWqSr
zg!=CdD!$WfkJ325#Rzc(98Z2A`+Q4lHSF(~6`@GjVM@4ZL^vw}`@(26o7`np3`pOb
zaZ$V>qrZcNhFE8>nf1(hbUEWgf8Ydmnyyy3p7C7<K4GBUh76#^k660yV7=6N#^=tP
z>HLY|Y;$S7tyw({tvb40p-B2|5Pk94ydW&JAX519IzD;9Ah=ZLjd?x+%=XapbYCx#
z9(U>XA`qSKamb`S6S8`7)y2N^Fb>DiH0E)#qYwrcUJ@4M{f6sS94Tr5-5*G3t!-LV
zpTAJ)tqMO#%j+VQt+nq|dN}<ZVc{;1Zd$ht8;}cMWxIH)MYCqQPuE`Y&$^vG7I#Xv
zwg}g<?5paU25WE=PUrsshJK-1ACN;iZHYWDED3U7kh1tkiD^xh+daTyRH4J%-&%)u
znzf|cp90`qxsHnU&ey7Ze$>97k74Yu@aR*zuMBk^>UGyd<9@+Nl}*i|-7iQpNI7bx
z3zki<;&t~&RmCgw{_MCAzB&hsa`xDN1w!u{?<!2SI{hAX9c1zW76Av`N`>;nv}-)C
zT}!$EyJ+%jLKA_P9kR?i=a!Mbb{1na<G5pgW7`f{+=$kCrV+6q`nlUBm3_zL`z06b
z1HtKgm?~=UmcNvPQfu*Ah=T_`z#Sp!`jb^DpHC6n(A<qH+K*9&ILv+-nnJTDDC_Xk
z6cV=D(LMA31wU#8G746IUXyIAmwLcXGpf`V?@Kr<w5FP1w3Z88{%~nxtsV@ys9Ydi
zLoTVYU*kT0F#o*X?!K&lT$(W^OsixrWm9Ock<7=7esyQls0g!=xks}2BeJ~}?1#GH
z^-Xt+i_4AUJ(woi4|~*_-PpPJ5>ma$&y7A#@!2{<et7r}82&NSWi$|x<OfH~*~3MR
zmEvx~{6@3hjJy=qFvs<ScYW>bQd7IN%l5$&)^jm$?m``(8@D;25%JX*S(gW!zMuA%
z#-^ivzwvN!bX_ukxF4$O4^?FHU1><05oG9|R$8<$>gkJgBXHb^@(Q`+u(k(Tw#9e8
zV^U}NklEt{TvhKi-`iEEj@<5qvQ9njh1hMK_Mtvr4nQByk!^G$vxcB>=kVILN6q^T
z7R?|IgNo-*+t<v|9<jdOWm;dd9u<k@ugF_fi6*f9o}>P3(h$;4B#(U4py@h|iXRLL
zkM%zqKwfzUcPmKGP``28adQq-2q+i#<JDqcui=3Mo|M&suH3v7tVrjh&B#A!lBu(>
zknNw^F*u-Id7cx-{nyaUe|(G~rH}e%K<rVtY)2J-qlo6m6l>AI+v74Vo6n^VnfZ-(
zC+uEJq9$d(Vu&$9NwMF=TuqIBBj@VM3*W!aNE3r)hyc&MBzSXtWO?AfF}gYKZ~dH>
zzd0%f6f3yh;bOx-mCX$zH)Atu{*EjzsA=u5K#Qv`*Pkpi&n28oJ`PPhp&F|6rH_|F
zJYi$W2!5cR)mMX*dC^VBt1Tmw&}32QkI&uJk|csnGl{Ej7JHC=-BkYIOKIeg>alxp
z;?7Z*OeCHX3M{JOc_&lG(v`bo(+NB=P+TPiI^jr*=e$rmGUsG+{HXVr-`*3TzWCp0
z<v>%!z4~!s`}lcNQ*;iGR_$ogc4of`VoXmF(zqVM#_OcK#*?4Vbb~if$)%=ScNq5Q
znPRtVB;&U=SEe59Q6Dai+?b!jhq-U|h*A3xNe}VMF@{UdFz!#j#~x02=U(exrFS*~
z2~v<1X~Q3ayU(G*pF;7p@ko~%rx>R;9ZFYkoc7b<C?~(A*pw6p_P15t_)XPKvdy%+
zGV2O*Z1)cEF37FYVlzaiCeS&MG{tOnPiq|emB&{j5^jc`nzdy8Ray#pf^s|M{46eg
z2s-9=g0#BMOKFi5)t&iF(yOo!PBg6m$dZ!_^-hoHpuCrze45dgr^7f=&Z?}L*0(&;
z6^|&+=)WA=`a;hdm%PV|t_15#S+H(HKiUwk%DT>TU!ApG<Z&k{YGWHe9T<4@QiiDH
z`n)>ZkXv<^wPBt1?@w}<nm`ww)(<?S7EvCakYmpHO#%ex4{IS8>=56k(>NjlroVMx
zd%LsIpJTD8REaTS45F`RRRV<z5T!kDZ=Y@Dj~`oUw<@Ob@zQa<m6jOJw=7F+cVxaB
zN<R)GhWB)4jX_86%?%U8@R=4iFZo09I^EO$F67<B8C$VED9Knlx2GIP@fulreastb
zZ@zsU`q^zM>+$TgiCYGz(IIXNoQlE>hYV4)M-LpEoA2rq(vYhXxkA$hjF*$T`JiVc
zUi1#HUtNdmjxtIfsvkFN8Mj2c1$^&fPSXYPKp^kS!3Ew0e#UK>PTp<1d11AU;$2De
z8)M7St|YjL@&49h9`|xrviW6-w@IRo!!Mke)oYRO{fhGKV$G%Wq7h{fP{B?{E!!e^
zpljPWQ3GwqHm<#bz&CVF_2cU0(H2-YrH<IfaFh;fn!ATzwJv;_x{xy@c!(JWq-j4I
z@c|)NN=2=&(b&JFh1=@{3=5rn5G=y7JVtg#0&EYNjVZUD2qkRQ!(}EH67C&+$oTb+
z_K!}vJX(Hni3m&$z~0yaQAo3r$caf%!P8i<{A1BWDC6Ou+ndPEcX&eC33AVjuBY%d
zCP80Ijaa^glAA2+neaIAL}%u`ZIan!768iPgi5#`3VAQgOVG8L7*?KpHypqF_Y|=R
zdjd$+qA1Mw7;duUaS=5-Xd4w#C91rr<mq$=+7UX18kfwb5r&F^n06ejDnBz7DVVr?
z?>rWgbCJWjZ6p(=LyWHh;c|D&5+t%x3fMFDwbkxLX%5zHCn0ppN9f^S?3zP~d(VP{
z2uv*}7|Xe<I8mO$Zuk>}X?#oHXEG*>DRElDkIsZ{XEWTaD#YT@2fBW}d1u#`dk(2u
zMd9Dv9Oq--<!g)pY%HrKW;!?%a6yh7jpSH%#yd~AmL`~=(nmMU^eDHdd*djiEg3U7
zcql>Lj8^CaQD_vvc@T_W(ilW<F27v<(Zm7Ut!>Lw)4~^WMcg-c-^GOH!yFb;$pRD4
zI*ROU3Y_Nv4w)O<^(D?3l-NKb4Vg|MqjV7o_xQfv*J)A!Ti1UZpP**VVukbOk19(H
zgkHM)_MQ^gEoP3&Uszf-g%A{T5&Y$R?+}8<iplH_(}xrO24t9g?=sKj3(yNFZ_Sb0
zQca<`+P%*I!Kv4D`{{j_NW#R_i1nYQj}P9m%Ym#y3;imFl2dLYP*F=1jxqfO7IWfN
zmx-3F*>?fhJds~*T+Ig!pYpthEb1TW88z@+x>avoJXp20!R+NBDI2t>gnOwTcDBcd
z5@x_A`OWh-w+e_m3lc<|o5pC6u3l=szY8yMpX1|cT!41EPoiJ=T&pMfQIBAk!lBDS
zI#^YMR@C!ihmC3Bmyp+M4wD|Ebjk`95Bm7{532y**h&3Rx3%mLH(nDD*4ykE=n)x3
z?7fe@S!R_K+QzfWN2lAkmVk9K^-hd^Qjr!Wr_4Z_^G;ut%T&%7JYl<zl{y1;tL=|b
z)yfKBMPSS(?>Zk(Wjj!bYt>;LN8cT8H)rAO1_3sS@ffy0w$}c{lG)QJswoV1op~ay
zxd~t%pbNXlq{vac>~@;*w_RF}!IJn1#jF!B%HZ)`d+VG>-dCWwF|+5oP>B^WUc#+L
ziTYu3A$MXHRZ&vmXid>g&8edP%A7#bh9_B_F(Np#gyWtqHT)?oe`_d+giap{?>Rd?
z9hQ5v&YnvR$DIYtryz#6%IeAJTmCts90B4fe9-qZMU=eVRijxOc_II33(3VUZI7NF
zpWQETYkT7hDJ`2u$>@O+X<(@Q%j4iRg;W?NzhIIT59TF}-#g5s8wITpK6}6%!;i`i
z%_A5DupyqxGXL4Qg%GaD&NK_q13}q)vWn?4z#*dJoY2D6`mn_oP@0|MnyvB-a|6|x
zrSRcIRxGbEpVO9%LdtSg+OLZ4la-J6m{44XoGc|nIxs!qy)DD7^vY+n3xjcdGfR@C
z7N;`u?BP{Nm{97Jao{LIDx8aQnz~<|FqS>68IL89&N*YpRth`S7(`XJGl<~)2RS#T
z1%mx@jrG2luzfYk3?`l8?2biDKn0M5hMz`RfB%p-nQwkVMo!WY!tr9GORz4)rMvf-
zXrnASibUG2rlk6pRBS`JmDH7rJ)&vNBG0ouOUdUOu~@3?^wRxfC6DSE@{Oga&{a3`
zbv5GQtuY6o#Id4^$eac7-g4DPPNf;|-_-wX^uypmx0t}htzie^iY)f#Ndm#?uqwHf
zC!Knw8FAl6^)&`~dtl=;^jethuKaS(8YJon#0Q25kQ&DyJRD#k{~oOd{C*(!2-p_<
z`Xh9x`bnL_@ltSlg+1v?O4G5NF=erUlleFbQfQqiJ4!|k4`FqX^~;wg639D37o*9l
zyei=q+3&|5RP>`U6_<j#q=i74el$uU?){gDx4c}lFM~BgNCXIf6ulZ3=3~gLwwEcS
zwB)S~aBYg|p}no93$hyPdjh)k3YwrNOtQ0QxGy@{=J*1@H<H)BnVS414h5wMZ8@#_
z8-Xf&CT)vpVLNfmN=TE6dwkD^Cy@NBKWj}APqFW1DHn1Hd+^v!0-}NS9W61K;EQ3t
zNh^cg%JuFi?K!eB{Kzw0GfGaTY-=ccqQ{IPgm{M{`{DO7UgnDjr~!ky{b77*E26;l
zj&bQ9qZJX@p3Lx7=D#A>&Z5_QBl!X(mg0DDhU(vshmj)DzqtlGpr8-Q{>b1is#J6w
ztQI-BS9~{%C2R>xOB)B;{)O~MoAWxnvMkbWMXz_{rdiD}G+ZYWqd$B6Z3qQ#NSSw$
znI&st7ZfY8^rsr;%X+>cNlWm|EVW+09YdNdgb!Zd?oZkL-4%2)EHfE3Vs<sGEsLRp
zOGVSfWrfdVK<ml{GBQ}-b9y;(s9GU?3&aGeh2nf(liKV;djQo_D81i1R4zun`*tPY
zX_BD)QKQVAWE>kc@|e8_1aas9i((>OzbcRQP1jXe*(KbV8P$!3NBT8qQ2EC)e)H>I
zH0x>kUfJNB($1en{LfC=2&^CF?o8m0su4<hFh|U?J5PMyPKch!Pu@02Ph1BzNwm~6
z+crro2O*nlLjXvorJWXh5s-Cf2f`2QcV1xV-#coNTAPesw(K2G!IHT}j+x5|cG3(0
ztRA>Q-KVZ4miT!0DD-PZ^*p#v9(z69RqVTQ8M4yz=>5vZB7CCbdIG`i1^MbSI<+Qe
z!&0jr<nANroyjSlaVcK)45GLnq)`5QeF!LatzB>U0EeI@)g)&K9mu>eWjURWias*_
z(PBAKI(h~Q4@Et6UHB;7PGRkEN8;_0;)AE_qx7ac?vsjOVmptlJ@iwjgi+x3<yV}f
z7m9u;3hcGyd45sNQ>QQ#nDN6nSOFpXauJwfVBCv3>{CjS?uUB)E*1r?VHdZ4P4W31
z@(48*@L`rBg)i5>N<OaOQo!ptV}<$ZODdf*x>kN3qKd}j_ed<;3d`#z<pUCqgkfj<
zn%tC!_VMm%g2d?d>kpIvomZ-JQySuYKkpzLize?wV&l4o!Y8j&$-}s2yi30W=gQAg
zjLbrE+q#r*V+p-_!9K%cE>iXmL0_>o#@wfxfYe`!FfTAK49oN}t)~v@5!V-*SSIC4
z?g9Rzn*3E`^;_H7I^X$pQ&DbyXjnnwCq6V~qj}Nc7yV@#YT8rVY$~>3RPp^=bi=xt
z^5lroOE49kAS(OaxM5STg42wd;qQZIK6O2MS!3t!=(Wz@y50H@bQMKq=mw_LByz`*
z2!H@eo0b4ZZjU^kq3zq;K??nHp<drOem}`3DYx*Fv@gBy0h3gez(>y}Gx4q;88n>X
zjyAmSv-K=<7GtzEaDBhdo;1OS!}R?$TKV?|=^5^GOLSY=-sNd?TYY<U+g!LlzH16?
z)!wBO=0Ax0vNF0&iFV%J)wr(opEn6uvUeRoa9-Cg6~%W|9oks1cm4P9FQiIgXro3W
zXz+;lk^xZ~ZFB#KOqRq;M3@^rqo8JOxKhf!tffV=UdDDxG4u1!vDW5yc6t8r*CnhC
zZ0FJR%<Gr&yvgY9+V8Qo0rjYenu4%Sp^vDYdG=OvKN6er&e5(a(_r6*F9GT-1~Z!s
z4L93(GFp{(Ox>y3sape{FAhvPxdkx9S>kqxRf=f88MU(O-NFg_9vCNASeriPcpcv$
zV(<=*Uf={(wFtqf*iT7)%VoWxa?2D6!7(fs#K3|O9#93nq2vj{OE6DK!L*b9QI+!f
zA*hr~W5B}y<NpIxn1IA3F|Y^JZg+1ey^?!&0&qb~uf#NrP1fCP#SdE$n#duTb@=zl
zyD1Ge2^WW0cb+;(sN);2xG`O$g<-@k^?|AVzf;dGQf_?NmTgLHjh0I;BP($>t^e%B
zs*g@vBl|&vWt&!>i}lgpg-UA`t+vL8F{6vsO6|3OxQjJl`k!Ad-^IGjGkLYax<tOM
zag5#KzvzFIt#C`tjvNcJ^^p;DM@Po~n;Wf7>x1-`)g$fK_8@Gsji@F5tJS0Tc96T}
zsAZ08%g>9uN#!!{&GKfD`&r7!|M33d|Iq*3HKG@HDvxvxQ)}{hAomo@dHyTle<)oP
zIgiOBJM`JV-5g{u(R5s~pLt}ST>ty}g;kHLhDeM7-%>(|hl1jB84#fpf><oF%@g>3
zmGzANf)})d+4s3+coZ*dt#ZdAVRG}>)`rg5k{P2>t#a8Jw|qq~AsC1s+~rI+-9%R6
z=DHt}zfp=0ndZVJ&cQ(kSlwvuTula49Bzs4h`sDLby8|(sc5POpx-YK(3mdiMJ|)(
z46a2by4(g87&g^7<^>R4R<?-1#p7uPS-7@zUERv_W75>2!vrSJ7C$g#Z0y~h?+)BA
z5gd=WVXKX}=;KO;+N`i%#YEz6xHMTd@H_!^p*o)TMe7hNesKc;JY+j6wI`xDv7BM?
z$}mN(v%e;W{5o}VRFT<6?3_7!dVfgEdbEPIEw))Sd-Mha<l3@d4$DN7UbA3Ke?D`r
zY5_qa?NkWy2k=P-{wZpk69I{{uj=zga`WQ%v_tkba7Vp)Lw42?Y+Lc<aSN%C%P&Ae
z^zuZ7wMl>x4UYiO<O&N~hP4n?M}hiD4xz8{3BTd&O$a7Fgxh}gRRkx-+d!L9MdbEt
z5k865o&AQS#k2>0ewU!B_ilc+0r#-F0$l|oN#-liXC|S|+%=@+`O}b#SB8(6c1lQI
z<AM-w&LAG)O_ns#Ha?CP_3t)h(5J`JeMgqo-~EA8X<h&zy7B7Yc_%tSA4zwmcW!07
zg|>o)nv*gcrS}-wA96e>5?%oXmFq+J+1Be@a-EV(iiYIGax0-|wV8cWKlvoPKZ1dv
zj;9g#Fj%8}38%2;jD+^8Jdl*RVhdfn+h>WC4wXtgU->f5FdeG}3;>T%Recch6*+GF
z!V>C>aX3Jm&w90i+lQi4y^PSrHc^vao@{sWw5mV*BLeM+$mQW-QK8@_reW--%J=57
z&<68+uNBj|YUg`UApsBU1}W2${E4)Zj*ee#@?WS@u_b#Kmx_yohUD>AMXH9|Y9wLZ
zZ<PB_DSu_lgMX`N$D|#eiMXF)RXvRAs%sjL=WYR+wDJ>OY2?}}&%#w^iaVGG?joe$
zyOPRUD#@`<Gw2sECDEB#DaU^*#a`@$|0!(_Hb|BMSkDgVmmtS_J7r+C>NTr<mJmjT
zv8uQJtL??oS1nijHLKZmf)FvX^&1%-kG#+X{kvi=75)1Ukt!=;P`Qh)sjx|7zR4G~
z>k%N5`-cQy5|pOT@FVzYsbRB5tz;$sQu0k3QSm|Jq}n;`pUiK!YYHICd>X%NWcd#8
z_JFCdG<rR*J+17o(Gsb(Tpi*e#?{Ud9F@}nRLDMNZ8s7I0a4V20Rj=^7wqOIaXMug
zDN<_WkX$@Lm|~X)^UBeHxy%I^3`Y=i<2e9KkdCVIs$gBYtYryLlC?1j`?&Eat3{}X
zY#lf?VEhcIq#YKjGW$)9lDrG%U^%9OP^?A9MZ!=Khv{O<Wuwot2%SMap{Ho9`Y#cL
z7T1_UtK$WqT(7Bb3b)n^nOf~I;pD1ryyon2GVlvI?y34BEcSDSaxfo?dvGFQ-4L)7
zL-$NU%5mCbqrWIn-9l1PL-t5NAcFS2QrmTInD-tT>QoK|d48wB$Sc_K(X){`_@0%d
zQ<p#{evrZh&M$yMH^yzMpXBZ^X_#AJ<$V8<YRxyqX3wDX(i_YUUdA~&$1d7T|E}b`
z;T33D99YMFyrg$~Xn<EYbdBaoMgTC?i&35|#c`&|`!q48kHz!v!ryjEwaFe;n>s%}
zmM#zy%AalPu~oN5Tk~Xfyz{N%*EAw4Z{_hfh*9?|@uW|aeOlRTJaKmns?Mesyy)=C
z{~)CP8gBR#$3gluKj>mbOo*L1Hb4QG;<D2&>)5KP_!z#>46(7DI(2$|y##vr-|E{Q
zd1LpsaT!^&abV}v&6(VFi85&QqWd5mov@ih5<_)wCXN$@ml0=6ui{&E{KKcom@Q$J
zCrOsK3V$*|b>@I8TpL^s7VGL}6`{fWbX*#Kjz|()lbV=oTGNL-*|O;FbD-IiaL2PP
z4OgR7ce8~gT(w~ux!)z~PXf4F=pR?Z+n+3k8F9NdP`6nFZ@{l`u-5e>M=|+irr0<B
zGHJx&_wU@pVEL<P)Io`IFCU=1w6;`P!jbHC2X_BZIi-DdR)bMFx8Zl3F%+mzNO}>>
z*=4e%^}S5&xQiet7Fa%Ox;eT;W#F4?2L8!$I}=Atl0KbDG-ywIoB+*=CM&jA<n+Gw
zer-Y^1NQDj9+N-jmUR?kUq+6wg89FC&I#SHNjO-VeEKB#P-ZwD(ka4H&BQ)QOsyB$
z`uV_fHhc<A`LPJycW5YHBrbNPfff34V?xE~r=J+fPGtq@=58dqSau<~g+?A=q(3|&
z9FH`{>Ae|pu#Xc*r+|eg*WY%RpOGuCSK*Cq!AP@qPCOV-MXkvB>A5SI9mZ#gR{caJ
zb_YJYT-#qMa{<b=e?niN%T1$IyW?V~ZxmWv8Zd0(pDrskmCV*YoO2$AO#VZ;-?Ig>
zc|04U_3h@A{#jUdM9FOlzyBC1NS~)BF`we|C0&-PbM~5#0YE>Xg!g}T`jxNSYi5Bh
zI0?y!nh$T<i>s$yC?(LD%-`T0jE)l*xs~U=xHOO0e&Xd3DXWOvaZjP+FUalc>YB7^
zmeMOQY!xl$7V~}r7pHchiuGrn+l`KRl>2^g?;_sbUl!>D33%uGiiyiJRw!F<cqp^V
zw3bqRsAX1f3nUeM@7Itd)RKJNDoNb^p@OAgb?<f?)<K`bt~S5CJ4ks5KRlK~1>Ir$
z8==?D_#52bP=YU0W#{60N%Ce}0wpnm?&EAtlmGNKKib9@h4{g?0f_vNO~QWyi7>VE
z-^Z#=%E|%`GbUuA$ZImwA4nSu*os#7p}`DSQH5T2TR_hs{**T%(wgpa*I!tgig*z_
zq`vO1fz@xW@vi3yjr!8+X3OljGdO7;B%dnzsyDEo{4VYqS|+MTq>|WHW=ZaPSprA_
z&r<XMN@q&IeT#+e7NWp5&u_?5A5|p;3;4Wx)8`>-iUgfHmHnEL@F+0L7%kN2#4sZ3
zr;-98GXQN-eWK>n5!DV)x=~39s@53$>>1|evO=ZJLh5gz@v=JRQ>(~{I%W@)?5MaH
zO-)MDJ)b{O+2RnQ#hJcwfBn3Swsz?vdDRKYv4y|)Hfju4!S}x(7^HfXI5H>SD;*i|
z)@VgSV>xD})Er-NGaA;lM{f4*8y`d1FHMb6kpL|}bwq1U5D>>wl2i1Br<%f!yi#8i
zHA%AuWu@LV#+Q%hpK%`(s+ivfB95ajUi*|h5iaxqZZ8RAvrPf}EiPU(bp6*Kn9Om&
z5Y*>~hayjMU7p#pI|MZ$c_r7a{-UyaX)5F&!Uy^HOpAkPlgC2z_siZWBa6XawpK8m
z1OT<xd~hUOvlkmxWK*V8O16J63ooGOVE1M)CxwkjQEk{>y189G<qiI=s_p=>OeTGp
zLB9YZ1py<05}yip+lYAP>6=Xp%-z>g2X8j)5Z_V!DeyQ~-a1+^wJ!)d8Pd36{e?X=
z@F9OV>$I_(G4L-q=HTe<LnIh<G&X<xive1Zv6psEYY;Wic`~-lBMrWrAt|W%N1EMB
zSU$#7aIpEtTgy$qBuA%P`pYDCiv)|Q7os*d`a*A|e(h{^>(9FbtxG<J<u3%{Ut1B+
zM&O(&BIh3tTcaS>3W+wr>QYFWGlVbR3?&{^rA)cQ)Nsdm1{Ob)W|+94caOUxuz=!!
ztz#_rsBZsiym_kiJVPv(iHHff&BSH(^f^r_Qj~E%XVy+NOJn+);fWEs)NPY=6Kjlp
z@xl(`v;2yjSEiSoYLkdKxr=(NItmP#sE*4lGt5UUh)Ny5xpgOrmK108=rrLn{Wcl7
z_`ZDk=hdU3bk|yL;N=eGt7#vyg(YyVu%$g4)<O#7U#ekC$FZ{fZ7#cr{(FXI>bT&k
zTB-H@Ti#aFiHl8ehbcK4eiy(7fp34ImBnBBvkMkNd5<?y&Hb8qN>2I`(UT>NN<dru
zv0Z+vc)Y&!IHdP4qx<F#kNg6v{P;3qRfYz{TcT-?MwU8c4*!U5%tjjziv%DCVNExN
z|FLm0MKb%rN}K2LxrP1p$C6nR`DTdi?Kts9OKzSqznfYoDwxvK2QpbAbZK)FO|c;3
zwV&!wPxh^+;0(xt<*7Iy=%MG<3>NSPmlDR4qcyvdrEIksBS*RORhqoxJa+Ry&*dMC
z&dVx<zYzY^^~bd_4|~e{>UIKqO>O-*YZdrikNZ#WdkbqjwB*q*(2f=Jle(m|qZw75
zHb=Hg|C(X8n(rP_o&W|iW(BB_fj)VEdpjt@XV*DBPX}DIFO^%${vh?-J%mkz2GY&v
z4vz@$biJ<tF8k>wM2g!aXyqB}kTTPj9e(g`<lL_!B8zYm(yE|<!VFl|p=Az(>*>RQ
z+;qzWxTTz+I0&#hI-h-445&qmO=56pkZq(x#RIA}-h85A6j(>ST&d81I=wgUcMa4h
zEQa>NE;Qj!XRr&c7;f7`D|%dnUMHOOjG&xo(~SF7LXzU$C-o%0g9hh(BTrARZ&3S5
zBCdzfl?)7%5+7U=Qvrj^ThmbfG4j2z<cazWlWfU}H?xd^*QL7rU=xnim;GFRt`a$9
z>F&<7gn-P$r_3Q(F=VNHH#Wrz(IV-fMKQWsA@Ba$5!8smZtruYWN4~+So#>RX~lJ?
zzQ#KRWR2Dg{CczL&HG&A!l<VJy!zjczHlWELSykhrvb??xqxwBKyo;Z{#-yZrkAWG
zUVSP|9G`ggt<YFF(UlOm&oeB22l>DICHH^;MPoB+C|C1r4wLnB<SnV{)v3^Qe!Jtv
zDd-J%Hv{5HB`Y>1DMso#SbK#dsR0(Hj8kNx?(362l@Vc4e~ZQb)jgHRZjur_`QJ{p
zvvT4tHipSrpbqIxo5Mm2ZpixvM;}^#I`>O(7k?`n(Pn|Yg2PQp{>z+YQovVjrcA^n
zv(I}UH+S&q%StNJ@jFO_xko?H62=DzJvn=40?xxIR{~CN<clp&58Io2Br4g^75pQ;
zce0}|;OkQ=2Y#yL`+~7;o(ZvT_|e_8-KMO%HsrDjoW4|cG{l@&(Bt0d4f2OKH8!O+
zsRV$EHdm9ryu#irs;tSwmozlFNC-4EHG&pxjw>ok&^R6zRaS2+cZ%8ba<t`ZYja#g
zVjpu~I=uv}fv}uL-B<Ig8M)V96idbnh)Z;&SKX$RM%(%I_f@G^XAg5t<OHvOXZ=R-
zCaNXSzDX7lujA4nabaBE5vd{AkWvF;xy@M}Q@g!qZj)B0C72meJ8yO2@S!j@oWX*&
zJXgq!dY{OQ!ma0Y=BPBv;Sa5=S?v@QtjLOzdMV9{YN)dpHZ>GUy8fLNMRBk6^*t#o
ziq^j!cH!}W=R2%aW>moHid)R&U<!t-(b6~|c3r`P8<9zgi`;1=w%1+K0Nap%L+i}e
zS~{;93jOXvDw3ijM1T0pLnq}~TeU+WeZF#aRavvm!cx`RJI|?7$a}4)sMBiT{F6?h
zuJyyx6hz8X7x9W;{X{sB#<x74Rw3l6WD1h>%!Rc#QC;&yC~08z{I{5_Z7wFZ$Kya{
z30n4F*0n$%1cT~YR?q)kM^n%ynkh)<V!Tt#6g0vss_1nWeNM6z7VN3pMCv(JQuAmb
z22wp8j&AAaq;a<_%xKhLx)`0*xKVnwvdpo*sH^a9Y?$I$$_1_1oYrA3UYOo4Cwo@C
z|J&&*`t%3AW&ZFk7h6`K0)V-Yd2gUidqLT)s%RWQleYve;(aUt>x-(5X<bbPa$aSi
z0{$JNe{=L>6;o(4;M7wOsBj{y+^f`HYO%QesZ*w<Y4?pm{&+!McM5=R=wko>tz|P(
z)(?2yRvn*WEXL`#Lo0FugAy1p2|54DF5f?fv~RH8uatO-$N+yN!(Z{SWGRV}!dob|
z*S$YK_AzcCmP=pxeR>?IFTqSebM9c>pIe{LUHgz3p<2+l`7%sIm(T8hr73kBxCoi~
zJOV!yKXj#D>Rb{+XE&&qCD>MzjG|mI|D5~eelf-qTTgF2(i8||4D^1nU;3a9S)#t9
zk-5;siGm@19R+M;_BParh!kR~{I4mlcX2>{)6lOG*8(-L{_O^y;H2=16A@v*nj}n&
z|HzKjTNRom*U(gQ`TGBa3>K0!BIakV8K|?J&JW2h3tXO!>(S}M?JIY9)EL)|<$1Xa
z%)B2qyVRQbB_zfK`$8jrXs6IzG)GoDn?t0M&(y9M;R&eQUozM>Om6zmL~!XNJ99A$
z`Yp{zL$HX@tmfNgo4w^lvV2-+AL0!=Rc=hr`2AC)_e!A=$05k|v<POC>eOngqmxzr
zM(Ob@U3~6~(9y)Af5s1Yn%moF4zZ!xjmJ|5-a7w)SMuu@(71Wn_lj6|vvGi*euS-y
zxjrHnVFz+P-jxamHm$@{IfxIjG?ct*;5+B<byoIOD!41cI{uhf^v-3>BFY@IOCJSM
z+`SatYTI-ed<1t>U+Fdd960j22O00we*tY^9O^yaBxZuz9~<fuI9Q9yIK1LIe^l_T
zF)yofeZ9pzn1!)UEB+Pz>+gm#j6LaUc}SPlI~yQ>W#jAdc=u;>4eViawS*BA%G-^2
z9x+r1Tef2D#Q*B1>RIsgvHAL>wWoct;``dhdF2@8+JM-6$>{v}--x&SHRAH+pO;>1
z|D&DMpj~Ri+mJCl;n55DjE5!63(2=_fK@3@sq-()FVMRw7}R-@;rh1b0Cq?g$+jq;
z^xa@u=~>TCiooJ)M0+88r4aPbQugb_Em^p8!N3$NDFLGsHX5--YnSy}w&gFLCQvK>
v+8b8c*Yd?(8}ApNkn&RC5EzjE_m6>u5ApvuC*(5*ygV)0GChDN5HJ7$SDMsT

diff --git a/Solutions/IllumioSaaS/Package/mainTemplate.json b/Solutions/IllumioSaaS/Package/mainTemplate.json
index dfcb7cd6266..071c2e7332d 100644
--- a/Solutions/IllumioSaaS/Package/mainTemplate.json
+++ b/Solutions/IllumioSaaS/Package/mainTemplate.json
@@ -102,10 +102,10 @@
     },
     "analyticRuleObject3": {
       "analyticRuleVersion3": "1.0.5",
-      "_analyticRulecontentId3": "ec07fcd3-724f-426d-9f53-041801ca5f6c",
-      "analyticRuleId3": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 'ec07fcd3-724f-426d-9f53-041801ca5f6c')]",
-      "analyticRuleTemplateSpecName3": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('ec07fcd3-724f-426d-9f53-041801ca5f6c')))]",
-      "_analyticRulecontentProductId3": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','ec07fcd3-724f-426d-9f53-041801ca5f6c','-', '1.0.5')))]"
+      "_analyticRulecontentId3": "93e40501-f737-4281-9df9-505aa773d983",
+      "analyticRuleId3": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', '93e40501-f737-4281-9df9-505aa773d983')]",
+      "analyticRuleTemplateSpecName3": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('93e40501-f737-4281-9df9-505aa773d983')))]",
+      "_analyticRulecontentProductId3": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','93e40501-f737-4281-9df9-505aa773d983','-', '1.0.5')))]"
     },
     "analyticRuleObject4": {
       "analyticRuleVersion4": "1.0.5",
@@ -116,17 +116,17 @@
     },
     "analyticRuleObject5": {
       "analyticRuleVersion5": "1.0.5",
-      "_analyticRulecontentId5": "ec07fcd3-724f-426d-9f53-041801ca5f6c",
-      "analyticRuleId5": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 'ec07fcd3-724f-426d-9f53-041801ca5f6c')]",
-      "analyticRuleTemplateSpecName5": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('ec07fcd3-724f-426d-9f53-041801ca5f6c')))]",
-      "_analyticRulecontentProductId5": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','ec07fcd3-724f-426d-9f53-041801ca5f6c','-', '1.0.5')))]"
+      "_analyticRulecontentId5": "c18bd8c2-50f0-4aa2-8122-d449243627d7",
+      "analyticRuleId5": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 'c18bd8c2-50f0-4aa2-8122-d449243627d7')]",
+      "analyticRuleTemplateSpecName5": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('c18bd8c2-50f0-4aa2-8122-d449243627d7')))]",
+      "_analyticRulecontentProductId5": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','c18bd8c2-50f0-4aa2-8122-d449243627d7','-', '1.0.5')))]"
     },
     "analyticRuleObject6": {
       "analyticRuleVersion6": "1.0.5",
-      "_analyticRulecontentId6": "ec07fcd3-724f-426d-9f53-041801ca5f6c",
-      "analyticRuleId6": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 'ec07fcd3-724f-426d-9f53-041801ca5f6c')]",
-      "analyticRuleTemplateSpecName6": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('ec07fcd3-724f-426d-9f53-041801ca5f6c')))]",
-      "_analyticRulecontentProductId6": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','ec07fcd3-724f-426d-9f53-041801ca5f6c','-', '1.0.5')))]"
+      "_analyticRulecontentId6": "7379f752-18a2-43ca-8b74-70747dd792f8",
+      "analyticRuleId6": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', '7379f752-18a2-43ca-8b74-70747dd792f8')]",
+      "analyticRuleTemplateSpecName6": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('7379f752-18a2-43ca-8b74-70747dd792f8')))]",
+      "_analyticRulecontentProductId6": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','7379f752-18a2-43ca-8b74-70747dd792f8','-', '1.0.5')))]"
     },
     "_solutioncontentProductId": "[concat(take(variables('_solutionId'),50),'-','sl','-', uniqueString(concat(variables('_solutionId'),'-','Solution','-',variables('_solutionId'),'-', variables('_solutionVersion'))))]"
   },

From ce5e0e72b42f7177372574df269da6c3134a110a Mon Sep 17 00:00:00 2001
From: ashwin <ashwin.venkatesha@illumio.com>
Date: Mon, 7 Oct 2024 14:53:37 -0700
Subject: [PATCH 03/11] fixed comma

---
 .../Analytic Rules/Illumio_VEN_Clone_Detection_Query.yaml       | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Solutions/IllumioSaaS/Analytic Rules/Illumio_VEN_Clone_Detection_Query.yaml b/Solutions/IllumioSaaS/Analytic Rules/Illumio_VEN_Clone_Detection_Query.yaml
index bb568d7e159..972804154f0 100644
--- a/Solutions/IllumioSaaS/Analytic Rules/Illumio_VEN_Clone_Detection_Query.yaml	
+++ b/Solutions/IllumioSaaS/Analytic Rules/Illumio_VEN_Clone_Detection_Query.yaml	
@@ -19,7 +19,7 @@ relevantTechniques:
 query: |
   Illumio_Auditable_Events_CL
   | where event_type has 'agent.clone_detected'
-  | extend hostname = created_by.agent.hostname
+  | extend hostname = created_by.agent.hostname,
           ven_href = created_by.ven.href
 eventGroupingSettings:
   aggregationKind: SingleAlert

From 3452f1cb0534948a215ef0d5c4dc23bb61689c22 Mon Sep 17 00:00:00 2001
From: ashwin <ashwin.venkatesha@illumio.com>
Date: Mon, 7 Oct 2024 16:49:34 -0700
Subject: [PATCH 04/11] change name of file

---
 ...N_Firewall_Tampering_Detection_Query.yaml} |   0
 Solutions/IllumioSaaS/Package/3.2.0.zip       | Bin 18825 -> 18822 bytes
 .../IllumioSaaS/Package/mainTemplate.json     |   4 ++--
 .../data/Solution_IllumioSaaS.json            |   2 +-
 4 files changed, 3 insertions(+), 3 deletions(-)
 rename Solutions/IllumioSaaS/Analytic Rules/{Illumio_Firewall_Tampering_Detection_Query.yaml => Illumio_VEN_Firewall_Tampering_Detection_Query.yaml} (100%)

diff --git a/Solutions/IllumioSaaS/Analytic Rules/Illumio_Firewall_Tampering_Detection_Query.yaml b/Solutions/IllumioSaaS/Analytic Rules/Illumio_VEN_Firewall_Tampering_Detection_Query.yaml
similarity index 100%
rename from Solutions/IllumioSaaS/Analytic Rules/Illumio_Firewall_Tampering_Detection_Query.yaml
rename to Solutions/IllumioSaaS/Analytic Rules/Illumio_VEN_Firewall_Tampering_Detection_Query.yaml
diff --git a/Solutions/IllumioSaaS/Package/3.2.0.zip b/Solutions/IllumioSaaS/Package/3.2.0.zip
index 93e47f4344d4b46e8f69a060ba5b1754ebd5fc41..c1604514b98762a4cc060a67b8485eb2406a5c66 100644
GIT binary patch
delta 2797
zcmV<J3KI2+lL3a40Sr(}0|XQR000O8B!;mJatIA1hDTW(ULGh(KmY*Kvx^AdHGhO1
z`S7(Hk{iqOhNspP+QJ@n_>ze5yno={b9lrj!}4%CB18Ng8Tj|tlisnM6?wzf6G;0g
zaL$njGcU_a$vhDCsE6|BL^HP(J1~{_w-;_E6H^wZ(E;#^tdLE!PFCC&z6c5OZbDt-
zgm2!BV=%fLJmUEClK6%Y7UMWFn18$w$M_TYUuDndR-7c6UBE~LE)ggyPbyHv$H_vX
zv2)yF4eBM5W&3E(4+5ooo_#~y^GvS+pm8X8b+S>51uivOi8~eDndLaZrRZ$8s77e;
zdrUGh)8e)gJm#W=bcUnb28b;PZE}-IrUmpqybQ@W+XB8e@GC`uI~h&u#(%msgrp4Z
zOT3;Ws&jPeLfxocK9nf0LjwQ$Hl@yo(}U()ZPgDzg1}i=PeiFxVI+<_S8W#PP6g=(
zn7!ly-VAE%?@Ow`S~}BlNK;wfOZNV+l!oCc5Jv@`w>SmbMwfwyz?&*8=%EGOKU~8m
z3Gq-tLvjKOI~h~CsKVHf+J9c(N&Fnzjfk<3lhu~_MG;#H$QD>G*&Qfa7ma;ICp$56
zqpcgv&Py@|qk_D;wy2gY2a?#Az6)Hbg?ifR9kj~<LuD4<zJ)C>y0BN9D%SRtuRnhW
zan|gjcE&F8oF$#;JE9<{s&&VFqm7+W?Wx<g(Yb}m^o5QU+D6SE>VLhPYWJquf0iQA
z@rMT^&=J$l<>`|s^eqsm9Ot3Lio*|ahN5#}Sd&Re*a<_j?}hpvp{7kqUldk-$#M_h
zgQ^aJV%q*#-NX`LCp`<+>eL$e{8{{Z?A+ZMljJne!m`W(;GOzBBI!T163X}gLk@v+
zg;rVOf%qoR9g>|38h={)!-wS?0WgKPcPJq(Ncp{0F%5cwAG{RWtNF(_+#E>8eunfb
zIM3JJlyRt)Q+-K4--c7Y^2YKen|ou|Rtb48txh9sVdK2iX<L2}35eDbXYR%zx1a#O
zeCKa_iSxHzIe)k4{Cy?GQoo?CmCE_6WkqrO)z|I(ZEKZz`+pmE{{8{~&x9m0B*CFE
zF~q=FI0NJP_mhBo<1{cZz<yr}+^4~gD|n0Lj#%eg^%i?1#z6iga@4s6E^+PMv-2Iy
zQ8?eJ8yM3kG6;4q_I^C~v5}OXplEw7#U&yH7t;(_<Awg|G}#f@c$oM4W`kz)r5K@_
zK4d64xG^ar34g?Dusb?xhMZOAIYW^YqUyIH{>`VJG)4qI$i8i#+^h-88Uv3@kdmuM
zxSw1NPJBr2Q=txY6&UWIFAb*Xx7VHqq*PCaj}IZ{S%f{Hm=GJQB&@e5#T7G`KSlIe
zCLxcvtS8;nvs9{QM_bR|!JZy9)YHLKCkNHZL3MJV1Aq3-oE&5{$73EJ9N9FL;=xF@
z8ktfRS{<>72GtSECPyp^1NWg%Sr(vB9ke{~K}&wq4cpEKIcRBbcF>|gd((rKl{Vt{
za?n!F0m7kH2Q5qbsSaAIgO&{sT1u*fO%GaD@Hwq<(4ree`Y6H52Q4dt+=2r9@()@%
zOAcB()qg?D77tq9kH?@}tJ4)d|A`!yulsbRqt)P@>U72UHNbZT@Vz=NFDoCH;4QnN
zZ6a&;9#*f5s;43F!+^^^Oo@F}%iime_ry!55>ixszSdbye5qZWC1)G>yJ%Fq;EwzJ
zF~SO<pg|D~dx3N%K&(maqTu2$M)fCGEBgVuV1F1FO40tw9r5B4p#6PbW>C)$C```-
z+Fuj++ly&>hC4IRBLhtW0Bg+f#uH4%pGO!$a{R$yzNJSw2lzYam+BOtIt8ds0iMPw
zz!vidz6IZ{yxKmr(^l1Y<*j{SZ*AU)2Q&6TytSRpytN9nH}%%8WZ2(}x3=7dibJiu
zwSP<csl2t7w{}BsZAq1|skgS&mUj(5tq%S4l9HAEv@3$#g6jM7{j}XBe%fy3r`@8T
z_JtQzUfKoR#~XIPZZB<DtGT<Cm-g%Q(l%@=`3}W~I5o8+w#@Y=%kDO*+>Di*Q3<GW
zGgfX!_EWhT3$8wDm`RJp19}<rU02@5M}P7*=8aJ>#~#Gn*xk(As6cyDZ{tb^>b-ay
z%WVue)XLkqq@T*$Sa};a^fs1M2~XAAs6#&i(OucwxFX0csJ<`X+t^#;ZR}Ov#w~gq
zUlQDrT~i;yx9(}oa~^Nl`?@`iJ+0R6Ri4JL)YIrBQePq%^xF*;U3v#KpA+GEU4Q0x
zUG++7qjJ?&uG-2~Te)hh8>KT1s_PCm^<_(D|D%M>s`{^-*$?c@&hK}?;(rilc5gFh
zwgT-<o!Kkxf$qhbU2gBmp;pf9CH+*+?8=$Fp)<RrN_eWyY#sUuh~CQ1>=i+7LG^w4
z&g_FF&g_HAnY~44_Q^a#Qhf7{?0-Dh@rDOqw<G&NtFaF%NA_3h$c~uA*GhS7g`2ia
zH0>JBTK-e{Y%8B_<+H7Pww2E|)1dO%ZtAn;*6kyCY>T~D{@Mrj*XGT7Fl-;hUwg2b
zzgB_vrvBQMO#OTD*OuF2aj2EQc1b^#zqaz%Zs@NqsS=*5zgCBS0^(q0e}C<YAh)3U
z?%7`}9Et0=Yu9zI>b#KGGS}u@h6@yWdDd6+Urz1s%;qD{jV?*}QdvC%FkSEe9#5&J
z{Au>{Pf;8O{^aL(K}>%5X`laPeDH`B5hH{RV`#*I5nmEx9C%)EgEtnkH>V8Ohn>3T
z;TJ3y;tpVDKcD*m{Qv!*|9@+Iq!W>;VEkkm7!ddTJW-|-H@=*Ys2)8+e<}N~Dg0Uc
zaY)Gi6zn7t?hCR;`w~(1KN5;Ejw5PJo%5Za`4@wJ`f1<#IfK_J^(sxRTNsT3A?wO&
zOr!mXBOp+ZuKeJ}ccTdQ!_Wo&%V2+E4+ipz<@%H)NHsSy1iE!&R(~Ywv`EWFf@Tq`
z{F(zONHm}rBt+)o6B!nN_YHb<(Q_3WmT+Xy=di{wtIWL?u_xq?{yZ^GI>u;jUy)cs
zhcgHIDvZ?OB5_TtZiq^Mf>@1$;7Ts;q{W%byyZFv3r5f9ggVs4!~g}}5G(YJDN@lI
z1@l<p52cj(w|<&4Ab*p&b^==kKH<NVrxq+Q3zUF%c}P~ye8t>4T3iK6x3rns`N^G5
zj3~4vl7!YxgNfrjA|Z#PmrO2{Z-PmX2qgZ|h^{B+JI0Oc#FqfQ-<y4cKQ9TY`Q-1P
zOD*<#LqfL+(YH{V;)_l2rKb1FCbw+WDNXDZO=}sR+LT^sLVvGeIxjSt*Ef~#GV2xf
zH~4mO2fGtUKIfx%FLS45u<s@?2g{GA#I$F<uZ5koo-rM{;fv(SY313D#=gpc5YH$V
zHfYN{C1NB(?XEJ28{TF;{6*`hfqHub)Z34XdS?UFJ8Pr9*duZePp~f@ml~{Mx6yj^
z@vint@%A44cz>+%uJ&%g_AbtQtnsdP1K0LacOPrKtK|W1FS_fo#=Ba$$o9M=e7sBD
zePcI_;ty<p|B?kCp@*YuHhX5Pld*z@qa<hXB*tFyO*$Fdu>s~J2o=_q6JXF&@nCRA
z9BLS*@s7l}2IUAP*T7SLD>h&U!o6fW>LClKQ8BV^vnAt}rNL&{GbP9l?CNIon1woh
zclX`@2T)4^0u%!j0000803?Q!{YXO%B!)*>99|wMNk9Mq)00g}HU{iS00000x`%_j

delta 2800
zcmV<M3J>*$lL3j70Sr(}0|XQR000O8@lml1atICaQAb(oP~PoKKmY*Fvx^AdHGh2V
zhUCWbyy2-eg?6w%9lj(YH18j{?;IZSiLgAJipUUuM+W}=^`v$zXG7kw^#oEr3S4vK
z!K}-&QZffbJ?f$SInl~3#qLWb`t5}q$;6C>X><U*A|qtejFT0&gfBvZyqi$hIN=+2
z;}{Gs2ah-Yyd=IMgvB_H3??tcF@OF9{#V)Zxz#2~WEU_JflCC6%99Ed@o}<{XzUEP
zSc7_qWVt??^Fu)Cj%VKxcRbT80B8&fUYl&xVu4GIR^kptcV;;ba49<4EvgY3{0@^$
zytKHf1dq5VA)VpqwgF-bLYv%Tl4$|G4=+P9&bENB4g5+`;0{L9y0LBzA%7`D`x37v
ziRv7kx==T2cMm1X>yW^|zD=p~;q;*SR$KK0kRWgt))NuxR2Yfl&Q%))x=TU20cJ0G
za5sb6`umdVua?eq9MUwF_mZvuE2Uw03dB)?=Pgcww$WwaA@HUO3wmHd_YT*vK|(xK
z(2$(K!cN9aE~+s0qqfy|5`Q0ub`xSO<Ycu~eo@4h0<r~`OLhi|)<r{K(aBDX+-U0t
zv-6US!Jr_ot}Uu1%Yh{JrSAe)YN4LCdI#-tz)+dRw{Ky)i|*^yri!&a<?GMiL7X)^
zsGYG(JZDKK`i>|Fs%qUa-(+KFRD0^SY;<m6GJT<Ag|<=ihkD<p+JCue_MW9kbo}AL
z2z11>b9wqC3VjO%D#v*!vEtxEoS*327uIAF5_Y<f?0KQSN2qC2(hr4IU$VTz_n@jn
zpqRElRyVN(*eTC~wK}y1K7SU!9y@n;#w0ljw6H95_;;s1i%9xUt%UOZ|ByrAT%lE#
zcptvWGlyj7f`*p<;D2HHMgUCV?Hx!+3sQb>RZM|i-~%s(_G-TI4L1jpv7aIR3Xb!2
zH)R}Z<xpSJ&$r=FuRO85$>yHewN*miL#xvWTi7@+b=a04L;|9<#F4u($So+qFW>Ro
zUgG#|SB~E;Ie!0m^=|k|ilcr(T`QIISIdgx=BuyU`P<ei^MCd??)?1&{+|g+WJrQT
z<6($_ac~C4^6w|X_Qq*oU~v7u6tqtR9ar!c%N?=Kx9TnSNQ^=JNz|xw3tZybyJzP+
zn4fUIQ#UZ4Ph=15T<raL?qee<H9^t#T8c?T2ri}=u*M7h(`lk3u<<bO_00y%=1Va;
zHGRZTa&TipM1K;5)nNB?)C@VJ%yWh!Aw<=0L;RahJ86sve2{(HKDk*Flr;t(mmnqA
zj&MJ@8l3o$+@(St=qfPWL0=k7(QmIk4M?e;3?Cms%(Do4JTW0QR!LZIPl_pKE`N&X
zvrIA`Z&^>esb{HF&yKd9zkfYFYN)4!sZI{6lY{EyKz|49n>jhiXpYA`J~*;z8pVT=
zYBe&YDzrLc5e=#%mQ9XW6b9}?pRz1Kp*m=J;DeU@rW>}M4|34b-t3@7f%c{cEh}xr
z@8zJSoCAbItqxk2^iv(QR0k~^9<-EH37a0Ytl)E6<Df-1i1a~%l@D501i1wT_~jq8
zbe0^nbbqRYmMtE%ydRH2w^pYsdj1pnD_{5NN=K`~JJsom@oRu@3gBCHTwYc_F2Ngi
zMcYKy?mett7gbL~;D-U1eV7vas+PUeBkzfqP9>zM`h2akn)p(?I7`kp@OROucEKI@
z`D26?KtY2d820+;N`P3C+C{;|UySNcu2uE}bbrAxE|jAEll$St1wi}zyv(4UA5fT{
z2eiK?@V6J!^bB`qphpIp1OV2U;cX|FhCh!mg5>yv!F)@Pat`o!&@a^~Ky?aGodP_K
zQ-Cez4}1&0TY0s8Xs4~J@5)>Iz~0)t5f5hUgLrE@n|W&$Xm9GRUCFS&7jJF34Hbu4
zd4Fq{^iz3jD{t+F-rABXVN-8ysV(msep(&+=>;V#`)OAMxdqkt<@;&7OZ>Fm%1^sR
zKkW-IsJyfbxQ{pNe%)T$u2yq*D=+QW>7{MhRPr5)4RLB}N38aGlQc?t+0`bMm$C9P
zDgjkq#>&gcekw0x!P7_WGHI=NKqq6q>wn7G_(;yiye$gW*n>D5yPG*16=-kjY+T7c
zy%%R=xqShLS~(k+^iw$-D`(?|&c>1|;i)<sb?7G`x+^;yR|L5Q)%WE)8+%KfjlIg*
zxJ75<OM*MHYw9ET)*X#`&f^VxU$>*Nr`6iM%F+0hIvSls>Py6ee!G#PORu2jbAKW{
zugm<dtKKMWRIb{}Ra?1gD_3oGp>(D}b=$$FzHG_tf0U?MRsWSU`+=R=`TY)9{14*H
z?rrAGR-nD9Gkc{y(7iab%k4cm)XJH?q@T)}T{*KibY_=S2~X9TtwTQn(OcP>y&}jh
zsJ<`XnSHRtnSD?>v$yEXKAA^Iihpn3k)7u{-tge-c4QxDHTFT}$o@(l*%6cYS}AX>
zaMP9xrd`=t%YQ1LZRNAAe72R(w({9#8dN^pO?|f9x_u;%ZL#;tU;DuR+Pqm0hV6s+
zYY#T_*DBE7)L*-jsedp2+HzYg4z=>vF6pQ8*H-@84gIwxRl-yC*XqzuKz|&p?5|xB
z<Q7!lJ^O2gBXJ#f?YhoYofq<2=GvUgaDhTE&-!Zq%c=dH*?i==(Ip9ADywGzrtAIR
z<0;jYKh1vrDT>3upZxqTh{+E>?eo8k4<4~1VuY|^42?K2;!9$T1J4U?@WMj&<dot1
zuv7Ou{DS2|+yTt&=W`!`|9`*#^M8$xbRsepjGrt61LB^aC(3l<#+UOE)uTt~FJ=EV
zg+FUQ4hh+xf}KRdeL>b}Un0u>M?z7?aYT)&bH4L4|6<TjKkZvTXYe|uUZtsZ3!_mW
zWL;T}X|x}41O)2Ql^@*rZWO_O7`mW;8SGE&!9ZTIT%VEzspdw8K!3Mx%!)*v7HQc?
z&@5t=UvmHji3SvdgveZcBE#a(zCn*Jdah!_5{?Y|8rB$QmATg<_JZ8epC`si#~97+
zD-uiSaOOZ?g^@a3B(7=I4N>V&5UWuTT*<|qv^aB@w_N97!RYy%P=~sh7@)u#Vuijj
zMJigOU>+;{p_DTJ)_+fP24phVPGGCRC;XT4)Pe<OffCRz56Q}zub5j$i>pBCmNrv6
zKe^M15rwuylF+(oFmaqmB;;`PlF5bgO)v=(fy6%=(e>nf$GCBw_!6M^d$UjQ=OsZk
zpZxuEsl{GzNa!{p`W8x4e6b0>)bw82<d&^ErHQ?wX)VK3n}5;^P3SdD=Y=No`lj+-
zX1${R2H!63V0Qw^=X~_;W$v^L_T2>LVEOTsnD(sqwXl=cGo~Xqe3863tvuV&*jE`4
z;uYn>25p(AM2tkJ-Bkv0!`rNfzi9n5P;YO5di!xv?`(j2XKmCMdqnQx1@^_`QiE0O
zHd>E9-qju{-hbYEACEQO)t(L5-o1H`HQv=O;M!j5?qiL2wLHM>MRz^ccvlM-*`9ZV
zk9VoNZ|sIq{DJN7U$WpM^l)^|X3uPOGFGr~l;kX)#Mn!|Nhf1FHo%+&p~AXy0t|X8
z9t`e?Lk+_;-jNvBpd6v(8hFZY#Rlv^xR-24J!IiDDkw(QZFbzUG}sJ#rUco6UEORR
zvrwn+?!No~P)h*<6ay3h000O8@llidNJ9<rQAb(oP~PoKKmY*FlS)Z82Jc7!0001>
Cm5(O?

diff --git a/Solutions/IllumioSaaS/Package/mainTemplate.json b/Solutions/IllumioSaaS/Package/mainTemplate.json
index 071c2e7332d..0d4ebedbd29 100644
--- a/Solutions/IllumioSaaS/Package/mainTemplate.json
+++ b/Solutions/IllumioSaaS/Package/mainTemplate.json
@@ -747,7 +747,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "Illumio_Firewall_Tampering_Detection_Query_AnalyticalRules Analytics Rule with template version 3.2.0",
+        "description": "Illumio_VEN_Firewall_Tampering_Detection_Query_AnalyticalRules Analytics Rule with template version 3.2.0",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject1').analyticRuleVersion1]",
@@ -1121,7 +1121,7 @@
                 "description": "Create Microsoft Sentinel Incident When Ven Goes Into Offline state",
                 "displayName": "Illumio VEN Offline Detection Rule",
                 "enabled": false,
-                "query": "Illumio_Auditable_Events_CL\n| where event_type has 'agent.clone_detected'\n| extend hostname = created_by.agent.hostname\n        ven_href = created_by.ven.href\n",
+                "query": "Illumio_Auditable_Events_CL\n| where event_type has 'agent.clone_detected'\n| extend hostname = created_by.agent.hostname,\n        ven_href = created_by.ven.href\n",
                 "queryFrequency": "PT60M",
                 "queryPeriod": "PT60M",
                 "severity": "High",
diff --git a/Solutions/IllumioSaaS/data/Solution_IllumioSaaS.json b/Solutions/IllumioSaaS/data/Solution_IllumioSaaS.json
index 1f0eea09450..ae0456c5f53 100644
--- a/Solutions/IllumioSaaS/data/Solution_IllumioSaaS.json
+++ b/Solutions/IllumioSaaS/data/Solution_IllumioSaaS.json
@@ -12,7 +12,7 @@
         "Workbooks/IllumioWorkloadsStats.json"
     ],
     "Analytic Rules": [
-        "Analytic Rules/Illumio_Firewall_Tampering_Detection_Query.yaml",
+        "Analytic Rules/Illumio_VEN_Firewall_Tampering_Detection_Query.yaml",
         "Analytic Rules/Illumio_VEN_Enforcement_Change_Detection_Query.yaml",
         "Analytic Rules/Illumio_VEN_Offline_Detection_Query.yaml",
         "Analytic Rules/Illumio_VEN_Clone_Detection_Query.yaml",

From d62bdb95703e4d23155d8fbcbcc244d9452c5c8e Mon Sep 17 00:00:00 2001
From: ashwin <ashwin.venkatesha@illumio.com>
Date: Mon, 7 Oct 2024 17:04:19 -0700
Subject: [PATCH 05/11] adjust description of alerts

---
 .../Illumio_VEN_Clone_Detection_Query.yaml    |   4 ++--
 .../Illumio_VEN_Deactivated_Query.yaml        |   4 ++--
 .../Illumio_VEN_Suspend_Query.yaml            |   4 ++--
 Solutions/IllumioSaaS/Package/3.2.0.zip       | Bin 18822 -> 18919 bytes
 .../Package/createUiDefinition.json           |  12 ++++++------
 .../IllumioSaaS/Package/mainTemplate.json     |  18 +++++++++---------
 6 files changed, 21 insertions(+), 21 deletions(-)

diff --git a/Solutions/IllumioSaaS/Analytic Rules/Illumio_VEN_Clone_Detection_Query.yaml b/Solutions/IllumioSaaS/Analytic Rules/Illumio_VEN_Clone_Detection_Query.yaml
index 972804154f0..6300b893afe 100644
--- a/Solutions/IllumioSaaS/Analytic Rules/Illumio_VEN_Clone_Detection_Query.yaml	
+++ b/Solutions/IllumioSaaS/Analytic Rules/Illumio_VEN_Clone_Detection_Query.yaml	
@@ -1,7 +1,7 @@
 id: ec07fcd3-724f-426d-9f53-041801ca5f6c
-name: Illumio VEN Offline Detection Rule
+name: Illumio VEN Clone Detection Rule
 description: |
-  'Create Microsoft Sentinel Incident When Ven Goes Into Offline state'
+  'Create Microsoft Sentinel Incident When A Cloned Ven Is Detected'
 severity: High
 status: Available
 requiredDataConnectors: 
diff --git a/Solutions/IllumioSaaS/Analytic Rules/Illumio_VEN_Deactivated_Query.yaml b/Solutions/IllumioSaaS/Analytic Rules/Illumio_VEN_Deactivated_Query.yaml
index 34e70b9c0b1..edffecf8dee 100644
--- a/Solutions/IllumioSaaS/Analytic Rules/Illumio_VEN_Deactivated_Query.yaml	
+++ b/Solutions/IllumioSaaS/Analytic Rules/Illumio_VEN_Deactivated_Query.yaml	
@@ -1,7 +1,7 @@
 id: c18bd8c2-50f0-4aa2-8122-d449243627d7
-name: Illumio VEN Offline Detection Rule
+name: Illumio VEN Deactivated Detection Rule
 description: |
-  'Create Microsoft Sentinel Incident When Ven Goes Into Offline state'
+  'Create Microsoft Sentinel Incident When Ven Goes Into Deactivated state'
 severity: High
 status: Available
 requiredDataConnectors: 
diff --git a/Solutions/IllumioSaaS/Analytic Rules/Illumio_VEN_Suspend_Query.yaml b/Solutions/IllumioSaaS/Analytic Rules/Illumio_VEN_Suspend_Query.yaml
index 856c6bbb123..8996606cdbe 100644
--- a/Solutions/IllumioSaaS/Analytic Rules/Illumio_VEN_Suspend_Query.yaml	
+++ b/Solutions/IllumioSaaS/Analytic Rules/Illumio_VEN_Suspend_Query.yaml	
@@ -1,7 +1,7 @@
 id: 7379f752-18a2-43ca-8b74-70747dd792f8
-name: Illumio VEN Offline Detection Rule
+name: Illumio VEN Suspend Detection Rule
 description: |
-  'Create Microsoft Sentinel Incident When Ven Goes Into Offline state'
+  'Create Microsoft Sentinel Incident When Ven Goes Into Suspended state'
 severity: High
 status: Available
 requiredDataConnectors: 
diff --git a/Solutions/IllumioSaaS/Package/3.2.0.zip b/Solutions/IllumioSaaS/Package/3.2.0.zip
index c1604514b98762a4cc060a67b8485eb2406a5c66..9ea1df79580295e9d6a61c9177897d06750588de 100644
GIT binary patch
delta 3594
zcmV+l4)yVdlL6<G0T)n90|XQR000O8e27O`snZ*gYX|@UXpt8lf8APbZyUK0{+?ek
z*cPy4NGr#=q=nJkLA9OKKynvEu8qPr0&16%SaX+qB-e^BHPGMEpVnW}8Saa?(kihN
z%g*&fVlQ`gIGkr*9+Lj_1R(gMiDo=u!5#!NYcsPq7!)I6!csQn2~Tave#<ovBbAiz
z%wQ*c8t(Qp&94NXe-HLGXO{o{=zvc|Dy&dx_%@eToFw5tjY|Iz^k}LXOJm73P4!kp
zS{XI5;n1n}6cn;oTpLtFvW=;Vw;9tc;TC03;1iDESftX4nAXoYBFw4yjp-Q2CQKUM
zt6q$m5s~pkaV+L0(jv3vq<;~~6pW5up4V>CY#vU9o#o@)e{hY{S#k|I#jT<Ezdyo3
zk#adeFQI{hH)^WP;7H0m5sDr{b2U8=U@l@iL+yWho_)l}85h%;t)G89PtVis?Vpw9
zd)wRaPI6{AXg=W@tO7gZFi}#fxk#rl<`bnkh}2jnC5_N~qhwC2*#pw`-+%uH-a8LA
zUc%XXUg)N&f6PUvT5Pe<^{ca*^J<BsQdzys5o4o4so3calekM(0GV+-<7jQduF-Hf
zyG+$Q1z}9?PtPtf{>;FX(^cjgCtV14A>-OIj5k^^`9v6~OzA<k>at|jQz2P(=9#@P
zVLqRSqIlul&|Nq!)9OlKzyKQyDeN`rM`hetV0kPoe;Z2<80;`Xgn(b+Dhy1tN?>?8
zg3&V==g}p%VFB_1vkdlCn)1jhZ3yqDJ=oqpRr+$Q)TJAFMkB+N$!jYjc%Mt|hF>`Q
z-*Bc=NN8znta1x=dO-!)ifdg;SN`q7zhG5MjqB$>uEB{_)D3!zlrs6)&#6VS;XC|X
z<vQZ;e+pN+L_YHbz^@U%AkxfD@wTo>gL+zT%5~o{d6XJTFf*8=S53wuZU$L3_kdwp
zvd*dNl{GXtT-M8Co{Pu{QUsX5le?&YzwulpRm9rdghh_U7#~aHR7^!2b62YVCSpo~
zN<|Om9H!iYutm&KzDqU5fGncNK<xwHup56hf5DY70;9MpovlV!7{1mj&z3D`RGkh#
z3WG61RoUv?)AGdsS?XMr<th-o@|<G5r^VvJ-V9G``#o#yb;g^mrH<clsFPtPFvqM`
zvhk5p@>r1Z!7<g3iICJ)V0^uBl0gqL3!K)1Y3}^_zFa!EwS&Q07g-+rs<A=DqG~5+
ze^b}sbVu@ZYG<8>>pI<#me=j=bT5L2e}Ba~XIo-orl_d}uMdwKF^GN9&fIi3IYvXr
z&p@0-#Jw#q>TjDUKe0^o%ZB`NcV~B}zw_t*&eJWlb`{aydhF)6gKb|W2@;3{t+E5G
z_P(%WV=hU$H3Bk;12ZM#f@6#vD8Qh7f8HhJW1KFgRy4<=50bD}sr16Yivn}EFfdkQ
zo3f@gMR<I|B*N@qOIX$^La<XLLuacQ@LS#Rio|<R%5~x8k3d`mXD}U$3}cQT7w-`7
zZV#%l){yI>Ku1`fI6X+K4DXb&v-Rn`@b`JJcOGo@fW+KaJ=i)Adgp<&r2Xy9e-^5~
zXa*;Rv(P+VDF&Xm7G=j1DPrrQtP)5$vM&?~s+dvTP+J3Nsp<MMW65HEEUYu*bApIA
zb)x0gwN$9vje6R*{G(m&AZwH17={0e75;Mh3zZc;aJfH_GMb<Y@2VD7+{d{1C7Yl&
z3Mr)qj|+wH50yj2QrAwr7ZByfe`05$uHsZ+I$UFLweXHb{)8}`U{J23sXZtNe69=X
z#8bzj9IIP06N~eL{7!Qbvos=72L(G=@HC>kVbJi)jrY{(c(+2Wk7i%)ZWJ||p=I2U
z-4&u%8c6PNt|}6JnV&c%xfcFb4=Edx^V)9WxsKb_%zIGk?vvtvrFcp2f6aOq*S}Z1
z=SvM@nOQY!{>oeIaBoV1Ms3CIBGy$5jj99h*U?2$*UsUBOc~q!>_DX+OS)NGCR&ZV
zTY;!;df?JvR!T!<Ne4GsxV4#anNfbj6q^i5If8({lsi%D)@k)M2BIuFpv%UUV(`Th
zfWz8CZmKtxAsb5Wg~wgie|<M;eJ_b?bF5f`$v&Da@Yg<7XqU!!NZ&g+@#(GoH=<gl
z(q;MD5oM==VZE0=EVj^9k}ZF^CeK!lZa2Iw-#)*BbrImcS|0_4(lYmkRklzts|g_2
z*Mc@1sybf)$A*d%2A6D$!-eupLGw&$N;hnYrPsn`beHj6e!lohf4pzs25*b^D>^N4
zd}}j6@BVIpcISKE+0kR-{OsOwCUm7@F^nwRSXMuK9I#zSt=pDF{4{p0Vu;pk05{VV
z1(h?1>t@AanyGv1H(`4x%2gi<wNkEO+uN_CTx~Ob6Xj|(?rxN;w&~F+SMx-_vI}%h
zdmx@<lF>2x7q?LEf0W7JKQ%O&4e_Xj8~>kqRLm`HgzSu*Z2H9>_@~q3Fo`~h_~kpS
z&?r@}@`JlE`QYDd-7D{^oPPhj>y^-aj`0P@EXlA}VVE^;9`2`5*Y-b7p)PP~JFz%Q
zBkakkh0_^N7tS~`r9ZF@p9(wMbpNgVbN@W+Fr6se#uH|+e?Ma>R)Y=V`$(+ow)mdl
zzrqQo;TYm3ytqJll}kA&PLstIhhqgtvE+l31!*%R{7?aL|Ag%1@MrjCGQrx);lNcn
zY7F-u3XjCe?h*>G6~@64aq!9^4~p#%8^Ly8stqIi!}pEsuy8@_AjU#oxPr$I1?%&T
zz<R(LRU}3mf5T0J`~3R`x0$xSQyw&RUu*>9QEoDxZWiAczbAZ4hujOgt2<@)v$|<i
zxy|y%we8{xyYKzQMsPL}+Stxl-rnMFt@8~xxIO-B&ZMcna96O^^z+5cOIN+_y0%(_
ze^nba7FIoUe2K+<I*GK*RsLN7dGqGU&6EEDP)h>@6BGad00;nlh(}p50czxaKmY*R
zvx^9sJAdD}m-fh@65>#I?Qz5x9K`?@uU8bvQ*qEXY%25)A4*N_gDrEj$+BxrDi34j
zVN?RDJdBlxk^NL2#)6kGzgRq=gE8NA<!F2)M`PX&1xxHf9F5)09E}RJH+3|wWSicL
zqp{qcfJ3bujZ6Be9F3KuaYILANtLh-N8^%>+kYBvMji4Ai0;a6#uY(sLGgY0ZpPjc
zH)F4IGj7q%_>$m$?3#KAzI7L4p7VIa-q-D7>}hp&?;Ce9W&=SbNm(lxRBr!N{Ebe6
zQ;BHMZ#PzS=_S;BPK5t;nfG<oJEe`vVOu$DD~E06u&u6?&NQg*JJ{5tEgL0|5jU&q
zzkhORKd?(XzwZId|3O^Zz0F+O3bZ$MX|J>wx)+yrxjiU{TDi2B^i#RCE0^|$F71*k
zVH+;(QXYae9NW4fBp`Y#JGNH@xdrw2<vX?ymN>Q#D#!K~9or}K2ubnHJGJv%#~U7e
z-A?TTt=2xMoZ6C8n@h=>E^XfW$+)v4hJR13l+RW;Ys*B|uHmxfKb7aU^4wOQ+sboW
zd2TZeD$nhvp4)Wgehj~DvG>Yr`@mk?ykQTf?Spu24>t4KD$w54YrB%Me=lC!a+@p;
zwes37>8JAAR$ki;y|yJ)!Zy6NOE<x5cx-j(Cm;@1_Sminato^Oo;|k0mAH<>c7I*>
zs?HC2Epu(oX}Cb4muG!7|K-&F&TKyN+~|^oFO}6Z0MqsU@9~ss%AaOG{}jbx;7@*j
z7sTX;pZ57*#s`mB5ivs8Fos4P81W@B#)0PrH+XR&dwR-neb}jc9)7`cA?^TX_Vc+9
z!2jR>`M<_TIuV%)#!r@kVR6sT6MtnoapTMRi0aWJ^q8{$n!=;CABTkOPr*(i;l3bi
zv@a25|0AI&<2a(m)H&bznSU|pr=Rw%pEG!!Qm@j~x`ojw5VEeU#x&ZGI06Fo=*kan
zd^d_<KMY;azYO*#_Fy2dSgub=f>d)OL!etXW<{b-i?nPcXcn=`uQ`B%M1KQ{K|*9M
zK9OPZ=ii`57d=<8VF^bDeHCjAv&!6S5qnAQ=+6`5q+^Wc_7#aGbU1UMufj+jE)v(Y
z>V~NFCy3Q32(IMfPFkF~(_5}{uwe9jPN+*=Obk%q4Y5Msm?9OeQ814c9#Kk}f9t0?
z12UOwC$LrE6aGtiYQX}tKz|8nmxpBK%va2<qs3LAbW5A5ouAz4#E3#$B1vf7G?+Nf
zBNB2rddcKM`6ieIi9q5Xjp%xEzGK|DPJ9W_`@PvG`16vWnos`zxzu8>HzahM5Pb`!
zDZbbQUut@<Y;wz1ozlc!(X^J~sZHsHCiEJn^Fot(eN*`^vtChugMV)qcd$Ew<a0iH
z_cC{02K#OTbFln?N=$p!`&!sZ>lxFL8@@<ho>rdjXzZ&D2=SV7VS~2JQzAwp)b1*S
zxZ!Qq!(X(18mPB7K)wCAsCPC%y|Xszi#;Ou@DlstajC&7b{nlnAMa|96>sm|kH;GC
zYR?C3@BX~U8t-Zsaer+uk@vC2yINM@_Tsx9YrLxkjBL+4!pFPR-8Xi_DE`3q_b*xa
z5qdbfX0vCuIvFciI7)IBPh#vP-=veV9UEXyf>2>yIRS<}6%Ph?#G!^^8t+JqYfz3*
zat%D?w_*c!Alyr~qaLzw8Wm&fHal)v8g7O?Q-bWku5LDuSs<{}cX!|Ye^5&S0u%!j
z000080DOo?S*g<-k!uJ50BDm1NjM*Th(}p50czxaKmY*RHUa<<00000000000001_
QfuNIINhAhMNdN!<0GwC>`v3p{

delta 3541
zcmZvfbx_oSx5Wvi1wko6x*JwXDUn=2q;pB>R0Jfyv`9)UDJ3A?u{459NGu@8f=j2u
z!jii*&)=JQ^Jd<>J9B3~bLaeZ|2T8bb{c+68b19iEy6nw@$m3S@VH{s&6q#uyjLW_
z!?RDJX94!iuRWRCsc#i^#pmeiUuy`W+DoFR7M{1{%_zO4SE)?wmmqM>Of~h%4B|q@
zi8`(1mnP5h{-waZ=&Ukw=k;4?#;Mzh%6?`<Y$ul}D&Qa7I7i$~&Vo@b_5X&Wsfgxd
zSsSv(1K{?%P1gG3*Gj7ApBd3-oi|pBQ&;*2o4|^akK_4rGS#^@yq}Er(o5fEKy%}E
zy8MjFDp^I?lo?#BIm1Nl>@YKS@nWc>pRKri<2M`Amzs|wjt{<?!G(Xa^{F%WH7E^$
z#6^4GsAL%&l25ZIjb}aSGSSw~rVg+8v}QW2Q>bd^Qv^^?F(*)3X@i@bTTiz8MSi-t
zwgGByGPGZ)y$Kq=!6bXXf?HBfg3DJ{T5<$IG8qzyQD3N*EfKsdLaNU6!`HeKsZ?j}
zD|S8gn>bwBdm1mV+j61h<)s){D(L(3V@9M6?cCiD*{S-%s&XIr3;4&M!v`h!U81%U
zQ~CECS!0pCz$JZ`4_&oR|NOK3Lms`YF2KND3iW4e(QG`RVL%U2y|5MAFvaGCKD*GH
z;}#B^VGxyZWoi&KWJZYCwIn=eNHZR2B2Q2RiM6*WL)ObdYa(2h7BPovOgy<HgwX=>
z8nZfdH5MbhH3$LMIzv;D%${MM&x{>{#oXo)G71J81NP`{j+@~GCUT*B(GCVb0Q|_u
zj(^x!GTX=rK{Xr<`AIe>55Ky2_tg~0o_{hUA{Iyruz^Z#U=~^2y$S?E#Eo|P6Xi-%
zY{xdBwD?_G-2UGu@^0#6r^Qv8C8dliq9wWuz2|aVAYgjzUVmLZqV#09j6M@VYBYHo
zSd}jEw>ih4>h*V7%Ub=%2e52@0K!pVL{ezZ8LF%c;$71*OCu_siyPM2&5}#H$DPF}
zG*!uCi!U8n@=4ytG@}}{<LD?!i4e_o5uZ?9A>k)TFe!Q_3iQ@yfh)sWvPt8a$;A~O
zts82qGQ2gZyx~y>hexPVWiW3oMAVy&>Gfzy4uy?<8B%hIth7V^T6~`g^phm4eR<a^
z069B=8oT_Q`K;&r^n#6Iki^KLYMLyQ_g8`JgprvDL6LsGeKoGxY+-J9)ujSZWeS2G
z1iJCBBUyKxvq;9otDx1w`rxFy{Fuaw(6OkJT7u~+XbOe-C$p7idTk%43IFrizP-m3
zvmM`#>PH?isqn@5y_NC@?!ENqO5XOHs>rULK6MFNTzZLHsG7$)Rr|DZ^U%fR<luIk
zE#se~<Na3QMcxT9FC_`};z)ulpyj<DU#`B<OieHy#dqg*=iML*E}wN;l<#$@2jzyq
zy7Ewzh7Z}pWM%|p;jY%)8SW$8dN4I5jyE<%ud{3uQhdn7oHJ3tL2&Gvva70=&;{EM
zq(BB#tXw6$-GYIkszJwWI)_6}&X#5oy+GGck``^ls}+MVmS2H&+;FGh*vfYM<1yj&
zBw(?}@g(*i<C|np{9(icrf$Q&DTSOu$;_-#Mlt?JbMqH6KhW}rSl%ULs@SoboxWN4
zu8v%p<|X=+t`ShEBj$~6nv}B?B%*bz8F?Aa6<>4Q1!mjO@Z_U06pw5yY9)GA{MXp!
zYie|`P_@CjLDV0Q9hLFfUwkur;61GHtxfLZ*Y*+#DQ9)2tD-rAhN-9D904{*u0j&b
z7dpDRp|&&byh1}V_R<(Kx}#NAf#|S-+B`!ZHjTsqgfajbX!!Q7t$)R}?{U@Dp{>mK
z!i75qL7(u?44o!F4pFMg8X{jkh(9K~LKsjt%CNm6W_)V8`Xr*W$E0c0ce85t&~vjz
zp)#ZaS7^maD!l${4npYK9`TyesZwYv_Y5ws*;3AOdcTofM)Z{D^KL!lV;8Y3MnQa^
zK7lE?PC6H8yXyWXFD)6%(^!eTYB585*ZD-4dkm~|%o<T7ej#K{pHkIBCard<Fj`pq
zm9LS3JC;m&%%PnY;e5UqBc*-S&=}=3N|we0=cW~jqN^BLDaJ2v@$i8kx?g7ZrgsD>
zRI+`QG85efRt9OpzW-KsjmuU}AqMY52OzW8$P(bRo2yo*!H$&Yvb^z|^`&7E<k2#F
z2*w7!Xo2!lX#o%DT>QKrP!?_*kfAV=G^v^@Y2rED<XeiO^%{lgVr&fVv>D|Vv)Sit
zFVzpzkvU2d!Y|AxZC}vh$X6y``F&qW_3&-~w9N0E&!_V@Mpzt{vwY$?-8+sso;bnn
zp@0>S>+4icE#{>_26apbD9H~O1nn#yIys&W!hr%z1nByQ8;M7E%97XJk$R)8+*81#
zPGc#RAgQnqE^!h43{k#mXo>Ok?$h|-Al_jkE3y{lT3Zy_Nx4=^)A~;PzfUo32>1rR
z8#d~l5<MZv`^gxq{_*v@#L#u>kwpn3U_w{&<yN@&%t*rRsEoiy2Bos!b2X`JG{x2T
zzjMhEIF8^$I>9IU(9U3tmG+W}b?ZK@Kdo9XuyCsH+yg(05Ra!p8!<SxWPZ5hpDDdb
zHYf-6HZPho58-1s=KB9e3<=sZ=Pt0!#pp&u<lfy1qkV2=cKP!8<p$FxR&4qJyJ{k;
zKg;UM5ZEb(^ky`{#x;iBy}yY#J+mS`5-nwB`IbRYhLW50bG1?~`&u3CeH_*B%cRh#
z0!L7F4KpPKT0H1|TXdk2g%&9~0NXM%KOhpNI5G;kT$J8LVM1|x_j*FG;}_U@Oiy<o
zY@*j}S>g8fWbcA~{#uBI(Fkx&YsT7j26pe8+?alUmP_j4z71maJS?0&j~GI++{!xq
zd?>iE>&711p1SaU(^s@*fTgmo*~-IyK)npy5D4Z?r87G(xbsP}uE0|9oa+B14J#Ht
zO(i_MX(<9c>VNse!`8*q(80so-S(Y>h^vp6=U&q!N!T+0nu*;#`6=Zta85Z8BO}?u
z**bR0GrBKTv5)}G)gvu`3o`ap!y2?RlGiG@W@*L`5C$?HLrj(i)sLjM67|G}Sm3C+
z#W7U5QjmeyI+$pu`#saB2ZhYc2&%25U<73vz$ASlm0?J#`wLb6LJ@xoGLLHG7#1$?
z5nV>jSpaJuXrrY;;Xo#9nuQdI0c#&@-(}2)#cS@eLq1WyW_I5wf3R+5`VW`BH3!29
z>K-j5kXW+d!D;|x%O7$Ib}4@Q%eeOUh>=CRYZX%|=w9V6rPQf|mg8-4)Oh7Z-RF5K
z^cVu;|7{Jp@8stNa%v^m)5)6`+za0y$cA`gfFDK12sHP#Ap$*;-CYFgECIi-M7Te`
zAdOubL7-`$dp<u6IY*!)x&Q4yg{l+whn%v0@Np7a4tW?uYz^bQRH|yA5>UsQ><lMm
z!I9tqx9Hqf?I(MW5au@q=k9_99-B=y!L85<sp-O_dC#4u&DlN90QdNAlbhef02aA5
z9w_F{3bzib&+au2$9}!}4b{F5Iz(om?B0|^d;K&Op}nm~NY6iY!WA_6mA%FvLJ8Jv
z9DuzzHdx`s{=Bsy^T*vbH>7XvPS+=-1aiwVhWue*z^uu!^~*iX*cRtRqKM|1zL`9s
z7zA_6qFeFx$_0C@tH(@qv#|~MKi3XDb1ArW2tJ6VrRI#fXYULTr?#fCXMS(x9Vt!M
zC|yQ@{E*kNy-F`czeZ`}s911`cXfMRaO)Oa@*t(c=IS*g!+qS9oZi<5(mkJ(%UR@=
z0shN6{wuS~HyXn?57AsS`{a#kmo$1<MVdH?Bu-cDyyLurbNa~83zuc!LN*e~e=49;
zW5JL}z`i@;s$F~?%gOdCx%O&h(7%`j`+f56^{5SCM@4iLw|SAyr6DOTai_!A-k58r
zSz}Z!!jZb_Du<9y<4GX{m&(@K14cRkcQ5eWln*UahWG2q?fOBns<Cdm2HuUN8#(cp
zPY0bnty4^uKY)lY1QKR|RgO10Ri3e6Ai^{;Vg)R+UowzA+O_$Vm|SgQJL>7o037e`
z(tW{`M1K9LM|Y1+SE)+V&taiCAhxu2KLU%p3ah>8WpqMf<mq940UE}L;DLpw=9YKC
zu;%RF=RfjZCh#?Lr$)`{M1EYC<6!?#oT)96?iHc=iG=HBDz=sv*nT#cxC_t3>t4<c
ziBJ?Jtvuhr6le)!179e^NT*=0a@OK?4obh`MtETEzxZ{~v^s8#`M=YxoR#ZrpNc-o
zMoL3561%jg(r12eh&vx>C~Oz|i~5u~)MI$Wh)0vl;LT3mb<ugv`Qne;SK~K+xNOcR
z4fc$L-Jjs2mvSBj<hbp)l=o^SVwsj4<*!tC%fbVL2xm~q@qtc+Gtb<Ld*(RbQt8%<
zvSdE0wu4Oto*dR<!G~CutM}Fa$nzUk1QGO){0Na)eScQBuBuIZPtlIuhQUtrwqa}+
zXK<I+Vu-zT!Wxx3aGQFUwdg~!n^cfvRa!$tbTO9`aL6@ib)@r@5!Had#YI9p3w>ZS
zX>e%ct<LPq@bxeW-bS=Z!j1f95Gp8TL)_o}`q>UUd6}Mgqi554Mrohp9Ef|E620Si
zoE7~v#2>eKOZ-X;pWq?k|5Lg6@bKvW8R7p-N%(&#El87-^}n0h|MAQJmAy;r*5o2W
IYy9W(Um;%bE&u=k

diff --git a/Solutions/IllumioSaaS/Package/createUiDefinition.json b/Solutions/IllumioSaaS/Package/createUiDefinition.json
index 2feed2f85a0..26b06ba08b5 100644
--- a/Solutions/IllumioSaaS/Package/createUiDefinition.json
+++ b/Solutions/IllumioSaaS/Package/createUiDefinition.json
@@ -216,13 +216,13 @@
           {
             "name": "analytic4",
             "type": "Microsoft.Common.Section",
-            "label": "Illumio VEN Offline Detection Rule",
+            "label": "Illumio VEN Clone Detection Rule",
             "elements": [
               {
                 "name": "analytic4-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Create Microsoft Sentinel Incident When Ven Goes Into Offline state"
+                  "text": "Create Microsoft Sentinel Incident When A Cloned Ven Is Detected"
                 }
               }
             ]
@@ -230,13 +230,13 @@
           {
             "name": "analytic5",
             "type": "Microsoft.Common.Section",
-            "label": "Illumio VEN Offline Detection Rule",
+            "label": "Illumio VEN Deactivated Detection Rule",
             "elements": [
               {
                 "name": "analytic5-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Create Microsoft Sentinel Incident When Ven Goes Into Offline state"
+                  "text": "Create Microsoft Sentinel Incident When Ven Goes Into Deactivated state"
                 }
               }
             ]
@@ -244,13 +244,13 @@
           {
             "name": "analytic6",
             "type": "Microsoft.Common.Section",
-            "label": "Illumio VEN Offline Detection Rule",
+            "label": "Illumio VEN Suspend Detection Rule",
             "elements": [
               {
                 "name": "analytic6-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Create Microsoft Sentinel Incident When Ven Goes Into Offline state"
+                  "text": "Create Microsoft Sentinel Incident When Ven Goes Into Suspended state"
                 }
               }
             ]
diff --git a/Solutions/IllumioSaaS/Package/mainTemplate.json b/Solutions/IllumioSaaS/Package/mainTemplate.json
index 0d4ebedbd29..f5806b0a1ff 100644
--- a/Solutions/IllumioSaaS/Package/mainTemplate.json
+++ b/Solutions/IllumioSaaS/Package/mainTemplate.json
@@ -1118,8 +1118,8 @@
               "kind": "Scheduled",
               "location": "[parameters('workspace-location')]",
               "properties": {
-                "description": "Create Microsoft Sentinel Incident When Ven Goes Into Offline state",
-                "displayName": "Illumio VEN Offline Detection Rule",
+                "description": "Create Microsoft Sentinel Incident When A Cloned Ven Is Detected",
+                "displayName": "Illumio VEN Clone Detection Rule",
                 "enabled": false,
                 "query": "Illumio_Auditable_Events_CL\n| where event_type has 'agent.clone_detected'\n| extend hostname = created_by.agent.hostname,\n        ven_href = created_by.ven.href\n",
                 "queryFrequency": "PT60M",
@@ -1199,7 +1199,7 @@
         "contentSchemaVersion": "3.0.0",
         "contentId": "[variables('analyticRuleObject4')._analyticRulecontentId4]",
         "contentKind": "AnalyticsRule",
-        "displayName": "Illumio VEN Offline Detection Rule",
+        "displayName": "Illumio VEN Clone Detection Rule",
         "contentProductId": "[variables('analyticRuleObject4')._analyticRulecontentProductId4]",
         "id": "[variables('analyticRuleObject4')._analyticRulecontentProductId4]",
         "version": "[variables('analyticRuleObject4').analyticRuleVersion4]"
@@ -1228,8 +1228,8 @@
               "kind": "Scheduled",
               "location": "[parameters('workspace-location')]",
               "properties": {
-                "description": "Create Microsoft Sentinel Incident When Ven Goes Into Offline state",
-                "displayName": "Illumio VEN Offline Detection Rule",
+                "description": "Create Microsoft Sentinel Incident When Ven Goes Into Deactivated state",
+                "displayName": "Illumio VEN Deactivated Detection Rule",
                 "enabled": false,
                 "query": "Illumio_Auditable_Events_CL\n| where event_type has 'agent.deactivate'\n| mv-expand resource_changes\n| mv-expand resource_changes\n| extend hostname = resource_changes['resource']['workload']['hostname'],\n    workload_href = resource_changes['resource']['workload']['href'],\n    workload_labels = resource_changes['resource']['workload']['labels']\n| extend ipaddress = action.src_ip,       \n      ven_href = created_by.ven.href\n| project-away resource_changes, action, version \n",
                 "queryFrequency": "PT60M",
@@ -1318,7 +1318,7 @@
         "contentSchemaVersion": "3.0.0",
         "contentId": "[variables('analyticRuleObject5')._analyticRulecontentId5]",
         "contentKind": "AnalyticsRule",
-        "displayName": "Illumio VEN Offline Detection Rule",
+        "displayName": "Illumio VEN Deactivated Detection Rule",
         "contentProductId": "[variables('analyticRuleObject5')._analyticRulecontentProductId5]",
         "id": "[variables('analyticRuleObject5')._analyticRulecontentProductId5]",
         "version": "[variables('analyticRuleObject5').analyticRuleVersion5]"
@@ -1347,8 +1347,8 @@
               "kind": "Scheduled",
               "location": "[parameters('workspace-location')]",
               "properties": {
-                "description": "Create Microsoft Sentinel Incident When Ven Goes Into Offline state",
-                "displayName": "Illumio VEN Offline Detection Rule",
+                "description": "Create Microsoft Sentinel Incident When Ven Goes Into Suspended state",
+                "displayName": "Illumio VEN Suspend Detection Rule",
                 "enabled": false,
                 "query": "Illumio_Auditable_Events_CL\n| where event_type has 'agent.suspend'\n| extend ipaddress = action.src_ip,\n      hostname = created_by.agent.hostname\n| project-away resource_changes, action, version        \n",
                 "queryFrequency": "PT60M",
@@ -1437,7 +1437,7 @@
         "contentSchemaVersion": "3.0.0",
         "contentId": "[variables('analyticRuleObject6')._analyticRulecontentId6]",
         "contentKind": "AnalyticsRule",
-        "displayName": "Illumio VEN Offline Detection Rule",
+        "displayName": "Illumio VEN Suspend Detection Rule",
         "contentProductId": "[variables('analyticRuleObject6')._analyticRulecontentProductId6]",
         "id": "[variables('analyticRuleObject6')._analyticRulecontentProductId6]",
         "version": "[variables('analyticRuleObject6').analyticRuleVersion6]"

From ea65f486a016e954ff148744062690e5a47304f1 Mon Sep 17 00:00:00 2001
From: ashwin <ashwin.venkatesha@illumio.com>
Date: Mon, 7 Oct 2024 17:17:30 -0700
Subject: [PATCH 06/11] fix variable references

---
 .../Illumio_VEN_Clone_Detection_Query.yaml    |   4 +--
 .../Illumio_VEN_Deactivated_Query.yaml        |   4 +--
 ...EN_Enforcement_Change_Detection_Query.yaml |   4 +--
 ...EN_Firewall_Tampering_Detection_Query.yaml |   4 +--
 .../Illumio_VEN_Offline_Detection_Query.yaml  |   4 +--
 .../Illumio_VEN_Suspend_Query.yaml            |   4 +--
 Solutions/IllumioSaaS/Package/3.2.0.zip       | Bin 18919 -> 18925 bytes
 .../IllumioSaaS/Package/mainTemplate.json     |  24 +++++++++---------
 8 files changed, 24 insertions(+), 24 deletions(-)

diff --git a/Solutions/IllumioSaaS/Analytic Rules/Illumio_VEN_Clone_Detection_Query.yaml b/Solutions/IllumioSaaS/Analytic Rules/Illumio_VEN_Clone_Detection_Query.yaml
index 6300b893afe..3337408954b 100644
--- a/Solutions/IllumioSaaS/Analytic Rules/Illumio_VEN_Clone_Detection_Query.yaml	
+++ b/Solutions/IllumioSaaS/Analytic Rules/Illumio_VEN_Clone_Detection_Query.yaml	
@@ -30,8 +30,8 @@ entityMappings:
         columnName: hostname
 alertDetailsOverride:
   alertDisplayNameFormat: | 
-    Illumio VEN Clone Detection Incident: {{IncidentId}}
+    Illumio VEN Clone Detection Incident for {{hostname}}
   alertDescriptionFormat: | 
-    Illumio VEN Clone Detection {{IncidentId}} generated at {{TimeGenerated}}
+    Illumio VEN Clone Detection for {{hostname}} generated at {{TimeGenerated}}
 version: 1.0.5
 kind: Scheduled
\ No newline at end of file
diff --git a/Solutions/IllumioSaaS/Analytic Rules/Illumio_VEN_Deactivated_Query.yaml b/Solutions/IllumioSaaS/Analytic Rules/Illumio_VEN_Deactivated_Query.yaml
index edffecf8dee..f56afebd3f7 100644
--- a/Solutions/IllumioSaaS/Analytic Rules/Illumio_VEN_Deactivated_Query.yaml	
+++ b/Solutions/IllumioSaaS/Analytic Rules/Illumio_VEN_Deactivated_Query.yaml	
@@ -40,8 +40,8 @@ entityMappings:
         columnName: ipaddress            
 alertDetailsOverride:
   alertDisplayNameFormat: | 
-    Illumio VEN Deactivated Incident: {{IncidentId}}
+    Illumio VEN Deactivated Incident for {{hostname}}
   alertDescriptionFormat: | 
-    Illumio VEN Deactivated Incident {{IncidentId}} generated at {{TimeGenerated}}
+    Illumio VEN Deactivated Incident for {{hostname}} generated at {{TimeGenerated}}
 version: 1.0.5
 kind: Scheduled
\ No newline at end of file
diff --git a/Solutions/IllumioSaaS/Analytic Rules/Illumio_VEN_Enforcement_Change_Detection_Query.yaml b/Solutions/IllumioSaaS/Analytic Rules/Illumio_VEN_Enforcement_Change_Detection_Query.yaml
index ce5498aecea..f50d8a8e978 100644
--- a/Solutions/IllumioSaaS/Analytic Rules/Illumio_VEN_Enforcement_Change_Detection_Query.yaml	
+++ b/Solutions/IllumioSaaS/Analytic Rules/Illumio_VEN_Enforcement_Change_Detection_Query.yaml	
@@ -47,8 +47,8 @@ entityMappings:
         columnName: ipaddress                  
 alertDetailsOverride:
   alertDisplayNameFormat: | 
-    Illumio Enforcement Change Incident: {{IncidentId}}
+    Illumio Enforcement Change Incident for {{workload_name}}
   alertDescriptionFormat: | 
-    Illumio Enforcement Change Incident {{IncidentId}} generated at {{TimeGenerated}}
+    Illumio Enforcement Change Incident for {{workload_name}} generated at {{TimeGenerated}}
 version: 1.0.5
 kind: Scheduled
\ No newline at end of file
diff --git a/Solutions/IllumioSaaS/Analytic Rules/Illumio_VEN_Firewall_Tampering_Detection_Query.yaml b/Solutions/IllumioSaaS/Analytic Rules/Illumio_VEN_Firewall_Tampering_Detection_Query.yaml
index 25d57e2b7b0..bd847f897b0 100644
--- a/Solutions/IllumioSaaS/Analytic Rules/Illumio_VEN_Firewall_Tampering_Detection_Query.yaml	
+++ b/Solutions/IllumioSaaS/Analytic Rules/Illumio_VEN_Firewall_Tampering_Detection_Query.yaml	
@@ -36,8 +36,8 @@ entityMappings:
         columnName: ipaddress          
 alertDetailsOverride:
   alertDisplayNameFormat: | 
-    Illumio Firewall Tamper Incident: {{IncidentId}}
+    Illumio Firewall Tamper Incident for {{hostname}}
   alertDescriptionFormat: | 
-    Illumio Firewall Tamper Incident {{IncidentId}} generated at {{TimeGenerated}}
+    Illumio Firewall Tamper Incident for {{hostname}} generated at {{TimeGenerated}}
 version: 1.0.5
 kind: Scheduled
\ No newline at end of file
diff --git a/Solutions/IllumioSaaS/Analytic Rules/Illumio_VEN_Offline_Detection_Query.yaml b/Solutions/IllumioSaaS/Analytic Rules/Illumio_VEN_Offline_Detection_Query.yaml
index 3d9ff5f2135..68d6bfce59c 100644
--- a/Solutions/IllumioSaaS/Analytic Rules/Illumio_VEN_Offline_Detection_Query.yaml	
+++ b/Solutions/IllumioSaaS/Analytic Rules/Illumio_VEN_Offline_Detection_Query.yaml	
@@ -33,8 +33,8 @@ entityMappings:
         columnName: hostname     
 alertDetailsOverride:
   alertDisplayNameFormat: | 
-    Illumio VEN Offline Incident: {{IncidentId}}
+    Illumio VEN Offline Incident for {{hostname}}
   alertDescriptionFormat: | 
-    Illumio VEN Offline Incident {{IncidentId}} generated at {{TimeGenerated}}
+    Illumio VEN Offline Incident for {{hostname}} generated at {{TimeGenerated}}
 version: 1.0.5
 kind: Scheduled
\ No newline at end of file
diff --git a/Solutions/IllumioSaaS/Analytic Rules/Illumio_VEN_Suspend_Query.yaml b/Solutions/IllumioSaaS/Analytic Rules/Illumio_VEN_Suspend_Query.yaml
index 8996606cdbe..916dbe90e3e 100644
--- a/Solutions/IllumioSaaS/Analytic Rules/Illumio_VEN_Suspend_Query.yaml	
+++ b/Solutions/IllumioSaaS/Analytic Rules/Illumio_VEN_Suspend_Query.yaml	
@@ -35,8 +35,8 @@ entityMappings:
         columnName: ipaddress        
 alertDetailsOverride:
   alertDisplayNameFormat: | 
-    Illumio VEN Suspended Incident: {{IncidentId}}
+    Illumio VEN Suspended Incident for {{hostname}}
   alertDescriptionFormat: | 
-    Illumio VEN Suspended Incident {{IncidentId}} generated at {{TimeGenerated}}
+    Illumio VEN Suspended Incident for {{hostname}} generated at {{TimeGenerated}}
 version: 1.0.5
 kind: Scheduled
\ No newline at end of file
diff --git a/Solutions/IllumioSaaS/Package/3.2.0.zip b/Solutions/IllumioSaaS/Package/3.2.0.zip
index 9ea1df79580295e9d6a61c9177897d06750588de..f54aaf30ed6f0ac5c12f18be05593a2df9215d20 100644
GIT binary patch
delta 2263
zcmV;|2q^dGlL76M0Sr(}0|XQR000O89E!0Fo(K&bibq*xGa`Y6KmY*tv$qH=IDZ%i
zq4D{%V7I$FW0IT)S}~MljsWk}ClUz;shzL^2ImUJvcw7TO&&cYn-{dT^yd%D_X1!I
zZ|__}T9fkIt70bf0#|q`v{!SHZ@52@?EMVsSMZ;&yD#HVE5G`Ze!dOAdgYMiO*VJP
zuB{UCj#`~Y*uvg<so%EzAQBL*C4c_hjX`cf0e<=Z-}Vy!Z@cpUZqfhyN(!fbLA@)L
z|5wY3;sUI%+yC3vD)aU??*IJ*{+|g+WJrQT!(xbm;cy0q^zSDz_r_^pV2u5~6uVF3
z9anG|%N?=Kx9TwVNQ|-kN${w13tZybyJzP+n5J;PQ#UZIPb3lST<raL?tfz=DMLZg
z_F4)}L<lZs8nDI-UDRp5Be3x>@A%Ee&E`unNHu-SQ1WqOUPKa$)nM0j)C@VX%yWh!
zFGSUEL;Rc1K52{ye30GSKDk*Flr;t(mmnp#k8oGH8l3o$T&Y5R=qfPWM_(FD(RHsq
z5J;(>3?JV@%(Do4Lop#XR)0xYZ%+y>W?p}a=(9{t9&cGsx~XTWRL_pKp1+1YJ#DC`
zgQ*S=s>6fo@IVLbn>jqlXpYA`K{&E$HpPRHYBe&YDzrLf5e=$SmQ7As6b5eYm?I;a
z_juZ}GA7lj%RQgE<agk(2YrxJm-c3-E()|aJ#|@WSAH+2F6F!-9Dizc>awJt>eQt=
zb=mOLrKC#O^webq2h<v;F1kUaj})wY>arrpEhxY*|J0?k<kY28ow{uC)aCtn47#;C
zYSHtb$Z7eyk6Jof4c@7aT8v)<d}jdPujBHv^4SUAx+~fyvUcxb_PQv08WKMYxa`A}
z*jKgeJs)|uymUk%MSt1nYn|1^m)gZya?pXli$=8z?#0iaDXahr8Wh2>7fDwF#G2GD
z3jY3Llz(#7vLB#7hH;@3{h!<!FD?bz-{)lpbpwII^gN*bHG#jqn5JvEGXvc-&?Eq`
z#td&j!PNYDgyAH|9}MPbdXz(fzk`0Mjs&VBf$B)$X&eb`F@K-nTX5vctL?*w%9rZB
za@gLp!!~cngC+YQ4%^OV4qFA<n>uV)vhDB1VOwrb#i3RX+a>)}4%^CMyP?Cjq)OP-
zVOwg~yN0V)hkkl*$;z(U6+v!6^?muS+U^opZMSmOZqZfy!V4-#?E>!O4ZB~rqqeKn
z+}&^7QF~-i34d{@$M!hl3yxv{i`Od(<f-^*8#WbshYzKucEgsr>}1(ZCzX@2axy9b
zRZhmr$;f^xCu70QmtQO%)W?|byz(_Zmaj2yih?orAil=#X1+!R+MD_sS29oU#n)JF
zTfm`KzQ!f}RKCW_*SMjtv7}1ahOcqS-fay}qYn85M1OZ>PveRpx1jjGd{1L<iKnqw
zc^bFqX?#g=OLk421mC)sG0%CtVejkqGWN7OyZ4QI8MEP_lBBE^5-PWUDlSJS!Kp+{
z=(ig&y7X#lJ}1HjyUYQ*>P^!|<+H7Pww2Ge^4V4wO=lWZS0HTa)Rv8s$BCXTg+b-j
zzGts?et+u&#{YwOwR@X+wH0V@>eXIpJ9IBz?Q+{t4z==XFX^Z9YFA$E4ZYeWRl+vB
z+NGQXYxuTxLr6gMR`zYL2yzSR@5}dXA1v{0A5^~WE&8@k<`I(OoA+zyxsEqH_`3bt
z2U@LtQ2Dhbzc!bWHND!r^^@^vM+~1@DYvcg*MF9YuU*4y%YQ28ZRNbJoVS(pwsPKP
z8dT2PO`W&t%KbR5+Y<d(j@x^7+~#e2ux=m3aeJ_t<5q$8rjFZ{?EQOj+?LyCaj2E!
zc1b^#<F<0#Zs@ozsS>u~xLvvrUc+gtLq7p=u(H#3MUY!iefR9N72d>ke75U)Saq(*
zYk!$*bAH1G3cWn*tNAad_IGCUk>^I2Bz&o?o&lJy_kWM4R8#&m`}wCR4g-Jk^SdA>
zKm4@M|1v&!#EOU!!k#fS;=qV63D|p{7u?__hU`r$!}Vda?s@nH%Z0cDnAy+gJ^=rJ
z|L6Z2AL&G7Di}Xm1_sAHKTnkD#EmcKBY&z#kI-q#{%Z=S)_xokvOfhoiG=%ttkJ$i
zl>Lu{qKxB+8dK+d=V$)Kpr3x)w|>sxbxIveQ|lH+qd>^IvKrH9KjH`o)T1juxbfX6
zf-Nz0LH{z?pV)(eykfaNB?(f^jSPWq-Ix`LIxW(&k)T<`D!=9c3K9({1__b5_<ux(
z#ovX49$j=^#fBw(8T7fVG0ZCSutn^NxuZW%jFXNrn%h?-meAqMf$j<;^|?q~)2bVy
z(w`t!qae7Fi#us?=6-Lv&cTAw^EshjbulqOfj7hoePfDLv_`=^Ryai|W&W+7<_ySW
zuARVEflv4^<*5Y=%mO8#T^^E^Gk;$(w~iK9fzmB)rgnaErxPOzZHXkIb<<$tIFCrk
z;piok3+0<&5+nkNe>9@&$@z|P<2vyrK=1cvpWx3+f@(hb`{z=Nz21<}Z9?=dl&1J%
z6MU)Zy|T$ITXjkkdqvY)hNm{A7n;y(n9d7L=JieGyUcn;9S*)-+`;Yyl7HLz=-tcQ
zks0i}3CzLrGb%CdSqE%kC#`2pM{f8cd6HUrz@xFRG9bh=%Y_ZvGEa#ZiBP+%4C02j
zSr32F`e~rv-T?LX<D%Z#0QJt=s4w=2+`|*?i^rt~tJrO{9(}y4y<)t*H$Wb1ysJGW
zu)T})9&5a--N?1Qbl%4r?|*8!f!ho5daUuT7BjLv?+737Qg`3j4Wsx2+uy%r5lHCa
z=$g%*+3IAhVBsjqSv-lcmwb~B$98OhISE3Ab>##Y`BXd`+!2QwhH1PbF|I*5LdiAo
zpx=rO*nw~_*^YY1!f8|tuiNanWog72_Dl(~1G~D}JZAAu-`#!p{|^CBO928D0~7!N
l00;maij!MOLk%2?M_FYvB7uZJ008!rt4THnQ%L{-0063#jX3}S

delta 2257
zcmV;?2rl>SlL6<G0Sr(}0|XQR000O8e2B3Oo(K(mh(}p50czxaKmY*Rv$qH=IDh#3
zS^RqJ+}#<I<TTL2vdjVCo%%c?=|8m+%J=_64uNxpR$1bK_$JRClAQ}0TKdC><r@Jo
zg|~MoAuUMxy;U&{dVwFj6xyr#$2Z&@NXCAK^eZ^e*WHwHsFhQFNk89)Q@!%W@+O;m
zW7k#*c`vO_BWz*gywqu1eh>+W)_)Rb?#3Xupa8#o=Wlz7^S50&f4AuTeI><Gzo4#_
z%K58hMREJp*X{gmYn6HX8+ZQx0sqg0Br+typ)oPUz*sl~<N5cKfP3RKFfhP=Ukco(
z!Hz3<i{*}3=Uep_dnCp{{v>kLxdkq9?cKBU9n4WU->DlI(<d?rb}sgQJb(AGk(8dG
zXnQTiB_aeD(+pVSh5qR@*%8=ynD_c-gJ$!k7@?XzWGFefF)1Pm#A>iRI%<ZTRpvQE
zkrblpw;}$`r=B!M1U|^VZJ*q%3CbD+k4un}t4Fw>Tn$cqNbXai4s;b5?w~IXrs%iV
zo(7~;Plk^VA?8_xJ)oEn8-J@LthXn{6*HGVMf6!FA&<ALC*9PuRH|o3ThHIYo*p&S
z)4^0H2i3_zb#kBs_RX9eWHiTP9v>XpG?n7PNVOW7QWaVqv4{rM5z8h=ED8hnp-)*B
zpimvOJn%tFe$x%x&IdVYX>WGWqCk7ogO-&x;`egUQqBRwp;iYiOMm*Q4qB>%mJJVD
zN~(lS4_a36IjwQfq8mi|D8b4HEh~cDf&%>V4_Z1)4q7_ZLCY2oTHcSxpj)fc6+Qon
z9G0*9bfu%!;GODp#rQSAcLnghIxa6OAD7@QyP|C(Yxf>juZyauA@IY1%RWqreO1fe
z>yh`wOQ#Z2RDHhIS$|D@sa>2UXB+stXjHr4j{E#E!U~|EK@kjlfpjH6tV!*n;NmYv
z^(R*=`vJOO7#B*>{>dHj;u4_!eO_iz&kra}&jZ?D6ZqSUX?lh`GteUgO#%RG%<#q&
zOvRr^7(sIU!C=0nM>z-hJLs3{6ref<s7?W%#woxS^9Q~K-+!&V+CH??R@Haqt$ko`
zZQh6nGxkBewVlnpwF<O1_13Or*x!q{w%mq_L#@2EOZut2wUxJaLvL+Km9VL|w$zq)
z4L_|8{q&NOmHo6Ug4}}Y`||y?-6ek7Zsn)lqM!DK7gS!_1>DCQcE4^fZC9(gyWhB%
z_Q;?T;!t<(aeu@Y9K`?@uU8bvQ*qEXY%25)A4*N_gDrEj$+BxrDi34jVN?RDJdBlx
zk^NL2#)6kGzgRq=gE8NA<!F2)M`PX&1xxHf9F5)09E}RJH+3|wWSicLqp{qcfJ3bu
zjZ6Be9F3KuaYILANtLh-N8^%>+Zt|09r6i??#gb)6@Ni)LGgY0ZpPjcH)F4IGj7q%
z_>$m$?3#KAzI7L4p7VIa-q-D7>}hp&?;Ce9W&=SbNm(lxRBr!N{Ebe6Q;BHMZ#PzS
z=_S;BPK5t;nfG<oJEe`vVOu$DD~E06u&u6?&NQg*JJ{5tEgL0|5jU&qzjA3muuD6?
z?*YsIL4RD@z0F+O3bZ$MX|J>wx)+yrxjiU{TDi2B^i#RCE0^|$F71*kVH+;(QXYae
z9NW4fBp`Y#JGNH@xdrw2<vX?ymN>Q#D#!K~9or}K2ubnHJGJv%#~U7e-A?TTt=2xM
zoZ6C8n@h=>E^XfW$+)v4hEJ`O&sI2V%S6_$;eWE_Kb7aU^4wOQ+sboWd2TZeD$nhv
zp4)Wgehj~DvG>Yr`@mk?ykQTf?Spu24>t4KD$w54YrB%Me=lC!a+@p;wes37>8JAA
zR$ki;y|yJ)!Zy6NOE<x5cx-j(Cm;@1_Sminato^Oo;|k0mAH<>c3t<X&JTGlb8XIP
zxPL&QmuG!7|K-&F&TKyN+~|^oFO}6Z0MqsU@9~ss%AaOG{}jbx;7@*j7sTX;pZ57*
z#s`mB5ivs8Fos4P81W@B#)0PrH+XR&dwR-neb}jc9)7`cA?^TX_Vc+9!2jR>`M<_T
zIuV%)#!r@kVR6sT6J<Ja<IDMo>d_<gn18bWn!=;CABTkOPr*(i;l3biv@a25|0AI&
z<2a(m)H&bznSU|pr=Rw%pEG!!Qm@j~x`ojw5VEeU#x&ZGI06Fo=*kand^d_<KMY;a
zzYO*#_Fy2dSgub=f>d)OL!etXW<{b-i?nPcXcn=`uQ`B%L<5RJLS!yJkzw)Y-+!P-
z7d=<8VF^bDeHCjAv&!6S5qnAQ=+6`5q+^Wc_7#aGbU1UMufj+jE)v(Y>V~NFCy3Q3
z2(IMfPFkF~(_5}{uwe9jPN+*=Obk%q4Y5Msm?9OeQ814c9#Kk}f9t0?12UOwC$LrE
z6aGtiYQX}tKnZA<hh*i<SIn)W#eY?xbW5A5ouAz4#E3#$B1vf7G?+NfBNB2rddcKM
z`6ieIi9q5Xjp%xEzGK|DPJ9W_`@PvG`16vWnos`zxzu8>HzahM5Pb`!DZbbQUut@<
zY;wz1ozlc!(X^J~sZHsHCiEJn^Fot(eN*`^vtChugKrmiusea|b3S_aGJkho2K#OT
zbFln?N=$p!`&!sZ>lxFL8@@<ho>rdjXzZ&D2=SV7VS~2JQzAwp)b1*SxZ!Qq!(X(1
z8mPB7K)wCAsCPC%y|Xszi#;Ou@DlstajC&7b{nlnAMa|96>sm|kH;GCYR?C3@BX~U
z8t-ZsacwV=_p!#iT2|op;(xmyYrLxkjBL+4!pFPR-8Xi_DE`3q_b*xa5qdbfX0vCu
zIvFciI7)IBPh#vP-=veV9UEXyf>2>yIRS<}6%Ph?#G!^^8t+JqYfz3*at%D?w_*c!
zAlyr~qaLzw8Wm&fHal)v8g7O?Q-bWku5LDuS+LW0ci;VgP)h*<6bS<q000080DOp(
fVM#*`e27O`F#&4ien0>K+LN(KHU>>e00000Sh8p!

diff --git a/Solutions/IllumioSaaS/Package/mainTemplate.json b/Solutions/IllumioSaaS/Package/mainTemplate.json
index f5806b0a1ff..1016a7eb7b6 100644
--- a/Solutions/IllumioSaaS/Package/mainTemplate.json
+++ b/Solutions/IllumioSaaS/Package/mainTemplate.json
@@ -811,8 +811,8 @@
                   "aggregationKind": "SingleAlert"
                 },
                 "alertDetailsOverride": {
-                  "alertDescriptionFormat": "Illumio Firewall Tamper Incident {{IncidentId}} generated at {{TimeGenerated}}\n",
-                  "alertDisplayNameFormat": "Illumio Firewall Tamper Incident: {{IncidentId}}\n"
+                  "alertDescriptionFormat": "Illumio Firewall Tamper Incident for {{hostname}} generated at {{TimeGenerated}}\n",
+                  "alertDisplayNameFormat": "Illumio Firewall Tamper Incident for {{hostname}}\n"
                 }
               }
             },
@@ -939,8 +939,8 @@
                   "aggregationKind": "SingleAlert"
                 },
                 "alertDetailsOverride": {
-                  "alertDescriptionFormat": "Illumio Enforcement Change Incident {{IncidentId}} generated at {{TimeGenerated}}\n",
-                  "alertDisplayNameFormat": "Illumio Enforcement Change Incident: {{IncidentId}}\n"
+                  "alertDescriptionFormat": "Illumio Enforcement Change Incident for {{workload_name}} generated at {{TimeGenerated}}\n",
+                  "alertDisplayNameFormat": "Illumio Enforcement Change Incident for {{workload_name}}\n"
                 }
               }
             },
@@ -1049,8 +1049,8 @@
                   "aggregationKind": "SingleAlert"
                 },
                 "alertDetailsOverride": {
-                  "alertDescriptionFormat": "Illumio VEN Offline Incident {{IncidentId}} generated at {{TimeGenerated}}\n",
-                  "alertDisplayNameFormat": "Illumio VEN Offline Incident: {{IncidentId}}\n"
+                  "alertDescriptionFormat": "Illumio VEN Offline Incident for {{hostname}} generated at {{TimeGenerated}}\n",
+                  "alertDisplayNameFormat": "Illumio VEN Offline Incident for {{hostname}}\n"
                 }
               }
             },
@@ -1159,8 +1159,8 @@
                   "aggregationKind": "SingleAlert"
                 },
                 "alertDetailsOverride": {
-                  "alertDescriptionFormat": "Illumio VEN Clone Detection {{IncidentId}} generated at {{TimeGenerated}}\n",
-                  "alertDisplayNameFormat": "Illumio VEN Clone Detection Incident: {{IncidentId}}\n"
+                  "alertDescriptionFormat": "Illumio VEN Clone Detection for {{hostname}} generated at {{TimeGenerated}}\n",
+                  "alertDisplayNameFormat": "Illumio VEN Clone Detection Incident for {{hostname}}\n"
                 }
               }
             },
@@ -1278,8 +1278,8 @@
                   "aggregationKind": "SingleAlert"
                 },
                 "alertDetailsOverride": {
-                  "alertDescriptionFormat": "Illumio VEN Deactivated Incident {{IncidentId}} generated at {{TimeGenerated}}\n",
-                  "alertDisplayNameFormat": "Illumio VEN Deactivated Incident: {{IncidentId}}\n"
+                  "alertDescriptionFormat": "Illumio VEN Deactivated Incident for {{hostname}} generated at {{TimeGenerated}}\n",
+                  "alertDisplayNameFormat": "Illumio VEN Deactivated Incident for {{hostname}}\n"
                 }
               }
             },
@@ -1397,8 +1397,8 @@
                   "aggregationKind": "SingleAlert"
                 },
                 "alertDetailsOverride": {
-                  "alertDescriptionFormat": "Illumio VEN Suspended Incident {{IncidentId}} generated at {{TimeGenerated}}\n",
-                  "alertDisplayNameFormat": "Illumio VEN Suspended Incident: {{IncidentId}}\n"
+                  "alertDescriptionFormat": "Illumio VEN Suspended Incident for {{hostname}} generated at {{TimeGenerated}}\n",
+                  "alertDisplayNameFormat": "Illumio VEN Suspended Incident for {{hostname}}\n"
                 }
               }
             },

From bcf0ee8f155246fbbef322359dd332d4414c6a30 Mon Sep 17 00:00:00 2001
From: PrasadBoke <v-prasadboke@microsoft.com>
Date: Tue, 8 Oct 2024 11:26:10 +0530
Subject: [PATCH 07/11] version upgraded

---
 .../Illumio_VEN_Enforcement_Change_Detection_Query.yaml         | 2 +-
 .../Illumio_VEN_Firewall_Tampering_Detection_Query.yaml         | 2 +-
 .../Analytic Rules/Illumio_VEN_Offline_Detection_Query.yaml     | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/Solutions/IllumioSaaS/Analytic Rules/Illumio_VEN_Enforcement_Change_Detection_Query.yaml b/Solutions/IllumioSaaS/Analytic Rules/Illumio_VEN_Enforcement_Change_Detection_Query.yaml
index f50d8a8e978..56d950252ea 100644
--- a/Solutions/IllumioSaaS/Analytic Rules/Illumio_VEN_Enforcement_Change_Detection_Query.yaml	
+++ b/Solutions/IllumioSaaS/Analytic Rules/Illumio_VEN_Enforcement_Change_Detection_Query.yaml	
@@ -50,5 +50,5 @@ alertDetailsOverride:
     Illumio Enforcement Change Incident for {{workload_name}}
   alertDescriptionFormat: | 
     Illumio Enforcement Change Incident for {{workload_name}} generated at {{TimeGenerated}}
-version: 1.0.5
+version: 1.0.6
 kind: Scheduled
\ No newline at end of file
diff --git a/Solutions/IllumioSaaS/Analytic Rules/Illumio_VEN_Firewall_Tampering_Detection_Query.yaml b/Solutions/IllumioSaaS/Analytic Rules/Illumio_VEN_Firewall_Tampering_Detection_Query.yaml
index bd847f897b0..8ca1a9a8e73 100644
--- a/Solutions/IllumioSaaS/Analytic Rules/Illumio_VEN_Firewall_Tampering_Detection_Query.yaml	
+++ b/Solutions/IllumioSaaS/Analytic Rules/Illumio_VEN_Firewall_Tampering_Detection_Query.yaml	
@@ -39,5 +39,5 @@ alertDetailsOverride:
     Illumio Firewall Tamper Incident for {{hostname}}
   alertDescriptionFormat: | 
     Illumio Firewall Tamper Incident for {{hostname}} generated at {{TimeGenerated}}
-version: 1.0.5
+version: 1.0.6
 kind: Scheduled
\ No newline at end of file
diff --git a/Solutions/IllumioSaaS/Analytic Rules/Illumio_VEN_Offline_Detection_Query.yaml b/Solutions/IllumioSaaS/Analytic Rules/Illumio_VEN_Offline_Detection_Query.yaml
index 68d6bfce59c..04a14412ab7 100644
--- a/Solutions/IllumioSaaS/Analytic Rules/Illumio_VEN_Offline_Detection_Query.yaml	
+++ b/Solutions/IllumioSaaS/Analytic Rules/Illumio_VEN_Offline_Detection_Query.yaml	
@@ -36,5 +36,5 @@ alertDetailsOverride:
     Illumio VEN Offline Incident for {{hostname}}
   alertDescriptionFormat: | 
     Illumio VEN Offline Incident for {{hostname}} generated at {{TimeGenerated}}
-version: 1.0.5
+version: 1.0.6
 kind: Scheduled
\ No newline at end of file

From dc9831868bcf58dc2e0c3daabaeb5b19a6814795 Mon Sep 17 00:00:00 2001
From: ashwin <ashwin.venkatesha@illumio.com>
Date: Wed, 9 Oct 2024 15:38:16 -0700
Subject: [PATCH 08/11] fix IDs

---
 .../Illumio_VEN_Clone_Detection_Query.yaml    |   2 +-
 .../Illumio_VEN_Offline_Detection_Query.yaml  |   2 +-
 Solutions/IllumioSaaS/Package/3.2.0.zip       | Bin 18925 -> 18929 bytes
 .../IllumioSaaS/Package/mainTemplate.json     |  26 +++++++++---------
 4 files changed, 15 insertions(+), 15 deletions(-)

diff --git a/Solutions/IllumioSaaS/Analytic Rules/Illumio_VEN_Clone_Detection_Query.yaml b/Solutions/IllumioSaaS/Analytic Rules/Illumio_VEN_Clone_Detection_Query.yaml
index 3337408954b..69314502cda 100644
--- a/Solutions/IllumioSaaS/Analytic Rules/Illumio_VEN_Clone_Detection_Query.yaml	
+++ b/Solutions/IllumioSaaS/Analytic Rules/Illumio_VEN_Clone_Detection_Query.yaml	
@@ -1,4 +1,4 @@
-id: ec07fcd3-724f-426d-9f53-041801ca5f6c
+id: b3c4b8f4-c12c-471e-9999-023c05852276
 name: Illumio VEN Clone Detection Rule
 description: |
   'Create Microsoft Sentinel Incident When A Cloned Ven Is Detected'
diff --git a/Solutions/IllumioSaaS/Analytic Rules/Illumio_VEN_Offline_Detection_Query.yaml b/Solutions/IllumioSaaS/Analytic Rules/Illumio_VEN_Offline_Detection_Query.yaml
index 04a14412ab7..e7f7976415f 100644
--- a/Solutions/IllumioSaaS/Analytic Rules/Illumio_VEN_Offline_Detection_Query.yaml	
+++ b/Solutions/IllumioSaaS/Analytic Rules/Illumio_VEN_Offline_Detection_Query.yaml	
@@ -1,4 +1,4 @@
-id: 93e40501-f737-4281-9df9-505aa773d983
+id: ec07fcd3-724f-426d-9f53-041801ca5f6c
 name: Illumio VEN Offline Detection Rule
 description: |
   'Create Microsoft Sentinel Incident When Ven Goes Into Offline state'
diff --git a/Solutions/IllumioSaaS/Package/3.2.0.zip b/Solutions/IllumioSaaS/Package/3.2.0.zip
index f54aaf30ed6f0ac5c12f18be05593a2df9215d20..fb0b3bc601e87b31ce6a309d11bbe83d34a5c010 100644
GIT binary patch
delta 15579
zcmYj&V{|6KvTbbJwr$(a#I|jGNhY@KOf<1=+qP}{&N=t3_uj8YRdw&`{?WavYF{M*
z-z5RVE6IX_p#cE_K>?NdO4q^XKtca&wMt1(a>5%Lpc26VTvD7CqHVc3S~z0?uF@~N
zy_azB@(mk2rx~Olv&<h~?h^t;2MQ~RKx2*=Sw!IeJoi#qCcJ%rM^Bnqwn|-c2X>X=
z&}b)F{l<hZ#|D(9MkS(p(5t6<BQT+yjFiUVBiuBLCWnX9?gY@hTDpQgHj2H{mM`HU
zOhyPA<ym+Dj+57AE9{6l-@UdvIZizrjR+l(sj(iI8F1uYEpji#UN6FMFyJ?-xME)0
zdLvw`EH|k*^W&WxTKye4^PRFbC>?8r8ww+rEgdEe8xV4k2l^wn?mA&psdi7pkj?*D
z2-WP#KH^&T;rcfgE=`w?HPVrn2mXN3hIh+k{4c=q)-}rZ70mV({ehmg%VJ$e(SXxR
zqmJFi<+IKpUT@r*t;ePLP3?;POB08vhs!qof}hp)l>o~BBDxX~_=hKPu%k<*b3>=U
zqw7DA)~f~*Tr69r^j+XWW6YYS27Yze@oZh^Z(ZRvekd4>baYMquWKzYQh-h!`+tC1
zUS2zOtfgoluKQ57`KhKl8qIqa2%|r`n%8*1KHKp(SP&(@s@EKzJNzK!vY%g-Mmiv~
z9_%yz<5nN(oqd~d^2yfkk&`VIQSJT?X^pqLD(22n9Uo5;n$lBQ>P2?7V%_RiL~?F6
zg?%nVHVfC@kl(lUBe5TV2Bubb{8Nj(B$@=|h&zjF*Xhkr@c0nHjD~pKjzfy7v6-W%
zlQ3{XNs0bHju|<u#dzsfM3IZr#H{<gb3TH^P+y;~VGTiFbRXlH@t<dvlVDbwQ{pUi
z>9|6)?!~7-0-JKZfvzC-M0M~wN*k?C2NP^$mznZ~#F8*d0jd*#r=dyH_Vyp5wm*5s
zwb`i=^DY@tbkVk!8+s*ls8$K|G~-FHZ`p6M=C@O7U)C0nDnH=Lwi#2gGH6K{xR$}T
zmcq!7nfsZIJ<fiA;{oIX(0U&)2gc|zP@}p7vmZGlF;o@8;w?yHENY>dhvg^3`V`LL
zGHcg-LF~O;BGsG#{TV+TCd{jH;mKptnHUCXszBwH<iqzWbbanVcv5-?*E(9T+vDRB
zV({SW8)=f6QpUnP$!7KjiE7Bnu)BZ&)?sNBjD+L&+j1<D6()r`BV>K#_!O`<t!|TO
zW`XE|66O#|KrR*~z6o1Pjnt+Rq8EyG!vtW`=pB8Y(q9dLDx(A11H2Q?RlY#f%m+;!
zD=TFigq$q{Muin82X!FEJmE$3-b_kM68=-Q=$kIa54Wa#b32rUPaeR_zL^3ccSbN(
zstOy?y6o6M^b3zJ*OC#xbpIkGk(dNF6{?;?@-TH66=n)*n0E5ifZTk6>m>$&tBf=}
ze7el#RvHXAXVP59164LW%H?%4DO%c`-n0q(<^Bu<Ix)TZYgo-Y*U64Mq}VEk8^h+7
z#A<=H2Ym=j;3*+W8hb4yP*(5<qwyQFK#e6ASM_4SKGe|Xje?G7E#?!bs_r%Q*Ukol
z$>CW7>gbbn0{G*s8r77HZ<TY6k()PgC`K8A4SX{IC3N0t(2hVDnI5>tOS7(>R9l?X
zdOl8Wl#_|nAt)jpiCn(H&d5z-CYqQSzUto5pQBQ`cEgIt8kIb(LS~1bpdZJVk;4?{
zV%?eFe%{hnLN~^kHdoRa&a*lQ*KarU1#x)wo}{p>B>4oN$)?mkIJI-Vu{dRL`Vh2b
z43i0v6<d>mOs}1`4MAs&2K|&~560WRp}J~C`iS&kJ&V;T%+2;E5~AeKZGdNLyHOww
z)R=(_Ct2(|&t$>O2g<S{N@i=Bohf9)eG@njq0A(_g9s!{%D$t*V?4Y>Cd(7vegarw
zb7AD%nFszQeZz>qEA+$3r-VJ{9$JQ=p-vyb5Jv-uElH?g7xUmUxb~8svi9Uu$M8%R
zXo&RJDeeN$U!5XD0$Cy?=k}<eRAo|lz)%d@lS%DQ=0dNB5olu^0c<Y>OrLG+6z*yx
z1n1mKA62vNj$BK7wF$^c*6heO&t+$H^2_vC>XiJ%6PDteUb&CcSgxcK(-Px6?3+4Z
zm6y8aTUz1+dDMu^Ws&6m(Dp3Oy9pdFW#jmO5_c7oMte--z>;I&u)Yb4ZAI7$0Y3`k
zqt{7C4JxRY@`tNHZ4cLLqWO0l;lVDxD@Lz#OAkR;9zSUOK#~TdKsS%ybESQ4k6`!v
z)9Y8qUPn<&&3s%>*So=G9N_c&{6zyWup`**^-L#ws!k=pRn*XS()N95{8AbRMuzkV
z;+CY{4QwZRzB?-P?p0%i7Z<Z(sNjb5@Fmt?M~p{?aGlu-tuFZ^ZCj8r;ITUA%keu$
zeSj+xSxM?nk`QLs5BAF^H$e2m$X^FbWjIWv0srC>S8j^$G4U+n80;>roCF!*1}uLQ
z!kWl7f;dv9Mva3EOtzoWy8AknwX;LeLkN=YT6h!}Bz}lpD*HRdba~IQbXk4BeqUAb
z%au^S)3}-%WrL}Y6;svFqPK!<K1sZ4RA$31T@P=Xnt+ly!|r<E^=+-e<3`co3rLNt
z3ykMabsKlIXnBq%{3rV!@opNx?~rUV8{(U@)3AOP9136FX-+b7stfBcPAcdJh&2)u
zx3Rv^pB8*Er$r`xU6hYVcdyhDYm9b|$SF9CIklcTli!s=2kbBSAQ!ZjSkhy287Diq
zC*N&|f7bj254eb%UIL^Rw-h>cKvS`Lfwhv4mO6fnBZ0BpIoDZdd!ecU;c-0!r&z<a
zFt`B2aZA!4Vdr3y3X`?u)wI+b303RP+3olZ5!d+y8*6(k*Epy~ZXbNl(^BAbF*@)Z
zR%vQC!K@5q=o&rV2i|p@V|EgYP*XS^8^S;ShzWg*&wSq^V`ilgm<%y=wx{{l?9m$j
z!G6#XrjxwxlrF@>qqOA!iei0}R8K`eZK=uZo!C42zkAXFpI|2V$m4UZXn3Hs+Q?;6
z1$l|wCj5&r*mTgybLAG1s*f7Mf14PHB^oBFIXDw4t#MCLZ8+iN+Tx5+a3m!eg{LO@
z(kvFThHU~~?}sE!UdVYf9z4Cfkf-@YPGB;U`ayq_JXN_s4~WwN(y{hO1^zA^8NnQ*
z<{W6$8frPm!55|MHNll)pZZI$#Z<>~`;&Ha$0eIHq4*2t4%9F?qyDg<f*X?D(cSo%
zV`NkofImA%uIAR^7VxlXo5vyefVhT`6F|Ak_`;e$ukKX{_<HZP1p^9QXMFh!V5b@^
zg5I+y;+fJg!tn<HAQZH+?XH9Y@PbSdtt6)A`Mfar<x(}Ke?{G6Ks>aDfN)yFk@9x_
z)>_VF=HmE4LF+Y_Ie9axJnyqW8R7-zMFWKsK%~NZhe9ug6ET7{f;(Q)DuI&8G4vP~
zOA_vsj0~PlA-j?k+mM#M7n6(7nmE*czPn63*iR@OnmJ<ud>Id4a}Z!L89`|BHeh-i
zRj-FJa!Bi9or_FD@vWuuAqdnDq}dr*iBx*MeXV?+qv46yuz{jtkDcHe^BcvEgMNlA
zew>DBbMGVP+da(KOOOSz;y`80AxvtNqz{j?=9zn_8#$?N_z(C>ejbF;TJyq5GFN4N
zhrr0gB$WOD+A&DiRF@x?O>>f<2XCZQY(XewB5fg=uBNXmfki%T{|rw!O;&Qb+rjq?
zk*`U;9S$QY<3Mz=hSogaN1L_Ao*z)b*rrX}vBWW%<%9-8mR&-j#Uv`<j@{Cw69%<|
z!39Z6h1bRjIVrA50RhbSf$EG)L?!yzjsBL<w(hP08W3lZPeHTa#Wcs60J56sV^TZw
zSdp`<;JF*DiCEDi81Q3@Nmk$DW21t{rV0w89w3kE<FXOZpb7g>*3=-PV5GCapyc)R
zH~u9I>Y2k$HrRmHxon(HLtOCTs9s{T^f(xB8ta2%5qOG{_b#~IwT53ZW6@V{m)Iw{
zX?-yO#TrxPOTt=Xo-<U<zGG7B>RIc{o)RVVj{>&_!KPV)4NPFqx$Z&i56j4}ICoZf
zJLKZaPS76C?<0`XXg$Q}5RJUvQ4o_kkOGgI^7VWj&uF{ADx}q7eWs#Cuw-+W(-z^B
zI@6FG>SbB2!^Mw4Gf;f5KB;In7jm&dYYG>@_%VOZ^YG%EzG1LL<`@%;YP1}75&sxj
zKJNJDF~Z0o+5jPCGHyA908WuOTogh($*>D!sWDQ#TnY~rnG9o|ZzQ}qZDAye4NQ>7
z!N=NPJ|BpMClOnDDr*^nBi76()-SL>B()y5x<BU@?WkZA7^#f4;q&b2uPgRguX4cv
zaX1tmm)A^Z<GK)udUGS`s46Cgc$i9lO`d#QL(p#A$o!@vQiU^7=A$o(44jpFJ@<5t
z>ia0P?xP;lpJ{o0;$!>YP|c=76QF0V%vI7+^daAO%WJ&4Oh8z12OgwMb;e)#9G~5h
zUvj^if)DB)xqCAtFt2^#H89O2QvYB8(E2}9^)HhHNsUp|J*3TO^c|4O#)X+wE=VxI
zDU9J&A!m>H>gUOg#;4I9$F@(^ll8#&$M{oZ2Ek=uZ))k55IrX7E-a0d$TRvS%&2)X
zcNN{K-hq>A71eYDl-cs1k9JReZ7B$UziKew4vj0n)4GYs4uWKq^d0q_t%<7v<_3RZ
zF2FOO#q3ave6VUPm1ohLag{@-?V;j`<hHF<XT)giD6NWr?4*vq$0qR?>M=uTx+cjB
z%o*#nauA0#k_34bKUdIH-k3rh!nMTkCG}@^D)^5r==^Syriuclo)=i23Ysg9@^y>)
z9=`9fP1rGX(qKG~!h9%>dL54fv~&tkVP2qPT4CpUE9<vn)zm>T>iVu2xZYq`H%X3P
zQ|B$YAg=M*RN(qO$Noa4pIBZa+A{aboZ?K@Z{VsbsqNdQi!sl6%wS(IPxXS~kdD*h
zr#F9cO^;^IJCe8K3FZKIN_h+`&3>-6Rnd@h@GP`~e=lcD>&}0Qq?gwKXvUY^lK-Lf
z#kPXRB&YOo^42j*Tv4>>cwuWcGw!f&U-v61KRYoq;tA(~H#K^f<QVZ)ZkNnpLrh`y
z;I+a>OrEY&z>#dre?br0N-MFUlU>kE%vHWUIx@1g!oe&xP_x2>xlfgCSrr(eSE$gu
z{G7^}r<cl7x?Os=LfH`lc#C28ZEE9)rF`E8&lCR2cuSeb%XRk_Rj9MPN-jQwoq+42
z(JPSA@SJrGLFXh<*A_`hy|pVQPnMC?RF2GbU+=qj{f!=`Q;e==1+GY5Ww_uP<YW5f
zz-njca|S}IFok0Uj9UU)8E%OFY!LFbBf0uBZu`m}`f`EDn!4i#c-JEsT`u~(zTmLB
zvdLW%pWkSg;(0N*x#xLaamjMM3!H)Mk!q*X9!f*SJj_q_1^#8-UNw=qW~JPgRgP%X
zAIXksj(y~HFXgV#`+kSX%TpRF+)djS`bCGBTbK(ieu}~a!oqNVWWQJ3#@4ob3nK5N
zp#50vt@jQo;q7@1=m~#FR5m$zXbb1#-+9~fJ<&r#4X)p@W}ERiKjE#l%ac%Yg+NaT
z++6|oJ)T4W907ekr@aUpy206@3Q<?%WnRoe{2uUkFm35LZe6LLvaeWSfrLCLS)<Ui
z*>rG+$ob6xuJjiZkGCqY^zji^vV8);zh{Ftz(>M0!{r13C^3>rPVM3Lw7eF$tq$gO
zcz5T!<WpO^bz~+Efa;A2H%xrA0m;!f!syQyaZ(MKbn*@o4vUFjqf&N4Jab3&XsLxg
zqYSkW6k%-PsW{Img{w+5P<+xq!v45+CwY$rxo$Z{T};1C=kO7pJ>r(k4fH1$XkUrr
zk!vQ}7biska(4}&Rf41PV$FDEH8}=ElffEImH(`_F^2ujKD2G|uL}er1|2wFhzcts
zLD)=lu?r#l!eY=?3OB-B=w%+R7%|DO@=Yx1WK)=8w#OW71J*a2MZyX|Jr7MO_A(QA
z?@ktw_ua#irluo*TytI%Q$3tnwDN($Q$hrq1k8W|n`7Da$9(f`8&&k_)9VB|O2-F(
zcznb4R17TWn@fa5d+VCdEAt{#@5}Pm;X2;9!x?^O83fH1P|aZ#b<n#6B{CR5aqjjD
zMB7dnWZ(+y_Kia~`i^hb4r%?0ZP}zVFvURpdl_{x+-2id+X5udOHh9sbrL#o{K`Uh
zz|VFCP}$C>FQ43f(G}Ikf@CdPqDvkBoS(Etv~)^tpvyy>88k%+uD0_crJbyLX>>`i
zKkj09qOQ`{)&35~a#+L0zg;fM0Qtp*jbRM97-k)38s)a$y8mobjtb|`2G6zG;aGJN
ziK&}@Tqnyjzod(u+M6{$@XP%{nS&r{=875scyUDHQDS}N&&}e*S$#5pg6RGU+1k}(
zi=@YGG^>W>NG@1y!rY7K!JY5*y27L4vvxYzOU{rb7dFE^B2oYy!S7%?4iI3&N(s(z
zNF7OPK4kq{kT;9z-S?w9yMpv6zHNksWt_Vtao9nWqj3P?WeXiXGE1H`>*gE<M~B`6
z*o@2}4&QY+<me;XGn8O1d(XwCq;FQTUFMn7IvV{3qD4|g@EYUz22~qe6OX}HFDWN{
z^Y$73?iNm8&`5@UEVseb#%Vm$&ZJeBIMs|EMe;KeCu8xZqCN^jhWun7OJK(~uCy=k
zBk}dIn2PGcD`a%s@}0h-7h?c5VANm)a3SZ5JNtXlXj7SuDd>>>k$d;tFMJ?rVjwGV
zU_{Ocse-{UV6?fTC%aXdsA<9f`0g%-r4_oXZuC^FN)IgvHWd-TZu;SmlUnusW#Z=X
zz#DGrgxKGIUC5lrz0Q&fP1JjTnoErIAz1tQ`RN-bQGLL8NhYNXYREuW3T(sxfD-)f
z1B)XN=Ni6YqSA6FKT`z0%2{%}ZGwGfd=meAgefGA65T5cZLf0ISL`4TEG7B)=T$%R
zfn;Hq+OjUYK~AD*MwSIMBxchQntf@L$f?hl81r_ZKswPEoSw=zhuKvOR*Mdg!P`o9
zqG!prY#P(&*G)#=dK>*?A~B;0psLxJbxKohn~MK5*SkC+a2Zw+2CIW0_i{&9yRH)M
zOgI{LbOdVl34YaoUj~18QmC#P3IgaL170vzT0KT|m~Hu`ZEi5Q-j;<hhU7DP$3Oq%
z&|?+-0~c)<KL(viJ8dmTa94K2DA#<V02$8T5mc|-=3))k<bu1K6p7dypaXQ7zlW-H
zfYN#ief4!BfHc}og0S^gvn&2*1<aJzdAewyy~%t{gt0d6%SnjW&t%8}WV{wTltH*9
z8kS^cudI<O|EA|>n`@tWl#eHV0K9vDuT&+!92J7~w|i>+-(u_S(KiXlYoI=VjG8Ng
ziYBPDjV<>Xye0|$2Ad}xz;S_z$7EmG##LO^a_a(*=7DC6jGOV?oRApBPxsXnem|aH
z`PfKUr~=_xd`caSK7YVSMfM<_|CX5}9tDN{V?tO*c7rO@`;`VGmX`jz8O;4<?rc)$
z<AH$-)2^i?I}D5*<>btfvx;KvgtHEgDCML^DxYw~MBI}9Yu|l7z{5L0f|vikQ}ESm
z<87LiVyE|mF{30QgOD43g-ZJ&+6O_Pfjw1(YXs#Lv5BzD5M}bLUAI&nt4SQ)I;L1X
zy5pV2lW606_6ZYYkf%~cD_}xtQ0B-f7?{3~sk{zv6|V9*d={^bICQvOzzvjcFjbwi
zehJfk=wTd3YmP7$KtCJ4KJ9ExQPt_IrXpy%r&;fp3_5MgDclsY>($$!_JojcP-&?c
zk#yeasysF7rsc6&U*%q55eqrhyoRsCQC8=)z<22??cwNY*_8R^=DJ4t*T$752GgN(
z9_sf2U#vt0n{shPx3GL8)MrQUN?{hg$ptSd<V4Ai(vb2kK)0=`q*CG3k7$AosbWZ#
zrpFEy2HT6kn)2OEyHgYUw$>RxJIU86!2)A|aUkZx5#NCKYM^g-H-C$B<IfIfN6rAK
zi(w0|c~rEwLd{vPK>pD3v^eZtWM`xfBWHJ2YZF^bBGV#sUj-9f|B>(cK7$tMK9_3A
zzEW_zK++Q=K*449io0Y1k1%uVIsbRoKd0(^zNYidcui+@CQa8I2Qx0b=KNY6miEFS
zb({jd$P}7u1{U{zPgAbo-;gxr%~`qnnY_3dyKP@B!Jl9txm@WTvs#o$R_Q0%)@W~)
zjg_cAJG2FLQo&-aHL3Zk<B~VQViQBpMDd&4NbV*8obAoW4nhvpktGo7S)31z{_e$Y
z3-?y{kNb@rMET-YyL-}pYjn$<vw4IM9Fw<Dw{A@2njUYaN)6l@#2TbQ=$>G$)PZ`?
zO)~jEQge?V?L*CQ<Ay-EF-Nx_rV~acp-*ckP7oAH38)hH#01EfhXcAhOr(k4{gu7g
zs8pc<vl$SHl7c$4sF%MU&5vy-BxAj4335XFrf_x1c58m2@*3*@yZE`>M2UNp78$Yr
z`cUkel2Cs&okCKTKSg-FcpQohQ^gD6wm9pQieUxtXlDRv=h5zDGP_7IWYvI37V1Da
z(?s!kLxLsVBOi^m7v0QpI`FBbg)!d}YUNA-A0$Dh#LXkBnwBsB)Pg5+NsP1=;wwpX
zy26+Eqp<>~9|T33$wSKw2ouz>iyKC|(6!{bt|$D5ikvTU%1&>Kge(8sT)dEAPt9fy
zVa#FsW*VDO+$%?~pTEeG?EybL1aF7o(){J>klPy_p(1mSLbRfCob2QShJegnk+2)!
z^5L+s4D3tydNWRXds7nR$E{`zlD2zsHZ$@vPJ)e)`BV_bIi#>pPc&C#smkL%=Z6PD
z`;IurIl^4!Z#vc|%*+Yh#N<I$MVd?M<AYsic2Q?AJ-YMOX@-|bsnN;lmMptFM^B`d
zmlMmkC1Kix)GSSlD<#t53$@ae-N_t)7hQk!X(G2>g(&5hhDph*w{mv(5Jy1vcJ6Tn
zrUBMp0s)$$><0$|YS)K#?5YVu9+avT&x11C1$2z$nxpC8?rtZ2&DVUryu)Yeo(5lL
zkXJPq^}qWaITAwte5JXp0eA69c;g)3UGrE1j6Cq;6Sl~^6jm;E^d>HwB?j>TZV28b
z2dfGmo4ltSkW=g+*s~cNaLj*MG5dw`P~Xzgq%?>R<BVf(=YIv8Kw+leA0FK~D4n{m
z)9zHwUc<Y_bpLyR-*w=hrn;<(V$KNK`~_B9+}e7bd~vi7>TGJzUNVycK4Set{ss@>
zns9$rVYxko3S5)DB{Hsg{}4L@$}u&3f0AK6r=%FOrgiMl6)G^t<hMqF)^1nRmzb&f
z<;D3f{fZBr533E$kTTpLa(Bdd%sQA@UVJ+D(`us<wJ>-XG_0ygw|9r_<;>H*Vgo?e
zP(k|m%mII1G8*`}F!ID}SVnl06wihhRG!JUkrB}?;aGLH|KQG1hjB&&*x>R=WE723
z=DN2&qMz+}2Awm*Od8-P!q@C#c}kXSo8&4uiKfhVc*wroFffE+sg?PUx=a-oqM5A-
z9$=$eXO`~a&sPdqt%gEHnHD0u>_+rw`yvi8gAc%w7l3Xq6}6}{^0KuHOZAOC_jj|r
z<<7=9za?jNl8uvG-pIZH+4vDJr`&ICzOnjr2?}#Ftark6x+cFH6Gg4a1Buz*0%z(E
z?nJxx1vl4$JyJ=dPlit}(|F&4HS0uf)mReX#86r3m>TTraYLS!d~0wO&?o^ZQiMr3
z?MBt_%nRU!=xCSi2X_o=g9j=&gndDzmND&fgL?Zu)od7z-gyoHa?(WIxA-E>=16~Z
z-zeLf*?jU?MM6*JNdr)2#xyt*i4PHTvDK)_(r=x~l1VBe81%g3y8ZOL)ItW515cv|
zHCD6r<|IU`+8GNp>|I9!(cl$$7k-76%#}u-3eK0c2q!`rQ0(5t_d|t~1=MKWp$9iX
z|1$;M_T{3{yZsdau}>Z)warc)x{i^gFVFj-#AVqprkHS!@hnVjR+0Ve7`q5?-3;FD
z;Y_O`!6YwVsfhv4C#z%dg4HQ1xY!SoUG^<8=Az(nLcfAQlcU)Hrm~s&Q!N+fm`fds
zZ##C;F)Fz4P05Q0g9pVj<RR6DEiHUSMU&`H;Vg<D&g%=n#VKSsC{h*A29e4XNiko9
z(VpLF!EZ+4T7<Y$yQW86z#MIEm;lq%=F4q4-d&_3>D+Jf%CbH`ZRN1#GKVDL1zUVg
zNb|JE2(MM#r>W=st!vk+z=b*;8%^cb+O~%5C)a-S-PeJ6B57-jKdcfLHTb}7`y2?r
zXrVtK5%cH(4uVznME7X3Xpq=bSB&Z8D7wAY4oy&2nN!LxrtVkYy?BiXlI9IZ(LP`9
zr6yWe>{y6)WgrJ#$%h?mFJ>uXkF$JK@PGFEmcE4RL7kZ>sz8lnr5bG9KR`$DToEA6
z8@Nx`u9RC29+%fB_dj>F>jIVp!uOZb=>y+;H#w33b6t@BI@4N;8O1XHLb{bjMG6fj
z>s7~CtyA_HznvP)`WbWFUksVB+#qcnvuY)sH=l*SI|C-f_^q>*PvUH|$$!BKXozRn
zANN%|E98xXQ1n??pm4DAy+mR`KK=SB@JgN++E#`w>^$hOu6=U%Y6hb3m#<heh6dtN
zouo_z&^y%cPZ&aM;F!T9^fr~Unt5fVDY6~m{}RY3i|XinyKJwZySW2{V0VVBWNTjP
z{is|eDAysZH!c*mBa$d#uy<OIk?6)==jcW+sUD#|HJFiGQP<cL%bsG_b0X2+GbJdu
zapXxXuM+*OdY`1ohB_4i?K3a509|^rIhQ{Mfab{osHC|>@-#ar7}*paQ}!kD_#Yf*
zhp4)F=|r=#=)o7-DJaHk{EHftU$`Fe*ty{=sIFSXxEUh+p~0cbt}H;%QTW9f&5jOM
zDiMf1v*^6IXBx6b=w%IY>Nu`2GWbXu!{&0Xz+AZH>L*_nn{F9n=+5QD%c`R{4GoJ5
z!1_z;Snod{|7XDJ+|qKLTaK6MsvH4^(w6U|=10YbQ9)g!O0Pr2Yq}b75uJ;hlyb3b
zL;<D`?l<>LJH6V4%+hcHyYh-m+24y8Rrcs=c62T+$^r;Pg<q5^iaKeiu7^6-b~9(v
zY?mvj6KloonsgE+H)lkSK@yzTa{QqLfYM?ItFpxd(`*RRm4#j;*dz>ih0)XTB{i;O
zbG44wX9yK~!COJA)UgsZcnt5RWB%R6h7lYmuHEE_%JgkWuj1;VF&Fgh>HXe@#fiB<
z!zLR^y=_b?8@0hcB5{e9$LF`!nk}g*hc7XqD;qa(;iQZj{e^dY<vr&=)x8n!08}f-
z!^2D~vFaIUc9^LUQFJ)=7kLBuc>#;^tOSB_qVmGLUC}=I+D*&Wm-vMz?NTkoko}@K
zh^%*SeCFQ*$}U$%h402q!j7ZRmy#x$pK>|e9;0WMr{f>}%Xk$NA?#-gY~Ba)sGQ;E
zCiobj3LBQ8fqUj<M&H7+ho9E(0Gx0)ZPAs$S}H;Ib$+*);Ob0n0x0%VYm7JGQcJMm
zIth3LE@fzejlUO?NXsqsIpovj9CPq3OK3p?%a-%MR9APqYnbP=vdvjFrYx(>HPX+j
zhXd>*ucG-EmUhKHWQ!cM<rP?L3`|ZqlTttp;1(B=$5l;wn+A^|gf#&f09KJjSnrAy
z%UMN3g!4yX*-OW2QTT!8K>`boIVBBS!_H>=#36)XC$>gZT&$J(ATG2Ic|CAp?k%pt
zZ!?06XYXv|1bgQ}1d4eikxPAZ9=xIDp_t84sA_3T%a#@Tx)AIRoTO@Uccy0hk2w@v
zEZ)UyxFG_H$V)?xCO18Dz;U#B)ciTwyE3VuF)HgqhQ~jX2-_{s!Dq9|U)}U|KEkYP
zWOl~;^rAfXZl*TKpw^5LN2h<JZEXT#l{6p|l6-g`3dLC{pSe_JJB~1Mvt{w&>iQxW
zw#vO>7f`aYadYOjQ981jS{IenY+X)y@`rw1I#-T~b&OcKB^~Jl>Lg#WY4K)}n4kA3
zHwRrF4fAdwIjyVKF+M_vQrgXEoWMj;5^gh1ZJTsWULymUG`|-Wgu6iuo?6#hvclXq
z@Z#n)wwm8dj#eSfJuV-!zgx}Xv@c%&-aRIFl&O#OI3yN=BiLZb32iNXqNVqHg{yM8
zD@w3Hxl8l-yhyzQa_&;0B+)FYTcon;fT|z&fF|8M?L!LOvg{Z^6|@CswwdYAbDLl=
zr5_fo8ATUm<eI4|Kuay+-oNVBthD$WHb`Q<JXi74Q^lox7H!;yyWI3`21z+n(nl%7
zE5;*zqtpBSp}eFe8ZtZoOf4s*{dtnPPbBvxXVghZvu$JmNZ@?)0|gxnz`QuN_k7}W
z2-%FzaE7rxTNS6Rp0iQWLmePGuO>^yDudx6T7_@=on$g8Z<y^#UtUu@^LBifKUb!H
zjS@~77LZkjf8|y%3e>-clBK*7^dk`>7^a*`ikp1<&FljGSz-l`_f<2@0+K?KI4{ND
zHHh?Iv)GOVXr(tse_KPo<<8IeNJt3RNp|2FcYH1}*vHP39%cMCr`>_XGip~`HZK;e
zMA?D%g>szN+wIdiz+~*TRFVg^_p+hc+vzD?z73Kjb0+1Q3Ds)3$PkjBG?61|cvDrB
zp2$Ien(+(Mp4lX~l4SEpVn|l$(^9!-@XM&<qDC_Z?1I~xwt!Kl!8%nprN7ul{mT~B
z*ympdZQqyuWhmiB+-Wa18m38EnJDi(dT5vXcxrxJKYi=>4G)_$#y!n%?0HJw6+L6p
z3R%lV7vJyZ*YcSIQDbj1xa}S^=m&cC{Dro{vQAa?gkjSq9_6H5wPWK}onzVbgsu_!
zqLPCSAb-lMO{AeMYwN3|%aGN7WSVW-H@;=lCpnwVV#ar03sQ&TklPYw+vg`^b)9-$
z1<^!kSX@0Ie8flnEf`M*TtL^!2&B{_&r<R*RCo1~o7+)RzZL}CP;jj&zQkW!jht7}
z+Cg(&9oZo}UeU^1jP=XOBjcXtT0y-avZG=jaQ(NHw@n1yLxU~rUr*f&-6O3=X=n@G
zTFuEreN*qBU}#I-$zu&ieG|Vb#m0Af|9ZZc>{{O6Ud$=H#uCcHc&qGcW&T2Co7%p5
z-!5sRf$T((kq7fd;^|M^=XaC%i+IjF1!bjxTiF6>?IXmWM<P410gPE-{9V6b2WbGB
z7AnM%9#Q*Xht077Z@rI9DQx6M3C4C7*=QuX!`n*3VMFUG!f(7rOsX+qDN2yd{)%L-
zC6_cx`rN`W$FB#M=f$cYwi&#hUQ)@sHXaZqbPY)$m6&rVqAFE<;IhAJl0a|TOUOdi
zB5q(x_`v^$&LQVeLh8l;R2R!)0YEV7e@O#;{~6@-fFPl>9sSdF19Q~J2ezc~i;)DH
z#UV7~aK6E2R;2#m^ot;I3s`=GA6~PdKbP=!j`!wW00ld}^G%q@vsem;-LV>ybY8Of
z+yw6=m~PtotGkh6)3JLg#j*9Tb+!|%(cOr=A8*pDRBCHxU7}gxpa)dzZk(IdJKJeg
zU;PubH81>==hP^-H6QWI9<48{mFaE_;r!S7pN7Lw6a9`N`~LOeYeZWc=KiZA!%d0n
zl<v_(weR*OY~tlGZJx)`gTMY;C;Cy!OowK{y_dybbpZ!$-M7xA3Df`T{hPn{D*Y$s
zH7L3Vcun}Ej-OPOE4_6_vD5s=`rlFpNi#l@C%4CnG<@8Y9>6snQI|OsmmPQK3zMK)
z@O2=`alkvOAc<gL{O+&fbpCM5B^HH(xHma(sPA~-edt3!f}|gba`f5{EU^}Ih#w!Q
zoZZ=RIJLj7d(c;J2&aUC?IL@;Cg(W8%K(;uL-3-na&+K~XKX1R4m#UfoxPjsubg)e
ziEGK%Ll1u@ckP&xzYwISb-&f8tNXC(BnTqhZJ@6PVWmeD>~2KB19$XXqL9G2-JO@N
zSpYj`1-{ejC6sVb^aY9semor`Lu*4(XEl1WNpk|ViATL`Xh>Ui=GTPO?CVqR8vxtp
z+aGh{Huo|4I`Dc>@+kaQPg0e4jCir!b^WeX1=9nt7OMPKR5}~C?RJWig~}y(#A9bp
zk*2P!BJO1__jNQ|J4F9Tww=H|5Pst{u>k#CZzTqP!qC^Bs|KJ?+%~^yM8kN4wY#X^
z3&{akiawhaQqPg3vKNSM_QH#?I6x@a(^~>?VO*T?-j#6Qs*o_aE8MKMF9Y1FM29c3
zi{EQ(99;CBIgyCZ5GRySc>q$ZJ^Z!?C{JLU=vl0OBK93V(*f}1Lz0f+m({@+)YJMJ
zcm;&aV3^=<M`=BQo)J|W5fWxTaefBc8DS-yDMI+aLtyBuITBPm5;E246@Z{Pu<r}~
zB*b67)Jd2Xs&}7r;m4#9H<H46N{gK~qYK6HjE1~K>DnTw_R6vpyt%X-_>s+wV(|D-
zzD4jlQOb<UEHt03i)Y@3>;H1(DnFEgoGVCDiE0Y-s1rQO8jDsPMuU5-^ct4lr9zvT
zBWc2AqPqE}Q|5;5fuW}Fw1D@l2`_w%0Ov2U2W*+~`q<airGrrPfv42MB3l@12*@^2
zSU0%l;C7VCHVsW_I%iH!PI%~hfqx0rmd###=}NaEiwS|8(3~O<#--J@Q-Z*@P#KHJ
z`+b<?=45gyf%e$>1{<@y#wNq<G~IIauqy2LaW3MKo@6&;?mzSA)__Sg1I9?z7SF1*
zZ<!4l6NoQ!gFx$VdB(HCaYAeHBq&D485*3q*Bs3$b^1D`E!*<y_{`f3?gEU=U|UEH
zH1Q#Jv<A!fEPcisE(T4EWjmJL&aI%QjS>Sqmas2kxa_trs1DyDzQpTyc@0gu?j-JL
zm*n_Nd0VO2!rI3oFhEx!{2FtXUJ881dTb;!R4*l~@d25eDaxfM@CGDRY3#mrBu$39
zoQ}lJS9IzIcTpW-xU==>P3T!oQ$1Keuh0_2Er9@KNlU;`G^>{g7mtz5$s-AN>hSW^
zMyoDjA(v<1kr-tiI7dl5!ZTfJ?MiU5g)7cgrEWjXS=8EC6@bf_k+R15Qr5)!jj5J8
zy3Xj!h5)5`f3DuLXUi5IE9r6o&a3ZA&6wUA-#>3|Nd$_$oq-ZEr&F1nUo#SPw340|
z`ri+5H@vJ?B6T&#tTp6X6VtW??YDHYo)K4;l-Rs}rRN;E=Db2g4zVrle-oBTTV@${
zD`&;H*v8?2P{@s3q_;f(LOyGukybAhAGl-7!khZNB>U)+ketW!jy{wLVaYl?GN4<0
z+0N=zF2=Q059c}mo1k=}WU@`f$*OYCqJ~8q_aLx{PaL&?nHj$Ywizo;v()SdC@N}g
zd_S%dof+nctBK(5TBDf0^O$<q7$keqFEu@0+`Ux*%`P3{JA8U)2G+<UbLT3~9VA@U
zob<ihp#nwl)>YJTeLf-}sPiJec?-vN(!ED<^7=JCJuIv!cdeOz!XEz-QOZYbV_nQY
z?0pf397(atQDpzJVMux}>k!94*o1WM<ukDVO)4m!5Var4B$1Hbc3Qyc?_D5XY&+z0
z!9hA;%722TgS6BJA$vM-&D!H*+KA9U^NJqvaJ6T6BARl&ukja-+%l%r2~4_4yh-dc
z$uSbj9c?#ujw6(xFwdPH%1Ded@;RCL6wrni)JKOHRA}!DD-n$TrQXNqMa6<xzmVm%
zH8!B`(bA{D>)xH$mZ(by+*4CQoR2!{fL;x-cR>b!Q?)0$!A_H5e+b#iGSV`nk6VDN
z2frqM(BgyV8_6WFi{BT-8?Dq<SbEl0sDmv*+W1M8zTGP_D`kz*3kBKnDr~^{;07;j
zYMYLPH6r6z+=CF+d%rbhf#7`^_N!Bc@KhDA#EyHmtI)%L?%**Da*N`7lfSq4g!%=b
zD6%rv^@bOG$Jinw4g&a;0P~?e4vIm}>_o)(PMkFt>EuR}sr~Gznlp2JknN?7p=Tsn
zqn)GP6Eb59VF6}_Fe*KKBXx>m(ToU^-HyP>jL$6@Fm<tRo2%#v2q*<EGB4!XXluGO
z=|?sQ??<su5o3i{9Gn1|Mrur!Ld*w%Njf+k>qfN~&kQ|)REfN`;r+zIOuywJ`~B$6
zyRXy=<HXvB;q8d67^$JMb&#~U=Agt-fnis#D)K?%6=FT!n0lDXht4vrqsP2VXJXbW
z7jixzTFEOdNT01GhGMQI@oyIZQAT-Ex&WoEs|uwF>UXhzBdOk_ZM#7-d&>e0SKY}D
z%ci@#iBW@U*gpS7HtwWB00Q_4w{A!ZRd}OqH^aVcebG9gjTNS6BP;Wzsgh10q>1;u
zjfx+c?cKaNig9z&GW}`SgE7cb7uVO-i?~-JuRi5dcR)9Fg80Py6`$iG$(oRe<YHD~
z*Pfj^ObWB*ecgLCJs+JSb`F5H#XI-KPHCKy50v$6=$QMeMAP4z(q~<=Rxh|IDtIH~
zB#|)$3IcU4NA(a<IC`6_gM7eVZz#q24>2;rNL6&8!jFz9NMc7TnYe57K7e~NvAqj@
z9)w>=IGd7%S;Wyvo-N@ft~(zC=Jo)pKMK#^>K}tCix77sz~RWbhj4(>z=n5`e_PDX
znsv=3J3RBQwjQ*d6c~MEe$)EoC(>AftuWno=~U)8m)_<2t8hd^!NYe*km8W4Dh}>A
zKhk{f?u;PFM#)~C+lrk9!B?>%Ha?UZF##glD}Q2efIM;747Q*Qrw9~+v;f6mVygp`
zjnd>uHZWorI_Tj#JAe|Ey7$6V4nLtjsdrszuG%#-tk>+Qa$oh1k<LoA;KDDY6KwjJ
zE^V$Oz05?TsZAQ(qVeHXKHMUgn>DPp)+RR=mS$ADM==y8?IEyeF?dtb4-5+<)3JA=
zHmq@^<|Pq-H=^dWsDg`v@gdE5#gwSKL1$(R%}I6r;liGZPC)e3JqyoEQd$Abpq?Nj
zY1|=<7xr5TEghYKwtgr$|ITprm(w+}c}%0V5B!^rfJu@1k&P{-fe94v{hkdc8E5JV
zykZq~V+jBGEjjX@*H3TP$!)k|=+U05Sm-M+%k51KWtRyz?R{t!W&E@9ZZ;{RxqfO|
zq8HJ*GUCxp1i;*$+TD=m&Vg}Lj-rH4t_XA&U5hx&Jg2gi-WM6=a4Wcd7<#7@cf`<@
z+jH>lg!~Skm~Pm~l*x-Y_KxzlXFPYNic6ZMBOn1vmqbY|S1mt0E-6IJ<fL^7XHk}H
z;(0Ec5KQKU?<2JJBtsum=s@ZA+_VS-R@b@_#e=4u6)@oxAUn5auN*VG`;u;ITry-w
z?l~zAeFi7l0*|DFw0=mDBnNxy=ZT%@)C}%xx2q8e;=z)+9OGsKC5^qF=E*Ouc5=EH
z(yrX$OQozI2KN1ACzFF%3OUuX{+BQSEU=+AH(aH(UkcBodYx`I2WB3g$!83-6MJ!a
zCru5|1aK`mh%c${OuPItpoSk%C5naNb8v!bj9~yp4CGYToE3#_2egLDqwE(1g&u-o
zxU-ZvD~Hq(Hg$C;y>d6=BAXCXR?t60ku;;l)7R?O^C~qm;Cw_XxEmiz=y0azq?y7=
zfP1;wDbs5qkkv8zVYaHkJ~b}!TBd=9j?;Df0bq6XU5#ou)GM#34FKN=`;}|rSJ8U=
z+_F4#9%8~u>KCzZ61coY>#8kwMJ}*OXR!FRjWL;mi$0u7*YXWNbmD~vh=>yTq$N2M
z3zW*IIz&p`)1ndRVTAi|;wSyJ6iM;5sG+7iuuuFV@>z-9RF&_EM+DuF>i8f-jbC-`
zfC%zl1#gVXrE+#A1d)RWi#~e~k6|)y#71MPF+AYyaz!!}I2B$aP`GLINV5pk{VYCj
zDGo+Uo3k0h)En?#obBzl;6{q07L6gfQ}F6r70a4qk{w3?(b@<0e9f+)frr6x!7u+O
z@-JUp|EF={i7eaecs(8RL;NP5nA(soz=KMU-J38Ok+$q-8}9GTAdt`dubwON?;ZD}
zpRK~5mlQOGuOM#?nxC3f^dWFfgO;C`D)r+lhs~c4$WKAk#L;-Lu+SkS(1ATTxU(Ha
z<Lj7(-d?N^KWg{9VczOprc_?z9ET;N%LFWwx1?R=6O7iuCXbnE4<`9N-%@)+fM%W)
z$!go`$KB?Lgi2^o;Z+k_W;l}WB%5IjW_#I!ucYCD(e_<dOx9GIalG|=YQf>baA!Cf
zMnzxsSsAvoamERpxPJKGozPd#JimD?<X57O7C+|(3Mv~oJ_cbKd&0eHXLhbT;x?6#
z_gQtr*0^rA^uh~$AEI~_er$nmKuEd;@^h%Mh;3zJ?RGAj_GITb+MGp3Hs5xAuB+;d
zN_j569X|lx$9r8#5mFVOKrIY%X)h3AmD9yDehx3rE6CAw!8Q_-bjjLOM%~hFoCHU$
zlrAf~o(gVrlUY)N?dGo0%uMdDYMPIL+t^L75#l>hDZ|y2f*zWsgZFtoV7~fOUqNr&
zOO$Kze9=r=aH(9@?Yw@kTvj@z_N;sY2BC~yLC^KK6d|?d+oG9xypB?U!FRc=#aOv)
zDUaLQe)+`59hR$&+hXB~V8X(^8)1`cBTlC(eiK#?#OpLrx53Df*--;(r<+Ejyy?~U
zz@?k=GaH#dmg8C&bzO}$V9iJ1-rnmhTqLr7W`(CBg0U&8;V>T*fEi<rxfzuwsHzE!
z#zqxn#F$tO7S3L-hxYk3MD=s{*Gy0d0Cyll{Vv$Xs;>*v*fTQ$cMbs(a^@xUVFLp2
zVU}NUw18;0$d?8(jKSUx2r7SjfEtjF6~vmHd!z~j0YHAK;6tkcBte!EdKb7*R*ePv
zT6RZMG&aHzQy7<gj%vFs!tAzVA!VP1@tSj{@S0&7Io(#PO*eL;2AVf>BSow5nq}Y1
z@tRWx+(pCe{vB8OK=Wd?2fRiV!q?+=Vv1f9ZO~@W`NzFp(-wL4y8Y4Lt-^}u5KOh$
zb@0s*T=yP(NjnWdMO(*CYti#)KFYpQ+?CTHCf*PbMvVsAsOsGuhb_$`0-=ojRVcm7
z+E{&-0u80fk*ONU-|Xm=q=YXuh2fwq#vV<+vN+})uOk~@Is=n!G;otkVc(doDc_iX
zfS=f_O>?)SYU(zd14OHQWBvj5jY+9-5;ZXS2N>Sq0Fc<Vfs-qNe-9mgJ)S#^E^IG+
z=l7O7yp5u0QghE{KezCjxSM*J$phW(#%PlJ;5o3pa%FaD<>r2a`@&*AAWSZ;MN6h;
z|D&cGs}Q6bkv{9dY3zEowCJl44C|f&>b{g!5;Jb0^JYt%XLr<4#gIA8R#q*vx>!z+
zOCE>H572@6Jzn8Aqkr|e3>p0cd1w8?@nB6myS-S^HSd0^-?@I&T!3eNw4^_;c(hdA
zxsL1IB>Okm&a+9D8+!TH?jkfk;I!&;Lm&ANV{s?#W<x-8e?y?mcSGmVE^m^QY>4w_
zW!eSb!SmMbqY1H5`y>C}M%Lesf!xNs$?Jmh05BJeCD5c|ud`P}k802nx{~^%HoY<K
zrNiw&dt!IgImK3%-IB%Qu#ocMq}xLNUW3>2a@jhy@ocyy5PtA%$U0I5awU)7Lc8|y
zvfoPIGPAElJ93riPcve7)Vek6q@zM^JK)seO4u2?@GHz8WZ%%N^eU35CI9_;&5E`&
z0&wwayYf_fuA8vJvU2<x3XA6LwXE@Apm25be+X%>Dq8%YOnNsz1d8P)pH|NgipqEp
z--jn2!gBtvR(U^WzPI7%$fUviCYFPN$Ob62FMN!xeX?+CS!$sd1Lj)~x3H<OPLNCu
zc{6@M-#_0oKkNeY5u<8M{`GKhu>c?cT&jf#T!U#zwK#%;h2*alG=-`!E;3U9j5`YS
z3%FL1Uj)?$A+$L52r_%gze38H&nRKRuSSQj?7oX+p45_M`e=#3c(;F*|8xF>$Vg?9
z8vc$49m-%j#-~BwX0?KKkf2^e&VDi|e=>2gLAKhNX;Iv?|Co^qH-xMEPXU0@$Z(Y4
zP)J<vBH*HWU?KV2Pdg*wWnWoNU9?Qn)sKy$R#9F4KL#CL!9WJ+7P`c_OG0ajI;U8%
zpm3#xup>F9$Nc`}*S2%cZ}6fM7m==WW8(l2hj8@wVYG6~m>{o8$4Hg&PaVN2?D#QV
z-oPr5yjz2DRagK<I=GBb2Ok-&MYpj%K7BPvvCg{O)#srCr3BhKinPc@N#CFoK|=h%
zoGb<AIA<T36d1~nrPxZ+1OCCV+rDhT_RW+)UtSv6lJEV?OfiN}7jeNx@Tm@!{M``6
ztIC3pS&~lkc{0UwWJwd8qMZyQTfqub4rb=$Mb@}S#uFft2hX>o_4gJuS<Ay*M_L;x
z>#7H8`tKtPHRJULgw=ip?V0r0&0Fz%vZnh0NfQGzp>T^-*nhQ=xhTvi1@0QygYXUw
z1mA^E3qoC8z~@&Z;$02E=Q&Nv2A9ZfVU+8bakB8g>NYI--#s;ahCF>70{E8y^<)fv
zFwgjxJpmdW2{t}wopJ2jOU|GznEOwf2YU48ras%q0^7yc-F3JUcaY6JfH9Kz*?~Fs
zEdGY2G0nby<-`V06cffb3jElsRUj9XV3><>Xr}vePmWen1a`OuPf26l-_F5_HoL+-
z=(x3@d;0bGPw^oOWmx(xYfcmM;jEV#D5j9^Za58IllwW{9Us>}ph~j9AZVcfm#v&+
WEG_c?*vd&&(mW6v(*LN;K>q`%a*<sC

delta 15575
zcmYj&Wl$c`vMuiJ4ncyudxAS85FCQLyAST}?(XjH?(V_m!wD`o=e$?<y<fYld-s~&
zGgCEF-D}+>fL|nlBP+>5LScb{fx&?hg-g~UXTib$TQ!W?$^8Nw8sOrgfRmz(hCJ<=
zX@)4HZ|#Mic6u%_@5O7@#P^eN-Y2Q=J{`uSvGygF#D%^_JQ4D-5W>Xnl#z8=dcO|t
zG}A5@cxUvlX<)*!kJ7pi$Q};#OHGUlhISBEOm+tm16x^W4uc2zDu0+5?oYUphIel0
z_IF&&cgk8mzy#D8qOO0%2Z(u0To=#NLlgkL=Bnw|9c#^yElAmsjtIHn_)e|j*ZIy@
zGMFHL*9qi&fvajmBC9l4S!8qL?F)uKTMFjeMVzq2^VSdPjE<XE_fs~nwZ<r!H@zTE
z&*Y^m*UUbB$$v<bVgHLX9Q?mXJpV-k{sYDIXUpb4P+?o380!+lhm9>(GWefdc#nK0
z4I6w`%~loMLbcAF8(aQUO8NgP+VEz`$Xg^Ezq5I~ac^0SRXy6;#@N0{I?~Zxupy4l
z6zxF9;Di|%u3taWuh`<svT>cgbU|77E~(ky+CKU}r`qtO+-Bqs1#UYxJiWFVISZ5A
zANAm`ND}{nU?vClweDDEREhT1Y}7H{*)3kBznk=Ixb_a3$DlfQde-t@C7*V4T#*Q1
zTqP5Vxo-=){TG9(Gs7u~bcbLdqO&Q4I^Q9@J5fYO^w;=d_^VR9=ssmMq=cgctTqoE
zvnQxk7%{+d1@QBE;4Q<zkHZ6wWR52<OgaYob0#&Us&yO^mJg0^U+xC{V<;%}f3{9e
zr~O2k<UkX*IF7}?$vWxEK@0Tpc^lB^^GWtLmY4c)QZ@1Cs5~Oa$C*UV#qRj&1V(D}
zb@v+|ICt!7Fk`9pX6ubH0fx)e*SS~<Xqw)#!xsY+Hb7?!h}E7~WK~y~5Ib#~6vvU^
zYP?`lP7Z4v#lb$5e)F1sqhfzDDfek&_bB`Hr)i!vk)#TjjzH!R;cCo<^N_cfU;o`E
z^lP*SBPX!>{nfrMTms6dTL0vIdS4=ODK}p$)CiwWRQ`6+(U2LFSFFg&m86eAkLb$^
zVa>4+GLRbaut;Wd7k4a?LYdfGYANIJzKl?lxf>jp%-z0<4dLeKxDX2=^7u#@cf5c*
zcTKU8u0gQ^c{Jemtrvfv5<Wu8(fdgSDb5nFWVIHq25wZwf0JQ{br_FySbrh4zd%?q
zG9j8ZeM61XrZhwVzH04I_=x2l;S^K29KNW^57_aw70X;SN7Kp<#2TTZ<m!V{pn|}P
zl>8cKpPzatfabjshmAh?scIo4mroK5Ds_F@n~KKh%_6vzfh=~4Ia(+S64SP9)j*?1
z!BK2XiB`V(D>8-_2Q3SwkwM`gyAK~^0=18Aa$kedV4nFp+!I9uXK3hTnc1!^;*7^&
z4Mh9V)H=*$wb#vA*qB~6iPH0X2KgDA+Rz))3C^@OXZFuG4iiOiy2Uk~rtO3qAmzM_
z4i!d%`g@CV07T8t2qilFnW(bA=G>ySU0#?tu^<T_-(__#*@`Rc5Z2rKQTT(G!chnh
zGrB|*s&3V`m0G?oFi}L6kR}){c+pcHV2>*%H#FIIMW9lB3%x2Io%2-k>j7bE9Cx3X
zTxfjpT5~O5f$4B;Y_O_3k1*jf<?00oaZ_0Qz^|e!5>$QUZd^jPC}-<75^i%2E{bZ2
zI_wz=UKjzjz9=EPfmc{VD|hrCD$3(`D5*`#+#<5N*6Z^!2Bx=u8wZG~@*^vgKqyX?
ztSuxCYk1&`EVn=L)&(u75#1xyozo0yJC}&yr#PhYPq%LZvRk#^umcZj+6XZut%;9j
zkG<i~so~|d7rE*KG@jQXvQVjxg1Pe`gJkS^s69quDCE;TP;R6kerWv|I=Syac}QL}
z6mAcEcJ!fW$*>EbB(1H|V~L^%1Jb2)m98V~T}0F$k}+2u?-^_FseJd)>F=Y=!Ir9i
zu*6WI!SQa1f1fCg3+~yI2!CN+1*Xh*J8Hq#C1arVAcOR{MvjoJGy^hDUiGlFs%?w4
zbXHjX?&MDlZHZlUCB{9EjV6wY4?QAF-l`Y7T8(B3cv8=BPlMj*Kv{`uz$azFJKO<F
zJg)`1yF>H6WY;=G@VNEeO#(6q5xeT3!k!~T-(gJ?Dg8W`BP3cp!h5%skq+wnZUT_0
zRDK=RX}r<58DoEq!iT8Ww(&b=dnOxv^v_rYF6r+qAx~BA)g98`?;dX-Ti0828)~N`
zJG$@84<o`pz~9%3KUbtXfPiN*)jeHe@#Wmw=AAa+Q1`kZ34sCU;nyzBxZ~UW#o5k?
z?7ee^C3<Aonx%v<^x22}&ng-U2CS?6W?*^2CuQ^O<R5;JnNUXGbh$p!5FAb6QvoXU
zb$8H*pki;{J4+8E679Zd-deQt19GtmiO1Nzl%xOCfJ$6wyKnI$(2p;jz8_+!QjQfB
z3Wjkbqiy$gG<9Vgvx5pQ$2WH?*++gGxlq(6!**`hs(emouW?gW;?s`GtjoHB6=t2f
zn-)P^%f9;y<8&-v)u`x#Z;}b+7%L_rb&~5*|LqO5*6~<U;{!&QsS82;b7hlgIB!v*
z66PcQ8tr;Q$N|FyP=Nd-)Me2)fe4H)ZatwGI?_e@g*@Ts4bBOdO2o=cHot+A&trkd
z%oOG=-XSny$cd;!IAj77VOGAgTK8SG?<V~f#qTdRM`Yo_$>iNtl;h_n>^!JD$38Q5
z-SZpenGN-J6}T+Yt}ny*?b#N<Is}H)L3n|0rU#`qII^P;I3XFT2So|97&pd!lJSbf
zE!A1cfMh3J3urlY&1^@lzwn)oa&mGbwM#;+XLg|o+%JGRlPCL6rxhl)=S)q82Ch_R
zJri3a-x0*Ii?Rh*HKG3O2^rP1@FW594(gQy5K|;@xSW)l2!`o}`@5ka*^Y=i657xV
z50X?8e%7!8vYjPDjFcwRwj)nCOV^a&eEjR8;SSBT5u*LDtKd`$XBEdX>qyRqk&**L
zPZrsSXkX|>mNZk)3N((eGBTu8n~?9rnh0TvHzir&qY4UAa!pLKCmK%W_c_0LJ?|CN
zy~bxvx(jq|!yS|4IR;Hi|MB}C_p;m;_=g-v4$0mKAYD4WWr4m6o4%n}uVrW(37#9j
z)(l=ia_T7rNvMqw^`P%$O3JX~!S|5P{87Ve3j@-^AXwtuk{<=xBjlE6Av}4+t!7rE
zl!yr!8ze&n!Q1;WP@(v#x}n)ULD#=Xg}Sb_`-OkBn|5c<1|6-jfA^j?mP(aH9E{cn
zPe`HyblOpSgGuoyw9(nvXNiNNRSMPEmcDdI_;pkofFWy(h0fUiQg1YsSBw%03}n(;
z<mtkt^|Z%_Vu|imlmHV$g`9v99DuSAi^YXlhv0d@E(OQ<n)17Lz97bS!Eo>X2#zmq
zz6o9BeI6q(sg7IS=e_OFy~UX3mW>yw8`t3tPzVW%zy(j5v4+-Lr*$=qn2uAIY@1^p
zK;fiRf{ZD@DI`e2N2Apf>~0kF91e~JA^D0+-toX_Dru5C_I>U(eDdsLE4quDZ*|lY
zEQFFqj(}6K2h^#RQaaqppQi3$trI3bX4{i2d_I#QY$}SO%Y&%84gBLpDQJG`M8tsr
z+H-fy`sp#KJy%LvE^tgL@n*<W7gN_|urEGbKlcxLOjL<FnuB-t;;jn391KHgkOQ{y
z2h=>>huO3x|Jq|gH_IM#rAemND-85Ps<=RfON`Mx8M)z1qJGzbfa#;86kC<dZ7s2)
z^c7~e_f=<I_)@T&&hl#kTl*Tc273Yr+=DB4lQS5n_E1%Z8x`7`BZ-@VAZ9M`rICgW
zBZ7_2#yCFnjSfg1*{DnM_`zT34vPi@{iN)nny~!7_@kfr`eCdky9z6((8=$wH$@6>
znkgXb)<!|>i|@v=O-cqqU^m_T%!9#He%FP$25Hb284W*pJw!UrOzaMqsMXT|52)&_
zS@-ajdUxoYYG#}dzm;hk-e=p_ax~3iE+W7>&3^AidUFhYNOq(JH;4Xo+4kEZ{B-bB
z9<GKR?ypePGxDo5^PBBhQL&z76c}#qRfPlnWKR8I0U^`Cd%ux8u3q0ijdfnc;BfZd
zTkjX$sYfZ1-iASLz?r~ne3z{Ncp9F0F|&wJOc~*&(Ml9Y&Se{6%px1xIEEM+g#U@b
z9FJ0gB#oLQ4;F{jLEmpnQD%jcDwZL}!YE2n6dHnQ!2Tf~#tGfmar18VD_bz&)Z<I@
zS1eAdm|Og*moy)UpXjUnZq>kF_APjSW5fwub+J<dxi?F0B(Jai<S=1X0I!!kZ{4a0
zg+@bd;gBjGt`zh#2?OygaxM4{viR)!9D2!pUh1t+fn1d3GZX(Lz1p)l!p`mQdf@nL
z4Vq)icPK5k+(SR7_SEIVp=6Oyw{s9N6CPOP$V~@&s(RfA3Zc*MA)l`mn*H_~twg(W
z1&FTQ!4(l~6tX`N5%hgz0cMx+UUb&5@{U3_>>6%3l|wSTGH3J%2+X?RGRPAL5{=V%
z7GqO{7bDwyy76j=n}ci_sy&FJAXoL|vycwsWambf(s()jf_f}s`D<!^tamV(Rcbn>
zUK#?WR|h*MA+Cg&?{5`&PX>oH?@4@lR0e)>3%j>F_aO3eGlPl<;1mWoeE140?>(*J
zY;h`?Epst&;u;?L%gm<L%H(i`Ee$CD-B#Afdt{7ct{M-Lp?&OYj#(X}c1EnICVF4z
z&(~kr%dTvY4#67|+0y#*y3{=fr&WFHl!-&WSmvbXCVeOK;@$1yfZ_A+=26?))(YIe
zLlMvO;$DYCTDqi(K*Znhh(;vEE*fU-$QAWKT&C`G=5|-argaMA$HbYlwh*iArllw$
zPsxg~WaD$ISepicsUt#}8jVa<<yAe~WQhiam&tT<_6Y&#jKY!1Y@7xUKDpu4ncHG6
zVv!90R+*OpWd%=lt}^;!Zh^T*nD@mL+26AsL&?ST3{uKZ0LDCKcVuH=M0`RQPgfPo
z*m+6AmM6gmTb&NK&V|sz;{9Dc3$a)ROg+mxMTTKF%~pY2ddPTMM^<Artjw`GbyR`&
z>?=awrR)M{a*;WM^bF0@?JY|)M^wZDb9o~owEIMnmQ~I^PRTC@myaWbQ=CG1nkS2Q
zjxbv?!Td-)z=jbyUj}d!IYq6Qe3LOpQRMIXQlj4IGCqGFWE`xURIOA*FJRW*A5IuY
z$CxK0`_w#-AyY(ANh7Yvf1&5z-WNVlHIGo<=wA}AT5HbNCs_Z{lEzir<>ZH5ViMKp
zi@X4?Dprf|TGRh=MF9egx!wo{UjK&RPh9c6Gocy*=RbTNoiiFAIA_ktPpx$*vpgF(
z-HBh%+vMAydXEEsQ|e$<?M;LsIw;9>gVA$tEgMgP8cR2)7DHI{htd%nB5wuUDfy}O
z-k&0fvy?~3c9OIQe3D@mf6N4uJHZo!<KzByXt|!(PS>_`^DE||W_<bC#q<tIAt><p
zd(eFhD6PAD))vdozIwCkzGDi77g@9AOh4xTdq=$5tVlt_7Z5)B?fM){$k8OE#{tae
zb>fw*mM^#&J{L<3Wy;wspijStyM9B*ano|mq-Du6Eg-;t!78De^OBoCVETIs1kDm+
zbk=gOvd2ph#nxd@_BCg;J_&lJX=bZ%DQ<iLaC9BDqxCk+XSFw@BlvrkcNVL$T}OWG
zk6-mc?%LtIHdrx^CN%TO9AV-g)@|ZFRKtAo$1qG?$k)uF9fopI&#*nMm>&@~D70;6
zG=sDS8kiqAFF^p`j&zsN_x8)yA?IVSV}<M(rx)af6Mg-0rK$(=XbcAFmiaL;#p@a<
zfVO`~ail(riXr3A7a0i6dYYdXn<)dp$@AtVi8W~-Y@dDW-@IHJxByPmOoCjvZs-W?
zWirj6zfAJC=PapTt+Ef#7!@$<5x0izuY|2_wDJaK!37-H66~f%v!3ow;p{sG#!O6y
zfOZ8h=?Q+`G=^DU|8bEV&769$OCtphz>(y1^I{oC&eS?af#%NsC$Z2VQ&~*|j+S!n
zmtA!&=Ve84S@%Un>)@?7BC(XdDdz7dN{MEXb6d&0-=$NS0}1W)NhO*OYbKFNuk{Y0
zG=+?9R`(d_N3?8`nb{&>e?1I2?{7Ept!nue6QgQ84LJ_zJ9^>A-;kuc(Av%>11cuh
zp4DF%BLmXrEO2CveauaoU>kYHHIfy>O%2%KMOK<S<FJpGJ=b~VH12d$UJ_NAnHT|)
z$QDo}ire{|95{U@5@KDC^FF>Y-T_gQjr+%DsrVqtG{j7kEg^^}Z&=;b!#ZA(-34dl
z$j+?cMrZ~IGlN9e${hM5Kqwv!U`G1Pnwdq7aD3qTfHTea+gvjd3?(D4v#mf9jw^xI
zBd!N`kj-~HT~M${np$t{#wUy7bL*oV&`SLFqjm5czmXC|%JffiPwY!;-Qq9JDxM&A
z?S9gpSi-%KU$Gz|vCddf-0H+mSJ(##G(!y<p2SO^@U@A<B!~aD8Jb1|#ICs=GW25Y
zSPJk|yl0{kaI|Q+EVE839gF~9>`>Z}P9wrkaJoHE{%|zi!eWe9m!KiALpFIzKMwV>
z*o4T4yzay}l|)D3#2{f5+FeVIfiIYt=+GAm`H_AwnvTS(+A=GI-rd!3G^C3%hudl+
zbo_urp5j-NQh}QZH%kui_6T4zCe|C3Fk<}t>MdYD=N_kti?Ps>5<1zh3LR0C()5Ib
z;Z}CIvJveK?92yY=entBc9y8h4Je7QeaVSj|IC)8v=XSOYwvg_7OQWC)z^2OOPwLI
z#-D&f({p#4K?{8+Rrm4n=@z9}xxsb8C@ckM!A)N9Wx)+3{nP{eC1c2m_FeH389L(c
zOMD-uEqI>Rp<h#8$d_&rb1C5^c8j36%bs@UTk^pQDLj69F;BV2nO|cys!wZtEtor|
zO7rWNuxSlUx3GzA)$5K$eEKs>Dc$XlgVjBa$Cn?(fP;eD)mU`6W5K0z93fcoIH`EC
ziQ_RAn^LE$RhI^sFwog1k~k@LEslOW52A*S)In8zuw|-JR}H==8-_kGggSYFu@bf~
zLNPSSRab+8^u3u3CLJj(AO2!UaQ?b!W+0-$l@=p`?lWvFJnMMN4+?)rM!1e1M!>6@
z08Nu#7hSL@HXP2v!3ekdRWCOE1x3~UCE7s`MeAY&bD0IM;Y;n|wI2c>J{(EmjDDks
zT)wGYlh0d1)MN7=|F}ulY_Q71T^;%0$<6An+v5f|UPTg3$<-Q$jytwf(Zrg4+yQKf
zZt#pqh)4fG{JyzXrk!1c4@mpYFRQWilhgLVi-O11S5G)%#U*A*Gw}Yxro%K^vmkq|
z>4oubwvHb-(p$WE7*Vy{G$*dKuaqd_t2;3xBToQ!9*$7-qq`Rm_C-ZYVw^_D)v;?x
zdiQ@R7~u3=vhko`VsgKX4(Lp;(c-;7RNzK3Fu$`wySpf!NbA1b)bQfjH5L#+Ll<Kn
z9Xs%rQLh@eF-GNK9?{EY=MEl@SO~xAxzF+oek%a7NZhwc-#Rb6j`0(0ci&Uw7Dgvy
zGJ`F#s@#VKVRP09WWQt@!oP*A$LO-aA35n%FVID<=OZ)?&(jU-c;gGiS_3C9h~Ngq
zsznUF#xw>+w><s6$$F`a>L^w)s-9wI(VJ+ZhB`Uz;5Y^o<%DZzh#h<G#!;0gs3SOL
zV%C5uFK2?Pt`J=rX}ul8n$S47X>&&Iy2!P_u12{B>@2ftW67Yjvu=B-$w7N1zs;Iz
z#}fNUfXN0ZnvrmEwbh)&rM-}!N1#!2>VvNxgt^4Ymoyx~t!f_FXHOzo@GHG^UTi1#
zt0vTk&aUO$RC3+lthfN<1>4d+8n^0ARb@bx`d%p3m>_g%k2Yzi89pdd0JRD8osUts
z63I=y4P{!oyLFU3;!nz-VdvK9nyiOEdUkfRml@XcR~cK=fBblBH;5a=B?L=Wob*U%
z4J?oIgWSY*hpJKtcT_hu)3v1W&Qf=O;lccI5OTIpsRXyrq*b=35z)yRdx0$BJ$V3#
z7R;kjr))fD`=<UKYPHM9bhe(D?S#>!-il{$@^9yf&}Pe--C#gfYp(zX^~Q?++4cA1
zg!5?Exb>M6j`r@lSKd0ltB12-N5s&!2d29;_Jsn~8tG=WDw{>41=`mZ?eDsY(2*cb
zy6*C*`1PR3*udkV?7ByaYbjpth6CWH|E3&{0#*Z`_m*YJPV$OOPfh=@d;dnf8(EFN
z6Z@0?_gCk1{z3h__zkSh3u8q#M;qC~KTpgfHL{S^j*;i9e*8Elc)~A<M28OcfybFq
zA_47q5;_i(s6%52ri^38F+V7C%3^mUdW%&Cg?F~<DABxoN(BfKX`xQ!Ajg1$oT?;v
z7kUqN$L2!{$u8^|g@N58WG0MjwTdue7Uq8s-b_)N!aYojid<h~AW}_PRJfdR4xM)X
zM>H`?26f8Oytx<`@<l?)z${GoeGetC(Qlb}F7f<O+Hc}%iQiz@#>mZCV$QN|yDC7Q
zO!CIb{zqr0MnVgTH1gSysPaI8>kE82LwEL(c_-Y$aA6~?7rKO8$p^UyYe|L>WWq$<
z^M)xn9@KstAEF%DBZV_lXRtTz*Y419+g&Y+_Utz^sob0$wae)k2?w1^+4NdTFT!0R
z;XI4xn{1eXES*{la~IHFyH|2dN$PLv;gZr3sv~zq(xRuiT)qc)haZ57zYmk^<p`zi
zC57K-`^rH8_HPR_dGQBHiu4$~ds65&k-6RKFN%3*%lyyN05NRUQ>;Rp7(4ARIV7K;
zW5;CUqnqWW30~QkXD;38AG-a?2yHg^lLC1QwT}0fMFjjAzlSP2dGLY8m<eM_vm~u{
zOt{-utkR?AyOS&g<^$lxSW$;IR;HqYRoSbHMq$T*@SB3I;@wgNGtw_q(xe~L&)hLs
z?d}(m%ZI4MVat}C_A1S%2#Dh=4#(d++VAwVTuF9`_wVUCYd-1&9#)*!zU%X3jEc;E
zOtgV~bx9}$k?-7Gi5q)rJ5WYPFXMGfEFY?>ja{@T45Im91s4E&s}lZ8VyBFNBLY99
z6FI_Qyrncm{oI)_FFAz53bb2ER!KK=`hM0xL^=1{+b3=sC;p41D^;^cn0ASse;?rY
zs^FKS?Z&xbrx<NvQqV@b_AZYQa@EahlUlgvlytARWRJ+N{=KNW%n#Mbc6U)y*Lbh7
z6sxXJwARH4`fdOihwd~fOp!mXYDOqoia02?G4i!?vzk0hP0TJPCwb`p>A>rtR?8MT
z$p<-OOP*D)gO~OysCy&3Dn7=5NSso^v4U=EXUP4vVZukU*AE2mr$^EtJpVeWK|&NU
zldqPxpEXu;zh_SCiE$Mgg1`}+#%Mbqb&@zhC_xachz=B$)Q+3&TzX5qauFNwP7Tzp
z1se~7xFm@eESfcomk47`8f=N<Kll(Ma)S~}vu}0TO3a5-IbxonB{q*Oo?-r;&!#mR
z417s7AKGp<WIovyyG883@eeikb$uwQOq^6yV4PECW)-l%mKQ9(KOp?1IAN5j8*B55
z_nD3!^aSoR-?W7!nUkeTPL9)_$Z)FbzH5%<HOBX%rN8x>uH8K4>E4jqT=?=&pbtCl
zJ3dTgd5Ki2e{rKrlY+?)!^cTo<64Un@ucZqL8cB*=#eRmkw)HPQF~84g_uJ?aM`+X
z!=>A^r;Uoy>qBpp*fQH=x)D?(K-BD-X^BUdt_HkDe=ul?_aJnOH>;V=VvLlacH$k?
z_?4!}!k`y;e_<yFi61F{GMXrxV4($tE8eNwPb$j(z>Tx-taUF>W3%2E3*lHjW)DZQ
z<B9pwe;(XMQert}shPEu@d_GjMJ@6}(zEb(D7ia@m#E%*ZYS+=qGr-L|8d}Ua~|6@
zlK><(U9E;!)lvu%dpl6LsL-cMh!Gx6Ay(mkv7a7p9)zf#B>rtU)wq{4CLmOJsNea*
zap$iDGQolw@&0n1Zj+z-L*y`~d$zaE!R#B}qN(|PWm~Gm10&{Vb9$Z;77TD%@OQB0
znR+pFuWaqIGP<OMRpKL8KH-z_@vrke<RAbZs+whuR%R0SGkdW1TIhbZFNI7!MDo5_
z^Chb11bar5G}YwN^GPMzZKx#fqz^-NaaX9SRMc{@Wh~dc8Kn}kLH1=(02K9N;yG*M
z+P>U-x?06qNu#~GsWI)rr_XNprf(ig*~C7NU+{M&+E?425Vj&I@I4?zF}Wp2RRchC
zM=%Qyh&+10oy34=(raqb4CI(PD&=MCZ~^pCG(#vF)*Obrd^#5DDjx_UL%3A@ZggdC
zb<$t!Wyn3uND^Uw-t3-zkgb99;w3DDvq~1Oady1>8KUroKsKxq-Gd%VH|#ymL74VF
zc2(-V7NlY~7L&=}y!C7{#!j{&djQ7c%96>SR7;w;%X2?U)>to89g#LoS|<Bi*Vz7~
zD0FzT;6=6vaJI^?Qt;Zmk^#EC#`z?i)1`NkT+<lzFgX?Za@==%YP=<i#^4FN4ean4
z_}QM~kpUhRpR)oo=44l;&_A|sbU0T%Is~+QasCu9S=B*-WzrsDjwN$z+yKTb0oGCV
zFtEGp3u*P8Qxnwbw<z>Ea*IPc+g>hPzmgx_AOZ;5AXN!AEOxzBtzs6dP&HWRa=Fkb
zlyO^lE+i;+kgN%J5R_N;vF>Y3i_gm|?8v8&(yMvUtL)ff7CCu{#}=3K`e>iWsMEua
z1_K4nb58>o952mg51_K9g@LjOUUA|L?vh&0A9o3Q(!@RX4%7W*?VXIn_-WNJb6h3V
zqZNR0^P+RRLsoM;N(n8fVVI8v_9r$nmcp`92qSd`;cz;Fzj8ruq^Sk(nO%K9C`N!2
z(uv2o#L(a+P9mMxxdd;{roFpZRZ^}|f`vb`H7l)(={PV59%%`i2hb2Umzw{>;mpBt
zK~zkf`k(?Egvpitz5<jr;g*zFELZE~37D?Ho*`sr#$j448d3-81@~o|ZsC+W7g_Aj
zrk7e$sVw~+E+ddwNk_=6Oi&7drLMp%E2)}*=euQWYCgWFBzQOvI|TjIVZfnScyvPJ
z`CdTiT1+AuvoPPn0jQkWvnd3`otx{021!T2P#ZZNTF?>6u$Sw2c|w*YlRo8eOc*Jb
z!ytBP-jUdytr<q~5ZR53smfgibpBk~J7`0&HMQT>I6FM~R=eI*z;uO}$Vs=S7fW8C
z<?-sZxnfgz)Z#;)`_R<xpF1|GR%8AiU24bsQ*BqQBaDN`0dSb&AYVBSBnUd{&qD}K
ze=V;0YM#@uI3<N@9IG;?c%8TVRo#YT({uFHqiUftMC4{pGC<zDD?0UiPHEc%%Mb6m
zbuyj<sD}bp2A|^TO#TBW7pFsSeaq;j!~S$9YJx8N(J(@>hB}l8@Dgi|fnGcIMV8N8
zDhD4<Z{$I~Dj@Itn|fjn!9{kvgoxS{5o#cT6KBMmuQCV3zIp)+Y-TA`j`h-C3b^x)
z<Y|m!m5h_%4GV<tq?R1!6|`1%J1cmn@(K-U6()_U4fK;vYKGsqhg^oUPc7{7-;3tB
ztG-gFHPzJJWsHscF~eA#!5x;d?rIu129Q<uOyYkzg9f^mWH?T!Szw)Ca;aQ+R`P=N
zwG3j|Gt5fqxma|yxW^1&_jw4`!;m8_&A$_czZX~g=Vsav8GN$EIC}~z)Jbvk8o*+j
z!+mjKW+#p|INy`7F@jp5<Y?SDPhRbh)QOT_!QjW!YI!&N2SIG%8f<`yDel6OvEE*d
z;V97{4wyS*yqCt2)`g{=PImlD5o@*)FnDECrQb<j?aEEFisxdzN&Z6o%vawO3f`15
z=-@O@+06M(va}*#bWAYIeU3a0(=)TIXzMltdAbNCcy(7S<x-_9$UIDbI%?X?HcUqW
zPuqfqu9??~c-Da4g?HH~e`~+7eaxX|mEtWDz(z3(#e2QRwAthJsGWHXAZ${#j_@AX
zli6ZR;_?3yCgmp2)~s30>NWHYj{&eKA^YuD<FN_am=f)<jvhIwu+j2fZ~#Fz@Vj^@
z0GsuaRnA^ZZXV-0i{<+}+|qLpA)JU`b1yA?5aj*{4AK&HP*dPTbx>w?c~ZVjyU7Lu
z6yfYET7^^UU}`URU`KocE&a3YQ_U&h)KxjASE)G8GnzpWh0o?qDPJt8zHVS8_$@R@
zzJIKO8Y{EctkFjV1VAWq6Xb=0XH9(j+k7>gdvO^uatD}$zl_C&B;@pk13M`TG~{*X
zP0mMU=RK(0$1u9%Q>sQ~xioPpkUvQPu)Z7pAWxpH-~U?Wxts^b8KMNQjq|cr&IE}#
zfj6+cRx*?$G!W4t9AcN<j`FFc7xmYaF0PobSvsF8o~jc*2QenKN*JnxJ~K<Wq#E9$
z@iJbh`k|<>wKDew`K+JargmWSXK4^pLUgtAV3cqae-}`$nZ<iR?6yM;a+(qV&=laM
zczP^IQINY@po3DU^I?I@EqNMuJNdmK=?XHMMTgF^VV+bq><UT<iszK+dbjE(0#}ct
zv>3dllQZf1YDd}9t&aku?O#uEpmO7{T<+H+)~|7EZ)GKghtuIN$K9e;rkC-J6zLt(
zxH4tC47Bbk-IMB>SP1Ob5M1?umVd%T5YLL{q-XOGCFP(Rx0363TX&UTxC@yfwp;To
zhDqb+hbr5*?mETq9$FsO_g?x!g9B!D$WBV@J03FEc}}U7{Z=#K<n}w+m0f1w<>~9p
zZol`K^}##^=)*1XtrM3$BAT}IhgwUQubTK)6dKoG!s&-R%cjHQUli2==_KsMO+D4*
zNh)R!yc11(RyP9XIH!}TRFn>@J~}AE;!84u8<KeZb`vivaE1^K3(yVfOLSNtsZ_kL
z63#X*Sn1AJ{DtSe)dx?-86D*{t3KZ~CD+RQGZOWc(3xMGI@qpiLt9jbzc#aeB2~0@
z$hl*?mXs?EZT+%${pSO;^TIpm)8+q}<(=Uj6KbV<mk6BYtsQii)!`i#dzb%At0=n5
z=;d)vAya!-b3Kg5ufp8<JcDW+f$ViQiw~Bk&a_up+-f(?V;36ncR9FO5uODe^O8QF
z>-n$w3g!uzsyTd%r|9Y)kUu?Qx$^Z9Pkd3Xh5B14!z<wffLkUsoxLqi#~k7{!J-A|
zA!}vCD|rl~q41WsbB$XKZL5&)DC>xc2V{kq;5L7L$z-0jO(ftb&WW~uJo9><Ed%MM
z(Z6@&3ZAry!Arv{D8R}joS|Zu%c8+lew9=BdR3jlk*VeJL6k;=l~aJVi8w>$mj5IM
zr?F6x1Ph{D0?@y8|4UFJ1`kC@zdeJ?<%8g<i3a0H>K>*5GmDC0BW!z&Of5-#&*&D5
z<NJ302D1-pz;UJ!<dy2mIt7Qgck3QKoN2Ha47zIEqi8#0_ql}7MLk}(`Bi-}-lSva
zLYZ;-Z*6PNQLDBVcRyTbQZ3cqNV7<?%)t5Q`3taVv^CSOxE!umYj2qUi%+loi{EA!
zIapiLsZ?JWMEy6Le&wNMZ$0^{guvd_;cakp6Vcv_C&g8{-K6@~T}{aL5?b12KWV1p
z)?K*9YdidQ{8*<_>A91Ai7tnmvD$0<%((tP`>y`^pF0=+g|ljYJa--n$^wUX%POT_
z+d~BZ&HlHgX6(4Dz|rlF8aq2Pp~H7&OZ-6r^I^;FulbQ*Ww1K<_=xWnEx0s<KMDUE
zIgT)l<pTR$PSoS{8@zY4|8Dr+XHJ~AbTLkqJN`(+Nyz(q7~$_}Nn~~U#~lRFV~hz|
zKiANXz|lztgi53Etv@jLu^8?v_liVGOo+p^T6OJu{Gss9Pw`0Mb;~b|$6qC({3`(c
zezlLzbVV;xogzl8qbbm3FR0M4q}eskzxS%TO&rdjh`-IkHLd5WUP<VfZUGY}FnPA*
zMks4*e-E@bbicxMGG<1qKIWiDfDn4A&i)vaNbry7X3eGb1ON@O+8qbQs}O5`@k1zH
zo#?dQh*IQ=)-}4a)b;lMT3AY(@X1YlwmO&#=F4Znu#RnndF$I#b3~Rz{MHD~&9K7a
z=~umWek66W<lmST1!+>UQAOWAA2h%|qBez&VOd6NKu_Yke+&LVC+s$zqj&C0FM2}m
z5X}8OkQDWQc>_kl=0+szt{-ysta5W9_+ZQ!g>Yf43Us<d+l0JEBw>c#*wOO3_6VVJ
zRldPVw!mCffM@k?<~d0+k3~MAq~3r%JdZKfel*_r1bSS6{C`1G?G5C7Z!KiX+1W4S
z{1S(kollaIbWBDQbrb`$WZ;hgQlLn*rJz!q{M9E3@d-HBjKR`(CyqrdmAQSGiQS<G
zJQn0C(pYSB9-RIh#jPbqlVi+-Zz-ipAfCa_KoQ@-%@0O_>YfX(8Y)ep!N>N|K64Ue
zxyUy%D*H_6&9H={l%}IT4KvOvr9W%jV%fV+OQz@OQYN#R+Mgg>{KBMEZ^F*f@lBNN
z9s7OiuoFN*{MP1^|BOUstRd+II<p@L|KlM$_k#<XGaz8oFNhCDOGF2Ld6T}95~nRA
zBO@5fJ?Gy*Rm)~KnsT{)uE97*VPJZ$BgFz_<rLGaEn37b?rsk)qcx5}Nvb1xy4F;$
zxUR`^C0o51KCq1BZJZgq|9hOTj_9YkGp9*-4K6TLrq#JD3lv!wu?F}w)O_RoEKYIy
zafsTKFCCbYVu~GQ_NGvIRGzF}YSXNuCMEwgnW=;*FVY-9AD+KQ5U#=TE?<-4N`%XR
zc+Q1yw{6q+V!gnOk~Z*x1~a{>8>rK5KqBq>{%_d%b!Uudm{&$>>MIwe<PY_iAO5;?
z!5|=Ys(L(F&RTK^4{A37zs^3Mj}6|X)As^0QCZTSQ#?tIznHP$(MMw9B6DsPRg9PO
zz;)n$MN<Rf4{@#qq#J4u=7LtQ!El<u7osedB1exnBw54rBWvwy*dIily$<;as}O|B
zQm~#lva6Q;^Xz<4E~-rWN%upb1688BlmtMH_o0Zj$qR24Yk0NxgA)~A>&8r@amS_^
zCQ|xAKe%((g{}^#38iP|#NtaJflf+7fWmfZJPE@PxY2TQ7Sz8#KszxNbqZO~G~1?#
zYb7F=a(Ex*cr{C=JSDj~vufuF27`IY;51ru(0>P(W0&=l&FA;?QAn&}0|C~GK<JyI
z@DCEsT*FO)FhLkcjyc!0YiVwYg?<H(zgv1?hq(pnC>UT*(Nwx>vY9DXApSP99@p=3
zXfha=ut&=(opTyzoc!PY#e9(IdXJC0&C`!LD%oVG-Jue(s-lI67OIX@2Oo?@ey`RJ
z>;09`XqSL%$@3|%&Wf_L!nR9>1>Rxgw&fxXU+{FTqMjgwmrp34`5dS*`!65F9W`b{
zguib)OKsR7^O<z)P@A}VNlgw6{Ft%YNH%Ukd4Vky%(u2C?-BL3h{6ahQRVq!|FE`K
zcrEV`Rg+s6cjEc+?T;7b_t6-5{ZQ7i7#uFs9G<18Zzz&mkgv1$lO{dJX~0(80w=7(
zaj#WVhxc(Us_@i9GOPpW_rCEk=7pXnJ@VIc#6m~tN!C$TNl$b~xUeVeok#_qz;3dv
zC#JCd;Zitfj0O|m3x>dV9danq-B)}xXy%7%?~lJr=H&Wh9Ij1~J?b8fU9$r29mHI*
z+f@((3?<~*i9<Iy<=4*f!NBA4b>0O*k{tIfq;}f=hCxl#Y*ckHDF0?d5JgBFkMufP
zua8)wRC{jWUVE+zsQ_Km2TRUY?~55FC!$_pfX-WPO~!M3Fc}+{99*PfQTP1s5OKZd
z%OiGJ!3R-#-7?gBT9k!mq7&UY{+<*2mw^BqOyH7acm6K%l{)YI0ND0I>3>Sm$|Ls^
z_M!0a!glN%hLhh8K@pTTWB;;Egg~YKv9)}{*7{7fn>3t^8wW}{NwmvlOBYG=#S5ra
zzI}^p700g>>!Z37LzI_NT+pxQZQ49p`u(kU!S@IIkIair%?H*$q0D0X@GUa=X~EQc
z#^9!Knlgp3O8x~cJb+`h_}2XKp1YrF-kWwbAPIf^HWS+Y$z<MPxk`pC*&-Tkn}5zy
z4xg?Qr`4_yCV}OTqz0nShD7;+^x|62U;kCq4EG{@*wb_hag}B+<2j`9Yw2m>y_NJp
z1Za%pO361tyfcB<SN4K7cY?HL8y^Uzbw{{r55Vi9VzJ`K031|IfA7S?_o)&1{OfEy
zQThqzL`yyK!Ih|@9BjH83Z?4}SAnnps=wd2JXM}3;PFG3ekNWo@s`)w$(k-1IiaNb
zBkQ_13|Hvv>Z*1Y<?`jNYw^g<_i;5R8tvwnkMS3o%774z{6<k%fo(=S>XSvio$Hky
zZ{57+7VR@Pe!yaz5_!QJ-g-Jv;#pO?{(EKN{dQ5~Ym^Law4pKjkOV4q&gzDPMu2z}
zlZ}-@wr{6b*w5K#i6XL4)nq?14<2~9{9DVZD67*hVRwxDYiDL+Sb8|*ONzNEv|;H^
ztwGlIt9O0&7GbQP)SjQ^-g`0@0Z;p2gK&xt!3(__-oTfCmoPi2-!>cPekHcryxF{)
zt@W1wOcGR*PU7&l#CzIiTvljXa8nefC6ovZ4%R6^kBTd!-m~TPzy_|b3`2^Bid>wz
z@}2sERnuYDpBGqCd&G2>KP8aC1d!8fY@ljQP^tSWdwxQYgZ^Ny7h;5RLg)XjLKv*F
zRW4Ka27bt92<7TgdRJ2tt%BH)yrzd#y34l=byX2W=6pi$B9n)888dI0<i~1FY?7jW
z7#mt;N6oc8T18rIuJhsJZ-jAqki+9u89+$n!_>!lM>Me18+pfSBN@YOSbXW>L)(}b
zn*FPEXuxn<GCt&H(1wS|a74#!IJfglci6-oAIN$gn^1z@tIkP@lXM8`jPzQ-#z|&o
zWFGL(wl!S&;CX~=kkD-E3V!3vshcam<!nx<VGSgHzHTCnC!DwoE?LG}?<aA7iVwZ+
z1a`L_-3F-#ZteKUMc;_=pB`5dw(Byn-3OL2rCw?5rsH7QnI~k&1knDLhTI;DvA1CH
z11w2TEx0ycF_m$O=fJPSD`Vvw6jV2Hy5Zn&ZA5hT18ujX3|ZQV1oocp;-7-iaQ1oF
zQajN`o-m(&8_yi8W>Ti<^h!Z7q0`VQ(kTs&jEUseIc^#tpHamdznV>>LKJysdy8(~
z$<=`8+S9l>*Z+usX5!Qg<Hz1gJLKst0#2-2N+ry$J>}R~7xtPl1dj3poq`KCU_u$;
ztQ``hi=pp@I+4bBHXypWuIa`7`0?e>hub*=3z05lJF_Xv9i7fZwn}w`5@~8gAwFNY
zil##r0*<t-mr%d?_iCssij^trQ%3WvS>v22K%c^-b{&9kBUzkZ$(HwM@-5g)0m>TN
zvJW3MiNSwp(Ila>TX>+?B~tuCdNb%4PV%6)gtZ60!rv%;7j=L@<i}TTEA3y6S=Zf>
zej{3s3ayJxSW12tN7q6a#ZhNkBc{>Bjq(<!=4W*%s3M%4mSuw}@b7GIE=^{DjbBaa
zM$|3~@>oA3ZkzxYHOATL4q{|(2Wr(a=$0Q6YlHz<`(;qR%P`YTCRNr6e?D1hx$}ru
zK~&a{i?WU8xwfFO`=Ds-b%`m`v#tz_$Ko|0nSAah1eRhJePR0WG=b)x5v`QyIBzg~
z0M$M?-%(#ZL0W1RUbOxy=!GP&SYG-!ma6xd1L{sdIf|db`iJ_~Ach__Ac(kpwn%^n
zn|Jfvpx4sDZy28mtI3*Z6b*K@NR0sxQ<hZ=4s(n!R6huRBTphonStBbbbpLG@d%-Z
zY<s0GqM2~JQDN})9zxBHwo%P7&bC!J7W9sEs&<`I)4{y2MBnog@6(Ok<8c^!D9`0O
zT3v;48?BiovD&}wUbfQ=ypds`RZ)FxMt!&W4({{(vGaiOY1?u8X*2ivDuYns^Sz5c
z=~HbYd=H|sX5({XneOg^`||T0@*@Xc+DOV@big3g?~ff!@ck7v>*KJwo?hg8H&%z@
zKCzk|-UM;objumbgH&YQoAh<5Bck@+dWY#Te`>K^w=y?Nr6MId0MZ7%yImSm(29Pa
zd(cFX7lUImA*dZj)LAs|rl`GPxq6x!o;s3cmE!cCP`b4@)D^>sSkhZ@T14Wln{*5&
zXBJzs6@AN?5i*a2^NQWt5NgxFOyq<iNg<<ZiLp~_BglM;)h-k9KA~gTl>AK~H|Ja<
zh$dB*jYPU5GT8tJc#5)q;Zl`Ww^c-7G|>gZPa5PDNNhC}+sjPLRA!=^vwMOC1+7a<
z0?JTO%Lf9^uD`*8GI#|>&7wyHzVp<Za}5Q=S#Yuy(KYfJqa&9qC(A2nV8Pg2rczL(
zKf0~gvwdAEn-I)tKXBcxh4qeAPI)jXVM1u+7IfAySMy;8N|+8izYtkCpVb%UoGljd
zIj>zW78S~@-Y*(M!!8n(FtvX#jKQk(I;$riWu)n4{#-0-I9M!F&T6;1Sv-7qLuzm0
zvzWWf88v@ykJ04QMBXlo){OiO>17JGQ?q|tf4c_1-A=#$wch1Q|Dm16lK?{)sTDMk
zxT@9!5+rp8S~{J?zKE|KTV^c{rmPQXIL!L>L`XCtUJlLV&{l#W5McGy;!3MQ45lwK
zA$)uoBmxdg^`yDN!S;Dr?>U?J%uLYhJIBT_&X9in_X4@^oPIrBsl}G9?2udRvy@=9
z!$`K@`WD~Z1OHHtkRlzKc_fPZ^#u5oMMITS_?<}syXHjjR;)R@T6PEH6&C{`<0)rd
z4y)S@16;Nv0aUMKC>zrzC|c0#8GKf1^%qw|`dT)MLwTww8&vNqC>!JY9eD%I|8Cc!
zzLv#GM{tE|h>wTu*m(6i_P_V}ulIBH`Xz>%b&JE2&D^ioendLS3y8~o<c{Ah1<e&p
zn_ITP<_}LJC3ySNkq4eV#ApMsh!uK-gR&<xLN08N5Y(b#mx1IqkkOhvby7l|0~;Oq
zFNNXpu~8p7YQw&%l-~>_izBI5owuAq$u+FD;r^@-WZlD;CfySM3VtC_V^h2uT2Z&r
z>djN_9{yKw_we{iYhF#=zk-8n?8mmPkpaa5lxHY0S7XKfaI%)%r*1DrL));DIyHBK
zmJ@R?X**dL`7EfN_7v6`_fGw*^9QzvM!t^6C{O%`Ke_RRmDm_`EdU*pBz0eznA}MV
zA#3}+g@q7xKXk_=c*mLig2Z7%l~;4pO!MuUDz3aKfr=WL)!AZlRQyO-He=BDLtv@f
zw8q8f9CG+Gz^%zM!@UXH%=T<a*PP#pS@*(WLkXqn)`I!8<kmt>_X4?Vo$6OVSLb?B
zCY0q<v$Lqww|mtG>l!!*#Ivi3M{81s8*5UP?hD43X2m1)_`Qrr%j33aZh@!v_jOp!
zDsQFdCaNB;lz7gr_0GQuH)fJZIe;c@OV#yCa#)SdfaL^0cWiywS(Vw6bl2>#Z9<?j
zy&<2~aytIbQ@w%lt`@!F>9Tob?OAI>I%w}%o3^j&_fQ<Ykpz18wBJnLFtsmD+INu_
zPTFsF*t9umWh}#J{?q!8;IBJiULh(BZeLr!;36KYrR4nxYQ)|iboOdK2RziBt4A%<
zEFFCYpb@$R&MTgoOCDVRuOQ8<tTG!swfYf=DN#}W;COv5p+SKJZtptCz6!rJ&U~^7
zxebPgqW5RBa_senGQ+QWX5((|QU!zL=?4DlH(a_uK~Ds=LZ+_G91DSc0-wj91f-{8
zMs#?>8Za;;g2IZ4!0BKV^D#xaWX!Dj_=hDz$+8a-M!hgJe^}tFf8|`aSmJw3V1DF&
zD1q`nBBklaP;QRTdW+BWuColWtnxXIM8UVw_J7QOGvPfrxWxi`;ntfi8h=Jsr|+L^
zt2wIyew_wwLR9cSr=pPjY_?Ld!}u8I>*I1Y2I+c^zz{Hy0U8+ixV9&;;GvzM01_Q1
z-JxJAFZ}zqO4dobyIOHjSlj=npi7?pGwFAUK=HRtN_(N4Fn>OWOtpZlH9msh-2TYN
zwr#r4f9{SqPuH21^_w5}AcD7HxJsi$pMWZlIIZzVRn8I8s8MxRud1Ko6Z2siG~y%#
z6_Be#5}(BWo3$kxN6l}Z(Yn~h$Dst10>L_rGS7KIZ;vNNYV^+uRRZE+h8_kbL>R!4
ze?ImcZNJZVL-p<I(IjVgM%Ld#==t^dXGGU_?5wrOJ!4|=lL4kz*=bk(7^9Z645p{}
zf@W|DR}pUdtYzvnqWsZc`NNJ$4{>6YZa`<V?-DA0<N0K3VlxgO)B!))cgs%4dZ7Vp
zrB7XDDko|4MD8B1>E2sVSHng&$UYJDj~l5Nh8L#PQGv7<+@gUB%)OZBZf}GAeb~?6
zUIY6(y<W=v5V|>lc@Z&E1XHnU-ALlyS<z+C*~R^h#ImzOkgB#T;{HF@)@T#Z<+MFQ
zaAncvw}E)$QF&91!(K0V1xI@I({*PRx!?(MW2eUmUFzh|N%~aw+L=+M-XEGV4S}$_
z6t4u75f>|8UU-op=R+vGXB7d$P4p0gVDnB2*6Q!PB4eD_xjW&=tA2LOYtbH~{pKo2
zH5;H-WAj1$2RZn9$d2|k0h1dXg`F+$$4_u2S#Ss}$p2L;Czwc!{6D2~LY*`pjI#7U
I88g`b0P;e^*#H0l

diff --git a/Solutions/IllumioSaaS/Package/mainTemplate.json b/Solutions/IllumioSaaS/Package/mainTemplate.json
index 1016a7eb7b6..57cee262a04 100644
--- a/Solutions/IllumioSaaS/Package/mainTemplate.json
+++ b/Solutions/IllumioSaaS/Package/mainTemplate.json
@@ -87,32 +87,32 @@
     "_workbookContentId3": "[variables('workbookContentId3')]",
     "_workbookcontentProductId3": "[concat(take(variables('_solutionId'),50),'-','wb','-', uniqueString(concat(variables('_solutionId'),'-','Workbook','-',variables('_workbookContentId3'),'-', variables('workbookVersion3'))))]",
     "analyticRuleObject1": {
-      "analyticRuleVersion1": "1.0.5",
+      "analyticRuleVersion1": "1.0.6",
       "_analyticRulecontentId1": "e9e4e466-3970-4165-bc8d-7721c6ef34a6",
       "analyticRuleId1": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 'e9e4e466-3970-4165-bc8d-7721c6ef34a6')]",
       "analyticRuleTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('e9e4e466-3970-4165-bc8d-7721c6ef34a6')))]",
-      "_analyticRulecontentProductId1": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','e9e4e466-3970-4165-bc8d-7721c6ef34a6','-', '1.0.5')))]"
+      "_analyticRulecontentProductId1": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','e9e4e466-3970-4165-bc8d-7721c6ef34a6','-', '1.0.6')))]"
     },
     "analyticRuleObject2": {
-      "analyticRuleVersion2": "1.0.5",
+      "analyticRuleVersion2": "1.0.6",
       "_analyticRulecontentId2": "599fdc92-eb6d-4b54-8d79-2a3f740a846a",
       "analyticRuleId2": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', '599fdc92-eb6d-4b54-8d79-2a3f740a846a')]",
       "analyticRuleTemplateSpecName2": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('599fdc92-eb6d-4b54-8d79-2a3f740a846a')))]",
-      "_analyticRulecontentProductId2": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','599fdc92-eb6d-4b54-8d79-2a3f740a846a','-', '1.0.5')))]"
+      "_analyticRulecontentProductId2": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','599fdc92-eb6d-4b54-8d79-2a3f740a846a','-', '1.0.6')))]"
     },
     "analyticRuleObject3": {
-      "analyticRuleVersion3": "1.0.5",
-      "_analyticRulecontentId3": "93e40501-f737-4281-9df9-505aa773d983",
-      "analyticRuleId3": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', '93e40501-f737-4281-9df9-505aa773d983')]",
-      "analyticRuleTemplateSpecName3": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('93e40501-f737-4281-9df9-505aa773d983')))]",
-      "_analyticRulecontentProductId3": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','93e40501-f737-4281-9df9-505aa773d983','-', '1.0.5')))]"
+      "analyticRuleVersion3": "1.0.6",
+      "_analyticRulecontentId3": "ec07fcd3-724f-426d-9f53-041801ca5f6c",
+      "analyticRuleId3": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 'ec07fcd3-724f-426d-9f53-041801ca5f6c')]",
+      "analyticRuleTemplateSpecName3": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('ec07fcd3-724f-426d-9f53-041801ca5f6c')))]",
+      "_analyticRulecontentProductId3": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','ec07fcd3-724f-426d-9f53-041801ca5f6c','-', '1.0.6')))]"
     },
     "analyticRuleObject4": {
       "analyticRuleVersion4": "1.0.5",
-      "_analyticRulecontentId4": "ec07fcd3-724f-426d-9f53-041801ca5f6c",
-      "analyticRuleId4": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 'ec07fcd3-724f-426d-9f53-041801ca5f6c')]",
-      "analyticRuleTemplateSpecName4": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('ec07fcd3-724f-426d-9f53-041801ca5f6c')))]",
-      "_analyticRulecontentProductId4": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','ec07fcd3-724f-426d-9f53-041801ca5f6c','-', '1.0.5')))]"
+      "_analyticRulecontentId4": "b3c4b8f4-c12c-471e-9999-023c05852276",
+      "analyticRuleId4": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 'b3c4b8f4-c12c-471e-9999-023c05852276')]",
+      "analyticRuleTemplateSpecName4": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('b3c4b8f4-c12c-471e-9999-023c05852276')))]",
+      "_analyticRulecontentProductId4": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','b3c4b8f4-c12c-471e-9999-023c05852276','-', '1.0.5')))]"
     },
     "analyticRuleObject5": {
       "analyticRuleVersion5": "1.0.5",

From 21a786bd6b59abd3dafba8f8cf2d2d933358b0a6 Mon Sep 17 00:00:00 2001
From: ashwin <ashwin.venkatesha@illumio.com>
Date: Thu, 10 Oct 2024 21:02:02 -0700
Subject: [PATCH 09/11] remove duplicated line

---
 .../Analytic Rules/Illumio_VEN_Deactivated_Query.yaml            | 1 -
 1 file changed, 1 deletion(-)

diff --git a/Solutions/IllumioSaaS/Analytic Rules/Illumio_VEN_Deactivated_Query.yaml b/Solutions/IllumioSaaS/Analytic Rules/Illumio_VEN_Deactivated_Query.yaml
index f56afebd3f7..8f18e9e10cb 100644
--- a/Solutions/IllumioSaaS/Analytic Rules/Illumio_VEN_Deactivated_Query.yaml	
+++ b/Solutions/IllumioSaaS/Analytic Rules/Illumio_VEN_Deactivated_Query.yaml	
@@ -20,7 +20,6 @@ query: |
   Illumio_Auditable_Events_CL
   | where event_type has 'agent.deactivate'
   | mv-expand resource_changes
-  | mv-expand resource_changes
   | extend hostname = resource_changes['resource']['workload']['hostname'],
       workload_href = resource_changes['resource']['workload']['href'],
       workload_labels = resource_changes['resource']['workload']['labels']

From c409aea822fb57177ad92b0ed569ff9d4f7a66ad Mon Sep 17 00:00:00 2001
From: ashwin <ashwin.venkatesha@illumio.com>
Date: Thu, 10 Oct 2024 21:14:03 -0700
Subject: [PATCH 10/11] update package

---
 Solutions/IllumioSaaS/Package/3.2.0.zip       | Bin 18929 -> 18925 bytes
 .../IllumioSaaS/Package/mainTemplate.json     |   2 +-
 2 files changed, 1 insertion(+), 1 deletion(-)

diff --git a/Solutions/IllumioSaaS/Package/3.2.0.zip b/Solutions/IllumioSaaS/Package/3.2.0.zip
index fb0b3bc601e87b31ce6a309d11bbe83d34a5c010..0d8d477fb25a9baf8e0803a10c543cc5cc425d07 100644
GIT binary patch
delta 1169
zcmV;C1aABBlL76M0S!<~0|XQR000O8p{Yu-4V?%Lp{Yt)rUiU?gg^iQ*t53?Ydn9`
zHy#tZ^zvy=b>U=P=3-s-E@`9k%2r<4$}3xWWvi>CGYzUs4mNdL%Vx*p#K)Gxpz>Sa
zv)?+uxdHS3LHyRe&HUC1v^Vuzue9O07r%A6jV6a$`K_1qQ~9kczx9TG>yj#A8-D9j
zZh$qs*SaAjAbKl%uU7=Q1@-skd#`^FmUyoZD)03cz1Ju62ubnHd#>|b#~U7e-Ja_M
zt=2xMJlB%vnoG%=erw+P$@r`zhEJ`O+gA8%%S6zw;kD&ImGic8-d4`r%6VHkZ!--l
z=k2D>+jQlA9M^4${wv4rJv(mmwmn$458}8z*vxUOKzmci?Mn9ky*O^m?X!P4)XH(Y
zq@T)hTRCnwbljFy3EOboF5L&O;k4DEpMW@6*=f5X$StV8dv@9iZ{j*W+jTvxI#=Yi
z%(Xec;R1zTp7quIms9&Yv-!w#qe~LLR94RbOxOFr$5W~)f13ULQxu1RKl%Ax5R)H%
z+UI{6A3S13#0X)}7#eY4#Fu{r>^;v5Zt$8y_Ue@3`mkB|Jp6*?Lfiq&?B{bIfd9Y$
z^M8$xbRsepjGrt6gX5l`C(3l<#+UOE)uTt~G-dxag;Q%k4hh+xf}KRdeL>b}Un0u>
zM?z7?aYT)&bH4L4|6<TjKkZvTXYe|uj-{z}3!_mWWL;T}X|x}41O$KT(Ul+E_-+)z
zmKeIAe;Mpg?7=`@v0R^$1gYjmhCsJ&%!)*v7HQc?&@5t=UvmHji3SvdgveZcBE#Y@
zzd?^KI<I2G621)jAl4XWm3i1A_K4ikpC`si#~97+D-uiSaOOaFg^~JPB(7=I4N>V&
z5UWuTT*<|qv^aBvw_JbcV8Q75oKUa2m>8hI8)AjNF-0m`qhKB@oT8L6|JF})24phV
zPGGCRC;XT4)Pe<OffCRz56Q}zub5j$i>pBCmNrv6Ke^M15rwuylF+(oFmaqmB;;`P
zlF5bgO)v=(fy6%=(e>nf$GCBw_!6M^d$UjQ=OsZkpZxuEsl|U@Z%F7iA^H|dQ+%-r
zzSQ(y+2oe3I;DxdqG>I|Q=8HYP3SdD=Y=No`lj+-X1$^g2j4F4V0Qw^?R@m^W$wrf
z_T2>LVEGx9nD(p#wy=}dGo~Xqe33jltvuk-*jE`4;vwb225p(AM2tkJ-Bkv0!`rNf
zzi9n5P;YO5di#HIQSWSkdS`9a7kfnR;Su)5<5GiF>^54DKHk;dDc;^IACEQO)gBAj
z-c@;zHQv?k+}d8k?qiL2wd}v`g?K&Icvp)V*`9ZVk9VoNZ|sIq{DJN7U$O`!^l)^|
zX3uPOGFGr~l;kX)#Mn!|Nrz)QHo%+&p~AXy0*rhro()Luh(is-G~SUI*PtAs<QjO;
zZ^Z`eK)9D|M?GZWG%AMIZFbzUG~x_<rUco6UEORRvv{ZP?!No~P)h*<6ay3h000O8
jp{YufW=TQ~p{Yt)rUiU?gg^iQ*pszMHU?8k00000kV9L#

delta 1173
zcmV;G1Zw;3lL7IQ0S!<~0|XQR000O8sC-GW4V?%LsC-FTrz7W`h(G`U_OrJLYdn8b
ziI~uDH)3?@)zo}WgbQ|=19sJ$rj5#HTls7&pKax{tuC6*G^nmX*wm>l8zqkuJzENc
z%By|PUhVwW2aNv*@oM)r^J**5-qfqT(st-xyxQfqp&V-E)n3w1<<+jd+8cVcOR9uz
zc(qG83D)p!>xPhk=&kJAUJ>LL)Zc%X@7q3D;@du`eA`>}ZJ*2|B*i!H*UobtZ+P%^
z`?U|WTKk~#YfFA@E+uPvwR!6&<I#>7KDAPATj8%Q6JNWA*OvcO&fCg)TRCql=WXS@
z%`~W-x0^a|)0O*iT(>3quN=4c?6}R__F&yUh~xHPGsmq0?M)rGE7|+^;<$e;x6k5G
zE644Uek#Xp<+$C@aa&R)Y{PN8bRWEi(^iLm0^(q0r|pU$x1jp&*=Z}hiR<`m*Y&XK
zT#?r@*XI0&3lw^J)>rdiPVMi^<|EIIE=l-OSv><VUGM)MPpPK-Y4-C^Q5**T<mY!m
zOn&%jpZ{fi@Q4)=BZNI;XvBYk5nmFp_dGAS!AlI;n^cDD!)D#{@C%j;aR)H7pU-^&
z{{Q~Z|200+iO5tiezFV<j(dKdDAS1>U(QEVj~=1Zl>OHfPObeoBxHXIb`lBq1zDqg
zi75LY2}K#l5jCdH`OeS$i$OpAv~T^K!RwSdmZsJ%j7EWwb!9cC(SCo#5fG?HSAKBg
zyHNyNV(5bYWw1Z72LpM<a(zk?q?#KU0^PbXD-v~Dq-7&PvxrrG%>fi78c+-pB6IPH
z42!=D2R*vzyowD=_%i5oS!0-0=3$H26LUv@o){+`V>Gv~NGzelnFHMwM(T5sxTaM%
zM5RALtVTg_B^P(n;>>^j-g2FT1*7M4LcQu@Vt@i~h!y(A6sc&9f_bcPic-q_TR+Vi
zkjY#-fvp0c@L$SP3l^9KN<h0jBr9jWVs0HRt^%c7+Dz^I<W46>6xtF=LhGi%#Bm;x
zki*eSCKt*#!6Zlo68~sK*OT)d<HmL3OMu?*%|5}Omju;(^7ntwr51a=A)(uZ=vydF
z@x><iQqy~7lUugxlqU9yrnL-DZAvdRq1P~-7n;oLo62{Y^@=(ie7m@V-3cVO^U=GP
zxg#^!cN3U{<!4l4+OrPW!cJPxn2y}=Me-!I@_<KUUu8guXO;^av}K+WF%qG6R~f_&
zZ?hi$qV>~2y}f?{>g~rxy|V%8owZS4>=C(#C)yW}OAS`B+h{%dcvpMHczbVvJl1$u
zdrDw?7wJ9LcvriTYkTRuk2T)aas#&);`LbLT`gv0d)^T~-lguou^UG52e!X|$s&-@
z!_hUHJ+sxxSi!<klCyXcV=wt89ggkT0CN(A3hT-VF!D^Pcs95r4mAwZct>JfgK~tD
zYv4h@6&tVv;a;*G^^k?rs2E<i*>TI#h%@Y&5@ZK<b+dWQ;+?*``|ke(P)h*<6ay3h
n000O8sC-G2Vo5>`sC-FTrz7W`h(G`U_LH$mHU?Ko00000j+###

diff --git a/Solutions/IllumioSaaS/Package/mainTemplate.json b/Solutions/IllumioSaaS/Package/mainTemplate.json
index 57cee262a04..0417e823f1a 100644
--- a/Solutions/IllumioSaaS/Package/mainTemplate.json
+++ b/Solutions/IllumioSaaS/Package/mainTemplate.json
@@ -1231,7 +1231,7 @@
                 "description": "Create Microsoft Sentinel Incident When Ven Goes Into Deactivated state",
                 "displayName": "Illumio VEN Deactivated Detection Rule",
                 "enabled": false,
-                "query": "Illumio_Auditable_Events_CL\n| where event_type has 'agent.deactivate'\n| mv-expand resource_changes\n| mv-expand resource_changes\n| extend hostname = resource_changes['resource']['workload']['hostname'],\n    workload_href = resource_changes['resource']['workload']['href'],\n    workload_labels = resource_changes['resource']['workload']['labels']\n| extend ipaddress = action.src_ip,       \n      ven_href = created_by.ven.href\n| project-away resource_changes, action, version \n",
+                "query": "Illumio_Auditable_Events_CL\n| where event_type has 'agent.deactivate'\n| mv-expand resource_changes\n| extend hostname = resource_changes['resource']['workload']['hostname'],\n    workload_href = resource_changes['resource']['workload']['href'],\n    workload_labels = resource_changes['resource']['workload']['labels']\n| extend ipaddress = action.src_ip,       \n      ven_href = created_by.ven.href\n| project-away resource_changes, action, version \n",
                 "queryFrequency": "PT60M",
                 "queryPeriod": "PT60M",
                 "severity": "High",

From 3c609bcca3498b165cc83dc9280376a8243ba5ea Mon Sep 17 00:00:00 2001
From: ashwin <ashwin.venkatesha@illumio.com>
Date: Thu, 10 Oct 2024 21:43:17 -0700
Subject: [PATCH 11/11] minor changes to query

---
 ...EN_Enforcement_Change_Detection_Query.yaml |   2 +-
 Solutions/IllumioSaaS/Package/3.2.0.zip       | Bin 18925 -> 18925 bytes
 .../IllumioSaaS/Package/mainTemplate.json     |   2 +-
 3 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/Solutions/IllumioSaaS/Analytic Rules/Illumio_VEN_Enforcement_Change_Detection_Query.yaml b/Solutions/IllumioSaaS/Analytic Rules/Illumio_VEN_Enforcement_Change_Detection_Query.yaml
index 56d950252ea..9b0bf4427c0 100644
--- a/Solutions/IllumioSaaS/Analytic Rules/Illumio_VEN_Enforcement_Change_Detection_Query.yaml	
+++ b/Solutions/IllumioSaaS/Analytic Rules/Illumio_VEN_Enforcement_Change_Detection_Query.yaml	
@@ -18,7 +18,7 @@ relevantTechniques:
 - T1562
 query: |
   let enf_state = dynamic(["full", "selective"]);
-  let visibility_state = dynamic(["visibility", "idle"]);
+  let visibility_state = dynamic(["visibility_only", "idle"]);
   Illumio_Auditable_Events_CL
   | extend temp_resource_changes = parse_json(resource_changes)[0]
   | where event_type == 'workloads.update' 
diff --git a/Solutions/IllumioSaaS/Package/3.2.0.zip b/Solutions/IllumioSaaS/Package/3.2.0.zip
index 0d8d477fb25a9baf8e0803a10c543cc5cc425d07..2ea39e721188a156984c10ae9ca6465d37d0357f 100644
GIT binary patch
delta 1990
zcmV;%2RZodlL76M0Sr(}0|XQR000O8@T;*5o(K)_t4di26<%6|KmY*Uv$qH|Ie%>~
ze}RE<G2MVcSm>utlOBPWhk5UBHh4B)ijk`6gNBl$8<QiFfUE|)tD|Pf*=3$H6v-i~
zejDQ7d<sfqMBsz$<MzqTnxL#PFuDXOxq^iI%hlk-hvZ%r>PT0C;g0&!V2b{G?WsUY
z^<?<?AYz_R*h7j5v9U_Re|u7VF@JOYQ$(L-67zV=deTijOQm{twDtU5?CFt1JsnJS
zf>50xR3`{JVBgFMLPm2u<}t#NO;ai!j8v<UDOI7>QHy9$9kpz7)S|F*b7vhH(Y(ha
zmz6Q8j$ZEh=q0}mhmGii9KEzRJ9<%|z3I`*N?Y@LIeIDQ65&v*qn9Q9RDVY=)zQm_
zM=vE+!lp+rD|n&SIC{|yB7Lb~<)fDsL2f|-e)&f)oh3&vo$Baii$^c-$79f~)p?7a
z|3qTT*L~j7(Q5Ecb>3q98sK9C_=p{smz57t@akRBHj%Y^kG0o@+S9oBVZdb{ro_Ig
zWiR{4yXB=L3Mte+U+b(UzJJs%&XR);{9QDvU2rdc{!C#7P|%<VhCNHV5+K&3c2V&6
z7eoD%`<DFx{V|LSr4)eV;&^d0(EdIzGpHK~6sG3^?XL;^?Zq@_!<`xEo`EI-fHh`#
z4GQMx&m)W}IsRZUN7JJm3j7`POLZhr9SKxN0#D;eV2eow--07oUVm*LK3=|5@0G*$
zo*lM%J02|A2XWYTHgni2(B9NxyOM2xFAm#sdnyjKa@a2Er*ha<4%-bKwk1`<rViUu
zyWTZiwL0|E%S%>v)vgF~3##wSchz>6xN5tVt9Fa7+816>IcgVhA8*+Gx*fG$t>*52
z<Br-RgGz`)J+{XYUw?2E16aIXQ6NvnN87Ne&^vr6HMJYI%#A0@t~;rmjFpp738->1
zR!&CtQ#lz6Zod3t@t{7&eCL&~@v(f3c~caOu?O)rb~p1iD$w54*SL~-dN01la@zt9
zwemGC>8J8FR=&m!eT^km!Zv)3OZIMScp7!cCm^~jdm2{+xqk)4_vL#UdrLfxy~@+L
zMNi{Pf?Kj{>LmEqy^MLz;|+UXx0kV})!Dso+{>5^2bCmct&mW;{Znx{ItfnScueTh
z8>l(eg_Cuei*?ltrH#rfTX|(GuWaR&t?rY~G^j2)*wk$;n;nl6A6p88%5Qzoe(U_^
z2F&{h@mu#c^M6|_(B9N<z0!u~Ui{YOHkur2<+onaPvy6+{MH-#txKweZTPKAxdGPj
zUh9UCfatC4y<QRI7S!LD@4Y@);=Mkoyw_XwUZ2b(B*i!Hxz2MPZ+P%^d#(?(TKk~#
zTuYv7E+uRFt$FJw<Fk$!KDAPATj8%Q6G6L%*OvcO&VSp=d0RPeE9Y(Hyv;PIoVS}g
zZ_}0gaa^}0`mY?f_w2aM+xB4HK8WM?U^B<90_{y5w=3EE_u{xMx6k5GE644Uek#Xp
z<+$C@aa&R)Y{PN8bRWEi(^iLm0^(q0r|pU$x1jp&*=Z}hiR<`m*Y&XKT#?r@*XI0&
z3lw^J)_+&?Urz1s%;qD{jV?*}QdvC%FkSEe9#5&J{Au>{Pf;8O{^aL(K}>%5X`laP
zeDH`B5hH{>V`#*I5nmFp_dGAS!D|ZHt5b&S!)D#{@C%j;aR)H7pU-^&{{Q~Z|200+
ziO5tiezFV<j(dKdDAS1>U(QEVj~=1Zl>OHfPJgZaI3#3$3U(3+_XSy_eTgXh9|=Vn
z#}PHA&iT&I{EI<9{j_iWoWbjqI+mu^EsREikacA>rqO=H5fG?HSAKBgyHNyNV(5bY
zWw1Z72LpM<a(zk?q?#KU0^PbXD-v~Dq-7&PvxrrG%>fi78c+-pB6IPH42wVi20gmy
zynl)fOZYPAgIHsjRpw!f*h_Lpf1Vg89b+`NuShJR!<hr!6-MfFk+`N+H$<gBL99kW
za3vRa(&Eew-g2FT1*7M4LcQu@Vt@i~h!y(A6sc&9f_bcPic-q_TR+VikjY#-fvp0c
z@L$SP3l^9KN<h0jBr9jWVs0HRt^%c7+J8*#{Nzq2Mikl-NkZ$U!NhSMk&wgDOC}e}
zH^C%G1QP#fMAwt^9plDz;!A+u@6A5JpO*yHeDe3tr51a=A)(uZ=vydF@x><iQqy~7
zlUugxlqU9yrnL-DZAvdRq1P~-7n;oLo62{Y^@=(ie7m@V-3cVO^U=GPxg#^!cYhO@
zgXL#bV%oC~*uqX)&zO$f@I~_SwDN#QV_#)Jh}V=08?<Gf5-}2?c2^n14R5m^{-X8M
zK)t;I>g~rxy|V%8owZS4>=C(#m)IANOAS`B+h{%dcvpL@czdsWJl1$udn{mkSLHp{
zcvrh~YkLX1k2T)avj4Uh;`LbLU4JcRWP9EbKHjD7zOfrd@dviQf5{?{(8JL+n?1AD
z$ymX{QIfNG5@Rp<CLNCL*Z^}9gbM4*2{7`hcs95r4mAwZct>JfgK~tDYv4h@6&tVv
z;a;*G^^k?rs2E<i*>TI#h%@Y&5@ZK<b+dWQ;+?*``|ke(P)h*<6ay3h00jUD0Pw4m
YVM#*`@T*E$2o+vhgg^iQ-IK9NJiG4g&Hw-a

delta 1990
zcmV;%2RZodlL76M0Sr(}0|XQR000O8p{cP9o(K)0sY+R<1$=pgKmY*Pv$qH|Ie+c7
z6q<+-T+B3JjTgG8(|ku@<6++Mn~j^zmtv4=`j(;O<Ho#*Bo?c|uIZ>5a$=e13`Jgu
zs^5nAH=ljd7!mj&ySIIEvnD8O3_LDDN^T$Fu5vXv@gccVh5FD{V7QOIG?=36UV9*r
zQau?yzJ-`)5%z{+LTs#(u-={&T7S&E{uI$?nVdY{vYvEP&r+$L9c?{-4SRapP)`R_
z9UfGN2i4($4%jzyc#zQ?k9mS{WYcVl2P4&LWJ*<Nb;=?dRHrPPoU$kk+}troMl|p7
zv}I*Xs#BMHK6T0Oz+n&iAg3<v%}!kuXm5JzveK^nUQS)gc|$nV>eOXPKY!J!OLgk9
z;i*eWm9Xil%L)#tHBMc0gGe7KSozdtMUY!ifM5QpOJ~WcOQ$+@+2X0o`|%ibYjxD3
z=Rc9t@^v4zbhH}0QysM!zXtfu0KQ+x<z?lw6TEd-v`u8~-oxy5QT8+>ei(4shbghI
zYT0`}@@{$Qh(e08&(}JuiGMG(i?igQ1AiBdY8Tv#pFdMr0TeVSf?+R`t^|lRsa+KO
z{lzH%<f>&qKz|J5LMi$`xiel|3ben^%M9uU0)^>$K>KR~e|s@a*KlVBx@VwC0AP(7
z-hhIs`SS?FNsd1l%+d5HhXQ{G{ZbtXR7V2Uk-*b964+us!MEVZm48>;hYyu6)qCZz
zy=RAQ-i`-L_CXxBoy{D!3bZ$M*sf&T-;2Yx+@6X<tsJ&X`l%eYmBV&Jhiyrfu&Kkg
z)UJ08SFH~H^xl${U9~HM+=A-+@?EvvC9c|T<*MDHtM-K#RF2vO+{YVszivluSF5?Z
z-?*dp$e<G9P>=0##D5nY#Q+wsR}{!o@zFMHD)bH?N=@yCEpyq)vYSpSCu8MgR067;
zjFpp-{ZvlIf}1bDSUjkYG2eORYkVwUW8M@6W9&hEjor<BjS93k^);?!p5BYEvD~(R
zL#=#`OZusNjg_x)LtkS_m9Pz8<C4AG8lFZS@(GCU%AUp*L4R&R@qPK8#@-T7W3Tcw
zZqd{DlHiu?nmP%-buVL{^LWGF*X?EOX?1q*8}~A1!$BoUSt}$|ZvRwVj!uHpHy#tZ
z^zvy=b>U=P=3-s-E@`9k%2r<4$}3xWWvi>CGYzUs4mNdL%Vx*p#K)Gxpz>Sav)?+u
zxdHS3LHyRe&42vX3bZ%%Td%a?xfj26xs4`=TKTP)^i%n*E5G%Ie(RDdVH<wyQf`1X
zyw|!RBp`Y#d#_gnxdrw2<$JFWmUyoZD)03cz1Ju62ubnHd#>|b#~U7e-Ja_Mt=2xM
zJlB%vnoG%=erw+P$@r`zhEJ`O+gA8%%S6zw;kD&Im4EZLa^6<X+sb)cId3x!D(CH{
z&f9e5ejL|riT*3c?L9kg^R_)$w-4gDJ=n}~t3Z2G$L&h?{=GPE%k8r`)XH(Yq@T)h
zTRCnwbljFy3EOboF5L&O;k4DEpMW@6*=f5X$StV8dv@9iZ{j*W+jTvxI#=Yi%(Xec
z;R1zTo`3b#{FhVvJG1%7bE8WVzEoDv08H2WzsFOmDSw*%{8JQ%fj{~AT@aHWe%j}M
z86P}iMZ^eU&lnnUV8oXM>^;v5Zt$8y_Ue@3`mkB|Jp6*?Lfiq&?B{bIfd9Y$^M8$x
zbRsepjGrt6gX5l`C(3l<#+UOE)uTt~G-dxag@03PKMo1mpMsr4!hJ#3XkQ}A{zpPl
z#&JZAsdK*bGyh`HPe1KjKWFedrH-Ykbqk|WAY@%xjcK$WaRdbF(Ul+E_-+)zmKeIA
ze;Mpg?7=`@v0R^$1gYjmhCsJ&%!)*v7HQc?&@5t=UvmHji3SvdgveZcBE#Y@zd?^K
zI)ATX!xFv>`XJUAW|eu^BKC;f(Vr*ANyiw??JE*X=y2vhcZHGqTqLe()eTYUPY|n7
z5M0T{owPV}gSTAgV8Q75oKUa2m>8hI8)AjNF-0m`qhKB@oT8L6|JF})24phVPGGCR
zC;XT4)Pe<OffCRz56Q}zub5j$i>pBCmVY)=J3qP8i4ldiM3T_DX)tk|M<nEM^peSi
z@=Y)a5`n}&8qxLSe8;$Po%j-<_j|KX@aH8#HJ|+bbE(B%Z%F7iA^H|dQ+%-rzSQ(y
z+2oe3I;DxdqG>I|Q=8HYP3SdD=Y=No`lj+-X1$^g2j4F4V0Qw^?R@m^W$wrf_J7?3
z=3x05m6-Od1Gcb})-$FfH++#iI;}k5(b!iR5aJ=_!Uk=br$mfIsNGctal_lJhrek3
zG*EAEfO`9JQSWSkdS`9a7kfnR;Su)5<5GiF>^54DKHk;dDc;^IACEQO)gBAj-c@;z
zHQv?k+}d8k?qiL2wd}v`g?K&Icz;)m8QGq9gpYTryKn4<QT&1J?_aVAB=m4}&1TPR
zbuw14aFpaMp2XNozDb8;J2t?a1fjyZasrHeDxMAQh(is-G~SUI*PtAs<QjO;Z^Z`e
zK)9D|M?GZWG%AMIZFbzUG~x_<rUco6UEORRvv{ZP?!No~P)h*<6ay3h00jUD0HLXq
YVM#*`p{Yt)rUiU?gg^iQ*psnIJU&_j;{X5v

diff --git a/Solutions/IllumioSaaS/Package/mainTemplate.json b/Solutions/IllumioSaaS/Package/mainTemplate.json
index 0417e823f1a..cbd3e49fabd 100644
--- a/Solutions/IllumioSaaS/Package/mainTemplate.json
+++ b/Solutions/IllumioSaaS/Package/mainTemplate.json
@@ -883,7 +883,7 @@
                 "description": "Create Microsoft Sentinel Incident When Ven Changes Enforcement State from Full/Selective To Idle/Visibility state",
                 "displayName": "Illumio Enforcement Change Analytic Rule",
                 "enabled": false,
-                "query": "let enf_state = dynamic([\"full\", \"selective\"]);\nlet visibility_state = dynamic([\"visibility\", \"idle\"]);\nIllumio_Auditable_Events_CL\n| extend temp_resource_changes = parse_json(resource_changes)[0]\n| where event_type == 'workloads.update' \n| extend old_mode = temp_resource_changes.changes.enforcement_mode.before,\n        new_mode = temp_resource_changes.changes.enforcement_mode.after,\n        workload_href = temp_resource_changes.resource.workload.href,\n        workload_name = temp_resource_changes.resource.workload.hostname,\n        ipaddress = action.src_ip\n| where new_mode in (visibility_state) and old_mode in (enf_state)\n| project-away temp_*\n| project old_mode, new_mode, workload_href, workload_name, TimeGenerated, created_by, ipaddress\n",
+                "query": "let enf_state = dynamic([\"full\", \"selective\"]);\nlet visibility_state = dynamic([\"visibility_only\", \"idle\"]);\nIllumio_Auditable_Events_CL\n| extend temp_resource_changes = parse_json(resource_changes)[0]\n| where event_type == 'workloads.update' \n| extend old_mode = temp_resource_changes.changes.enforcement_mode.before,\n        new_mode = temp_resource_changes.changes.enforcement_mode.after,\n        workload_href = temp_resource_changes.resource.workload.href,\n        workload_name = temp_resource_changes.resource.workload.hostname,\n        ipaddress = action.src_ip\n| where new_mode in (visibility_state) and old_mode in (enf_state)\n| project-away temp_*\n| project old_mode, new_mode, workload_href, workload_name, TimeGenerated, created_by, ipaddress\n",
                 "queryFrequency": "PT60M",
                 "queryPeriod": "PT60M",
                 "severity": "Medium",